diff options
| author | Dolph Mathews <dolph.mathews@gmail.com> | 2012-06-18 14:16:34 -0500 |
|---|---|---|
| committer | Dolph Mathews <dolph.mathews@gmail.com> | 2012-06-18 14:16:34 -0500 |
| commit | 66a0b63dabffe4cb1d239be3ab68885e2f49f513 (patch) | |
| tree | e88876f5dcfe6a6becfa5238d741a8279fc254c9 | |
| parent | e33a4742a80a3535e071a17ce39815d29a95ca61 (diff) | |
| download | keystone-66a0b63dabffe4cb1d239be3ab68885e2f49f513.tar.gz keystone-66a0b63dabffe4cb1d239be3ab68885e2f49f513.tar.xz keystone-66a0b63dabffe4cb1d239be3ab68885e2f49f513.zip | |
PEP8 fixes
Change-Id: I0989396691eb31d9008c016e64f2c197f8c7e48c
24 files changed, 362 insertions, 314 deletions
diff --git a/keystone/catalog/core.py b/keystone/catalog/core.py index afff7cf8..923823f8 100644 --- a/keystone/catalog/core.py +++ b/keystone/catalog/core.py @@ -150,7 +150,7 @@ class ServiceController(wsgi.Application): service_ref = OS_KSADM_service.copy() service_ref['id'] = service_id new_service_ref = self.catalog_api.create_service( - context, service_id, service_ref) + context, service_id, service_ref) return {'OS-KSADM:service': new_service_ref} @@ -180,7 +180,7 @@ class EndpointController(wsgi.Application): raise exception.ServiceNotFound(service_id=service_id) new_endpoint_ref = self.catalog_api.create_endpoint( - context, endpoint_id, endpoint_ref) + context, endpoint_id, endpoint_ref) return {'endpoint': new_endpoint_ref} def delete_endpoint(self, context, endpoint_id): diff --git a/keystone/common/bufferedhttp.py b/keystone/common/bufferedhttp.py index ecc19b33..d417437f 100644 --- a/keystone/common/bufferedhttp.py +++ b/keystone/common/bufferedhttp.py @@ -93,16 +93,19 @@ class BufferedHTTPConnection(HTTPConnection): def getexpect(self): response = BufferedHTTPResponse(self.sock, strict=self.strict, - method=self._method) + method=self._method) response.expect_response() return response def getresponse(self): response = HTTPConnection.getresponse(self) - LOG.debug(('HTTP PERF: %(time).5f seconds to %(method)s ' - '%(host)s:%(port)s %(path)s)'), - {'time': time.time() - self._connected_time, 'method': self._method, - 'host': self.host, 'port': self.port, 'path': self._path}) + LOG.debug('HTTP PERF: %(time).5f seconds to %(method)s ' + '%(host)s:%(port)s %(path)s)', + {'time': time.time() - self._connected_time, + 'method': self._method, + 'host': self.host, + 'port': self.port, + 'path': self._path}) return response diff --git a/keystone/common/serializer.py b/keystone/common/serializer.py index cd662bc9..734f7d12 100644 --- a/keystone/common/serializer.py +++ b/keystone/common/serializer.py @@ -106,7 +106,7 @@ class XmlSerializer(object): d.pop(key) assert len(d.keys()) == 1, ('Cannot encode more than one root ' - 'element: %s' % d.keys()) + 'element: %s' % d.keys()) # name the root dom element name = d.keys()[0] diff --git a/keystone/common/sql/legacy.py b/keystone/common/sql/legacy.py index 55e27b30..c7c3d87f 100644 --- a/keystone/common/sql/legacy.py +++ b/keystone/common/sql/legacy.py @@ -136,8 +136,8 @@ class LegacyMigration(object): for x in self._data['user_roles']: # map if (not x.get('user_id') - or not x.get('tenant_id') - or not x.get('role_id')): + or not x.get('tenant_id') + or not x.get('role_id')): continue user_id = self._user_map[x['user_id']] tenant_id = self._tenant_map[x['tenant_id']] @@ -149,7 +149,7 @@ class LegacyMigration(object): pass self.identity_driver.add_role_to_user_and_tenant( - user_id, tenant_id, role_id) + user_id, tenant_id, role_id) def _migrate_tokens(self): pass diff --git a/keystone/common/sql/migration.py b/keystone/common/sql/migration.py index e2b4f5ec..0b0ffeaa 100644 --- a/keystone/common/sql/migration.py +++ b/keystone/common/sql/migration.py @@ -49,26 +49,23 @@ def db_sync(version=None): current_version = db_version() repo_path = _find_migrate_repo() if version is None or version > current_version: - return versioning_api.upgrade( - CONF.sql.connection, repo_path, version) + return versioning_api.upgrade(CONF.sql.connection, repo_path, version) else: return versioning_api.downgrade( - CONF.sql.connection, repo_path, version) + CONF.sql.connection, repo_path, version) def db_version(): repo_path = _find_migrate_repo() try: - return versioning_api.db_version( - CONF.sql.connection, repo_path) + return versioning_api.db_version(CONF.sql.connection, repo_path) except versioning_exceptions.DatabaseNotControlledError: return db_version_control(0) def db_version_control(version=None): repo_path = _find_migrate_repo() - versioning_api.version_control( - CONF.sql.connection, repo_path, version) + versioning_api.version_control(CONF.sql.connection, repo_path, version) return version diff --git a/keystone/common/sql/nova.py b/keystone/common/sql/nova.py index 01b14d98..1b7c421b 100644 --- a/keystone/common/sql/nova.py +++ b/keystone/common/sql/nova.py @@ -106,7 +106,7 @@ def _assign_roles(api, assignments, role_map, user_map, tenant_map): user_id = user_map[assignment['user_id']] tenant_id = tenant_map[assignment['tenant_id']] LOG.debug('Assign role %s to user %s on tenant %s' % - (role_id, user_id, tenant_id)) + (role_id, user_id, tenant_id)) api.add_role_to_user_and_tenant(user_id, tenant_id, role_id) @@ -121,5 +121,5 @@ def _create_ec2_creds(ec2_api, identity_api, ec2_creds, user_map): 'tenant_id': tenant_id, } LOG.debug('Creating ec2 cred for user %s and tenant %s' % - (user_id, tenant_id)) + (user_id, tenant_id)) ec2_api.create_credential(None, cred_dict) diff --git a/keystone/common/wsgi.py b/keystone/common/wsgi.py index a70e0c42..5bd958ca 100644 --- a/keystone/common/wsgi.py +++ b/keystone/common/wsgi.py @@ -65,9 +65,9 @@ class Server(object): def start(self, key=None, backlog=128): """Run a WSGI server with the given application.""" LOG.debug('Starting %(arg0)s on %(host)s:%(port)s' % - {'arg0': sys.argv[0], - 'host': self.host, - 'port': self.port}) + {'arg0': sys.argv[0], + 'host': self.host, + 'port': self.port}) socket = eventlet.listen((self.host, self.port), backlog=backlog) if key: self.socket_info[key] = socket.getsockname() @@ -87,7 +87,7 @@ class Server(object): self.greenthread = self.pool.spawn(self._run, self.application, socket) def set_ssl(self, certfile, keyfile=None, ca_certs=None, - cert_required=True): + cert_required=True): self.certfile = certfile self.keyfile = keyfile self.ca_certs = ca_certs @@ -231,7 +231,7 @@ class Application(BaseApplication): if not context['is_admin']: try: user_token_ref = self.token_api.get_token( - context=context, token_id=context['token_id']) + context=context, token_id=context['token_id']) except exception.TokenNotFound: raise exception.Unauthorized() diff --git a/keystone/contrib/admin_crud/core.py b/keystone/contrib/admin_crud/core.py index e002e913..5236ef10 100644 --- a/keystone/contrib/admin_crud/core.py +++ b/keystone/contrib/admin_crud/core.py @@ -34,146 +34,184 @@ class CrudExtension(wsgi.ExtensionRouter): endpoint_controller = catalog.EndpointController() # Tenant Operations - mapper.connect('/tenants', controller=tenant_controller, - action='create_tenant', - conditions=dict(method=['POST'])) - mapper.connect('/tenants/{tenant_id}', - controller=tenant_controller, - action='update_tenant', - conditions=dict(method=['PUT', 'POST'])) - mapper.connect('/tenants/{tenant_id}', - controller=tenant_controller, - action='delete_tenant', - conditions=dict(method=['DELETE'])) - mapper.connect('/tenants/{tenant_id}/users', - controller=tenant_controller, - action='get_tenant_users', - conditions=dict(method=['GET'])) + mapper.connect( + '/tenants', + controller=tenant_controller, + action='create_tenant', + conditions=dict(method=['POST'])) + mapper.connect( + '/tenants/{tenant_id}', + controller=tenant_controller, + action='update_tenant', + conditions=dict(method=['PUT', 'POST'])) + mapper.connect( + '/tenants/{tenant_id}', + controller=tenant_controller, + action='delete_tenant', + conditions=dict(method=['DELETE'])) + mapper.connect( + '/tenants/{tenant_id}/users', + controller=tenant_controller, + action='get_tenant_users', + conditions=dict(method=['GET'])) # User Operations - mapper.connect('/users', - controller=user_controller, - action='get_users', - conditions=dict(method=['GET'])) - mapper.connect('/users', - controller=user_controller, - action='create_user', - conditions=dict(method=['POST'])) + mapper.connect( + '/users', + controller=user_controller, + action='get_users', + conditions=dict(method=['GET'])) + mapper.connect( + '/users', + controller=user_controller, + action='create_user', + conditions=dict(method=['POST'])) # NOTE(termie): not in diablo - mapper.connect('/users/{user_id}', - controller=user_controller, - action='update_user', - conditions=dict(method=['PUT'])) - mapper.connect('/users/{user_id}', - controller=user_controller, - action='delete_user', - conditions=dict(method=['DELETE'])) + mapper.connect( + '/users/{user_id}', + controller=user_controller, + action='update_user', + conditions=dict(method=['PUT'])) + mapper.connect( + '/users/{user_id}', + controller=user_controller, + action='delete_user', + conditions=dict(method=['DELETE'])) # COMPAT(diablo): the copy with no OS-KSADM is from diablo - mapper.connect('/users/{user_id}/password', - controller=user_controller, - action='set_user_password', - conditions=dict(method=['PUT'])) - mapper.connect('/users/{user_id}/OS-KSADM/password', - controller=user_controller, - action='set_user_password', - conditions=dict(method=['PUT'])) + mapper.connect( + '/users/{user_id}/password', + controller=user_controller, + action='set_user_password', + conditions=dict(method=['PUT'])) + mapper.connect( + '/users/{user_id}/OS-KSADM/password', + controller=user_controller, + action='set_user_password', + conditions=dict(method=['PUT'])) # COMPAT(diablo): the copy with no OS-KSADM is from diablo - mapper.connect('/users/{user_id}/tenant', - controller=user_controller, - action='update_user_tenant', - conditions=dict(method=['PUT'])) - mapper.connect('/users/{user_id}/OS-KSADM/tenant', - controller=user_controller, - action='update_user_tenant', - conditions=dict(method=['PUT'])) + mapper.connect( + '/users/{user_id}/tenant', + controller=user_controller, + action='update_user_tenant', + conditions=dict(method=['PUT'])) + mapper.connect( + '/users/{user_id}/OS-KSADM/tenant', + controller=user_controller, + action='update_user_tenant', + conditions=dict(method=['PUT'])) # COMPAT(diablo): the copy with no OS-KSADM is from diablo - mapper.connect('/users/{user_id}/enabled', - controller=user_controller, - action='set_user_enabled', - conditions=dict(method=['PUT'])) - mapper.connect('/users/{user_id}/OS-KSADM/enabled', - controller=user_controller, - action='set_user_enabled', - conditions=dict(method=['PUT'])) + mapper.connect( + '/users/{user_id}/enabled', + controller=user_controller, + action='set_user_enabled', + conditions=dict(method=['PUT'])) + mapper.connect( + '/users/{user_id}/OS-KSADM/enabled', + controller=user_controller, + action='set_user_enabled', + conditions=dict(method=['PUT'])) # User Roles - mapper.connect('/users/{user_id}/roles/OS-KSADM/{role_id}', - controller=role_controller, action='add_role_to_user', + mapper.connect( + '/users/{user_id}/roles/OS-KSADM/{role_id}', + controller=role_controller, + action='add_role_to_user', conditions=dict(method=['PUT'])) - mapper.connect('/users/{user_id}/roles/OS-KSADM/{role_id}', - controller=role_controller, action='delete_role_from_user', + mapper.connect( + '/users/{user_id}/roles/OS-KSADM/{role_id}', + controller=role_controller, + action='delete_role_from_user', conditions=dict(method=['DELETE'])) # COMPAT(diablo): User Roles - mapper.connect('/users/{user_id}/roleRefs', - controller=role_controller, action='get_role_refs', + mapper.connect( + '/users/{user_id}/roleRefs', + controller=role_controller, + action='get_role_refs', conditions=dict(method=['GET'])) - mapper.connect('/users/{user_id}/roleRefs', - controller=role_controller, action='create_role_ref', + mapper.connect( + '/users/{user_id}/roleRefs', + controller=role_controller, + action='create_role_ref', conditions=dict(method=['POST'])) - mapper.connect('/users/{user_id}/roleRefs/{role_ref_id}', - controller=role_controller, action='delete_role_ref', + mapper.connect( + '/users/{user_id}/roleRefs/{role_ref_id}', + controller=role_controller, + action='delete_role_ref', conditions=dict(method=['DELETE'])) # User-Tenant Roles mapper.connect( '/tenants/{tenant_id}/users/{user_id}/roles/OS-KSADM/{role_id}', - controller=role_controller, action='add_role_to_user', + controller=role_controller, + action='add_role_to_user', conditions=dict(method=['PUT'])) mapper.connect( '/tenants/{tenant_id}/users/{user_id}/roles/OS-KSADM/{role_id}', - controller=role_controller, action='remove_role_from_user', + controller=role_controller, + action='remove_role_from_user', conditions=dict(method=['DELETE'])) # Service Operations - mapper.connect('/OS-KSADM/services', - controller=service_controller, - action='get_services', - conditions=dict(method=['GET'])) - mapper.connect('/OS-KSADM/services', - controller=service_controller, - action='create_service', - conditions=dict(method=['POST'])) - mapper.connect('/OS-KSADM/services/{service_id}', - controller=service_controller, - action='delete_service', - conditions=dict(method=['DELETE'])) - mapper.connect('/OS-KSADM/services/{service_id}', - controller=service_controller, - action='get_service', - conditions=dict(method=['GET'])) + mapper.connect( + '/OS-KSADM/services', + controller=service_controller, + action='get_services', + conditions=dict(method=['GET'])) + mapper.connect( + '/OS-KSADM/services', + controller=service_controller, + action='create_service', + conditions=dict(method=['POST'])) + mapper.connect( + '/OS-KSADM/services/{service_id}', + controller=service_controller, + action='delete_service', + conditions=dict(method=['DELETE'])) + mapper.connect( + '/OS-KSADM/services/{service_id}', + controller=service_controller, + action='get_service', + conditions=dict(method=['GET'])) # Endpoint Templates - mapper.connect('/endpoints', - controller=endpoint_controller, - action='get_endpoints', - conditions=dict(method=['GET'])) - mapper.connect('/endpoints', - controller=endpoint_controller, - action='create_endpoint', - conditions=dict(method=['POST'])) - mapper.connect('/endpoints/{endpoint_id}', - controller=endpoint_controller, - action='delete_endpoint', - conditions=dict(method=['DELETE'])) + mapper.connect( + '/endpoints', + controller=endpoint_controller, + action='get_endpoints', + conditions=dict(method=['GET'])) + mapper.connect( + '/endpoints', + controller=endpoint_controller, + action='create_endpoint', + conditions=dict(method=['POST'])) + mapper.connect( + '/endpoints/{endpoint_id}', + controller=endpoint_controller, + action='delete_endpoint', + conditions=dict(method=['DELETE'])) # Role Operations - mapper.connect('/OS-KSADM/roles', - controller=role_controller, - action='create_role', - conditions=dict(method=['POST'])) - mapper.connect('/OS-KSADM/roles', - controller=role_controller, - action='get_roles', - conditions=dict(method=['GET'])) - mapper.connect('/OS-KSADM/roles/{role_id}', - controller=role_controller, - action='get_role', - conditions=dict(method=['GET'])) - mapper.connect('/OS-KSADM/roles/{role_id}', - controller=role_controller, - action='delete_role', - conditions=dict(method=['DELETE'])) + mapper.connect( + '/OS-KSADM/roles', + controller=role_controller, + action='create_role', + conditions=dict(method=['POST'])) + mapper.connect( + '/OS-KSADM/roles', + controller=role_controller, + action='get_roles', + conditions=dict(method=['GET'])) + mapper.connect( + '/OS-KSADM/roles/{role_id}', + controller=role_controller, + action='get_role', + conditions=dict(method=['GET'])) + mapper.connect( + '/OS-KSADM/roles/{role_id}', + controller=role_controller, + action='delete_role', + conditions=dict(method=['DELETE'])) diff --git a/keystone/contrib/ec2/core.py b/keystone/contrib/ec2/core.py index 4449b6bb..7c662039 100644 --- a/keystone/contrib/ec2/core.py +++ b/keystone/contrib/ec2/core.py @@ -67,28 +67,33 @@ class Ec2Extension(wsgi.ExtensionRouter): def add_routes(self, mapper): ec2_controller = Ec2Controller() # validation - mapper.connect('/ec2tokens', - controller=ec2_controller, - action='authenticate', - conditions=dict(method=['POST'])) + mapper.connect( + '/ec2tokens', + controller=ec2_controller, + action='authenticate', + conditions=dict(method=['POST'])) # crud - mapper.connect('/users/{user_id}/credentials/OS-EC2', - controller=ec2_controller, - action='create_credential', - conditions=dict(method=['POST'])) - mapper.connect('/users/{user_id}/credentials/OS-EC2', - controller=ec2_controller, - action='get_credentials', - conditions=dict(method=['GET'])) - mapper.connect('/users/{user_id}/credentials/OS-EC2/{credential_id}', - controller=ec2_controller, - action='get_credential', - conditions=dict(method=['GET'])) - mapper.connect('/users/{user_id}/credentials/OS-EC2/{credential_id}', - controller=ec2_controller, - action='delete_credential', - conditions=dict(method=['DELETE'])) + mapper.connect( + '/users/{user_id}/credentials/OS-EC2', + controller=ec2_controller, + action='create_credential', + conditions=dict(method=['POST'])) + mapper.connect( + '/users/{user_id}/credentials/OS-EC2', + controller=ec2_controller, + action='get_credentials', + conditions=dict(method=['GET'])) + mapper.connect( + '/users/{user_id}/credentials/OS-EC2/{credential_id}', + controller=ec2_controller, + action='get_credential', + conditions=dict(method=['GET'])) + mapper.connect( + '/users/{user_id}/credentials/OS-EC2/{credential_id}', + controller=ec2_controller, + action='delete_credential', + conditions=dict(method=['DELETE'])) class Ec2Controller(wsgi.Application): @@ -116,8 +121,7 @@ class Ec2Controller(wsgi.Application): else: raise exception.Unauthorized(message='EC2 signature not supplied.') - def authenticate(self, context, credentials=None, - ec2Credentials=None): + def authenticate(self, context, credentials=None, ec2Credentials=None): """Validate a signed EC2 request and provide a token. Other services (such as Nova) use this **admin** call to determine @@ -155,26 +159,26 @@ class Ec2Controller(wsgi.Application): # TODO(termie): this is copied from TokenController.authenticate token_id = uuid.uuid4().hex tenant_ref = self.identity_api.get_tenant( - context=context, - tenant_id=creds_ref['tenant_id']) + context=context, + tenant_id=creds_ref['tenant_id']) user_ref = self.identity_api.get_user( - context=context, - user_id=creds_ref['user_id']) + context=context, + user_id=creds_ref['user_id']) metadata_ref = self.identity_api.get_metadata( - context=context, - user_id=user_ref['id'], - tenant_id=tenant_ref['id']) + context=context, + user_id=user_ref['id'], + tenant_id=tenant_ref['id']) catalog_ref = self.catalog_api.get_catalog( - context=context, - user_id=user_ref['id'], - tenant_id=tenant_ref['id'], - metadata=metadata_ref) + context=context, + user_id=user_ref['id'], + tenant_id=tenant_ref['id'], + metadata=metadata_ref) token_ref = self.token_api.create_token( - context, token_id, dict(id=token_id, - user=user_ref, - tenant=tenant_ref, - metadata=metadata_ref)) + context, token_id, dict(id=token_id, + user=user_ref, + tenant=tenant_ref, + metadata=metadata_ref)) # TODO(termie): optimize this call at some point and put it into the # the return for metadata @@ -189,7 +193,7 @@ class Ec2Controller(wsgi.Application): # would be better to expect a full return token_controller = service.TokenController() return token_controller._format_authenticate( - token_ref, roles_ref, catalog_ref) + token_ref, roles_ref, catalog_ref) def create_credential(self, context, user_id, tenant_id): """Create a secret/access pair for use with ec2 style auth. @@ -284,8 +288,9 @@ class Ec2Controller(wsgi.Application): """ try: - token_ref = self.token_api.get_token(context=context, - token_id=context['token_id']) + token_ref = self.token_api.get_token( + context=context, + token_id=context['token_id']) except exception.TokenNotFound: raise exception.Unauthorized() token_user_id = token_ref['user'].get('id') diff --git a/keystone/identity/backends/kvs.py b/keystone/identity/backends/kvs.py index 589d8c45..4a1438f8 100644 --- a/keystone/identity/backends/kvs.py +++ b/keystone/identity/backends/kvs.py @@ -49,7 +49,8 @@ class Identity(kvs.Base, identity.Driver): tenant_ref = None metadata_ref = None if (not user_ref - or not utils.check_password(password, user_ref.get('password'))): + or not utils.check_password(password, + user_ref.get('password'))): raise AssertionError('Invalid user / password') tenants = self.get_tenants_for_user(user_id) diff --git a/keystone/identity/backends/ldap/core.py b/keystone/identity/backends/ldap/core.py index 2a2c572e..2d0b3a19 100644 --- a/keystone/identity/backends/ldap/core.py +++ b/keystone/identity/backends/ldap/core.py @@ -358,10 +358,10 @@ class UserApi(common_ldap.BaseLdap, ApiShimMixin): limit, self.tenant_api.get_users(tenant_id, role_id)) - def users_get_by_tenant_get_page_markers(self, tenant_id, - role_id, marker, limit): + def users_get_by_tenant_get_page_markers(self, tenant_id, role_id, marker, + limit): return self._get_page_markers( - marker, limit, self.tenant_api.get_users(tenant_id, role_id)) + marker, limit, self.tenant_api.get_users(tenant_id, role_id)) def check_password(self, user_id, password): user = self.get(user_id) @@ -418,7 +418,7 @@ class TenantApi(common_ldap.BaseLdap, ApiShimMixin): def list_for_user_get_page_markers(self, user, marker, limit): return self._get_page_markers( - marker, limit, self.get_user_tenants(user['id'])) + marker, limit, self.get_user_tenants(user['id'])) def is_empty(self, id): tenant = self._ldap_get(id) @@ -588,10 +588,10 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin): raise inst return UserRoleAssociation( - id=self._create_ref(role_id, tenant_id, user_id), - role_id=role_id, - user_id=user_id, - tenant_id=tenant_id) + id=self._create_ref(role_id, tenant_id, user_id), + role_id=role_id, + user_id=user_id, + tenant_id=tenant_id) def get_by_service(self, service_id): roles = self.get_all('(service_id=%s)' % @@ -626,10 +626,10 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin): user_id = self.user_api._dn_to_id(user_dn) role_id = self._dn_to_id(role_dn) res.append(UserRoleAssociation( - id=self._create_ref(role_id, tenant_id, user_id), - user_id=user_id, - role_id=role_id, - tenant_id=tenant_id)) + id=self._create_ref(role_id, tenant_id, user_id), + user_id=user_id, + role_id=role_id, + tenant_id=tenant_id)) return res @@ -637,10 +637,9 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin): user_dn = self.user_api._id_to_dn(user_id) roles = self.get_all('(%s=%s)' % (self.member_attribute, user_dn)) return [UserRoleAssociation( - id=self._create_ref(role.id, None, user_id), - role_id=role.id, - user_id=user_id) - for role in roles] + id=self._create_ref(role.id, None, user_id), + role_id=role.id, + user_id=user_id) for role in roles] def list_tenant_roles_for_user(self, user_id, tenant_id=None): conn = self.get_connection() @@ -659,10 +658,10 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin): for role_dn, _ in roles: role_id = self._dn_to_id(role_dn) res.append(UserRoleAssociation( - id=self._create_ref(role_id, tenant_id, user_id), - user_id=user_id, - role_id=role_id, - tenant_id=tenant_id)) + id=self._create_ref(role_id, tenant_id, user_id), + user_id=user_id, + role_id=role_id, + tenant_id=tenant_id)) else: try: roles = conn.search_s(self.tenant_api.tree_dn, @@ -676,10 +675,10 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin): role_id = self._dn_to_id(role_dn) tenant_id = ldap.dn.str2dn(role_dn)[1][0][1] res.append(UserRoleAssociation( - id=self._create_ref(role_id, tenant_id, user_id), - user_id=user_id, - role_id=role_id, - tenant_id=tenant_id)) + id=self._create_ref(role_id, tenant_id, user_id), + user_id=user_id, + role_id=role_id, + tenant_id=tenant_id)) return res def rolegrant_get(self, id): @@ -791,10 +790,10 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin): ldap_role_id = self._dn_to_id(role_dn) if role_id == ldap_role_id: res = UserRoleAssociation( - id=self._create_ref(role_id, tenant_id, user_id), - user_id=user_id, - role_id=role_id, - tenant_id=tenant_id) + id=self._create_ref(role_id, tenant_id, user_id), + user_id=user_id, + role_id=role_id, + tenant_id=tenant_id) return res else: try: @@ -809,7 +808,7 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin): for role in roles: if role.id == role_id: return UserRoleAssociation( - id=self._create_ref(role.id, None, user_id), - role_id=role.id, - user_id=user_id) + id=self._create_ref(role.id, None, user_id), + role_id=role.id, + user_id=user_id) return None diff --git a/keystone/identity/backends/sql.py b/keystone/identity/backends/sql.py index 78325816..db628f51 100644 --- a/keystone/identity/backends/sql.py +++ b/keystone/identity/backends/sql.py @@ -159,7 +159,7 @@ class Identity(sql.Base, identity.Driver): """ user_ref = self._get_user(user_id) if (not user_ref - or not self._check_password(password, user_ref)): + or not self._check_password(password, user_ref)): raise AssertionError('Invalid user / password') tenants = self.get_tenants_for_user(user_id) @@ -190,10 +190,10 @@ class Identity(sql.Base, identity.Driver): def get_tenant_users(self, tenant_id): session = self.get_session() user_refs = session.query(User)\ - .join(UserTenantMembership)\ - .filter(UserTenantMembership.tenant_id == - tenant_id)\ - .all() + .join(UserTenantMembership)\ + .filter(UserTenantMembership.tenant_id == + tenant_id)\ + .all() return [_filter_user(user_ref.to_dict()) for user_ref in user_refs] def _get_user(self, user_id): diff --git a/keystone/identity/core.py b/keystone/identity/core.py index 3128c706..6fbb628a 100644 --- a/keystone/identity/core.py +++ b/keystone/identity/core.py @@ -271,12 +271,12 @@ class TenantController(wsgi.Application): user_ref = token_ref['user'] tenant_ids = self.identity_api.get_tenants_for_user( - context, user_ref['id']) + context, user_ref['id']) tenant_refs = [] for tenant_id in tenant_ids: tenant_refs.append(self.identity_api.get_tenant( - context=context, - tenant_id=tenant_id)) + context=context, + tenant_id=tenant_id)) params = { 'limit': context['query_string'].get('limit'), 'marker': context['query_string'].get('marker'), @@ -307,7 +307,7 @@ class TenantController(wsgi.Application): tenant_ref['id'] = tenant_id tenant = self.identity_api.create_tenant( - context, tenant_id, tenant_ref) + context, tenant_id, tenant_ref) return {'tenant': tenant} def update_tenant(self, context, tenant_id, tenant): @@ -316,7 +316,7 @@ class TenantController(wsgi.Application): raise exception.TenantNotFound(tenant_id=tenant_id) tenant_ref = self.identity_api.update_tenant( - context, tenant_id, tenant) + context, tenant_id, tenant) return {'tenant': tenant_ref} def delete_tenant(self, context, tenant_id, **kw): @@ -406,7 +406,7 @@ class UserController(wsgi.Application): user_ref = user.copy() user_ref['id'] = user_id new_user_ref = self.identity_api.create_user( - context, user_id, user_ref) + context, user_id, user_ref) if tenant_id: self.identity_api.add_user_to_tenant(context, tenant_id, user_id) return {'user': new_user_ref} @@ -480,7 +480,7 @@ class RoleController(wsgi.Application): raise exception.TenantNotFound(tenant_id=tenant_id) roles = self.identity_api.get_roles_for_user_and_tenant( - context, user_id, tenant_id) + context, user_id, tenant_id) return {'roles': [self.identity_api.get_role(context, x) for x in roles]} @@ -538,7 +538,7 @@ class RoleController(wsgi.Application): # a user also adds them to a tenant self.identity_api.add_user_to_tenant(context, tenant_id, user_id) self.identity_api.add_role_to_user_and_tenant( - context, user_id, tenant_id, role_id) + context, user_id, tenant_id, role_id) role_ref = self.identity_api.get_role(context, role_id) return {'role': role_ref} @@ -563,12 +563,12 @@ class RoleController(wsgi.Application): # This still has the weird legacy semantics that adding a role to # a user also adds them to a tenant, so we must follow up on that self.identity_api.remove_role_from_user_and_tenant( - context, user_id, tenant_id, role_id) + context, user_id, tenant_id, role_id) roles = self.identity_api.get_roles_for_user_and_tenant( - context, user_id, tenant_id) + context, user_id, tenant_id) if not roles: self.identity_api.remove_user_from_tenant( - context, tenant_id, user_id) + context, tenant_id, user_id) return # COMPAT(diablo): CRUD extension @@ -588,7 +588,7 @@ class RoleController(wsgi.Application): o = [] for tenant_id in tenant_ids: role_ids = self.identity_api.get_roles_for_user_and_tenant( - context, user_id, tenant_id) + context, user_id, tenant_id) for role_id in role_ids: ref = {'roleId': role_id, 'tenantId': tenant_id, @@ -611,7 +611,7 @@ class RoleController(wsgi.Application): role_id = role.get('roleId') self.identity_api.add_user_to_tenant(context, tenant_id, user_id) self.identity_api.add_role_to_user_and_tenant( - context, user_id, tenant_id, role_id) + context, user_id, tenant_id, role_id) role_ref = self.identity_api.get_role(context, role_id) return {'role': role_ref} @@ -633,9 +633,9 @@ class RoleController(wsgi.Application): tenant_id = role_ref_ref.get('tenantId')[0] role_id = role_ref_ref.get('roleId')[0] self.identity_api.remove_role_from_user_and_tenant( - context, user_id, tenant_id, role_id) + context, user_id, tenant_id, role_id) roles = self.identity_api.get_roles_for_user_and_tenant( - context, user_id, tenant_id) + context, user_id, tenant_id) if not roles: self.identity_api.remove_user_from_tenant( - context, tenant_id, user_id) + context, tenant_id, user_id) diff --git a/keystone/middleware/auth_token.py b/keystone/middleware/auth_token.py index 1551883d..419b757d 100644 --- a/keystone/middleware/auth_token.py +++ b/keystone/middleware/auth_token.py @@ -213,7 +213,7 @@ class AuthProtocol(object): 'X-Role', ) LOG.debug('Removing headers from request environment: %s' % - ','.join(auth_headers)) + ','.join(auth_headers)) self._remove_headers(env, auth_headers) def _get_user_token_from_header(self, env): @@ -260,8 +260,10 @@ class AuthProtocol(object): if self.auth_protocol == 'http': return self.http_client_class(self.auth_host, self.auth_port) else: - return self.http_client_class(self.auth_host, self.auth_port, - self.key_file, self.cert_file) + return self.http_client_class(self.auth_host, + self.auth_port, + self.key_file, + self.cert_file) def _json_request(self, method, path, body=None, additional_headers=None): """HTTP request helper used to make json requests. @@ -372,7 +374,7 @@ class AuthProtocol(object): self.admin_token = None else: LOG.error('Bad response code while validating token: %s' % - response.status) + response.status) if retry: LOG.info('Retrying validation') return self._validate_user_token(user_token, False) diff --git a/keystone/middleware/core.py b/keystone/middleware/core.py index 62af3353..0f6c1e63 100644 --- a/keystone/middleware/core.py +++ b/keystone/middleware/core.py @@ -156,8 +156,8 @@ class NormalizingFilter(wsgi.Middleware): def process_request(self, request): """Normalizes URLs.""" # Removes a trailing slash from the given path, if any. - if len(request.environ['PATH_INFO']) > 1 and \ - request.environ['PATH_INFO'][-1] == '/': + if (len(request.environ['PATH_INFO']) > 1 and + request.environ['PATH_INFO'][-1] == '/'): request.environ['PATH_INFO'] = request.environ['PATH_INFO'][:-1] # Rewrites path to root if no path is given. elif not request.environ['PATH_INFO']: diff --git a/keystone/middleware/ec2_token.py b/keystone/middleware/ec2_token.py index 264f9f07..daac10aa 100644 --- a/keystone/middleware/ec2_token.py +++ b/keystone/middleware/ec2_token.py @@ -57,13 +57,16 @@ class EC2Token(wsgi.Middleware): auth_params.pop('Signature') # Authenticate the request. - creds = {'ec2Credentials': {'access': access, - 'signature': signature, - 'host': req.host, - 'verb': req.method, - 'path': req.path, - 'params': auth_params, - }} + creds = { + 'ec2Credentials': { + 'access': access, + 'signature': signature, + 'host': req.host, + 'verb': req.method, + 'path': req.path, + 'params': auth_params, + } + } creds_json = utils.dumps(creds) headers = {'Content-Type': 'application/json'} diff --git a/keystone/middleware/s3_token.py b/keystone/middleware/s3_token.py index a4f1f09f..bdb2bf78 100644 --- a/keystone/middleware/s3_token.py +++ b/keystone/middleware/s3_token.py @@ -71,11 +71,9 @@ class S3Token(object): def deny_request(self, code): error_table = { - 'AccessDenied': - (401, 'Access denied'), - 'InvalidURI': - (400, 'Could not parse the specified URI'), - } + 'AccessDenied': (401, 'Access denied'), + 'InvalidURI': (400, 'Could not parse the specified URI'), + } resp = webob.Response(content_type='text/xml') resp.status = error_table[code][0] resp.body = error_table[code][1] @@ -92,8 +90,10 @@ class S3Token(object): if self.auth_protocol == 'http': conn = self.http_client_class(self.auth_host, self.auth_port) else: - conn = self.http_client_class(self.auth_host, self.auth_port, - self.key_file, self.cert_file) + conn = self.http_client_class(self.auth_host, + self.auth_port, + self.key_file, + self.cert_file) conn.request('POST', '/v2.0/s3tokens', body=creds_json, headers=headers) @@ -187,7 +187,7 @@ class S3Token(object): return resp(environ, start_response) self.logger.debug('Keystone Reply: Status: %d, Output: %s' % ( - resp.status, output)) + resp.status, output)) try: identity_info = json.loads(output) diff --git a/keystone/middleware/swift_auth.py b/keystone/middleware/swift_auth.py index dfdf8fe3..569911ac 100644 --- a/keystone/middleware/swift_auth.py +++ b/keystone/middleware/swift_auth.py @@ -112,7 +112,7 @@ class SwiftAuth(object): # set the swift.authorize_override environ and want to control the # authentication if (self.allow_overrides and - environ.get('swift.authorize_override', False)): + environ.get('swift.authorize_override', False)): msg = 'Authorizing from an overriding middleware (i.e: tempurl)' self.logger.debug(msg) return self.app(environ, start_response) @@ -208,7 +208,7 @@ class SwiftAuth(object): # Allow ACL at individual user level (tenant:user format) # For backward compatibility, check for ACL in tenant_id:user format if ('%s:%s' % (tenant_name, user) in roles - or '%s:%s' % (tenant_id, user) in roles): + or '%s:%s' % (tenant_id, user) in roles): log_msg = 'user %s:%s or %s:%s allowed in ACL authorizing' self.logger.debug(log_msg % (tenant_name, user, tenant_id, user)) return diff --git a/keystone/openstack/common/cfg.py b/keystone/openstack/common/cfg.py index f272b2a1..899a6c46 100644 --- a/keystone/openstack/common/cfg.py +++ b/keystone/openstack/common/cfg.py @@ -391,7 +391,7 @@ def _get_config_dirs(project=None): fix_path('~'), os.path.join('/etc', project) if project else None, '/etc' - ] + ] return filter(bool, cfg_dirs) @@ -592,10 +592,10 @@ class Opt(object): if group is not None: dest = group.name + '_' + dest kwargs.update({ - 'dest': dest, - 'metavar': self.metavar, - 'help': self.help, - }) + 'dest': dest, + 'metavar': self.metavar, + 'help': self.help, + }) return kwargs def _get_optparse_prefix(self, prefix, group): @@ -905,13 +905,13 @@ class ConfigOpts(collections.Mapping): self._oparser.disable_interspersed_args() self._config_opts = [ - MultiStrOpt('config-file', - default=default_config_files, - metavar='PATH', - help='Path to a config file to use. Multiple config ' - 'files can be specified, with values in later ' - 'files taking precedence. The default files ' - ' used are: %s' % (default_config_files, )), + MultiStrOpt('config-file', + default=default_config_files, + metavar='PATH', + help='Path to a config file to use. Multiple config ' + 'files can be specified, with values in later ' + 'files taking precedence. The default files ' + ' used are: %s' % (default_config_files, )), StrOpt('config-dir', metavar='DIR', help='Path to a config directory to pull *.conf ' @@ -921,7 +921,7 @@ class ConfigOpts(collections.Mapping): 'the file(s), if any, specified via --config-file, ' 'hence over-ridden options in the directory take ' 'precedence.'), - ] + ] self.register_cli_opts(self._config_opts) self.project = project @@ -1411,8 +1411,7 @@ class ConfigOpts(collections.Mapping): default, opt, override = [info[k] for k in sorted(info.keys())] if opt.required: - if (default is not None or - override is not None): + if (default is not None or override is not None): continue if self._get(opt.name, group) is None: @@ -1516,7 +1515,7 @@ class CommonConfigOpts(ConfigOpts): short='v', default=False, help='Print more verbose output'), - ] + ] logging_cli_opts = [ StrOpt('log-config', @@ -1550,7 +1549,7 @@ class CommonConfigOpts(ConfigOpts): StrOpt('syslog-log-facility', default='LOG_USER', help='syslog facility to receive log lines') - ] + ] def __init__(self): super(CommonConfigOpts, self).__init__() diff --git a/keystone/openstack/common/importutils.py b/keystone/openstack/common/importutils.py index 7654af5b..b507d22e 100644 --- a/keystone/openstack/common/importutils.py +++ b/keystone/openstack/common/importutils.py @@ -30,7 +30,7 @@ def import_class(import_str): return getattr(sys.modules[mod_str], class_str) except (ImportError, ValueError, AttributeError), exc: raise ImportError('Class %s cannot be found (%s)' % - (class_str, str(exc))) + (class_str, str(exc))) def import_object(import_str, *args, **kwargs): diff --git a/keystone/openstack/common/setup.py b/keystone/openstack/common/setup.py index c219152a..09f71a37 100644 --- a/keystone/openstack/common/setup.py +++ b/keystone/openstack/common/setup.py @@ -32,7 +32,7 @@ def parse_mailmap(mailmap='.mailmap'): l = l.strip() if not l.startswith('#') and ' ' in l: canonical_email, alias = [x for x in l.split(' ') - if x.startswith('<')] + if x.startswith('<')] mapping[alias] = canonical_email return mapping diff --git a/keystone/policy/backends/rules.py b/keystone/policy/backends/rules.py index 27d1e328..0dbfb76f 100644 --- a/keystone/policy/backends/rules.py +++ b/keystone/policy/backends/rules.py @@ -35,7 +35,7 @@ policy_opts = [ cfg.StrOpt('policy_default_rule', default='default', help=_('Rule checked when requested rule is not found')), - ] +] CONF = config.CONF @@ -71,8 +71,8 @@ def init(): def _set_brain(data): default_rule = CONF.policy_default_rule - common_policy.set_brain( - common_policy.HttpBrain.load_json(data, default_rule)) + common_policy.set_brain(common_policy.HttpBrain.load_json(data, + default_rule)) def enforce(credentials, action, target): diff --git a/keystone/service.py b/keystone/service.py index ebdea50a..95188283 100644 --- a/keystone/service.py +++ b/keystone/service.py @@ -141,10 +141,9 @@ class VersionController(wsgi.Application): super(VersionController, self).__init__() def _get_identity_url(self, context): - catalog_ref = self.catalog_api.get_catalog( - context=context, - user_id=None, - tenant_id=None) + catalog_ref = self.catalog_api.get_catalog(context=context, + user_id=None, + tenant_id=None) for region, region_ref in catalog_ref.iteritems(): for service, service_ref in region_ref.iteritems(): if service == 'identity': @@ -171,24 +170,24 @@ class VersionController(wsgi.Application): "rel": "describedby", "type": "text/html", "href": "http://docs.openstack.org/api/openstack-" - "identity-service/2.0/content/" + "identity-service/2.0/content/" }, { "rel": "describedby", "type": "application/pdf", "href": "http://docs.openstack.org/api/openstack-" - "identity-service/2.0/identity-dev-guide-" - "2.0.pdf" + "identity-service/2.0/identity-dev-guide-" + "2.0.pdf" } ], "media-types": [ { "base": "application/json", "type": "application/vnd.openstack.identity-v2.0" - "+json" + "+json" }, { "base": "application/xml", "type": "application/vnd.openstack.identity-v2.0" - "+xml" + "+xml" } ] } @@ -257,7 +256,8 @@ class TokenController(wsgi.Application): user_id = auth['passwordCredentials'].get('userId', None) if username: user_ref = self.identity_api.get_user_by_name( - context=context, user_name=username) + context=context, + user_name=username) if user_ref: user_id = user_ref['id'] @@ -265,7 +265,7 @@ class TokenController(wsgi.Application): tenant_id = auth.get('tenantId', None) if tenant_name: tenant_ref = self.identity_api.get_tenant_by_name( - context=context, tenant_name=tenant_name) + context=context, tenant_name=tenant_name) if tenant_ref: tenant_id = tenant_ref['id'] @@ -284,16 +284,18 @@ class TokenController(wsgi.Application): raise exception.Unauthorized(e.message) token_ref = self.token_api.create_token( - context, token_id, dict(id=token_id, - user=user_ref, - tenant=tenant_ref, - metadata=metadata_ref)) + context, + token_id, + dict(id=token_id, + user=user_ref, + tenant=tenant_ref, + metadata=metadata_ref)) if tenant_ref: catalog_ref = self.catalog_api.get_catalog( - context=context, - user_id=user_ref['id'], - tenant_id=tenant_ref['id'], - metadata=metadata_ref) + context=context, + user_id=user_ref['id'], + tenant_id=tenant_ref['id'], + metadata=metadata_ref) else: catalog_ref = {} @@ -305,7 +307,7 @@ class TokenController(wsgi.Application): # more compat if tenant_name: tenant_ref = self.identity_api.get_tenant_by_name( - context=context, tenant_name=tenant_name) + context=context, tenant_name=tenant_name) tenant_id = tenant_ref['id'] else: tenant_id = auth.get('tenantId', None) @@ -320,8 +322,8 @@ class TokenController(wsgi.Application): # If the user is disabled don't allow them to authenticate current_user_ref = self.identity_api.get_user( - context=context, - user_id=user_ref['id']) + context=context, + user_id=user_ref['id']) if not current_user_ref.get('enabled', True): LOG.warning('User %s is disabled' % user_ref['id']) raise exception.Unauthorized() @@ -335,24 +337,24 @@ class TokenController(wsgi.Application): tenant_id=tenant_id) if tenant_ref: metadata_ref = self.identity_api.get_metadata( - context=context, - user_id=user_ref['id'], - tenant_id=tenant_ref['id']) + context=context, + user_id=user_ref['id'], + tenant_id=tenant_ref['id']) catalog_ref = self.catalog_api.get_catalog( - context=context, - user_id=user_ref['id'], - tenant_id=tenant_ref['id'], - metadata=metadata_ref) + context=context, + user_id=user_ref['id'], + tenant_id=tenant_ref['id'], + metadata=metadata_ref) else: metadata_ref = {} catalog_ref = {} token_ref = self.token_api.create_token( - context, token_id, dict(id=token_id, - user=user_ref, - tenant=tenant_ref, - metadata=metadata_ref, - expires=old_token_ref['expires'])) + context, token_id, dict(id=token_id, + user=user_ref, + tenant=tenant_ref, + metadata=metadata_ref, + expires=old_token_ref['expires'])) # TODO(termie): optimize this call at some point and put it into the # the return for metadata @@ -453,7 +455,7 @@ class TokenController(wsgi.Application): 'username': user_ref['name'], 'roles': roles_ref, 'roles_links': metadata_ref.get('roles_links', - []) + []) } } } @@ -553,8 +555,7 @@ class AdminExtensionsController(ExtensionsController): # TODO(dolph): link needs to be revised after # bug 928059 merges 'type': 'text/html', - 'href': ('https://github.com/openstack/' - 'identity-api'), + 'href': 'https://github.com/openstack/identity-api', } ] } diff --git a/keystone/test.py b/keystone/test.py index 03488703..6745f5e7 100644 --- a/keystone/test.py +++ b/keystone/test.py @@ -224,7 +224,7 @@ class TestCase(NoModule, unittest.TestCase): user_copy = user.copy() tenants = user_copy.pop('tenants') rv = self.identity_api.create_user(user['id'], - user_copy.copy()) + user_copy.copy()) for tenant_id in tenants: self.identity_api.add_user_to_tenant(tenant_id, user['id']) setattr(self, 'user_%s' % user['id'], user_copy) @@ -262,12 +262,12 @@ class TestCase(NoModule, unittest.TestCase): return deploy.appconfig(self._paste_config(config)) def serveapp(self, config, name=None, cert=None, key=None, ca=None, - cert_required=None): + cert_required=None): app = self.loadapp(config, name=name) server = wsgi.Server(app, host="127.0.0.1", port=0) if cert is not None and ca is not None and key is not None: server.set_ssl(certfile=cert, keyfile=key, ca_certs=ca, - cert_required=cert_required) + cert_required=cert_required) server.start(key='socket') # Service catalog tests need to know the port we ran on. |