diff -Nru python-keystoneclient-3.7.0/debian/changelog python-keystoneclient-3.8.0/debian/changelog --- python-keystoneclient-3.7.0/debian/changelog 2016-11-22 15:57:22.000000000 +0000 +++ python-keystoneclient-3.8.0/debian/changelog 2016-12-02 19:02:21.000000000 +0000 @@ -1,3 +1,9 @@ +python-keystoneclient (1:3.8.0-0ubuntu1) zesty; urgency=medium + + * New upstream version. + + -- Chuck Short Fri, 02 Dec 2016 14:02:21 -0500 + python-keystoneclient (1:3.7.0-0ubuntu1) zesty; urgency=medium * New upstream version. diff -Nru python-keystoneclient-3.7.0/keystoneclient/access.py python-keystoneclient-3.8.0/keystoneclient/access.py --- python-keystoneclient-3.7.0/keystoneclient/access.py 2016-11-14 18:10:57.000000000 +0000 +++ python-keystoneclient-3.8.0/keystoneclient/access.py 2016-12-01 00:08:44.000000000 +0000 @@ -599,7 +599,7 @@ try: return self['user']['tenantId'] except KeyError: # nosec(cjschaef): no 'user' key or 'tenantId' in - # 'user', attempt to retrive from 'token' or return None + # 'user', attempt to retrieve from 'token' or return None pass # pre diablo diff -Nru python-keystoneclient-3.7.0/keystoneclient/auth/identity/generic/base.py python-keystoneclient-3.8.0/keystoneclient/auth/identity/generic/base.py --- python-keystoneclient-3.7.0/keystoneclient/auth/identity/generic/base.py 2016-11-14 18:10:57.000000000 +0000 +++ python-keystoneclient-3.8.0/keystoneclient/auth/identity/generic/base.py 2016-12-01 00:08:44.000000000 +0000 @@ -44,9 +44,9 @@ @six.add_metaclass(abc.ABCMeta) class BaseGenericPlugin(base.BaseIdentityPlugin): - """An identity plugin that is not version dependant. + """An identity plugin that is not version dependent. - Internally we will construct a version dependant plugin with the resolved + Internally we will construct a version dependent plugin with the resolved URL and then proxy all calls from the base plugin to the versioned one. """ diff -Nru python-keystoneclient-3.7.0/keystoneclient/httpclient.py python-keystoneclient-3.8.0/keystoneclient/httpclient.py --- python-keystoneclient-3.7.0/keystoneclient/httpclient.py 2016-11-14 18:10:57.000000000 +0000 +++ python-keystoneclient-3.8.0/keystoneclient/httpclient.py 2016-12-01 00:08:44.000000000 +0000 @@ -442,7 +442,10 @@ @property def service_catalog(self): """Return this client's service catalog.""" - return self.auth_ref.service_catalog + try: + return self.auth_ref.service_catalog + except AttributeError: + return None def has_service_catalog(self): """Return True if this client provides a service catalog.""" diff -Nru python-keystoneclient-3.7.0/keystoneclient/tests/functional/v3/test_domain_configs.py python-keystoneclient-3.8.0/keystoneclient/tests/functional/v3/test_domain_configs.py --- python-keystoneclient-3.7.0/keystoneclient/tests/functional/v3/test_domain_configs.py 2016-11-14 18:10:57.000000000 +0000 +++ python-keystoneclient-3.8.0/keystoneclient/tests/functional/v3/test_domain_configs.py 2016-12-01 00:08:44.000000000 +0000 @@ -19,6 +19,11 @@ class DomainConfigsTestCase(base.V3ClientTestCase): + def setUp(self): + super(DomainConfigsTestCase, self).setUp() + self.test_domain = fixtures.Domain(self.client) + self.useFixture(self.test_domain) + def check_domain_config(self, config, config_ref): for attr in config_ref: self.assertEqual( @@ -33,9 +38,9 @@ def test_create_domain_config(self): config_ref = self._new_ref() config = self.client.domain_configs.create( - self.project_domain_id, config_ref) + self.test_domain.id, config_ref) self.addCleanup( - self.client.domain_configs.delete, self.project_domain_id) + self.client.domain_configs.delete, self.test_domain.id) self.check_domain_config(config, config_ref) def test_create_invalid_domain_config(self): @@ -44,7 +49,7 @@ uuid.uuid4().hex: {uuid.uuid4().hex: uuid.uuid4().hex}} self.assertRaises(http.Forbidden, self.client.domain_configs.create, - self.project_domain_id, + self.test_domain.id, invalid_groups_ref) invalid_options_ref = { @@ -52,27 +57,27 @@ 'ldap': {uuid.uuid4().hex: uuid.uuid4().hex}} self.assertRaises(http.Forbidden, self.client.domain_configs.create, - self.project_domain_id, + self.test_domain.id, invalid_options_ref) def test_get_domain_config(self): - config = fixtures.DomainConfig(self.client, self.project_domain_id) + config = fixtures.DomainConfig(self.client, self.test_domain.id) self.useFixture(config) - config_ret = self.client.domain_configs.get(self.project_domain_id) + config_ret = self.client.domain_configs.get(self.test_domain.id) self.check_domain_config(config_ret, config.ref) def test_update_domain_config(self): - config = fixtures.DomainConfig(self.client, self.project_domain_id) + config = fixtures.DomainConfig(self.client, self.test_domain.id) self.useFixture(config) update_config_ref = self._new_ref() config_ret = self.client.domain_configs.update( - self.project_domain_id, update_config_ref) + self.test_domain.id, update_config_ref) self.check_domain_config(config_ret, update_config_ref) def test_update_invalid_domain_config(self): - config = fixtures.DomainConfig(self.client, self.project_domain_id) + config = fixtures.DomainConfig(self.client, self.test_domain.id) self.useFixture(config) invalid_groups_ref = { @@ -80,7 +85,7 @@ uuid.uuid4().hex: {uuid.uuid4().hex: uuid.uuid4().hex}} self.assertRaises(http.Forbidden, self.client.domain_configs.update, - self.project_domain_id, + self.test_domain.id, invalid_groups_ref) invalid_options_ref = { @@ -88,14 +93,14 @@ 'ldap': {uuid.uuid4().hex: uuid.uuid4().hex}} self.assertRaises(http.Forbidden, self.client.domain_configs.update, - self.project_domain_id, + self.test_domain.id, invalid_options_ref) def test_domain_config_delete(self): config_ref = self._new_ref() - self.client.domain_configs.create(self.project_domain_id, config_ref) + self.client.domain_configs.create(self.test_domain.id, config_ref) - self.client.domain_configs.delete(self.project_domain_id) + self.client.domain_configs.delete(self.test_domain.id) self.assertRaises(http.NotFound, self.client.domain_configs.get, self.project_domain_id) diff -Nru python-keystoneclient-3.7.0/keystoneclient/tests/unit/v2_0/test_auth.py python-keystoneclient-3.8.0/keystoneclient/tests/unit/v2_0/test_auth.py --- python-keystoneclient-3.7.0/keystoneclient/tests/unit/v2_0/test_auth.py 2016-11-14 18:10:57.000000000 +0000 +++ python-keystoneclient-3.8.0/keystoneclient/tests/unit/v2_0/test_auth.py 2016-12-01 00:08:44.000000000 +0000 @@ -149,7 +149,7 @@ auth_url=self.TEST_URL) self.assertEqual(cs.auth_token, self.TEST_RESPONSE_DICT["access"]["token"]["id"]) - self.assertFalse('serviceCatalog' in cs.service_catalog.catalog) + self.assertNotIn('serviceCatalog', cs.service_catalog.catalog) self.assertRequestBodyIs(json=self.TEST_REQUEST_BODY) def test_auth_url_token_authentication(self): @@ -222,7 +222,7 @@ auth_url=self.TEST_URL) self.assertEqual(cs.auth_token, self.TEST_RESPONSE_DICT["access"]["token"]["id"]) - self.assertFalse('serviceCatalog' in cs.service_catalog.catalog) + self.assertNotIn('serviceCatalog', cs.service_catalog.catalog) self.assertRequestBodyIs(json=self.TEST_REQUEST_BODY) def test_allow_override_of_auth_token(self): diff -Nru python-keystoneclient-3.7.0/keystoneclient/tests/unit/v2_0/test_client.py python-keystoneclient-3.8.0/keystoneclient/tests/unit/v2_0/test_client.py --- python-keystoneclient-3.7.0/keystoneclient/tests/unit/v2_0/test_client.py 2016-11-14 18:10:57.000000000 +0000 +++ python-keystoneclient-3.8.0/keystoneclient/tests/unit/v2_0/test_client.py 2016-12-01 00:08:44.000000000 +0000 @@ -16,6 +16,7 @@ from keystoneauth1 import fixture import six +from keystoneauth1 import session as auth_session from keystoneclient.auth import token_endpoint from keystoneclient import exceptions from keystoneclient import session @@ -211,3 +212,10 @@ self.assertEqual('identity', cl._adapter.service_type) self.assertEqual((2, 0), cl._adapter.version) + + def test_empty_service_catalog_param(self): + # Client().service_catalog should return None if the client is not + # authenticated + sess = auth_session.Session() + cl = client.Client(session=sess) + self.assertEqual(None, cl.service_catalog) diff -Nru python-keystoneclient-3.7.0/keystoneclient/tests/unit/v3/test_auth.py python-keystoneclient-3.8.0/keystoneclient/tests/unit/v3/test_auth.py --- python-keystoneclient-3.7.0/keystoneclient/tests/unit/v3/test_auth.py 2016-11-14 18:10:57.000000000 +0000 +++ python-keystoneclient-3.8.0/keystoneclient/tests/unit/v3/test_auth.py 2016-12-01 00:08:44.000000000 +0000 @@ -222,7 +222,7 @@ auth_url=self.TEST_URL) self.assertEqual(cs.auth_token, self.TEST_RESPONSE_HEADERS["X-Subject-Token"]) - self.assertFalse('catalog' in cs.service_catalog.catalog) + self.assertNotIn('catalog', cs.service_catalog.catalog) self.assertRequestBodyIs(json=self.TEST_REQUEST_BODY) def test_auth_url_token_authentication(self): @@ -325,7 +325,7 @@ auth_url=self.TEST_URL) self.assertEqual(cs.auth_token, self.TEST_RESPONSE_HEADERS["X-Subject-Token"]) - self.assertFalse('catalog' in cs.service_catalog.catalog) + self.assertNotIn('catalog', cs.service_catalog.catalog) self.assertRequestBodyIs(json=self.TEST_REQUEST_BODY) def test_allow_override_of_auth_token(self): diff -Nru python-keystoneclient-3.7.0/keystoneclient/tests/unit/v3/test_client.py python-keystoneclient-3.8.0/keystoneclient/tests/unit/v3/test_client.py --- python-keystoneclient-3.7.0/keystoneclient/tests/unit/v3/test_client.py 2016-11-14 18:10:57.000000000 +0000 +++ python-keystoneclient-3.8.0/keystoneclient/tests/unit/v3/test_client.py 2016-12-01 00:08:44.000000000 +0000 @@ -16,6 +16,7 @@ import six +from keystoneauth1 import session as auth_session from keystoneclient.auth import token_endpoint from keystoneclient import exceptions from keystoneclient import session @@ -261,3 +262,10 @@ self.assertEqual('identity', cl._adapter.service_type) self.assertEqual((3, 0), cl._adapter.version) + + def test_empty_service_catalog_param(self): + # Client().service_catalog should return None if the client is not + # authenticated + sess = auth_session.Session() + cl = client.Client(session=sess) + self.assertEqual(None, cl.service_catalog) diff -Nru python-keystoneclient-3.7.0/keystoneclient/tests/unit/v3/test_tokens.py python-keystoneclient-3.8.0/keystoneclient/tests/unit/v3/test_tokens.py --- python-keystoneclient-3.7.0/keystoneclient/tests/unit/v3/test_tokens.py 2016-11-14 18:10:57.000000000 +0000 +++ python-keystoneclient-3.8.0/keystoneclient/tests/unit/v3/test_tokens.py 2016-12-01 00:08:44.000000000 +0000 @@ -145,6 +145,19 @@ self.assertQueryStringIs('nocatalog') self.assertFalse(access_info.has_service_catalog()) + def test_validate_token_allow_expired(self): + token_id = uuid.uuid4().hex + token_ref = self.examples.TOKEN_RESPONSES[ + self.examples.v3_UUID_TOKEN_UNSCOPED] + self.stub_url('GET', ['auth', 'tokens'], + headers={'X-Subject-Token': token_id, }, json=token_ref) + + self.client.tokens.validate(token_id) + self.assertQueryStringIs() + + self.client.tokens.validate(token_id, allow_expired=True) + self.assertQueryStringIs('allow_expired=1') + def load_tests(loader, tests, pattern): return testresources.OptimisingTestSuite(tests) diff -Nru python-keystoneclient-3.7.0/keystoneclient/v3/auth.py python-keystoneclient-3.8.0/keystoneclient/v3/auth.py --- python-keystoneclient-3.7.0/keystoneclient/v3/auth.py 2016-11-14 18:10:57.000000000 +0000 +++ python-keystoneclient-3.8.0/keystoneclient/v3/auth.py 2016-12-01 00:08:44.000000000 +0000 @@ -25,7 +25,7 @@ class AuthManager(base.Manager): """Retrieve auth context specific information. - The information returned by the auth routes is entirely dependant on the + The information returned by the auth routes is entirely dependent on the authentication information provided by the user. """ diff -Nru python-keystoneclient-3.7.0/keystoneclient/v3/tokens.py python-keystoneclient-3.8.0/keystoneclient/v3/tokens.py --- python-keystoneclient-3.7.0/keystoneclient/v3/tokens.py 2016-11-14 18:10:57.000000000 +0000 +++ python-keystoneclient-3.8.0/keystoneclient/v3/tokens.py 2016-12-01 00:08:44.000000000 +0000 @@ -61,37 +61,51 @@ return body @positional.method(1) - def get_token_data(self, token, include_catalog=True): + def get_token_data(self, token, include_catalog=True, allow_expired=False): """Fetch the data about a token from the identity server. :param str token: The ID of the token to be fetched. :param bool include_catalog: Whether the service catalog should be included in the response. + :param allow_expired: If True the token will be validated and returned + if it has already expired. :rtype: dict """ headers = {'X-Subject-Token': token} + flags = [] url = '/auth/tokens' + if not include_catalog: - url += '?nocatalog' + flags.append('nocatalog') + if allow_expired: + flags.append('allow_expired=1') + + if flags: + url = '%s?%s' % (url, '&'.join(flags)) resp, body = self._client.get(url, headers=headers) return body @positional.method(1) - def validate(self, token, include_catalog=True): + def validate(self, token, include_catalog=True, allow_expired=False): """Validate a token. :param token: The token to be validated. :type token: str or :class:`keystoneclient.access.AccessInfo` :param include_catalog: If False, the response is requested to not include the catalog. + :param allow_expired: If True the token will be validated and returned + if it has already expired. + :type allow_expired: bool :rtype: :class:`keystoneclient.access.AccessInfoV3` """ token_id = _calc_id(token) - body = self.get_token_data(token_id, include_catalog=include_catalog) + body = self.get_token_data(token_id, + include_catalog=include_catalog, + allow_expired=allow_expired) return access.AccessInfo.factory(auth_token=token_id, body=body) diff -Nru python-keystoneclient-3.7.0/README.rst python-keystoneclient-3.8.0/README.rst --- python-keystoneclient-3.7.0/README.rst 2016-11-14 18:10:57.000000000 +0000 +++ python-keystoneclient-3.8.0/README.rst 2016-12-01 00:08:44.000000000 +0000 @@ -1,3 +1,12 @@ +======================== +Team and repository tags +======================== + +.. image:: http://governance.openstack.org/badges/python-keystoneclient.svg + :target: http://governance.openstack.org/reference/tags/index.html + +.. Change things from this point on + Python bindings to the OpenStack Identity API (Keystone) ======================================================== diff -Nru python-keystoneclient-3.7.0/releasenotes/notes/Add-allow-expired-flag-to-validate-25b8914f4deb359b.yaml python-keystoneclient-3.8.0/releasenotes/notes/Add-allow-expired-flag-to-validate-25b8914f4deb359b.yaml --- python-keystoneclient-3.7.0/releasenotes/notes/Add-allow-expired-flag-to-validate-25b8914f4deb359b.yaml 1970-01-01 00:00:00.000000000 +0000 +++ python-keystoneclient-3.8.0/releasenotes/notes/Add-allow-expired-flag-to-validate-25b8914f4deb359b.yaml 2016-12-01 00:08:44.000000000 +0000 @@ -0,0 +1,5 @@ +--- +features: + - Added a ``allow_expired`` argument to ``validate`` and ``get_token_data`` + in `keystoneclient.v3.tokens`. Setting this to ``True``, allos for a token + validation query to fetch expired tokens.