diff options
| author | Christian Heimes <cheimes@redhat.com> | 2015-08-11 20:55:48 +0200 |
|---|---|---|
| committer | Christian Heimes <cheimes@redhat.com> | 2015-08-14 13:03:18 +0200 |
| commit | 12badcabc1cd345256a4902f7b0583cf667ecd8d (patch) | |
| tree | d0a45d096fab9c0b14d5221557a616824ecfd24a /base/server/python | |
| parent | d63ade55f5cc2a9ecf21ea2b43cfac80149c4c29 (diff) | |
| download | pki-12badcabc1cd345256a4902f7b0583cf667ecd8d.tar.gz pki-12badcabc1cd345256a4902f7b0583cf667ecd8d.tar.xz pki-12badcabc1cd345256a4902f7b0583cf667ecd8d.zip | |
Make pki PEP 8 compatible
Large portions of the patch was automatically created with autopep8:
find base/ -name '*.py' | xargs autopep8 --in-place --ignore E309 \
--aggressive
find base/common/upgrade base/server/upgrade -type f -and \
-not -name .gitignore | autopep8 --in-place --ignore E309 --aggressive
autopep8 --in-place --ignore E309 --aggressive \
base/common/sbin/pki-upgrade \
base/server/sbin/pkispawn \
base/server/sbin/pkidestroy \
base/server/sbin/pki-server \
base/server/sbin/pki-server-upgrade
About two dozent violations were fixed manually.
https://fedorahosted.org/pki/ticket/708
Diffstat (limited to 'base/server/python')
13 files changed, 202 insertions, 181 deletions
diff --git a/base/server/python/pki/server/__init__.py b/base/server/python/pki/server/__init__.py index 9777d221f..3a2cf6bef 100644 --- a/base/server/python/pki/server/__init__.py +++ b/base/server/python/pki/server/__init__.py @@ -108,7 +108,7 @@ class PKISubsystem(object): class PKIInstance(object): - def __init__(self, name, instanceType=10): + def __init__(self, name, instanceType=10): # nopep8 self.name = name self.type = instanceType @@ -121,7 +121,10 @@ class PKIInstance(object): self.conf_dir = os.path.join(self.base_dir, 'conf') self.lib_dir = os.path.join(self.base_dir, 'lib') - self.registry_dir = os.path.join(pki.server.REGISTRY_DIR, 'tomcat', self.name) + self.registry_dir = os.path.join( + pki.server.REGISTRY_DIR, + 'tomcat', + self.name) self.registry_file = os.path.join(self.registry_dir, self.name) self.service_name = 'pki-tomcatd@%s.service' % self.name @@ -149,7 +152,8 @@ class PKIInstance(object): subprocess.check_call(['systemctl', 'stop', self.service_name]) def is_active(self): - rc = subprocess.call(['systemctl', '--quiet', 'is-active', self.service_name]) + rc = subprocess.call( + ['systemctl', '--quiet', 'is-active', self.service_name]) return rc == 0 def load(self): @@ -215,7 +219,7 @@ class PKIInstance(object): # set deployment descriptor ownership and permission os.chown(context_xml, self.uid, self.gid) - os.chmod(context_xml, 00660) + os.chmod(context_xml, 0o0660) def undeploy(self, webapp_name): context_xml = os.path.join( diff --git a/base/server/python/pki/server/cli/instance.py b/base/server/python/pki/server/cli/instance.py index becad1447..95a708bee 100644 --- a/base/server/python/pki/server/cli/instance.py +++ b/base/server/python/pki/server/cli/instance.py @@ -322,7 +322,9 @@ class InstanceMigrateCLI(pki.cli.CLI): instance = pki.server.PKIInstance(instance_name) instance.load() - module.migrate(instance, tomcat_version) # pylint: disable=no-member,maybe-no-member + module.migrate( # pylint: disable=no-member,maybe-no-member + instance, + tomcat_version) self.print_message('%s instance migrated' % instance_name) @@ -369,14 +371,15 @@ class InstanceNuxwdogEnableCLI(pki.cli.CLI): self.print_help() sys.exit(1) - #module = self.top.find_module('nuxwdog-enable') + # module = self.top.find_module('nuxwdog-enable') module = pki.server.cli.nuxwdog.NuxwdogEnableCLI() module.set_verbose(self.verbose) instance = pki.server.PKIInstance(instance_name) instance.load() - module.enable_nuxwdog(instance) # pylint: disable=no-member,maybe-no-member + module.enable_nuxwdog( # pylint: disable=no-member,maybe-no-member + instance) self.print_message('Nuxwdog enabled for instance %s.' % instance_name) @@ -430,6 +433,7 @@ class InstanceNuxwdogDisableCLI(pki.cli.CLI): instance = pki.server.PKIInstance(instance_name) instance.load() - module.disable_nuxwdog(instance) # pylint: disable=no-member,maybe-no-member + module.disable_nuxwdog( + instance) # pylint: disable=no-member,maybe-no-member self.print_message('Nuxwdog disabled for instance %s.' % instance_name) diff --git a/base/server/python/pki/server/cli/migrate.py b/base/server/python/pki/server/cli/migrate.py index bb807d8ca..de62a24b4 100644 --- a/base/server/python/pki/server/cli/migrate.py +++ b/base/server/python/pki/server/cli/migrate.py @@ -46,7 +46,6 @@ class MigrateCLI(pki.cli.CLI): print def execute(self, argv): - try: opts, _ = getopt.getopt(argv, 'i:v', [ 'tomcat=', 'verbose', 'debug', 'help']) @@ -91,25 +90,30 @@ class MigrateCLI(pki.cli.CLI): self.print_message('System migrated') def migrate(self, instance, tomcat_version): - self.migrate_instance(instance, tomcat_version) self.migrate_subsystems(instance, tomcat_version) def migrate_instance(self, instance, tomcat_version): - server_xml = os.path.join(instance.conf_dir, 'server.xml') self.migrate_server_xml(server_xml, tomcat_version) - root_context_xml = os.path.join(instance.conf_dir, 'Catalina', 'localhost', 'ROOT.xml') + root_context_xml = os.path.join( + instance.conf_dir, + 'Catalina', + 'localhost', + 'ROOT.xml') self.migrate_context_xml(root_context_xml, tomcat_version) - pki_context_xml = os.path.join(instance.conf_dir, 'Catalina', 'localhost', 'pki.xml') + pki_context_xml = os.path.join( + instance.conf_dir, + 'Catalina', + 'localhost', + 'pki.xml') self.migrate_context_xml(pki_context_xml, tomcat_version) self.migrate_tomcat_libraries(instance) def migrate_server_xml(self, filename, tomcat_version): - if self.verbose: print 'Migrating %s' % filename @@ -130,61 +134,60 @@ class MigrateCLI(pki.cli.CLI): f.write(etree.tostring(document, pretty_print=True)) def migrate_server_xml_to_tomcat7(self, document): - server = document.getroot() - jasper_comment = etree.Comment('Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html ') + jasper_comment = etree.Comment( + 'Initialize Jasper prior to webapps are loaded. Documentation ' + 'at /docs/jasper-howto.html ') jasper_listener = etree.Element('Listener') - jasper_listener.set('className', 'org.apache.catalina.core.JasperListener') + jasper_listener.set( + 'className', + 'org.apache.catalina.core.JasperListener') - jmx_support_comment = etree.Comment(' JMX Support for the Tomcat server. Documentation at /docs/non-existent.html ') + jmx_support_comment = etree.Comment( + ' JMX Support for the Tomcat server. Documentation at ' + '/docs/non-existent.html ') - excluded_comment1 = etree.Comment(' The following class has been commented out because it ') - excluded_comment2 = etree.Comment(' has been EXCLUDED from the Tomcat 7 \'tomcat-lib\' RPM! ') + excluded_comment1 = etree.Comment( + ' The following class has been commented out because it ') + excluded_comment2 = etree.Comment( + ' has been EXCLUDED from the Tomcat 7 \'tomcat-lib\' RPM! ') - server_lifecycle_comment = etree.Comment(' Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" ') + server_lifecycle_comment = etree.Comment( + ' Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" ') global_resources_lifecycle_listener = None children = list(server) for child in children: - - if isinstance(child, etree._Comment): # pylint: disable=protected-access - + if isinstance(child, etree._Comment): # pylint: disable=protected-access if 'org.apache.catalina.security.SecurityListener' in child.text: server.remove(child) - elif 'Initialize Jasper prior to webapps are loaded.' in child.text: jasper_comment = None - elif 'JMX Support for the Tomcat server.' in child.text: jmx_support_comment = None - elif 'The following class has been commented out because it' in child.text: excluded_comment1 = None - elif 'has been EXCLUDED from the Tomcat 7 \'tomcat-lib\' RPM!' in child.text: excluded_comment2 = None - elif 'org.apache.catalina.mbeans.ServerLifecycleListener' in child.text: server_lifecycle_comment = None - if 'Prevent memory leaks due to use of particular java/javax APIs' in child.text: server.remove(child) elif child.tag == 'Listener': class_name = child.get('className') - if class_name == 'org.apache.catalina.startup.VersionLoggerListener'\ - or class_name == 'org.apache.catalina.security.SecurityListener'\ - or class_name == 'org.apache.catalina.mbeans.ServerLifecycleListener'\ - or class_name == 'org.apache.catalina.core.JreMemoryLeakPreventionListener'\ - or class_name == 'org.apache.catalina.core.ThreadLocalLeakPreventionListener': - + if class_name in { + 'org.apache.catalina.startup.VersionLoggerListener', + 'org.apache.catalina.security.SecurityListener', + 'org.apache.catalina.mbeans.ServerLifecycleListener', + 'org.apache.catalina.core.JreMemoryLeakPreventionListener', + 'org.apache.catalina.core.ThreadLocalLeakPreventionListener'}: if self.debug: print '* removing %s' % class_name - server.remove(child) elif class_name == 'org.apache.catalina.core.JasperListener': @@ -231,7 +234,6 @@ class MigrateCLI(pki.cli.CLI): connectors = server.findall('Service/Connector') for connector in connectors: - if connector.get('secure') == 'true': connector.set('protocol', 'HTTP/1.1') @@ -240,78 +242,68 @@ class MigrateCLI(pki.cli.CLI): valves = server.findall('Service/Engine/Host/Valve') for valve in valves: - if valve.get('className') == 'org.apache.catalina.valves.AccessLogValve': valve.set('prefix', 'localhost_access_log.') def migrate_server_xml_to_tomcat8(self, document): - server = document.getroot() version_logger_listener = etree.Element('Listener') - version_logger_listener.set('className', 'org.apache.catalina.startup.VersionLoggerListener') + version_logger_listener.set( + 'className', + 'org.apache.catalina.startup.VersionLoggerListener') security_listener_comment = etree.Comment(''' Security listener. Documentation at /docs/config/listeners.html <Listener className="org.apache.catalina.security.SecurityListener" /> ''') jre_memory_leak_prevention_listener = etree.Element('Listener') - jre_memory_leak_prevention_listener.set('className', 'org.apache.catalina.core.JreMemoryLeakPreventionListener') + jre_memory_leak_prevention_listener.set( + 'className', + 'org.apache.catalina.core.JreMemoryLeakPreventionListener') global_resources_lifecycle_listener = None thread_local_leak_prevention_listener = etree.Element('Listener') - thread_local_leak_prevention_listener.set('className', 'org.apache.catalina.core.ThreadLocalLeakPreventionListener') + thread_local_leak_prevention_listener.set( + 'className', + 'org.apache.catalina.core.ThreadLocalLeakPreventionListener') - prevent_comment = etree.Comment(' Prevent memory leaks due to use of particular java/javax APIs') + prevent_comment = etree.Comment( + ' Prevent memory leaks due to use of particular java/javax APIs') children = list(server) for child in children: - - if isinstance(child, etree._Comment): # pylint: disable=protected-access - + if isinstance(child, etree._Comment): # pylint: disable=protected-access if 'org.apache.catalina.security.SecurityListener' in child.text: security_listener_comment = None - elif 'Initialize Jasper prior to webapps are loaded.' in child.text: server.remove(child) - elif 'JMX Support for the Tomcat server.' in child.text: server.remove(child) - elif 'The following class has been commented out because it' in child.text: server.remove(child) - elif 'has been EXCLUDED from the Tomcat 7 \'tomcat-lib\' RPM!' in child.text: server.remove(child) - elif 'org.apache.catalina.mbeans.ServerLifecycleListener' in child.text: server.remove(child) - elif 'Prevent memory leaks due to use of particular java/javax APIs' in child.text: prevent_comment = None elif child.tag == 'Listener': - class_name = child.get('className') if class_name == 'org.apache.catalina.core.JasperListener'\ - or class_name == 'org.apache.catalina.mbeans.ServerLifecycleListener': - + or class_name == 'org.apache.catalina.mbeans.ServerLifecycleListener': if self.debug: print '* removing %s' % class_name - server.remove(child) - elif class_name == 'org.apache.catalina.startup.VersionLoggerListener': version_logger_listener = None - elif class_name == 'org.apache.catalina.core.JreMemoryLeakPreventionListener': jre_memory_leak_prevention_listener = None - elif class_name == 'org.apache.catalina.mbeans.GlobalResourcesLifecycleListener': global_resources_lifecycle_listener = child - elif class_name == 'org.apache.catalina.core.ThreadLocalLeakPreventionListener': thread_local_leak_prevention_listener = None @@ -359,7 +351,9 @@ class MigrateCLI(pki.cli.CLI): for connector in connectors: if connector.get('secure') == 'true': - connector.set('protocol', 'org.apache.coyote.http11.Http11Protocol') + connector.set( + 'protocol', + 'org.apache.coyote.http11.Http11Protocol') if self.debug: print '* updating AccessLogValve' @@ -367,20 +361,18 @@ class MigrateCLI(pki.cli.CLI): valves = server.findall('Service/Engine/Host/Valve') for valve in valves: - if valve.get('className') == 'org.apache.catalina.valves.AccessLogValve': + if valve.get( + 'className') == 'org.apache.catalina.valves.AccessLogValve': valve.set('prefix', 'localhost_access_log') def migrate_subsystems(self, instance, tomcat_version): - for subsystem in instance.subsystems: self.migrate_subsystem(subsystem, tomcat_version) def migrate_subsystem(self, subsystem, tomcat_version): - self.migrate_context_xml(subsystem.context_xml, tomcat_version) def migrate_context_xml(self, filename, tomcat_version): - if not os.path.exists(filename): return @@ -404,7 +396,6 @@ class MigrateCLI(pki.cli.CLI): f.write(etree.tostring(document, pretty_print=True)) def migrate_context_xml_to_tomcat7(self, document): - context = document.getroot() context.set('allowLinking', 'true') @@ -418,9 +409,8 @@ class MigrateCLI(pki.cli.CLI): context.remove(resources) def migrate_context_xml_to_tomcat8(self, document): - context = document.getroot() - if context.attrib.has_key('allowLinking'): + if 'allowLinking' in context.attrib: context.attrib.pop('allowLinking') resources = context.find('Resources') @@ -436,7 +426,6 @@ class MigrateCLI(pki.cli.CLI): resources.set('allowLinking', 'true') def migrate_tomcat_libraries(self, instance): - # remove old links for filename in os.listdir(instance.lib_dir): diff --git a/base/server/python/pki/server/cli/subsystem.py b/base/server/python/pki/server/cli/subsystem.py index 43eb564ee..a63eb86d7 100644 --- a/base/server/python/pki/server/cli/subsystem.py +++ b/base/server/python/pki/server/cli/subsystem.py @@ -248,7 +248,9 @@ class SubsystemEnableCLI(pki.cli.CLI): class SubsystemDisableCLI(pki.cli.CLI): def __init__(self): - super(SubsystemDisableCLI, self).__init__('disable', 'Disable subsystem') + super(SubsystemDisableCLI, self).__init__( + 'disable', + 'Disable subsystem') def usage(self): print 'Usage: pki-server subsystem-disable [OPTIONS] <subsystem ID>' diff --git a/base/server/python/pki/server/deployment/pkiconfig.py b/base/server/python/pki/server/deployment/pkiconfig.py index 5ffed768b..8bca657de 100644 --- a/base/server/python/pki/server/deployment/pkiconfig.py +++ b/base/server/python/pki/server/deployment/pkiconfig.py @@ -20,14 +20,14 @@ # # PKI Deployment Constants -PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS = 00755 -PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS = 00770 -PKI_DEPLOYMENT_DEFAULT_EXE_PERMISSIONS = 00770 -PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS = 00660 -PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS = 00600 -PKI_DEPLOYMENT_DEFAULT_SGID_DIR_PERMISSIONS = 02770 -PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS = 00777 -PKI_DEPLOYMENT_DEFAULT_UMASK = 00002 +PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS = 0o0755 +PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS = 0o0770 +PKI_DEPLOYMENT_DEFAULT_EXE_PERMISSIONS = 0o0770 +PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS = 0o0660 +PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS = 0o0600 +PKI_DEPLOYMENT_DEFAULT_SGID_DIR_PERMISSIONS = 0o2770 +PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS = 0o0777 +PKI_DEPLOYMENT_DEFAULT_UMASK = 0o0002 PKI_DEPLOYMENT_DEFAULT_COMMENT = "'Certificate System'" PKI_DEPLOYMENT_DEFAULT_GID = 17 diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index cf04e68bc..62abce74e 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -111,13 +111,13 @@ def pki_copytree(src, dst, symlinks=False, ignore=None): shutil.copy2(srcname, dstname) # catch the Error from the recursive pki_copytree so that we can # continue with other files - except Error, err: + except Error as err: errors.extend(err.args[0]) - except EnvironmentError, why: + except EnvironmentError as why: errors.append((srcname, dstname, str(why))) try: shutil.copystat(src, dst) - except OSError, why: + except OSError as why: if WindowsError is not None and isinstance(why, WindowsError): # Copying file access times may fail on Windows pass @@ -307,16 +307,16 @@ class Identity: def group_exists(self, pki_group): try: - _ = getgrnam(pki_group)[1] + _ = getgrnam(pki_group)[1] # nopep8 return True - except KeyError as _: + except KeyError: return False def user_exists(self, pki_user): try: - _ = getpwnam(pki_user)[1] + _ = getpwnam(pki_user)[1] # nopep8 return True - except KeyError as _: + except KeyError: return False def is_user_a_member_of_group(self, pki_user, pki_group): @@ -369,7 +369,8 @@ class Namespace: self.mdict['pki_instance_name'], self.mdict['pki_instance_path'])) else: - if os.path.exists(self.mdict['pki_target_tomcat_conf_instance_id']): + if os.path.exists( + self.mdict['pki_target_tomcat_conf_instance_id']): # Top-Level "/etc/sysconfig" path collision config.pki_log.error( log.PKIHELPER_NAMESPACE_COLLISION_2, @@ -548,7 +549,8 @@ class ConfigurationFile: self.subsystem) if config.str2bool( self.mdict['pki_subordinate_create_new_security_domain']): - self.confirm_data_exists('pki_subordinate_security_domain_name') + self.confirm_data_exists( + 'pki_subordinate_security_domain_name') def confirm_external_step_two(self): # ALWAYS defined via 'pkiparser.py' @@ -562,7 +564,7 @@ class ConfigurationFile: self.subsystem) def confirm_data_exists(self, param): - if not param in self.mdict or not len(self.mdict[param]): + if param not in self.mdict or not len(self.mdict[param]): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, param, @@ -600,8 +602,8 @@ class ConfigurationFile: # If HSM, verify absence of all PKCS #12 backup parameters if (config.str2bool(self.mdict['pki_hsm_enable']) and (config.str2bool(self.mdict['pki_backup_keys']) or - ('pki_backup_password' in self.mdict and - len(self.mdict['pki_backup_password'])))): + ('pki_backup_password' in self.mdict and + len(self.mdict['pki_backup_password'])))): config.pki_log.error( log.PKIHELPER_HSM_KEYS_CANNOT_BE_BACKED_UP_TO_PKCS12_FILES, extra=config.PKI_INDENTATION_LEVEL_2) @@ -623,7 +625,7 @@ class ConfigurationFile: # Verify absence of all PKCS #12 clone parameters for HSMs elif (os.path.exists(self.mdict['pki_clone_pkcs12_path']) or ('pki_clone_pkcs12_password' in self.mdict and - len(self.mdict['pki_clone_pkcs12_password']))): + len(self.mdict['pki_clone_pkcs12_password']))): config.pki_log.error( log.PKIHELPER_HSM_CLONES_MUST_SHARE_HSM_MASTER_PRIVATE_KEYS, extra=config.PKI_INDENTATION_LEVEL_2) @@ -966,7 +968,9 @@ class Instance: if os.path.isdir(os.path.join(self.mdict['pki_path'], instance))\ and not\ os.path.islink(os.path.join(self.mdict['pki_path'], instance)): - instance_dir = os.path.join(self.mdict['pki_path'], instance) + instance_dir = os.path.join( + self.mdict['pki_path'], + instance) # Since ANY directory within this PKI instance COULD # be a PKI subsystem, look for all possible # PKI subsystems within this PKI instance @@ -989,7 +993,8 @@ class Instance: rv = [] try: for subsystem in config.PKI_TOMCAT_SUBSYSTEMS: - path = self.mdict['pki_instance_path'] + "/" + subsystem.lower() + path = self.mdict['pki_instance_path'] + \ + "/" + subsystem.lower() if os.path.exists(path) and os.path.isdir(path): rv.append(subsystem) except OSError as exc: @@ -1008,13 +1013,13 @@ class Instance: # present within the PKI 'tomcat' registry directory for instance in os.listdir( self.mdict['pki_instance_type_registry_path']): - if os.path.isdir(\ - os.path.join(\ - self.mdict['pki_instance_type_registry_path'],\ + if os.path.isdir( + os.path.join( + self.mdict['pki_instance_type_registry_path'], instance)) and not\ - os.path.islink(\ - os.path.join(\ - self.mdict['pki_instance_type_registry_path'],\ + os.path.islink( + os.path.join( + self.mdict['pki_instance_type_registry_path'], instance)): rv += 1 config.pki_log.debug(log.PKIHELPER_TOMCAT_INSTANCES_2, @@ -1074,7 +1079,9 @@ class Instance: try: client = pki.system.SystemStatusClient(connection) response = client.get_status() - config.pki_log.debug(response, extra=config.PKI_INDENTATION_LEVEL_3) + config.pki_log.debug( + response, + extra=config.PKI_INDENTATION_LEVEL_3) root = ET.fromstring(response) status = root.findtext("Status") @@ -1465,7 +1472,10 @@ class Directory: msg = log.PKI_SHUTIL_ERROR_1 else: msg = log.PKI_OSERROR_1 - config.pki_log.error(msg, exc, extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.error( + msg, + exc, + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure: raise return @@ -1578,7 +1588,9 @@ class File: log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name, extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure: - raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % name) + raise Exception( + log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % + name) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) @@ -1624,7 +1636,9 @@ class File: config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, old_name, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % old_name) + raise Exception( + log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % + old_name) else: if os.path.exists(new_name): if not overwrite_flag: @@ -1668,7 +1682,10 @@ class File: msg = log.PKI_SHUTIL_ERROR_1 else: msg = log.PKI_OSERROR_1 - config.pki_log.error(msg, exc, extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.error( + msg, + exc, + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure: raise return @@ -1726,7 +1743,10 @@ class File: msg = log.PKI_SHUTIL_ERROR_1 else: msg = log.PKI_OSERROR_1 - config.pki_log.error(msg, exc, extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.error( + msg, + exc, + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure: raise return @@ -1741,7 +1761,9 @@ class File: config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, old_name, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % old_name) + raise Exception( + log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % + old_name) else: if os.path.exists(new_name): if not overwrite_flag: @@ -1796,7 +1818,10 @@ class File: msg = log.PKI_SHUTIL_ERROR_1 else: msg = log.PKI_OSERROR_1 - config.pki_log.error(msg, exc, extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.error( + msg, + exc, + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure: raise return @@ -2119,7 +2144,9 @@ class Password: token_name, extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure: - raise Exception(log.PKIHELPER_PASSWORD_NOT_FOUND_1 % token_name) + raise Exception( + log.PKIHELPER_PASSWORD_NOT_FOUND_1 % + token_name) else: return return token_pwd @@ -2141,11 +2168,11 @@ class HSM: def initialize_ncipher(self): if (self.file.exists(config.PKI_HSM_NCIPHER_EXE) and - self.file.exists(config.PKI_HSM_NCIPHER_LIB) and - self.identity.group_exists(config.PKI_HSM_NCIPHER_GROUP)): + self.file.exists(config.PKI_HSM_NCIPHER_LIB) and + self.identity.group_exists(config.PKI_HSM_NCIPHER_GROUP)): # Check if 'pki_user' is a member of the default "nCipher" group if not self.identity.is_user_a_member_of_group( - self.mdict['pki_user'], config.PKI_HSM_NCIPHER_GROUP): + self.mdict['pki_user'], config.PKI_HSM_NCIPHER_GROUP): # Make 'pki_user' a member of the default "nCipher" group self.identity.add_user_to_group(self.mdict['pki_user'], config.PKI_HSM_NCIPHER_GROUP) @@ -2696,7 +2723,6 @@ class Modutil: extra=config.PKI_INDENTATION_LEVEL_2) return True - def register_security_module(self, path, modulename, libfile, prefix=None, critical_failure=True): try: @@ -2944,7 +2970,8 @@ class KRAConnector: sechost, secport) except Exception as e: config.pki_log.error( - "unable to access security domain. Continuing .. " + str(e), + "unable to access security domain. Continuing .. " + + str(e), extra=config.PKI_INDENTATION_LEVEL_2) ca_list = [] @@ -3085,7 +3112,7 @@ class TPSConnector: else: return - #retrieve tks host and port + # retrieve tks host and port if ':' in tkshostport: tkshost = tkshostport.split(':')[0] tksport = tkshostport.split(':')[1] @@ -3854,7 +3881,7 @@ class ConfigClient: admin_cert = response['adminCert']['cert'] self.process_admin_cert(admin_cert) - except Exception, e: + except Exception as e: config.pki_log.error( log.PKI_CONFIG_JAVA_CONFIGURATION_EXCEPTION + " " + str(e), extra=config.PKI_INDENTATION_LEVEL_2) @@ -3862,7 +3889,7 @@ class ConfigClient: if hasattr(e, 'response'): try: root = ET.fromstring(e.response.text) - except ET.ParseError, pe: + except ET.ParseError as pe: config.pki_log.error( "ParseError: %s: %s " % (pe, e.response.text), extra=config.PKI_INDENTATION_LEVEL_2) @@ -4007,8 +4034,8 @@ class ConfigClient: with open(self.mdict['pki_external_admin_csr_path'], "w") as f: f.write("-----BEGIN CERTIFICATE REQUEST-----\n") admin_certreq = None - with open(os.path.join(\ - self.mdict['pki_client_database_dir'],\ + with open(os.path.join( + self.mdict['pki_client_database_dir'], "admin_pkcs10.bin.asc"), "r") as f: admin_certreq = f.read() with open(self.mdict['pki_external_admin_csr_path'], "a") as f: @@ -4021,8 +4048,10 @@ class ConfigClient: log.PKI_CONFIG_CDATA_REQUEST + "\n" + admin_certreq, extra=config.PKI_INDENTATION_LEVEL_2) - def save_admin_cert(self, message, input_data, output_file, subsystem_name): - config.pki_log.debug(message + " '" + output_file + "'", subsystem_name, + def save_admin_cert(self, message, input_data, output_file, + subsystem_name): + config.pki_log.debug(message + " '" + output_file + "'", + subsystem_name, extra=config.PKI_INDENTATION_LEVEL_2) with open(output_file, "w") as f: f.write(input_data) @@ -4058,7 +4087,7 @@ class ConfigClient: cert.certChain = f.read() def set_system_certs(self, data): - systemCerts = [] + systemCerts = [] # nopep8 # Create 'CA Signing Certificate' if not self.clone: @@ -4277,7 +4306,8 @@ class ConfigClient: data.securityDomainType = "existingdomain" data.securityDomainUri = self.mdict['pki_security_domain_uri'] data.securityDomainUser = self.mdict['pki_security_domain_user'] - data.securityDomainPassword = self.mdict['pki_security_domain_password'] + data.securityDomainPassword = self.mdict[ + 'pki_security_domain_password'] def set_new_security_domain(self, data): data.securityDomainType = "newdomain" @@ -4559,4 +4589,6 @@ class PKIDeployer: f.write(etree.tostring(document, pretty_print=True)) os.chown(new_descriptor, self.mdict['pki_uid'], self.mdict['pki_gid']) - os.chmod(new_descriptor, config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS) + os.chmod( + new_descriptor, + config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS) diff --git a/base/server/python/pki/server/deployment/pkimanifest.py b/base/server/python/pki/server/deployment/pkimanifest.py index 593fb20d3..67b9348c1 100644 --- a/base/server/python/pki/server/deployment/pkimanifest.py +++ b/base/server/python/pki/server/deployment/pkimanifest.py @@ -101,4 +101,3 @@ class File: config.pki_log.error(log.PKI_IOERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_1) raise - diff --git a/base/server/python/pki/server/deployment/pkimessages.py b/base/server/python/pki/server/deployment/pkimessages.py index cc9102161..649237307 100644 --- a/base/server/python/pki/server/deployment/pkimessages.py +++ b/base/server/python/pki/server/deployment/pkimessages.py @@ -146,7 +146,7 @@ REMINDER: Finally, if an optional '-p <prefix>' is defined, this value WILL NOT be prepended in front of the mandatory '-f <configuration_file>'. """ + PKI_VERBOSITY -PKISPAWN_INTERACTIVE_INSTALLATION=''' +PKISPAWN_INTERACTIVE_INSTALLATION = ''' IMPORTANT: Interactive installation currently only exists for very basic deployments! diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py index c1b6be395..f192cc924 100644 --- a/base/server/python/pki/server/deployment/pkiparser.py +++ b/base/server/python/pki/server/deployment/pkiparser.py @@ -52,7 +52,7 @@ class PKIConfigParser: def __init__(self, description, epilog): self.pki_config = None - #Read and process command-line options + # Read and process command-line options self.arg_parser = argparse.ArgumentParser( description=description, add_help=False, @@ -64,7 +64,8 @@ class PKIConfigParser: 'mandatory arguments') # Establish 'Optional' command-line options - self.optional = self.arg_parser.add_argument_group('optional arguments') + self.optional = self.arg_parser.add_argument_group( + 'optional arguments') self.optional.add_argument( '-s', dest='pki_subsystem', action='store', @@ -239,17 +240,17 @@ class PKIConfigParser: self.pki_config.set(section, key, value) self.flatten_master_dict() - if section != "DEFAULT" and not config.user_config.has_section(section): + if section != "DEFAULT" and not config.user_config.has_section( + section): config.user_config.add_section(section) config.user_config.set(section, key, value) def print_text(self, message): print ' ' * self.indent + message - def read_text( - self, message, - section=None, key=None, default=None, - options=None, sign=':', allow_empty=True, case_sensitive=True): + def read_text(self, message, section=None, key=None, default=None, + options=None, sign=':', allow_empty=True, + case_sensitive=True): if default is None and key is not None: default = self.mdict[key] @@ -289,12 +290,11 @@ class PKIConfigParser: return value - def read_password( - self, message, section=None, key=None, - verifyMessage=None): + def read_password(self, message, section=None, key=None, # nopep8 + verifyMessage=None): message = ' ' * self.indent + message + ': ' - if verifyMessage is not None: - verifyMessage = ' ' * self.indent + verifyMessage + ': ' + if verifyMessage is not None: # nopep8 + verifyMessage = ' ' * self.indent + verifyMessage + ': ' # nopep8 while True: password = '' @@ -370,7 +370,7 @@ class PKIConfigParser: section, key, val.replace("%", "%%")) except ConfigParser.NoOptionError: continue - except ConfigParser.ParsingError, err: + except ConfigParser.ParsingError as err: print err rv = err return rv @@ -578,25 +578,25 @@ class PKIConfigParser: self.mdict['sensitive_parameters'].split() # Always create "false" values for these missing "boolean" keys - if not 'pki_enable_access_log' in self.mdict or\ + if 'pki_enable_access_log' not in self.mdict or\ not len(self.mdict['pki_enable_access_log']): self.mdict['pki_enable_access_log'] = "false" - if not 'pki_external' in self.mdict or\ + if 'pki_external' not in self.mdict or\ not len(self.mdict['pki_external']): self.mdict['pki_external'] = "false" - if not 'pki_req_ext_add' in self.mdict or\ + if 'pki_req_ext_add' not in self.mdict or\ not len(self.mdict['pki_req_ext_add']): self.mdict['pki_req_ext_add'] = "false" - if not 'pki_external_step_two' in self.mdict or\ + if 'pki_external_step_two' not in self.mdict or\ not len(self.mdict['pki_external_step_two']): self.mdict['pki_external_step_two'] = "false" - if not 'pki_standalone' in self.mdict or\ + if 'pki_standalone' not in self.mdict or\ not len(self.mdict['pki_standalone']): self.mdict['pki_standalone'] = "false" - if not 'pki_subordinate' in self.mdict or\ + if 'pki_subordinate' not in self.mdict or\ not len(self.mdict['pki_subordinate']): self.mdict['pki_subordinate'] = "false" - if not 'pki_san_inject' in self.mdict or\ + if 'pki_san_inject' not in self.mdict or\ not len(self.mdict['pki_san_inject']): self.mdict['pki_san_inject'] = "false" @@ -636,8 +636,8 @@ class PKIConfigParser: # and add this to the "sensitive" key value pairs read in from # the configuration file self.mdict['pki_one_time_pin'] = \ - ''.join(random.choice(string.ascii_letters + string.digits)\ - for x in range(20)) + ''.join(random.choice(string.ascii_letters + string.digits) + for x in range(20)) self.mdict['pki_target_catalina_properties'] = \ os.path.join( @@ -789,11 +789,9 @@ class PKIConfigParser: self.mdict['pki_ds_secure_connection'].lower() self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_SLOT'] = \ self.mdict['pki_https_port'] - self.mdict\ - ['PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME_SLOT'] = \ + self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME_SLOT'] = \ "Unused" - self.mdict\ - ['PKI_EE_SECURE_CLIENT_AUTH_PORT_SERVER_COMMENT_SLOT'] = \ + self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_SERVER_COMMENT_SLOT'] = \ "" self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_UI_SLOT'] = \ self.mdict['pki_https_port'] @@ -1175,8 +1173,8 @@ class PKIConfigParser: # Stand-alone PKI self.mdict['pki_security_domain_type'] = "new" self.mdict['pki_issuing_ca'] = "External CA" - elif (config.pki_subsystem != "CA" or\ - config.str2bool(self.mdict['pki_clone']) or\ + elif (config.pki_subsystem != "CA" or + config.str2bool(self.mdict['pki_clone']) or config.str2bool(self.mdict['pki_subordinate'])): # PKI KRA, PKI OCSP, PKI TKS, PKI TPS, # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone @@ -1229,7 +1227,7 @@ class PKIConfigParser: self.mdict['pki_admin_profile_id'] = "caAdminCert" - if not 'pki_import_admin_cert' in self.mdict: + if 'pki_import_admin_cert' not in self.mdict: self.mdict['pki_import_admin_cert'] = 'false' elif not config.str2bool(self.mdict['pki_skip_configuration']) and \ (config.str2bool(self.mdict['pki_standalone'])): @@ -1303,7 +1301,7 @@ class PKIConfigParser: parser.read(config.PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE) # Slots configuration file name/value pairs self.slots_dict = dict(parser.items('Tomcat')) - except ConfigParser.ParsingError, err: + except ConfigParser.ParsingError as err: rv = err return rv @@ -1324,5 +1322,3 @@ class PKIConfigParser: break return data - - diff --git a/base/server/python/pki/server/deployment/scriptlets/infrastructure_layout.py b/base/server/python/pki/server/deployment/scriptlets/infrastructure_layout.py index fcd9fa63e..630ef38cc 100644 --- a/base/server/python/pki/server/deployment/scriptlets/infrastructure_layout.py +++ b/base/server/python/pki/server/deployment/scriptlets/infrastructure_layout.py @@ -55,7 +55,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.directory.create( deployer.mdict['pki_instance_type_registry_path']) deployer.directory.create(deployer.mdict['pki_instance_registry_path']) - deployer.directory.create(deployer.mdict['pki_subsystem_registry_path']) + deployer.directory.create( + deployer.mdict['pki_subsystem_registry_path']) deployer.file.copy( deployer.mdict['pki_default_deployment_cfg'], deployer.mdict['pki_default_deployment_cfg_replica']) diff --git a/base/server/python/pki/server/deployment/scriptlets/initialization.py b/base/server/python/pki/server/deployment/scriptlets/initialization.py index 9545c4d4e..378343eb5 100644 --- a/base/server/python/pki/server/deployment/scriptlets/initialization.py +++ b/base/server/python/pki/server/deployment/scriptlets/initialization.py @@ -51,8 +51,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): else: config.pki_log.info(log.INITIALIZATION_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - if (deployer.mdict['pki_subsystem'] == "CA" or \ - config.str2bool(deployer.mdict['pki_standalone'])) and \ + if (deployer.mdict['pki_subsystem'] == "CA" or + config.str2bool(deployer.mdict['pki_standalone'])) and \ config.str2bool(deployer.mdict['pki_external_step_two']): # verify that this External CA (Step 2), or Stand-alone PKI # (Step 2) currently EXISTS for this "instance" diff --git a/base/server/python/pki/server/deployment/scriptlets/security_databases.py b/base/server/python/pki/server/deployment/scriptlets/security_databases.py index c3d4d9e49..3ffe452bb 100644 --- a/base/server/python/pki/server/deployment/scriptlets/security_databases.py +++ b/base/server/python/pki/server/deployment/scriptlets/security_databases.py @@ -138,7 +138,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # Import the directory server CA certificate rv = deployer.certutil.import_cert( deployer.mdict['pki_ds_secure_connection_ca_nickname'], - deployer.mdict['pki_ds_secure_connection_ca_trustargs'], + deployer.mdict[ + 'pki_ds_secure_connection_ca_trustargs'], deployer.mdict['pki_ds_secure_connection_ca_pem_file'], password_file=deployer.mdict['pki_shared_pfile'], path=deployer.mdict['pki_database_path'], diff --git a/base/server/python/pki/server/upgrade.py b/base/server/python/pki/server/upgrade.py index 1db945e12..c1ee0e7b1 100644 --- a/base/server/python/pki/server/upgrade.py +++ b/base/server/python/pki/server/upgrade.py @@ -38,14 +38,12 @@ SUBSYSTEM_TRACKER = '%s/CS.cfg' class PKIServerUpgradeScriptlet(pki.upgrade.PKIUpgradeScriptlet): def __init__(self): - super(PKIServerUpgradeScriptlet, self).__init__() def get_backup_dir(self): return BACKUP_DIR + '/' + str(self.version) + '/' + str(self.index) def can_upgrade_server(self, instance, subsystem=None): - # A scriptlet can run if the version matches the tracker and # the index is the next to be executed. @@ -55,7 +53,6 @@ class PKIServerUpgradeScriptlet(pki.upgrade.PKIUpgradeScriptlet): self.index == tracker.get_index() + 1 def update_server_tracker(self, instance, subsystem=None): - # Increment the index in the tracker. If it's the last scriptlet # in this version, update the tracker version. @@ -70,7 +67,6 @@ class PKIServerUpgradeScriptlet(pki.upgrade.PKIUpgradeScriptlet): tracker.set_version(self.version.next) def upgrade(self): - for instance in self.upgrader.instances(): self.upgrade_subsystems(instance) @@ -112,7 +108,6 @@ class PKIServerUpgradeScriptlet(pki.upgrade.PKIUpgradeScriptlet): 'Upgrade failed in %s: %s' % (instance, e), e, instance) def upgrade_subsystems(self, instance): - for subsystem in self.upgrader.subsystems(instance): if not self.can_upgrade_server(instance, subsystem): @@ -159,10 +154,9 @@ class PKIServerUpgradeScriptlet(pki.upgrade.PKIUpgradeScriptlet): class PKIServerUpgrader(pki.upgrade.PKIUpgrader): - def __init__( - self, instanceName=None, instanceType=None, subsystemName=None, - upgrade_dir=UPGRADE_DIR, version=None, index=None, silent=False): - + def __init__(self, instanceName=None, instanceType=None, # nopep8 + subsystemName=None, upgrade_dir=UPGRADE_DIR, # nopep8 + version=None, index=None, silent=False): super(PKIServerUpgrader, self).__init__( upgrade_dir, version, index, silent) @@ -179,9 +173,10 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): self.subsystem_trackers = {} def instances(self): - if self.instanceName and self.instanceType: - instance = pki.server.PKIInstance(self.instanceName, self.instanceType) + instance = pki.server.PKIInstance( + self.instanceName, + self.instanceType) instance.validate() instance.load() return [instance] @@ -215,7 +210,6 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): return instance_list def subsystems(self, instance): - if self.subsystemName: subsystem = pki.server.PKISubsystem(instance, self.subsystemName) subsystem.validate() @@ -229,7 +223,9 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): instance.name) for subsystemName in os.listdir(registry_dir): if subsystemName in pki.server.SUBSYSTEM_TYPES: - subsystem = pki.server.PKISubsystem(instance, subsystemName) + subsystem = pki.server.PKISubsystem( + instance, + subsystemName) subsystem.validate() subsystem_list.append(subsystem) else: @@ -239,7 +235,9 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): subsystemName, instance.name) if os.path.exists(registry_dir): - subsystem = pki.server.PKISubsystem(instance, subsystemName) + subsystem = pki.server.PKISubsystem( + instance, + subsystemName) subsystem.validate() subsystem_list.append(subsystem) @@ -248,7 +246,6 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): return subsystem_list def get_server_tracker(self, instance, subsystem=None): - if subsystem: name = str(subsystem) try: @@ -275,7 +272,6 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): return tracker def get_current_version(self): - current_version = None for instance in self.instances(): @@ -306,7 +302,6 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): return current_version def show_tracker(self): - for instance in self.instances(): if not self.subsystemName: @@ -319,7 +314,6 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): tracker.show() def set_tracker(self, version): - for instance in self.instances(): if not self.subsystemName: @@ -334,7 +328,6 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): print 'Tracker has been set to version ' + str(version) + '.' def remove_tracker(self): - for instance in self.instances(): if not self.subsystemName: |