From 56e41037ba41b2507722dcbc54157cfe4cf4535f Mon Sep 17 00:00:00 2001
From: Joe Heck <heckj@mac.com>
Date: Wed, 14 Mar 2012 17:19:37 +0000
Subject: docstring cleanup to remove sphinx warnings

Change-Id: Icfc273f2466f48307d2addd22b70f1759d23fd97
---
 keystone/common/policy.py         | 17 ++++++++++-------
 keystone/policy/backends/rules.py |  6 ++++--
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/keystone/common/policy.py b/keystone/common/policy.py
index 34492f73..b90f98cb 100644
--- a/keystone/common/policy.py
+++ b/keystone/common/policy.py
@@ -49,6 +49,7 @@ def enforce(match_list, target_dict, credentials_dict):
     """Enforces authorization of some rules against credentials.
 
     :param match_list: nested tuples of data to match against
+
     The basic brain supports three types of match lists:
         1) rules
             looks like: ('rule:compute:get_instance',)
@@ -68,14 +69,14 @@ def enforce(match_list, target_dict, credentials_dict):
         perform simple boolean logic.  For example, the following rule would
         return True if the creds contain the role 'admin' OR the if the
         tenant_id matches the target dict AND the the creds contains the
-        role 'compute_sysadmin':
+        role 'compute_sysadmin'::
 
-        {
-            "rule:combined": (
-                'role:admin',
-                ('tenant_id:%(tenant_id)s', 'role:compute_sysadmin')
-            )
-        }
+            {
+                "rule:combined": (
+                    'role:admin',
+                    ('tenant_id:%(tenant_id)s', 'role:compute_sysadmin')
+                )
+            }
 
 
     Note that rule and role are reserved words in the credentials match, so
@@ -84,10 +85,12 @@ def enforce(match_list, target_dict, credentials_dict):
     reserved word.
 
     :param target_dict: dict of object properties
+
     Target dicts contain as much information as we can about the object being
     operated on.
 
     :param credentials_dict: dict of actor properties
+
     Credentials dicts contain as much information as we can about the user
     performing the action.
 
diff --git a/keystone/policy/backends/rules.py b/keystone/policy/backends/rules.py
index 1d12a999..56c01bd3 100644
--- a/keystone/policy/backends/rules.py
+++ b/keystone/policy/backends/rules.py
@@ -76,14 +76,16 @@ def enforce(credentials, action, target):
 
        :param credentials: user credentials
        :param action: string representing the action to be checked
+
            this should be colon separated for clarity.
            i.e. compute:create_instance
                 compute:attach_volume
                 volume:attach_volume
 
        :param object: dictionary representing the object of the action
-           for object creation this should be a dictionary representing the
-           location of the object e.g. {'tenant_id': object.tenant_id}
+                      for object creation this should be a dictionary
+                      representing the location of the object e.g.
+                      {'tenant_id': object.tenant_id}
 
        :raises: `exception.Forbidden` if verification fails.
 
-- 
cgit