diff options
| author | Gabriel Hurley <gabriel@strikeawe.com> | 2012-04-13 21:46:04 -0700 |
|---|---|---|
| committer | Gabriel Hurley <gabriel@strikeawe.com> | 2012-07-09 16:57:52 -0700 |
| commit | c339189b442227e6408e19f3b3d1b13695d5b158 (patch) | |
| tree | 8e4bd955ae46e2a4bc3c7aec78b4f47d93ab9e45 /tools | |
| parent | 3990985aa07da3ad56627e2221864e31a8c70402 (diff) | |
| download | tuskar-ui-c339189b442227e6408e19f3b3d1b13695d5b158.tar.gz | |
Auth refactor.
Switch to using the self-contained django_openstack_auth
package which is a proper django.contrib.auth pluggable
backend.
Notable functional improvements include:
* Better overall security via use of standard Django
auth code (well-vetted by security experts).
* Token expiration checking.
* User "enabled" attribute checking.
* Support for full range of Django auth attributes
such as is_anonymous, is_active, is_superuser, etc.
* Improved hooks for RBAC/permission-based acess control.
Regarding the RBAC/permission-based access control, this
patch moves all "role" and "service"-oriented checks to
permission checks. This will make transitioning to
policy-driven checking much easier once that fully lands
in OpenStack.
Implements blueprint move-keystone-support-to-django-auth-backend
Change-Id: I4f3112af797aff8c4c5e9930c6ca33a70e45589d
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/pip-requires | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/tools/pip-requires b/tools/pip-requires index 3ffd0988..695efc3c 100644 --- a/tools/pip-requires +++ b/tools/pip-requires @@ -1,6 +1,7 @@ # Horizon Core Requirements Django>=1.4 django_compressor +django_openstack_auth python-cloudfiles python-glanceclient python-keystoneclient |