Open Stack

Aside from dealing with PKI token revocation:

https://review.openstack.org/#/c/11483/

Here's the list of outstanding Keystone reviews:

https://review.openstack.org/#/q/status:open+project:openstack/keystone,n,z



I've got 7 review requests in my Queue, all of which someone has dealt 
with to a degree:

*Domains:  waiting on Guang.  Doesn't look like it is  going to happen 
for Folsom
*Keyring support for openstack client seems to be OK,  and I don;t have 
approval anyway.
*Policy:  waiting on Dolph. Is this going to make it?
*Validation of paramaters during Create User? -1'd by Joe Heck (I agree 
with the rationale) and no response since Aug 13
*Returning roles from authenticate in ldap backend:  -1ed by Dolph, 
waiting on Ryan Lane
*allow middleware configuration from app config. -1ed by Joe, I now 
think it is out of date, and rebasing will be slightly non-trivial. 
Really should be rebased after PKI token revocation goes in. I can 
handle the reworking of it.  Alan seems to be working on other Openstack 
issues these days.
*Rename disaple_pki config option as pki_security.  I -1ed it.  Fix is 
actually in the revocation code.



I've added myself as reviewer to
* Add an OCF resource agent to Keystone.
And should make some progress with it shortly.

I reviewed
*Add license comment in some file:  +2. Needs one more core.


Just approved
* Remove unused imports:
* Remove unused variables


Some others:

* Add Tests for PAM authentication: I am not sure why there should be 
PAM specific tests.  I don't want to NACK it, since I just don't 
understand the rationale.
* Adding missing files to MANIFEST.in  failed due to a mismatch on 
prettytable requirement 6 vs 6.1 installed.  Pre-existng condition, and 
not due to this patch
* LOG.warn all exception.Unauthorized authentication failures:  please 
hold off on merging until after PKI token, as that might invalidate.  It 
will be easy to rework post merge.