Hello community, here is the log from the commit of package openstack-keystone for openSUSE:Factory checked in at 2013-02-08 07:12:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openstack-keystone (Old) and /work/SRC/openSUSE:Factory/.openstack-keystone.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openstack-keystone", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/openstack-keystone/openstack-keystone.changes 2013-01-20 08:09:11.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.openstack-keystone.new/openstack-keystone.changes 2013-02-08 07:13:00.000000000 +0100 @@ -0,0 +1,21 @@ +-------------------------------------------------------------------- +Wed Feb 6 06:58:41 UTC 2013 - [email protected] + +- Update to version 2012.2.4+git.1360133921.82c87e5: + + Bump version to 2012.2.4 + + Add size validations for /tokens. (CVE-2013-0247) + +-------------------------------------------------------------------- +Wed Jan 30 12:54:45 UTC 2013 - [email protected] + +- Update to version 2012.2.3+git.1359550485.ec7b94d: + + Test 0.2.0 keystoneclient to avoid new deps + + Unparseable endpoint URL's should raise friendly error + + Fix catalog when services have no URL + + Render content-type appropriate 404 (bug 1089987) + +------------------------------------------------------------------- +Wed Jan 30 12:07:49 UTC 2013 - [email protected] + +- fix last commit's hash tag in Version + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openstack-keystone-doc.spec ++++++ --- /var/tmp/diff_new_pack.dzKXWF/_old 2013-02-08 07:13:02.000000000 +0100 +++ /var/tmp/diff_new_pack.dzKXWF/_new 2013-02-08 07:13:02.000000000 +0100 @@ -19,7 +19,7 @@ %define component keystone Name: openstack-%{component}-doc -Version: 2012.2.3+git.1355917214.0c8c2a3 +Version: 2012.2.4+git.1360133921.82c87e5 Release: 0 License: Apache-2.0 Summary: OpenStack Identity Service (Keystone) - Documentation @@ -40,7 +40,7 @@ This package contains documentation files for openstack-keystone. %prep -%setup -q -n keystone-2012.2.3 +%setup -q -n keystone-2012.2.4 %openstack_cleanup_prep %build ++++++ openstack-keystone.spec ++++++ --- /var/tmp/diff_new_pack.dzKXWF/_old 2013-02-08 07:13:02.000000000 +0100 +++ /var/tmp/diff_new_pack.dzKXWF/_new 2013-02-08 07:13:02.000000000 +0100 @@ -23,7 +23,7 @@ %define hybrid keystone-hybrid-backend-folsom Name: openstack-%{component} -Version: 2012.2.3+git.1355917214.0c8c2a3 +Version: 2012.2.4+git.1360133921.82c87e5 Release: 0 License: Apache-2.0 Summary: OpenStack Identity Service (Keystone) @@ -137,7 +137,7 @@ %prep # unpack the backend hybrid in addition to the main keyston source -%setup -q -T -D -b0 -a6 -n keystone-2012.2.3 +%setup -q -T -D -b0 -a6 -n keystone-2012.2.4 %patch1 -p1 %patch2 -p1 %patch3 -p1 ++++++ keystone-hybrid-backend-folsom.tar.gz ++++++ ++++++ keystone-stable-folsom.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystone-2012.2.3/AUTHORS new/keystone-2012.2.4/AUTHORS --- old/keystone-2012.2.3/AUTHORS 2012-12-18 00:28:21.000000000 +0100 +++ new/keystone-2012.2.4/AUTHORS 2013-02-05 17:24:46.000000000 +0100 @@ -64,6 +64,7 @@ Joseph W. Breu <[email protected]> Josh Kearney <[email protected]> Julien Danjou <[email protected]> +Julien Danjou <[email protected]> Justin Santa Barbara <[email protected]> Justin Shepherd <[email protected]> Ken Thomas <[email protected]> @@ -83,7 +84,6 @@ Mohammed Naser <[email protected]> monsterxx03 <[email protected]> Monty Taylor <[email protected]> -OpenStack Jenkins <[email protected]> Pádraig Brady <[email protected]> Pádraig Brady <[email protected]> Paul McMillan <[email protected]> @@ -110,6 +110,7 @@ sirish bitra <[email protected]> Sirish Bitra <[email protected]> Sony K. Philip <[email protected]> +Stef T <[email protected]> Syed Armani <[email protected]> termie <[email protected]> Thierry Carrez <[email protected]> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystone-2012.2.3/ChangeLog new/keystone-2012.2.4/ChangeLog --- old/keystone-2012.2.3/ChangeLog 2012-12-18 00:28:21.000000000 +0100 +++ new/keystone-2012.2.4/ChangeLog 2013-02-05 17:24:46.000000000 +0100 @@ -1,9 +1,137 @@ -commit 0c8c2a3aff17a5c22bc7504c3087714c0c40d363 +commit 82c87e5638ebaf9f166a9b07a0155291276d6fdc +Merge: b3bd5fd bb2226f +Author: Jenkins <[email protected]> +Date: Tue Feb 5 16:17:24 2013 +0000 + + Merge "Add size validations for /tokens." into stable/folsom + +commit b3bd5fdc952a436171173edabd9d20353d8027cc +Author: Mark McLoughlin <[email protected]> +Date: Thu Jan 31 21:33:22 2013 +0000 + + Bump version to 2012.2.4 + + Change-Id: I9dab1dc62e41cdb4143a3c8083e65c4b13a22eb4 + + setup.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit bb2226f944aaa38beb7fc08ce0a78796e51e2680 +Author: Dan Prince <[email protected]> +Date: Thu Jan 10 15:31:28 2013 -0500 + + Add size validations for /tokens. + + Updates /tokens controller so that it explicitly checks the max + size of userId, username, tenantId, tenantname, token, and password + before continuing with a request. + + Previously, when used with the SQL keystone backend an unauthenticated + user could send in *really* large requests which would ultimately + log large SQL exceptions and could thus fill up keystone logs on the + disk. + + Change-Id: I0904d307bf79a3bf851ac052c11101f8380a12a7 + + keystone/config.py | 3 ++ + keystone/exception.py | 13 +++++++++ + keystone/service.py | 27 ++++++++++++++++++ + tests/test_service.py | 75 +++++++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 118 insertions(+) + +commit ec7b94d2ef008b716f4cc3d7c1fc7e8150858eeb +Author: Dolph Mathews <[email protected]> +Date: Thu Dec 13 10:01:21 2012 -0600 + + Render content-type appropriate 404 (bug 1089987) + + Change-Id: I8d6acdaa7f8220341bca15cc4acba807910f6891 + + keystone/common/wsgi.py | 3 ++- + tests/test_content_types.py | 12 ++++++++++++ + 2 files changed, 14 insertions(+), 1 deletion(-) + +commit f75b0e2c398ddca51359198361834303484624e5 +Merge: f197609 70e55f9 +Author: Jenkins <[email protected]> +Date: Sat Jan 5 23:00:02 2013 +0000 + + Merge "Fix catalog when services have no URL" into stable/folsom + +commit f19760993bbdf43b7fc76d6564d41726a5d48132 +Merge: 9e300b7 6c95b73 +Author: Jenkins <[email protected]> +Date: Sat Jan 5 22:59:59 2013 +0000 + + Merge "Unparseable endpoint URL's should raise friendly error" into stable/folsom + +commit 9e300b7ec293120a8a2b9ca6b2c4c73a1fd8da6b +Author: Mark McLoughlin <[email protected]> +Date: Thu Jan 3 17:29:28 2013 +0000 + + Test 0.2.0 keystoneclient to avoid new deps + + As described here: + + http://lists.openstack.org/pipermail/openstack-dev/2013-January/004240.html + + keystone tests check out various different versions of keystoneclient + and uses them to run a set of tests against the keystone API. + + A recent change to keystoneclient in version 0.2.1 introduced a new + dependency on the requests module which is not currently listed as + a dependency for keystone's tests. + + Rather than chasing latest keystoneclient on stable/folsom, let's + just test the 0.2.0 version. + + Change-Id: I730f0d7e227c76ae77fdb012feec9ce41ab8d8d2 + + tests/test_keystoneclient.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 70e55f99e10e1c9d2448e72f469622e2bdf5bea3 +Author: Julien Danjou <[email protected]> +Date: Thu Oct 4 19:24:10 2012 +0200 + + Fix catalog when services have no URL + + This fixes bug #1061736 + + Change-Id: Ic8f7a45dfabb2e3fb40f6aa6cd4c0f29c13f2c77 + Signed-off-by: Julien Danjou <[email protected]> + + keystone/catalog/backends/sql.py | 9 +++----- + keystone/catalog/backends/templated.py | 1 - + keystone/catalog/core.py | 4 +++- + tests/test_backend_sql.py | 38 ++++++++++++++++++++++++++++++++ + 4 files changed, 44 insertions(+), 8 deletions(-) + +commit 6c95b73b196675e0599d78ad2b19c2ca24e7067f +Author: Stef T <[email protected]> +Date: Fri Oct 5 21:18:43 2012 -0400 + + Unparseable endpoint URL's should raise friendly error + + fixes bug #1058494 + + Change-Id: Id89c530e2f4e7dcf0db03515afb8b2a85fbf8077 + + keystone/catalog/backends/sql.py | 12 +++++++----- + keystone/catalog/backends/templated.py | 3 ++- + keystone/catalog/core.py | 22 ++++++++++++++++++++++ + keystone/exception.py | 4 ++++ + tests/test_backend.py | 16 ++++++++++++++++ + tests/test_backend_sql.py | 11 +++++++++++ + tests/test_backend_templated.py | 6 ++++++ + 7 files changed, 68 insertions(+), 6 deletions(-) + +commit ec9c84c497ad7ca802e3bfc52842018b259a3ad9 Merge: c387f84 ec06625 -Author: OpenStack Jenkins <[email protected]> -Date: Mon Dec 17 23:15:56 2012 +0000 +Author: Jenkins <[email protected]> +Date: Mon Dec 17 23:24:06 2012 +0000 - Merge commit 'refs/changes/01/17901/1' of ssh://review.openstack.org:29418/openstack/keystone into stable/folsom + Merge "Ensure serviceCatalog is list when empty, not dict" into stable/folsom commit c387f84db41c325abb09ec547870e7f44e12cd90 Author: Mark McLoughlin <[email protected]> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystone-2012.2.3/PKG-INFO new/keystone-2012.2.4/PKG-INFO --- old/keystone-2012.2.3/PKG-INFO 2012-12-18 00:28:22.000000000 +0100 +++ new/keystone-2012.2.4/PKG-INFO 2013-02-05 17:24:46.000000000 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 1.0 Name: keystone -Version: 2012.2.3 +Version: 2012.2.4 Summary: Authentication service for OpenStack Home-page: http://www.openstack.org Author: OpenStack, LLC. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystone-2012.2.3/keystone/catalog/backends/sql.py new/keystone-2012.2.4/keystone/catalog/backends/sql.py --- old/keystone-2012.2.3/keystone/catalog/backends/sql.py 2012-12-18 00:24:26.000000000 +0100 +++ new/keystone-2012.2.4/keystone/catalog/backends/sql.py 2013-02-05 17:22:07.000000000 +0100 @@ -16,6 +16,7 @@ # under the License. from keystone import catalog +from keystone.catalog import core from keystone.common import sql from keystone.common.sql import migration from keystone import config @@ -155,13 +156,11 @@ catalog[region][srv_type] = {} - internal_url = ep['internalurl'].replace('$(', '%(') - public_url = ep['publicurl'].replace('$(', '%(') - admin_url = ep['adminurl'].replace('$(', '%(') - catalog[region][srv_type]['id'] = ep['id'] - catalog[region][srv_type]['name'] = srv_name - catalog[region][srv_type]['publicURL'] = public_url % d - catalog[region][srv_type]['adminURL'] = admin_url % d - catalog[region][srv_type]['internalURL'] = internal_url % d + srv_type = catalog[region][srv_type] + srv_type['id'] = ep['id'] + srv_type['name'] = srv_name + srv_type['publicURL'] = core.format_url(ep.get('publicurl', ''), d) + srv_type['internalURL'] = core.format_url(ep.get('internalurl'), d) + srv_type['adminURL'] = core.format_url(ep.get('adminurl'), d) return catalog diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystone-2012.2.3/keystone/catalog/backends/templated.py new/keystone-2012.2.4/keystone/catalog/backends/templated.py --- old/keystone-2012.2.3/keystone/catalog/backends/templated.py 2012-12-18 00:24:26.000000000 +0100 +++ new/keystone-2012.2.4/keystone/catalog/backends/templated.py 2013-02-05 17:22:07.000000000 +0100 @@ -17,6 +17,7 @@ import os.path from keystone.catalog.backends import kvs +from keystone.catalog import core from keystone.common import logging from keystone import config @@ -119,7 +120,6 @@ for service, service_ref in region_ref.iteritems(): o[region][service] = {} for k, v in service_ref.iteritems(): - v = v.replace('$(', '%(') - o[region][service][k] = v % d + o[region][service][k] = core.format_url(v, d) return o diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystone-2012.2.3/keystone/catalog/core.py new/keystone-2012.2.4/keystone/catalog/core.py --- old/keystone-2012.2.3/keystone/catalog/core.py 2012-12-18 00:24:26.000000000 +0100 +++ new/keystone-2012.2.4/keystone/catalog/core.py 2013-02-05 17:22:07.000000000 +0100 @@ -19,6 +19,7 @@ import uuid +from keystone.common import logging from keystone.common import manager from keystone.common import wsgi from keystone import config @@ -29,6 +30,29 @@ CONF = config.CONF +LOG = logging.getLogger(__name__) + + +def format_url(url, data): + """Helper Method for all Backend Catalog's to Deal with URLS""" + try: + result = url.replace('$(', '%(') % data + except AttributeError: + return None + except KeyError as e: + LOG.error("Malformed endpoint %s - unknown key %s" % + (url, str(e))) + raise exception.MalformedEndpoint(endpoint=url) + except TypeError as e: + LOG.error("Malformed endpoint %s - type mismatch %s \ + (are you missing brackets ?)" % + (url, str(e))) + raise exception.MalformedEndpoint(endpoint=url) + except ValueError as e: + LOG.error("Malformed endpoint %s - incomplete format \ + (are you missing a type notifier ?)" % url) + raise exception.MalformedEndpoint(endpoint=url) + return result class Manager(manager.Manager): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystone-2012.2.3/keystone/common/wsgi.py new/keystone-2012.2.4/keystone/common/wsgi.py --- old/keystone-2012.2.3/keystone/common/wsgi.py 2012-12-18 00:24:26.000000000 +0100 +++ new/keystone-2012.2.4/keystone/common/wsgi.py 2013-02-05 17:22:07.000000000 +0100 @@ -415,7 +415,8 @@ """ match = req.environ['wsgiorg.routing_args'][1] if not match: - return webob.exc.HTTPNotFound() + return render_exception( + exception.NotFound('The resource could not be found.')) app = match['controller'] return app diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystone-2012.2.3/keystone/config.py new/keystone-2012.2.4/keystone/config.py --- old/keystone-2012.2.3/keystone/config.py 2012-12-18 00:24:26.000000000 +0100 +++ new/keystone-2012.2.4/keystone/config.py 2013-02-05 17:22:07.000000000 +0100 @@ -117,6 +117,9 @@ register_str('public_port', default=5000) register_str('onready') register_str('auth_admin_prefix', default='') +register_int('max_param_size', default=64) +# we allow tokens to be a bit larger to accomidate PKI +register_int('max_token_size', default=8192) #ssl options register_bool('enable', group='ssl', default=False) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystone-2012.2.3/keystone/exception.py new/keystone-2012.2.4/keystone/exception.py --- old/keystone-2012.2.3/keystone/exception.py 2012-12-18 00:24:26.000000000 +0100 +++ new/keystone-2012.2.4/keystone/exception.py 2013-02-05 17:22:07.000000000 +0100 @@ -51,6 +51,19 @@ title = 'Bad Request' +class ValidationSizeError(Error): + """Request attribute %(attribute)s must be less than or equal to %(size)i. + + The server could not comply with the request because the attribute + size is invalid (too large). + + The client is assumed to be in error. + + """ + code = 400 + title = 'Bad Request' + + class Unauthorized(Error): """The request you have made requires authentication.""" code = 401 @@ -123,6 +136,10 @@ title = 'Internal Server Error' +class MalformedEndpoint(UnexpectedError): + """Malformed endpoint URL (see ERROR log for details): %(endpoint)s""" + + class NotImplemented(Error): """The action you have requested has not been implemented.""" code = 501 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystone-2012.2.3/keystone/service.py new/keystone-2012.2.4/keystone/service.py --- old/keystone-2012.2.3/keystone/service.py 2012-12-18 00:24:26.000000000 +0100 +++ new/keystone-2012.2.4/keystone/service.py 2013-02-05 17:22:07.000000000 +0100 @@ -22,6 +22,7 @@ from keystone import catalog from keystone.common import cms from keystone.common import logging +from keystone.common import utils from keystone.common import wsgi from keystone import exception from keystone import identity @@ -31,6 +32,8 @@ LOG = logging.getLogger(__name__) +MAX_PARAM_SIZE = config.CONF.max_param_size +MAX_TOKEN_SIZE = config.CONF.max_token_size class AdminRouter(wsgi.ComposingRouter): @@ -288,9 +291,23 @@ if 'passwordCredentials' in auth: user_id = auth['passwordCredentials'].get('userId', None) + if user_id and len(user_id) > MAX_PARAM_SIZE: + raise exception.ValidationSizeError(attribute='userId', + size=MAX_PARAM_SIZE) username = auth['passwordCredentials'].get('username', '') + if len(username) > MAX_PARAM_SIZE: + raise exception.ValidationSizeError(attribute='username', + size=MAX_PARAM_SIZE) password = auth['passwordCredentials'].get('password', '') + max_pw_size = utils.MAX_PASSWORD_LENGTH + if len(password) > max_pw_size: + raise exception.ValidationSizeError(attribute='password', + size=max_pw_size) + tenant_name = auth.get('tenantName', None) + if tenant_name and len(tenant_name) > MAX_PARAM_SIZE: + raise exception.ValidationSizeError(attribute='tenantName', + size=MAX_PARAM_SIZE) if username: try: @@ -302,6 +319,9 @@ # more compat tenant_id = auth.get('tenantId', None) + if tenant_id and len(tenant_id) > MAX_PARAM_SIZE: + raise exception.ValidationSizeError(attribute='tenantId', + size=MAX_PARAM_SIZE) if tenant_name: try: tenant_ref = self.identity_api.get_tenant_by_name( @@ -342,7 +362,14 @@ catalog_ref = {} elif 'token' in auth: old_token = auth['token'].get('id', None) + + if len(old_token) > MAX_TOKEN_SIZE: + raise exception.ValidationSizeError(attribute='token', + size=MAX_TOKEN_SIZE) tenant_name = auth.get('tenantName') + if tenant_name and len(tenant_name) > MAX_PARAM_SIZE: + raise exception.ValidationSizeError(attribute='tenantName', + size=MAX_PARAM_SIZE) try: old_token_ref = self.token_api.get_token(context=context, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystone-2012.2.3/keystone.egg-info/PKG-INFO new/keystone-2012.2.4/keystone.egg-info/PKG-INFO --- old/keystone-2012.2.3/keystone.egg-info/PKG-INFO 2012-12-18 00:28:21.000000000 +0100 +++ new/keystone-2012.2.4/keystone.egg-info/PKG-INFO 2013-02-05 17:24:46.000000000 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 1.0 Name: keystone -Version: 2012.2.3 +Version: 2012.2.4 Summary: Authentication service for OpenStack Home-page: http://www.openstack.org Author: OpenStack, LLC. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystone-2012.2.3/setup.py new/keystone-2012.2.4/setup.py --- old/keystone-2012.2.3/setup.py 2012-12-18 00:24:26.000000000 +0100 +++ new/keystone-2012.2.4/setup.py 2013-02-05 17:22:07.000000000 +0100 @@ -30,7 +30,7 @@ write_requirements() setup(name='keystone', - version='2012.2.3', + version='2012.2.4', description="Authentication service for OpenStack", license='Apache License (2.0)', author='OpenStack, LLC.', diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystone-2012.2.3/tests/test_backend.py new/keystone-2012.2.4/tests/test_backend.py --- old/keystone-2012.2.3/tests/test_backend.py 2012-12-18 00:24:26.000000000 +0100 +++ new/keystone-2012.2.4/tests/test_backend.py 2013-02-05 17:22:07.000000000 +0100 @@ -18,7 +18,9 @@ import uuid import default_fixtures +from keystone.catalog import core from keystone import exception +from keystone import test from keystone.openstack.common import timeutils @@ -757,6 +759,20 @@ for x in xrange(2)]) +class CommonHelperTests(test.TestCase): + def test_format_helper_raises_malformed_on_missing_key(self): + with self.assertRaises(exception.MalformedEndpoint): + core.format_url("http://%(foo)s/%(bar)s", {"foo": "1"}) + + def test_format_helper_raises_malformed_on_wrong_type(self): + with self.assertRaises(exception.MalformedEndpoint): + core.format_url("http://%foo%s";, {"foo": "1"}) + + def test_format_helper_raises_malformed_on_incomplete_format(self): + with self.assertRaises(exception.MalformedEndpoint): + core.format_url("http://%(foo)", {"foo": "1"}) + + class CatalogTests(object): def test_service_crud(self): new_service = { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystone-2012.2.3/tests/test_backend_sql.py new/keystone-2012.2.4/tests/test_backend_sql.py --- old/keystone-2012.2.3/tests/test_backend_sql.py 2012-12-18 00:24:26.000000000 +0100 +++ new/keystone-2012.2.4/tests/test_backend_sql.py 2013-02-05 17:22:07.000000000 +0100 @@ -154,3 +154,52 @@ self.catalog_api = catalog_sql.Catalog() self.catalog_man = catalog.Manager() self.load_fixtures(default_fixtures) + + def test_malformed_catalog_throws_error(self): + self.catalog_api.create_service('a', {"id": "a", "desc": "a1", + "name": "b"}) + badurl = "http://192.168.1.104:$(compute_port)s/v2/$(tenant)s" + self.catalog_api.create_endpoint('b', {"id": "b", "region": "b1", + "service_id": "a", "adminurl": badurl, + "internalurl": badurl, + "publicurl": badurl}) + with self.assertRaises(exception.MalformedEndpoint): + self.catalog_api.get_catalog('fake-user', 'fake-tenant') + + def test_get_catalog_without_endpoint(self): + new_service = { + 'id': uuid.uuid4().hex, + 'type': uuid.uuid4().hex, + 'name': uuid.uuid4().hex, + 'description': uuid.uuid4().hex, + } + self.catalog_api.create_service( + new_service['id'], + new_service.copy()) + service_id = new_service['id'] + + new_endpoint = { + 'id': uuid.uuid4().hex, + 'region': uuid.uuid4().hex, + 'service_id': service_id, + } + + self.catalog_api.create_endpoint( + new_endpoint['id'], + new_endpoint.copy()) + + catalog = self.catalog_api.get_catalog('user', 'tenant') + + service_type = new_service['type'] + region = new_endpoint['region'] + + self.assertEqual(catalog[region][service_type]['name'], + new_service['name']) + self.assertEqual(catalog[region][service_type]['id'], + new_endpoint['id']) + self.assertEqual(catalog[region][service_type]['publicURL'], + "") + self.assertEqual(catalog[region][service_type]['adminURL'], + None) + self.assertEqual(catalog[region][service_type]['internalURL'], + None) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystone-2012.2.3/tests/test_backend_templated.py new/keystone-2012.2.4/tests/test_backend_templated.py --- old/keystone-2012.2.3/tests/test_backend_templated.py 2012-12-18 00:24:26.000000000 +0100 +++ new/keystone-2012.2.4/tests/test_backend_templated.py 2013-02-05 17:22:07.000000000 +0100 @@ -62,6 +62,12 @@ catalog_ref = self.catalog_api.get_catalog('foo', 'bar') self.assertDictEqual(catalog_ref, self.DEFAULT_FIXTURE) + def test_malformed_catalog_throws_error(self): + self.catalog_api.templates['RegionOne']['compute']['adminURL'] = \ + 'http://localhost:$(compute_port)s/v1.1/$(tenant)s' + with self.assertRaises(exception.MalformedEndpoint): + self.catalog_api.get_catalog('fake-user', 'fake-tenant') + def test_create_endpoint_404(self): self.assertRaises(exception.NotImplemented, self.catalog_api.create_endpoint, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystone-2012.2.3/tests/test_content_types.py new/keystone-2012.2.4/tests/test_content_types.py --- old/keystone-2012.2.3/tests/test_content_types.py 2012-12-18 00:24:26.000000000 +0100 +++ new/keystone-2012.2.4/tests/test_content_types.py 2013-02-05 17:22:07.000000000 +0100 @@ -312,6 +312,18 @@ self.assertIsNotNone(tenant.get('id')) self.assertIsNotNone(tenant.get('name')) + def test_public_not_found(self): + r = self.public_request( + path='/%s' % uuid.uuid4().hex, + expected_status=404) + self.assertValidErrorResponse(r) + + def test_admin_not_found(self): + r = self.admin_request( + path='/%s' % uuid.uuid4().hex, + expected_status=404) + self.assertValidErrorResponse(r) + def test_public_multiple_choice(self): r = self.public_request(path='/', expected_status=300) self.assertValidMultipleChoiceResponse(r) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystone-2012.2.3/tests/test_keystoneclient.py new/keystone-2012.2.4/tests/test_keystoneclient.py --- old/keystone-2012.2.3/tests/test_keystoneclient.py 2012-12-18 00:24:26.000000000 +0100 +++ new/keystone-2012.2.4/tests/test_keystoneclient.py 2013-02-05 17:22:07.000000000 +0100 @@ -789,7 +789,7 @@ class KcMasterTestCase(CompatTestCase, KeystoneClientTests): def get_checkout(self): - return KEYSTONECLIENT_REPO, 'master' + return KEYSTONECLIENT_REPO, '0.2.0' def test_tenant_add_and_remove_user(self): client = self.get_client(admin=True) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystone-2012.2.3/tests/test_service.py new/keystone-2012.2.4/tests/test_service.py --- old/keystone-2012.2.3/tests/test_service.py 2012-12-18 00:24:26.000000000 +0100 +++ new/keystone-2012.2.4/tests/test_service.py 2013-02-05 17:22:07.000000000 +0100 @@ -17,6 +17,7 @@ import default_fixtures from keystone import config +from keystone import exception from keystone import service from keystone import test from keystone.identity.backends import kvs as kvs_identity @@ -25,6 +26,31 @@ CONF = config.CONF +def _build_user_auth(token=None, user_id=None, username=None, + password=None, tenant_id=None, tenant_name=None): + """Build auth dictionary. + + It will create an auth dictionary based on all the arguments + that it receives. + """ + auth_json = {} + if token is not None: + auth_json['token'] = token + if username or password: + auth_json['passwordCredentials'] = {} + if username is not None: + auth_json['passwordCredentials']['username'] = username + if user_id is not None: + auth_json['passwordCredentials']['userId'] = user_id + if password is not None: + auth_json['passwordCredentials']['password'] = password + if tenant_name is not None: + auth_json['tenantName'] = tenant_name + if tenant_id is not None: + auth_json['tenantId'] = tenant_id + return auth_json + + class TokenExpirationTest(test.TestCase): def setUp(self): super(TokenExpirationTest, self).setUp() @@ -75,3 +101,52 @@ def test_maintain_uuid_token_expiration(self): self.opt_in_group('signing', token_format='UUID') self._maintain_token_expiration() + + +class AuthTest(test.TestCase): + def setUp(self): + super(AuthTest, self).setUp() + + CONF.identity.driver = 'keystone.identity.backends.kvs.Identity' + self.load_backends() + self.load_fixtures(default_fixtures) + self.api = service.TokenController() + + def test_authenticate_user_id_too_large(self): + """Verify sending large 'userId' raises the right exception.""" + body_dict = _build_user_auth(user_id='0' * 65, username='FOO', + password='foo2') + self.assertRaises(exception.ValidationSizeError, self.api.authenticate, + {}, body_dict) + + def test_authenticate_username_too_large(self): + """Verify sending large 'username' raises the right exception.""" + body_dict = _build_user_auth(username='0' * 65, password='foo2') + self.assertRaises(exception.ValidationSizeError, self.api.authenticate, + {}, body_dict) + + def test_authenticate_tenant_id_too_large(self): + """Verify sending large 'tenantId' raises the right exception.""" + body_dict = _build_user_auth(username='FOO', password='foo2', + tenant_id='0' * 65) + self.assertRaises(exception.ValidationSizeError, self.api.authenticate, + {}, body_dict) + + def test_authenticate_tenant_name_too_large(self): + """Verify sending large 'tenantName' raises the right exception.""" + body_dict = _build_user_auth(username='FOO', password='foo2', + tenant_name='0' * 65) + self.assertRaises(exception.ValidationSizeError, self.api.authenticate, + {}, body_dict) + + def test_authenticate_token_too_large(self): + """Verify sending large 'token' raises the right exception.""" + body_dict = _build_user_auth(token={'id': '0' * 8193}) + self.assertRaises(exception.ValidationSizeError, self.api.authenticate, + {}, body_dict) + + def test_authenticate_password_too_large(self): + """Verify sending large 'password' raises the right exception.""" + body_dict = _build_user_auth(username='FOO', password='0' * 8193) + self.assertRaises(exception.ValidationSizeError, self.api.authenticate, + {}, body_dict) -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
