Cleanup test_wsgi and remove un-needed tests. Rename to test_app_config
to more closely match what is, in-fact, tested now.
Change-Id: Ifb9dd311da85597d03671a49cf43db43888ad869
Partial-Bug: #1776504
Convert S3 and EC2 auth to flask native dispatching.
Test changes required:
* Eliminate direct reference of the EC2 / S3 controllers, originally
this direct reference was to verify signature checking. Since
signature checking is an @staticmethod now, direct reference of
the API resources covers everything.
* Direct import of keystone.common.controller - due to an oddity in
how our WSGI code work(s) in test, if nothing imports the common
controller module, the tests fail using the oslo import_class
mechanism.
Change-Id: I06e95957b3ea3a55b0da28959548bd5eb628c70b
Partial-Bug: #1776504
With the complete removal of the v2.0 API, keystone no longer
differentiates between admin and public endpoints. This change
deprecates the "admin_endpoint" configuration option and converts
keystone over to only using the public endpoint. The "admin" endpoint
was only used for unit testing purposes.
This change does not clean up all code related, it is aimed to make
the most minimal set of changes eliminating the use of the
"admin_endpoint" configuration option.
Partial-Bug: #1776504
Change-Id: I08f6f8ae078d65203bd95c43c80367dd3489be48
This patchset removes the lingering code that supported paste.deploy
that is obsolted by the loader wrapped around keystone's use of Flask.
* The keystone-paste.ini file has been removed.
* All options have been removed (without deprecation) as they are no
longer referenced.
* The TokenAuthMiddleware code (with deprecation warning) has been
removed as it was only provided to ensure compatibility with paste.ini
files that were not updated (ensuring not breaking a deployer that
did not update paste.ini file to remove it from the pipeline).
* Paste deploy entrypoints have been removed.
Change-Id: I35064a440ef718f50c7e644e8b2d56a99c3ec74f
This patch removes the rest of the v2.0 specific code which was being
maintained exclusively due to a copy-paste issue with the deprecation
warning on the EC2 controller(s). With sign off from TC members
we have removed all of the bits except those exclusively tied to
the paste.deploy removal. All paste.deploy specific changes will
be removed in a future patch.
With the conversion to Flask, none of the v2.0 legacy controllers
left were wired up to routes that could be accessed.
Change-Id: I959dac0d0dd2e667982383e1e3d52ab28c4c1e2e
WebOb recently changed how they validate Accept-* headers [0] to
closely follow the definitions in RFC 7231 Section 5.3.2 [1].
WebOb now checks the actual value of the Accept-Language header and
compares it to a regular expression. This caused a couple keystone
unit tests to fail because we were generating random UUIDs for
Accept-Language testing just to make sure the logic within keystone
was behaving properly. The UUID format actual fails the new regular
expression being used by WebOb to validate the Accept-Language
header.
This commit changes the tests to use a language header that passes
the new validation put in place by WebOb.
[0] https://docs.pylonsproject.org/projects/webob/en/stable/whatsnew-1.8.html#backwards-incompatibilities
[1] https://tools.ietf.org/html/rfc7231.html#section-5.3.2
Change-Id: Ic53f4d00bc6c8dec08ec1bff589a91ff359276e1
Closes-Bug: 1765748
WebOb 1.7 includes a few changes that are not backward
compatible. The ones I noticed and fixed are:
1. When supplying unicode content for the response body
the charset is now required if headers are also provided.
Previously a default was used.
2. Content-Length is no longer being set when creating a
webob.Response object. It appears to be correctly set
when directly setting the body property.
Upstream change that caused the issues:
https://github.com/Pylons/webob/commit/35fd585
Closes-bug: #1657452
Change-Id: Iaf2dd45fc86e3eb5e56be0a3e1582a6ddf960bc1
There is a catchall handler that doesn't provide helpful output
when there is a configuration problem.
Closes-Bug: #1641231
Change-Id: I28732a9737001182b867e66088dd13251e2aa03f
This patch swaps use of hardcoded int and strings for known http
status codes with the values from six.moves.http_client.
Change-Id: Iab83af97920b950d075036ff1499f388299588a0
We've moved all the keystone code across to using request.params instead
of context['query_string'] so fix up the last tests and remove
query_string from the context.
Change-Id: Id80116dc4605856abf34ba6cd897bceed3e210ee
The last references to headers in the context_dict are in oauth1 and a
test for the context_dict itself. Remove this test and fixup the oauth
tests to use the request.headers instead.
Change-Id: I94fac7bf5dacc30d6bea7efc066d9cc40dcddc4a
Instead of the unformed context dictionary pass a full request object
with access to the context_dict so that existing functions still work.
After this we can replace smaller usages of the context dict with
functions and properties on the request directly.
Change-Id: Ibe822ed7c76a24a7d31d98ce62f873a01e5fb213
Running keystone as a wsgi application should allow the same kind of
customization as when run from the command line. Setting sys.argv for
wsgi applications is difficult so that environment variables need to
be used for this purpose.
Closes-Bug: #1552397
Change-Id: I1cd8c7c9f8d4c748384f9b72511b677176672791
Eventlet has been deprecated since the Kilo release and is
being removed in Newton.
A follow on patch will be proposed to remove the [ssl] section
since it is now redundant.
Co-Authored-By: Grzegorz Grasza <grzegorz.grasza@intel.com>
Partially implements: bp removed-as-of-newton
Change-Id: I963d94bbd188dbb6eba68623a42c5bc3f2289da4
Currently tox ignores D401 (401: First line should be in imperative mood).
This change removes it and make keystoneauth docstring compliantwith it.
Change-Id: I136cf810f47c4c19f29216907a63f226930b5082
Partial-Bug: 1570049
The current wsgi.Application.base_url() function does not work correctly
if Keystone runs on something like "http://1.2.3.4/identity" which is now
a default in devstack.
This patch fixes that by using wsgiref.util to parse environment
variable set in WSGI mode to find the real base url and returns the
correct URL. The following environment variables will be used to
produce the effective base url:
HTTP_HOST
SERVER_NAME
SERVER_PORT
SCRIPT_NAME
Closes-Bug: #1381961
Change-Id: I111c206a8a751ed117c6869f55f8236b29ab88a2
Some changes were made to fix fernet padding for python3 [1],
fernet payload is decoded to str after encryption when
creating a fernet token. But it will be unicode string on
python27 and this is not compatible with `mod_wsgi`.
`mod_wsgi` needs the value in the response headers is binary(str)
type on python2, and unicode(str) type on python3. This patch
does this translation accordingly to make keystone works with
`mod_wsgi`.
[1] https://review.openstack.org/#/c/231711/
Closes-Bug: #1528981
Change-Id: I0217ac10d20c51a9c17bed566f326eb6db6ed949
Some systems (e.g. Darwin) do not have this option, so let's check that
it's available before using it.
Co-Authored-By: Pranesh Pandurangan <praneshpg@gmail.com>
Closes-Bug: #1514977
Change-Id: Ibaf1c07605944ce690e73013f56d3b95654cfff9
oslo.log's "debug" option was co-opted to also indicate that the
responses should include more information. A separate config
option should be used instead so that deployers don't mistakenly
expose themselves to security issues.
The debug option still is used for what it does in oslo.log and
how it works on all other projects -- if you're not using a log
config file it sets the base logger to debug.
SecurityImpact
Change-Id: Icf8dd2f0b88abc89092d487bbcefb525960c4ec6
Closes-Bug: 1479523
Since keystone's paste.deploy configuration file has been separated
from the main keystone configuration file (keystone.conf), all
local configuration or driver-specific configuration parameters
must be in the main keystone configuration file instead of PasteDeploy
conf file.
This patch changes to log a warning if there's any local_conf defined in
PasteDeploy INI and remove `local_config` argument from wsgi middleware
since it doesn't work.
DocImpact
Closes-Bug: #1369388
Change-Id: Iaf6ad869b61e4330a4ea48e606fd9eda69b9cd12
Some tests used incorrect order assertEqual(observed, expected).
The correct order expected by testtools is
assertEqual(expected, observed).
At some places, corrected argument order for assertNotEqual method as well.
Change-Id: I6d63e77620b8dd9d6415424783b99a7e2e381a22
Partial-Bug: #1259292
This patch replace the hard coded HTTP error code (200~226)
in unittest with the constants, and remove part of them which
has the same value with the default value.
Change-Id: I184adc72772a030b3a316b1e3f9676d0efc807b5
In several test files, the keystone.tests.unit import was aliased as
tests. This made it difficult to do global renames.
Change-Id: I1e4798c76d53f265b921ef26e2a0141fc504ce69
An exception occurs in the WebOb library when it tries to decode a
parameter that is not valid UTF8. To avoid this let's wrap the section
using the WebOb code and raise a ValidationError so the user gets
proper feedback instead of a UnknownError and a server 500 response.
Change-Id: I6781770a6c5b317eaef84064ef61b9c838d22bc2
Closes-Bug: 1485694
The function `xrange` was renamed to `range` in Python 3.
xrange is no longer available in py3, thus replacing xrange
with range.
Change-Id: I27ebf620eff3ced286bea3a96c5c1bab3edbc796
To make clearer how we support the hints/status property in
JSON Home, this patch makes 'stable' the default (without
actually adding a hints property) and moves the checking for
an invalid status to the class method of json_home.Status.
Partially Implements: blueprint domain-config-ext
Change-Id: I255ef04046943b452be501e7ba8342b79f5b1828
Presently, the wsgi server allows persist connections hence even after
the response is sent to the client, it doesn't close the client socket
connection.
Because of this problem, the green thread is not released back to the pool.
In order to close the client socket connection explicitly after the
response is sent and read successfully by the client, you simply have to
set keepalive to False when you create a wsgi server.
Add a parameter to take advantage of the new(ish) eventlet socket timeout
behaviour. Allows closing idle client connections after a period of
time, eg:
$ time nc localhost 8776
real 1m0.063s
Setting 'client_socket_timeout = 0' means do not timeout.
DocImpact:
Added wsgi_keep_alive option (default=True).
Added client_socket_timeout option (default=900).
SecurityImpact
Closes-Bug: #1361360
Change-Id: I03b9c5c64f4bd8bca78dfc83199ef17d9a7ea5b7
The existing test files are all moved under keystone.tests.unit,
except the existing keystone.tests.unit are left in place.
The .testr.conf is updated so that unit tests are run by default
in tox envs, and a tox env can override the tests to run by
setting OS_TEST_PATH.
This is so functional tests can sit in keystone.tests.functional.
Change-Id: I065d3f56e22f344abdadd92b3b384b002b02d989