Fixes 'not in' operator usage

Change-Id: I50a5bbe4800fc88b631701a6be0a0f9feec597d0

7 files changed, 26 insertions, 8 deletions

diff --git a/HACKING.rst b/HACKING.rst
index cf6abb39..bf0befca 100644
--- a/HACKING.rst
+++ b/HACKING.rst
@@ -18,6 +18,24 @@ General
 - Do not name anything the same name as a built-in or reserved word
 - When defining global constants, define them before functions and classes
 - Avoid using "double quotes" where you can reasonably use 'single quotes'
+- Use the "is not" operator when testing for unequal identities. Example::
+
+    if not X is Y:  # BAD, intended behavior is ambiguous
+        pass
+
+    if X is not Y:  # OKAY, intuitive
+        pass
+
+- Use the "not in" operator for evaluating membership in a collection. Example::
+
+    if not X in Y:  # BAD, intended behavior is ambiguous
+        pass
+
+    if X not in Y:  # OKAY, intuitive
+        pass
+
+    if not (X in Y or X in Z):  # OKAY, still better than all those 'not's
+        pass
 
 
 TODO vs FIXME
diff --git a/keystone/contrib/ec2/core.py b/keystone/contrib/ec2/core.py
index a03116b9..e96575d0 100644
--- a/keystone/contrib/ec2/core.py
+++ b/keystone/contrib/ec2/core.py
@@ -140,7 +140,7 @@ class Ec2Controller(controller.V2Controller):
         if not credentials and ec2Credentials:
             credentials = ec2Credentials
 
-        if not 'access' in credentials:
+        if 'access' not in credentials:
             raise exception.Unauthorized(message='EC2 signature not supplied.')
 
         creds_ref = self._get_credentials(context,
diff --git a/keystone/identity/backends/kvs.py b/keystone/identity/backends/kvs.py
index 64e9e177..8eef7df5 100644
--- a/keystone/identity/backends/kvs.py
+++ b/keystone/identity/backends/kvs.py
@@ -246,7 +246,7 @@ class Identity(kvs.Base, identity.Driver):
     def check_user_in_group(self, user_id, group_id):
         self.get_group(group_id)
         user_ref = self._get_user(user_id)
-        if not group_id in set(user_ref.get('groups', [])):
+        if group_id not in set(user_ref.get('groups', [])):
             raise exception.NotFound(_('User not found in group'))
 
     def remove_user_from_group(self, user_id, group_id):
diff --git a/keystone/identity/backends/sql.py b/keystone/identity/backends/sql.py
index c1b8682d..a880995f 100644
--- a/keystone/identity/backends/sql.py
+++ b/keystone/identity/backends/sql.py
@@ -652,7 +652,7 @@ class Identity(sql.Base, identity.Driver):
     @handle_conflicts(type='user')
     def create_user(self, user_id, user):
         user['name'] = clean.user_name(user['name'])
-        if not 'enabled' in user:
+        if 'enabled' not in user:
             user['enabled'] = True
         user = utils.hash_user_password(user)
         session = self.get_session()
diff --git a/keystone/identity/controllers.py b/keystone/identity/controllers.py
index 9e8d9f3f..8d35fd0c 100644
--- a/keystone/identity/controllers.py
+++ b/keystone/identity/controllers.py
@@ -90,7 +90,7 @@ class Tenant(controller.V2Controller):
     def create_project(self, context, tenant):
         tenant_ref = self._normalize_dict(tenant)
 
-        if not 'name' in tenant_ref or not tenant_ref['name']:
+        if 'name' not in tenant_ref or not tenant_ref['name']:
             msg = 'Name field is required and cannot be empty'
             raise exception.ValidationError(message=msg)
 
@@ -174,7 +174,7 @@ class User(controller.V2Controller):
         user = self._normalize_dict(user)
         self.assert_admin(context)
 
-        if not 'name' in user or not user['name']:
+        if 'name' not in user or not user['name']:
             msg = 'Name field is required and cannot be empty'
             raise exception.ValidationError(message=msg)
 
@@ -255,7 +255,7 @@ class Role(controller.V2Controller):
         role = self._normalize_dict(role)
         self.assert_admin(context)
 
-        if not 'name' in role or not role['name']:
+        if 'name' not in role or not role['name']:
             msg = 'Name field is required and cannot be empty'
             raise exception.ValidationError(message=msg)
 
diff --git a/keystone/middleware/core.py b/keystone/middleware/core.py
index 24495c98..4582f01e 100644
--- a/keystone/middleware/core.py
+++ b/keystone/middleware/core.py
@@ -105,7 +105,7 @@ class JsonBodyMiddleware(wsgi.Middleware):
 
         # Reject unrecognized content types. Empty string indicates
         # the client did not explicitly set the header
-        if not request.content_type in ('application/json', ''):
+        if request.content_type not in ('application/json', ''):
             e = exception.ValidationError(attribute='application/json',
                                           target='Content-Type header')
             return wsgi.render_exception(e)
diff --git a/keystone/middleware/s3_token.py b/keystone/middleware/s3_token.py
index 0f207b3d..477de999 100644
--- a/keystone/middleware/s3_token.py
+++ b/keystone/middleware/s3_token.py
@@ -128,7 +128,7 @@ class S3Token(object):
             return self.app(environ, start_response)
 
         # Read request signature and access id.
-        if not 'Authorization' in req.headers:
+        if 'Authorization' not in req.headers:
             msg = 'No Authorization header. skipping.'
             self.logger.debug(msg)
             return self.app(environ, start_response)