--- a/components/python/keystoneclient/Makefile Wed Sep 07 14:48:36 2016 -0700
+++ b/components/python/keystoneclient/Makefile Wed Sep 07 14:48:37 2016 -0700
@@ -26,18 +26,19 @@
include ../../../make-rules/shared-macros.mk
COMPONENT_NAME= python-keystoneclient
-COMPONENT_VERSION= 1.3.3
+COMPONENT_VERSION= 2.3.1
COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz
COMPONENT_ARCHIVE_HASH= \
- sha256:a1ecb2fd2631a64cfb8bd6bc5adcf19bfcdc488023e05082dc73dc18013a6f7e
+ sha256:89e93551071cf29780eeafe7a61114cd36b1c2192813d3c2a58a348a6a3ac6ff
COMPONENT_ARCHIVE_URL= $(call pypi_url)
-COMPONENT_PROJECT_URL= http://launchpad.net/python-keystoneclient
+COMPONENT_PROJECT_URL= \
+ http://docs.openstack.org/developer/python-keystoneclient/
COMPONENT_BUGDB= service/keystone
-TPNO= 25754
+TPNO= 28001
-# Depends on netaddr & python-memcached which are not Python 3 ready.
+# Depends on netaddr which is not Python 3 ready.
PYTHON_VERSIONS= $(PYTHON2_VERSIONS)
include $(WS_MAKE_RULES)/prep.mk
@@ -47,19 +48,15 @@
ASLR_MODE = $(ASLR_NOT_APPLICABLE)
COMPONENT_POST_INSTALL_ACTION = \
- (cd $(PROTO_DIR)/usr/bin ; $(MV) -f keystone keystone-$(PYTHON_VERSION))
+ (cd $(PROTO_DIR)/usr/bin ; $(MV) -f keystone keystone-$(PYTHON_VERSION))
# common targets
build: $(BUILD_NO_ARCH)
install: $(INSTALL_NO_ARCH)
-#
-# Tests require:
-# hacking, discover, fixtures, httpretty, keyring, mox3, pycrypto,
-# sphinx, testrepository, testtools
-# which haven't been integrated yet.
-#
+# See $(COMPONENT_SRC)/test-requirements.txt for the Python modules
+# required to execute unittests.
test: $(NO_TESTS)
-system-test: $(NO_TESTS)
+system-test: $(NO_TESTS)
--- a/components/python/keystoneclient/keystoneclient-PYVER.p5m Wed Sep 07 14:48:36 2016 -0700
+++ b/components/python/keystoneclient/keystoneclient-PYVER.p5m Wed Sep 07 14:48:37 2016 -0700
@@ -20,7 +20,7 @@
#
#
-# Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
#
set name=pkg.fmri \
@@ -49,8 +49,6 @@
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/_discover.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/access.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/adapter.py
-file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/apiclient/__init__.py
-file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/apiclient/exceptions.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/auth/__init__.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/auth/base.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/auth/cli.py
@@ -60,6 +58,7 @@
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/auth/identity/base.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/auth/identity/generic/__init__.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/auth/identity/generic/base.py
+file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/auth/identity/generic/cli.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/auth/identity/generic/password.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/auth/identity/generic/token.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/auth/identity/v2.py
@@ -77,6 +76,7 @@
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/contrib/__init__.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/contrib/auth/__init__.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/contrib/auth/v3/__init__.py
+file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/contrib/auth/v3/oidc.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/contrib/auth/v3/saml2.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/contrib/bootstrap/__init__.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/contrib/bootstrap/shell.py
@@ -94,15 +94,8 @@
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/generic/__init__.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/generic/client.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/generic/shell.py
-file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/hacking/__init__.py
-file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/hacking/checks.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/httpclient.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/i18n.py
-file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/locale/keystoneclient.pot
-file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/middleware/__init__.py
-file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/middleware/auth_token.py
-file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/middleware/memcache_crypt.py
-file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/middleware/s3_token.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/openstack/__init__.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/openstack/common/__init__.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/openstack/common/_i18n.py
@@ -113,8 +106,6 @@
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/openstack/common/apiclient/exceptions.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/openstack/common/apiclient/fake_client.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/openstack/common/apiclient/utils.py
-file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/openstack/common/memorycache.py
-file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/openstack/common/uuidutils.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/service_catalog.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/session.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/shell.py
@@ -132,6 +123,7 @@
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/v2_0/tokens.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/v2_0/users.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/v3/__init__.py
+file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/v3/auth.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/v3/client.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/v3/contrib/__init__.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/v3/contrib/endpoint_filter.py
@@ -144,6 +136,7 @@
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/v3/contrib/federation/mappings.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/v3/contrib/federation/projects.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/v3/contrib/federation/protocols.py
+file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/v3/contrib/federation/saml.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/v3/contrib/federation/service_providers.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/v3/contrib/oauth1/__init__.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/v3/contrib/oauth1/access_tokens.py
@@ -156,6 +149,7 @@
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/v3/contrib/trusts.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/v3/credentials.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/v3/domains.py
+file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/v3/ec2.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/v3/endpoints.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/v3/groups.py
file path=usr/lib/python$(PYVER)/vendor-packages/keystoneclient/v3/policies.py
@@ -181,38 +175,30 @@
# flush this out.
depend type=group fmri=library/python/eventlet-$(PYV)
-# force a group dependency on the optional m2crypto; pkgdepend work is needed to
+# force a group dependency on the optional lxml; pkgdepend work is needed to
# flush this out.
-depend type=group fmri=library/python/m2crypto-$(PYV)
+depend type=group fmri=library/python/lxml-$(PYV)
# force a group dependency on the optional oauthlib; pkgdepend work is needed to
# flush this out.
depend type=group fmri=library/python/oauthlib-$(PYV)
-# force a group dependency on the optional python-memcache; pkgdepend work is
-# needed to flush this out.
-depend type=group fmri=library/python/python-memcached-$(PYV)
-
# force a group dependency on the optional simplejson; pkgdepend work is needed
# to flush this out.
depend type=group fmri=library/python/simplejson-$(PYV)
-# force a dependency on argparse; pkgdepend work is needed to flush this out.
-depend type=require fmri=library/python/argparse-$(PYV)
+# force a dependency on debtcollector; pkgdepend work is needed to flush this
+# out.
+depend type=require fmri=library/python/debtcollector-$(PYV)
-# force a dependency on iso8601; pkgdepend work is needed to flush this out.
-depend type=require fmri=library/python/iso8601-$(PYV)
+# force a dependency on keystoneauth1; pkgdepend work is needed to flush this
+# out.
+depend type=require fmri=library/python/keystoneauth1-$(PYV)
# force a dependency on the keystoneclient package
depend type=require \
fmri=library/python/keystoneclient@$(IPS_COMPONENT_VERSION),$(BUILD_VERSION)
-# force a dependency on lxml; pkgdepend work is needed to flush this out.
-depend type=require fmri=library/python/lxml-$(PYV)
-
-# force a dependency on netaddr; pkgdepend work is needed to flush this out.
-depend type=require fmri=library/python/netaddr-$(PYV)
-
# force a dependency on oslo.config; pkgdepend work is needed to flush this out.
depend type=require fmri=library/python/oslo.config-$(PYV)
@@ -229,6 +215,9 @@
# force a dependency on pbr; pkgdepend work is needed to flush this out.
depend type=require fmri=library/python/pbr-$(PYV)
+# force a dependency on positional; pkgdepend work is needed to flush this out.
+depend type=require fmri=library/python/positional-$(PYV)
+
# force a dependency on prettytable; pkgdepend work is needed to flush this out.
depend type=require fmri=library/python/prettytable-$(PYV)
@@ -243,6 +232,3 @@
# force a dependency on stevedore; pkgdepend work is needed to flush this out.
depend type=require fmri=library/python/stevedore-$(PYV)
-
-# force a dependency on webob; pkgdepend work is needed to flush this out.
-depend type=require fmri=library/python/webob-$(PYV)
--- a/components/python/keystoneclient/keystoneclient.license Wed Sep 07 14:48:36 2016 -0700
+++ b/components/python/keystoneclient/keystoneclient.license Wed Sep 07 14:48:37 2016 -0700
@@ -8,12 +8,14 @@
See the License for the specific language governing permissions and limitations under the License.
+
Copyright (c) 2009 Jacob Kaplan-Moss - initial codebase (< v2.1)
Copyright (c) 2011 Rackspace - OpenStack extensions (>= v2.1)
Copyright (c) 2011 Nebula, Inc - Keystone refactor (>= v2.7)
All rights reserved.
- Apache License
+
+ Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
@@ -188,29 +190,31 @@
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
- END OF TERMS AND CONDITIONS
+--- License for python-keystoneclient versions prior to 2.1 ---
- APPENDIX: How to apply the Apache License to your work.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
- To apply the Apache License to your work, attach the following
- boilerplate notice, with the fields enclosed by brackets "[]"
- replaced with your own identifying information. (Don't include
- the brackets!) The text should be enclosed in the appropriate
- comment syntax for the file format. We also recommend that a
- file or class name and description of purpose be included on the
- same "printed page" as the copyright notice for easier
- identification within third-party archives.
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
- Copyright [yyyy] [name of copyright owner]
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
+ 3. Neither the name of this project nor the names of its contributors may
+ be used to endorse or promote products derived from this software without
+ specific prior written permission.
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- a/components/python/keystoneclient/patches/01-requirements.patch Wed Sep 07 14:48:36 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,23 +0,0 @@
-In-house patch to remove the dependency on argparse. Since we use
-Python 2.7 only for OpenStack, argparse is already included. If this
-line is present, stevedore will fail to find the pip package for it,
-causing a cascade of failures to other tools.
-
---- python-keystoneclient-1.3.3/requirements.txt.orig 2015-11-16 10:45:24.623755300 -0500
-+++ python-keystoneclient-1.3.3/requirements.txt 2015-11-16 10:45:47.401243897 -0500
-@@ -4,7 +4,6 @@
-
- pbr!=0.7,<1.0,>=0.6
-
--argparse
- Babel>=1.3
- iso8601>=0.1.9
- netaddr>=0.7.12
---- python-keystoneclient-1.3.3/python_keystoneclient.egg-info/requires.txt.orig 2015-11-16 10:49:10.149423272 -0500
-+++ python-keystoneclient-1.3.3/python_keystoneclient.egg-info/requires.txt 2015-11-16 10:45:39.585509328 -0500
-@@ -1,5 +1,4 @@
- pbr!=0.7,<1.0,>=0.6
--argparse
- Babel>=1.3
- iso8601>=0.1.9
- netaddr>=0.7.12
--- a/components/python/keystoneclient/patches/launchpad-1455673.patch Wed Sep 07 14:48:36 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,31 +0,0 @@
-From 7cf319e79002681ff7914a84bbc1e9af93d93e0f Mon Sep 17 00:00:00 2001
-From: Eric Brown <[email protected]>
-Date: Fri, 15 May 2015 14:54:16 -0700
-Subject: Typo in openstack client help
-
-The openstack client output for the help of --os-user-id states
-"longin" instead of "login". The openstack client gets it's help
-output from the keystoneclient.
-
-Change-Id: I7c92a82cd60b2835d98101200cf641b46dd145b4
-Closes-Bug: #1455673
----
- keystoneclient/auth/identity/v2.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/keystoneclient/auth/identity/v2.py b/keystoneclient/auth/identity/v2.py
-index 8eaa9c5..c25ddfd 100644
---- a/keystoneclient/auth/identity/v2.py
-+++ b/keystoneclient/auth/identity/v2.py
-@@ -153,7 +153,7 @@ class Password(Auth):
- dest='username',
- deprecated_name='username',
- help='Username to login with'),
-- cfg.StrOpt('user-id', help='User ID to longin with'),
-+ cfg.StrOpt('user-id', help='User ID to login with'),
- cfg.StrOpt('password', secret=True, help='Password to use'),
- ])
-
---
-cgit v0.11.2
-
--- a/components/python/keystoneclient/patches/launchpad-1498247.patch Wed Sep 07 14:48:36 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,81 +0,0 @@
-From 13bb2f74b0d65c1fef30f77d710d56e51e5f7841 Mon Sep 17 00:00:00 2001
-From: Monty Taylor <[email protected]>
-Date: Thu, 19 Nov 2015 10:22:31 -0500
-Subject: Swap the order of username deprecation
-
-The attempt at a move to user-name is an exercise in churn, and is
-filling everyone's logs with admonitions to change the name of their
-variables - which does not work if they do. Swap this, effectively
-reverting the attempt at a move. user-name will continue to work on
-the off chance anyone started consuming that path, which is unlikely
-because none of the consuming programs expose that as an actual option.
-
-Closes-Bug: 1498247
-
-Change-Id: I62d991fda1df63c9cbabfde2f6836bc031f5147c
----
-
---- python-keystoneclient-1.3.3/keystoneclient/auth/identity/generic/password.py.~1~ 2015-11-10 11:46:38.000000000 -0800
-+++ python-keystoneclient-1.3.3/keystoneclient/auth/identity/generic/password.py 2016-01-18 22:51:57.246982116 -0800
-@@ -26,8 +26,8 @@ LOG = logging.getLogger(__name__)
- def get_options():
- return [
- cfg.StrOpt('user-id', help='User id'),
-- cfg.StrOpt('user-name', dest='username', help='Username',
-- deprecated_name='username'),
-+ cfg.StrOpt('username', dest='username', help='Username',
-+ deprecated_name='user-name'),
- cfg.StrOpt('user-domain-id', help="User's domain id"),
- cfg.StrOpt('user-domain-name', help="User's domain name"),
- cfg.StrOpt('password', help="User's password"),
---- python-keystoneclient-1.3.3/keystoneclient/auth/identity/v2.py.~2~ 2016-01-18 22:51:57.231526891 -0800
-+++ python-keystoneclient-1.3.3/keystoneclient/auth/identity/v2.py 2016-01-18 22:51:57.247726713 -0800
-@@ -149,9 +149,9 @@ class Password(Auth):
- options = super(Password, cls).get_options()
-
- options.extend([
-- cfg.StrOpt('user-name',
-+ cfg.StrOpt('username',
- dest='username',
-- deprecated_name='username',
-+ deprecated_name='user-name',
- help='Username to login with'),
- cfg.StrOpt('user-id', help='User ID to login with'),
- cfg.StrOpt('password', secret=True, help='Password to use'),
---- python-keystoneclient-1.3.3/keystoneclient/auth/identity/v3/password.py.~1~ 2015-11-10 11:46:38.000000000 -0800
-+++ python-keystoneclient-1.3.3/keystoneclient/auth/identity/v3/password.py 2016-01-18 22:51:57.248446510 -0800
-@@ -78,8 +78,8 @@ class Password(base.AuthConstructor):
-
- options.extend([
- cfg.StrOpt('user-id', help='User ID'),
-- cfg.StrOpt('user-name', dest='username', help='Username',
-- deprecated_name='username'),
-+ cfg.StrOpt('username', dest='username', help='Username',
-+ deprecated_name='user-name'),
- cfg.StrOpt('user-domain-id', help="User's domain id"),
- cfg.StrOpt('user-domain-name', help="User's domain name"),
- cfg.StrOpt('password', secret=True, help="User's password"),
---- python-keystoneclient-1.3.3/keystoneclient/contrib/auth/v3/saml2.py.~1~ 2015-11-10 11:46:38.000000000 -0800
-+++ python-keystoneclient-1.3.3/keystoneclient/contrib/auth/v3/saml2.py 2016-01-18 22:51:57.249700774 -0800
-@@ -72,8 +72,8 @@ class _BaseSAMLPlugin(v3.AuthConstructor
- cfg.StrOpt('identity-provider', help="Identity Provider's name"),
- cfg.StrOpt('identity-provider-url',
- help="Identity Provider's URL"),
-- cfg.StrOpt('user-name', dest='username', help='Username',
-- deprecated_name='username'),
-+ cfg.StrOpt('username', dest='username', help='Username',
-+ deprecated_name='user-name'),
- cfg.StrOpt('password', help='Password')
- ])
- return options
---- python-keystoneclient-1.3.3/keystoneclient/tests/unit/auth/test_password.py.~1~ 2015-11-10 11:46:38.000000000 -0800
-+++ python-keystoneclient-1.3.3/keystoneclient/tests/unit/auth/test_password.py 2016-01-18 22:51:57.250527060 -0800
-@@ -43,7 +43,7 @@ class PasswordTests(utils.GenericPluginT
- def test_options(self):
- opts = [o.name for o in self.PLUGIN_CLASS.get_options()]
-
-- allowed_opts = ['user-name',
-+ allowed_opts = ['username',
- 'user-domain-id',
- 'user-domain-name',
- 'user-id',
--- a/components/python/keystoneclient/patches/nopycrypto.patch Wed Sep 07 14:48:36 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,94 +0,0 @@
-In-house removal of PyCrypto dependency in keystoneclient. This patch
-is Solaris-specific and not suitable for upstream.
-
---- python-keystoneclient-1.3.0/keystoneclient/middleware/memcache_crypt.py.~1~ 2015-03-25 14:00:24.000000000 -0600
-+++ python-keystoneclient-1.3.0/keystoneclient/middleware/memcache_crypt.py 2015-04-27 17:29:37.082689412 -0600
-@@ -17,7 +17,7 @@
- Utilities for memcache encryption and integrity check.
-
- Data should be serialized before entering these functions. Encryption
--has a dependency on the pycrypto. If pycrypto is not available,
-+has a dependency on M2Crypto. If M2Crypto is not available,
- CryptoUnavailableError will be raised.
-
- This module will not be called unless signing or encryption is enabled
-@@ -37,9 +37,10 @@ import sys
-
- import six
-
--# make sure pycrypto is available
-+# make sure M2Crypto is available
- try:
-- from Crypto.Cipher import AES
-+ from M2Crypto.EVP import Cipher
-+ AES = Cipher
- except ImportError:
- AES = None
-
-@@ -72,6 +73,12 @@ class CryptoUnavailableError(Exception):
- pass
-
-
-+class InvalidKeyLength(Exception):
-+ """raise when AES key length is an invalid value.
-+
-+ """
-+ pass
-+
- def assert_crypto_availability(f):
- """Ensure Crypto module is available."""
-
-@@ -131,31 +138,44 @@ def sign_data(key, data):
- return base64.b64encode(mac)
-
-
-+def _key_to_alg(key):
-+ """Return a M2Crypto-compatible AES-CBC algorithm name given a key."""
-+ aes_algs = {
-+ 128: 'aes_128_cbc',
-+ 192: 'aes_192_cbc',
-+ 256: 'aes_256_cbc'
-+ }
-+
-+ keylen = 8 * len(key)
-+ if keylen not in aes_algs:
-+ msg = ('Invalid AES key length, %d bits') % keylen
-+ raise InvalidKeyLength(msg)
-+ return aes_algs[keylen]
-+
-+
- @assert_crypto_availability
- def encrypt_data(key, data):
- """Encrypt the data with the given secret key.
-
-- Padding is n bytes of the value n, where 1 <= n <= blocksize.
- """
- iv = os.urandom(16)
-- cipher = AES.new(key, AES.MODE_CBC, iv)
-- padding = 16 - len(data) % 16
-- return iv + cipher.encrypt(data + six.int2byte(padding) * padding)
-+ cipher = Cipher(alg=_key_to_alg(key), key=key, iv=iv, op=1)
-+ result = cipher.update(data)
-+ return iv + result + cipher.final()
-
-
- @assert_crypto_availability
- def decrypt_data(key, data):
- """Decrypt the data with the given secret key."""
- iv = data[:16]
-- cipher = AES.new(key, AES.MODE_CBC, iv)
-+ cipher = Cipher(alg=_key_to_alg(key), key=key, iv=iv, op=0)
- try:
-- result = cipher.decrypt(data[16:])
-+ result = cipher.update(data[16:])
-+ result = result + cipher.final()
- except Exception:
- raise DecryptError('Encrypted data appears to be corrupted.')
-
-- # Strip the last n padding bytes where n is the last value in
-- # the plaintext
-- return result[:-1 * six.byte2int([result[-1]])]
-+ return result
-
-
- def protect_data(keys, data):