From 4530041931ff23b6d7347000d59703093f7d657a Mon Sep 17 00:00:00 2001 From: Vishakha Agarwal Date: Wed, 29 Jan 2020 13:04:23 +0530 Subject: [PATCH] Remove six usage This repo does not support Python 2 anymore, so we don't need six for compatibility between Python2 and 3, convert six usage to Python 3 code. Change-Id: Icba56808f38277b27af2ae5aac4b8507dee71b3b --- keystone/api/_shared/EC2_S3_Resource.py | 8 +- keystone/api/_shared/authentication.py | 5 +- keystone/api/auth.py | 16 +- keystone/api/credentials.py | 6 +- keystone/api/discovery.py | 4 +- keystone/api/domains.py | 22 +- keystone/api/ec2tokens.py | 4 +- keystone/api/endpoints.py | 6 +- keystone/api/groups.py | 12 +- keystone/api/limits.py | 6 +- keystone/api/os_ep_filter.py | 16 +- keystone/api/os_federation.py | 22 +- keystone/api/os_inherit.py | 26 +- keystone/api/os_oauth1.py | 12 +- keystone/api/policy.py | 24 +- keystone/api/projects.py | 26 +- keystone/api/regions.py | 8 +- keystone/api/registered_limits.py | 6 +- keystone/api/roles.py | 12 +- keystone/api/s3tokens.py | 10 +- keystone/api/services.py | 6 +- keystone/api/system.py | 14 +- keystone/api/trusts.py | 6 +- keystone/api/users.py | 20 +- .../application_credential/backends/base.py | 5 +- keystone/assignment/backends/base.py | 5 +- keystone/assignment/role_backends/base.py | 5 +- keystone/auth/core.py | 20 +- keystone/auth/plugins/base.py | 6 +- keystone/auth/plugins/core.py | 17 +- keystone/auth/plugins/external.py | 4 +- keystone/auth/plugins/mapped.py | 2 +- keystone/auth/plugins/token.py | 3 +- keystone/auth/plugins/totp.py | 3 +- keystone/catalog/backends/base.py | 6 +- keystone/cmd/doctor/ldap.py | 2 +- keystone/common/manager.py | 4 +- keystone/common/resource_options/core.py | 6 +- keystone/common/sql/core.py | 9 +- keystone/common/sql/upgrades.py | 3 +- keystone/common/utils.py | 22 +- keystone/common/validation/validators.py | 9 +- keystone/credential/backends/base.py | 4 +- keystone/credential/backends/sql.py | 3 +- keystone/credential/providers/core.py | 5 +- keystone/credential/providers/fernet/core.py | 5 +- keystone/endpoint_policy/backends/base.py | 4 +- keystone/exception.py | 56 ++- keystone/federation/backends/base.py | 5 +- keystone/federation/backends/sql.py | 3 +- keystone/federation/utils.py | 5 +- keystone/identity/backends/base.py | 5 +- keystone/identity/backends/ldap/common.py | 33 +- keystone/identity/backends/ldap/core.py | 3 +- .../identity/backends/resource_options.py | 4 +- keystone/identity/generator.py | 5 +- keystone/identity/mapping_backends/base.py | 6 +- keystone/identity/shadow_backends/base.py | 5 +- keystone/limit/backends/base.py | 5 +- keystone/limit/models/base.py | 4 +- keystone/models/receipt_model.py | 5 +- keystone/models/token_model.py | 5 +- keystone/oauth1/backends/base.py | 5 +- keystone/oauth1/validator.py | 4 +- keystone/policy/backends/base.py | 4 +- keystone/receipt/handlers.py | 4 +- keystone/receipt/provider.py | 3 +- keystone/receipt/providers/base.py | 5 +- keystone/receipt/receipt_formatters.py | 32 +- keystone/resource/backends/base.py | 5 +- keystone/resource/backends/sql_model.py | 3 +- keystone/resource/config_backends/base.py | 5 +- keystone/resource/core.py | 3 +- keystone/revoke/backends/base.py | 4 +- keystone/server/flask/application.py | 7 +- keystone/server/flask/common.py | 10 +- .../middleware/auth_context.py | 19 +- keystone/tests/hacking/checks.py | 4 +- .../tests/protection/v3/test_access_rules.py | 28 +- .../v3/test_application_credential.py | 24 +- .../tests/protection/v3/test_assignment.py | 24 +- keystone/tests/protection/v3/test_consumer.py | 8 +- .../tests/protection/v3/test_credentials.py | 42 +- .../tests/protection/v3/test_domain_config.py | 46 +- .../tests/protection/v3/test_domain_roles.py | 18 +- keystone/tests/protection/v3/test_domains.py | 28 +- .../protection/v3/test_ec2_credential.py | 10 +- .../protection/v3/test_endpoint_group.py | 34 +- .../tests/protection/v3/test_endpoints.py | 18 +- keystone/tests/protection/v3/test_grants.py | 136 +++--- keystone/tests/protection/v3/test_groups.py | 70 +-- .../protection/v3/test_identity_providers.py | 20 +- .../tests/protection/v3/test_implied_roles.py | 10 +- keystone/tests/protection/v3/test_limits.py | 46 +- keystone/tests/protection/v3/test_mappings.py | 26 +- keystone/tests/protection/v3/test_policy.py | 18 +- .../protection/v3/test_policy_association.py | 54 +-- .../protection/v3/test_project_endpoint.py | 18 +- .../tests/protection/v3/test_project_tags.py | 64 +-- keystone/tests/protection/v3/test_projects.py | 64 +-- .../tests/protection/v3/test_protocols.py | 20 +- keystone/tests/protection/v3/test_regions.py | 14 +- .../protection/v3/test_registered_limits.py | 8 +- keystone/tests/protection/v3/test_roles.py | 18 +- .../protection/v3/test_service_providers.py | 20 +- keystone/tests/protection/v3/test_services.py | 18 +- .../protection/v3/test_system_assignments.py | 30 +- keystone/tests/protection/v3/test_tokens.py | 20 +- keystone/tests/protection/v3/test_trusts.py | 88 ++-- keystone/tests/protection/v3/test_users.py | 74 +-- .../tests/unit/assignment/test_backends.py | 1 - keystone/tests/unit/catalog/test_backends.py | 1 - .../tests/unit/common/test_notifications.py | 6 +- keystone/tests/unit/common/test_utils.py | 5 - keystone/tests/unit/core.py | 23 +- .../tests/unit/credential/test_backend_sql.py | 2 - keystone/tests/unit/fakeldap.py | 8 +- keystone/tests/unit/filtering.py | 2 - keystone/tests/unit/identity/test_backends.py | 1 - keystone/tests/unit/ksfixtures/hacking.py | 2 +- keystone/tests/unit/mapping_fixtures.py | 2 - .../unit/receipt/test_fernet_provider.py | 15 +- keystone/tests/unit/resource/test_backends.py | 1 - keystone/tests/unit/rest.py | 8 +- ...st_associate_project_endpoint_extension.py | 114 ++--- .../unit/test_backend_endpoint_policy.py | 1 - keystone/tests/unit/test_backend_ldap.py | 23 +- keystone/tests/unit/test_backend_sql.py | 1 - keystone/tests/unit/test_backend_templated.py | 1 - keystone/tests/unit/test_cli.py | 17 +- keystone/tests/unit/test_contrib_ec2_core.py | 12 +- keystone/tests/unit/test_contrib_s3_core.py | 12 +- .../tests/unit/test_contrib_simple_cert.py | 4 +- keystone/tests/unit/test_exception.py | 76 ++- keystone/tests/unit/test_healthcheck.py | 4 +- keystone/tests/unit/test_ldap_livetest.py | 11 +- keystone/tests/unit/test_ldap_tls_livetest.py | 10 +- keystone/tests/unit/test_limits.py | 242 +++++----- keystone/tests/unit/test_middleware.py | 6 +- keystone/tests/unit/test_policy.py | 3 +- keystone/tests/unit/test_token_provider.py | 2 +- keystone/tests/unit/test_v3.py | 16 +- .../unit/test_v3_application_credential.py | 94 ++-- keystone/tests/unit/test_v3_assignment.py | 269 ++++++----- keystone/tests/unit/test_v3_auth.py | 454 +++++++++--------- keystone/tests/unit/test_v3_catalog.py | 50 +- keystone/tests/unit/test_v3_credential.py | 16 +- keystone/tests/unit/test_v3_domain_config.py | 126 ++--- .../tests/unit/test_v3_endpoint_policy.py | 26 +- keystone/tests/unit/test_v3_federation.py | 255 +++++----- keystone/tests/unit/test_v3_filters.py | 23 +- keystone/tests/unit/test_v3_identity.py | 108 ++--- keystone/tests/unit/test_v3_oauth1.py | 124 ++--- keystone/tests/unit/test_v3_os_revoke.py | 13 +- keystone/tests/unit/test_v3_policy.py | 6 +- keystone/tests/unit/test_v3_resource.py | 125 +++-- keystone/tests/unit/test_v3_trust.py | 64 +-- keystone/tests/unit/test_versions.py | 8 +- .../tests/unit/token/test_fernet_provider.py | 21 +- keystone/tests/unit/trust/test_backends.py | 1 - keystone/tests/unit/utils.py | 3 +- keystone/token/provider.py | 6 +- keystone/token/providers/base.py | 5 +- keystone/token/token_formatters.py | 48 +- keystone/trust/backends/base.py | 5 +- keystone/trust/backends/sql.py | 1 - keystone/trust/core.py | 2 - requirements.txt | 1 - 168 files changed, 2060 insertions(+), 2257 deletions(-) diff --git a/keystone/api/_shared/EC2_S3_Resource.py b/keystone/api/_shared/EC2_S3_Resource.py index a1f1391160..021cf4ad5f 100644 --- a/keystone/api/_shared/EC2_S3_Resource.py +++ b/keystone/api/_shared/EC2_S3_Resource.py @@ -12,10 +12,7 @@ # Common base resource for EC2 and S3 Authentication -import sys - from oslo_serialization import jsonutils -import six from werkzeug import exceptions from keystone.common import provider_api @@ -102,10 +99,7 @@ class ResourceBase(ks_flask.ResourceBase): PROVIDERS.resource_api.assert_project_enabled( project_id=project_ref['id'], project=project_ref) except AssertionError as e: - six.reraise( - ks_exceptions.Unauthorized, - ks_exceptions.Unauthorized(e), - sys.exc_info()[2]) + raise ks_exceptions.Unauthorized from e roles = PROVIDERS.assignment_api.get_roles_for_user_and_project( user_ref['id'], project_ref['id']) diff --git a/keystone/api/_shared/authentication.py b/keystone/api/_shared/authentication.py index b669adc0cc..284b5b97c8 100644 --- a/keystone/api/_shared/authentication.py +++ b/keystone/api/_shared/authentication.py @@ -19,7 +19,6 @@ import flask from oslo_log import log -import six from keystone.auth import core from keystone.common import provider_api @@ -55,7 +54,7 @@ def _check_and_set_default_scoping(auth_info, auth_context): try: user_ref = PROVIDERS.identity_api.get_user(auth_context['user_id']) except exception.UserNotFound as e: - LOG.warning(six.text_type(e)) + LOG.warning(e) raise exception.Unauthorized(e) default_project_id = user_ref.get('default_project_id') @@ -235,7 +234,7 @@ def authenticate_for_token(auth=None): return token except exception.TrustNotFound as e: - LOG.warning(six.text_type(e)) + LOG.warning(e) raise exception.Unauthorized(e) diff --git a/keystone/api/auth.py b/keystone/api/auth.py index 91dfa43ca5..ef93eb4926 100644 --- a/keystone/api/auth.py +++ b/keystone/api/auth.py @@ -15,11 +15,11 @@ import string import flask import flask_restful +import http.client from oslo_log import log from oslo_serialization import jsonutils from oslo_utils import strutils -from six.moves import http_client -from six.moves import urllib +import urllib import werkzeug.exceptions from keystone.api._shared import authentication @@ -107,7 +107,7 @@ class _AuthFederationWebSSOBase(ks_flask.ResourceBase): src = string.Template(template.read()) subs = {'host': host, 'token': token_id} body = src.substitute(subs) - resp = flask.make_response(body, http_client.OK) + resp = flask.make_response(body, http.client.OK) resp.charset = 'utf-8' resp.headers['Content-Type'] = 'text/html' return resp @@ -298,7 +298,7 @@ class AuthTokenResource(_AuthFederationWebSSOBase): token_resp = render_token.render_token_response_from_model( token, include_catalog=include_catalog) resp_body = jsonutils.dumps(token_resp) - response = flask.make_response(resp_body, http_client.OK) + response = flask.make_response(resp_body, http.client.OK) response.headers['X-Subject-Token'] = token_id response.headers['Content-Type'] = 'application/json' return response @@ -317,7 +317,7 @@ class AuthTokenResource(_AuthFederationWebSSOBase): token, include_catalog=include_catalog ) resp_body = jsonutils.dumps(resp_data) - response = flask.make_response(resp_body, http_client.CREATED) + response = flask.make_response(resp_body, http.client.CREATED) response.headers['X-Subject-Token'] = token.id response.headers['Content-Type'] = 'application/json' return response @@ -331,7 +331,7 @@ class AuthTokenResource(_AuthFederationWebSSOBase): token_id = flask.request.headers.get( authorization.SUBJECT_TOKEN_HEADER) PROVIDERS.token_provider_api.revoke_token(token_id) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class AuthFederationWebSSOResource(_AuthFederationWebSSOBase): @@ -404,7 +404,7 @@ class AuthFederationSaml2Resource(_AuthFederationWebSSOBase): validation.lazy_validate(federation_schema.saml_create, auth) response, service_provider = saml.create_base_saml_assertion(auth) headers = _build_response_headers(service_provider) - response = flask.make_response(response.to_string(), http_client.OK) + response = flask.make_response(response.to_string(), http.client.OK) for header, value in headers: response.headers[header] = value return response @@ -431,7 +431,7 @@ class AuthFederationSaml2ECPResource(_AuthFederationWebSSOBase): saml_assertion, relay_state_prefix) headers = _build_response_headers(service_provider) response = flask.make_response( - ecp_assertion.to_string(), http_client.OK) + ecp_assertion.to_string(), http.client.OK) for header, value in headers: response.headers[header] = value return response diff --git a/keystone/api/credentials.py b/keystone/api/credentials.py index 580f0d53a8..0889c6c8fe 100644 --- a/keystone/api/credentials.py +++ b/keystone/api/credentials.py @@ -15,8 +15,8 @@ import hashlib import flask +import http.client from oslo_serialization import jsonutils -from six.moves import http_client from keystone.common import provider_api from keystone.common import rbac_enforcer @@ -150,7 +150,7 @@ class CredentialResource(ks_flask.ResourceBase): self._normalize_dict(credential), trust_id=trust_id) ref = PROVIDERS.credential_api.create_credential( ref['id'], ref, initiator=self.audit_initiator) - return self.wrap_member(ref), http_client.CREATED + return self.wrap_member(ref), http.client.CREATED def patch(self, credential_id): # Update Credential @@ -176,7 +176,7 @@ class CredentialResource(ks_flask.ResourceBase): return (PROVIDERS.credential_api.delete_credential( credential_id, initiator=self.audit_initiator), - http_client.NO_CONTENT) + http.client.NO_CONTENT) class CredentialAPI(ks_flask.APIBase): diff --git a/keystone/api/discovery.py b/keystone/api/discovery.py index 92ce7e08ff..31f25d40c6 100644 --- a/keystone/api/discovery.py +++ b/keystone/api/discovery.py @@ -12,8 +12,8 @@ import flask from flask import request +import http.client from oslo_serialization import jsonutils -from six.moves import http_client from keystone.common import json_home import keystone.conf @@ -79,7 +79,7 @@ def get_versions(): {'versions': { 'values': list(versions.values())}}), mimetype=MimeTypes.JSON, - status=http_client.MULTIPLE_CHOICES) + status=http.client.MULTIPLE_CHOICES) response.headers['Location'] = preferred_location return response diff --git a/keystone/api/domains.py b/keystone/api/domains.py index 8e4cf26419..9852a0b75a 100644 --- a/keystone/api/domains.py +++ b/keystone/api/domains.py @@ -15,7 +15,7 @@ import flask import flask_restful import functools -from six.moves import http_client +import http.client from keystone.common import json_home from keystone.common import provider_api @@ -127,7 +127,7 @@ class DomainResource(ks_flask.ResourceBase): domain = self._normalize_dict(domain) ref = PROVIDERS.resource_api.create_domain( domain['id'], domain, initiator=self.audit_initiator) - return self.wrap_member(ref), http_client.CREATED + return self.wrap_member(ref), http.client.CREATED def patch(self, domain_id): """Update domain. @@ -150,7 +150,7 @@ class DomainResource(ks_flask.ResourceBase): ENFORCER.enforce_call(action='identity:delete_domain') PROVIDERS.resource_api.delete_domain( domain_id, initiator=self.audit_initiator) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class DomainConfigBase(ks_flask.ResourceBase): @@ -217,7 +217,7 @@ class DomainConfigBase(ks_flask.ResourceBase): PROVIDERS.resource_api.get_domain(domain_id) PROVIDERS.domain_config_api.delete_config( domain_id, group, option=option) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class DomainConfigResource(DomainConfigBase): @@ -247,7 +247,7 @@ class DomainConfigResource(DomainConfigBase): if original_config: return {self.member_key: ref} else: - return {self.member_key: ref}, http_client.CREATED + return {self.member_key: ref}, http.client.CREATED class DomainConfigGroupResource(DomainConfigBase): @@ -337,7 +337,7 @@ class DomainUserResource(ks_flask.ResourceBase): PROVIDERS.assignment_api.get_grant( role_id, domain_id=domain_id, user_id=user_id, inherited_to_projects=False) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def put(self, domain_id=None, user_id=None, role_id=None): """Create a role to a user on a domain. @@ -350,7 +350,7 @@ class DomainUserResource(ks_flask.ResourceBase): PROVIDERS.assignment_api.create_grant( role_id, domain_id=domain_id, user_id=user_id, inherited_to_projects=False, initiator=self.audit_initiator) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def delete(self, domain_id=None, user_id=None, role_id=None): """Revoke a role from user on a domain. @@ -364,7 +364,7 @@ class DomainUserResource(ks_flask.ResourceBase): PROVIDERS.assignment_api.delete_grant( role_id, domain_id=domain_id, user_id=user_id, inherited_to_projects=False, initiator=self.audit_initiator) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class DomainGroupListResource(flask_restful.Resource): @@ -398,7 +398,7 @@ class DomainGroupResource(ks_flask.ResourceBase): PROVIDERS.assignment_api.get_grant( role_id, domain_id=domain_id, group_id=group_id, inherited_to_projects=False) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def put(self, domain_id=None, group_id=None, role_id=None): """Grant a role to a group on a domain. @@ -411,7 +411,7 @@ class DomainGroupResource(ks_flask.ResourceBase): PROVIDERS.assignment_api.create_grant( role_id, domain_id=domain_id, group_id=group_id, inherited_to_projects=False, initiator=self.audit_initiator) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def delete(self, domain_id=None, group_id=None, role_id=None): """Revoke a role from a group on a domain. @@ -425,7 +425,7 @@ class DomainGroupResource(ks_flask.ResourceBase): PROVIDERS.assignment_api.delete_grant( role_id, domain_id=domain_id, group_id=group_id, inherited_to_projects=False, initiator=self.audit_initiator) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class DomainAPI(ks_flask.APIBase): diff --git a/keystone/api/ec2tokens.py b/keystone/api/ec2tokens.py index d10b429b9c..12096db9e1 100644 --- a/keystone/api/ec2tokens.py +++ b/keystone/api/ec2tokens.py @@ -13,9 +13,9 @@ # This file handles all flask-restful resources for /v3/ec2tokens import flask +import http.client from keystoneclient.contrib.ec2 import utils as ec2_utils from oslo_serialization import jsonutils -from six.moves import http_client from keystone.api._shared import EC2_S3_Resource from keystone.api._shared import json_home_relations @@ -67,7 +67,7 @@ class EC2TokensResource(EC2_S3_Resource.ResourceBase): token = self.handle_authenticate() token_reference = render_token.render_token_response_from_model(token) resp_body = jsonutils.dumps(token_reference) - response = flask.make_response(resp_body, http_client.OK) + response = flask.make_response(resp_body, http.client.OK) response.headers['X-Subject-Token'] = token.id response.headers['Content-Type'] = 'application/json' return response diff --git a/keystone/api/endpoints.py b/keystone/api/endpoints.py index a1b73dd379..66496ded5b 100644 --- a/keystone/api/endpoints.py +++ b/keystone/api/endpoints.py @@ -13,7 +13,7 @@ # This file handles all flask-restful resources for /v3/services import flask_restful -from six.moves import http_client +import http.client from keystone.api._shared import json_home_relations from keystone.catalog import schema @@ -97,7 +97,7 @@ class EndpointResource(ks_flask.ResourceBase): endpoint = self._validate_endpoint_region(endpoint) ref = PROVIDERS.catalog_api.create_endpoint( endpoint['id'], endpoint, initiator=self.audit_initiator) - return self.wrap_member(_filter_endpoint(ref)), http_client.CREATED + return self.wrap_member(_filter_endpoint(ref)), http.client.CREATED def patch(self, endpoint_id): ENFORCER.enforce_call(action='identity:update_endpoint') @@ -113,7 +113,7 @@ class EndpointResource(ks_flask.ResourceBase): ENFORCER.enforce_call(action='identity:delete_endpoint') PROVIDERS.catalog_api.delete_endpoint(endpoint_id, initiator=self.audit_initiator) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class EndpointPolicyEndpointResource(flask_restful.Resource): diff --git a/keystone/api/groups.py b/keystone/api/groups.py index 483de9b4cb..f4283ba999 100644 --- a/keystone/api/groups.py +++ b/keystone/api/groups.py @@ -15,7 +15,7 @@ import flask import flask_restful import functools -from six.moves import http_client +import http.client from keystone.common import json_home from keystone.common import provider_api @@ -107,7 +107,7 @@ class GroupsResource(ks_flask.ResourceBase): group = self._normalize_domain_id(group) ref = PROVIDERS.identity_api.create_group( group, initiator=self.audit_initiator) - return self.wrap_member(ref), http_client.CREATED + return self.wrap_member(ref), http.client.CREATED def patch(self, group_id): """Update group. @@ -133,7 +133,7 @@ class GroupsResource(ks_flask.ResourceBase): ENFORCER.enforce_call(action='identity:delete_group') PROVIDERS.identity_api.delete_group( group_id, initiator=self.audit_initiator) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class GroupUsersResource(ks_flask.ResourceBase): @@ -194,7 +194,7 @@ class UserGroupCRUDResource(flask_restful.Resource): build_target=functools.partial(self._build_enforcement_target_attr, user_id, group_id)) PROVIDERS.identity_api.check_user_in_group(user_id, group_id) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def put(self, group_id, user_id): """Add user to group. @@ -207,7 +207,7 @@ class UserGroupCRUDResource(flask_restful.Resource): user_id, group_id)) PROVIDERS.identity_api.add_user_to_group( user_id, group_id, initiator=notifications.build_audit_initiator()) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def delete(self, group_id, user_id): """Remove user from group. @@ -220,7 +220,7 @@ class UserGroupCRUDResource(flask_restful.Resource): user_id, group_id)) PROVIDERS.identity_api.remove_user_from_group( user_id, group_id, initiator=notifications.build_audit_initiator()) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class GroupAPI(ks_flask.APIBase): diff --git a/keystone/api/limits.py b/keystone/api/limits.py index 83eed9bee1..d8f94c8ea0 100644 --- a/keystone/api/limits.py +++ b/keystone/api/limits.py @@ -14,7 +14,7 @@ import flask import flask_restful -from six.moves import http_client +import http.client from keystone.common import json_home from keystone.common import provider_api @@ -110,7 +110,7 @@ class LimitsResource(ks_flask.ResourceBase): refs = PROVIDERS.unified_limit_api.create_limits(limits) refs = self.wrap_collection(refs) refs.pop('links') - return refs, http_client.CREATED + return refs, http.client.CREATED def patch(self, limit_id): ENFORCER.enforce_call(action='identity:update_limit') @@ -124,7 +124,7 @@ class LimitsResource(ks_flask.ResourceBase): def delete(self, limit_id): ENFORCER.enforce_call(action='identity:delete_limit') return (PROVIDERS.unified_limit_api.delete_limit(limit_id), - http_client.NO_CONTENT) + http.client.NO_CONTENT) class LimitModelResource(flask_restful.Resource): diff --git a/keystone/api/os_ep_filter.py b/keystone/api/os_ep_filter.py index 9645496e73..c260983474 100644 --- a/keystone/api/os_ep_filter.py +++ b/keystone/api/os_ep_filter.py @@ -13,7 +13,7 @@ # This file handles all flask-restful resources for /OS-EP-FILTER import flask_restful -from six.moves import http_client +import http.client from keystone.api._shared import json_home_relations from keystone.api import endpoints as _endpoints_api @@ -90,7 +90,7 @@ class EndpointGroupsResource(ks_flask.ResourceBase): self._require_valid_filter(ep_group) ep_group = self._assign_unique_id(ep_group) return self.wrap_member(PROVIDERS.catalog_api.create_endpoint_group( - ep_group['id'], ep_group)), http_client.CREATED + ep_group['id'], ep_group)), http.client.CREATED def patch(self, endpoint_group_id): ENFORCER.enforce_call(action='identity:update_endpoint_group') @@ -105,7 +105,7 @@ class EndpointGroupsResource(ks_flask.ResourceBase): def delete(self, endpoint_group_id): ENFORCER.enforce_call(action='identity:delete_endpoint_group') return (PROVIDERS.catalog_api.delete_endpoint_group(endpoint_group_id), - http_client.NO_CONTENT) + http.client.NO_CONTENT) class EPFilterEndpointProjectsResource(flask_restful.Resource): @@ -127,19 +127,19 @@ class EPFilterProjectsEndpointsResource(flask_restful.Resource): PROVIDERS.resource_api.get_project(project_id) PROVIDERS.catalog_api.check_endpoint_in_project( endpoint_id, project_id) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def put(self, project_id, endpoint_id): ENFORCER.enforce_call(action='identity:add_endpoint_to_project') PROVIDERS.catalog_api.get_endpoint(endpoint_id) PROVIDERS.resource_api.get_project(project_id) PROVIDERS.catalog_api.add_endpoint_to_project(endpoint_id, project_id) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def delete(self, project_id, endpoint_id): ENFORCER.enforce_call(action='identity:remove_endpoint_from_project') return (PROVIDERS.catalog_api.remove_endpoint_from_project( - endpoint_id, project_id), http_client.NO_CONTENT) + endpoint_id, project_id), http.client.NO_CONTENT) class EPFilterProjectEndpointsListResource(flask_restful.Resource): @@ -219,7 +219,7 @@ class EPFilterGroupsProjectsResource(ks_flask.ResourceBase): PROVIDERS.catalog_api.get_endpoint_group(endpoint_group_id) PROVIDERS.catalog_api.add_endpoint_group_to_project( endpoint_group_id, project_id) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def delete(self, endpoint_group_id, project_id): ENFORCER.enforce_call( @@ -228,7 +228,7 @@ class EPFilterGroupsProjectsResource(ks_flask.ResourceBase): PROVIDERS.catalog_api.get_endpoint_group(endpoint_group_id) PROVIDERS.catalog_api.remove_endpoint_group_from_project( endpoint_group_id, project_id) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class EPFilterAPI(ks_flask.APIBase): diff --git a/keystone/api/os_federation.py b/keystone/api/os_federation.py index 840e13e059..6be4523c53 100644 --- a/keystone/api/os_federation.py +++ b/keystone/api/os_federation.py @@ -14,8 +14,8 @@ import flask import flask_restful +import http.client from oslo_serialization import jsonutils -from six.moves import http_client from keystone.api._shared import authentication from keystone.api._shared import json_home_relations @@ -137,7 +137,7 @@ class IdentityProvidersResource(_ResourceBase): idp.setdefault('enabled', False) idp_ref = PROVIDERS.federation_api.create_idp( idp_id, idp) - return self.wrap_member(idp_ref), http_client.CREATED + return self.wrap_member(idp_ref), http.client.CREATED def patch(self, idp_id): ENFORCER.enforce_call(action='identity:update_identity_provider') @@ -151,7 +151,7 @@ class IdentityProvidersResource(_ResourceBase): def delete(self, idp_id): ENFORCER.enforce_call(action='identity:delete_identity_provider') PROVIDERS.federation_api.delete_idp(idp_id) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class _IdentityProvidersProtocolsResourceBase(_ResourceBase): @@ -218,7 +218,7 @@ class IDPProtocolsCRUDResource(_IdentityProvidersProtocolsResourceBase): protocol = self._normalize_dict(protocol) ref = PROVIDERS.federation_api.create_protocol(idp_id, protocol_id, protocol) - return self.wrap_member(ref), http_client.CREATED + return self.wrap_member(ref), http.client.CREATED def patch(self, idp_id, protocol_id): """Update protocol for an IDP. @@ -241,7 +241,7 @@ class IDPProtocolsCRUDResource(_IdentityProvidersProtocolsResourceBase): """ ENFORCER.enforce_call(action='identity:delete_protocol') PROVIDERS.federation_api.delete_protocol(idp_id, protocol_id) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class MappingResource(_ResourceBase): @@ -282,7 +282,7 @@ class MappingResource(_ResourceBase): utils.validate_mapping_structure(mapping) mapping_ref = PROVIDERS.federation_api.create_mapping( mapping_id, mapping) - return self.wrap_member(mapping_ref), http_client.CREATED + return self.wrap_member(mapping_ref), http.client.CREATED def patch(self, mapping_id): """Update a mapping. @@ -304,7 +304,7 @@ class MappingResource(_ResourceBase): """ ENFORCER.enforce_call(action='identity:delete_mapping') PROVIDERS.federation_api.delete_mapping(mapping_id) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class ServiceProvidersResource(_ResourceBase): @@ -355,7 +355,7 @@ class ServiceProvidersResource(_ResourceBase): sp.setdefault('relay_state_prefix', CONF.saml.relay_state_prefix) sp_ref = PROVIDERS.federation_api.create_sp(sp_id, sp) - return self.wrap_member(sp_ref), http_client.CREATED + return self.wrap_member(sp_ref), http.client.CREATED def patch(self, sp_id): """Update a service provider. @@ -376,7 +376,7 @@ class ServiceProvidersResource(_ResourceBase): """ ENFORCER.enforce_call(action='identity:delete_service_provider') PROVIDERS.federation_api.delete_sp(sp_id) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class SAML2MetadataResource(flask_restful.Resource): @@ -393,7 +393,7 @@ class SAML2MetadataResource(flask_restful.Resource): except IOError as e: # Raise HTTP 500 in case Metadata file cannot be read. raise exception.MetadataFileError(reason=e) - resp = flask.make_response(metadata, http_client.OK) + resp = flask.make_response(metadata, http.client.OK) resp.headers['Content-Type'] = 'text/xml' return resp @@ -436,7 +436,7 @@ class OSFederationAuthResource(flask_restful.Resource): token = authentication.authenticate_for_token(auth) token_data = render_token.render_token_response_from_model(token) resp_data = jsonutils.dumps(token_data) - flask_resp = flask.make_response(resp_data, http_client.CREATED) + flask_resp = flask.make_response(resp_data, http.client.CREATED) flask_resp.headers['X-Subject-Token'] = token.id flask_resp.headers['Content-Type'] = 'application/json' return flask_resp diff --git a/keystone/api/os_inherit.py b/keystone/api/os_inherit.py index 63c32191e6..33503cefa0 100644 --- a/keystone/api/os_inherit.py +++ b/keystone/api/os_inherit.py @@ -14,8 +14,8 @@ import flask_restful import functools +import http.client from oslo_log import log -from six.moves import http_client from keystone.api._shared import json_home_relations from keystone.common import json_home @@ -118,7 +118,7 @@ class OSInheritDomainGroupRolesResource(flask_restful.Resource): PROVIDERS.assignment_api.get_grant( domain_id=domain_id, group_id=group_id, role_id=role_id, inherited_to_projects=True) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def put(self, domain_id, group_id, role_id): """Create an inherited grant for a group on a domain. @@ -135,7 +135,7 @@ class OSInheritDomainGroupRolesResource(flask_restful.Resource): PROVIDERS.assignment_api.create_grant( domain_id=domain_id, group_id=group_id, role_id=role_id, inherited_to_projects=True) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def delete(self, domain_id, group_id, role_id): """Revoke an inherited grant for a group on a domain. @@ -152,7 +152,7 @@ class OSInheritDomainGroupRolesResource(flask_restful.Resource): PROVIDERS.assignment_api.delete_grant( domain_id=domain_id, group_id=group_id, role_id=role_id, inherited_to_projects=True) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class OSInheritDomainGroupRolesListResource(flask_restful.Resource): @@ -189,7 +189,7 @@ class OSInheritDomainUserRolesResource(flask_restful.Resource): PROVIDERS.assignment_api.get_grant( domain_id=domain_id, user_id=user_id, role_id=role_id, inherited_to_projects=True) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def put(self, domain_id, user_id, role_id): """Create an inherited grant for a user on a domain. @@ -206,7 +206,7 @@ class OSInheritDomainUserRolesResource(flask_restful.Resource): PROVIDERS.assignment_api.create_grant( domain_id=domain_id, user_id=user_id, role_id=role_id, inherited_to_projects=True) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def delete(self, domain_id, user_id, role_id): """Revoke a grant from a user on a domain. @@ -223,7 +223,7 @@ class OSInheritDomainUserRolesResource(flask_restful.Resource): PROVIDERS.assignment_api.delete_grant( domain_id=domain_id, user_id=user_id, role_id=role_id, inherited_to_projects=True) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class OSInheritDomainUserRolesListResource(flask_restful.Resource): @@ -260,7 +260,7 @@ class OSInheritProjectUserResource(flask_restful.Resource): PROVIDERS.assignment_api.get_grant( project_id=project_id, user_id=user_id, role_id=role_id, inherited_to_projects=True) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def put(self, project_id, user_id, role_id): """Create an inherited grant for a user on a project. @@ -277,7 +277,7 @@ class OSInheritProjectUserResource(flask_restful.Resource): PROVIDERS.assignment_api.create_grant( project_id=project_id, user_id=user_id, role_id=role_id, inherited_to_projects=True) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def delete(self, project_id, user_id, role_id): """Revoke an inherited grant for a user on a project. @@ -294,7 +294,7 @@ class OSInheritProjectUserResource(flask_restful.Resource): PROVIDERS.assignment_api.delete_grant( project_id=project_id, user_id=user_id, role_id=role_id, inherited_to_projects=True) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class OSInheritProjectGroupResource(flask_restful.Resource): @@ -313,7 +313,7 @@ class OSInheritProjectGroupResource(flask_restful.Resource): PROVIDERS.assignment_api.get_grant( project_id=project_id, group_id=group_id, role_id=role_id, inherited_to_projects=True) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def put(self, project_id, group_id, role_id): """Create an inherited grant for a group on a project. @@ -330,7 +330,7 @@ class OSInheritProjectGroupResource(flask_restful.Resource): PROVIDERS.assignment_api.create_grant( project_id=project_id, group_id=group_id, role_id=role_id, inherited_to_projects=True) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def delete(self, project_id, group_id, role_id): """Revoke an inherited grant for a group on a project. @@ -347,7 +347,7 @@ class OSInheritProjectGroupResource(flask_restful.Resource): PROVIDERS.assignment_api.delete_grant( project_id=project_id, group_id=group_id, role_id=role_id, inherited_to_projects=True) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class OSInheritAPI(ks_flask.APIBase): diff --git a/keystone/api/os_oauth1.py b/keystone/api/os_oauth1.py index 498e18ad29..615d29c516 100644 --- a/keystone/api/os_oauth1.py +++ b/keystone/api/os_oauth1.py @@ -14,10 +14,10 @@ import flask import flask_restful +import http.client from oslo_log import log from oslo_utils import timeutils -from six.moves import http_client -from six.moves.urllib import parse as urlparse +from urllib import parse as urlparse from werkzeug import exceptions from keystone.api._shared import json_home_relations @@ -108,7 +108,7 @@ class ConsumerResource(ks_flask.ResourceBase): consumer = self._assign_unique_id(consumer) ref = PROVIDERS.oauth_api.create_consumer( consumer, initiator=self.audit_initiator) - return self.wrap_member(ref), http_client.CREATED + return self.wrap_member(ref), http.client.CREATED def delete(self, consumer_id): ENFORCER.enforce_call(action='identity:delete_consumer') @@ -122,7 +122,7 @@ class ConsumerResource(ks_flask.ResourceBase): notifications.invalidate_token_cache_notification(reason) PROVIDERS.oauth_api.delete_consumer( consumer_id, initiator=self.audit_initiator) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def patch(self, consumer_id): ENFORCER.enforce_call(action='identity:update_consumer') @@ -184,7 +184,7 @@ class RequestTokenResource(_OAuth1ResourceBase): expiry_bit = '&oauth_expires_at=%s' % token_ref['expires_at'] result += expiry_bit - resp = flask.make_response(result, http_client.CREATED) + resp = flask.make_response(result, http.client.CREATED) resp.headers['Content-Type'] = 'application/x-www-form-urlencoded' return resp @@ -276,7 +276,7 @@ class AccessTokenResource(_OAuth1ResourceBase): expiry_bit = '&oauth_expires_at=%s' % (token_ref['expires_at']) result += expiry_bit - resp = flask.make_response(result, http_client.CREATED) + resp = flask.make_response(result, http.client.CREATED) resp.headers['Content-Type'] = 'application/x-www-form-urlencoded' return resp diff --git a/keystone/api/policy.py b/keystone/api/policy.py index de75580595..6a51f9c58d 100644 --- a/keystone/api/policy.py +++ b/keystone/api/policy.py @@ -13,8 +13,8 @@ # This file handles all flask-restful resources for /policy import flask_restful +import http.client from oslo_log import versionutils -from six.moves import http_client from keystone.api._shared import json_home_relations from keystone.common import json_home @@ -72,7 +72,7 @@ class PolicyResource(ks_flask.ResourceBase): ref = PROVIDERS.policy_api.create_policy( policy['id'], policy, initiator=self.audit_initiator ) - return self.wrap_member(ref), http_client.CREATED + return self.wrap_member(ref), http.client.CREATED @versionutils.deprecated( as_of=versionutils.deprecated.QUEENS, @@ -97,7 +97,7 @@ class PolicyResource(ks_flask.ResourceBase): res = PROVIDERS.policy_api.delete_policy( policy_id, initiator=self.audit_initiator ) - return (res, http_client.NO_CONTENT) + return (res, http.client.NO_CONTENT) class EndpointPolicyResource(flask_restful.Resource): @@ -128,7 +128,7 @@ class EndpointPolicyAssociations(flask_restful.Resource): PROVIDERS.endpoint_policy_api.check_policy_association( policy_id, endpoint_id=endpoint_id ) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def put(self, policy_id, endpoint_id): action = 'identity:create_policy_association_for_endpoint' @@ -138,7 +138,7 @@ class EndpointPolicyAssociations(flask_restful.Resource): PROVIDERS.endpoint_policy_api.create_policy_association( policy_id, endpoint_id=endpoint_id ) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def delete(self, policy_id, endpoint_id): action = 'identity:delete_policy_association_for_endpoint' @@ -148,7 +148,7 @@ class EndpointPolicyAssociations(flask_restful.Resource): PROVIDERS.endpoint_policy_api.delete_policy_association( policy_id, endpoint_id=endpoint_id ) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class ServicePolicyAssociations(flask_restful.Resource): @@ -161,7 +161,7 @@ class ServicePolicyAssociations(flask_restful.Resource): PROVIDERS.endpoint_policy_api.check_policy_association( policy_id, service_id=service_id ) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def put(self, policy_id, service_id): action = 'identity:create_policy_association_for_service' @@ -171,7 +171,7 @@ class ServicePolicyAssociations(flask_restful.Resource): PROVIDERS.endpoint_policy_api.create_policy_association( policy_id, service_id=service_id ) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def delete(self, policy_id, service_id): action = 'identity:delete_policy_association_for_service' @@ -181,7 +181,7 @@ class ServicePolicyAssociations(flask_restful.Resource): PROVIDERS.endpoint_policy_api.delete_policy_association( policy_id, service_id=service_id ) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class ServiceRegionPolicyAssociations(flask_restful.Resource): @@ -195,7 +195,7 @@ class ServiceRegionPolicyAssociations(flask_restful.Resource): PROVIDERS.endpoint_policy_api.check_policy_association( policy_id, service_id=service_id, region_id=region_id ) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def put(self, policy_id, service_id, region_id): action = 'identity:create_policy_association_for_region_and_service' @@ -206,7 +206,7 @@ class ServiceRegionPolicyAssociations(flask_restful.Resource): PROVIDERS.endpoint_policy_api.create_policy_association( policy_id, service_id=service_id, region_id=region_id ) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def delete(self, policy_id, service_id, region_id): action = 'identity:delete_policy_association_for_region_and_service' @@ -217,7 +217,7 @@ class ServiceRegionPolicyAssociations(flask_restful.Resource): PROVIDERS.endpoint_policy_api.delete_policy_association( policy_id, service_id=service_id, region_id=region_id ) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class PolicyAPI(ks_flask.APIBase): diff --git a/keystone/api/projects.py b/keystone/api/projects.py index 108971c212..27725d6b6c 100644 --- a/keystone/api/projects.py +++ b/keystone/api/projects.py @@ -15,7 +15,7 @@ import functools import flask -from six.moves import http_client +import http.client from keystone.common import json_home from keystone.common import provider_api @@ -179,7 +179,7 @@ class ProjectResource(ks_flask.ResourceBase): initiator=self.audit_initiator) except (exception.DomainNotFound, exception.ProjectNotFound) as e: raise exception.ValidationError(e) - return self.wrap_member(ref), http_client.CREATED + return self.wrap_member(ref), http.client.CREATED def patch(self, project_id): """Update project. @@ -211,7 +211,7 @@ class ProjectResource(ks_flask.ResourceBase): PROVIDERS.resource_api.delete_project( project_id, initiator=self.audit_initiator) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class _ProjectTagResourceBase(ks_flask.ResourceBase): @@ -268,7 +268,7 @@ class ProjectTagsResource(_ProjectTagResourceBase): build_target=_build_project_target_enforcement ) PROVIDERS.resource_api.update_project_tags(project_id, []) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class ProjectTagResource(_ProjectTagResourceBase): @@ -282,7 +282,7 @@ class ProjectTagResource(_ProjectTagResourceBase): build_target=_build_project_target_enforcement, ) PROVIDERS.resource_api.get_project_tag(project_id, value) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def put(self, project_id, value): """Add a single tag to a project. @@ -304,7 +304,7 @@ class ProjectTagResource(_ProjectTagResourceBase): initiator=self.audit_initiator ) url = '/'.join((ks_flask.base_url(), project_id, 'tags', value)) - response = flask.make_response('', http_client.CREATED) + response = flask.make_response('', http.client.CREATED) response.headers['Location'] = url return response @@ -318,7 +318,7 @@ class ProjectTagResource(_ProjectTagResourceBase): build_target=_build_project_target_enforcement ) PROVIDERS.resource_api.delete_project_tag(project_id, value) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class _ProjectGrantResourceBase(ks_flask.ResourceBase): @@ -375,7 +375,7 @@ class ProjectUserGrantResource(_ProjectGrantResourceBase): PROVIDERS.assignment_api.get_grant( role_id=role_id, user_id=user_id, project_id=project_id, inherited_to_projects=inherited) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def put(self, project_id, user_id, role_id): """Grant role for user on project. @@ -392,7 +392,7 @@ class ProjectUserGrantResource(_ProjectGrantResourceBase): PROVIDERS.assignment_api.create_grant( role_id=role_id, user_id=user_id, project_id=project_id, inherited_to_projects=inherited, initiator=self.audit_initiator) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def delete(self, project_id, user_id, role_id): """Delete grant of role for user on project. @@ -410,7 +410,7 @@ class ProjectUserGrantResource(_ProjectGrantResourceBase): PROVIDERS.assignment_api.delete_grant( role_id=role_id, user_id=user_id, project_id=project_id, inherited_to_projects=inherited, initiator=self.audit_initiator) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class ProjectUserListGrantResource(_ProjectGrantResourceBase): @@ -448,7 +448,7 @@ class ProjectGroupGrantResource(_ProjectGrantResourceBase): PROVIDERS.assignment_api.get_grant( role_id=role_id, group_id=group_id, project_id=project_id, inherited_to_projects=inherited) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def put(self, project_id, group_id, role_id): """Grant role for group on project. @@ -465,7 +465,7 @@ class ProjectGroupGrantResource(_ProjectGrantResourceBase): PROVIDERS.assignment_api.create_grant( role_id=role_id, group_id=group_id, project_id=project_id, inherited_to_projects=inherited, initiator=self.audit_initiator) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def delete(self, project_id, group_id, role_id): """Delete grant of role for group on project. @@ -483,7 +483,7 @@ class ProjectGroupGrantResource(_ProjectGrantResourceBase): PROVIDERS.assignment_api.delete_grant( role_id=role_id, group_id=group_id, project_id=project_id, inherited_to_projects=inherited, initiator=self.audit_initiator) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class ProjectGroupListGrantResource(_ProjectGrantResourceBase): diff --git a/keystone/api/regions.py b/keystone/api/regions.py index 692920bcc3..37f17e827f 100644 --- a/keystone/api/regions.py +++ b/keystone/api/regions.py @@ -12,7 +12,7 @@ # This file handles all flask-restful resources for /v3/regions -from six.moves import http_client +import http.client from keystone.catalog import schema from keystone.common import provider_api @@ -59,7 +59,7 @@ class RegionResource(ks_flask.ResourceBase): region = self._assign_unique_id(region) ref = PROVIDERS.catalog_api.create_region( region, initiator=self.audit_initiator) - return self.wrap_member(ref), http_client.CREATED + return self.wrap_member(ref), http.client.CREATED def put(self, region_id): ENFORCER.enforce_call(action='identity:create_region') @@ -77,7 +77,7 @@ class RegionResource(ks_flask.ResourceBase): ref = PROVIDERS.catalog_api.create_region( region, initiator=self.audit_initiator) - return self.wrap_member(ref), http_client.CREATED + return self.wrap_member(ref), http.client.CREATED def patch(self, region_id): ENFORCER.enforce_call(action='identity:update_region') @@ -90,7 +90,7 @@ class RegionResource(ks_flask.ResourceBase): def delete(self, region_id): ENFORCER.enforce_call(action='identity:delete_region') return PROVIDERS.catalog_api.delete_region( - region_id, initiator=self.audit_initiator), http_client.NO_CONTENT + region_id, initiator=self.audit_initiator), http.client.NO_CONTENT class RegionAPI(ks_flask.APIBase): diff --git a/keystone/api/registered_limits.py b/keystone/api/registered_limits.py index 6699e30af0..1d66f3be7a 100644 --- a/keystone/api/registered_limits.py +++ b/keystone/api/registered_limits.py @@ -13,7 +13,7 @@ # This file handles all flask-restful resources for /v3/registered_limits import flask -from six.moves import http_client +import http.client from keystone.common import json_home from keystone.common import provider_api @@ -62,7 +62,7 @@ class RegisteredLimitResource(ks_flask.ResourceBase): registered_limits) refs = self.wrap_collection(refs) refs.pop('links') - return refs, http_client.CREATED + return refs, http.client.CREATED def patch(self, registered_limit_id): ENFORCER.enforce_call(action='identity:update_registered_limit') @@ -78,7 +78,7 @@ class RegisteredLimitResource(ks_flask.ResourceBase): def delete(self, registered_limit_id): ENFORCER.enforce_call(action='identity:delete_registered_limit') return (PROVIDERS.unified_limit_api.delete_registered_limit( - registered_limit_id), http_client.NO_CONTENT) + registered_limit_id), http.client.NO_CONTENT) class RegisteredLimitsAPI(ks_flask.APIBase): diff --git a/keystone/api/roles.py b/keystone/api/roles.py index b24e798f5f..ee3a903e76 100644 --- a/keystone/api/roles.py +++ b/keystone/api/roles.py @@ -14,7 +14,7 @@ import flask import flask_restful -from six.moves import http_client +import http.client from keystone.api._shared import implied_roles as shared from keystone.assignment import schema @@ -114,7 +114,7 @@ class RoleResource(ks_flask.ResourceBase): role = self._normalize_dict(role) ref = PROVIDERS.role_api.create_role( role['id'], role, initiator=self.audit_initiator) - return self.wrap_member(ref), http_client.CREATED + return self.wrap_member(ref), http.client.CREATED def patch(self, role_id): """Update role. @@ -170,7 +170,7 @@ class RoleResource(ks_flask.ResourceBase): member_target_type='role', member_target=role) PROVIDERS.role_api.delete_role(role_id, initiator=self.audit_initiator) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def _build_enforcement_target_ref(): @@ -222,7 +222,7 @@ class RoleImplicationResource(flask_restful.Resource): # for a future fix. This should just return the above "get" however, # we document and implment this as a NO_CONTENT response. NO_CONTENT # here is incorrect. It is maintained as is for API contract reasons. - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def get(self, prior_role_id, implied_role_id): """Get implied role. @@ -258,7 +258,7 @@ class RoleImplicationResource(flask_restful.Resource): build_target=_build_enforcement_target_ref) PROVIDERS.role_api.create_implied_role(prior_role_id, implied_role_id) response_json = self._get_implied_role(prior_role_id, implied_role_id) - return response_json, http_client.CREATED + return response_json, http.client.CREATED def delete(self, prior_role_id, implied_role_id): """Delete implied role. @@ -268,7 +268,7 @@ class RoleImplicationResource(flask_restful.Resource): ENFORCER.enforce_call(action='identity:delete_implied_role', build_target=_build_enforcement_target_ref) PROVIDERS.role_api.delete_implied_role(prior_role_id, implied_role_id) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class RoleAPI(ks_flask.APIBase): diff --git a/keystone/api/s3tokens.py b/keystone/api/s3tokens.py index 72fe63791a..73d0b399e4 100644 --- a/keystone/api/s3tokens.py +++ b/keystone/api/s3tokens.py @@ -17,9 +17,8 @@ import hashlib import hmac import flask +import http.client from oslo_serialization import jsonutils -import six -from six.moves import http_client from keystone.api._shared import EC2_S3_Resource from keystone.api._shared import json_home_relations @@ -39,10 +38,7 @@ def _calculate_signature_v1(string_to_sign, secret_key): sign requests """ key = str(secret_key).encode('utf-8') - if six.PY2: - b64_encode = base64.encodestring - else: - b64_encode = base64.encodebytes + b64_encode = base64.encodebytes signed = b64_encode(hmac.new(key, string_to_sign, hashlib.sha1) .digest()).decode('utf-8').strip() return signed @@ -100,7 +96,7 @@ class S3Resource(EC2_S3_Resource.ResourceBase): token = self.handle_authenticate() token_reference = render_token.render_token_response_from_model(token) resp_body = jsonutils.dumps(token_reference) - response = flask.make_response(resp_body, http_client.OK) + response = flask.make_response(resp_body, http.client.OK) response.headers['Content-Type'] = 'application/json' return response diff --git a/keystone/api/services.py b/keystone/api/services.py index 721f64f385..207deaac99 100644 --- a/keystone/api/services.py +++ b/keystone/api/services.py @@ -12,7 +12,7 @@ # This file handles all flask-restful resources for /v3/services -from six.moves import http_client +import http.client from keystone.catalog import schema from keystone.common import provider_api @@ -52,7 +52,7 @@ class ServicesResource(ks_flask.ResourceBase): service = self._assign_unique_id(self._normalize_dict(service)) ref = PROVIDERS.catalog_api.create_service( service['id'], service, initiator=self.audit_initiator) - return self.wrap_member(ref), http_client.CREATED + return self.wrap_member(ref), http.client.CREATED def patch(self, service_id): ENFORCER.enforce_call(action='identity:update_service') @@ -66,7 +66,7 @@ class ServicesResource(ks_flask.ResourceBase): def delete(self, service_id): ENFORCER.enforce_call(action='identity:delete_service') return PROVIDERS.catalog_api.delete_service( - service_id, initiator=self.audit_initiator), http_client.NO_CONTENT + service_id, initiator=self.audit_initiator), http.client.NO_CONTENT class ServiceAPI(ks_flask.APIBase): diff --git a/keystone/api/system.py b/keystone/api/system.py index e9ee15d145..c68151868f 100644 --- a/keystone/api/system.py +++ b/keystone/api/system.py @@ -15,7 +15,7 @@ import flask import flask_restful import functools -from six.moves import http_client +import http.client from keystone.common import json_home from keystone.common import provider_api @@ -73,7 +73,7 @@ class SystemUsersResource(flask_restful.Resource): ENFORCER.enforce_call(action='identity:check_system_grant_for_user', build_target=_build_enforcement_target) PROVIDERS.assignment_api.check_system_grant_for_user(user_id, role_id) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def put(self, user_id, role_id): """Grant a role to a user on the system. @@ -83,7 +83,7 @@ class SystemUsersResource(flask_restful.Resource): ENFORCER.enforce_call(action='identity:create_system_grant_for_user', build_target=_build_enforcement_target) PROVIDERS.assignment_api.create_system_grant_for_user(user_id, role_id) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def delete(self, user_id, role_id): """Revoke a role from user on the system. @@ -96,7 +96,7 @@ class SystemUsersResource(flask_restful.Resource): _build_enforcement_target, allow_non_existing=True)) PROVIDERS.assignment_api.delete_system_grant_for_user(user_id, role_id) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class SystemGroupsRolesListResource(flask_restful.Resource): @@ -122,7 +122,7 @@ class SystemGroupsRolestResource(flask_restful.Resource): build_target=_build_enforcement_target) PROVIDERS.assignment_api.check_system_grant_for_group( group_id, role_id) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def put(self, group_id, role_id): """Grant a role to a group on the system. @@ -133,7 +133,7 @@ class SystemGroupsRolestResource(flask_restful.Resource): build_target=_build_enforcement_target) PROVIDERS.assignment_api.create_system_grant_for_group( group_id, role_id) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT def delete(self, group_id, role_id): """Revoke a role from the group on the system. @@ -147,7 +147,7 @@ class SystemGroupsRolestResource(flask_restful.Resource): allow_non_existing=True)) PROVIDERS.assignment_api.delete_system_grant_for_group( group_id, role_id) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class SystemAPI(ks_flask.APIBase): diff --git a/keystone/api/trusts.py b/keystone/api/trusts.py index 74638b0593..781b99efe5 100644 --- a/keystone/api/trusts.py +++ b/keystone/api/trusts.py @@ -17,9 +17,9 @@ import flask import flask_restful +import http.client from oslo_log import log from oslo_policy import _checks as op_checks -from six.moves import http_client from keystone.api._shared import json_home_relations from keystone.common import context @@ -305,7 +305,7 @@ class TrustResource(ks_flask.ResourceBase): initiator=self.audit_initiator) _normalize_trust_expires_at(return_trust) _normalize_trust_roles(return_trust) - return self.wrap_member(return_trust), http_client.CREATED + return self.wrap_member(return_trust), http.client.CREATED def delete(self, trust_id): ENFORCER.enforce_call(action='identity:delete_trust', @@ -336,7 +336,7 @@ class TrustResource(ks_flask.ResourceBase): raise exception.ForbiddenAction(action=action) PROVIDERS.trust_api.delete_trust(trust_id, initiator=self.audit_initiator) - return '', http_client.NO_CONTENT + return '', http.client.NO_CONTENT # NOTE(morgan): Since this Resource is not being used with the automatic diff --git a/keystone/api/users.py b/keystone/api/users.py index b5938b17aa..e4fa6761ed 100644 --- a/keystone/api/users.py +++ b/keystone/api/users.py @@ -17,8 +17,8 @@ import os import uuid import flask +import http.client from oslo_serialization import jsonutils -from six.moves import http_client from werkzeug import exceptions from keystone.api._shared import json_home_relations @@ -209,7 +209,7 @@ class UserResource(ks_flask.ResourceBase): ref = PROVIDERS.identity_api.create_user( user_data, initiator=self.audit_initiator) - return self.wrap_member(ref), http_client.CREATED + return self.wrap_member(ref), http.client.CREATED def patch(self, user_id): """Update a user. @@ -238,7 +238,7 @@ class UserResource(ks_flask.ResourceBase): build_target=_build_user_target_enforcement ) PROVIDERS.identity_api.delete_user(user_id) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class UserChangePasswordResource(ks_flask.ResourceBase): @@ -262,7 +262,7 @@ class UserChangePasswordResource(ks_flask.ResourceBase): raise ks_exception.Unauthorized( _('Error when changing user password: %s') % e ) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class UserProjectsResource(ks_flask.ResourceBase): @@ -370,7 +370,7 @@ class UserOSEC2CredentialsResourceListCreate(_UserOSEC2CredBaseResource): ) PROVIDERS.credential_api.create_credential(credential_id, cred_data) ref = _convert_v3_to_ec2_credential(cred_data) - return self.wrap_member(ref), http_client.CREATED + return self.wrap_member(ref), http.client.CREATED class UserOSEC2CredentialsResourceGetDelete(_UserOSEC2CredBaseResource): @@ -408,7 +408,7 @@ class UserOSEC2CredentialsResourceGetDelete(_UserOSEC2CredBaseResource): ec2_cred_id = utils.hash_access_key(credential_id) self._get_cred_data(ec2_cred_id) PROVIDERS.credential_api.delete_credential(ec2_cred_id) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class _OAuth1ResourceBase(ks_flask.ResourceBase): @@ -476,7 +476,7 @@ class OAuth1AccessTokenCRUDResource(_OAuth1ResourceBase): notifications.invalidate_token_cache_notification(reason) PROVIDERS.oauth_api.delete_access_token( user_id, access_token_id, initiator=self.audit_initiator) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class OAuth1AccessTokenRoleListResource(ks_flask.ResourceBase): @@ -621,7 +621,7 @@ class UserAppCredListCreateResource(ks_flask.ResourceBase): # https://specs.openstack.org/openstack/api-wg/guidelines/http.html#failure-code-clarifications raise ks_exception.ApplicationCredentialValidationError( detail=str(e)) - return self.wrap_member(ref), http_client.CREATED + return self.wrap_member(ref), http.client.CREATED class UserAppCredGetDeleteResource(ks_flask.ResourceBase): @@ -650,7 +650,7 @@ class UserAppCredGetDeleteResource(ks_flask.ResourceBase): _check_unrestricted_application_credential(token) PROVIDERS.application_credential_api.delete_application_credential( application_credential_id, initiator=self.audit_initiator) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class UserAccessRuleListResource(ks_flask.ResourceBase): @@ -701,7 +701,7 @@ class UserAccessRuleGetDeleteResource(ks_flask.ResourceBase): ) PROVIDERS.application_credential_api.delete_access_rule( access_rule_id, initiator=self.audit_initiator) - return None, http_client.NO_CONTENT + return None, http.client.NO_CONTENT class UserAPI(ks_flask.APIBase): diff --git a/keystone/application_credential/backends/base.py b/keystone/application_credential/backends/base.py index 0a28c5062e..941682a65f 100644 --- a/keystone/application_credential/backends/base.py +++ b/keystone/application_credential/backends/base.py @@ -14,13 +14,10 @@ import abc -import six - from keystone import exception -@six.add_metaclass(abc.ABCMeta) -class ApplicationCredentialDriverBase(object): +class ApplicationCredentialDriverBase(object, metaclass=abc.ABCMeta): @abc.abstractmethod def authenticate(self, application_credential_id, secret): diff --git a/keystone/assignment/backends/base.py b/keystone/assignment/backends/base.py index 43ad662338..0cf6146ee0 100644 --- a/keystone/assignment/backends/base.py +++ b/keystone/assignment/backends/base.py @@ -14,8 +14,6 @@ import abc -import six - import keystone.conf from keystone import exception @@ -23,8 +21,7 @@ from keystone import exception CONF = keystone.conf.CONF -@six.add_metaclass(abc.ABCMeta) -class AssignmentDriverBase(object): +class AssignmentDriverBase(object, metaclass=abc.ABCMeta): def _get_list_limit(self): return CONF.assignment.list_limit or CONF.list_limit diff --git a/keystone/assignment/role_backends/base.py b/keystone/assignment/role_backends/base.py index c195cd3bed..f7a0340f11 100644 --- a/keystone/assignment/role_backends/base.py +++ b/keystone/assignment/role_backends/base.py @@ -14,8 +14,6 @@ import abc -import six - import keystone.conf from keystone import exception @@ -31,8 +29,7 @@ NULL_DOMAIN_ID = '<>' CONF = keystone.conf.CONF -@six.add_metaclass(abc.ABCMeta) -class RoleDriverBase(object): +class RoleDriverBase(object, metaclass=abc.ABCMeta): def _get_list_limit(self): return CONF.role.list_limit or CONF.list_limit diff --git a/keystone/auth/core.py b/keystone/auth/core.py index 179f0fc1e2..7b40a108a3 100644 --- a/keystone/auth/core.py +++ b/keystone/auth/core.py @@ -11,10 +11,8 @@ # under the License. from functools import partial -import sys from oslo_log import log -import six import stevedore from keystone.common import driver_hints @@ -146,9 +144,8 @@ class AuthInfo(provider_api.ProviderAPIMixin, object): project_id=project_ref['id'], project=project_ref) except AssertionError as e: - LOG.warning(six.text_type(e)) - six.reraise(exception.Unauthorized, exception.Unauthorized(e), - sys.exc_info()[2]) + LOG.warning(e) + raise exception.Unauthorized from e def _assert_domain_is_enabled(self, domain_ref): try: @@ -156,9 +153,8 @@ class AuthInfo(provider_api.ProviderAPIMixin, object): domain_id=domain_ref['id'], domain=domain_ref) except AssertionError as e: - LOG.warning(six.text_type(e)) - six.reraise(exception.Unauthorized, exception.Unauthorized(e), - sys.exc_info()[2]) + LOG.warning(e) + raise exception.Unauthorized from e def _lookup_domain(self, domain_info): domain_id = domain_info.get('id') @@ -177,7 +173,7 @@ class AuthInfo(provider_api.ProviderAPIMixin, object): else: domain_ref = PROVIDERS.resource_api.get_domain(domain_id) except exception.DomainNotFound as e: - LOG.warning(six.text_type(e)) + LOG.warning(e) raise exception.Unauthorized(e) self._assert_domain_is_enabled(domain_ref) return domain_ref @@ -210,7 +206,7 @@ class AuthInfo(provider_api.ProviderAPIMixin, object): # disabled. self._lookup_domain({'id': domain_id}) except exception.ProjectNotFound as e: - LOG.warning(six.text_type(e)) + LOG.warning(e) raise exception.Unauthorized(e) self._assert_project_is_enabled(project_ref) return project_ref @@ -254,7 +250,7 @@ class AuthInfo(provider_api.ProviderAPIMixin, object): if len(app_creds) != 1: message = "Could not find application credential: %s" % name tr_message = _("Could not find application credential: %s") % name - LOG.warning(six.text_type(message)) + LOG.warning(message) raise exception.Unauthorized(tr_message) return app_creds[0] @@ -515,7 +511,7 @@ class UserMFARulesValidator(provider_api.ProviderAPIMixin, object): # No empty rules are allowed. _ok_rule = True for item in r_list: - if not isinstance(item, six.string_types): + if not isinstance(item, str): # Rules may only contain strings for method names # Reject a rule with non-string values LOG.info('Ignoring Rule %(rule)r; rule contains ' diff --git a/keystone/auth/plugins/base.py b/keystone/auth/plugins/base.py index 92c1100e90..b8ceb65ef7 100644 --- a/keystone/auth/plugins/base.py +++ b/keystone/auth/plugins/base.py @@ -15,8 +15,6 @@ import abc import collections -import six - from keystone.common import provider_api from keystone import exception @@ -25,8 +23,8 @@ AuthHandlerResponse = collections.namedtuple( 'AuthHandlerResponse', 'status, response_body, response_data') -@six.add_metaclass(abc.ABCMeta) -class AuthMethodHandler(provider_api.ProviderAPIMixin, object): +class AuthMethodHandler(provider_api.ProviderAPIMixin, object, + metaclass=abc.ABCMeta): """Abstract base class for an authentication plugin.""" def __init__(self): diff --git a/keystone/auth/plugins/core.py b/keystone/auth/plugins/core.py index f8dd87f502..1ae451df33 100644 --- a/keystone/auth/plugins/core.py +++ b/keystone/auth/plugins/core.py @@ -12,13 +12,10 @@ # License for the specific language governing permissions and limitations # under the License. -import sys - from oslo_log import log from pycadf import cadftaxonomy as taxonomy from pycadf import reason from pycadf import resource -import six from keystone.common import driver_hints from keystone.common import provider_api @@ -121,9 +118,8 @@ class BaseUserInfo(provider_api.ProviderAPIMixin, object): domain_id=domain_ref['id'], domain=domain_ref) except AssertionError as e: - LOG.warning(six.text_type(e)) - six.reraise(exception.Unauthorized, exception.Unauthorized(e), - sys.exc_info()[2]) + LOG.warning(e) + raise exception.Unauthorized from e def _assert_user_is_enabled(self, user_ref): try: @@ -131,9 +127,8 @@ class BaseUserInfo(provider_api.ProviderAPIMixin, object): user_id=user_ref['id'], user=user_ref) except AssertionError as e: - LOG.warning(six.text_type(e)) - six.reraise(exception.Unauthorized, exception.Unauthorized(e), - sys.exc_info()[2]) + LOG.warning(e) + raise exception.Unauthorized from e def _lookup_domain(self, domain_info): domain_id = domain_info.get('id') @@ -148,7 +143,7 @@ class BaseUserInfo(provider_api.ProviderAPIMixin, object): else: domain_ref = PROVIDERS.resource_api.get_domain(domain_id) except exception.DomainNotFound as e: - LOG.warning(six.text_type(e)) + LOG.warning(e) raise exception.Unauthorized(e) self._assert_domain_is_enabled(domain_ref) return domain_ref @@ -178,7 +173,7 @@ class BaseUserInfo(provider_api.ProviderAPIMixin, object): user_ref['domain_id']) self._assert_domain_is_enabled(domain_ref) except exception.UserNotFound as e: - LOG.warning(six.text_type(e)) + LOG.warning(e) # We need to special case USER NOT FOUND here for CADF # notifications as the normal path for notification(s) come from diff --git a/keystone/auth/plugins/external.py b/keystone/auth/plugins/external.py index 9d1351ada9..4fe896714d 100644 --- a/keystone/auth/plugins/external.py +++ b/keystone/auth/plugins/external.py @@ -17,7 +17,6 @@ import abc import flask -import six from keystone.auth.plugins import base from keystone.common import provider_api @@ -30,8 +29,7 @@ CONF = keystone.conf.CONF PROVIDERS = provider_api.ProviderAPIs -@six.add_metaclass(abc.ABCMeta) -class Base(base.AuthMethodHandler): +class Base(base.AuthMethodHandler, metaclass=abc.ABCMeta): def authenticate(self, auth_payload): """Use REMOTE_USER to look up the user in the identity backend. diff --git a/keystone/auth/plugins/mapped.py b/keystone/auth/plugins/mapped.py index 5f568a8190..36f6366204 100644 --- a/keystone/auth/plugins/mapped.py +++ b/keystone/auth/plugins/mapped.py @@ -16,7 +16,7 @@ import uuid import flask from oslo_log import log from pycadf import cadftaxonomy as taxonomy -from six.moves.urllib import parse +from urllib import parse from keystone.auth import plugins as auth_plugins from keystone.auth.plugins import base diff --git a/keystone/auth/plugins/token.py b/keystone/auth/plugins/token.py index dc82f9c155..4441ba8242 100644 --- a/keystone/auth/plugins/token.py +++ b/keystone/auth/plugins/token.py @@ -14,7 +14,6 @@ import flask from oslo_log import log -import six from keystone.auth.plugins import base from keystone.auth.plugins import mapped @@ -124,5 +123,5 @@ def token_authenticate(token): return response_data except AssertionError as e: - LOG.error(six.text_type(e)) + LOG.error(e) raise exception.Unauthorized(e) diff --git a/keystone/auth/plugins/totp.py b/keystone/auth/plugins/totp.py index a792f2c375..133c8b4016 100644 --- a/keystone/auth/plugins/totp.py +++ b/keystone/auth/plugins/totp.py @@ -29,7 +29,6 @@ from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.twofactor import totp as crypto_totp from oslo_log import log from oslo_utils import timeutils -import six from keystone.auth import plugins from keystone.auth.plugins import base @@ -57,7 +56,7 @@ def _generate_totp_passcodes(secret, included_previous_windows=0): :param bytes secret: A base32 encoded secret for the TOTP authentication :returns: totp passcode as bytes """ - if isinstance(secret, six.text_type): + if isinstance(secret, str): # NOTE(dstanek): since this may be coming from the JSON stored in the # database it may be UTF-8 encoded secret = secret.encode('utf-8') diff --git a/keystone/catalog/backends/base.py b/keystone/catalog/backends/base.py index 57e29f9976..5903f0a6e7 100644 --- a/keystone/catalog/backends/base.py +++ b/keystone/catalog/backends/base.py @@ -14,8 +14,6 @@ import abc -import six - from keystone.common import provider_api import keystone.conf from keystone import exception @@ -24,8 +22,8 @@ from keystone import exception CONF = keystone.conf.CONF -@six.add_metaclass(abc.ABCMeta) -class CatalogDriverBase(provider_api.ProviderAPIMixin, object): +class CatalogDriverBase(provider_api.ProviderAPIMixin, object, + metaclass=abc.ABCMeta): """Interface description for the Catalog driver.""" def _get_list_limit(self): diff --git a/keystone/cmd/doctor/ldap.py b/keystone/cmd/doctor/ldap.py index 9950eda46b..7c56851f93 100644 --- a/keystone/cmd/doctor/ldap.py +++ b/keystone/cmd/doctor/ldap.py @@ -15,7 +15,7 @@ from __future__ import print_function import os import re -from six.moves import configparser +import configparser import keystone.conf diff --git a/keystone/common/manager.py b/keystone/common/manager.py index 9934fd8af9..41edafd664 100644 --- a/keystone/common/manager.py +++ b/keystone/common/manager.py @@ -18,7 +18,6 @@ import time import types from oslo_log import log -import six import stevedore from keystone.common import provider_api @@ -155,8 +154,7 @@ class _TraceMeta(type): return type.__new__(meta, classname, bases, final_cls_dict) -@six.add_metaclass(_TraceMeta) -class Manager(object): +class Manager(object, metaclass=_TraceMeta): """Base class for intermediary request layer. The Manager layer exists to support additional logic that applies to all diff --git a/keystone/common/resource_options/core.py b/keystone/common/resource_options/core.py index 2113a2342b..68fefe1896 100644 --- a/keystone/common/resource_options/core.py +++ b/keystone/common/resource_options/core.py @@ -12,8 +12,6 @@ """Options specific to resources managed by Keystone (Domain, User, etc).""" -import six - from keystone.common import validation from keystone.i18n import _ @@ -202,14 +200,14 @@ class ResourceOption(object): validator(s) used at the API layer :type json_schema_validation: dict """ - if not isinstance(option_id, six.string_types) and len(option_id) == 4: + if not isinstance(option_id, str) and len(option_id) == 4: raise TypeError(_('`option_id` must be a string, got %r') % option_id) elif len(option_id) != 4: raise ValueError(_('`option_id` must be 4 characters in ' 'length. Got %r') % option_id) - if not isinstance(option_name, six.string_types): + if not isinstance(option_name, str): raise TypeError(_('`option_name` must be a string. ' 'Got %r') % option_name) diff --git a/keystone/common/sql/core.py b/keystone/common/sql/core.py index 4d1b1f3760..b91b39c31b 100644 --- a/keystone/common/sql/core.py +++ b/keystone/common/sql/core.py @@ -31,7 +31,6 @@ from oslo_serialization import jsonutils from oslo_utils import timeutils from osprofiler import opts as profiler import osprofiler.sqlalchemy -import six import sqlalchemy as sql from sqlalchemy.ext import declarative from sqlalchemy.orm.attributes import flag_modified, InstrumentedAttribute @@ -103,8 +102,8 @@ def initialize_decorator(init): if isinstance(attr, InstrumentedAttribute): column = attr.property.columns[0] if isinstance(column.type, String): - if not isinstance(v, six.text_type): - v = six.text_type(v) + if not isinstance(v, str): + v = str(v) if column.type.length and column.type.length < len(v): raise exception.StringLengthExceeded( string=v, type=k, length=column.type.length) @@ -521,7 +520,7 @@ def handle_conflicts(conflict_type='object'): # exception details out with the raised Conflict exception # as it can contain raw SQL. LOG.debug(_conflict_msg, {'conflict_type': conflict_type, - 'details': six.text_type(e)}) + 'details': e}) name = None field = None domain_id = None @@ -560,7 +559,7 @@ def handle_conflicts(conflict_type='object'): # exception details out with the raised Conflict exception # as it can contain raw SQL. LOG.debug(_conflict_msg, {'conflict_type': conflict_type, - 'details': six.text_type(e)}) + 'details': e}) # NOTE(morganfainberg): This is really a case where the SQL # failed to store the data. This is not something that the # user has done wrong. Example would be a ForeignKey is diff --git a/keystone/common/sql/upgrades.py b/keystone/common/sql/upgrades.py index 91a11995b4..8bfe453cf1 100644 --- a/keystone/common/sql/upgrades.py +++ b/keystone/common/sql/upgrades.py @@ -21,7 +21,6 @@ from migrate import exceptions from migrate.versioning import api as versioning_api from oslo_db import exception as db_exception from oslo_db.sqlalchemy import migration -import six import sqlalchemy from keystone.common import sql @@ -189,7 +188,7 @@ def get_init_version(abs_path=None): def _assert_not_schema_downgrade(version=None): if version is not None: try: - current_ver = int(six.text_type(get_db_version())) + current_ver = int(str(get_db_version())) if int(version) < current_ver: raise migration.exception.DBMigrationError( _("Unable to downgrade schema")) diff --git a/keystone/common/utils.py b/keystone/common/utils.py index 126540091e..13140853a7 100644 --- a/keystone/common/utils.py +++ b/keystone/common/utils.py @@ -29,8 +29,8 @@ from oslo_serialization import jsonutils from oslo_utils import reflection from oslo_utils import strutils from oslo_utils import timeutils -import six -from six import moves +import urllib + from keystone.common import password_hashing import keystone.conf @@ -66,8 +66,6 @@ def resource_uuid(value): return value except ValueError: if len(value) <= 64: - if six.PY2 and isinstance(value, six.text_type): - value = value.encode('utf-8') return uuid.uuid5(RESOURCE_ID_NAMESPACE, value).hex raise ValueError(_('Length of transformable resource id > 64, ' 'which is max allowed characters')) @@ -101,7 +99,7 @@ class SmarterEncoder(jsonutils.json.JSONEncoder): def hash_access_key(access): hash_ = hashlib.sha256() - if not isinstance(access, six.binary_type): + if not isinstance(access, bytes): access = access.encode('utf-8') hash_.update(access) return hash_.hexdigest() @@ -136,7 +134,7 @@ def auth_str_equal(provided, known): result = 0 p_len = len(provided) k_len = len(known) - for i in moves.range(p_len): + for i in range(p_len): a = ord(provided[i]) if i < p_len else 0 b = ord(known[i]) if i < k_len else 0 result |= a ^ b @@ -193,7 +191,7 @@ def get_unix_user(user=None): :returns: tuple of (uid, name) """ - if isinstance(user, six.string_types): + if isinstance(user, str): try: user_info = pwd.getpwnam(user) except KeyError: @@ -251,7 +249,7 @@ def get_unix_group(group=None): :returns: tuple of (gid, name) """ - if isinstance(group, six.string_types): + if isinstance(group, str): try: group_info = grp.getgrnam(group) except KeyError: @@ -374,15 +372,15 @@ def lower_case_hostname(url): # NOTE(gyee): according to # https://www.w3.org/TR/WD-html40-970708/htmlweb.html, the netloc portion # of the URL is case-insensitive - parsed = moves.urllib.parse.urlparse(url) + parsed = urllib.parse.urlparse(url) # Note: _replace method for named tuples is public and defined in docs replaced = parsed._replace(netloc=parsed.netloc.lower()) - return moves.urllib.parse.urlunparse(replaced) + return urllib.parse.urlunparse(replaced) def remove_standard_port(url): # remove the default ports specified in RFC2616 and 2818 - o = moves.urllib.parse.urlparse(url) + o = urllib.parse.urlparse(url) separator = ':' (host, separator, port) = o.netloc.partition(separator) if o.scheme.lower() == 'http' and port == '80': @@ -394,7 +392,7 @@ def remove_standard_port(url): if o.scheme.lower() == 'https' and port == '443': o = o._replace(netloc=host) - return moves.urllib.parse.urlunparse(o) + return urllib.parse.urlunparse(o) def format_url(url, substitutions, silent_keyerror_failures=None): diff --git a/keystone/common/validation/validators.py b/keystone/common/validation/validators.py index 9c278b019d..94fbbbd1d3 100644 --- a/keystone/common/validation/validators.py +++ b/keystone/common/validation/validators.py @@ -16,7 +16,6 @@ import re import jsonschema from oslo_config import cfg from oslo_log import log -import six from keystone import exception from keystone.i18n import _ @@ -30,7 +29,7 @@ LOG = log.getLogger(__name__) def validate_password(password): pattern = CONF.security_compliance.password_regex if pattern: - if not isinstance(password, six.string_types): + if not isinstance(password, str): detail = _("Password must be a string type") raise exception.PasswordValidationError(detail=detail) try: @@ -81,10 +80,10 @@ class SchemaValidator(object): # too long, then we should build the masking in here so that # we don't expose sensitive user information in the event it # fails validation. - path = '/'.join(map(six.text_type, ex.path)) + path = '/'.join(map(str, ex.path)) detail = _("Invalid input for field '%(path)s': " "%(message)s") % {'path': path, - 'message': six.text_type(ex)} + 'message': str(ex)} else: - detail = six.text_type(ex) + detail = str(ex) raise exception.SchemaValidationError(detail=detail) diff --git a/keystone/credential/backends/base.py b/keystone/credential/backends/base.py index cbe9668189..ac16058c7b 100644 --- a/keystone/credential/backends/base.py +++ b/keystone/credential/backends/base.py @@ -15,7 +15,6 @@ import abc from oslo_log import log -import six from keystone import exception @@ -23,8 +22,7 @@ from keystone import exception LOG = log.getLogger(__name__) -@six.add_metaclass(abc.ABCMeta) -class CredentialDriverBase(object): +class CredentialDriverBase(object, metaclass=abc.ABCMeta): # credential crud @abc.abstractmethod diff --git a/keystone/credential/backends/sql.py b/keystone/credential/backends/sql.py index 5618749078..3d78ff87ab 100644 --- a/keystone/credential/backends/sql.py +++ b/keystone/credential/backends/sql.py @@ -13,7 +13,6 @@ # under the License. from oslo_db import api as oslo_db_api -import six from sqlalchemy.ext.hybrid import hybrid_property from keystone.common import driver_hints @@ -45,7 +44,7 @@ class CredentialModel(sql.ModelBase, sql.ModelDictMixinWithExtras): # Make sure to hand over the encrypted credential as a string value # to the backend driver to avoid the sql drivers (esp. psycopg2) # treating this as binary data and e.g. hex-escape it. - if six.PY3 and isinstance(encrypted_blob, six.binary_type): + if isinstance(encrypted_blob, bytes): encrypted_blob = encrypted_blob.decode('utf-8') self._encrypted_blob = encrypted_blob diff --git a/keystone/credential/providers/core.py b/keystone/credential/providers/core.py index cb37daab4b..79f8e3a728 100644 --- a/keystone/credential/providers/core.py +++ b/keystone/credential/providers/core.py @@ -12,11 +12,8 @@ import abc -import six - -@six.add_metaclass(abc.ABCMeta) -class Provider(object): +class Provider(object, metaclass=abc.ABCMeta): """Interface for credential providers that support encryption.""" @abc.abstractmethod diff --git a/keystone/credential/providers/fernet/core.py b/keystone/credential/providers/fernet/core.py index 5c3e43e55c..00e197a377 100644 --- a/keystone/credential/providers/fernet/core.py +++ b/keystone/credential/providers/fernet/core.py @@ -14,7 +14,6 @@ import hashlib from cryptography import fernet from oslo_log import log -import six from keystone.common import fernet_utils import keystone.conf @@ -55,7 +54,7 @@ def get_multi_fernet_keys(): def primary_key_hash(keys): """Calculate a hash of the primary key used for encryption.""" - if isinstance(keys[0], six.text_type): + if isinstance(keys[0], str): keys[0] = keys[0].encode('utf-8') # NOTE(lhinds) This is marked as #nosec since bandit will see SHA1 which # is marked as insecure. However, this hash function is used alongside @@ -103,7 +102,7 @@ class Provider(core.Provider): crypto = fernet.MultiFernet(fernet_keys) try: - if isinstance(credential, six.text_type): + if isinstance(credential, str): credential = credential.encode('utf-8') return crypto.decrypt(credential).decode('utf-8') except (fernet.InvalidToken, TypeError, ValueError): diff --git a/keystone/endpoint_policy/backends/base.py b/keystone/endpoint_policy/backends/base.py index c1d95242e4..5ff414c1aa 100644 --- a/keystone/endpoint_policy/backends/base.py +++ b/keystone/endpoint_policy/backends/base.py @@ -11,13 +11,11 @@ # under the License. import abc -import six from keystone import exception -@six.add_metaclass(abc.ABCMeta) -class EndpointPolicyDriverBase(object): +class EndpointPolicyDriverBase(object, metaclass=abc.ABCMeta): """Interface description for an Endpoint Policy driver.""" @abc.abstractmethod diff --git a/keystone/exception.py b/keystone/exception.py index 4fe00d90ba..ff6b32289c 100644 --- a/keystone/exception.py +++ b/keystone/exception.py @@ -12,10 +12,9 @@ # License for the specific language governing permissions and limitations # under the License. +import http.client from oslo_log import log from oslo_utils import encodeutils -import six -from six.moves import http_client import keystone.conf from keystone.i18n import _ @@ -60,8 +59,7 @@ class _KeystoneExceptionMeta(type): return cls -@six.add_metaclass(_KeystoneExceptionMeta) -class Error(Exception): +class Error(Exception, metaclass=_KeystoneExceptionMeta): """Base error class. Child classes should define an HTTP status code, title, and a @@ -102,8 +100,8 @@ class ValidationError(Error): " The server could not comply with the request" " since it is either malformed or otherwise" " incorrect. The client is assumed to be in error.") - code = int(http_client.BAD_REQUEST) - title = http_client.responses[http_client.BAD_REQUEST] + code = int(http.client.BAD_REQUEST) + title = http.client.responses[http.client.BAD_REQUEST] class URLValidationError(ValidationError): @@ -154,8 +152,8 @@ class ValidationTimeStampError(Error): " The server could not comply with the request" " since it is either malformed or otherwise" " incorrect. The client is assumed to be in error.") - code = int(http_client.BAD_REQUEST) - title = http_client.responses[http_client.BAD_REQUEST] + code = int(http.client.BAD_REQUEST) + title = http.client.responses[http.client.BAD_REQUEST] class InvalidOperatorError(ValidationError): @@ -169,8 +167,8 @@ class ValidationExpirationError(Error): " The server could not comply with the request" " since it is either malformed or otherwise" " incorrect. The client is assumed to be in error.") - code = int(http_client.BAD_REQUEST) - title = http_client.responses[http_client.BAD_REQUEST] + code = int(http.client.BAD_REQUEST) + title = http.client.responses[http.client.BAD_REQUEST] class StringLengthExceeded(ValidationError): @@ -192,8 +190,8 @@ class ApplicationCredentialValidationError(ValidationError): class CircularRegionHierarchyError(Error): message_format = _("The specified parent region %(parent_region_id)s " "would create a circular region hierarchy.") - code = int(http_client.BAD_REQUEST) - title = http_client.responses[http_client.BAD_REQUEST] + code = int(http.client.BAD_REQUEST) + title = http.client.responses[http.client.BAD_REQUEST] class ForbiddenNotSecurity(Error): @@ -204,8 +202,8 @@ class ForbiddenNotSecurity(Error): """ - code = int(http_client.FORBIDDEN) - title = http_client.responses[http_client.FORBIDDEN] + code = int(http.client.FORBIDDEN) + title = http.client.responses[http.client.FORBIDDEN] class PasswordVerificationError(ForbiddenNotSecurity): @@ -265,7 +263,7 @@ class SecurityError(Error): def _build_message(self, message, **kwargs): """Only returns detailed messages in insecure_debug mode.""" if message and CONF.insecure_debug: - if isinstance(message, six.string_types): + if isinstance(message, str): # Only do replacement if message is string. The message is # sometimes a different exception or bytes, which would raise # TypeError. @@ -279,8 +277,8 @@ class SecurityError(Error): class Unauthorized(SecurityError): message_format = _("The request you have made requires authentication.") - code = int(http_client.UNAUTHORIZED) - title = http_client.responses[http_client.UNAUTHORIZED] + code = int(http.client.UNAUTHORIZED) + title = http.client.responses[http.client.UNAUTHORIZED] class InsufficientAuthMethods(Error): @@ -349,8 +347,8 @@ class AdditionalAuthRequired(AuthPluginException): class Forbidden(SecurityError): message_format = _("You are not authorized to perform the" " requested action.") - code = int(http_client.FORBIDDEN) - title = http_client.responses[http_client.FORBIDDEN] + code = int(http.client.FORBIDDEN) + title = http.client.responses[http.client.FORBIDDEN] class ForbiddenAction(Forbidden): @@ -391,8 +389,8 @@ class LimitTreeExceedError(Exception): class NotFound(Error): message_format = _("Could not find: %(target)s.") - code = int(http_client.NOT_FOUND) - title = http_client.responses[http_client.NOT_FOUND] + code = int(http.client.NOT_FOUND) + title = http.client.responses[http.client.NOT_FOUND] class EndpointNotFound(NotFound): @@ -556,8 +554,8 @@ class AccessRuleNotFound(NotFound): class Conflict(Error): message_format = _("Conflict occurred attempting to store %(type)s -" " %(details)s.") - code = int(http_client.CONFLICT) - title = http_client.responses[http_client.CONFLICT] + code = int(http.client.CONFLICT) + title = http.client.responses[http.client.CONFLICT] class UnexpectedError(SecurityError): @@ -579,8 +577,8 @@ class UnexpectedError(SecurityError): return super(UnexpectedError, self)._build_message( message or self.debug_message_format, **kwargs) - code = int(http_client.INTERNAL_SERVER_ERROR) - title = http_client.responses[http_client.INTERNAL_SERVER_ERROR] + code = int(http.client.INTERNAL_SERVER_ERROR) + title = http.client.responses[http.client.INTERNAL_SERVER_ERROR] class TrustConsumeMaximumAttempt(UnexpectedError): @@ -618,15 +616,15 @@ class AssignmentTypeCalculationError(UnexpectedError): class NotImplemented(Error): message_format = _("The action you have requested has not" " been implemented.") - code = int(http_client.NOT_IMPLEMENTED) - title = http_client.responses[http_client.NOT_IMPLEMENTED] + code = int(http.client.NOT_IMPLEMENTED) + title = http.client.responses[http.client.NOT_IMPLEMENTED] class Gone(Error): message_format = _("The service you have requested is no" " longer available on this server.") - code = int(http_client.GONE) - title = http_client.responses[http_client.GONE] + code = int(http.client.GONE) + title = http.client.responses[http.client.GONE] class ConfigFileNotFound(UnexpectedError): diff --git a/keystone/federation/backends/base.py b/keystone/federation/backends/base.py index 3570a090ad..cc25a4aa36 100644 --- a/keystone/federation/backends/base.py +++ b/keystone/federation/backends/base.py @@ -14,13 +14,10 @@ import abc -import six - from keystone import exception -@six.add_metaclass(abc.ABCMeta) -class FederationDriverBase(object): +class FederationDriverBase(object, metaclass=abc.ABCMeta): @abc.abstractmethod def create_idp(self, idp_id, idp): diff --git a/keystone/federation/backends/sql.py b/keystone/federation/backends/sql.py index 0b79973277..ca7a592d3a 100644 --- a/keystone/federation/backends/sql.py +++ b/keystone/federation/backends/sql.py @@ -14,7 +14,6 @@ from oslo_log import log from oslo_serialization import jsonutils -import six from sqlalchemy import orm from keystone.common import sql @@ -169,7 +168,7 @@ class Federation(base.FederationDriverBase): def _handle_idp_conflict(self, e): conflict_type = 'identity_provider' - details = six.text_type(e) + details = str(e) LOG.debug(self._CONFLICT_LOG_MSG, {'conflict_type': conflict_type, 'details': details}) if 'remote_id' in details: diff --git a/keystone/federation/utils.py b/keystone/federation/utils.py index 7dea74f08c..9bfaea8c02 100644 --- a/keystone/federation/utils.py +++ b/keystone/federation/utils.py @@ -20,7 +20,6 @@ import jsonschema from oslo_config import cfg from oslo_log import log from oslo_utils import timeutils -import six from keystone.common import provider_api import keystone.conf @@ -437,7 +436,7 @@ def get_assertion_params_from_env(): # These bytes may be decodable as ISO-8859-1 according to Section # 3.2.4 of RFC 7230. Let's assume that our web server plugins are # correctly encoding the data. - if not isinstance(v, six.text_type) and getattr(v, 'decode', False): + if not isinstance(v, str) and getattr(v, 'decode', False): v = v.decode('ISO-8859-1') yield (k, v) @@ -526,7 +525,7 @@ class RuleProcessor(object): # any multiple values are stored in the arrays. LOG.debug('assertion data: %s', assertion_data) assertion = {n: v.split(';') for n, v in assertion_data.items() - if isinstance(v, six.string_types)} + if isinstance(v, str)} LOG.debug('assertion: %s', assertion) identity_values = [] diff --git a/keystone/identity/backends/base.py b/keystone/identity/backends/base.py index bdd13ce9b8..45c454a4ad 100644 --- a/keystone/identity/backends/base.py +++ b/keystone/identity/backends/base.py @@ -14,8 +14,6 @@ import abc -import six - import keystone.conf from keystone import exception @@ -48,8 +46,7 @@ def filter_user(user_ref): return user_ref -@six.add_metaclass(abc.ABCMeta) -class IdentityDriverBase(object): +class IdentityDriverBase(object, metaclass=abc.ABCMeta): """Interface description for an Identity driver. The schema for users and groups is different depending on whether the diff --git a/keystone/identity/backends/ldap/common.py b/keystone/identity/backends/ldap/common.py index 041f0d68c7..be734960d4 100644 --- a/keystone/identity/backends/ldap/common.py +++ b/keystone/identity/backends/ldap/common.py @@ -25,9 +25,6 @@ import ldap.filter import ldappool from oslo_log import log from oslo_utils import reflection -import six -from six.moves import zip -from six import PY2 from keystone.common import driver_hints from keystone import exception @@ -70,9 +67,9 @@ def utf8_encode(value): :returns: UTF-8 encoded version of value :raises TypeError: If value is not basestring """ - if isinstance(value, six.text_type): + if isinstance(value, str): return _utf8_encoder(value)[0] - elif isinstance(value, six.binary_type): + elif isinstance(value, bytes): return value else: value_cls_name = reflection.get_class_name( @@ -94,9 +91,9 @@ def utf8_decode(value): :returns: value as unicode :raises UnicodeDecodeError: for invalid UTF-8 encoding """ - if isinstance(value, six.binary_type): + if isinstance(value, bytes): return _utf8_decoder(value)[0] - return six.text_type(value) + return str(value) def py2ldap(val): @@ -113,7 +110,7 @@ def py2ldap(val): if isinstance(val, bool): return u'TRUE' if val else u'FALSE' else: - return six.text_type(val) + return str(val) def enabled2py(val): @@ -332,8 +329,7 @@ def dn_startswith(descendant_dn, dn): return is_dn_equal(descendant_dn[-len(dn):], dn) -@six.add_metaclass(abc.ABCMeta) -class LDAPHandler(object): +class LDAPHandler(object, metaclass=abc.ABCMeta): """Abstract class which defines methods for a LDAP API provider. Native Keystone values cannot be passed directly into and from the @@ -516,14 +512,7 @@ class PythonLDAPHandler(LDAPHandler): debug_level=debug_level, timeout=conn_timeout) - if PY2: - # NOTE: Once https://github.com/python-ldap/python-ldap/issues/249 - # is released, we can pass bytes_strictness='warn' as a parameter - # to ldap.initialize instead of setting it after ldap.initialize. - self.conn = ldap.initialize(url, bytes_mode=False) - self.conn.bytes_strictness = 'warn' - else: - self.conn = ldap.initialize(url) + self.conn = ldap.initialize(url) self.conn.protocol_version = ldap.VERSION3 if alias_dereferencing is not None: @@ -1272,7 +1261,7 @@ class BaseLdap(object): def _id_to_dn_string(self, object_id): return u'%s=%s,%s' % (self.id_attr, ldap.dn.escape_dn_chars( - six.text_type(object_id)), + str(object_id)), self.tree_dn) def _id_to_dn(self, object_id): @@ -1284,7 +1273,7 @@ class BaseLdap(object): u'(&(%(id_attr)s=%(id)s)(objectclass=%(objclass)s))' % {'id_attr': self.id_attr, 'id': ldap.filter.escape_filter_chars( - six.text_type(object_id)), + str(object_id)), 'objclass': self.object_class}, attrlist=DN_ONLY) if search_result: @@ -1478,7 +1467,7 @@ class BaseLdap(object): u'(objectClass=%(object_class)s))' % {'id_attr': self.id_attr, 'id': ldap.filter.escape_filter_chars( - six.text_type(object_id)), + str(object_id)), 'filter': (ldap_filter or self.ldap_filter or ''), 'object_class': self.object_class}) with self.get_connection() as conn: @@ -1579,7 +1568,7 @@ class BaseLdap(object): def get_by_name(self, name, ldap_filter=None): query = (u'(%s=%s)' % (self.attribute_mapping['name'], ldap.filter.escape_filter_chars( - six.text_type(name)))) + str(name)))) res = self.get_all(query) try: return res[0] diff --git a/keystone/identity/backends/ldap/core.py b/keystone/identity/backends/ldap/core.py index 2afa730e98..d1cf7608a3 100644 --- a/keystone/identity/backends/ldap/core.py +++ b/keystone/identity/backends/ldap/core.py @@ -17,7 +17,6 @@ import uuid import ldap.filter from oslo_log import log from oslo_log import versionutils -import six import keystone.conf from keystone import exception @@ -267,7 +266,7 @@ class UserApi(common_ldap.EnabledEmuMixIn, common_ldap.BaseLdap): # This could be a bool or a string. If it's a string, # we need to convert it so we can invert it properly. enabled = obj.get('enabled', self.enabled_default) - if isinstance(enabled, six.string_types): + if isinstance(enabled, str): if enabled.lower() == 'true': enabled = True else: diff --git a/keystone/identity/backends/resource_options.py b/keystone/identity/backends/resource_options.py index 95d85c67e2..2520366055 100644 --- a/keystone/identity/backends/resource_options.py +++ b/keystone/identity/backends/resource_options.py @@ -10,8 +10,6 @@ # License for the specific language governing permissions and limitations # under the License. -import six - from keystone.common import resource_options from keystone.common.validation import parameter_types from keystone.i18n import _ @@ -47,7 +45,7 @@ def _mfa_rules_validator_list_of_lists_of_strings_no_duplicates(value): # Add the sublist to the tracker sublists.append(sublist) for element in sublist: - if not isinstance(element, six.string_types): + if not isinstance(element, str): # Element of sublist is not a string, TypeError raise TypeError(msg) if element in string_set: diff --git a/keystone/identity/generator.py b/keystone/identity/generator.py index 015d296947..b390b55843 100644 --- a/keystone/identity/generator.py +++ b/keystone/identity/generator.py @@ -16,8 +16,6 @@ import abc -import six - from keystone.common import manager import keystone.conf from keystone import exception @@ -36,8 +34,7 @@ class Manager(manager.Manager): super(Manager, self).__init__(CONF.identity_mapping.generator) -@six.add_metaclass(abc.ABCMeta) -class IDGenerator(object): +class IDGenerator(object, metaclass=abc.ABCMeta): """Interface description for an ID Generator provider.""" @abc.abstractmethod diff --git a/keystone/identity/mapping_backends/base.py b/keystone/identity/mapping_backends/base.py index fb7f0ead6c..1d7499b1b0 100644 --- a/keystone/identity/mapping_backends/base.py +++ b/keystone/identity/mapping_backends/base.py @@ -14,14 +14,12 @@ import abc -import six - from keystone.common import provider_api from keystone import exception -@six.add_metaclass(abc.ABCMeta) -class MappingDriverBase(provider_api.ProviderAPIMixin, object): +class MappingDriverBase(provider_api.ProviderAPIMixin, object, + metaclass=abc.ABCMeta): """Interface description for an ID Mapping driver.""" @abc.abstractmethod diff --git a/keystone/identity/shadow_backends/base.py b/keystone/identity/shadow_backends/base.py index 5f505338bd..4fa3bb3253 100644 --- a/keystone/identity/shadow_backends/base.py +++ b/keystone/identity/shadow_backends/base.py @@ -14,13 +14,10 @@ import abc -import six - from keystone import exception -@six.add_metaclass(abc.ABCMeta) -class ShadowUsersDriverBase(object): +class ShadowUsersDriverBase(object, metaclass=abc.ABCMeta): """Interface description for an Shadow Users driver.""" @abc.abstractmethod diff --git a/keystone/limit/backends/base.py b/keystone/limit/backends/base.py index 864376c31c..e3f2d436b3 100644 --- a/keystone/limit/backends/base.py +++ b/keystone/limit/backends/base.py @@ -15,8 +15,6 @@ import abc -import six - import keystone.conf from keystone import exception @@ -24,8 +22,7 @@ from keystone import exception CONF = keystone.conf.CONF -@six.add_metaclass(abc.ABCMeta) -class UnifiedLimitDriverBase(object): +class UnifiedLimitDriverBase(object, metaclass=abc.ABCMeta): def _get_list_limit(self): return CONF.unified_limit.list_limit or CONF.list_limit diff --git a/keystone/limit/models/base.py b/keystone/limit/models/base.py index a2d5af2d60..281d08b5eb 100644 --- a/keystone/limit/models/base.py +++ b/keystone/limit/models/base.py @@ -11,7 +11,6 @@ # under the License. import abc -import six import stevedore import keystone.conf @@ -33,8 +32,7 @@ def load_driver(driver_name, *args): raise ImportError(msg % {'name': driver_name, 'namespace': namespace}) -@six.add_metaclass(abc.ABCMeta) -class ModelBase(object): +class ModelBase(object, metaclass=abc.ABCMeta): """Interface for a limit model driver.""" NAME = None diff --git a/keystone/models/receipt_model.py b/keystone/models/receipt_model.py index 8b4a2a132c..bb015b1727 100644 --- a/keystone/models/receipt_model.py +++ b/keystone/models/receipt_model.py @@ -15,7 +15,6 @@ from oslo_log import log from oslo_serialization import msgpackutils from oslo_utils import reflection -import six from keystone.auth import core from keystone.common import cache @@ -57,7 +56,7 @@ class ReceiptModel(object): @expires_at.setter def expires_at(self, value): - if not isinstance(value, six.string_types): + if not isinstance(value, str): raise ValueError('expires_at must be a string.') self.__expires_at = value @@ -67,7 +66,7 @@ class ReceiptModel(object): @issued_at.setter def issued_at(self, value): - if not isinstance(value, six.string_types): + if not isinstance(value, str): raise ValueError('issued_at must be a string.') self.__issued_at = value diff --git a/keystone/models/token_model.py b/keystone/models/token_model.py index 077f138b22..54c45f42a7 100644 --- a/keystone/models/token_model.py +++ b/keystone/models/token_model.py @@ -15,7 +15,6 @@ from oslo_log import log from oslo_serialization import msgpackutils from oslo_utils import reflection -import six from keystone.common import cache from keystone.common import provider_api @@ -101,7 +100,7 @@ class TokenModel(object): @expires_at.setter def expires_at(self, value): - if not isinstance(value, six.string_types): + if not isinstance(value, str): raise ValueError('expires_at must be a string.') self.__expires_at = value @@ -111,7 +110,7 @@ class TokenModel(object): @issued_at.setter def issued_at(self, value): - if not isinstance(value, six.string_types): + if not isinstance(value, str): raise ValueError('issued_at must be a string.') self.__issued_at = value diff --git a/keystone/oauth1/backends/base.py b/keystone/oauth1/backends/base.py index 56f722ddc6..f8142dd112 100644 --- a/keystone/oauth1/backends/base.py +++ b/keystone/oauth1/backends/base.py @@ -15,8 +15,6 @@ import abc import string -import six - from keystone import exception @@ -55,8 +53,7 @@ def filter_consumer(consumer_ref): return consumer_ref -@six.add_metaclass(abc.ABCMeta) -class Oauth1DriverBase(object): +class Oauth1DriverBase(object, metaclass=abc.ABCMeta): """Interface description for an OAuth1 driver.""" @abc.abstractmethod diff --git a/keystone/oauth1/validator.py b/keystone/oauth1/validator.py index 0270600527..0b601feed4 100644 --- a/keystone/oauth1/validator.py +++ b/keystone/oauth1/validator.py @@ -14,8 +14,6 @@ """oAuthlib request validator.""" -import six - from keystone.common import provider_api from keystone import exception from keystone.oauth1.backends import base @@ -178,7 +176,7 @@ class OAuthValidator(provider_api.ProviderAPIMixin, oauth1.RequestValidator): def verify_request_token(self, token, request): # there aren't strong expectations on the request token format - return isinstance(token, six.string_types) + return isinstance(token, str) def verify_realms(self, token, realms, request): return True diff --git a/keystone/policy/backends/base.py b/keystone/policy/backends/base.py index 9251f2482a..fc661dacdf 100644 --- a/keystone/policy/backends/base.py +++ b/keystone/policy/backends/base.py @@ -11,7 +11,6 @@ # under the License. import abc -import six import keystone.conf from keystone import exception @@ -20,8 +19,7 @@ from keystone import exception CONF = keystone.conf.CONF -@six.add_metaclass(abc.ABCMeta) -class PolicyDriverBase(object): +class PolicyDriverBase(object, metaclass=abc.ABCMeta): def _get_list_limit(self): return CONF.policy.list_limit or CONF.list_limit diff --git a/keystone/receipt/handlers.py b/keystone/receipt/handlers.py index db9192674f..9a8d3e4b02 100644 --- a/keystone/receipt/handlers.py +++ b/keystone/receipt/handlers.py @@ -13,8 +13,8 @@ # under the License. import flask +import http.client from oslo_serialization import jsonutils -from six.moves import http_client from keystone.common import authorization from keystone.common import provider_api @@ -68,7 +68,7 @@ def build_receipt(mfa_error): issue_receipt(mfa_error.user_id, mfa_error.methods) resp_data = _render_receipt_response_from_model(receipt) resp_body = jsonutils.dumps(resp_data) - response = flask.make_response(resp_body, http_client.UNAUTHORIZED) + response = flask.make_response(resp_body, http.client.UNAUTHORIZED) response.headers[authorization.AUTH_RECEIPT_HEADER] = receipt.id response.headers['Content-Type'] = 'application/json' return response diff --git a/keystone/receipt/provider.py b/keystone/receipt/provider.py index 6f30434d8f..6ea64d1efc 100644 --- a/keystone/receipt/provider.py +++ b/keystone/receipt/provider.py @@ -18,7 +18,6 @@ import datetime from oslo_log import log from oslo_utils import timeutils -import six from keystone.common import cache from keystone.common import manager @@ -159,7 +158,7 @@ class Manager(manager.Manager): if isinstance(expires_at, datetime.datetime): receipt.expires_at = utils.isotime(expires_at, subsecond=True) - if isinstance(expires_at, six.string_types): + if isinstance(expires_at, str): receipt.expires_at = expires_at elif not expires_at: receipt.expires_at = utils.isotime( diff --git a/keystone/receipt/providers/base.py b/keystone/receipt/providers/base.py index 15b96bcd05..47c8b52c17 100644 --- a/keystone/receipt/providers/base.py +++ b/keystone/receipt/providers/base.py @@ -14,13 +14,10 @@ import abc -import six - from keystone import exception -@six.add_metaclass(abc.ABCMeta) -class Provider(object): +class Provider(object, metaclass=abc.ABCMeta): """Interface description for a Receipt provider.""" @abc.abstractmethod diff --git a/keystone/receipt/receipt_formatters.py b/keystone/receipt/receipt_formatters.py index a5aac18867..b2d3a9ae05 100644 --- a/keystone/receipt/receipt_formatters.py +++ b/keystone/receipt/receipt_formatters.py @@ -71,8 +71,8 @@ class ReceiptFormatter(object): def pack(self, payload): """Pack a payload for transport as a receipt. - :type payload: six.binary_type - :rtype: six.text_type + :type payload: bytes + :rtype: str """ # base64 padding (if any) is not URL-safe @@ -81,8 +81,8 @@ class ReceiptFormatter(object): def unpack(self, receipt): """Unpack a receipt, and validate the payload. - :type receipt: six.text_type - :rtype: six.binary_type + :type receipt: str + :rtype: bytes """ receipt = ReceiptFormatter.restore_padding(receipt) @@ -98,7 +98,7 @@ class ReceiptFormatter(object): """Restore padding based on receipt size. :param receipt: receipt to restore padding on - :type receipt: six.text_type + :type receipt: str :returns: receipt with correct padding """ @@ -113,14 +113,14 @@ class ReceiptFormatter(object): def creation_time(cls, fernet_receipt): """Return the creation time of a valid Fernet receipt. - :type fernet_receipt: six.text_type + :type fernet_receipt: str """ fernet_receipt = ReceiptFormatter.restore_padding(fernet_receipt) - # fernet_receipt is six.text_type + # fernet_receipt is str # Fernet receipts are base64 encoded, so we need to unpack them first - # urlsafe_b64decode() requires six.binary_type + # urlsafe_b64decode() requires bytes receipt_bytes = base64.urlsafe_b64decode( fernet_receipt.encode('utf-8')) @@ -159,7 +159,7 @@ class ReceiptFormatter(object): def validate_receipt(self, receipt): """Validate a Fernet receipt and returns the payload attributes. - :type receipt: six.text_type + :type receipt: str """ serialized_payload = self.unpack(receipt) @@ -280,20 +280,20 @@ class ReceiptPayload(object): def base64_encode(cls, s): """Encode a URL-safe string. - :type s: six.text_type - :rtype: six.text_type + :type s: str + :rtype: str """ - # urlsafe_b64encode() returns six.binary_type so need to convert to - # six.text_type, might as well do it before stripping. + # urlsafe_b64encode() returns bytes so need to convert to + # str, might as well do it before stripping. return base64.urlsafe_b64encode(s).decode('utf-8').rstrip('=') @classmethod def random_urlsafe_str_to_bytes(cls, s): - """Convert string from :func:`random_urlsafe_str()` to six.binary_type. + """Convert string from :func:`random_urlsafe_str()` to bytes. - :type s: six.text_type - :rtype: six.binary_type + :type s: str + :rtype: bytes """ # urlsafe_b64decode() requires str, unicode isn't accepted. diff --git a/keystone/resource/backends/base.py b/keystone/resource/backends/base.py index 5f132bfe5a..ceabf87e8b 100644 --- a/keystone/resource/backends/base.py +++ b/keystone/resource/backends/base.py @@ -14,8 +14,6 @@ import abc -import six - import keystone.conf from keystone import exception @@ -39,8 +37,7 @@ def get_project_from_domain(domain_ref): NULL_DOMAIN_ID = '<>' -@six.add_metaclass(abc.ABCMeta) -class ResourceDriverBase(object): +class ResourceDriverBase(object, metaclass=abc.ABCMeta): def _get_list_limit(self): return CONF.resource.list_limit or CONF.list_limit diff --git a/keystone/resource/backends/sql_model.py b/keystone/resource/backends/sql_model.py index e6fe1f84e0..b6b472e8e7 100644 --- a/keystone/resource/backends/sql_model.py +++ b/keystone/resource/backends/sql_model.py @@ -10,7 +10,6 @@ # License for the specific language governing permissions and limitations # under the License. -from six import text_type from sqlalchemy import orm from sqlalchemy.orm import collections @@ -102,7 +101,7 @@ class Project(sql.ModelBase, sql.ModelDictMixinWithExtras): for tag in values: tag_ref = ProjectTag() tag_ref.project_id = self.id - tag_ref.name = text_type(tag) + tag_ref.name = str(tag) new_tags.append(tag_ref) self._tags = new_tags diff --git a/keystone/resource/config_backends/base.py b/keystone/resource/config_backends/base.py index 4cbcbff9cb..bc256d219c 100644 --- a/keystone/resource/config_backends/base.py +++ b/keystone/resource/config_backends/base.py @@ -14,13 +14,10 @@ import abc -import six - from keystone import exception -@six.add_metaclass(abc.ABCMeta) -class DomainConfigDriverBase(object): +class DomainConfigDriverBase(object, metaclass=abc.ABCMeta): """Interface description for a Domain Config driver.""" @abc.abstractmethod diff --git a/keystone/resource/core.py b/keystone/resource/core.py index 207b021174..5676a44953 100644 --- a/keystone/resource/core.py +++ b/keystone/resource/core.py @@ -13,7 +13,6 @@ """Main entry point into the Resource service.""" from oslo_log import log -import six from keystone import assignment from keystone.common import cache @@ -1476,7 +1475,7 @@ class DomainConfigManager(manager.Manager): sensitive_dict = {s['option']: s['value'] for s in sensitive} for each_whitelisted in whitelisted: - if not isinstance(each_whitelisted['value'], six.string_types): + if not isinstance(each_whitelisted['value'], str): # We only support substitutions into string types, if its an # integer, list etc. then just continue onto the next one continue diff --git a/keystone/revoke/backends/base.py b/keystone/revoke/backends/base.py index b77a4a851d..228db4d5cd 100644 --- a/keystone/revoke/backends/base.py +++ b/keystone/revoke/backends/base.py @@ -16,7 +16,6 @@ import abc import datetime from oslo_utils import timeutils -import six import keystone.conf from keystone import exception @@ -32,8 +31,7 @@ def revoked_before_cutoff_time(): return oldest -@six.add_metaclass(abc.ABCMeta) -class RevokeDriverBase(object): +class RevokeDriverBase(object, metaclass=abc.ABCMeta): """Interface for recording and reporting revocation events.""" @abc.abstractmethod diff --git a/keystone/server/flask/application.py b/keystone/server/flask/application.py index 94b8f55041..286fd59455 100644 --- a/keystone/server/flask/application.py +++ b/keystone/server/flask/application.py @@ -19,7 +19,6 @@ import flask import oslo_i18n from oslo_log import log from oslo_middleware import healthcheck -import six try: # werkzeug 0.15.x @@ -85,9 +84,9 @@ def _handle_keystone_exception(error): "Authorization failed. %(exception)s from %(remote_addr)s", {'exception': error, 'remote_addr': flask.request.remote_addr}) elif isinstance(error, exception.UnexpectedError): - LOG.exception(six.text_type(error)) + LOG.exception(str(error)) else: - LOG.warning(six.text_type(error)) + LOG.warning(str(error)) # Render the exception to something user "friendly" error_message = error.args[0] @@ -95,7 +94,7 @@ def _handle_keystone_exception(error): if message is error_message: # translate() didn't do anything because it wasn't a Message, # convert to a string. - message = six.text_type(message) + message = str(message) body = dict( error={ diff --git a/keystone/server/flask/common.py b/keystone/server/flask/common.py index cee393e371..f3742e10fe 100644 --- a/keystone/server/flask/common.py +++ b/keystone/server/flask/common.py @@ -22,11 +22,10 @@ import flask from flask import blueprints import flask_restful import flask_restful.utils +import http.client from oslo_log import log from oslo_log import versionutils from oslo_serialization import jsonutils -import six -from six.moves import http_client from keystone.common import authorization from keystone.common import context @@ -156,13 +155,12 @@ def _assert_rbac_enforcement_called(resp): def _remove_content_type_on_204(resp): # Remove content-type if the resp is 204. - if resp.status_code == http_client.NO_CONTENT: + if resp.status_code == http.client.NO_CONTENT: resp.headers.pop('content-type', None) return resp -@six.add_metaclass(abc.ABCMeta) -class APIBase(object): +class APIBase(object, metaclass=abc.ABCMeta): @property @abc.abstractmethod @@ -807,7 +805,7 @@ class ResourceBase(flask_restful.Resource): val = False if filter_name in flask.request.args: filter_value = flask.request.args.get(filter_name) - if (isinstance(filter_value, six.string_types) and + if (isinstance(filter_value, str) and filter_value == '0'): val = False else: diff --git a/keystone/server/flask/request_processing/middleware/auth_context.py b/keystone/server/flask/request_processing/middleware/auth_context.py index ae6947a459..43c6f4e94e 100644 --- a/keystone/server/flask/request_processing/middleware/auth_context.py +++ b/keystone/server/flask/request_processing/middleware/auth_context.py @@ -16,12 +16,11 @@ import itertools import re import wsgiref.util +import http.client from keystonemiddleware import auth_token import oslo_i18n from oslo_log import log from oslo_serialization import jsonutils -import six -from six.moves import http_client import webob.dec import webob.exc @@ -103,16 +102,16 @@ def middleware_exceptions(method): try: return method(self, request) except exception.Error as e: - LOG.warning(six.text_type(e)) + LOG.warning(e) return render_exception(e, request=request, user_locale=best_match_language(request)) except TypeError as e: - LOG.exception(six.text_type(e)) + LOG.exception(e) return render_exception(exception.ValidationError(e), request=request, user_locale=best_match_language(request)) except Exception as e: - LOG.exception(six.text_type(e)) + LOG.exception(e) return render_exception(exception.UnexpectedError(exception=e), request=request, user_locale=best_match_language(request)) @@ -130,8 +129,8 @@ def render_response(body=None, status=None, headers=None, method=None): if body is None: body = b'' - status = status or (http_client.NO_CONTENT, - http_client.responses[http_client.NO_CONTENT]) + status = status or (http.client.NO_CONTENT, + http.client.responses[http.client.NO_CONTENT]) else: content_types = [v for h, v in headers if h == 'Content-Type'] if content_types: @@ -143,8 +142,8 @@ def render_response(body=None, status=None, headers=None, method=None): body = jsonutils.dump_as_bytes(body, cls=utils.SmarterEncoder) if content_type is None: headers.append(('Content-Type', 'application/json')) - status = status or (http_client.OK, - http_client.responses[http_client.OK]) + status = status or (http.client.OK, + http.client.responses[http.client.OK]) # NOTE(davechen): `mod_wsgi` follows the standards from pep-3333 and # requires the value in response header to be binary type(str) on python2, @@ -205,7 +204,7 @@ def render_exception(error, context=None, request=None, user_locale=None): if message is error_message: # translate() didn't do anything because it wasn't a Message, # convert to a string. - message = six.text_type(message) + message = str(message) body = {'error': { 'code': error.code, diff --git a/keystone/tests/hacking/checks.py b/keystone/tests/hacking/checks.py index 513e05c2ea..38ca8d5485 100644 --- a/keystone/tests/hacking/checks.py +++ b/keystone/tests/hacking/checks.py @@ -26,8 +26,6 @@ please see pycodestyle.py. import ast import re -import six - class BaseASTChecker(ast.NodeVisitor): """Provides a simple framework for writing AST-based checks. @@ -183,7 +181,7 @@ class CheckForTranslationIssues(BaseASTChecker): if obj_name is None: return None return obj_name + '.' + method_name - elif isinstance(node, six.string_types): + elif isinstance(node, str): return node else: # could be Subscript, Call or many more return None diff --git a/keystone/tests/protection/v3/test_access_rules.py b/keystone/tests/protection/v3/test_access_rules.py index b93f61b50c..84c7afa5e7 100644 --- a/keystone/tests/protection/v3/test_access_rules.py +++ b/keystone/tests/protection/v3/test_access_rules.py @@ -12,7 +12,7 @@ import uuid -from six.moves import http_client +import http.client from keystone.common import provider_api import keystone.conf @@ -133,7 +133,7 @@ class _ProjectUsersTests(object): user['id'], access_rule_id) c.get( path, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_get_own_non_existent_access_rule_not_found(self): @@ -142,7 +142,7 @@ class _ProjectUsersTests(object): '/v3/users/%s/access_rules/%s' % ( self.user_id, uuid.uuid4().hex), headers=self.headers, - expected_status_code=http_client.NOT_FOUND + expected_status_code=http.client.NOT_FOUND ) def test_cannot_get_non_existent_access_rule_other_user_forbidden(self): @@ -153,7 +153,7 @@ class _ProjectUsersTests(object): '/v3/users/%s/access_rules/%s' % ( user['id'], uuid.uuid4().hex), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_list_access_rules_for_other_users(self): @@ -186,7 +186,7 @@ class _ProjectUsersTests(object): with self.test_client() as c: path = '/v3/users/%s/access_rules' % user['id'] c.get(path, headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_delete_access_rules_for_others(self): user = unit.new_user_ref(domain_id=CONF.identity.default_domain_id) @@ -222,7 +222,7 @@ class _ProjectUsersTests(object): user['id'], access_rule_id) c.delete( path, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_delete_non_existent_access_rule_other_user_forbidden(self): @@ -233,7 +233,7 @@ class _ProjectUsersTests(object): '/v3/users/%s/access_rules/%s' % ( user['id'], uuid.uuid4().hex), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -281,7 +281,7 @@ class _SystemUserAccessRuleTests(object): '/v3/users/%s/access_rules/%s' % ( user['id'], uuid.uuid4().hex), headers=self.headers, - expected_status_code=http_client.NOT_FOUND + expected_status_code=http.client.NOT_FOUND ) @@ -352,7 +352,7 @@ class SystemReaderTests(base_classes.TestCaseWithBootstrap, user['id'], access_rule_id) c.delete( path, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_non_existent_access_rule_forbidden(self): @@ -363,7 +363,7 @@ class SystemReaderTests(base_classes.TestCaseWithBootstrap, '/v3/users/%s/access_rules/%s' % ( user['id'], uuid.uuid4().hex), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -434,7 +434,7 @@ class SystemMemberTests(base_classes.TestCaseWithBootstrap, user['id'], access_rule_id) c.delete( path, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) with self.test_client() as c: @@ -442,7 +442,7 @@ class SystemMemberTests(base_classes.TestCaseWithBootstrap, user['id'], access_rule_id) c.delete( path, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_non_existent_access_rule_forbidden(self): @@ -453,7 +453,7 @@ class SystemMemberTests(base_classes.TestCaseWithBootstrap, '/v3/users/%s/access_rules/%s' % ( user['id'], uuid.uuid4().hex), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -526,7 +526,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap, '/v3/users/%s/access_rules/%s' % ( user['id'], uuid.uuid4().hex), headers=self.headers, - expected_status_code=http_client.NOT_FOUND + expected_status_code=http.client.NOT_FOUND ) diff --git a/keystone/tests/protection/v3/test_application_credential.py b/keystone/tests/protection/v3/test_application_credential.py index e97954f43a..5807d7f90d 100644 --- a/keystone/tests/protection/v3/test_application_credential.py +++ b/keystone/tests/protection/v3/test_application_credential.py @@ -13,8 +13,8 @@ import datetime import uuid +import http.client from oslo_serialization import jsonutils -from six.moves import http_client from keystone.common.policies import base as base_policy from keystone.common import provider_api @@ -127,7 +127,7 @@ class _DomainAndProjectUserTests(object): with self.test_client() as c: c.get('/v3/users/%s/application_credentials' % ( self.app_cred_user_id), - expected_status_code=http_client.FORBIDDEN, + expected_status_code=http.client.FORBIDDEN, headers=self.headers) def test_user_cannot_get_application_credential(self): @@ -137,7 +137,7 @@ class _DomainAndProjectUserTests(object): c.get('/v3/users/%s/application_credentials/%s' % ( self.app_cred_user_id, app_cred['id']), - expected_status_code=http_client.FORBIDDEN, + expected_status_code=http.client.FORBIDDEN, headers=self.headers) def test_user_cannot_lookup_application_credential(self): @@ -147,7 +147,7 @@ class _DomainAndProjectUserTests(object): c.get('/v3/users/%s/application_credentials?name=%s' % ( self.app_cred_user_id, app_cred['name']), - expected_status_code=http_client.FORBIDDEN, + expected_status_code=http.client.FORBIDDEN, headers=self.headers) def test_user_cannot_delete_application_credential(self): @@ -158,7 +158,7 @@ class _DomainAndProjectUserTests(object): '/v3/users/%s/application_credentials/%s' % ( self.app_cred_user_id, app_cred['id']), - expected_status_code=http_client.FORBIDDEN, + expected_status_code=http.client.FORBIDDEN, headers=self.headers) def test_user_cannot_lookup_non_existent_application_credential(self): @@ -166,7 +166,7 @@ class _DomainAndProjectUserTests(object): c.get('/v3/users/%s/application_credentials?name=%s' % ( self.app_cred_user_id, uuid.uuid4().hex), - expected_status_code=http_client.FORBIDDEN, + expected_status_code=http.client.FORBIDDEN, headers=self.headers) def test_user_cannot_create_app_credential_for_another_user(self): @@ -187,7 +187,7 @@ class _DomainAndProjectUserTests(object): c.post( '/v3/users/%s/application_credentials' % another_user_id, json=app_cred_body, - expected_status_code=http_client.FORBIDDEN, + expected_status_code=http.client.FORBIDDEN, headers=self.headers) @@ -233,7 +233,7 @@ class _SystemUserAndOwnerTests(object): def _test_delete_application_credential( self, - expected_status_code=http_client.NO_CONTENT): + expected_status_code=http.client.NO_CONTENT): app_cred = self._create_application_credential() with self.test_client() as c: @@ -262,7 +262,7 @@ class _SystemUserAndOwnerTests(object): c.post( '/v3/users/%s/application_credentials' % another_user_id, json=app_cred_body, - expected_status_code=http_client.FORBIDDEN, + expected_status_code=http.client.FORBIDDEN, headers=self.headers) @@ -300,7 +300,7 @@ class SystemReaderTests(_TestAppCredBase, def test_system_reader_cannot_delete_application_credential_for_user(self): self._test_delete_application_credential( - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) class SystemMemberTests(_TestAppCredBase, @@ -337,7 +337,7 @@ class SystemMemberTests(_TestAppCredBase, def test_system_reader_cannot_delete_application_credential_for_user(self): self._test_delete_application_credential( - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) class SystemAdminTests(_TestAppCredBase, @@ -412,7 +412,7 @@ class OwnerTests(_TestAppCredBase, c.post( '/v3/users/%s/application_credentials' % self.user_id, json=app_cred_body, - expected_status_code=http_client.CREATED, + expected_status_code=http.client.CREATED, headers=self.headers) def test_owner_can_delete_application_credential(self): diff --git a/keystone/tests/protection/v3/test_assignment.py b/keystone/tests/protection/v3/test_assignment.py index 6441a56129..399cf6325e 100644 --- a/keystone/tests/protection/v3/test_assignment.py +++ b/keystone/tests/protection/v3/test_assignment.py @@ -11,7 +11,7 @@ # under the License. import copy -from six.moves import http_client +import http.client import uuid from oslo_serialization import jsonutils @@ -1021,7 +1021,7 @@ class _DomainUserTests(object): ('/v3/role_assignments?scope.project.id=%s&include_subtree' % assignments['project_id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -1031,7 +1031,7 @@ class _ProjectUserTests(object): with self.test_client() as c: c.get( '/v3/role_assignments', headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_filter_role_assignments_by_user_of_project(self): @@ -1042,7 +1042,7 @@ class _ProjectUserTests(object): c.get( '/v3/role_assignments?user.id=%s' % user_id, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_filter_role_assignments_by_group_of_project(self): @@ -1053,7 +1053,7 @@ class _ProjectUserTests(object): c.get( '/v3/role_assignments?group.id=%s' % group_id, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_filter_role_assignments_by_system(self): @@ -1061,7 +1061,7 @@ class _ProjectUserTests(object): c.get( '/v3/role_assignments?scope.system=all', headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_filter_role_assignments_by_domain(self): @@ -1070,7 +1070,7 @@ class _ProjectUserTests(object): '/v3/role_assignments?scope.domain.id=%s' % self.domain_id, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_filter_role_assignments_by_other_project(self): @@ -1084,7 +1084,7 @@ class _ProjectUserTests(object): '/v3/role_assignments?scope.project.id=%s' % project1, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_filter_role_assignments_by_other_project_user(self): @@ -1099,7 +1099,7 @@ class _ProjectUserTests(object): c.get( '/v3/role_assignments?user.id=%s' % user_id, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_filter_role_assignments_by_other_project_group(self): @@ -1114,7 +1114,7 @@ class _ProjectUserTests(object): c.get( '/v3/role_assignments?group.id=%s' % group_id, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -1138,7 +1138,7 @@ class _ProjectReaderMemberTests(object): ('/v3/role_assignments?scope.project.id=%s&include_subtree' % self.project_id), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -1628,5 +1628,5 @@ class ProjectAdminTests(base_classes.TestCaseWithBootstrap, ('/v3/role_assignments?scope.project.id=%s&include_subtree' % project['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) diff --git a/keystone/tests/protection/v3/test_consumer.py b/keystone/tests/protection/v3/test_consumer.py index e7ec0bf1a6..223bccaebd 100644 --- a/keystone/tests/protection/v3/test_consumer.py +++ b/keystone/tests/protection/v3/test_consumer.py @@ -12,7 +12,7 @@ import uuid -from six.moves import http_client +import http.client from keystone.common import provider_api import keystone.conf @@ -49,7 +49,7 @@ class _SystemReaderAndMemberOauth1ConsumerTests(object): with self.test_client() as c: c.post('/v3/OS-OAUTH1/consumers', json={'consumer': {}}, - expected_status_code=http_client.FORBIDDEN, + expected_status_code=http.client.FORBIDDEN, headers=self.headers) def test_user_cannot_update_consumer(self): @@ -58,7 +58,7 @@ class _SystemReaderAndMemberOauth1ConsumerTests(object): with self.test_client() as c: c.patch('/v3/OS-OAUTH1/consumers/%s' % ref['id'], json={'consumer': {'description': uuid.uuid4().hex}}, - expected_status_code=http_client.FORBIDDEN, + expected_status_code=http.client.FORBIDDEN, headers=self.headers) def test_user_cannot_delete_consumer(self): @@ -66,7 +66,7 @@ class _SystemReaderAndMemberOauth1ConsumerTests(object): {'id': uuid.uuid4().hex}) with self.test_client() as c: c.delete('/v3/OS-OAUTH1/consumers/%s' % ref['id'], - expected_status_code=http_client.FORBIDDEN, + expected_status_code=http.client.FORBIDDEN, headers=self.headers) diff --git a/keystone/tests/protection/v3/test_credentials.py b/keystone/tests/protection/v3/test_credentials.py index fecdde1d0a..800452f670 100644 --- a/keystone/tests/protection/v3/test_credentials.py +++ b/keystone/tests/protection/v3/test_credentials.py @@ -12,8 +12,8 @@ import uuid +import http.client from oslo_serialization import jsonutils -from six.moves import http_client from keystone.common.policies import base as bp from keystone.common import provider_api @@ -192,14 +192,14 @@ class _ProjectUsersTests(object): path = '/v3/credentials/%s' % credential_id c.get( path, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_get_non_existant_credential_forbidden(self): with self.test_client() as c: c.get( '/v3/credentials/%s' % uuid.uuid4().hex, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_list_credentials_for_other_users(self): @@ -351,7 +351,7 @@ class _ProjectUsersTests(object): path = '/v3/credentials/%s' % credential_id c.patch( path, json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_non_existant_credential_forbidden(self): @@ -361,7 +361,7 @@ class _ProjectUsersTests(object): c.patch( '/v3/credentials/%s' % uuid.uuid4().hex, json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_create_credentials_for_other_users(self): @@ -379,7 +379,7 @@ class _ProjectUsersTests(object): } c.post( '/v3/credentials', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_credentials_for_others(self): @@ -418,14 +418,14 @@ class _ProjectUsersTests(object): path = '/v3/credentials/%s' % credential_id c.delete( path, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_non_existant_credential_forbidden(self): with self.test_client() as c: c.delete( '/v3/credentials/%s' % uuid.uuid4().hex, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -474,7 +474,7 @@ class _SystemUserCredentialTests(object): with self.test_client() as c: c.get( '/v3/credentials/%s' % uuid.uuid4().hex, headers=self.headers, - expected_status_code=http_client.NOT_FOUND + expected_status_code=http.client.NOT_FOUND ) def test_user_can_filter_credentials_by_type_for_others(self): @@ -617,7 +617,7 @@ class SystemReaderTests(base_classes.TestCaseWithBootstrap, } c.post( '/v3/credentials', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_credentials_for_others(self): @@ -657,7 +657,7 @@ class SystemReaderTests(base_classes.TestCaseWithBootstrap, path = '/v3/credentials/%s' % credential_id c.patch( path, json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_non_existant_credential_forbidden(self): @@ -667,7 +667,7 @@ class SystemReaderTests(base_classes.TestCaseWithBootstrap, c.patch( '/v3/credentials/%s' % uuid.uuid4().hex, json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_credentials_for_others(self): @@ -706,14 +706,14 @@ class SystemReaderTests(base_classes.TestCaseWithBootstrap, path = '/v3/credentials/%s' % credential_id c.delete( path, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_non_existant_credential_forbidden(self): with self.test_client() as c: c.delete( '/v3/credentials/%s' % uuid.uuid4().hex, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -765,7 +765,7 @@ class SystemMemberTests(base_classes.TestCaseWithBootstrap, } c.post( '/v3/credentials', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_credentials_for_others(self): @@ -805,7 +805,7 @@ class SystemMemberTests(base_classes.TestCaseWithBootstrap, path = '/v3/credentials/%s' % credential_id c.patch( path, json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_non_existant_credential_forbidden(self): @@ -815,7 +815,7 @@ class SystemMemberTests(base_classes.TestCaseWithBootstrap, c.patch( '/v3/credentials/%s' % uuid.uuid4().hex, json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_credentials_for_others(self): @@ -854,14 +854,14 @@ class SystemMemberTests(base_classes.TestCaseWithBootstrap, path = '/v3/credentials/%s' % credential_id c.delete( path, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_non_existant_credential_forbidden(self): with self.test_client() as c: c.delete( '/v3/credentials/%s' % uuid.uuid4().hex, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -954,7 +954,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap, c.patch( '/v3/credentials/%s' % uuid.uuid4().hex, json=update, headers=self.headers, - expected_status_code=http_client.NOT_FOUND + expected_status_code=http.client.NOT_FOUND ) def test_user_can_delete_credentials_for_others(self): @@ -997,7 +997,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.delete( '/v3/credentials/%s' % uuid.uuid4().hex, headers=self.headers, - expected_status_code=http_client.NOT_FOUND + expected_status_code=http.client.NOT_FOUND ) diff --git a/keystone/tests/protection/v3/test_domain_config.py b/keystone/tests/protection/v3/test_domain_config.py index 63556a90b8..1f25aa97d6 100644 --- a/keystone/tests/protection/v3/test_domain_config.py +++ b/keystone/tests/protection/v3/test_domain_config.py @@ -12,7 +12,7 @@ import uuid -from six.moves import http_client +import http.client from keystone.common import provider_api import keystone.conf @@ -122,7 +122,7 @@ class _SystemUserDomainConfigTests(object): with self.test_client() as c: c.get('/v3/domains/%s/config/ldap' % invalid_domain_id, headers=self.headers, - expected_status_code=http_client.NOT_FOUND) + expected_status_code=http.client.NOT_FOUND) def test_user_can_get_non_existent_config(self): domain = PROVIDERS.resource_api.create_domain( @@ -130,7 +130,7 @@ class _SystemUserDomainConfigTests(object): ) with self.test_client() as c: c.get('/v3/domains/%s/config' % domain['id'], headers=self.headers, - expected_status_code=http_client.NOT_FOUND) + expected_status_code=http.client.NOT_FOUND) def test_user_can_get_non_existent_config_group_invalid_domain(self): domain = PROVIDERS.resource_api.create_domain( @@ -142,7 +142,7 @@ class _SystemUserDomainConfigTests(object): with self.test_client() as c: c.get('/v3/domains/%s/config/ldap' % invalid_domain_id, headers=self.headers, - expected_status_code=http_client.NOT_FOUND) + expected_status_code=http.client.NOT_FOUND) def test_user_can_get_domain_config_option(self): domain = PROVIDERS.resource_api.create_domain( @@ -163,7 +163,7 @@ class _SystemUserDomainConfigTests(object): with self.test_client() as c: c.get('/v3/domains/%s/config/ldap/user_tree_dn' % domain['id'], headers=self.headers, - expected_status_code=http_client.NOT_FOUND) + expected_status_code=http.client.NOT_FOUND) def test_user_can_get_non_existent_config_option_invalid_domain(self): domain = PROVIDERS.resource_api.create_domain( @@ -175,7 +175,7 @@ class _SystemUserDomainConfigTests(object): with self.test_client() as c: c.get('/v3/domains/%s/config/ldap/user_tree_dn' % invalid_domain_id, headers=self.headers, - expected_status_code=http_client.NOT_FOUND) + expected_status_code=http.client.NOT_FOUND) def test_user_can_get_security_compliance_domain_config(self): # Set the security compliance configuration options @@ -247,7 +247,7 @@ class _SystemReaderMemberDomainAndProjectUserDomainConfigTests(object): % domain['id'], json={'config': unit.new_domain_config_ref()}, headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_update_domain_config(self): domain = PROVIDERS.resource_api.create_domain( @@ -261,7 +261,7 @@ class _SystemReaderMemberDomainAndProjectUserDomainConfigTests(object): c.patch('/v3/domains/%s/config' % domain['id'], json={'config': new_config}, headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_update_domain_group_config(self): domain = PROVIDERS.resource_api.create_domain( @@ -275,7 +275,7 @@ class _SystemReaderMemberDomainAndProjectUserDomainConfigTests(object): c.patch('/v3/domains/%s/config/ldap' % domain['id'], json={'config': new_config}, headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_update_domain_config_option(self): domain = PROVIDERS.resource_api.create_domain( @@ -289,7 +289,7 @@ class _SystemReaderMemberDomainAndProjectUserDomainConfigTests(object): % domain['id'], json={'config': new_config}, headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_delete_domain_config(self): domain = PROVIDERS.resource_api.create_domain( @@ -300,7 +300,7 @@ class _SystemReaderMemberDomainAndProjectUserDomainConfigTests(object): with self.test_client() as c: c.delete('/v3/domains/%s/config' % domain['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_delete_domain_group_config(self): domain = PROVIDERS.resource_api.create_domain( @@ -311,7 +311,7 @@ class _SystemReaderMemberDomainAndProjectUserDomainConfigTests(object): with self.test_client() as c: c.delete('/v3/domains/%s/config/ldap' % domain['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_delete_domain_config_option(self): domain = PROVIDERS.resource_api.create_domain( @@ -322,7 +322,7 @@ class _SystemReaderMemberDomainAndProjectUserDomainConfigTests(object): with self.test_client() as c: c.delete('/v3/domains/%s/config/ldap/url' % domain['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) class _DomainAndProjectUserDomainConfigTests(object): @@ -336,7 +336,7 @@ class _DomainAndProjectUserDomainConfigTests(object): with self.test_client() as c: c.get('/v3/domains/%s/config' % domain['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_get_domain_group_config(self): domain = PROVIDERS.resource_api.create_domain( @@ -347,7 +347,7 @@ class _DomainAndProjectUserDomainConfigTests(object): with self.test_client() as c: c.get('/v3/domains/%s/config/ldap' % domain['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_get_non_existant_config(self): domain = PROVIDERS.resource_api.create_domain( @@ -355,7 +355,7 @@ class _DomainAndProjectUserDomainConfigTests(object): ) with self.test_client() as c: c.get('/v3/domains/%s/config' % domain['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_get_domain_config_option(self): domain = PROVIDERS.resource_api.create_domain( @@ -366,22 +366,22 @@ class _DomainAndProjectUserDomainConfigTests(object): with self.test_client() as c: c.get('/v3/domains/%s/config/ldap/url' % domain['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_get_domain_config_default(self): with self.test_client() as c: c.get('/v3/domains/config/default', headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_get_domain_group_config_default(self): with self.test_client() as c: c.get('/v3/domains/config/ldap/default', headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_get_domain_config_option_default(self): with self.test_client() as c: c.get('/v3/domains/config/ldap/url/default', headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) class SystemReaderTests( @@ -492,7 +492,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap, % domain['id'], json={'config': unit.new_domain_config_ref()}, headers=self.headers, - expected_status_code=http_client.CREATED) + expected_status_code=http.client.CREATED) def test_user_cannot_create_invalid_domain_config(self): invalid_domain_id = uuid.uuid4().hex @@ -501,7 +501,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap, % invalid_domain_id, json={'config': unit.new_domain_config_ref()}, headers=self.headers, - expected_status_code=http_client.NOT_FOUND) + expected_status_code=http.client.NOT_FOUND) def test_user_can_update_domain_config(self): domain = PROVIDERS.resource_api.create_domain( @@ -581,7 +581,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.delete('/v3/domains/%s/config' % invalid_domain_id, headers=self.headers, - expected_status_code=http_client.NOT_FOUND) + expected_status_code=http.client.NOT_FOUND) class DomainUserTests( diff --git a/keystone/tests/protection/v3/test_domain_roles.py b/keystone/tests/protection/v3/test_domain_roles.py index 899fe421c2..6be109b930 100644 --- a/keystone/tests/protection/v3/test_domain_roles.py +++ b/keystone/tests/protection/v3/test_domain_roles.py @@ -12,7 +12,7 @@ import uuid -from six.moves import http_client +import http.client from keystone.common import provider_api import keystone.conf @@ -60,7 +60,7 @@ class _SystemReaderAndMemberDomainRoleTests(object): with self.test_client() as c: c.post( '/v3/roles', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_domain_roles(self): @@ -74,7 +74,7 @@ class _SystemReaderAndMemberDomainRoleTests(object): with self.test_client() as c: c.patch( '/v3/roles/%s' % role['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_domain_roles(self): @@ -86,7 +86,7 @@ class _SystemReaderAndMemberDomainRoleTests(object): with self.test_client() as c: c.delete( '/v3/roles/%s' % role['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -101,7 +101,7 @@ class _DomainAndProjectUserDomainRoleTests(object): with self.test_client() as c: c.get( '/v3/roles', headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_get_a_domain_role(self): @@ -113,7 +113,7 @@ class _DomainAndProjectUserDomainRoleTests(object): with self.test_client() as c: c.get( '/v3/roles/%s' % role['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_create_domain_roles(self): @@ -123,7 +123,7 @@ class _DomainAndProjectUserDomainRoleTests(object): with self.test_client() as c: c.post( '/v3/roles', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_domain_roles(self): @@ -137,7 +137,7 @@ class _DomainAndProjectUserDomainRoleTests(object): with self.test_client() as c: c.patch( '/v3/roles/%s' % role['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_domain_roles(self): @@ -149,7 +149,7 @@ class _DomainAndProjectUserDomainRoleTests(object): with self.test_client() as c: c.delete( '/v3/roles/%s' % role['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) diff --git a/keystone/tests/protection/v3/test_domains.py b/keystone/tests/protection/v3/test_domains.py index 5997ac986f..5cc3bd7d44 100644 --- a/keystone/tests/protection/v3/test_domains.py +++ b/keystone/tests/protection/v3/test_domains.py @@ -12,8 +12,8 @@ import uuid +import http.client from oslo_serialization import jsonutils -from six.moves import http_client from keystone.common.policies import domain as dp from keystone.common import provider_api @@ -100,7 +100,7 @@ class _SystemMemberAndReaderDomainTests(object): with self.test_client() as c: c.post( '/v3/domains', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_a_domain(self): @@ -113,7 +113,7 @@ class _SystemMemberAndReaderDomainTests(object): c.patch( '/v3/domains/%s' % domain['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_a_domain(self): @@ -124,7 +124,7 @@ class _SystemMemberAndReaderDomainTests(object): with self.test_client() as c: c.delete( '/v3/domains/%s' % domain['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -143,14 +143,14 @@ class _DomainAndProjectUserDomainTests(object): with self.test_client() as c: c.get( '/v3/domains/%s' % domain['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_list_domains(self): with self.test_client() as c: c.get( '/v3/domains', headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_filter_domains_by_name(self): @@ -166,18 +166,18 @@ class _DomainAndProjectUserDomainTests(object): c.get( '/v3/domains?name=%s' % domain_name, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_filter_domains_by_enabled(self): with self.test_client() as c: c.get( '/v3/domains?enabled=true', headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) c.get( '/v3/domains?enabled=false', headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_a_domain(self): @@ -190,7 +190,7 @@ class _DomainAndProjectUserDomainTests(object): c.patch( '/v3/domains/%s' % domain['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_create_a_domain(self): @@ -199,7 +199,7 @@ class _DomainAndProjectUserDomainTests(object): with self.test_client() as c: c.post( '/v3/domains', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_a_domain(self): @@ -212,11 +212,11 @@ class _DomainAndProjectUserDomainTests(object): path = '/v3/domains/%s' % domain['id'] c.patch( path, json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) c.delete( path, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_get_non_existant_domain_forbidden(self): @@ -225,7 +225,7 @@ class _DomainAndProjectUserDomainTests(object): c.get( '/v3/domains/%s' % uuid.uuid4().hex, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) diff --git a/keystone/tests/protection/v3/test_ec2_credential.py b/keystone/tests/protection/v3/test_ec2_credential.py index a1bdaaa566..7614173917 100644 --- a/keystone/tests/protection/v3/test_ec2_credential.py +++ b/keystone/tests/protection/v3/test_ec2_credential.py @@ -10,8 +10,8 @@ # License for the specific language governing permissions and limitations # under the License. +import http.client from oslo_serialization import jsonutils -from six.moves import http_client from keystone.common.policies import base as bp from keystone.common import provider_api @@ -85,7 +85,7 @@ class _UserEC2CredentialTests(object): with self.test_client() as c: c.post('/v3/users/%s/credentials/OS-EC2' % self.user_id, json={'tenant_id': project['id']}, headers=self.headers, - expected_status_code=http_client.CREATED) + expected_status_code=http.client.CREATED) def test_user_delete_their_ec2_credentials(self): project = unit.new_project_ref( @@ -122,7 +122,7 @@ class _UserEC2CredentialTests(object): with self.test_client() as c: c.post('/v3/users/%s/credentials/OS-EC2' % user['id'], json={'tenant_id': project['id']}, headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_delete_ec2_credentials_for_others(self): user = unit.new_user_ref(domain_id=CONF.identity.default_domain_id) @@ -152,7 +152,7 @@ class _UserEC2CredentialTests(object): c.delete('/v3/users/%s/credentials/OS-EC2/%s' % ( self.user_id, credential_id), headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) class _SystemUserTests(object): @@ -185,7 +185,7 @@ class _SystemUserTests(object): path = '/v3/users/%s/credentials/OS-EC2/%s' % ( self.user_id, credential_id) c.get(path, headers=self.headers, - expected_status_code=http_client.OK) + expected_status_code=http.client.OK) class _SystemReaderAndMemberTests(object): diff --git a/keystone/tests/protection/v3/test_endpoint_group.py b/keystone/tests/protection/v3/test_endpoint_group.py index 1a121fad4d..7ae07cabe0 100644 --- a/keystone/tests/protection/v3/test_endpoint_group.py +++ b/keystone/tests/protection/v3/test_endpoint_group.py @@ -12,7 +12,7 @@ import uuid -from six.moves import http_client +import http.client from keystone.common import provider_api import keystone.conf @@ -153,7 +153,7 @@ class _SystemReaderAndMemberUserEndpointGroupsTests(object): c.post( '/v3/OS-EP-FILTER/endpoint_groups', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_endpoint_groups(self): @@ -170,7 +170,7 @@ class _SystemReaderAndMemberUserEndpointGroupsTests(object): '/v3/OS-EP-FILTER/endpoint_groups/%s' % endpoint_group['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_endpoint_groups(self): @@ -184,7 +184,7 @@ class _SystemReaderAndMemberUserEndpointGroupsTests(object): c.delete( '/v3/OS-EP-FILTER/endpoint_groups/%s' % endpoint_group['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_add_endpoint_group_to_project(self): @@ -202,7 +202,7 @@ class _SystemReaderAndMemberUserEndpointGroupsTests(object): c.put('/v3/OS-EP-FILTER/endpoint_groups/%s/projects/%s' % (endpoint_group['id'], project['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_remove_endpoint_group_from_project(self): @@ -220,7 +220,7 @@ class _SystemReaderAndMemberUserEndpointGroupsTests(object): c.delete('/v3/OS-EP-FILTER/endpoint_groups/%s/projects/%s' % (endpoint_group['id'], project['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -235,7 +235,7 @@ class _DomainAndProjectUserEndpointGroupTests(object): with self.test_client() as c: c.get('/v3/OS-EP-FILTER/endpoint_groups', headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_get_an_endpoint_group(self): endpoint_group = unit.new_endpoint_group_ref( @@ -246,7 +246,7 @@ class _DomainAndProjectUserEndpointGroupTests(object): with self.test_client() as c: c.get('/v3/OS-EP-FILTER/endpoint_groups/%s' % endpoint_group['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_list_projects_associated_with_endpoint_groups(self): project = PROVIDERS.resource_api.create_project( @@ -265,7 +265,7 @@ class _DomainAndProjectUserEndpointGroupTests(object): c.get('/v3/OS-EP-FILTER/endpoint_groups/%s/projects' % endpoint_group['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_list_endpoints_associated_with_endpoint_groups(self): service = PROVIDERS.catalog_api.create_service( @@ -284,7 +284,7 @@ class _DomainAndProjectUserEndpointGroupTests(object): c.get('/v3/OS-EP-FILTER/endpoint_groups/%s/endpoints' % endpoint_group['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_get_endpoints_associated_with_endpoint_groups(self): project = PROVIDERS.resource_api.create_project( @@ -303,7 +303,7 @@ class _DomainAndProjectUserEndpointGroupTests(object): c.get('/v3/OS-EP-FILTER/endpoint_groups/%s/projects/%s' % (endpoint_group['id'], project['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_list_endpoint_groups_with_their_projects(self): project = PROVIDERS.resource_api.create_project( @@ -322,7 +322,7 @@ class _DomainAndProjectUserEndpointGroupTests(object): c.get('/v3/OS-EP-FILTER/projects/%s/endpoint_groups' % project['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_create_endpoint_groups(self): create = { @@ -338,7 +338,7 @@ class _DomainAndProjectUserEndpointGroupTests(object): c.post( '/v3/OS-EP-FILTER/endpoint_groups', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_endpoint_groups(self): @@ -355,7 +355,7 @@ class _DomainAndProjectUserEndpointGroupTests(object): '/v3/OS-EP-FILTER/endpoint_groups/%s' % endpoint_group['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_endpoint_groups(self): @@ -369,7 +369,7 @@ class _DomainAndProjectUserEndpointGroupTests(object): c.delete( '/v3/OS-EP-FILTER/endpoint_groups/%s' % endpoint_group['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_add_endpoint_group_to_project(self): @@ -387,7 +387,7 @@ class _DomainAndProjectUserEndpointGroupTests(object): c.put('/v3/OS-EP-FILTER/endpoint_groups/%s/projects/%s' % (endpoint_group['id'], project['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_remove_endpoint_group_from_project(self): @@ -405,7 +405,7 @@ class _DomainAndProjectUserEndpointGroupTests(object): c.delete('/v3/OS-EP-FILTER/endpoint_groups/%s/projects/%s' % (endpoint_group['id'], project['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) diff --git a/keystone/tests/protection/v3/test_endpoints.py b/keystone/tests/protection/v3/test_endpoints.py index fed7d4b424..7de74da2b6 100644 --- a/keystone/tests/protection/v3/test_endpoints.py +++ b/keystone/tests/protection/v3/test_endpoints.py @@ -12,7 +12,7 @@ import uuid -from six.moves import http_client +import http.client from keystone.common import provider_api import keystone.conf @@ -74,7 +74,7 @@ class _SystemReaderAndMemberUserEndpointTests(object): with self.test_client() as c: c.post( '/v3/endpoints', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_endpoints(self): @@ -92,7 +92,7 @@ class _SystemReaderAndMemberUserEndpointTests(object): c.patch( '/v3/endpoints/%s' % endpoint['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_endpoints(self): @@ -107,7 +107,7 @@ class _SystemReaderAndMemberUserEndpointTests(object): with self.test_client() as c: c.delete( '/v3/endpoints/%s' % endpoint['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -125,7 +125,7 @@ class _DomainAndProjectUserEndpointTests(object): with self.test_client() as c: c.post( '/v3/endpoints', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_list_endpoints(self): @@ -143,7 +143,7 @@ class _DomainAndProjectUserEndpointTests(object): with self.test_client() as c: c.get( '/v3/endpoints', headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_get_an_endpoint(self): @@ -158,7 +158,7 @@ class _DomainAndProjectUserEndpointTests(object): with self.test_client() as c: c.get( '/v3/endpoints/%s' % endpoint['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_endpoints(self): @@ -176,7 +176,7 @@ class _DomainAndProjectUserEndpointTests(object): c.patch( '/v3/endpoints/%s' % endpoint['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_endpoints(self): @@ -191,7 +191,7 @@ class _DomainAndProjectUserEndpointTests(object): with self.test_client() as c: c.delete( '/v3/endpoints/%s' % endpoint['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) diff --git a/keystone/tests/protection/v3/test_grants.py b/keystone/tests/protection/v3/test_grants.py index 90a235f106..23ab780b64 100644 --- a/keystone/tests/protection/v3/test_grants.py +++ b/keystone/tests/protection/v3/test_grants.py @@ -12,8 +12,8 @@ import uuid +import http.client from oslo_serialization import jsonutils -from six.moves import http_client from keystone.common.policies import grant as gp from keystone.common import provider_api @@ -141,7 +141,7 @@ class _SystemUserGrantTests(object): project['id'], user['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.NO_CONTENT + expected_status_code=http.client.NO_CONTENT ) def test_can_check_grant_for_user_on_domain(self): @@ -164,7 +164,7 @@ class _SystemUserGrantTests(object): domain['id'], user['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.NO_CONTENT + expected_status_code=http.client.NO_CONTENT ) def test_can_check_grant_for_group_on_project(self): @@ -191,7 +191,7 @@ class _SystemUserGrantTests(object): self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.NO_CONTENT + expected_status_code=http.client.NO_CONTENT ) def test_can_check_grant_for_group_on_domain(self): @@ -214,7 +214,7 @@ class _SystemUserGrantTests(object): domain['id'], group['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.NO_CONTENT + expected_status_code=http.client.NO_CONTENT ) @@ -237,7 +237,7 @@ class _SystemMemberAndReaderGrantTests(object): project['id'], user['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_create_grant_for_user_on_domain(self): @@ -255,7 +255,7 @@ class _SystemMemberAndReaderGrantTests(object): domain['id'], user['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_create_grant_for_group_on_project(self): @@ -277,7 +277,7 @@ class _SystemMemberAndReaderGrantTests(object): self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_create_grant_for_group_on_domain(self): @@ -295,7 +295,7 @@ class _SystemMemberAndReaderGrantTests(object): domain['id'], group['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_revoke_grant_from_user_on_project(self): @@ -320,7 +320,7 @@ class _SystemMemberAndReaderGrantTests(object): project['id'], user['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_revoke_grant_from_user_on_domain(self): @@ -343,7 +343,7 @@ class _SystemMemberAndReaderGrantTests(object): domain['id'], user['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_revoke_grant_from_group_on_project(self): @@ -370,7 +370,7 @@ class _SystemMemberAndReaderGrantTests(object): self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_revoke_grant_from_group_on_domain(self): @@ -393,7 +393,7 @@ class _SystemMemberAndReaderGrantTests(object): domain['id'], group['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -499,7 +499,7 @@ class _DomainUserTests(object): project['id'], user['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.NO_CONTENT + expected_status_code=http.client.NO_CONTENT ) def test_can_check_grant_for_user_on_domain(self): @@ -519,7 +519,7 @@ class _DomainUserTests(object): self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.NO_CONTENT + expected_status_code=http.client.NO_CONTENT ) def test_can_check_grant_for_group_on_project(self): @@ -544,7 +544,7 @@ class _DomainUserTests(object): self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.NO_CONTENT + expected_status_code=http.client.NO_CONTENT ) def test_can_check_grant_for_group_on_domain(self): @@ -564,7 +564,7 @@ class _DomainUserTests(object): self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.NO_CONTENT + expected_status_code=http.client.NO_CONTENT ) def test_cannot_list_grants_for_user_other_domain_on_project_own_domain(self): # noqa: E501 @@ -588,7 +588,7 @@ class _DomainUserTests(object): c.get( '/v3/projects/%s/users/%s/roles' % (project['id'], user['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_list_grants_for_user_own_domain_on_project_other_domain(self): # noqa: E501 @@ -613,7 +613,7 @@ class _DomainUserTests(object): c.get( '/v3/projects/%s/users/%s/roles' % (project['id'], user['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_list_grants_for_user_own_domain_on_other_domain(self): @@ -633,7 +633,7 @@ class _DomainUserTests(object): c.get( '/v3/domains/%s/users/%s/roles' % (domain_id, user['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_list_grants_for_user_other_domain_on_own_domain(self): @@ -653,7 +653,7 @@ class _DomainUserTests(object): c.get( '/v3/domains/%s/users/%s/roles' % (domain_id, user['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_list_grants_for_group_other_domain_on_project_own_domain(self): # noqa: E501 @@ -678,7 +678,7 @@ class _DomainUserTests(object): '/v3/projects/%s/groups/%s/roles' % ( project['id'], group['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_list_grants_for_group_own_domain_on_project_other_domain(self): # noqa: E501 @@ -704,7 +704,7 @@ class _DomainUserTests(object): '/v3/projects/%s/groups/%s/roles' % ( project['id'], group['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_list_grants_for_group_own_domain_on_other_domain(self): @@ -725,7 +725,7 @@ class _DomainUserTests(object): '/v3/domains/%s/groups/%s/roles' % ( domain_id, group['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_list_grants_for_group_other_domain_on_own_domain(self): @@ -746,7 +746,7 @@ class _DomainUserTests(object): '/v3/domains/%s/groups/%s/roles' % ( domain_id, group['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_check_grant_for_user_other_domain_on_project_own_domain(self): # noqa: E501 @@ -772,7 +772,7 @@ class _DomainUserTests(object): project['id'], user['id'], self.bootstrapper.reader_role_id), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_check_grant_for_user_own_domain_on_project_other_domain(self): # noqa: E501 @@ -799,7 +799,7 @@ class _DomainUserTests(object): project['id'], user['id'], self.bootstrapper.reader_role_id), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_check_grant_for_user_own_domain_on_project_own_domain_with_role_other_domain(self): # noqa: E501 @@ -830,7 +830,7 @@ class _DomainUserTests(object): project['id'], user['id'], role['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_check_grant_for_user_own_domain_on_other_domain(self): @@ -853,7 +853,7 @@ class _DomainUserTests(object): self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_check_grant_for_user_other_domain_on_own_domain(self): @@ -876,7 +876,7 @@ class _DomainUserTests(object): self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_check_grant_for_user_own_domain_on_own_domain_with_role_other_domain(self): # noqa: E501 @@ -904,7 +904,7 @@ class _DomainUserTests(object): role['id'] ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_check_grant_for_group_other_domain_on_project_own_domain(self): # noqa: E501 @@ -930,7 +930,7 @@ class _DomainUserTests(object): project['id'], group['id'], self.bootstrapper.reader_role_id), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_check_grant_for_group_own_domain_on_project_other_domain(self): # noqa: E501 @@ -956,7 +956,7 @@ class _DomainUserTests(object): project['id'], group['id'], self.bootstrapper.reader_role_id), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_check_grant_for_group_own_domain_on_project_own_domain_with_role_other_domain(self): # noqa: E501 @@ -987,7 +987,7 @@ class _DomainUserTests(object): project['id'], group['id'], role['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_check_grant_for_group_own_domain_on_other_domain(self): @@ -1009,7 +1009,7 @@ class _DomainUserTests(object): domain_id, group['id'], self.bootstrapper.reader_role_id), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_check_grant_for_group_other_domain_on_own_domain(self): @@ -1031,7 +1031,7 @@ class _DomainUserTests(object): domain_id, group['id'], self.bootstrapper.reader_role_id), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_check_grant_for_group_own_domain_on_own_domain_with_role_other_domain(self): # noqa: E501 @@ -1057,7 +1057,7 @@ class _DomainUserTests(object): domain_id, group['id'], role['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_create_grant_for_user_other_domain_on_project_own_domain(self): # noqa: E501 @@ -1080,7 +1080,7 @@ class _DomainUserTests(object): project['id'], user['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_create_grant_for_user_own_domain_on_project_other_domain(self): # noqa: E501 @@ -1103,7 +1103,7 @@ class _DomainUserTests(object): project['id'], user['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_create_grant_for_user_own_domain_on_project_own_domain_with_role_other_domain(self): # noqa: E501 @@ -1129,7 +1129,7 @@ class _DomainUserTests(object): project['id'], user['id'], role['id'] ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_create_grant_for_user_other_domain_on_own_domain(self): @@ -1146,7 +1146,7 @@ class _DomainUserTests(object): domain_id, user['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_create_grant_for_user_own_domain_on_other_domain(self): @@ -1163,7 +1163,7 @@ class _DomainUserTests(object): domain_id, user['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_create_grant_for_user_own_domain_on_own_domain_with_role_other_domain(self): # noqa: E501 @@ -1184,7 +1184,7 @@ class _DomainUserTests(object): domain_id, user['id'], role['id'] ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_create_grant_for_group_other_domain_on_project_own_domain(self): # noqa: E501 @@ -1209,7 +1209,7 @@ class _DomainUserTests(object): self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_create_grant_for_group_own_domain_on_project_other_domain(self): # noqa: E501 @@ -1234,7 +1234,7 @@ class _DomainUserTests(object): self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_create_grant_for_group_own_domain_on_project_own_domain_with_role_other_domain(self): # noqa: E501 @@ -1263,7 +1263,7 @@ class _DomainUserTests(object): role['id'] ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_create_grant_for_group_other_domain_on_own_domain(self): @@ -1280,7 +1280,7 @@ class _DomainUserTests(object): domain_id, group['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_create_grant_for_group_own_domain_on_other_domain(self): @@ -1297,7 +1297,7 @@ class _DomainUserTests(object): domain_id, group['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_create_grant_for_group_own_domain_on_own_domain_with_role_other_domain(self): # noqa: E501 @@ -1318,7 +1318,7 @@ class _DomainUserTests(object): domain_id, group['id'], role['id'] ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_revoke_grant_from_user_other_domain_on_project_own_domain(self): # noqa: E501 @@ -1346,7 +1346,7 @@ class _DomainUserTests(object): project['id'], user['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_revoke_grant_from_user_own_domain_on_project_other_domain(self): # noqa: E501 @@ -1374,7 +1374,7 @@ class _DomainUserTests(object): project['id'], user['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_revoke_grant_from_user_other_domain_on_own_domain(self): @@ -1396,7 +1396,7 @@ class _DomainUserTests(object): domain_id, user['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_revoke_grant_from_user_own_domain_on_other_domain(self): @@ -1418,7 +1418,7 @@ class _DomainUserTests(object): domain_id, user['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_revoke_grant_from_user_own_domain_on_own_domain_with_role_other_domain(self): # noqa: E501 @@ -1444,7 +1444,7 @@ class _DomainUserTests(object): domain_id, user['id'], role['id'] ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_revoke_grant_from_group_other_domain_on_project_own_domain(self): # noqa: E501 @@ -1474,7 +1474,7 @@ class _DomainUserTests(object): self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_revoke_grant_from_group_own_domain_on_project_other_domain(self): # noqa: E501 @@ -1504,7 +1504,7 @@ class _DomainUserTests(object): self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_revoke_grant_from_group_other_domain_on_own_domain(self): @@ -1526,7 +1526,7 @@ class _DomainUserTests(object): domain_id, group['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_revoke_grant_from_group_own_domain_on_other_domain(self): @@ -1548,7 +1548,7 @@ class _DomainUserTests(object): domain_id, group['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_revoke_grant_from_group_own_domain_on_own_domain_with_role_other_domain(self): # noqa: E501 @@ -1575,7 +1575,7 @@ class _DomainUserTests(object): domain_id, group['id'], role['id'] ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -1859,7 +1859,7 @@ class _DomainMemberAndReaderTests(object): project['id'], user['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_create_grant_for_user_on_domain(self): @@ -1877,7 +1877,7 @@ class _DomainMemberAndReaderTests(object): domain['id'], user['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_create_grant_for_group_on_project(self): @@ -1897,7 +1897,7 @@ class _DomainMemberAndReaderTests(object): self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_create_grant_for_group_on_domain(self): @@ -1915,7 +1915,7 @@ class _DomainMemberAndReaderTests(object): domain['id'], group['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_revoke_grant_from_user_on_project(self): @@ -1938,7 +1938,7 @@ class _DomainMemberAndReaderTests(object): project['id'], user['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_revoke_grant_from_user_on_domain(self): @@ -1961,7 +1961,7 @@ class _DomainMemberAndReaderTests(object): domain['id'], user['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_revoke_grant_from_group_on_project(self): @@ -1988,7 +1988,7 @@ class _DomainMemberAndReaderTests(object): self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_cannot_revoke_grant_from_group_on_domain(self): @@ -2011,7 +2011,7 @@ class _DomainMemberAndReaderTests(object): domain['id'], group['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -2245,5 +2245,5 @@ class DomainAdminTests(base_classes.TestCaseWithBootstrap, domain['id'], group['id'], self.bootstrapper.reader_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) diff --git a/keystone/tests/protection/v3/test_groups.py b/keystone/tests/protection/v3/test_groups.py index faa3a9b4f1..f91e34ceb9 100644 --- a/keystone/tests/protection/v3/test_groups.py +++ b/keystone/tests/protection/v3/test_groups.py @@ -12,8 +12,8 @@ import uuid +import http.client from oslo_serialization import jsonutils -from six.moves import http_client from keystone.common.policies import group as gp from keystone.common import provider_api @@ -113,14 +113,14 @@ class _SystemUserGroupTests(object): c.get( '/v3/groups/%s/users/%s' % (group['id'], user['id']), headers=self.headers, - expected_status_code=http_client.NO_CONTENT + expected_status_code=http.client.NO_CONTENT ) def test_user_cannot_get_non_existent_group_not_found(self): with self.test_client() as c: c.get( '/v3/groups/%s' % uuid.uuid4().hex, headers=self.headers, - expected_status_code=http_client.NOT_FOUND + expected_status_code=http.client.NOT_FOUND ) @@ -142,7 +142,7 @@ class _SystemAndDomainMemberAndReaderGroupTests(object): with self.test_client() as c: c.post( '/v3/groups', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_group(self): @@ -159,7 +159,7 @@ class _SystemAndDomainMemberAndReaderGroupTests(object): c.patch( '/v3/groups/%s' % group['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_group(self): @@ -173,7 +173,7 @@ class _SystemAndDomainMemberAndReaderGroupTests(object): with self.test_client() as c: c.delete( '/v3/groups/%s' % group['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_add_users_to_group(self): @@ -191,7 +191,7 @@ class _SystemAndDomainMemberAndReaderGroupTests(object): c.put( '/v3/groups/%s/users/%s' % (group['id'], user['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_remove_users_from_group(self): @@ -211,7 +211,7 @@ class _SystemAndDomainMemberAndReaderGroupTests(object): c.delete( '/v3/groups/%s/users/%s' % (group['id'], user['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -442,13 +442,13 @@ class _DomainUserGroupTests(object): with self.test_client() as c: c.get('/v3/groups/%s' % group['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_get_non_existent_group_forbidden(self): with self.test_client() as c: c.get( '/v3/groups/%s' % uuid.uuid4().hex, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_can_list_groups_in_domain_for_user_in_domain(self): @@ -479,13 +479,13 @@ class _DomainUserGroupTests(object): with self.test_client() as c: c.get('/v3/users/%s/groups' % user['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_list_groups_for_non_existent_user_forbidden(self): with self.test_client() as c: c.get('/v3/users/%s/groups' % uuid.uuid4().hex, headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_list_groups_in_other_domain_user_in_own_domain(self): domain = PROVIDERS.resource_api.create_domain( @@ -563,13 +563,13 @@ class _DomainUserGroupTests(object): with self.test_client() as c: c.get('/v3/groups/%s/users' % group['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_list_users_in_non_existent_group_forbidden(self): with self.test_client() as c: c.get('/v3/groups/%s/users' % uuid.uuid4().hex, headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_can_check_user_in_own_domain_group_in_own_domain(self): user = PROVIDERS.identity_api.create_user( @@ -583,11 +583,11 @@ class _DomainUserGroupTests(object): c.head('/v3/groups/%(group)s/users/%(user)s' % { 'group': group['id'], 'user': user['id']}, headers=self.headers, - expected_status_code=http_client.NO_CONTENT) + expected_status_code=http.client.NO_CONTENT) c.get('/v3/groups/%(group)s/users/%(user)s' % { 'group': group['id'], 'user': user['id']}, headers=self.headers, - expected_status_code=http_client.NO_CONTENT) + expected_status_code=http.client.NO_CONTENT) def test_user_cannot_check_user_in_other_domain_group_in_own_domain(self): domain = PROVIDERS.resource_api.create_domain( @@ -604,11 +604,11 @@ class _DomainUserGroupTests(object): c.head('/v3/groups/%(group)s/users/%(user)s' % { 'group': group['id'], 'user': user['id']}, headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) c.get('/v3/groups/%(group)s/users/%(user)s' % { 'group': group['id'], 'user': user['id']}, headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) class DomainReaderTests(base_classes.TestCaseWithBootstrap, @@ -836,7 +836,7 @@ class DomainAdminTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.post('/v3/groups', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_can_update_group_in_own_domain(self): group = PROVIDERS.identity_api.create_group( @@ -862,7 +862,7 @@ class DomainAdminTests(base_classes.TestCaseWithBootstrap, c.patch( '/v3/groups/%s' % group['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_can_delete_group_in_own_domain(self): @@ -886,7 +886,7 @@ class DomainAdminTests(base_classes.TestCaseWithBootstrap, c.delete( '/v3/groups/%s' % group['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_can_remove_user_in_own_domain_from_group_in_own_domain(self): @@ -917,7 +917,7 @@ class DomainAdminTests(base_classes.TestCaseWithBootstrap, c.delete('/v3/groups/%(group)s/users/%(user)s' % { 'group': group['id'], 'user': user['id']}, headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_remove_user_own_domain_from_group_other_domain(self): domain = PROVIDERS.resource_api.create_domain( @@ -934,7 +934,7 @@ class DomainAdminTests(base_classes.TestCaseWithBootstrap, c.delete('/v3/groups/%(group)s/users/%(user)s' % { 'group': group['id'], 'user': user['id']}, headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_remove_non_existent_user_from_group_forbidden(self): group = PROVIDERS.identity_api.create_group( @@ -944,7 +944,7 @@ class DomainAdminTests(base_classes.TestCaseWithBootstrap, c.delete('/v3/groups/%(group)s/users/%(user)s' % { 'group': group['id'], 'user': uuid.uuid4().hex}, headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_remove_user_from_non_existent_group_forbidden(self): user = PROVIDERS.identity_api.create_user( @@ -954,7 +954,7 @@ class DomainAdminTests(base_classes.TestCaseWithBootstrap, c.delete('/v3/groups/%(group)s/users/%(user)s' % { 'group': uuid.uuid4().hex, 'user': user['id']}, headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_can_add_user_in_own_domain_to_group_in_own_domain(self): group = PROVIDERS.identity_api.create_group( @@ -982,7 +982,7 @@ class DomainAdminTests(base_classes.TestCaseWithBootstrap, c.put('/v3/groups/%(group)s/users/%(user)s' % { 'group': group['id'], 'user': user['id']}, headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_add_user_own_domain_to_group_other_domain(self): domain = PROVIDERS.resource_api.create_domain( @@ -998,7 +998,7 @@ class DomainAdminTests(base_classes.TestCaseWithBootstrap, c.put('/v3/groups/%(group)s/users/%(user)s' % { 'group': group['id'], 'user': user['id']}, headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_add_non_existent_user_to_group_forbidden(self): group = PROVIDERS.identity_api.create_group( @@ -1008,7 +1008,7 @@ class DomainAdminTests(base_classes.TestCaseWithBootstrap, c.put('/v3/groups/%(group)s/users/%(user)s' % { 'group': group['id'], 'user': uuid.uuid4().hex}, headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_add_user_from_non_existent_group_forbidden(self): user = PROVIDERS.identity_api.create_user( @@ -1018,7 +1018,7 @@ class DomainAdminTests(base_classes.TestCaseWithBootstrap, c.put('/v3/groups/%(group)s/users/%(user)s' % { 'group': uuid.uuid4().hex, 'user': user['id']}, headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) class ProjectUserTests(base_classes.TestCaseWithBootstrap, @@ -1089,7 +1089,7 @@ class ProjectUserTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.get( '/v3/users/%s/groups' % user['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_list_groups(self): @@ -1103,7 +1103,7 @@ class ProjectUserTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.get( '/v3/groups', headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_get_a_group(self): @@ -1117,7 +1117,7 @@ class ProjectUserTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.get( '/v3/groups/%s' % group['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_list_group_members(self): @@ -1136,7 +1136,7 @@ class ProjectUserTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.get( '/v3/groups/%s/users' % group['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_check_if_user_in_group(self): @@ -1156,12 +1156,12 @@ class ProjectUserTests(base_classes.TestCaseWithBootstrap, c.get( '/v3/groups/%s/users/%s' % (group['id'], user['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_get_non_existent_group_forbidden(self): with self.test_client() as c: c.get( '/v3/groups/%s' % uuid.uuid4().hex, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) diff --git a/keystone/tests/protection/v3/test_identity_providers.py b/keystone/tests/protection/v3/test_identity_providers.py index fc66a03ea8..8c42d3483a 100644 --- a/keystone/tests/protection/v3/test_identity_providers.py +++ b/keystone/tests/protection/v3/test_identity_providers.py @@ -12,7 +12,7 @@ import uuid -from six.moves import http_client +import http.client from keystone.common import provider_api import keystone.conf @@ -65,7 +65,7 @@ class _SystemReaderAndMemberIdentityProviderTests(object): c.put( '/v3/OS-FEDERATION/identity_providers/%s' % uuid.uuid4().hex, json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_identity_providers(self): @@ -79,7 +79,7 @@ class _SystemReaderAndMemberIdentityProviderTests(object): c.patch( '/v3/OS-FEDERATION/identity_providers/%s' % idp['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_identity_providers(self): @@ -91,7 +91,7 @@ class _SystemReaderAndMemberIdentityProviderTests(object): c.delete( '/v3/OS-FEDERATION/identity_providers/%s' % idp['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -105,7 +105,7 @@ class _DomainAndProjectUserIdentityProviderTests(object): c.put( '/v3/OS-FEDERATION/identity_providers/%s' % uuid.uuid4().hex, json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_identity_providers(self): @@ -119,7 +119,7 @@ class _DomainAndProjectUserIdentityProviderTests(object): c.patch( '/v3/OS-FEDERATION/identity_providers/%s' % idp['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_list_identity_providers(self): @@ -130,7 +130,7 @@ class _DomainAndProjectUserIdentityProviderTests(object): with self.test_client() as c: c.get( '/v3/OS-FEDERATION/identity_providers', headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_get_an_identity_provider(self): @@ -142,7 +142,7 @@ class _DomainAndProjectUserIdentityProviderTests(object): c.get( '/v3/OS-FEDERATION/identity_providers/%s' % idp['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_identity_providers(self): @@ -154,7 +154,7 @@ class _DomainAndProjectUserIdentityProviderTests(object): c.delete( '/v3/OS-FEDERATION/identity_providers/%s' % idp['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -259,7 +259,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap, c.put( '/v3/OS-FEDERATION/identity_providers/%s' % uuid.uuid4().hex, json=create, headers=self.headers, - expected_status_code=http_client.CREATED + expected_status_code=http.client.CREATED ) def test_user_can_update_identity_providers(self): diff --git a/keystone/tests/protection/v3/test_implied_roles.py b/keystone/tests/protection/v3/test_implied_roles.py index a974852c09..f27e648151 100644 --- a/keystone/tests/protection/v3/test_implied_roles.py +++ b/keystone/tests/protection/v3/test_implied_roles.py @@ -10,7 +10,7 @@ # License for the specific language governing permissions and limitations # under the License. -from six.moves import http_client +import http.client from keystone.common import provider_api import keystone.conf @@ -58,7 +58,7 @@ class _SystemUserImpliedRoleTests(object): '/v3/roles/%s/implies/%s' % ( self.prior_role_id, self.implied_role_id), headers=self.headers, - expected_status_code=http_client.NO_CONTENT) + expected_status_code=http.client.NO_CONTENT) def test_user_can_list_role_inference_rules(self): PROVIDERS.role_api.create_implied_role(self.prior_role_id, @@ -81,7 +81,7 @@ class _SystemReaderAndMemberImpliedRoleTests(object): '/v3/roles/%s/implies/%s' % ( self.prior_role_id, self.implied_role_id), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_implied_roles(self): @@ -93,7 +93,7 @@ class _SystemReaderAndMemberImpliedRoleTests(object): '/v3/roles/%s/implies/%s' % ( self.prior_role_id, self.implied_role_id), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -206,7 +206,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap, '/v3/roles/%s/implies/%s' % ( self.prior_role_id, self.implied_role_id), headers=self.headers, - expected_status_code=http_client.CREATED + expected_status_code=http.client.CREATED ) def test_user_can_delete_implied_roles(self): diff --git a/keystone/tests/protection/v3/test_limits.py b/keystone/tests/protection/v3/test_limits.py index e16906c3ae..dd1e579773 100644 --- a/keystone/tests/protection/v3/test_limits.py +++ b/keystone/tests/protection/v3/test_limits.py @@ -12,7 +12,7 @@ import uuid -from six.moves import http_client +import http.client from keystone.common import provider_api import keystone.conf @@ -134,7 +134,7 @@ class _UserLimitTests(object): with self.test_client() as c: c.post( '/v3/limits', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_limits(self): @@ -146,7 +146,7 @@ class _UserLimitTests(object): c.patch( '/v3/limits/%s' % limit_id, json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_limits(self): @@ -156,7 +156,7 @@ class _UserLimitTests(object): c.delete( '/v3/limits/%s' % limit_id, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -377,7 +377,7 @@ class DomainUserTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.get( '/v3/limits/%s' % project_limit_id, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_get_domain_limits_for_other_domain(self): @@ -386,7 +386,7 @@ class DomainUserTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.get( '/v3/limits/%s' % domain_limit_id, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_can_list_limits_within_domain(self): @@ -439,7 +439,7 @@ class DomainUserTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.post( '/v3/limits', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_create_limits_for_other_domain(self): @@ -471,7 +471,7 @@ class DomainUserTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.post( '/v3/limits', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_create_limits_for_projects_in_domain(self): @@ -507,7 +507,7 @@ class DomainUserTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.post( '/v3/limits', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_create_limits_for_projects_outside_domain(self): @@ -544,7 +544,7 @@ class DomainUserTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.post( '/v3/limits', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_limits_for_domain(self): @@ -558,7 +558,7 @@ class DomainUserTests(base_classes.TestCaseWithBootstrap, c.patch( '/v3/limits/%s' % domain_limit_id, json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_limits_for_other_domain(self): @@ -570,7 +570,7 @@ class DomainUserTests(base_classes.TestCaseWithBootstrap, c.patch( '/v3/limits/%s' % domain_limit_id, json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_limits_for_projects_in_domain(self): @@ -583,7 +583,7 @@ class DomainUserTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.patch( '/v3/limits/%s' % project_limit_id, headers=self.headers, - json=update, expected_status_code=http_client.FORBIDDEN + json=update, expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_limits_for_projects_outside_domain(self): @@ -594,7 +594,7 @@ class DomainUserTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.patch( '/v3/limits/%s' % project_limit_id, headers=self.headers, - json=update, expected_status_code=http_client.FORBIDDEN + json=update, expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_limits_for_domain(self): @@ -605,7 +605,7 @@ class DomainUserTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.delete( '/v3/limits/%s' % domain_limit_id, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_limits_for_other_domain(self): @@ -614,7 +614,7 @@ class DomainUserTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.delete( '/v3/limits/%s' % domain_limit_id, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_limits_for_projects_in_domain(self): @@ -625,7 +625,7 @@ class DomainUserTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.delete( '/v3/limits/%s' % project_limit_id, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_limits_for_projects_outside_domain(self): @@ -634,7 +634,7 @@ class DomainUserTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.delete( '/v3/limits/%s' % project_limit_id, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -693,7 +693,7 @@ class ProjectUserTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.get( '/v3/limits/%s' % project_limit_id, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_get_domain_limit(self): @@ -702,7 +702,7 @@ class ProjectUserTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.get( '/v3/limits/%s' % domain_limit_id, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_can_list_limits(self): @@ -775,7 +775,7 @@ class ProjectUserTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.post( '/v3/limits', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_limits(self): @@ -787,7 +787,7 @@ class ProjectUserTests(base_classes.TestCaseWithBootstrap, c.patch( '/v3/limits/%s' % limit_id, json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_limits(self): @@ -797,7 +797,7 @@ class ProjectUserTests(base_classes.TestCaseWithBootstrap, c.delete( '/v3/limits/%s' % limit_id, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) diff --git a/keystone/tests/protection/v3/test_mappings.py b/keystone/tests/protection/v3/test_mappings.py index 0f25e86fd8..98532af7ce 100644 --- a/keystone/tests/protection/v3/test_mappings.py +++ b/keystone/tests/protection/v3/test_mappings.py @@ -12,7 +12,7 @@ import uuid -from six.moves import http_client +import http.client from keystone.common import provider_api import keystone.conf @@ -71,7 +71,7 @@ class _SystemReaderAndMemberUserMappingTests(object): c.put( '/v3/OS-FEDERATION/mappings/%s' % mapping_id, json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_mappings(self): @@ -93,7 +93,7 @@ class _SystemReaderAndMemberUserMappingTests(object): c.patch( '/v3/OS-FEDERATION/mappings/%s' % mapping['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_mappings(self): @@ -106,7 +106,7 @@ class _SystemReaderAndMemberUserMappingTests(object): c.delete( '/v3/OS-FEDERATION/mappings/%s' % mapping['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -128,7 +128,7 @@ class _DomainAndProjectUserMappingTests(object): c.put( '/v3/OS-FEDERATION/mappings/%s' % mapping_id, json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_list_mappings(self): @@ -140,7 +140,7 @@ class _DomainAndProjectUserMappingTests(object): with self.test_client() as c: c.get( '/v3/OS-FEDERATION/mappings', headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_get_a_mapping(self): @@ -153,7 +153,7 @@ class _DomainAndProjectUserMappingTests(object): c.get( '/v3/OS-FEDERATION/mappings/%s' % mapping['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_mappings(self): @@ -175,7 +175,7 @@ class _DomainAndProjectUserMappingTests(object): c.patch( '/v3/OS-FEDERATION/mappings/%s' % mapping['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_mappings(self): @@ -188,7 +188,7 @@ class _DomainAndProjectUserMappingTests(object): c.delete( '/v3/OS-FEDERATION/mappings/%s' % mapping['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -241,7 +241,7 @@ class SystemReaderTests(base_classes.TestCaseWithBootstrap, c.put( '/v3/OS-FEDERATION/mappings/%s' % mapping_id, json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_mappings(self): @@ -263,7 +263,7 @@ class SystemReaderTests(base_classes.TestCaseWithBootstrap, c.patch( '/v3/OS-FEDERATION/mappings/%s' % mapping['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_mappings(self): @@ -276,7 +276,7 @@ class SystemReaderTests(base_classes.TestCaseWithBootstrap, c.delete( '/v3/OS-FEDERATION/mappings/%s' % mapping['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -355,7 +355,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.put( '/v3/OS-FEDERATION/mappings/%s' % mapping_id, json=create, - headers=self.headers, expected_status_code=http_client.CREATED + headers=self.headers, expected_status_code=http.client.CREATED ) def test_user_can_update_mappings(self): diff --git a/keystone/tests/protection/v3/test_policy.py b/keystone/tests/protection/v3/test_policy.py index 0c59e1ef53..9b11fce20f 100644 --- a/keystone/tests/protection/v3/test_policy.py +++ b/keystone/tests/protection/v3/test_policy.py @@ -13,7 +13,7 @@ import json import uuid -from six.moves import http_client +import http.client from keystone.common import provider_api import keystone.conf @@ -66,7 +66,7 @@ class _SystemReaderAndMemberPoliciesTests(object): with self.test_client() as c: c.post( '/v3/policies', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_policy(self): @@ -79,7 +79,7 @@ class _SystemReaderAndMemberPoliciesTests(object): c.patch( '/v3/policies/%s' % policy['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_policy(self): @@ -89,7 +89,7 @@ class _SystemReaderAndMemberPoliciesTests(object): with self.test_client() as c: c.delete( '/v3/policies/%s' % policy['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -101,7 +101,7 @@ class _DomainAndProjectUserPolicyTests(object): with self.test_client() as c: c.get('/v3/policies', headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_get_policy(self): policy = unit.new_policy_ref() @@ -109,7 +109,7 @@ class _DomainAndProjectUserPolicyTests(object): with self.test_client() as c: c.get('/v3/policies/%s' % policy['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_create_policy(self): create = { @@ -124,7 +124,7 @@ class _DomainAndProjectUserPolicyTests(object): with self.test_client() as c: c.post( '/v3/policies', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_policy(self): @@ -137,7 +137,7 @@ class _DomainAndProjectUserPolicyTests(object): c.patch( '/v3/policies/%s' % policy['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_policy(self): @@ -147,7 +147,7 @@ class _DomainAndProjectUserPolicyTests(object): with self.test_client() as c: c.delete( '/v3/policies/%s' % policy['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) diff --git a/keystone/tests/protection/v3/test_policy_association.py b/keystone/tests/protection/v3/test_policy_association.py index a3494f8071..773a8e63b0 100644 --- a/keystone/tests/protection/v3/test_policy_association.py +++ b/keystone/tests/protection/v3/test_policy_association.py @@ -12,7 +12,7 @@ import uuid -from six.moves import http_client +import http.client from keystone.common import provider_api import keystone.conf @@ -47,7 +47,7 @@ class _SystemUserPoliciesAssociationTests(object): c.get('/v3/policies/%s/OS-ENDPOINT-POLICY/endpoints/%s' % (policy['id'], endpoint['id']), headers=self.headers, - expected_status_code=http_client.NO_CONTENT) + expected_status_code=http.client.NO_CONTENT) def test_user_can_check_policy_association_for_service(self): policy = unit.new_policy_ref() @@ -64,7 +64,7 @@ class _SystemUserPoliciesAssociationTests(object): c.get('/v3/policies/%s/OS-ENDPOINT-POLICY/services/%s' % (policy['id'], service['id']), headers=self.headers, - expected_status_code=http_client.NO_CONTENT) + expected_status_code=http.client.NO_CONTENT) def test_user_can_check_policy_association_for_region_and_service(self): policy = unit.new_policy_ref() @@ -84,7 +84,7 @@ class _SystemUserPoliciesAssociationTests(object): c.get('/v3/policies/%s/OS-ENDPOINT-POLICY/services/%s/regions/%s' % (policy['id'], service['id'], region['id']), headers=self.headers, - expected_status_code=http_client.NO_CONTENT) + expected_status_code=http.client.NO_CONTENT) def test_user_can_get_policy_for_endpoint(self): policy = unit.new_policy_ref() @@ -143,7 +143,7 @@ class _SystemReaderAndMemberPoliciesAssociationTests(object): '/v3/policies/%s/OS-ENDPOINT-POLICY/endpoints/%s' % (policy['id'], endpoint['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_policy_association_for_endpoint(self): @@ -162,7 +162,7 @@ class _SystemReaderAndMemberPoliciesAssociationTests(object): '/v3/policies/%s/OS-ENDPOINT-POLICY/endpoints/%s' % (policy['id'], endpoint['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_create_policy_association_for_service(self): @@ -176,7 +176,7 @@ class _SystemReaderAndMemberPoliciesAssociationTests(object): '/v3/policies/%s/OS-ENDPOINT-POLICY/services/%s' % (policy['id'], service['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_policy_association_for_service(self): @@ -191,7 +191,7 @@ class _SystemReaderAndMemberPoliciesAssociationTests(object): '/v3/policies/%s/OS-ENDPOINT-POLICY/services/%s' % (policy['id'], service['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_create_policy_assoc_for_region_and_service(self): @@ -207,7 +207,7 @@ class _SystemReaderAndMemberPoliciesAssociationTests(object): '/v3/policies/%s/OS-ENDPOINT-POLICY/services/%s/regions/%s' % (policy['id'], service['id'], region['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_policy_assoc_for_region_and_service(self): @@ -223,7 +223,7 @@ class _SystemReaderAndMemberPoliciesAssociationTests(object): '/v3/policies/%s/OS-ENDPOINT-POLICY/services/%s/regions/%s' % (policy['id'], service['id'], region['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -248,7 +248,7 @@ class _DomainAndProjectUserPolicyAssociationsTests(object): c.get('/v3/policies/%s/OS-ENDPOINT-POLICY/endpoints/%s' % (policy['id'], endpoint['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_check_policy_association_for_service(self): policy = unit.new_policy_ref() @@ -265,7 +265,7 @@ class _DomainAndProjectUserPolicyAssociationsTests(object): c.get('/v3/policies/%s/OS-ENDPOINT-POLICY/services/%s' % (policy['id'], service['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_check_policy_association_for_region_and_service(self): policy = unit.new_policy_ref() @@ -285,7 +285,7 @@ class _DomainAndProjectUserPolicyAssociationsTests(object): c.get('/v3/policies/%s/OS-ENDPOINT-POLICY/services/%s/regions/%s' % (policy['id'], service['id'], region['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_get_policy_for_endpoint(self): policy = unit.new_policy_ref() @@ -304,7 +304,7 @@ class _DomainAndProjectUserPolicyAssociationsTests(object): c.get('/v3/endpoints/%s/OS-ENDPOINT-POLICY/policy' % (endpoint['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_list_endpoints_for_policy(self): policy = unit.new_policy_ref() @@ -322,7 +322,7 @@ class _DomainAndProjectUserPolicyAssociationsTests(object): with self.test_client() as c: c.get('/v3/policies/%s/OS-ENDPOINT-POLICY/endpoints' % (policy['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_create_policy_association_for_endpoint(self): @@ -341,7 +341,7 @@ class _DomainAndProjectUserPolicyAssociationsTests(object): '/v3/policies/%s/OS-ENDPOINT-POLICY/endpoints/%s' % (policy['id'], endpoint['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_policy_association_for_endpoint(self): @@ -360,7 +360,7 @@ class _DomainAndProjectUserPolicyAssociationsTests(object): '/v3/policies/%s/OS-ENDPOINT-POLICY/endpoints/%s' % (policy['id'], endpoint['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_create_policy_association_for_service(self): @@ -374,7 +374,7 @@ class _DomainAndProjectUserPolicyAssociationsTests(object): '/v3/policies/%s/OS-ENDPOINT-POLICY/services/%s' % (policy['id'], service['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_policy_association_for_service(self): @@ -389,7 +389,7 @@ class _DomainAndProjectUserPolicyAssociationsTests(object): '/v3/policies/%s/OS-ENDPOINT-POLICY/services/%s' % (policy['id'], service['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_create_policy_assoc_for_region_and_service(self): @@ -405,7 +405,7 @@ class _DomainAndProjectUserPolicyAssociationsTests(object): '/v3/policies/%s/OS-ENDPOINT-POLICY/services/%s/regions/%s' % (policy['id'], service['id'], region['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_policy_assoc_for_region_and_service(self): @@ -421,7 +421,7 @@ class _DomainAndProjectUserPolicyAssociationsTests(object): '/v3/policies/%s/OS-ENDPOINT-POLICY/services/%s/regions/%s' % (policy['id'], service['id'], region['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -535,7 +535,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap, '/v3/policies/%s/OS-ENDPOINT-POLICY/endpoints/%s' % (policy['id'], endpoint['id']), headers=self.headers, - expected_status_code=http_client.NO_CONTENT + expected_status_code=http.client.NO_CONTENT ) def test_user_can_delete_policy_association_for_endpoint(self): @@ -554,7 +554,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap, '/v3/policies/%s/OS-ENDPOINT-POLICY/endpoints/%s' % (policy['id'], endpoint['id']), headers=self.headers, - expected_status_code=http_client.NO_CONTENT + expected_status_code=http.client.NO_CONTENT ) def test_user_can_create_policy_association_for_service(self): @@ -568,7 +568,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap, '/v3/policies/%s/OS-ENDPOINT-POLICY/services/%s' % (policy['id'], service['id']), headers=self.headers, - expected_status_code=http_client.NO_CONTENT + expected_status_code=http.client.NO_CONTENT ) def test_user_can_delete_policy_association_for_service(self): @@ -583,7 +583,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap, '/v3/policies/%s/OS-ENDPOINT-POLICY/services/%s' % (policy['id'], service['id']), headers=self.headers, - expected_status_code=http_client.NO_CONTENT + expected_status_code=http.client.NO_CONTENT ) def test_user_can_create_policy_association_for_region_and_service(self): @@ -599,7 +599,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap, '/v3/policies/%s/OS-ENDPOINT-POLICY/services/%s/regions/%s' % (policy['id'], service['id'], region['id']), headers=self.headers, - expected_status_code=http_client.NO_CONTENT + expected_status_code=http.client.NO_CONTENT ) def test_user_can_delete_policy_association_for_region_and_service(self): @@ -615,7 +615,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap, '/v3/policies/%s/OS-ENDPOINT-POLICY/services/%s/regions/%s' % (policy['id'], service['id'], region['id']), headers=self.headers, - expected_status_code=http_client.NO_CONTENT + expected_status_code=http.client.NO_CONTENT ) diff --git a/keystone/tests/protection/v3/test_project_endpoint.py b/keystone/tests/protection/v3/test_project_endpoint.py index 73cbb5655a..1a50d9aba4 100644 --- a/keystone/tests/protection/v3/test_project_endpoint.py +++ b/keystone/tests/protection/v3/test_project_endpoint.py @@ -12,8 +12,8 @@ import uuid +import http.client from oslo_serialization import jsonutils -from six.moves import http_client from keystone.common.policies import base as bp from keystone.common import provider_api @@ -74,7 +74,7 @@ class _SystemUserProjectEndpointTests(object): c.get('/v3/OS-EP-FILTER/projects/%s/endpoints/%s' % (project['id'], endpoint['id']), headers=self.headers, - expected_status_code=http_client.NO_CONTENT) + expected_status_code=http.client.NO_CONTENT) def test_user_can_list_endpoints_for_project(self): project = PROVIDERS.resource_api.create_project( @@ -118,7 +118,7 @@ class _SystemReaderAndMemberProjectEndpointTests(object): c.put('/v3/OS-EP-FILTER/projects/%s/endpoints/%s' % (project['id'], endpoint['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_remove_endpoint_from_project(self): project = PROVIDERS.resource_api.create_project( @@ -137,7 +137,7 @@ class _SystemReaderAndMemberProjectEndpointTests(object): c.delete('/v3/OS-EP-FILTER/projects/%s/endpoints/%s' % (project['id'], endpoint['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) class _DomainAndProjectUserProjectEndpointTests(object): @@ -161,7 +161,7 @@ class _DomainAndProjectUserProjectEndpointTests(object): with self.test_client() as c: c.get('/v3/OS-EP-FILTER/endpoints/%s/projects' % endpoint['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_check_endpoint_in_project(self): project = PROVIDERS.resource_api.create_project( @@ -183,7 +183,7 @@ class _DomainAndProjectUserProjectEndpointTests(object): c.get('/v3/OS-EP-FILTER/projects/%s/endpoints/%s' % (project['id'], endpoint['id']), headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) def test_user_cannot_list_endpoints_for_project(self): project = PROVIDERS.resource_api.create_project( @@ -204,7 +204,7 @@ class _DomainAndProjectUserProjectEndpointTests(object): with self.test_client() as c: c.get('/v3/OS-EP-FILTER/projects/%s/endpoints' % project['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) class SystemReaderTests(base_classes.TestCaseWithBootstrap, @@ -318,7 +318,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap, c.put('/v3/OS-EP-FILTER/projects/%s/endpoints/%s' % (project['id'], endpoint['id']), headers=self.headers, - expected_status_code=http_client.NO_CONTENT) + expected_status_code=http.client.NO_CONTENT) def test_user_can_remove_endpoint_from_project(self): project = PROVIDERS.resource_api.create_project( @@ -339,7 +339,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap, c.delete('/v3/OS-EP-FILTER/projects/%s/endpoints/%s' % (project['id'], endpoint['id']), headers=self.headers, - expected_status_code=http_client.NO_CONTENT) + expected_status_code=http.client.NO_CONTENT) class DomainUserTests(base_classes.TestCaseWithBootstrap, diff --git a/keystone/tests/protection/v3/test_project_tags.py b/keystone/tests/protection/v3/test_project_tags.py index 0807bedb6b..e62561c240 100644 --- a/keystone/tests/protection/v3/test_project_tags.py +++ b/keystone/tests/protection/v3/test_project_tags.py @@ -12,8 +12,8 @@ import uuid +import http.client from oslo_serialization import jsonutils -from six.moves import http_client from keystone.common.policies import project as pp from keystone.common import provider_api @@ -75,7 +75,7 @@ class _SystemUserTests(object): c.get( '/v3/projects/%s/tags/%s' % (project['id'], tag), headers=self.headers, - expected_status_code=http_client.NO_CONTENT + expected_status_code=http.client.NO_CONTENT ) def test_user_can_list_project_tags(self): @@ -109,7 +109,7 @@ class _SystemMemberAndReaderTagTests(object): c.put( '/v3/projects/%s/tags/%s' % (project['id'], tag), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_project_tag(self): @@ -126,7 +126,7 @@ class _SystemMemberAndReaderTagTests(object): with self.test_client() as c: c.put( '/v3/projects/%s/tags' % project['id'], headers=self.headers, - json=update, expected_status_code=http_client.FORBIDDEN + json=update, expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_project_tag(self): @@ -142,7 +142,7 @@ class _SystemMemberAndReaderTagTests(object): c.delete( '/v3/projects/%s/tags/%s' % (project['id'], tag), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -160,7 +160,7 @@ class _DomainAndProjectUserTagTests(object): c.put( '/v3/projects/%s/tags/%s' % (project['id'], tag), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_project_tag(self): @@ -177,7 +177,7 @@ class _DomainAndProjectUserTagTests(object): with self.test_client() as c: c.put( '/v3/projects/%s/tags' % project['id'], headers=self.headers, - json=update, expected_status_code=http_client.FORBIDDEN + json=update, expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_project_tag(self): @@ -193,7 +193,7 @@ class _DomainAndProjectUserTagTests(object): c.delete( '/v3/projects/%s/tags/%s' % (project['id'], tag), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -301,7 +301,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap, c.put( '/v3/projects/%s/tags/%s' % (project['id'], tag), headers=self.headers, - expected_status_code=http_client.CREATED + expected_status_code=http.client.CREATED ) def test_user_can_update_project_tag(self): @@ -319,7 +319,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap, c.put( '/v3/projects/%s/tags' % project['id'], headers=self.headers, json=update, - expected_status_code=http_client.OK + expected_status_code=http.client.OK ) def test_user_can_delete_project_tag(self): @@ -352,7 +352,7 @@ class _DomainUserTagTests(object): c.get( '/v3/projects/%s/tags/%s' % (project['id'], tag), headers=self.headers, - expected_status_code=http_client.NO_CONTENT + expected_status_code=http.client.NO_CONTENT ) def test_user_can_list_tags_for_project_in_domain(self): @@ -382,7 +382,7 @@ class _DomainUserTagTests(object): c.put( '/v3/projects/%s/tags/%s' % (project['id'], tag), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_project_tag_outside_domain(self): @@ -400,7 +400,7 @@ class _DomainUserTagTests(object): with self.test_client() as c: c.put( '/v3/projects/%s/tags' % project['id'], headers=self.headers, - json=update, expected_status_code=http_client.FORBIDDEN + json=update, expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_project_tag_outside_domain(self): @@ -416,7 +416,7 @@ class _DomainUserTagTests(object): c.delete( '/v3/projects/%s/tags/%s' % (project['id'], tag), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_get_tag_for_project_outside_domain(self): @@ -432,7 +432,7 @@ class _DomainUserTagTests(object): c.get( '/v3/projects/%s/tags/%s' % (project['id'], tag), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_list_tags_for_project_outside_domain(self): @@ -448,7 +448,7 @@ class _DomainUserTagTests(object): c.get( '/v3/projects/%s/tags' % project['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -465,7 +465,7 @@ class _DomainMemberAndReaderTagTests(object): c.put( '/v3/projects/%s/tags/%s' % (project['id'], tag), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_project_tag_in_domain(self): @@ -482,7 +482,7 @@ class _DomainMemberAndReaderTagTests(object): with self.test_client() as c: c.put( '/v3/projects/%s/tags' % project['id'], headers=self.headers, - json=update, expected_status_code=http_client.FORBIDDEN + json=update, expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_project_tag_in_domain(self): @@ -497,7 +497,7 @@ class _DomainMemberAndReaderTagTests(object): c.delete( '/v3/projects/%s/tags/%s' % (project['id'], tag), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -553,7 +553,7 @@ class DomainAdminUserTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.put( '/v3/projects/%s/tags/%s' % (project['id'], tag), - headers=self.headers, expected_status_code=http_client.CREATED + headers=self.headers, expected_status_code=http.client.CREATED ) def test_user_can_update_project_tag_in_domain(self): @@ -570,7 +570,7 @@ class DomainAdminUserTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: r = c.put( '/v3/projects/%s/tags' % project['id'], headers=self.headers, - json=update, expected_status_code=http_client.OK + json=update, expected_status_code=http.client.OK ) self.assertTrue(len(r.json['tags']) == 1) self.assertEqual(new_tag, r.json['tags'][0]) @@ -688,7 +688,7 @@ class _ProjectUserTagTests(object): c.get( '/v3/projects/%s/tags/%s' % (self.project_id, tag), headers=self.headers, - expected_status_code=http_client.NO_CONTENT + expected_status_code=http.client.NO_CONTENT ) def test_user_can_list_tags_for_project(self): @@ -714,7 +714,7 @@ class _ProjectUserTagTests(object): c.put( '/v3/projects/%s/tags/%s' % (project['id'], tag), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_tag_for_other_project(self): @@ -731,7 +731,7 @@ class _ProjectUserTagTests(object): with self.test_client() as c: c.put( '/v3/projects/%s/tags' % project['id'], headers=self.headers, - json=update, expected_status_code=http_client.FORBIDDEN + json=update, expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_tag_for_other_project(self): @@ -747,7 +747,7 @@ class _ProjectUserTagTests(object): c.delete( '/v3/projects/%s/tags/%s' % (project['id'], tag), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_get_tag_for_other_project(self): @@ -763,7 +763,7 @@ class _ProjectUserTagTests(object): c.get( '/v3/projects/%s/tags/%s' % (project['id'], tag), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_list_tags_for_other_project(self): @@ -779,7 +779,7 @@ class _ProjectUserTagTests(object): c.get( '/v3/projects/%s/tags' % project['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -791,7 +791,7 @@ class _ProjectMemberAndReaderTagTests(object): c.put( '/v3/projects/%s/tags/%s' % (self.project_id, tag), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_project_tag(self): @@ -803,7 +803,7 @@ class _ProjectMemberAndReaderTagTests(object): with self.test_client() as c: c.put( '/v3/projects/%s/tags' % self.project_id, headers=self.headers, - json=update, expected_status_code=http_client.FORBIDDEN + json=update, expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_project_tag(self): @@ -814,7 +814,7 @@ class _ProjectMemberAndReaderTagTests(object): c.delete( '/v3/projects/%s/tags/%s' % (self.project_id, tag), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -860,7 +860,7 @@ class ProjectAdminTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.put( '/v3/projects/%s/tags/%s' % (self.project_id, tag), - headers=self.headers, expected_status_code=http_client.CREATED + headers=self.headers, expected_status_code=http.client.CREATED ) def test_user_can_update_project_tag(self): @@ -872,7 +872,7 @@ class ProjectAdminTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.put( '/v3/projects/%s/tags' % self.project_id, headers=self.headers, - json=update, expected_status_code=http_client.OK + json=update, expected_status_code=http.client.OK ) def test_user_can_delete_project_tag(self): diff --git a/keystone/tests/protection/v3/test_projects.py b/keystone/tests/protection/v3/test_projects.py index 2b6c73e427..70ea051fcd 100644 --- a/keystone/tests/protection/v3/test_projects.py +++ b/keystone/tests/protection/v3/test_projects.py @@ -12,8 +12,8 @@ import uuid +import http.client from oslo_serialization import jsonutils -from six.moves import http_client from keystone.common.policies import project as pp from keystone.common import provider_api @@ -80,7 +80,7 @@ class _SystemUserTests(object): with self.test_client() as c: c.get( '/v3/projects/%s' % uuid.uuid4().hex, headers=self.headers, - expected_status_code=http_client.NOT_FOUND + expected_status_code=http.client.NOT_FOUND ) @@ -97,7 +97,7 @@ class _SystemMemberAndReaderProjectTests(object): with self.test_client() as c: c.post( '/v3/projects', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_projects(self): @@ -112,7 +112,7 @@ class _SystemMemberAndReaderProjectTests(object): c.patch( '/v3/projects/%s' % project['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_non_existent_project_forbidden(self): @@ -122,7 +122,7 @@ class _SystemMemberAndReaderProjectTests(object): c.patch( '/v3/projects/%s' % uuid.uuid4().hex, json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_projects(self): @@ -134,14 +134,14 @@ class _SystemMemberAndReaderProjectTests(object): with self.test_client() as c: c.delete( '/v3/projects/%s' % project['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_non_existent_project_forbidden(self): with self.test_client() as c: c.delete( '/v3/projects/%s' % uuid.uuid4().hex, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -188,7 +188,7 @@ class _DomainUsersTests(object): with self.test_client() as c: c.get( '/v3/projects/%s' % project['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_can_list_projects_for_user_in_domain(self): @@ -237,7 +237,7 @@ class _DomainUsersTests(object): with self.test_client() as c: c.get( '/v3/users/%s/projects' % user['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -250,7 +250,7 @@ class _DomainMemberAndReaderProjectTests(object): with self.test_client() as c: c.post( '/v3/projects', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_create_projects_in_other_domains(self): @@ -263,7 +263,7 @@ class _DomainMemberAndReaderProjectTests(object): with self.test_client() as c: c.post( '/v3/projects', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_projects_within_domain(self): @@ -278,7 +278,7 @@ class _DomainMemberAndReaderProjectTests(object): c.patch( '/v3/projects/%s' % project['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_projects_in_other_domain(self): @@ -293,7 +293,7 @@ class _DomainMemberAndReaderProjectTests(object): c.patch( '/v3/projects/%s' % project['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_non_existent_project_forbidden(self): @@ -303,7 +303,7 @@ class _DomainMemberAndReaderProjectTests(object): c.patch( '/v3/projects/%s' % uuid.uuid4().hex, json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_projects_within_domain(self): @@ -315,7 +315,7 @@ class _DomainMemberAndReaderProjectTests(object): with self.test_client() as c: c.delete( '/v3/projects/%s' % project['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_projects_in_other_domain(self): @@ -327,14 +327,14 @@ class _DomainMemberAndReaderProjectTests(object): with self.test_client() as c: c.delete( '/v3/projects/%s' % project['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_non_existent_projects_forbidden(self): with self.test_client() as c: c.delete( '/v3/projects/%s' % uuid.uuid4().hex, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -461,7 +461,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap, c.patch( '/v3/projects/%s' % uuid.uuid4().hex, json=update, headers=self.headers, - expected_status_code=http_client.NOT_FOUND + expected_status_code=http.client.NOT_FOUND ) def test_user_can_delete_projects(self): @@ -477,7 +477,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.delete( '/v3/projects/%s' % uuid.uuid4().hex, headers=self.headers, - expected_status_code=http_client.NOT_FOUND + expected_status_code=http.client.NOT_FOUND ) def test_user_can_list_their_projects(self): @@ -661,7 +661,7 @@ class DomainAdminTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.post( '/v3/projects', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_can_update_projects_within_domain(self): @@ -690,7 +690,7 @@ class DomainAdminTests(base_classes.TestCaseWithBootstrap, c.patch( '/v3/projects/%s' % project['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_non_existent_project_forbidden(self): @@ -706,7 +706,7 @@ class DomainAdminTests(base_classes.TestCaseWithBootstrap, c.patch( '/v3/projects/%s' % uuid.uuid4().hex, json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_can_delete_projects_within_domain(self): @@ -727,7 +727,7 @@ class DomainAdminTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.delete( '/v3/projects/%s' % project['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_non_existent_projects_forbidden(self): @@ -740,7 +740,7 @@ class DomainAdminTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.delete( '/v3/projects/%s' % uuid.uuid4().hex, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -809,7 +809,7 @@ class ProjectUserTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.get( '/v3/projects', headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_list_projects_for_others(self): @@ -833,7 +833,7 @@ class ProjectUserTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.get( '/v3/users/%s/projects' % user['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_can_list_their_projects(self): @@ -860,7 +860,7 @@ class ProjectUserTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.get( '/v3/projects/%s' % project['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_create_projects(self): @@ -873,7 +873,7 @@ class ProjectUserTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.post( '/v3/projects', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_projects(self): @@ -888,7 +888,7 @@ class ProjectUserTests(base_classes.TestCaseWithBootstrap, c.patch( '/v3/projects/%s' % project['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_non_existent_project_forbidden(self): @@ -898,7 +898,7 @@ class ProjectUserTests(base_classes.TestCaseWithBootstrap, c.patch( '/v3/projects/%s' % uuid.uuid4().hex, json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_projects(self): @@ -910,12 +910,12 @@ class ProjectUserTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.delete( '/v3/projects/%s' % project['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_non_existent_project_forbidden(self): with self.test_client() as c: c.delete( '/v3/projects/%s' % uuid.uuid4().hex, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) diff --git a/keystone/tests/protection/v3/test_protocols.py b/keystone/tests/protection/v3/test_protocols.py index 53f1238085..50b9983287 100644 --- a/keystone/tests/protection/v3/test_protocols.py +++ b/keystone/tests/protection/v3/test_protocols.py @@ -12,7 +12,7 @@ import uuid -from six.moves import http_client +import http.client from keystone.common import provider_api import keystone.conf @@ -91,7 +91,7 @@ class _SystemReaderAndMemberProtocolTests(object): ) c.put( path, json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_protocols(self): @@ -109,7 +109,7 @@ class _SystemReaderAndMemberProtocolTests(object): ) c.patch( path, json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_protocol(self): @@ -122,7 +122,7 @@ class _SystemReaderAndMemberProtocolTests(object): ) c.delete( path, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -148,7 +148,7 @@ class _DomainAndProjectUserProtocolTests(object): ) c.put( path, json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_protocols(self): @@ -166,7 +166,7 @@ class _DomainAndProjectUserProtocolTests(object): ) c.patch( path, json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_protocol(self): @@ -179,7 +179,7 @@ class _DomainAndProjectUserProtocolTests(object): ) c.delete( path, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_list_protocols(self): @@ -192,7 +192,7 @@ class _DomainAndProjectUserProtocolTests(object): ) c.get( path, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_get_a_protocol(self): @@ -205,7 +205,7 @@ class _DomainAndProjectUserProtocolTests(object): ) c.get( path, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -326,7 +326,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap, ) c.put( path, json=create, headers=self.headers, - expected_status_code=http_client.CREATED + expected_status_code=http.client.CREATED ) def test_user_can_update_protocols(self): diff --git a/keystone/tests/protection/v3/test_regions.py b/keystone/tests/protection/v3/test_regions.py index 0cdfb51bf1..b627cd8a04 100644 --- a/keystone/tests/protection/v3/test_regions.py +++ b/keystone/tests/protection/v3/test_regions.py @@ -12,7 +12,7 @@ import uuid -from six.moves import http_client +import http.client from keystone.common import provider_api import keystone.conf @@ -55,7 +55,7 @@ class _SystemReaderAndMemberUserRegionTests(object): with self.test_client() as c: c.post( '/v3/regions', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_regions(self): @@ -66,7 +66,7 @@ class _SystemReaderAndMemberUserRegionTests(object): c.patch( '/v3/regions/%s' % region['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_regions(self): @@ -76,7 +76,7 @@ class _SystemReaderAndMemberUserRegionTests(object): c.delete( '/v3/regions/%s' % region['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -89,7 +89,7 @@ class _DomainAndProjectUserRegionTests(object): with self.test_client() as c: c.post( '/v3/regions', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_regions(self): @@ -100,7 +100,7 @@ class _DomainAndProjectUserRegionTests(object): c.patch( '/v3/regions/%s' % region['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_regions(self): @@ -110,7 +110,7 @@ class _DomainAndProjectUserRegionTests(object): c.delete( '/v3/regions/%s' % region['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) diff --git a/keystone/tests/protection/v3/test_registered_limits.py b/keystone/tests/protection/v3/test_registered_limits.py index 8b78d681c9..f508eb853a 100644 --- a/keystone/tests/protection/v3/test_registered_limits.py +++ b/keystone/tests/protection/v3/test_registered_limits.py @@ -12,7 +12,7 @@ import uuid -from six.moves import http_client +import http.client from keystone.common import provider_api import keystone.conf @@ -83,7 +83,7 @@ class _UserRegisteredLimitTests(object): with self.test_client() as c: c.post( '/v3/registered_limits', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_registered_limits(self): @@ -107,7 +107,7 @@ class _UserRegisteredLimitTests(object): c.patch( '/v3/registered_limits/%s' % limit_id, json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_registered_limits(self): @@ -126,7 +126,7 @@ class _UserRegisteredLimitTests(object): with self.test_client() as c: c.delete( '/v3/registered_limits/%s' % limit_id, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) diff --git a/keystone/tests/protection/v3/test_roles.py b/keystone/tests/protection/v3/test_roles.py index ae6be1c72a..09667553d8 100644 --- a/keystone/tests/protection/v3/test_roles.py +++ b/keystone/tests/protection/v3/test_roles.py @@ -12,7 +12,7 @@ import uuid -from six.moves import http_client +import http.client from keystone.common import provider_api import keystone.conf @@ -57,7 +57,7 @@ class _SystemReaderAndMemberRoleTests(object): with self.test_client() as c: c.post( '/v3/roles', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_roles(self): @@ -70,7 +70,7 @@ class _SystemReaderAndMemberRoleTests(object): with self.test_client() as c: c.patch( '/v3/roles/%s' % role['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_roles(self): @@ -81,7 +81,7 @@ class _SystemReaderAndMemberRoleTests(object): with self.test_client() as c: c.delete( '/v3/roles/%s' % role['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -94,7 +94,7 @@ class _DomainAndProjectUserRoleTests(object): with self.test_client() as c: c.get( '/v3/roles', headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_get_a_role(self): @@ -105,7 +105,7 @@ class _DomainAndProjectUserRoleTests(object): with self.test_client() as c: c.get( '/v3/roles/%s' % role['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_create_roles(self): @@ -114,7 +114,7 @@ class _DomainAndProjectUserRoleTests(object): with self.test_client() as c: c.post( '/v3/roles', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_roles(self): @@ -127,7 +127,7 @@ class _DomainAndProjectUserRoleTests(object): with self.test_client() as c: c.patch( '/v3/roles/%s' % role['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_roles(self): @@ -138,7 +138,7 @@ class _DomainAndProjectUserRoleTests(object): with self.test_client() as c: c.delete( '/v3/roles/%s' % role['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) diff --git a/keystone/tests/protection/v3/test_service_providers.py b/keystone/tests/protection/v3/test_service_providers.py index 83aec6f2fd..acebbc4e77 100644 --- a/keystone/tests/protection/v3/test_service_providers.py +++ b/keystone/tests/protection/v3/test_service_providers.py @@ -12,7 +12,7 @@ import uuid -from six.moves import http_client +import http.client from keystone.common import provider_api import keystone.conf @@ -74,7 +74,7 @@ class _SystemReaderAndMemberUserServiceProviderTests(object): '/v3/OS-FEDERATION/service_providers/%s' % uuid.uuid4().hex, headers=self.headers, json=create, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_service_providers(self): @@ -90,7 +90,7 @@ class _SystemReaderAndMemberUserServiceProviderTests(object): service_provider['id'], headers=self.headers, json=update, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_service_providers(self): @@ -103,7 +103,7 @@ class _SystemReaderAndMemberUserServiceProviderTests(object): '/v3/OS-FEDERATION/service_providers/%s' % service_provider['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -123,7 +123,7 @@ class _DomainAndProjectUserServiceProviderTests(object): '/v3/OS-FEDERATION/service_providers/%s' % uuid.uuid4().hex, headers=self.headers, json=create, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_service_providers(self): @@ -139,7 +139,7 @@ class _DomainAndProjectUserServiceProviderTests(object): service_provider['id'], headers=self.headers, json=update, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_list_service_providers(self): @@ -150,7 +150,7 @@ class _DomainAndProjectUserServiceProviderTests(object): with self.test_client() as c: c.get( '/v3/OS-FEDERATION/service_providers', headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_get_a_service_provider(self): @@ -163,7 +163,7 @@ class _DomainAndProjectUserServiceProviderTests(object): '/v3/OS-FEDERATION/service_providers/%s' % service_provider['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_service_providers(self): @@ -176,7 +176,7 @@ class _DomainAndProjectUserServiceProviderTests(object): '/v3/OS-FEDERATION/service_providers/%s' % service_provider['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -287,7 +287,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap, '/v3/OS-FEDERATION/service_providers/%s' % uuid.uuid4().hex, headers=self.headers, json=create, - expected_status_code=http_client.CREATED + expected_status_code=http.client.CREATED ) def test_user_can_update_service_providers(self): diff --git a/keystone/tests/protection/v3/test_services.py b/keystone/tests/protection/v3/test_services.py index c9505bfd9f..2fa6f2b80d 100644 --- a/keystone/tests/protection/v3/test_services.py +++ b/keystone/tests/protection/v3/test_services.py @@ -12,7 +12,7 @@ import uuid -from six.moves import http_client +import http.client from keystone.common import provider_api import keystone.conf @@ -68,7 +68,7 @@ class _SystemReaderAndMemberUserServiceTests(object): with self.test_client() as c: c.post( '/v3/services', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_services(self): @@ -81,7 +81,7 @@ class _SystemReaderAndMemberUserServiceTests(object): c.patch( '/v3/services/%s' % service['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_services(self): @@ -91,7 +91,7 @@ class _SystemReaderAndMemberUserServiceTests(object): with self.test_client() as c: c.delete( '/v3/services/%s' % service['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -108,7 +108,7 @@ class _DomainAndProjectUserServiceTests(object): with self.test_client() as c: c.post( '/v3/services', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_list_services(self): @@ -118,7 +118,7 @@ class _DomainAndProjectUserServiceTests(object): with self.test_client() as c: c.get( '/v3/services', headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_get_a_service(self): @@ -128,7 +128,7 @@ class _DomainAndProjectUserServiceTests(object): with self.test_client() as c: c.get( '/v3/services/%s' % service['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_services(self): @@ -141,7 +141,7 @@ class _DomainAndProjectUserServiceTests(object): c.patch( '/v3/services/%s' % service['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_services(self): @@ -151,7 +151,7 @@ class _DomainAndProjectUserServiceTests(object): with self.test_client() as c: c.delete( '/v3/services/%s' % service['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) diff --git a/keystone/tests/protection/v3/test_system_assignments.py b/keystone/tests/protection/v3/test_system_assignments.py index 72936b902a..a17d3e3247 100644 --- a/keystone/tests/protection/v3/test_system_assignments.py +++ b/keystone/tests/protection/v3/test_system_assignments.py @@ -12,8 +12,8 @@ import uuid +import http.client from oslo_serialization import jsonutils -from six.moves import http_client from keystone.common.policies import base from keystone.common import provider_api @@ -62,7 +62,7 @@ class _SystemUserSystemAssignmentTests(object): '/v3/system/users/%s/roles/%s' % ( user['id'], self.bootstrapper.member_role_id ), headers=self.headers, - expected_status_code=http_client.NO_CONTENT + expected_status_code=http.client.NO_CONTENT ) def test_user_can_list_group_system_role_assignments(self): @@ -98,7 +98,7 @@ class _SystemUserSystemAssignmentTests(object): '/v3/system/groups/%s/roles/%s' % ( group['id'], self.bootstrapper.member_role_id ), headers=self.headers, - expected_status_code=http_client.NO_CONTENT + expected_status_code=http.client.NO_CONTENT ) @@ -114,7 +114,7 @@ class _SystemMemberAndReaderSystemAssignmentTests(object): '/v3/system/users/%s/roles/%s' % ( user['id'], self.bootstrapper.member_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_revoke_system_assignments(self): @@ -131,7 +131,7 @@ class _SystemMemberAndReaderSystemAssignmentTests(object): '/v3/system/users/%s/roles/%s' % ( user['id'], self.bootstrapper.member_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_grant_group_system_assignment(self): @@ -144,7 +144,7 @@ class _SystemMemberAndReaderSystemAssignmentTests(object): '/v3/system/groups/%s/roles/%s' % ( group['id'], self.bootstrapper.member_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_revoke_group_system_assignment(self): @@ -161,7 +161,7 @@ class _SystemMemberAndReaderSystemAssignmentTests(object): '/v3/system/groups/%s/roles/%s' % ( group['id'], self.bootstrapper.member_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -179,7 +179,7 @@ class _DomainAndProjectUserSystemAssignmentTests(object): with self.test_client() as c: c.get( '/v3/system/users/%s/roles' % user['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_check_user_system_role_assignments(self): @@ -196,7 +196,7 @@ class _DomainAndProjectUserSystemAssignmentTests(object): '/v3/system/users/%s/roles/%s' % ( user['id'], self.bootstrapper.member_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_grant_system_assignments(self): @@ -209,7 +209,7 @@ class _DomainAndProjectUserSystemAssignmentTests(object): '/v3/system/users/%s/roles/%s' % ( user['id'], self.bootstrapper.member_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_revoke_system_assignments(self): @@ -226,7 +226,7 @@ class _DomainAndProjectUserSystemAssignmentTests(object): '/v3/system/users/%s/roles/%s' % ( user['id'], self.bootstrapper.member_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_list_group_system_role_assignments(self): @@ -242,7 +242,7 @@ class _DomainAndProjectUserSystemAssignmentTests(object): c.get( '/v3/system/groups/%s/roles' % group['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_check_group_system_role_assignments(self): @@ -259,7 +259,7 @@ class _DomainAndProjectUserSystemAssignmentTests(object): '/v3/system/groups/%s/roles/%s' % ( group['id'], self.bootstrapper.member_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_grant_group_system_assignments(self): @@ -272,7 +272,7 @@ class _DomainAndProjectUserSystemAssignmentTests(object): '/v3/system/groups/%s/roles/%s' % ( group['id'], self.bootstrapper.member_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_revoke_group_system_assignments(self): @@ -289,7 +289,7 @@ class _DomainAndProjectUserSystemAssignmentTests(object): '/v3/system/groups/%s/roles/%s' % ( group['id'], self.bootstrapper.member_role_id ), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) diff --git a/keystone/tests/protection/v3/test_tokens.py b/keystone/tests/protection/v3/test_tokens.py index 1a6901b384..3e254f7cd9 100644 --- a/keystone/tests/protection/v3/test_tokens.py +++ b/keystone/tests/protection/v3/test_tokens.py @@ -12,7 +12,7 @@ import uuid -from six.moves import http_client +import http.client from keystone.common import provider_api import keystone.conf @@ -125,7 +125,7 @@ class _SystemMemberAndReaderTokenTests(object): self.headers['X-Subject-Token'] = system_token c.delete( '/v3/auth/tokens', headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_revoke_a_domain_scoped_token(self): @@ -154,7 +154,7 @@ class _SystemMemberAndReaderTokenTests(object): self.headers['X-Subject-Token'] = domain_token c.delete( '/v3/auth/tokens', headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_revoke_a_project_scoped_token(self): @@ -184,7 +184,7 @@ class _SystemMemberAndReaderTokenTests(object): self.headers['X-Subject-Token'] = project_token c.delete( '/v3/auth/tokens', headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -388,7 +388,7 @@ class _DomainAndProjectUserTests(object): self.headers['X-Subject-Token'] = system_token c.get( '/v3/auth/tokens', headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_revoke_system_scoped_token(self): @@ -412,7 +412,7 @@ class _DomainAndProjectUserTests(object): self.headers['X-Subject-Token'] = system_token c.delete( '/v3/auth/tokens', headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_validate_domain_scoped_token(self): @@ -441,7 +441,7 @@ class _DomainAndProjectUserTests(object): self.headers['X-Subject-Token'] = domain_token c.get( '/v3/auth/tokens', headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_revoke_domain_scoped_token(self): @@ -470,7 +470,7 @@ class _DomainAndProjectUserTests(object): self.headers['X-Subject-Token'] = domain_token c.delete( '/v3/auth/tokens', headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_validate_project_scoped_token(self): @@ -500,7 +500,7 @@ class _DomainAndProjectUserTests(object): self.headers['X-Subject-Token'] = project_token c.get( '/v3/auth/tokens', headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_revoke_project_scoped_token(self): @@ -530,7 +530,7 @@ class _DomainAndProjectUserTests(object): self.headers['X-Subject-Token'] = project_token c.delete( '/v3/auth/tokens', headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) diff --git a/keystone/tests/protection/v3/test_trusts.py b/keystone/tests/protection/v3/test_trusts.py index 3614a8b9a2..ded2c2cc45 100644 --- a/keystone/tests/protection/v3/test_trusts.py +++ b/keystone/tests/protection/v3/test_trusts.py @@ -12,8 +12,8 @@ import uuid +import http.client from oslo_serialization import jsonutils -from six.moves import http_client from keystone.common import provider_api import keystone.conf @@ -133,7 +133,7 @@ class _AdminTestsMixin(object): '/v3/OS-TRUST/trusts', json=json, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_admin_list_all_trusts(self): @@ -168,7 +168,7 @@ class AdminTokenTests(TrustTests, _AdminTestsMixin): c.delete( '/v3/OS-TRUST/trusts/%s' % ref['id'], headers=self.headers, - expected_status_code=http_client.NO_CONTENT + expected_status_code=http.client.NO_CONTENT ) def test_admin_can_get_non_existent_trust_not_found(self): @@ -177,7 +177,7 @@ class AdminTokenTests(TrustTests, _AdminTestsMixin): c.get( '/v3/OS-TRUST/trusts/%s' % trust_id, headers=self.headers, - expected_status_code=http_client.NOT_FOUND + expected_status_code=http.client.NOT_FOUND ) def test_admin_cannot_get_trust_for_other_user(self): @@ -188,7 +188,7 @@ class AdminTokenTests(TrustTests, _AdminTestsMixin): c.get( '/v3/OS-TRUST/trusts/%s' % self.trust_id, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_admin_cannot_list_trust_roles_for_other_user(self): @@ -199,7 +199,7 @@ class AdminTokenTests(TrustTests, _AdminTestsMixin): c.get( '/v3/OS-TRUST/trusts/%s/roles' % self.trust_id, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_admin_cannot_get_trust_role_for_other_user(self): @@ -211,7 +211,7 @@ class AdminTokenTests(TrustTests, _AdminTestsMixin): ('/v3/OS-TRUST/trusts/%s/roles/%s' % (self.trust_id, self.bootstrapper.member_role_id)), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -224,7 +224,7 @@ class _SystemUserTests(object): c.get( '/v3/OS-TRUST/trusts/%s' % trust_id, headers=self.headers, - expected_status_code=http_client.NOT_FOUND + expected_status_code=http.client.NOT_FOUND ) def test_user_can_get_trust_for_other_user(self): @@ -296,7 +296,7 @@ class _SystemReaderMemberTests(_SystemUserTests): '/v3/OS-TRUST/trusts', json=json, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_trust(self): @@ -307,7 +307,7 @@ class _SystemReaderMemberTests(_SystemUserTests): c.delete( '/v3/OS-TRUST/trusts/%s' % ref['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -414,7 +414,7 @@ class SystemAdminTests(TrustTests, _AdminTestsMixin, _SystemUserTests): c.delete( '/v3/OS-TRUST/trusts/%s' % ref['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_admin_cannot_get_trust_for_other_user_overridden_defaults(self): @@ -426,7 +426,7 @@ class SystemAdminTests(TrustTests, _AdminTestsMixin, _SystemUserTests): c.get( '/v3/OS-TRUST/trusts/%s' % self.trust_id, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_admin_cannot_list_roles_for_other_user_overridden_defaults(self): @@ -438,7 +438,7 @@ class SystemAdminTests(TrustTests, _AdminTestsMixin, _SystemUserTests): c.get( '/v3/OS-TRUST/trusts/%s/roles' % self.trust_id, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_admin_cannot_get_trust_role_for_other_user_overridden(self): @@ -451,7 +451,7 @@ class SystemAdminTests(TrustTests, _AdminTestsMixin, _SystemUserTests): ('/v3/OS-TRUST/trusts/%s/roles/%s' % (self.trust_id, self.bootstrapper.member_role_id)), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_list_all_trusts_overridden_defaults(self): @@ -527,7 +527,7 @@ class ProjectUserTests(TrustTests): ('/v3/OS-TRUST/trusts?trustee_user_id=%s' % self.trustee_user_id), headers=self.trustor_headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_trustee_cannot_list_trusts_for_trustor(self): @@ -539,7 +539,7 @@ class ProjectUserTests(TrustTests): ('/v3/OS-TRUST/trusts?trustor_user_id=%s' % self.trustor_user_id), headers=self.trustee_headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_list_trusts_for_other_trustor(self): @@ -551,7 +551,7 @@ class ProjectUserTests(TrustTests): ('/v3/OS-TRUST/trusts?trustor_user_id=%s' % self.trustor_user_id), headers=self.other_headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_list_trusts_for_other_trustee(self): @@ -563,7 +563,7 @@ class ProjectUserTests(TrustTests): ('/v3/OS-TRUST/trusts?trustee_user_id=%s' % self.trustee_user_id), headers=self.other_headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_list_all_trusts(self): @@ -574,7 +574,7 @@ class ProjectUserTests(TrustTests): c.get( '/v3/OS-TRUST/trusts', headers=self.trustee_headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_get_another_users_trust(self): @@ -585,7 +585,7 @@ class ProjectUserTests(TrustTests): c.get( '/v3/OS-TRUST/trusts/%s' % ref['id'], headers=self.other_headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_can_get_non_existent_trust_not_found(self): @@ -594,7 +594,7 @@ class ProjectUserTests(TrustTests): c.get( '/v3/OS-TRUST/trusts/%s' % trust_id, headers=self.other_headers, - expected_status_code=http_client.NOT_FOUND + expected_status_code=http.client.NOT_FOUND ) def test_user_can_get_trust_of_whom_they_are_the_trustor(self): @@ -638,7 +638,7 @@ class ProjectUserTests(TrustTests): '/v3/OS-TRUST/trusts', json=json, headers=self.trustee_headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_trustor_can_delete_trust(self): @@ -659,7 +659,7 @@ class ProjectUserTests(TrustTests): c.delete( '/v3/OS-TRUST/trusts/%s' % ref['id'], headers=self.trustee_headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_trust_for_other_user(self): @@ -670,7 +670,7 @@ class ProjectUserTests(TrustTests): c.delete( '/v3/OS-TRUST/trusts/%s' % ref['id'], headers=self.other_headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_trustor_can_list_trust_roles(self): @@ -705,7 +705,7 @@ class ProjectUserTests(TrustTests): c.get( '/v3/OS-TRUST/trusts/%s/roles' % self.trust_id, headers=self.other_headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_trustor_can_get_trust_role(self): @@ -739,7 +739,7 @@ class ProjectUserTests(TrustTests): ('/v3/OS-TRUST/trusts/%s/roles/%s' % (self.trust_id, self.bootstrapper.member_role_id)), headers=self.other_headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_trustor_cannot_list_trusts_for_trustee_overridden_default(self): @@ -752,7 +752,7 @@ class ProjectUserTests(TrustTests): ('/v3/OS-TRUST/trusts?trustee_user_id=%s' % self.trustee_user_id), headers=self.trustor_headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_trustee_cannot_list_trusts_for_trustor_overridden_default(self): @@ -765,7 +765,7 @@ class ProjectUserTests(TrustTests): ('/v3/OS-TRUST/trusts?trustor_user_id=%s' % self.trustor_user_id), headers=self.trustee_headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_list_trusts_for_other_trustor_overridden(self): @@ -778,7 +778,7 @@ class ProjectUserTests(TrustTests): ('/v3/OS-TRUST/trusts?trustor_user_id=%s' % self.trustor_user_id), headers=self.other_headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_list_trusts_for_trustee_overridden_default(self): @@ -791,7 +791,7 @@ class ProjectUserTests(TrustTests): ('/v3/OS-TRUST/trusts?trustee_user_id=%s' % self.trustee_user_id), headers=self.other_headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_list_all_trusts_overridden_default(self): @@ -803,7 +803,7 @@ class ProjectUserTests(TrustTests): c.get( '/v3/OS-TRUST/trusts', headers=self.trustee_headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_trustor_can_delete_trust_overridden_default(self): @@ -826,7 +826,7 @@ class ProjectUserTests(TrustTests): c.delete( '/v3/OS-TRUST/trusts/%s' % ref['id'], headers=self.trustee_headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_trust_for_other_user_overridden_default(self): @@ -838,7 +838,7 @@ class ProjectUserTests(TrustTests): c.delete( '/v3/OS-TRUST/trusts/%s' % ref['id'], headers=self.other_headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_can_get_trust_of_whom_they_are_the_trustor_overridden(self): @@ -899,7 +899,7 @@ class ProjectUserTests(TrustTests): c.get( '/v3/OS-TRUST/trusts/%s/roles' % self.trust_id, headers=self.other_headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_trustor_can_get_trust_role_overridden_default(self): @@ -936,7 +936,7 @@ class ProjectUserTests(TrustTests): ('/v3/OS-TRUST/trusts/%s/roles/%s' % (self.trust_id, self.bootstrapper.member_role_id)), headers=self.other_headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -978,7 +978,7 @@ class DomainUserTests(TrustTests): ('/v3/OS-TRUST/trusts?trustee_user_id=%s' % self.trustee_user_id), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_trustee_cannot_list_trusts_for_trustor(self): @@ -990,7 +990,7 @@ class DomainUserTests(TrustTests): ('/v3/OS-TRUST/trusts?trustor_user_id=%s' % self.trustor_user_id), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_list_all_trusts(self): @@ -1001,7 +1001,7 @@ class DomainUserTests(TrustTests): c.get( '/v3/OS-TRUST/trusts', headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_get_trust(self): @@ -1012,7 +1012,7 @@ class DomainUserTests(TrustTests): c.get( '/v3/OS-TRUST/trusts/%s' % ref['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_can_get_non_existent_trust_not_found(self): @@ -1021,7 +1021,7 @@ class DomainUserTests(TrustTests): c.get( '/v3/OS-TRUST/trusts/%s' % trust_id, headers=self.headers, - expected_status_code=http_client.NOT_FOUND + expected_status_code=http.client.NOT_FOUND ) def test_user_cannot_create_trust(self): @@ -1035,7 +1035,7 @@ class DomainUserTests(TrustTests): '/v3/OS-TRUST/trusts', json=json, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_trust(self): @@ -1046,7 +1046,7 @@ class DomainUserTests(TrustTests): c.delete( '/v3/OS-TRUST/trusts/%s' % ref['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_list_trust_roles(self): @@ -1057,7 +1057,7 @@ class DomainUserTests(TrustTests): c.get( '/v3/OS-TRUST/trusts/%s/roles' % self.trust_id, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_get_trust_role(self): @@ -1069,5 +1069,5 @@ class DomainUserTests(TrustTests): ('/v3/OS-TRUST/trusts/%s/roles/%s' % (self.trust_id, self.bootstrapper.member_role_id)), headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) diff --git a/keystone/tests/protection/v3/test_users.py b/keystone/tests/protection/v3/test_users.py index f73b2d57a0..dab6ed7f39 100644 --- a/keystone/tests/protection/v3/test_users.py +++ b/keystone/tests/protection/v3/test_users.py @@ -12,8 +12,8 @@ import uuid +import http.client from oslo_serialization import jsonutils -from six.moves import http_client from keystone.common.policies import user as up from keystone.common import provider_api @@ -53,7 +53,7 @@ class _SystemUserTests(object): with self.test_client() as c: c.get( '/v3/users/%s' % uuid.uuid4().hex, headers=self.headers, - expected_status_code=http_client.NOT_FOUND + expected_status_code=http.client.NOT_FOUND ) def test_user_can_list_users(self): @@ -88,7 +88,7 @@ class _SystemMemberAndReaderUserTests(object): with self.test_client() as c: c.post( '/v3/users', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_users(self): @@ -101,7 +101,7 @@ class _SystemMemberAndReaderUserTests(object): c.patch( '/v3/users/%s' % user['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_non_existent_user_forbidden(self): @@ -113,7 +113,7 @@ class _SystemMemberAndReaderUserTests(object): with self.test_client() as c: c.patch( '/v3/users/%s' % user['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_users(self): @@ -124,14 +124,14 @@ class _SystemMemberAndReaderUserTests(object): with self.test_client() as c: c.delete( '/v3/users/%s' % user['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_non_existent_user_forbidden(self): with self.test_client() as c: c.delete( '/v3/users/%s' % uuid.uuid4().hex, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -159,7 +159,7 @@ class _DomainUserTests(object): with self.test_client() as c: c.get( '/v3/users/%s' % user['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_can_list_users_within_domain(self): @@ -207,7 +207,7 @@ class _DomainMemberAndReaderUserTests(object): with self.test_client() as c: c.post( '/v3/users', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_create_users_in_other_domain(self): @@ -225,7 +225,7 @@ class _DomainMemberAndReaderUserTests(object): with self.test_client() as c: c.post( '/v3/users', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_users_within_domain(self): @@ -237,7 +237,7 @@ class _DomainMemberAndReaderUserTests(object): with self.test_client() as c: c.patch( '/v3/users/%s' % user['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_users_in_other_domain(self): @@ -252,7 +252,7 @@ class _DomainMemberAndReaderUserTests(object): with self.test_client() as c: c.patch( '/v3/users/%s' % user['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_non_existent_user_forbidden(self): @@ -264,7 +264,7 @@ class _DomainMemberAndReaderUserTests(object): with self.test_client() as c: c.patch( '/v3/users/%s' % user['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_users_within_domain(self): @@ -275,7 +275,7 @@ class _DomainMemberAndReaderUserTests(object): with self.test_client() as c: c.delete( '/v3/users/%s' % user['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_users_in_other_domain(self): @@ -289,14 +289,14 @@ class _DomainMemberAndReaderUserTests(object): with self.test_client() as c: c.delete( '/v3/users/%s' % user['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_non_existent_user_forbidden(self): with self.test_client() as c: c.delete( '/v3/users/%s' % uuid.uuid4().hex, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -311,7 +311,7 @@ class _ProjectUserTests(object): with self.test_client() as c: c.get( '/v3/users/%s' % user['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_get_users_in_other_domains(self): @@ -325,14 +325,14 @@ class _ProjectUserTests(object): with self.test_client() as c: c.get( '/v3/users/%s' % user['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_get_non_existent_user_forbidden(self): with self.test_client() as c: c.get( '/v3/users/%s' % uuid.uuid4().hex, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_list_users_within_domain(self): @@ -340,7 +340,7 @@ class _ProjectUserTests(object): c.get( '/v3/users?domain_id=%s' % self.domain_id, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_list_users_in_other_domains(self): @@ -355,7 +355,7 @@ class _ProjectUserTests(object): c.get( '/v3/users?domain_id=%s' % domain['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_create_users_within_domain(self): @@ -369,7 +369,7 @@ class _ProjectUserTests(object): with self.test_client() as c: c.post( '/v3/users', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_create_users_in_other_domains(self): @@ -387,7 +387,7 @@ class _ProjectUserTests(object): with self.test_client() as c: c.post( '/v3/users', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_users_within_domain(self): @@ -399,7 +399,7 @@ class _ProjectUserTests(object): with self.test_client() as c: c.patch( '/v3/users/%s' % user['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_users_in_other_domain(self): @@ -414,7 +414,7 @@ class _ProjectUserTests(object): with self.test_client() as c: c.patch( '/v3/users/%s' % user['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_non_existent_user_forbidden(self): @@ -423,7 +423,7 @@ class _ProjectUserTests(object): c.patch( '/v3/users/%s' % uuid.uuid4().hex, json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_users_within_domain(self): @@ -434,7 +434,7 @@ class _ProjectUserTests(object): with self.test_client() as c: c.delete( '/v3/users/%s' % user['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_users_in_other_domains(self): @@ -448,14 +448,14 @@ class _ProjectUserTests(object): with self.test_client() as c: c.delete( '/v3/users/%s' % user['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_non_existent_user_forbidden(self): with self.test_client() as c: c.delete( '/v3/users/%s' % uuid.uuid4().hex, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) @@ -582,7 +582,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap, c.patch( '/v3/users/%s' % uuid.uuid4().hex, json=update, headers=self.headers, - expected_status_code=http_client.NOT_FOUND + expected_status_code=http.client.NOT_FOUND ) def test_user_can_delete_users(self): @@ -597,7 +597,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.delete( '/v3/users/%s' % uuid.uuid4().hex, headers=self.headers, - expected_status_code=http_client.NOT_FOUND + expected_status_code=http.client.NOT_FOUND ) @@ -765,7 +765,7 @@ class DomainAdminTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.post( '/v3/users', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_create_users_in_other_domain(self): @@ -783,7 +783,7 @@ class DomainAdminTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.post( '/v3/users', json=create, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_can_update_users_within_domain(self): @@ -829,7 +829,7 @@ class DomainAdminTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.patch( '/v3/users/%s' % user['id'], json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_update_non_existent_user_forbidden(self): @@ -838,7 +838,7 @@ class DomainAdminTests(base_classes.TestCaseWithBootstrap, c.patch( '/v3/users/%s' % uuid.uuid4().hex, json=update, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_can_delete_users_within_domain(self): @@ -862,14 +862,14 @@ class DomainAdminTests(base_classes.TestCaseWithBootstrap, with self.test_client() as c: c.delete( '/v3/users/%s' % user['id'], headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) def test_user_cannot_delete_non_existent_user_forbidden(self): with self.test_client() as c: c.delete( '/v3/users/%s' % uuid.uuid4().hex, headers=self.headers, - expected_status_code=http_client.FORBIDDEN + expected_status_code=http.client.FORBIDDEN ) diff --git a/keystone/tests/unit/assignment/test_backends.py b/keystone/tests/unit/assignment/test_backends.py index 589256effc..1e55dd42e0 100644 --- a/keystone/tests/unit/assignment/test_backends.py +++ b/keystone/tests/unit/assignment/test_backends.py @@ -13,7 +13,6 @@ import uuid import mock -from six.moves import range from testtools import matchers from keystone.common import provider_api diff --git a/keystone/tests/unit/catalog/test_backends.py b/keystone/tests/unit/catalog/test_backends.py index 9ed40a138c..63442721c4 100644 --- a/keystone/tests/unit/catalog/test_backends.py +++ b/keystone/tests/unit/catalog/test_backends.py @@ -14,7 +14,6 @@ import copy import uuid import mock -from six.moves import range from testtools import matchers from keystone.catalog.backends import base diff --git a/keystone/tests/unit/common/test_notifications.py b/keystone/tests/unit/common/test_notifications.py index ec3ba54cdb..879fcd5605 100644 --- a/keystone/tests/unit/common/test_notifications.py +++ b/keystone/tests/unit/common/test_notifications.py @@ -17,6 +17,7 @@ import uuid import fixtures import freezegun +import http.client import mock from oslo_config import fixture as config_fixture from oslo_log import log @@ -25,7 +26,6 @@ from pycadf import cadftaxonomy from pycadf import cadftype from pycadf import eventfactory from pycadf import resource as cadfresource -from six.moves import http_client from keystone.common import provider_api import keystone.conf @@ -1227,7 +1227,7 @@ class CadfNotificationsWrapperTestCase(test_v3.RestfulTestCase): data = self.build_authentication_request(user_id=user_id, password=password) self.post('/auth/tokens', body=data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) note = self._get_last_note() initiator = note['initiator'] @@ -1246,7 +1246,7 @@ class CadfNotificationsWrapperTestCase(test_v3.RestfulTestCase): user_domain_id=domain_id, password=password) self.post('/auth/tokens', body=data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) note = self._get_last_note() initiator = note['initiator'] diff --git a/keystone/tests/unit/common/test_utils.py b/keystone/tests/unit/common/test_utils.py index 6713d4257e..39962b4f6f 100644 --- a/keystone/tests/unit/common/test_utils.py +++ b/keystone/tests/unit/common/test_utils.py @@ -18,7 +18,6 @@ import uuid import freezegun from oslo_config import fixture as config_fixture from oslo_log import log -import six from keystone.common import fernet_utils from keystone.common import utils as common_utils @@ -52,16 +51,12 @@ class UtilsTestCase(unit.BaseTestCase): # Exact 64 length string, like ones used by mapping_id backend, are not # valid UUIDs, so they will be UUID5 namespaced value = u'f13de678ac714bb1b7d1e9a007c10db5' * 2 - if six.PY2: - value = value.encode('utf-8') expected_id = uuid.uuid5(common_utils.RESOURCE_ID_NAMESPACE, value).hex self.assertEqual(expected_id, common_utils.resource_uuid(value)) def test_resource_non_ascii_chars(self): # IDs with non-ASCII characters will be UUID5 namespaced value = u'ß' * 32 - if six.PY2: - value = value.encode('utf-8') expected_id = uuid.uuid5(common_utils.RESOURCE_ID_NAMESPACE, value).hex self.assertEqual(expected_id, common_utils.resource_uuid(value)) diff --git a/keystone/tests/unit/core.py b/keystone/tests/unit/core.py index a46826d469..4a1d5ab7d1 100644 --- a/keystone/tests/unit/core.py +++ b/keystone/tests/unit/core.py @@ -31,14 +31,13 @@ import warnings import fixtures import flask from flask import testing as flask_testing +import http.client from oslo_config import fixture as config_fixture from oslo_context import context as oslo_context from oslo_context import fixture as oslo_ctx_fixture from oslo_log import fixture as log_fixture from oslo_log import log from oslo_utils import timeutils -import six -from six.moves import http_client from sqlalchemy import exc import testtools from testtools import testcase @@ -61,7 +60,7 @@ from keystone.tests.unit import ksfixtures keystone.conf.configure() keystone.conf.set_config_defaults() -PID = six.text_type(os.getpid()) +PID = str(os.getpid()) TESTSDIR = os.path.dirname(os.path.abspath(__file__)) TESTCONF = os.path.join(TESTSDIR, 'config_files') ROOTDIR = os.path.normpath(os.path.join(TESTSDIR, '..', '..', '..')) @@ -449,7 +448,7 @@ def new_application_credential_ref(roles=None, if secret: ref['secret'] = secret - if isinstance(expires, six.string_types): + if isinstance(expires, str): ref['expires_at'] = expires elif isinstance(expires, dict): ref['expires_at'] = ( @@ -521,7 +520,7 @@ def new_trust_ref(trustor_user_id, trustee_user_id, project_id=None, if isinstance(redelegation_count, int): ref.update(redelegation_count=redelegation_count) - if isinstance(expires, six.string_types): + if isinstance(expires, str): ref['expires_at'] = expires elif isinstance(expires, dict): ref['expires_at'] = ( @@ -591,12 +590,12 @@ def _assert_expected_status(f): TEAPOT_HTTP_STATUS = 418 _default_expected_responses = { - 'get': http_client.OK, - 'head': http_client.OK, - 'post': http_client.CREATED, - 'put': http_client.NO_CONTENT, - 'patch': http_client.OK, - 'delete': http_client.NO_CONTENT, + 'get': http.client.OK, + 'head': http.client.OK, + 'post': http.client.CREATED, + 'put': http.client.NO_CONTENT, + 'patch': http.client.OK, + 'delete': http.client.NO_CONTENT, } @functools.wraps(f) @@ -607,7 +606,7 @@ def _assert_expected_status(f): expected_status_code = kwargs.pop( 'expected_status_code', _default_expected_responses.get( - f.__name__.lower(), http_client.OK)) + f.__name__.lower(), http.client.OK)) response = f(*args, **kwargs) # Logic to verify the response object is sane. Expand as needed diff --git a/keystone/tests/unit/credential/test_backend_sql.py b/keystone/tests/unit/credential/test_backend_sql.py index 45836e4294..53c0a44f12 100644 --- a/keystone/tests/unit/credential/test_backend_sql.py +++ b/keystone/tests/unit/credential/test_backend_sql.py @@ -12,8 +12,6 @@ import uuid -from six.moves import range - from keystone.common import provider_api from keystone.credential.providers import fernet as credential_provider from keystone.tests import unit diff --git a/keystone/tests/unit/fakeldap.py b/keystone/tests/unit/fakeldap.py index ed748de7d7..f374322d18 100644 --- a/keystone/tests/unit/fakeldap.py +++ b/keystone/tests/unit/fakeldap.py @@ -28,8 +28,6 @@ import shelve import ldap from oslo_log import log -import six -from six import moves import keystone.conf from keystone import exception @@ -119,7 +117,7 @@ def _paren_groups(source): count = 0 start = 0 result = [] - for pos in moves.range(len(source)): + for pos in range(len(source)): if source[pos] == '(': if count == 0: start = pos @@ -168,8 +166,8 @@ def _match(key, value, attrs): # For serviceId, the backend is returning a list of numbers. # Make sure we convert them to strings first before comparing # them. - str_sids = [six.text_type(x) for x in attrs[key]] - return six.text_type(value) in str_sids + str_sids = [str(x) for x in attrs[key]] + return str(value) in str_sids if key != 'objectclass': check_value = _internal_attr(key, value)[0].lower() norm_values = list( diff --git a/keystone/tests/unit/filtering.py b/keystone/tests/unit/filtering.py index aaf3338849..8b9a29a359 100644 --- a/keystone/tests/unit/filtering.py +++ b/keystone/tests/unit/filtering.py @@ -14,8 +14,6 @@ import uuid -from six.moves import range - from keystone.common import provider_api import keystone.conf from keystone import exception diff --git a/keystone/tests/unit/identity/test_backends.py b/keystone/tests/unit/identity/test_backends.py index e65cd3c419..43537f5494 100644 --- a/keystone/tests/unit/identity/test_backends.py +++ b/keystone/tests/unit/identity/test_backends.py @@ -14,7 +14,6 @@ import uuid -from six.moves import range from testtools import matchers from keystone.common import driver_hints diff --git a/keystone/tests/unit/ksfixtures/hacking.py b/keystone/tests/unit/ksfixtures/hacking.py index 379a14ef24..550f53a008 100644 --- a/keystone/tests/unit/ksfixtures/hacking.py +++ b/keystone/tests/unit/ksfixtures/hacking.py @@ -309,7 +309,7 @@ class HackingTranslations(fixtures.Fixture): try: something = True except AssertionError as e: - LOG.warning(six.text_type(e)) + LOG.warning(e) raise exception.Unauthorized(e) """, 'expected_errors': [], diff --git a/keystone/tests/unit/mapping_fixtures.py b/keystone/tests/unit/mapping_fixtures.py index 0a9d194e28..40aaae3826 100644 --- a/keystone/tests/unit/mapping_fixtures.py +++ b/keystone/tests/unit/mapping_fixtures.py @@ -14,8 +14,6 @@ """Fixtures for Federation Mapping.""" -from six.moves import range, zip - EMPLOYEE_GROUP_ID = "0cd5e9" CONTRACTOR_GROUP_ID = "85a868" diff --git a/keystone/tests/unit/receipt/test_fernet_provider.py b/keystone/tests/unit/receipt/test_fernet_provider.py index d00604e143..29e8651011 100644 --- a/keystone/tests/unit/receipt/test_fernet_provider.py +++ b/keystone/tests/unit/receipt/test_fernet_provider.py @@ -18,7 +18,6 @@ import os import uuid from oslo_utils import timeutils -import six from keystone.common import fernet_utils from keystone.common import provider_api @@ -123,11 +122,11 @@ class TestReceiptFormatter(unit.TestCase): binary_to_test = [b'a', b'aa', b'aaa'] for binary in binary_to_test: - # base64.urlsafe_b64encode takes six.binary_type and returns - # six.binary_type. + # base64.urlsafe_b64encode takes bytes and returns + # bytes. encoded_string = base64.urlsafe_b64encode(binary) encoded_string = encoded_string.decode('utf-8') - # encoded_string is now six.text_type. + # encoded_string is now str. encoded_str_without_padding = encoded_string.rstrip('=') self.assertFalse(encoded_str_without_padding.endswith('=')) encoded_str_with_padding_restored = ( @@ -161,10 +160,10 @@ class TestPayloads(unit.TestCase): def test_strings_can_be_converted_to_bytes(self): s = token_provider.random_urlsafe_str() - self.assertIsInstance(s, six.text_type) + self.assertIsInstance(s, str) b = receipt_formatters.ReceiptPayload.random_urlsafe_str_to_bytes(s) - self.assertIsInstance(b, six.binary_type) + self.assertIsInstance(b, bytes) def test_uuid_hex_to_byte_conversions(self): payload_cls = receipt_formatters.ReceiptPayload @@ -263,7 +262,7 @@ class TestFernetKeyRotation(unit.TestCase): static set of keys, and simply shuffling them, would fail such a test). """ - # Load the keys into a list, keys is list of six.text_type. + # Load the keys into a list, keys is list of str. key_utils = fernet_utils.FernetUtils( CONF.fernet_receipts.key_repository, CONF.fernet_receipts.max_active_keys, @@ -278,7 +277,7 @@ class TestFernetKeyRotation(unit.TestCase): # Create the thumbprint using all keys in the repository. signature = hashlib.sha1() for key in keys: - # Need to convert key to six.binary_type for update. + # Need to convert key to bytes for update. signature.update(key.encode('utf-8')) return signature.hexdigest() diff --git a/keystone/tests/unit/resource/test_backends.py b/keystone/tests/unit/resource/test_backends.py index 42f854ecf5..fb29b23ed1 100644 --- a/keystone/tests/unit/resource/test_backends.py +++ b/keystone/tests/unit/resource/test_backends.py @@ -14,7 +14,6 @@ import copy import uuid import mock -from six.moves import range from testtools import matchers from keystone.common import driver_hints diff --git a/keystone/tests/unit/rest.py b/keystone/tests/unit/rest.py index 23ff2d0c7c..378123575a 100644 --- a/keystone/tests/unit/rest.py +++ b/keystone/tests/unit/rest.py @@ -12,8 +12,8 @@ # License for the specific language governing permissions and limitations # under the License. +import http.client from oslo_serialization import jsonutils -from six.moves import http_client import webtest from keystone.tests import unit @@ -113,7 +113,7 @@ class RestfulTestCase(unit.TestCase): example:: - self.assertResponseStatus(response, http_client.NO_CONTENT) + self.assertResponseStatus(response, http.client.NO_CONTENT) """ self.assertEqual( expected_status, response.status_code, @@ -125,7 +125,7 @@ class RestfulTestCase(unit.TestCase): self.assertIn('X-Auth-Token', response.headers.get('Vary')) def assertValidErrorResponse(self, response, - expected_status=http_client.BAD_REQUEST): + expected_status=http.client.BAD_REQUEST): """Verify that the error response is valid. Subclasses can override this function based on the expected response. @@ -189,7 +189,7 @@ class RestfulTestCase(unit.TestCase): # we can save some code & improve coverage by always doing this if (method != 'HEAD' and - response.status_code >= http_client.BAD_REQUEST): + response.status_code >= http.client.BAD_REQUEST): self.assertValidErrorResponse(response) # Contains the decoded response.body diff --git a/keystone/tests/unit/test_associate_project_endpoint_extension.py b/keystone/tests/unit/test_associate_project_endpoint_extension.py index 3b783a8d2f..ad1d5275c3 100644 --- a/keystone/tests/unit/test_associate_project_endpoint_extension.py +++ b/keystone/tests/unit/test_associate_project_endpoint_extension.py @@ -15,7 +15,7 @@ import copy import uuid -from six.moves import http_client +import http.client from testtools import matchers from keystone.common import provider_api @@ -56,7 +56,7 @@ class EndpointFilterCRUDTestCase(EndpointFilterTestCase): '/endpoints/%(endpoint_id)s' % { 'project_id': uuid.uuid4().hex, 'endpoint_id': self.endpoint_id}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_create_endpoint_project_association_with_invalid_endpoint(self): """PUT /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}. @@ -68,7 +68,7 @@ class EndpointFilterCRUDTestCase(EndpointFilterTestCase): '/endpoints/%(endpoint_id)s' % { 'project_id': self.default_domain_project_id, 'endpoint_id': uuid.uuid4().hex}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_create_endpoint_project_association_with_unexpected_body(self): """PUT /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}. @@ -90,7 +90,7 @@ class EndpointFilterCRUDTestCase(EndpointFilterTestCase): '/endpoints/%(endpoint_id)s' % { 'project_id': self.default_domain_project_id, 'endpoint_id': self.endpoint_id}, - expected_status=http_client.NO_CONTENT) + expected_status=http.client.NO_CONTENT) def test_check_endpoint_project_association_with_invalid_project(self): """HEAD /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}. @@ -103,7 +103,7 @@ class EndpointFilterCRUDTestCase(EndpointFilterTestCase): '/endpoints/%(endpoint_id)s' % { 'project_id': uuid.uuid4().hex, 'endpoint_id': self.endpoint_id}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_check_endpoint_project_association_with_invalid_endpoint(self): """HEAD /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}. @@ -116,7 +116,7 @@ class EndpointFilterCRUDTestCase(EndpointFilterTestCase): '/endpoints/%(endpoint_id)s' % { 'project_id': self.default_domain_project_id, 'endpoint_id': uuid.uuid4().hex}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_get_endpoint_project_association(self): """GET /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}. @@ -129,7 +129,7 @@ class EndpointFilterCRUDTestCase(EndpointFilterTestCase): '/endpoints/%(endpoint_id)s' % { 'project_id': self.default_domain_project_id, 'endpoint_id': self.endpoint_id}, - expected_status=http_client.NO_CONTENT) + expected_status=http.client.NO_CONTENT) def test_get_endpoint_project_association_with_invalid_project(self): """GET /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}. @@ -142,7 +142,7 @@ class EndpointFilterCRUDTestCase(EndpointFilterTestCase): '/endpoints/%(endpoint_id)s' % { 'project_id': uuid.uuid4().hex, 'endpoint_id': self.endpoint_id}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_get_endpoint_project_association_with_invalid_endpoint(self): """GET /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}. @@ -155,7 +155,7 @@ class EndpointFilterCRUDTestCase(EndpointFilterTestCase): '/endpoints/%(endpoint_id)s' % { 'project_id': self.default_domain_project_id, 'endpoint_id': uuid.uuid4().hex}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_list_endpoints_associated_with_valid_project(self): """GET & HEAD /OS-EP-FILTER/projects/{project_id}/endpoints. @@ -169,7 +169,7 @@ class EndpointFilterCRUDTestCase(EndpointFilterTestCase): r = self.get(resource_url) self.assertValidEndpointListResponse(r, self.endpoint, resource_url=resource_url) - self.head(resource_url, expected_status=http_client.OK) + self.head(resource_url, expected_status=http.client.OK) def test_list_endpoints_associated_with_invalid_project(self): """GET & HEAD /OS-EP-FILTER/projects/{project_id}/endpoints. @@ -181,8 +181,8 @@ class EndpointFilterCRUDTestCase(EndpointFilterTestCase): url = ('/OS-EP-FILTER/projects/%(project_id)s/endpoints' % { 'project_id': uuid.uuid4().hex} ) - self.get(url, expected_status=http_client.NOT_FOUND) - self.head(url, expected_status=http_client.NOT_FOUND) + self.get(url, expected_status=http.client.NOT_FOUND) + self.head(url, expected_status=http.client.NOT_FOUND) def test_list_projects_associated_with_endpoint(self): """GET & HEAD /OS-EP-FILTER/endpoints/{endpoint_id}/projects. @@ -193,10 +193,10 @@ class EndpointFilterCRUDTestCase(EndpointFilterTestCase): self.put(self.default_request_url) resource_url = '/OS-EP-FILTER/endpoints/%(endpoint_id)s/projects' % { 'endpoint_id': self.endpoint_id} - r = self.get(resource_url, expected_status=http_client.OK) + r = self.get(resource_url, expected_status=http.client.OK) self.assertValidProjectListResponse(r, self.default_domain_project, resource_url=resource_url) - self.head(resource_url, expected_status=http_client.OK) + self.head(resource_url, expected_status=http.client.OK) def test_list_projects_with_no_endpoint_project_association(self): """GET & HEAD /OS-EP-FILTER/endpoints/{endpoint_id}/projects. @@ -208,9 +208,9 @@ class EndpointFilterCRUDTestCase(EndpointFilterTestCase): '/OS-EP-FILTER/endpoints/%(endpoint_id)s/projects' % {'endpoint_id': self.endpoint_id} ) - r = self.get(url, expected_status=http_client.OK) + r = self.get(url, expected_status=http.client.OK) self.assertValidProjectListResponse(r, expected_length=0) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) def test_list_projects_associated_with_invalid_endpoint(self): """GET & HEAD /OS-EP-FILTER/endpoints/{endpoint_id}/projects. @@ -222,8 +222,8 @@ class EndpointFilterCRUDTestCase(EndpointFilterTestCase): '/OS-EP-FILTER/endpoints/%(endpoint_id)s/projects' % {'endpoint_id': uuid.uuid4().hex} ) - self.get(url, expected_status=http_client.NOT_FOUND) - self.head(url, expected_status=http_client.NOT_FOUND) + self.get(url, expected_status=http.client.NOT_FOUND) + self.head(url, expected_status=http.client.NOT_FOUND) def test_remove_endpoint_project_association(self): """DELETE /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}. @@ -248,7 +248,7 @@ class EndpointFilterCRUDTestCase(EndpointFilterTestCase): '/endpoints/%(endpoint_id)s' % { 'project_id': uuid.uuid4().hex, 'endpoint_id': self.endpoint_id}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_remove_endpoint_project_association_with_invalid_endpoint(self): """DELETE /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}. @@ -261,7 +261,7 @@ class EndpointFilterCRUDTestCase(EndpointFilterTestCase): '/endpoints/%(endpoint_id)s' % { 'project_id': self.default_domain_project_id, 'endpoint_id': uuid.uuid4().hex}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_endpoint_project_association_cleanup_when_project_deleted(self): self.put(self.default_request_url) @@ -765,7 +765,7 @@ class EndpointGroupCRUDTestCase(EndpointFilterTestCase): invalid_body['endpoint_group']['filters'] = {'foobar': 'admin'} self.post(self.DEFAULT_ENDPOINT_GROUP_URL, body=invalid_body, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_get_endpoint_group(self): """GET /OS-EP-FILTER/endpoint_groups/{endpoint_group}. @@ -800,7 +800,7 @@ class EndpointGroupCRUDTestCase(EndpointFilterTestCase): endpoint_group_id = 'foobar' url = '/OS-EP-FILTER/endpoint_groups/%(endpoint_group_id)s' % { 'endpoint_group_id': endpoint_group_id} - self.get(url, expected_status=http_client.NOT_FOUND) + self.get(url, expected_status=http.client.NOT_FOUND) def test_check_endpoint_group(self): """HEAD /OS-EP-FILTER/endpoint_groups/{endpoint_group_id}. @@ -813,7 +813,7 @@ class EndpointGroupCRUDTestCase(EndpointFilterTestCase): self.DEFAULT_ENDPOINT_GROUP_URL, self.DEFAULT_ENDPOINT_GROUP_BODY) url = '/OS-EP-FILTER/endpoint_groups/%(endpoint_group_id)s' % { 'endpoint_group_id': endpoint_group_id} - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) def test_check_invalid_endpoint_group(self): """HEAD /OS-EP-FILTER/endpoint_groups/{endpoint_group_id}. @@ -824,7 +824,7 @@ class EndpointGroupCRUDTestCase(EndpointFilterTestCase): endpoint_group_id = 'foobar' url = '/OS-EP-FILTER/endpoint_groups/%(endpoint_group_id)s' % { 'endpoint_group_id': endpoint_group_id} - self.head(url, expected_status=http_client.NOT_FOUND) + self.head(url, expected_status=http.client.NOT_FOUND) def test_patch_endpoint_group(self): """PATCH /OS-EP-FILTER/endpoint_groups/{endpoint_group}. @@ -861,7 +861,7 @@ class EndpointGroupCRUDTestCase(EndpointFilterTestCase): } url = '/OS-EP-FILTER/endpoint_groups/%(endpoint_group_id)s' % { 'endpoint_group_id': 'ABC'} - self.patch(url, body=body, expected_status=http_client.NOT_FOUND) + self.patch(url, body=body, expected_status=http.client.NOT_FOUND) def test_patch_invalid_endpoint_group(self): """PATCH /OS-EP-FILTER/endpoint_groups/{endpoint_group}. @@ -883,7 +883,7 @@ class EndpointGroupCRUDTestCase(EndpointFilterTestCase): self.DEFAULT_ENDPOINT_GROUP_URL, self.DEFAULT_ENDPOINT_GROUP_BODY) url = '/OS-EP-FILTER/endpoint_groups/%(endpoint_group_id)s' % { 'endpoint_group_id': endpoint_group_id} - self.patch(url, body=body, expected_status=http_client.BAD_REQUEST) + self.patch(url, body=body, expected_status=http.client.BAD_REQUEST) # Perform a GET call to ensure that the content remains # the same (as DEFAULT_ENDPOINT_GROUP_BODY) after attempting to update @@ -907,7 +907,7 @@ class EndpointGroupCRUDTestCase(EndpointFilterTestCase): url = '/OS-EP-FILTER/endpoint_groups/%(endpoint_group_id)s' % { 'endpoint_group_id': endpoint_group_id} self.delete(url) - self.get(url, expected_status=http_client.NOT_FOUND) + self.get(url, expected_status=http.client.NOT_FOUND) def test_delete_invalid_endpoint_group(self): """GET /OS-EP-FILTER/endpoint_groups/{endpoint_group}. @@ -918,7 +918,7 @@ class EndpointGroupCRUDTestCase(EndpointFilterTestCase): endpoint_group_id = 'foobar' url = '/OS-EP-FILTER/endpoint_groups/%(endpoint_group_id)s' % { 'endpoint_group_id': endpoint_group_id} - self.delete(url, expected_status=http_client.NOT_FOUND) + self.delete(url, expected_status=http.client.NOT_FOUND) def test_add_endpoint_group_to_project(self): """Create a valid endpoint group and project association.""" @@ -937,7 +937,7 @@ class EndpointGroupCRUDTestCase(EndpointFilterTestCase): project_id = uuid.uuid4().hex url = self._get_project_endpoint_group_url( endpoint_group_id, project_id) - self.put(url, expected_status=http_client.NOT_FOUND) + self.put(url, expected_status=http.client.NOT_FOUND) def test_get_endpoint_group_in_project(self): """Test retrieving project endpoint group association.""" @@ -963,7 +963,7 @@ class EndpointGroupCRUDTestCase(EndpointFilterTestCase): project_id = uuid.uuid4().hex url = self._get_project_endpoint_group_url( endpoint_group_id, project_id) - self.get(url, expected_status=http_client.NOT_FOUND) + self.get(url, expected_status=http.client.NOT_FOUND) def test_list_endpoint_groups_in_project(self): """GET & HEAD /OS-EP-FILTER/projects/{project_id}/endpoint_groups.""" @@ -978,31 +978,31 @@ class EndpointGroupCRUDTestCase(EndpointFilterTestCase): url = ('/OS-EP-FILTER/projects/%(project_id)s/endpoint_groups' % {'project_id': self.project_id}) - response = self.get(url, expected_status=http_client.OK) + response = self.get(url, expected_status=http.client.OK) self.assertEqual( endpoint_group_id, response.result['endpoint_groups'][0]['id']) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) def test_list_endpoint_groups_in_invalid_project(self): """Test retrieving from invalid project.""" project_id = uuid.uuid4().hex url = ('/OS-EP-FILTER/projects/%(project_id)s/endpoint_groups' % {'project_id': project_id}) - self.get(url, expected_status=http_client.NOT_FOUND) - self.head(url, expected_status=http_client.NOT_FOUND) + self.get(url, expected_status=http.client.NOT_FOUND) + self.head(url, expected_status=http.client.NOT_FOUND) def test_empty_endpoint_groups_in_project(self): """Test when no endpoint groups associated with the project.""" url = ('/OS-EP-FILTER/projects/%(project_id)s/endpoint_groups' % {'project_id': self.project_id}) - response = self.get(url, expected_status=http_client.OK) + response = self.get(url, expected_status=http.client.OK) self.assertEqual(0, len(response.result['endpoint_groups'])) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) def test_check_endpoint_group_to_project(self): """Test HEAD with a valid endpoint group and project association.""" @@ -1012,7 +1012,7 @@ class EndpointGroupCRUDTestCase(EndpointFilterTestCase): self.project_id) url = self._get_project_endpoint_group_url( endpoint_group_id, self.project_id) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) def test_check_endpoint_group_to_project_with_invalid_project_id(self): """Test HEAD with an invalid endpoint group and project association.""" @@ -1029,7 +1029,7 @@ class EndpointGroupCRUDTestCase(EndpointFilterTestCase): project_id = uuid.uuid4().hex url = self._get_project_endpoint_group_url( endpoint_group_id, project_id) - self.head(url, expected_status=http_client.NOT_FOUND) + self.head(url, expected_status=http.client.NOT_FOUND) def test_list_endpoint_groups(self): """GET & HEAD /OS-EP-FILTER/endpoint_groups.""" @@ -1039,12 +1039,12 @@ class EndpointGroupCRUDTestCase(EndpointFilterTestCase): # recover all endpoint groups url = '/OS-EP-FILTER/endpoint_groups' - r = self.get(url, expected_status=http_client.OK) + r = self.get(url, expected_status=http.client.OK) self.assertNotEmpty(r.result['endpoint_groups']) self.assertEqual(endpoint_group_id, r.result['endpoint_groups'][0].get('id')) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) def test_list_endpoint_groups_by_name(self): """GET & HEAD /OS-EP-FILTER/endpoint_groups.""" @@ -1055,18 +1055,18 @@ class EndpointGroupCRUDTestCase(EndpointFilterTestCase): # retrieve the single endpointgroup by name url = ('/OS-EP-FILTER/endpoint_groups?name=%(name)s' % {'name': 'endpoint_group_name'}) - r = self.get(url, expected_status=http_client.OK) + r = self.get(url, expected_status=http.client.OK) self.assertNotEmpty(r.result['endpoint_groups']) self.assertEqual(1, len(r.result['endpoint_groups'])) self.assertEqual(endpoint_group_id, r.result['endpoint_groups'][0].get('id')) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) # try to retrieve a non existant one url = ('/OS-EP-FILTER/endpoint_groups?name=%(name)s' % {'name': 'fake'}) - r = self.get(url, expected_status=http_client.OK) + r = self.get(url, expected_status=http.client.OK) self.assertEqual(0, len(r.result['endpoint_groups'])) def test_list_projects_associated_with_endpoint_group(self): @@ -1087,8 +1087,8 @@ class EndpointGroupCRUDTestCase(EndpointFilterTestCase): url = ('/OS-EP-FILTER/endpoint_groups/%(endpoint_group_id)s' '/projects' % {'endpoint_group_id': endpoint_group_id}) - self.get(url, expected_status=http_client.OK) - self.head(url, expected_status=http_client.OK) + self.get(url, expected_status=http.client.OK) + self.head(url, expected_status=http.client.OK) def test_list_endpoints_associated_with_endpoint_group(self): """GET & HEAD /OS-EP-FILTER/endpoint_groups/{endpoint_group}/endpoints. @@ -1124,10 +1124,10 @@ class EndpointGroupCRUDTestCase(EndpointFilterTestCase): # recover list of endpoints associated with endpoint group url = ('/OS-EP-FILTER/endpoint_groups/%(endpoint_group_id)s' '/endpoints' % {'endpoint_group_id': endpoint_group_id}) - r = self.get(url, expected_status=http_client.OK) + r = self.get(url, expected_status=http.client.OK) self.assertNotEmpty(r.result['endpoints']) self.assertEqual(endpoint_id, r.result['endpoints'][0].get('id')) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) def test_list_endpoints_associated_with_project_endpoint_group(self): """GET & HEAD /OS-EP-FILTER/projects/{project_id}/endpoints. @@ -1162,10 +1162,10 @@ class EndpointGroupCRUDTestCase(EndpointFilterTestCase): # Now get a list of the filtered endpoints endpoints_url = '/OS-EP-FILTER/projects/%(project_id)s/endpoints' % { 'project_id': self.default_domain_project_id} - r = self.get(endpoints_url, expected_status=http_client.OK) + r = self.get(endpoints_url, expected_status=http.client.OK) endpoints = self.assertValidEndpointListResponse(r) self.assertEqual(2, len(endpoints)) - self.head(endpoints_url, expected_status=http_client.OK) + self.head(endpoints_url, expected_status=http.client.OK) # Ensure catalog includes the endpoints from endpoint_group project # association, this is needed when a project scoped token is issued @@ -1209,15 +1209,15 @@ class EndpointGroupCRUDTestCase(EndpointFilterTestCase): self.put(url) # check that we can recover the project endpoint group association - self.get(url, expected_status=http_client.OK) - self.get(url, expected_status=http_client.OK) + self.get(url, expected_status=http.client.OK) + self.get(url, expected_status=http.client.OK) # Now delete the project and then try and retrieve the project # endpoint group association again self.delete('/projects/%(project_id)s' % { 'project_id': project['id']}) - self.get(url, expected_status=http_client.NOT_FOUND) - self.head(url, expected_status=http_client.NOT_FOUND) + self.get(url, expected_status=http.client.NOT_FOUND) + self.head(url, expected_status=http.client.NOT_FOUND) def test_endpoint_group_project_cleanup_with_endpoint_group(self): # create endpoint group @@ -1237,7 +1237,7 @@ class EndpointGroupCRUDTestCase(EndpointFilterTestCase): # now remove the project endpoint group association self.delete(url) - self.get(url, expected_status=http_client.NOT_FOUND) + self.get(url, expected_status=http.client.NOT_FOUND) def test_removing_an_endpoint_group_project(self): # create an endpoint group @@ -1251,7 +1251,7 @@ class EndpointGroupCRUDTestCase(EndpointFilterTestCase): # remove the endpoint group project self.delete(url) - self.get(url, expected_status=http_client.NOT_FOUND) + self.get(url, expected_status=http.client.NOT_FOUND) def test_remove_endpoint_group_with_project_association(self): # create an endpoint group @@ -1269,9 +1269,9 @@ class EndpointGroupCRUDTestCase(EndpointFilterTestCase): '%(endpoint_group_id)s' % {'endpoint_group_id': endpoint_group_id}) self.delete(endpoint_group_url) - self.get(endpoint_group_url, expected_status=http_client.NOT_FOUND) + self.get(endpoint_group_url, expected_status=http.client.NOT_FOUND) self.get(project_endpoint_group_url, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) @unit.skip_if_cache_disabled('catalog') def test_add_endpoint_group_to_project_invalidates_catalog_cache(self): diff --git a/keystone/tests/unit/test_backend_endpoint_policy.py b/keystone/tests/unit/test_backend_endpoint_policy.py index a20756e307..7533b67567 100644 --- a/keystone/tests/unit/test_backend_endpoint_policy.py +++ b/keystone/tests/unit/test_backend_endpoint_policy.py @@ -14,7 +14,6 @@ import uuid -from six.moves import range from testtools import matchers from keystone.common import provider_api diff --git a/keystone/tests/unit/test_backend_ldap.py b/keystone/tests/unit/test_backend_ldap.py index c20d5e39c7..77291c7f29 100644 --- a/keystone/tests/unit/test_backend_ldap.py +++ b/keystone/tests/unit/test_backend_ldap.py @@ -18,12 +18,11 @@ import copy import uuid import fixtures +import http.client import ldap import mock from oslo_log import versionutils import pkg_resources -from six.moves import http_client -from six.moves import range from testtools import matchers from keystone.common import cache @@ -2411,7 +2410,7 @@ class BaseMultiLDAPandSQLIdentity(object): PROVIDERS.identity_api._get_domain_driver_and_entity_id( user['id'])) - if expected_status == http_client.OK: + if expected_status == http.client.OK: ref = driver.get_user(entity_id) ref = PROVIDERS.identity_api._set_domain_id_and_mapping( ref, domain_id, driver, map.EntityType.USER) @@ -2594,7 +2593,7 @@ class MultiLDAPandSQLIdentity(BaseLDAPIdentity, unit.SQLDriverOverrides, check_user = self.check_user check_user(users['user0'], - self.domain_default['id'], http_client.OK) + self.domain_default['id'], http.client.OK) for domain in [self.domains['domain1']['id'], self.domains['domain2']['id'], self.domains['domain3']['id'], @@ -2602,7 +2601,7 @@ class MultiLDAPandSQLIdentity(BaseLDAPIdentity, unit.SQLDriverOverrides, check_user(users['user0'], domain, exception.UserNotFound) check_user(users['user1'], self.domains['domain1']['id'], - http_client.OK) + http.client.OK) for domain in [self.domain_default['id'], self.domains['domain2']['id'], self.domains['domain3']['id'], @@ -2610,7 +2609,7 @@ class MultiLDAPandSQLIdentity(BaseLDAPIdentity, unit.SQLDriverOverrides, check_user(users['user1'], domain, exception.UserNotFound) check_user(users['user2'], self.domains['domain2']['id'], - http_client.OK) + http.client.OK) for domain in [self.domain_default['id'], self.domains['domain1']['id'], self.domains['domain3']['id'], @@ -2621,13 +2620,13 @@ class MultiLDAPandSQLIdentity(BaseLDAPIdentity, unit.SQLDriverOverrides, # able to see user3 and user4 from either. check_user(users['user3'], self.domains['domain3']['id'], - http_client.OK) + http.client.OK) check_user(users['user3'], self.domains['domain4']['id'], - http_client.OK) + http.client.OK) check_user(users['user4'], self.domains['domain3']['id'], - http_client.OK) + http.client.OK) check_user(users['user4'], self.domains['domain4']['id'], - http_client.OK) + http.client.OK) for domain in [self.domain_default['id'], self.domains['domain1']['id'], @@ -3138,12 +3137,12 @@ class DomainSpecificLDAPandSQLIdentity( # driver, but won't find it via any other domain driver self.check_user(users['user0'], - self.domain_default['id'], http_client.OK) + self.domain_default['id'], http.client.OK) self.check_user(users['user0'], self.domains['domain1']['id'], exception.UserNotFound) self.check_user(users['user1'], - self.domains['domain1']['id'], http_client.OK) + self.domains['domain1']['id'], http.client.OK) self.check_user(users['user1'], self.domain_default['id'], exception.UserNotFound) diff --git a/keystone/tests/unit/test_backend_sql.py b/keystone/tests/unit/test_backend_sql.py index 2ec23c31ea..d3ed38dda8 100644 --- a/keystone/tests/unit/test_backend_sql.py +++ b/keystone/tests/unit/test_backend_sql.py @@ -18,7 +18,6 @@ import uuid import mock from oslo_db import exception as db_exception from oslo_db import options -from six.moves import range import sqlalchemy from sqlalchemy import exc from testtools import matchers diff --git a/keystone/tests/unit/test_backend_templated.py b/keystone/tests/unit/test_backend_templated.py index 096d5cb029..cca9fe7dd7 100644 --- a/keystone/tests/unit/test_backend_templated.py +++ b/keystone/tests/unit/test_backend_templated.py @@ -15,7 +15,6 @@ import uuid import mock -from six.moves import zip from keystone.catalog.backends import base as catalog_base from keystone.common import provider_api diff --git a/keystone/tests/unit/test_cli.py b/keystone/tests/unit/test_cli.py index e8c73e300b..14b42ed565 100644 --- a/keystone/tests/unit/test_cli.py +++ b/keystone/tests/unit/test_cli.py @@ -19,17 +19,16 @@ import os import uuid import argparse +import configparser import fixtures import freezegun +import http.client import mock import oslo_config.fixture from oslo_db.sqlalchemy import migration from oslo_log import log from oslo_serialization import jsonutils from oslo_upgradecheck import upgradecheck -from six.moves import configparser -from six.moves import http_client -from six.moves import range from testtools import matchers from keystone.cmd import cli @@ -277,7 +276,7 @@ class CliBootStrapTestCase(unit.SQLDriverOverrides, unit.TestCase): c.get('/v3/auth/tokens', headers={'X-Auth-Token': r.headers['X-Subject-Token'], 'X-Subject-Token': token}, - expected_status_code=http_client.NOT_FOUND) + expected_status_code=http.client.NOT_FOUND) def test_bootstrap_recovers_user(self): self._do_test_bootstrap(self.bootstrap) @@ -616,7 +615,7 @@ class CliDomainConfigSingleDomainTestCase(CliDomainConfigAllTestCase): # Now try and upload the settings in the configuration file for the # default domain provider_api.ProviderAPIs._clear_registry_instances() - with mock.patch('six.moves.builtins.print') as mock_print: + with mock.patch('builtins.print') as mock_print: self.assertRaises(unit.UnexpectedExit, cli.DomainConfigUpload.main) file_name = ('keystone.%s.conf' % self.default_domain['name']) error_msg = _( @@ -641,7 +640,7 @@ class CliDomainConfigNoOptionsTestCase(CliDomainConfigAllTestCase): def test_config_upload(self): provider_api.ProviderAPIs._clear_registry_instances() - with mock.patch('six.moves.builtins.print') as mock_print: + with mock.patch('builtins.print') as mock_print: self.assertRaises(unit.UnexpectedExit, cli.DomainConfigUpload.main) mock_print.assert_has_calls( [mock.call( @@ -658,7 +657,7 @@ class CliDomainConfigTooManyOptionsTestCase(CliDomainConfigAllTestCase): def test_config_upload(self): provider_api.ProviderAPIs._clear_registry_instances() - with mock.patch('six.moves.builtins.print') as mock_print: + with mock.patch('builtins.print') as mock_print: self.assertRaises(unit.UnexpectedExit, cli.DomainConfigUpload.main) mock_print.assert_has_calls( [mock.call(_('The --all option cannot be used with ' @@ -675,7 +674,7 @@ class CliDomainConfigInvalidDomainTestCase(CliDomainConfigAllTestCase): def test_config_upload(self): provider_api.ProviderAPIs._clear_registry_instances() - with mock.patch('six.moves.builtins.print') as mock_print: + with mock.patch('builtins.print') as mock_print: self.assertRaises(unit.UnexpectedExit, cli.DomainConfigUpload.main) file_name = 'keystone.%s.conf' % self.invalid_domain_name error_msg = (_( @@ -1848,7 +1847,7 @@ class TestMappingEngineTester(unit.BaseTestCase): self.useFixture(fixtures.MockPatchObject( CONF, 'command', self.FakeConfCommand(self))) mapping_engine = cli.MappingEngineTester() - with mock.patch('six.moves.builtins.print') as mock_print: + with mock.patch('builtins.print') as mock_print: mapping_engine.main() self.assertEqual(mock_print.call_count, 3) call = mock_print.call_args_list[0] diff --git a/keystone/tests/unit/test_contrib_ec2_core.py b/keystone/tests/unit/test_contrib_ec2_core.py index e6cd96bebb..1242142e01 100644 --- a/keystone/tests/unit/test_contrib_ec2_core.py +++ b/keystone/tests/unit/test_contrib_ec2_core.py @@ -12,8 +12,8 @@ # License for the specific language governing permissions and limitations # under the License. +import http.client from keystoneclient.contrib.ec2 import utils as ec2_utils -from six.moves import http_client from keystone.common import provider_api from keystone.tests import unit @@ -50,25 +50,25 @@ class EC2ContribCoreV3(test_v3.RestfulTestCase): resp = self.post( '/ec2tokens', body={'credentials': credentials}, - expected_status=http_client.OK) + expected_status=http.client.OK) self.assertValidProjectScopedTokenResponse(resp, self.user) def test_authenticate_with_empty_body_returns_bad_request(self): self.post( '/ec2tokens', body={}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_authenticate_without_json_request_returns_bad_request(self): self.post( '/ec2tokens', body='not json', - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_authenticate_without_request_body_returns_bad_request(self): self.post( '/ec2tokens', - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_authenticate_without_proper_secret_returns_unauthorized(self): signer = ec2_utils.Ec2Signer('totally not the secret') @@ -88,4 +88,4 @@ class EC2ContribCoreV3(test_v3.RestfulTestCase): self.post( '/ec2tokens', body={'credentials': credentials}, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) diff --git a/keystone/tests/unit/test_contrib_s3_core.py b/keystone/tests/unit/test_contrib_s3_core.py index 90b23d5790..90328938dc 100644 --- a/keystone/tests/unit/test_contrib_s3_core.py +++ b/keystone/tests/unit/test_contrib_s3_core.py @@ -17,7 +17,7 @@ import hashlib import hmac import uuid -from six.moves import http_client +import http.client from keystone.api import s3tokens from keystone.common import provider_api @@ -50,7 +50,7 @@ class S3ContribCore(test_v3.RestfulTestCase): 'signature': base64.b64encode(sig).strip(), 'token': base64.b64encode(sts.encode('ascii')).strip(), }}, - expected_status=http_client.OK) + expected_status=http.client.OK) self.assertValidProjectScopedTokenResponse(resp, self.user, forbid_token_id=True) @@ -58,16 +58,16 @@ class S3ContribCore(test_v3.RestfulTestCase): self.post( '/s3tokens', body={}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) self.post( '/s3tokens', body="not json", - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) self.post( '/s3tokens', - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_bad_response(self): self.post( @@ -77,7 +77,7 @@ class S3ContribCore(test_v3.RestfulTestCase): 'signature': base64.b64encode(b'totally not the sig').strip(), 'token': base64.b64encode(b'string to sign').strip(), }}, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_good_signature_v1(self): creds_ref = {'secret': diff --git a/keystone/tests/unit/test_contrib_simple_cert.py b/keystone/tests/unit/test_contrib_simple_cert.py index e52acbc10d..6f13bc825f 100644 --- a/keystone/tests/unit/test_contrib_simple_cert.py +++ b/keystone/tests/unit/test_contrib_simple_cert.py @@ -10,7 +10,7 @@ # License for the specific language governing permissions and limitations # under the License. -from six.moves import http_client +import http.client from keystone.tests.unit import test_v3 @@ -27,7 +27,7 @@ class TestSimpleCert(BaseTestCase): self.request(app=self.public_app, method='GET', path=path, - expected_status=http_client.GONE) + expected_status=http.client.GONE) def test_ca_cert(self): self.request_cert(self.CA_PATH) diff --git a/keystone/tests/unit/test_exception.py b/keystone/tests/unit/test_exception.py index b2f27cda8e..be12e52bd6 100644 --- a/keystone/tests/unit/test_exception.py +++ b/keystone/tests/unit/test_exception.py @@ -21,7 +21,6 @@ import fixtures from oslo_config import fixture as config_fixture from oslo_log import log from oslo_serialization import jsonutils -import six import keystone.conf from keystone import exception @@ -66,14 +65,14 @@ class ExceptionTestCase(unit.BaseTestCase): attribute = uuid.uuid4().hex e = exception.ValidationError(target=target, attribute=attribute) self.assertValidJsonRendering(e) - self.assertIn(target, six.text_type(e)) - self.assertIn(attribute, six.text_type(e)) + self.assertIn(target, str(e)) + self.assertIn(attribute, str(e)) def test_not_found(self): target = uuid.uuid4().hex e = exception.NotFound(target=target) self.assertValidJsonRendering(e) - self.assertIn(target, six.text_type(e)) + self.assertIn(target, str(e)) def test_forbidden_title(self): e = exception.Forbidden() @@ -87,18 +86,14 @@ class ExceptionTestCase(unit.BaseTestCase): e = exception.Error(message) try: - self.assertEqual(message, six.text_type(e)) + self.assertEqual(message, str(e)) except UnicodeEncodeError: self.fail("unicode error message not supported") def test_unicode_string(self): e = exception.ValidationError(attribute='xx', target='Long \xe2\x80\x93 Dash') - - if six.PY2: - self.assertIn(u'\u2013', six.text_type(e)) - else: - self.assertIn('Long \xe2\x80\x93 Dash', six.text_type(e)) + self.assertIn('Long \xe2\x80\x93 Dash', str(e)) def test_invalid_unicode_string(self): # NOTE(jamielennox): This is a complete failure case so what is @@ -106,12 +101,7 @@ class ExceptionTestCase(unit.BaseTestCase): # as there is an error with a message e = exception.ValidationError(attribute='xx', target='\xe7a va') - - if six.PY2: - self.assertIn('%(attribute)', six.text_type(e)) - else: - # There's no UnicodeDecodeError on python 3. - self.assertIn('\xe7a va', six.text_type(e)) + self.assertIn('\xe7a va', str(e)) class UnexpectedExceptionTestCase(ExceptionTestCase): @@ -128,19 +118,19 @@ class UnexpectedExceptionTestCase(ExceptionTestCase): def test_unexpected_error_no_debug(self): self.config_fixture.config(debug=False) e = exception.UnexpectedError(exception=self.exc_str) - self.assertNotIn(self.exc_str, six.text_type(e)) + self.assertNotIn(self.exc_str, str(e)) def test_unexpected_error_debug(self): self.config_fixture.config(debug=True, insecure_debug=True) e = exception.UnexpectedError(exception=self.exc_str) - self.assertIn(self.exc_str, six.text_type(e)) + self.assertIn(self.exc_str, str(e)) def test_unexpected_error_subclass_no_debug(self): self.config_fixture.config(debug=False) e = UnexpectedExceptionTestCase.SubClassExc( debug_info=self.exc_str) self.assertEqual(exception.UnexpectedError.message_format, - six.text_type(e)) + str(e)) def test_unexpected_error_subclass_debug(self): self.config_fixture.config(debug=True, insecure_debug=True) @@ -150,38 +140,38 @@ class UnexpectedExceptionTestCase(ExceptionTestCase): expected = subclass.debug_message_format % {'debug_info': self.exc_str} self.assertEqual( '%s %s' % (expected, exception.SecurityError.amendment), - six.text_type(e)) + str(e)) def test_unexpected_error_custom_message_no_debug(self): self.config_fixture.config(debug=False) e = exception.UnexpectedError(self.exc_str) self.assertEqual(exception.UnexpectedError.message_format, - six.text_type(e)) + str(e)) def test_unexpected_error_custom_message_debug(self): self.config_fixture.config(debug=True, insecure_debug=True) e = exception.UnexpectedError(self.exc_str) self.assertEqual( '%s %s' % (self.exc_str, exception.SecurityError.amendment), - six.text_type(e)) + str(e)) def test_unexpected_error_custom_message_exception_debug(self): self.config_fixture.config(debug=True, insecure_debug=True) orig_e = exception.NotFound(target=uuid.uuid4().hex) e = exception.UnexpectedError(orig_e) self.assertEqual( - '%s %s' % (six.text_type(orig_e), + '%s %s' % (str(orig_e), exception.SecurityError.amendment), - six.text_type(e)) + str(e)) def test_unexpected_error_custom_message_binary_debug(self): self.config_fixture.config(debug=True, insecure_debug=True) binary_msg = b'something' e = exception.UnexpectedError(binary_msg) self.assertEqual( - '%s %s' % (six.text_type(binary_msg), + '%s %s' % (str(binary_msg), exception.SecurityError.amendment), - six.text_type(e)) + str(e)) class SecurityErrorTestCase(ExceptionTestCase): @@ -197,7 +187,7 @@ class SecurityErrorTestCase(ExceptionTestCase): risky_info = uuid.uuid4().hex e = exception.Unauthorized(message=risky_info) self.assertValidJsonRendering(e) - self.assertNotIn(risky_info, six.text_type(e)) + self.assertNotIn(risky_info, str(e)) def test_unauthorized_exposure_in_debug(self): self.config_fixture.config(debug=True, insecure_debug=True) @@ -205,7 +195,7 @@ class SecurityErrorTestCase(ExceptionTestCase): risky_info = uuid.uuid4().hex e = exception.Unauthorized(message=risky_info) self.assertValidJsonRendering(e) - self.assertIn(risky_info, six.text_type(e)) + self.assertIn(risky_info, str(e)) def test_forbidden_exposure(self): self.config_fixture.config(debug=False) @@ -213,7 +203,7 @@ class SecurityErrorTestCase(ExceptionTestCase): risky_info = uuid.uuid4().hex e = exception.Forbidden(message=risky_info) self.assertValidJsonRendering(e) - self.assertNotIn(risky_info, six.text_type(e)) + self.assertNotIn(risky_info, str(e)) def test_forbidden_exposure_in_debug(self): self.config_fixture.config(debug=True, insecure_debug=True) @@ -221,7 +211,7 @@ class SecurityErrorTestCase(ExceptionTestCase): risky_info = uuid.uuid4().hex e = exception.Forbidden(message=risky_info) self.assertValidJsonRendering(e) - self.assertIn(risky_info, six.text_type(e)) + self.assertIn(risky_info, str(e)) def test_forbidden_action_exposure(self): self.config_fixture.config(debug=False) @@ -230,14 +220,14 @@ class SecurityErrorTestCase(ExceptionTestCase): action = uuid.uuid4().hex e = exception.ForbiddenAction(message=risky_info, action=action) self.assertValidJsonRendering(e) - self.assertNotIn(risky_info, six.text_type(e)) - self.assertIn(action, six.text_type(e)) - self.assertNotIn(exception.SecurityError.amendment, six.text_type(e)) + self.assertNotIn(risky_info, str(e)) + self.assertIn(action, str(e)) + self.assertNotIn(exception.SecurityError.amendment, str(e)) e = exception.ForbiddenAction(action=action) self.assertValidJsonRendering(e) - self.assertIn(action, six.text_type(e)) - self.assertNotIn(exception.SecurityError.amendment, six.text_type(e)) + self.assertIn(action, str(e)) + self.assertNotIn(exception.SecurityError.amendment, str(e)) def test_forbidden_action_exposure_in_debug(self): self.config_fixture.config(debug=True, insecure_debug=True) @@ -247,13 +237,13 @@ class SecurityErrorTestCase(ExceptionTestCase): e = exception.ForbiddenAction(message=risky_info, action=action) self.assertValidJsonRendering(e) - self.assertIn(risky_info, six.text_type(e)) - self.assertIn(exception.SecurityError.amendment, six.text_type(e)) + self.assertIn(risky_info, str(e)) + self.assertIn(exception.SecurityError.amendment, str(e)) e = exception.ForbiddenAction(action=action) self.assertValidJsonRendering(e) - self.assertIn(action, six.text_type(e)) - self.assertNotIn(exception.SecurityError.amendment, six.text_type(e)) + self.assertIn(action, str(e)) + self.assertNotIn(exception.SecurityError.amendment, str(e)) def test_forbidden_action_no_message(self): # When no custom message is given when the ForbiddenAction (or other @@ -264,13 +254,13 @@ class SecurityErrorTestCase(ExceptionTestCase): self.config_fixture.config(debug=False) e = exception.ForbiddenAction(action=action) - exposed_message = six.text_type(e) + exposed_message = str(e) self.assertIn(action, exposed_message) - self.assertNotIn(exception.SecurityError.amendment, six.text_type(e)) + self.assertNotIn(exception.SecurityError.amendment, str(e)) self.config_fixture.config(debug=True) e = exception.ForbiddenAction(action=action) - self.assertEqual(exposed_message, six.text_type(e)) + self.assertEqual(exposed_message, str(e)) def test_unicode_argument_message(self): self.config_fixture.config(debug=False) @@ -278,7 +268,7 @@ class SecurityErrorTestCase(ExceptionTestCase): risky_info = u'\u7ee7\u7eed\u884c\u7f29\u8fdb\u6216' e = exception.Forbidden(message=risky_info) self.assertValidJsonRendering(e) - self.assertNotIn(risky_info, six.text_type(e)) + self.assertNotIn(risky_info, str(e)) class TestSecurityErrorTranslation(unit.BaseTestCase): diff --git a/keystone/tests/unit/test_healthcheck.py b/keystone/tests/unit/test_healthcheck.py index ff0b2a6b61..567d31bbf0 100644 --- a/keystone/tests/unit/test_healthcheck.py +++ b/keystone/tests/unit/test_healthcheck.py @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -from six.moves import http_client +import http.client from keystone.tests.unit import rest @@ -20,6 +20,6 @@ from keystone.tests.unit import rest class HealthCheckTestCase(rest.RestfulTestCase): def test_get_healthcheck(self): with self.test_client() as c: - resp = c.get('/healthcheck', expected_status_code=http_client.OK) + resp = c.get('/healthcheck', expected_status_code=http.client.OK) # healthcheck is not supposed to return any data self.assertEqual(0, resp.content_length) diff --git a/keystone/tests/unit/test_ldap_livetest.py b/keystone/tests/unit/test_ldap_livetest.py index 2be31f0215..3f9fb53143 100644 --- a/keystone/tests/unit/test_ldap_livetest.py +++ b/keystone/tests/unit/test_ldap_livetest.py @@ -15,8 +15,6 @@ import subprocess import ldap.modlist -from six.moves import range -from six import PY2 from keystone.common import provider_api import keystone.conf @@ -31,14 +29,7 @@ PROVIDERS = provider_api.ProviderAPIs def create_object(dn, attrs): - if PY2: - # NOTE: Once https://github.com/python-ldap/python-ldap/issues/249 - # is released, we can pass bytes_strictness='warn' as a parameter to - # ldap.initialize instead of setting it after ldap.initialize. - conn = ldap.initialize(CONF.ldap.url, bytes_mode=False) - conn.bytes_strictness = 'warn' - else: - conn = ldap.initialize(CONF.ldap.url) + conn = ldap.initialize(CONF.ldap.url) conn.simple_bind_s(CONF.ldap.user, CONF.ldap.password) ldif = ldap.modlist.addModlist(attrs) conn.add_s(dn, ldif) diff --git a/keystone/tests/unit/test_ldap_tls_livetest.py b/keystone/tests/unit/test_ldap_tls_livetest.py index bf785c9f8e..b1541c5d44 100644 --- a/keystone/tests/unit/test_ldap_tls_livetest.py +++ b/keystone/tests/unit/test_ldap_tls_livetest.py @@ -14,7 +14,6 @@ # under the License. import ldap.modlist -from six import PY2 from keystone.common import provider_api import keystone.conf @@ -29,14 +28,7 @@ PROVIDERS = provider_api.ProviderAPIs def create_object(dn, attrs): - if PY2: - # NOTE: Once https://github.com/python-ldap/python-ldap/issues/249 - # is released, we can pass bytes_strictness='warn' as a parameter to - # ldap.initialize instead of setting it after ldap.initialize. - conn = ldap.initialize(CONF.ldap.url, bytes_mode=False) - conn.bytes_strictness = 'warn' - else: - conn = ldap.initialize(CONF.ldap.url) + conn = ldap.initialize(CONF.ldap.url) conn.simple_bind_s(CONF.ldap.user, CONF.ldap.password) ldif = ldap.modlist.addModlist(attrs) conn.add_s(dn, ldif) diff --git a/keystone/tests/unit/test_limits.py b/keystone/tests/unit/test_limits.py index 947a461c74..9163c346a2 100644 --- a/keystone/tests/unit/test_limits.py +++ b/keystone/tests/unit/test_limits.py @@ -12,7 +12,7 @@ # License for the specific language governing permissions and limitations # under the License. -from six.moves import http_client +import http.client import uuid from keystone.common import provider_api @@ -49,7 +49,7 @@ class LimitModelTestCase(test_v3.RestfulTestCase): validator.validate(response.json_body) def test_head_limit_model(self): - self.head('/limits/model', expected_status=http_client.OK) + self.head('/limits/model', expected_status=http.client.OK) def test_get_limit_model_returns_default_model(self): response = self.get('/limits/model') @@ -68,13 +68,13 @@ class LimitModelTestCase(test_v3.RestfulTestCase): def test_get_limit_model_without_token_fails(self): self.get( '/limits/model', noauth=True, - expected_status=http_client.UNAUTHORIZED + expected_status=http.client.UNAUTHORIZED ) def test_head_limit_model_without_token_fails(self): self.head( '/limits/model', noauth=True, - expected_status=http_client.UNAUTHORIZED + expected_status=http.client.UNAUTHORIZED ) @@ -113,7 +113,7 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits', body={'registered_limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) registered_limits = r.result['registered_limits'] for key in ['service_id', 'region_id', 'resource_name', 'default_limit', 'description']: @@ -125,7 +125,7 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits', body={'registered_limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) registered_limits = r.result['registered_limits'] for key in ['service_id', 'resource_name', 'default_limit']: self.assertEqual(registered_limits[0][key], ref[key]) @@ -139,7 +139,7 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits', body={'registered_limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) registered_limits = r.result['registered_limits'] for key in ['service_id', 'region_id', 'resource_name', 'default_limit']: @@ -156,7 +156,7 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits', body={'registered_limits': [ref1, ref2]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) registered_limits = r.result['registered_limits'] for key in ['service_id', 'resource_name', 'default_limit']: self.assertEqual(registered_limits[0][key], ref1[key]) @@ -171,7 +171,7 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits', body={'registered_limits': [ref1]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) registered_limits = r.result['registered_limits'] self.assertEqual(1, len(registered_limits)) @@ -182,7 +182,7 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits', body={'registered_limits': [ref2, ref3]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) registered_limits = r.result['registered_limits'] self.assertEqual(2, len(registered_limits)) @@ -196,7 +196,7 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits', body={'registered_limits': [input_limit]}, token=self.system_admin_token, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_create_registered_limit_duplicate(self): ref = unit.new_registered_limit_ref(service_id=self.service_id, @@ -205,12 +205,12 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits', body={'registered_limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) self.post( '/registered_limits', body={'registered_limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CONFLICT) + expected_status=http.client.CONFLICT) def test_update_registered_limit(self): ref = unit.new_registered_limit_ref(service_id=self.service_id, @@ -221,7 +221,7 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits', body={'registered_limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) update_ref = { 'service_id': self.service_id2, 'region_id': self.region_id2, @@ -233,7 +233,7 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits/%s' % r.result['registered_limits'][0]['id'], body={'registered_limit': update_ref}, token=self.system_admin_token, - expected_status=http_client.OK) + expected_status=http.client.OK) new_registered_limits = r.result['registered_limit'] self.assertEqual(new_registered_limits['service_id'], self.service_id2) @@ -252,7 +252,7 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits', body={'registered_limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) update_ref = { 'region_id': self.region_id, } @@ -261,7 +261,7 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits/%s' % registered_limit_id, body={'registered_limit': update_ref}, token=self.system_admin_token, - expected_status=http_client.OK) + expected_status=http.client.OK) new_registered_limits = r.result['registered_limit'] self.assertEqual(self.region_id, new_registered_limits['region_id']) @@ -270,7 +270,7 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits/%s' % registered_limit_id, body={'registered_limit': update_ref}, token=self.system_admin_token, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_update_registered_limit_description(self): ref = unit.new_registered_limit_ref(service_id=self.service_id, @@ -281,7 +281,7 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits', body={'registered_limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) update_ref = { 'description': 'test description' } @@ -290,7 +290,7 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits/%s' % registered_limit_id, body={'registered_limit': update_ref}, token=self.system_admin_token, - expected_status=http_client.OK) + expected_status=http.client.OK) new_registered_limits = r.result['registered_limit'] self.assertEqual(new_registered_limits['description'], 'test description') @@ -300,7 +300,7 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits/%s' % registered_limit_id, body={'registered_limit': update_ref}, token=self.system_admin_token, - expected_status=http_client.OK) + expected_status=http.client.OK) new_registered_limits = r.result['registered_limit'] self.assertEqual(new_registered_limits['description'], '') @@ -313,7 +313,7 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits', body={'registered_limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) update_ref = { 'region_id': None } @@ -322,7 +322,7 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits/%s' % registered_limit_id, body={'registered_limit': update_ref}, token=self.system_admin_token, - expected_status=http_client.OK) + expected_status=http.client.OK) self.assertIsNone(r.result['registered_limit']['region_id']) def test_update_registered_limit_region_id_to_none_conflict(self): @@ -337,12 +337,12 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits', body={'registered_limits': [ref1]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) r = self.post( '/registered_limits', body={'registered_limits': [ref2]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) update_ref = { 'region_id': None @@ -355,7 +355,7 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits/%s' % registered_limit_id, body={'registered_limit': update_ref}, token=self.system_admin_token, - expected_status=http_client.CONFLICT) + expected_status=http.client.CONFLICT) def test_update_registered_limit_not_found(self): update_ref = { @@ -368,7 +368,7 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits/%s' % uuid.uuid4().hex, body={'registered_limit': update_ref}, token=self.system_admin_token, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_update_registered_limit_with_invalid_input(self): ref = unit.new_registered_limit_ref(service_id=self.service_id, @@ -379,7 +379,7 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits', body={'registered_limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) reg_id = r.result['registered_limits'][0]['id'] update_ref1 = unit.new_registered_limit_ref(service_id='fake_id') @@ -393,7 +393,7 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits/%s' % reg_id, body={'registered_limit': input_limit}, token=self.system_admin_token, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_update_registered_limit_with_referenced_limit(self): ref = unit.new_registered_limit_ref(service_id=self.service_id, @@ -404,7 +404,7 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits', body={'registered_limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) ref = unit.new_limit_ref(project_id=self.project_id, service_id=self.service_id, @@ -414,7 +414,7 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/limits', body={'limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) update_ref = { 'service_id': self.service_id2, @@ -426,12 +426,12 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits/%s' % r.result['registered_limits'][0]['id'], body={'registered_limit': update_ref}, token=self.system_admin_token, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_list_registered_limit(self): r = self.get( '/registered_limits', - expected_status=http_client.OK) + expected_status=http.client.OK) self.assertEqual([], r.result.get('registered_limits')) ref1 = unit.new_registered_limit_ref(service_id=self.service_id, @@ -444,11 +444,11 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits', body={'registered_limits': [ref1, ref2]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) id1 = r.result['registered_limits'][0]['id'] r = self.get( '/registered_limits', - expected_status=http_client.OK) + expected_status=http.client.OK) registered_limits = r.result['registered_limits'] self.assertEqual(len(registered_limits), 2) for key in ['service_id', 'region_id', 'resource_name', @@ -462,7 +462,7 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): r = self.get( '/registered_limits?service_id=%s' % self.service_id, - expected_status=http_client.OK) + expected_status=http.client.OK) registered_limits = r.result['registered_limits'] self.assertEqual(len(registered_limits), 1) for key in ['service_id', 'region_id', 'resource_name', @@ -471,7 +471,7 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): r = self.get( '/registered_limits?region_id=%s' % self.region_id2, - expected_status=http_client.OK) + expected_status=http.client.OK) registered_limits = r.result['registered_limits'] self.assertEqual(len(registered_limits), 1) for key in ['service_id', 'region_id', 'resource_name', @@ -480,7 +480,7 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): r = self.get( '/registered_limits?resource_name=test_resource', - expected_status=http_client.OK) + expected_status=http.client.OK) registered_limits = r.result['registered_limits'] self.assertEqual(len(registered_limits), 2) @@ -493,14 +493,14 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits', body={'registered_limits': [ref1, ref2]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) id1 = r.result['registered_limits'][0]['id'] self.get( '/registered_limits/fake_id', - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) r = self.get( '/registered_limits/%s' % id1, - expected_status=http_client.OK) + expected_status=http.client.OK) registered_limit = r.result['registered_limit'] for key in ['service_id', 'region_id', 'resource_name', 'default_limit', 'description']: @@ -515,17 +515,17 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits', body={'registered_limits': [ref1, ref2]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) id1 = r.result['registered_limits'][0]['id'] self.delete('/registered_limits/%s' % id1, token=self.system_admin_token, - expected_status=http_client.NO_CONTENT) + expected_status=http.client.NO_CONTENT) self.delete('/registered_limits/fake_id', token=self.system_admin_token, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) r = self.get( '/registered_limits', - expected_status=http_client.OK) + expected_status=http.client.OK) registered_limits = r.result['registered_limits'] self.assertEqual(len(registered_limits), 1) @@ -538,7 +538,7 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/registered_limits', body={'registered_limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) ref = unit.new_limit_ref(project_id=self.project_id, service_id=self.service_id, @@ -548,11 +548,11 @@ class RegisteredLimitsTestCase(test_v3.RestfulTestCase): '/limits', body={'limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) id = r.result['registered_limits'][0]['id'] self.delete('/registered_limits/%s' % id, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) class LimitsTestCase(test_v3.RestfulTestCase): @@ -611,7 +611,7 @@ class LimitsTestCase(test_v3.RestfulTestCase): '/registered_limits', body={'registered_limits': [ref1, ref2, ref3]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) # Create more assignments, all are: # @@ -651,7 +651,7 @@ class LimitsTestCase(test_v3.RestfulTestCase): '/limits', body={'limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) limits = r.result['limits'] self.assertIsNotNone(limits[0]['id']) @@ -669,7 +669,7 @@ class LimitsTestCase(test_v3.RestfulTestCase): '/limits', body={'limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) limits = r.result['limits'] self.assertIsNotNone(limits[0]['id']) @@ -686,7 +686,7 @@ class LimitsTestCase(test_v3.RestfulTestCase): '/limits', body={'limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) limits = r.result['limits'] self.assertIsNotNone(limits[0]['id']) @@ -705,7 +705,7 @@ class LimitsTestCase(test_v3.RestfulTestCase): '/limits', body={'limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) limits = r.result['limits'] self.assertIsNotNone(limits[0]['id']) @@ -738,7 +738,7 @@ class LimitsTestCase(test_v3.RestfulTestCase): '/limits', body={'limits': [ref1, ref2]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) limits = r.result['limits'] for key in ['service_id', 'resource_name', 'resource_limit']: self.assertEqual(limits[0][key], ref1[key]) @@ -755,7 +755,7 @@ class LimitsTestCase(test_v3.RestfulTestCase): '/limits', body={'limits': [ref1]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) limits = r.result['limits'] self.assertEqual(1, len(limits)) @@ -770,7 +770,7 @@ class LimitsTestCase(test_v3.RestfulTestCase): '/limits', body={'limits': [ref2, ref3]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) limits = r.result['limits'] self.assertEqual(2, len(limits)) @@ -786,7 +786,7 @@ class LimitsTestCase(test_v3.RestfulTestCase): '/limits', body={'limits': [input_limit]}, token=self.system_admin_token, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_create_limit_duplicate(self): ref = unit.new_limit_ref(project_id=self.project_id, @@ -797,12 +797,12 @@ class LimitsTestCase(test_v3.RestfulTestCase): '/limits', body={'limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) self.post( '/limits', body={'limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CONFLICT) + expected_status=http.client.CONFLICT) def test_create_limit_without_reference_registered_limit(self): ref = unit.new_limit_ref(project_id=self.project_id, @@ -813,7 +813,7 @@ class LimitsTestCase(test_v3.RestfulTestCase): '/limits', body={'limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_update_limit(self): ref = unit.new_limit_ref(project_id=self.project_id, @@ -825,7 +825,7 @@ class LimitsTestCase(test_v3.RestfulTestCase): '/limits', body={'limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) update_ref = { 'resource_limit': 5, 'description': 'test description' @@ -834,7 +834,7 @@ class LimitsTestCase(test_v3.RestfulTestCase): '/limits/%s' % r.result['limits'][0]['id'], body={'limit': update_ref}, token=self.system_admin_token, - expected_status=http_client.OK) + expected_status=http.client.OK) new_limits = r.result['limit'] self.assertEqual(new_limits['resource_limit'], 5) @@ -848,7 +848,7 @@ class LimitsTestCase(test_v3.RestfulTestCase): '/limits/%s' % uuid.uuid4().hex, body={'limit': update_ref}, token=self.system_admin_token, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_update_limit_with_invalid_input(self): ref = unit.new_limit_ref(project_id=self.project_id, @@ -860,7 +860,7 @@ class LimitsTestCase(test_v3.RestfulTestCase): '/limits', body={'limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) limit_id = r.result['limits'][0]['id'] invalid_resource_limit_update = { @@ -875,13 +875,13 @@ class LimitsTestCase(test_v3.RestfulTestCase): '/limits/%s' % limit_id, body={'limit': input_limit}, token=self.system_admin_token, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_list_limit(self): r = self.get( '/limits', token=self.system_admin_token, - expected_status=http_client.OK) + expected_status=http.client.OK) self.assertEqual([], r.result.get('limits')) ref1 = unit.new_limit_ref(project_id=self.project_id, @@ -895,11 +895,11 @@ class LimitsTestCase(test_v3.RestfulTestCase): '/limits', body={'limits': [ref1, ref2]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) id1 = r.result['limits'][0]['id'] r = self.get( '/limits', - expected_status=http_client.OK) + expected_status=http.client.OK) limits = r.result['limits'] self.assertEqual(len(limits), 2) if limits[0]['id'] == id1: @@ -917,7 +917,7 @@ class LimitsTestCase(test_v3.RestfulTestCase): r = self.get( '/limits?service_id=%s' % self.service_id2, - expected_status=http_client.OK) + expected_status=http.client.OK) limits = r.result['limits'] self.assertEqual(len(limits), 1) for key in ['service_id', 'resource_name', 'resource_limit']: @@ -925,7 +925,7 @@ class LimitsTestCase(test_v3.RestfulTestCase): r = self.get( '/limits?region_id=%s' % self.region_id, - expected_status=http_client.OK) + expected_status=http.client.OK) limits = r.result['limits'] self.assertEqual(len(limits), 1) for key in ['service_id', 'region_id', 'resource_name', @@ -934,7 +934,7 @@ class LimitsTestCase(test_v3.RestfulTestCase): r = self.get( '/limits?resource_name=volume', - expected_status=http_client.OK) + expected_status=http.client.OK) limits = r.result['limits'] self.assertEqual(len(limits), 1) for key in ['service_id', 'region_id', 'resource_name', @@ -956,16 +956,16 @@ class LimitsTestCase(test_v3.RestfulTestCase): '/limits', body={'limits': [ref1, ref2]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) # non system scoped request will get the limits in its project. - r = self.get('/limits', expected_status=http_client.OK) + r = self.get('/limits', expected_status=http.client.OK) limits = r.result['limits'] self.assertEqual(1, len(limits)) self.assertEqual(self.project_id, limits[0]['project_id']) r = self.get( - '/limits', expected_status=http_client.OK, + '/limits', expected_status=http.client.OK, auth=self.build_authentication_request( user_id=self.user['id'], password=self.user['password'], project_id=self.project_2_id)) @@ -976,7 +976,7 @@ class LimitsTestCase(test_v3.RestfulTestCase): # any project user can filter by their own project r = self.get( '/limits?project_id=%s' % self.project_id, - expected_status=http_client.OK) + expected_status=http.client.OK) limits = r.result['limits'] self.assertEqual(1, len(limits)) self.assertEqual(self.project_id, limits[0]['project_id']) @@ -984,7 +984,7 @@ class LimitsTestCase(test_v3.RestfulTestCase): # a system scoped request can specify the project_id filter r = self.get( '/limits?project_id=%s' % self.project_id, - expected_status=http_client.OK, + expected_status=http.client.OK, token=self.system_admin_token ) limits = r.result['limits'] @@ -1004,11 +1004,11 @@ class LimitsTestCase(test_v3.RestfulTestCase): '/limits', body={'limits': [ref1, ref2]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) # non system scoped request will get the limits in its domain. r = self.get( - '/limits', expected_status=http_client.OK, + '/limits', expected_status=http.client.OK, auth=self.build_authentication_request( user_id=self.user['id'], password=self.user['password'], domain_id=self.domain_id)) @@ -1017,7 +1017,7 @@ class LimitsTestCase(test_v3.RestfulTestCase): self.assertEqual(self.domain_id, limits[0]['domain_id']) r = self.get( - '/limits', expected_status=http_client.OK, + '/limits', expected_status=http.client.OK, auth=self.build_authentication_request( user_id=self.user['id'], password=self.user['password'], domain_id=self.domain_2_id)) @@ -1029,14 +1029,14 @@ class LimitsTestCase(test_v3.RestfulTestCase): # will return an empty list. r = self.get( '/limits?domain_id=%s' % self.domain_id, - expected_status=http_client.OK) + expected_status=http.client.OK) limits = r.result['limits'] self.assertEqual(0, len(limits)) # a system scoped request can specify the domain_id filter r = self.get( '/limits?domain_id=%s' % self.domain_id, - expected_status=http_client.OK, + expected_status=http.client.OK, auth=self.build_authentication_request( user_id=self.user['id'], password=self.user['password'], system=True)) @@ -1056,16 +1056,16 @@ class LimitsTestCase(test_v3.RestfulTestCase): '/limits', body={'limits': [ref1, ref2]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) if r.result['limits'][0]['resource_name'] == 'volume': id1 = r.result['limits'][0]['id'] else: id1 = r.result['limits'][1]['id'] self.get('/limits/fake_id', token=self.system_admin_token, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) r = self.get('/limits/%s' % id1, - expected_status=http_client.OK) + expected_status=http.client.OK) limit = r.result['limit'] self.assertIsNone(limit['domain_id']) for key in ['service_id', 'region_id', 'resource_name', @@ -1080,11 +1080,11 @@ class LimitsTestCase(test_v3.RestfulTestCase): '/limits', body={'limits': [ref1]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) id1 = r.result['limits'][0]['id'] r = self.get('/limits/%s' % id1, - expected_status=http_client.OK, + expected_status=http.client.OK, auth=self.build_authentication_request( user_id=self.user['id'], password=self.user['password'], @@ -1108,18 +1108,18 @@ class LimitsTestCase(test_v3.RestfulTestCase): '/limits', body={'limits': [ref1, ref2]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) id1 = r.result['limits'][0]['id'] self.delete('/limits/%s' % id1, token=self.system_admin_token, - expected_status=http_client.NO_CONTENT) + expected_status=http.client.NO_CONTENT) self.delete('/limits/fake_id', token=self.system_admin_token, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) r = self.get( '/limits', token=self.system_admin_token, - expected_status=http_client.OK) + expected_status=http.client.OK) limits = r.result['limits'] self.assertEqual(len(limits), 1) @@ -1183,7 +1183,7 @@ class StrictTwoLevelLimitsTestCase(LimitsTestCase): '/limits', body={'limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) ref = unit.new_limit_ref(project_id=self.project_B['id'], service_id=self.service_id, @@ -1194,7 +1194,7 @@ class StrictTwoLevelLimitsTestCase(LimitsTestCase): '/limits', body={'limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) ref = unit.new_limit_ref(project_id=self.project_C['id'], service_id=self.service_id, @@ -1205,7 +1205,7 @@ class StrictTwoLevelLimitsTestCase(LimitsTestCase): '/limits', body={'limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) def test_create_child_limit_break_hierarchical_tree(self): # when A is 20, success to create B to 15, but fail to create C to 21. @@ -1225,7 +1225,7 @@ class StrictTwoLevelLimitsTestCase(LimitsTestCase): '/limits', body={'limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) ref = unit.new_limit_ref(project_id=self.project_B['id'], service_id=self.service_id, @@ -1236,7 +1236,7 @@ class StrictTwoLevelLimitsTestCase(LimitsTestCase): '/limits', body={'limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) ref = unit.new_limit_ref(project_id=self.project_C['id'], service_id=self.service_id, @@ -1247,7 +1247,7 @@ class StrictTwoLevelLimitsTestCase(LimitsTestCase): '/limits', body={'limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_create_child_with_default_parent(self): # If A is not set, the default value is 10 (from registered limit). @@ -1268,7 +1268,7 @@ class StrictTwoLevelLimitsTestCase(LimitsTestCase): '/limits', body={'limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) ref = unit.new_limit_ref(project_id=self.project_C['id'], service_id=self.service_id, @@ -1279,7 +1279,7 @@ class StrictTwoLevelLimitsTestCase(LimitsTestCase): '/limits', body={'limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_create_parent_limit(self): # When B is 9 , success to set A to 12 @@ -1295,7 +1295,7 @@ class StrictTwoLevelLimitsTestCase(LimitsTestCase): '/limits', body={'limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) ref = unit.new_limit_ref(domain_id=self.domain_A['id'], service_id=self.service_id, @@ -1306,7 +1306,7 @@ class StrictTwoLevelLimitsTestCase(LimitsTestCase): '/limits', body={'limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) def test_create_parent_limit_break_hierarchical_tree(self): # When B is 9 , fail to set A to 8 @@ -1322,7 +1322,7 @@ class StrictTwoLevelLimitsTestCase(LimitsTestCase): '/limits', body={'limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) ref = unit.new_limit_ref(domain_id=self.domain_A['id'], service_id=self.service_id, @@ -1333,7 +1333,7 @@ class StrictTwoLevelLimitsTestCase(LimitsTestCase): '/limits', body={'limits': [ref]}, token=self.system_admin_token, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_create_multi_limits(self): # success to create a tree in one request like: @@ -1374,7 +1374,7 @@ class StrictTwoLevelLimitsTestCase(LimitsTestCase): '/limits', body={'limits': [ref_A, ref_B, ref_C, ref_D, ref_E, ref_F]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) def test_create_multi_limits_invalid_input(self): # fail to create a tree in one request like: @@ -1416,7 +1416,7 @@ class StrictTwoLevelLimitsTestCase(LimitsTestCase): '/limits', body={'limits': [ref_A, ref_B, ref_C, ref_D, ref_E, ref_F]}, token=self.system_admin_token, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_create_multi_limits_break_hierarchical_tree(self): # when there is some hierarchical_trees already like: @@ -1447,7 +1447,7 @@ class StrictTwoLevelLimitsTestCase(LimitsTestCase): '/limits', body={'limits': [ref_A, ref_B, ref_E]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) ref_C = unit.new_limit_ref(project_id=self.project_C['id'], service_id=self.service_id, @@ -1463,7 +1463,7 @@ class StrictTwoLevelLimitsTestCase(LimitsTestCase): '/limits', body={'limits': [ref_C, ref_D]}, token=self.system_admin_token, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_update_child_limit(self): # Success to update C to 9 @@ -1489,19 +1489,19 @@ class StrictTwoLevelLimitsTestCase(LimitsTestCase): '/limits', body={'limits': [ref_A, ref_B]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) r = self.post( '/limits', body={'limits': [ref_C]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) update_dict = {'resource_limit': 9} self.patch( '/limits/%s' % r.result['limits'][0]['id'], body={'limit': update_dict}, token=self.system_admin_token, - expected_status=http_client.OK) + expected_status=http.client.OK) def test_update_child_limit_break_hierarchical_tree(self): # Fail to update C to 11 @@ -1527,19 +1527,19 @@ class StrictTwoLevelLimitsTestCase(LimitsTestCase): '/limits', body={'limits': [ref_A, ref_B]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) r = self.post( '/limits', body={'limits': [ref_C]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) update_dict = {'resource_limit': 11} self.patch( '/limits/%s' % r.result['limits'][0]['id'], body={'limit': update_dict}, token=self.system_admin_token, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_update_child_limit_with_default_parent(self): # If A is not set, the default value is 10 (from registered limit). @@ -1560,21 +1560,21 @@ class StrictTwoLevelLimitsTestCase(LimitsTestCase): '/limits', body={'limits': [ref_C]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) update_dict = {'resource_limit': 9} self.patch( '/limits/%s' % r.result['limits'][0]['id'], body={'limit': update_dict}, token=self.system_admin_token, - expected_status=http_client.OK) + expected_status=http.client.OK) update_dict = {'resource_limit': 11} self.patch( '/limits/%s' % r.result['limits'][0]['id'], body={'limit': update_dict}, token=self.system_admin_token, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_update_parent_limit(self): # Success to update A to 8 @@ -1600,19 +1600,19 @@ class StrictTwoLevelLimitsTestCase(LimitsTestCase): '/limits', body={'limits': [ref_A]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) self.post( '/limits', body={'limits': [ref_B, ref_C]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) update_dict = {'resource_limit': 8} self.patch( '/limits/%s' % r.result['limits'][0]['id'], body={'limit': update_dict}, token=self.system_admin_token, - expected_status=http_client.OK) + expected_status=http.client.OK) def test_update_parent_limit_break_hierarchical_tree(self): # Fail to update A to 6 @@ -1638,16 +1638,16 @@ class StrictTwoLevelLimitsTestCase(LimitsTestCase): '/limits', body={'limits': [ref_A]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) self.post( '/limits', body={'limits': [ref_B, ref_C]}, token=self.system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) update_dict = {'resource_limit': 6} self.patch( '/limits/%s' % r.result['limits'][0]['id'], body={'limit': update_dict}, token=self.system_admin_token, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) diff --git a/keystone/tests/unit/test_middleware.py b/keystone/tests/unit/test_middleware.py index 047d7d5e1f..4d7c06f7ea 100644 --- a/keystone/tests/unit/test_middleware.py +++ b/keystone/tests/unit/test_middleware.py @@ -17,8 +17,8 @@ import hashlib import uuid import fixtures +import http.client import mock -from six.moves import http_client import webtest from keystone.auth import core as auth_core @@ -46,7 +46,7 @@ class MiddlewareRequestTestBase(unit.TestCase): def _application(self): """A base wsgi application that returns a simple response.""" def app(environ, start_response): - # WSGI requires the body of the response to be six.binary_type + # WSGI requires the body of the response to be bytes body = uuid.uuid4().hex.encode('utf-8') resp_headers = [('Content-Type', 'text/html; charset=utf8'), ('Content-Length', str(len(body)))] @@ -88,7 +88,7 @@ class MiddlewareRequestTestBase(unit.TestCase): # by default the returned status when an uncaught exception is raised # for validation or caught errors this will likely be 400 - kwargs.setdefault('status', http_client.INTERNAL_SERVER_ERROR) # 500 + kwargs.setdefault('status', http.client.INTERNAL_SERVER_ERROR) # 500 app = _Failing(self._application()) resp = self._generate_app_response(app, *args, **kwargs) diff --git a/keystone/tests/unit/test_policy.py b/keystone/tests/unit/test_policy.py index a67e100905..b7f7d8761e 100644 --- a/keystone/tests/unit/test_policy.py +++ b/keystone/tests/unit/test_policy.py @@ -19,7 +19,6 @@ import uuid import mock from oslo_policy import policy as common_policy -import six from keystone.common import policies from keystone.common.rbac_enforcer import policy @@ -226,7 +225,7 @@ class PolicyJsonTestCase(unit.TestCase): if line.startswith('=='): break target, dummy, dummy = line.partition(' ') - yield six.text_type(target) + yield str(target) doc_targets = list(read_doc_targets()) self.assertItemsEqual(policy_keys, doc_targets + policy_rule_keys) diff --git a/keystone/tests/unit/test_token_provider.py b/keystone/tests/unit/test_token_provider.py index c6dbf3cfcd..f85e126af7 100644 --- a/keystone/tests/unit/test_token_provider.py +++ b/keystone/tests/unit/test_token_provider.py @@ -15,7 +15,7 @@ import datetime from oslo_utils import timeutils -from six.moves import urllib +import urllib from keystone.common import provider_api from keystone.common import utils diff --git a/keystone/tests/unit/test_v3.py b/keystone/tests/unit/test_v3.py index 6c3eaf3358..56ebf4a905 100644 --- a/keystone/tests/unit/test_v3.py +++ b/keystone/tests/unit/test_v3.py @@ -15,9 +15,9 @@ import datetime import uuid +import http.client import oslo_context.context from oslo_serialization import jsonutils -from six.moves import http_client from testtools import matchers import webtest @@ -442,7 +442,7 @@ class RestfulTestCase(unit.SQLDriverOverrides, rest.RestfulTestCase, r = self.v3_create_token(auth) return r.headers.get('X-Subject-Token') - def v3_create_token(self, auth, expected_status=http_client.CREATED): + def v3_create_token(self, auth, expected_status=http.client.CREATED): return self.admin_request(method='POST', path='/v3/auth/tokens', body=auth, @@ -471,29 +471,29 @@ class RestfulTestCase(unit.SQLDriverOverrides, rest.RestfulTestCase, return self.admin_request(path=path, token=token, **kwargs) - def get(self, path, expected_status=http_client.OK, **kwargs): + def get(self, path, expected_status=http.client.OK, **kwargs): return self.v3_request(path, method='GET', expected_status=expected_status, **kwargs) - def head(self, path, expected_status=http_client.NO_CONTENT, **kwargs): + def head(self, path, expected_status=http.client.NO_CONTENT, **kwargs): r = self.v3_request(path, method='HEAD', expected_status=expected_status, **kwargs) self.assertEqual(b'', r.body) return r - def post(self, path, expected_status=http_client.CREATED, **kwargs): + def post(self, path, expected_status=http.client.CREATED, **kwargs): return self.v3_request(path, method='POST', expected_status=expected_status, **kwargs) - def put(self, path, expected_status=http_client.NO_CONTENT, **kwargs): + def put(self, path, expected_status=http.client.NO_CONTENT, **kwargs): return self.v3_request(path, method='PUT', expected_status=expected_status, **kwargs) - def patch(self, path, expected_status=http_client.OK, **kwargs): + def patch(self, path, expected_status=http.client.OK, **kwargs): return self.v3_request(path, method='PATCH', expected_status=expected_status, **kwargs) - def delete(self, path, expected_status=http_client.NO_CONTENT, **kwargs): + def delete(self, path, expected_status=http.client.NO_CONTENT, **kwargs): return self.v3_request(path, method='DELETE', expected_status=expected_status, **kwargs) diff --git a/keystone/tests/unit/test_v3_application_credential.py b/keystone/tests/unit/test_v3_application_credential.py index 75591872e3..7fe02eb0b6 100644 --- a/keystone/tests/unit/test_v3_application_credential.py +++ b/keystone/tests/unit/test_v3_application_credential.py @@ -14,7 +14,7 @@ import datetime from testtools import matchers import uuid -from six.moves import http_client +import http.client from keystone.common import provider_api import keystone.conf @@ -61,7 +61,7 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): resp = c.post( '/v3/users/%s/application_credentials' % self.user_id, json=app_cred_body, - expected_status_code=http_client.CREATED, + expected_status_code=http.client.CREATED, headers={'X-Auth-Token': token}) # Create operation returns the secret self.assertIn('secret', resp.json['application_credential']) @@ -77,7 +77,7 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): resp = c.post( '/v3/users/%s/application_credentials' % self.user_id, json=app_cred_body, - expected_status_code=http_client.CREATED, + expected_status_code=http.client.CREATED, headers={'X-Auth-Token': token}) self.assertEqual(secret, resp.json['application_credential']['secret']) @@ -88,7 +88,7 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): resp = c.post( '/v3/users/%s/application_credentials' % self.user_id, json=app_cred_body, - expected_status_code=http_client.CREATED, + expected_status_code=http.client.CREATED, headers={'X-Auth-Token': token}) self.assertThat(resp.json['application_credential']['roles'], matchers.HasLength(1)) @@ -105,7 +105,7 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): token = self.get_scoped_token() c.post('/v3/users/%s/application_credentials' % wrong_user['id'], json=app_cred_body, - expected_status_code=http_client.FORBIDDEN, + expected_status_code=http.client.FORBIDDEN, headers={'X-Auth-Token': token}) def test_create_application_credential_bad_role(self): @@ -115,7 +115,7 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): token = self.get_scoped_token() c.post('/v3/users/%s/application_credentials' % self.user_id, json=app_cred_body, - expected_status_code=http_client.BAD_REQUEST, + expected_status_code=http.client.BAD_REQUEST, headers={'X-Auth-Token': token}) def test_create_application_credential_with_expiration(self): @@ -127,7 +127,7 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): token = self.get_scoped_token() c.post('/v3/users/%s/application_credentials' % self.user_id, json=app_cred_body, - expected_status_code=http_client.CREATED, + expected_status_code=http.client.CREATED, headers={'X-Auth-Token': token}) def test_create_application_credential_invalid_expiration_fmt(self): @@ -138,7 +138,7 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): token = self.get_scoped_token() c.post('/v3/users/%s/application_credentials' % self.user_id, json=app_cred_body, - expected_status_code=http_client.BAD_REQUEST, + expected_status_code=http.client.BAD_REQUEST, headers={'X-Auth-Token': token}) def test_create_application_credential_already_expired(self): @@ -149,7 +149,7 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): token = self.get_scoped_token() c.post('/v3/users/%s/application_credentials' % self.user_id, json=app_cred_body, - expected_status_code=http_client.BAD_REQUEST, + expected_status_code=http.client.BAD_REQUEST, headers={'X-Auth-Token': token}) def test_create_application_credential_with_application_credential(self): @@ -160,18 +160,18 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): app_cred_1 = c.post( '/v3/users/%s/application_credentials' % self.user_id, json=app_cred_body_1, - expected_status_code=http_client.CREATED, + expected_status_code=http.client.CREATED, headers={'X-Auth-Token': token}) auth_data = self.build_authentication_request( app_cred_id=app_cred_1.json['application_credential']['id'], secret=app_cred_1.json['application_credential']['secret']) token_data = self.v3_create_token( - auth_data, expected_status=http_client.CREATED) + auth_data, expected_status=http.client.CREATED) app_cred_body_2 = self._app_cred_body(roles=roles) token = token_data.headers['x-subject-token'] c.post('/v3/users/%s/application_credentials' % self.user_id, json=app_cred_body_2, - expected_status_code=http_client.FORBIDDEN, + expected_status_code=http.client.FORBIDDEN, headers={'X-Auth-Token': token}) def test_create_application_credential_allow_recursion(self): @@ -183,17 +183,17 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): app_cred_1 = c.post( '/v3/users/%s/application_credentials' % self.user_id, json=app_cred_body_1, - expected_status_code=http_client.CREATED, + expected_status_code=http.client.CREATED, headers={'X-Auth-Token': token}) auth_data = self.build_authentication_request( app_cred_id=app_cred_1.json['application_credential']['id'], secret=app_cred_1.json['application_credential']['secret']) token_data = self.v3_create_token( - auth_data, expected_status=http_client.CREATED) + auth_data, expected_status=http.client.CREATED) app_cred_body_2 = self._app_cred_body(roles=roles) c.post('/v3/users/%s/application_credentials' % self.user_id, json=app_cred_body_2, - expected_status_code=http_client.CREATED, + expected_status_code=http.client.CREATED, headers={ 'x-Auth-Token': token_data.headers['x-subject-token']}) @@ -214,7 +214,7 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): '/v3/users/%s/application_credentials' % self.user_id, headers={'X-Auth-Token': token}, json=app_cred_body, - expected_status_code=http_client.CREATED) + expected_status_code=http.client.CREATED) app_cred_id = resp.json['application_credential']['id'] resp_access_rules = ( resp.json['application_credential']['access_rules']) @@ -236,7 +236,7 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): c.delete('/v3/users/%s/access_rules/%s' % ( self.user_id, access_rule_id), headers={'X-Auth-Token': token}, - expected_status_code=http_client.FORBIDDEN) + expected_status_code=http.client.FORBIDDEN) c.delete('/v3/users/%s/application_credentials/%s' % ( self.user_id, app_cred_id), headers={'X-Auth-Token': token}) @@ -261,7 +261,7 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): '/v3/users/%s/application_credentials' % self.user_id, headers={'X-Auth-Token': token}, json=app_cred_body_1, - expected_status_code=http_client.CREATED) + expected_status_code=http.client.CREATED) resp_access_rules = resp.json['application_credential']['access_rules'] self.assertIn('id', resp_access_rules[0]) access_rule_id = resp_access_rules[0].pop('id') @@ -275,7 +275,7 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): '/v3/users/%s/application_credentials' % self.user_id, headers={'X-Auth-Token': token}, json=app_cred_body_2, - expected_status_code=http_client.CREATED) + expected_status_code=http.client.CREATED) resp_access_rules = resp.json['application_credential']['access_rules'] self.assertEqual(access_rule_id, resp_access_rules[0]['id']) @@ -296,7 +296,7 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): '/v3/users/%s/application_credentials' % self.user_id, headers={'X-Auth-Token': token}, json=app_cred_body_1, - expected_status_code=http_client.CREATED) + expected_status_code=http.client.CREATED) resp_access_rules = resp.json['application_credential']['access_rules'] access_rule_id = resp_access_rules self.assertIn('id', resp_access_rules[0]) @@ -312,7 +312,7 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): '/v3/users/%s/application_credentials' % self.user_id, headers={'X-Auth-Token': token}, json=app_cred_body_2, - expected_status_code=http_client.CREATED) + expected_status_code=http.client.CREATED) resp_access_rules = resp.json['application_credential']['access_rules'] self.assertEqual(access_rule_id, resp_access_rules[0]['id']) @@ -320,17 +320,17 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): with self.test_client() as c: token = self.get_scoped_token() resp = c.get('/v3/users/%s/application_credentials' % self.user_id, - expected_status_code=http_client.OK, + expected_status_code=http.client.OK, headers={'X-Auth-Token': token}) self.assertEqual([], resp.json['application_credentials']) roles = [{'id': self.role_id}] app_cred_body = self._app_cred_body(roles=roles) c.post('/v3/users/%s/application_credentials' % self.user_id, json=app_cred_body, - expected_status_code=http_client.CREATED, + expected_status_code=http.client.CREATED, headers={'X-Auth-Token': token}) resp = c.get('/v3/users/%s/application_credentials' % self.user_id, - expected_status_code=http_client.OK, + expected_status_code=http.client.OK, headers={'X-Auth-Token': token}) self.assertEqual(1, len(resp.json['application_credentials'])) self.assertNotIn('secret', resp.json['application_credentials'][0]) @@ -339,10 +339,10 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): app_cred_body['application_credential']['name'] = 'two' c.post('/v3/users/%s/application_credentials' % self.user_id, json=app_cred_body, - expected_status_code=http_client.CREATED, + expected_status_code=http.client.CREATED, headers={'X-Auth-Token': token}) resp = c.get('/v3/users/%s/application_credentials' % self.user_id, - expected_status_code=http_client.OK, + expected_status_code=http.client.OK, headers={'X-Auth-Token': token}) self.assertEqual(2, len(resp.json['application_credentials'])) for ac in resp.json['application_credentials']: @@ -359,15 +359,15 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): 'name=%(name)s') % {'user_id': self.user_id, 'name': name} resp = c.get(search_path, - expected_status_code=http_client.OK, + expected_status_code=http.client.OK, headers={'X-Auth-Token': token}) self.assertEqual([], resp.json['application_credentials']) resp = c.post( '/v3/users/%s/application_credentials' % self.user_id, json=app_cred_body, - expected_status_code=http_client.CREATED, + expected_status_code=http.client.CREATED, headers={'X-Auth-Token': token}) - resp = c.get(search_path, expected_status_code=http_client.OK, + resp = c.get(search_path, expected_status_code=http.client.OK, headers={'X-Auth-Token': token}) self.assertEqual(1, len(resp.json['application_credentials'])) self.assertNotIn('secret', resp.json['application_credentials'][0]) @@ -376,9 +376,9 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): app_cred_body['application_credential']['name'] = 'two' c.post('/v3/users/%s/application_credentials' % self.user_id, json=app_cred_body, - expected_status_code=http_client.CREATED, + expected_status_code=http.client.CREATED, headers={'X-Auth-Token': token}) - resp = c.get(search_path, expected_status_code=http_client.OK, + resp = c.get(search_path, expected_status_code=http.client.OK, headers={'X-Auth-Token': token}) self.assertEqual(1, len(resp.json['application_credentials'])) self.assertEqual(resp.json['application_credentials'][0]['name'], @@ -392,18 +392,18 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): resp = c.post( '/v3/users/%s/application_credentials' % self.user_id, json=app_cred_body, - expected_status_code=http_client.CREATED, + expected_status_code=http.client.CREATED, headers={'X-Auth-Token': token}) app_cred_id = resp.json['application_credential']['id'] c.head('/v3%s' % MEMBER_PATH_FMT % {'user_id': self.user_id, 'app_cred_id': app_cred_id}, - expected_status_code=http_client.OK, + expected_status_code=http.client.OK, headers={'X-Auth-Token': token}) expected_response = resp.json expected_response['application_credential'].pop('secret') resp = c.get('/v3%s' % MEMBER_PATH_FMT % {'user_id': self.user_id, 'app_cred_id': app_cred_id}, - expected_status_code=http_client.OK, + expected_status_code=http.client.OK, headers={'X-Auth-Token': token}) self.assertDictEqual(resp.json, expected_response) @@ -412,11 +412,11 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): token = self.get_scoped_token() c.head('/v3%s' % MEMBER_PATH_FMT % {'user_id': self.user_id, 'app_cred_id': uuid.uuid4().hex}, - expected_status_code=http_client.NOT_FOUND, + expected_status_code=http.client.NOT_FOUND, headers={'X-Auth-Token': token}) c.get('/v3%s' % MEMBER_PATH_FMT % {'user_id': self.user_id, 'app_cred_id': uuid.uuid4().hex}, - expected_status_code=http_client.NOT_FOUND, + expected_status_code=http.client.NOT_FOUND, headers={'X-Auth-Token': token}) def test_delete_application_credential(self): @@ -427,12 +427,12 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): resp = c.post( '/v3/users/%s/application_credentials' % self.user_id, json=app_cred_body, - expected_status_code=http_client.CREATED, + expected_status_code=http.client.CREATED, headers={'X-Auth-Token': token}) app_cred_id = resp.json['application_credential']['id'] c.delete('/v3%s' % MEMBER_PATH_FMT % {'user_id': self.user_id, 'app_cred_id': app_cred_id}, - expected_status_code=http_client.NO_CONTENT, + expected_status_code=http.client.NO_CONTENT, headers={'X-Auth-Token': token}) def test_delete_application_credential_not_found(self): @@ -440,7 +440,7 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): token = self.get_scoped_token() c.delete('/v3%s' % MEMBER_PATH_FMT % {'user_id': self.user_id, 'app_cred_id': uuid.uuid4().hex}, - expected_status_code=http_client.NOT_FOUND, + expected_status_code=http.client.NOT_FOUND, headers={'X-Auth-Token': token}) def test_delete_application_credential_with_application_credential(self): @@ -451,20 +451,20 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): app_cred = c.post( '/v3/users/%s/application_credentials' % self.user_id, json=app_cred_body, - expected_status_code=http_client.CREATED, + expected_status_code=http.client.CREATED, headers={'X-Auth-Token': token}) auth_data = self.build_authentication_request( app_cred_id=app_cred.json['application_credential']['id'], secret=app_cred.json['application_credential']['secret']) token_data = self.v3_create_token( - auth_data, expected_status=http_client.CREATED) + auth_data, expected_status=http.client.CREATED) member_path = '/v3%s' % MEMBER_PATH_FMT % { 'user_id': self.user_id, 'app_cred_id': app_cred.json['application_credential']['id']} token = token_data.headers['x-subject-token'] c.delete(member_path, json=app_cred_body, - expected_status_code=http_client.FORBIDDEN, + expected_status_code=http.client.FORBIDDEN, headers={'X-Auth-Token': token}) def test_delete_application_credential_allow_recursion(self): @@ -476,19 +476,19 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): app_cred = c.post( '/v3/users/%s/application_credentials' % self.user_id, json=app_cred_body, - expected_status_code=http_client.CREATED, + expected_status_code=http.client.CREATED, headers={'X-Auth-Token': token}) auth_data = self.build_authentication_request( app_cred_id=app_cred.json['application_credential']['id'], secret=app_cred.json['application_credential']['secret']) token_data = self.v3_create_token( - auth_data, expected_status=http_client.CREATED) + auth_data, expected_status=http.client.CREATED) member_path = '/v3%s' % MEMBER_PATH_FMT % { 'user_id': self.user_id, 'app_cred_id': app_cred.json['application_credential']['id']} c.delete(member_path, json=app_cred_body, - expected_status_code=http_client.NO_CONTENT, + expected_status_code=http.client.NO_CONTENT, headers={ 'x-Auth-Token': token_data.headers['x-subject-token'] }) @@ -501,7 +501,7 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): resp = c.post( '/v3/users/%s/application_credentials' % self.user_id, json=app_cred_body, - expected_status_code=http_client.CREATED, + expected_status_code=http.client.CREATED, headers={'X-Auth-Token': token}) # Application credentials are immutable app_cred_body['application_credential'][ @@ -515,5 +515,5 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): 'app_cred_id': app_cred_id} c.patch(member_path, json=app_cred_body, - expected_status_code=http_client.METHOD_NOT_ALLOWED, + expected_status_code=http.client.METHOD_NOT_ALLOWED, headers={'X-Auth-Token': token}) diff --git a/keystone/tests/unit/test_v3_assignment.py b/keystone/tests/unit/test_v3_assignment.py index b6844cc772..809802db75 100644 --- a/keystone/tests/unit/test_v3_assignment.py +++ b/keystone/tests/unit/test_v3_assignment.py @@ -15,8 +15,7 @@ import random import uuid import freezegun -from six.moves import http_client -from six.moves import range +import http.client from testtools import matchers from keystone.common import provider_api @@ -88,7 +87,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, def test_create_role_bad_request(self): """Call ``POST /roles``.""" self.post('/roles', body={'role': {}}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_list_head_roles(self): """Call ``GET & HEAD /roles``.""" @@ -96,7 +95,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, r = self.get(resource_url) self.assertValidRoleListResponse(r, ref=self.role, resource_url=resource_url) - self.head(resource_url, expected_status=http_client.OK) + self.head(resource_url, expected_status=http.client.OK) def test_get_head_role(self): """Call ``GET & HEAD /roles/{role_id}``.""" @@ -104,7 +103,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, 'role_id': self.role_id} r = self.get(resource_url) self.assertValidRoleResponse(r, self.role) - self.head(resource_url, expected_status=http_client.OK) + self.head(resource_url, expected_status=http.client.OK) def test_update_role(self): """Call ``PATCH /roles/{role_id}``.""" @@ -141,18 +140,18 @@ class AssignmentTestCase(test_v3.RestfulTestCase, self.put(member_url) self.head(member_url) - self.get(member_url, expected_status=http_client.NO_CONTENT) + self.get(member_url, expected_status=http.client.NO_CONTENT) r = self.get(collection_url) self.assertValidRoleListResponse(r, ref=role, resource_url=collection_url, expected_length=2) - self.head(collection_url, expected_status=http_client.OK) + self.head(collection_url, expected_status=http.client.OK) self.delete(member_url) r = self.get(collection_url) self.assertValidRoleListResponse(r, ref=self.role, expected_length=1) self.assertIn(collection_url, r.result['links']['self']) - self.head(collection_url, expected_status=http_client.OK) + self.head(collection_url, expected_status=http.client.OK) def test_crud_user_project_role_grants_no_user(self): """Grant role on a project to a user that doesn't exist. @@ -170,9 +169,9 @@ class AssignmentTestCase(test_v3.RestfulTestCase, 'collection_url': collection_url, 'role_id': self.role_id} - self.put(member_url, expected_status=http_client.NOT_FOUND) - self.head(member_url, expected_status=http_client.NOT_FOUND) - self.get(member_url, expected_status=http_client.NOT_FOUND) + self.put(member_url, expected_status=http.client.NOT_FOUND) + self.head(member_url, expected_status=http.client.NOT_FOUND) + self.get(member_url, expected_status=http.client.NOT_FOUND) def test_crud_user_domain_role_grants(self): time = datetime.datetime.utcnow() @@ -187,11 +186,11 @@ class AssignmentTestCase(test_v3.RestfulTestCase, self.put(member_url) self.head(member_url) - self.get(member_url, expected_status=http_client.NO_CONTENT) + self.get(member_url, expected_status=http.client.NO_CONTENT) r = self.get(collection_url) self.assertValidRoleListResponse(r, ref=self.role, resource_url=collection_url) - self.head(collection_url, expected_status=http_client.OK) + self.head(collection_url, expected_status=http.client.OK) self.delete(member_url) # NOTE(lbragstad): Make sure we wait a second before we ask for the @@ -202,7 +201,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, r = self.get(collection_url) self.assertValidRoleListResponse(r, expected_length=0, resource_url=collection_url) - self.head(collection_url, expected_status=http_client.OK) + self.head(collection_url, expected_status=http.client.OK) def test_crud_user_domain_role_grants_no_user(self): """Grant role on a domain to a user that doesn't exist. @@ -220,9 +219,9 @@ class AssignmentTestCase(test_v3.RestfulTestCase, 'collection_url': collection_url, 'role_id': self.role_id} - self.put(member_url, expected_status=http_client.NOT_FOUND) - self.head(member_url, expected_status=http_client.NOT_FOUND) - self.get(member_url, expected_status=http_client.NOT_FOUND) + self.put(member_url, expected_status=http.client.NOT_FOUND) + self.head(member_url, expected_status=http.client.NOT_FOUND) + self.get(member_url, expected_status=http.client.NOT_FOUND) def test_crud_group_project_role_grants(self): time = datetime.datetime.utcnow() @@ -237,11 +236,11 @@ class AssignmentTestCase(test_v3.RestfulTestCase, self.put(member_url) self.head(member_url) - self.get(member_url, expected_status=http_client.NO_CONTENT) + self.get(member_url, expected_status=http.client.NO_CONTENT) r = self.get(collection_url) self.assertValidRoleListResponse(r, ref=self.role, resource_url=collection_url) - self.head(collection_url, expected_status=http_client.OK) + self.head(collection_url, expected_status=http.client.OK) self.delete(member_url) # NOTE(lbragstad): Make sure we wait a second before we ask for the @@ -252,7 +251,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, r = self.get(collection_url) self.assertValidRoleListResponse(r, expected_length=0, resource_url=collection_url) - self.head(collection_url, expected_status=http_client.OK) + self.head(collection_url, expected_status=http.client.OK) def test_crud_group_project_role_grants_no_group(self): """Grant role on a project to a group that doesn't exist. @@ -271,9 +270,9 @@ class AssignmentTestCase(test_v3.RestfulTestCase, 'collection_url': collection_url, 'role_id': self.role_id} - self.put(member_url, expected_status=http_client.NOT_FOUND) - self.head(member_url, expected_status=http_client.NOT_FOUND) - self.get(member_url, expected_status=http_client.NOT_FOUND) + self.put(member_url, expected_status=http.client.NOT_FOUND) + self.head(member_url, expected_status=http.client.NOT_FOUND) + self.get(member_url, expected_status=http.client.NOT_FOUND) def test_crud_group_domain_role_grants(self): time = datetime.datetime.utcnow() @@ -288,11 +287,11 @@ class AssignmentTestCase(test_v3.RestfulTestCase, self.put(member_url) self.head(member_url) - self.get(member_url, expected_status=http_client.NO_CONTENT) + self.get(member_url, expected_status=http.client.NO_CONTENT) r = self.get(collection_url) self.assertValidRoleListResponse(r, ref=self.role, resource_url=collection_url) - self.head(collection_url, expected_status=http_client.OK) + self.head(collection_url, expected_status=http.client.OK) self.delete(member_url) # NOTE(lbragstad): Make sure we wait a second before we ask for the @@ -303,7 +302,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, r = self.get(collection_url) self.assertValidRoleListResponse(r, expected_length=0, resource_url=collection_url) - self.head(collection_url, expected_status=http_client.OK) + self.head(collection_url, expected_status=http.client.OK) def test_crud_group_domain_role_grants_no_group(self): """Grant role on a domain to a group that doesn't exist. @@ -322,9 +321,9 @@ class AssignmentTestCase(test_v3.RestfulTestCase, 'collection_url': collection_url, 'role_id': self.role_id} - self.put(member_url, expected_status=http_client.NOT_FOUND) - self.head(member_url, expected_status=http_client.NOT_FOUND) - self.get(member_url, expected_status=http_client.NOT_FOUND) + self.put(member_url, expected_status=http.client.NOT_FOUND) + self.head(member_url, expected_status=http.client.NOT_FOUND) + self.get(member_url, expected_status=http.client.NOT_FOUND) def _create_new_user_and_assign_role_on_project(self): """Create a new user and assign user a role on a project.""" @@ -342,7 +341,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, self.put(member_url) # Check the user has the role assigned self.head(member_url) - self.get(member_url, expected_status=http_client.NO_CONTENT) + self.get(member_url, expected_status=http.client.NO_CONTENT) return member_url, user_ref def test_delete_user_before_removing_role_assignment_succeeds(self): @@ -353,7 +352,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, # Clean up the role assignment self.delete(member_url) # Make sure the role is gone - self.head(member_url, expected_status=http_client.NOT_FOUND) + self.head(member_url, expected_status=http.client.NOT_FOUND) def test_delete_group_before_removing_role_assignment_succeeds(self): # Disable the cache so that we perform a fresh check of the identity @@ -376,7 +375,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, # Check the user has the role assigned self.head(member_url) - self.get(member_url, expected_status=http_client.NO_CONTENT) + self.get(member_url, expected_status=http.client.NO_CONTENT) # Simulate removing the group via LDAP by directly removing it from the # identity backend. @@ -417,7 +416,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, # We should get a 404 Not Found when looking for the user in the # identity backend because we're not performing a delete operation on # the role. - self.head(member_url, expected_status=http_client.NOT_FOUND) + self.head(member_url, expected_status=http.client.NOT_FOUND) def test_token_revoked_once_group_role_grant_revoked(self): """Test token invalid when direct & indirect role on user is revoked. @@ -451,7 +450,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, # validates the returned token; it should be valid. self.head('/auth/tokens', headers={'x-subject-token': token}, - expected_status=http_client.OK) + expected_status=http.client.OK) frozen_datetime.tick(delta=datetime.timedelta(seconds=1)) # revokes the grant from group on project. @@ -467,7 +466,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, frozen_datetime.tick(delta=datetime.timedelta(seconds=1)) # validates the same token again; it should not longer be valid. self.head('/auth/tokens', token=token, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_delete_group_before_removing_system_assignments_succeeds(self): system_role = self._create_new_role() @@ -511,7 +510,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, # check the grant that was just created self.head(member_url) - self.get(member_url, expected_status=http_client.NO_CONTENT) + self.get(member_url, expected_status=http.client.NO_CONTENT) resp = self.get(collection_url) self.assertValidRoleListResponse(resp, ref=self.role, resource_url=collection_url) @@ -542,7 +541,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, # check the grant that was just created self.head(member_url) - self.get(member_url, expected_status=http_client.NO_CONTENT) + self.get(member_url, expected_status=http.client.NO_CONTENT) resp = self.get(collection_url) self.assertValidRoleListResponse(resp, ref=self.role, resource_url=collection_url) @@ -573,7 +572,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, # check the grant that was just created self.head(member_url) - self.get(member_url, expected_status=http_client.NO_CONTENT) + self.get(member_url, expected_status=http.client.NO_CONTENT) resp = self.get(collection_url) self.assertValidRoleListResponse(resp, ref=self.role, resource_url=collection_url) @@ -604,7 +603,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, # check the grant that was just created self.head(member_url) - self.get(member_url, expected_status=http_client.NO_CONTENT) + self.get(member_url, expected_status=http.client.NO_CONTENT) resp = self.get(collection_url) self.assertValidRoleListResponse(resp, ref=self.role, resource_url=collection_url) @@ -659,7 +658,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, r = self.get(collection_url) self.assertValidRoleAssignmentListResponse( r, resource_url=collection_url) - self.head(collection_url, expected_status=http_client.OK) + self.head(collection_url, expected_status=http.client.OK) existing_assignments = len(r.result.get('role_assignments')) # Now add one of each of the four types of assignment, making sure @@ -675,7 +674,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, expected_length=existing_assignments + 1, resource_url=collection_url) self.assertRoleAssignmentInListResponse(r, gd_entity) - self.head(collection_url, expected_status=http_client.OK) + self.head(collection_url, expected_status=http.client.OK) ud_entity = self.build_role_assignment_entity( domain_id=self.domain_id, @@ -688,7 +687,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, expected_length=existing_assignments + 2, resource_url=collection_url) self.assertRoleAssignmentInListResponse(r, ud_entity) - self.head(collection_url, expected_status=http_client.OK) + self.head(collection_url, expected_status=http.client.OK) gp_entity = self.build_role_assignment_entity( project_id=self.project_id, group_id=self.group_id, @@ -700,7 +699,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, expected_length=existing_assignments + 3, resource_url=collection_url) self.assertRoleAssignmentInListResponse(r, gp_entity) - self.head(collection_url, expected_status=http_client.OK) + self.head(collection_url, expected_status=http.client.OK) up_entity = self.build_role_assignment_entity( project_id=self.project_id, user_id=user1['id'], @@ -712,7 +711,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, expected_length=existing_assignments + 4, resource_url=collection_url) self.assertRoleAssignmentInListResponse(r, up_entity) - self.head(collection_url, expected_status=http_client.OK) + self.head(collection_url, expected_status=http.client.OK) # Now delete the four we added and make sure they are removed # from the collection. @@ -731,7 +730,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, self.assertRoleAssignmentNotInListResponse(r, ud_entity) self.assertRoleAssignmentNotInListResponse(r, gp_entity) self.assertRoleAssignmentNotInListResponse(r, up_entity) - self.head(collection_url, expected_status=http_client.OK) + self.head(collection_url, expected_status=http.client.OK) def test_get_effective_role_assignments(self): """Call ``GET /role_assignments?effective``. @@ -825,8 +824,8 @@ class AssignmentTestCase(test_v3.RestfulTestCase, PROVIDERS.identity_api.add_user_to_group(user2['id'], self.group['id']) collection_url = '/role_assignments' - r = self.get(collection_url, expected_status=http_client.OK) - self.head(collection_url, expected_status=http_client.OK) + r = self.get(collection_url, expected_status=http.client.OK) + self.head(collection_url, expected_status=http.client.OK) self.assertValidRoleAssignmentListResponse(r, resource_url=collection_url) existing_assignments = len(r.result.get('role_assignments')) @@ -835,8 +834,8 @@ class AssignmentTestCase(test_v3.RestfulTestCase, group_id=self.group_id, role_id=self.role_id) self.put(gd_entity['links']['assignment']) - r = self.get(collection_url, expected_status=http_client.OK) - self.head(collection_url, expected_status=http_client.OK) + r = self.get(collection_url, expected_status=http.client.OK) + self.head(collection_url, expected_status=http.client.OK) self.assertValidRoleAssignmentListResponse( r, expected_length=existing_assignments + 1, @@ -848,8 +847,8 @@ class AssignmentTestCase(test_v3.RestfulTestCase, # should mean the group assignment is translated into the two # member user assignments collection_url = '/role_assignments?effective' - r = self.get(collection_url, expected_status=http_client.OK) - self.head(collection_url, expected_status=http_client.OK) + r = self.get(collection_url, expected_status=http.client.OK) + self.head(collection_url, expected_status=http.client.OK) self.assertValidRoleAssignmentListResponse( r, expected_length=existing_assignments + 2, @@ -857,8 +856,8 @@ class AssignmentTestCase(test_v3.RestfulTestCase, # Now set 'effective' to false explicitly - should get # back the regular roles collection_url = '/role_assignments?effective=0' - r = self.get(collection_url, expected_status=http_client.OK) - self.head(collection_url, expected_status=http_client.OK) + r = self.get(collection_url, expected_status=http.client.OK) + self.head(collection_url, expected_status=http.client.OK) self.assertValidRoleAssignmentListResponse( r, expected_length=existing_assignments + 1, @@ -868,16 +867,16 @@ class AssignmentTestCase(test_v3.RestfulTestCase, # parameter to false by design. Hence we should get back # effective roles. collection_url = '/role_assignments?effective=False' - r = self.get(collection_url, expected_status=http_client.OK) - self.head(collection_url, expected_status=http_client.OK) + r = self.get(collection_url, expected_status=http.client.OK) + self.head(collection_url, expected_status=http.client.OK) self.assertValidRoleAssignmentListResponse( r, expected_length=existing_assignments + 2, resource_url=collection_url) # Now set 'effective' to True explicitly collection_url = '/role_assignments?effective=True' - r = self.get(collection_url, expected_status=http_client.OK) - self.head(collection_url, expected_status=http_client.OK) + r = self.get(collection_url, expected_status=http.client.OK) + self.head(collection_url, expected_status=http.client.OK) self.assertValidRoleAssignmentListResponse( r, expected_length=existing_assignments + 2, @@ -964,8 +963,8 @@ class AssignmentTestCase(test_v3.RestfulTestCase, collection_url = ('/role_assignments?scope.project.id=%s' % project1['id']) - r = self.get(collection_url, expected_status=http_client.OK) - self.head(collection_url, expected_status=http_client.OK) + r = self.get(collection_url, expected_status=http.client.OK) + self.head(collection_url, expected_status=http.client.OK) self.assertValidRoleAssignmentListResponse(r, expected_length=2, resource_url=collection_url) @@ -974,8 +973,8 @@ class AssignmentTestCase(test_v3.RestfulTestCase, collection_url = ('/role_assignments?scope.domain.id=%s' % self.domain['id']) - r = self.get(collection_url, expected_status=http_client.OK) - self.head(collection_url, expected_status=http_client.OK) + r = self.get(collection_url, expected_status=http.client.OK) + self.head(collection_url, expected_status=http.client.OK) self.assertValidRoleAssignmentListResponse(r, expected_length=2, resource_url=collection_url) @@ -983,8 +982,8 @@ class AssignmentTestCase(test_v3.RestfulTestCase, self.assertRoleAssignmentInListResponse(r, gd_entity) collection_url = '/role_assignments?user.id=%s' % user1['id'] - r = self.get(collection_url, expected_status=http_client.OK) - self.head(collection_url, expected_status=http_client.OK) + r = self.get(collection_url, expected_status=http.client.OK) + self.head(collection_url, expected_status=http.client.OK) self.assertValidRoleAssignmentListResponse(r, expected_length=3, resource_url=collection_url) @@ -992,8 +991,8 @@ class AssignmentTestCase(test_v3.RestfulTestCase, self.assertRoleAssignmentInListResponse(r, ud_entity) collection_url = '/role_assignments?group.id=%s' % group1['id'] - r = self.get(collection_url, expected_status=http_client.OK) - self.head(collection_url, expected_status=http_client.OK) + r = self.get(collection_url, expected_status=http.client.OK) + self.head(collection_url, expected_status=http.client.OK) self.assertValidRoleAssignmentListResponse(r, expected_length=3, resource_url=collection_url) @@ -1001,8 +1000,8 @@ class AssignmentTestCase(test_v3.RestfulTestCase, self.assertRoleAssignmentInListResponse(r, gp_entity) collection_url = '/role_assignments?role.id=%s' % self.role1['id'] - r = self.get(collection_url, expected_status=http_client.OK) - self.head(collection_url, expected_status=http_client.OK) + r = self.get(collection_url, expected_status=http.client.OK) + self.head(collection_url, expected_status=http.client.OK) self.assertValidRoleAssignmentListResponse(r, expected_length=3, resource_url=collection_url) @@ -1011,8 +1010,8 @@ class AssignmentTestCase(test_v3.RestfulTestCase, self.assertRoleAssignmentInListResponse(r, gs_entity) collection_url = '/role_assignments?role.id=%s' % self.role2['id'] - r = self.get(collection_url, expected_status=http_client.OK) - self.head(collection_url, expected_status=http_client.OK) + r = self.get(collection_url, expected_status=http.client.OK) + self.head(collection_url, expected_status=http.client.OK) self.assertValidRoleAssignmentListResponse(r, expected_length=4, resource_url=collection_url) @@ -1027,8 +1026,8 @@ class AssignmentTestCase(test_v3.RestfulTestCase, '&scope.project.id=%(project_id)s' % { 'user_id': user1['id'], 'project_id': project1['id']}) - r = self.get(collection_url, expected_status=http_client.OK) - self.head(collection_url, expected_status=http_client.OK) + r = self.get(collection_url, expected_status=http.client.OK) + self.head(collection_url, expected_status=http.client.OK) self.assertValidRoleAssignmentListResponse(r, expected_length=1, resource_url=collection_url) @@ -1040,8 +1039,8 @@ class AssignmentTestCase(test_v3.RestfulTestCase, collection_url = ('/role_assignments?effective&user.id=%s' % user1['id']) - r = self.get(collection_url, expected_status=http_client.OK) - self.head(collection_url, expected_status=http_client.OK) + r = self.get(collection_url, expected_status=http.client.OK) + self.head(collection_url, expected_status=http.client.OK) self.assertValidRoleAssignmentListResponse(r, expected_length=4, resource_url=collection_url) @@ -1075,8 +1074,8 @@ class AssignmentTestCase(test_v3.RestfulTestCase, '&scope.project.id=%(project_id)s' % { 'user_id': user1['id'], 'project_id': project1['id']}) - r = self.get(collection_url, expected_status=http_client.OK) - self.head(collection_url, expected_status=http_client.OK) + r = self.get(collection_url, expected_status=http.client.OK) + self.head(collection_url, expected_status=http.client.OK) self.assertValidRoleAssignmentListResponse(r, expected_length=2, resource_url=collection_url) @@ -1279,7 +1278,7 @@ class RoleAssignmentBaseTestCase(test_v3.RestfulTestCase, self.default_user_id = self.user_ids[0] self.default_group_id = self.group_ids[0] - def get_role_assignments(self, expected_status=http_client.OK, **filters): + def get_role_assignments(self, expected_status=http.client.OK, **filters): """Return the result from querying role assignment API + queried URL. Calls GET /v3/role_assignments? and returns its result, where @@ -1323,22 +1322,22 @@ class RoleAssignmentFailureTestCase(RoleAssignmentBaseTestCase): def test_get_role_assignments_by_domain_and_project(self): self.get_role_assignments(domain_id=self.domain_id, project_id=self.project_id, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_get_role_assignments_by_user_and_group(self): self.get_role_assignments(user_id=self.default_user_id, group_id=self.default_group_id, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_get_role_assignments_by_effective_and_inherited(self): self.get_role_assignments(domain_id=self.domain_id, effective=True, inherited_to_projects=True, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_get_role_assignments_by_effective_and_group(self): self.get_role_assignments(effective=True, group_id=self.default_group_id, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) class RoleAssignmentDirectTestCase(RoleAssignmentBaseTestCase): @@ -1602,9 +1601,9 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, # Check the user cannot get a domain nor a project token self.v3_create_token(domain_auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) self.v3_create_token(project_auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) # Grant non-inherited role for user on domain non_inher_ud_link = self.build_role_assignment_link( @@ -1614,7 +1613,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, # Check the user can get only a domain token self.v3_create_token(domain_auth_data) self.v3_create_token(project_auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) # Create inherited role inherited_role = unit.new_role_ref(name='inherited') @@ -1636,14 +1635,14 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, # Check the user can only get a domain token self.v3_create_token(domain_auth_data) self.v3_create_token(project_auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) # Delete non-inherited grant self.delete(non_inher_ud_link) # Check the user cannot get a domain token anymore self.v3_create_token(domain_auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_get_token_from_inherited_group_domain_role_grants(self): # Create a new group and put a new user in it to @@ -1668,9 +1667,9 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, # Check the user cannot get a domain nor a project token self.v3_create_token(domain_auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) self.v3_create_token(project_auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) # Grant non-inherited role for user on domain non_inher_gd_link = self.build_role_assignment_link( @@ -1680,7 +1679,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, # Check the user can get only a domain token self.v3_create_token(domain_auth_data) self.v3_create_token(project_auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) # Create inherited role inherited_role = unit.new_role_ref(name='inherited') @@ -1702,14 +1701,14 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, # Check the user can only get a domain token self.v3_create_token(domain_auth_data) self.v3_create_token(project_auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) # Delete non-inherited grant self.delete(non_inher_gd_link) # Check the user cannot get a domain token anymore self.v3_create_token(domain_auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def _test_crud_inherited_and_direct_assignment_on_target(self, target_url): time = datetime.datetime.utcnow() @@ -1729,7 +1728,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, # Check the direct assignment exists, but the inherited one does # not self.head(direct_url) - self.head(inherited_url, expected_status=http_client.NOT_FOUND) + self.head(inherited_url, expected_status=http.client.NOT_FOUND) # Now add the inherited assignment self.put(inherited_url) @@ -1743,13 +1742,13 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, # Check the direct assignment exists, but the inherited one does # not self.head(direct_url) - self.head(inherited_url, expected_status=http_client.NOT_FOUND) + self.head(inherited_url, expected_status=http.client.NOT_FOUND) # Now delete the inherited assignment self.delete(direct_url) # Check that none of them exist - self.head(direct_url, expected_status=http_client.NOT_FOUND) - self.head(inherited_url, expected_status=http_client.NOT_FOUND) + self.head(direct_url, expected_status=http.client.NOT_FOUND) + self.head(inherited_url, expected_status=http.client.NOT_FOUND) def test_crud_inherited_and_direct_assignment_on_domains(self): self._test_crud_inherited_and_direct_assignment_on_target( @@ -1784,7 +1783,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, # Check we can read it back self.head(member_url) - self.get(member_url, expected_status=http_client.NO_CONTENT) + self.get(member_url, expected_status=http.client.NO_CONTENT) r = self.get(collection_url) self.assertValidRoleListResponse(r, ref=role_list[0], resource_url=collection_url) @@ -1846,7 +1845,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, self.put(member_url) self.head(member_url) - self.get(member_url, expected_status=http_client.NO_CONTENT) + self.get(member_url, expected_status=http.client.NO_CONTENT) r = self.get(collection_url) self.assertValidRoleListResponse(r, ref=role_list[3], resource_url=collection_url) @@ -1952,10 +1951,10 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, 'role_id': role1['id']}) rs_role = self.get(collection_url_role) # Make sure all entities were created successfully - self.assertEqual(http_client.OK, rs_domain.status_int) - self.assertEqual(http_client.OK, rs_project.status_int) - self.assertEqual(http_client.OK, rs_group.status_int) - self.assertEqual(http_client.OK, rs_user.status_int) + self.assertEqual(http.client.OK, rs_domain.status_int) + self.assertEqual(http.client.OK, rs_project.status_int) + self.assertEqual(http.client.OK, rs_group.status_int) + self.assertEqual(http.client.OK, rs_user.status_int) # Make sure we can get back the correct number of entities self.assertValidRoleAssignmentListResponse( rs_domain, @@ -2151,7 +2150,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, self.put(member_url) self.head(member_url) - self.get(member_url, expected_status=http_client.NO_CONTENT) + self.get(member_url, expected_status=http.client.NO_CONTENT) r = self.get(collection_url) self.assertValidRoleListResponse(r, ref=role_list[3], resource_url=collection_url) @@ -2241,7 +2240,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, self.put(member_url) self.head(member_url) - self.get(member_url, expected_status=http_client.NO_CONTENT) + self.get(member_url, expected_status=http.client.NO_CONTENT) r = self.get(collection_url) self.assertValidRoleListResponse(r, ref=role_list[3], resource_url=collection_url) @@ -2335,7 +2334,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, self.put(member_url) self.head(member_url) - self.get(member_url, expected_status=http_client.NO_CONTENT) + self.get(member_url, expected_status=http.client.NO_CONTENT) r = self.get(collection_url) self.assertValidRoleListResponse(r, ref=role_list[3], resource_url=collection_url) @@ -2351,7 +2350,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, self.put(member_url) self.head(member_url) - self.get(member_url, expected_status=http_client.NO_CONTENT) + self.get(member_url, expected_status=http.client.NO_CONTENT) r = self.get(collection_url) self.assertValidRoleListResponse(r, ref=role_list[4], resource_url=collection_url) @@ -2416,9 +2415,9 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, # Check the user cannot get a token on root nor leaf project self.v3_create_token(root_project_auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) self.v3_create_token(leaf_project_auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) # Grant non-inherited role for user on leaf project non_inher_up_link = self.build_role_assignment_link( @@ -2428,7 +2427,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, # Check the user can only get a token on leaf project self.v3_create_token(root_project_auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) self.v3_create_token(leaf_project_auth_data) # Grant inherited role for user on root project @@ -2439,7 +2438,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, # Check the user still can get a token only on leaf project self.v3_create_token(root_project_auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) self.v3_create_token(leaf_project_auth_data) # Delete non-inherited grant @@ -2447,7 +2446,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, # Check the inherited role still applies for leaf project self.v3_create_token(root_project_auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) self.v3_create_token(leaf_project_auth_data) # Delete inherited grant @@ -2455,7 +2454,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, # Check the user cannot get a token on leaf project anymore self.v3_create_token(leaf_project_auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_get_token_from_inherited_group_project_role_grants(self): # Create default scenario @@ -2479,9 +2478,9 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, # Check the user cannot get a token on root nor leaf project self.v3_create_token(root_project_auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) self.v3_create_token(leaf_project_auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) # Grant non-inherited role for group on leaf project non_inher_gp_link = self.build_role_assignment_link( @@ -2491,7 +2490,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, # Check the user can only get a token on leaf project self.v3_create_token(root_project_auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) self.v3_create_token(leaf_project_auth_data) # Grant inherited role for group on root project @@ -2502,7 +2501,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, # Check the user still can get a token only on leaf project self.v3_create_token(root_project_auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) self.v3_create_token(leaf_project_auth_data) # Delete no-inherited grant @@ -2516,7 +2515,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, # Check the user cannot get a token on leaf project anymore self.v3_create_token(leaf_project_auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_get_role_assignments_for_project_hierarchy(self): """Call ``GET /role_assignments``. @@ -2624,13 +2623,13 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, def test_project_id_specified_if_include_subtree_specified(self): """When using include_subtree, you must specify a project ID.""" r = self.get('/role_assignments?include_subtree=True', - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) error_msg = ("scope.project.id must be specified if include_subtree " "is also specified") self.assertEqual(error_msg, r.result['error']['message']) r = self.get('/role_assignments?scope.project.id&' 'include_subtree=True', - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) self.assertEqual(error_msg, r.result['error']['message']) def test_get_role_assignments_for_project_tree(self): @@ -2838,13 +2837,13 @@ class ImpliedRolesTests(test_v3.RestfulTestCase, test_v3.AssignmentTestMixin, self.prior = self._create_role() url = '/roles/%s/implies' % (self.prior['id']) response = self.get(url).json["role_inference"] - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) self.assertEqual(self.prior['id'], response['prior_role']['id']) self.assertEqual(0, len(response['implies'])) def _create_implied_role(self, prior, implied): self.put('/roles/%s/implies/%s' % (prior['id'], implied['id']), - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) def _delete_implied_role(self, prior, implied): self.delete('/roles/%s/implies/%s' % (prior['id'], implied['id'])) @@ -2907,7 +2906,7 @@ class ImpliedRolesTests(test_v3.RestfulTestCase, test_v3.AssignmentTestMixin, self.get('/roles/%s/implies/%s' % (self.prior['id'], self.implied2['id']), - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def _assert_two_rules_defined(self): r = self.get('/role_inferences/') @@ -3063,19 +3062,19 @@ class ImpliedRolesTests(test_v3.RestfulTestCase, test_v3.AssignmentTestMixin, url = '/roles/{prior_role_id}/implies/{implied_role_id}'.format( prior_role_id=prior_role['id'], implied_role_id=prohibited_role1['id']) - self.put(url, expected_status=http_client.FORBIDDEN) + self.put(url, expected_status=http.client.FORBIDDEN) prohibited_role2 = self._create_named_role(prohibited_name2) url = '/roles/{prior_role_id}/implies/{implied_role_id}'.format( prior_role_id=prior_role['id'], implied_role_id=prohibited_role2['id']) - self.put(url, expected_status=http_client.FORBIDDEN) + self.put(url, expected_status=http.client.FORBIDDEN) accepted_role1 = self._create_named_role(accepted_name1) url = '/roles/{prior_role_id}/implies/{implied_role_id}'.format( prior_role_id=prior_role['id'], implied_role_id=accepted_role1['id']) - self.put(url, expected_status=http_client.CREATED) + self.put(url, expected_status=http.client.CREATED) def test_trusts_from_implied_role(self): self._create_three_roles() @@ -3171,7 +3170,7 @@ class ImpliedRolesTests(test_v3.RestfulTestCase, test_v3.AssignmentTestMixin, self.put('/roles/%s/implies/%s' % (global_role['id'], domain_role['id']), - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) class DomainSpecificRoleTests(test_v3.RestfulTestCase, unit.TestCase): @@ -3239,7 +3238,7 @@ class DomainSpecificRoleTests(test_v3.RestfulTestCase, unit.TestCase): 'role_id': self.domainA_role1['id']}) self.get('/roles/%s' % self.domainA_role1['id'], - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) # Now re-list those in domainA, making sure there's only one left r = self.get('/roles?domain_id=%s' % self.domainA['id']) self.assertValidRoleListResponse(r, expected_length=1) @@ -3299,7 +3298,7 @@ class DomainSpecificRoleTests(test_v3.RestfulTestCase, unit.TestCase): # role in domainB self.put('/roles/%s/implies/%s' % (self.domainA_role1['id'], self.domainB_role['id']), - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) # A role in domainA can be assigned to a user from domainB # only for a project from domainA @@ -3320,7 +3319,7 @@ class DomainSpecificRoleTests(test_v3.RestfulTestCase, unit.TestCase): password=user['password'], project_id=projectA['id']) self.post('/auth/tokens', body=auth_body, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) class ListUserProjectsTestCase(test_v3.RestfulTestCase): @@ -3389,7 +3388,7 @@ class ListUserProjectsTestCase(test_v3.RestfulTestCase): projects_result = result.json['projects'] self.assertEqual(1, len(projects_result)) self.assertEqual(self.projects[i]['id'], projects_result[0]['id']) - self.head(url, auth=auth, expected_status=http_client.OK) + self.head(url, auth=auth, expected_status=http.client.OK) def test_list_enabled(self): for i in range(len(self.users)): @@ -3473,7 +3472,7 @@ class UserSystemRoleAssignmentTestCase(test_v3.RestfulTestCase, roles = self.get(collection_url).json_body['roles'] self.assertEqual(len(roles), 1) self.assertEqual(roles[0]['id'], system_role_id) - self.head(collection_url, expected_status=http_client.OK) + self.head(collection_url, expected_status=http.client.OK) response = self.get( '/role_assignments?scope.system=all&user.id=%(user_id)s' % { @@ -3662,7 +3661,7 @@ class UserSystemRoleAssignmentTestCase(test_v3.RestfulTestCase, 'user_id': self.user['id'], 'role_id': system_role_id } - self.head(member_url, expected_status=http_client.NOT_FOUND) + self.head(member_url, expected_status=http.client.NOT_FOUND) response = self.get( '/role_assignments?scope.system=all&user.id=%(user_id)s' % { @@ -3717,7 +3716,7 @@ class UserSystemRoleAssignmentTestCase(test_v3.RestfulTestCase, '/role_assignments?scope.system=all' '&scope.domain.id=%(domain_id)s' ) % {'domain_id': self.domain_id} - self.get(path, expected_status=http_client.BAD_REQUEST) + self.get(path, expected_status=http.client.BAD_REQUEST) def test_query_for_system_scope_and_project_scope_fails(self): # When asking for assignments and providing query parameters, we @@ -3727,7 +3726,7 @@ class UserSystemRoleAssignmentTestCase(test_v3.RestfulTestCase, '/role_assignments?scope.system=all' '&scope.project.id=%(project_id)s' ) % {'project_id': self.project_id} - self.get(path, expected_status=http_client.BAD_REQUEST) + self.get(path, expected_status=http.client.BAD_REQUEST) def test_query_for_role_id_does_not_return_system_user_roles(self): system_role_id = self._create_new_role() @@ -3777,7 +3776,7 @@ class GroupSystemRoleAssignmentTestCase(test_v3.RestfulTestCase, roles = self.get(collection_url).json_body['roles'] self.assertEqual(len(roles), 1) self.assertEqual(roles[0]['id'], system_role_id) - self.head(collection_url, expected_status=http_client.OK) + self.head(collection_url, expected_status=http.client.OK) response = self.get( '/role_assignments?scope.system=all&group.id=%(group_id)s' % { @@ -3799,7 +3798,7 @@ class GroupSystemRoleAssignmentTestCase(test_v3.RestfulTestCase, 'group_id': group_id, 'role_id': system_role_id } - self.put(member_url, expected_status=http_client.NOT_FOUND) + self.put(member_url, expected_status=http.client.NOT_FOUND) def test_list_role_assignments_for_group_returns_all_assignments(self): system_role_id = self._create_new_role() @@ -3970,7 +3969,7 @@ class GroupSystemRoleAssignmentTestCase(test_v3.RestfulTestCase, 'group_id': group['id'], 'role_id': system_role_id } - self.head(member_url, expected_status=http_client.NOT_FOUND) + self.head(member_url, expected_status=http.client.NOT_FOUND) response = self.get( '/role_assignments?scope.system=all&group.id=%(group_id)s' % { diff --git a/keystone/tests/unit/test_v3_auth.py b/keystone/tests/unit/test_v3_auth.py index d591180e85..028e3e6172 100644 --- a/keystone/tests/unit/test_v3_auth.py +++ b/keystone/tests/unit/test_v3_auth.py @@ -21,13 +21,11 @@ import re import uuid import freezegun +import http.client import mock from oslo_serialization import jsonutils as json from oslo_utils import fixture from oslo_utils import timeutils -import six -from six.moves import http_client -from six.moves import range from testtools import matchers from testtools import testcase @@ -162,7 +160,7 @@ class TestMFARules(test_v3.RestfulTestCase): password=self.user['password'], user_domain_id=self.domain_id, project_id=self.project_id), - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_MFA_multi_method_rules_requirements_not_met_fails(self): # if multiple rules are specified and only one is passed, @@ -181,7 +179,7 @@ class TestMFARules(test_v3.RestfulTestCase): password=self.user['password'], user_domain_id=self.domain_id, project_id=self.project_id), - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_MFA_rules_bogus_non_existing_auth_method_succeeds(self): # Bogus auth methods are thrown out from rules. @@ -279,7 +277,7 @@ class TestMFARules(test_v3.RestfulTestCase): password=self.user['password'], user_domain_id=self.domain_id, project_id=self.project_id), - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) self.assertIsNotNone( response.headers.get(authorization.AUTH_RECEIPT_HEADER)) @@ -313,7 +311,7 @@ class TestMFARules(test_v3.RestfulTestCase): project_id=self.project_id, passcode=totp._generate_totp_passcodes( totp_cred['blob'])[0]), - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) self.assertIsNotNone( response.headers.get(authorization.AUTH_RECEIPT_HEADER)) @@ -348,7 +346,7 @@ class TestMFARules(test_v3.RestfulTestCase): project_id=self.project_id, passcode=totp._generate_totp_passcodes( totp_cred['blob'])[0]), - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) self.assertIsNotNone( response.headers.get(authorization.AUTH_RECEIPT_HEADER)) @@ -389,7 +387,7 @@ class TestMFARules(test_v3.RestfulTestCase): password=self.user['password'], user_domain_id=self.domain_id, project_id=self.project_id), - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) self.assertIsNotNone( response.headers.get(authorization.AUTH_RECEIPT_HEADER)) @@ -422,7 +420,7 @@ class TestMFARules(test_v3.RestfulTestCase): password=self.user['password'], user_domain_id=self.domain_id, project_id=self.project_id), - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) self.assertIsNotNone( response.headers.get(authorization.AUTH_RECEIPT_HEADER)) @@ -460,7 +458,7 @@ class TestMFARules(test_v3.RestfulTestCase): user_id=self.user_id, user_domain_id=self.domain_id, project_id=self.project_id), - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) self.assertEqual(401, response.result['error']['code']) @@ -593,7 +591,7 @@ class TokenAPITests(object): return (trustee_user, trust) def _validate_token(self, token, - expected_status=http_client.OK, allow_expired=False): + expected_status=http.client.OK, allow_expired=False): path = '/v3/auth/tokens' if allow_expired: @@ -607,7 +605,7 @@ class TokenAPITests(object): expected_status=expected_status ) - def _revoke_token(self, token, expected_status=http_client.NO_CONTENT): + def _revoke_token(self, token, expected_status=http.client.NO_CONTENT): return self.delete( '/auth/tokens', headers={'x-subject-token': token}, @@ -650,7 +648,7 @@ class TokenAPITests(object): user_id=self.default_domain_user['id'], password=self.default_domain_user['password']) self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_create_token_for_user_without_password_fails(self): user = unit.new_user_ref(domain_id=self.domain['id']) @@ -662,7 +660,7 @@ class TokenAPITests(object): password='password') self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_create_unscoped_token_by_authenticating_with_unscoped_token(self): auth_data = self.build_authentication_request( @@ -715,7 +713,7 @@ class TokenAPITests(object): frozen_datetime.tick(delta=datetime.timedelta(seconds=15)) self._validate_token( unscoped_token, - expected_status=http_client.NOT_FOUND + expected_status=http.client.NOT_FOUND ) def test_revoke_unscoped_token(self): @@ -724,7 +722,7 @@ class TokenAPITests(object): self.assertValidUnscopedTokenResponse(r) self._revoke_token(unscoped_token) self._validate_token(unscoped_token, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_create_explicit_unscoped_token(self): self._create_project_and_set_as_default_project() @@ -790,7 +788,7 @@ class TokenAPITests(object): # Ensure validating a token for a disabled user fails self._validate_token( unscoped_token, - expected_status=http_client.NOT_FOUND + expected_status=http.client.NOT_FOUND ) def test_unscoped_token_is_invalid_after_enabling_disabled_user(self): @@ -803,14 +801,14 @@ class TokenAPITests(object): # Ensure validating a token for a disabled user fails self._validate_token( unscoped_token, - expected_status=http_client.NOT_FOUND + expected_status=http.client.NOT_FOUND ) # Enable the user self._set_user_enabled(self.user) # Ensure validating a token for a re-enabled user fails self._validate_token( unscoped_token, - expected_status=http_client.NOT_FOUND + expected_status=http.client.NOT_FOUND ) def test_unscoped_token_is_invalid_after_disabling_user_domain(self): @@ -824,7 +822,7 @@ class TokenAPITests(object): # Ensure validating a token for a disabled user fails self._validate_token( unscoped_token, - expected_status=http_client.NOT_FOUND + expected_status=http.client.NOT_FOUND ) def test_unscoped_token_is_invalid_after_changing_user_password(self): @@ -838,7 +836,7 @@ class TokenAPITests(object): # Ensure updating user's password revokes existing user's tokens self._validate_token( unscoped_token, - expected_status=http_client.NOT_FOUND + expected_status=http.client.NOT_FOUND ) def test_create_system_token_with_user_id(self): @@ -882,7 +880,7 @@ class TokenAPITests(object): ) self.v3_create_token( auth_request_body, - expected_status=http_client.UNAUTHORIZED + expected_status=http.client.UNAUTHORIZED ) def test_system_token_is_invalid_after_disabling_user(self): @@ -921,14 +919,14 @@ class TokenAPITests(object): headers={'X-Auth-Token': token, 'X-Subject-Token': token}, method='GET', - expected_status=http_client.UNAUTHORIZED + expected_status=http.client.UNAUTHORIZED ) self.admin_request( path='/v3/auth/tokens', headers={'X-Auth-Token': token, 'X-Subject-Token': token}, method='HEAD', - expected_status=http_client.UNAUTHORIZED + expected_status=http.client.UNAUTHORIZED ) def test_create_system_token_via_system_group_assignment(self): @@ -980,7 +978,7 @@ class TokenAPITests(object): token = response.headers.get('X-Subject-Token') self._validate_token(token) self._revoke_token(token) - self._validate_token(token, expected_status=http_client.NOT_FOUND) + self._validate_token(token, expected_status=http.client.NOT_FOUND) def test_system_token_is_invalid_after_deleting_system_role(self): ref = {'role': unit.new_role_ref()} @@ -1005,7 +1003,7 @@ class TokenAPITests(object): self._validate_token(token) self.delete('/roles/%(role_id)s' % {'role_id': system_role['id']}) - self._validate_token(token, expected_status=http_client.NOT_FOUND) + self._validate_token(token, expected_status=http.client.NOT_FOUND) def test_rescoping_a_system_token_for_a_project_token_fails(self): ref = {'role': unit.new_role_ref()} @@ -1031,7 +1029,7 @@ class TokenAPITests(object): token=system_token, project_id=self.project_id ) self.v3_create_token( - auth_request_body, expected_status=http_client.FORBIDDEN + auth_request_body, expected_status=http.client.FORBIDDEN ) def test_rescoping_a_system_token_for_a_domain_token_fails(self): @@ -1058,7 +1056,7 @@ class TokenAPITests(object): token=system_token, domain_id=CONF.identity.default_domain_id ) self.v3_create_token( - auth_request_body, expected_status=http_client.FORBIDDEN + auth_request_body, expected_status=http.client.FORBIDDEN ) def test_create_domain_token_scoped_with_domain_id_and_user_id(self): @@ -1198,7 +1196,7 @@ class TokenAPITests(object): self.config_fixture.config(group='resource', domain_name_url_safe='strict') self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_create_domain_token_without_grant_returns_unauthorized(self): auth_data = self.build_authentication_request( @@ -1207,7 +1205,7 @@ class TokenAPITests(object): domain_id=self.domain['id']) # this fails because the user does not have a role on self.domain self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_validate_domain_scoped_token(self): # Grant user access to domain @@ -1239,7 +1237,7 @@ class TokenAPITests(object): frozen_datetime.tick(delta=datetime.timedelta(seconds=15)) self._validate_token( domain_scoped_token, - expected_status=http_client.NOT_FOUND + expected_status=http.client.NOT_FOUND ) def test_domain_scoped_token_is_invalid_after_disabling_user(self): @@ -1257,7 +1255,7 @@ class TokenAPITests(object): # Ensure validating a token for a disabled user fails self._validate_token( domain_scoped_token, - expected_status=http_client.NOT_FOUND + expected_status=http.client.NOT_FOUND ) def test_domain_scoped_token_is_invalid_after_deleting_grant(self): @@ -1278,7 +1276,7 @@ class TokenAPITests(object): # Ensure validating a token for a disabled user fails self._validate_token( domain_scoped_token, - expected_status=http_client.NOT_FOUND + expected_status=http.client.NOT_FOUND ) def test_domain_scoped_token_invalid_after_disabling_domain(self): @@ -1297,7 +1295,7 @@ class TokenAPITests(object): # Ensure validating a token for a disabled domain fails self._validate_token( domain_scoped_token, - expected_status=http_client.NOT_FOUND + expected_status=http.client.NOT_FOUND ) def test_create_project_scoped_token_with_project_id_and_user_id(self): @@ -1324,7 +1322,7 @@ class TokenAPITests(object): frozen_datetime.tick(delta=datetime.timedelta(seconds=15)) self._validate_token( project_scoped_token, - expected_status=http_client.NOT_FOUND + expected_status=http.client.NOT_FOUND ) def test_revoke_project_scoped_token(self): @@ -1333,7 +1331,7 @@ class TokenAPITests(object): self.assertValidProjectScopedTokenResponse(r) self._revoke_token(project_scoped_token) self._validate_token(project_scoped_token, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_project_scoped_token_is_scoped_to_default_project(self): project = self._create_project_and_set_as_default_project() @@ -1455,7 +1453,7 @@ class TokenAPITests(object): password=self.user['password'], project_id=project['id']) self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_create_project_scoped_token_with_username_and_domain_id(self): auth_data = self.build_authentication_request( @@ -1510,7 +1508,7 @@ class TokenAPITests(object): self.config_fixture.config(group='resource', project_name_url_safe='strict') self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_create_project_scoped_token_fails_if_domain_name_unsafe(self): """Verify authenticate to a project using unsafe domain name fails.""" @@ -1552,7 +1550,7 @@ class TokenAPITests(object): self.config_fixture.config(group='resource', domain_name_url_safe='strict') self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_create_project_token_with_same_domain_and_project_name(self): """Authenticate to a project with the same name as its domain.""" @@ -1592,7 +1590,7 @@ class TokenAPITests(object): project_name=domain['name'], project_domain_name=domain['name']) self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_create_project_token_with_disabled_project_domain_fails(self): # create a disabled domain @@ -1619,7 +1617,7 @@ class TokenAPITests(object): password=self.user['password'], project_id=project['id']) self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) # user should not be able to auth with project_name & domain auth_data = self.build_authentication_request( @@ -1628,7 +1626,7 @@ class TokenAPITests(object): project_name=project['name'], project_domain_id=domain['id']) self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_create_project_token_with_default_domain_as_project(self): # Authenticate to a project with the default domain as project @@ -1637,7 +1635,7 @@ class TokenAPITests(object): password=self.user['password'], project_id=test_v3.DEFAULT_DOMAIN_ID) self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_project_scoped_token_is_invalid_after_disabling_user(self): project_scoped_token = self._get_project_scoped_token() @@ -1649,7 +1647,7 @@ class TokenAPITests(object): # Ensure validating a token for a disabled user fails self._validate_token( project_scoped_token, - expected_status=http_client.NOT_FOUND + expected_status=http.client.NOT_FOUND ) def test_project_scoped_token_invalid_after_changing_user_password(self): @@ -1663,7 +1661,7 @@ class TokenAPITests(object): # Ensure updating user's password revokes existing tokens self._validate_token( project_scoped_token, - expected_status=http_client.NOT_FOUND + expected_status=http.client.NOT_FOUND ) def test_project_scoped_token_invalid_after_disabling_project(self): @@ -1677,7 +1675,7 @@ class TokenAPITests(object): # Ensure validating a token for a disabled project fails self._validate_token( project_scoped_token, - expected_status=http_client.NOT_FOUND + expected_status=http.client.NOT_FOUND ) def test_project_scoped_token_is_invalid_after_deleting_grant(self): @@ -1703,7 +1701,7 @@ class TokenAPITests(object): # Ensure the token has been revoked self._validate_token( project_scoped_token, - expected_status=http_client.NOT_FOUND + expected_status=http.client.NOT_FOUND ) def test_no_access_to_default_project_result_in_unscoped_token(self): @@ -1743,7 +1741,7 @@ class TokenAPITests(object): frozen_datetime.tick(delta=datetime.timedelta(seconds=15)) self._validate_token( trust_scoped_token, - expected_status=http_client.NOT_FOUND + expected_status=http.client.NOT_FOUND ) def test_validate_a_trust_scoped_token_impersonated(self): @@ -1761,7 +1759,7 @@ class TokenAPITests(object): self.assertValidProjectScopedTokenResponse(r) self._revoke_token(trust_scoped_token) self._validate_token(trust_scoped_token, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_trust_scoped_token_is_invalid_after_disabling_trustee(self): trustee_user, trust = self._create_trust() @@ -1778,7 +1776,7 @@ class TokenAPITests(object): # Ensure validating a token for a disabled user fails self._validate_token( trust_scoped_token, - expected_status=http_client.NOT_FOUND + expected_status=http.client.NOT_FOUND ) def test_trust_token_is_invalid_when_trustee_domain_disabled(self): @@ -1830,7 +1828,7 @@ class TokenAPITests(object): # ensure the project-scoped token from the trust is invalid self._validate_token(trust_scoped_token, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_trust_scoped_token_invalid_after_changing_trustee_password(self): trustee_user, trust = self._create_trust() @@ -1846,7 +1844,7 @@ class TokenAPITests(object): # Ensure updating trustee's password revokes existing tokens self._validate_token( trust_scoped_token, - expected_status=http_client.NOT_FOUND + expected_status=http.client.NOT_FOUND ) def test_trust_scoped_token_is_invalid_after_disabling_trustor(self): @@ -1862,7 +1860,7 @@ class TokenAPITests(object): # Ensure validating a token for a disabled user fails self._validate_token( trust_scoped_token, - expected_status=http_client.NOT_FOUND + expected_status=http.client.NOT_FOUND ) def test_trust_scoped_token_invalid_after_changing_trustor_password(self): @@ -1878,7 +1876,7 @@ class TokenAPITests(object): # Ensure updating trustor's password revokes existing user's tokens self._validate_token( trust_scoped_token, - expected_status=http_client.NOT_FOUND + expected_status=http.client.NOT_FOUND ) def test_trust_scoped_token_invalid_after_disabled_trustor_domain(self): @@ -1897,7 +1895,7 @@ class TokenAPITests(object): # Ensure updating trustor's password revokes existing user's tokens self._validate_token( trust_scoped_token, - expected_status=http_client.NOT_FOUND + expected_status=http.client.NOT_FOUND ) def test_default_fixture_scope_token(self): @@ -1917,7 +1915,7 @@ class TokenAPITests(object): def test_check_token(self): self.head('/auth/tokens', headers=self.headers, - expected_status=http_client.OK) + expected_status=http.client.OK) def test_validate_token(self): r = self.get('/auth/tokens', headers=self.headers) @@ -1925,14 +1923,14 @@ class TokenAPITests(object): def test_validate_missing_subject_token(self): self.get('/auth/tokens', - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_validate_missing_auth_token(self): self.admin_request( method='GET', path='/v3/projects', token=None, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_validate_token_nocatalog(self): v3_token = self.get_requested_token(self.build_authentication_request( @@ -2023,7 +2021,7 @@ class TokenAPITests(object): def _create_implied_role(self, prior_id): implied = self._create_role() url = '/roles/%s/implies/%s' % (prior_id, implied['id']) - self.put(url, expected_status=http_client.CREATED) + self.put(url, expected_status=http.client.CREATED) return implied def _delete_implied_role(self, prior_role_id, implied_role_id): @@ -2209,7 +2207,7 @@ class TokenAPITests(object): unrelated = self._create_role() url = '/roles/%s/implies/%s' % (unrelated['id'], implied['id']) - self.put(url, expected_status=http_client.CREATED) + self.put(url, expected_status=http.client.CREATED) token_roles = self._get_scoped_token_roles() self.assertEqual(2, len(token_roles)) @@ -2268,14 +2266,14 @@ class TokenAPITests(object): # token validation should now result in 404 self.get('/auth/tokens', headers=headers, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_create_token_with_nonexistant_user_id_fails(self): auth_data = self.build_authentication_request( user_id=uuid.uuid4().hex, password=self.user['password']) self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_create_token_with_nonexistant_username_fails(self): auth_data = self.build_authentication_request( @@ -2283,7 +2281,7 @@ class TokenAPITests(object): user_domain_id=self.domain['id'], password=self.user['password']) self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_create_token_with_nonexistant_domain_id_fails(self): auth_data = self.build_authentication_request( @@ -2291,7 +2289,7 @@ class TokenAPITests(object): user_domain_id=uuid.uuid4().hex, password=self.user['password']) self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_create_token_with_nonexistant_domain_name_fails(self): auth_data = self.build_authentication_request( @@ -2299,14 +2297,14 @@ class TokenAPITests(object): user_domain_name=uuid.uuid4().hex, password=self.user['password']) self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_create_token_with_wrong_password_fails(self): auth_data = self.build_authentication_request( user_id=self.user['id'], password=uuid.uuid4().hex) self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_user_and_group_roles_scoped_token(self): """Test correct roles are returned in scoped token. @@ -2550,7 +2548,7 @@ class TokenAPITests(object): self.user['name'])) auth_request = self.build_authentication_request() c.post('/v3/auth/tokens', json=auth_request, - expected_status_code=http_client.UNAUTHORIZED) + expected_status_code=http.client.UNAUTHORIZED) def test_remote_user_and_password(self): # both REMOTE_USER and password methods must pass. @@ -2575,7 +2573,7 @@ class TokenAPITests(object): app = self.loadapp() with app.test_client() as c: c.post('/v3/auth/tokens', json=auth_data, - expected_status_code=http_client.UNAUTHORIZED) + expected_status_code=http.client.UNAUTHORIZED) def test_remote_user_bad_password(self): # both REMOTE_USER and password methods must pass. @@ -2586,7 +2584,7 @@ class TokenAPITests(object): password='badpassword') with app.test_client() as c: c.post('/v3/auth/tokens', json=auth_data, - expected_status_code=http_client.UNAUTHORIZED) + expected_status_code=http.client.UNAUTHORIZED) def test_fetch_expired_allow_expired(self): self.config_fixture.config(group='token', @@ -2602,7 +2600,7 @@ class TokenAPITests(object): # after passing expiry time validation fails frozen_datetime.tick(delta=datetime.timedelta(seconds=12)) - self._validate_token(token, expected_status=http_client.NOT_FOUND) + self._validate_token(token, expected_status=http.client.NOT_FOUND) # but if we pass allow_expired it validates self._validate_token(token, allow_expired=True) @@ -2612,7 +2610,7 @@ class TokenAPITests(object): frozen_datetime.tick(delta=datetime.timedelta(seconds=22)) self._validate_token(token, allow_expired=True, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_system_scoped_token_works_with_domain_specific_drivers(self): self.config_fixture.config( @@ -2673,7 +2671,7 @@ class TokenDataTests(object): r = self.get('/auth/tokens', headers=self.headers) # populate the response result with some extra data - r.result['token'][u'extra'] = six.text_type(uuid.uuid4().hex) + r.result['token'][u'extra'] = str(uuid.uuid4().hex) self.assertRaises(exception.SchemaValidationError, self.assertValidUnscopedTokenResponse, r) @@ -2695,7 +2693,7 @@ class TokenDataTests(object): r = self.get('/auth/tokens', headers=self.headers) # populate the response result with some extra data - r.result['token'][u'extra'] = six.text_type(uuid.uuid4().hex) + r.result['token'][u'extra'] = str(uuid.uuid4().hex) self.assertRaises(exception.SchemaValidationError, self.assertValidDomainScopedTokenResponse, r) @@ -2712,7 +2710,7 @@ class TokenDataTests(object): resp = self.get('/auth/tokens', headers=self.headers) # populate the response result with some extra data - resp.result['token'][u'extra'] = six.text_type(uuid.uuid4().hex) + resp.result['token'][u'extra'] = str(uuid.uuid4().hex) self.assertRaises(exception.SchemaValidationError, self.assertValidProjectScopedTokenResponse, resp) @@ -2730,7 +2728,7 @@ class AllowRescopeScopedTokenDisabledTests(test_v3.RestfulTestCase): self.build_authentication_request( token=self.get_scoped_token(), project_id=self.project_id), - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_rescoped_domain_token_disabled(self): @@ -2753,7 +2751,7 @@ class AllowRescopeScopedTokenDisabledTests(test_v3.RestfulTestCase): self.build_authentication_request( token=domain_scoped_token, project_id=self.project_id), - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) class TestFernetTokenAPIs(test_v3.RestfulTestCase, TokenAPITests, @@ -2784,14 +2782,14 @@ class TestFernetTokenAPIs(test_v3.RestfulTestCase, TokenAPITests, tampered_token = (unscoped_token[:50] + uuid.uuid4().hex + unscoped_token[50 + 32:]) self._validate_token(tampered_token, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_validate_tampered_project_scoped_token_fails(self): project_scoped_token = self._get_project_scoped_token() tampered_token = (project_scoped_token[:50] + uuid.uuid4().hex + project_scoped_token[50 + 32:]) self._validate_token(tampered_token, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_validate_tampered_trust_scoped_token_fails(self): trustee_user, trust = self._create_trust() @@ -2800,7 +2798,7 @@ class TestFernetTokenAPIs(test_v3.RestfulTestCase, TokenAPITests, tampered_token = (trust_scoped_token[:50] + uuid.uuid4().hex + trust_scoped_token[50 + 32:]) self._validate_token(tampered_token, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_trust_scoped_token_is_invalid_after_disabling_trustor(self): # NOTE(amakarov): have to override this test for non-persistent tokens @@ -2817,7 +2815,7 @@ class TestFernetTokenAPIs(test_v3.RestfulTestCase, TokenAPITests, # Ensure validating a token for a disabled user fails self._validate_token( trust_scoped_token, - expected_status=http_client.FORBIDDEN + expected_status=http.client.FORBIDDEN ) @@ -2842,14 +2840,14 @@ class TestJWSTokenAPIs(test_v3.RestfulTestCase, TokenAPITests, TokenDataTests): tampered_token = (unscoped_token[:50] + uuid.uuid4().hex + unscoped_token[50 + 32:]) self._validate_token(tampered_token, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_validate_tampered_project_scoped_token_fails(self): project_scoped_token = self._get_project_scoped_token() tampered_token = (project_scoped_token[:50] + uuid.uuid4().hex + project_scoped_token[50 + 32:]) self._validate_token(tampered_token, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_validate_tampered_trust_scoped_token_fails(self): trustee_user, trust = self._create_trust() @@ -2858,7 +2856,7 @@ class TestJWSTokenAPIs(test_v3.RestfulTestCase, TokenAPITests, TokenDataTests): tampered_token = (trust_scoped_token[:50] + uuid.uuid4().hex + trust_scoped_token[50 + 32:]) self._validate_token(tampered_token, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_trust_scoped_token_is_invalid_after_disabling_trustor(self): # NOTE(amakarov): have to override this test for non-persistent tokens @@ -2875,7 +2873,7 @@ class TestJWSTokenAPIs(test_v3.RestfulTestCase, TokenAPITests, TokenDataTests): # Ensure validating a token for a disabled user fails self._validate_token( trust_scoped_token, - expected_status=http_client.FORBIDDEN + expected_status=http.client.FORBIDDEN ) @@ -3004,10 +3002,10 @@ class TestTokenRevokeById(test_v3.RestfulTestCase): # confirm both tokens are valid self.head('/auth/tokens', headers={'X-Subject-Token': unscoped_token}, - expected_status=http_client.OK) + expected_status=http.client.OK) self.head('/auth/tokens', headers={'X-Subject-Token': scoped_token}, - expected_status=http_client.OK) + expected_status=http.client.OK) # create a new role role = unit.new_role_ref() @@ -3023,10 +3021,10 @@ class TestTokenRevokeById(test_v3.RestfulTestCase): # both tokens should remain valid self.head('/auth/tokens', headers={'X-Subject-Token': unscoped_token}, - expected_status=http_client.OK) + expected_status=http.client.OK) self.head('/auth/tokens', headers={'X-Subject-Token': scoped_token}, - expected_status=http_client.OK) + expected_status=http.client.OK) def test_deleting_user_grant_revokes_token(self): """Test deleting a user grant revokes token. @@ -3046,7 +3044,7 @@ class TestTokenRevokeById(test_v3.RestfulTestCase): # Confirm token is valid self.head('/auth/tokens', headers={'X-Subject-Token': token}, - expected_status=http_client.OK) + expected_status=http.client.OK) # Delete the grant, which should invalidate the token grant_url = ( '/projects/%(project_id)s/users/%(user_id)s/' @@ -3056,7 +3054,7 @@ class TestTokenRevokeById(test_v3.RestfulTestCase): 'role_id': self.role['id']}) self.delete(grant_url) self.head('/auth/tokens', token=token, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def role_data_fixtures(self): self.projectC = unit.new_project_ref(domain_id=self.domainA['id']) @@ -3146,19 +3144,19 @@ class TestTokenRevokeById(test_v3.RestfulTestCase): # Confirm tokens are valid self.head('/auth/tokens', headers={'X-Subject-Token': tokenA}, - expected_status=http_client.OK) + expected_status=http.client.OK) self.head('/auth/tokens', headers={'X-Subject-Token': tokenB}, - expected_status=http_client.OK) + expected_status=http.client.OK) self.head('/auth/tokens', headers={'X-Subject-Token': tokenC}, - expected_status=http_client.OK) + expected_status=http.client.OK) self.head('/auth/tokens', headers={'X-Subject-Token': tokenD}, - expected_status=http_client.OK) + expected_status=http.client.OK) self.head('/auth/tokens', headers={'X-Subject-Token': tokenE}, - expected_status=http_client.OK) + expected_status=http.client.OK) # Delete the role, which should invalidate the tokens role_url = '/roles/%s' % self.role1['id'] @@ -3167,21 +3165,21 @@ class TestTokenRevokeById(test_v3.RestfulTestCase): # Check the tokens that used role1 is invalid self.head('/auth/tokens', headers={'X-Subject-Token': tokenA}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) self.head('/auth/tokens', headers={'X-Subject-Token': tokenB}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) self.head('/auth/tokens', headers={'X-Subject-Token': tokenD}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) self.head('/auth/tokens', headers={'X-Subject-Token': tokenE}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) # ...but the one using role2 is still valid self.head('/auth/tokens', headers={'X-Subject-Token': tokenC}, - expected_status=http_client.OK) + expected_status=http.client.OK) def test_domain_user_role_assignment_maintains_token(self): """Test user-domain role assignment maintains existing token. @@ -3201,7 +3199,7 @@ class TestTokenRevokeById(test_v3.RestfulTestCase): # Confirm token is valid self.head('/auth/tokens', headers={'X-Subject-Token': token}, - expected_status=http_client.OK) + expected_status=http.client.OK) # Assign a role, which should not affect the token grant_url = ( '/domains/%(domain_id)s/users/%(user_id)s/' @@ -3212,7 +3210,7 @@ class TestTokenRevokeById(test_v3.RestfulTestCase): self.put(grant_url) self.head('/auth/tokens', headers={'X-Subject-Token': token}, - expected_status=http_client.OK) + expected_status=http.client.OK) def test_disabling_project_revokes_token(self): token = self.get_requested_token( @@ -3224,7 +3222,7 @@ class TestTokenRevokeById(test_v3.RestfulTestCase): # confirm token is valid self.head('/auth/tokens', headers={'X-Subject-Token': token}, - expected_status=http_client.OK) + expected_status=http.client.OK) # disable the project, which should invalidate the token self.patch( @@ -3234,13 +3232,13 @@ class TestTokenRevokeById(test_v3.RestfulTestCase): # user should no longer have access to the project self.head('/auth/tokens', headers={'X-Subject-Token': token}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) self.v3_create_token( self.build_authentication_request( user_id=self.user3['id'], password=self.user3['password'], project_id=self.projectA['id']), - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_deleting_project_revokes_token(self): token = self.get_requested_token( @@ -3252,7 +3250,7 @@ class TestTokenRevokeById(test_v3.RestfulTestCase): # confirm token is valid self.head('/auth/tokens', headers={'X-Subject-Token': token}, - expected_status=http_client.OK) + expected_status=http.client.OK) # delete the project, which should invalidate the token self.delete( @@ -3261,13 +3259,13 @@ class TestTokenRevokeById(test_v3.RestfulTestCase): # user should no longer have access to the project self.head('/auth/tokens', headers={'X-Subject-Token': token}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) self.v3_create_token( self.build_authentication_request( user_id=self.user3['id'], password=self.user3['password'], project_id=self.projectA['id']), - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_deleting_group_grant_revokes_tokens(self): """Test deleting a group grant revokes tokens. @@ -3301,13 +3299,13 @@ class TestTokenRevokeById(test_v3.RestfulTestCase): # Confirm tokens are valid self.head('/auth/tokens', headers={'X-Subject-Token': token1}, - expected_status=http_client.OK) + expected_status=http.client.OK) self.head('/auth/tokens', headers={'X-Subject-Token': token2}, - expected_status=http_client.OK) + expected_status=http.client.OK) self.head('/auth/tokens', headers={'X-Subject-Token': token3}, - expected_status=http_client.OK) + expected_status=http.client.OK) # Delete the group grant, which should invalidate the # tokens for user1 and user2 grant_url = ( @@ -3326,14 +3324,14 @@ class TestTokenRevokeById(test_v3.RestfulTestCase): user_id=self.user2['id'] ) self.head('/auth/tokens', token=token1, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) self.head('/auth/tokens', token=token2, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) # But user3's token should be invalid too as revocation is done for # scope role & project self.head('/auth/tokens', headers={'X-Subject-Token': token3}, - expected_status=http_client.OK) + expected_status=http.client.OK) def test_domain_group_role_assignment_maintains_token(self): """Test domain-group role assignment maintains existing token. @@ -3353,7 +3351,7 @@ class TestTokenRevokeById(test_v3.RestfulTestCase): # Confirm token is valid self.head('/auth/tokens', headers={'X-Subject-Token': token}, - expected_status=http_client.OK) + expected_status=http.client.OK) # Delete the grant, which should invalidate the token grant_url = ( '/domains/%(domain_id)s/groups/%(group_id)s/' @@ -3364,7 +3362,7 @@ class TestTokenRevokeById(test_v3.RestfulTestCase): self.put(grant_url) self.head('/auth/tokens', headers={'X-Subject-Token': token}, - expected_status=http_client.OK) + expected_status=http.client.OK) def test_group_membership_changes_revokes_token(self): """Test add/removal to/from group revokes token. @@ -3394,10 +3392,10 @@ class TestTokenRevokeById(test_v3.RestfulTestCase): # Confirm tokens are valid self.head('/auth/tokens', headers={'X-Subject-Token': token1}, - expected_status=http_client.OK) + expected_status=http.client.OK) self.head('/auth/tokens', headers={'X-Subject-Token': token2}, - expected_status=http_client.OK) + expected_status=http.client.OK) # Remove user1 from group1, which should invalidate # the token self.delete('/groups/%(group_id)s/users/%(user_id)s' % { @@ -3405,18 +3403,18 @@ class TestTokenRevokeById(test_v3.RestfulTestCase): 'user_id': self.user1['id']}) self.head('/auth/tokens', headers={'X-Subject-Token': token1}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) # But user2's token should still be valid self.head('/auth/tokens', headers={'X-Subject-Token': token2}, - expected_status=http_client.OK) + expected_status=http.client.OK) # Adding user2 to a group should not invalidate token self.put('/groups/%(group_id)s/users/%(user_id)s' % { 'group_id': self.group2['id'], 'user_id': self.user2['id']}) self.head('/auth/tokens', headers={'X-Subject-Token': token2}, - expected_status=http_client.OK) + expected_status=http.client.OK) def test_removing_role_assignment_does_not_affect_other_users(self): """Revoking a role from one user should not affect other users.""" @@ -3459,18 +3457,18 @@ class TestTokenRevokeById(test_v3.RestfulTestCase): # authorization for the first user should now fail self.head('/auth/tokens', headers={'X-Subject-Token': user1_token}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) self.v3_create_token( self.build_authentication_request( user_id=self.user1['id'], password=self.user1['password'], project_id=self.projectA['id']), - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) # authorization for the second user should still succeed self.head('/auth/tokens', headers={'X-Subject-Token': user3_token}, - expected_status=http_client.OK) + expected_status=http.client.OK) self.v3_create_token( self.build_authentication_request( user_id=self.user3['id'], @@ -3493,7 +3491,7 @@ class TestTokenRevokeById(test_v3.RestfulTestCase): '/projects/%(project_id)s' % {'project_id': self.projectA['id']}) # Make sure that we get a 404 Not Found when heading that role. - self.head(role_path, expected_status=http_client.NOT_FOUND) + self.head(role_path, expected_status=http.client.NOT_FOUND) def test_revoke_token_from_token(self): # Test that a scoped token can be requested from an unscoped token, @@ -3524,17 +3522,17 @@ class TestTokenRevokeById(test_v3.RestfulTestCase): # The project-scoped token is invalidated. self.head('/auth/tokens', headers={'X-Subject-Token': project_scoped_token}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) # The unscoped token should still be valid. self.head('/auth/tokens', headers={'X-Subject-Token': unscoped_token}, - expected_status=http_client.OK) + expected_status=http.client.OK) # The domain-scoped token should still be valid. self.head('/auth/tokens', headers={'X-Subject-Token': domain_scoped_token}, - expected_status=http_client.OK) + expected_status=http.client.OK) # revoke the domain-scoped token. self.delete('/auth/tokens', @@ -3543,12 +3541,12 @@ class TestTokenRevokeById(test_v3.RestfulTestCase): # The domain-scoped token is invalid. self.head('/auth/tokens', headers={'X-Subject-Token': domain_scoped_token}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) # The unscoped token should still be valid. self.head('/auth/tokens', headers={'X-Subject-Token': unscoped_token}, - expected_status=http_client.OK) + expected_status=http.client.OK) class TestTokenRevokeApi(TestTokenRevokeById): @@ -3601,18 +3599,18 @@ class TestTokenRevokeApi(TestTokenRevokeById): self.delete('/auth/tokens', headers=headers) self.head('/auth/tokens', headers=headers, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) events_response = self.get('/OS-REVOKE/events').json_body self.assertValidRevokedTokenResponse(events_response, audit_id=response['audit_ids'][0]) def test_get_revoke_by_id_false_returns_gone(self): self.get('/auth/tokens/OS-PKI/revoked', - expected_status=http_client.GONE) + expected_status=http.client.GONE) def test_head_revoke_by_id_false_returns_gone(self): self.head('/auth/tokens/OS-PKI/revoked', - expected_status=http_client.GONE) + expected_status=http.client.GONE) def test_revoke_by_id_true_returns_forbidden(self): self.config_fixture.config( @@ -3620,11 +3618,11 @@ class TestTokenRevokeApi(TestTokenRevokeById): revoke_by_id=True) self.get( '/auth/tokens/OS-PKI/revoked', - expected_status=http_client.FORBIDDEN + expected_status=http.client.FORBIDDEN ) self.head( '/auth/tokens/OS-PKI/revoked', - expected_status=http_client.FORBIDDEN + expected_status=http.client.FORBIDDEN ) def test_list_delete_project_shows_in_event_list(self): @@ -3679,11 +3677,11 @@ class TestTokenRevokeApi(TestTokenRevokeById): headers3 = {'X-Subject-Token': response.headers['X-Subject-Token']} self.head('/auth/tokens', headers=headers, - expected_status=http_client.OK) + expected_status=http.client.OK) self.head('/auth/tokens', headers=headers2, - expected_status=http_client.OK) + expected_status=http.client.OK) self.head('/auth/tokens', headers=headers3, - expected_status=http_client.OK) + expected_status=http.client.OK) self.delete('/auth/tokens', headers=headers) # NOTE(ayoung): not deleting token3, as it should be deleted @@ -3695,11 +3693,11 @@ class TestTokenRevokeApi(TestTokenRevokeById): events, audit_id=token2['audit_ids'][1]) self.head('/auth/tokens', headers=headers, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) self.head('/auth/tokens', headers=headers2, - expected_status=http_client.OK) + expected_status=http.client.OK) self.head('/auth/tokens', headers=headers3, - expected_status=http_client.OK) + expected_status=http.client.OK) def test_list_with_filter(self): @@ -3740,7 +3738,7 @@ class TestAuthExternalDisabled(test_v3.RestfulTestCase): remote_user)) auth_data = self.build_authentication_request() c.post('/v3/auth/tokens', json=auth_data, - expected_status_code=http_client.UNAUTHORIZED) + expected_status_code=http.client.UNAUTHORIZED) # FIXME(morgan): This test case must be re-worked to function under flask. It # has been commented out until it is re-worked ensuring no issues when webob @@ -3822,7 +3820,7 @@ class TestAuthJSONExternal(test_v3.RestfulTestCase): self.default_domain_user['name'])) auth_data = self.build_authentication_request() c.post('/v3/auth/tokens', json=auth_data, - expected_status_code=http_client.UNAUTHORIZED) + expected_status_code=http.client.UNAUTHORIZED) class TrustAPIBehavior(test_v3.RestfulTestCase): @@ -3904,7 +3902,7 @@ class TrustAPIBehavior(test_v3.RestfulTestCase): self.post('/OS-TRUST/trusts', body={'trust': self.chained_trust_ref}, token=trust_token, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_modified_redelegation_count_error(self): r = self.post('/OS-TRUST/trusts', @@ -3920,14 +3918,14 @@ class TrustAPIBehavior(test_v3.RestfulTestCase): self.post('/OS-TRUST/trusts', body={'trust': self.chained_trust_ref}, token=trust_token, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_max_redelegation_count_constraint(self): incorrect = CONF.trust.max_redelegation_count + 1 self.redelegated_trust_ref['redelegation_count'] = incorrect self.post('/OS-TRUST/trusts', body={'trust': self.redelegated_trust_ref}, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_redelegation_expiry(self): r = self.post('/OS-TRUST/trusts', @@ -3947,7 +3945,7 @@ class TrustAPIBehavior(test_v3.RestfulTestCase): self.post('/OS-TRUST/trusts', body={'trust': too_long_live_chained_trust_ref}, token=trust_token, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_redelegation_remaining_uses(self): r = self.post('/OS-TRUST/trusts', @@ -3962,7 +3960,7 @@ class TrustAPIBehavior(test_v3.RestfulTestCase): self.post('/OS-TRUST/trusts', body={'trust': self.chained_trust_ref}, token=trust_token, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_roles_subset(self): # Build second role @@ -4100,7 +4098,7 @@ class TrustAPIBehavior(test_v3.RestfulTestCase): self.post('/OS-TRUST/trusts', body={'trust': self.chained_trust_ref}, token=trust_token, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_redelegation_terminator(self): self.redelegated_trust_ref['expires_at'] = ( @@ -4134,7 +4132,7 @@ class TrustAPIBehavior(test_v3.RestfulTestCase): self.post('/OS-TRUST/trusts', body={'trust': ref}, token=trust_token, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_redelegation_without_impersonation(self): # Update trust to not allow impersonation @@ -4143,7 +4141,7 @@ class TrustAPIBehavior(test_v3.RestfulTestCase): # Create trust resp = self.post('/OS-TRUST/trusts', body={'trust': self.redelegated_trust_ref}, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) trust = self.assertValidTrustResponse(resp) # Get trusted token without impersonation @@ -4172,7 +4170,7 @@ class TrustAPIBehavior(test_v3.RestfulTestCase): resp = self.post('/OS-TRUST/trusts', body={'trust': trust_ref_2}, token=trust_token, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_create_unscoped_trust(self): ref = unit.new_trust_ref( @@ -4187,7 +4185,7 @@ class TrustAPIBehavior(test_v3.RestfulTestCase): trustee_user_id=self.trustee_user['id'], project_id=self.project_id) self.post('/OS-TRUST/trusts', body={'trust': ref}, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def _initialize_test_consume_trust(self, count): # Make sure remaining_uses is decremented as we consume the trust @@ -4239,7 +4237,7 @@ class TrustAPIBehavior(test_v3.RestfulTestCase): } self.admin_request( method='POST', path='/v3/auth/tokens', body=auth_data, - expected_status=http_client.BAD_REQUEST + expected_status=http.client.BAD_REQUEST ) def test_consume_trust_once(self): @@ -4258,14 +4256,14 @@ class TrustAPIBehavior(test_v3.RestfulTestCase): # No more uses, the trust is made unavailable self.get( '/OS-TRUST/trusts/%(trust_id)s' % {'trust_id': trust['id']}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) # this time we can't get a trust token auth_data = self.build_authentication_request( user_id=self.trustee_user['id'], password=self.trustee_user['password'], trust_id=trust['id']) self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_create_unlimited_use_trust(self): # by default trusts are unlimited in terms of tokens that can be @@ -4326,7 +4324,7 @@ class TrustAPIBehavior(test_v3.RestfulTestCase): self.post('/OS-TRUST/trusts', body={'trust': ref}, token=trust_token, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_trust_deleted_grant(self): # create a new role @@ -4365,7 +4363,7 @@ class TrustAPIBehavior(test_v3.RestfulTestCase): password=self.trustee_user['password'], trust_id=trust['id']) r = self.v3_create_token(auth_data, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_trust_chained(self): """Test that a trust token can't be used to execute another trust. @@ -4432,7 +4430,7 @@ class TrustAPIBehavior(test_v3.RestfulTestCase): token=trust_token, trust_id=trust1['id']) r = self.v3_create_token(auth_data, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def assertTrustTokensRevoked(self, trust_id): revocation_response = self.get('/OS-REVOKE/events') @@ -4467,7 +4465,7 @@ class TrustAPIBehavior(test_v3.RestfulTestCase): 'trust_id': trust_id}) headers = {'X-Subject-Token': trust_token} self.head('/auth/tokens', headers=headers, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) self.assertTrustTokensRevoked(trust_id) def disable_user(self, user): @@ -4500,7 +4498,7 @@ class TrustAPIBehavior(test_v3.RestfulTestCase): password=self.trustee_user['password'], trust_id=trust['id']) self.v3_create_token(auth_data, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_trust_get_token_fails_if_trustee_disabled(self): ref = unit.new_trust_ref( @@ -4528,7 +4526,7 @@ class TrustAPIBehavior(test_v3.RestfulTestCase): password=self.trustee_user['password'], trust_id=trust['id']) self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_delete_trust(self): ref = unit.new_trust_ref( @@ -4551,7 +4549,7 @@ class TrustAPIBehavior(test_v3.RestfulTestCase): password=self.trustee_user['password'], trust_id=trust['id']) self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_change_password_invalidates_trust_tokens(self): ref = unit.new_trust_ref( @@ -4582,7 +4580,7 @@ class TrustAPIBehavior(test_v3.RestfulTestCase): body={'user': {'password': uuid.uuid4().hex}})) self.get('/OS-TRUST/trusts?trustor_user_id=%s' % - self.user_id, expected_status=http_client.UNAUTHORIZED, + self.user_id, expected_status=http.client.UNAUTHORIZED, token=trust_token) def test_trustee_can_do_role_ops(self): @@ -4602,7 +4600,7 @@ class TrustAPIBehavior(test_v3.RestfulTestCase): 'trust_id': trust['id'], 'role_id': self.role['id']}, token=trust_token, - expected_status=http_client.OK) + expected_status=http.client.OK) resp = self.get( '/OS-TRUST/trusts/%(trust_id)s/roles/%(role_id)s' % { @@ -4632,7 +4630,7 @@ class TrustAPIBehavior(test_v3.RestfulTestCase): password=self.default_domain_user['password'], trust_id=trust_id) self.v3_create_token(auth_data, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) r = self.get('/OS-TRUST/trusts/%s' % trust_id) self.assertEqual(3, r.result.get('trust').get('remaining_uses')) @@ -4762,7 +4760,7 @@ class TestTrustChain(test_v3.RestfulTestCase): headers = {'X-Subject-Token': self.last_token} self.head('/auth/tokens', headers=headers, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) self.assert_trust_tokens_revoked(self.trust_chain[0]['id']) def test_delete_broken_chain(self): @@ -4782,7 +4780,7 @@ class TestTrustChain(test_v3.RestfulTestCase): self.get('/OS-TRUST/trusts/%(trust_id)s' % { 'trust_id': self.trust_chain[i + 1]['id']}, token=auth_token, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_trustor_roles_revoked(self): self.assert_user_authenticate(self.user_list[0]) @@ -4806,7 +4804,7 @@ class TestTrustChain(test_v3.RestfulTestCase): # Trustee has no delegated roles self.v3_create_token(auth_data, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_intermediate_user_disabled(self): self.assert_user_authenticate(self.user_list[0]) @@ -4819,7 +4817,7 @@ class TestTrustChain(test_v3.RestfulTestCase): with mock.patch.object(policy, 'enforce', return_value=True): headers = {'X-Subject-Token': self.last_token} self.head('/auth/tokens', headers=headers, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_intermediate_user_deleted(self): self.assert_user_authenticate(self.user_list[0]) @@ -4831,7 +4829,7 @@ class TestTrustChain(test_v3.RestfulTestCase): with mock.patch.object(policy, 'enforce', return_value=True): headers = {'X-Subject-Token': self.last_token} self.head('/auth/tokens', headers=headers, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) class TestAuthContext(unit.TestCase): @@ -4891,12 +4889,12 @@ class TestAuthSpecificData(test_v3.RestfulTestCase): def test_get_catalog_with_project_scoped_token(self): """Call ``GET /auth/catalog`` with a project-scoped token.""" - r = self.get('/auth/catalog', expected_status=http_client.OK) + r = self.get('/auth/catalog', expected_status=http.client.OK) self.assertValidCatalogResponse(r) def test_head_catalog_with_project_scoped_token(self): """Call ``HEAD /auth/catalog`` with a project-scoped token.""" - self.head('/auth/catalog', expected_status=http_client.OK) + self.head('/auth/catalog', expected_status=http.client.OK) def test_get_catalog_with_domain_scoped_token(self): """Call ``GET /auth/catalog`` with a domain-scoped token.""" @@ -4910,7 +4908,7 @@ class TestAuthSpecificData(test_v3.RestfulTestCase): user_id=self.user['id'], password=self.user['password'], domain_id=self.domain['id']), - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_head_catalog_with_domain_scoped_token(self): """Call ``HEAD /auth/catalog`` with a domain-scoped token.""" @@ -4924,7 +4922,7 @@ class TestAuthSpecificData(test_v3.RestfulTestCase): user_id=self.user['id'], password=self.user['password'], domain_id=self.domain['id']), - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_get_catalog_with_unscoped_token(self): """Call ``GET /auth/catalog`` with an unscoped token.""" @@ -4933,7 +4931,7 @@ class TestAuthSpecificData(test_v3.RestfulTestCase): auth=self.build_authentication_request( user_id=self.default_domain_user['id'], password=self.default_domain_user['password']), - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_head_catalog_with_unscoped_token(self): """Call ``HEAD /auth/catalog`` with an unscoped token.""" @@ -4942,14 +4940,14 @@ class TestAuthSpecificData(test_v3.RestfulTestCase): auth=self.build_authentication_request( user_id=self.default_domain_user['id'], password=self.default_domain_user['password']), - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_get_catalog_no_token(self): """Call ``GET /auth/catalog`` without a token.""" self.get( '/auth/catalog', noauth=True, - expected_status=http_client.UNAUTHORIZED + expected_status=http.client.UNAUTHORIZED ) def test_head_catalog_no_token(self): @@ -4957,16 +4955,16 @@ class TestAuthSpecificData(test_v3.RestfulTestCase): self.head( '/auth/catalog', noauth=True, - expected_status=http_client.UNAUTHORIZED + expected_status=http.client.UNAUTHORIZED ) def test_get_projects_with_project_scoped_token(self): - r = self.get('/auth/projects', expected_status=http_client.OK) + r = self.get('/auth/projects', expected_status=http.client.OK) self.assertThat(r.json['projects'], matchers.HasLength(1)) self.assertValidProjectListResponse(r) def test_head_projects_with_project_scoped_token(self): - self.head('/auth/projects', expected_status=http_client.OK) + self.head('/auth/projects', expected_status=http.client.OK) def test_get_projects_matches_federated_get_projects(self): # create at least one addition project to make sure it doesn't end up @@ -4975,7 +4973,7 @@ class TestAuthSpecificData(test_v3.RestfulTestCase): r = self.post('/projects', body={'project': ref}) unauthorized_project_id = r.json['project']['id'] - r = self.get('/auth/projects', expected_status=http_client.OK) + r = self.get('/auth/projects', expected_status=http.client.OK) self.assertThat(r.json['projects'], matchers.HasLength(1)) for project in r.json['projects']: self.assertNotEqual(unauthorized_project_id, project['id']) @@ -4983,7 +4981,7 @@ class TestAuthSpecificData(test_v3.RestfulTestCase): expected_project_id = r.json['projects'][0]['id'] # call GET /v3/OS-FEDERATION/projects - r = self.get('/OS-FEDERATION/projects', expected_status=http_client.OK) + r = self.get('/OS-FEDERATION/projects', expected_status=http.client.OK) # make sure the response is the same self.assertThat(r.json['projects'], matchers.HasLength(1)) @@ -5006,15 +5004,15 @@ class TestAuthSpecificData(test_v3.RestfulTestCase): 'user_id': self.user_id, 'role_id': self.role_id } - self.put(path, expected_status=http_client.NO_CONTENT) + self.put(path, expected_status=http.client.NO_CONTENT) - r = self.get('/auth/domains', expected_status=http_client.OK) + r = self.get('/auth/domains', expected_status=http.client.OK) self.assertThat(r.json['domains'], matchers.HasLength(1)) self.assertEqual(authorized_domain_id, r.json['domains'][0]['id']) self.assertNotEqual(unauthorized_domain_id, r.json['domains'][0]['id']) # call GET /v3/OS-FEDERATION/domains - r = self.get('/OS-FEDERATION/domains', expected_status=http_client.OK) + r = self.get('/OS-FEDERATION/domains', expected_status=http.client.OK) # make sure the response is the same self.assertThat(r.json['domains'], matchers.HasLength(1)) @@ -5025,7 +5023,7 @@ class TestAuthSpecificData(test_v3.RestfulTestCase): self.put(path='/domains/%s/users/%s/roles/%s' % ( self.domain['id'], self.user['id'], self.role['id'])) - r = self.get('/auth/domains', expected_status=http_client.OK) + r = self.get('/auth/domains', expected_status=http.client.OK) self.assertThat(r.json['domains'], matchers.HasLength(1)) self.assertValidDomainListResponse(r) @@ -5033,7 +5031,7 @@ class TestAuthSpecificData(test_v3.RestfulTestCase): self.put(path='/domains/%s/users/%s/roles/%s' % ( self.domain['id'], self.user['id'], self.role['id'])) - self.head('/auth/domains', expected_status=http_client.OK) + self.head('/auth/domains', expected_status=http.client.OK) def test_get_system_roles_with_unscoped_token(self): path = '/system/users/%(user_id)s/roles/%(role_id)s' % { @@ -5052,7 +5050,7 @@ class TestAuthSpecificData(test_v3.RestfulTestCase): self.assertTrue(response.json_body['system'][0]['all']) self.head( '/auth/system', token=unscoped_token, - expected_status=http_client.OK + expected_status=http.client.OK ) def test_get_system_roles_returns_empty_list_without_system_roles(self): @@ -5069,7 +5067,7 @@ class TestAuthSpecificData(test_v3.RestfulTestCase): self.assertEqual(response.json_body['system'], []) self.head( '/auth/system', token=unscoped_token, - expected_status=http_client.OK + expected_status=http.client.OK ) project_scoped_request = self.build_authentication_request( @@ -5083,7 +5081,7 @@ class TestAuthSpecificData(test_v3.RestfulTestCase): self.assertEqual(response.json_body['system'], []) self.head( '/auth/system', token=project_scoped_token, - expected_status=http_client.OK + expected_status=http.client.OK ) def test_get_system_roles_with_project_scoped_token(self): @@ -5107,7 +5105,7 @@ class TestAuthSpecificData(test_v3.RestfulTestCase): self.assertTrue(response.json_body['system'][0]['all']) self.head( '/auth/system', token=domain_scoped_token, - expected_status=http_client.OK + expected_status=http.client.OK ) def test_get_system_roles_with_domain_scoped_token(self): @@ -5128,7 +5126,7 @@ class TestAuthSpecificData(test_v3.RestfulTestCase): self.assertTrue(response.json_body['system'][0]['all']) self.head( '/auth/system', token=project_scoped_token, - expected_status=http_client.OK + expected_status=http.client.OK ) @@ -5214,7 +5212,7 @@ class TestAuthTOTP(test_v3.RestfulTestCase): for cred in itertools.chain(other_creds, totp_creds): self.delete('/credentials/%s' % cred['id'], - expected_status=http_client.NO_CONTENT) + expected_status=http.client.NO_CONTENT) def test_with_a_valid_passcode(self): creds = self._make_credentials('totp') @@ -5228,7 +5226,7 @@ class TestAuthTOTP(test_v3.RestfulTestCase): auth_data = self._make_auth_data_by_id( totp._generate_totp_passcodes(secret)[0]) - self.v3_create_token(auth_data, expected_status=http_client.CREATED) + self.v3_create_token(auth_data, expected_status=http.client.CREATED) def test_with_an_expired_passcode(self): creds = self._make_credentials('totp') @@ -5245,7 +5243,7 @@ class TestAuthTOTP(test_v3.RestfulTestCase): self.useFixture(fixture.TimeFixture()) self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_with_an_expired_passcode_no_previous_windows(self): self.config_fixture.config(group='totp', @@ -5264,7 +5262,7 @@ class TestAuthTOTP(test_v3.RestfulTestCase): self.useFixture(fixture.TimeFixture()) self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_with_passcode_no_previous_windows(self): self.config_fixture.config(group='totp', @@ -5280,7 +5278,7 @@ class TestAuthTOTP(test_v3.RestfulTestCase): # auth plugin. self.useFixture(fixture.TimeFixture()) - self.v3_create_token(auth_data, expected_status=http_client.CREATED) + self.v3_create_token(auth_data, expected_status=http.client.CREATED) def test_with_passcode_in_previous_windows_default(self): """Confirm previous window default of 1 works.""" @@ -5297,7 +5295,7 @@ class TestAuthTOTP(test_v3.RestfulTestCase): # auth plugin. self.useFixture(fixture.TimeFixture()) - self.v3_create_token(auth_data, expected_status=http_client.CREATED) + self.v3_create_token(auth_data, expected_status=http.client.CREATED) def test_with_passcode_in_previous_windows_extended(self): self.config_fixture.config(group='totp', @@ -5315,24 +5313,24 @@ class TestAuthTOTP(test_v3.RestfulTestCase): # auth plugin. self.useFixture(fixture.TimeFixture()) - self.v3_create_token(auth_data, expected_status=http_client.CREATED) + self.v3_create_token(auth_data, expected_status=http.client.CREATED) def test_with_an_invalid_passcode_and_user_credentials(self): self._make_credentials('totp') auth_data = self._make_auth_data_by_id('000000') self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_with_an_invalid_passcode_with_no_user_credentials(self): auth_data = self._make_auth_data_by_id('000000') self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_with_a_corrupt_totp_credential(self): self._make_credentials('totp', count=1, blob='0') auth_data = self._make_auth_data_by_id('000000') self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_with_multiple_credentials(self): self._make_credentials('other', 3) @@ -5346,7 +5344,7 @@ class TestAuthTOTP(test_v3.RestfulTestCase): auth_data = self._make_auth_data_by_id( totp._generate_totp_passcodes(secret)[0]) - self.v3_create_token(auth_data, expected_status=http_client.CREATED) + self.v3_create_token(auth_data, expected_status=http.client.CREATED) def test_with_multiple_users(self): # make some credentials for the existing user @@ -5369,7 +5367,7 @@ class TestAuthTOTP(test_v3.RestfulTestCase): auth_data = self._make_auth_data_by_id( totp._generate_totp_passcodes(secret)[0], user_id=user['id']) - self.v3_create_token(auth_data, expected_status=http_client.CREATED) + self.v3_create_token(auth_data, expected_status=http.client.CREATED) def test_with_multiple_users_and_invalid_credentials(self): """Prevent logging in with someone else's credentials. @@ -5396,7 +5394,7 @@ class TestAuthTOTP(test_v3.RestfulTestCase): auth_data = self._make_auth_data_by_id( totp._generate_totp_passcodes(secret)[0], user_id=user_id) self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_with_username_and_domain_id(self): creds = self._make_credentials('totp') @@ -5412,7 +5410,7 @@ class TestAuthTOTP(test_v3.RestfulTestCase): username=self.default_domain_user['name'], user_domain_id=self.default_domain_user['domain_id']) - self.v3_create_token(auth_data, expected_status=http_client.CREATED) + self.v3_create_token(auth_data, expected_status=http.client.CREATED) def test_generated_passcode_is_correct_format(self): secret = self._make_credentials('totp')[-1]['blob'] @@ -5434,7 +5432,7 @@ class TestFetchRevocationList(test_v3.RestfulTestCase): # can be returned. self.get( '/auth/tokens/OS-PKI/revoked', - expected_status=http_client.FORBIDDEN + expected_status=http.client.FORBIDDEN ) def test_head_ids_no_tokens_returns_forbidden(self): @@ -5443,7 +5441,7 @@ class TestFetchRevocationList(test_v3.RestfulTestCase): # can be returned. self.head( '/auth/tokens/OS-PKI/revoked', - expected_status=http_client.FORBIDDEN + expected_status=http.client.FORBIDDEN ) @@ -5476,7 +5474,7 @@ class ApplicationCredentialAuth(test_v3.RestfulTestCase): return data def _validate_token(self, token, headers=None, - expected_status=http_client.OK): + expected_status=http.client.OK): path = '/v3/auth/tokens' headers = headers or {} headers.update({'X-Auth-Token': token, 'X-Subject-Token': token}) @@ -5491,7 +5489,7 @@ class ApplicationCredentialAuth(test_v3.RestfulTestCase): app_cred) auth_data = self.build_authentication_request( app_cred_id=app_cred_ref['id'], secret=app_cred_ref['secret']) - self.v3_create_token(auth_data, expected_status=http_client.CREATED) + self.v3_create_token(auth_data, expected_status=http.client.CREATED) def test_validate_application_credential_token_populates_restricted(self): self.config_fixture.config(group='token', cache_on_issue=False) @@ -5501,7 +5499,7 @@ class ApplicationCredentialAuth(test_v3.RestfulTestCase): auth_data = self.build_authentication_request( app_cred_id=app_cred_ref['id'], secret=app_cred_ref['secret']) auth_response = self.v3_create_token( - auth_data, expected_status=http_client.CREATED) + auth_data, expected_status=http.client.CREATED) self.assertTrue( auth_response.json['token']['application_credential']['restricted'] ) @@ -5521,7 +5519,7 @@ class ApplicationCredentialAuth(test_v3.RestfulTestCase): auth_data = self.build_authentication_request( app_cred_name=app_cred_ref['name'], secret=app_cred_ref['secret'], user_id=self.user['id']) - self.v3_create_token(auth_data, expected_status=http_client.CREATED) + self.v3_create_token(auth_data, expected_status=http.client.CREATED) def test_valid_application_credential_name_and_username_succeeds(self): app_cred = self._make_app_cred() @@ -5530,7 +5528,7 @@ class ApplicationCredentialAuth(test_v3.RestfulTestCase): auth_data = self.build_authentication_request( app_cred_name=app_cred_ref['name'], secret=app_cred_ref['secret'], username=self.user['name'], user_domain_id=self.user['domain_id']) - self.v3_create_token(auth_data, expected_status=http_client.CREATED) + self.v3_create_token(auth_data, expected_status=http.client.CREATED) def test_application_credential_with_invalid_secret_fails(self): app_cred = self._make_app_cred() @@ -5539,7 +5537,7 @@ class ApplicationCredentialAuth(test_v3.RestfulTestCase): auth_data = self.build_authentication_request( app_cred_id=app_cred_ref['id'], secret='badsecret') self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_unexpired_application_credential_succeeds(self): expires_at = datetime.datetime.utcnow() + datetime.timedelta(minutes=1) @@ -5548,7 +5546,7 @@ class ApplicationCredentialAuth(test_v3.RestfulTestCase): app_cred) auth_data = self.build_authentication_request( app_cred_id=app_cred_ref['id'], secret=app_cred_ref['secret']) - self.v3_create_token(auth_data, expected_status=http_client.CREATED) + self.v3_create_token(auth_data, expected_status=http.client.CREATED) def test_expired_application_credential_fails(self): expires_at = datetime.datetime.utcnow() + datetime.timedelta(minutes=1) @@ -5560,7 +5558,7 @@ class ApplicationCredentialAuth(test_v3.RestfulTestCase): future = datetime.datetime.utcnow() + datetime.timedelta(minutes=2) with freezegun.freeze_time(future): self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_application_credential_fails_when_user_deleted(self): app_cred = self._make_app_cred() @@ -5569,7 +5567,7 @@ class ApplicationCredentialAuth(test_v3.RestfulTestCase): PROVIDERS.identity_api.delete_user(self.user['id']) auth_data = self.build_authentication_request( app_cred_id=app_cred_ref['id'], secret=app_cred_ref['secret']) - self.v3_create_token(auth_data, expected_status=http_client.NOT_FOUND) + self.v3_create_token(auth_data, expected_status=http.client.NOT_FOUND) def test_application_credential_fails_when_user_disabled(self): app_cred = self._make_app_cred() @@ -5580,7 +5578,7 @@ class ApplicationCredentialAuth(test_v3.RestfulTestCase): auth_data = self.build_authentication_request( app_cred_id=app_cred_ref['id'], secret=app_cred_ref['secret']) self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_application_credential_fails_when_project_deleted(self): app_cred = self._make_app_cred() @@ -5589,7 +5587,7 @@ class ApplicationCredentialAuth(test_v3.RestfulTestCase): PROVIDERS.resource_api.delete_project(self.project['id']) auth_data = self.build_authentication_request( app_cred_id=app_cred_ref['id'], secret=app_cred_ref['secret']) - self.v3_create_token(auth_data, expected_status=http_client.NOT_FOUND) + self.v3_create_token(auth_data, expected_status=http.client.NOT_FOUND) def test_application_credential_fails_when_role_deleted(self): app_cred = self._make_app_cred() @@ -5598,7 +5596,7 @@ class ApplicationCredentialAuth(test_v3.RestfulTestCase): PROVIDERS.role_api.delete_role(self.role_id) auth_data = self.build_authentication_request( app_cred_id=app_cred_ref['id'], secret=app_cred_ref['secret']) - self.v3_create_token(auth_data, expected_status=http_client.NOT_FOUND) + self.v3_create_token(auth_data, expected_status=http.client.NOT_FOUND) def test_application_credential_fails_when_role_unassigned(self): app_cred = self._make_app_cred() @@ -5609,7 +5607,7 @@ class ApplicationCredentialAuth(test_v3.RestfulTestCase): self.role_id) auth_data = self.build_authentication_request( app_cred_id=app_cred_ref['id'], secret=app_cred_ref['secret']) - self.v3_create_token(auth_data, expected_status=http_client.NOT_FOUND) + self.v3_create_token(auth_data, expected_status=http.client.NOT_FOUND) def test_application_credential_through_group_membership(self): user1 = unit.create_user( @@ -5641,7 +5639,7 @@ class ApplicationCredentialAuth(test_v3.RestfulTestCase): auth_data = self.build_authentication_request( app_cred_id=app_cred_ref['id'], secret=app_cred_ref['secret']) - self.v3_create_token(auth_data, expected_status=http_client.CREATED) + self.v3_create_token(auth_data, expected_status=http.client.CREATED) def test_application_credential_cannot_scope(self): app_cred = self._make_app_cred() @@ -5666,7 +5664,7 @@ class ApplicationCredentialAuth(test_v3.RestfulTestCase): app_cred_id=app_cred_ref['id'], secret=app_cred_ref['secret'], project_id=new_project['id']) self.v3_create_token(app_cred_auth, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_application_credential_with_access_rules(self): access_rules = [ @@ -5683,7 +5681,7 @@ class ApplicationCredentialAuth(test_v3.RestfulTestCase): auth_data = self.build_authentication_request( app_cred_id=app_cred_ref['id'], secret=app_cred_ref['secret']) resp = self.v3_create_token(auth_data, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) token = resp.headers.get('X-Subject-Token') headers = {'OpenStack-Identity-Access-Rules': '1.0'} self._validate_token(token, headers=headers) @@ -5703,6 +5701,6 @@ class ApplicationCredentialAuth(test_v3.RestfulTestCase): auth_data = self.build_authentication_request( app_cred_id=app_cred_ref['id'], secret=app_cred_ref['secret']) resp = self.v3_create_token(auth_data, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) token = resp.headers.get('X-Subject-Token') - self._validate_token(token, expected_status=http_client.NOT_FOUND) + self._validate_token(token, expected_status=http.client.NOT_FOUND) diff --git a/keystone/tests/unit/test_v3_catalog.py b/keystone/tests/unit/test_v3_catalog.py index 86d6b9501e..f2d3a1a3c1 100644 --- a/keystone/tests/unit/test_v3_catalog.py +++ b/keystone/tests/unit/test_v3_catalog.py @@ -15,7 +15,7 @@ import copy import uuid -from six.moves import http_client +import http.client from testtools import matchers from keystone.common import provider_api @@ -39,7 +39,7 @@ class CatalogTestCase(test_v3.RestfulTestCase): r = self.put( '/regions/%s' % region_id, body={'region': ref}, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) self.assertValidRegionResponse(r, ref) # Double-check that the region ID was kept as-is and not # populated with a UUID, as is the case with POST /v3/regions @@ -52,7 +52,7 @@ class CatalogTestCase(test_v3.RestfulTestCase): r = self.put( '/regions/%s' % region_id, body={'region': ref}, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) self.assertValidRegionResponse(r, ref) # Double-check that the region ID was kept as-is and not # populated with a UUID, as is the case with POST /v3/regions @@ -64,11 +64,11 @@ class CatalogTestCase(test_v3.RestfulTestCase): region_id = ref['id'] self.put( '/regions/%s' % region_id, - body={'region': ref}, expected_status=http_client.CREATED) + body={'region': ref}, expected_status=http.client.CREATED) # Create region again with duplicate id self.put( '/regions/%s' % region_id, - body={'region': ref}, expected_status=http_client.CONFLICT) + body={'region': ref}, expected_status=http.client.CONFLICT) def test_create_region(self): """Call ``POST /regions`` with an ID in the request body.""" @@ -163,14 +163,14 @@ class CatalogTestCase(test_v3.RestfulTestCase): self.put( '/regions/%s' % uuid.uuid4().hex, body={'region': ref}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_list_head_regions(self): """Call ``GET & HEAD /regions``.""" resource_url = '/regions' r = self.get(resource_url) self.assertValidRegionListResponse(r, ref=self.region) - self.head(resource_url, expected_status=http_client.OK) + self.head(resource_url, expected_status=http.client.OK) def _create_region_with_parent_id(self, parent_id=None): ref = unit.new_region_ref(parent_region_id=parent_id) @@ -197,7 +197,7 @@ class CatalogTestCase(test_v3.RestfulTestCase): 'region_id': self.region_id} r = self.get(resource_url) self.assertValidRegionResponse(r, self.region) - self.head(resource_url, expected_status=http_client.OK) + self.head(resource_url, expected_status=http.client.OK) def test_update_region(self): """Call ``PATCH /regions/{region_id}``.""" @@ -302,26 +302,26 @@ class CatalogTestCase(test_v3.RestfulTestCase): """Call ``POST /services``.""" ref = unit.new_service_ref(enabled='True') self.post('/services', body={'service': ref}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_create_service_enabled_str_false(self): """Call ``POST /services``.""" ref = unit.new_service_ref(enabled='False') self.post('/services', body={'service': ref}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_create_service_enabled_str_random(self): """Call ``POST /services``.""" ref = unit.new_service_ref(enabled='puppies') self.post('/services', body={'service': ref}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_list_head_services(self): """Call ``GET & HEAD /services``.""" resource_url = '/services' r = self.get(resource_url) self.assertValidServiceListResponse(r, ref=self.service) - self.head(resource_url, expected_status=http_client.OK) + self.head(resource_url, expected_status=http.client.OK) def _create_random_service(self): ref = unit.new_service_ref() @@ -377,7 +377,7 @@ class CatalogTestCase(test_v3.RestfulTestCase): 'service_id': self.service_id} r = self.get(resource_url) self.assertValidServiceResponse(r, self.service) - self.head(resource_url, expected_status=http_client.OK) + self.head(resource_url, expected_status=http.client.OK) def test_update_service(self): """Call ``PATCH /services/{service_id}``.""" @@ -400,7 +400,7 @@ class CatalogTestCase(test_v3.RestfulTestCase): resource_url = '/endpoints' r = self.get(resource_url) self.assertValidEndpointListResponse(r, ref=self.endpoint) - self.head(resource_url, expected_status=http_client.OK) + self.head(resource_url, expected_status=http.client.OK) def _create_random_endpoint(self, interface='public', parent_region_id=None): @@ -563,7 +563,7 @@ class CatalogTestCase(test_v3.RestfulTestCase): region_id=self.region_id, enabled='True') self.post('/endpoints', body={'endpoint': ref}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_create_endpoint_enabled_str_false(self): """Call ``POST /endpoints`` with enabled: 'False'.""" @@ -572,7 +572,7 @@ class CatalogTestCase(test_v3.RestfulTestCase): region_id=self.region_id, enabled='False') self.post('/endpoints', body={'endpoint': ref}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_create_endpoint_enabled_str_random(self): """Call ``POST /endpoints`` with enabled: 'puppies'.""" @@ -581,13 +581,13 @@ class CatalogTestCase(test_v3.RestfulTestCase): region_id=self.region_id, enabled='puppies') self.post('/endpoints', body={'endpoint': ref}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_create_endpoint_with_invalid_region_id(self): """Call ``POST /endpoints``.""" ref = unit.new_endpoint_ref(service_id=self.service_id) self.post('/endpoints', body={'endpoint': ref}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_create_endpoint_with_region(self): """EndpointV3 creates the region before creating the endpoint. @@ -610,7 +610,7 @@ class CatalogTestCase(test_v3.RestfulTestCase): """Call ``POST /endpoints``.""" ref = unit.new_endpoint_ref(service_id=self.service_id, url='') self.post('/endpoints', body={'endpoint': ref}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_get_head_endpoint(self): """Call ``GET & HEAD /endpoints/{endpoint_id}``.""" @@ -618,7 +618,7 @@ class CatalogTestCase(test_v3.RestfulTestCase): 'endpoint_id': self.endpoint_id} r = self.get(resource_url) self.assertValidEndpointResponse(r, self.endpoint) - self.head(resource_url, expected_status=http_client.OK) + self.head(resource_url, expected_status=http.client.OK) def test_update_endpoint(self): """Call ``PATCH /endpoints/{endpoint_id}``.""" @@ -657,7 +657,7 @@ class CatalogTestCase(test_v3.RestfulTestCase): '/endpoints/%(endpoint_id)s' % { 'endpoint_id': self.endpoint_id}, body={'endpoint': {'enabled': 'True'}}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_update_endpoint_enabled_str_false(self): """Call ``PATCH /endpoints/{endpoint_id}`` with enabled: 'False'.""" @@ -665,7 +665,7 @@ class CatalogTestCase(test_v3.RestfulTestCase): '/endpoints/%(endpoint_id)s' % { 'endpoint_id': self.endpoint_id}, body={'endpoint': {'enabled': 'False'}}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_update_endpoint_enabled_str_random(self): """Call ``PATCH /endpoints/{endpoint_id}`` with enabled: 'kitties'.""" @@ -673,7 +673,7 @@ class CatalogTestCase(test_v3.RestfulTestCase): '/endpoints/%(endpoint_id)s' % { 'endpoint_id': self.endpoint_id}, body={'endpoint': {'enabled': 'kitties'}}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_delete_endpoint(self): """Call ``DELETE /endpoints/{endpoint_id}``.""" @@ -701,7 +701,7 @@ class CatalogTestCase(test_v3.RestfulTestCase): # make sure it's deleted (GET should return Not Found) self.get('/endpoints/%s' % ref['id'], - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_endpoint_create_with_valid_url(self): """Create endpoint with valid url should be tested,too.""" @@ -746,7 +746,7 @@ class CatalogTestCase(test_v3.RestfulTestCase): ref['url'] = invalid_url self.post('/endpoints', body={'endpoint': ref}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) class TestMultiRegion(test_v3.RestfulTestCase): diff --git a/keystone/tests/unit/test_v3_credential.py b/keystone/tests/unit/test_v3_credential.py index 2538c3a105..49cfde1463 100644 --- a/keystone/tests/unit/test_v3_credential.py +++ b/keystone/tests/unit/test_v3_credential.py @@ -16,10 +16,10 @@ import hashlib import json import uuid +import http.client from keystoneclient.contrib.ec2 import utils as ec2_utils import mock from oslo_db import exception as oslo_db_exception -from six.moves import http_client from testtools import matchers from keystone.api import ec2tokens @@ -237,7 +237,7 @@ class CredentialTestCase(CredentialBaseTestCase): '/credentials/%(credential_id)s' % { 'credential_id': credential_id}, body={'credential': update_ref}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_update_credential_to_ec2_with_previously_set_project_id(self): """Call ``PATCH /credentials/{credential_id}``.""" @@ -311,7 +311,7 @@ class CredentialTestCase(CredentialBaseTestCase): # for conflict. self.post( '/credentials', - body={'credential': ref}, expected_status=http_client.CONFLICT) + body={'credential': ref}, expected_status=http.client.CONFLICT) def test_get_ec2_dict_blob(self): """Ensure non-JSON blob data is correctly converted.""" @@ -366,7 +366,7 @@ class CredentialTestCase(CredentialBaseTestCase): # Assert bad request status when missing project_id self.post( '/credentials', - body={'credential': ref}, expected_status=http_client.BAD_REQUEST) + body={'credential': ref}, expected_status=http.client.BAD_REQUEST) def test_create_ec2_credential_with_invalid_blob(self): """Test creating ec2 credential with invalid blob. @@ -380,7 +380,7 @@ class CredentialTestCase(CredentialBaseTestCase): # Assert bad request status when request contains invalid blob response = self.post( '/credentials', - body={'credential': ref}, expected_status=http_client.BAD_REQUEST) + body={'credential': ref}, expected_status=http.client.BAD_REQUEST) self.assertValidErrorResponse(response) def test_create_credential_with_admin_token(self): @@ -469,7 +469,7 @@ class TestCredentialTrustScoped(test_v3.RestfulTestCase): '/credentials', body={'credential': ref}, token=token_id, - expected_status=http_client.CONFLICT) + expected_status=http.client.CONFLICT) class TestCredentialEc2(CredentialBaseTestCase): @@ -498,7 +498,7 @@ class TestCredentialEc2(CredentialBaseTestCase): r = self.post( '/ec2tokens', body={'ec2Credentials': sig_ref}, - expected_status=http_client.OK) + expected_status=http.client.OK) self.assertValidTokenResponse(r) def test_ec2_credential_signature_validate(self): @@ -563,7 +563,7 @@ class TestCredentialEc2(CredentialBaseTestCase): uri = '/'.join([self._get_ec2_cred_uri(), access_key]) # if access_key is not found, ec2 controller raises Unauthorized # exception - self.get(uri, expected_status=http_client.UNAUTHORIZED) + self.get(uri, expected_status=http.client.UNAUTHORIZED) def test_ec2_list_credentials(self): """Test ec2 credential listing.""" diff --git a/keystone/tests/unit/test_v3_domain_config.py b/keystone/tests/unit/test_v3_domain_config.py index b8fe165fb0..886dc18e11 100644 --- a/keystone/tests/unit/test_v3_domain_config.py +++ b/keystone/tests/unit/test_v3_domain_config.py @@ -13,7 +13,7 @@ import copy import uuid -from six.moves import http_client +import http.client from keystone.common import provider_api import keystone.conf @@ -43,7 +43,7 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): url = '/domains/%(domain_id)s/config' % { 'domain_id': self.domain['id']} r = self.put(url, body={'config': self.config}, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) res = PROVIDERS.domain_config_api.get_config(self.domain['id']) self.assertEqual(self.config, r.result['config']) self.assertEqual(self.config, res) @@ -66,11 +66,11 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): self.put('/domains/%(domain_id)s/config' % { 'domain_id': self.domain['id']}, body={'config': self.config}, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) self.put('/domains/%(domain_id)s/config' % { 'domain_id': self.domain['id']}, body={'config': self.config}, - expected_status=http_client.OK) + expected_status=http.client.OK) def test_delete_config(self): """Call ``DELETE /domains{domain_id}/config``.""" @@ -132,7 +132,7 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): 'domain_id': self.domain['id']} r = self.get(url) self.assertEqual(self.config, r.result['config']) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) def test_get_head_config_by_group(self): """Call ``GET & HEAD /domains{domain_id}/config/{group}``.""" @@ -143,7 +143,7 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): 'domain_id': self.domain['id']} r = self.get(url) self.assertEqual({'ldap': self.config['ldap']}, r.result['config']) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) def test_get_head_config_by_group_invalid_domain(self): """Call ``GET & HEAD /domains{domain_id}/config/{group}``. @@ -172,7 +172,7 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): r = self.get(url) self.assertEqual({'url': self.config['ldap']['url']}, r.result['config']) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) def test_get_head_config_by_option_invalid_domain(self): """Call ``GET & HEAD /domains{domain_id}/config/{group}/{option}``. @@ -196,8 +196,8 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): url = ('/domains/%(domain_id)s/config' % { 'domain_id': self.domain['id']} ) - self.get(url, expected_status=http_client.NOT_FOUND) - self.head(url, expected_status=http_client.NOT_FOUND) + self.get(url, expected_status=http.client.NOT_FOUND) + self.head(url, expected_status=http.client.NOT_FOUND) def test_get_head_non_existant_config_invalid_domain(self): """Call ``GET & HEAD /domains/{domain_id}/config with invalid domain``. @@ -220,8 +220,8 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): url = ('/domains/%(domain_id)s/config/identity' % { 'domain_id': self.domain['id']} ) - self.get(url, expected_status=http_client.NOT_FOUND) - self.head(url, expected_status=http_client.NOT_FOUND) + self.get(url, expected_status=http.client.NOT_FOUND) + self.head(url, expected_status=http.client.NOT_FOUND) def test_get_head_non_existant_config_group_invalid_domain(self): """Call ``GET & HEAD /domains/{domain_id}/config/{group}``. @@ -251,8 +251,8 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): url = ('/domains/%(domain_id)s/config/ldap/user_tree_dn' % { 'domain_id': self.domain['id']} ) - self.get(url, expected_status=http_client.NOT_FOUND) - self.head(url, expected_status=http_client.NOT_FOUND) + self.get(url, expected_status=http.client.NOT_FOUND) + self.head(url, expected_status=http.client.NOT_FOUND) def test_get_head_non_existant_config_option_with_invalid_domain(self): """Test that Domain Not Found is returned with invalid domain. @@ -358,7 +358,7 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): self.patch('/domains/%(domain_id)s/config/%(invalid_group)s' % { 'domain_id': self.domain['id'], 'invalid_group': invalid_group}, body={'config': new_config}, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) # Trying to update a valid group, but one that is not in the current # config should result in NotFound config = {'ldap': {'suffix': uuid.uuid4().hex}} @@ -367,7 +367,7 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): self.patch('/domains/%(domain_id)s/config/identity' % { 'domain_id': self.domain['id']}, body={'config': new_config}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_update_config_invalid_group_invalid_domain(self): """Call ``PATCH /domains/{domain_id}/config/{invalid_group}``. @@ -435,7 +435,7 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): 'domain_id': self.domain['id'], 'invalid_option': invalid_option}, body={'config': new_config}, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) # Trying to update a valid option, but one that is not in the current # config should result in NotFound new_config = {'suffix': uuid.uuid4().hex} @@ -443,7 +443,7 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): '/domains/%(domain_id)s/config/ldap/suffix' % { 'domain_id': self.domain['id']}, body={'config': new_config}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_update_config_invalid_option_invalid_domain(self): """Call ``PATCH /domains/{domain_id}/config/{group}/{invalid}``. @@ -479,7 +479,7 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): for option in default_config[group]: self.assertEqual(getattr(getattr(CONF, group), option), default_config[group][option]) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) def test_get_head_config_default_by_group(self): """Call ``GET & HEAD /domains/config/{group}/default``.""" @@ -494,7 +494,7 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): for option in default_config['ldap']: self.assertEqual(getattr(CONF.ldap, option), default_config['ldap'][option]) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) def test_get_head_config_default_by_option(self): """Call ``GET & HEAD /domains/config/{group}/{option}/default``.""" @@ -507,20 +507,20 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): r = self.get(url) default_config = r.result['config'] self.assertEqual(CONF.ldap.url, default_config['url']) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) def test_get_head_config_default_by_invalid_group(self): """Call ``GET & HEAD for /domains/config/{bad-group}/default``.""" # First try a valid group, but one we don't support for domain config self.get('/domains/config/resource/default', - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) self.head('/domains/config/resource/default', - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) # Now try a totally invalid group url = '/domains/config/%s/default' % uuid.uuid4().hex - self.get(url, expected_status=http_client.FORBIDDEN) - self.head(url, expected_status=http_client.FORBIDDEN) + self.get(url, expected_status=http.client.FORBIDDEN) + self.head(url, expected_status=http.client.FORBIDDEN) def test_get_head_config_default_for_unsupported_group(self): # It should not be possible to expose configuration information for @@ -528,15 +528,15 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): # so would be a security vulnerability because it would leak sensitive # information over the API. self.get('/domains/config/ldap/password/default', - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) self.head('/domains/config/ldap/password/default', - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_get_head_config_default_for_invalid_option(self): """Returning invalid configuration options is invalid.""" url = '/domains/config/ldap/%s/default' % uuid.uuid4().hex - self.get(url, expected_status=http_client.FORBIDDEN) - self.head(url, expected_status=http_client.FORBIDDEN) + self.get(url, expected_status=http.client.FORBIDDEN) + self.head(url, expected_status=http.client.FORBIDDEN) class SecurityRequirementsTestCase(test_v3.RestfulTestCase): @@ -641,12 +641,12 @@ class SecurityRequirementsTestCase(test_v3.RestfulTestCase): self.head( url, token=self._get_non_admin_token(), - expected_status=http_client.OK + expected_status=http.client.OK ) self.head( url, token=self._get_admin_token(), - expected_status=http_client.OK + expected_status=http.client.OK ) def test_get_security_compliance_config_for_non_default_domain_fails(self): @@ -683,24 +683,24 @@ class SecurityRequirementsTestCase(test_v3.RestfulTestCase): # this. self.get( url, - expected_status=http_client.FORBIDDEN, + expected_status=http.client.FORBIDDEN, token=self._get_non_admin_token() ) self.get( url, - expected_status=http_client.FORBIDDEN, + expected_status=http.client.FORBIDDEN, token=self._get_admin_token() ) # Ensure HEAD requests behave the same way self.head( url, - expected_status=http_client.FORBIDDEN, + expected_status=http.client.FORBIDDEN, token=self._get_non_admin_token() ) self.head( url, - expected_status=http_client.FORBIDDEN, + expected_status=http.client.FORBIDDEN, token=self._get_admin_token() ) @@ -729,24 +729,24 @@ class SecurityRequirementsTestCase(test_v3.RestfulTestCase): # sensitive information. self.get( url, - expected_status=http_client.FORBIDDEN, + expected_status=http.client.FORBIDDEN, token=self._get_non_admin_token() ) self.get( url, - expected_status=http_client.FORBIDDEN, + expected_status=http.client.FORBIDDEN, token=self._get_admin_token() ) # Ensure HEAD requests behave the same way self.head( url, - expected_status=http_client.FORBIDDEN, + expected_status=http.client.FORBIDDEN, token=self._get_non_admin_token() ) self.head( url, - expected_status=http_client.FORBIDDEN, + expected_status=http.client.FORBIDDEN, token=self._get_admin_token() ) @@ -785,12 +785,12 @@ class SecurityRequirementsTestCase(test_v3.RestfulTestCase): self.head( url, token=self._get_non_admin_token(), - expected_status=http_client.OK + expected_status=http.client.OK ) self.head( url, token=self._get_admin_token(), - expected_status=http_client.OK + expected_status=http.client.OK ) def test_get_security_compliance_password_regex_description(self): @@ -828,12 +828,12 @@ class SecurityRequirementsTestCase(test_v3.RestfulTestCase): self.head( url, token=self._get_non_admin_token(), - expected_status=http_client.OK + expected_status=http.client.OK ) self.head( url, token=self._get_admin_token(), - expected_status=http_client.OK + expected_status=http.client.OK ) def test_get_security_compliance_password_regex_returns_none(self): @@ -861,12 +861,12 @@ class SecurityRequirementsTestCase(test_v3.RestfulTestCase): self.head( url, token=self._get_non_admin_token(), - expected_status=http_client.OK + expected_status=http.client.OK ) self.head( url, token=self._get_admin_token(), - expected_status=http_client.OK + expected_status=http.client.OK ) def test_get_security_compliance_password_regex_desc_returns_none(self): @@ -894,12 +894,12 @@ class SecurityRequirementsTestCase(test_v3.RestfulTestCase): self.head( url, token=self._get_non_admin_token(), - expected_status=http_client.OK + expected_status=http.client.OK ) self.head( url, token=self._get_admin_token(), - expected_status=http_client.OK + expected_status=http.client.OK ) def test_get_security_compliance_config_with_user_from_other_domain(self): @@ -975,7 +975,7 @@ class SecurityRequirementsTestCase(test_v3.RestfulTestCase): self.head( url, token=user_token, - expected_status=http_client.OK + expected_status=http.client.OK ) def test_update_security_compliance_config_group_fails(self): @@ -1004,13 +1004,13 @@ class SecurityRequirementsTestCase(test_v3.RestfulTestCase): self.patch( url, body={'config': new_config}, - expected_status=http_client.FORBIDDEN, + expected_status=http.client.FORBIDDEN, token=self._get_non_admin_token() ) self.patch( url, body={'config': new_config}, - expected_status=http_client.FORBIDDEN, + expected_status=http.client.FORBIDDEN, token=self._get_admin_token() ) @@ -1037,13 +1037,13 @@ class SecurityRequirementsTestCase(test_v3.RestfulTestCase): self.patch( url, body={'config': new_config}, - expected_status=http_client.FORBIDDEN, + expected_status=http.client.FORBIDDEN, token=self._get_non_admin_token() ) self.patch( url, body={'config': new_config}, - expected_status=http_client.FORBIDDEN, + expected_status=http.client.FORBIDDEN, token=self._get_admin_token() ) @@ -1070,13 +1070,13 @@ class SecurityRequirementsTestCase(test_v3.RestfulTestCase): self.patch( url, body={'config': new_config}, - expected_status=http_client.FORBIDDEN, + expected_status=http.client.FORBIDDEN, token=self._get_non_admin_token() ) self.patch( url, body={'config': new_config}, - expected_status=http_client.FORBIDDEN, + expected_status=http.client.FORBIDDEN, token=self._get_admin_token() ) @@ -1108,13 +1108,13 @@ class SecurityRequirementsTestCase(test_v3.RestfulTestCase): self.patch( url, body={'config': new_config}, - expected_status=http_client.FORBIDDEN, + expected_status=http.client.FORBIDDEN, token=self._get_non_admin_token() ) self.patch( url, body={'config': new_config}, - expected_status=http_client.FORBIDDEN, + expected_status=http.client.FORBIDDEN, token=self._get_admin_token() ) @@ -1132,12 +1132,12 @@ class SecurityRequirementsTestCase(test_v3.RestfulTestCase): # compliance configuration group. self.delete( url, - expected_status=http_client.FORBIDDEN, + expected_status=http.client.FORBIDDEN, token=self._get_non_admin_token() ) self.delete( url, - expected_status=http_client.FORBIDDEN, + expected_status=http.client.FORBIDDEN, token=self._get_admin_token() ) @@ -1156,12 +1156,12 @@ class SecurityRequirementsTestCase(test_v3.RestfulTestCase): # compliance configuration group. self.delete( url, - expected_status=http_client.FORBIDDEN, + expected_status=http.client.FORBIDDEN, token=self._get_non_admin_token() ) self.delete( url, - expected_status=http_client.FORBIDDEN, + expected_status=http.client.FORBIDDEN, token=self._get_admin_token() ) @@ -1180,12 +1180,12 @@ class SecurityRequirementsTestCase(test_v3.RestfulTestCase): # compliance configuration group. self.delete( url, - expected_status=http_client.FORBIDDEN, + expected_status=http.client.FORBIDDEN, token=self._get_non_admin_token() ) self.delete( url, - expected_status=http_client.FORBIDDEN, + expected_status=http.client.FORBIDDEN, token=self._get_admin_token() ) @@ -1204,11 +1204,11 @@ class SecurityRequirementsTestCase(test_v3.RestfulTestCase): # compliance configuration group. self.delete( url, - expected_status=http_client.FORBIDDEN, + expected_status=http.client.FORBIDDEN, token=self._get_non_admin_token() ) self.delete( url, - expected_status=http_client.FORBIDDEN, + expected_status=http.client.FORBIDDEN, token=self._get_admin_token() ) diff --git a/keystone/tests/unit/test_v3_endpoint_policy.py b/keystone/tests/unit/test_v3_endpoint_policy.py index 691903cfcc..a61fd5e2a2 100644 --- a/keystone/tests/unit/test_v3_endpoint_policy.py +++ b/keystone/tests/unit/test_v3_endpoint_policy.py @@ -12,7 +12,7 @@ # License for the specific language governing permissions and limitations # under the License. -from six.moves import http_client +import http.client from testtools import matchers from keystone.common import provider_api @@ -59,21 +59,21 @@ class EndpointPolicyTestCase(test_v3.RestfulTestCase): self.assert_head_and_get_return_same_response( url, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) self.put(url) # test that the new resource is accessible. self.assert_head_and_get_return_same_response( url, - expected_status=http_client.NO_CONTENT) + expected_status=http.client.NO_CONTENT) self.delete(url) # test that the deleted resource is no longer accessible self.assert_head_and_get_return_same_response( url, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_crud_for_policy_for_explicit_endpoint(self): """PUT, HEAD and DELETE for explicit endpoint policy.""" @@ -110,7 +110,7 @@ class EndpointPolicyTestCase(test_v3.RestfulTestCase): self.head('/endpoints/%(endpoint_id)s/OS-ENDPOINT-POLICY' '/policy' % { 'endpoint_id': self.endpoint['id']}, - expected_status=http_client.OK) + expected_status=http.client.OK) r = self.get('/endpoints/%(endpoint_id)s/OS-ENDPOINT-POLICY' '/policy' % { @@ -127,7 +127,7 @@ class EndpointPolicyTestCase(test_v3.RestfulTestCase): r = self.get(url) self.assertValidEndpointListResponse(r, ref=self.endpoint) self.assertThat(r.result.get('endpoints'), matchers.HasLength(1)) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) def test_endpoint_association_cleanup_when_endpoint_deleted(self): url = ('/policies/%(policy_id)s/OS-ENDPOINT-POLICY' @@ -141,7 +141,7 @@ class EndpointPolicyTestCase(test_v3.RestfulTestCase): self.delete('/endpoints/%(endpoint_id)s' % { 'endpoint_id': self.endpoint['id']}) - self.head(url, expected_status=http_client.NOT_FOUND) + self.head(url, expected_status=http.client.NOT_FOUND) def test_region_service_association_cleanup_when_region_deleted(self): url = ('/policies/%(policy_id)s/OS-ENDPOINT-POLICY' @@ -156,7 +156,7 @@ class EndpointPolicyTestCase(test_v3.RestfulTestCase): self.delete('/regions/%(region_id)s' % { 'region_id': self.region['id']}) - self.head(url, expected_status=http_client.NOT_FOUND) + self.head(url, expected_status=http.client.NOT_FOUND) def test_region_service_association_cleanup_when_service_deleted(self): url = ('/policies/%(policy_id)s/OS-ENDPOINT-POLICY' @@ -171,7 +171,7 @@ class EndpointPolicyTestCase(test_v3.RestfulTestCase): self.delete('/services/%(service_id)s' % { 'service_id': self.service['id']}) - self.head(url, expected_status=http_client.NOT_FOUND) + self.head(url, expected_status=http.client.NOT_FOUND) def test_service_association_cleanup_when_service_deleted(self): url = ('/policies/%(policy_id)s/OS-ENDPOINT-POLICY' @@ -180,12 +180,12 @@ class EndpointPolicyTestCase(test_v3.RestfulTestCase): 'service_id': self.service['id']} self.put(url) - self.get(url, expected_status=http_client.NO_CONTENT) + self.get(url, expected_status=http.client.NO_CONTENT) self.delete('/policies/%(policy_id)s' % { 'policy_id': self.policy['id']}) - self.head(url, expected_status=http_client.NOT_FOUND) + self.head(url, expected_status=http.client.NOT_FOUND) def test_service_association_cleanup_when_policy_deleted(self): url = ('/policies/%(policy_id)s/OS-ENDPOINT-POLICY' @@ -194,12 +194,12 @@ class EndpointPolicyTestCase(test_v3.RestfulTestCase): 'service_id': self.service['id']} self.put(url) - self.get(url, expected_status=http_client.NO_CONTENT) + self.get(url, expected_status=http.client.NO_CONTENT) self.delete('/services/%(service_id)s' % { 'service_id': self.service['id']}) - self.head(url, expected_status=http_client.NOT_FOUND) + self.head(url, expected_status=http.client.NOT_FOUND) class JsonHomeTests(test_v3.JsonHomeTestMixin): diff --git a/keystone/tests/unit/test_v3_federation.py b/keystone/tests/unit/test_v3_federation.py index a24ddfc464..ad0537d87b 100644 --- a/keystone/tests/unit/test_v3_federation.py +++ b/keystone/tests/unit/test_v3_federation.py @@ -20,6 +20,7 @@ import uuid import fixtures import flask +import http.client from lxml import etree import mock from oslo_serialization import jsonutils @@ -27,8 +28,7 @@ from oslo_utils import importutils import saml2 from saml2 import saml from saml2 import sigver -from six.moves import http_client -from six.moves import range, urllib, zip +import urllib xmldsig = importutils.try_import("saml2.xmldsig") if not xmldsig: xmldsig = importutils.try_import("xmldsig") @@ -869,7 +869,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): return resp def _create_default_idp(self, body=None, - expected_status=http_client.CREATED): + expected_status=http.client.CREATED): """Create default IdP.""" url = self.base_url(suffix=uuid.uuid4().hex) if body is None: @@ -917,7 +917,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): url = '/OS-FEDERATION/mappings/%s' % mapping_id self.put(url, body={'mapping': mapping}, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) def assertIdpDomainCreated(self, idp_id, domain_id): domain = PROVIDERS.resource_api.get_domain(domain_id) @@ -978,7 +978,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): resp = self.put( self.base_url(suffix=idp_id), body={'identity_provider': self.default_body.copy()}, - expected_status=http_client.CONFLICT + expected_status=http.client.CONFLICT ) domains = PROVIDERS.resource_api.list_domains() self.assertEqual(number_of_domains, len(domains)) @@ -1005,7 +1005,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): resp = self.put( self.base_url(suffix=idp_id), body={'identity_provider': body}, - expected_status=http_client.CONFLICT + expected_status=http.client.CONFLICT ) # Make sure the domain specified in the second request was not deleted, @@ -1032,7 +1032,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): body['description'] = uuid.uuid4().hex body['domain_id'] = domain['id'] idp2 = self.put(url, body={'identity_provider': body}, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) self.assertValidResponse(idp2, 'identity_provider', dummy_validator, keys_to_check=keys_to_check, ref=body) @@ -1054,14 +1054,14 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): body['domain_id'] = domain['id'] body = {'identity_provider': body} url = self.base_url(suffix=idp_id) - self.patch(url, body=body, expected_status=http_client.BAD_REQUEST) + self.patch(url, body=body, expected_status=http.client.BAD_REQUEST) def test_create_idp_with_nonexistent_domain_id_fails(self): body = self.default_body.copy() body['description'] = uuid.uuid4().hex body['domain_id'] = uuid.uuid4().hex self._create_default_idp(body=body, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_create_idp_remote(self): """Create the IdentityProvider entity associated to remote_ids.""" @@ -1100,7 +1100,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): body['remote_ids'] = [uuid.uuid4().hex, repeated_remote_id] resp = self.put(url, body={'identity_provider': body}, - expected_status=http_client.CONFLICT) + expected_status=http.client.CONFLICT) resp_data = jsonutils.loads(resp.body) self.assertIn('Duplicate remote ID', @@ -1198,8 +1198,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): # Create first identity provider body = self.default_body.copy() repeated_remote_id = uuid.uuid4().hex - body['remote_ids'] = [uuid.uuid4().hex, - repeated_remote_id] + body['remote_ids'] = [uuid.uuid4().hex, repeated_remote_id] self._create_default_idp(body=body) # Create second identity provider (without remote_ids) @@ -1212,7 +1211,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): body['remote_ids'] = [repeated_remote_id] resp = self.patch(url, body={'identity_provider': body}, - expected_status=http_client.CONFLICT) + expected_status=http.client.CONFLICT) resp_data = jsonutils.loads(resp.body) self.assertIn('Duplicate remote ID', resp_data['error']['message']) @@ -1250,7 +1249,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): ids_intersection = entities_ids.intersection(ids) self.assertEqual(ids_intersection, ids) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) def test_filter_list_head_idp_by_id(self): def get_id(resp): @@ -1276,7 +1275,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): self.assertThat(filtered_service_list, matchers.HasLength(1)) self.assertEqual(idp1_id, filtered_service_list[0].get('id')) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) def test_filter_list_head_idp_by_enabled(self): def get_id(resp): @@ -1305,7 +1304,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): self.assertThat(filtered_service_list, matchers.HasLength(1)) self.assertEqual(idp1_id, filtered_service_list[0].get('id')) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) def test_check_idp_uniqueness(self): """Add same IdP twice. @@ -1319,9 +1318,9 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): PROVIDERS.resource_api.create_domain(domain['id'], domain) body['domain_id'] = domain['id'] self.put(url, body={'identity_provider': body}, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) resp = self.put(url, body={'identity_provider': body}, - expected_status=http_client.CONFLICT) + expected_status=http.client.CONFLICT) resp_data = jsonutils.loads(resp.body) self.assertIn('Duplicate entry', @@ -1346,7 +1345,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): dummy_validator, keys_to_check=body_keys, ref=body) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) def test_get_nonexisting_idp(self): """Fetch nonexisting IdP entity. @@ -1358,7 +1357,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): self.assertIsNotNone(idp_id) url = self.base_url(suffix=idp_id) - self.get(url, expected_status=http_client.NOT_FOUND) + self.get(url, expected_status=http.client.NOT_FOUND) def test_delete_existing_idp(self): """Create and later delete IdP. @@ -1372,7 +1371,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): self.assertIsNotNone(idp_id) url = self.base_url(suffix=idp_id) self.delete(url) - self.get(url, expected_status=http_client.NOT_FOUND) + self.get(url, expected_status=http.client.NOT_FOUND) def test_delete_idp_also_deletes_assigned_protocols(self): """Deleting an IdP will delete its assigned protocol.""" @@ -1387,7 +1386,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): idp_url = self.base_url(suffix=idp_id) # assign protocol to IdP - kwargs = {'expected_status': http_client.CREATED} + kwargs = {'expected_status': http.client.CREATED} resp, idp_id, proto = self._assign_protocol_to_idp( url=url, idp_id=idp_id, @@ -1399,7 +1398,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): 1, len(PROVIDERS.federation_api.list_protocols(idp_id)) ) self.delete(idp_url) - self.get(idp_url, expected_status=http_client.NOT_FOUND) + self.get(idp_url, expected_status=http.client.NOT_FOUND) self.assertEqual( 0, len(PROVIDERS.federation_api.list_protocols(idp_id)) ) @@ -1411,7 +1410,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): """ idp_id = uuid.uuid4().hex url = self.base_url(suffix=idp_id) - self.delete(url, expected_status=http_client.NOT_FOUND) + self.delete(url, expected_status=http.client.NOT_FOUND) def test_update_idp_mutable_attributes(self): """Update IdP's mutable parameters.""" @@ -1467,7 +1466,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): url = self.base_url(suffix=idp_id) self.patch(url, body={'identity_provider': body}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_update_nonexistent_idp(self): """Update nonexistent IdP. @@ -1481,11 +1480,11 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): body['enabled'] = False body = {'identity_provider': body} - self.patch(url, body=body, expected_status=http_client.NOT_FOUND) + self.patch(url, body=body, expected_status=http.client.NOT_FOUND) def test_assign_protocol_to_idp(self): """Assign a protocol to existing IdP.""" - self._assign_protocol_to_idp(expected_status=http_client.CREATED) + self._assign_protocol_to_idp(expected_status=http.client.CREATED) def test_protocol_composite_pk(self): """Test that Keystone can add two entities. @@ -1501,7 +1500,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): """ url = self.base_url(suffix='%(idp_id)s/protocols/%(protocol_id)s') - kwargs = {'expected_status': http_client.CREATED} + kwargs = {'expected_status': http.client.CREATED} self._assign_protocol_to_idp(proto='saml2', url=url, **kwargs) @@ -1517,10 +1516,10 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): """ url = self.base_url(suffix='%(idp_id)s/protocols/%(protocol_id)s') - kwargs = {'expected_status': http_client.CREATED} + kwargs = {'expected_status': http.client.CREATED} resp, idp_id, proto = self._assign_protocol_to_idp(proto='saml2', url=url, **kwargs) - kwargs = {'expected_status': http_client.CONFLICT} + kwargs = {'expected_status': http.client.CONFLICT} self._assign_protocol_to_idp( idp_id=idp_id, proto='saml2', validate=False, url=url, **kwargs ) @@ -1532,7 +1531,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): """ idp_id = uuid.uuid4().hex - kwargs = {'expected_status': http_client.NOT_FOUND} + kwargs = {'expected_status': http.client.NOT_FOUND} self._assign_protocol_to_idp(proto='saml2', idp_id=idp_id, validate=False, @@ -1556,17 +1555,17 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): c.delete('/v3/OS-FEDERATION/identity_providers/%(idp_id)s' '/protocols' % {'idp_id': idp_id}, headers={'X-Auth-Token': token}, - expected_status_code=http_client.METHOD_NOT_ALLOWED) + expected_status_code=http.client.METHOD_NOT_ALLOWED) c.patch('/v3/OS-FEDERATION/identity_providers/%(idp_id)s' '/protocols/' % {'idp_id': idp_id}, json={'protocol': protocol}, headers={'X-Auth-Token': token}, - expected_status_code=http_client.METHOD_NOT_ALLOWED) + expected_status_code=http.client.METHOD_NOT_ALLOWED) c.put('/v3/OS-FEDERATION/identity_providers/%(idp_id)s' '/protocols' % {'idp_id': idp_id}, json={'protocol': protocol}, headers={'X-Auth-Token': token}, - expected_status_code=http_client.METHOD_NOT_ALLOWED) + expected_status_code=http.client.METHOD_NOT_ALLOWED) # DELETE/PATCH/PUT should raise 405 with trailing '/', it is # remapped to without the trailing '/' by the normalization @@ -1574,22 +1573,22 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): c.delete('/v3/OS-FEDERATION/identity_providers/%(idp_id)s' '/protocols/' % {'idp_id': idp_id}, headers={'X-Auth-Token': token}, - expected_status_code=http_client.METHOD_NOT_ALLOWED) + expected_status_code=http.client.METHOD_NOT_ALLOWED) c.patch('/v3/OS-FEDERATION/identity_providers/%(idp_id)s' '/protocols/' % {'idp_id': idp_id}, json={'protocol': protocol}, headers={'X-Auth-Token': token}, - expected_status_code=http_client.METHOD_NOT_ALLOWED) + expected_status_code=http.client.METHOD_NOT_ALLOWED) c.put('/v3/OS-FEDERATION/identity_providers/%(idp_id)s' '/protocols/' % {'idp_id': idp_id}, json={'protocol': protocol}, headers={'X-Auth-Token': token}, - expected_status_code=http_client.METHOD_NOT_ALLOWED) + expected_status_code=http.client.METHOD_NOT_ALLOWED) def test_get_head_protocol(self): """Create and later fetch protocol tied to IdP.""" resp, idp_id, proto = self._assign_protocol_to_idp( - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) proto_id = self._fetch_attribute_from_response(resp, 'protocol')['id'] url = "%s/protocols/%s" % (idp_id, proto_id) url = self.base_url(suffix=url) @@ -1605,7 +1604,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): keys_to_check=reference_keys, ref=reference) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) def test_list_head_protocols(self): """Create set of protocols and later list them. @@ -1614,13 +1613,13 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): """ resp, idp_id, proto = self._assign_protocol_to_idp( - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) iterations = random.randint(0, 16) protocol_ids = [] for _ in range(iterations): resp, _, proto = self._assign_protocol_to_idp( idp_id=idp_id, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) proto_id = self._fetch_attribute_from_response(resp, 'protocol') proto_id = proto_id['id'] protocol_ids.append(proto_id) @@ -1636,12 +1635,12 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): protocols_intersection = entities.intersection(protocol_ids) self.assertEqual(protocols_intersection, set(protocol_ids)) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) def test_update_protocols_attribute(self): """Update protocol's attribute.""" resp, idp_id, proto = self._assign_protocol_to_idp( - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) new_mapping_id = uuid.uuid4().hex self._create_mapping(mapping_id=new_mapping_id) @@ -1665,11 +1664,11 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase): url = self.base_url(suffix='%(idp_id)s/' 'protocols/%(protocol_id)s') resp, idp_id, proto = self._assign_protocol_to_idp( - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) url = url % {'idp_id': idp_id, 'protocol_id': proto} self.delete(url) - self.get(url, expected_status=http_client.NOT_FOUND) + self.get(url, expected_status=http.client.NOT_FOUND) class MappingCRUDTests(test_v3.RestfulTestCase): @@ -1706,7 +1705,7 @@ class MappingCRUDTests(test_v3.RestfulTestCase): url = self.MAPPING_URL + uuid.uuid4().hex resp = self.put(url, body={'mapping': mapping_fixtures.MAPPING_LARGE}, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) return resp def _get_id_from_response(self, resp): @@ -1723,10 +1722,10 @@ class MappingCRUDTests(test_v3.RestfulTestCase): resp = self.get(url) entities = resp.result.get('mappings') self.assertIsNotNone(entities) - self.assertResponseStatus(resp, http_client.OK) + self.assertResponseStatus(resp, http.client.OK) self.assertValidListLinks(resp.result.get('links')) self.assertEqual(1, len(entities)) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) def test_mapping_delete(self): url = self.MAPPING_URL + '%(mapping_id)s' @@ -1734,8 +1733,8 @@ class MappingCRUDTests(test_v3.RestfulTestCase): mapping_id = self._get_id_from_response(resp) url = url % {'mapping_id': str(mapping_id)} resp = self.delete(url) - self.assertResponseStatus(resp, http_client.NO_CONTENT) - self.get(url, expected_status=http_client.NOT_FOUND) + self.assertResponseStatus(resp, http.client.NO_CONTENT) + self.get(url, expected_status=http.client.NOT_FOUND) def test_mapping_get_head(self): url = self.MAPPING_URL + '%(mapping_id)s' @@ -1744,7 +1743,7 @@ class MappingCRUDTests(test_v3.RestfulTestCase): url = url % {'mapping_id': mapping_id} resp = self.get(url) self.assertValidMappingResponse(resp, mapping_fixtures.MAPPING_LARGE) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) def test_mapping_update(self): url = self.MAPPING_URL + '%(mapping_id)s' @@ -1759,73 +1758,73 @@ class MappingCRUDTests(test_v3.RestfulTestCase): def test_delete_mapping_dne(self): url = self.MAPPING_URL + uuid.uuid4().hex - self.delete(url, expected_status=http_client.NOT_FOUND) + self.delete(url, expected_status=http.client.NOT_FOUND) def test_get_mapping_dne(self): url = self.MAPPING_URL + uuid.uuid4().hex - self.get(url, expected_status=http_client.NOT_FOUND) + self.get(url, expected_status=http.client.NOT_FOUND) def test_create_mapping_bad_requirements(self): url = self.MAPPING_URL + uuid.uuid4().hex - self.put(url, expected_status=http_client.BAD_REQUEST, + self.put(url, expected_status=http.client.BAD_REQUEST, body={'mapping': mapping_fixtures.MAPPING_BAD_REQ}) def test_create_mapping_no_rules(self): url = self.MAPPING_URL + uuid.uuid4().hex - self.put(url, expected_status=http_client.BAD_REQUEST, + self.put(url, expected_status=http.client.BAD_REQUEST, body={'mapping': mapping_fixtures.MAPPING_NO_RULES}) def test_create_mapping_no_remote_objects(self): url = self.MAPPING_URL + uuid.uuid4().hex - self.put(url, expected_status=http_client.BAD_REQUEST, + self.put(url, expected_status=http.client.BAD_REQUEST, body={'mapping': mapping_fixtures.MAPPING_NO_REMOTE}) def test_create_mapping_bad_value(self): url = self.MAPPING_URL + uuid.uuid4().hex - self.put(url, expected_status=http_client.BAD_REQUEST, + self.put(url, expected_status=http.client.BAD_REQUEST, body={'mapping': mapping_fixtures.MAPPING_BAD_VALUE}) def test_create_mapping_missing_local(self): url = self.MAPPING_URL + uuid.uuid4().hex - self.put(url, expected_status=http_client.BAD_REQUEST, + self.put(url, expected_status=http.client.BAD_REQUEST, body={'mapping': mapping_fixtures.MAPPING_MISSING_LOCAL}) def test_create_mapping_missing_type(self): url = self.MAPPING_URL + uuid.uuid4().hex - self.put(url, expected_status=http_client.BAD_REQUEST, + self.put(url, expected_status=http.client.BAD_REQUEST, body={'mapping': mapping_fixtures.MAPPING_MISSING_TYPE}) def test_create_mapping_wrong_type(self): url = self.MAPPING_URL + uuid.uuid4().hex - self.put(url, expected_status=http_client.BAD_REQUEST, + self.put(url, expected_status=http.client.BAD_REQUEST, body={'mapping': mapping_fixtures.MAPPING_WRONG_TYPE}) def test_create_mapping_extra_remote_properties_not_any_of(self): url = self.MAPPING_URL + uuid.uuid4().hex mapping = mapping_fixtures.MAPPING_EXTRA_REMOTE_PROPS_NOT_ANY_OF - self.put(url, expected_status=http_client.BAD_REQUEST, + self.put(url, expected_status=http.client.BAD_REQUEST, body={'mapping': mapping}) def test_create_mapping_extra_remote_properties_any_one_of(self): url = self.MAPPING_URL + uuid.uuid4().hex mapping = mapping_fixtures.MAPPING_EXTRA_REMOTE_PROPS_ANY_ONE_OF - self.put(url, expected_status=http_client.BAD_REQUEST, + self.put(url, expected_status=http.client.BAD_REQUEST, body={'mapping': mapping}) def test_create_mapping_extra_remote_properties_just_type(self): url = self.MAPPING_URL + uuid.uuid4().hex mapping = mapping_fixtures.MAPPING_EXTRA_REMOTE_PROPS_JUST_TYPE - self.put(url, expected_status=http_client.BAD_REQUEST, + self.put(url, expected_status=http.client.BAD_REQUEST, body={'mapping': mapping}) def test_create_mapping_empty_map(self): url = self.MAPPING_URL + uuid.uuid4().hex - self.put(url, expected_status=http_client.BAD_REQUEST, + self.put(url, expected_status=http.client.BAD_REQUEST, body={'mapping': {}}) def test_create_mapping_extra_rules_properties(self): url = self.MAPPING_URL + uuid.uuid4().hex - self.put(url, expected_status=http_client.BAD_REQUEST, + self.put(url, expected_status=http.client.BAD_REQUEST, body={'mapping': mapping_fixtures.MAPPING_EXTRA_RULES_PROPS}) def test_create_mapping_with_blacklist_and_whitelist(self): @@ -1837,7 +1836,7 @@ class MappingCRUDTests(test_v3.RestfulTestCase): """ url = self.MAPPING_URL + uuid.uuid4().hex mapping = mapping_fixtures.MAPPING_GROUPS_WHITELIST_AND_BLACKLIST - self.put(url, expected_status=http_client.BAD_REQUEST, + self.put(url, expected_status=http.client.BAD_REQUEST, body={'mapping': mapping}) def test_create_mapping_with_local_user_and_local_domain(self): @@ -1847,7 +1846,7 @@ class MappingCRUDTests(test_v3.RestfulTestCase): body={ 'mapping': mapping_fixtures.MAPPING_LOCAL_USER_LOCAL_DOMAIN }, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) self.assertValidMappingResponse( resp, mapping_fixtures.MAPPING_LOCAL_USER_LOCAL_DOMAIN) @@ -1856,7 +1855,7 @@ class MappingCRUDTests(test_v3.RestfulTestCase): resp = self.put( url, body={'mapping': mapping_fixtures.MAPPING_EPHEMERAL_USER}, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) self.assertValidMappingResponse( resp, mapping_fixtures.MAPPING_EPHEMERAL_USER) @@ -1866,7 +1865,7 @@ class MappingCRUDTests(test_v3.RestfulTestCase): bad_mapping = copy.deepcopy(mapping_fixtures.MAPPING_EPHEMERAL_USER) # now sabotage the user type bad_mapping['rules'][0]['local'][0]['user']['type'] = uuid.uuid4().hex - self.put(url, expected_status=http_client.BAD_REQUEST, + self.put(url, expected_status=http.client.BAD_REQUEST, body={'mapping': bad_mapping}) def test_create_shadow_mapping_without_roles_fails(self): @@ -1875,7 +1874,7 @@ class MappingCRUDTests(test_v3.RestfulTestCase): self.put( url, body={'mapping': mapping_fixtures.MAPPING_PROJECTS_WITHOUT_ROLES}, - expected_status=http_client.BAD_REQUEST + expected_status=http.client.BAD_REQUEST ) def test_update_shadow_mapping_without_roles_fails(self): @@ -1884,7 +1883,7 @@ class MappingCRUDTests(test_v3.RestfulTestCase): resp = self.put( url, body={'mapping': mapping_fixtures.MAPPING_PROJECTS}, - expected_status=http_client.CREATED + expected_status=http.client.CREATED ) self.assertValidMappingResponse( resp, mapping_fixtures.MAPPING_PROJECTS @@ -1892,7 +1891,7 @@ class MappingCRUDTests(test_v3.RestfulTestCase): self.patch( url, body={'mapping': mapping_fixtures.MAPPING_PROJECTS_WITHOUT_ROLES}, - expected_status=http_client.BAD_REQUEST + expected_status=http.client.BAD_REQUEST ) def test_create_shadow_mapping_without_name_fails(self): @@ -1901,7 +1900,7 @@ class MappingCRUDTests(test_v3.RestfulTestCase): self.put( url, body={'mapping': mapping_fixtures.MAPPING_PROJECTS_WITHOUT_NAME}, - expected_status=http_client.BAD_REQUEST + expected_status=http.client.BAD_REQUEST ) def test_update_shadow_mapping_without_name_fails(self): @@ -1910,7 +1909,7 @@ class MappingCRUDTests(test_v3.RestfulTestCase): resp = self.put( url, body={'mapping': mapping_fixtures.MAPPING_PROJECTS}, - expected_status=http_client.CREATED + expected_status=http.client.CREATED ) self.assertValidMappingResponse( resp, mapping_fixtures.MAPPING_PROJECTS @@ -1918,7 +1917,7 @@ class MappingCRUDTests(test_v3.RestfulTestCase): self.patch( url, body={'mapping': mapping_fixtures.MAPPING_PROJECTS_WITHOUT_NAME}, - expected_status=http_client.BAD_REQUEST + expected_status=http.client.BAD_REQUEST ) @@ -2163,7 +2162,7 @@ class FederatedTokenTests(test_v3.RestfulTestCase, FederatedSetupMixin): unscoped_token, 'project', self.proj_employees['id'] ) self.v3_create_token( - scope, expected_status=http_client.UNAUTHORIZED) + scope, expected_status=http.client.UNAUTHORIZED) def test_issue_unscoped_token_malformed_environment(self): """Test whether non string objects are filtered out. @@ -2222,7 +2221,7 @@ class FederatedTokenTests(test_v3.RestfulTestCase, FederatedSetupMixin): PROVIDERS.federation_api.update_idp(self.IDP, enabled_false) self.v3_create_token( self.TOKEN_SCOPE_PROJECT_EMPLOYEE_FROM_CUSTOMER, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_validate_token_after_deleting_idp_raises_not_found(self): token = self.v3_create_token( @@ -2242,7 +2241,7 @@ class FederatedTokenTests(test_v3.RestfulTestCase, FederatedSetupMixin): '/auth/tokens/', token=token_id, headers=headers, - expected_status=http_client.NOT_FOUND + expected_status=http.client.NOT_FOUND ) def test_deleting_idp_cascade_deleting_fed_user(self): @@ -2275,7 +2274,7 @@ class FederatedTokenTests(test_v3.RestfulTestCase, FederatedSetupMixin): """Scope unscoped token with a project we don't have access to.""" self.v3_create_token( self.TOKEN_SCOPE_PROJECT_EMPLOYEE_FROM_CUSTOMER, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_scope_to_project_multiple_times(self): """Try to scope the unscoped token multiple times. @@ -2335,7 +2334,7 @@ class FederatedTokenTests(test_v3.RestfulTestCase, FederatedSetupMixin): """Try to scope token from non-existent unscoped token.""" self.v3_create_token( self.TOKEN_SCOPE_PROJECT_FROM_NONEXISTENT_TOKEN, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_issue_token_from_rules_without_user(self): environ = copy.deepcopy(mapping_fixtures.BAD_TESTER_ASSERTION) @@ -2388,7 +2387,7 @@ class FederatedTokenTests(test_v3.RestfulTestCase, FederatedSetupMixin): """Try to scope to a domain that has no direct roles.""" self.v3_create_token( self.TOKEN_SCOPE_DOMAIN_D_FROM_CUSTOMER, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_list_projects(self): urls = ('/OS-FEDERATION/projects', '/auth/projects') @@ -2571,7 +2570,7 @@ class FederatedTokenTests(test_v3.RestfulTestCase, FederatedSetupMixin): self.project_all['id']) self.v3_create_token( - scoped_token, expected_status=http_client.INTERNAL_SERVER_ERROR) + scoped_token, expected_status=http.client.INTERNAL_SERVER_ERROR) def test_lists_with_missing_group_in_backend(self): """Test a mapping that points to a group that does not exist. @@ -3213,7 +3212,7 @@ class FederatedUserTests(test_v3.RestfulTestCase, FederatedSetupMixin): v3_scope_request = self._scope_request(unscoped_token, 'project', project_ref['id']) r = self.v3_create_token(v3_scope_request, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) # assign project role to federated user PROVIDERS.assignment_api.add_role_to_user_and_project( @@ -3221,13 +3220,13 @@ class FederatedUserTests(test_v3.RestfulTestCase, FederatedSetupMixin): # exchange an unscoped token for a scoped token r = self.v3_create_token(v3_scope_request, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) scoped_token = r.headers['X-Subject-Token'] # ensure user can access resource based on role assignment path = '/projects/%(project_id)s' % {'project_id': project_ref['id']} r = self.v3_request(path=path, method='GET', - expected_status=http_client.OK, + expected_status=http.client.OK, token=scoped_token) self.assertValidProjectResponse(r, project_ref) @@ -3239,7 +3238,7 @@ class FederatedUserTests(test_v3.RestfulTestCase, FederatedSetupMixin): # ensure the user cannot access the 2nd resource (forbidden) path = '/projects/%(project_id)s' % {'project_id': project_ref2['id']} r = self.v3_request(path=path, method='GET', - expected_status=http_client.FORBIDDEN, + expected_status=http.client.FORBIDDEN, token=scoped_token) def test_domain_scoped_user_role_assignment(self): @@ -3257,7 +3256,7 @@ class FederatedUserTests(test_v3.RestfulTestCase, FederatedSetupMixin): v3_scope_request = self._scope_request(unscoped_token, 'domain', domain_ref['id']) r = self.v3_create_token(v3_scope_request, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) # assign domain role to user PROVIDERS.assignment_api.create_grant( @@ -3266,7 +3265,7 @@ class FederatedUserTests(test_v3.RestfulTestCase, FederatedSetupMixin): # exchange an unscoped token for domain scoped token and test r = self.v3_create_token(v3_scope_request, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) self.assertIsNotNone(r.headers.get('X-Subject-Token')) token_resp = r.result['token'] self.assertIn('domain', token_resp) @@ -3408,7 +3407,7 @@ class FederatedUserTests(test_v3.RestfulTestCase, FederatedSetupMixin): self.head( '/OS-FEDERATION/domains', token=unscoped_token, - expected_status=http_client.OK + expected_status=http.client.OK ) # assign group domain and role to user, this should create a @@ -3449,7 +3448,7 @@ class FederatedUserTests(test_v3.RestfulTestCase, FederatedSetupMixin): self.head( '/OS-FEDERATION/projects', token=unscoped_token, - expected_status=http_client.OK + expected_status=http.client.OK ) # assign group project and role to user, this should create a @@ -3832,7 +3831,7 @@ class SAMLGenerationTests(test_v3.RestfulTestCase): ) url = '/OS-FEDERATION/service_providers/' + self.SERVICE_PROVDIER_ID self.put(url, body={'service_provider': self.sp}, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) def test_samlize_token_values(self): """Test the SAML generator produces a SAML object. @@ -4081,7 +4080,7 @@ class SAMLGenerationTests(test_v3.RestfulTestCase): with mock.patch.object(keystone_idp, '_sign_assertion', return_value=self.signed_assertion): self.post(self.SAML_GENERATION_ROUTE, body=body, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_generate_saml_route(self): """Test that the SAML generation endpoint produces XML. @@ -4103,7 +4102,7 @@ class SAMLGenerationTests(test_v3.RestfulTestCase): return_value=self.signed_assertion): http_response = self.post(self.SAML_GENERATION_ROUTE, body=body, response_content_type='text/xml', - expected_status=http_client.OK) + expected_status=http.client.OK) response = etree.fromstring(http_response.result) issuer = response[0] @@ -4144,7 +4143,7 @@ class SAMLGenerationTests(test_v3.RestfulTestCase): del body['auth']['scope'] self.post(self.SAML_GENERATION_ROUTE, body=body, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_invalid_token_body(self): """Test that missing the token in request body raises an exception. @@ -4158,7 +4157,7 @@ class SAMLGenerationTests(test_v3.RestfulTestCase): del body['auth']['identity']['token'] self.post(self.SAML_GENERATION_ROUTE, body=body, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_sp_not_found(self): """Test SAML generation with an invalid service provider ID. @@ -4170,7 +4169,7 @@ class SAMLGenerationTests(test_v3.RestfulTestCase): token_id = self._fetch_valid_token() body = self._create_generate_saml_request(token_id, sp_id) self.post(self.SAML_GENERATION_ROUTE, body=body, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_sp_disabled(self): """Try generating assertion for disabled Service Provider.""" @@ -4182,7 +4181,7 @@ class SAMLGenerationTests(test_v3.RestfulTestCase): body = self._create_generate_saml_request(token_id, self.SERVICE_PROVDIER_ID) self.post(self.SAML_GENERATION_ROUTE, body=body, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_token_not_found(self): """Test that an invalid token in the request body raises an exception. @@ -4194,7 +4193,7 @@ class SAMLGenerationTests(test_v3.RestfulTestCase): body = self._create_generate_saml_request(token_id, self.SERVICE_PROVDIER_ID) self.post(self.SAML_GENERATION_ROUTE, body=body, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_generate_ecp_route(self): """Test that the ECP generation endpoint produces XML. @@ -4214,7 +4213,7 @@ class SAMLGenerationTests(test_v3.RestfulTestCase): return_value=self.signed_assertion): http_response = self.post(self.ECP_GENERATION_ROUTE, body=body, response_content_type='text/xml', - expected_status=http_client.OK) + expected_status=http.client.OK) env_response = etree.fromstring(http_response.result) header = env_response[0] @@ -4437,12 +4436,12 @@ class IdPMetadataGenerationTests(test_v3.RestfulTestCase): def test_get_metadata_with_no_metadata_file_configured(self): self.get(self.METADATA_URL, - expected_status=http_client.INTERNAL_SERVER_ERROR) + expected_status=http.client.INTERNAL_SERVER_ERROR) def test_get_head_metadata(self): self.config_fixture.config( group='saml', idp_metadata_path=XMLDIR + '/idp_saml2_metadata.xml') - self.head(self.METADATA_URL, expected_status=http_client.OK) + self.head(self.METADATA_URL, expected_status=http.client.OK) r = self.get(self.METADATA_URL, response_content_type='text/xml') self.assertEqual('text/xml', r.headers.get('Content-Type')) @@ -4470,7 +4469,7 @@ class ServiceProviderTests(test_v3.RestfulTestCase): self.SP_REF = core.new_service_provider_ref() self.SERVICE_PROVIDER = self.put( url, body={'service_provider': self.SP_REF}, - expected_status=http_client.CREATED).result + expected_status=http.client.CREATED).result def base_url(self, suffix=None): if suffix is not None: @@ -4483,7 +4482,7 @@ class ServiceProviderTests(test_v3.RestfulTestCase): if body is None: body = core.new_service_provider_ref() resp = self.put(url, body={'service_provider': body}, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) return resp def test_get_head_service_provider(self): @@ -4491,17 +4490,17 @@ class ServiceProviderTests(test_v3.RestfulTestCase): resp = self.get(url) self.assertValidEntity(resp.result['service_provider'], keys_to_check=self.SP_KEYS) - resp = self.head(url, expected_status=http_client.OK) + resp = self.head(url, expected_status=http.client.OK) def test_get_service_provider_fail(self): url = self.base_url(suffix=uuid.uuid4().hex) - self.get(url, expected_status=http_client.NOT_FOUND) + self.get(url, expected_status=http.client.NOT_FOUND) def test_create_service_provider(self): url = self.base_url(suffix=uuid.uuid4().hex) sp = core.new_service_provider_ref() resp = self.put(url, body={'service_provider': sp}, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) self.assertValidEntity(resp.result['service_provider'], keys_to_check=self.SP_KEYS) @@ -4509,7 +4508,7 @@ class ServiceProviderTests(test_v3.RestfulTestCase): def test_create_service_provider_invalidates_cache(self): # List all service providers and make sure we only have one in the # list. This service provider is from testing setup. - resp = self.get(self.base_url(), expected_status=http_client.OK) + resp = self.get(self.base_url(), expected_status=http.client.OK) self.assertThat( resp.json_body['service_providers'], matchers.HasLength(1) @@ -4519,11 +4518,11 @@ class ServiceProviderTests(test_v3.RestfulTestCase): url = self.base_url(suffix=uuid.uuid4().hex) sp = core.new_service_provider_ref() self.put(url, body={'service_provider': sp}, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) # List all service providers again and make sure we have two in the # returned list. - resp = self.get(self.base_url(), expected_status=http_client.OK) + resp = self.get(self.base_url(), expected_status=http.client.OK) self.assertThat( resp.json_body['service_providers'], matchers.HasLength(2) @@ -4533,7 +4532,7 @@ class ServiceProviderTests(test_v3.RestfulTestCase): def test_delete_service_provider_invalidates_cache(self): # List all service providers and make sure we only have one in the # list. This service provider is from testing setup. - resp = self.get(self.base_url(), expected_status=http_client.OK) + resp = self.get(self.base_url(), expected_status=http.client.OK) self.assertThat( resp.json_body['service_providers'], matchers.HasLength(1) @@ -4543,11 +4542,11 @@ class ServiceProviderTests(test_v3.RestfulTestCase): url = self.base_url(suffix=uuid.uuid4().hex) sp = core.new_service_provider_ref() self.put(url, body={'service_provider': sp}, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) # List all service providers again and make sure we have two in the # returned list. - resp = self.get(self.base_url(), expected_status=http_client.OK) + resp = self.get(self.base_url(), expected_status=http.client.OK) self.assertThat( resp.json_body['service_providers'], matchers.HasLength(2) @@ -4557,8 +4556,8 @@ class ServiceProviderTests(test_v3.RestfulTestCase): # service provider cache. Get the list of service providers again and # if the cache invalidated properly then we should only have one # service provider in the list. - self.delete(url, expected_status=http_client.NO_CONTENT) - resp = self.get(self.base_url(), expected_status=http_client.OK) + self.delete(url, expected_status=http.client.NO_CONTENT) + resp = self.get(self.base_url(), expected_status=http.client.OK) self.assertThat( resp.json_body['service_providers'], matchers.HasLength(1) @@ -4568,7 +4567,7 @@ class ServiceProviderTests(test_v3.RestfulTestCase): def test_update_service_provider_invalidates_cache(self): # List all service providers and make sure we only have one in the # list. This service provider is from testing setup. - resp = self.get(self.base_url(), expected_status=http_client.OK) + resp = self.get(self.base_url(), expected_status=http.client.OK) self.assertThat( resp.json_body['service_providers'], matchers.HasLength(1) @@ -4579,11 +4578,11 @@ class ServiceProviderTests(test_v3.RestfulTestCase): url = self.base_url(suffix=service_provider_id) sp = core.new_service_provider_ref() self.put(url, body={'service_provider': sp}, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) # List all service providers again and make sure we have two in the # returned list. - resp = self.get(self.base_url(), expected_status=http_client.OK) + resp = self.get(self.base_url(), expected_status=http.client.OK) self.assertThat( resp.json_body['service_providers'], matchers.HasLength(2) @@ -4594,8 +4593,8 @@ class ServiceProviderTests(test_v3.RestfulTestCase): # if the cache invalidated properly then we see the value we updated. updated_description = uuid.uuid4().hex body = {'service_provider': {'description': updated_description}} - self.patch(url, body=body, expected_status=http_client.OK) - resp = self.get(self.base_url(), expected_status=http_client.OK) + self.patch(url, body=body, expected_status=http.client.OK) + resp = self.get(self.base_url(), expected_status=http.client.OK) self.assertThat( resp.json_body['service_providers'], matchers.HasLength(2) @@ -4610,7 +4609,7 @@ class ServiceProviderTests(test_v3.RestfulTestCase): sp = core.new_service_provider_ref() del sp['relay_state_prefix'] resp = self.put(url, body={'service_provider': sp}, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) sp_result = resp.result['service_provider'] self.assertEqual(CONF.saml.relay_state_prefix, sp_result['relay_state_prefix']) @@ -4622,7 +4621,7 @@ class ServiceProviderTests(test_v3.RestfulTestCase): non_default_prefix = uuid.uuid4().hex sp['relay_state_prefix'] = non_default_prefix resp = self.put(url, body={'service_provider': sp}, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) sp_result = resp.result['service_provider'] self.assertEqual(non_default_prefix, sp_result['relay_state_prefix']) @@ -4633,7 +4632,7 @@ class ServiceProviderTests(test_v3.RestfulTestCase): sp = core.new_service_provider_ref() sp[uuid.uuid4().hex] = uuid.uuid4().hex self.put(url, body={'service_provider': sp}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_list_head_service_providers(self): """Test listing of service provider objects. @@ -4650,7 +4649,7 @@ class ServiceProviderTests(test_v3.RestfulTestCase): for id, sp in ref_service_providers.items(): url = self.base_url(suffix=id) self.put(url, body={'service_provider': sp}, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) # Insert ids into service provider object, we will compare it with # responses from server and those include 'id' attribute. @@ -4668,7 +4667,7 @@ class ServiceProviderTests(test_v3.RestfulTestCase): service_provider, ref=ref_service_providers[id], keys_to_check=self.SP_KEYS) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) def test_update_service_provider(self): """Update existing service provider. @@ -4702,21 +4701,21 @@ class ServiceProviderTests(test_v3.RestfulTestCase): new_sp_ref = {'id': uuid.uuid4().hex} url = self.base_url(suffix=self.SERVICE_PROVIDER_ID) self.patch(url, body={'service_provider': new_sp_ref}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_update_service_provider_unknown_parameter(self): new_sp_ref = core.new_service_provider_ref() new_sp_ref[uuid.uuid4().hex] = uuid.uuid4().hex url = self.base_url(suffix=self.SERVICE_PROVIDER_ID) self.patch(url, body={'service_provider': new_sp_ref}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_update_service_provider_returns_not_found(self): new_sp_ref = core.new_service_provider_ref() new_sp_ref['description'] = uuid.uuid4().hex url = self.base_url(suffix=uuid.uuid4().hex) self.patch(url, body={'service_provider': new_sp_ref}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_update_sp_relay_state(self): """Update an SP with custom relay state.""" @@ -4735,7 +4734,7 @@ class ServiceProviderTests(test_v3.RestfulTestCase): def test_delete_service_provider_returns_not_found(self): url = self.base_url(suffix=uuid.uuid4().hex) - self.delete(url, expected_status=http_client.NOT_FOUND) + self.delete(url, expected_status=http.client.NOT_FOUND) def test_filter_list_sp_by_id(self): def get_id(resp): diff --git a/keystone/tests/unit/test_v3_filters.py b/keystone/tests/unit/test_v3_filters.py index c3b589a95c..9863733bf4 100644 --- a/keystone/tests/unit/test_v3_filters.py +++ b/keystone/tests/unit/test_v3_filters.py @@ -16,10 +16,9 @@ import datetime import freezegun +import http.client from oslo_config import fixture as config_fixture from oslo_serialization import jsonutils -from six.moves import http_client -from six.moves import range from keystone.common import provider_api import keystone.conf @@ -544,12 +543,12 @@ class IdentityPasswordExpiryFilteredTestCase(filtering.FilterTests, """ bad_op_url = self._list_users_by_password_expires_at( self._format_timestamp(self.starttime), 'x') - self.get(bad_op_url, expected_status=http_client.BAD_REQUEST) + self.get(bad_op_url, expected_status=http.client.BAD_REQUEST) bad_op_url = self._list_users_by_multiple_password_expires_at( self._format_timestamp(self.starttime), 'lt', self._format_timestamp(self.starttime), 'x') - self.get(bad_op_url, expected_status=http_client.BAD_REQUEST) + self.get(bad_op_url, expected_status=http.client.BAD_REQUEST) def test_list_users_by_password_expires_with_bad_timestamp_fails(self): """Ensure an invalid timestamp returns a Bad Request. @@ -561,15 +560,15 @@ class IdentityPasswordExpiryFilteredTestCase(filtering.FilterTests, """ bad_ts_url = self._list_users_by_password_expires_at( self.starttime.strftime('%S:%M:%ST%Y-%m-%d')) - self.get(bad_ts_url, expected_status=http_client.BAD_REQUEST) + self.get(bad_ts_url, expected_status=http.client.BAD_REQUEST) bad_ts_url = self._list_users_by_multiple_password_expires_at( self._format_timestamp(self.starttime), 'lt', self.starttime.strftime('%S:%M:%ST%Y-%m-%d'), 'gt') - self.get(bad_ts_url, expected_status=http_client.BAD_REQUEST) + self.get(bad_ts_url, expected_status=http.client.BAD_REQUEST) def _list_users_in_group_by_password_expires_at( - self, time, operator=None, expected_status=http_client.OK): + self, time, operator=None, expected_status=http.client.OK): """Call `list_users_in_group` with `password_expires_at` filter. GET /groups/{group_id}/users?password_expires_at= @@ -584,7 +583,7 @@ class IdentityPasswordExpiryFilteredTestCase(filtering.FilterTests, def _list_users_in_group_by_multiple_password_expires_at( self, first_time, first_operator, second_time, second_operator, - expected_status=http_client.OK): + expected_status=http.client.OK): """Call `list_users_in_group` with two `password_expires_at` filters. GET /groups/{group_id}/users?password_expires_at= @@ -703,12 +702,12 @@ class IdentityPasswordExpiryFilteredTestCase(filtering.FilterTests, """ bad_op_url = self._list_users_in_group_by_password_expires_at( self._format_timestamp(self.starttime), 'bad') - self.get(bad_op_url, expected_status=http_client.BAD_REQUEST) + self.get(bad_op_url, expected_status=http.client.BAD_REQUEST) bad_op_url = self._list_users_in_group_by_multiple_password_expires_at( self._format_timestamp(self.starttime), 'lt', self._format_timestamp(self.starttime), 'x') - self.get(bad_op_url, expected_status=http_client.BAD_REQUEST) + self.get(bad_op_url, expected_status=http.client.BAD_REQUEST) def test_list_users_in_group_by_password_expires_bad_timestamp_fails(self): """Ensure and invalid timestamp returns a Bad Request. @@ -720,12 +719,12 @@ class IdentityPasswordExpiryFilteredTestCase(filtering.FilterTests, """ bad_ts_url = self._list_users_in_group_by_password_expires_at( self.starttime.strftime('%S:%M:%ST%Y-%m-%d')) - self.get(bad_ts_url, expected_status=http_client.BAD_REQUEST) + self.get(bad_ts_url, expected_status=http.client.BAD_REQUEST) bad_ts_url = self._list_users_in_group_by_multiple_password_expires_at( self._format_timestamp(self.starttime), 'lt', self.starttime.strftime('%S:%M:%ST%Y-%m-%d'), 'gt') - self.get(bad_ts_url, expected_status=http_client.BAD_REQUEST) + self.get(bad_ts_url, expected_status=http.client.BAD_REQUEST) class IdentityTestListLimitCase(IdentityTestFilteredCase): diff --git a/keystone/tests/unit/test_v3_identity.py b/keystone/tests/unit/test_v3_identity.py index c377a96b80..3559320d97 100644 --- a/keystone/tests/unit/test_v3_identity.py +++ b/keystone/tests/unit/test_v3_identity.py @@ -17,10 +17,10 @@ import uuid import fixtures import freezegun +import http.client import mock from oslo_db import exception as oslo_db_exception from oslo_log import log -from six.moves import http_client from testtools import matchers from keystone.common import provider_api @@ -130,7 +130,7 @@ class IdentityTestCase(test_v3.RestfulTestCase): """Call ``POST /users`` with admin token and domain id.""" ref = unit.new_user_ref(domain_id=self.domain_id) self.post('/users', body={'user': ref}, token=self.get_admin_token(), - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) def test_user_management_normalized_keys(self): """Illustrate the inconsistent handling of hyphens in keys. @@ -202,7 +202,7 @@ class IdentityTestCase(test_v3.RestfulTestCase): def test_create_user_bad_request(self): """Call ``POST /users``.""" self.post('/users', body={'user': {}}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_create_user_bad_domain_id(self): """Call ``POST /users``.""" @@ -211,7 +211,7 @@ class IdentityTestCase(test_v3.RestfulTestCase): self.post('/users', body={'user': {"name": "baddomain", "domain_id": "DEFaUlT"}}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_list_head_users(self): """Call ``GET & HEAD /users``.""" @@ -219,7 +219,7 @@ class IdentityTestCase(test_v3.RestfulTestCase): r = self.get(resource_url) self.assertValidUserListResponse(r, ref=self.user, resource_url=resource_url) - self.head(resource_url, expected_status=http_client.OK) + self.head(resource_url, expected_status=http.client.OK) def test_list_users_with_multiple_backends(self): """Call ``GET /users`` when multiple backends is enabled. @@ -292,7 +292,7 @@ class IdentityTestCase(test_v3.RestfulTestCase): 'user_id': self.user['id']} r = self.get(resource_url) self.assertValidUserResponse(r, self.user) - self.head(resource_url, expected_status=http_client.OK) + self.head(resource_url, expected_status=http.client.OK) def test_get_user_does_not_include_extra_attributes(self): """Call ``GET /users/{user_id}`` extra attributes are not included.""" @@ -348,7 +348,7 @@ class IdentityTestCase(test_v3.RestfulTestCase): r = self.get(resource_url, auth=auth) self.assertValidGroupListResponse(r, ref=self.group, resource_url=resource_url) - self.head(resource_url, auth=auth, expected_status=http_client.OK) + self.head(resource_url, auth=auth, expected_status=http.client.OK) # Administrator is allowed to list others' groups resource_url = ('/users/%(user_id)s/groups' % @@ -356,7 +356,7 @@ class IdentityTestCase(test_v3.RestfulTestCase): r = self.get(resource_url) self.assertValidGroupListResponse(r, ref=self.group, resource_url=resource_url) - self.head(resource_url, expected_status=http_client.OK) + self.head(resource_url, expected_status=http.client.OK) # Ordinary users should not be allowed to list other's groups auth = self.build_authentication_request( @@ -387,7 +387,7 @@ class IdentityTestCase(test_v3.RestfulTestCase): resource_url=resource_url) self.assertIn('/groups/%(group_id)s/users' % { 'group_id': self.group_id}, r.result['links']['self']) - self.head(resource_url, expected_status=http_client.OK) + self.head(resource_url, expected_status=http.client.OK) def test_remove_user_from_group(self): """Call ``DELETE /groups/{group_id}/users/{user_id}``.""" @@ -428,11 +428,11 @@ class IdentityTestCase(test_v3.RestfulTestCase): # auth as user with original password should not work after change self.v3_create_token(old_password_auth, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) # auth as user with an old token should not work after change self.v3_create_token(old_token_auth, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) # new password should work new_password_auth = self.build_authentication_request( @@ -525,7 +525,7 @@ class IdentityTestCase(test_v3.RestfulTestCase): # Confirm token is valid for now self.head('/auth/tokens', headers={'X-Subject-Token': token}, - expected_status=http_client.OK) + expected_status=http.client.OK) # Now delete the user self.delete('/users/%(user_id)s' % { @@ -591,7 +591,7 @@ class IdentityTestCase(test_v3.RestfulTestCase): def test_create_group_bad_request(self): """Call ``POST /groups``.""" self.post('/groups', body={'group': {}}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_list_head_groups(self): """Call ``GET & HEAD /groups``.""" @@ -599,7 +599,7 @@ class IdentityTestCase(test_v3.RestfulTestCase): r = self.get(resource_url) self.assertValidGroupListResponse(r, ref=self.group, resource_url=resource_url) - self.head(resource_url, expected_status=http_client.OK) + self.head(resource_url, expected_status=http.client.OK) def test_get_head_group(self): """Call ``GET & HEAD /groups/{group_id}``.""" @@ -607,7 +607,7 @@ class IdentityTestCase(test_v3.RestfulTestCase): 'group_id': self.group_id} r = self.get(resource_url) self.assertValidGroupResponse(r, self.group) - self.head(resource_url, expected_status=http_client.OK) + self.head(resource_url, expected_status=http.client.OK) def test_update_group(self): """Call ``PATCH /groups/{group_id}``.""" @@ -681,7 +681,7 @@ class IdentityTestCase(test_v3.RestfulTestCase): ref = unit.new_user_ref(domain_id=self.domain_id, project_id=self.domain_id) self.post('/users', body={'user': ref}, token=CONF.admin_token, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) # updating user's default_project_id to a domain_id should result # in HTTP 400 @@ -690,7 +690,7 @@ class IdentityTestCase(test_v3.RestfulTestCase): 'user_id': self.user['id']}, body={'user': user}, token=CONF.admin_token, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) class ChangePasswordTestCase(test_v3.RestfulTestCase): @@ -700,7 +700,7 @@ class ChangePasswordTestCase(test_v3.RestfulTestCase): self.user_ref = unit.create_user(PROVIDERS.identity_api, domain_id=self.domain['id']) self.token = self.get_request_token(self.user_ref['password'], - http_client.CREATED) + http.client.CREATED) def get_request_token(self, password, expected_status): auth_data = self.build_authentication_request( @@ -737,7 +737,7 @@ class UserSelfServiceChangingPasswordsTestCase(ChangePasswordTestCase): def test_changing_password(self): # original password works token_id = self.get_request_token(self.user_ref['password'], - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) # original token works old_token_auth = self.build_authentication_request(token=token_id) self.v3_create_token(old_token_auth) @@ -746,19 +746,19 @@ class UserSelfServiceChangingPasswordsTestCase(ChangePasswordTestCase): new_password = uuid.uuid4().hex self.change_password(password=new_password, original_password=self.user_ref['password'], - expected_status=http_client.NO_CONTENT) + expected_status=http.client.NO_CONTENT) # old password fails self.get_request_token(self.user_ref['password'], - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) # old token fails self.v3_create_token(old_token_auth, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) # new password works self.get_request_token(new_password, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) def test_changing_password_with_min_password_age(self): time = datetime.datetime.utcnow() @@ -770,23 +770,23 @@ class UserSelfServiceChangingPasswordsTestCase(ChangePasswordTestCase): # able to change password after create user self.change_password(password=new_password, original_password=self.user_ref['password'], - expected_status=http_client.NO_CONTENT) + expected_status=http.client.NO_CONTENT) # 2nd change password should fail due to minimum password age and # make sure we wait one second to avoid race conditions with Fernet frozen_datetime.tick(delta=datetime.timedelta(seconds=1)) self.token = self.get_request_token( new_password, - http_client.CREATED + http.client.CREATED ) self.change_password(password=uuid.uuid4().hex, original_password=new_password, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) # disable minimum_password_age and attempt to change password self.config_fixture.config(group='security_compliance', minimum_password_age=0) self.change_password(password=uuid.uuid4().hex, original_password=new_password, - expected_status=http_client.NO_CONTENT) + expected_status=http.client.NO_CONTENT) def test_changing_password_with_password_lock(self): password = uuid.uuid4().hex @@ -810,14 +810,14 @@ class UserSelfServiceChangingPasswordsTestCase(ChangePasswordTestCase): } } path = '/users/%s/password' % user_id - self.post(path, body=body, expected_status=http_client.BAD_REQUEST) + self.post(path, body=body, expected_status=http.client.BAD_REQUEST) # Unlock the password, and change should work user_patch['user']['options'][lock_pw_opt] = False self.patch('/users/%s' % user_id, body=user_patch) path = '/users/%s/password' % user_id - self.post(path, body=body, expected_status=http_client.NO_CONTENT) + self.post(path, body=body, expected_status=http.client.NO_CONTENT) frozen_datetime.tick(delta=datetime.timedelta(seconds=1)) @@ -826,7 +826,7 @@ class UserSelfServiceChangingPasswordsTestCase(ChangePasswordTestCase): password=new_password ) self.v3_create_token( - auth_data, expected_status=http_client.CREATED + auth_data, expected_status=http.client.CREATED ) path = '/users/%s' % user_id @@ -843,20 +843,20 @@ class UserSelfServiceChangingPasswordsTestCase(ChangePasswordTestCase): def test_changing_password_with_missing_original_password_fails(self): r = self.change_password(password=uuid.uuid4().hex, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) self.assertThat(r.result['error']['message'], matchers.Contains('original_password')) def test_changing_password_with_missing_password_fails(self): r = self.change_password(original_password=self.user_ref['password'], - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) self.assertThat(r.result['error']['message'], matchers.Contains('password')) def test_changing_password_with_incorrect_password_fails(self): self.change_password(password=uuid.uuid4().hex, original_password=uuid.uuid4().hex, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_changing_password_with_disabled_user_fails(self): # disable the user account @@ -866,7 +866,7 @@ class UserSelfServiceChangingPasswordsTestCase(ChangePasswordTestCase): self.change_password(password=uuid.uuid4().hex, original_password=self.user_ref['password'], - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_changing_password_not_logged(self): # When a user changes their password, the password isn't logged at any @@ -878,7 +878,7 @@ class UserSelfServiceChangingPasswordsTestCase(ChangePasswordTestCase): new_password = uuid.uuid4().hex self.change_password(password=new_password, original_password=self.user_ref['password'], - expected_status=http_client.NO_CONTENT) + expected_status=http.client.NO_CONTENT) self.assertNotIn(self.user_ref['password'], log_fix.output) self.assertNotIn(new_password, log_fix.output) @@ -891,10 +891,10 @@ class UserSelfServiceChangingPasswordsTestCase(ChangePasswordTestCase): new_password = uuid.uuid4().hex self.change_password(password=new_password, original_password=password, - expected_status=http_client.NO_CONTENT) + expected_status=http.client.NO_CONTENT) # new password works self.get_request_token(new_password, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) def test_changing_expired_password_with_disabled_user_fails(self): self.config_fixture.config(group='security_compliance', @@ -909,7 +909,7 @@ class UserSelfServiceChangingPasswordsTestCase(ChangePasswordTestCase): new_password = uuid.uuid4().hex self.change_password(password=new_password, original_password=password, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_change_password_required_upon_first_use_for_create(self): self.config_fixture.config(group='security_compliance', @@ -921,16 +921,16 @@ class UserSelfServiceChangingPasswordsTestCase(ChangePasswordTestCase): # attempt to authenticate with create user password self.get_request_token(self.user_ref['password'], - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) # self-service change password new_password = uuid.uuid4().hex self.change_password(password=new_password, original_password=self.user_ref['password'], - expected_status=http_client.NO_CONTENT) + expected_status=http.client.NO_CONTENT) # authenticate with the new password - self.token = self.get_request_token(new_password, http_client.CREATED) + self.token = self.get_request_token(new_password, http.client.CREATED) def test_change_password_required_upon_first_use_for_admin_reset(self): self.config_fixture.config(group='security_compliance', @@ -943,16 +943,16 @@ class UserSelfServiceChangingPasswordsTestCase(ChangePasswordTestCase): # attempt to authenticate with admin reset password self.get_request_token(reset_password, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) # self-service change password new_password = uuid.uuid4().hex self.change_password(password=new_password, original_password=reset_password, - expected_status=http_client.NO_CONTENT) + expected_status=http.client.NO_CONTENT) # authenticate with the new password - self.token = self.get_request_token(new_password, http_client.CREATED) + self.token = self.get_request_token(new_password, http.client.CREATED) def test_change_password_required_upon_first_use_ignore_user(self): self.config_fixture.config(group='security_compliance', @@ -967,7 +967,7 @@ class UserSelfServiceChangingPasswordsTestCase(ChangePasswordTestCase): # authenticate with the reset password self.token = self.get_request_token(reset_password, - http_client.CREATED) + http.client.CREATED) def test_lockout_exempt(self): self.config_fixture.config(group='security_compliance', @@ -986,11 +986,11 @@ class UserSelfServiceChangingPasswordsTestCase(ChangePasswordTestCase): # one failure, but we're exempt from lockout! bad_password = uuid.uuid4().hex self.token = self.get_request_token(bad_password, - http_client.UNAUTHORIZED) + http.client.UNAUTHORIZED) # attempt to authenticate with correct password self.get_request_token(self.user_ref['password'], - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) class PasswordValidationTestCase(ChangePasswordTestCase): @@ -1006,7 +1006,7 @@ class PasswordValidationTestCase(ChangePasswordTestCase): user = unit.new_user_ref(domain_id=self.domain_id) user['password'] = 'simple' self.post('/users', body={'user': user}, token=self.get_admin_token(), - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_update_user_with_invalid_password(self): user = unit.create_user(PROVIDERS.identity_api, @@ -1015,7 +1015,7 @@ class PasswordValidationTestCase(ChangePasswordTestCase): self.patch('/users/%(user_id)s' % { 'user_id': user['id']}, body={'user': user}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_changing_password_with_simple_password_strength(self): # password requires: any non-whitespace character @@ -1023,28 +1023,28 @@ class PasswordValidationTestCase(ChangePasswordTestCase): password_regex='[\S]+') self.change_password(password='simple', original_password=self.user_ref['password'], - expected_status=http_client.NO_CONTENT) + expected_status=http.client.NO_CONTENT) def test_changing_password_with_strong_password_strength(self): self.change_password(password='mypassword2', original_password=self.user_ref['password'], - expected_status=http_client.NO_CONTENT) + expected_status=http.client.NO_CONTENT) def test_changing_password_with_strong_password_strength_fails(self): # no digit self.change_password(password='mypassword', original_password=self.user_ref['password'], - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) # no letter self.change_password(password='12345678', original_password=self.user_ref['password'], - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) # less than 7 chars self.change_password(password='mypas2', original_password=self.user_ref['password'], - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) class UserFederatedAttributesTests(test_v3.RestfulTestCase): diff --git a/keystone/tests/unit/test_v3_oauth1.py b/keystone/tests/unit/test_v3_oauth1.py index 90378214e4..4822c58479 100644 --- a/keystone/tests/unit/test_v3_oauth1.py +++ b/keystone/tests/unit/test_v3_oauth1.py @@ -18,12 +18,12 @@ import random import uuid import freezegun +import http.client import mock from oslo_serialization import jsonutils from pycadf import cadftaxonomy -from six.moves import http_client -from six.moves import urllib -from six.moves.urllib import parse as urlparse +import urllib +from urllib import parse as urlparse from keystone.common import provider_api import keystone.conf @@ -154,7 +154,7 @@ class ConsumerCRUDTests(OAuth1Tests): consumer = self._create_single_consumer() consumer_id = consumer['id'] resp = self.delete(self.CONSUMER_URL + '/%s' % consumer_id) - self.assertResponseStatus(resp, http_client.NO_CONTENT) + self.assertResponseStatus(resp, http.client.NO_CONTENT) def test_consumer_get_head(self): consumer = self._create_single_consumer() @@ -167,7 +167,7 @@ class ConsumerCRUDTests(OAuth1Tests): self.assertEqual(self_url, resp.result['consumer']['links']['self']) self.assertEqual(consumer_id, resp.result['consumer']['id']) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) def test_consumer_list(self): self._consumer_create() @@ -179,7 +179,7 @@ class ConsumerCRUDTests(OAuth1Tests): self.assertEqual(self_url, resp.result['links']['self']) self.assertValidListLinks(resp.result['links']) - self.head(self.CONSUMER_URL, expected_status=http_client.OK) + self.head(self.CONSUMER_URL, expected_status=http.client.OK) def test_consumer_update(self): consumer = self._create_single_consumer() @@ -202,7 +202,7 @@ class ConsumerCRUDTests(OAuth1Tests): update_ref['secret'] = uuid.uuid4().hex self.patch(self.CONSUMER_URL + '/%s' % original_id, body={'consumer': update_ref}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_consumer_update_bad_id(self): consumer = self._create_single_consumer() @@ -215,7 +215,7 @@ class ConsumerCRUDTests(OAuth1Tests): update_ref['id'] = update_description self.patch(self.CONSUMER_URL + '/%s' % original_id, body={'consumer': update_ref}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_consumer_update_normalize_field(self): # If update a consumer with a field with : or - in the name, @@ -258,8 +258,8 @@ class ConsumerCRUDTests(OAuth1Tests): self.CONSUMER_URL + '/%(consumer_id)s' % {'consumer_id': uuid.uuid4().hex} ) - self.get(url, expected_status=http_client.NOT_FOUND) - self.head(url, expected_status=http_client.NOT_FOUND) + self.get(url, expected_status=http.client.NOT_FOUND) + self.head(url, expected_status=http.client.NOT_FOUND) class OAuthFlowTests(OAuth1Tests): @@ -284,7 +284,7 @@ class OAuthFlowTests(OAuth1Tests): url = self._authorize_request_token(request_key) body = {'roles': [{'id': self.role_id}]} - resp = self.put(url, body=body, expected_status=http_client.OK) + resp = self.put(url, body=body, expected_status=http.client.OK) self.verifier = resp.result['token']['oauth_verifier'] self.assertTrue(all(i in base.VERIFIER_CHARS for i in self.verifier)) self.assertEqual(8, len(self.verifier)) @@ -314,7 +314,7 @@ class AccessTokenCRUDTests(OAuthFlowTests): self.delete('/users/%(user)s/OS-OAUTH1/access_tokens/%(auth)s' % {'user': self.user_id, 'auth': uuid.uuid4().hex}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_list_no_access_tokens(self): url = ( @@ -326,7 +326,7 @@ class AccessTokenCRUDTests(OAuthFlowTests): self.assertEqual([], entities) self.assertValidListLinks(resp.result['links']) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) def test_get_single_access_token(self): self.test_oauth_flow() @@ -342,7 +342,7 @@ class AccessTokenCRUDTests(OAuthFlowTests): self.assertEqual(self.consumer['key'], entity['consumer_id']) self.assertEqual('http://localhost/v3' + url, entity['links']['self']) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) def test_get_access_token_dne(self): url = ( @@ -350,8 +350,8 @@ class AccessTokenCRUDTests(OAuthFlowTests): % {'user_id': self.user_id, 'key': uuid.uuid4().hex} ) - self.get(url, expected_status=http_client.NOT_FOUND) - self.head(url, expected_status=http_client.NOT_FOUND) + self.get(url, expected_status=http.client.NOT_FOUND) + self.head(url, expected_status=http.client.NOT_FOUND) def test_list_all_roles_in_access_token(self): self.test_oauth_flow() @@ -365,7 +365,7 @@ class AccessTokenCRUDTests(OAuthFlowTests): self.assertTrue(entities) self.assertValidListLinks(resp.result['links']) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) def test_get_role_in_access_token(self): self.test_oauth_flow() @@ -378,7 +378,7 @@ class AccessTokenCRUDTests(OAuthFlowTests): entity = resp.result['role'] self.assertEqual(self.role_id, entity['id']) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) def test_get_role_in_access_token_dne(self): self.test_oauth_flow() @@ -387,8 +387,8 @@ class AccessTokenCRUDTests(OAuthFlowTests): url = ('/users/%(id)s/OS-OAUTH1/access_tokens/%(key)s/roles/%(role)s' % {'id': self.user_id, 'key': access_token_key, 'role': uuid.uuid4().hex}) - self.get(url, expected_status=http_client.NOT_FOUND) - self.head(url, expected_status=http_client.NOT_FOUND) + self.get(url, expected_status=http.client.NOT_FOUND) + self.head(url, expected_status=http.client.NOT_FOUND) def test_list_and_delete_access_tokens(self): self.test_oauth_flow() @@ -398,7 +398,7 @@ class AccessTokenCRUDTests(OAuthFlowTests): % {'user_id': self.user_id} ) resp = self.get(url) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) entities = resp.result['access_tokens'] self.assertTrue(entities) self.assertValidListLinks(resp.result['links']) @@ -408,11 +408,11 @@ class AccessTokenCRUDTests(OAuthFlowTests): resp = self.delete('/users/%(user)s/OS-OAUTH1/access_tokens/%(auth)s' % {'user': self.user_id, 'auth': access_token_key}) - self.assertResponseStatus(resp, http_client.NO_CONTENT) + self.assertResponseStatus(resp, http.client.NO_CONTENT) # List access_token should be 0 resp = self.get(url) - self.head(url, expected_status=http_client.OK) + self.head(url, expected_status=http.client.OK) entities = resp.result['access_tokens'] self.assertEqual([], entities) self.assertValidListLinks(resp.result['links']) @@ -452,13 +452,13 @@ class AuthTokenTests(object): resp = self.delete('/users/%(user)s/OS-OAUTH1/access_tokens/%(auth)s' % {'user': self.user_id, 'auth': access_token_key}) - self.assertResponseStatus(resp, http_client.NO_CONTENT) + self.assertResponseStatus(resp, http.client.NO_CONTENT) # Check Keystone Token no longer exists headers = {'X-Subject-Token': self.keystone_token_id, 'X-Auth-Token': self.keystone_token_id} self.get('/auth/tokens', headers=headers, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_deleting_consumer_also_deletes_tokens(self): self.test_oauth_flow() @@ -467,7 +467,7 @@ class AuthTokenTests(object): consumer_id = self.consumer['key'] resp = self.delete('/OS-OAUTH1/consumers/%(consumer_id)s' % {'consumer_id': consumer_id}) - self.assertResponseStatus(resp, http_client.NO_CONTENT) + self.assertResponseStatus(resp, http.client.NO_CONTENT) # List access_token should be 0 resp = self.get('/users/%(user_id)s/OS-OAUTH1/access_tokens' @@ -479,7 +479,7 @@ class AuthTokenTests(object): headers = {'X-Subject-Token': self.keystone_token_id, 'X-Auth-Token': self.keystone_token_id} self.head('/auth/tokens', headers=headers, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_change_user_password_also_deletes_tokens(self): self.test_oauth_flow() @@ -496,7 +496,7 @@ class AuthTokenTests(object): body={'user': user}) headers = {'X-Subject-Token': self.keystone_token_id} self.get(path='/auth/tokens', token=self.get_admin_token(), - headers=headers, expected_status=http_client.NOT_FOUND) + headers=headers, expected_status=http.client.NOT_FOUND) def test_deleting_project_also_invalidates_tokens(self): self.test_oauth_flow() @@ -512,7 +512,7 @@ class AuthTokenTests(object): headers = {'X-Subject-Token': self.keystone_token_id} self.get(path='/auth/tokens', token=self.get_admin_token(), - headers=headers, expected_status=http_client.NOT_FOUND) + headers=headers, expected_status=http.client.NOT_FOUND) def test_token_chaining_is_not_allowed(self): self.test_oauth_flow() @@ -527,7 +527,7 @@ class AuthTokenTests(object): body=auth_data, token=self.keystone_token_id, method='POST', - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_delete_keystone_tokens_by_consumer_id(self): self.test_oauth_flow() @@ -597,14 +597,14 @@ class AuthTokenTests(object): self.post('/OS-TRUST/trusts', body={'trust': ref}, token=self.keystone_token_id, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_oauth_token_cannot_authorize_request_token(self): self.test_oauth_flow() url = self._approve_request_token_url() body = {'roles': [{'id': self.role_id}]} self.put(url, body=body, token=self.keystone_token_id, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_oauth_token_cannot_list_request_tokens(self): self._set_policy({"identity:list_access_tokens": [], @@ -613,7 +613,7 @@ class AuthTokenTests(object): self.test_oauth_flow() url = '/users/%s/OS-OAUTH1/access_tokens' % self.user_id self.get(url, token=self.keystone_token_id, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def _set_policy(self, new_policy): self.tempfile = self.useFixture(temporaryfile.SecureTempFile()) @@ -628,7 +628,7 @@ class AuthTokenTests(object): url = self._approve_request_token_url() body = {'roles': [{'id': self.role_id}]} self.put(url, body=body, token=trust_token, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_trust_token_cannot_list_request_tokens(self): self._set_policy({"identity:list_access_tokens": [], @@ -636,7 +636,7 @@ class AuthTokenTests(object): trust_token = self._create_trust_get_token() url = '/users/%s/OS-OAUTH1/access_tokens' % self.user_id self.get(url, token=trust_token, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) class FernetAuthTokenTests(AuthTokenTests, OAuthFlowTests): @@ -671,7 +671,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): consumer = {'key': consumer_id, 'secret': uuid.uuid4().hex} url, headers = self._create_request_token(consumer, self.project_id) self.post(url, headers=headers, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_bad_request_url(self): consumer = self._create_single_consumer() @@ -682,7 +682,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): url, headers = self._create_request_token(consumer, self.project_id, base_url=bad_base_url) self.post(url, headers=headers, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_bad_request_url_scheme(self): consumer = self._create_single_consumer() @@ -693,7 +693,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): url, headers = self._create_request_token(consumer, self.project_id, base_url=bad_url_scheme) self.post(url, headers=headers, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_bad_request_token_key(self): consumer = self._create_single_consumer() @@ -706,7 +706,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): response_content_type='application/x-www-form-urlencoded') url = self._authorize_request_token(uuid.uuid4().hex) body = {'roles': [{'id': self.role_id}]} - self.put(url, body=body, expected_status=http_client.NOT_FOUND) + self.put(url, body=body, expected_status=http.client.NOT_FOUND) def test_bad_request_body_when_authorize(self): consumer = self._create_single_consumer() @@ -721,7 +721,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): request_key = credentials['oauth_token'][0] url = self._authorize_request_token(request_key) bad_body = {'roles': [{'fake_key': 'fake_value'}]} - self.put(url, body=bad_body, expected_status=http_client.BAD_REQUEST) + self.put(url, body=bad_body, expected_status=http.client.BAD_REQUEST) def test_bad_consumer_id(self): consumer = self._create_single_consumer() @@ -729,7 +729,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): consumer_secret = consumer['secret'] consumer = {'key': consumer_id, 'secret': consumer_secret} url, headers = self._create_request_token(consumer, self.project_id) - self.post(url, headers=headers, expected_status=http_client.NOT_FOUND) + self.post(url, headers=headers, expected_status=http.client.NOT_FOUND) def test_bad_requested_project_id(self): consumer = self._create_single_consumer() @@ -738,7 +738,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): consumer = {'key': consumer_id, 'secret': consumer_secret} project_id = uuid.uuid4().hex url, headers = self._create_request_token(consumer, project_id) - self.post(url, headers=headers, expected_status=http_client.NOT_FOUND) + self.post(url, headers=headers, expected_status=http.client.NOT_FOUND) def test_bad_verifier(self): self.config_fixture.config(debug=True, insecure_debug=True) @@ -758,14 +758,14 @@ class MaliciousOAuth1Tests(OAuth1Tests): url = self._authorize_request_token(request_key) body = {'roles': [{'id': self.role_id}]} - resp = self.put(url, body=body, expected_status=http_client.OK) + resp = self.put(url, body=body, expected_status=http.client.OK) verifier = resp.result['token']['oauth_verifier'] self.assertIsNotNone(verifier) request_token.set_verifier(uuid.uuid4().hex) url, headers = self._create_access_token(consumer, request_token) resp = self.post(url, headers=headers, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) resp_data = jsonutils.loads(resp.body) self.assertIn('Validation failed with errors', resp_data.get('error', {}).get('message')) @@ -788,7 +788,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): url = self._authorize_request_token(request_key) body = {'roles': [{'id': self.role_id}]} - resp = self.put(url, body=body, expected_status=http_client.OK) + resp = self.put(url, body=body, expected_status=http.client.OK) verifier = resp.result['token']['oauth_verifier'] request_token.set_verifier(verifier) @@ -798,7 +798,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): url, headers = self._create_access_token(consumer, request_token, base_url=base_url) resp = self.post(url, headers=headers, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) resp_data = jsonutils.loads(resp.body) self.assertIn('Invalid signature', resp_data.get('error', {}).get('message')) @@ -809,7 +809,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): url, headers = self._create_access_token(consumer, request_token, base_url=bad_url_scheme) resp = self.post(url, headers=headers, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) resp_data = jsonutils.loads(resp.body) self.assertIn('Invalid signature', resp_data.get('error', {}).get('message')) @@ -819,7 +819,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): consumer.update({'secret': uuid.uuid4().hex}) url, headers = self._create_access_token(consumer, request_token) resp = self.post(url, headers=headers, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) resp_data = jsonutils.loads(resp.body) self.assertIn('Invalid signature', resp_data.get('error', {}).get('message')) @@ -834,7 +834,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): request_token.set_verifier(verifier) url, headers = self._create_access_token(consumer, request_token) resp = self.post(url, headers=headers, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) resp_data = jsonutils.loads(resp.body) self.assertIn('Provided verifier', resp_data.get('error', {}).get('message')) @@ -843,7 +843,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): consumer.update({'key': uuid.uuid4().hex}) url, headers = self._create_access_token(consumer, request_token) resp = self.post(url, headers=headers, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) resp_data = jsonutils.loads(resp.body) self.assertIn('Provided consumer does not exist', resp_data.get('error', {}).get('message')) @@ -853,7 +853,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): consumer.update({'key': consumer2['id']}) url, headers = self._create_access_token(consumer, request_token) resp = self.post(url, headers=headers, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) resp_data = jsonutils.loads(resp.body) self.assertIn('Provided consumer key', resp_data.get('error', {}).get('message')) @@ -889,7 +889,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): # 404 because an unrouted URI was being hit. It is correct to get a 401 # error back as the role is not in the superset of roles the user # has at the time of the Authorization. - self.put(path=url, body=body, expected_status=http_client.UNAUTHORIZED) + self.put(path=url, body=body, expected_status=http.client.UNAUTHORIZED) def test_bad_authorizing_roles_name(self): consumer = self._create_single_consumer() @@ -906,7 +906,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): url = self._authorize_request_token(request_key) body = {'roles': [{'name': 'fake_name'}]} - self.put(path=url, body=body, expected_status=http_client.NOT_FOUND) + self.put(path=url, body=body, expected_status=http.client.NOT_FOUND) def test_no_authorizing_user_id(self): consumer = self._create_single_consumer() @@ -925,7 +925,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): url = self._authorize_request_token(request_key) body = {'roles': [{'id': self.role_id}]} - resp = self.put(url, body=body, expected_status=http_client.OK) + resp = self.put(url, body=body, expected_status=http.client.OK) verifier = resp.result['token']['oauth_verifier'] request_token.set_verifier(verifier) request_token_created = PROVIDERS.oauth_api.get_request_token( @@ -940,7 +940,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): mock_token.return_value = request_token_created url, headers = self._create_access_token(consumer, request_token) self.post(url, headers=headers, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_validate_requet_token_request_failed(self): self.config_fixture.config(debug=True, insecure_debug=True) @@ -957,7 +957,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): resp = self.post( url, headers=faked_header, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) resp_data = jsonutils.loads(resp.body) self.assertIn('Validation failed with errors', resp_data['error']['message']) @@ -988,7 +988,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): body = {'roles': [{'id': self.role_id}]} frozen_time.tick(delta=datetime.timedelta( seconds=CONF.oauth1.request_token_duration + 1)) - self.put(url, body=body, expected_status=http_client.UNAUTHORIZED) + self.put(url, body=body, expected_status=http.client.UNAUTHORIZED) def test_expired_creating_keystone_token(self): with freezegun.freeze_time(datetime.datetime.utcnow()) as frozen_time: @@ -1014,7 +1014,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): url = self._authorize_request_token(request_key) body = {'roles': [{'id': self.role_id}]} - resp = self.put(url, body=body, expected_status=http_client.OK) + resp = self.put(url, body=body, expected_status=http.client.OK) self.verifier = resp.result['token']['oauth_verifier'] self.request_token.set_verifier(self.verifier) @@ -1034,7 +1034,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): frozen_time.tick(delta=datetime.timedelta( seconds=CONF.oauth1.access_token_duration + 1)) self.post(url, headers=headers, body=body, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_missing_oauth_headers(self): endpoint = '/OS-OAUTH1/request_token' @@ -1051,7 +1051,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): # header from the post request. del headers['Authorization'] self.post(endpoint, headers=headers, - expected_status=http_client.INTERNAL_SERVER_ERROR) + expected_status=http.client.INTERNAL_SERVER_ERROR) class OAuthNotificationTests(OAuth1Tests, @@ -1127,7 +1127,7 @@ class OAuthNotificationTests(OAuth1Tests, url = self._authorize_request_token(request_key) body = {'roles': [{'id': self.role_id}]} - resp = self.put(url, body=body, expected_status=http_client.OK) + resp = self.put(url, body=body, expected_status=http.client.OK) self.verifier = resp.result['token']['oauth_verifier'] self.assertTrue(all(i in base.VERIFIER_CHARS for i in self.verifier)) self.assertEqual(8, len(self.verifier)) @@ -1157,7 +1157,7 @@ class OAuthNotificationTests(OAuth1Tests, resp = self.delete('/users/%(user)s/OS-OAUTH1/access_tokens/%(auth)s' % {'user': self.user_id, 'auth': self.access_token.key.decode()}) - self.assertResponseStatus(resp, http_client.NO_CONTENT) + self.assertResponseStatus(resp, http.client.NO_CONTENT) # Test to ensure the delete access token notification is sent self._assert_notify_sent(access_key_string, diff --git a/keystone/tests/unit/test_v3_os_revoke.py b/keystone/tests/unit/test_v3_os_revoke.py index e4e87b308d..33fa4e21b6 100644 --- a/keystone/tests/unit/test_v3_os_revoke.py +++ b/keystone/tests/unit/test_v3_os_revoke.py @@ -15,10 +15,9 @@ import mock import uuid import freezegun +import http.client from oslo_db import exception as oslo_db_exception from oslo_utils import timeutils -import six -from six.moves import http_client from testtools import matchers from keystone.common import provider_api @@ -80,7 +79,7 @@ class OSRevokeTests(test_v3.RestfulTestCase, test_v3.JsonHomeTestMixin): def test_revoked_token_in_list(self): audit_id = uuid.uuid4().hex sample = self._blank_event() - sample['audit_id'] = six.text_type(audit_id) + sample['audit_id'] = str(audit_id) before_time = timeutils.utcnow().replace(microsecond=0) PROVIDERS.revoke_api.revoke_by_audit_id(audit_id) resp = self.get('/OS-REVOKE/events') @@ -91,7 +90,7 @@ class OSRevokeTests(test_v3.RestfulTestCase, test_v3.JsonHomeTestMixin): def test_disabled_project_in_list(self): project_id = uuid.uuid4().hex sample = dict() - sample['project_id'] = six.text_type(project_id) + sample['project_id'] = str(project_id) before_time = timeutils.utcnow().replace(microsecond=0) PROVIDERS.revoke_api.revoke( revoke_model.RevokeEvent(project_id=project_id)) @@ -104,7 +103,7 @@ class OSRevokeTests(test_v3.RestfulTestCase, test_v3.JsonHomeTestMixin): def test_disabled_domain_in_list(self): domain_id = uuid.uuid4().hex sample = dict() - sample['domain_id'] = six.text_type(domain_id) + sample['domain_id'] = str(domain_id) before_time = timeutils.utcnow().replace(microsecond=0) PROVIDERS.revoke_api.revoke( revoke_model.RevokeEvent(domain_id=domain_id)) @@ -116,7 +115,7 @@ class OSRevokeTests(test_v3.RestfulTestCase, test_v3.JsonHomeTestMixin): def test_list_since_invalid(self): self.get('/OS-REVOKE/events?since=blah', - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_list_since_valid(self): resp = self.get('/OS-REVOKE/events?since=2013-02-27T18:30:59.999999Z') @@ -126,7 +125,7 @@ class OSRevokeTests(test_v3.RestfulTestCase, test_v3.JsonHomeTestMixin): def test_since_future_time_no_events(self): domain_id = uuid.uuid4().hex sample = dict() - sample['domain_id'] = six.text_type(domain_id) + sample['domain_id'] = str(domain_id) PROVIDERS.revoke_api.revoke( revoke_model.RevokeEvent(domain_id=domain_id)) diff --git a/keystone/tests/unit/test_v3_policy.py b/keystone/tests/unit/test_v3_policy.py index e2be44af63..f6b9073200 100644 --- a/keystone/tests/unit/test_v3_policy.py +++ b/keystone/tests/unit/test_v3_policy.py @@ -15,7 +15,7 @@ import json import uuid -from six.moves import http_client +import http.client from keystone.common import provider_api from keystone.tests import unit @@ -48,7 +48,7 @@ class PolicyTestCase(test_v3.RestfulTestCase): resource_url = '/policies' r = self.get(resource_url) self.assertValidPolicyListResponse(r, ref=self.policy) - self.head(resource_url, expected_status=http_client.OK) + self.head(resource_url, expected_status=http.client.OK) def test_get_head_policy(self): """Call ``GET & HEAD /policies/{policy_id}``.""" @@ -56,7 +56,7 @@ class PolicyTestCase(test_v3.RestfulTestCase): {'policy_id': self.policy_id}) r = self.get(resource_url) self.assertValidPolicyResponse(r, self.policy) - self.head(resource_url, expected_status=http_client.OK) + self.head(resource_url, expected_status=http.client.OK) def test_update_policy(self): """Call ``PATCH /policies/{policy_id}``.""" diff --git a/keystone/tests/unit/test_v3_resource.py b/keystone/tests/unit/test_v3_resource.py index 8fe6c7e771..a8abb05d42 100644 --- a/keystone/tests/unit/test_v3_resource.py +++ b/keystone/tests/unit/test_v3_resource.py @@ -12,8 +12,7 @@ import uuid -from six.moves import http_client -from six.moves import range +import http.client from testtools import matchers from keystone.common import provider_api @@ -75,7 +74,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, def test_create_domain_bad_request(self): """Call ``POST /domains``.""" self.post('/domains', body={'domain': {}}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_create_domain_unsafe(self): """Call ``POST /domains with unsafe names``.""" @@ -95,7 +94,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, self.post( '/domains', body={'domain': ref}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_create_domain_unsafe_default(self): """Check default for unsafe names for ``POST /domains``.""" @@ -173,7 +172,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, r = self.post( '/domains', body={'domain': ref}, - expected_status=http_client.CONFLICT) + expected_status=http.client.CONFLICT) def test_create_domain_invalid_explicit_ids(self): """Call ``POST /domains`` with various invalid explicit_domain_ids.""" @@ -188,7 +187,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, for explicit_domain_id in bad_ids: ref['explicit_domain_id'] = explicit_domain_id self.post('/domains', body={'domain': {}}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_list_head_domains(self): """Call ``GET & HEAD /domains``.""" @@ -196,7 +195,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, r = self.get(resource_url) self.assertValidDomainListResponse(r, ref=self.domain, resource_url=resource_url) - self.head(resource_url, expected_status=http_client.OK) + self.head(resource_url, expected_status=http.client.OK) def test_list_limit_for_domains(self): for x in range(6): @@ -217,7 +216,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, 'domain_id': self.domain_id} r = self.get(resource_url) self.assertValidDomainResponse(r, self.domain) - self.head(resource_url, expected_status=http_client.OK) + self.head(resource_url, expected_status=http.client.OK) def test_update_domain(self): """Call ``PATCH /domains/{domain_id}``.""" @@ -249,7 +248,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, self.patch('/domains/%(domain_id)s' % { 'domain_id': self.domain_id}, body={'domain': ref}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_update_domain_unsafe_default(self): """Check default for unsafe names for ``POST /domains``.""" @@ -324,7 +323,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, password=user2['password'], project_id=project2['id']) self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) auth_data = self.build_authentication_request( username=user2['name'], @@ -332,7 +331,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, password=user2['password'], project_id=project2['id']) self.v3_create_token(auth_data, - expected_status=http_client.UNAUTHORIZED) + expected_status=http.client.UNAUTHORIZED) def test_delete_enabled_domain_fails(self): """Call ``DELETE /domains/{domain_id}`` (when domain enabled).""" @@ -441,7 +440,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, self.put('/OS-FEDERATION/identity_providers/test_idp', body={"identity_provider": { "domain_id": domain_id}}, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) # Disable and delete the domain with no error. self.patch('/domains/%(domain_id)s' % { 'domain_id': domain_id}, @@ -449,7 +448,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, self.delete('/domains/%s' % domain_id) # The Idp is deleted as well self.get('/OS-FEDERATION/identity_providers/test_idp', - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_delete_domain_deletes_is_domain_project(self): """Check the project that acts as a domain is deleted. @@ -510,7 +509,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, # validates the returned token and it should be valid. self.head('/auth/tokens', headers={'x-subject-token': subject_token}, - expected_status=http_client.OK) + expected_status=http.client.OK) # now disable the domain domain['enabled'] = False @@ -522,7 +521,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, # as the domain has already been disabled. self.head('/auth/tokens', headers={'x-subject-token': subject_token}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_delete_domain_hierarchy(self): """Call ``DELETE /domains/{domain_id}``.""" @@ -627,7 +626,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, r = self.get(resource_url) self.assertValidProjectListResponse(r, ref=self.project, resource_url=resource_url) - self.head(resource_url, expected_status=http_client.OK) + self.head(resource_url, expected_status=http.client.OK) def test_create_project(self): """Call ``POST /projects``.""" @@ -640,13 +639,13 @@ class ResourceTestCase(test_v3.RestfulTestCase, def test_create_project_bad_request(self): """Call ``POST /projects``.""" self.post('/projects', body={'project': {}}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_create_project_invalid_domain_id(self): """Call ``POST /projects``.""" ref = unit.new_project_ref(domain_id=uuid.uuid4().hex) self.post('/projects', body={'project': ref}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_create_project_unsafe(self): """Call ``POST /projects with unsafe names``.""" @@ -666,7 +665,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, self.post( '/projects', body={'project': ref}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_create_project_unsafe_default(self): """Check default for unsafe names for ``POST /projects``.""" @@ -987,25 +986,25 @@ class ResourceTestCase(test_v3.RestfulTestCase, 'project_id': self.project_id} r = self.get(resource_url) self.assertValidProjectResponse(r, self.project) - self.head(resource_url, expected_status=http_client.OK) + self.head(resource_url, expected_status=http.client.OK) def test_get_project_with_parents_as_list_with_invalid_id(self): """Call ``GET /projects/{project_id}?parents_as_list``.""" self.get('/projects/%(project_id)s?parents_as_list' % { - 'project_id': None}, expected_status=http_client.NOT_FOUND) + 'project_id': None}, expected_status=http.client.NOT_FOUND) self.get('/projects/%(project_id)s?parents_as_list' % { 'project_id': uuid.uuid4().hex}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_get_project_with_subtree_as_list_with_invalid_id(self): """Call ``GET /projects/{project_id}?subtree_as_list``.""" self.get('/projects/%(project_id)s?subtree_as_list' % { - 'project_id': None}, expected_status=http_client.NOT_FOUND) + 'project_id': None}, expected_status=http.client.NOT_FOUND) self.get('/projects/%(project_id)s?subtree_as_list' % { 'project_id': uuid.uuid4().hex}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_get_project_with_parents_as_ids(self): """Call ``GET /projects/{project_id}?parents_as_ids``.""" @@ -1136,7 +1135,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, self.get( '/projects/%(project_id)s?parents_as_list&parents_as_ids' % { 'project_id': projects[1]['project']['id']}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_get_project_with_include_limits(self): PROVIDERS.assignment_api.create_system_grant_for_user( @@ -1158,7 +1157,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, '/registered_limits', body={'registered_limits': [reg_limit]}, token=system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) limit1 = unit.new_limit_ref(project_id=parent['project']['id'], service_id=self.service_id, region_id=self.region_id, @@ -1175,7 +1174,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, '/limits', body={'limits': [limit1, limit2, limit3]}, token=system_admin_token, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) # "include_limits" should work together with "parents_as_list" or # "subtree_as_list". Only using "include_limits" really does nothing. r = self.get('/projects/%(project_id)s?include_limits' % @@ -1431,7 +1430,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, self.get( '/projects/%(project_id)s?subtree_as_list&subtree_as_ids' % { 'project_id': projects[1]['project']['id']}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_update_project(self): """Call ``PATCH /projects/{project_id}``.""" @@ -1471,7 +1470,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, '/projects/%(project_id)s' % { 'project_id': self.project_id}, body={'project': ref}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_update_project_unsafe_default(self): """Check default for unsafe names for ``POST /projects``.""" @@ -1510,7 +1509,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, '/projects/%(project_id)s' % { 'project_id': leaf_project['id']}, body={'project': leaf_project}, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_update_project_is_domain_not_allowed(self): """Call ``PATCH /projects/{project_id}`` with is_domain. @@ -1527,7 +1526,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, self.patch('/projects/%(project_id)s' % { 'project_id': resp.result['project']['id']}, body={'project': project}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_disable_leaf_project(self): """Call ``PATCH /projects/{project_id}``.""" @@ -1550,7 +1549,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, '/projects/%(project_id)s' % { 'project_id': root_project['id']}, body={'project': root_project}, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_delete_project(self): """Call ``DELETE /projects/{project_id}``. @@ -1598,14 +1597,14 @@ class ResourceTestCase(test_v3.RestfulTestCase, self.delete( '/projects/%(project_id)s' % { 'project_id': projects[0]['project']['id']}, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_create_project_with_tags(self): project, tags = self._create_project_and_tags(num_of_tags=10) ref = self.get( '/projects/%(project_id)s' % { 'project_id': project['id']}, - expected_status=http_client.OK) + expected_status=http.client.OK) self.assertIn('tags', ref.result['project']) for tag in tags: self.assertIn(tag, ref.result['project']['tags']) @@ -1624,9 +1623,9 @@ class ResourceTestCase(test_v3.RestfulTestCase, tag = uuid.uuid4().hex url = '/projects/%(project_id)s/tags/%(value)s' self.put(url % {'project_id': self.project_id, 'value': tag}, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) self.get(url % {'project_id': self.project_id, 'value': tag}, - expected_status=http_client.NO_CONTENT) + expected_status=http.client.NO_CONTENT) def test_create_project_tag_is_case_insensitive(self): case_tags = ['case', 'CASE'] @@ -1635,10 +1634,10 @@ class ResourceTestCase(test_v3.RestfulTestCase, '/projects/%(project_id)s/tags/%(value)s' % { 'project_id': self.project_id, 'value': tag}, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) resp = self.get('/projects/%(project_id)s' % {'project_id': self.project_id}, - expected_status=http_client.OK) + expected_status=http.client.OK) for tag in case_tags: self.assertIn(tag, resp.result['project']['tags']) @@ -1648,12 +1647,12 @@ class ResourceTestCase(test_v3.RestfulTestCase, '/projects/%(project_id)s/tags/%(value)s' % { 'project_id': project['id'], 'value': tags[0]}, - expected_status=http_client.NO_CONTENT) + expected_status=http.client.NO_CONTENT) self.head( '/projects/%(project_id)s/tags/%(value)s' % { 'project_id': project['id'], 'value': tags[0]}, - expected_status=http_client.NO_CONTENT) + expected_status=http.client.NO_CONTENT) def test_get_project_tag_that_does_not_exist(self): project, _ = self._create_project_and_tags() @@ -1661,7 +1660,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, '/projects/%(project_id)s/tags/%(value)s' % { 'project_id': project['id'], 'value': uuid.uuid4().hex}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_delete_project_tag(self): project, tags = self._create_project_and_tags() @@ -1669,28 +1668,28 @@ class ResourceTestCase(test_v3.RestfulTestCase, '/projects/%(project_id)s/tags/%(value)s' % { 'project_id': project['id'], 'value': tags[0]}, - expected_status=http_client.NO_CONTENT) + expected_status=http.client.NO_CONTENT) self.get( '/projects/%(project_id)s/tags/%(value)s' % { 'project_id': self.project_id, 'value': tags[0]}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_delete_project_tags(self): project, tags = self._create_project_and_tags(num_of_tags=5) self.delete( '/projects/%(project_id)s/tags/' % { 'project_id': project['id']}, - expected_status=http_client.NO_CONTENT) + expected_status=http.client.NO_CONTENT) self.get( '/projects/%(project_id)s/tags/%(value)s' % { 'project_id': self.project_id, 'value': tags[0]}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) resp = self.get( '/projects/%(project_id)s/tags/' % { 'project_id': self.project_id}, - expected_status=http_client.OK) + expected_status=http.client.OK) self.assertEqual(len(resp.result['tags']), 0) def test_create_project_tag_invalid_project_id(self): @@ -1698,7 +1697,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, '/projects/%(project_id)s/tags/%(value)s' % { 'project_id': uuid.uuid4().hex, 'value': uuid.uuid4().hex}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_create_project_tag_unsafe_name(self): tag = uuid.uuid4().hex + ',' @@ -1706,7 +1705,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, '/projects/%(project_id)s/tags/%(value)s' % { 'project_id': self.project_id, 'value': tag}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_create_project_tag_already_exists(self): project, tags = self._create_project_and_tags() @@ -1714,7 +1713,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, '/projects/%(project_id)s/tags/%(value)s' % { 'project_id': project['id'], 'value': tags[0]}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_create_project_tag_over_tag_limit(self): project, _ = self._create_project_and_tags(num_of_tags=80) @@ -1722,7 +1721,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, '/projects/%(project_id)s/tags/%(value)s' % { 'project_id': project['id'], 'value': uuid.uuid4().hex}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_create_project_tag_name_over_character_limit(self): tag = 'a' * 256 @@ -1730,28 +1729,28 @@ class ResourceTestCase(test_v3.RestfulTestCase, '/projects/%(project_id)s/tags/%(value)s' % { 'project_id': self.project_id, 'value': tag}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_delete_tag_invalid_project_id(self): self.delete( '/projects/%(project_id)s/tags/%(value)s' % { 'project_id': uuid.uuid4().hex, 'value': uuid.uuid4().hex}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_delete_project_tag_not_found(self): self.delete( '/projects/%(project_id)s/tags/%(value)s' % { 'project_id': self.project_id, 'value': uuid.uuid4().hex}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_list_project_tags(self): project, tags = self._create_project_and_tags(num_of_tags=5) resp = self.get( '/projects/%(project_id)s/tags' % { 'project_id': project['id']}, - expected_status=http_client.OK) + expected_status=http.client.OK) for tag in tags: self.assertIn(tag, resp.result['tags']) @@ -1761,13 +1760,13 @@ class ResourceTestCase(test_v3.RestfulTestCase, '/projects/%(project_id)s/tags/%(value)s' % { 'project_id': project['id'], 'value': tags[0]}, - expected_status=http_client.NO_CONTENT) + expected_status=http.client.NO_CONTENT) def test_list_project_tags_for_project_with_no_tags(self): resp = self.get( '/projects/%(project_id)s/tags' % { 'project_id': self.project_id}, - expected_status=http_client.OK) + expected_status=http.client.OK) self.assertEqual([], resp.result['tags']) def test_check_project_with_no_tags(self): @@ -1775,7 +1774,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, '/projects/%(project_id)s/tags/%(value)s' % { 'project_id': self.project_id, 'value': uuid.uuid4().hex}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_update_project_tags(self): project, tags = self._create_project_and_tags(num_of_tags=5) @@ -1783,7 +1782,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, '/projects/%(project_id)s/tags' % { 'project_id': project['id']}, body={'tags': tags}, - expected_status=http_client.OK) + expected_status=http.client.OK) self.assertIn(tags[1], resp.result['tags']) def test_update_project_tags_removes_previous_tags(self): @@ -1793,12 +1792,12 @@ class ResourceTestCase(test_v3.RestfulTestCase, '/projects/%(project_id)s/tags/%(value)s' % { 'project_id': project['id'], 'value': tag}, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) resp = self.put( '/projects/%(project_id)s/tags' % { 'project_id': project['id']}, body={'tags': tags}, - expected_status=http_client.OK) + expected_status=http.client.OK) self.assertNotIn(tag, resp.result['tags']) self.assertIn(tags[1], resp.result['tags']) @@ -1811,7 +1810,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, '/projects/%(project_id)s/tags' % { 'project_id': project['id']}, body={'tags': tags}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_update_project_tags_with_too_many_tags(self): project, _ = self._create_project_and_tags() @@ -1820,7 +1819,7 @@ class ResourceTestCase(test_v3.RestfulTestCase, self.put( '/projects/%(project_id)s/tags' % {'project_id': project['id']}, body={'tags': tags}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_list_projects_by_user_with_inherited_role(self): """Ensure the cache is invalidated when creating/deleting a project.""" @@ -1881,4 +1880,4 @@ class StrictTwoLevelLimitsResourceTestCase(ResourceTestCase): parent_id=projects[1]['project']['id']) self.post('/projects', body={'project': new_ref}, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) diff --git a/keystone/tests/unit/test_v3_trust.py b/keystone/tests/unit/test_v3_trust.py index 2fd0c43286..6cea445f24 100644 --- a/keystone/tests/unit/test_v3_trust.py +++ b/keystone/tests/unit/test_v3_trust.py @@ -13,7 +13,7 @@ import datetime import uuid -from six.moves import http_client +import http.client from keystone.common import provider_api import keystone.conf @@ -45,7 +45,7 @@ class TestTrustOperations(test_v3.RestfulTestCase): # The server returns a 403 Forbidden rather than a 400 Bad Request, see # bug 1133435 self.post('/OS-TRUST/trusts', body={'trust': {}}, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_create_trust_with_invalid_expiration_fails(self): # create a new trust @@ -59,21 +59,21 @@ class TestTrustOperations(test_v3.RestfulTestCase): self.post( '/OS-TRUST/trusts', body={'trust': ref}, - expected_status=http_client.BAD_REQUEST + expected_status=http.client.BAD_REQUEST ) ref['expires_at'] = '' self.post( '/OS-TRUST/trusts', body={'trust': ref}, - expected_status=http_client.BAD_REQUEST + expected_status=http.client.BAD_REQUEST ) ref['expires_at'] = 'Z' self.post( '/OS-TRUST/trusts', body={'trust': ref}, - expected_status=http_client.BAD_REQUEST + expected_status=http.client.BAD_REQUEST ) def test_trusts_do_not_implement_updates(self): @@ -93,12 +93,12 @@ class TestTrustOperations(test_v3.RestfulTestCase): '/v3/OS-TRUST/trusts/%(trust_id)s' % {'trust_id': trust_id}, json={'trust': ref}, headers={'X-Auth-Token': token}, - expected_status_code=http_client.METHOD_NOT_ALLOWED) + expected_status_code=http.client.METHOD_NOT_ALLOWED) c.put( '/v3/OS-TRUST/trusts/%(trust_id)s' % {'trust_id': trust_id}, json={'trust': ref}, headers={'X-Auth-Token': token}, - expected_status_code=http_client.METHOD_NOT_ALLOWED) + expected_status_code=http.client.METHOD_NOT_ALLOWED) def test_trust_crud(self): # create a new trust @@ -125,7 +125,7 @@ class TestTrustOperations(test_v3.RestfulTestCase): '/OS-TRUST/trusts/%(trust_id)s/roles/%(role_id)s' % { 'trust_id': trust['id'], 'role_id': self.role['id']}, - expected_status=http_client.OK) + expected_status=http.client.OK) r = self.get( '/OS-TRUST/trusts/%(trust_id)s/roles/%(role_id)s' % { 'trust_id': trust['id'], @@ -143,7 +143,7 @@ class TestTrustOperations(test_v3.RestfulTestCase): # ensure the trust is not found self.get( '/OS-TRUST/trusts/%(trust_id)s' % {'trust_id': trust['id']}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_list_trusts(self): # create three trusts with the same trustor and trustee @@ -163,7 +163,7 @@ class TestTrustOperations(test_v3.RestfulTestCase): # list all trusts list_url = '/OS-TRUST/trusts' r = self.get(list_url) - self.head(list_url, expected_status=http_client.OK) + self.head(list_url, expected_status=http.client.OK) trusts = r.result['trusts'] self.assertEqual(3, len(trusts)) self.assertValidTrustListResponse(r) @@ -173,7 +173,7 @@ class TestTrustOperations(test_v3.RestfulTestCase): '/OS-TRUST/trusts?trustor_user_id=%s' % self.user_id ) r = self.get(list_for_trustor_url) - self.head(list_for_trustor_url, expected_status=http_client.OK) + self.head(list_for_trustor_url, expected_status=http.client.OK) trusts = r.result['trusts'] self.assertEqual(3, len(trusts)) self.assertValidTrustListResponse(r) @@ -183,7 +183,7 @@ class TestTrustOperations(test_v3.RestfulTestCase): '/OS-TRUST/trusts?trustee_user_id=%s' % self.user_id ) r = self.get(list_as_trustor_url) - self.head(list_as_trustor_url, expected_status=http_client.OK) + self.head(list_as_trustor_url, expected_status=http.client.OK) trusts = r.result['trusts'] self.assertEqual(0, len(trusts)) @@ -193,11 +193,11 @@ class TestTrustOperations(test_v3.RestfulTestCase): ) r = self.get( list_all_as_trustee_url, - expected_status=http_client.FORBIDDEN + expected_status=http.client.FORBIDDEN ) self.head( list_all_as_trustee_url, - expected_status=http_client.FORBIDDEN + expected_status=http.client.FORBIDDEN ) def test_create_trust_with_expiration_in_the_past_fails(self): @@ -213,7 +213,7 @@ class TestTrustOperations(test_v3.RestfulTestCase): self.post( '/OS-TRUST/trusts', body={'trust': ref}, - expected_status=http_client.BAD_REQUEST + expected_status=http.client.BAD_REQUEST ) def test_delete_trust(self): @@ -235,7 +235,7 @@ class TestTrustOperations(test_v3.RestfulTestCase): # ensure the trust isn't found self.get('/OS-TRUST/trusts/%(trust_id)s' % { 'trust_id': trust['id']}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_create_trust_without_trustee_returns_bad_request(self): ref = unit.new_trust_ref( @@ -249,7 +249,7 @@ class TestTrustOperations(test_v3.RestfulTestCase): self.post('/OS-TRUST/trusts', body={'trust': ref}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_create_trust_without_impersonation_returns_bad_request(self): ref = unit.new_trust_ref( @@ -263,7 +263,7 @@ class TestTrustOperations(test_v3.RestfulTestCase): self.post('/OS-TRUST/trusts', body={'trust': ref}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_create_trust_with_bad_remaining_uses_returns_bad_request(self): # negative numbers, strings, non-integers, and 0 are not value values @@ -276,7 +276,7 @@ class TestTrustOperations(test_v3.RestfulTestCase): role_ids=[self.role_id]) self.post('/OS-TRUST/trusts', body={'trust': ref}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_create_trust_with_non_existant_trustee_returns_not_found(self): ref = unit.new_trust_ref( @@ -285,7 +285,7 @@ class TestTrustOperations(test_v3.RestfulTestCase): project_id=self.project_id, role_ids=[self.role_id]) self.post('/OS-TRUST/trusts', body={'trust': ref}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_create_trust_with_trustee_as_trustor_returns_forbidden(self): ref = unit.new_trust_ref( @@ -296,7 +296,7 @@ class TestTrustOperations(test_v3.RestfulTestCase): # NOTE(lbragstad): This fails because the user making the request isn't # the trustor defined in the request. self.post('/OS-TRUST/trusts', body={'trust': ref}, - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_create_trust_with_non_existant_project_returns_not_found(self): ref = unit.new_trust_ref( @@ -305,7 +305,7 @@ class TestTrustOperations(test_v3.RestfulTestCase): project_id=uuid.uuid4().hex, role_ids=[self.role_id]) self.post('/OS-TRUST/trusts', body={'trust': ref}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_create_trust_with_non_existant_role_id_returns_not_found(self): ref = unit.new_trust_ref( @@ -314,7 +314,7 @@ class TestTrustOperations(test_v3.RestfulTestCase): project_id=self.project_id, role_ids=[uuid.uuid4().hex]) self.post('/OS-TRUST/trusts', body={'trust': ref}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_create_trust_with_extra_attributes_fails(self): ref = unit.new_trust_ref(trustor_user_id=self.user_id, @@ -324,7 +324,7 @@ class TestTrustOperations(test_v3.RestfulTestCase): ref['roles'].append({'fake_key': 'fake_value'}) self.post('/OS-TRUST/trusts', body={'trust': ref}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_create_trust_with_non_existant_role_name_returns_not_found(self): ref = unit.new_trust_ref( @@ -333,7 +333,7 @@ class TestTrustOperations(test_v3.RestfulTestCase): project_id=self.project_id, role_names=[uuid.uuid4().hex]) self.post('/OS-TRUST/trusts', body={'trust': ref}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) def test_create_trust_with_role_name_ambiguous_returns_bad_request(self): # Create second role with the same name @@ -348,7 +348,7 @@ class TestTrustOperations(test_v3.RestfulTestCase): role_names=[self.role['name']] ) self.post('/OS-TRUST/trusts', body={'trust': ref}, - expected_status=http_client.BAD_REQUEST) + expected_status=http.client.BAD_REQUEST) def test_exercise_trust_scoped_token_without_impersonation(self): # create a new trust @@ -451,7 +451,7 @@ class TestTrustOperations(test_v3.RestfulTestCase): body={'trust': ref}, token=resp.headers.get('X-Subject-Token'), method='POST', - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_trust_deleted_when_user_deleted(self): # create trust @@ -476,7 +476,7 @@ class TestTrustOperations(test_v3.RestfulTestCase): self.get( '/OS-TRUST/trusts/%(trust_id)s' % {'trust_id': trust['id']}, - expected_status=http_client.NOT_FOUND) + expected_status=http.client.NOT_FOUND) # create another user as the new trustee trustee_user = unit.create_user(PROVIDERS.identity_api, @@ -555,7 +555,7 @@ class TrustsWithApplicationCredentials(test_v3.RestfulTestCase): auth_data = self.build_authentication_request( app_cred_id=app_cred['id'], secret=app_cred['secret']) token_data = self.v3_create_token(auth_data, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) trust_body = unit.new_trust_ref(trustor_user_id=self.user_id, trustee_user_id=self.trustee_user_id, project_id=self.project_id, @@ -564,7 +564,7 @@ class TrustsWithApplicationCredentials(test_v3.RestfulTestCase): path='/OS-TRUST/trusts', body={'trust': trust_body}, token=token_data.headers['x-subject-token'], - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) def test_delete_trust_with_application_credential(self): ref = unit.new_trust_ref( @@ -590,9 +590,9 @@ class TrustsWithApplicationCredentials(test_v3.RestfulTestCase): auth_data = self.build_authentication_request( app_cred_id=app_cred['id'], secret=app_cred['secret']) token_data = self.v3_create_token(auth_data, - expected_status=http_client.CREATED) + expected_status=http.client.CREATED) # delete the trust self.delete(path='/OS-TRUST/trusts/%(trust_id)s' % { 'trust_id': trust['id']}, token=token_data.headers['x-subject-token'], - expected_status=http_client.FORBIDDEN) + expected_status=http.client.FORBIDDEN) diff --git a/keystone/tests/unit/test_versions.py b/keystone/tests/unit/test_versions.py index 9ba797beba..2fcea3f034 100644 --- a/keystone/tests/unit/test_versions.py +++ b/keystone/tests/unit/test_versions.py @@ -17,8 +17,8 @@ import copy import functools import random +import http.client from oslo_serialization import jsonutils -from six.moves import http_client from testtools import matchers as tt_matchers import webob @@ -755,7 +755,7 @@ class VersionTestCase(unit.TestCase): def test_public_version_v3(self): client = TestClient(self.public_app) resp = client.get('/v3/') - self.assertEqual(http_client.OK, resp.status_int) + self.assertEqual(http.client.OK, resp.status_int) data = jsonutils.loads(resp.body) expected = v3_VERSION_RESPONSE self._paste_in_port(expected['version'], @@ -767,7 +767,7 @@ class VersionTestCase(unit.TestCase): for app in (self.public_app,): client = TestClient(app) resp = client.get('/v3/') - self.assertEqual(http_client.OK, resp.status_int) + self.assertEqual(http.client.OK, resp.status_int) data = jsonutils.loads(resp.body) expected = v3_VERSION_RESPONSE self._paste_in_port(expected['version'], 'http://localhost/v3/') @@ -786,7 +786,7 @@ class VersionTestCase(unit.TestCase): # request to /v3 should pass resp = client.get('/v3/') - self.assertEqual(http_client.OK, resp.status_int) + self.assertEqual(http.client.OK, resp.status_int) data = jsonutils.loads(resp.body) expected = v3_VERSION_RESPONSE self._paste_in_port(expected['version'], diff --git a/keystone/tests/unit/token/test_fernet_provider.py b/keystone/tests/unit/token/test_fernet_provider.py index 2dd4e4b1a1..9280ff4cc4 100644 --- a/keystone/tests/unit/token/test_fernet_provider.py +++ b/keystone/tests/unit/token/test_fernet_provider.py @@ -18,7 +18,6 @@ import os import uuid from oslo_utils import timeutils -import six from keystone import auth from keystone.common import fernet_utils @@ -227,11 +226,11 @@ class TestTokenFormatter(unit.TestCase): binary_to_test = [b'a', b'aa', b'aaa'] for binary in binary_to_test: - # base64.urlsafe_b64encode takes six.binary_type and returns - # six.binary_type. + # base64.urlsafe_b64encode takes bytes and returns + # bytes. encoded_string = base64.urlsafe_b64encode(binary) encoded_string = encoded_string.decode('utf-8') - # encoded_string is now six.text_type. + # encoded_string is now str. encoded_str_without_padding = encoded_string.rstrip('=') self.assertFalse(encoded_str_without_padding.endswith('=')) encoded_str_with_padding_restored = ( @@ -266,7 +265,7 @@ class TestTokenFormatter(unit.TestCase): expires_at) = token_formatter.validate_token(token) self.assertEqual(exp_user_id, user_id) - self.assertTrue(isinstance(user_id, six.string_types)) + self.assertTrue(isinstance(user_id, str)) self.assertEqual(exp_methods, methods) self.assertEqual(exp_audit_ids, audit_ids) self.assertEqual(exp_federated_group_ids, federated_group_ids) @@ -301,7 +300,7 @@ class TestTokenFormatter(unit.TestCase): expires_at) = token_formatter.validate_token(token) self.assertEqual(exp_user_id, user_id) - self.assertTrue(isinstance(user_id, six.string_types)) + self.assertTrue(isinstance(user_id, str)) self.assertEqual(exp_methods, methods) self.assertEqual(exp_audit_ids, audit_ids) self.assertEqual(exp_project_id, project_id) @@ -327,10 +326,10 @@ class TestPayloads(unit.TestCase): def test_strings_can_be_converted_to_bytes(self): s = provider.random_urlsafe_str() - self.assertIsInstance(s, six.text_type) + self.assertIsInstance(s, str) b = token_formatters.BasePayload.random_urlsafe_str_to_bytes(s) - self.assertIsInstance(b, six.binary_type) + self.assertIsInstance(b, bytes) def test_uuid_hex_to_byte_conversions(self): payload_cls = token_formatters.BasePayload @@ -420,7 +419,7 @@ class TestPayloads(unit.TestCase): exp_access_token_id=None, exp_app_cred_id=None, encode_ids=False): def _encode_id(value): - if value is not None and six.text_type(value) and encode_ids: + if value is not None and str(value) and encode_ids: return value.encode('utf-8') return value exp_user_id = exp_user_id or uuid.uuid4().hex @@ -626,7 +625,7 @@ class TestFernetKeyRotation(unit.TestCase): static set of keys, and simply shuffling them, would fail such a test). """ - # Load the keys into a list, keys is list of six.text_type. + # Load the keys into a list, keys is list of str. key_utils = fernet_utils.FernetUtils( CONF.fernet_tokens.key_repository, CONF.fernet_tokens.max_active_keys, @@ -641,7 +640,7 @@ class TestFernetKeyRotation(unit.TestCase): # Create the thumbprint using all keys in the repository. signature = hashlib.sha1() for key in keys: - # Need to convert key to six.binary_type for update. + # Need to convert key to bytes for update. signature.update(key.encode('utf-8')) return signature.hexdigest() diff --git a/keystone/tests/unit/trust/test_backends.py b/keystone/tests/unit/trust/test_backends.py index 6fdc5de0a5..d1e9a183ac 100644 --- a/keystone/tests/unit/trust/test_backends.py +++ b/keystone/tests/unit/trust/test_backends.py @@ -14,7 +14,6 @@ import datetime import uuid from oslo_utils import timeutils -from six.moves import range from keystone.common import provider_api from keystone import exception diff --git a/keystone/tests/unit/utils.py b/keystone/tests/unit/utils.py index 45a2c6ff6e..00e48bd03c 100644 --- a/keystone/tests/unit/utils.py +++ b/keystone/tests/unit/utils.py @@ -17,7 +17,6 @@ import os import time import uuid -import six from testtools import testcase @@ -81,7 +80,7 @@ def wip(message, expected_exception=Exception, bug=None): bugstr = "" def _wip(f): - @six.wraps(f) + @functools.wraps(f) def run_test(*args, **kwargs): __e = None try: diff --git a/keystone/token/provider.py b/keystone/token/provider.py index c537d1ba8b..2ea4d7e08d 100644 --- a/keystone/token/provider.py +++ b/keystone/token/provider.py @@ -20,7 +20,6 @@ import uuid from oslo_log import log from oslo_utils import timeutils -import six from keystone.common import cache from keystone.common import manager @@ -71,8 +70,7 @@ def default_expire_time(): def random_urlsafe_str(): """Generate a random URL-safe string. - :rtype: six.text_type - + :rtype: str """ # chop the padding (==) off the end of the encoding to save space return base64.urlsafe_b64encode(uuid.uuid4().bytes)[:-2].decode('utf-8') @@ -262,7 +260,7 @@ class Manager(manager.Manager): if isinstance(expires_at, datetime.datetime): token.expires_at = utils.isotime(expires_at, subsecond=True) - if isinstance(expires_at, six.string_types): + if isinstance(expires_at, str): token.expires_at = expires_at elif not expires_at: token.expires_at = utils.isotime( diff --git a/keystone/token/providers/base.py b/keystone/token/providers/base.py index 6422d38089..34547c3747 100644 --- a/keystone/token/providers/base.py +++ b/keystone/token/providers/base.py @@ -14,13 +14,10 @@ import abc -import six - from keystone import exception -@six.add_metaclass(abc.ABCMeta) -class Provider(object): +class Provider(object, metaclass=abc.ABCMeta): """Interface description for a Token provider.""" @abc.abstractmethod diff --git a/keystone/token/token_formatters.py b/keystone/token/token_formatters.py index 04aef7b668..f25a7a591e 100644 --- a/keystone/token/token_formatters.py +++ b/keystone/token/token_formatters.py @@ -19,8 +19,6 @@ from cryptography import fernet import msgpack from oslo_log import log from oslo_utils import timeutils -import six -from six.moves import map from keystone.auth import plugins as auth_plugins from keystone.common import fernet_utils as utils @@ -71,8 +69,8 @@ class TokenFormatter(object): def pack(self, payload): """Pack a payload for transport as a token. - :type payload: six.binary_type - :rtype: six.text_type + :type payload: bytes + :rtype: str """ # base64 padding (if any) is not URL-safe @@ -81,8 +79,8 @@ class TokenFormatter(object): def unpack(self, token): """Unpack a token, and validate the payload. - :type token: six.text_type - :rtype: six.binary_type + :type token: str + :rtype: bytes """ token = TokenFormatter.restore_padding(token) @@ -98,7 +96,7 @@ class TokenFormatter(object): """Restore padding based on token size. :param token: token to restore padding on - :type token: six.text_type + :type token: str :returns: token with correct padding """ @@ -113,14 +111,14 @@ class TokenFormatter(object): def creation_time(cls, fernet_token): """Return the creation time of a valid Fernet token. - :type fernet_token: six.text_type + :type fernet_token: str """ fernet_token = TokenFormatter.restore_padding(fernet_token) - # fernet_token is six.text_type + # fernet_token is str # Fernet tokens are base64 encoded, so we need to unpack them first - # urlsafe_b64decode() requires six.binary_type + # urlsafe_b64decode() requires bytes token_bytes = base64.urlsafe_b64decode(fernet_token.encode('utf-8')) # slice into the byte array to get just the timestamp @@ -168,7 +166,7 @@ class TokenFormatter(object): def validate_token(self, token): """Validate a Fernet token and returns the payload attributes. - :type token: six.text_type + :type token: str """ serialized_payload = self.unpack(token) @@ -324,20 +322,20 @@ class BasePayload(object): def base64_encode(cls, s): """Encode a URL-safe string. - :type s: six.text_type - :rtype: six.text_type + :type s: str + :rtype: str """ - # urlsafe_b64encode() returns six.binary_type so need to convert to - # six.text_type, might as well do it before stripping. + # urlsafe_b64encode() returns bytes so need to convert to + # str, might as well do it before stripping. return base64.urlsafe_b64encode(s).decode('utf-8').rstrip('=') @classmethod def random_urlsafe_str_to_bytes(cls, s): - """Convert string from :func:`random_urlsafe_str()` to six.binary_type. + """Convert string from :func:`random_urlsafe_str()` to bytes. - :type s: six.text_type - :rtype: six.binary_type + :type s: str + :rtype: bytes """ # urlsafe_b64decode() requires str, unicode isn't accepted. @@ -351,14 +349,14 @@ class BasePayload(object): """Convert a value to text type, translating uuid -> hex if required. :param is_stored_as_bytes: whether value is already bytes - :type is_stored_as_bytes: six.boolean + :type is_stored_as_bytes: boolean :param value: value to attempt to convert to bytes - :type value: six.text_type or six.binary_type - :rtype: six.text_type + :type value: str or bytes + :rtype: str """ if is_stored_as_bytes: return cls.convert_uuid_bytes_to_hex(value) - elif isinstance(value, six.binary_type): + elif isinstance(value, bytes): return value.decode('utf-8') return value @@ -432,7 +430,7 @@ class DomainScopedPayload(BasePayload): domain_id = cls.convert_uuid_bytes_to_hex(payload[2]) except ValueError: # the default domain ID is configurable, and probably isn't a UUID - if six.PY3 and isinstance(payload[2], six.binary_type): + if isinstance(payload[2], bytes): payload[2] = payload[2].decode('utf-8') if payload[2] == CONF.identity.default_domain_id: domain_id = payload[2] @@ -573,7 +571,7 @@ class FederatedUnscopedPayload(BasePayload): (is_stored_as_bytes, idp_id) = payload[3] idp_id = cls._convert_or_decode(is_stored_as_bytes, idp_id) protocol_id = payload[4] - if isinstance(protocol_id, six.binary_type): + if isinstance(protocol_id, bytes): protocol_id = protocol_id.decode('utf-8') expires_at_str = cls._convert_float_to_time_string(payload[5]) audit_ids = list(map(cls.base64_encode, payload[6])) @@ -626,7 +624,7 @@ class FederatedScopedPayload(FederatedUnscopedPayload): (is_stored_as_bytes, idp_id) = payload[4] idp_id = cls._convert_or_decode(is_stored_as_bytes, idp_id) protocol_id = payload[5] - if six.PY3 and isinstance(protocol_id, six.binary_type): + if isinstance(protocol_id, bytes): protocol_id = protocol_id.decode('utf-8') expires_at_str = cls._convert_float_to_time_string(payload[6]) audit_ids = list(map(cls.base64_encode, payload[7])) diff --git a/keystone/trust/backends/base.py b/keystone/trust/backends/base.py index 557268926a..f37b62f5de 100644 --- a/keystone/trust/backends/base.py +++ b/keystone/trust/backends/base.py @@ -14,13 +14,10 @@ import abc -import six - from keystone import exception -@six.add_metaclass(abc.ABCMeta) -class TrustDriverBase(object): +class TrustDriverBase(object, metaclass=abc.ABCMeta): @abc.abstractmethod def create_trust(self, trust_id, trust, roles): diff --git a/keystone/trust/backends/sql.py b/keystone/trust/backends/sql.py index 0dcd3d1b2e..8bb067423e 100644 --- a/keystone/trust/backends/sql.py +++ b/keystone/trust/backends/sql.py @@ -13,7 +13,6 @@ # under the License. from oslo_utils import timeutils -from six.moves import range import sqlalchemy from sqlalchemy.ext.hybrid import hybrid_property diff --git a/keystone/trust/core.py b/keystone/trust/core.py index 8a0974035a..a4d91da491 100644 --- a/keystone/trust/core.py +++ b/keystone/trust/core.py @@ -14,8 +14,6 @@ """Main entry point into the Trust service.""" -from six.moves import zip - from keystone.common import manager from keystone.common import provider_api import keystone.conf diff --git a/requirements.txt b/requirements.txt index 36a0cdc68c..4d1d2b8f34 100644 --- a/requirements.txt +++ b/requirements.txt @@ -11,7 +11,6 @@ WebOb>=1.7.1 # MIT Flask!=0.11,>=1.0.2 # BSD Flask-RESTful>=0.3.5 # BSD cryptography>=2.1 # BSD/Apache-2.0 -six>=1.10.0 # MIT SQLAlchemy>=1.1.0 # MIT sqlalchemy-migrate>=0.11.0 # Apache-2.0 stevedore>=1.20.0 # Apache-2.0