Update middleware and tests for new package

Update the middleware code and the tests to run with the new
package name.

keystonemiddleware/auth_token.py

@@ -154,18 +154,18 @@ import stat
 import tempfile
 import time
 
+from keystoneclient import access
+from keystoneclient.common import cms
+from keystoneclient import exceptions
 import netaddr
 from oslo.config import cfg
 import six
 from six.moves import urllib
 
-from keystoneclient import access
+from keystonemiddleware import memcache_crypt
-from keystoneclient.common import cms
+from keystonemiddleware.openstack.common import jsonutils
-from keystoneclient import exceptions
+from keystonemiddleware.openstack.common import memorycache
-from keystoneclient.middleware import memcache_crypt
+from keystonemiddleware.openstack.common import timeutils
-from keystoneclient.openstack.common import jsonutils
-from keystoneclient.openstack.common import memorycache
-from keystoneclient.openstack.common import timeutils
 
 
 # alternative middleware configuration in the main application's
@@ -1567,7 +1567,7 @@ def app_factory(global_conf, **local_conf):
 if __name__ == '__main__':
     """Run this module directly to start a protected echo service::
 
-        $ python -m keystoneclient.middleware.auth_token
+        $ python -m keystonemiddleware.auth_token
 
     When the ``auth_token`` module authenticates a request, the echo service
     will respond with all the environment variables presented to it by this

keystonemiddleware/ec2_token.py

@@ -25,33 +25,36 @@ import requests
 import webob.dec
 import webob.exc
 
-from keystone.common import config
+from keystonemiddleware.openstack.common import jsonutils
-from keystone.common import wsgi
-from keystone.openstack.common import jsonutils
 
 keystone_ec2_opts = [
-    cfg.StrOpt('keystone_ec2_url',
+    cfg.StrOpt('url',
                default='http://localhost:5000/v2.0/ec2tokens',
                help='URL to get token from ec2 request.'),
-    cfg.StrOpt('keystone_ec2_keyfile', help='Required if EC2 server requires '
+    cfg.StrOpt('keyfile',
-               'client certificate.'),
+               help='Required if EC2 server requires client certificate.'),
-    cfg.StrOpt('keystone_ec2_certfile', help='Client certificate key '
+    cfg.StrOpt('certfile',
-               'filename. Required if EC2 server requires client '
+               help='Client certificate key filename. Required if EC2 server '
-               'certificate.'),
+                    'requires client certificate.'),
-    cfg.StrOpt('keystone_ec2_cafile', help='A PEM encoded certificate '
+    cfg.StrOpt('cafile',
-               'authority to use when verifying HTTPS connections. Defaults '
+               help='A PEM encoded certificate authority to use when '
-               'to the system CAs.'),
+                    'verifying HTTPS connections. Defaults to the system '
-    cfg.BoolOpt('keystone_ec2_insecure', default=False, help='Disable SSL '
+                    'CAs.'),
-                'certificate verification.'),
+    cfg.BoolOpt('insecure', default=False,
+                help='Disable SSL certificate verification.'),
 ]
 
-CONF = config.CONF
+CONF = cfg.CONF
-CONF.register_opts(keystone_ec2_opts)
+CONF.register_opts(keystone_ec2_opts, group='keystone_ec2_token')
 
 
-class EC2Token(wsgi.Middleware):
+class EC2Token(object):
     """Authenticate an EC2 request with keystone and convert to token."""
 
+    def __init__(self, application):
+        super(EC2Token, self).__init__()
+        self.application = application
+
     @webob.dec.wsgify()
     def __call__(self, req):
         # Read request signature and access id.
@@ -81,18 +84,20 @@ class EC2Token(wsgi.Middleware):
         headers = {'Content-Type': 'application/json'}
 
         verify = True
-        if CONF.keystone_ec2_insecure:
+        if CONF.keystone_ec2_token.insecure:
             verify = False
-        elif CONF.keystone_ec2_cafile:
+        elif CONF.keystone_ec2_token.cafile:
-            verify = CONF.keystone_ec2_cafile
+            verify = CONF.keystone_ec2_token.cafile
 
         cert = None
-        if CONF.keystone_ec2_certfile and CONF.keystone_ec2_keyfile:
+        if (CONF.keystone_ec2_token.certfile and
-            cert = (CONF.keystone_ec2_certfile, CONF.keystone_ec2_keyfile)
+                CONF.keystone_ec2_token.keyfile):
-        elif CONF.keystone_ec2_certfile:
+            cert = (CONF.keystone_ec2_certfile,
-            cert = CONF.keystone_ec2_certfile
+                    CONF.keystone_ec2_token.keyfile)
+        elif CONF.keystone_ec2_token.certfile:
+            cert = CONF.keystone_ec2_token.certfile
 
-        response = requests.post(CONF.keystone_ec2_url, data=creds_json,
+        response = requests.post(CONF.keystone_ec2_token.url, data=creds_json,
                                  headers=headers, verify=verify, cert=cert)
 
         # NOTE(vish): We could save a call to keystone by
@@ -108,3 +113,19 @@ class EC2Token(wsgi.Middleware):
         # Authenticated!
         req.headers['X-Auth-Token'] = token_id
         return self.application
+
+
+def filter_factory(global_conf, **local_conf):
+    """Returns a WSGI filter app for use with paste.deploy."""
+    conf = global_conf.copy()
+    conf.update(local_conf)
+
+    def auth_filter(app):
+        return EC2Token(app, conf)
+    return auth_filter
+
+
+def app_factory(global_conf, **local_conf):
+    conf = global_conf.copy()
+    conf.update(local_conf)
+    return EC2Token(None, conf)

keystonemiddleware/s3_token.py

@@ -38,7 +38,7 @@ import requests
 import six
 from six.moves import urllib
 
-from keystoneclient.openstack.common import jsonutils
+from keystonemiddleware.openstack.common import jsonutils
 
 
 PROTOCOL_NAME = 'S3 Token Authentication'

keystonemiddleware/tests/client_fixtures.py

@@ -15,13 +15,13 @@
 import os
 
 import fixtures
+from keystoneclient.common import cms
+from keystoneclient import utils
 import six
 import testresources
 
-from keystoneclient.common import cms
+from keystonemiddleware.openstack.common import jsonutils
-from keystoneclient.openstack.common import jsonutils
+from keystonemiddleware.openstack.common import timeutils
-from keystoneclient.openstack.common import timeutils
-from keystoneclient import utils
 
 
 TESTDIR = os.path.dirname(os.path.abspath(__file__))

keystonemiddleware/tests/test_auth_token_middleware.py

@@ -25,22 +25,22 @@ import uuid
 import fixtures
 import httpretty
 import iso8601
+from keystoneclient import access
+from keystoneclient.common import cms
+from keystoneclient import exceptions
+from keystoneclient import fixture
 import mock
 import testresources
 import testtools
 from testtools import matchers
 import webob
 
-from keystoneclient import access
+from keystonemiddleware import auth_token
-from keystoneclient.common import cms
+from keystonemiddleware.openstack.common import jsonutils
-from keystoneclient import exceptions
+from keystonemiddleware.openstack.common import memorycache
-from keystoneclient import fixture
+from keystonemiddleware.openstack.common import timeutils
-from keystoneclient.middleware import auth_token
+from keystonemiddleware.tests import client_fixtures
-from keystoneclient.openstack.common import jsonutils
+from keystonemiddleware.tests import utils
-from keystoneclient.openstack.common import memorycache
-from keystoneclient.openstack.common import timeutils
-from keystoneclient.tests import client_fixtures
-from keystoneclient.tests import utils
 
 
 EXPECTED_V2_DEFAULT_ENV_RESPONSE = {
@@ -1018,14 +1018,14 @@ class CommonAuthTokenMiddlewareTest(object):
         token = self.token_dict['signed_token_scoped']
         req.headers['X-Auth-Token'] = token
         req.environ.update(extra_environ)
-        timeutils_utcnow = 'keystoneclient.openstack.common.timeutils.utcnow'
+        utcnow = 'keystonemiddleware.openstack.common.timeutils.utcnow'
         now = datetime.datetime.utcnow()
-        with mock.patch(timeutils_utcnow) as mock_utcnow:
+        with mock.patch(utcnow) as mock_utcnow:
             mock_utcnow.return_value = now
             self.middleware(req.environ, self.start_fake_response)
             self.assertIsNotNone(self._get_cached_token(token))
         expired = now + datetime.timedelta(seconds=token_cache_time)
-        with mock.patch(timeutils_utcnow) as mock_utcnow:
+        with mock.patch(utcnow) as mock_utcnow:
             mock_utcnow.return_value = expired
             self.assertIsNone(self._get_cached_token(token))
 
@@ -1811,7 +1811,7 @@ class TokenExpirationTest(BaseAuthTokenMiddlewareTest):
                           auth_token.confirm_token_not_expired,
                           data)
 
-    @mock.patch('keystoneclient.openstack.common.timeutils.utcnow')
+    @mock.patch('keystonemiddleware.openstack.common.timeutils.utcnow')
     def test_v2_token_with_timezone_offset_not_expired(self, mock_utcnow):
         current_time = timeutils.parse_isotime('2000-01-01T00:01:10.000123Z')
         current_time = timeutils.normalize_time(current_time)
@@ -1822,7 +1822,7 @@ class TokenExpirationTest(BaseAuthTokenMiddlewareTest):
         actual_expires = auth_token.confirm_token_not_expired(data)
         self.assertEqual(actual_expires, expected_expires)
 
-    @mock.patch('keystoneclient.openstack.common.timeutils.utcnow')
+    @mock.patch('keystonemiddleware.openstack.common.timeutils.utcnow')
     def test_v2_token_with_timezone_offset_expired(self, mock_utcnow):
         current_time = timeutils.parse_isotime('2000-01-01T00:01:10.000123Z')
         current_time = timeutils.normalize_time(current_time)
@@ -1846,7 +1846,7 @@ class TokenExpirationTest(BaseAuthTokenMiddlewareTest):
                           auth_token.confirm_token_not_expired,
                           data)
 
-    @mock.patch('keystoneclient.openstack.common.timeutils.utcnow')
+    @mock.patch('keystonemiddleware.openstack.common.timeutils.utcnow')
     def test_v3_token_with_timezone_offset_not_expired(self, mock_utcnow):
         current_time = timeutils.parse_isotime('2000-01-01T00:01:10.000123Z')
         current_time = timeutils.normalize_time(current_time)
@@ -1858,7 +1858,7 @@ class TokenExpirationTest(BaseAuthTokenMiddlewareTest):
         actual_expires = auth_token.confirm_token_not_expired(data)
         self.assertEqual(actual_expires, expected_expires)
 
-    @mock.patch('keystoneclient.openstack.common.timeutils.utcnow')
+    @mock.patch('keystonemiddleware.openstack.common.timeutils.utcnow')
     def test_v3_token_with_timezone_offset_expired(self, mock_utcnow):
         current_time = timeutils.parse_isotime('2000-01-01T00:01:10.000123Z')
         current_time = timeutils.normalize_time(current_time)

keystonemiddleware/tests/test_memcache_crypt.py

@@ -13,7 +13,7 @@
 import six
 import testtools
 
-from keystoneclient.middleware import memcache_crypt
+from keystonemiddleware import memcache_crypt
 
 
 class MemcacheCryptPositiveTests(testtools.TestCase):

keystonemiddleware/tests/test_s3_token_middleware.py

@@ -19,9 +19,9 @@ import six
 import testtools
 import webob
 
-from keystoneclient.middleware import s3_token
+from keystonemiddleware.openstack.common import jsonutils
-from keystoneclient.openstack.common import jsonutils
+from keystonemiddleware import s3_token
-from keystoneclient.tests import utils
+from keystonemiddleware.tests import utils
 
 
 GOOD_RESPONSE = {'access': {'token': {'id': 'TOKEN_ID',

keystonemiddleware/tests/utils.py

@@ -24,7 +24,7 @@ from six.moves.urllib import parse as urlparse
 import testtools
 import uuid
 
-from keystoneclient.openstack.common import jsonutils
+from keystonemiddleware.openstack.common import jsonutils
 
 
 class TestCase(testtools.TestCase):