Merge "Replace python-ldap with ldap3 library"

2015-08-17 15:48:25 +00:00
parent 9c55187e25 af4fbb95d7
commit d9b8894602
5 changed files with 18 additions and 12 deletions
--- a/barbican/common/validators.py
+++ b/barbican/common/validators.py
@@ -17,7 +17,7 @@ import abc
 import base64

 import jsonschema as schema
-import ldap
+from ldap3.utils.dn import parse_dn
 from OpenSSL import crypto
 from oslo_utils import timeutils
 import six
@@ -535,7 +535,7 @@ class TypeOrderValidator(ValidatorBase):
        If not, raise InvalidSubjectDN
        """
        try:
-            ldap.dn.str2dn(subject_dn)
+            parse_dn(subject_dn)
        except Exception:
            raise exception.InvalidSubjectDN(subject_dn=subject_dn)

--- a/barbican/tasks/certificate_resources.py
+++ b/barbican/tasks/certificate_resources.py
@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-import ldap
+from ldap3.utils.dn import parse_dn
 from OpenSSL import crypto

 from barbican.common import exception as excep
@@ -332,7 +332,7 @@ def _generate_csr_from_private_key(order_model, project_model):
        )

    subject_name = order_model.meta.get('subject_dn')
-    subject_name_dns = ldap.dn.str2dn(subject_name)
+    subject_name_dns = parse_dn(subject_name)
    extensions = order_model.meta.get('extensions', None)

    req = crypto.X509Req()
@@ -341,8 +341,8 @@ def _generate_csr_from_private_key(order_model, project_model):
    # Note: must iterate over the DNs in reverse order, or the resulting
    # subject name will be reversed.
    for ava in reversed(subject_name_dns):
-        for key, val, extra in ava:
-            setattr(subj, key.upper(), val)
+        key, val, extra = ava
+        setattr(subj, key.upper(), val)
    req.set_pubkey(pkey)
    if extensions:
        # TODO(alee-3) We need code here to parse the encoded extensions and
--- a/barbican/tests/common/test_validators.py
+++ b/barbican/tests/common/test_validators.py
@@ -1295,14 +1295,20 @@ class WhenTestingStoredKeyOrderValidator(utils.BaseTestCase):
                          self.validator.validate,
                          self.order_req)

-    def test_should_pass_with_two_cn_in_dn(self):
-        self.meta['subject_dn'] = "CN=example1 CN=example2"
+    def test_should_pass_with_one_cn_in_dn(self):
+        self.meta['subject_dn'] = "CN=example1"
        self.validator.validate(self.order_req)

-    def test_should_pass_with_blank_dn(self):
-        self.meta['subject_dn'] = ""
+    def test_should_pass_with_two_cn_in_dn(self):
+        self.meta['subject_dn'] = "CN=example1,CN=example2"
        self.validator.validate(self.order_req)

+    def test_should_raise_with_blank_dn(self):
+        self.meta['subject_dn'] = ""
+        self.assertRaises(excep.InvalidSubjectDN,
+                          self.validator.validate,
+                          self.order_req)
+
    def test_should_raise_with_bad_subject_dn(self):
        self.meta['subject_dn'] = "Bad subject DN data"
        self.assertRaises(excep.InvalidSubjectDN,
--- a/barbican/tests/tasks/test_certificate_resources.py
+++ b/barbican/tests/tasks/test_certificate_resources.py
@@ -228,7 +228,7 @@ class BaseCertificateRequestsTestCase(utils.BaseTestCase):
            cert_man.CertificateRequestType.STORED_KEY_REQUEST,
            "container_ref":
            "https://localhost/containers/" + self.container.id,
-            "subject_name": "cn=host.example.com,ou=dev,ou=us,o=example.com"
+            "subject_dn": "cn=host.example.com,ou=dev,ou=us,o=example.com"
        }

        self.order = models.Order()
--- a/requirements.txt
+++ b/requirements.txt
@@ -25,7 +25,7 @@ pbr<2.0,>=1.4
 pecan>=0.8.0
 pycrypto>=2.6
 pyOpenSSL>=0.14
-python-ldap>=2.4;python_version=='2.7'
+ldap3>=0.9.8.2 # LGPLv3
 keystonemiddleware>=2.0.0
 six>=1.9.0
 SQLAlchemy<1.1.0,>=0.9.7