Hello community,
here is the log from the commit of package openstack-keystone for
openSUSE:Factory checked in at 2013-01-20 08:09:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openstack-keystone (Old)
and /work/SRC/openSUSE:Factory/.openstack-keystone.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openstack-keystone", Maintainer is "radma...@suse.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/openstack-keystone/openstack-keystone.changes
2013-01-17 15:14:51.000000000 +0100
+++
/work/SRC/openSUSE:Factory/.openstack-keystone.new/openstack-keystone.changes
2013-01-20 08:09:11.000000000 +0100
@@ -1,0 +2,12 @@
+Fri Jan 11 15:39:23 UTC 2013 - iartar...@suse.com
+
+- revert %setup to also unpack hybrid backend tarball
+
+-------------------------------------------------------------------
+Fri Jan 11 15:12:13 UTC 2013 - iartar...@suse.com
+
+- update and re-enable backend hybrid code:
+ * use sample config for testing
+ * raise errors in user retrieval code instead of returning None
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openstack-keystone.spec ++++++
--- /var/tmp/diff_new_pack.dWADvV/_old 2013-01-20 08:09:12.000000000 +0100
+++ /var/tmp/diff_new_pack.dWADvV/_new 2013-01-20 08:09:12.000000000 +0100
@@ -136,7 +136,8 @@
functionality of OpenStack Keystone.
%prep
-%setup -q -n keystone-2012.2.3
+# unpack the backend hybrid in addition to the main keyston source
+%setup -q -T -D -b0 -a6 -n keystone-2012.2.3
%patch1 -p1
%patch2 -p1
%patch3 -p1
@@ -187,11 +188,10 @@
install -D %{SOURCE5} %{buildroot}%{_localstatedir}/lib/keystone/wsgi/main.wsgi
### Keystone hybrid identity backend
-#TODO: Fix
-#install -D -m 644 %{hybrid}/hybrid.py
%{buildroot}%{python_sitelib}/keystone/identity/backends/
-#install -m 644 %{hybrid}/hybrid_config.py
%{buildroot}%{python_sitelib}/keystone/identity/backends/
-#install -D -m 644 %{hybrid}/test_backend_hybrid.py
%{buildroot}%{_localstatedir}/lib/openstack-keystone-test/tests/
-#install -D -m 644 %{hybrid}/backend_hybrid.conf
%{buildroot}%{_localstatedir}/lib/openstack-keystone-test/tests/
+install -D -m 644 %{hybrid}/hybrid.py
%{buildroot}%{python_sitelib}/keystone/identity/backends/
+install -m 644 %{hybrid}/hybrid_config.py
%{buildroot}%{python_sitelib}/keystone/identity/backends/
+install -D -m 644 %{hybrid}/test_backend_hybrid.py
%{buildroot}%{_localstatedir}/lib/openstack-keystone-test/tests/
+install -D -m 644 %{hybrid}/backend_hybrid.conf
%{buildroot}%{_localstatedir}/lib/openstack-keystone-test/tests/
%pre
getent group %{groupname} >/dev/null || groupadd -r %{groupname}
++++++ keystone-hybrid-backend-folsom.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystone-hybrid-backend-folsom/README.md
new/keystone-hybrid-backend-folsom/README.md
--- old/keystone-hybrid-backend-folsom/README.md 2012-11-20
16:07:21.000000000 +0100
+++ new/keystone-hybrid-backend-folsom/README.md 2012-11-21
12:28:56.000000000 +0100
@@ -1,4 +1,21 @@
keystone-hybrid-backend
=======================
-hybrid SQL + LDAP backend for openstack keystone
\ No newline at end of file
+hybrid SQL + LDAP backend for openstack keystone
+
+Note: the hybrid backend currently relies on a new configuration option for
determining the LDAP scope of the user query:
+
+```diff
+diff -ruN a/keystone/config.py b/keystone/config.py
+--- a/keystone/config.py 2012-11-08 13:02:07.000000000 +0100
++++ b/keystone/config.py 2012-11-08 13:11:06.000000000 +0100
+@@ -163,7 +163,7 @@
+ register_str('suffix', group='ldap', default='cn=example,cn=com')
+ register_bool('use_dumb_member', group='ldap', default=False)
+ register_str('user_name_attribute', group='ldap', default='sn')
+-
++register_int('user_search_scope', group='ldap', default=1)
+
+ register_str('user_tree_dn', group='ldap', default=None)
+ register_str('user_objectclass', group='ldap', default='inetOrgPerson')
+```
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystone-hybrid-backend-folsom/backend_hybrid.conf
new/keystone-hybrid-backend-folsom/backend_hybrid.conf
--- old/keystone-hybrid-backend-folsom/backend_hybrid.conf 1970-01-01
01:00:00.000000000 +0100
+++ new/keystone-hybrid-backend-folsom/backend_hybrid.conf 2012-11-20
17:01:31.000000000 +0100
@@ -0,0 +1,13 @@
+[sql]
+connection = sqlite:///test.db
+idle_timeout = 200
+
+[ldap]
+url = fake://memory
+user = cn=Admin
+password = password
+backend_entities = ['Tenant', 'User', 'UserRoleAssociation', 'Role']
+tree_dn = cn=example,cn=com
+
+[identity]
+driver = keystone.identity.backends.hybrid.Identity
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystone-hybrid-backend-folsom/config.py
new/keystone-hybrid-backend-folsom/config.py
--- old/keystone-hybrid-backend-folsom/config.py 2012-11-20
16:07:21.000000000 +0100
+++ new/keystone-hybrid-backend-folsom/config.py 1970-01-01
01:00:00.000000000 +0100
@@ -1,183 +0,0 @@
-# vim: tabstop=4 shiftwidth=4 softtabstop=4
-
-# Copyright 2012 OpenStack LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import gettext
-import sys
-import os
-
-from keystone.common import logging
-from keystone.openstack.common import cfg
-
-
-gettext.install('keystone', unicode=1)
-
-
-class ConfigMixin(object):
- def __call__(self, config_files=None, *args, **kw):
- if config_files is not None:
- self._opts['config_file']['opt'].default = config_files
- kw.setdefault('args', [])
- return super(ConfigMixin, self).__call__(*args, **kw)
-
- def set_usage(self, usage):
- self.usage = usage
- self._oparser.usage = usage
-
-
-class Config(ConfigMixin, cfg.ConfigOpts):
- pass
-
-
-class CommonConfig(ConfigMixin, cfg.CommonConfigOpts):
- pass
-
-
-def setup_logging(conf):
- """
- Sets up the logging options for a log with supplied name
-
- :param conf: a cfg.ConfOpts object
- """
-
- if conf.log_config:
- # Use a logging configuration file for all settings...
- if os.path.exists(conf.log_config):
- logging.config.fileConfig(conf.log_config)
- return
- else:
- raise RuntimeError('Unable to locate specified logging '
- 'config file: %s' % conf.log_config)
-
- root_logger = logging.root
- if conf.debug:
- root_logger.setLevel(logging.DEBUG)
- elif conf.verbose:
- root_logger.setLevel(logging.INFO)
- else:
- root_logger.setLevel(logging.WARNING)
-
- formatter = logging.Formatter(conf.log_format, conf.log_date_format)
-
- if conf.use_syslog:
- try:
- facility = getattr(logging.SysLogHandler,
- conf.syslog_log_facility)
- except AttributeError:
- raise ValueError(_('Invalid syslog facility'))
-
- handler = logging.SysLogHandler(address='/dev/log',
- facility=facility)
- elif conf.log_file:
- logfile = conf.log_file
- if conf.log_dir:
- logfile = os.path.join(conf.log_dir, logfile)
- handler = logging.WatchedFileHandler(logfile)
- else:
- handler = logging.StreamHandler(sys.stdout)
-
- handler.setFormatter(formatter)
- root_logger.addHandler(handler)
-
-
-def register_str(*args, **kw):
- conf = kw.pop('conf', CONF)
- group = _ensure_group(kw, conf)
- return conf.register_opt(cfg.StrOpt(*args, **kw), group=group)
-
-
-def register_cli_str(*args, **kw):
- conf = kw.pop('conf', CONF)
- group = _ensure_group(kw, conf)
- return conf.register_cli_opt(cfg.StrOpt(*args, **kw), group=group)
-
-
-def register_bool(*args, **kw):
- conf = kw.pop('conf', CONF)
- group = _ensure_group(kw, conf)
- return conf.register_opt(cfg.BoolOpt(*args, **kw), group=group)
-
-
-def register_cli_bool(*args, **kw):
- conf = kw.pop('conf', CONF)
- group = _ensure_group(kw, conf)
- return conf.register_cli_opt(cfg.BoolOpt(*args, **kw), group=group)
-
-
-def register_int(*args, **kw):
- conf = kw.pop('conf', CONF)
- group = _ensure_group(kw, conf)
- return conf.register_opt(cfg.IntOpt(*args, **kw), group=group)
-
-
-def register_cli_int(*args, **kw):
- conf = kw.pop('conf', CONF)
- group = _ensure_group(kw, conf)
- return conf.register_cli_opt(cfg.IntOpt(*args, **kw), group=group)
-
-
-def _ensure_group(kw, conf):
- group = kw.pop('group', None)
- if group:
- conf.register_group(cfg.OptGroup(name=group))
- return group
-
-
-CONF = CommonConfig(project='keystone')
-
-
-register_str('admin_token', default='ADMIN')
-register_str('bind_host', default='0.0.0.0')
-register_str('compute_port')
-register_str('admin_port')
-register_str('public_port')
-
-
-# sql options
-register_str('connection', group='sql')
-register_int('idle_timeout', group='sql')
-
-
-register_str('driver', group='catalog')
-register_str('driver', group='identity')
-register_str('driver', group='policy')
-register_str('driver', group='token')
-register_str('driver', group='ec2')
-
-
-#ldap
-register_str('url', group='ldap')
-register_str('user', group='ldap')
-register_str('password', group='ldap')
-register_str('suffix', group='ldap')
-register_bool('use_dumb_member', group='ldap')
-
-register_str('user_tree_dn', group='ldap')
-register_str('user_objectclass', group='ldap')
-register_str('user_id_attribute', group='ldap')
-register_str('user_name_attribute', group='ldap', default='sn')
-register_int('user_search_scope', group='ldap', default=1)
-
-register_str('tenant_tree_dn', group='ldap')
-register_str('tenant_objectclass', group='ldap')
-register_str('tenant_id_attribute', group='ldap')
-register_str('tenant_member_attribute', group='ldap')
-register_str('tenant_name_attribute', group='ldap', default='ou')
-
-
-register_str('role_tree_dn', group='ldap')
-register_str('role_objectclass', group='ldap')
-register_str('role_id_attribute', group='ldap')
-register_str('role_member_attribute', group='ldap')
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystone-hybrid-backend-folsom/hybrid.py
new/keystone-hybrid-backend-folsom/hybrid.py
--- old/keystone-hybrid-backend-folsom/hybrid.py 2012-11-20
16:07:21.000000000 +0100
+++ new/keystone-hybrid-backend-folsom/hybrid.py 2013-01-11
16:00:48.000000000 +0100
@@ -52,7 +52,10 @@
in the list of tenants on the user.
"""
- user_ref = self._get_user(user_id)
+ try:
+ user_ref = self._get_user(user_id)
+ except exception.UserNotFound:
+ raise AssertionError('Invalid user / password')
# if the user_ref has a password, it's from the SQL backend and
# we can just check if it coincides with the one we got
@@ -71,11 +74,16 @@
if tenant_id and tenant_id not in tenants:
raise AssertionError('Invalid tenant')
- tenant_ref = self.get_tenant(tenant_id)
- if tenant_ref:
+ try:
+ tenant_ref = self.get_tenant(tenant_id)
+ # if the tenant was not found, then there will be no metadata
either
metadata_ref = self.get_metadata(user_id, tenant_id)
- else:
+ except exception.TenantNotFound:
+ tenant_ref = None
+ metadata_ref = {}
+ except exception.MetadataNotFound:
metadata_ref = {}
+
return (_filter_user(user_ref), tenant_ref, metadata_ref)
def _get_user(self, user_id):
@@ -91,15 +99,13 @@
try:
users = conn.search_s(self.user_dn, ldap.SCOPE_BASE, query)
except (AttributeError, ldap.NO_SUCH_OBJECT):
- return None
+ raise exception.UserNotFound(user_id=user_id)
if users:
return self.user._ldap_res_to_model(users[0])
def get_user(self, user_id):
user_ref = self._get_user(user_id)
- if not user_ref:
- return None
return _filter_user(user_ref)
def get_user_by_name(self, user_name):
@@ -121,10 +127,10 @@
config.CONF.ldap.user_search_scope,
query)
except ldap.NO_SUCH_OBJECT:
- return None
+ raise exception.UserNotFound(user_id=user_name)
if not users:
- return None
+ raise exception.UserNotFound(user_id=user_name)
user_ref = self.user._ldap_res_to_model(users[0])
@@ -134,5 +140,6 @@
return _filter_user(user_ref)
def get_tenants_for_user(self, user_id):
+ self.get_user(user_id)
session = self.get_session()
return tenants_for_user(session, user_id)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystone-hybrid-backend-folsom/test_backend_hybrid.py
new/keystone-hybrid-backend-folsom/test_backend_hybrid.py
--- old/keystone-hybrid-backend-folsom/test_backend_hybrid.py 2012-11-20
16:07:21.000000000 +0100
+++ new/keystone-hybrid-backend-folsom/test_backend_hybrid.py 2013-01-11
16:00:48.000000000 +0100
@@ -35,7 +35,7 @@
class HybridIdentity(test.TestCase, test_backend.IdentityTests):
def setUp(self):
super(HybridIdentity, self).setUp()
- self.config([test.etcdir('keystone.conf'),
+ self.config([test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_hybrid.conf')])
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
