commit openstack-keystone for openSUSE:Factory
![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community, here is the log from the commit of package openstack-keystone for openSUSE:Factory checked in at 2013-01-20 08:09:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openstack-keystone (Old) and /work/SRC/openSUSE:Factory/.openstack-keystone.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "openstack-keystone", Maintainer is "radmanic@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/openstack-keystone/openstack-keystone.changes 2013-01-17 15:14:51.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.openstack-keystone.new/openstack-keystone.changes 2013-01-20 08:09:11.000000000 +0100 @@ -1,0 +2,12 @@ +Fri Jan 11 15:39:23 UTC 2013 - iartarisi@suse.com + +- revert %setup to also unpack hybrid backend tarball + +------------------------------------------------------------------- +Fri Jan 11 15:12:13 UTC 2013 - iartarisi@suse.com + +- update and re-enable backend hybrid code: + * use sample config for testing + * raise errors in user retrieval code instead of returning None + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openstack-keystone.spec ++++++ --- /var/tmp/diff_new_pack.dWADvV/_old 2013-01-20 08:09:12.000000000 +0100 +++ /var/tmp/diff_new_pack.dWADvV/_new 2013-01-20 08:09:12.000000000 +0100 @@ -136,7 +136,8 @@ functionality of OpenStack Keystone. %prep -%setup -q -n keystone-2012.2.3 +# unpack the backend hybrid in addition to the main keyston source +%setup -q -T -D -b0 -a6 -n keystone-2012.2.3 %patch1 -p1 %patch2 -p1 %patch3 -p1 @@ -187,11 +188,10 @@ install -D %{SOURCE5} %{buildroot}%{_localstatedir}/lib/keystone/wsgi/main.wsgi ### Keystone hybrid identity backend -#TODO: Fix -#install -D -m 644 %{hybrid}/hybrid.py %{buildroot}%{python_sitelib}/keystone/identity/backends/ -#install -m 644 %{hybrid}/hybrid_config.py %{buildroot}%{python_sitelib}/keystone/identity/backends/ -#install -D -m 644 %{hybrid}/test_backend_hybrid.py %{buildroot}%{_localstatedir}/lib/openstack-keystone-test/tests/ -#install -D -m 644 %{hybrid}/backend_hybrid.conf %{buildroot}%{_localstatedir}/lib/openstack-keystone-test/tests/ +install -D -m 644 %{hybrid}/hybrid.py %{buildroot}%{python_sitelib}/keystone/identity/backends/ +install -m 644 %{hybrid}/hybrid_config.py %{buildroot}%{python_sitelib}/keystone/identity/backends/ +install -D -m 644 %{hybrid}/test_backend_hybrid.py %{buildroot}%{_localstatedir}/lib/openstack-keystone-test/tests/ +install -D -m 644 %{hybrid}/backend_hybrid.conf %{buildroot}%{_localstatedir}/lib/openstack-keystone-test/tests/ %pre getent group %{groupname} >/dev/null || groupadd -r %{groupname} ++++++ keystone-hybrid-backend-folsom.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystone-hybrid-backend-folsom/README.md new/keystone-hybrid-backend-folsom/README.md --- old/keystone-hybrid-backend-folsom/README.md 2012-11-20 16:07:21.000000000 +0100 +++ new/keystone-hybrid-backend-folsom/README.md 2012-11-21 12:28:56.000000000 +0100 @@ -1,4 +1,21 @@ keystone-hybrid-backend ======================= -hybrid SQL + LDAP backend for openstack keystone \ No newline at end of file +hybrid SQL + LDAP backend for openstack keystone + +Note: the hybrid backend currently relies on a new configuration option for determining the LDAP scope of the user query: + +```diff +diff -ruN a/keystone/config.py b/keystone/config.py +--- a/keystone/config.py 2012-11-08 13:02:07.000000000 +0100 ++++ b/keystone/config.py 2012-11-08 13:11:06.000000000 +0100 +@@ -163,7 +163,7 @@ + register_str('suffix', group='ldap', default='cn=example,cn=com') + register_bool('use_dumb_member', group='ldap', default=False) + register_str('user_name_attribute', group='ldap', default='sn') +- ++register_int('user_search_scope', group='ldap', default=1) + + register_str('user_tree_dn', group='ldap', default=None) + register_str('user_objectclass', group='ldap', default='inetOrgPerson') +``` \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystone-hybrid-backend-folsom/backend_hybrid.conf new/keystone-hybrid-backend-folsom/backend_hybrid.conf --- old/keystone-hybrid-backend-folsom/backend_hybrid.conf 1970-01-01 01:00:00.000000000 +0100 +++ new/keystone-hybrid-backend-folsom/backend_hybrid.conf 2012-11-20 17:01:31.000000000 +0100 @@ -0,0 +1,13 @@ +[sql] +connection = sqlite:///test.db +idle_timeout = 200 + +[ldap] +url = fake://memory +user = cn=Admin +password = password +backend_entities = ['Tenant', 'User', 'UserRoleAssociation', 'Role'] +tree_dn = cn=example,cn=com + +[identity] +driver = keystone.identity.backends.hybrid.Identity diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystone-hybrid-backend-folsom/config.py new/keystone-hybrid-backend-folsom/config.py --- old/keystone-hybrid-backend-folsom/config.py 2012-11-20 16:07:21.000000000 +0100 +++ new/keystone-hybrid-backend-folsom/config.py 1970-01-01 01:00:00.000000000 +0100 @@ -1,183 +0,0 @@ -# vim: tabstop=4 shiftwidth=4 softtabstop=4 - -# Copyright 2012 OpenStack LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import gettext -import sys -import os - -from keystone.common import logging -from keystone.openstack.common import cfg - - -gettext.install('keystone', unicode=1) - - -class ConfigMixin(object): - def __call__(self, config_files=None, *args, **kw): - if config_files is not None: - self._opts['config_file']['opt'].default = config_files - kw.setdefault('args', []) - return super(ConfigMixin, self).__call__(*args, **kw) - - def set_usage(self, usage): - self.usage = usage - self._oparser.usage = usage - - -class Config(ConfigMixin, cfg.ConfigOpts): - pass - - -class CommonConfig(ConfigMixin, cfg.CommonConfigOpts): - pass - - -def setup_logging(conf): - """ - Sets up the logging options for a log with supplied name - - :param conf: a cfg.ConfOpts object - """ - - if conf.log_config: - # Use a logging configuration file for all settings... - if os.path.exists(conf.log_config): - logging.config.fileConfig(conf.log_config) - return - else: - raise RuntimeError('Unable to locate specified logging ' - 'config file: %s' % conf.log_config) - - root_logger = logging.root - if conf.debug: - root_logger.setLevel(logging.DEBUG) - elif conf.verbose: - root_logger.setLevel(logging.INFO) - else: - root_logger.setLevel(logging.WARNING) - - formatter = logging.Formatter(conf.log_format, conf.log_date_format) - - if conf.use_syslog: - try: - facility = getattr(logging.SysLogHandler, - conf.syslog_log_facility) - except AttributeError: - raise ValueError(_('Invalid syslog facility')) - - handler = logging.SysLogHandler(address='/dev/log', - facility=facility) - elif conf.log_file: - logfile = conf.log_file - if conf.log_dir: - logfile = os.path.join(conf.log_dir, logfile) - handler = logging.WatchedFileHandler(logfile) - else: - handler = logging.StreamHandler(sys.stdout) - - handler.setFormatter(formatter) - root_logger.addHandler(handler) - - -def register_str(*args, **kw): - conf = kw.pop('conf', CONF) - group = _ensure_group(kw, conf) - return conf.register_opt(cfg.StrOpt(*args, **kw), group=group) - - -def register_cli_str(*args, **kw): - conf = kw.pop('conf', CONF) - group = _ensure_group(kw, conf) - return conf.register_cli_opt(cfg.StrOpt(*args, **kw), group=group) - - -def register_bool(*args, **kw): - conf = kw.pop('conf', CONF) - group = _ensure_group(kw, conf) - return conf.register_opt(cfg.BoolOpt(*args, **kw), group=group) - - -def register_cli_bool(*args, **kw): - conf = kw.pop('conf', CONF) - group = _ensure_group(kw, conf) - return conf.register_cli_opt(cfg.BoolOpt(*args, **kw), group=group) - - -def register_int(*args, **kw): - conf = kw.pop('conf', CONF) - group = _ensure_group(kw, conf) - return conf.register_opt(cfg.IntOpt(*args, **kw), group=group) - - -def register_cli_int(*args, **kw): - conf = kw.pop('conf', CONF) - group = _ensure_group(kw, conf) - return conf.register_cli_opt(cfg.IntOpt(*args, **kw), group=group) - - -def _ensure_group(kw, conf): - group = kw.pop('group', None) - if group: - conf.register_group(cfg.OptGroup(name=group)) - return group - - -CONF = CommonConfig(project='keystone') - - -register_str('admin_token', default='ADMIN') -register_str('bind_host', default='0.0.0.0') -register_str('compute_port') -register_str('admin_port') -register_str('public_port') - - -# sql options -register_str('connection', group='sql') -register_int('idle_timeout', group='sql') - - -register_str('driver', group='catalog') -register_str('driver', group='identity') -register_str('driver', group='policy') -register_str('driver', group='token') -register_str('driver', group='ec2') - - -#ldap -register_str('url', group='ldap') -register_str('user', group='ldap') -register_str('password', group='ldap') -register_str('suffix', group='ldap') -register_bool('use_dumb_member', group='ldap') - -register_str('user_tree_dn', group='ldap') -register_str('user_objectclass', group='ldap') -register_str('user_id_attribute', group='ldap') -register_str('user_name_attribute', group='ldap', default='sn') -register_int('user_search_scope', group='ldap', default=1) - -register_str('tenant_tree_dn', group='ldap') -register_str('tenant_objectclass', group='ldap') -register_str('tenant_id_attribute', group='ldap') -register_str('tenant_member_attribute', group='ldap') -register_str('tenant_name_attribute', group='ldap', default='ou') - - -register_str('role_tree_dn', group='ldap') -register_str('role_objectclass', group='ldap') -register_str('role_id_attribute', group='ldap') -register_str('role_member_attribute', group='ldap') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystone-hybrid-backend-folsom/hybrid.py new/keystone-hybrid-backend-folsom/hybrid.py --- old/keystone-hybrid-backend-folsom/hybrid.py 2012-11-20 16:07:21.000000000 +0100 +++ new/keystone-hybrid-backend-folsom/hybrid.py 2013-01-11 16:00:48.000000000 +0100 @@ -52,7 +52,10 @@ in the list of tenants on the user. """ - user_ref = self._get_user(user_id) + try: + user_ref = self._get_user(user_id) + except exception.UserNotFound: + raise AssertionError('Invalid user / password') # if the user_ref has a password, it's from the SQL backend and # we can just check if it coincides with the one we got @@ -71,11 +74,16 @@ if tenant_id and tenant_id not in tenants: raise AssertionError('Invalid tenant') - tenant_ref = self.get_tenant(tenant_id) - if tenant_ref: + try: + tenant_ref = self.get_tenant(tenant_id) + # if the tenant was not found, then there will be no metadata either metadata_ref = self.get_metadata(user_id, tenant_id) - else: + except exception.TenantNotFound: + tenant_ref = None + metadata_ref = {} + except exception.MetadataNotFound: metadata_ref = {} + return (_filter_user(user_ref), tenant_ref, metadata_ref) def _get_user(self, user_id): @@ -91,15 +99,13 @@ try: users = conn.search_s(self.user_dn, ldap.SCOPE_BASE, query) except (AttributeError, ldap.NO_SUCH_OBJECT): - return None + raise exception.UserNotFound(user_id=user_id) if users: return self.user._ldap_res_to_model(users[0]) def get_user(self, user_id): user_ref = self._get_user(user_id) - if not user_ref: - return None return _filter_user(user_ref) def get_user_by_name(self, user_name): @@ -121,10 +127,10 @@ config.CONF.ldap.user_search_scope, query) except ldap.NO_SUCH_OBJECT: - return None + raise exception.UserNotFound(user_id=user_name) if not users: - return None + raise exception.UserNotFound(user_id=user_name) user_ref = self.user._ldap_res_to_model(users[0]) @@ -134,5 +140,6 @@ return _filter_user(user_ref) def get_tenants_for_user(self, user_id): + self.get_user(user_id) session = self.get_session() return tenants_for_user(session, user_id) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystone-hybrid-backend-folsom/test_backend_hybrid.py new/keystone-hybrid-backend-folsom/test_backend_hybrid.py --- old/keystone-hybrid-backend-folsom/test_backend_hybrid.py 2012-11-20 16:07:21.000000000 +0100 +++ new/keystone-hybrid-backend-folsom/test_backend_hybrid.py 2013-01-11 16:00:48.000000000 +0100 @@ -35,7 +35,7 @@ class HybridIdentity(test.TestCase, test_backend.IdentityTests): def setUp(self): super(HybridIdentity, self).setUp() - self.config([test.etcdir('keystone.conf'), + self.config([test.etcdir('keystone.conf.sample'), test.testsdir('test_overrides.conf'), test.testsdir('backend_hybrid.conf')]) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@hilbert.suse.de