Hello community, here is the log from the commit of package openstack-keystone.1429 for openSUSE:12.3:Update checked in at 2013-03-21 17:35:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/openstack-keystone.1429 (Old) and /work/SRC/openSUSE:12.3:Update/.openstack-keystone.1429.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openstack-keystone.1429", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2013-02-26 18:15:11.936010755 +0100 +++ /work/SRC/openSUSE:12.3:Update/.openstack-keystone.1429.new/openstack-keystone-doc.changes 2013-03-21 17:35:43.000000000 +0100 @@ -0,0 +1,19 @@ +------------------------------------------------------------------- +Wed Dec 19 15:37:39 UTC 2012 - [email protected] + +- It's a noarch package + +-------------------------------------------------------------------- +Wed Dec 19 12:40:14 UTC 2012 - [email protected] + +- Move to obs-service-git_tarballs +- Update to version 2012.2.3+git.1355917214.0c8c2a3: + + Merge commit 'refs/changes/01/17901/1' of ssh://review.openstack.org:29418/openstack/keystone into stable/folsom + + Bump next version to 2012.2.3 + + Ensure serviceCatalog is list when empty, not dict + +------------------------------------------------------------------- +Thu Nov 22 10:41:32 UTC 2012 - [email protected] + +- Initial version + New Changes file: --- /dev/null 2013-02-26 18:15:11.936010755 +0100 +++ /work/SRC/openSUSE:12.3:Update/.openstack-keystone.1429.new/openstack-keystone.changes 2013-03-21 17:35:43.000000000 +0100 @@ -0,0 +1,482 @@ +------------------------------------------------------------------- +Mon Mar 11 10:01:24 UTC 2013 - [email protected] + +- Update 12.3 packages to Folsom as of March 5th. This comes with· + security fixes and bug fixes that we need to have OpenStack work + nicely. Fix bnc#802278. + +------------------------------------------------------------------- +Thu Mar 7 16:10:27 UTC 2013 - [email protected] + +- fix logging.conf to be about keystone and have absolute path + +-------------------------------------------------------------------- +Tue Mar 5 16:51:28 UTC 2013 - [email protected] + +- Update to version 2012.2.4+git.1362502288.8690166: + + Sync timeutils to pick up normalize fix. + + Backport of fix for 24-hour failure of pki. + +-------------------------------------------------------------------- +Fri Feb 22 10:11:13 UTC 2013 - [email protected] + +- Update to version 2012.2.4+git.1361527873.37b3532: + + Disable XML entity parsing (CVE-2013-1664, CVE-2013-1665) + + Ensure user and tenant enabled in EC2 (CVE-2013-0282) + +-------------------------------------------------------------------- +Wed Feb 6 06:58:41 UTC 2013 - [email protected] + +- Update to version 2012.2.4+git.1360133921.82c87e5: + + Bump version to 2012.2.4 + + Add size validations for /tokens. (CVE-2013-0247) + +-------------------------------------------------------------------- +Wed Jan 30 12:54:45 UTC 2013 - [email protected] + +- Update to version 2012.2.3+git.1359550485.ec7b94d: + + Test 0.2.0 keystoneclient to avoid new deps + + Unparseable endpoint URL's should raise friendly error + + Fix catalog when services have no URL + + Render content-type appropriate 404 (bug 1089987) + +------------------------------------------------------------------- +Wed Jan 30 12:07:49 UTC 2013 - [email protected] + +- fix last commit's hash tag in Version + +------------------------------------------------------------------- +Fri Jan 11 15:39:23 UTC 2013 - [email protected] + +- revert %setup to also unpack hybrid backend tarball + +------------------------------------------------------------------- +Fri Jan 11 15:12:13 UTC 2013 - [email protected] + +- update and re-enable backend hybrid code: + * use sample config for testing + * raise errors in user retrieval code instead of returning None + +------------------------------------------------------------------- +Fri Jan 11 11:23:40 UTC 2013 - [email protected] + +- Require WebTest instead of webtest in the test sub-package + +------------------------------------------------------------------- +Thu Jan 10 12:52:41 UTC 2013 - [email protected] + +- Add logrotate configuration + +------------------------------------------------------------------- +Wed Jan 9 15:36:36 UTC 2013 - [email protected] + +- package sample_data.sh for use in quickstart script + +-------------------------------------------------------------------- +Wed Dec 19 12:40:14 UTC 2012 - [email protected] + +- Move to obs-service-git_tarballs +- Update to version 2012.2.3+git.1355917214.0c8c2a3: + + Merge commit 'refs/changes/01/17901/1' of ssh://review.openstack.org:29418/openstack/keystone into stable/folsom + + Bump next version to 2012.2.3 + + Ensure serviceCatalog is list when empty, not dict + +------------------------------------------------------------------- +Mon Dec 10 23:57:58 UTC 2012 - [email protected] + +- Update to version 2012.2.1+git.1354224563.7869c3e: + + lp#1064914 Removing user from a tenant isn't invalidating user access to + tenant + + lp#1073569 Jenkins jobs fail because of incompatibility between + sqlalchemy-migrate and the newest sqlalchemy-0.8.0b1 + + lp#1078497 keystone throws error when removing user from tenant. + + lp#1060389 Non PKI Tokens longer than 32 characters can never be valid + + lp#1068851 Openssl tests rely on expired certificate + + lp#1079216 token expires time incorrect for auth by one token + + lp#968519 Object reference validation should occur in drivers + + lp#1068674 Redo part of bp/sql-identiy-pam undone by bug 968519 + +------------------------------------------------------------------- +Wed Dec 5 09:36:14 UTC 2012 - [email protected] + +- Use @PARENT_TAG@ in _service file to automate versioning + +------------------------------------------------------------------- +Mon Dec 3 11:34:01 UTC 2012 - [email protected] + +- fix unittest failure with ssl certificates + +------------------------------------------------------------------- +Fri Nov 30 13:59:57 UTC 2012 - [email protected] + +- fix unittest failure on our version of webob + +------------------------------------------------------------------- +Thu Nov 22 12:35:37 UTC 2012 - [email protected] + +- fix typo in passlib dependency package name + +------------------------------------------------------------------- +Thu Nov 22 10:41:39 UTC 2012 - [email protected] + +- Split of doc package into seperate spec file +- Comment out hybrid_backend parts for now to fix build +- Re-arranged %build section to match other packages +- Removed a whole bunch of unneded build requirements +- Updated requirements for python module and test sub-packages + +------------------------------------------------------------------- +Wed Nov 21 12:59:17 UTC 2012 - [email protected] + +- disable keystone-hybrid-backend source service + +------------------------------------------------------------------- +Tue Nov 20 14:50:26 UTC 2012 - [email protected] + +- Add source service for keystone-hybrid-backend +- Update to latest git (f65604d): + + Ensures User is member of tenant in ec2 validation + +------------------------------------------------------------------- +Thu Nov 15 13:55:59 UTC 2012 - [email protected] + +- Use openstack-macros + +------------------------------------------------------------------- +Thu Nov 8 13:50:26 UTC 2012 - [email protected] + +- Fix malformed changes file entries + +------------------------------------------------------------------- +Thu Nov 8 13:03:54 UTC 2012 - [email protected] + +- Update to version 2012.2 (Folsom): + + See https://github.com/openstack/keystone/commits/folsom-3 +- Drop the following upstreamed patches: + + keystone-ldap-no-authentication.patch + + keystone-log-warn-auth-errors.patch +- Rebased the following patches: + + keystone-sql-backend-from_dict.patch + + keystone-hybrid-conf-scope.patch +- BuildRequire python-pam for man-page build +- Install new man-pages keystone-all.1 and keystone-manage.1 +- Introduce temporary FIX-BUILD.patch + +------------------------------------------------------------------- +Thu Nov 8 11:44:18 UTC 2012 - [email protected] + +- Drop from_vcs build flag + +------------------------------------------------------------------- +Wed Oct 31 15:15:16 UTC 2012 - [email protected] + +- Drop temporary fixes for file permissions and attributes in %post + section. They were necessary only to migrate from pre-1.0 packages. + +------------------------------------------------------------------- +Tue Oct 16 11:08:47 CEST 2012 - [email protected] + +- patch sql backend's from_dict method to not modify the content of the + passed in dict (lp:1066851) + +------------------------------------------------------------------- +Wed Oct 10 14:56:49 CEST 2012 - [email protected] + + - add hybrid backend test configuration file + +------------------------------------------------------------------- +Wed Oct 10 14:10:43 CEST 2012 - [email protected] + + - make user search ldap SCOPE configurable in the hybrid backend + +------------------------------------------------------------------- +Mon Oct 8 14:38:58 CEST 2012 - [email protected] + + - fix LDAP bind with dinamically found user DN + +------------------------------------------------------------------- ++++ 285 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.3:Update/.openstack-keystone.1429.new/openstack-keystone.changes New: ---- FIX-BUILD.patch _service default_catalog.templates keystone-certs-test.patch keystone-hybrid-backend-folsom.tar.gz keystone-hybrid-conf-scope.patch keystone-sql-backend-from_dict.patch keystone-stable-folsom.tar.gz keystone-webob-empty-resp-environ.patch logging.conf openstack-keystone-doc.changes openstack-keystone-doc.spec openstack-keystone.changes openstack-keystone.conf.sample openstack-keystone.init openstack-keystone.logrotate openstack-keystone.spec openstack-keystone.wsgi rpmlintrc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openstack-keystone-doc.spec ++++++ # # spec file for package openstack-keystone-doc # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define component keystone Name: openstack-%{component}-doc Version: 2012.2.4+git.1362502288.8690166 Release: 0 Summary: OpenStack Identity Service (Keystone) - Documentation License: Apache-2.0 Group: Documentation/HTML Url: https://github.com/openstack/keystone Source: keystone-stable-folsom.tar.gz BuildRequires: openstack-macros BuildRequires: python-Sphinx BuildRequires: python-base BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Keystone is an OpenStack project that provides Identity, Token, Catalog and Policy services for use specifically by projects in the OpenStack family. This package contains documentation files for openstack-keystone. %prep %setup -q -n keystone-2012.2.4 %openstack_cleanup_prep %build python setup.py build_sphinx rm -rf doc/build/html/.buildinfo # Remove unneeded files %install %files %defattr(-,root,root,-) %doc LICENSE doc/build/html %changelog ++++++ openstack-keystone.spec ++++++ # # spec file for package openstack-keystone # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2011 B1 Systems GmbH, Vohburg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define component keystone %define groupname openstack-%{component} %define username openstack-%{component} %define hybrid keystone-hybrid-backend-folsom Name: openstack-%{component} Version: 2012.2.4+git.1362502288.8690166 Release: 0 Summary: OpenStack Identity Service (Keystone) License: Apache-2.0 Group: Development/Languages/Python Url: https://github.com/openstack/keystone Source: keystone-stable-folsom.tar.gz Source1: %{name}.init Source2: logging.conf Source3: default_catalog.templates # Apache2 SSL proxy example configuration: Source4: openstack-keystone.conf.sample # WSGI application skeleton for public and admin API apps (for the SSL proxy): Source5: openstack-keystone.wsgi # Hybrid identity backend - uses the existing LDAP backend for users and # the SQL backend for tenants/roles Source6: %{hybrid}.tar.gz Source7: %{name}.logrotate # Add a configuration option for reading the ldap user_scope (part of # the hybrid backend) Patch1: keystone-hybrid-conf-scope.patch # Don't modify the passed in dict to the sql backend's from_dict method # (fixes our testsuite) https://review.openstack.org/14472 Patch2: keystone-sql-backend-from_dict.patch # Fix a unittest bug with empty environ on our version of WebOb # (will probably never land in folsom) https://review.openstack.org/#/c/17193/ Patch3: keystone-webob-empty-resp-environ.patch # Fix a unittest bug that reads ssl configuration from etc # (will probably never land in folsom) https://review.openstack.org/#/c/17341/ Patch4: keystone-certs-test.patch #TODO/FIXME: check the issue! Patch666: FIX-BUILD.patch BuildRequires: apache2 BuildRequires: openstack-macros BuildRequires: python-Sphinx BuildRequires: python-base BuildRequires: python-distribute Requires: logrotate Requires: python-keystone = %{version} BuildRoot: %{_tmppath}/%{name}-%{version}-build # To generate a self-signed certificate to be used in demo setups: Requires(post): apache2-utils Requires(post): openssl Requires(post): sysconfig %if 0%{?suse_version} > 1110 Requires(pre): pwdutils %else Requires(pre): shadow-utils %endif %if 0%{?fedora} Requires(pre): shadow-utils %endif %if 0%{?suse_version} && 0%{?suse_version} <= 1110 %{!?python_sitelib: %global python_sitelib %(python -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} %else BuildArch: noarch %endif %description Keystone is an OpenStack project that provides Identity, Token, Catalog and Policy services for use specifically by projects in the OpenStack family. %package -n python-keystone Summary: OpenStack Identity Service (Keystone) - Python module Group: Development/Languages/Python Requires: python >= 2.6.8 Requires: python-Paste Requires: python-PasteDeploy Requires: python-SQLAlchemy >= 0.7.8 Requires: python-WebOb Requires: python-eventlet Requires: python-greenlet Requires: python-iso8601 >= 0.1.4 Requires: python-lxml Requires: python-pam Requires: python-passlib Requires: python-routes Requires: python-sqlalchemy-migrate >= 0.7.2 %description -n python-keystone Keystone is an OpenStack project that provides Identity, Token, Catalog and Policy services for use specifically by projects in the OpenStack family. This package contains the core Python module of OpenStack Keystone. %package test Summary: Testsuite for the OpenStack Keystone Group: Development/Languages/Python Requires: %{name} = %{version} Requires: python-Sphinx >= 1.1.2 Requires: python-WebTest Requires: python-coverage Requires: python-distribute >= 0.6.24 Requires: python-keystoneclient Requires: python-ldap Requires: python-mox Requires: python-nose Requires: python-nosehtmloutput Requires: python-nosexcover Requires: python-openstack.nose_plugin Requires: python-pep8 Requires: python-pylint Requires: python-python-memcached Requires: python-swift Requires: python-unittest2 %description test The OpenStack Keystone testsuite. It is used to verify the functionality of OpenStack Keystone. %prep # unpack the backend hybrid in addition to the main keyston source %setup -q -T -D -b0 -a6 -n keystone-2012.2.4 %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch666 -p1 %openstack_cleanup_prep # set the sqlite3 path to /var/lib/keystone sed -i 's%^connection =.*%connection = sqlite:////var/lib/keystone/keystone.db%' etc/keystone.conf.sample %build python setup.py build python setup.py build_sphinx -b man %install python setup.py install --prefix=%{_prefix} --root=%{buildroot} ### directories install -d -m 755 %{buildroot}%{_localstatedir}/lib/keystone install -d -m 755 %{buildroot}%{_localstatedir}/log/keystone ### configuration files install -d -m 0755 %{buildroot}%{_sysconfdir}/keystone cp %{SOURCE2} %{buildroot}%{_sysconfdir}/keystone/ cp %{SOURCE3} %{buildroot}%{_sysconfdir}/keystone/default_catalog.templates.sample sed -i -e 's,^template_file .*,template_file = /etc/keystone/default_catalog.templates,' etc/keystone.conf.sample cp etc/keystone.conf.sample %{buildroot}%{_sysconfdir}/keystone/keystone.conf cp etc/policy.json %{buildroot}%{_sysconfdir}/keystone/ install -p -D -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} ### init scripts install -p -D -m 755 %{SOURCE1} %{buildroot}%{_initddir}/%{name} mkdir -p %{buildroot}%{_sbindir} ln -s ../..%{_initddir}/%{name} %{buildroot}%{_sbindir}/rc%{name} ### documentation install -d %{buildroot}%{_mandir}/man1 install -m 644 doc/build/man/keystone-{all,manage}.1 %{buildroot}%{_mandir}/man1 ### test subpackage %openstack_test_package_install ### apache/WSGI for SSL %openstack_apache_ssl_cert_install # Apache2 sample configuration install -m 644 -D %{SOURCE4} %{buildroot}%{_sysconfdir}/apache2/conf.d/openstack-keystone.conf.sample # Apache2 WSGI apps install -D %{SOURCE5} %{buildroot}%{_localstatedir}/lib/keystone/wsgi/admin.wsgi install -D %{SOURCE5} %{buildroot}%{_localstatedir}/lib/keystone/wsgi/main.wsgi ### Keystone hybrid identity backend install -D -m 644 %{hybrid}/hybrid.py %{buildroot}%{python_sitelib}/keystone/identity/backends/ install -m 644 %{hybrid}/hybrid_config.py %{buildroot}%{python_sitelib}/keystone/identity/backends/ install -D -m 644 %{hybrid}/test_backend_hybrid.py %{buildroot}%{_localstatedir}/lib/openstack-keystone-test/tests/ install -D -m 644 %{hybrid}/backend_hybrid.conf %{buildroot}%{_localstatedir}/lib/openstack-keystone-test/tests/ %pre getent group %{groupname} >/dev/null || groupadd -r %{groupname} getent passwd %{username} >/dev/null || useradd -r -g %{groupname} -d %{_localstatedir}/lib/keystone -s /sbin/nologin -c "OpenStack keystone Daemon" %{username} exit 0 %post %openstack_apache_ssl_cert_post %fillup_and_insserv %{name} %restart_on_update %{name} %preun %stop_on_removal %{name} %postun %restart_on_update openstack-keystone %insserv_cleanup %files %defattr(-,root,root) %dir %attr(0755, %{username}, %{groupname}) %{_localstatedir}/lib/keystone %dir %attr(0750, %{username}, %{groupname}) %{_localstatedir}/log/keystone %dir %attr(0750, root, %{groupname}) %{_sysconfdir}/keystone %config(noreplace) %attr(0640, root, %{groupname}) %{_sysconfdir}/keystone/keystone.conf %config(noreplace) %attr(0640, root, %{groupname}) %{_sysconfdir}/keystone/logging.conf %config(noreplace) %{_sysconfdir}/keystone/policy.json %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %attr(0640, %{username}, %{groupname}) %{_sysconfdir}/keystone/default_catalog.templates.sample %{_initddir}/%{name} %{_sbindir}/rc%{name} %{_bindir}/keystone-all %{_bindir}/keystone-manage %{_mandir}/man1/keystone* %openstack_apache_ssl_cert_files %{_sysconfdir}/apache2/conf.d/openstack-keystone.conf.sample %dir %attr(0755, root, root) %{_localstatedir}/lib/keystone/wsgi %attr(0644, root, root) %{_localstatedir}/lib/keystone/wsgi/*.wsgi %doc tools/sample_data.sh %files -n python-keystone %defattr(-,root,root,-) %{python_sitelib} #%config %{python_sitelib}/keystone/identity/backends/hybrid_config.py %doc LICENSE %files test %defattr(-,root,root) %{_localstatedir}/lib/openstack-keystone-test %changelog ++++++ FIX-BUILD.patch ++++++ diff -ruN a/keystone/middleware/ec2_token.py b/keystone/middleware/ec2_token.py --- a/keystone/middleware/ec2_token.py 2012-11-08 13:02:07.000000000 +0100 +++ b/keystone/middleware/ec2_token.py 2012-11-08 13:59:34.000000000 +0100 @@ -34,9 +34,9 @@ FLAGS = flags.FLAGS -flags.DEFINE_string('keystone_ec2_url', - 'http://localhost:5000/v2.0/ec2tokens', - 'URL to get token from ec2 request.') +#flags.DEFINE_string('keystone_ec2_url', +# 'http://localhost:5000/v2.0/ec2tokens', +# 'URL to get token from ec2 request.') class EC2Token(wsgi.Middleware): ++++++ _service ++++++ <services> <service name="tar_scm" mode="disabled"> <param name="url">git://github.com/SUSE-Cloud/keystone-hybrid-backend.git</param> <param name="scm">git</param> <param name="exclude">.git</param> <param name="version">folsom</param> <param name="revision">folsom</param> </service> <service name="recompress" mode="disabled"> <param name="file">*keystone-hybrid-backend-*.tar</param> <param name="compression">gz</param> </service> <service name="git_tarballs" mode="disabled"> <param name="url">http://tarballs.openstack.org/keystone/keystone-stable-folsom.tar.gz</param> <param name="email">[email protected]</param> </service> </services> ++++++ default_catalog.templates ++++++ # config for TemplatedCatalog, using camelCase because I don't want to do # translations for legacy compat catalog.RegionOne.identity.publicURL = http://%SERVICE_HOST%:$(public_port)s/v2.0 catalog.RegionOne.identity.adminURL = http://%SERVICE_HOST%:$(admin_port)s/v2.0 catalog.RegionOne.identity.internalURL = http://%SERVICE_HOST%:$(public_port)s/v2.0 catalog.RegionOne.identity.name = Identity Service catalog.RegionOne.compute.publicURL = http://%SERVICE_HOST%:8774/v2/$(tenant_id)s catalog.RegionOne.compute.adminURL = http://%SERVICE_HOST%:8774/v2/$(tenant_id)s catalog.RegionOne.compute.internalURL = http://%SERVICE_HOST%:8774/v2/$(tenant_id)s catalog.RegionOne.compute.name = Compute Service catalog.RegionOne.volume.publicURL = http://%SERVICE_HOST%:8776/v1/$(tenant_id)s catalog.RegionOne.volume.adminURL = http://%SERVICE_HOST%:8776/v1/$(tenant_id)s catalog.RegionOne.volume.internalURL = http://%SERVICE_HOST%:8776/v1/$(tenant_id)s catalog.RegionOne.volume.name = Volume Service catalog.RegionOne.ec2.publicURL = http://%SERVICE_HOST%:8773/services/Cloud catalog.RegionOne.ec2.adminURL = http://%SERVICE_HOST%:8773/services/Admin catalog.RegionOne.ec2.internalURL = http://%SERVICE_HOST%:8773/services/Cloud catalog.RegionOne.ec2.name = EC2 Service catalog.RegionOne.s3.publicURL = http://%SERVICE_HOST%:%S3_SERVICE_PORT% catalog.RegionOne.s3.adminURL = http://%SERVICE_HOST%:%S3_SERVICE_PORT% catalog.RegionOne.s3.internalURL = http://%SERVICE_HOST%:%S3_SERVICE_PORT% catalog.RegionOne.s3.name = S3 Service catalog.RegionOne.image.publicURL = http://%SERVICE_HOST%:9292/v1 catalog.RegionOne.image.adminURL = http://%SERVICE_HOST%:9292/v1 catalog.RegionOne.image.internalURL = http://%SERVICE_HOST%:9292/v1 catalog.RegionOne.image.name = Image Service ++++++ keystone-certs-test.patch ++++++ >From 12718080a15ce337b55f9af1edc8de19bd6a8883 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ionu=C8=9B=20Ar=C8=9B=C4=83ri=C8=99i?= <[email protected]> Date: Mon, 3 Dec 2012 11:59:20 +0100 Subject: [PATCH] use keystone test and change config during setUp Also fixes this traceback which I keep getting on devstack: ERROR: test_create_certs (tests.test_cert_setup.CertSetupTestCase) ---------------------------------------------------------------------- Traceback (most recent call last): File "/opt/stack/keystone/tests/test_cert_setup.py", line 52, in tearDown shutil.rmtree(rootdir(SSLDIR)) File "/usr/lib/python2.7/shutil.py", line 237, in rmtree onerror(os.listdir, path, sys.exc_info()) File "/usr/lib/python2.7/shutil.py", line 235, in rmtree names = os.listdir(path) OSError: [Errno 2] No such file or directory: '/opt/stack/keystone/tests/ssl/' Change-Id: Iba10822aaf1284549d610bb1172df03ffc48f363 --- tests/test_cert_setup.py | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/tests/test_cert_setup.py b/tests/test_cert_setup.py index ca3a96c..3d609c2 100644 --- a/tests/test_cert_setup.py +++ b/tests/test_cert_setup.py @@ -16,15 +16,14 @@ # limitations under the License. import os -import unittest2 as test import shutil -from keystone import config from keystone.common import openssl +from keystone import test ROOTDIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) SSLDIR = "%s/tests/ssl/" % ROOTDIR -CONF = config.CONF +CONF = test.CONF def rootdir(*p): @@ -34,13 +33,15 @@ def rootdir(*p): CERTDIR = rootdir("certs") KEYDIR = rootdir("private") -CONF.signing.certfile = os.path.join(CERTDIR, 'signing_cert.pem') -CONF.signing.ca_certs = os.path.join(CERTDIR, "ca.pem") -CONF.signing.keyfile = os.path.join(KEYDIR, "signing_key.pem") - class CertSetupTestCase(test.TestCase): + def setUp(self): + super(CertSetupTestCase, self).setUp() + CONF.signing.certfile = os.path.join(CERTDIR, 'signing_cert.pem') + CONF.signing.ca_certs = os.path.join(CERTDIR, "ca.pem") + CONF.signing.keyfile = os.path.join(KEYDIR, "signing_key.pem") + def test_create_certs(self): ssl = openssl.ConfigurePKI() ssl.run() @@ -50,3 +51,4 @@ class CertSetupTestCase(test.TestCase): def tearDown(self): shutil.rmtree(rootdir(SSLDIR)) + super(CertSetupTestCase, self).tearDown() -- 1.7.10.4 ++++++ keystone-hybrid-conf-scope.patch ++++++ diff -ruN a/keystone/config.py b/keystone/config.py --- a/keystone/config.py 2012-11-08 13:02:07.000000000 +0100 +++ b/keystone/config.py 2012-11-08 13:11:06.000000000 +0100 @@ -163,7 +163,7 @@ register_str('suffix', group='ldap', default='cn=example,cn=com') register_bool('use_dumb_member', group='ldap', default=False) register_str('user_name_attribute', group='ldap', default='sn') - +register_int('user_search_scope', group='ldap', default=1) register_str('user_tree_dn', group='ldap', default=None) register_str('user_objectclass', group='ldap', default='inetOrgPerson') ++++++ keystone-sql-backend-from_dict.patch ++++++ diff -ruN a/keystone/identity/backends/sql.py b/keystone/identity/backends/sql.py --- a/keystone/identity/backends/sql.py 2012-11-08 13:02:07.000000000 +0100 +++ b/keystone/identity/backends/sql.py 2012-11-08 13:29:02.000000000 +0100 @@ -67,8 +67,7 @@ if k not in ['id', 'name', 'extra']: extra[k] = user_dict.pop(k) - user_dict['extra'] = extra - return cls(**user_dict) + return cls(extra=extra, **user_dict) def to_dict(self): extra_copy = self.extra.copy() @@ -92,8 +91,7 @@ if k not in ['id', 'name', 'extra']: extra[k] = tenant_dict.pop(k) - tenant_dict['extra'] = extra - return cls(**tenant_dict) + return cls(extra=extra, **tenant_dict) def to_dict(self): extra_copy = copy.deepcopy(self.extra) ++++++ keystone-webob-empty-resp-environ.patch ++++++ >From af8761d9e0add62a83604b77ab015f5a8b3120a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ionu=C8=9B=20Ar=C8=9B=C4=83ri=C8=99i?= <[email protected]> Date: Fri, 30 Nov 2012 14:04:04 +0100 Subject: [PATCH] check the redirected path on the request, not the response The request object's path changes when it gets redirected. This behaviour is in tune with the latest WebOb code as well as the old. The response environ defaults to None in WebOb >= 1.2b1 http://docs.webob.org/en/latest/news.html#b1 Change-Id: I557563ce5407a8ef1b5dae680e456e589285be25 --- tests/test_s3_token_middleware.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/test_s3_token_middleware.py b/tests/test_s3_token_middleware.py index d8bc215..f3cf6c2 100644 --- a/tests/test_s3_token_middleware.py +++ b/tests/test_s3_token_middleware.py @@ -154,15 +154,15 @@ class S3TokenMiddlewareTest(unittest.TestCase): req = webob.Request.blank('/v1/AUTH_cfa/c/o') req.headers['Authorization'] = 'access:signature' req.headers['X-Storage-Token'] = 'token' - resp = webob.Request(req.get_response(self.middleware).environ) - self.assertTrue(resp.path.startswith('/v1/AUTH_TENANT_ID')) - self.assertEqual(resp.headers['X-Auth-Token'], 'TOKEN_ID') + req.get_response(self.middleware) + self.assertTrue(req.path.startswith('/v1/AUTH_TENANT_ID')) + self.assertEqual(req.headers['X-Auth-Token'], 'TOKEN_ID') def test_authorization_nova_toconnect(self): req = webob.Request.blank('/v1/AUTH_swiftint/c/o') req.headers['Authorization'] = 'access:FORCED_TENANT_ID:signature' req.headers['X-Storage-Token'] = 'token' - req = req.get_response(self.middleware) + req.get_response(self.middleware) path = req.environ['PATH_INFO'] self.assertTrue(path.startswith('/v1/AUTH_FORCED_TENANT_ID')) -- 1.7.10.4 ++++++ logging.conf ++++++ [loggers] keys=root,api,combined [formatters] keys=normal,normal_with_name,debug [handlers] keys=production,file,devel [logger_root] level=NOTSET handlers=devel [logger_api] level=DEBUG handlers=devel qualname=keystone-api [logger_combined] level=DEBUG handlers=devel qualname=keystone-combined [handler_production] class=handlers.SysLogHandler level=ERROR formatter=normal_with_name args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER) [handler_file] class=FileHandler level=DEBUG formatter=normal_with_name args=('/var/log/keystone/keystone.log', 'w') [handler_devel] class=StreamHandler level=NOTSET formatter=debug args=(sys.stdout,) [formatter_normal] format=%(asctime)s %(levelname)s %(message)s [formatter_normal_with_name] format=(%(name)s): %(asctime)s %(levelname)s %(message)s [formatter_debug] format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %(message)s ++++++ openstack-keystone.conf.sample ++++++ # # OpenStack Identity (keystone) Apache2 SSL proxy example configuration. # # Required Apache2 modules: # - mod_ssl # - mod_wsgi # <IfDefine SSL> <IfDefine !NOSSL> # Proxy Keystone public API: Listen 5000 <VirtualHost *:5000> ServerName openstack-keystone.example.com ServerAdmin [email protected] ErrorLog /var/log/apache2/openstack-keystone-error_log TransferLog /var/log/apache2/openstack-keystone-access_log LogLevel debug SSLEngine on SSLCertificateFile /etc/apache2/ssl.crt/openstack-keystone-server.crt SSLCertificateKeyFile /etc/apache2/ssl.key/openstack-keystone-server.key # Need to run as user 'openstack-keystone' to gain access to '/etc/keystone/keystone.conf' WSGIDaemonProcess keystone_main user=openstack-keystone group=openstack-keystone processes=2 WSGIProcessGroup keystone_main WSGIScriptAlias / /var/lib/keystone/wsgi/main.wsgi <Directory /var/lib/keystone/wsgi/> Order allow,deny Allow from all </Directory> </VirtualHost> # Proxy Keystone admin API: Listen 35357 <VirtualHost *:35357> ServerName openstack-keystone.example.com ServerAdmin [email protected] ErrorLog /var/log/apache2/openstack-keystone-error_log TransferLog /var/log/apache2/openstack-keystone-access_log SSLEngine on SSLCertificateFile /etc/apache2/ssl.crt/openstack-keystone-server.crt SSLCertificateKeyFile /etc/apache2/ssl.key/openstack-keystone-server.key # Need to run as user 'openstack-keystone' to gain access to '/etc/keystone/keystone.conf' WSGIDaemonProcess keystone_admin user=openstack-keystone group=openstack-keystone processes=2 WSGIProcessGroup keystone_admin WSGIScriptAlias / /var/lib/keystone/wsgi/admin.wsgi <Directory /var/lib/keystone/wsgi/> Order allow,deny Allow from all </Directory> </VirtualHost> </IfDefine> </IfDefine> ++++++ openstack-keystone.init ++++++ #!/bin/sh ### BEGIN INIT INFO # Provides: openstack-keystone # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Should-Start: $network mysql postgresql # Should-Stop: $network mysql postgresql # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: OpenStack keystone # Description: OpenStack keystone. ### END INIT INFO USER="openstack-keystone" GROUP="openstack-keystone" DAEMON="/usr/bin/keystone-all" CONFFILE="/etc/keystone/keystone.conf" DAEMON_OPTIONS="--config-file=$CONFFILE --log-file=/var/log/keystone/keystone.log" OPTIONS="${OPTIONS} $DAEMON_OPTIONS" # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v be verbose in local rc status and clear it afterwards # rc_status -v -r ditto and clear both the local and overall rc status # rc_status -s display "skipped" and exit with status 3 # rc_status -u display "unused" and exit with status 3 # rc_failed set local and overall rc status to failed # rc_failed <num> set local and overall rc status to <num> # rc_reset clear both the local and overall rc status # rc_exit exit appropriate to overall rc status # rc_active checks whether a service is activated by symlinks . /etc/rc.status FULLNAME="OpenStack Keystone" case "$1" in start) echo -n "Starting $FULLNAME" cd /var/lib/keystone startproc -s -u $USER -t ${STARTUP_TIMEOUT:-5} -q $DAEMON $OPTIONS rc_status -v ;; stop) echo -n "Shutting down $FULLNAME" killproc $DAEMON rc_status -v ;; restart) $0 stop $0 start rc_status ;; reload) ;; status) echo -n "Checking $FULLNAME" /sbin/checkproc $DAEMON rc_status -v ;; condrestart|try-restart) $0 status if test $? = 0; then $0 restart else rc_reset # Not running is not a failure. fi # Remember status and be quiet rc_status ;; *) echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart}" exit 2 esac exit $? ++++++ openstack-keystone.logrotate ++++++ /var/log/keystone/*.log { daily missingok su openstack-keystone openstack-keystone } ++++++ openstack-keystone.wsgi ++++++ # # OpenStack Identity (Keystone) WSGI app skeleton # import os from paste import deploy from keystone import config from keystone.common import logging CONF = config.CONF LOG = logging.getLogger(__name__) config_files = ['/etc/keystone/keystone.conf'] CONF(config_files=config_files) config.setup_logging(CONF) app_name = os.path.basename(__file__).rsplit('.')[0] if CONF.debug: CONF.log_opt_values(logging.getLogger(CONF.prog), logging.DEBUG) options = deploy.appconfig('config:%s' % CONF.config_file[0]) application = deploy.loadapp('config:%s' % CONF.config_file[0], name=app_name) ++++++ rpmlintrc ++++++ # This symling is for the -test package and can be ignored: addFilter("dangling-symlink /var/lib/openstack-keystone-test/keystone") # Apache2 config examples ok addFilter("non-conffile-in-etc /etc/apache2/conf.d/openstack-keystone.conf.sample") # We need this to setup the keystone endpoint database tables: addFilter("non-conffile-in-etc /etc/keystone/default_catalog.templates.sample") -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
