OpenStack Identity (keystone)

[api] document /auth/tokens/OS-PKI/revoked

Bug #1626778 reported by Steve Martinelli
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Medium
Steve Martinelli
OpenStack Identity (keystone) ocata-1 "o1"
Revision history for this message
Steve Martinelli (stevemar) wrote :

See https://review.openstack.org/#/c/138566/2 for a patch that went into the old XML doc books

Steve Martinelli (stevemar)
Changed in keystone:
milestone: ocata-1 → none
Lance Bragstad (lbragstad)
tags: added: documentation
Samuel Pilla (samuel.pilla)
Changed in keystone:
assignee: nobody → Samuel Pilla (samuel.pilla)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/390904

Changed in keystone:
assignee: Samuel Pilla (samuel.pilla) → Tin Lam (tl3438)
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.openstack.org/390913

Changed in keystone:
assignee: Tin Lam (tl3438) → Samuel Pilla (samuel.pilla)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on keystone (master)

Change abandoned by Samuel Pilla (<email address hidden>) on branch: master
Review: https://review.openstack.org/390913

OpenStack Infra (hudson-openstack)
Changed in keystone:
assignee: Samuel Pilla (samuel.pilla) → Tin Lam (tl3438)
OpenStack Infra (hudson-openstack)
Changed in keystone:
assignee: Tin Lam (tl3438) → Steve Martinelli (stevemar)
OpenStack Infra (hudson-openstack)
Changed in keystone:
assignee: Steve Martinelli (stevemar) → Samuel Pilla (samuel.pilla)
Samuel Pilla (samuel.pilla)
Changed in keystone:
assignee: Samuel Pilla (samuel.pilla) → nobody
Steve Martinelli (stevemar)
Changed in keystone:
assignee: nobody → Samuel Pilla (samuel.pilla)
OpenStack Infra (hudson-openstack)
Changed in keystone:
assignee: Samuel Pilla (samuel.pilla) → Steve Martinelli (stevemar)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/390904
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=095ed9187b627a0c90e58af551349cbddee32c17
Submitter: Jenkins
Branch: master

commit 095ed9187b627a0c90e58af551349cbddee32c17
Author: Tin Lam <email address hidden>
Date: Wed Oct 26 10:43:20 2016 -0500

    Add api-ref /auth/tokens/OS-PKI/revoked (v3)

    The v3 endpoint documentation /v3/auth/tokens/OS-PKI/revoked is missing
    in /api-ref. This patch set adds the documentation for v3.
    A separate patch set will be submitted for v2.

    Change-Id: I3db3356d24cc8885012756016a90a0996fcf14f5
    Partial-Bug: #1626778

Revision history for this message
Samuel de Medeiros Queiroz (samueldmq) wrote :

Changing to fix release as the v3 docs are merged and https://review.openstack.org/#/c/390913 is gating

Changed in keystone:
status: In Progress → Fix Released
Steve Martinelli (stevemar)
Changed in keystone:
milestone: none → ocata-1
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.openstack.org/390913
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=c70baa0a7a1f16d1e3cb36abc8666626633133db
Submitter: Jenkins
Branch: master

commit c70baa0a7a1f16d1e3cb36abc8666626633133db
Author: Samuel Pilla <email address hidden>
Date: Wed Oct 26 10:19:48 2016 -0500

    Document v2 Revoked Token Route

    Adds documentation for /v2.0/tokens/revoked in /api-ref.

    Patch for v3: https://review.openstack.org/#/c/390904

    Change-Id: I2a09eba3484299a63b30d936e5677a9e1d922c04
    Partial-Bug: #1626778

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to keystone (master)

Reviewed: https://review.openstack.org/374479
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=8a66ef635400083fa426c0daf477038967785caf
Submitter: Jenkins
Branch: master

commit 8a66ef635400083fa426c0daf477038967785caf
Author: Steve Martinelli <email address hidden>
Date: Mon Aug 8 18:51:24 2016 -0500

    Remove support for PKI and PKIz tokens

    This is the first step of several to remove PKI token support in
    keystone. A large issue in removing PKI support is support for the
    revocation list must be maintained.

    This patch removes support for the token format, it's surrounding tests
    and examples that are generated. Additionally, some wording has been
    changed around the CLI and config options to make the distinction
    between keys and certs used for PKI tokens and those used for getting
    the revocation list (a list of tokens that are revoked, which is signed).

    Future patches will:

    - Remove the keystone-manage commands for generating certs

    - Modify the revocation list (at /auth/tokens/OS-PKI/revoked) to return
    a 403 if pki is not configured (instead of raising a 500). We cannot
    remove the API as that would break an API contract.

    - Options to configure PKI will be marked as deprecated

    - If PKI is configured a normal signed list will be returned (same
    behavior as today)

    - Follow up patch to keystonemiddleware will make sure auth_token does
    not rely on the revocation api at all.

    Related-Bug: 1626778
    Related-Bug: 1626779

    Co-Authored-By: Boris Bobrov <email address hidden>
    bp removed-as-of-ocata
    Change-Id: Icf1ebced44a675c88fb66a6c0431208ff5181574

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to keystone (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/392883

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.