I hereby claim:
- I am dolph on github.
- I am dolph (https://keybase.io/dolph) on keybase.
- I have a public key whose fingerprint is C1B5 629D E7A3 C2E7 3CF3 D665 7BC8 38D0 688A 4993
To claim this, I am signing this object:
Dolph Mathews dolph
dolph
/ keybase.md
Created
October 27, 2014 12:52
Key New Features
- PKIZ is a new token provider available for users of PKI tokens, which simply adds zlib-based compression to traditional PKI tokens.
- Database migrations for releases prior to Havana have been dropped, meaning that you must upgrade to the Juno release from either a Havana or Icehouse deployment.
- Proxy methods from the identity backend to the assignment backend (created to provide backwards compatibility as a result of the split of the Assignment backend from the Identity backend), have been removed. This should only affect custom, out-of-tree API extensions.
- The hashing algorithm used for PKI tokens has been made configurable (the default is still MD5, but the Keystone team recommends that deployments migrate to SHA256).
- Identity-driver-configuration-per-domain now supports Internet domain names of arbitrary hierarchical complexity (for example,
customer.cloud.example.com). - Service names were added to the v3 service catalog.
- The LDAP identity backend now supports
dolph
/ keystone_reviews.md
Last active
August 29, 2015 14:06
These may land in Juno RC1:
- Make the default cache time more explicit in code
- Bug 1365147: Add test for getting a token with inherited role
- Bug 1367113: Templated catalog backend V3 not implemented
- WiP: Script to sync oslo (WIP)
- Bug 1308778: add --rebuild option for ssl/pki_setup
- Bug 1366589: Add V3 JSON Home support to GET /
- Bug 1324610: switch from sample_config.sh to oslo-config-generator
- Bug 1331882: [trustor_user_id not available in v2 trust to
This gist has been deprecated in favor of an inbox-zero style [gerrit dashboard featuring all reviews starred by keystone-core](https://review.openstack.org/#/dashboard/?foreach=is:open+%252Downer:self+(project:openstack%252Dattic/identity%252Dapi+OR+project:openstack/keystone+OR+project:openstack/keystone%252Dspecs+OR+project:openstack/keystoneauth+OR+project:openstack/keystoneauth%252Dsaml2+OR+project:openstack/keystonemiddleware+OR+project:openstack/pycadf+OR+project:openstack/python%252Dkeystoneclient)+(starredby:bknudson@us.ibm.com+OR+starredby:dstanek@dstanek.com+OR+starredby:dolph.mathews@gmail.com+OR+starredby:jamielennox@gmail.com+OR+starredby:lbragstad@gmail.com+OR+starredby:os.lcheng@gmail.com+OR+starredby:marek.denis@cern.ch+OR+starredby:morgan.fainberg@gmail.com+OR+starredby:stevemar@ca.ibm.com+OR+starredby:ayoung@redhat.com+OR+starredby:guang.yee@hpe.com+OR+starredby:henryn@linux.vnet.ibm.com)&title=Priority+keystone+reviews&Needs+attention=%252Dlabel:Code%252DReview<=2%252cself+(label:Code%252D
dolph
/ keystone.conf
Last active
August 29, 2015 14:04
Sample keystone configuration for identity-only LDAP (no assignments)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ldap] | |
| # | |
| # Options defined in keystone | |
| # | |
| # URL for connecting to the LDAP server. (string value) | |
| #url=ldap://localhost | |
| # User BindDN to query the LDAP server. (string value) |
The Identity API primarily fulfills authentication and authorization needs within OpenStack, and is intended to provide a programmatic facade in front of existing authentication and authorization system(s).
The Identity API also provides endpoint discovery through a service catalog, identity management, project management, and a centralized repository for policy engine rule sets.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| memcached_servers = 127.0.0.1 | |
| token_cache_time = 300 | |
| revocation_cache_time = 60 | |
| # if your memcached server is shared, use these settings to avoid cache poisoning | |
| memcache_security_strategy = ENCRYPT | |
| memcache_secret_key = <generate a secret key> | |
| # if your keystone deployment uses PKI, and you value security over performance: | |
| check_revocations_for_cached = true |
`bp keystone-to-keystone-federation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @property | |
| def access_token(self): | |
| if self._access_token is None: | |
| from contrib import oauth1 | |
| self._access_token = oauth1.Whatever() | |
| return self._access_token |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "token": { | |
| "catalog": [ | |
| { | |
| "endpoints": [ | |
| {"id": "39dc32"}, | |
| {"id": "ec642f"}, | |
| {"id": "c609fc"} | |
| ], | |
| "id": "4363ae" |