This client hasn't been compatible with Python 2 in years,
so there is no point depending on a Python 2/Python 3
compatibility library.
Change-Id: I6979fcf0f92408751d9c3df937c8d4c060cfff54
A bandit patch to block sha1 hash is failing CI [1], due to a false
positive on hashlib.sha1 (which actually uses HMAC-SHA1 in keystone
that is considered more secure then standard SHA1)
This change marks a # nosec comment against the line which is
triggering the false positive in Bandit.
[1] https://review.openstack.org/#/c/437563/6
Change-Id: Ib9618119c77f41fba0e612e37c7511676bed47e8
The positional decorator results in poorly maintainable code in
a misguided effort to emulate python3's key-word-arg only notation
and functionality. This patch removes keystoneclient's dependance
on the positional decorator.
Change-Id: I9e691cc8b0c04992f4a8dabd67e1b413d3220d23
1.As mentioned in [1], we should avoid using six.iteritems to achieve
iterators. We can use dict.items instead, as it will return iterators
in PY3 as well. And dict.items/keys will more readable.
2.In py2, the performance about list should be negligible, see the
link [2].
[1] https://wiki.openstack.org/wiki/Python3
[2] http://lists.openstack.org/pipermail/openstack-dev/2015-June/066391.html
Change-Id: I18a6890935ebdbb589269379f21a0dd47d07eb3a
In debug mode, when a response's header Content-Type is set
to "application/json" with a parameter, i.e.,
"application/json; charset=UTF-8". This patch set ignores
the additional parameter and only match the mimetype.
Change-Id: Ie8fcb1061e0e49b039436947524cfdc704c83846
Closes-Bug: #1656981
When whitelisting content types to debug print from session we chose
application/json and application/text. application/text is not a real
mime type, text is typically text/plain.
Rather than guess at mime types only print application/json to start
with, but make it easy for additional types to be added later.
Adapted from keystoneauth: Ica5fee076cdab8b1d5167161d28af7313fad9477
Related-Bug: 1616105
Change-Id: Ieaa8fb3ea8d25e09b89498f23b70b18c0f6153f1
Currently, logs display the hash values of X-Auth-Token,
Authorization, and X-Subject-Token, but not the value of
the X-Service-Token. This patch set adds the X-Service-Token
to the list of header fields to be hashed for logging purposes.
Change-Id: Iaa3a27f4b6c3baf964fa0c71328ffe9df43b2c0a
Closes-Bug: #1654847
Do not log binary data during debug logging of a session.
Replace the binary data with the string <binary_data> instead.
sort of a backport of: I5184002f3a21c5e0ee510b21b9a7884c8dccd1e3
Change-Id: I07ddbc3967f297597542f1975004d94c490f6e6b
Related-Bug: 1616105
Response bodies are loaded into memory prior to
being logged.
Loading huge response bodies may result in a
MemoryError.
This patch proposes that only JSON and TEXT
responses be logged, i.e when the Content-Type
header is application/json or application/text.
Responses that do not include or have a different
Content-Type header will have their body omitted.
This is a sort of backport of the fix for
keystoneauth sessions, see
I93b6fff73368c4f58bdebf8566c4948b50980cee
Co-Authored-By: Samuel de Medeiros Queiroz <samueldmq@gmail.com>
Closes-bug: 1616105
Change-Id: I8f43eee3a0b35041c6cf672e476f8151cf2f8d14
Assigments replaced with argument assigment: endpoints.py, service_catalog.py
Note added: 'original_ip' value is never used: session.py
Refactor 'find()' method to increase readability: base.py
Change-Id: I469331b123fdf03e9e7c5d93e1c95da57d30fbbe
Currently tox ignores D202 and D203.
D202: No blank lines allowed after function docstring.
D203: 1 blank required before class docstring.
This change removes D202 and D203 ignores in tox and fix violations.
Change-Id: I97ef88c9cfd56774e47f789cbbcf8ccfe85d7737
Currently tox ignores D204, D205, and D207.
D204: 1 blank required after class docstring.
D205: Blank line required between one-line summary and description.
D207: Docstring is under-indented.
This change removes D204, D205, and D207 ignores in tox and fix violations.
Change-Id: Id20d216fbd7647d468859b960088aac61c582d9b
Currently tox ignores D401.
401: First line should be in imperative mood.
This change removes it and make keystoneclient docstrings compliant with it.
Change-Id: If34ff12d18390b357342cf29f2d116dd3c86a44d
Removing old configuration options for build-in defaults of latest
bandit functionality. Also, marking flagged items with _# nosec_
with a descriptive comment on why the code is acceptable as is.
Co-Authored-By: Christopher J Schaefer <cjschaef@us.ibm.com>
Co-Authored-By: Tom Cocozzello <tjcocozz@us.ibm.com>
Change-Id: I138ebd46a8be195177361a9c3306bb70423b639d
If the logging of an HTTP request causes a UnicodeDecodeError,
modify the log entry using oslo_utils.encodeutils.safe_decode
with errors='replace' and try again
Co-Authored-By: Nikita Konovalov <nkonovalov@mirantis.com>
Change-Id: Ic365c654ebca4045208c6c30e232665145db7b4c
Closes-Bug: #1453953
Deprecate the keystoneclient Session object in favour of keystoneauth's
Session.
Change-Id: I26e000d626a466f63d10d2a961adc698f8de0636
Implements: bp deprecate-to-ksa
Previously, there were a string of commits to keystone that addresed ignored
hacking checks. This commit does the same for H405 in keystoneclient. This
also modifies our tox.ini so that we no longer ignore H405 violations.
Change-Id: I2af152e5425a0e9c82314039fdbb90d661c22680
Closes-Bug: 1482773
When no valid keystone endpoint exist, EndpointNotFound exception
is raised with an error message
Change-Id: I75b00cb73b18bc19261c061e0ae217ef251f8853
Closes-Bug: #1208991
Iterate over a copy of session.adapters keys in both Python 2.x and
Python 3.x. In Python 3.x, keys() is not a copy, and therefore
items can't be popped from it while iterating.
Note that this patch addresses the following error message which
is new in Python 3.5. That is, you need to be using Python 3.5+
to reproduce this error.
RuntimeError: OrderedDict mutated during iteration
https://bugs.python.org/issue24369https://hg.python.org/cpython/rev/0d8679858272
Change-Id: Iaa2be0dc8ef26e51ce5e8f50049c9e8f84418ec0
Closes-Bug: #1483872
In _http_log_response method of session.py module,
list "string_parts' is created as below.
string_parts = ['RESP:']
string_parts.append('[%s]' % response.status_code)
Could be rewritten as
string_parts = [
'RESP:',
'[%s]' % response.status_code
]
TrivialFix
Change-Id: I83d04a71e030f3904c84cead4659c230393631db
We should sanitize the response body before logging to make sure we
aren't leaking through credentials like in the case of the response from
the os-initialize_connection volume API.
Closes-Bug: #1490693
Change-Id: Ifd95d3fb624b4636fb72cc11762af62e00a026a0
The deprecation text should say when the property was deprecated
and when we expect to remove it.
bp deprecations
Change-Id: I9f1af56d03f0251a7cf3f4a4130928bb0780aece
On Windows, the 'socket' python module does not contain the
attributes TCP_KEEPCNT or TCP_KEEPINTVL, causing services
consuming the library to malfunction.
Adds conditionals for adding the mentioned socket attributes
to the socket options.
socket.SIO_KEEPALIVE_VALS cannot be added as a socket option
for Windows, as there is another way entirely to enable that
option.
Change-Id: I2e9746ae65400bbd23c3b48dfc3167de9eb66494
Partial-Bug: #1483696
Session.get_token() wasn't properly deprecated since the deprecation
was only mentioned in the docstring. Proper deprecation requires use
of warnings/debtcollector and documentation.
Also, changed a test to use the non-deprecated function instead where
the test wasn't checking that the deprecated function worked.
bp deprecations
Change-Id: I3d421b35554d58476281e037f90ab9b48e82730a
There was a comment to deprecate creating a Session with cert and
key rather than a tuple to cert.
Also, fixed places where the deprecated usage was being used.
bp deprecations
Change-Id: I3596635bbc5611dd002a8beb063540a8c284c192
Session.construct() wasn't properly deprecated since the deprecation
was only mentioned in the docstring. Proper deprecation requires use
of warnings/debtcollector and documentation.
bp deprecations
Change-Id: Ieff238aff9d39cfbbb80381b2392c33d0359acb3
Iterating over a dict results in the keys.
Using the 'in' operator on a dict checks if it's a key.
Change-Id: I6affbfa1a79a9e8c0b5b304078a7a8e4e792eecd
There was a lot of code that would have no effect if kwargs already
had socket_options set. To make the code clearer, only execute the
code if it's going to have an effect.
Change-Id: Ic42f5a0bac07113aff59d36d19293dc6d65cd58a
requirements.txt has requests>=2.5.2, so requests version is always
going to be >= 2.4.1 and there's no need to check it.
Change-Id: I8069cfbd54ce716979bc991d137bd2e71790a1e4
Previously we simply turned on TCP Keep-Alive which relied on
per-distribution, per-operating system defaults for keep-alive options.
Here we set reasonable defaults since long running processes can get
stuck for hours on end by using system defaults. This also adds comments
around the options to explain why they're being set.
Closes-bug: 1477275
Related-bug: 1323862
Change-Id: Ibd53ae2d4d2455db0ebc9951e5c764befc57850f
Python 3 deprecated the logger.warn method in favor of warning.
DeprecationWarning: The 'warn' method is deprecated, use 'warning'
instead
Change-Id: Idbd4de3c7c631fb2c235701c9b300c37a90d9538
To allow authentication plugins such as using client certificates or
doing kerberos authentication with every request we need a way for the
plugins to manipulate the send parameters.
Change-Id: Ib9e81773ab988ea05869bc27097d2b25e963e59c
Blueprint: generic-plugins
Passing a string that is formatted into a translation function doesn't
work. We need to pass the full translatable string.
Change-Id: I94b13f18c19b3b872fab380f8822a88db1b876e9
The Oslo libraries have moved all of their code out of the 'oslo'
namespace package into per-library packages. The namespace package was
retained during kilo for backwards compatibility, but will be removed by
the liberty-2 milestone. This change removes the use of the namespace
package, replacing it with the new package names.
The patches in the libraries will be put on hold until application
patches have landed, or L2, whichever comes first. At that point, new
versions of the libraries without namespace packages will be released as
a major version update.
Please merge this patch, or an equivalent, before L2 to avoid problems
with those library releases.
Blueprint: remove-namespace-packages
https://blueprints.launchpad.net/oslo-incubator/+spec/remove-namespace-packages
Change-Id: I387a7a1a817058a4daca313fe6df60612cb84864
The boolean value of a failed response is False and so the way we
populate the log output does not work when the request failed.
When logging check that a response is not None rather than simply
checking it's boolean value.
Change-Id: I07fb46f156fdf8267fd3d4dc7c587cd604838d73
Closes-Bug: #1451625
