File 2020-tests-pass.patch of Package python-keystoneclient
From bcc00a10a6a5e42f261ad88feaec8019d68f25f8 Mon Sep 17 00:00:00 2001
From: "Bernhard M. Wiedemann" <bwiedemann@suse.de>
Date: Thu, 28 Feb 2019 14:06:22 +0100
Subject: [PATCH] Make tests pass in 2020
Without this patch, build failed after 2019-12-31 with
Traceback (most recent call last):
File "keystoneclient/tests/unit/v3/test_auth.py", line 226, in test_authenticate_success_password_unscoped
self.assertRequestBodyIs(json=self.TEST_REQUEST_BODY)
File "keystoneclient/tests/unit/utils.py", line 72, in assertRequestBodyIs
self.assertEqual(json, val)
NOTE: in addition to the orginal backport, this patch adds the following
changes. The changes has to be combined into a single patch in order to
avoid circular dependencies.
1. fixed bandit complains in keystoneclient/common/cms.py. The literal 'sha256'
is the default hash algorithm, not a sensitive password. Marking it as false
positive so bandit can stop chirping.
2. combined with cherry pick from commit
f2d3fec9b254f9c47e97ddf48e3c5f7614b87f1b to avoid circular dependency. Without
combining them, neither backport will pass all the gates since pep8 has
switched over to use python3 now.
3. combined with cherry pick from commit
b29f478f28c4989156cfe87392cbd308e3f55c1e to avoid circular dependency. Without
combining them, neither backport will pass all the gates since bandit will
have a false positive on the hash algorithm.
Change-Id: I0e44d9896c5970f0ca07438c372aec826aeb5c77
(cherry picked from commit f2d3fec9b254f9c47e97ddf48e3c5f7614b87f1b)
(cherry picked from commit acc21ff06154e16de16583fe6994207d689ed054)
(cherry picked from commit b29f478f28c4989156cfe87392cbd308e3f55c1e)
(cherry picked from commit 9da2e0bdd83d481091814a8c6f40ab3ff39ffa9c)
---
keystoneclient/common/cms.py | 2 +-
keystoneclient/session.py | 4 ++-
.../tests/unit/auth/test_identity_v2.py | 2 +-
.../tests/unit/auth/test_identity_v3.py | 2 +-
keystoneclient/tests/unit/client_fixtures.py | 28 +++++++++----------
keystoneclient/tests/unit/test_discovery.py | 4 +--
keystoneclient/tests/unit/test_session.py | 2 +-
keystoneclient/tests/unit/v2_0/test_auth.py | 4 +--
keystoneclient/tests/unit/v3/test_auth.py | 2 +-
9 files changed, 26 insertions(+), 24 deletions(-)
diff --git a/keystoneclient/common/cms.py b/keystoneclient/common/cms.py
index 9c3e0bdfb..601d9c92d 100644
--- a/keystoneclient/common/cms.py
+++ b/keystoneclient/common/cms.py
@@ -38,7 +38,7 @@
PKIZ_PREFIX = 'PKIZ_'
PKIZ_CMS_FORM = 'DER'
PKI_ASN1_FORM = 'PEM'
-DEFAULT_TOKEN_DIGEST_ALGORITHM = 'sha256'
+DEFAULT_TOKEN_DIGEST_ALGORITHM = 'sha256' # nosec
# The openssl cms command exits with these status codes.
diff --git a/keystoneclient/session.py b/keystoneclient/session.py
index 9faedacda..d55b01b6f 100644
--- a/keystoneclient/session.py
+++ b/keystoneclient/session.py
@@ -171,7 +171,9 @@ def _process_header(header):
secure_headers = ('authorization', 'x-auth-token',
'x-subject-token', 'x-service-token')
if header[0].lower() in secure_headers:
- token_hasher = hashlib.sha1()
+ # hashlib.sha1() bandit nosec, as it is HMAC-SHA1 in
+ # keystone, which is considered secure (unlike just sha1)
+ token_hasher = hashlib.sha1() # nosec(lhinds)
token_hasher.update(header[1].encode('utf-8'))
token_hash = token_hasher.hexdigest()
return (header[0], '{SHA1}%s' % token_hash)
diff --git a/keystoneclient/tests/unit/auth/test_identity_v2.py b/keystoneclient/tests/unit/auth/test_identity_v2.py
index 8ef87c430..a180135c9 100644
--- a/keystoneclient/tests/unit/auth/test_identity_v2.py
+++ b/keystoneclient/tests/unit/auth/test_identity_v2.py
@@ -84,7 +84,7 @@ def setUp(self):
self.TEST_RESPONSE_DICT = {
"access": {
"token": {
- "expires": "2020-01-01T00:00:10.000123Z",
+ "expires": "2999-01-01T00:00:10.000123Z",
"id": self.TEST_TOKEN,
"tenant": {
"id": self.TEST_TENANT_ID
diff --git a/keystoneclient/tests/unit/auth/test_identity_v3.py b/keystoneclient/tests/unit/auth/test_identity_v3.py
index 534e99747..776551be0 100644
--- a/keystoneclient/tests/unit/auth/test_identity_v3.py
+++ b/keystoneclient/tests/unit/auth/test_identity_v3.py
@@ -129,7 +129,7 @@ def setUp(self):
"password"
],
- "expires_at": "2020-01-01T00:00:10.000123Z",
+ "expires_at": "2999-01-01T00:00:10.000123Z",
"project": {
"domain": {
"id": self.TEST_DOMAIN_ID,
diff --git a/keystoneclient/tests/unit/client_fixtures.py b/keystoneclient/tests/unit/client_fixtures.py
index 6da259c9c..cc07726e7 100644
--- a/keystoneclient/tests/unit/client_fixtures.py
+++ b/keystoneclient/tests/unit/client_fixtures.py
@@ -399,7 +399,7 @@ def setUp(self):
'access': {
'token': {
'id': self.UUID_TOKEN_DEFAULT,
- 'expires': '2020-01-01T00:00:10.000123Z',
+ 'expires': '2999-01-01T00:00:10.000123Z',
'tenant': {
'id': 'tenant_id1',
'name': 'tenant_name1',
@@ -420,7 +420,7 @@ def setUp(self):
'access': {
'token': {
'id': self.VALID_DIABLO_TOKEN,
- 'expires': '2020-01-01T00:00:10.000123Z',
+ 'expires': '2999-01-01T00:00:10.000123Z',
'tenantId': 'tenant_id1',
},
'user': {
@@ -437,7 +437,7 @@ def setUp(self):
'access': {
'token': {
'id': self.UUID_TOKEN_UNSCOPED,
- 'expires': '2020-01-01T00:00:10.000123Z',
+ 'expires': '2999-01-01T00:00:10.000123Z',
},
'user': {
'id': 'user_id1',
@@ -453,7 +453,7 @@ def setUp(self):
'access': {
'token': {
'id': 'valid-token',
- 'expires': '2020-01-01T00:00:10.000123Z',
+ 'expires': '2999-01-01T00:00:10.000123Z',
'tenant': {
'id': 'tenant_id1',
'name': 'tenant_name1',
@@ -474,7 +474,7 @@ def setUp(self):
'token': {
'bind': {'kerberos': self.KERBEROS_BIND},
'id': self.UUID_TOKEN_BIND,
- 'expires': '2020-01-01T00:00:10.000123Z',
+ 'expires': '2999-01-01T00:00:10.000123Z',
'tenant': {
'id': 'tenant_id1',
'name': 'tenant_name1',
@@ -496,7 +496,7 @@ def setUp(self):
'token': {
'bind': {'FOO': 'BAR'},
'id': self.UUID_TOKEN_UNKNOWN_BIND,
- 'expires': '2020-01-01T00:00:10.000123Z',
+ 'expires': '2999-01-01T00:00:10.000123Z',
'tenant': {
'id': 'tenant_id1',
'name': 'tenant_name1',
@@ -515,7 +515,7 @@ def setUp(self):
},
self.v3_UUID_TOKEN_DEFAULT: {
'token': {
- 'expires_at': '2020-01-01T00:00:10.000123Z',
+ 'expires_at': '2999-01-01T00:00:10.000123Z',
'methods': ['password'],
'user': {
'id': 'user_id1',
@@ -542,7 +542,7 @@ def setUp(self):
},
self.v3_UUID_TOKEN_UNSCOPED: {
'token': {
- 'expires_at': '2020-01-01T00:00:10.000123Z',
+ 'expires_at': '2999-01-01T00:00:10.000123Z',
'methods': ['password'],
'user': {
'id': 'user_id1',
@@ -556,7 +556,7 @@ def setUp(self):
},
self.v3_UUID_TOKEN_DOMAIN_SCOPED: {
'token': {
- 'expires_at': '2020-01-01T00:00:10.000123Z',
+ 'expires_at': '2999-01-01T00:00:10.000123Z',
'methods': ['password'],
'user': {
'id': 'user_id1',
@@ -581,7 +581,7 @@ def setUp(self):
'access': {
'token': {
'id': self.SIGNED_TOKEN_SCOPED_KEY,
- 'expires': '2020-01-01T00:00:10.000123Z',
+ 'expires': '2999-01-01T00:00:10.000123Z',
},
'user': {
'id': 'user_id1',
@@ -599,7 +599,7 @@ def setUp(self):
'access': {
'token': {
'id': self.SIGNED_TOKEN_UNSCOPED_KEY,
- 'expires': '2020-01-01T00:00:10.000123Z',
+ 'expires': '2999-01-01T00:00:10.000123Z',
},
'user': {
'id': 'user_id1',
@@ -613,7 +613,7 @@ def setUp(self):
},
self.SIGNED_v3_TOKEN_SCOPED_KEY: {
'token': {
- 'expires_at': '2020-01-01T00:00:10.000123Z',
+ 'expires_at': '2999-01-01T00:00:10.000123Z',
'methods': ['password'],
'user': {
'id': 'user_id1',
@@ -642,7 +642,7 @@ def setUp(self):
'token': {
'bind': {'kerberos': self.KERBEROS_BIND},
'methods': ['password'],
- 'expires_at': '2020-01-01T00:00:10.000123Z',
+ 'expires_at': '2999-01-01T00:00:10.000123Z',
'user': {
'id': 'user_id1',
'name': 'user_name1',
@@ -669,7 +669,7 @@ def setUp(self):
self.v3_UUID_TOKEN_UNKNOWN_BIND: {
'token': {
'bind': {'FOO': 'BAR'},
- 'expires_at': '2020-01-01T00:00:10.000123Z',
+ 'expires_at': '2999-01-01T00:00:10.000123Z',
'methods': ['password'],
'user': {
'id': 'user_id1',
diff --git a/keystoneclient/tests/unit/test_discovery.py b/keystoneclient/tests/unit/test_discovery.py
index f9d5dbfac..6f85ea9c5 100644
--- a/keystoneclient/tests/unit/test_discovery.py
+++ b/keystoneclient/tests/unit/test_discovery.py
@@ -87,7 +87,7 @@
V2_AUTH_RESPONSE = jsonutils.dumps({
"access": {
"token": {
- "expires": "2020-01-01T00:00:10.000123Z",
+ "expires": "2999-01-01T00:00:10.000123Z",
"id": 'fakeToken',
"tenant": {
"id": '1'
@@ -113,7 +113,7 @@
"password"
],
- "expires_at": "2020-01-01T00:00:10.000123Z",
+ "expires_at": "2999-01-01T00:00:10.000123Z",
"project": {
"domain": {
"id": '1',
diff --git a/keystoneclient/tests/unit/test_session.py b/keystoneclient/tests/unit/test_session.py
index 27d224d0f..e0d9b2868 100644
--- a/keystoneclient/tests/unit/test_session.py
+++ b/keystoneclient/tests/unit/test_session.py
@@ -266,7 +266,7 @@ def test_binary_data_not_in_debug_output(self):
# elements to make sure that all joins are appropriately
# handled (any join of unicode and byte strings should
# raise a UnicodeDecodeError)
- session.post(unicode(self.TEST_URL), data=data)
+ session.post(six.text_type(self.TEST_URL), data=data)
self.assertNotIn('my data', self.logger.output)
diff --git a/keystoneclient/tests/unit/v2_0/test_auth.py b/keystoneclient/tests/unit/v2_0/test_auth.py
index 64f2ea03d..b73352471 100644
--- a/keystoneclient/tests/unit/v2_0/test_auth.py
+++ b/keystoneclient/tests/unit/v2_0/test_auth.py
@@ -28,7 +28,7 @@ def setUp(self):
self.TEST_RESPONSE_DICT = {
"access": {
"token": {
- "expires": "2020-01-01T00:00:10.000123Z",
+ "expires": "2999-01-01T00:00:10.000123Z",
"id": self.TEST_TOKEN,
"tenant": {
"id": self.TEST_TENANT_ID
@@ -61,7 +61,7 @@ def test_authenticate_success_expired(self):
# Build a new response
TEST_TOKEN = "abcdef"
- resp_b['access']['token']['expires'] = '2020-01-01T00:00:10.000123Z'
+ resp_b['access']['token']['expires'] = '2999-01-01T00:00:10.000123Z'
resp_b['access']['token']['id'] = TEST_TOKEN
# return expired first, and then the new response
diff --git a/keystoneclient/tests/unit/v3/test_auth.py b/keystoneclient/tests/unit/v3/test_auth.py
index 6549080f3..9f8797703 100644
--- a/keystoneclient/tests/unit/v3/test_auth.py
+++ b/keystoneclient/tests/unit/v3/test_auth.py
@@ -28,7 +28,7 @@ def setUp(self):
"password"
],
- "expires_at": "2020-01-01T00:00:10.000123Z",
+ "expires_at": "2999-01-01T00:00:10.000123Z",
"project": {
"domain": {
"id": self.TEST_DOMAIN_ID,
