From 29877158547f869e90cc6a766c5d56d444ebc2ab Mon Sep 17 00:00:00 2001
From: Matthew Thode <mthode@mthode.org>
Date: Wed, 28 Mar 2018 11:48:59 -0500
Subject: [PATCH] uncap pysaml2

This is the first step in updating pysaml2 to 4.5.0.
Only keystone needs to consume this before we update UC/GR (as they get a
pkg_resources.ContextualVersionConflict if we update everything in one go).

The versions were masked because they could bring in pycryptodome, which we do
not want.

Next step, after keystone consumes this change, is to update upper-constraints.

We also want to be able to exclude prereleases if needed, so modify the check
to allow exclusions of prereleases.

Partial-Bug: #1750843
Change-Id: I6cf9812deecbfaea5ff6e47ba3d48dd94db773b5
---
 global-requirements.txt               | 8 +-------
 openstack_requirements/requirement.py | 3 ++-
 2 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/global-requirements.txt b/global-requirements.txt
index eafe7cecac..81bd6e44cd 100644
--- a/global-requirements.txt
+++ b/global-requirements.txt
@@ -230,13 +230,7 @@ pyparsing>=2.1.0  # MIT
 pyroute2>=0.4.21;sys_platform!='win32'  # Apache-2.0 (+ dual licensed GPL2)
 pysnmp>=4.2.3  # BSD
 pystache>=0.5.4  # MIT
-
-# NOTE(dims): pysaml 4.0.3 uses pycryptodome instead of pycrypto, for mitaka
-# we cannot switch to pycryptodome as many projects are likely to break. So
-# we should block versions higher then 4.0.2. Also, once all projects and
-# dependencies like paramiko switch to pycryptodome, we should revisit this
-# and fully switch over to pycryptodome and stop using pycrypto
-pysaml2>=4.0.2,<4.0.3  # Apache-2.0
+pysaml2>=4.0.2,!=4.0.3,!=4.0.4,!=4.0.5,!=4.0.5rc1,!=4.1.0,!=4.2.0,!=4.3.0,!=4.4.0  # Apache-2.0
 
 # OpenStack clients. None of these should have an upper bound
 # as that has implications for testing in the gate.
diff --git a/openstack_requirements/requirement.py b/openstack_requirements/requirement.py
index fce90af19a..5fc58db323 100644
--- a/openstack_requirements/requirement.py
+++ b/openstack_requirements/requirement.py
@@ -224,7 +224,8 @@ def check_reqs_bounds_policy(global_reqs):
                 lower_bound = lower_bound.pop()
                 for spec in _specifiers:
                     if spec.operator == '!=':
-                        if not lower_bound.contains(spec.version):
+                        if not lower_bound.contains(spec.version,
+                                                    prereleases=True):
                             yield('Requirement %s has a !=%s specifier '
                                   'that is not >=%s' % (req.package,
                                                         spec.version,