Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.
Signed-off-by: Sean McGinnis <firstname.lastname@example.org>
The repo is Python 3 now, so update hacking to version 3.0 which
supports Python 3.
Fix problems found.
Update local hacking checks for new flake8.
Remove hacking and friends from lower-constraints, those are not
needed for co-installing.
SDK is going to start using these Token fixtures to programmatically
create fake service catalogs in the test suite containing entries
for everything in service-types-authority.
In order to be able to test code paths where some service does not
exist, it would be good to be able to just remove a service from
the catalog, instead of needing to construct a full new one from
To help enable testing authenticating with application credentials in
keystonemiddleware we need the keystoneauth token fixtures to support
application credentials. This change adds application credentials to the
fixtures along with mocking of the new access rules attribute. Additionally,
add support for the new attribute in the AccessInfoV3 object so that
it will fully represent the new structure.
An advantage of consuming keystoneauth is that the application doesn't
need to know the details of the authentication sequence to use the
library. Currently in testing they are having to provide a specific auth
plugin and this means their tests execute this full auth sequence and
they have to mock that out.
Create a SimpleTestPlugin that has the standard values that an
application might be interested in. This can be used in testing instead
of a real plugin to remove any network interaction and simplify the
authentication component so applications can focus on their problems.
We then create 2 fixtures that will mock out functions to load the
SimpleTestPlugin instead of a real plugin in application code.
The SimpleLoaderFixture will mock out all calls to keystoneauth plugin
loading and return the basic plugin, which is going to be sufficient for
testing for most applications.
The SimplePluginFixutre will mock out a specific function and return a
SimpleTestPlugin so that applications can mock out just a specific
section of loading code.
The positional decorator results in poorly maintainable code in
a misguided effort to emulate python3's key-word-arg only notation
and functionality. This patch removes keysteonauth's dependance
on the positional decorator.
Flesh out docstrings for the following in discover.py:
From the API-WG spec, there are two common patterns for service URLs
that can be interpreted. Trailing project_id and a string that starts
with v. If the project_id is in the URL, it needs to be removed before
discovery can happen, but it needs to be put back on to the url found
via discovery. If the endpointin the catalog has a version, and it
matches the version we're asking for, then we don't need to go hunting
for the unversioned doc.
Also, in the EndpointData we're collecting, we want to grab microversion
info, since we're already there in the discovery doc.
There is one behavior change that can be seen in the tests. If the
attempt at an unversioned discovery endpoint fails, we fall back to the
url from the catalog ... but we attempt to get a discovery document from
it because we need the metadata for microversions. The catalog URL should be
returned as the endpoint even if the second discovery call attempt
succeeds, so the user-facing interface is the same - there will just be,
in some cases, an additional URL fetch behind the scenes.
In the betamax pre-record hook included in keystoneauth1.fixtures, there
was an assumption that ever request body would have JSON. While most
will, this at least checks that they're not empty prior to trying to
decode the body.
The default matchers for Betamax are decent enough for simple GET
requests. However, when POSTing data, extra matchers are often required
in order to provide quality matching of a request being made to one that
has already been recorded.
Betamax allows users to specify serializers without having to provide a
class that needs registration. The BetamaxFixture previously assumed
that any user would want to specify a custom serializer or just use the
built-in (for keystoneauth1) YamlJsonSerializer instead of one of the
other serializers provided by Betamax or other packages. Instead, the
BetamaxFixture now accepts `serializer_name` which allows users to
simply provide the name of the serializer they want to use, e.g.,
'json'. This also constrains the determination of the name of the
serializer specified by the user to the BetamaxFixture class and hides
it beneath a property to simplify the patcher's logic.
This change allows the Betamax default workflow to be used via the
fixture. That workflow is:
- Write a test that uses Betamax but for which no cassette presently
- Run test which causes Betamax to create the cassette and record the
- Re-run tests and ensure that no network activity has actually happened
Keystoneauth1's YamlJsonSerializer relied on yaml.safe_load to return
something other than None if a file was loaded. Unfortunately, if the
file is zero-length then it will return None which breaks the above
Instead, let's check the return value and if it is not None, return it,
otherwise, simply return an empty dictionary as Betamax expects.
Saving json responses all on one line escaped inside of json
cassettes is great for computers, but is impossible for humans to
read. Add a serializer that is nicely flowed yaml that emits
multi-line values as yaml blocks. Additionally, re-flow and indent
the nested json, which will stay as json.
An example of the output produced can be seen at:
Hook it in to the keystoneauth1 betamax fixture by default, because
why in the world would you want ugly when you can have pretty.
We cannot rely on native recorded fixtures with betamax,
because of two reasons: - betamax is recording cloud usernames
and passwords. If we run this into real clouds, that's a security
problem. We need to replace those by dummy users and passwords -
when keystone tokens are generated, they are recorded with a fixed
expiration time. That means, that tests are passing until the token
expire, but after that, tests are no longer valid because the
recorded token is in the past.
So need to use pre_record hook to alter the recorded results.
The hook has to update fixtures with 2 things: - mask user,
password and tenant for clouds - set a token expiration date in
the long future.
This patch allows keystoneauth to handle the v3 project scoped token
'is_domain' flag, that represents whether the scoped project acts as a
Follow on patches will build on this to create policy rules to execute
domain scoped token operations with project tokens.
There is currently incomplete is_admin_project information in the token.
We can expose this already via keystoneauth because we have to handle
the default case where there is nothing in the token.
The default feels backwards but to handle the historical situation where
a deployment has not got the admin_project set all projects were in the
admin project so it must default to true for policy enforcement.
Adds the fixture handling as well for testing with this enabled.
Currently keystoneuath1 only allow to send 'all' recorder to
betamax. Update the conditional to allow passing all the valid
record modes: once, all, new_episodes.
Running unit tests of keystoneauth in Python 3.5 reveals the issue
that in Python 3.5+, keys() is not a copy, and therefore items can't
be popped from it while iterating.
This patch iterate over copy of session.adapters keys in Python2/3.
Several of these docstrings were referring to classes that didn't
exist. For example, they referenced keystonauth which doesn't
exist and is supposed to be keystoneauth1.
Add a BetaMax fixture that handles wrapping the constructor for
KeystoneAuth Session in a way to provide the BetaMax interfaces.
This is in support of enabling easy functional testing that includes
responses to live-clouds for consumers of KeystoneAuth.
A future patch will provide a template for stripping out sensitive
(e.g. password) data from the recordings so that the cassetts can be
more easily included in git repositories for functional testing.
The bind information is a standard part of the token data and can be
access from auth_token middleware so it should be exposed as part of the
Using a mutable type implies that it's acceptable for the set of
publicly-accessible attributes to be mutated at runtime, which defeats
their intended purpose of documenting the public interface. Tuples are
Commit 6950527 in python-keystoneclient added role_ids
and role_names properties to fixtures.v3.Token, and
they're used in keystoneclient unit tests, so adding
these will allow keystoneclient to switch to using
Conver from the keystoneauth namespace to keystoneauth1. This is to
ensure that is is possible to install all versions of keystoneauth