Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.
Change-Id: I07d61e1a8f18d65acdf86cdd61f7d9e28157f1d7
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
The repo is Python 3 now, so update hacking to version 3.0 which
supports Python 3.
Fix problems found.
Update local hacking checks for new flake8.
Remove hacking and friends from lower-constraints, those are not
needed for co-installing.
Change-Id: I59f0854c089a6ed4f0c4dad7755f946dc95ada3a
SDK is going to start using these Token fixtures to programmatically
create fake service catalogs in the test suite containing entries
for everything in service-types-authority.
In order to be able to test code paths where some service does not
exist, it would be good to be able to just remove a service from
the catalog, instead of needing to construct a full new one from
scratch.
Change-Id: I4b5469aefbe9b91c125da482509cdc627faa5525
To help enable testing authenticating with application credentials in
keystonemiddleware we need the keystoneauth token fixtures to support
application credentials. This change adds application credentials to the
fixtures along with mocking of the new access rules attribute. Additionally,
add support for the new attribute in the AccessInfoV3 object so that
it will fully represent the new structure.
bp whitelist-extension-for-app-creds
Change-Id: Ia6fece77390942ac012be1c80691ba86dc1e49b4
This commit introduces the necessary bits in order to get system
scoped tokens from a keystone server.
bp system-scope
Change-Id: I538f2a6cd2b4113910dfdac250c14f17f80051f6
An advantage of consuming keystoneauth is that the application doesn't
need to know the details of the authentication sequence to use the
library. Currently in testing they are having to provide a specific auth
plugin and this means their tests execute this full auth sequence and
they have to mock that out.
Create a SimpleTestPlugin that has the standard values that an
application might be interested in. This can be used in testing instead
of a real plugin to remove any network interaction and simplify the
authentication component so applications can focus on their problems.
We then create 2 fixtures that will mock out functions to load the
SimpleTestPlugin instead of a real plugin in application code.
The SimpleLoaderFixture will mock out all calls to keystoneauth plugin
loading and return the basic plugin, which is going to be sufficient for
testing for most applications.
The SimplePluginFixutre will mock out a specific function and return a
SimpleTestPlugin so that applications can mock out just a specific
section of loading code.
Change-Id: Ica852dcbd89323b23f1681403f8c57b5399bf4e7
The positional decorator results in poorly maintainable code in
a misguided effort to emulate python3's key-word-arg only notation
and functionality. This patch removes keysteonauth's dependance
on the positional decorator.
Change-Id: I20106345747860365cd0203ba1b33a2900e045b9
Flesh out docstrings for the following in discover.py:
- get_version_data
- version_to_string
- Discover.version_data
- EndpointData._get_version_discover_hack
and keystoneauth1.fixture.discovery.MicroversionDiscovery
Change-Id: I0358a86b13c8a9d2179d5bbf66a7ded7e6c777d1
From the API-WG spec, there are two common patterns for service URLs
that can be interpreted. Trailing project_id and a string that starts
with v. If the project_id is in the URL, it needs to be removed before
discovery can happen, but it needs to be put back on to the url found
via discovery. If the endpointin the catalog has a version, and it
matches the version we're asking for, then we don't need to go hunting
for the unversioned doc.
Also, in the EndpointData we're collecting, we want to grab microversion
info, since we're already there in the discovery doc.
There is one behavior change that can be seen in the tests. If the
attempt at an unversioned discovery endpoint fails, we fall back to the
url from the catalog ... but we attempt to get a discovery document from
it because we need the metadata for microversions. The catalog URL should be
returned as the endpoint even if the second discovery call attempt
succeeds, so the user-facing interface is the same - there will just be,
in some cases, an additional URL fetch behind the scenes.
Change-Id: I2a036d65e4f7dba6f50daf6a0ce4589ee59ae95f
In the betamax pre-record hook included in keystoneauth1.fixtures, there
was an assumption that ever request body would have JSON. While most
will, this at least checks that they're not empty prior to trying to
decode the body.
Change-Id: I91b80b143576bd4f99392152c4d4675406e26f66
Closes-bug: #1671195
The default matchers for Betamax are decent enough for simple GET
requests. However, when POSTing data, extra matchers are often required
in order to provide quality matching of a request being made to one that
has already been recorded.
Change-Id: I801e52a028e9293cf28c6894b2fe10384cce3267
Closes-bug: #1671111
Betamax allows users to specify serializers without having to provide a
class that needs registration. The BetamaxFixture previously assumed
that any user would want to specify a custom serializer or just use the
built-in (for keystoneauth1) YamlJsonSerializer instead of one of the
other serializers provided by Betamax or other packages. Instead, the
BetamaxFixture now accepts `serializer_name` which allows users to
simply provide the name of the serializer they want to use, e.g.,
'json'. This also constrains the determination of the name of the
serializer specified by the user to the BetamaxFixture class and hides
it beneath a property to simplify the patcher's logic.
Change-Id: Ibed341014c864c5f557ab3e80ce6acc687781ede
Closes-bug: #1670699
This change allows the Betamax default workflow to be used via the
fixture. That workflow is:
- Write a test that uses Betamax but for which no cassette presently
exists
- Run test which causes Betamax to create the cassette and record the
interactions
- Re-run tests and ensure that no network activity has actually happened
Keystoneauth1's YamlJsonSerializer relied on yaml.safe_load to return
something other than None if a file was loaded. Unfortunately, if the
file is zero-length then it will return None which breaks the above
workflow.
Instead, let's check the return value and if it is not None, return it,
otherwise, simply return an empty dictionary as Betamax expects.
Change-Id: I5b7d01439f391e2ecb589850e90573c74cd38080
Closes-bug: #1670697
The openstack.org pages now support https and our references to
the site should by default be one signed by the organization.
Change-Id: I8a0588259d7b3fc8bd10504ffba7129b840e2a0d
Saving json responses all on one line escaped inside of json
cassettes is great for computers, but is impossible for humans to
read. Add a serializer that is nicely flowed yaml that emits
multi-line values as yaml blocks. Additionally, re-flow and indent
the nested json, which will stay as json.
An example of the output produced can be seen at:
https://review.openstack.org/#/c/328338/2/shade/tests/unit/fixtures/test_create_flavor.yaml
Hook it in to the keystoneauth1 betamax fixture by default, because
why in the world would you want ugly when you can have pretty.
Change-Id: I457408fcbbdca240090228d18f0482f958a7d6e4
Improved the hook to be more flexible, and support v3
request/response masking. Improved testing, adding full
json samples to be parsed.
Change-Id: I5e7e2bc9627f423abcaaaa1e3335a46ab5377ef8
We cannot rely on native recorded fixtures with betamax,
because of two reasons: - betamax is recording cloud usernames
and passwords. If we run this into real clouds, that's a security
problem. We need to replace those by dummy users and passwords -
when keystone tokens are generated, they are recorded with a fixed
expiration time. That means, that tests are passing until the token
expire, but after that, tests are no longer valid because the
recorded token is in the past.
So need to use pre_record hook to alter the recorded results.
The hook has to update fixtures with 2 things: - mask user,
password and tenant for clouds - set a token expiration date in
the long future.
Change-Id: I5d959ee9386fb0321e9d39c73792155acd6b4851
Closes-Bug: 1570384
This patch allows keystoneauth to handle the v3 project scoped token
'is_domain' flag, that represents whether the scoped project acts as a
domain.
Follow on patches will build on this to create policy rules to execute
domain scoped token operations with project tokens.
Change-Id: I28bea2aa1e1ab299eba1dfa9f0a8451a7846a5d5
Partially-Implements: add-isdomain-to-token
Depends-On: Ic0bd0c6cf2c47680063752820a067cf40d47b184
There is currently incomplete is_admin_project information in the token.
We can expose this already via keystoneauth because we have to handle
the default case where there is nothing in the token.
The default feels backwards but to handle the historical situation where
a deployment has not got the admin_project set all projects were in the
admin project so it must default to true for policy enforcement.
Adds the fixture handling as well for testing with this enabled.
Change-Id: I58db52427a2bac6cd56794429559771499dc7f5a
Closes-Bug: #1577996
Currently tox ignores D400 (D400: First line should end with a period).
This change removes D400 ignore.
All pep8 violatios are fixed.
Change-Id: I9190a15a36c90d3c60a9c520cb53d5f182b0c4e9
Currently keystoneuath1 only allow to send 'all' recorder to
betamax. Update the conditional to allow passing all the valid
record modes: once, all, new_episodes.
Change-Id: Ieca378fedf2933d7643b19512bf7fe846972caa9
Closes-Bug: 1568840
Running unit tests of keystoneauth in Python 3.5 reveals the issue
that in Python 3.5+, keys() is not a copy, and therefore items can't
be popped from it while iterating.
This patch iterate over copy of session.adapters keys in Python2/3.
Change-Id: I4a4340d6f0b09e047e992d0a7236f83ff5eac7a3
Closes-Bug: #1565728
Several of these docstrings were referring to classes that didn't
exist. For example, they referenced keystonauth which doesn't
exist and is supposed to be keystoneauth1.
Change-Id: I070d32937c11b111f1821c466e8dfe55caadd748
The positional library was spun directly out of what keystoneauth1 was
using so this is a fairly trivial change.
Change-Id: I7931ed1547d2a05e2d248bc3240a576dc68a0a40
Add a BetaMax fixture that handles wrapping the constructor for
KeystoneAuth Session in a way to provide the BetaMax interfaces.
This is in support of enabling easy functional testing that includes
responses to live-clouds for consumers of KeystoneAuth.
A future patch will provide a template for stripping out sensitive
(e.g. password) data from the recordings so that the cassetts can be
more easily included in git repositories for functional testing.
Change-Id: Ibd6e525fef9f2541f97d33de0d2f02f991d122e5
Depends-On: I8787954ab5d0e3963e97c160783301b48ab8299f
The bind information is a standard part of the token data and can be
access from auth_token middleware so it should be exposed as part of the
AccessInfo object.
Change-Id: I45fc6eeed43f335aa1d771bdf1a11257432cb85c
Using a mutable type implies that it's acceptable for the set of
publicly-accessible attributes to be mutated at runtime, which defeats
their intended purpose of documenting the public interface. Tuples are
immutable.
Change-Id: Ib3ab93224ba240040b08ece481ef5ba620c3f658
Commit 6950527 in python-keystoneclient added role_ids
and role_names properties to fixtures.v3.Token, and
they're used in keystoneclient unit tests, so adding
these will allow keystoneclient to switch to using
keystoneauth fixtures.
Change-Id: Ic5fa6a427a7b52d3c50b8022ac98a87f3cb630a1
Conver from the keystoneauth namespace to keystoneauth1. This is to
ensure that is is possible to install all versions of keystoneauth
side-by-side.
Change-Id: Ibbaf11525980c8edb5968d8b8ee19c55094e77d8
Sean McGinnis