commit python-keystoneclient for openSUSE:13.1

Wed, 23 Oct 2013 02:27:49 -0700 

Hello community,

here is the log from the commit of package python-keystoneclient for 
openSUSE:13.1 checked in at 2013-10-23 11:26:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.1/python-keystoneclient (Old)
 and      /work/SRC/openSUSE:13.1/.python-keystoneclient.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "python-keystoneclient"

Changes:
--------
--- /work/SRC/openSUSE:13.1/python-keystoneclient/python-keystoneclient.changes 
2013-10-01 08:29:38.000000000 +0200
+++ 
/work/SRC/openSUSE:13.1/.python-keystoneclient.new/python-keystoneclient.changes
    2013-10-23 11:27:01.000000000 +0200
@@ -1,0 +2,17 @@
+Mon Oct 14 07:45:27 UTC 2013 - [email protected]
+
+- Update to version 0.4.0:
+  + Refactor for testability of an upcoming change
+  + Fix H202 assertRaises Exception
+  + Normalize datetimes to account for tz
+- Set _service to fixed revision (around Havana release)
+- Rebased 0001-Add-workaround-for-OSError-raised-by-Popen.communica.patch
+
+-------------------------------------------------------------------
+Mon Oct  7 11:10:58 UTC 2013 - [email protected]
+
+- Update to version 0.3.2.82:
+  + Log user info in auth_token middleware
+  + Add auth_uri in conf to avoid unnecessary warning
+
+-------------------------------------------------------------------

Old:
----
  python-keystoneclient-master.tar.gz

New:
----
  python-keystoneclient-0.4.0.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-keystoneclient.spec ++++++
--- /var/tmp/diff_new_pack.4hAbRC/_old  2013-10-23 11:27:01.000000000 +0200
+++ /var/tmp/diff_new_pack.4hAbRC/_new  2013-10-23 11:27:01.000000000 +0200
@@ -19,13 +19,13 @@
 %define component keystoneclient
 
 Name:           python-%{component}
-Version:        0.3.2.78
+Version:        0.4.0
 Release:        0
 Summary:        Openstack Identity (Keystone) API Client
 License:        Apache-2.0
 Group:          Development/Languages/Python
 Url:            http://launchpad.net/python-keystoneclient
-Source:         python-keystoneclient-master.tar.gz
+Source:         python-keystoneclient-0.4.0.tar.gz
 Source2:        openstack-keystone.sh
 Patch0:         0001-Add-workaround-for-OSError-raised-by-Popen.communica.patch
 Patch1:         0001-Make-ROOTDIR-determination-more-robust.patch
@@ -99,7 +99,7 @@
 This package contains testsuite files for %{name}.
 
 %prep
-%setup -q -n python-keystoneclient-0.3.2.78.gbaa9490
+%setup -q -n python-keystoneclient-0.4.0
 %patch0 -p1
 %patch1 -p1
 %openstack_cleanup_prep

++++++ 0001-Add-workaround-for-OSError-raised-by-Popen.communica.patch ++++++
--- /var/tmp/diff_new_pack.4hAbRC/_old  2013-10-23 11:27:01.000000000 +0200
+++ /var/tmp/diff_new_pack.4hAbRC/_new  2013-10-23 11:27:01.000000000 +0200
@@ -1,33 +1,7 @@
-From 52c34736056bf13f51c9a167fb29214a300c41f2 Mon Sep 17 00:00:00 2001
-From: Dirk Mueller <[email protected]>
-Date: Thu, 20 Jun 2013 18:49:26 +0200
-Subject: [PATCH] Add workaround for OSError raised by Popen.communicate()
-
-Python 2.6 can raise OSError when too much data is
-written to STDIN and the process died prematurely.
-
-In the case of keystoneclient this happens during
-the first cms_verify() call of a process. The calling
-logic expects a useful error message in order to
-refetches CA or singing CERT, which is missing in the
-case of an OSError. So just fake it instead.
-
-Add basic unit tests to cover all of the public methods from
-keystone.common.cms, raising test coverage to 77%. Add
-unit test for this specific bug (test_cms_verify_token_no_oserror).
-
-Change-Id: I6e650ab9494c605b4e41c78c87a9505e09d5fc29
----
- keystoneclient/common/cms.py                       | 42 +++++++++++--
- keystoneclient/tests/client_fixtures.py            | 14 ++++-
- keystoneclient/tests/test_auth_token_middleware.py | 73 ++++++++++++++++++++++
- 3 files changed, 122 insertions(+), 7 deletions(-)
-
-diff --git a/keystoneclient/common/cms.py b/keystoneclient/common/cms.py
-index 8bc24f9..d6a1753 100644
---- a/keystoneclient/common/cms.py
-+++ b/keystoneclient/common/cms.py
-@@ -38,6 +38,36 @@ def _ensure_subprocess():
+diff -ruN a/keystoneclient/common/cms.py b/keystoneclient/common/cms.py
+--- a/keystoneclient/common/cms.py     2013-10-09 21:46:20.000000000 +0200
++++ b/keystoneclient/common/cms.py     2013-10-14 09:52:06.493270055 +0200
+@@ -38,6 +38,36 @@
              import subprocess  # noqa
  
  
@@ -64,7 +38,7 @@
  def cms_verify(formatted, signing_cert_file_name, ca_file_name):
      """Verifies the signature of the contents IAW CMS syntax.
  
-@@ -53,8 +83,10 @@ def cms_verify(formatted, signing_cert_file_name, 
ca_file_name):
+@@ -53,8 +83,10 @@
                                 stdin=subprocess.PIPE,
                                 stdout=subprocess.PIPE,
                                 stderr=subprocess.PIPE)
@@ -77,7 +51,7 @@
      if retcode:
          # Do not log errors, as some happen in the positive thread
          # instead, catch them in the calling code and log them there.
-@@ -150,8 +182,10 @@ def cms_sign_text(text, signing_cert_file_name, 
signing_key_file_name):
+@@ -150,8 +182,10 @@
                                 stdin=subprocess.PIPE,
                                 stdout=subprocess.PIPE,
                                 stderr=subprocess.PIPE)
@@ -90,11 +64,10 @@
      if retcode or "Error" in err:
          LOG.error('Signing error: %s' % err)
          raise subprocess.CalledProcessError(retcode, "openssl")
-diff --git a/keystoneclient/tests/client_fixtures.py 
b/keystoneclient/tests/client_fixtures.py
-index dd1c95f..c17db42 100644
---- a/keystoneclient/tests/client_fixtures.py
-+++ b/keystoneclient/tests/client_fixtures.py
-@@ -26,7 +26,7 @@ CLIENTDIR = 
os.path.dirname(os.path.dirname(os.path.realpath(__file__)))
+diff -ruN a/keystoneclient/tests/client_fixtures.py 
b/keystoneclient/tests/client_fixtures.py
+--- a/keystoneclient/tests/client_fixtures.py  2013-10-09 21:46:20.000000000 
+0200
++++ b/keystoneclient/tests/client_fixtures.py  2013-10-14 09:52:06.109272165 
+0200
+@@ -26,7 +26,7 @@
  ROOTDIR = os.path.dirname(CLIENTDIR)
  CERTDIR = os.path.join(ROOTDIR, 'examples', 'pki', 'certs')
  CMSDIR = os.path.join(ROOTDIR, 'examples', 'pki', 'cms')
@@ -103,7 +76,7 @@
  
  # @TODO(mordred) This should become a testresources resource attached to the
  #                class
-@@ -49,9 +49,17 @@ with open(os.path.join(CMSDIR, 'revocation_list.json')) as 
f:
+@@ -49,9 +49,17 @@
      REVOCATION_LIST = jsonutils.loads(f.read())
  with open(os.path.join(CMSDIR, 'revocation_list.pem')) as f:
      SIGNED_REVOCATION_LIST = jsonutils.dumps({'signed': f.read()})
@@ -123,11 +96,10 @@
      SIGNING_CA = f.read()
  
  UUID_TOKEN_DEFAULT = "ec6c0710ec2f471498484c1b53ab4f9d"
-diff --git a/keystoneclient/tests/test_auth_token_middleware.py 
b/keystoneclient/tests/test_auth_token_middleware.py
-index 06e7609..98271d6 100644
---- a/keystoneclient/tests/test_auth_token_middleware.py
-+++ b/keystoneclient/tests/test_auth_token_middleware.py
-@@ -19,6 +19,7 @@ import iso8601
+diff -ruN a/keystoneclient/tests/test_auth_token_middleware.py 
b/keystoneclient/tests/test_auth_token_middleware.py
+--- a/keystoneclient/tests/test_auth_token_middleware.py       2013-10-09 
21:46:20.000000000 +0200
++++ b/keystoneclient/tests/test_auth_token_middleware.py       2013-10-14 
09:52:46.021052970 +0200
+@@ -20,6 +20,7 @@
  import os
  import shutil
  import stat
@@ -135,12 +107,10 @@
  import sys
  import tempfile
  import testtools
-@@ -1218,3 +1219,75 @@ class TokenEncodingTest(testtools.TestCase):
- 
-     def test_quoted_token(self):
+@@ -1256,6 +1257,78 @@
          self.assertEqual('foo%20bar', auth_token.safe_quote('foo%20bar'))
-+
-+
+ 
+ 
 +class CmsTest(testtools.TestCase):
 +
 +    """Unit tests for the keystoneclient.common.cms module."""
@@ -211,6 +181,8 @@
 +        self.assertTrue(cms.cms_verify(cms_content,
 +                                       client_fixtures.SIGNING_CERT_FILE,
 +                                       client_fixtures.SIGNING_CA_FILE))
--- 
-1.8.4
-
++
++
+ class TokenExpirationTest(BaseAuthTokenMiddlewareTest):
+     def setUp(self):
+         super(TokenExpirationTest, self).setUp()

++++++ _service ++++++
--- /var/tmp/diff_new_pack.4hAbRC/_old  2013-10-23 11:27:02.000000000 +0200
+++ /var/tmp/diff_new_pack.4hAbRC/_new  2013-10-23 11:27:02.000000000 +0200
@@ -1,8 +1,8 @@
 <services>
   <service name="git_tarballs" mode="disabled">
-    <param 
name="url">http://tarballs.openstack.org/python-keystoneclient/python-keystoneclient-master.tar.gz</param>
+    <param 
name="url">http://tarballs.openstack.org/python-keystoneclient/python-keystoneclient-0.4.0.tar.gz</param>
     <param name="email">[email protected]</param>
-    <param name="version-regexp">.*-([^-]+)\.g[a-zA-Z0-9]{7}</param>
+    <!--<param name="version-regexp">.*-([^-]+)\.g[a-zA-Z0-9]{7}</param>-->
     <param name="plain-version">True</param>
   </service>
 </services>

++++++ python-keystoneclient-master.tar.gz -> 
python-keystoneclient-0.4.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/python-keystoneclient-0.3.2.78.gbaa9490/AUTHORS 
new/python-keystoneclient-0.4.0/AUTHORS
--- old/python-keystoneclient-0.3.2.78.gbaa9490/AUTHORS 2013-09-27 
07:56:16.000000000 +0200
+++ new/python-keystoneclient-0.4.0/AUTHORS     2013-10-09 21:47:02.000000000 
+0200
@@ -5,12 +5,14 @@
 Alessio Ababilov <[email protected]>
 Alessio Ababilov <[email protected]>
 Alex Meade <[email protected]>
+AmalaBasha <[email protected]>
 Andy McCrae <[email protected]>
 Anthony Young <[email protected]>
 Bhuvan Arumugam <[email protected]>
 Brian Lamar <[email protected]>
 Brian Waldon <[email protected]>
 Bryan D. Payne <[email protected]>
+Bryan Davidson <[email protected]>
 Carlos D. Garza <[email protected]>
 Chang Bo Guo <[email protected]>
 Charles V Bock <[email protected]>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/python-keystoneclient-0.3.2.78.gbaa9490/ChangeLog 
new/python-keystoneclient-0.4.0/ChangeLog
--- old/python-keystoneclient-0.3.2.78.gbaa9490/ChangeLog       2013-09-27 
07:56:16.000000000 +0200
+++ new/python-keystoneclient-0.4.0/ChangeLog   2013-10-09 21:47:02.000000000 
+0200
@@ -1,3 +1,99 @@
+commit 4ae816bbfff7eb3d3bbe63f4e47e40dcb0b9c031
+Merge: 102b867 93793cb
+Author: Jenkins <[email protected]>
+Date:   Wed Oct 9 17:23:18 2013 +0000
+
+    Merge "Normalize datetimes to account for tz"
+
+commit 102b8677fd787998cc28809d56a7319832abb557
+Merge: e9fb6c7 8a036c3
+Author: Jenkins <[email protected]>
+Date:   Wed Oct 9 16:00:36 2013 +0000
+
+    Merge "Fix H202 assertRaises Exception"
+
+commit 93793cb3963d5d001cb51e3452d2226230a72986
+Author: Bryan Davidson <[email protected]>
+Date:   Fri Aug 30 13:38:37 2013 -0400
+
+    Normalize datetimes to account for tz
+    
+    This patch makes sure that datetimes in the auth_token middleware
+    are normalized to account for timezone offsets.
+    
+    Some of the old tests were changed to ensure that the expires string
+    stored in the cache is in ISO 8601 format and not a random float.
+    
+    Fixes bug 1195924
+    
+    Change-Id: I5917ab728193cd2aa8784c4860a96cdc17f3d43f
+
+commit e9fb6c7c8f5e37a5b94141bcd5b94fcacf41c075
+Merge: 0341f93 a2e7b17
+Author: Jenkins <[email protected]>
+Date:   Mon Oct 7 17:17:57 2013 +0000
+
+    Merge "Refactor for testability of an upcoming change"
+
+commit 0341f933caf91a522dffe42a5092c1e4a7925adb
+Merge: e170955 2dc3d81
+Author: Jenkins <[email protected]>
+Date:   Fri Oct 4 15:53:17 2013 +0000
+
+    Merge "Add auth_uri in conf to avoid unnecessary warning"
+
+commit 8a036c3f76f0d0ae4cb4c57f902a5e6b90baa9c9
+Author: Kui Shi <[email protected]>
+Date:   Fri Oct 4 16:54:03 2013 +0800
+
+    Fix H202 assertRaises Exception
+    
+    Align the hacking version between test-requirement and global requirement.
+    
+    The change of H202 detection from 0.6 to 0.7 in hacking is:
+    
+    -    if logical_line.startswith("self.assertRaises(Exception)"):
+    +    if logical_line.startswith("self.assertRaises(Exception,"):
+    
+    then more cases are detected by this change. Fix the exposed H202 error.
+    
+    There is a special test case:
+    tests/v3/test_endpoints.py:test_update_invalid_interface
+    
+    ref = self.new_ref(interface=uuid.uuid4().hex)
+    
+    this line can not generate proper parameter for self.manager.update,
+    add a parameter "endpoint" for it, according to the
+    definition in keystoneclient/v3/endpoints.py:EndpointManager.update.
+    
+    Otherwise, there will be following error after changing the Exception
+    to exceptions.ValidationError:
+    TypeError: update() takes at least 2 arguments (6 given)
+    
+    Fixes Bug #1220008
+    
+    Change-Id: I8f7ed7a6eebf8576a6db5fecd86b9d19a15c8d60
+
+commit e170955d6de5cbf521d54105bdefaf606ccdb356
+Merge: baa9490 d40a9f4
+Author: Jenkins <[email protected]>
+Date:   Wed Oct 2 22:33:40 2013 +0000
+
+    Merge "Log user info in auth_token middleware"
+
+commit a2e7b17810ed34719dc101f93dc480e2f9fdce6e
+Author: Bryan Davidson <[email protected]>
+Date:   Fri Aug 30 12:31:12 2013 -0400
+
+    Refactor for testability of an upcoming change
+    
+    confirm_token_not_expired() in keystoneclient/middleware/auth_token.py has
+    been moved out of the class to make it a function and be more testable.
+    Currently, there is no need to keep it within the class. An upcoming
+    commit makes fixes that rely on this refactor to be tested.
+    
+    Change-Id: I8460a2ee663dec8be0f339735208779a3b988040
+
 commit baa949017a42368ec1e92e49490086364befe5da
 Author: Chang Bo Guo <[email protected]>
 Date:   Tue Sep 17 08:41:51 2013 -0700
@@ -11,6 +107,20 @@
     
     Change-Id: I678b2e7fcc522c8776c7fc0a554c1fc229ab781e
 
+commit 2dc3d81031ad6ebafcd00a095e18a80dfe271674
+Author: ZhiQiang Fan <[email protected]>
+Date:   Mon Sep 2 02:21:55 2013 +0800
+
+    Add auth_uri in conf to avoid unnecessary warning
+    
+    Unittest code for auth_token.py doesn't specify auth_uri in conf,
+    which will cause lots of warnings, since auth_token.py will use
+    '%(protocol)s://%(host)s:%(port)s' to generate auth_uri when it is
+    None, we can specify this value directly to avoid unnecessary warnings.
+    
+    Closes-Bug: #1219493
+    Change-Id: I26b636bcddabd91b06479c6a42a6a48d74ac9431
+
 commit 5588abdf8a8242fbce6a8f41e0a59c1ad0f6f925
 Merge: d9a874f 0a18d8b
 Author: Jenkins <[email protected]>
@@ -199,6 +309,19 @@
     
     Change-Id: I226881a35a74ef668d4cd1c6829a64c94ff185d9
 
+commit d40a9f4f6e10feb806d2ee4dd6266c948e7e6645
+Author: AmalaBasha <[email protected]>
+Date:   Tue Sep 3 15:51:59 2013 +0530
+
+    Log user info in auth_token middleware
+    
+    Add logging for user information (like user name, tenant_id, roles) in
+    the auth_token middleware. This would make tracking down issues much
+    easier.
+    
+    Change-Id: Ife4ce29d2f8e1a338a025dda4afbd7b563f6b8c1
+    Implements: blueprint user-info-logging-in-auth-token-middleware
+
 commit 86c4c2d57b44675f3d8ee2a78be29eed43096e24
 Merge: 661d6cf 51b09af
 Author: Jenkins <[email protected]>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/python-keystoneclient-0.3.2.78.gbaa9490/PKG-INFO 
new/python-keystoneclient-0.4.0/PKG-INFO
--- old/python-keystoneclient-0.3.2.78.gbaa9490/PKG-INFO        2013-09-27 
07:56:16.000000000 +0200
+++ new/python-keystoneclient-0.4.0/PKG-INFO    2013-10-09 21:47:03.000000000 
+0200
@@ -1,6 +1,6 @@
 Metadata-Version: 1.1
 Name: python-keystoneclient
-Version: 0.3.2.78.gbaa9490
+Version: 0.4.0
 Summary: Client Library for OpenStack Identity
 Home-page: http://www.openstack.org/
 Author: OpenStack
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/python-keystoneclient-0.3.2.78.gbaa9490/keystoneclient/middleware/auth_token.py
 new/python-keystoneclient-0.4.0/keystoneclient/middleware/auth_token.py
--- 
old/python-keystoneclient-0.3.2.78.gbaa9490/keystoneclient/middleware/auth_token.py
 2013-09-27 07:55:35.000000000 +0200
+++ new/python-keystoneclient-0.4.0/keystoneclient/middleware/auth_token.py     
2013-10-09 21:46:20.000000000 +0200
@@ -309,6 +309,31 @@
     return expiry < soon
 
 
+def _token_is_v2(token_info):
+    return ('access' in token_info)
+
+
+def _token_is_v3(token_info):
+    return ('token' in token_info)
+
+
+def confirm_token_not_expired(data):
+    if not data:
+        raise InvalidUserToken('Token authorization failed')
+    if _token_is_v2(data):
+        timestamp = data['access']['token']['expires']
+    elif _token_is_v3(data):
+        timestamp = data['token']['expires_at']
+    else:
+        raise InvalidUserToken('Token authorization failed')
+    expires = timeutils.parse_isotime(timestamp)
+    expires = timeutils.normalize_time(expires)
+    utcnow = timeutils.utcnow()
+    if utcnow >= expires:
+        raise InvalidUserToken('Token authorization failed')
+    return timeutils.isotime(at=expires, subsecond=True)
+
+
 def safe_quote(s):
     """URL-encode strings that are not already URL-encoded."""
     return urllib.quote(s) if s == urllib.unquote(s) else s
@@ -439,11 +464,12 @@
     def _assert_valid_memcache_protection_config(self):
         if self._memcache_security_strategy:
             if self._memcache_security_strategy not in ('MAC', 'ENCRYPT'):
-                raise Exception('memcache_security_strategy must be '
-                                'ENCRYPT or MAC')
+                raise ConfigurationError('memcache_security_strategy must be '
+                                         'ENCRYPT or MAC')
             if not self._memcache_secret_key:
-                raise Exception('mecmache_secret_key must be defined when '
-                                'a memcache_security_strategy is defined')
+                raise ConfigurationError('mecmache_secret_key must be defined '
+                                         'when a memcache_security_strategy '
+                                         'is defined')
 
     def _init_cache(self, env):
         cache = self._conf_get('cache')
@@ -783,7 +809,7 @@
                 data = jsonutils.loads(verified)
             else:
                 data = self.verify_uuid_token(user_token, retry)
-            expires = self._confirm_token_not_expired(data)
+            expires = confirm_token_not_expired(data)
             self._cache_put(token_id, data, expires)
             return data
         except NetworkError:
@@ -797,12 +823,6 @@
             self.LOG.warn("Authorization failed for token %s", token_id)
             raise InvalidUserToken('Token authorization failed')
 
-    def _token_is_v2(self, token_info):
-        return ('access' in token_info)
-
-    def _token_is_v3(self, token_info):
-        return ('token' in token_info)
-
     def _build_user_headers(self, token_info):
         """Convert token object into headers.
 
@@ -846,7 +866,7 @@
         project_domain_id = None
         project_domain_name = None
 
-        if self._token_is_v2(token_info):
+        if _token_is_v2(token_info):
             user = token_info['access']['user']
             token = token_info['access']['token']
             roles = ','.join([role['name'] for role in user.get('roles', [])])
@@ -898,6 +918,9 @@
             'X-Role': roles,
         }
 
+        self.LOG.debug("Received request from user: %s with project_id : %s"
+                       " and roles: %s ", user_id, project_id, roles)
+
         try:
             catalog = catalog_root[catalog_key]
             rval['X-Service-Catalog'] = jsonutils.dumps(catalog)
@@ -978,7 +1001,18 @@
                 raise InvalidUserToken('Token authorization failed')
 
             data, expires = cached
-            if ignore_expires or time.time() < float(expires):
+
+            try:
+                expires = timeutils.parse_isotime(expires)
+            except ValueError:
+                # Gracefully handle upgrade of expiration times from *nix
+                # timestamps to ISO 8601 formatted dates by ignoring old cached
+                # values.
+                return
+
+            expires = timeutils.normalize_time(expires)
+            utcnow = timeutils.utcnow()
+            if ignore_expires or utcnow < expires:
                 self.LOG.debug('Returning cached token %s', token_id)
                 return data
             else:
@@ -1016,21 +1050,6 @@
                             data_to_store,
                             timeout=self.token_cache_time)
 
-    def _confirm_token_not_expired(self, data):
-        if not data:
-            raise InvalidUserToken('Token authorization failed')
-        if self._token_is_v2(data):
-            timestamp = data['access']['token']['expires']
-        elif self._token_is_v3(data):
-            timestamp = data['token']['expires_at']
-        else:
-            raise InvalidUserToken('Token authorization failed')
-        expires = timeutils.parse_isotime(timestamp).strftime('%s')
-        if time.time() >= float(expires):
-            self.LOG.debug('Token expired a %s', timestamp)
-            raise InvalidUserToken('Token authorization failed')
-        return expires
-
     def _cache_put(self, token_id, data, expires):
         """Put token data into the cache.
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/python-keystoneclient-0.3.2.78.gbaa9490/keystoneclient/tests/test_auth_token_middleware.py
 
new/python-keystoneclient-0.4.0/keystoneclient/tests/test_auth_token_middleware.py
--- 
old/python-keystoneclient-0.3.2.78.gbaa9490/keystoneclient/tests/test_auth_token_middleware.py
      2013-09-27 07:55:35.000000000 +0200
+++ 
new/python-keystoneclient-0.4.0/keystoneclient/tests/test_auth_token_middleware.py
  2013-10-09 21:46:20.000000000 +0200
@@ -14,6 +14,7 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+import calendar
 import datetime
 import iso8601
 import os
@@ -212,7 +213,8 @@
             'auth_protocol': 'https',
             'auth_admin_prefix': '/testadmin',
             'signing_dir': client_fixtures.CERTDIR,
-            'auth_version': auth_version
+            'auth_version': auth_version,
+            'auth_uri': 'https://keystone.example.com:1234',
         }
 
         self.response_status = None
@@ -374,6 +376,7 @@
             'auth_host': 'keystone.example.com',
             'auth_port': 1234,
             'memcached_servers': 'localhost:11211',
+            'auth_uri': 'https://keystone.example.com:1234',
         }
 
         auth_token.AuthProtocol(FakeApp(), conf)
@@ -402,6 +405,7 @@
             'auth_host': '2001:2013:1:f101::1',
             'auth_port': 1234,
             'auth_protocol': 'http',
+            'auth_uri': None,
         }
         self.set_middleware(conf=conf)
         expected_auth_uri = 'http://[2001:2013:1:f101::1]:1234'
@@ -701,6 +705,26 @@
             seconds=40)
         self.assertFalse(auth_token.will_expire_soon(fortyseconds))
 
+    def test_token_is_v2_accepts_v2(self):
+        token = client_fixtures.UUID_TOKEN_DEFAULT
+        token_response = client_fixtures.TOKEN_RESPONSES[token]
+        self.assertTrue(auth_token._token_is_v2(token_response))
+
+    def test_token_is_v2_rejects_v3(self):
+        token = client_fixtures.v3_UUID_TOKEN_DEFAULT
+        token_response = client_fixtures.TOKEN_RESPONSES[token]
+        self.assertFalse(auth_token._token_is_v2(token_response))
+
+    def test_token_is_v3_rejects_v2(self):
+        token = client_fixtures.UUID_TOKEN_DEFAULT
+        token_response = client_fixtures.TOKEN_RESPONSES[token]
+        self.assertFalse(auth_token._token_is_v3(token_response))
+
+    def test_token_is_v3_accepts_v3(self):
+        token = client_fixtures.v3_UUID_TOKEN_DEFAULT
+        token_response = client_fixtures.TOKEN_RESPONSES[token]
+        self.assertTrue(auth_token._token_is_v3(token_response))
+
     def test_encrypt_cache_data(self):
         httpretty.disable()
         conf = {
@@ -710,7 +734,9 @@
         }
         self.set_middleware(conf=conf)
         token = 'my_token'
-        data = ('this_data', 10e100)
+        some_time_later = timeutils.utcnow() + datetime.timedelta(hours=4)
+        expires = timeutils.strtime(some_time_later)
+        data = ('this_data', expires)
         self.middleware._init_cache({})
         self.middleware._cache_store(token, data)
         self.assertEqual(self.middleware._cache_get(token), data[0])
@@ -724,7 +750,9 @@
         }
         self.set_middleware(conf=conf)
         token = 'my_token'
-        data = ('this_data', 10e100)
+        some_time_later = timeutils.utcnow() + datetime.timedelta(hours=4)
+        expires = timeutils.strtime(some_time_later)
+        data = ('this_data', expires)
         self.middleware._init_cache({})
         self.middleware._cache_store(token, data)
         self.assertEqual(self.middleware._cache_get(token), data[0])
@@ -737,7 +765,9 @@
         }
         self.set_middleware(conf=conf)
         token = 'my_token'
-        data = ('this_data', 10e100)
+        some_time_later = timeutils.utcnow() + datetime.timedelta(hours=4)
+        expires = timeutils.strtime(some_time_later)
+        data = ('this_data', expires)
         self.middleware._init_cache({})
         self.middleware._cache_store(token, data)
         self.assertEqual(self.middleware._cache_get(token), data[0])
@@ -748,35 +778,41 @@
             'memcached_servers': ['localhost:11211'],
             'memcache_security_strategy': 'Encrypt'
         }
-        self.assertRaises(Exception, self.set_middleware, conf=conf)
+        self.assertRaises(auth_token.ConfigurationError, self.set_middleware,
+                          conf=conf)
         # test invalue memcache_security_strategy
         conf = {
             'memcached_servers': ['localhost:11211'],
             'memcache_security_strategy': 'whatever'
         }
-        self.assertRaises(Exception, self.set_middleware, conf=conf)
+        self.assertRaises(auth_token.ConfigurationError, self.set_middleware,
+                          conf=conf)
         # test missing memcache_secret_key
         conf = {
             'memcached_servers': ['localhost:11211'],
             'memcache_security_strategy': 'mac'
         }
-        self.assertRaises(Exception, self.set_middleware, conf=conf)
+        self.assertRaises(auth_token.ConfigurationError, self.set_middleware,
+                          conf=conf)
         conf = {
             'memcached_servers': ['localhost:11211'],
             'memcache_security_strategy': 'Encrypt',
             'memcache_secret_key': ''
         }
-        self.assertRaises(Exception, self.set_middleware, conf=conf)
+        self.assertRaises(auth_token.ConfigurationError, self.set_middleware,
+                          conf=conf)
         conf = {
             'memcached_servers': ['localhost:11211'],
             'memcache_security_strategy': 'mAc',
             'memcache_secret_key': ''
         }
-        self.assertRaises(Exception, self.set_middleware, conf=conf)
+        self.assertRaises(auth_token.ConfigurationError, self.set_middleware,
+                          conf=conf)
 
     def test_config_revocation_cache_timeout(self):
         conf = {
-            'revocation_cache_time': 24
+            'revocation_cache_time': 24,
+            'auth_uri': 'https://keystone.example.com:1234',
         }
         middleware = auth_token.AuthProtocol(self.fake_app, conf)
         self.assertEquals(middleware.token_revocation_list_cache_timeout,
@@ -1218,3 +1254,212 @@
 
     def test_quoted_token(self):
         self.assertEqual('foo%20bar', auth_token.safe_quote('foo%20bar'))
+
+
+class TokenExpirationTest(BaseAuthTokenMiddlewareTest):
+    def setUp(self):
+        super(TokenExpirationTest, self).setUp()
+        timeutils.set_time_override()
+        self.now = timeutils.utcnow()
+        self.delta = datetime.timedelta(hours=1)
+        self.one_hour_ago = timeutils.isotime(self.now - self.delta,
+                                              subsecond=True)
+        self.one_hour_earlier = timeutils.isotime(self.now + self.delta,
+                                                  subsecond=True)
+
+    def tearDown(self):
+        super(TokenExpirationTest, self).tearDown()
+        timeutils.clear_time_override()
+
+    def create_v2_token_fixture(self, expires=None):
+        v2_fixture = {
+            'access': {
+                'token': {
+                    'id': 'blah',
+                    'expires': expires or self.one_hour_earlier,
+                    'tenant': {
+                        'id': 'tenant_id1',
+                        'name': 'tenant_name1',
+                    },
+                },
+                'user': {
+                    'id': 'user_id1',
+                    'name': 'user_name1',
+                    'roles': [
+                        {'name': 'role1'},
+                        {'name': 'role2'},
+                    ],
+                },
+                'serviceCatalog': {}
+            },
+        }
+
+        return v2_fixture
+
+    def create_v3_token_fixture(self, expires=None):
+
+        v3_fixture = {
+            'token': {
+                'expires_at': expires or self.one_hour_earlier,
+                'user': {
+                    'id': 'user_id1',
+                    'name': 'user_name1',
+                    'domain': {
+                        'id': 'domain_id1',
+                        'name': 'domain_name1'
+                    }
+                },
+                'project': {
+                    'id': 'tenant_id1',
+                    'name': 'tenant_name1',
+                    'domain': {
+                        'id': 'domain_id1',
+                        'name': 'domain_name1'
+                    }
+                },
+                'roles': [
+                    {'name': 'role1', 'id': 'Role1'},
+                    {'name': 'role2', 'id': 'Role2'},
+                ],
+                'catalog': {}
+            }
+        }
+
+        return v3_fixture
+
+    def test_no_data(self):
+        data = {}
+        self.assertRaises(auth_token.InvalidUserToken,
+                          auth_token.confirm_token_not_expired,
+                          data)
+
+    def test_bad_data(self):
+        data = {'my_happy_token_dict': 'woo'}
+        self.assertRaises(auth_token.InvalidUserToken,
+                          auth_token.confirm_token_not_expired,
+                          data)
+
+    def test_v2_token_not_expired(self):
+        data = self.create_v2_token_fixture()
+        expected_expires = data['access']['token']['expires']
+        actual_expires = auth_token.confirm_token_not_expired(data)
+        self.assertEqual(actual_expires, expected_expires)
+
+    def test_v2_token_expired(self):
+        data = self.create_v2_token_fixture(expires=self.one_hour_ago)
+        self.assertRaises(auth_token.InvalidUserToken,
+                          auth_token.confirm_token_not_expired,
+                          data)
+
+    def test_v2_token_with_timezone_offset_not_expired(self):
+        current_time = timeutils.parse_isotime('2000-01-01T00:01:10.000123Z')
+        current_time = timeutils.normalize_time(current_time)
+        timeutils.set_time_override(current_time)
+        data = self.create_v2_token_fixture(
+            expires='2000-01-01T00:05:10.000123-05:00')
+        expected_expires = '2000-01-01T05:05:10.000123Z'
+        actual_expires = auth_token.confirm_token_not_expired(data)
+        self.assertEqual(actual_expires, expected_expires)
+
+    def test_v2_token_with_timezone_offset_expired(self):
+        current_time = timeutils.parse_isotime('2000-01-01T00:01:10.000123Z')
+        current_time = timeutils.normalize_time(current_time)
+        timeutils.set_time_override(current_time)
+        data = self.create_v2_token_fixture(
+            expires='2000-01-01T00:05:10.000123+05:00')
+        data['access']['token']['expires'] = '2000-01-01T00:05:10.000123+05:00'
+        self.assertRaises(auth_token.InvalidUserToken,
+                          auth_token.confirm_token_not_expired,
+                          data)
+
+    def test_v3_token_not_expired(self):
+        data = self.create_v3_token_fixture()
+        expected_expires = data['token']['expires_at']
+        actual_expires = auth_token.confirm_token_not_expired(data)
+        self.assertEqual(actual_expires, expected_expires)
+
+    def test_v3_token_expired(self):
+        data = self.create_v3_token_fixture(expires=self.one_hour_ago)
+        self.assertRaises(auth_token.InvalidUserToken,
+                          auth_token.confirm_token_not_expired,
+                          data)
+
+    def test_v3_token_with_timezone_offset_not_expired(self):
+        current_time = timeutils.parse_isotime('2000-01-01T00:01:10.000123Z')
+        current_time = timeutils.normalize_time(current_time)
+        timeutils.set_time_override(current_time)
+        data = self.create_v3_token_fixture(
+            expires='2000-01-01T00:05:10.000123-05:00')
+        expected_expires = '2000-01-01T05:05:10.000123Z'
+
+        actual_expires = auth_token.confirm_token_not_expired(data)
+        self.assertEqual(actual_expires, expected_expires)
+
+    def test_v3_token_with_timezone_offset_expired(self):
+        current_time = timeutils.parse_isotime('2000-01-01T00:01:10.000123Z')
+        current_time = timeutils.normalize_time(current_time)
+        timeutils.set_time_override(current_time)
+        data = self.create_v3_token_fixture(
+            expires='2000-01-01T00:05:10.000123+05:00')
+        self.assertRaises(auth_token.InvalidUserToken,
+                          auth_token.confirm_token_not_expired,
+                          data)
+
+    def test_cached_token_not_expired(self):
+        token = 'mytoken'
+        data = 'this_data'
+        self.set_middleware()
+        self.middleware._init_cache({})
+        some_time_later = timeutils.strtime(at=(self.now + self.delta))
+        expires = some_time_later
+        self.middleware._cache_put(token, data, expires)
+        self.assertEqual(self.middleware._cache_get(token), data)
+
+    def test_cached_token_not_expired_with_old_style_nix_timestamp(self):
+        """Ensure we cannot retrieve a token from the cache.
+
+        Getting a token from the cache should return None when the token data
+        in the cache stores the expires time as a *nix style timestamp.
+
+        """
+        token = 'mytoken'
+        data = 'this_data'
+        self.set_middleware()
+        self.middleware._init_cache({})
+        some_time_later = self.now + self.delta
+        # Store a unix timestamp in the cache.
+        expires = calendar.timegm(some_time_later.timetuple())
+        self.middleware._cache_put(token, data, expires)
+        self.assertIsNone(self.middleware._cache_get(token))
+
+    def test_cached_token_expired(self):
+        token = 'mytoken'
+        data = 'this_data'
+        self.set_middleware()
+        self.middleware._init_cache({})
+        some_time_earlier = timeutils.strtime(at=(self.now - self.delta))
+        expires = some_time_earlier
+        self.middleware._cache_put(token, data, expires)
+        self.assertIsNone(self.middleware._cache_get(token))
+
+    def test_cached_token_with_timezone_offset_not_expired(self):
+        token = 'mytoken'
+        data = 'this_data'
+        self.set_middleware()
+        self.middleware._init_cache({})
+        timezone_offset = datetime.timedelta(hours=2)
+        some_time_later = self.now - timezone_offset + self.delta
+        expires = timeutils.strtime(some_time_later) + '-02:00'
+        self.middleware._cache_put(token, data, expires)
+        self.assertEqual(self.middleware._cache_get(token), data)
+
+    def test_cached_token_with_timezone_offset_expired(self):
+        token = 'mytoken'
+        data = 'this_data'
+        self.set_middleware()
+        self.middleware._init_cache({})
+        timezone_offset = datetime.timedelta(hours=2)
+        some_time_earlier = self.now - timezone_offset - self.delta
+        expires = timeutils.strtime(some_time_earlier) + '-02:00'
+        self.middleware._cache_put(token, data, expires)
+        self.assertIsNone(self.middleware._cache_get(token))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/python-keystoneclient-0.3.2.78.gbaa9490/keystoneclient/tests/v3/test_endpoints.py
 new/python-keystoneclient-0.4.0/keystoneclient/tests/v3/test_endpoints.py
--- 
old/python-keystoneclient-0.3.2.78.gbaa9490/keystoneclient/tests/v3/test_endpoints.py
       2013-09-27 07:55:35.000000000 +0200
+++ new/python-keystoneclient-0.4.0/keystoneclient/tests/v3/test_endpoints.py   
2013-10-09 21:46:20.000000000 +0200
@@ -14,6 +14,7 @@
 
 import uuid
 
+from keystoneclient import exceptions
 from keystoneclient.tests.v3 import utils
 from keystoneclient.v3 import endpoints
 
@@ -49,7 +50,7 @@
 
     def test_create_invalid_interface(self):
         ref = self.new_ref(interface=uuid.uuid4().hex)
-        self.assertRaises(Exception, self.manager.create,
+        self.assertRaises(exceptions.ValidationError, self.manager.create,
                           **utils.parameterize(ref))
 
     def test_update_public_interface(self):
@@ -66,7 +67,8 @@
 
     def test_update_invalid_interface(self):
         ref = self.new_ref(interface=uuid.uuid4().hex)
-        self.assertRaises(Exception, self.manager.update,
+        ref['endpoint'] = "fake_endpoint"
+        self.assertRaises(exceptions.ValidationError, self.manager.update,
                           **utils.parameterize(ref))
 
     def test_list_public_interface(self):
@@ -87,5 +89,5 @@
     def test_list_invalid_interface(self):
         interface = uuid.uuid4().hex
         expected_path = 'v3/%s?interface=%s' % (self.collection_key, interface)
-        self.assertRaises(Exception, self.manager.list,
+        self.assertRaises(exceptions.ValidationError, self.manager.list,
                           expected_path=expected_path, interface=interface)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/python-keystoneclient-0.3.2.78.gbaa9490/keystoneclient/v3/endpoints.py 
new/python-keystoneclient-0.4.0/keystoneclient/v3/endpoints.py
--- old/python-keystoneclient-0.3.2.78.gbaa9490/keystoneclient/v3/endpoints.py  
2013-09-27 07:55:35.000000000 +0200
+++ new/python-keystoneclient-0.4.0/keystoneclient/v3/endpoints.py      
2013-10-09 21:46:20.000000000 +0200
@@ -15,6 +15,7 @@
 #    under the License.
 
 from keystoneclient import base
+from keystoneclient import exceptions
 
 
 VALID_INTERFACES = ['public', 'admin', 'internal']
@@ -45,7 +46,7 @@
         if interface is not None and interface not in VALID_INTERFACES:
             msg = '"interface" must be one of: %s'
             msg = msg % ', '.join(VALID_INTERFACES)
-            raise Exception(msg)
+            raise exceptions.ValidationError(msg)
 
     def create(self, service, url, interface=None, region=None, enabled=True,
                **kwargs):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/python-keystoneclient-0.3.2.78.gbaa9490/python_keystoneclient.egg-info/PKG-INFO
 new/python-keystoneclient-0.4.0/python_keystoneclient.egg-info/PKG-INFO
--- 
old/python-keystoneclient-0.3.2.78.gbaa9490/python_keystoneclient.egg-info/PKG-INFO
 2013-09-27 07:56:16.000000000 +0200
+++ new/python-keystoneclient-0.4.0/python_keystoneclient.egg-info/PKG-INFO     
2013-10-09 21:47:02.000000000 +0200
@@ -1,6 +1,6 @@
 Metadata-Version: 1.1
 Name: python-keystoneclient
-Version: 0.3.2.78.gbaa9490
+Version: 0.4.0
 Summary: Client Library for OpenStack Identity
 Home-page: http://www.openstack.org/
 Author: OpenStack
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/python-keystoneclient-0.3.2.78.gbaa9490/tox.ini 
new/python-keystoneclient-0.4.0/tox.ini
--- old/python-keystoneclient-0.3.2.78.gbaa9490/tox.ini 2013-09-27 
07:55:35.000000000 +0200
+++ new/python-keystoneclient-0.4.0/tox.ini     2013-10-09 21:46:20.000000000 
+0200
@@ -27,9 +27,8 @@
 downloadcache = ~/cache/pip
 
 [flake8]
-# H202: assertRaises Exception too broad
 # F821: undefined name
 # H304: no relative imports
-ignore = F821,H202,H304
+ignore = F821,H304
 show-source = True
 exclude = .venv,.tox,dist,doc,*egg,build

-- 
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to