From 6901cbfd7113f770d0b32a99131411fe15dc3d56 Mon Sep 17 00:00:00 2001 From: Chris Behrens Date: Thu, 29 May 2014 11:42:57 -0700 Subject: [PATCH] Fix tests with new keystoneclient A number of changes with keystoneclient breaks our tests. First, a kwarg changed for cache.set(). It should be 'time' now, not 'timeout'. Also: keystone middleware now looks for an 'expires' in the token. Sample conf needed regenerated, also, due to changes. Change-Id: I33c4f1bae5a3c89b47fd21f8db1b4a4d536ed369 Closes-bug: 1324655 --- etc/ironic/ironic.conf.sample | 30 +++++++++++++++++++++++++----- ironic/tests/api/utils.py | 8 +++++--- 2 files changed, 30 insertions(+), 8 deletions(-) diff --git a/etc/ironic/ironic.conf.sample b/etc/ironic/ironic.conf.sample index 7422ce8e8e..e06c338a5e 100644 --- a/etc/ironic/ironic.conf.sample +++ b/etc/ironic/ironic.conf.sample @@ -728,7 +728,7 @@ #auth_uri= # Complete admin Identity API endpoint. This should specify -# the unversioned root endpoint eg. https://localhost:35357/ +# the unversioned root endpoint e.g. https://localhost:35357/ # (string value) #identity_uri= @@ -749,9 +749,12 @@ # with Identity API Server. (integer value) #http_request_max_retries=3 -# Single shared secret with the Keystone configuration used -# for bootstrapping a Keystone installation, or otherwise -# bypassing the normal authentication process. (string value) +# This option is deprecated and may be removed in a future +# release. Single shared secret with the Keystone +# configuration used for bootstrapping a Keystone +# installation, or otherwise bypassing the normal +# authentication process. This option should not be used, use +# `admin_user` and `admin_password` instead. (string value) #admin_token= # Keystone account username (string value) @@ -803,7 +806,7 @@ # number of revocation events combined with a low cache # duration may significantly reduce performance. (integer # value) -#revocation_cache_time=300 +#revocation_cache_time=10 # (optional) if defined, indicate whether token data should be # authenticated or authenticated and encrypted. Acceptable @@ -836,6 +839,23 @@ # value) #enforce_token_bind=permissive +# If true, the revocation list will be checked for cached +# tokens. This requires that PKI tokens are configured on the +# Keystone server. (boolean value) +#check_revocations_for_cached=false + +# Hash algorithms to use for hashing PKI tokens. This may be a +# single algorithm or multiple. The algorithms are those +# supported by Python standard hashlib.new(). The hashes will +# be tried in the order given, so put the preferred one first +# for performance. The result of the first hash will be stored +# in the cache. This will typically be set to multiple values +# only while migrating from a less secure algorithm to a more +# secure one. Once all the old tokens are expired this option +# should be set to a single value for better performance. +# (list value) +#hash_algorithms=md5 + [matchmaker_ring] diff --git a/ironic/tests/api/utils.py b/ironic/tests/api/utils.py index e83a43e855..b3813e442e 100644 --- a/ironic/tests/api/utils.py +++ b/ironic/tests/api/utils.py @@ -33,7 +33,8 @@ class FakeMemcache(object): _cache = { 'tokens/%s' % ADMIN_TOKEN: { 'access': { - 'token': {'id': ADMIN_TOKEN}, + 'token': {'id': ADMIN_TOKEN, + 'expires': '2100-09-11T00:00:00'}, 'user': {'id': 'user_id1', 'name': 'user_name1', 'tenantId': '123i2910', @@ -44,7 +45,8 @@ class FakeMemcache(object): }, 'tokens/%s' % MEMBER_TOKEN: { 'access': { - 'token': {'id': MEMBER_TOKEN}, + 'token': {'id': MEMBER_TOKEN, + 'expires': '2100-09-11T00:00:00'}, 'user': {'id': 'user_id2', 'name': 'user-good', 'tenantId': 'project-good', @@ -64,7 +66,7 @@ class FakeMemcache(object): dt = datetime.datetime.utcnow() + datetime.timedelta(minutes=5) return json.dumps((self._cache.get(key), dt.isoformat())) - def set(self, key, value, timeout=None): + def set(self, key, value, time=0, min_compress_len=0): self.set_value = value self.set_key = key