Commit Graph

33 Commits (6ee21bd722b3e1dbec3e5a211e32f10fb2a20603)

Author SHA1 Message Date
Sean McGinnis edc2ae4249
Use unittest.mock instead of third party mock
Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.

Change-Id: I07d61e1a8f18d65acdf86cdd61f7d9e28157f1d7
Signed-off-by: Sean McGinnis <>
2020-05-29 10:37:58 -05:00
Andreas Jaeger c096099416 Update hacking for Python3
The repo is Python 3 now, so update hacking to version 3.0 which
supports Python 3.

Fix problems found.

Update local hacking checks for new flake8.

Remove hacking and friends from lower-constraints, those are not
needed for co-installing.

Change-Id: I59f0854c089a6ed4f0c4dad7755f946dc95ada3a
2020-03-31 20:11:31 +02:00
Monty Taylor 8e59fb20b3 Add remove_service to token fixtures
SDK is going to start using these Token fixtures to programmatically
create fake service catalogs in the test suite containing entries
for everything in service-types-authority.

In order to be able to test code paths where some service does not
exist, it would be good to be able to just remove a service from
the catalog, instead of needing to construct a full new one from

Change-Id: I4b5469aefbe9b91c125da482509cdc627faa5525
2019-08-07 21:42:57 +00:00
Colleen Murphy 8ea9bee56c Expose app creds and new attrs in fixtures
To help enable testing authenticating with application credentials in
keystonemiddleware we need the keystoneauth token fixtures to support
application credentials. This change adds application credentials to the
fixtures along with mocking of the new access rules attribute. Additionally,
add support for the new attribute in the AccessInfoV3 object so that
it will fully represent the new structure.

bp whitelist-extension-for-app-creds

Change-Id: Ia6fece77390942ac012be1c80691ba86dc1e49b4
2019-02-25 00:35:00 +01:00
Lance Bragstad f9ab615eb1 Implement system scope
This commit introduces the necessary bits in order to get system
scoped tokens from a keystone server.

bp system-scope

Change-Id: I538f2a6cd2b4113910dfdac250c14f17f80051f6
2018-01-17 15:50:11 +00:00
Jamie Lennox d545c4e97d Add loading mock fixtures
An advantage of consuming keystoneauth is that the application doesn't
need to know the details of the authentication sequence to use the
library. Currently in testing they are having to provide a specific auth
plugin and this means their tests execute this full auth sequence and
they have to mock that out.

Create a SimpleTestPlugin that has the standard values that an
application might be interested in. This can be used in testing instead
of a real plugin to remove any network interaction and simplify the
authentication component so applications can focus on their problems.

We then create 2 fixtures that will mock out functions to load the
SimpleTestPlugin instead of a real plugin in application code.

The SimpleLoaderFixture will mock out all calls to keystoneauth plugin
loading and return the basic plugin, which is going to be sufficient for
testing for most applications.

The SimplePluginFixutre will mock out a specific function and return a
SimpleTestPlugin so that applications can mock out just a specific
section of loading code.

Change-Id: Ica852dcbd89323b23f1681403f8c57b5399bf4e7
2017-08-28 13:53:19 +10:00
Morgan Fainberg 335a8cdf03 Remove use of positional decorator
The positional decorator results in poorly maintainable code in
a misguided effort to emulate python3's key-word-arg only notation
and functionality. This patch removes keysteonauth's dependance
on the positional decorator.

Change-Id: I20106345747860365cd0203ba1b33a2900e045b9
2017-08-07 16:37:07 -07:00
Eric Fried 3ae350b5bf Expand some docstrings
Flesh out docstrings for the following in
- get_version_data
- version_to_string
- Discover.version_data
- EndpointData._get_version_discover_hack

and keystoneauth1.fixture.discovery.MicroversionDiscovery

Change-Id: I0358a86b13c8a9d2179d5bbf66a7ded7e6c777d1
2017-07-10 19:21:27 +00:00
Monty Taylor a4066a86b5
Add url manipulation and microversion collection
From the API-WG spec, there are two common patterns for service URLs
that can be interpreted. Trailing project_id and a string that starts
with v. If the project_id is in the URL, it needs to be removed before
discovery can happen, but it needs to be put back on to the url found
via discovery. If the endpointin the catalog has a version, and it
matches the version we're asking for, then we don't need to go hunting
for the unversioned doc.

Also, in the EndpointData we're collecting, we want to grab microversion
info, since we're already there in the discovery doc.

There is one behavior change that can be seen in the tests. If the
attempt at an unversioned discovery endpoint fails, we fall back to the
url from the catalog ... but we attempt to get a discovery document from
it because we need the metadata for microversions. The catalog URL should be
returned as the endpoint even if the second discovery call attempt
succeeds, so the user-facing interface is the same - there will just be,
in some cases, an additional URL fetch behind the scenes.

Change-Id: I2a036d65e4f7dba6f50daf6a0ce4589ee59ae95f
2017-06-26 06:00:34 -05:00
Jenkins 6083624a8e Merge "Allow users to specify request matchers in Betamax" 2017-03-09 00:35:26 +00:00
Ian Cordasco a68e2c1305 Prevent JSON decode errors in the pre-record hook
In the betamax pre-record hook included in keystoneauth1.fixtures, there
was an assumption that ever request body would have JSON. While most
will, this at least checks that they're not empty prior to trying to
decode the body.

Change-Id: I91b80b143576bd4f99392152c4d4675406e26f66
Closes-bug: #1671195
2017-03-08 12:37:21 -06:00
Ian Cordasco e290dd3015 Allow users to specify request matchers in Betamax
The default matchers for Betamax are decent enough for simple GET
requests. However, when POSTing data, extra matchers are often required
in order to provide quality matching of a request being made to one that
has already been recorded.

Change-Id: I801e52a028e9293cf28c6894b2fe10384cce3267
Closes-bug: #1671111
2017-03-08 11:55:26 -06:00
Jenkins 0cd0191818 Merge "Allow users to specify a serializer easily" 2017-03-07 21:36:12 +00:00
Ian Cordasco cf00bc8510 Allow users to specify a serializer easily
Betamax allows users to specify serializers without having to provide a
class that needs registration. The BetamaxFixture previously assumed
that any user would want to specify a custom serializer or just use the
built-in (for keystoneauth1) YamlJsonSerializer instead of one of the
other serializers provided by Betamax or other packages. Instead, the
BetamaxFixture now accepts `serializer_name` which allows users to
simply provide the name of the serializer they want to use, e.g.,
'json'. This also constrains the determination of the name of the
serializer specified by the user to the BetamaxFixture class and hides
it beneath a property to simplify the patcher's logic.

Change-Id: Ibed341014c864c5f557ab3e80ce6acc687781ede
Closes-bug: #1670699
2017-03-07 08:49:24 -06:00
Ian Cordasco 6da2d42137 Allow new cassettes to be recorded via fixture
This change allows the Betamax default workflow to be used via the
fixture. That workflow is:

- Write a test that uses Betamax but for which no cassette presently
- Run test which causes Betamax to create the cassette and record the
- Re-run tests and ensure that no network activity has actually happened

Keystoneauth1's YamlJsonSerializer relied on yaml.safe_load to return
something other than None if a file was loaded. Unfortunately, if the
file is zero-length then it will return None which breaks the above

Instead, let's check the return value and if it is not None, return it,
otherwise, simply return an empty dictionary as Betamax expects.

Change-Id: I5b7d01439f391e2ecb589850e90573c74cd38080
Closes-bug: #1670697
2017-03-07 08:16:23 -06:00
Eric Brown 049e2e6b9b Use https for * references
The pages now support https and our references to
the site should by default be one signed by the organization.

Change-Id: I8a0588259d7b3fc8bd10504ffba7129b840e2a0d
2017-02-06 13:45:24 -08:00
Monty Taylor 85822f32d4
Add tests for YamlJsonSerializer
Tests are a good thing in general. Also, found and fixed an edge-case
bug with deserialization.

Change-Id: Ic91e6242c0552d916c73237e7589388b0862013c
2016-08-04 11:15:51 -05:00
Monty Taylor c21ce26ff3
Add pretty serializer for betamax fixture
Saving json responses all on one line escaped inside of json
cassettes is great for computers, but is impossible for humans to
read. Add a serializer that is nicely flowed yaml that emits
multi-line values as yaml blocks. Additionally, re-flow and indent
the nested json, which will stay as json.

An example of the output produced can be seen at:

Hook it in to the keystoneauth1 betamax fixture by default, because
why in the world would you want ugly when you can have pretty.

Change-Id: I457408fcbbdca240090228d18f0482f958a7d6e4
2016-07-18 11:38:24 -05:00
Yolanda Robla 797865c1d5 Update keystoneauth fixture to support v3
Improved the hook to be more flexible, and support v3
request/response masking. Improved testing, adding full
json samples to be parsed.

Change-Id: I5e7e2bc9627f423abcaaaa1e3335a46ab5377ef8
2016-05-24 13:39:44 +02:00
Jenkins 29aaac32e1 Merge "Add is_domain to keystoneauth token" 2016-05-24 07:16:23 +00:00
Yolanda Robla aae4612534 Use betamax hooks to mask fixture results
We cannot rely on native recorded fixtures with betamax,
because of two reasons: - betamax is recording cloud usernames
and passwords. If we run this into real clouds, that's a security
problem. We need to replace those by dummy users and passwords -
when keystone tokens are generated, they are recorded with a fixed
expiration time. That means, that tests are passing until the token
expire, but after that, tests are no longer valid because the
recorded token is in the past.

So need to use pre_record hook to alter the recorded results.
The hook has to update fixtures with 2 things: - mask user,
password and tenant for clouds - set a token expiration date in
the long future.

Change-Id: I5d959ee9386fb0321e9d39c73792155acd6b4851
Closes-Bug: 1570384
2016-05-23 16:33:24 +02:00
Clenimar Sousa b1f1e50a0d Add is_domain to keystoneauth token
This patch allows keystoneauth to handle the v3 project scoped token
'is_domain' flag, that represents whether the scoped project acts as a

Follow on patches will build on this to create policy rules to execute
domain scoped token operations with project tokens.

Change-Id: I28bea2aa1e1ab299eba1dfa9f0a8451a7846a5d5
Partially-Implements: add-isdomain-to-token
Depends-On: Ic0bd0c6cf2c47680063752820a067cf40d47b184
2016-05-18 21:56:36 -03:00
Jamie Lennox ed75863807 Expose is_admin_project in AccessInfo
There is currently incomplete is_admin_project information in the token.
We can expose this already via keystoneauth because we have to handle
the default case where there is nothing in the token.

The default feels backwards but to handle the historical situation where
a deployment has not got the admin_project set all projects were in the
admin project so it must default to true for policy enforcement.

Adds the fixture handling as well for testing with this enabled.

Change-Id: I58db52427a2bac6cd56794429559771499dc7f5a
Closes-Bug: #1577996
2016-05-10 14:10:52 +10:00
Navid Pustchi 2e0c0030a9 Removing tox ignore D400.
Currently tox ignores D400 (D400: First line should end with a period).
This change removes D400 ignore.
All pep8 violatios are fixed.

Change-Id: I9190a15a36c90d3c60a9c520cb53d5f182b0c4e9
2016-04-18 21:20:51 +00:00
Yolanda Robla 1aa6667b81 Allow to send different recorders to betamax
Currently keystoneuath1 only allow to send 'all' recorder to
betamax. Update the conditional to allow passing all the valid
record modes: once, all, new_episodes.

Change-Id: Ieca378fedf2933d7643b19512bf7fe846972caa9
Closes-Bug: 1568840
2016-04-11 15:05:44 +02:00
Thomas Goirand 7dd4208e5c fix OrderedDict mutated during iteration
Running unit tests of keystoneauth in Python 3.5 reveals the issue
that in Python 3.5+, keys() is not a copy, and therefore items can't
be popped from it while iterating.

This patch iterate over copy of session.adapters keys in Python2/3.

Change-Id: I4a4340d6f0b09e047e992d0a7236f83ff5eac7a3
Closes-Bug: #1565728
2016-04-04 13:10:10 +02:00
Brant Knudson 417f2238ae Cleanup docstrings
Several of these docstrings were referring to classes that didn't
exist. For example, they referenced keystonauth which doesn't
exist and is supposed to be keystoneauth1.

Change-Id: I070d32937c11b111f1821c466e8dfe55caadd748
2016-02-19 14:42:16 -06:00
Jamie Lennox f21def7061 Use positional library instead of our own copy
The positional library was spun directly out of what keystoneauth1 was
using so this is a fairly trivial change.

Change-Id: I7931ed1547d2a05e2d248bc3240a576dc68a0a40
2016-01-25 09:31:48 +11:00
Morgan Fainberg 491e7160cf Add BetaMax Fixture
Add a BetaMax fixture that handles wrapping the constructor for
KeystoneAuth Session in a way to provide the BetaMax interfaces.

This is in support of enabling easy functional testing that includes
responses to live-clouds for consumers of KeystoneAuth.

A future patch will provide a template for stripping out sensitive
(e.g. password) data from the recordings so that the cassetts can be
more easily included in git repositories for functional testing.

Change-Id: Ibd6e525fef9f2541f97d33de0d2f02f991d122e5
Depends-On: I8787954ab5d0e3963e97c160783301b48ab8299f
2015-12-06 17:57:06 -05:00
Jamie Lennox 4fd8531fd5 Expose bind data via AccessInfo
The bind information is a standard part of the token data and can be
access from auth_token middleware so it should be exposed as part of the
AccessInfo object.

Change-Id: I45fc6eeed43f335aa1d771bdf1a11257432cb85c
2015-10-15 17:22:30 +11:00
Dolph Mathews 10c5961426 Make __all__ immutable
Using a mutable type implies that it's acceptable for the set of
publicly-accessible attributes to be mutated at runtime, which defeats
their intended purpose of documenting the public interface. Tuples are

Change-Id: Ib3ab93224ba240040b08ece481ef5ba620c3f658
2015-10-01 18:21:31 +00:00
Brant Knudson 64ccd3c500 Add role_ids, role_names to v3 fixture
Commit 6950527 in python-keystoneclient added role_ids
and role_names properties to fixtures.v3.Token, and
they're used in keystoneclient unit tests, so adding
these will allow keystoneclient to switch to using
keystoneauth fixtures.

Change-Id: Ic5fa6a427a7b52d3c50b8022ac98a87f3cb630a1
2015-08-06 16:17:00 +00:00
Morgan Fainberg a0000e4e9a Move to the keystoneauth1 namespace
Conver from the keystoneauth namespace to keystoneauth1. This is to
ensure that is is possible to install all versions of keystoneauth

Change-Id: Ibbaf11525980c8edb5968d8b8ee19c55094e77d8
2015-06-25 16:48:54 -07:00