Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-keystoneauth1 for
openSUSE:Factory checked in at 2024-05-03 19:45:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-keystoneauth1 (Old)
and /work/SRC/openSUSE:Factory/.python-keystoneauth1.new.1880 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-keystoneauth1"
Fri May 3 19:45:28 2024 rev:19 rq:1171461 version:5.6.0
Changes:
--------
---
/work/SRC/openSUSE:Factory/python-keystoneauth1/python-keystoneauth1.changes
2023-07-27 16:51:08.941929708 +0200
+++
/work/SRC/openSUSE:Factory/.python-keystoneauth1.new.1880/python-keystoneauth1.changes
2024-05-03 19:45:45.363482666 +0200
@@ -1,0 +2,20 @@
+Thu May 2 22:06:33 UTC 2024 - [email protected]
+
+- update to version 5.6.0
+ - Update python classifier in setup.cfg
+ - Add doc of OAuth2.0 Client Credentials Grant Flow
+ - Support PKCE with v3oidcdeviceauthz
+ - Allow setting retriable status codes for Adapter via configuration options
+ - Keep request-id at redirect
+ - Update master for stable/2023.2
+ - Drop parameters when connecting to a redirected endpoint
+ - Add project URLs from README as packaging metadata
+ - Bump bandit
+ - Fix "dictionary changed size during iteration"
+ - Bump hacking, other flake8 plugins
+ - Change retries log level to warning instead of info
+ - Remove dependency on oslo_config
+ - reno: Update master for unmaintained/yoga
+ - Add doc of OAuth 2.0 Mutual-TLS Authenticate
+
+-------------------------------------------------------------------
Old:
----
keystoneauth1-5.2.1.tar.gz
New:
----
keystoneauth1-5.6.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-keystoneauth1.spec ++++++
--- /var/tmp/diff_new_pack.JQRQQQ/_old 2024-05-03 19:45:45.919502880 +0200
+++ /var/tmp/diff_new_pack.JQRQQQ/_new 2024-05-03 19:45:45.919502880 +0200
@@ -1,7 +1,7 @@
#
# spec file for package python-keystoneauth1
#
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,13 +17,13 @@
Name: python-keystoneauth1
-Version: 5.2.1
+Version: 5.6.0
Release: 0
Summary: OpenStack authenticating tools
License: Apache-2.0
Group: Development/Languages/Python
URL: https://docs.openstack.org/keystoneauth
-Source0:
https://files.pythonhosted.org/packages/source/k/keystoneauth1/keystoneauth1-5.2.1.tar.gz
+Source0:
https://files.pythonhosted.org/packages/source/k/keystoneauth1/keystoneauth1-5.6.0.tar.gz
BuildRequires: openstack-macros
BuildRequires: python3-PyYAML
BuildRequires: python3-betamax
@@ -41,6 +41,7 @@
BuildRequires: python3-stestr
BuildRequires: python3-testresources
BuildRequires: python3-testtools
+BuildRequires: python3-urllib3 < 2
BuildArch: noarch
%description
++++++ _service ++++++
--- /var/tmp/diff_new_pack.JQRQQQ/_old 2024-05-03 19:45:45.955504189 +0200
+++ /var/tmp/diff_new_pack.JQRQQQ/_new 2024-05-03 19:45:45.959504334 +0200
@@ -1,13 +1,13 @@
<services>
- <service mode="disabled" name="renderspec">
+ <service mode="manual" name="renderspec">
<param
name="input-template">https://opendev.org/openstack/rpm-packaging/raw/master/openstack/keystoneauth1/keystoneauth1.spec.j2</param>
<param name="output-name">python-keystoneauth1.spec</param>
<param
name="requirements">https://opendev.org/openstack/keystoneauth/raw/master/requirements.txt</param>
<param name="changelog-email">[email protected]</param>
<param name="changelog-provider">gh,openstack,keystoneauth</param>
</service>
- <service mode="disabled" name="download_files">
+ <service mode="manual" name="download_files">
</service>
- <service name="format_spec_file" mode="disabled"/>
+ <service name="format_spec_file" mode="manual"/>
</services>
++++++ keystoneauth1-5.2.1.tar.gz -> keystoneauth1-5.6.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-5.2.1/AUTHORS
new/keystoneauth1-5.6.0/AUTHORS
--- old/keystoneauth1-5.2.1/AUTHORS 2023-06-19 16:09:39.000000000 +0200
+++ new/keystoneauth1-5.6.0/AUTHORS 2024-02-23 09:46:26.000000000 +0100
@@ -89,6 +89,7 @@
Jamie Lennox <[email protected]>
Jamie Lennox <[email protected]>
Jamie Lennox <[email protected]>
+Jaromir Wysoglad <[email protected]>
Jens Harbott <[email protected]>
Jens Rosenboom <[email protected]>
Jeremy Liu <[email protected]>
@@ -102,6 +103,7 @@
JordanP <[email protected]>
Jose Castro Leon <[email protected]>
Juan Antonio Osorio Robles <[email protected]>
+Julia Kreger <[email protected]>
Julien Danjou <[email protected]>
Kannan Manickam <[email protected]>
Ken'ichi Ohmichi <[email protected]>
@@ -132,6 +134,8 @@
OpenStack Release Bot <[email protected]>
Pavlo Shchelokovskyy <[email protected]>
Pete Zaitcev <[email protected]>
+Pierre-Samuel Le Stang <[email protected]>
+Pierre-Samuel Le Stang <[email protected]>
Pradeep Kilambi <[email protected]>
Prosunjit Biswas <[email protected]>
Q.hongtao <[email protected]>
@@ -172,6 +176,7 @@
Tin Lam <[email protected]>
Tin Lam <[email protected]>
Tony Breeds <[email protected]>
+Vadym Markov <[email protected]>
Van Hung Pham <[email protected]>
Victor Morales <[email protected]>
Victor Stinner <[email protected]>
@@ -187,6 +192,7 @@
Yatin Kumbhare <[email protected]>
Yi Feng <[email protected]>
Yolanda Robla <[email protected]>
+Yusuke Niimi <[email protected]>
Zhenguo Niu <[email protected]>
ZhiQiang Fan <[email protected]>
ZhiQiang Fan <[email protected]>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-5.2.1/ChangeLog
new/keystoneauth1-5.6.0/ChangeLog
--- old/keystoneauth1-5.2.1/ChangeLog 2023-06-19 16:09:39.000000000 +0200
+++ new/keystoneauth1-5.6.0/ChangeLog 2024-02-23 09:46:26.000000000 +0100
@@ -1,6 +1,34 @@
CHANGES
=======
+5.6.0
+-----
+
+* reno: Update master for unmaintained/yoga
+
+5.5.0
+-----
+
+* Update python classifier in setup.cfg
+* Bump hacking, other flake8 plugins
+* Bump bandit
+* Remove dependency on oslo\_config
+* Fix "dictionary changed size during iteration"
+* Change retries log level to warning instead of info
+* Allow setting retriable status codes for Adapter via configuration options
+
+5.4.0
+-----
+
+* Drop parameters when connecting to a redirected endpoint
+* Update master for stable/2023.2
+
+5.3.0
+-----
+
+* Keep request-id at redirect
+* Support PKCE with v3oidcdeviceauthz
+
5.2.1
-----
@@ -12,6 +40,7 @@
-----
* Update master for stable/2023.1
+* Add project URLs from README as packaging metadata
* Fix up some packaging metadata
* New auth plugin v3oidcdeviceauthz
* OAuth 2.0 Mutual-TLS Support
@@ -30,6 +59,7 @@
* Allow federation to work with unversioned auth\_url
* Enforce scope mutual exclusion for system
* Fix linters and bindep on jammy
+* Add doc of OAuth 2.0 Mutual-TLS Authenticate
* Switch to 2023.1 Python3 unit tests and generic template name
* Update master for stable/zed
@@ -38,6 +68,7 @@
* OAuth2.0 Client Credentials Grant Flow Support
* Replace abc.abstractproperty with property and abc.abstractmethod
+* Add doc of OAuth2.0 Client Credentials Grant Flow
5.0.0
-----
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-5.2.1/PKG-INFO
new/keystoneauth1-5.6.0/PKG-INFO
--- old/keystoneauth1-5.2.1/PKG-INFO 2023-06-19 16:09:39.286376000 +0200
+++ new/keystoneauth1-5.6.0/PKG-INFO 2024-02-23 09:46:27.280933000 +0100
@@ -1,11 +1,15 @@
Metadata-Version: 2.1
Name: keystoneauth1
-Version: 5.2.1
+Version: 5.6.0
Summary: Authentication Library for OpenStack Identity
Home-page: https://docs.openstack.org/keystoneauth/latest/
Author: OpenStack
Author-email: [email protected]
License: UNKNOWN
+Project-URL: Documentation, https://docs.openstack.org/keystoneauth/latest/
+Project-URL: Source, https://opendev.org/openstack/keystoneauth
+Project-URL: Bugs, https://bugs.launchpad.net/keystoneauth
+Project-URL: Release Notes,
https://docs.openstack.org/releasenotes/keystoneauth/
Description: ========================
Team and repository tags
========================
@@ -56,6 +60,8 @@
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
Requires-Python: >=3.8
Description-Content-Type: text/x-rst
Provides-Extra: betamax
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-5.2.1/doc/source/authentication-plugins.rst
new/keystoneauth1-5.6.0/doc/source/authentication-plugins.rst
--- old/keystoneauth1-5.2.1/doc/source/authentication-plugins.rst
2023-06-19 16:09:12.000000000 +0200
+++ new/keystoneauth1-5.6.0/doc/source/authentication-plugins.rst
2024-02-23 09:45:44.000000000 +0100
@@ -66,6 +66,12 @@
Authenticate against a V3 identity service using an application credential.
- :py:class:`~keystoneauth1.extras.kerberos.KerberosMethod`: Authenticate
against a V3 identity service using Kerberos.
+- :py:class:`~keystoneauth1.identity.v3.OAuth2ClientCredentialMethod`:
+ Authenticate against a V3 identity service using an OAuth2.0 client
+ credential.
+- :py:class:`~keystoneauth1.identity.v3.OAuth2mTlsClientCredential`:
+ Authenticate against a V3 identity service using an OAuth2.0 Mutual-TLS
+ client credentials.
The :py:class:`~keystoneauth1.identity.v3.AuthMethod` objects are then
passed to the :py:class:`~keystoneauth1.identity.v3.Auth` plugin::
@@ -380,6 +386,69 @@
>>> sess = session.Session(auth=auth)
+OAuth2.0 Client Credentials
+===========================
+
+.. warning::
+
+ The access token must be only added for the requests using HTTPS according
+ to `RFC6749`_.
+
+There is a specific authentication method for interacting with Identity
+servers that support OAuth2.0 Client Credential Grant. The notable difference
+from the other authentication method is that, after passing the
+authentication, the ``session`` will add "Authorization" header with an
+OAuth2.0 access token to sent subsequent requests. The following method can be
+used to authenticate for a token using OAuth2.0 client credentials:
+
+.. _RFC6749: https://datatracker.ietf.org/doc/html/rfc6749
+
+- :py:class:`~keystoneauth1.identity.v3.OAuth2ClientCredential`:
+
+The following example shows the method usage with a session::
+
+ >>> from keystoneauth1 import session
+ >>> from keystone.identity import v3
+ >>> auth = v3.OAuth2ClientCredential(
+ oauth2_endpoint='https://keystone.host/identity/v3/OS-OAUTH2/token'
+ oauth2_client_id='f96a2fec117141a6b5fbaa0485632244',
+ oauth2_client_secret='client_credential_secret'
+ )
+ >>> sess = session.Session(auth=auth)
+
+
+OAuth2.0 Mutual-TLS Client Credentials
+======================================
+
+.. warning::
+
+ The access token must be only added for the requests using mutual TLS
+ according to `RFC8705`_.
+
+There is a specific authentication method for interacting with Identity
+servers that support OAuth 2.0 Mutual-TLS Client Authentication. The notable
+difference from the other authentication method is that, after passing the
+authentication, the ``session`` will add "Authorization" header with an
+OAuth2.0 Certificate-Bound Access Tokens to sent subsequent requests. The
+following method can be used to authenticate for a token using OAuth2.0
+Mutual-TLS client credentials:
+
+.. _RFC8705: https://datatracker.ietf.org/doc/html/rfc8705
+
+- :py:class:`~keystoneauth1.identity.v3.OAuth2mTlsClientCredential`:
+
+The following example shows the method usage with a session::
+
+ >>> from keystoneauth1 import session
+ >>> from keystone.identity import v3
+ >>> auth = v3.OAuth2mTlsClientCredential(
+ auth_url='http://keystone.host:5000/v3'
+ oauth2_endpoint='https://keystone.host/identity/v3/OS-OAUTH2/token'
+ oauth2_client_id='f96a2fec117141a6b5fbaa0485632244'
+ )
+ >>> sess = session.Session(auth=auth)
+
+
Tokenless Auth
==============
@@ -432,6 +501,8 @@
- v3samlpassword: :py:class:`keystoneauth1.extras._saml2.v3.Password`
- v3tokenlessauth: :py:class:`keystoneauth1.identity.v3.TokenlessAuth`
- v3totp: :py:class:`keystoneauth1.identity.v3.TOTP`
+- v3oauth2clientcredential:
:py:class:`keystoneauth1.identity.v3.OAuth2ClientCredential`
+- v3oauth2mtlsclientcredential:
:py:class:`keystoneauth1.identity.v3.OAuth2mTlsClientCredential`
Creating Authentication Plugins
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-5.2.1/keystoneauth1/adapter.py
new/keystoneauth1-5.6.0/keystoneauth1/adapter.py
--- old/keystoneauth1-5.2.1/keystoneauth1/adapter.py 2023-06-19
16:09:12.000000000 +0200
+++ new/keystoneauth1-5.6.0/keystoneauth1/adapter.py 2024-02-23
09:45:44.000000000 +0100
@@ -216,12 +216,10 @@
if self.user_agent:
kwargs.setdefault('user_agent', self.user_agent)
for arg in ('connect_retries', 'status_code_retries',
- 'connect_retry_delay', 'status_code_retry_delay'):
+ 'connect_retry_delay', 'status_code_retry_delay',
+ 'retriable_status_codes'):
if getattr(self, arg) is not None:
kwargs.setdefault(arg, getattr(self, arg))
- if self.retriable_status_codes:
- kwargs.setdefault('retriable_status_codes',
- self.retriable_status_codes)
if self.logger:
kwargs.setdefault('logger', self.logger)
if self.allow:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-5.2.1/keystoneauth1/hacking/checks.py
new/keystoneauth1-5.6.0/keystoneauth1/hacking/checks.py
--- old/keystoneauth1-5.2.1/keystoneauth1/hacking/checks.py 2023-06-19
16:09:12.000000000 +0200
+++ new/keystoneauth1-5.6.0/keystoneauth1/hacking/checks.py 2024-02-23
09:45:44.000000000 +0100
@@ -33,4 +33,4 @@
msg = ("K333: '%s' must be used instead of '%s'.") % (
logical_line.replace('oslo.', 'oslo_'),
logical_line)
- yield(0, msg)
+ yield (0, msg)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-5.2.1/keystoneauth1/identity/v3/oidc.py
new/keystoneauth1-5.6.0/keystoneauth1/identity/v3/oidc.py
--- old/keystoneauth1-5.2.1/keystoneauth1/identity/v3/oidc.py 2023-06-19
16:09:12.000000000 +0200
+++ new/keystoneauth1-5.6.0/keystoneauth1/identity/v3/oidc.py 2024-02-23
09:45:44.000000000 +0100
@@ -11,6 +11,9 @@
# under the License.
import abc
+import base64
+import hashlib
+import os
import time
from urllib import parse as urlparse
import warnings
@@ -481,10 +484,11 @@
HEADER_X_FORM = {"Content-Type": "application/x-www-form-urlencoded"}
def __init__(self, auth_url, identity_provider, protocol, # nosec
- client_id, client_secret,
+ client_id, client_secret=None,
access_token_endpoint=None,
device_authorization_endpoint=None,
discovery_endpoint=None,
+ code_challenge=None, code_challenge_method=None,
**kwargs):
"""The OAuth 2.0 Device Authorization plugin expects the following.
@@ -495,10 +499,14 @@
provided this value will override
the discovered one.
:type device_authorization_endpoint: string
+
+ :param code_challenge_method: PKCE Challenge Method (RFC 7636).
+ :type code_challenge_method: string
"""
# RFC 8628 only allows to retrieve an access_token
- self.access_token_type = 'access_token'
+ self.access_token_type = 'access_token' # nosec B105
self.device_authorization_endpoint = device_authorization_endpoint
+ self.code_challenge_method = code_challenge_method
super(OidcDeviceAuthorization, self).__init__(
auth_url=auth_url,
@@ -536,6 +544,29 @@
raise exceptions.oidc.OidcDeviceAuthorizationEndpointNotFound()
return endpoint
+ def _generate_pkce_verifier(self):
+ """Generate PKCE verifier string as defined in RFC 7636."""
+ raw_bytes = 42 # 32 is the minimum from the RFC, let's use a bit more
+ _rand = os.urandom(raw_bytes)
+ _rand_b64 = base64.urlsafe_b64encode(_rand).decode('ascii')
+ code_verifier = _rand_b64.rstrip('=') # strip padding as RFC says
+ return code_verifier
+
+ def _generate_pkce_challenge(self):
+ """Generate PKCE challenge string as defined in RFC 7636."""
+ if self.code_challenge_method not in ('plain', 'S256'):
+ raise exceptions.OidcGrantTypeMissmatch()
+ self.code_verifier = self._generate_pkce_verifier()
+
+ if self.code_challenge_method == 'plain':
+ return self.code_verifier
+ elif self.code_challenge_method == 'S256':
+ _tmp = self.code_verifier.encode('ascii')
+ _hash = hashlib.sha256(_tmp).digest()
+ _tmp = base64.urlsafe_b64encode(_hash).decode('ascii')
+ code_challenge = _tmp.rstrip('=')
+ return code_challenge
+
def get_payload(self, session):
"""Get an authorization grant for the "device_code" grant type.
@@ -548,9 +579,19 @@
client_auth = (self.client_id, self.client_secret)
device_authz_endpoint = \
self._get_device_authorization_endpoint(session)
+
+ payload = {}
+ if self.code_challenge_method:
+ self.code_challenge = self._generate_pkce_challenge()
+ payload.setdefault('code_challenge_method',
+ self.code_challenge_method)
+ payload.setdefault('code_challenge', self.code_challenge)
+ encoded_payload = urlparse.urlencode(payload)
+
op_response = session.post(device_authz_endpoint,
requests_auth=client_auth,
headers=self.HEADER_X_FORM,
+ data=encoded_payload,
authenticated=False)
self.expires_in = int(op_response.json()["expires_in"])
@@ -563,6 +604,8 @@
op_response.json()["verification_uri_complete"]
payload = {'device_code': self.device_code}
+ if self.code_challenge_method:
+ payload.setdefault('code_verifier', self.code_verifier)
return payload
def _get_access_token(self, session, payload):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-5.2.1/keystoneauth1/loading/_plugins/identity/v3.py
new/keystoneauth1-5.6.0/keystoneauth1/loading/_plugins/identity/v3.py
--- old/keystoneauth1-5.2.1/keystoneauth1/loading/_plugins/identity/v3.py
2023-06-19 16:09:12.000000000 +0200
+++ new/keystoneauth1-5.6.0/keystoneauth1/loading/_plugins/identity/v3.py
2024-02-23 09:45:44.000000000 +0100
@@ -209,6 +209,8 @@
'that if a discovery document is being passed this '
'option will override the endpoint provided by the '
'server in the discovery document.'),
+ loading.Opt('code-challenge-method',
+ help='PKCE Challenge Method (RFC 7636)'),
])
return options
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-5.2.1/keystoneauth1/loading/adapter.py
new/keystoneauth1-5.6.0/keystoneauth1/loading/adapter.py
--- old/keystoneauth1-5.2.1/keystoneauth1/loading/adapter.py 2023-06-19
16:09:12.000000000 +0200
+++ new/keystoneauth1-5.6.0/keystoneauth1/loading/adapter.py 2024-02-23
09:45:44.000000000 +0100
@@ -161,7 +161,16 @@
'exponential retry starting with 0.5 '
'seconds up to a maximum of 60 seconds '
'is used.'),
+ cfg.ListOpt('retriable-status-codes',
+ deprecated_opts=deprecated_opts.get(
+ 'retriable-status-codes'),
+ item_type=cfg.types.Integer(),
+ help='List of retriable HTTP status codes that '
+ 'should be retried. If not set default to '
+ ' [503]'
+ ),
]
+
if include_deprecated:
opts += [
cfg.StrOpt('interface',
@@ -291,6 +300,7 @@
kwargs.setdefault('status_code_retries', confgrp.status_code_retries)
kwargs.setdefault('status_code_retry_delay',
confgrp.status_code_retry_delay)
+ kwargs.setdefault('retriable_status_codes', confgrp.retriable_status_codes)
def register_argparse_arguments(*args, **kwargs):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-5.2.1/keystoneauth1/loading/opts.py
new/keystoneauth1-5.6.0/keystoneauth1/loading/opts.py
--- old/keystoneauth1-5.2.1/keystoneauth1/loading/opts.py 2023-06-19
16:09:12.000000000 +0200
+++ new/keystoneauth1-5.6.0/keystoneauth1/loading/opts.py 2024-02-23
09:45:44.000000000 +0100
@@ -112,7 +112,7 @@
def __eq__(self, other):
"""Define equality operator on option parameters."""
- return (type(self) == type(other) and
+ return (type(self) is type(other) and
self.name == other.name and
self.type == other.type and
self.help == other.help and
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-5.2.1/keystoneauth1/session.py
new/keystoneauth1-5.6.0/keystoneauth1/session.py
--- old/keystoneauth1-5.2.1/keystoneauth1/session.py 2023-06-19
16:09:12.000000000 +0200
+++ new/keystoneauth1-5.6.0/keystoneauth1/session.py 2024-02-23
09:45:44.000000000 +0100
@@ -51,6 +51,7 @@
_MAX_RETRY_INTERVAL = 60.0
_EXPONENTIAL_DELAY_START = 0.5
+_RETRIABLE_STATUS_CODES = [503]
# NOTE(efried): This is defined in oslo_middleware.request_id.INBOUND_HEADER,
# but it didn't seem worth adding oslo_middleware to requirements just for that
@@ -153,7 +154,12 @@
# module does this but is far less efficient. Same story with the
# frame walking below. One could use ``inspect.stack()`` but it
# has far more overhead.
- mod_lookup = dict((m.__file__, n) for n, m in sys.modules.items()
+
+ # NOTE(jwysogla): According to the docs, we should always use copy(),
+ # because sys.modules can change during iteration, which results
+ # in a RuntimeError
+ # https://docs.python.org/3/library/sys.html#sys.modules
+ mod_lookup = dict((m.__file__, n) for n, m in sys.modules.copy().items()
if hasattr(m, '__file__'))
# NOTE(shaleh): these are not useful because they hide the real
@@ -766,7 +772,8 @@
if connect_retries is None:
connect_retries = self._connect_retries
# HTTP 503 - Service Unavailable
- retriable_status_codes = retriable_status_codes or [503]
+ retriable_status_codes = retriable_status_codes or \
+ _RETRIABLE_STATUS_CODES
rate_semaphore = rate_semaphore or self._rate_semaphore
headers = kwargs.setdefault('headers', dict())
@@ -1038,8 +1045,10 @@
raise
delay = next(connect_retry_delays)
- logger.info('Failure: %(e)s. Retrying in %(delay).1fs.',
- {'e': e, 'delay': delay})
+ logger.warning('Failure: %(e)s. Retrying in %(delay).1fs.'
+ '%(retries)s retries left',
+ {'e': e, 'delay': delay,
+ 'retries': connect_retries})
time.sleep(delay)
return self._send_request(
@@ -1074,6 +1083,17 @@
logger.warning("Failed to redirect request to %s as new "
"location was not provided.", resp.url)
else:
+ # NOTE(TheJulia): Location redirects generally should have
+ # URI's to the destination.
+ # https://datatracker.ietf.org/doc/html/rfc7231#section-7.1.2
+ if 'params' in kwargs:
+ kwargs['params'] = {}
+
+ if 'x-openstack-request-id' in resp.headers:
+ kwargs['headers'].setdefault('x-openstack-request-id',
+ resp.headers[
+ 'x-openstack-request-id'])
+
# NOTE(jamielennox): We don't keep increasing delays.
# This request actually worked so we can reset the delay count.
connect_retry_delays.reset()
@@ -1096,9 +1116,10 @@
status_code_retries > 0):
delay = next(status_code_retry_delays)
- logger.info('Retriable status code %(code)s. Retrying in '
- '%(delay).1fs.',
- {'code': resp.status_code, 'delay': delay})
+ logger.warning('Retriable status code %(code)s. Retrying in '
+ '%(delay).1fs. %(retries)s retries left',
+ {'code': resp.status_code, 'delay': delay,
+ 'retries': status_code_retries})
time.sleep(delay)
# NOTE(jamielennox): We don't keep increasing connection delays.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-5.2.1/keystoneauth1/tests/unit/loading/test_adapter.py
new/keystoneauth1-5.6.0/keystoneauth1/tests/unit/loading/test_adapter.py
--- old/keystoneauth1-5.2.1/keystoneauth1/tests/unit/loading/test_adapter.py
2023-06-19 16:09:12.000000000 +0200
+++ new/keystoneauth1-5.6.0/keystoneauth1/tests/unit/loading/test_adapter.py
2024-02-23 09:45:44.000000000 +0100
@@ -159,7 +159,7 @@
service_type='type', service_name='name',
connect_retries=3, status_code_retries=5,
connect_retry_delay=0.5, status_code_retry_delay=2.0,
- group=self.GROUP)
+ retriable_status_codes=[503], group=self.GROUP)
adap = loading.load_adapter_from_conf_options(
self.conf_fx.conf, self.GROUP, session='session', auth='auth')
self.assertEqual('type', adap.service_type)
@@ -168,6 +168,7 @@
self.assertEqual(0.5, adap.connect_retry_delay)
self.assertEqual(5, adap.status_code_retries)
self.assertEqual(2.0, adap.status_code_retry_delay)
+ self.assertListEqual([503], adap.retriable_status_codes)
def test_get_conf_options(self):
opts = loading.get_adapter_conf_options()
@@ -176,6 +177,8 @@
self.assertIsInstance(opt, cfg.IntOpt)
elif opt.name.endswith('-retry-delay'):
self.assertIsInstance(opt, cfg.FloatOpt)
+ elif opt.name == 'retriable-status-codes':
+ self.assertIsInstance(opt, cfg.ListOpt)
elif opt.name != 'valid-interfaces':
self.assertIsInstance(opt, cfg.StrOpt)
else:
@@ -185,7 +188,7 @@
'region-name', 'endpoint-override', 'version',
'min-version', 'max-version', 'connect-retries',
'status-code-retries', 'connect-retry-delay',
- 'status-code-retry-delay'},
+ 'status-code-retry-delay', 'retriable-status-codes'},
{opt.name for opt in opts})
def test_get_conf_options_undeprecated(self):
@@ -195,6 +198,8 @@
self.assertIsInstance(opt, cfg.IntOpt)
elif opt.name.endswith('-retry-delay'):
self.assertIsInstance(opt, cfg.FloatOpt)
+ elif opt.name == 'retriable-status-codes':
+ self.assertIsInstance(opt, cfg.ListOpt)
elif opt.name != 'valid-interfaces':
self.assertIsInstance(opt, cfg.StrOpt)
else:
@@ -203,7 +208,7 @@
'region-name', 'endpoint-override', 'version',
'min-version', 'max-version', 'connect-retries',
'status-code-retries', 'connect-retry-delay',
- 'status-code-retry-delay'},
+ 'status-code-retry-delay', 'retriable-status-codes'},
{opt.name for opt in opts})
def test_deprecated(self):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-5.2.1/keystoneauth1/tests/unit/loading/utils.py
new/keystoneauth1-5.6.0/keystoneauth1/tests/unit/loading/utils.py
--- old/keystoneauth1-5.2.1/keystoneauth1/tests/unit/loading/utils.py
2023-06-19 16:09:12.000000000 +0200
+++ new/keystoneauth1-5.6.0/keystoneauth1/tests/unit/loading/utils.py
2024-02-23 09:45:44.000000000 +0100
@@ -73,7 +73,7 @@
def __eq__(self, other):
"""Define equiality for many bool types."""
# hack around oslo.config equality comparison
- return type(self) == type(other)
+ return type(self) is type(other)
# NOTE: This function is only needed by Python 2. If we get to point where
# we don't support Python 2 anymore, this function should be removed.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-5.2.1/keystoneauth1/tests/unit/test_session.py
new/keystoneauth1-5.6.0/keystoneauth1/tests/unit/test_session.py
--- old/keystoneauth1-5.2.1/keystoneauth1/tests/unit/test_session.py
2023-06-19 16:09:12.000000000 +0200
+++ new/keystoneauth1-5.6.0/keystoneauth1/tests/unit/test_session.py
2024-02-23 09:45:44.000000000 +0100
@@ -867,6 +867,17 @@
self.assertEqual(resp.url, self.REDIRECT_CHAIN[i])
self.assertEqual(resp.text, self.DEFAULT_REDIRECT_BODY)
+ def test_redirect_with_params(self):
+ params = {'foo': 'bar'}
+ session = client_session.Session(redirect=True)
+ # Note(knikolla): Setting complete_qs to True ensures that the mock
+ # will only match paths including all query strings.
+ self.setup_redirects(final_kwargs={'complete_qs': True})
+ resp = session.get(self.REDIRECT_CHAIN[0], params=params)
+ self.assertResponse(resp)
+ self.assertTrue(len(resp.history), len(self.REDIRECT_CHAIN))
+ self.assertQueryStringIs(None)
+
def test_history_matches_requests(self):
self.setup_redirects(status_code=301)
session = client_session.Session(redirect=True)
@@ -887,6 +898,15 @@
resp = session.get(self.REDIRECT_CHAIN[-2])
self.assertResponse(resp)
+ def test_req_id_redirect(self):
+ session = client_session.Session()
+ self.setup_redirects(status_code=302)
+ resp = session.get(self.REDIRECT_CHAIN[0],
+ headers={'x-openstack-request-id': 'req-1234-5678'})
+ self.assertResponse(resp)
+ self.assertRequestHeaderEqual('x-openstack-request-id',
+ 'req-1234-5678')
+
class AuthPlugin(plugin.BaseAuthPlugin):
"""Very simple debug authentication plugin.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-5.2.1/keystoneauth1.egg-info/PKG-INFO
new/keystoneauth1-5.6.0/keystoneauth1.egg-info/PKG-INFO
--- old/keystoneauth1-5.2.1/keystoneauth1.egg-info/PKG-INFO 2023-06-19
16:09:39.000000000 +0200
+++ new/keystoneauth1-5.6.0/keystoneauth1.egg-info/PKG-INFO 2024-02-23
09:46:26.000000000 +0100
@@ -1,11 +1,15 @@
Metadata-Version: 2.1
Name: keystoneauth1
-Version: 5.2.1
+Version: 5.6.0
Summary: Authentication Library for OpenStack Identity
Home-page: https://docs.openstack.org/keystoneauth/latest/
Author: OpenStack
Author-email: [email protected]
License: UNKNOWN
+Project-URL: Documentation, https://docs.openstack.org/keystoneauth/latest/
+Project-URL: Source, https://opendev.org/openstack/keystoneauth
+Project-URL: Bugs, https://bugs.launchpad.net/keystoneauth
+Project-URL: Release Notes,
https://docs.openstack.org/releasenotes/keystoneauth/
Description: ========================
Team and repository tags
========================
@@ -56,6 +60,8 @@
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
Requires-Python: >=3.8
Description-Content-Type: text/x-rst
Provides-Extra: betamax
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-5.2.1/keystoneauth1.egg-info/SOURCES.txt
new/keystoneauth1-5.6.0/keystoneauth1.egg-info/SOURCES.txt
--- old/keystoneauth1-5.2.1/keystoneauth1.egg-info/SOURCES.txt 2023-06-19
16:09:39.000000000 +0200
+++ new/keystoneauth1-5.6.0/keystoneauth1.egg-info/SOURCES.txt 2024-02-23
09:46:27.000000000 +0100
@@ -236,6 +236,7 @@
releasenotes/notes/drop-py-2-7-f90c67a5db0dfeb8.yaml
releasenotes/notes/drop-python-3-6-and-3-7-c407d5898c5eafec.yaml
releasenotes/notes/drop-python-3.5-362bb9d47f830353.yaml
+releasenotes/notes/drops-url-parameters-on-redirect-13951b4a4c830d0f.yaml
releasenotes/notes/expose-endpoint-status-6195a6b76d8a8de8.yaml
releasenotes/notes/filter-versions-service-type-763af68092344b7a.yaml
releasenotes/notes/fix-get-all-version-data-a01ee58524755b9b.yaml
@@ -259,6 +260,7 @@
releasenotes/notes/user-agent-generation-b069100508c06177.yaml
releasenotes/notes/version-between-b4b0bcf4cecfb9e4.yaml
releasenotes/source/2023.1.rst
+releasenotes/source/2023.2.rst
releasenotes/source/conf.py
releasenotes/source/index.rst
releasenotes/source/mitaka.rst
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-5.2.1/keystoneauth1.egg-info/pbr.json
new/keystoneauth1-5.6.0/keystoneauth1.egg-info/pbr.json
--- old/keystoneauth1-5.2.1/keystoneauth1.egg-info/pbr.json 2023-06-19
16:09:39.000000000 +0200
+++ new/keystoneauth1-5.6.0/keystoneauth1.egg-info/pbr.json 2024-02-23
09:46:26.000000000 +0100
@@ -1 +1 @@
-{"git_version": "c69ade6", "is_release": true}
\ No newline at end of file
+{"git_version": "e071ad4", "is_release": true}
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-5.2.1/keystoneauth1.egg-info/requires.txt
new/keystoneauth1-5.6.0/keystoneauth1.egg-info/requires.txt
--- old/keystoneauth1-5.2.1/keystoneauth1.egg-info/requires.txt 2023-06-19
16:09:39.000000000 +0200
+++ new/keystoneauth1-5.6.0/keystoneauth1.egg-info/requires.txt 2024-02-23
09:46:26.000000000 +0100
@@ -20,13 +20,13 @@
[test]
PyYAML>=3.12
-bandit<1.6.0,>=1.1.0
+bandit~=1.7.6
betamax>=0.7.0
coverage!=4.4,>=4.0
fixtures>=3.0.0
-flake8-docstrings~=1.6.0
-flake8-import-order>=0.17.1
-hacking~=4.1.0
+flake8-docstrings~=1.7.0
+flake8-import-order~=0.18.2
+hacking~=6.1.0
lxml>=4.2.0
oauthlib>=0.6.2
oslo.config>=5.2.0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-5.2.1/releasenotes/notes/drops-url-parameters-on-redirect-13951b4a4c830d0f.yaml
new/keystoneauth1-5.6.0/releasenotes/notes/drops-url-parameters-on-redirect-13951b4a4c830d0f.yaml
---
old/keystoneauth1-5.2.1/releasenotes/notes/drops-url-parameters-on-redirect-13951b4a4c830d0f.yaml
1970-01-01 01:00:00.000000000 +0100
+++
new/keystoneauth1-5.6.0/releasenotes/notes/drops-url-parameters-on-redirect-13951b4a4c830d0f.yaml
2024-02-23 09:45:44.000000000 +0100
@@ -0,0 +1,10 @@
+---
+fixes:
+ - |
+ Fixes a condition where URL parameters would be appended to a
+ new URL discovered via a redirect. This was resulting in arguments
+ being duplicated on requests to the new server being redirected to.
+ URL redirects are intended to redirect the requester to the final
+ location, and generally include a fully formatted final destination
+ URL, which would include URL parameters. URL parameters are now dropped
+ when attempting to issue a request once redirected.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-5.2.1/releasenotes/source/2023.2.rst
new/keystoneauth1-5.6.0/releasenotes/source/2023.2.rst
--- old/keystoneauth1-5.2.1/releasenotes/source/2023.2.rst 1970-01-01
01:00:00.000000000 +0100
+++ new/keystoneauth1-5.6.0/releasenotes/source/2023.2.rst 2024-02-23
09:45:44.000000000 +0100
@@ -0,0 +1,6 @@
+===========================
+2023.2 Series Release Notes
+===========================
+
+.. release-notes::
+ :branch: stable/2023.2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-5.2.1/releasenotes/source/index.rst
new/keystoneauth1-5.6.0/releasenotes/source/index.rst
--- old/keystoneauth1-5.2.1/releasenotes/source/index.rst 2023-06-19
16:09:12.000000000 +0200
+++ new/keystoneauth1-5.6.0/releasenotes/source/index.rst 2024-02-23
09:45:44.000000000 +0100
@@ -6,6 +6,7 @@
:maxdepth: 1
unreleased
+ 2023.2
2023.1
zed
yoga
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-5.2.1/releasenotes/source/yoga.rst
new/keystoneauth1-5.6.0/releasenotes/source/yoga.rst
--- old/keystoneauth1-5.2.1/releasenotes/source/yoga.rst 2023-06-19
16:09:12.000000000 +0200
+++ new/keystoneauth1-5.6.0/releasenotes/source/yoga.rst 2024-02-23
09:45:44.000000000 +0100
@@ -3,4 +3,4 @@
=========================
.. release-notes::
- :branch: stable/yoga
+ :branch: unmaintained/yoga
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-5.2.1/setup.cfg
new/keystoneauth1-5.6.0/setup.cfg
--- old/keystoneauth1-5.2.1/setup.cfg 2023-06-19 16:09:39.286376000 +0200
+++ new/keystoneauth1-5.6.0/setup.cfg 2024-02-23 09:46:27.280933000 +0100
@@ -7,6 +7,11 @@
author = OpenStack
author_email = [email protected]
home_page = https://docs.openstack.org/keystoneauth/latest/
+project_urls =
+ Documentation = https://docs.openstack.org/keystoneauth/latest/
+ Source = https://opendev.org/openstack/keystoneauth
+ Bugs = https://bugs.launchpad.net/keystoneauth
+ Release Notes = https://docs.openstack.org/releasenotes/keystoneauth/
python_requires = >=3.8
classifier =
Environment :: OpenStack
@@ -20,6 +25,8 @@
Programming Language :: Python :: 3
Programming Language :: Python :: 3.8
Programming Language :: Python :: 3.9
+ Programming Language :: Python :: 3.10
+ Programming Language :: Python :: 3.11
[files]
packages =
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-5.2.1/test-requirements.txt
new/keystoneauth1-5.6.0/test-requirements.txt
--- old/keystoneauth1-5.2.1/test-requirements.txt 2023-06-19
16:09:12.000000000 +0200
+++ new/keystoneauth1-5.6.0/test-requirements.txt 2024-02-23
09:45:44.000000000 +0100
@@ -1,12 +1,8 @@
-# The order of packages is significant, because pip processes them in the order
-# of appearance. Changing the order has an impact on the overall integration
-# process, which may cause wedges in the gate later.
+hacking~=6.1.0 # Apache-2.0
+flake8-docstrings~=1.7.0 # MIT
+flake8-import-order~=0.18.2 #LGPLv3
+bandit~=1.7.6 # Apache-2.0
-hacking~=4.1.0 # Apache-2.0
-flake8-docstrings~=1.6.0 # MIT
-flake8-import-order>=0.17.1 #LGPLv3
-
-bandit<1.6.0,>=1.1.0 # Apache-2.0
coverage!=4.4,>=4.0 # Apache-2.0
fixtures>=3.0.0 # Apache-2.0/BSD
oslo.config>=5.2.0 # Apache-2.0
