Hello community,
here is the log from the commit of package python-keystoneclient for openSUSE:13.1 checked in at 2013-10-23 11:26:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.1/python-keystoneclient (Old)
and /work/SRC/openSUSE:13.1/.python-keystoneclient.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-keystoneclient"
Changes:
--------
--- /work/SRC/openSUSE:13.1/python-keystoneclient/python-keystoneclient.changes 2013-10-01 08:29:38.000000000 +0200
+++ /work/SRC/openSUSE:13.1/.python-keystoneclient.new/python-keystoneclient.changes 2013-10-23 11:27:01.000000000 +0200
@@ -1,0 +2,17 @@
+Mon Oct 14 07:45:27 UTC 2013 - speilicke@suse.com
+
+- Update to version 0.4.0:
+ + Refactor for testability of an upcoming change
+ + Fix H202 assertRaises Exception
+ + Normalize datetimes to account for tz
+- Set _service to fixed revision (around Havana release)
+- Rebased 0001-Add-workaround-for-OSError-raised-by-Popen.communica.patch
+
+-------------------------------------------------------------------
+Mon Oct 7 11:10:58 UTC 2013 - opensuse-cloud@opensuse.org
+
+- Update to version 0.3.2.82:
+ + Log user info in auth_token middleware
+ + Add auth_uri in conf to avoid unnecessary warning
+
+-------------------------------------------------------------------
Old:
----
python-keystoneclient-master.tar.gz
New:
----
python-keystoneclient-0.4.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-keystoneclient.spec ++++++
--- /var/tmp/diff_new_pack.4hAbRC/_old 2013-10-23 11:27:01.000000000 +0200
+++ /var/tmp/diff_new_pack.4hAbRC/_new 2013-10-23 11:27:01.000000000 +0200
@@ -19,13 +19,13 @@
%define component keystoneclient
Name: python-%{component}
-Version: 0.3.2.78
+Version: 0.4.0
Release: 0
Summary: Openstack Identity (Keystone) API Client
License: Apache-2.0
Group: Development/Languages/Python
Url: http://launchpad.net/python-keystoneclient
-Source: python-keystoneclient-master.tar.gz
+Source: python-keystoneclient-0.4.0.tar.gz
Source2: openstack-keystone.sh
Patch0: 0001-Add-workaround-for-OSError-raised-by-Popen.communica.patch
Patch1: 0001-Make-ROOTDIR-determination-more-robust.patch
@@ -99,7 +99,7 @@
This package contains testsuite files for %{name}.
%prep
-%setup -q -n python-keystoneclient-0.3.2.78.gbaa9490
+%setup -q -n python-keystoneclient-0.4.0
%patch0 -p1
%patch1 -p1
%openstack_cleanup_prep
++++++ 0001-Add-workaround-for-OSError-raised-by-Popen.communica.patch ++++++
--- /var/tmp/diff_new_pack.4hAbRC/_old 2013-10-23 11:27:01.000000000 +0200
+++ /var/tmp/diff_new_pack.4hAbRC/_new 2013-10-23 11:27:01.000000000 +0200
@@ -1,33 +1,7 @@
-From 52c34736056bf13f51c9a167fb29214a300c41f2 Mon Sep 17 00:00:00 2001
-From: Dirk Mueller
-Date: Thu, 20 Jun 2013 18:49:26 +0200
-Subject: [PATCH] Add workaround for OSError raised by Popen.communicate()
-
-Python 2.6 can raise OSError when too much data is
-written to STDIN and the process died prematurely.
-
-In the case of keystoneclient this happens during
-the first cms_verify() call of a process. The calling
-logic expects a useful error message in order to
-refetches CA or singing CERT, which is missing in the
-case of an OSError. So just fake it instead.
-
-Add basic unit tests to cover all of the public methods from
-keystone.common.cms, raising test coverage to 77%. Add
-unit test for this specific bug (test_cms_verify_token_no_oserror).
-
-Change-Id: I6e650ab9494c605b4e41c78c87a9505e09d5fc29
----
- keystoneclient/common/cms.py | 42 +++++++++++--
- keystoneclient/tests/client_fixtures.py | 14 ++++-
- keystoneclient/tests/test_auth_token_middleware.py | 73 ++++++++++++++++++++++
- 3 files changed, 122 insertions(+), 7 deletions(-)
-
-diff --git a/keystoneclient/common/cms.py b/keystoneclient/common/cms.py
-index 8bc24f9..d6a1753 100644
---- a/keystoneclient/common/cms.py
-+++ b/keystoneclient/common/cms.py
-@@ -38,6 +38,36 @@ def _ensure_subprocess():
+diff -ruN a/keystoneclient/common/cms.py b/keystoneclient/common/cms.py
+--- a/keystoneclient/common/cms.py 2013-10-09 21:46:20.000000000 +0200
++++ b/keystoneclient/common/cms.py 2013-10-14 09:52:06.493270055 +0200
+@@ -38,6 +38,36 @@
import subprocess # noqa
@@ -64,7 +38,7 @@
def cms_verify(formatted, signing_cert_file_name, ca_file_name):
"""Verifies the signature of the contents IAW CMS syntax.
-@@ -53,8 +83,10 @@ def cms_verify(formatted, signing_cert_file_name, ca_file_name):
+@@ -53,8 +83,10 @@
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
@@ -77,7 +51,7 @@
if retcode:
# Do not log errors, as some happen in the positive thread
# instead, catch them in the calling code and log them there.
-@@ -150,8 +182,10 @@ def cms_sign_text(text, signing_cert_file_name, signing_key_file_name):
+@@ -150,8 +182,10 @@
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
@@ -90,11 +64,10 @@
if retcode or "Error" in err:
LOG.error('Signing error: %s' % err)
raise subprocess.CalledProcessError(retcode, "openssl")
-diff --git a/keystoneclient/tests/client_fixtures.py b/keystoneclient/tests/client_fixtures.py
-index dd1c95f..c17db42 100644
---- a/keystoneclient/tests/client_fixtures.py
-+++ b/keystoneclient/tests/client_fixtures.py
-@@ -26,7 +26,7 @@ CLIENTDIR = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))
+diff -ruN a/keystoneclient/tests/client_fixtures.py b/keystoneclient/tests/client_fixtures.py
+--- a/keystoneclient/tests/client_fixtures.py 2013-10-09 21:46:20.000000000 +0200
++++ b/keystoneclient/tests/client_fixtures.py 2013-10-14 09:52:06.109272165 +0200
+@@ -26,7 +26,7 @@
ROOTDIR = os.path.dirname(CLIENTDIR)
CERTDIR = os.path.join(ROOTDIR, 'examples', 'pki', 'certs')
CMSDIR = os.path.join(ROOTDIR, 'examples', 'pki', 'cms')
@@ -103,7 +76,7 @@
# @TODO(mordred) This should become a testresources resource attached to the
# class
-@@ -49,9 +49,17 @@ with open(os.path.join(CMSDIR, 'revocation_list.json')) as f:
+@@ -49,9 +49,17 @@
REVOCATION_LIST = jsonutils.loads(f.read())
with open(os.path.join(CMSDIR, 'revocation_list.pem')) as f:
SIGNED_REVOCATION_LIST = jsonutils.dumps({'signed': f.read()})
@@ -123,11 +96,10 @@
SIGNING_CA = f.read()
UUID_TOKEN_DEFAULT = "ec6c0710ec2f471498484c1b53ab4f9d"
-diff --git a/keystoneclient/tests/test_auth_token_middleware.py b/keystoneclient/tests/test_auth_token_middleware.py
-index 06e7609..98271d6 100644
---- a/keystoneclient/tests/test_auth_token_middleware.py
-+++ b/keystoneclient/tests/test_auth_token_middleware.py
-@@ -19,6 +19,7 @@ import iso8601
+diff -ruN a/keystoneclient/tests/test_auth_token_middleware.py b/keystoneclient/tests/test_auth_token_middleware.py
+--- a/keystoneclient/tests/test_auth_token_middleware.py 2013-10-09 21:46:20.000000000 +0200
++++ b/keystoneclient/tests/test_auth_token_middleware.py 2013-10-14 09:52:46.021052970 +0200
+@@ -20,6 +20,7 @@
import os
import shutil
import stat
@@ -135,12 +107,10 @@
import sys
import tempfile
import testtools
-@@ -1218,3 +1219,75 @@ class TokenEncodingTest(testtools.TestCase):
-
- def test_quoted_token(self):
+@@ -1256,6 +1257,78 @@
self.assertEqual('foo%20bar', auth_token.safe_quote('foo%20bar'))
-+
-+
+
+
+class CmsTest(testtools.TestCase):
+
+ """Unit tests for the keystoneclient.common.cms module."""
@@ -211,6 +181,8 @@
+ self.assertTrue(cms.cms_verify(cms_content,
+ client_fixtures.SIGNING_CERT_FILE,
+ client_fixtures.SIGNING_CA_FILE))
---
-1.8.4
-
++
++
+ class TokenExpirationTest(BaseAuthTokenMiddlewareTest):
+ def setUp(self):
+ super(TokenExpirationTest, self).setUp()
++++++ _service ++++++
--- /var/tmp/diff_new_pack.4hAbRC/_old 2013-10-23 11:27:02.000000000 +0200
+++ /var/tmp/diff_new_pack.4hAbRC/_new 2013-10-23 11:27:02.000000000 +0200
@@ -1,8 +1,8 @@
<services>
<service name="git_tarballs" mode="disabled">
- <param name="url">http://tarballs.openstack.org/python-keystoneclient/python-keystoneclient-ma...</param>
+ <param name="url">http://tarballs.openstack.org/python-keystoneclient/python-keystoneclient-0....</param>
<param name="email">opensuse-cloud@opensuse.org</param>
- <param name="version-regexp">.*-([^-]+)\.g[a-zA-Z0-9]{7}</param>
+ <!--<param name="version-regexp">.*-([^-]+)\.g[a-zA-Z0-9]{7}</param>-->
<param name="plain-version">True</param>
</service>
</services>
++++++ python-keystoneclient-master.tar.gz -> python-keystoneclient-0.4.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-keystoneclient-0.3.2.78.gbaa9490/AUTHORS new/python-keystoneclient-0.4.0/AUTHORS
--- old/python-keystoneclient-0.3.2.78.gbaa9490/AUTHORS 2013-09-27 07:56:16.000000000 +0200
+++ new/python-keystoneclient-0.4.0/AUTHORS 2013-10-09 21:47:02.000000000 +0200
@@ -5,12 +5,14 @@
Alessio Ababilov
Alessio Ababilov
Alex Meade
+AmalaBasha
Andy McCrae
Anthony Young
Bhuvan Arumugam
Brian Lamar
Brian Waldon
Bryan D. Payne
+Bryan Davidson
Carlos D. Garza
Chang Bo Guo
Charles V Bock
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-keystoneclient-0.3.2.78.gbaa9490/ChangeLog new/python-keystoneclient-0.4.0/ChangeLog
--- old/python-keystoneclient-0.3.2.78.gbaa9490/ChangeLog 2013-09-27 07:56:16.000000000 +0200
+++ new/python-keystoneclient-0.4.0/ChangeLog 2013-10-09 21:47:02.000000000 +0200
@@ -1,3 +1,99 @@
+commit 4ae816bbfff7eb3d3bbe63f4e47e40dcb0b9c031
+Merge: 102b867 93793cb
+Author: Jenkins
+Date: Wed Oct 9 17:23:18 2013 +0000
+
+ Merge "Normalize datetimes to account for tz"
+
+commit 102b8677fd787998cc28809d56a7319832abb557
+Merge: e9fb6c7 8a036c3
+Author: Jenkins
+Date: Wed Oct 9 16:00:36 2013 +0000
+
+ Merge "Fix H202 assertRaises Exception"
+
+commit 93793cb3963d5d001cb51e3452d2226230a72986
+Author: Bryan Davidson
+Date: Fri Aug 30 13:38:37 2013 -0400
+
+ Normalize datetimes to account for tz
+
+ This patch makes sure that datetimes in the auth_token middleware
+ are normalized to account for timezone offsets.
+
+ Some of the old tests were changed to ensure that the expires string
+ stored in the cache is in ISO 8601 format and not a random float.
+
+ Fixes bug 1195924
+
+ Change-Id: I5917ab728193cd2aa8784c4860a96cdc17f3d43f
+
+commit e9fb6c7c8f5e37a5b94141bcd5b94fcacf41c075
+Merge: 0341f93 a2e7b17
+Author: Jenkins
+Date: Mon Oct 7 17:17:57 2013 +0000
+
+ Merge "Refactor for testability of an upcoming change"
+
+commit 0341f933caf91a522dffe42a5092c1e4a7925adb
+Merge: e170955 2dc3d81
+Author: Jenkins
+Date: Fri Oct 4 15:53:17 2013 +0000
+
+ Merge "Add auth_uri in conf to avoid unnecessary warning"
+
+commit 8a036c3f76f0d0ae4cb4c57f902a5e6b90baa9c9
+Author: Kui Shi
+Date: Fri Oct 4 16:54:03 2013 +0800
+
+ Fix H202 assertRaises Exception
+
+ Align the hacking version between test-requirement and global requirement.
+
+ The change of H202 detection from 0.6 to 0.7 in hacking is:
+
+ - if logical_line.startswith("self.assertRaises(Exception)"):
+ + if logical_line.startswith("self.assertRaises(Exception,"):
+
+ then more cases are detected by this change. Fix the exposed H202 error.
+
+ There is a special test case:
+ tests/v3/test_endpoints.py:test_update_invalid_interface
+
+ ref = self.new_ref(interface=uuid.uuid4().hex)
+
+ this line can not generate proper parameter for self.manager.update,
+ add a parameter "endpoint" for it, according to the
+ definition in keystoneclient/v3/endpoints.py:EndpointManager.update.
+
+ Otherwise, there will be following error after changing the Exception
+ to exceptions.ValidationError:
+ TypeError: update() takes at least 2 arguments (6 given)
+
+ Fixes Bug #1220008
+
+ Change-Id: I8f7ed7a6eebf8576a6db5fecd86b9d19a15c8d60
+
+commit e170955d6de5cbf521d54105bdefaf606ccdb356
+Merge: baa9490 d40a9f4
+Author: Jenkins
+Date: Wed Oct 2 22:33:40 2013 +0000
+
+ Merge "Log user info in auth_token middleware"
+
+commit a2e7b17810ed34719dc101f93dc480e2f9fdce6e
+Author: Bryan Davidson
+Date: Fri Aug 30 12:31:12 2013 -0400
+
+ Refactor for testability of an upcoming change
+
+ confirm_token_not_expired() in keystoneclient/middleware/auth_token.py has
+ been moved out of the class to make it a function and be more testable.
+ Currently, there is no need to keep it within the class. An upcoming
+ commit makes fixes that rely on this refactor to be tested.
+
+ Change-Id: I8460a2ee663dec8be0f339735208779a3b988040
+
commit baa949017a42368ec1e92e49490086364befe5da
Author: Chang Bo Guo
Date: Tue Sep 17 08:41:51 2013 -0700
@@ -11,6 +107,20 @@
Change-Id: I678b2e7fcc522c8776c7fc0a554c1fc229ab781e
+commit 2dc3d81031ad6ebafcd00a095e18a80dfe271674
+Author: ZhiQiang Fan
+Date: Mon Sep 2 02:21:55 2013 +0800
+
+ Add auth_uri in conf to avoid unnecessary warning
+
+ Unittest code for auth_token.py doesn't specify auth_uri in conf,
+ which will cause lots of warnings, since auth_token.py will use
+ '%(protocol)s://%(host)s:%(port)s' to generate auth_uri when it is
+ None, we can specify this value directly to avoid unnecessary warnings.
+
+ Closes-Bug: #1219493
+ Change-Id: I26b636bcddabd91b06479c6a42a6a48d74ac9431
+
commit 5588abdf8a8242fbce6a8f41e0a59c1ad0f6f925
Merge: d9a874f 0a18d8b
Author: Jenkins
@@ -199,6 +309,19 @@
Change-Id: I226881a35a74ef668d4cd1c6829a64c94ff185d9
+commit d40a9f4f6e10feb806d2ee4dd6266c948e7e6645
+Author: AmalaBasha
+Date: Tue Sep 3 15:51:59 2013 +0530
+
+ Log user info in auth_token middleware
+
+ Add logging for user information (like user name, tenant_id, roles) in
+ the auth_token middleware. This would make tracking down issues much
+ easier.
+
+ Change-Id: Ife4ce29d2f8e1a338a025dda4afbd7b563f6b8c1
+ Implements: blueprint user-info-logging-in-auth-token-middleware
+
commit 86c4c2d57b44675f3d8ee2a78be29eed43096e24
Merge: 661d6cf 51b09af
Author: Jenkins
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-keystoneclient-0.3.2.78.gbaa9490/PKG-INFO new/python-keystoneclient-0.4.0/PKG-INFO
--- old/python-keystoneclient-0.3.2.78.gbaa9490/PKG-INFO 2013-09-27 07:56:16.000000000 +0200
+++ new/python-keystoneclient-0.4.0/PKG-INFO 2013-10-09 21:47:03.000000000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: python-keystoneclient
-Version: 0.3.2.78.gbaa9490
+Version: 0.4.0
Summary: Client Library for OpenStack Identity
Home-page: http://www.openstack.org/
Author: OpenStack
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-keystoneclient-0.3.2.78.gbaa9490/keystoneclient/middleware/auth_token.py new/python-keystoneclient-0.4.0/keystoneclient/middleware/auth_token.py
--- old/python-keystoneclient-0.3.2.78.gbaa9490/keystoneclient/middleware/auth_token.py 2013-09-27 07:55:35.000000000 +0200
+++ new/python-keystoneclient-0.4.0/keystoneclient/middleware/auth_token.py 2013-10-09 21:46:20.000000000 +0200
@@ -309,6 +309,31 @@
return expiry < soon
+def _token_is_v2(token_info):
+ return ('access' in token_info)
+
+
+def _token_is_v3(token_info):
+ return ('token' in token_info)
+
+
+def confirm_token_not_expired(data):
+ if not data:
+ raise InvalidUserToken('Token authorization failed')
+ if _token_is_v2(data):
+ timestamp = data['access']['token']['expires']
+ elif _token_is_v3(data):
+ timestamp = data['token']['expires_at']
+ else:
+ raise InvalidUserToken('Token authorization failed')
+ expires = timeutils.parse_isotime(timestamp)
+ expires = timeutils.normalize_time(expires)
+ utcnow = timeutils.utcnow()
+ if utcnow >= expires:
+ raise InvalidUserToken('Token authorization failed')
+ return timeutils.isotime(at=expires, subsecond=True)
+
+
def safe_quote(s):
"""URL-encode strings that are not already URL-encoded."""
return urllib.quote(s) if s == urllib.unquote(s) else s
@@ -439,11 +464,12 @@
def _assert_valid_memcache_protection_config(self):
if self._memcache_security_strategy:
if self._memcache_security_strategy not in ('MAC', 'ENCRYPT'):
- raise Exception('memcache_security_strategy must be '
- 'ENCRYPT or MAC')
+ raise ConfigurationError('memcache_security_strategy must be '
+ 'ENCRYPT or MAC')
if not self._memcache_secret_key:
- raise Exception('mecmache_secret_key must be defined when '
- 'a memcache_security_strategy is defined')
+ raise ConfigurationError('mecmache_secret_key must be defined '
+ 'when a memcache_security_strategy '
+ 'is defined')
def _init_cache(self, env):
cache = self._conf_get('cache')
@@ -783,7 +809,7 @@
data = jsonutils.loads(verified)
else:
data = self.verify_uuid_token(user_token, retry)
- expires = self._confirm_token_not_expired(data)
+ expires = confirm_token_not_expired(data)
self._cache_put(token_id, data, expires)
return data
except NetworkError:
@@ -797,12 +823,6 @@
self.LOG.warn("Authorization failed for token %s", token_id)
raise InvalidUserToken('Token authorization failed')
- def _token_is_v2(self, token_info):
- return ('access' in token_info)
-
- def _token_is_v3(self, token_info):
- return ('token' in token_info)
-
def _build_user_headers(self, token_info):
"""Convert token object into headers.
@@ -846,7 +866,7 @@
project_domain_id = None
project_domain_name = None
- if self._token_is_v2(token_info):
+ if _token_is_v2(token_info):
user = token_info['access']['user']
token = token_info['access']['token']
roles = ','.join([role['name'] for role in user.get('roles', [])])
@@ -898,6 +918,9 @@
'X-Role': roles,
}
+ self.LOG.debug("Received request from user: %s with project_id : %s"
+ " and roles: %s ", user_id, project_id, roles)
+
try:
catalog = catalog_root[catalog_key]
rval['X-Service-Catalog'] = jsonutils.dumps(catalog)
@@ -978,7 +1001,18 @@
raise InvalidUserToken('Token authorization failed')
data, expires = cached
- if ignore_expires or time.time() < float(expires):
+
+ try:
+ expires = timeutils.parse_isotime(expires)
+ except ValueError:
+ # Gracefully handle upgrade of expiration times from *nix
+ # timestamps to ISO 8601 formatted dates by ignoring old cached
+ # values.
+ return
+
+ expires = timeutils.normalize_time(expires)
+ utcnow = timeutils.utcnow()
+ if ignore_expires or utcnow < expires:
self.LOG.debug('Returning cached token %s', token_id)
return data
else:
@@ -1016,21 +1050,6 @@
data_to_store,
timeout=self.token_cache_time)
- def _confirm_token_not_expired(self, data):
- if not data:
- raise InvalidUserToken('Token authorization failed')
- if self._token_is_v2(data):
- timestamp = data['access']['token']['expires']
- elif self._token_is_v3(data):
- timestamp = data['token']['expires_at']
- else:
- raise InvalidUserToken('Token authorization failed')
- expires = timeutils.parse_isotime(timestamp).strftime('%s')
- if time.time() >= float(expires):
- self.LOG.debug('Token expired a %s', timestamp)
- raise InvalidUserToken('Token authorization failed')
- return expires
-
def _cache_put(self, token_id, data, expires):
"""Put token data into the cache.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-keystoneclient-0.3.2.78.gbaa9490/keystoneclient/tests/test_auth_token_middleware.py new/python-keystoneclient-0.4.0/keystoneclient/tests/test_auth_token_middleware.py
--- old/python-keystoneclient-0.3.2.78.gbaa9490/keystoneclient/tests/test_auth_token_middleware.py 2013-09-27 07:55:35.000000000 +0200
+++ new/python-keystoneclient-0.4.0/keystoneclient/tests/test_auth_token_middleware.py 2013-10-09 21:46:20.000000000 +0200
@@ -14,6 +14,7 @@
# License for the specific language governing permissions and limitations
# under the License.
+import calendar
import datetime
import iso8601
import os
@@ -212,7 +213,8 @@
'auth_protocol': 'https',
'auth_admin_prefix': '/testadmin',
'signing_dir': client_fixtures.CERTDIR,
- 'auth_version': auth_version
+ 'auth_version': auth_version,
+ 'auth_uri': 'https://keystone.example.com:1234',
}
self.response_status = None
@@ -374,6 +376,7 @@
'auth_host': 'keystone.example.com',
'auth_port': 1234,
'memcached_servers': 'localhost:11211',
+ 'auth_uri': 'https://keystone.example.com:1234',
}
auth_token.AuthProtocol(FakeApp(), conf)
@@ -402,6 +405,7 @@
'auth_host': '2001:2013:1:f101::1',
'auth_port': 1234,
'auth_protocol': 'http',
+ 'auth_uri': None,
}
self.set_middleware(conf=conf)
expected_auth_uri = 'http://[2001:2013:1:f101::1]:1234'
@@ -701,6 +705,26 @@
seconds=40)
self.assertFalse(auth_token.will_expire_soon(fortyseconds))
+ def test_token_is_v2_accepts_v2(self):
+ token = client_fixtures.UUID_TOKEN_DEFAULT
+ token_response = client_fixtures.TOKEN_RESPONSES[token]
+ self.assertTrue(auth_token._token_is_v2(token_response))
+
+ def test_token_is_v2_rejects_v3(self):
+ token = client_fixtures.v3_UUID_TOKEN_DEFAULT
+ token_response = client_fixtures.TOKEN_RESPONSES[token]
+ self.assertFalse(auth_token._token_is_v2(token_response))
+
+ def test_token_is_v3_rejects_v2(self):
+ token = client_fixtures.UUID_TOKEN_DEFAULT
+ token_response = client_fixtures.TOKEN_RESPONSES[token]
+ self.assertFalse(auth_token._token_is_v3(token_response))
+
+ def test_token_is_v3_accepts_v3(self):
+ token = client_fixtures.v3_UUID_TOKEN_DEFAULT
+ token_response = client_fixtures.TOKEN_RESPONSES[token]
+ self.assertTrue(auth_token._token_is_v3(token_response))
+
def test_encrypt_cache_data(self):
httpretty.disable()
conf = {
@@ -710,7 +734,9 @@
}
self.set_middleware(conf=conf)
token = 'my_token'
- data = ('this_data', 10e100)
+ some_time_later = timeutils.utcnow() + datetime.timedelta(hours=4)
+ expires = timeutils.strtime(some_time_later)
+ data = ('this_data', expires)
self.middleware._init_cache({})
self.middleware._cache_store(token, data)
self.assertEqual(self.middleware._cache_get(token), data[0])
@@ -724,7 +750,9 @@
}
self.set_middleware(conf=conf)
token = 'my_token'
- data = ('this_data', 10e100)
+ some_time_later = timeutils.utcnow() + datetime.timedelta(hours=4)
+ expires = timeutils.strtime(some_time_later)
+ data = ('this_data', expires)
self.middleware._init_cache({})
self.middleware._cache_store(token, data)
self.assertEqual(self.middleware._cache_get(token), data[0])
@@ -737,7 +765,9 @@
}
self.set_middleware(conf=conf)
token = 'my_token'
- data = ('this_data', 10e100)
+ some_time_later = timeutils.utcnow() + datetime.timedelta(hours=4)
+ expires = timeutils.strtime(some_time_later)
+ data = ('this_data', expires)
self.middleware._init_cache({})
self.middleware._cache_store(token, data)
self.assertEqual(self.middleware._cache_get(token), data[0])
@@ -748,35 +778,41 @@
'memcached_servers': ['localhost:11211'],
'memcache_security_strategy': 'Encrypt'
}
- self.assertRaises(Exception, self.set_middleware, conf=conf)
+ self.assertRaises(auth_token.ConfigurationError, self.set_middleware,
+ conf=conf)
# test invalue memcache_security_strategy
conf = {
'memcached_servers': ['localhost:11211'],
'memcache_security_strategy': 'whatever'
}
- self.assertRaises(Exception, self.set_middleware, conf=conf)
+ self.assertRaises(auth_token.ConfigurationError, self.set_middleware,
+ conf=conf)
# test missing memcache_secret_key
conf = {
'memcached_servers': ['localhost:11211'],
'memcache_security_strategy': 'mac'
}
- self.assertRaises(Exception, self.set_middleware, conf=conf)
+ self.assertRaises(auth_token.ConfigurationError, self.set_middleware,
+ conf=conf)
conf = {
'memcached_servers': ['localhost:11211'],
'memcache_security_strategy': 'Encrypt',
'memcache_secret_key': ''
}
- self.assertRaises(Exception, self.set_middleware, conf=conf)
+ self.assertRaises(auth_token.ConfigurationError, self.set_middleware,
+ conf=conf)
conf = {
'memcached_servers': ['localhost:11211'],
'memcache_security_strategy': 'mAc',
'memcache_secret_key': ''
}
- self.assertRaises(Exception, self.set_middleware, conf=conf)
+ self.assertRaises(auth_token.ConfigurationError, self.set_middleware,
+ conf=conf)
def test_config_revocation_cache_timeout(self):
conf = {
- 'revocation_cache_time': 24
+ 'revocation_cache_time': 24,
+ 'auth_uri': 'https://keystone.example.com:1234',
}
middleware = auth_token.AuthProtocol(self.fake_app, conf)
self.assertEquals(middleware.token_revocation_list_cache_timeout,
@@ -1218,3 +1254,212 @@
def test_quoted_token(self):
self.assertEqual('foo%20bar', auth_token.safe_quote('foo%20bar'))
+
+
+class TokenExpirationTest(BaseAuthTokenMiddlewareTest):
+ def setUp(self):
+ super(TokenExpirationTest, self).setUp()
+ timeutils.set_time_override()
+ self.now = timeutils.utcnow()
+ self.delta = datetime.timedelta(hours=1)
+ self.one_hour_ago = timeutils.isotime(self.now - self.delta,
+ subsecond=True)
+ self.one_hour_earlier = timeutils.isotime(self.now + self.delta,
+ subsecond=True)
+
+ def tearDown(self):
+ super(TokenExpirationTest, self).tearDown()
+ timeutils.clear_time_override()
+
+ def create_v2_token_fixture(self, expires=None):
+ v2_fixture = {
+ 'access': {
+ 'token': {
+ 'id': 'blah',
+ 'expires': expires or self.one_hour_earlier,
+ 'tenant': {
+ 'id': 'tenant_id1',
+ 'name': 'tenant_name1',
+ },
+ },
+ 'user': {
+ 'id': 'user_id1',
+ 'name': 'user_name1',
+ 'roles': [
+ {'name': 'role1'},
+ {'name': 'role2'},
+ ],
+ },
+ 'serviceCatalog': {}
+ },
+ }
+
+ return v2_fixture
+
+ def create_v3_token_fixture(self, expires=None):
+
+ v3_fixture = {
+ 'token': {
+ 'expires_at': expires or self.one_hour_earlier,
+ 'user': {
+ 'id': 'user_id1',
+ 'name': 'user_name1',
+ 'domain': {
+ 'id': 'domain_id1',
+ 'name': 'domain_name1'
+ }
+ },
+ 'project': {
+ 'id': 'tenant_id1',
+ 'name': 'tenant_name1',
+ 'domain': {
+ 'id': 'domain_id1',
+ 'name': 'domain_name1'
+ }
+ },
+ 'roles': [
+ {'name': 'role1', 'id': 'Role1'},
+ {'name': 'role2', 'id': 'Role2'},
+ ],
+ 'catalog': {}
+ }
+ }
+
+ return v3_fixture
+
+ def test_no_data(self):
+ data = {}
+ self.assertRaises(auth_token.InvalidUserToken,
+ auth_token.confirm_token_not_expired,
+ data)
+
+ def test_bad_data(self):
+ data = {'my_happy_token_dict': 'woo'}
+ self.assertRaises(auth_token.InvalidUserToken,
+ auth_token.confirm_token_not_expired,
+ data)
+
+ def test_v2_token_not_expired(self):
+ data = self.create_v2_token_fixture()
+ expected_expires = data['access']['token']['expires']
+ actual_expires = auth_token.confirm_token_not_expired(data)
+ self.assertEqual(actual_expires, expected_expires)
+
+ def test_v2_token_expired(self):
+ data = self.create_v2_token_fixture(expires=self.one_hour_ago)
+ self.assertRaises(auth_token.InvalidUserToken,
+ auth_token.confirm_token_not_expired,
+ data)
+
+ def test_v2_token_with_timezone_offset_not_expired(self):
+ current_time = timeutils.parse_isotime('2000-01-01T00:01:10.000123Z')
+ current_time = timeutils.normalize_time(current_time)
+ timeutils.set_time_override(current_time)
+ data = self.create_v2_token_fixture(
+ expires='2000-01-01T00:05:10.000123-05:00')
+ expected_expires = '2000-01-01T05:05:10.000123Z'
+ actual_expires = auth_token.confirm_token_not_expired(data)
+ self.assertEqual(actual_expires, expected_expires)
+
+ def test_v2_token_with_timezone_offset_expired(self):
+ current_time = timeutils.parse_isotime('2000-01-01T00:01:10.000123Z')
+ current_time = timeutils.normalize_time(current_time)
+ timeutils.set_time_override(current_time)
+ data = self.create_v2_token_fixture(
+ expires='2000-01-01T00:05:10.000123+05:00')
+ data['access']['token']['expires'] = '2000-01-01T00:05:10.000123+05:00'
+ self.assertRaises(auth_token.InvalidUserToken,
+ auth_token.confirm_token_not_expired,
+ data)
+
+ def test_v3_token_not_expired(self):
+ data = self.create_v3_token_fixture()
+ expected_expires = data['token']['expires_at']
+ actual_expires = auth_token.confirm_token_not_expired(data)
+ self.assertEqual(actual_expires, expected_expires)
+
+ def test_v3_token_expired(self):
+ data = self.create_v3_token_fixture(expires=self.one_hour_ago)
+ self.assertRaises(auth_token.InvalidUserToken,
+ auth_token.confirm_token_not_expired,
+ data)
+
+ def test_v3_token_with_timezone_offset_not_expired(self):
+ current_time = timeutils.parse_isotime('2000-01-01T00:01:10.000123Z')
+ current_time = timeutils.normalize_time(current_time)
+ timeutils.set_time_override(current_time)
+ data = self.create_v3_token_fixture(
+ expires='2000-01-01T00:05:10.000123-05:00')
+ expected_expires = '2000-01-01T05:05:10.000123Z'
+
+ actual_expires = auth_token.confirm_token_not_expired(data)
+ self.assertEqual(actual_expires, expected_expires)
+
+ def test_v3_token_with_timezone_offset_expired(self):
+ current_time = timeutils.parse_isotime('2000-01-01T00:01:10.000123Z')
+ current_time = timeutils.normalize_time(current_time)
+ timeutils.set_time_override(current_time)
+ data = self.create_v3_token_fixture(
+ expires='2000-01-01T00:05:10.000123+05:00')
+ self.assertRaises(auth_token.InvalidUserToken,
+ auth_token.confirm_token_not_expired,
+ data)
+
+ def test_cached_token_not_expired(self):
+ token = 'mytoken'
+ data = 'this_data'
+ self.set_middleware()
+ self.middleware._init_cache({})
+ some_time_later = timeutils.strtime(at=(self.now + self.delta))
+ expires = some_time_later
+ self.middleware._cache_put(token, data, expires)
+ self.assertEqual(self.middleware._cache_get(token), data)
+
+ def test_cached_token_not_expired_with_old_style_nix_timestamp(self):
+ """Ensure we cannot retrieve a token from the cache.
+
+ Getting a token from the cache should return None when the token data
+ in the cache stores the expires time as a *nix style timestamp.
+
+ """
+ token = 'mytoken'
+ data = 'this_data'
+ self.set_middleware()
+ self.middleware._init_cache({})
+ some_time_later = self.now + self.delta
+ # Store a unix timestamp in the cache.
+ expires = calendar.timegm(some_time_later.timetuple())
+ self.middleware._cache_put(token, data, expires)
+ self.assertIsNone(self.middleware._cache_get(token))
+
+ def test_cached_token_expired(self):
+ token = 'mytoken'
+ data = 'this_data'
+ self.set_middleware()
+ self.middleware._init_cache({})
+ some_time_earlier = timeutils.strtime(at=(self.now - self.delta))
+ expires = some_time_earlier
+ self.middleware._cache_put(token, data, expires)
+ self.assertIsNone(self.middleware._cache_get(token))
+
+ def test_cached_token_with_timezone_offset_not_expired(self):
+ token = 'mytoken'
+ data = 'this_data'
+ self.set_middleware()
+ self.middleware._init_cache({})
+ timezone_offset = datetime.timedelta(hours=2)
+ some_time_later = self.now - timezone_offset + self.delta
+ expires = timeutils.strtime(some_time_later) + '-02:00'
+ self.middleware._cache_put(token, data, expires)
+ self.assertEqual(self.middleware._cache_get(token), data)
+
+ def test_cached_token_with_timezone_offset_expired(self):
+ token = 'mytoken'
+ data = 'this_data'
+ self.set_middleware()
+ self.middleware._init_cache({})
+ timezone_offset = datetime.timedelta(hours=2)
+ some_time_earlier = self.now - timezone_offset - self.delta
+ expires = timeutils.strtime(some_time_earlier) + '-02:00'
+ self.middleware._cache_put(token, data, expires)
+ self.assertIsNone(self.middleware._cache_get(token))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-keystoneclient-0.3.2.78.gbaa9490/keystoneclient/tests/v3/test_endpoints.py new/python-keystoneclient-0.4.0/keystoneclient/tests/v3/test_endpoints.py
--- old/python-keystoneclient-0.3.2.78.gbaa9490/keystoneclient/tests/v3/test_endpoints.py 2013-09-27 07:55:35.000000000 +0200
+++ new/python-keystoneclient-0.4.0/keystoneclient/tests/v3/test_endpoints.py 2013-10-09 21:46:20.000000000 +0200
@@ -14,6 +14,7 @@
import uuid
+from keystoneclient import exceptions
from keystoneclient.tests.v3 import utils
from keystoneclient.v3 import endpoints
@@ -49,7 +50,7 @@
def test_create_invalid_interface(self):
ref = self.new_ref(interface=uuid.uuid4().hex)
- self.assertRaises(Exception, self.manager.create,
+ self.assertRaises(exceptions.ValidationError, self.manager.create,
**utils.parameterize(ref))
def test_update_public_interface(self):
@@ -66,7 +67,8 @@
def test_update_invalid_interface(self):
ref = self.new_ref(interface=uuid.uuid4().hex)
- self.assertRaises(Exception, self.manager.update,
+ ref['endpoint'] = "fake_endpoint"
+ self.assertRaises(exceptions.ValidationError, self.manager.update,
**utils.parameterize(ref))
def test_list_public_interface(self):
@@ -87,5 +89,5 @@
def test_list_invalid_interface(self):
interface = uuid.uuid4().hex
expected_path = 'v3/%s?interface=%s' % (self.collection_key, interface)
- self.assertRaises(Exception, self.manager.list,
+ self.assertRaises(exceptions.ValidationError, self.manager.list,
expected_path=expected_path, interface=interface)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-keystoneclient-0.3.2.78.gbaa9490/keystoneclient/v3/endpoints.py new/python-keystoneclient-0.4.0/keystoneclient/v3/endpoints.py
--- old/python-keystoneclient-0.3.2.78.gbaa9490/keystoneclient/v3/endpoints.py 2013-09-27 07:55:35.000000000 +0200
+++ new/python-keystoneclient-0.4.0/keystoneclient/v3/endpoints.py 2013-10-09 21:46:20.000000000 +0200
@@ -15,6 +15,7 @@
# under the License.
from keystoneclient import base
+from keystoneclient import exceptions
VALID_INTERFACES = ['public', 'admin', 'internal']
@@ -45,7 +46,7 @@
if interface is not None and interface not in VALID_INTERFACES:
msg = '"interface" must be one of: %s'
msg = msg % ', '.join(VALID_INTERFACES)
- raise Exception(msg)
+ raise exceptions.ValidationError(msg)
def create(self, service, url, interface=None, region=None, enabled=True,
**kwargs):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-keystoneclient-0.3.2.78.gbaa9490/python_keystoneclient.egg-info/PKG-INFO new/python-keystoneclient-0.4.0/python_keystoneclient.egg-info/PKG-INFO
--- old/python-keystoneclient-0.3.2.78.gbaa9490/python_keystoneclient.egg-info/PKG-INFO 2013-09-27 07:56:16.000000000 +0200
+++ new/python-keystoneclient-0.4.0/python_keystoneclient.egg-info/PKG-INFO 2013-10-09 21:47:02.000000000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: python-keystoneclient
-Version: 0.3.2.78.gbaa9490
+Version: 0.4.0
Summary: Client Library for OpenStack Identity
Home-page: http://www.openstack.org/
Author: OpenStack
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-keystoneclient-0.3.2.78.gbaa9490/tox.ini new/python-keystoneclient-0.4.0/tox.ini
--- old/python-keystoneclient-0.3.2.78.gbaa9490/tox.ini 2013-09-27 07:55:35.000000000 +0200
+++ new/python-keystoneclient-0.4.0/tox.ini 2013-10-09 21:46:20.000000000 +0200
@@ -27,9 +27,8 @@
downloadcache = ~/cache/pip
[flake8]
-# H202: assertRaises Exception too broad
# F821: undefined name
# H304: no relative imports
-ignore = F821,H202,H304
+ignore = F821,H304
show-source = True
exclude = .venv,.tox,dist,doc,*egg,build
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org