In addition to removing an unnecessary dependency, this closes another
hole that was allowing raw bytes to appear in user-facing messages.
Change-Id: Ia0b76426a38e5a5c368c4c7e7ba2aef286758aca
A previous change added socket timeouts, but they weren't plumbed
through to the get_auth code path. Make sure we're passing them along
everywhere.
Original-Author: Monty Taylor <mordred@inaugust.com>
Change-Id: I398241898248e66d1f8c436c8ed2ec7a0e9387f6
Closes-bug: 1447847
The underlying requests library supports a timeout input parameter. The
other python-*client libraries support passing it in, so while working
on shade, it seemed like a great idea to be able to pass in timeout to
swiftclient too. For reference, there's a change in shade:
I095c1240693abf024bda2315dd77f4400b24a45b that shows interaction with
the other libs, and a tentative patch that would consume this one.
Change-Id: I699ebb1e092aa010af678de7ba15712da6ed5315
Currently, get_object returns a generator. This allows access to the
object's data in multiples of 'resp_chunk_size'.
This patch adds a read function to also allow accessing the object data
using read(size).
This allows, for example, the consumer of an object (where no byte range
has been specified) to read up to certain boundaries while streaming to
a new Large Object with segments of a specified size.
Reading and chunking can be safely mixed.
Related-Bug: 1367925
Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com>
Change-Id: I1cfb67f45afc7015fd896f1a89bebae048871769
When using stream=True, we need to make sure we release a connection
back to the connection pool to avoid warnings clogging up the logs. We
can do this by releasing the connection once we've read all the content
from the response. In situations where stream=False, requests already
does this for us.
Related-bug: 1424732
Closes-bug: 1341777
Change-Id: Id1c72ad86135a49d4b985992d788736b65f7dbda
Changed existing code to calculate the MD5 of the object
during the upload stream. Checks this MD5 against the etag
returned in the response.
An exception is raised if they do not match.
Closes-Bug: 1379263
Change-Id: I6c8bc1366dfb591a26d934a30cd21c9e6b9a04ce
Missing cacert parameter in get_auth_1_0() and it makes requests_args['verify']
is True in default(likes "swift --os-cacert ssl.crti list").
The requests_args['verify'] should be a ca-certificate file name("ssl.crt").
Change-Id: Id3110f3818f55922ad19eeb1ead80fface824009
Closes-Bug: 1418473
If you specify a token and storage url when creating a Connection,
regardless of the auth api version the first request will be made
directly to swift. You can either provide a preauthurl and preauthtoken
or fall back to os_options' object_storage_url and auth_token keys
(exposed as --os-storage-url and --os-auth-token on the command line or
OS_STORAGE_URL and OS_AUTH_TOKEN in the environment).
If a _retry wrapped request on a Connection fails because of invalid
authentication (401) the Connection's cached token and url will be
invalidated. If the Connection's retries attribute is > 0 the
subsequent attempt will call get_auth to refresh the token, but the
pre-configured storage_url will always be re-used. This is consistent
with current auth v2 behavior and less surprising for auth v1.
The pre-existing, but previously undocumented behavior/interface of
get_auth would override the storage_url returned by the auth service if
the 'os_storage_url' option was provided in the os_options dict. To
ensure that this behavior is consistent across auth v1 and v2 from the
command line and when using the Connection class as a library - the
preauthurl is stashed in the os_options dict when provided.
Improved Connection.get_capabilities storage_url handling to better
support the consistent behavior of a preauthurl/object_storage_url on
the connection regardless of auth version.
Fixed up some test infrastructure to enable setting up and testing
multiple requests/responses.
Change-Id: I6950fb73f3e28fdddb62760cae9320e2f4336776
Swiftclient hangs forever without any reasonable hint if someone
uses a recent version of swiftclient together with auth version
2 or later. The reason for this is the sys.exit() call in a thread
- the main thread never exists, and swift just waits forever.
Raising a ClientException instead of calling sys.exit() fixes this
and returns the desired information back to the user.
Change-Id: I1fdff85da2dd4b883d337d6098b1695e448d6f2b
keystoneclient isn't adding a NullHandler to its logger,
so we see 'No handlers could be found for logger...'
messages when using the swift cli with keystone auth.
Since keystoneclient follows the usual pattern of
naming loggers from module name, we can add a
NullHandler to the 'keystoneclient' logger to handle
any logging from the library.
Note that this makes no change to keystoneclient
logging being emitted when using 'swift --debug'
or 'swift --info'.
No test because I am not sure how to usefully
test this without ending up just testing a mock
of keystoneclient.
Change-Id: Ic81cf8e5a590ae9224d35e3a5b1c5f2a8c33835a
Changed the message shown when a user doesn't enter project/tenant
id/name to be more informative.
When attempting to stat a container without supplying project/tenant
name or id, an empty response was being returned instead of an error
being raised.
Changed the error raised in swiftclient.client when no tenant or project
is specified to be more specific.
Add tests for basic regression checking.
Closes-Bug: #1372589
Change-Id: I4eb6964d9f1702db119cc0294edc02841b1ecd5f
Some client.Connection methods will raise a KeyError
if a response_dict argument is passed and an error
occurs during authentication or making the request.
The fix is straightforward: add a test for existence
of a response_dict before attempting to get it from
kwargs.
The bulk of this patch is adding unit tests for the
response_dict feature.
Closes-Bug: 1381304
Change-Id: Ic7e1b3dfae33909533931c52ac97355867a08a07
We forgot to propagate options into http_connection() for the info
aka capabilities command. Fix is to use the proper helper.
Fixes bug: 1381866
Change-Id: I9515203c969a1bba38dd909412355080383905f9
Fixes a regression that is preventing swiftclient from
authenticating using keystone v3 options.
swiftclient/shell.py processes the dict of command
line options to set up a child dict ('os_options')
of keystone auth specific options (line 960). The
processing includes stripping --os- prefixes from
the command line options before adding keys to
os_options.
A recent patch https://review.openstack.org/#/c/85453/
introduced a duplication of this option processing
in service.py (line 79) which replaces the os_options
created in shell.py, but omits keystone v3 related
options. Consequently the keystone v3 options are
not being passed to the client get_auth() method.
This patch adds the keystone v3 related options to
the option processing in service.py.
For pragmatic reasons (i.e. fixing the bug quickly)
the option processing code has not been removed from
parse_args in shell.py. It is likely that the code in
parse_args is now redundant, but all code paths between
parse_args and process_options should be inspected and
test coverage added before removing that code.
Unit tests have been added in test_shell.py to verify
that command line options are correctly passed to the
client get_auth method.
The MockHttpTest class is re-used in test_shell.py,
so it is moved from test_swiftclient.py
to tests/unit/utils.py
Closes-bug: #1372465
Change-Id: I4fed013cdb8936509609d06093337cc147ade0d6
Enables swiftclient to authenticate using
the keystone v3 API, allowing user id's, user
domains and tenant/project domains to be
specified.
Since swiftclient imports keystoneclient, the
main changes in swiftclient/client.py are to
selectively import the correct keystoneclient
library version and pass a number of new
options to it via the get_auth() function. In
addition the get_keystoneclient_2_0 method
has been renamed get_auth_keystone to better
reflect its purpose since it now deals with
both v2 and v3 use cases.
In swiftclient/shell.py the new options are
added to the parser. To make the default help
message shorter, help for all the --os-*
options (including the existing v2 options)
is only displayed when explicitly requested
usng a new --os-help option.
A new set of unit tests is added to
test_shell.py to verify the parser. A comment
in tests/sample.conf explains how to
configure the existing functional tests to
run using keystone v3 API.
Note that to use keystone v3
with swift you will need to set
auth_version = v3.0 in the auth_token
middleware config section of
proxy-server.conf.
Change-Id: Ifda0b3263eb919a8c6a1b204ba0a1215ed6f642f
get_auth() in client.py raises an exception if
tenant_name is not included in the os_options
dict. This is overly constrained since tenant_id
is equally sufficient. This patch modifies
get_auth to require either tenant_name
or tenant_id.
Change-Id: Ibbcda1704637eb887efa5895579d260a1e072327
There are files containing string format arguments inside
logging messages. Using logging function parameters should
be preferred.
Change-Id: I90270908d27f0a57c184d5a547bb1af9b1381c95
* E111 indentation is not a multiple of four
* E128 continuation line under-indented for visual indent
* E265 block comment should start with '# '
* E713 test for membership should be 'not in'
Tested with pep8 version 1.5.6 (2014-04-14).
Change-Id: I7f85c143d463c501a0df20724362ad5c0f2d4dde
This patch fixes three issues that were found running
functional tests with Python 3:
1. python-requests sets 'application/x-www-form-urlencoded' as
content-type if the input is not a string object and no
content-type is given.
2. Encoding of the headers is now only done if required. This
prevents comparisons between unencoded headers and encoded
prefixes and avoids unnecessary forloop-iterations.
One unittest was extended to ensure it works for unencoded
and encoded headers with or without the prefix.
3. Functional tests recently switched to using byte data for
testing, thus the comparison needs to be a byte object as well.
Change-Id: I035f8b4b9c9ccdc79820b907770a48f86d0343b4
Don't encode standard headers keys but just the x-*-meta- ones. That
fixes py3 to not have them casted as bytes and not properly passed to
the requests kwargs.
Other trivial py3 fixes along the way.
Change-Id: I91b95f32fb2aec9b20892a5bb95fd1bc65d002f3
On Python 3, urllib.parse.quote() accepts bytes and str (unicode) types and
always return str (unicode).
Add also more tests with non-ASCII characters.
Change-Id: I8e0f19da7240e874392327d0da074ed4abb7d213
* Replace unicode with six.text_type
* Replace basestring with six.string_types
* The long type doesn't exist in Python 3 anymore: replace 1L with long(1) and
only test this type with Python 2
* Fix quote(): quote the URL if the string is a byte string. Use "bytes" type
instead of "str" to be Python 3 compatible.
Change-Id: I1df5aa85e4e7d07191fb5c654d52fc4bd8b9f440
dict.iteritems() has been removed in Python 3. In Python 2, dict.items()
creates a temporary list, but Samuel Merritt wrote:
"The size of the data is small enough that we don't need to worry about the
memory consumption; it's all just HTTP headers."
Change-Id: Iac427b8bbd032e4a1efb2bdc84a3968217eb6ddf
By default, the HTTPConnection class expose the raw.read urllib3
function which doesn't do any decoding on the http response.
We can fix this by passing decode_content=True to raw.read().
Change-Id: I7d42d31ae516705d1bde2769e642931308116c7a
urlparse netloc contains the TCP port if presents.
There is no need to provide conn.port when building
CLientException.
Change-Id: Id3e4fa8c4f4ab2ad693b0e8702ab69ed7c291830
