The response status for some HEAD calls was changed to follow the
HTTP specification a while back. Specifically, any call that supports
both GET and HEAD methods should return the same response code. The
API docs still list all successfull HEAD requests with a response code
of 204, which is not correct in all cases.
This patch adjusts the expected response status for HEAD calls to
match the actual implementation.
Change-Id: I6f518ebbe00a0b2860ca5db0d10b93f313abd488
Related-bug: #1334368
Add API information about retrieving metadata, which is required
when Keystone is acting as a SAML2 Identity Provider.
Change-Id: I062ed20b2fa28931db43f373cd861a9be104e50c
Implements: bp keystone-to-keystone-federation
Create the specification for SAML generation in the OS-FEDERATION
api spec.
Co-Authored-By: Marek Denis <marek.denis@cern.ch>
Implements: bp keystone-to-keystone-federation
Change-Id: Ic0e062fb593e8251efb956dd6510c6eca71e59b3
Fixing my comments from: https://review.openstack.org/#/c/106292/
implements bp multi-attribute-endpoint-grouping
Change-Id: I0e486cd850991ab0c6dec75f1c0193ba5f450e3a
The current APIs simply put OS-ENDPOINT-POLICY at the start of the
API url. Technically, this should appear in the url at the
location where this differs from the standard core urls.
Partially implements: bp endpoint-policy
Change-Id: I2c49d46e2374aed2411849bd2fd1adf42beaa2c6
Update of the revocation events documentation to deprecate the use
of `expires_at` and add in use of `audit_id` and `audit_chain_id`.
Change-Id: I36ed24d08126ef2507af77ec6e65372cc07bbb2b
bp: non-persistent-tokens
Extension API for endpoint policy association and retrieval.
Partially implements: bp endpoint-policy
Change-Id: I5ccc62ac236e9a582cad44b4a38979f31642c8e6
Add the information about the audit_identifiers that will be provided
within the token data.
Change-Id: Icad62c6a23d8c81be2539815aa8a80af9d341de5
bp: non-persistent-tokens
We do not include self links in any of the entities we include
in a token response.
Closes-Bug: 1354408
Change-Id: I54252f3f412f09d860777000f3ab0cb282d947e0
Add an OS-FEDERATION section to the user section in a scoped
federation token. We currently do the same for unscoped tokens.
Change-Id: Ie056297f713f71eb7dd47e6cdea87579c600cfae
Partial-Bug: #1351038
The resources were split between "Core API" and "Identity". All of
these are core APIs so the Identity grouping was removed.
Long lines of paragraph text were wrapped at 79 chars for easier
reviewing.
Change-Id: I423ef0ebd69e546f2dd8d7eac579a57ef591666e
Update the API doc for the Keystone extension OS-EP-FILTER with the
new Endpoint Grouping APIs.
Related spec: https://review.openstack.org/#/c/102023/
Change-Id: If69f9d5c74ebf185f62974ad2d1da26778c6f15b
This introduces a new call for authenticated users to retrieve a service
catalog from Keystone. It is designed to compliment tokens generated
using ?nocatalog.
blueprint: get-catalog
Change-Id: Ia967032839c5575c72a6459974114a0165921cc9
Two sections were entitled 'Validate token', whereas the second should
have distinguished itself from the first. Also added a line break after
"New in version..." to show that the entire section is new, not just the
one paragraph.
Change-Id: If6dd9c099950d24f65e861b28f7fc80810c78225
Links sections are misplaced in some OS-FEDERATION mappings'
API HTTP request/response examples. They need to be moved to appropriate
objects.
Closes-Bug: #1336258
Change-Id: I076b3fcfa3067b37b30280e9d00481b5a4eda671
Every rule should have a local ``user`` object that is used to
produce a unique user_id of the federated user. Not all examples of the
OS-FEDERATION extension included such object.
Change-Id: Ib1a2a956cb3638402b283ad13841f48d31814240
Closes-Bug: #1312221
