Hello community, here is the log from the commit of package python-keystoneclient for openSUSE:13.1 checked in at 2013-10-01 08:29:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1/python-keystoneclient (Old) and /work/SRC/openSUSE:13.1/.python-keystoneclient.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "python-keystoneclient" Changes: -------- --- /work/SRC/openSUSE:13.1/python-keystoneclient/python-keystoneclient.changes 2013-09-23 11:06:39.000000000 +0200 +++ /work/SRC/openSUSE:13.1/.python-keystoneclient.new/python-keystoneclient.changes 2013-10-01 08:29:38.000000000 +0200 @@ -1,0 +2,230 @@ +Fri Sep 27 15:08:04 UTC 2013 - dmueller@suse.com + +- add 0001-Make-ROOTDIR-determination-more-robust.patch + +------------------------------------------------------------------- +Fri Sep 27 06:32:41 UTC 2013 - dmueller@suse.com + +- Update to version 0.3.2.78: + + Move tests in keystoneclient + + Fix misused assertTrue in unit tests + +------------------------------------------------------------------- +Wed Sep 25 00:10:34 UTC 2013 - opensuse-cloud@opensuse.org + +- Update to version 0.3.2.75: + + Modify keyring tests to test authentication + + Require oslo.config 1.2.0 final + +------------------------------------------------------------------- +Thu Sep 19 23:51:37 UTC 2013 - opensuse-cloud@opensuse.org + +- Update to version 0.3.2.72: + + Allow blank to email in user-update + + Change Babel to a runtime requirement + +------------------------------------------------------------------- +Thu Sep 19 00:37:33 UTC 2013 - opensuse-cloud@opensuse.org + +- Update to version 0.3.2.68: + + Decode the non-english username str to unicode + +------------------------------------------------------------------- +Tue Sep 17 23:57:12 UTC 2013 - opensuse-cloud@opensuse.org + +- Update to version 0.3.2.66: + + Convert tests to HTTPretty and reorganize + +------------------------------------------------------------------- +Tue Sep 17 15:07:22 UTC 2013 - dmueller@suse.com + +- 0001-Add-workaround-for-OSError-raised-by-Popen.communica.patch + +------------------------------------------------------------------- +Tue Sep 17 00:21:17 UTC 2013 - opensuse-cloud@opensuse.org + +- Update to version 0.3.2.64: + + Don't need to init testr explicitly + +------------------------------------------------------------------- +Sat Sep 14 23:49:31 UTC 2013 - opensuse-cloud@opensuse.org + +- Update to version 0.3.2.62: + + Deprecation warning should be 'pending' + +------------------------------------------------------------------- +Sat Sep 14 00:12:03 UTC 2013 - opensuse-cloud@opensuse.org + +- Update to version 0.3.2.60: + + Support client generate literal ipv6 auth_uri base on auth_host + + Replace HttpConnection in auth_token with Requests + + Set example timestamps to 2038-01-18T21:14:07Z + +------------------------------------------------------------------- +Wed Sep 11 00:06:52 UTC 2013 - opensuse-cloud@opensuse.org + +- Update to version 0.3.2.55: + + Allow Hacking 0.7.x or later + +------------------------------------------------------------------- +Wed Sep 4 23:53:25 UTC 2013 - opensuse-cloud@opensuse.org + +- Update to version 0.3.2.53: + + Deprecation warning for the CLI + +------------------------------------------------------------------- +Mon Sep 2 09:59:38 UTC 2013 - dmueller@suse.com + +- update requires + +------------------------------------------------------------------- +Sun Sep 1 00:18:02 UTC 2013 - opensuse-cloud@opensuse.org + +- Update to version 0.3.2.52: + + Remove testcase test_invalid_auth_version_request + + Correct keyword args in test cases + +------------------------------------------------------------------- +Sat Aug 31 00:19:14 UTC 2013 - opensuse-cloud@opensuse.org + +- Update to version 0.3.2.49: + + Replace auth_token middleware tests with httpretty + + Add apiclient.exceptions hierarchy + + Fixing potential NameErrors + + Standardize base.py with novaclient + + Fix and enable gating on F811 + +------------------------------------------------------------------- +Fri Aug 30 15:05:00 UTC 2013 - opensuse-cloud@opensuse.org + +- Update to version 0.3.2.39: + + Fix and enable gating on F841 + + Use OSLO jsonutils instead of json module + + python3: Transition to mox3 instead of mox + + Update oslo.config + + Sync py3kcompat from oslo-incubator + + python3: Use from future import unicode_literals + +------------------------------------------------------------------- +Thu Aug 29 23:48:54 UTC 2013 - opensuse-cloud@opensuse.org + +- Update to version 0.3.2.27: + + Remove duplicate method in AccessInfo + + Fix License Headers and Enable Gating on H102 + + Fix and enable gating on H302: only import modules + +------------------------------------------------------------------- +Wed Aug 28 23:53:06 UTC 2013 - opensuse-cloud@opensuse.org + +- Update to version 0.3.2.21: + + remove the UUID check for userids + + Synchronize code from oslo + +------------------------------------------------------------------- +Tue Aug 27 00:08:18 UTC 2013 - opensuse-cloud@opensuse.org + +- Update to version 0.3.2.18: + + clearer error when authenticate called without auth_url + + Support older token formats for projects in accessinfo + + Use hashed token for invalid PKI token cache key + + Add domain attributes to accessinfo + +------------------------------------------------------------------- +Sun Aug 25 00:08:13 UTC 2013 - opensuse-cloud@opensuse.org + +- Update to version 0.3.2.10: + + Move flake8 option from run_tests.sh to tox.ini + +------------------------------------------------------------------- +Fri Aug 23 23:55:11 UTC 2013 - opensuse-cloud@opensuse.org + +- Update to version 0.3.2.8: + + Extract test token data from auth_token middleware + + Allow configure the number of http retries + + Add importutils and strutils from oslo + + Move all opens in auth_token to be in context + + Add unittests for exceptions.EmptyCatalog + +------------------------------------------------------------------- +Thu Aug 22 23:45:16 UTC 2013 - opensuse-cloud@opensuse.org + +- Update to version 0.3.1.77: + + Restore client.py for backward compatibility + + Initial Trusts support + +------------------------------------------------------------------- +Wed Aug 21 00:15:55 UTC 2013 - opensuse-cloud@opensuse.org + +- Update to version 0.3.1.73: + + Make auth_token middleware fetching respect prefix + +------------------------------------------------------------------- +Sat Aug 17 00:02:38 UTC 2013 - opensuse-cloud@opensuse.org + +- Update to version 0.3.1.72: + + Adds support for passing extra tenant attributes to keystone + + Fix and enable Gating on H404 + + Fix a typo in fetch_revocation_list + +------------------------------------------------------------------- +Fri Aug 16 00:10:26 UTC 2013 - opensuse-cloud@opensuse.org + +- Update to version 0.3.1.67: + + Fixes files with wrong bitmode + + Don't cache tokens as invalid on network errors + +------------------------------------------------------------------- +Thu Aug 15 00:01:38 UTC 2013 - opensuse-cloud@opensuse.org + +- Update to version 0.3.1.63: + + python3: Add basic compatibility support + + Extract basic request call + + Add a get_data function to Service Catalog + + Refactor verify signing dir logic + +------------------------------------------------------------------- +Tue Aug 13 23:42:21 UTC 2013 - opensuse-cloud@opensuse.org + +- Update to version 0.3.1.55: + + flake8: enable H201, H202, H802 + + Rename client.py to httpclient.py + +------------------------------------------------------------------- +Mon Aug 12 23:56:26 UTC 2013 - opensuse-cloud@opensuse.org + +- Update to version 0.3.1.52: + + Use flake8 in run_tests.sh and updated ignore flake8 rules with tox.ini + ++++ 33 more lines (skipped) ++++ between /work/SRC/openSUSE:13.1/python-keystoneclient/python-keystoneclient.changes ++++ and /work/SRC/openSUSE:13.1/.python-keystoneclient.new/python-keystoneclient.changes New: ---- 0001-Add-workaround-for-OSError-raised-by-Popen.communica.patch 0001-Make-ROOTDIR-determination-more-robust.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-keystoneclient.spec ++++++ --- /var/tmp/diff_new_pack.tRUzim/_old 2013-10-01 08:29:38.000000000 +0200 +++ /var/tmp/diff_new_pack.tRUzim/_new 2013-10-01 08:29:38.000000000 +0200 @@ -19,7 +19,7 @@ %define component keystoneclient Name: python-%{component} -Version: 0.3.1.15 +Version: 0.3.2.78 Release: 0 Summary: Openstack Identity (Keystone) API Client License: Apache-2.0 @@ -27,12 +27,11 @@ Url: http://launchpad.net/python-keystoneclient Source: python-keystoneclient-master.tar.gz Source2: openstack-keystone.sh -# PATCH-FIX-UPSTREAM speilicke@suse.com -- Backport of https://review.openstack.org/#/c/35103/ -Patch0: 0001-Use-ServiceCatalog.factory-the-object-has-no-__init_.patch +Patch0: 0001-Add-workaround-for-OSError-raised-by-Popen.communica.patch +Patch1: 0001-Make-ROOTDIR-determination-more-robust.patch BuildRequires: fdupes BuildRequires: openstack-suse-macros BuildRequires: python-base -BuildRequires: python-d2to1 BuildRequires: python-distribute BuildRequires: python-pbr # Packages below are only needed for documentation build @@ -43,13 +42,14 @@ BuildRequires: python-iso8601 >= 0.1.4 BuildRequires: python-requests >= 0.8.8 Requires: python >= 2.6.8 +Requires: python-Babel >= 0.9.6 Requires: python-PrettyTable >= 0.6 -Requires: python-d2to1 >= 0.2.10 Requires: python-iso8601 >= 0.1.4 -Requires: python-oslo.config >= 1.1.0 -Requires: python-pbr >= 0.5 -Requires: python-requests >= 0.8.8 -Requires: python-simplejson +Requires: python-netaddr +Requires: python-oslo.config >= 1.2.0a3 +Requires: python-pbr >= 0.5.21 +Requires: python-requests >= 1.1 +Requires: python-simplejson >= 2.0.9 Requires: python-six Recommends: python-keyring BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -80,28 +80,29 @@ Summary: Openstack Identity (Keystone) API Client - Testsuite Group: System/Management Requires: %{name} = %{version} -Requires: python-WebOb >= 1.0.8 -Requires: python-coverage -Requires: python-fixtures +Requires: python-WebOb >= 1.2.3 +Requires: python-coverage >= 3.6 +Requires: python-discover +Requires: python-fixtures >= 0.3.12 Requires: python-flake8 >= 2.0 -Requires: python-hacking >= 0.5.3 -Requires: python-mock -Requires: python-mox +Requires: python-hacking >= 0.5.6 +Requires: python-httpretty >= 0.6.3 +Requires: python-mock >= 0.8.0 +Requires: python-mox3 >= 0.7.0 Requires: python-pep8 >= 1.4.5 -Requires: python-pycrypto +Requires: python-pycrypto >= 2.6 Requires: python-pyflakes >= 0.7.2 -Requires: python-testrepository >= 0.0.13 -Requires: python-testtools >= 0.9.22 +Requires: python-testrepository >= 0.0.17 +Requires: python-testtools >= 0.9.32 %description test This package contains testsuite files for %{name}. %prep -%setup -q -n python-keystoneclient-0.3.1.15.gf74019c +%setup -q -n python-keystoneclient-0.3.2.78.gbaa9490 %patch0 -p1 +%patch1 -p1 %openstack_cleanup_prep -# Fix example PKI certs location for testsuite: -sed -i "s|python-keystoneclient/examples|python-keystoneclient-test/examples|" tests/test_auth_token_middleware.py %build python setup.py build @@ -110,7 +111,7 @@ %install python setup.py install --prefix=%{_prefix} --root=%{buildroot} --install-data=%{python_sitelib} -rm -rf doc/build/html/{.buildinfo,.doctrees} +rm doc/build/html/.buildinfo %fdupes doc ### bash-completion ++++++ 0001-Add-workaround-for-OSError-raised-by-Popen.communica.patch ++++++
From 52c34736056bf13f51c9a167fb29214a300c41f2 Mon Sep 17 00:00:00 2001 From: Dirk Mueller
Date: Thu, 20 Jun 2013 18:49:26 +0200 Subject: [PATCH] Add workaround for OSError raised by Popen.communicate()
Python 2.6 can raise OSError when too much data is written to STDIN and the process died prematurely. In the case of keystoneclient this happens during the first cms_verify() call of a process. The calling logic expects a useful error message in order to refetches CA or singing CERT, which is missing in the case of an OSError. So just fake it instead. Add basic unit tests to cover all of the public methods from keystone.common.cms, raising test coverage to 77%. Add unit test for this specific bug (test_cms_verify_token_no_oserror). Change-Id: I6e650ab9494c605b4e41c78c87a9505e09d5fc29 --- keystoneclient/common/cms.py | 42 +++++++++++-- keystoneclient/tests/client_fixtures.py | 14 ++++- keystoneclient/tests/test_auth_token_middleware.py | 73 ++++++++++++++++++++++ 3 files changed, 122 insertions(+), 7 deletions(-) diff --git a/keystoneclient/common/cms.py b/keystoneclient/common/cms.py index 8bc24f9..d6a1753 100644 --- a/keystoneclient/common/cms.py +++ b/keystoneclient/common/cms.py @@ -38,6 +38,36 @@ def _ensure_subprocess(): import subprocess # noqa +def _fake_openssl_error(files): + err = 'Error while writing to pipe.' + try: + for try_file in files: + with open(try_file, 'r'): + pass + except IOError as e: + err = ("Hit OSError while launching openssl. " + "Likely due to %s: %s") % (try_file, e.strerror) + + return err + + +def _process_communicate_check_oserror(process, text, files): + """Wrapper around process.communicate that checks for OSError.""" + + try: + output, err = process.communicate(text) + except OSError: + # this shouldn't happen, but does when Python is old + # http://bugs.python.org/issue10963 + output = "" + err = _fake_openssl_error(files) + retcode = -1 + else: + retcode = process.poll() + + return output, err, retcode + + def cms_verify(formatted, signing_cert_file_name, ca_file_name): """Verifies the signature of the contents IAW CMS syntax. @@ -53,8 +83,10 @@ def cms_verify(formatted, signing_cert_file_name, ca_file_name): stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) - output, err = process.communicate(formatted) - retcode = process.poll() + + output, err, retcode = _process_communicate_check_oserror( + process, formatted, (signing_cert_file_name, ca_file_name)) + if retcode: # Do not log errors, as some happen in the positive thread # instead, catch them in the calling code and log them there. @@ -150,8 +182,10 @@ def cms_sign_text(text, signing_cert_file_name, signing_key_file_name): stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) - output, err = process.communicate(text) - retcode = process.poll() + + output, err, retcode = _process_communicate_check_oserror( + process, text, (signing_cert_file_name, signing_key_file_name)) + if retcode or "Error" in err: LOG.error('Signing error: %s' % err) raise subprocess.CalledProcessError(retcode, "openssl") diff --git a/keystoneclient/tests/client_fixtures.py b/keystoneclient/tests/client_fixtures.py index dd1c95f..c17db42 100644 --- a/keystoneclient/tests/client_fixtures.py +++ b/keystoneclient/tests/client_fixtures.py @@ -26,7 +26,7 @@ CLIENTDIR = os.path.dirname(os.path.dirname(os.path.realpath(__file__))) ROOTDIR = os.path.dirname(CLIENTDIR) CERTDIR = os.path.join(ROOTDIR, 'examples', 'pki', 'certs') CMSDIR = os.path.join(ROOTDIR, 'examples', 'pki', 'cms') - +KEYDIR = os.path.join(ROOTDIR, 'examples', 'pki', 'private') # @TODO(mordred) This should become a testresources resource attached to the # class @@ -49,9 +49,17 @@ with open(os.path.join(CMSDIR, 'revocation_list.json')) as f: REVOCATION_LIST = jsonutils.loads(f.read()) with open(os.path.join(CMSDIR, 'revocation_list.pem')) as f: SIGNED_REVOCATION_LIST = jsonutils.dumps({'signed': f.read()}) -with open(os.path.join(CERTDIR, 'signing_cert.pem')) as f: + +SIGNING_CERT_FILE = os.path.join(CERTDIR, 'signing_cert.pem') +with open(SIGNING_CERT_FILE) as f: SIGNING_CERT = f.read() -with open(os.path.join(CERTDIR, 'cacert.pem')) as f: + +SIGNING_KEY_FILE = os.path.join(KEYDIR, 'signing_key.pem') +with open(SIGNING_KEY_FILE) as f: + SIGNING_KEY = f.read() + +SIGNING_CA_FILE = os.path.join(CERTDIR, 'cacert.pem') +with open(SIGNING_CA_FILE) as f: SIGNING_CA = f.read() UUID_TOKEN_DEFAULT = "ec6c0710ec2f471498484c1b53ab4f9d" diff --git a/keystoneclient/tests/test_auth_token_middleware.py b/keystoneclient/tests/test_auth_token_middleware.py index 06e7609..98271d6 100644 --- a/keystoneclient/tests/test_auth_token_middleware.py +++ b/keystoneclient/tests/test_auth_token_middleware.py @@ -19,6 +19,7 @@ import iso8601 import os import shutil import stat +import subprocess import sys import tempfile import testtools @@ -1218,3 +1219,75 @@ class TokenEncodingTest(testtools.TestCase): def test_quoted_token(self): self.assertEqual('foo%20bar', auth_token.safe_quote('foo%20bar')) + + +class CmsTest(testtools.TestCase): + + """Unit tests for the keystoneclient.common.cms module.""" + + def test_token_to_cms_to_token(self): + with open(os.path.join(client_fixtures.CMSDIR, + 'auth_token_scoped.pem')) as f: + AUTH_TOKEN_SCOPED_CMS = f.read() + + self.assertEqual(cms.token_to_cms(client_fixtures.SIGNED_TOKEN_SCOPED), + AUTH_TOKEN_SCOPED_CMS) + + tok = cms.cms_to_token(cms.token_to_cms( + client_fixtures.SIGNED_TOKEN_SCOPED)) + self.assertEqual(tok, client_fixtures.SIGNED_TOKEN_SCOPED) + + def test_ans1_token(self): + self.assertTrue(cms.is_ans1_token(client_fixtures.SIGNED_TOKEN_SCOPED)) + self.assertFalse(cms.is_ans1_token('FOOBAR')) + + def test_cms_sign_token_no_files(self): + self.assertRaises(subprocess.CalledProcessError, + cms.cms_sign_token, + client_fixtures.SIGNED_TOKEN_SCOPED, + '/no/such/file', '/no/such/key') + + def test_cms_sign_token_success(self): + self.assertTrue( + cms.cms_sign_token(client_fixtures.SIGNED_TOKEN_SCOPED, + client_fixtures.SIGNING_CERT_FILE, + client_fixtures.SIGNING_KEY_FILE)) + + def test_cms_verify_token_no_files(self): + self.assertRaises(subprocess.CalledProcessError, + cms.cms_verify, + client_fixtures.SIGNED_TOKEN_SCOPED, + '/no/such/file', '/no/such/key') + + def test_cms_verify_token_no_oserror(self): + try: + cms.cms_verify("x" * 2 ** 17, '/no/such/file', '/no/such/key') + except subprocess.CalledProcessError as e: + self.assertTrue('/no/such/file' in e.output) + else: + raise + + def test_cms_verify_token_scoped(self): + cms_content = cms.token_to_cms(client_fixtures.SIGNED_TOKEN_SCOPED) + self.assertTrue(cms.cms_verify(cms_content, + client_fixtures.SIGNING_CERT_FILE, + client_fixtures.SIGNING_CA_FILE)) + + def test_cms_verify_token_scoped_expired(self): + cms_content = cms.token_to_cms( + client_fixtures.SIGNED_TOKEN_SCOPED_EXPIRED) + self.assertTrue(cms.cms_verify(cms_content, + client_fixtures.SIGNING_CERT_FILE, + client_fixtures.SIGNING_CA_FILE)) + + def test_cms_verify_token_unscoped(self): + cms_content = cms.token_to_cms(client_fixtures.SIGNED_TOKEN_UNSCOPED) + self.assertTrue(cms.cms_verify(cms_content, + client_fixtures.SIGNING_CERT_FILE, + client_fixtures.SIGNING_CA_FILE)) + + def test_cms_verify_token_v3_scoped(self): + cms_content = cms.token_to_cms(client_fixtures.SIGNED_v3_TOKEN_SCOPED) + self.assertTrue(cms.cms_verify(cms_content, + client_fixtures.SIGNING_CERT_FILE, + client_fixtures.SIGNING_CA_FILE)) -- 1.8.4 ++++++ 0001-Make-ROOTDIR-determination-more-robust.patch ++++++
From 9a82a5ac543ea4af957602d171e1492e637133d2 Mon Sep 17 00:00:00 2001 From: Dirk Mueller
Date: Fri, 27 Sep 2013 17:00:19 +0200 Subject: [PATCH] Make ROOTDIR determination more robust
This change is needed when keystone/ is a symlink and etc is in a different directory hierarchy. Change-Id: Ice9165ef25ec0200ccfb50c2f2f3121a136652a2 --- keystoneclient/tests/client_fixtures.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Index: python-keystoneclient-0.3.2.78.gbaa9490/keystoneclient/tests/client_fixtures.py =================================================================== --- python-keystoneclient-0.3.2.78.gbaa9490.orig/keystoneclient/tests/client_fixtures.py +++ python-keystoneclient-0.3.2.78.gbaa9490/keystoneclient/tests/client_fixtures.py @@ -22,8 +22,8 @@ from keystoneclient.openstack.common imp from keystoneclient import utils -CLIENTDIR = os.path.dirname(os.path.dirname(os.path.realpath(__file__))) -ROOTDIR = os.path.dirname(CLIENTDIR) +ROOTDIR = os.path.normpath(os.path.join( + os.path.dirname(os.path.abspath(__file__)), "../..")) CERTDIR = os.path.join(ROOTDIR, 'examples', 'pki', 'certs') CMSDIR = os.path.join(ROOTDIR, 'examples', 'pki', 'cms') KEYDIR = os.path.join(ROOTDIR, 'examples', 'pki', 'private') ++++++ python-keystoneclient-master.tar.gz ++++++ ++++ 24973 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org