8a66ef6354
This is the first step of several to remove PKI token support in keystone. A large issue in removing PKI support is support for the revocation list must be maintained. This patch removes support for the token format, it's surrounding tests and examples that are generated. Additionally, some wording has been changed around the CLI and config options to make the distinction between keys and certs used for PKI tokens and those used for getting the revocation list (a list of tokens that are revoked, which is signed). Future patches will: - Remove the keystone-manage commands for generating certs - Modify the revocation list (at /auth/tokens/OS-PKI/revoked) to return a 403 if pki is not configured (instead of raising a 500). We cannot remove the API as that would break an API contract. - Options to configure PKI will be marked as deprecated - If PKI is configured a normal signed list will be returned (same behavior as today) - Follow up patch to keystonemiddleware will make sure auth_token does not rely on the revocation api at all. Related-Bug: 1626778 Related-Bug: 1626779 Co-Authored-By: Boris Bobrov <bbobrov@mirantis.com> bp removed-as-of-ocata Change-Id: Icf1ebced44a675c88fb66a6c0431208ff5181574
139 lines
3.8 KiB
INI
139 lines
3.8 KiB
INI
[tox]
|
|
minversion = 2.3.1
|
|
skipsdist = True
|
|
envlist = py34,py27,pep8,api-ref,docs,genconfig,releasenotes
|
|
|
|
[testenv]
|
|
usedevelop = True
|
|
install_command = pip install -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} {opts} {packages}
|
|
setenv = VIRTUAL_ENV={envdir}
|
|
deps = -r{toxinidir}/test-requirements.txt
|
|
.[ldap,memcache,mongodb]
|
|
commands =
|
|
find keystone -type f -name "*.pyc" -delete
|
|
bash tools/pretty_tox.sh '{posargs}'
|
|
whitelist_externals =
|
|
bash
|
|
find
|
|
passenv = http_proxy HTTP_PROXY https_proxy HTTPS_PROXY no_proxy NO_PROXY PBR_VERSION
|
|
|
|
[testenv:api-ref]
|
|
commands =
|
|
rm -rf api-ref/build
|
|
sphinx-build -W -b html -d api-ref/build/doctrees api-ref/source api-ref/build/html
|
|
whitelist_externals =
|
|
rm
|
|
|
|
[testenv:pep8]
|
|
deps =
|
|
.[bandit]
|
|
{[testenv]deps}
|
|
commands =
|
|
flake8
|
|
# Run bash8 during pep8 runs to ensure violations are caught by
|
|
# the check and gate queues
|
|
bashate devstack/plugin.sh
|
|
# Run security linter
|
|
bandit -r keystone -x tests
|
|
|
|
[testenv:bandit]
|
|
# NOTE(browne): This is required for the integration test job of the bandit
|
|
# project. Please do not remove.
|
|
deps = .[bandit]
|
|
commands = bandit -r keystone -x tests
|
|
|
|
[testenv:cover]
|
|
# Also do not run test_coverage_ext tests while gathering coverage as those
|
|
# tests conflict with coverage.
|
|
commands =
|
|
find keystone -type f -name "*.pyc" -delete
|
|
python setup.py testr --coverage --testr-args='{posargs}'
|
|
|
|
[testenv:patch_cover]
|
|
commands =
|
|
bash tools/cover.sh
|
|
|
|
[testenv:venv]
|
|
commands = {posargs}
|
|
|
|
[testenv:debug]
|
|
commands =
|
|
find keystone -type f -name "*.pyc" -delete
|
|
oslo_debug_helper {posargs}
|
|
passenv =
|
|
KSTEST_ADMIN_URL
|
|
KSTEST_ADMIN_USERNAME
|
|
KSTEST_ADMIN_PASSWORD
|
|
KSTEST_ADMIN_DOMAIN_ID
|
|
KSTEST_PUBLIC_URL
|
|
KSTEST_USER_USERNAME
|
|
KSTEST_USER_PASSWORD
|
|
KSTEST_USER_DOMAIN_ID
|
|
KSTEST_PROJECT_ID
|
|
|
|
[testenv:debug-py34]
|
|
basepython = python3.4
|
|
commands =
|
|
# Cleanup *pyc
|
|
find keystone -type f -name "*.pyc" -delete
|
|
oslo_debug_helper {posargs}
|
|
|
|
[testenv:functional]
|
|
basepython = python3.4
|
|
deps = -r{toxinidir}/test-requirements.txt
|
|
setenv = OS_TEST_PATH=./keystone/tests/functional
|
|
commands =
|
|
find keystone -type f -name "*.pyc" -delete
|
|
python setup.py testr --slowest --testr-args='{posargs}'
|
|
passenv =
|
|
KSTEST_ADMIN_URL
|
|
KSTEST_ADMIN_USERNAME
|
|
KSTEST_ADMIN_PASSWORD
|
|
KSTEST_ADMIN_DOMAIN_ID
|
|
KSTEST_PUBLIC_URL
|
|
KSTEST_USER_USERNAME
|
|
KSTEST_USER_PASSWORD
|
|
KSTEST_USER_DOMAIN_ID
|
|
KSTEST_PROJECT_ID
|
|
|
|
[flake8]
|
|
filename= *.py,keystone-manage
|
|
show-source = true
|
|
|
|
# D100: Missing docstring in public module
|
|
# D101: Missing docstring in public class
|
|
# D102: Missing docstring in public method
|
|
# D103: Missing docstring in public function
|
|
# D104: Missing docstring in public package
|
|
# D203: 1 blank line required before class docstring (deprecated in pep257)
|
|
ignore = D100,D101,D102,D103,D104,D203
|
|
|
|
exclude=.venv,.git,.tox,build,dist,*lib/python*,*egg,tools,vendor,.update-venv,*.ini,*.po,*.pot
|
|
max-complexity=24
|
|
|
|
[testenv:docs]
|
|
commands=
|
|
bash -c "rm -rf doc/build"
|
|
bash -c "rm -rf doc/source/api"
|
|
python setup.py build_sphinx
|
|
|
|
[testenv:releasenotes]
|
|
commands = sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html
|
|
|
|
[testenv:genconfig]
|
|
commands = oslo-config-generator --config-file=config-generator/keystone.conf
|
|
|
|
[hacking]
|
|
import_exceptions =
|
|
keystone.i18n
|
|
six.moves
|
|
local-check-factory = keystone.tests.hacking.checks.factory
|
|
|
|
[testenv:bindep]
|
|
# Do not install any requirements. We want this to be fast and work even if
|
|
# system dependencies are missing, since it's used to tell you what system
|
|
# dependencies are missing! This also means that bindep must be installed
|
|
# separately, outside of the requirements files.
|
|
deps = bindep
|
|
commands = bindep test
|