1446583
|
#1446583 |
services no longer reliably stop in stable/liberty / master
|
|
2
Critical
|
Brant Knudson
|
10
Fix Released
|
1456441
|
#1456441 |
keystone wsgi does not read files in /etc/keystone/*
|
|
2
Critical
|
Alan Pevec
|
10
Fix Released
|
1461251
|
#1461251 |
Stop using deprecated oslo_utils.timeutils.isotime
|
|
2
Critical
|
Brant Knudson
|
10
Fix Released
|
1287757
|
#1287757 |
Optimization: Don't prune events on every get
|
|
3
High
|
Morgan Fainberg
|
10
Fix Released
|
1430951
|
#1430951 |
Revocation causes duplicate (and overly broad?) events in revocation table
|
|
3
High
|
Alexander Makarov
|
10
Fix Released
|
1440493
|
#1440493 |
Crash with python-memcached==1.5.4
|
|
3
High
|
Alexander Makarov
|
10
Fix Released
|
1441386
|
#1441386 |
keystone-manage domain_config_upload command yield "'CacheRegion' object has no attribute 'expiration_time'"
|
|
3
High
|
Guang Yee
|
10
Fix Released
|
1441393
|
#1441393 |
Keystone and Ceilometer unit tests fail with pymongo 3.0
|
|
3
High
|
Brant Knudson
|
10
Fix Released
|
1441827
|
#1441827 |
Cannot set per protocol remote_id_attribute
|
|
3
High
|
Lin Hua Cheng
|
10
Fix Released
|
1443598
|
#1443598 |
[OSSA 2015-008] backend_argument containing a password leaked in logs (CVE-2015-3646)
|
|
3
High
|
Eric Brown
|
10
Fix Released
|
1450344
|
#1450344 |
Invalid SQL Identity Assertion - Load Config from Database
|
|
3
High
|
Henry Nash
|
10
Fix Released
|
1454309
|
#1454309 |
Keystone v3 user/tenant lookup by name via OpenStack CLI client fails
|
|
3
High
|
Edmund Rhudy
|
10
Fix Released
|
1459382
|
#1459382 |
Fernet tokens can fail with LDAP identity backends
|
|
3
High
|
Lance Bragstad
|
10
Fix Released
|
1465444
|
#1465444 |
Fernet key rotation removing keys early
|
|
3
High
|
Lance Bragstad
|
10
Fix Released
|
1467008
|
#1467008 |
Unit tests fail with sqlalchemy 1.0+
|
|
3
High
|
Brant Knudson
|
10
Fix Released
|
1469029
|
#1469029 |
Migrations fail going from juno -> kilo
|
|
3
High
|
Morgan Fainberg
|
10
Fix Released
|
1469517
|
#1469517 |
Federation get_mapping_from_idp_and_protocol should return object
|
|
3
High
|
Brant Knudson
|
10
Fix Released
|
1469563
|
#1469563 |
Fernet tokens do not maintain expires time across rescope (V2 tokens)
|
|
3
High
|
Lance Bragstad
|
10
Fix Released
|
1469867
|
#1469867 |
Stop using deprecated oslo_utils.timeutils.strtime
|
|
3
High
|
Brant Knudson
|
10
Fix Released
|
1471289
|
#1471289 |
Fernet tokens and Federated Identities result in token scope failures
|
|
3
High
|
Marek Denis
|
10
Fix Released
|
1475796
|
#1475796 |
using pysaml2 version 3.0.0 breaks keystone in kilo release 2015.1.0
|
|
3
High
|
Marcos Simental
|
10
Fix Released
|
1478961
|
#1478961 |
db sync on federation failed if there is existing data
|
|
3
High
|
Marek Denis
|
10
Fix Released
|
1480270
|
#1480270 |
Can't get v3 endpoints with v2 in command line
|
|
3
High
|
Tony Wang
|
10
Fix Released
|
1483382
|
#1483382 |
Able to request a V2 token for user and project in a non-default domain
|
|
3
High
|
Dolph Mathews
|
10
Fix Released
|
996912
|
#996912 |
Wrong exception caught for admin checking in ec2
|
|
4
Medium
|
Theodore Ilie
|
10
Fix Released
|
999084
|
#999084 |
Validation of paramaters during Create User
|
|
4
Medium
|
Lance Bragstad
|
10
Fix Released
|
1361360
|
#1361360 |
Eventlet green threads not released back to the pool leading to choking of new requests
|
|
4
Medium
|
Abhishek Kekane
|
10
Fix Released
|
1386773
|
#1386773 |
Project details request with long ID causes 500 error with DB2
|
|
4
Medium
|
Brant Knudson
|
10
Fix Released
|
1401926
|
#1401926 |
Role revocation invalidates tokens on all user projects
|
|
4
Medium
|
Alexander Makarov
|
10
Fix Released
|
1402760
|
#1402760 |
All user tokens are considered revoked on it's group role revocation
|
|
4
Medium
|
Alexander Makarov
|
10
Fix Released
|
1403539
|
#1403539 |
Can't create both inherited and direct role assignment on same entities
|
|
4
Medium
|
Samuel de Medeiros Queiroz
|
10
Fix Released
|
1421825
|
#1421825 |
Sample policy should allow user to validate and revoke own token
|
|
4
Medium
|
Brant Knudson
|
10
Fix Released
|
1421968
|
#1421968 |
List Endpoint Groups Associated with project not routed
|
|
4
Medium
|
Lin Hua Cheng
|
10
Fix Released
|
1424496
|
#1424496 |
Documentation lacking for mapping of operation policy target
|
|
4
Medium
|
Brant Knudson
|
10
Fix Released
|
1426496
|
#1426496 |
Create project with invalid domain_id
|
|
4
Medium
|
Raildo Mascena de Sousa Filho
|
10
Fix Released
|
1433211
|
#1433211 |
token_ref fetched in AuthContextMiddleware should be reused
|
|
4
Medium
|
Deepti Ramakrishna
|
10
Fix Released
|
1440958
|
#1440958 |
loosen validation on matching trusted dashboard
|
|
4
Medium
|
Lin Hua Cheng
|
10
Fix Released
|
1441300
|
#1441300 |
keystone-manage man page updates
|
|
4
Medium
|
Lance Bragstad
|
10
Fix Released
|
1443765
|
#1443765 |
Delete endpoint_group should remove project_endpoint_group at first
|
|
4
Medium
|
Dave Chen
|
10
Fix Released
|
1447472
|
#1447472 |
versionutils.deprecated is used to mark callables as deprecated
|
|
4
Medium
|
Dave Chen
|
10
Fix Released
|
1448286
|
#1448286 |
unicode query string raises UnicodeEncodeError
|
|
4
Medium
|
Dolph Mathews
|
10
Fix Released
|
1448991
|
#1448991 |
Introduction to "target.token.*" is needed in the RBAC part of configuration.rst
|
|
4
Medium
|
Dave Chen
|
10
Fix Released
|
1451910
|
#1451910 |
Use single connection in get_all function for getting "enabled" values for all ldap users.
|
|
4
Medium
|
Min Song
|
10
Fix Released
|
1454968
|
#1454968 |
hard to understand the uri printed in the log
|
|
4
Medium
|
Deepti Ramakrishna
|
10
Fix Released
|
1459279
|
#1459279 |
Wrong assertion examples in doc
|
|
4
Medium
|
Rodrigo Duarte
|
10
Fix Released
|
1459683
|
#1459683 |
Config federation docs still references SP as regions
|
|
4
Medium
|
Rodrigo Duarte
|
10
Fix Released
|
1459790
|
#1459790 |
With fernet tokens, validate token loses the ms on 'expires' value
|
|
4
Medium
|
Roxana Gherle
|
10
Fix Released
|
1461299
|
#1461299 |
Failure on list users when using ldap domain configuration from database
|
|
4
Medium
|
Roxana Gherle
|
10
Fix Released
|
1464366
|
#1464366 |
unit tests fail based on wall clock time
|
|
4
Medium
|
Brant Knudson
|
10
Fix Released
|
1465922
|
#1465922 |
Password visible in clear text in keystone.log when user created and keystone debug logging is enabled
|
|
4
Medium
|
Brant Knudson
|
10
Fix Released
|
1466851
|
#1466851 |
Move to graduated oslo.service
|
|
4
Medium
|
Brant Knudson
|
10
Fix Released
|
1466872
|
#1466872 |
v3 - Ambiguous error when no request body is provided for updating service
|
|
4
Medium
|
Dave Chen
|
10
Fix Released
|
1468000
|
#1468000 |
Group lookup by name in LDAP via v3 fails
|
|
4
Medium
|
Guang Yee
|
10
Fix Released
|
1470952
|
#1470952 |
add federation docs for mod_auth_mellon
|
|
4
Medium
|
Richard Megginson
|
10
Fix Released
|
1473848
|
#1473848 |
create_region_with_id miss the schema validation
|
|
4
Medium
|
David Stanek
|
10
Fix Released
|
1474069
|
#1474069 |
DeprecatedDecorators test does not setup fixtures correctly
|
|
4
Medium
|
Brant Knudson
|
10
Fix Released
|
1475762
|
#1475762 |
v3 tokens with references outside the default domain can be validated on v2
|
|
4
Medium
|
Dolph Mathews
|
10
Fix Released
|
1476347
|
#1476347 |
LDAP Resource backend should be deprecated
|
|
4
Medium
|
Lin Hua Cheng
|
10
Fix Released
|
1477600
|
#1477600 |
Token Validation API returns 401 not 404 on invalid fernet token
|
|
4
Medium
|
Atsuko Ito
|
10
Fix Released
|
1478000
|
#1478000 |
VersionTestCase uses the same port for admin and public endpoints
|
|
4
Medium
|
Alexey Miroshkin
|
10
Fix Released
|
1478579
|
#1478579 |
When user in AD doesn't have ID field all user handlers error out
|
|
4
Medium
|
Boris Bobrov
|
10
Fix Released
|
1481274
|
#1481274 |
variable referenced before assignment error in keystone.contrib.federation.idp._sign_assertion
|
|
4
Medium
|
Roman Bogorodskiy
|
10
Fix Released
|
1482330
|
#1482330 |
Creating a user/group/project without a domain should be deprecated (or even raise an exception)
|
|
4
Medium
|
Henry Nash
|
10
Fix Released
|
1482500
|
#1482500 |
Deprecation warning in keystone log for keystone.contrib.endpoint_policy.routers.EndpointPolicyExtension
|
|
4
Medium
|
Steve Martinelli
|
10
Fix Released
|
1482660
|
#1482660 |
Stop using deprecated methods in assignment manager
|
|
4
Medium
|
Brant Knudson
|
10
Fix Released
|
1482772
|
#1482772 |
Region filtering for endpoints does not work
|
|
4
Medium
|
Lin Hua Cheng
|
10
Fix Released
|
1484237
|
#1484237 |
token revocations not always respected when using fernet tokens
|
|
4
Medium
|
werner mendizabal
|
10
Fix Released
|
1484735
|
#1484735 |
Assertion signing error causes TypeError for Message objects do not support addition
|
|
4
Medium
|
Brant Knudson
|
10
Fix Released
|
1485116
|
#1485116 |
EndpointFilter backend implementation doesn't inherit its driver interface
|
|
4
Medium
|
Vivek Dhayaal
|
10
Fix Released
|
1485604
|
#1485604 |
Logs must contain the request ID
|
|
4
Medium
|
Brant Knudson
|
10
Fix Released
|
1485694
|
#1485694 |
Keystone raises an exception when it receives incorrectly encoded parameters
|
|
4
Medium
|
Sean Perry
|
10
Fix Released
|
1487115
|
#1487115 |
Ephemeral user's id is not always urlsafe
|
|
4
Medium
|
David Stanek
|
10
Fix Released
|
1487937
|
#1487937 |
IndexError if federation mapping doesn't match anything
|
|
4
Medium
|
Jamie Lennox
|
10
Fix Released
|
1487960
|
#1487960 |
ValueError when creating a user
|
|
4
Medium
|
Eric Brown
|
10
Fix Released
|
1488208
|
#1488208 |
Revoking a role assignment revokes unscoped tokens too
|
|
4
Medium
|
Dolph Mathews
|
10
Fix Released
|
1490160
|
#1490160 |
Unit tests are super slow
|
|
4
Medium
|
David Stanek
|
10
Fix Released
|
1490354
|
#1490354 |
Tox exhausting /tmp partition
|
|
4
Medium
|
Jamie Lennox
|
10
Fix Released
|
1491916
|
#1491916 |
Improve IdP Specific WebSSO docs
|
|
4
Medium
|
Lance Bragstad
|
10
Fix Released
|
1491926
|
#1491926 |
Remove padding from Fernet tokens
|
|
4
Medium
|
Lance Bragstad
|
10
Fix Released
|
1098564
|
#1098564 |
Cannot delete a service or endpoint
|
|
5
Low
|
Theodore Ilie
|
10
Fix Released
|
1175905
|
#1175905 |
passlib failure to sanitize env variables PASSLIB_MAX_PASSWORD_SIZE
|
|
5
Low
|
Eric Brown
|
10
Fix Released
|
1260495
|
#1260495 |
Setting autodoc_tree_index_modules makes documentation builds fail
|
|
5
Low
|
David Stanek
|
10
Fix Released
|
1379952
|
#1379952 |
API accepts tenant name for "TenantId", fails, and provides not helpful message
|
|
5
Low
|
Dolph Mathews
|
10
Fix Released
|
1412447
|
#1412447 |
SQL identity driver does't support backend filtering on membership queries
|
|
5
Low
|
Alexey Miroshkin
|
10
Fix Released
|
1418643
|
#1418643 |
References to im_class.__name__ are not compatible with python3
|
|
5
Low
|
David Stanek
|
10
Fix Released
|
1425113
|
#1425113 |
list_projects_in_subtree() and list_project_parents() accepts invalid values
|
|
5
Low
|
Raildo Mascena de Sousa Filho
|
10
Fix Released
|
1428124
|
#1428124 |
Missing tests to list projects by the parent_id
|
|
5
Low
|
Rodrigo Duarte
|
10
Fix Released
|
1434370
|
#1434370 |
common/README still references openstack-common
|
|
5
Low
|
Kamil Rykowski
|
10
Fix Released
|
1434643
|
#1434643 |
missing parent_id filter in the API spec for list projects
|
|
5
Low
|
Rodrigo Duarte
|
10
Fix Released
|
1435693
|
#1435693 |
A number of places where we LOG messages fail to use the _L{X} formatting
|
|
5
Low
|
Henry Nash
|
10
Fix Released
|
1438517
|
#1438517 |
Assignment driver clean-up methods have confusing names
|
|
5
Low
|
Henry Nash
|
10
Fix Released
|
1442510
|
#1442510 |
The docstring for class: MemcachedBackend is not accurate
|
|
5
Low
|
Dave Chen
|
10
Fix Released
|
1443721
|
#1443721 |
Make checking of Trust existence more DRY
|
|
5
Low
|
Lin Hua Cheng
|
10
Fix Released
|
1444748
|
#1444748 |
Remove unused policy rule for trust
|
|
5
Low
|
Lin Hua Cheng
|
10
Fix Released
|
1446834
|
#1446834 |
Project tree cycle checking logic is broken
|
|
5
Low
|
David Stanek
|
10
Fix Released
|
1452197
|
#1452197 |
websso docs have incorrect/incomplete Apache config snippets
|
|
5
Low
|
Julian Edwards
|
10
Fix Released
|
1452418
|
#1452418 |
Fernet tokens read from disk on every request
|
|
5
Low
|
Dolph Mathews
|
10
Fix Released
|
1455344
|
#1455344 |
the deprecated compute_port option need to be removed
|
|
5
Low
|
|
10
Fix Released
|
1456069
|
#1456069 |
The validity of "expires_at" parameter should be checked when creating trust
|
|
5
Low
|
Liusheng
|
10
Fix Released
|
1459116
|
#1459116 |
miss testcase for the external authentication of DefaultDomain
|
|
5
Low
|
Dave Chen
|
10
Fix Released
|
1459532
|
#1459532 |
api_curl_examples.rst is out of date
|
|
5
Low
|
Dave Chen
|
10
Fix Released
|
1459816
|
#1459816 |
update sample_data script to use openstack commands
|
|
5
Low
|
Phil Hopkins
|
10
Fix Released
|
1460839
|
#1460839 |
bandit: blacklist_functions not a valid plugin
|
|
5
Low
|
Eric Brown
|
10
Fix Released
|
1461031
|
#1461031 |
Federation docs say domain is identified by name not id
|
|
5
Low
|
Marek Denis
|
10
Fix Released
|
1462242
|
#1462242 |
developer docs still have mention of bin/keystone-all
|
|
5
Low
|
Chloe Jensen
|
10
Fix Released
|
1462355
|
#1462355 |
wrong title in v3 OS-INHERIT Extension spec
|
|
5
Low
|
Guojian Shao
|
10
Fix Released
|
1466092
|
#1466092 |
Docs say OS-FEDERATION is an extension
|
|
5
Low
|
Marek Denis
|
10
Fix Released
|
1466957
|
#1466957 |
keystone configuration docs missing some keystone-manage commands
|
|
5
Low
|
Eric Brown
|
10
Fix Released
|
1468564
|
#1468564 |
remove unnecessary executable bit of the source files
|
|
5
Low
|
Ren Qiaowei
|
10
Fix Released
|
1468597
|
#1468597 |
v3 - Ambiguous error when no request body is provided
|
|
5
Low
|
Dave Chen
|
10
Fix Released
|
1471034
|
#1471034 |
create endpoint requests with invalid URLs are not rejected
|
|
5
Low
|
jiaxi
|
10
Fix Released
|
1471446
|
#1471446 |
LDAP backend adds more than one objectClass constraint in search filter for some requests
|
|
5
Low
|
Ivan Mironov
|
10
Fix Released
|
1471671
|
#1471671 |
testcase didn't use the reference data correctly
|
|
5
Low
|
Dave Chen
|
10
Fix Released
|
1471967
|
#1471967 |
Fernet unit tests do not test persistence logic
|
|
5
Low
|
Lance Bragstad
|
10
Fix Released
|
1472054
|
#1472054 |
creating a trust specified "allow_redelegation =true and remaining_uses=2" doesn't show error message
|
|
5
Low
|
Deepti Ramakrishna
|
10
Fix Released
|
1472306
|
#1472306 |
Broken ascii diagram in materialized path spec
|
|
5
Low
|
Alexander Makarov
|
10
Fix Released
|
1472987
|
#1472987 |
helpless exception message
|
|
5
Low
|
Dave Chen
|
10
Fix Released
|
1473511
|
#1473511 |
Raising ForbiddenAction when ValidationError happens
|
|
5
Low
|
Henrique Truta
|
10
Fix Released
|
1474490
|
#1474490 |
keystone.tests.unit.common.test_notifications.NotificationsTestCase fails in isolation
|
|
5
Low
|
David Stanek
|
10
Fix Released
|
1474491
|
#1474491 |
keystone.tests.unit.test_config fails in isolation
|
|
5
Low
|
Brant Knudson
|
10
Fix Released
|
1474997
|
#1474997 |
Federated tests don't check group existence in federated tokens
|
|
5
Low
|
Marek Denis
|
10
Fix Released
|
1477898
|
#1477898 |
Fix five typos on keystone document
|
|
5
Low
|
Atsushi SAKAI
|
10
Fix Released
|
1478504
|
#1478504 |
test_admin_version_v3 actually tests public app
|
|
5
Low
|
Alexey Miroshkin
|
10
Fix Released
|
1478629
|
#1478629 |
test_admin in VersionSingleAppTestCase expects public endpoint in a response
|
|
5
Low
|
Alexey Miroshkin
|
10
Fix Released
|
1478656
|
#1478656 |
Non-numeric filenames in key_repository will make Keystone explode
|
|
5
Low
|
Clint Byrum
|
10
Fix Released
|
1480119
|
#1480119 |
Replace tearDown with addCleanup in unit tests
|
|
5
Low
|
Dave Chen
|
10
Fix Released
|
1482585
|
#1482585 |
Fix duplicate-key pylint issue
|
|
5
Low
|
Rajesh Tailor
|
10
Fix Released
|
1482687
|
#1482687 |
enabled emulation query should request no attributes
|
|
5
Low
|
Brant Knudson
|
10
Fix Released
|
1485104
|
#1485104 |
Redundant rule:cloud_admin in list_role_assignments v3 policy file
|
|
5
Low
|
Timothy Symanczyk
|
10
Fix Released
|
1485687
|
#1485687 |
keystone install from source doc missing libffi-devel (fedora)
|
|
5
Low
|
algerwang
|
10
Fix Released
|
1486313
|
#1486313 |
add executable bit of the source files
|
|
5
Low
|
Ren Qiaowei
|
10
Fix Released
|
1487663
|
#1487663 |
no testcases to cover the region creation with invalid id
|
|
5
Low
|
Dave Chen
|
10
Fix Released
|
1488903
|
#1488903 |
Link attached to Json schema is wrong
|
|
5
Low
|
Morgan Fainberg
|
10
Fix Released
|
1489118
|
#1489118 |
Tests fail with local keystone.conf modifications
|
|
5
Low
|
Brant Knudson
|
10
Fix Released
|
1489474
|
#1489474 |
Lack of federated token user object validation
|
|
5
Low
|
Marek Denis
|
10
Fix Released
|
1491854
|
#1491854 |
Fix typos in 'developing_drivers' doc
|
|
5
Low
|
Naveen KunaReddy
|
10
Fix Released
|
1495645
|
#1495645 |
keystone-manage and keystone-all man pages incorrect versions/dates
|
|
5
Low
|
Eric Brown
|
10
Fix Released
|
1497132
|
#1497132 |
tokenless auth is logging excessively on every call
|
|
5
Low
|
Steve Martinelli
|
10
Fix Released
|
1387605
|
#1387605 |
Implement validation on Identity V3 API
|
|
6
Wishlist
|
Lance Bragstad
|
10
Fix Released
|
1423973
|
#1423973 |
Use choices from oslo_config
|
|
6
Wishlist
|
Lance Bragstad
|
10
Fix Released
|
1442343
|
#1442343 |
Mapping openstack_project attribute in k2k assertions with different domains
|
|
6
Wishlist
|
Rodrigo Duarte
|
10
Fix Released
|
1442787
|
#1442787 |
Mapping openstack_user attribute in k2k assertions with different domains
|
|
6
Wishlist
|
Rodrigo Duarte
|
10
Fix Released
|
1445183
|
#1445183 |
Expose domain_name in the context for policy.json
|
|
6
Wishlist
|
Lin Hua Cheng
|
10
Fix Released
|
1460492
|
#1460492 |
List credentials by type
|
|
6
Wishlist
|
Steve Martinelli
|
10
Fix Released
|
1468501
|
#1468501 |
keystone-manage should accept both formats of mapping rules
|
|
6
Wishlist
|
Marek Denis
|
10
Fix Released
|
1468544
|
#1468544 |
xmlsec1 error output is not logged
|
|
6
Wishlist
|
Hugh Saunders
|
10
Fix Released
|
1480480
|
#1480480 |
keystone v3 example policy file should allow domain admin to get it's current domain
|
|
6
Wishlist
|
Dan Nguyen
|
10
Fix Released
|
1482662
|
#1482662 |
Remove deprecated methods from assignment manager
|
|
6
Wishlist
|
Brant Knudson
|
10
Fix Released
|