This updates lower constraints to versions that will work with py38 so
that when we move to running on focal nodes, which has py38 as its
default py3 runtime, the lower-constraints job will continue to pass.
It also cleans out some secondary requirements that are no longer needed
due to our direct dependencies being updated.
Linters are removed that are kept in the global requirements blacklist
as those are not version tracked and are not relevant for our
lower-constraints unit test runs.
Change-Id: I228212d8347a33a6bc2735a8506acffe58bee2ec
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
It is difficult to keep the py35 upper constraints on reqiorements
repo's upper-constarint.txt file as update-constraint tools generate
the new file everytime with official supported python version only
which is py3.6 and py3.8 for Victoria cycle
- https://review.opendev.org/#/c/730428
Let's keep the py3.5 constraints in-tree which can be used in py35
unit test job.
Change-Id: Iec2eaa2b7e8df777b6988c2134e7771b9b1fb5b5
In case of global-request-id request, Adapter
send two global request id header
- "X-OpenStack-Request-ID"
- "X-Openstack-Request-Id".
Example: https://zuul.opendev.org/t/openstack/build/c5b1debf78df4aa3bdda34f0b4c53c37/log/testrepository.subunit#2385
This is becasue of the header not being Case Insensitive
and end up with two different name of same header with difference
of cap 'D'.
Unit test for whether request global-request-id has precedence
over adapter fail many times because of how different python version
treat the dict. py3.6 and above are all good as dict maintain the
insertion ordered but py3.5 can fail it any time.
We can see consistent failure in py35 jobs:
- https://review.opendev.org/#/c/730687/
Let's make the headers always Case Insensitive which is
what RFC says.
Change-Id: Iba707dd0506d22e144aca4fdfc9b140c8e37ae02
Closes-Bug: #1881351
Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.
Change-Id: I07d61e1a8f18d65acdf86cdd61f7d9e28157f1d7
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
Without this, it's possible to get HTTP 404 errors from keystone if
OS_AUTH_URL isn't versioned (e.g., https://keystone.example.com/ instead
of https://keystone.example.com/v3), even if OS_IDENTITY_API is set to
3.
This commit works around this issue by checking the AUTH_URL before
building the token_url and appending '/v3' to the URL before sending the
request.
Closes-Bug: 1876317
Change-Id: Ic75f0c9b36022b884105b87bfe05f4f8292d53b2
flake8 new release 3.8.0 added new checks and gate pep8
job start failing. hacking 3.0.1 fix the pinning of flake8 to
avoid bringing in a new version with new checks.
Though it is fixed in latest hacking but 2.0 and 3.0 has cap for
flake8 as <4.0.0 which mean flake8 new version 3.9.0 can also
break the pep8 job if new check are added.
Cap pycodestyle also as flake8-import-order does not cap the pycodestyle
and pull its latest version and break things.
Also removing the pycodestyle from lower-constraints file
as theose are blacklisted requirements and does not need to be present
there.
To avoid similar gate break in future, we need to bump the hacking min
version.
- http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014828.html
Change-Id: I003f8f63e06c5263ef88df9dab90bbd74cb62ea5
Switch to openstackdocstheme 2.2.1 and reno 3.1.0 versions. Using
these versions will allow especially:
* Linking from HTML to PDF document
* Allow parallel building of documents
* Fix some rendering problems
Update Sphinx version as well.
Set openstackdocs_pdf_link to link to PDF file. Note that
the link to the published document only works on docs.openstack.org
where the PDF file is placed in the top-level html directory. The
site-preview places the PDF in a pdf directory.
Disable openstackdocs_auto_name to use 'project' variable as name.
Change pygments_style to 'native' since old theme version always used
'native' and the theme now respects the setting and using 'sphinx' can
lead to some strange rendering.
Remove docs requirements from lower-constraints, they are not needed
during install or test but only for docs building.
openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.
See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html
Change-Id: I23798a960616d53d1cc54342640e670fc677738d
keystoneauth is a little special in the world, in that it's an user
facing library and takes pride in staying compatible. As such it
doesn't change much, so the likelihood that patches will land that
break python3.5 is really low in the first place.
Although the overall openstack python3 support goal puts a min of
python3.6 - which is a great choice, keystoneauth has a big user,
OpenStackSDK, that is keeping python3.5 because OpenStackSDK has
a big user - Zuul, that still supports python3.5.
To be friendly to everyone, keep the py35 unit tests just to make
sure nobody lands f-strings or anything.
Once Zuul drops python3.5 we can circle back around and drop it
here too.
Remove openstackdocstheme from test-requirements.txt. It only
needs to be in doc/requirements.txt.
Change-Id: If380bbf77b757655b1dc55322f4636ef83986fe5
This repo is now testing only with Python 3, so let's make
a few cleanups:
- Remove python 2.7 stanza from setup.py
- Add requires on python >= 3.6 to setup.cfg so that pypi and pip
know about the requirement
- Remove obsolete sections from setup.cfg
- Update classifiers
- Update requirements, no need for python_version anymore
- Cleanup doc/source/conf.py to remove now obsolete content.
- Use newer openstackdocstheme and Sphinx versions
- Remove install_command from tox.ini, the default is fine
- Remove hacking from doc/requirements, we don't need to autodoc it.
- Remove Babel, this repo does not use it.
Change-Id: I8ad7b5e6ef11ea51c587ff58bfc54aee4fcda9da
Add file to the reno documentation build to show release notes for
stable/ussuri.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/ussuri.
Change-Id: Ia506af26cca82e96f157bc777521fd82d39a74f5
Sem-Ver: feature
The repo is Python 3 now, so update hacking to version 3.0 which
supports Python 3.
Fix problems found.
Update local hacking checks for new flake8.
Remove hacking and friends from lower-constraints, those are not
needed for co-installing.
Change-Id: I59f0854c089a6ed4f0c4dad7755f946dc95ada3a
Since 'access_token' literal is not an actual token, we can safely
mark it as false positive so bandit can stop chirping.
Change-Id: Ib035b67fe8ec9185507929bf982cf18636411c08
Some services, like Nova, default to requiring auth for their
versioned discovery documents. This means strict discovery
does not work on them, because discovery as it is now defaults
to not sending auth. Just changing the default would be a behavior
change resulting in sending unneeded data with *every* request.
Instead, respond to Unauthorized exceptions by retrying the request
with auth token. This way discovery will work for services that
are otherwise blocking unauthenticated access, and will get more
efficient over time as those services improve.
Depends-On: https://review.opendev.org/#/c/685999
Change-Id: I8a33e8a05bed0f18e4e42431f6d16b8a6a5270ef
This issue was found while working on reproducible builds for openSUSE.
This solves it similar to change I73bde68be53afff4e8dff12d756b8381f34b2adb
Changed month to February to avoid races around new year.
Change-Id: I2a28f3f4eaabaa772df395f3f5d55b6fd78f8968
Use sphinx-build instead of the pbr sphinx extention for building docs
as instructed by the PTI[1].
This requires using the sphinxcontrib-apidoc plugin rather than the
autodoc pbr extention. We also remove the reference to the ChangeLog
file that is usually generated by pbr and instead refer to the published
reno release notes. Also fixes the header formatting for the index page,
as the headers weren't rendering at all.
[1] https://governance.openstack.org/tc/reference/pti/python.html
Change-Id: Iec8b99fa89877e357cf2e754abad77c9032acad1
Add file to the reno documentation build to show release notes for
stable/train.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/train.
Change-Id: I66c0ab254ad9dc0427d4fbdbeea0ffb623284588
Sem-Ver: feature
With the requests-mock logger now configured to log the request[1],
checking that the logger output does *not* contain the request is
invalid. Simplify these two tests by omitting the assertion.
[1] https://github.com/jamielennox/requests-mock/pull/93
Closes-bug: #1842978
Change-Id: If3c0447502917bce831d3e9f7ae4c31374dd4380
Though we can now set ``connect_retires`` while creating an adapter object,
that would allow retries in case of connection timeout (ex. with session
clients derived from Adapater/LegacyJsonAdapater), it can't be used in
certain scenarios like endpoint discovery with auth plugin get_discovery()
or getting AccessInfo with get_access()/get_auth_ref().
Having ``connect_retries`` in Session constructor would allow users
with option of setting it when creating session objects (if they want)
and can be overridden per service with the adapter interface.
This commit also changes the default value of ``connect_retries`` from
0 to None to allow for adapter's to override retries on the session
object.
Depends-On: https://review.opendev.org/#/c/680497/
Change-Id: Iffb671fefae23926b1f09017d9db438341eae238
Partial-Bug: #1840235
If an external session object was not passed to the Session class, we
create a requests.Session() on our own. Once this is used, it may still
have an open connection when the auth Session is closed. We need to
handle the closing of the requests.Session() ourselves if we created
one. If you do not close it, a ResourceWarning may be reported about the
socket that is left open. If a session object is provided, we do not
attempt to close it as it will be up to the code consuming keystoneauth
to properly handle cleaning up the provided session.
Change-Id: I590755d665b371c76ba8e02836d81d41a95ac601
Closes-Bug: #1838704
- new exception when an auth receipt is returned.
- a new method for auth receipt.
- support to existing v3 Auth plugins to add additional methods.
- Added a new MultiFactor plugin with loading support which
takes method names as strings.
Change-Id: Ie6601a50011118e3a07be9752f747c2298ff5230
Closes-Bug: #1839748
SDK is going to start using these Token fixtures to programmatically
create fake service catalogs in the test suite containing entries
for everything in service-types-authority.
In order to be able to test code paths where some service does not
exist, it would be good to be able to just remove a service from
the catalog, instead of needing to construct a full new one from
scratch.
Change-Id: I4b5469aefbe9b91c125da482509cdc627faa5525
Clients like ironicclient and swiftclient use fixed delay for their
build-in retry functionality. To replace it without changing behavior
we need a similar feature.
Change-Id: I1f9de98dae5719842f03d45e5a9d724199d5718b
Adds a release note for the per-request global_request_id kwarg that was
added via [1].
[1] Ied73320fcd813ae796e40cbdb30717900486b92c
Change-Id: I2c347e928b20c9533dc2758adc75bc8fdd78c006
Adapter.__init__ takes a global_request_id which causes the
X-Openstack-Request-Id header to be set on each request. This is fine if
the Adapter is used for only one "request" (in the sense of e.g. "a
server create" -- see [1]), but is too broad if the Adapter is reused
for multiple requests. For example, Nova's SchedulerReportClient (used
to communicate with Placement) creates a single instance of Adapter for
the life of the process [2][3][4]. Openstack SDK's Proxy objects [5]
endure for the life of a Connection.
So what is needed is a way to manage the X-Openstack-Request-Id header
on a per-request basis.
This commit adds a global_request_id kwarg to
keystoneauth1.session.Session.request, which is the funnel point for all
requests coming through Adapter as well as Session itself. (All the
methods feeding into that one already accept and pass through arbitrary
**kwargs.) If present, the value in the X-Openstack-Request-Id header is
set accordingly. Note that this will *override*
Adapter.global_request_id, which is exactly what we want, as described
above.
[1] http://specs.openstack.org/openstack/oslo-specs/specs/pike/global-req-id.html
[2] bea9058f02/nova/scheduler/client/report.py (L200)
[3] bea9058f02/nova/scheduler/client/report.py (L243)
[4] bea9058f02/nova/utils.py (L1219-L1221)
[5] bf6651f149/openstack/proxy.py (L114)
Change-Id: Ied73320fcd813ae796e40cbdb30717900486b92c
Currently it grows exponentially, exceeding 1 hour after 15 retries.
While we don't expect people to have so many retries, we should not
let them shoot their legs.
Change-Id: I01dfaa1c379340a0d41fcfdb07298fdef6110941
Sean McGinnis
OpenStack Release Bot