In _http_log_response method of session.py module,
list "string_parts' is created as below.
string_parts = ['RESP:']
string_parts.append('[%s]' % response.status_code)
Could be rewritten as
string_parts = [
'RESP:',
'[%s]' % response.status_code
]
TrivialFix
Change-Id: I83d04a71e030f3904c84cead4659c230393631db
We should sanitize the response body before logging to make sure we
aren't leaking through credentials like in the case of the response from
the os-initialize_connection volume API.
Closes-Bug: #1490693
Change-Id: Ifd95d3fb624b4636fb72cc11762af62e00a026a0
The deprecation text should say when the property was deprecated
and when we expect to remove it.
bp deprecations
Change-Id: I9f1af56d03f0251a7cf3f4a4130928bb0780aece
On Windows, the 'socket' python module does not contain the
attributes TCP_KEEPCNT or TCP_KEEPINTVL, causing services
consuming the library to malfunction.
Adds conditionals for adding the mentioned socket attributes
to the socket options.
socket.SIO_KEEPALIVE_VALS cannot be added as a socket option
for Windows, as there is another way entirely to enable that
option.
Change-Id: I2e9746ae65400bbd23c3b48dfc3167de9eb66494
Partial-Bug: #1483696
Session.get_token() wasn't properly deprecated since the deprecation
was only mentioned in the docstring. Proper deprecation requires use
of warnings/debtcollector and documentation.
Also, changed a test to use the non-deprecated function instead where
the test wasn't checking that the deprecated function worked.
bp deprecations
Change-Id: I3d421b35554d58476281e037f90ab9b48e82730a
There was a comment to deprecate creating a Session with cert and
key rather than a tuple to cert.
Also, fixed places where the deprecated usage was being used.
bp deprecations
Change-Id: I3596635bbc5611dd002a8beb063540a8c284c192
Session.construct() wasn't properly deprecated since the deprecation
was only mentioned in the docstring. Proper deprecation requires use
of warnings/debtcollector and documentation.
bp deprecations
Change-Id: Ieff238aff9d39cfbbb80381b2392c33d0359acb3
Iterating over a dict results in the keys.
Using the 'in' operator on a dict checks if it's a key.
Change-Id: I6affbfa1a79a9e8c0b5b304078a7a8e4e792eecd
There was a lot of code that would have no effect if kwargs already
had socket_options set. To make the code clearer, only execute the
code if it's going to have an effect.
Change-Id: Ic42f5a0bac07113aff59d36d19293dc6d65cd58a
requirements.txt has requests>=2.5.2, so requests version is always
going to be >= 2.4.1 and there's no need to check it.
Change-Id: I8069cfbd54ce716979bc991d137bd2e71790a1e4
Previously we simply turned on TCP Keep-Alive which relied on
per-distribution, per-operating system defaults for keep-alive options.
Here we set reasonable defaults since long running processes can get
stuck for hours on end by using system defaults. This also adds comments
around the options to explain why they're being set.
Closes-bug: 1477275
Related-bug: 1323862
Change-Id: Ibd53ae2d4d2455db0ebc9951e5c764befc57850f
Python 3 deprecated the logger.warn method in favor of warning.
DeprecationWarning: The 'warn' method is deprecated, use 'warning'
instead
Change-Id: Idbd4de3c7c631fb2c235701c9b300c37a90d9538
To allow authentication plugins such as using client certificates or
doing kerberos authentication with every request we need a way for the
plugins to manipulate the send parameters.
Change-Id: Ib9e81773ab988ea05869bc27097d2b25e963e59c
Blueprint: generic-plugins
Passing a string that is formatted into a translation function doesn't
work. We need to pass the full translatable string.
Change-Id: I94b13f18c19b3b872fab380f8822a88db1b876e9
The Oslo libraries have moved all of their code out of the 'oslo'
namespace package into per-library packages. The namespace package was
retained during kilo for backwards compatibility, but will be removed by
the liberty-2 milestone. This change removes the use of the namespace
package, replacing it with the new package names.
The patches in the libraries will be put on hold until application
patches have landed, or L2, whichever comes first. At that point, new
versions of the libraries without namespace packages will be released as
a major version update.
Please merge this patch, or an equivalent, before L2 to avoid problems
with those library releases.
Blueprint: remove-namespace-packages
https://blueprints.launchpad.net/oslo-incubator/+spec/remove-namespace-packages
Change-Id: I387a7a1a817058a4daca313fe6df60612cb84864
The boolean value of a failed response is False and so the way we
populate the log output does not work when the request failed.
When logging check that a response is not None rather than simply
checking it's boolean value.
Change-Id: I07fb46f156fdf8267fd3d4dc7c587cd604838d73
Closes-Bug: #1451625
This should never have been added in a public way. I feel we are ok
making this private as there is no public use i can foresee.
Change-Id: Ib95365a11fa21146d51bea103c7709943aafdae8
It can become difficult to trace the client that created HTTP requests
as the logging all goes through the keystoneclient.session logger. Allow
passing the logger through the request function and make it able to be
set via the adapter so it can be set once per client instantiation.
Change-Id: Id45c315bee9a56f1c241210d667470751bf689d5
Closes-Bug: #1421868
Operations could fail if the response was logged and had a 'token'
field that's not a dict. The fix is to ignore all errors when
trying to remove the service catalog from the response.
Also, enhanced the service catalog removal code to support V2
tokens.
Closes-Bug: 1420080
Change-Id: I35b971415744825e8e5f00f30dcf193d04ee699a
This is a utility function that is used for reducing the amount of data
that is logged. It shouldn't be a public function.
I think there is very little risk from this in terms of compatibility as
it was only added recently.
Change-Id: I003e9f11be478b1282ea9cf179f2dd13e1672a80
The current scheme of having auth plugins only able to specify the
X-Auth-Token header via the get_token function is too limited for all
plugins. We need to allow both the case where the plugin wants to
control additional headers, or doesn't set the X-Auth-Token header at
all.
This deprecates the get_token interface in favour of the get_headers
interface. Whilst we should promote using get_headers it is likely that
plugins that only require setting the X-Auth-Token header will continue
to only support the get_token interface.
Change-Id: Ibd750d72acc3ba4fd8a880cad69173248ec4092f
blueprint: generic-plugins
The oslo.config libraries are moving away from oslo-namespaced
packages.
Note that his requires oslo.config>=1.6.0
bp drop-namespace-packages
Change-Id: Ic0d4053875da0628f2359c109f2779d12aadc3eb
Having the user_id and project_id exposed in the plugin is a good first
step however we don't really expect the user to be interacting with the
plugins directly often - particularly as you need to pass session to the
methods.
Exposing get_user_id and get_project_id on the session and the adapter
in this way is very similar to the way we expose get_token and
get_endpoint on the session and adapter for use higher up.
Related-Bug: #1364724
Change-Id: If2f868c3ddc19133f18446e74f8e1b560a4798fa
If the user creates a keystoneclient.session.Session without passing a
custom session, we will enable TCP Keep-Alive for the requests session
used by keystoneclient's Session.
novaclient and other clients can experience hung TCP connections. Most
clients use keystoneclient's session and will need this merged here
before they can make use of it in their projects.
Change-Id: Ib70a8b3270d2492596b9fb8981b8584b85567a9c
Closes-bug: 1323862
The whole service catalog is embedded in every token, and by default
all token responses are logged at DEBUG. This adds a huge amount of
basically const data into system logs, over and over and over again.
We should not log the service catalog by default on every token
response. The following replaces the service catalog with the token
<removed>.
This reduces the compressed logs of API services by about 1/3.
Change-Id: I95832d0f13ca93c4618784da9d1eb9ca166cae53
The online docs for the Session class are unusable because the
arguments to __init__ were not displayed.
This and other issues in the docstrings for the class are corrected.
Change-Id: Ia03b785f132f7d21ba576c0c8d634051d7127319
python-keystoneclient displays curl statements for debugging/troubleshooting
purposes. For IPv6 URLs, curl requires --globoff to be passed in the
arguments. Since keystoneclient does not use curl directly, this patch
displays the curl commands with globoff option which works for both
IPv4 and IPv6 URLs.
Fix adapted from python-novaclient Ib7099e8e3bbc15f29bbaa1db37ef21e78a74e7bc
Closes-Bug: #1228744
Change-Id: Ia05e622dea653597d412ffe0987077616fbb18af
Keystoneclient didn't provide translated messages. With this
change, the messages are marked for translation.
DocImpact
Implements: blueprint keystoneclient-i18n
Change-Id: I85263a71671a1dffed524185266e6bb7ae559630
If you are using a custom CA bundle rather than the default OS one then
we should log that as part of the curl statement to make debugging
easier.
Change-Id: I1a6ded02b75a3bc9b1ca880db8a9b9b460d36774
The argument to the :raises: directive is the class name. If the
class name is a valid reference it's rendered as a link to the
class. This change cleans up the :raises: directives to use the
reference correctly and use a valid class reference.
Change-Id: I84188b60de0ab4c6b5b2fb5a203c43bfde094707
The :returns: directive doesn't take an argument. To specify the
return type, use the :rtype: directive.
Change-Id: I3aaab824792333b3f75a10af92f5b712cc9b4ff6
