Fix D202: No blank lines after function docstring (PEP257)
No other PEP257 violations were addressed in this patch. Change-Id: Ic2e2305d3f8e2c3c4b70c61c0868d310f14355be
This commit is contained in:
parent
c00797d972
commit
618cb4a894
@ -505,7 +505,6 @@ class RoleAssignmentV3(controller.V3Controller):
|
|||||||
}
|
}
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
formatted_entity = {'links': {}}
|
formatted_entity = {'links': {}}
|
||||||
inherited_assignment = entity.get('inherited_to_projects')
|
inherited_assignment = entity.get('inherited_to_projects')
|
||||||
|
|
||||||
|
@ -147,7 +147,6 @@ class Manager(manager.Manager):
|
|||||||
keystone.exception.DomainNotFound
|
keystone.exception.DomainNotFound
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def _get_group_domain_roles(user_id, domain_id):
|
def _get_group_domain_roles(user_id, domain_id):
|
||||||
role_list = []
|
role_list = []
|
||||||
group_ids = self._get_group_ids_for_user_id(user_id)
|
group_ids = self._get_group_ids_for_user_id(user_id)
|
||||||
@ -185,7 +184,6 @@ class Manager(manager.Manager):
|
|||||||
|
|
||||||
def get_roles_for_groups(self, group_ids, project_id=None, domain_id=None):
|
def get_roles_for_groups(self, group_ids, project_id=None, domain_id=None):
|
||||||
"""Get a list of roles for this group on domain and/or project."""
|
"""Get a list of roles for this group on domain and/or project."""
|
||||||
|
|
||||||
if project_id is not None:
|
if project_id is not None:
|
||||||
project = self.resource_api.get_project(project_id)
|
project = self.resource_api.get_project(project_id)
|
||||||
role_ids = self.list_role_ids_for_groups_on_project(
|
role_ids = self.list_role_ids_for_groups_on_project(
|
||||||
@ -509,10 +507,8 @@ class Manager(manager.Manager):
|
|||||||
filter the result on those values.
|
filter the result on those values.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def create_group_assignment(base_ref, user_id):
|
def create_group_assignment(base_ref, user_id):
|
||||||
"""Creates a group assignment from the provided ref."""
|
"""Creates a group assignment from the provided ref."""
|
||||||
|
|
||||||
ref = copy.deepcopy(base_ref)
|
ref = copy.deepcopy(base_ref)
|
||||||
|
|
||||||
ref['user_id'] = user_id
|
ref['user_id'] = user_id
|
||||||
@ -682,7 +678,6 @@ class Manager(manager.Manager):
|
|||||||
specified, hence avoiding retrieving a huge list.
|
specified, hence avoiding retrieving a huge list.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def list_role_assignments_for_actor(
|
def list_role_assignments_for_actor(
|
||||||
role_id, inherited, user_id=None,
|
role_id, inherited, user_id=None,
|
||||||
group_ids=None, project_id=None, domain_id=None):
|
group_ids=None, project_id=None, domain_id=None):
|
||||||
@ -711,7 +706,6 @@ class Manager(manager.Manager):
|
|||||||
response are included.
|
response are included.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# List direct project role assignments
|
# List direct project role assignments
|
||||||
project_ids = [project_id] if project_id else None
|
project_ids = [project_id] if project_id else None
|
||||||
|
|
||||||
@ -827,7 +821,6 @@ class Manager(manager.Manager):
|
|||||||
inherited roles retrieval, inherited role assignments will be ignored.
|
inherited roles retrieval, inherited role assignments will be ignored.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if not CONF.os_inherit.enabled:
|
if not CONF.os_inherit.enabled:
|
||||||
if inherited:
|
if inherited:
|
||||||
return []
|
return []
|
||||||
@ -981,7 +974,6 @@ class AssignmentDriverV8(object):
|
|||||||
domain_id=None, project_id=None,
|
domain_id=None, project_id=None,
|
||||||
inherited_to_projects=False):
|
inherited_to_projects=False):
|
||||||
"""Lists role ids for assignments/grants."""
|
"""Lists role ids for assignments/grants."""
|
||||||
|
|
||||||
raise exception.NotImplemented() # pragma: no cover
|
raise exception.NotImplemented() # pragma: no cover
|
||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
@ -1139,7 +1131,6 @@ class AssignmentDriverV8(object):
|
|||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_role_assignments(self, role_id):
|
def delete_role_assignments(self, role_id):
|
||||||
"""Deletes all assignments for a role."""
|
"""Deletes all assignments for a role."""
|
||||||
|
|
||||||
raise exception.NotImplemented() # pragma: no cover
|
raise exception.NotImplemented() # pragma: no cover
|
||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
|
@ -93,7 +93,6 @@ class AuthContext(dict):
|
|||||||
earliest value.
|
earliest value.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# identity attributes need to be reconciled among the auth plugins
|
# identity attributes need to be reconciled among the auth plugins
|
||||||
IDENTITY_ATTRIBUTES = frozenset(['user_id', 'project_id',
|
IDENTITY_ATTRIBUTES = frozenset(['user_id', 'project_id',
|
||||||
'access_token_id', 'domain_id',
|
'access_token_id', 'domain_id',
|
||||||
@ -479,7 +478,6 @@ class Auth(controller.V3Controller):
|
|||||||
|
|
||||||
def authenticate(self, context, auth_info, auth_context):
|
def authenticate(self, context, auth_info, auth_context):
|
||||||
"""Authenticate user."""
|
"""Authenticate user."""
|
||||||
|
|
||||||
# The 'external' method allows any 'REMOTE_USER' based authentication
|
# The 'external' method allows any 'REMOTE_USER' based authentication
|
||||||
# In some cases the server can set REMOTE_USER as '' instead of
|
# In some cases the server can set REMOTE_USER as '' instead of
|
||||||
# dropping it, so this must be filtered out
|
# dropping it, so this must be filtered out
|
||||||
|
@ -78,7 +78,6 @@ class Domain(Base):
|
|||||||
The domain will be extracted from the REMOTE_DOMAIN environment
|
The domain will be extracted from the REMOTE_DOMAIN environment
|
||||||
variable if present. If not, the default domain will be used.
|
variable if present. If not, the default domain will be used.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
username = remote_user
|
username = remote_user
|
||||||
try:
|
try:
|
||||||
domain_name = context['environment']['REMOTE_DOMAIN']
|
domain_name = context['environment']['REMOTE_DOMAIN']
|
||||||
|
@ -56,7 +56,6 @@ class Mapped(auth.AuthMethodHandler):
|
|||||||
``OS-FEDERATION:protocol``
|
``OS-FEDERATION:protocol``
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if 'id' in auth_payload:
|
if 'id' in auth_payload:
|
||||||
token_ref = self._get_token_ref(auth_payload)
|
token_ref = self._get_token_ref(auth_payload)
|
||||||
handle_scoped_token(context, auth_payload, auth_context, token_ref,
|
handle_scoped_token(context, auth_payload, auth_context, token_ref,
|
||||||
|
@ -31,7 +31,6 @@ LOG = log.getLogger(__name__)
|
|||||||
class OAuth(auth.AuthMethodHandler):
|
class OAuth(auth.AuthMethodHandler):
|
||||||
def authenticate(self, context, auth_info, auth_context):
|
def authenticate(self, context, auth_info, auth_context):
|
||||||
"""Turn a signed request with an access key into a keystone token."""
|
"""Turn a signed request with an access key into a keystone token."""
|
||||||
|
|
||||||
headers = context['headers']
|
headers = context['headers']
|
||||||
oauth_headers = oauth.get_oauth_headers(headers)
|
oauth_headers = oauth.get_oauth_headers(headers)
|
||||||
access_token_id = oauth_headers.get('oauth_token')
|
access_token_id = oauth_headers.get('oauth_token')
|
||||||
|
@ -52,7 +52,6 @@ def format_url(url, substitutions, silent_keyerror_failures=None):
|
|||||||
:returns: a formatted URL
|
:returns: a formatted URL
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
substitutions = utils.WhiteListedItemFilter(
|
substitutions = utils.WhiteListedItemFilter(
|
||||||
WHITELISTED_PROPERTIES,
|
WHITELISTED_PROPERTIES,
|
||||||
substitutions)
|
substitutions)
|
||||||
|
@ -167,7 +167,6 @@ def protected(callback=None):
|
|||||||
|
|
||||||
def filterprotected(*filters):
|
def filterprotected(*filters):
|
||||||
"""Wraps filtered API calls with role based access controls (RBAC)."""
|
"""Wraps filtered API calls with role based access controls (RBAC)."""
|
||||||
|
|
||||||
def _filterprotected(f):
|
def _filterprotected(f):
|
||||||
@functools.wraps(f)
|
@functools.wraps(f)
|
||||||
def wrapper(self, context, **kwargs):
|
def wrapper(self, context, **kwargs):
|
||||||
@ -300,7 +299,6 @@ class V2Controller(wsgi.Application):
|
|||||||
If ref is a list type, we will iterate through each element and do the
|
If ref is a list type, we will iterate through each element and do the
|
||||||
conversion.
|
conversion.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def _format_default_project_id(ref):
|
def _format_default_project_id(ref):
|
||||||
"""Convert default_project_id to tenantId for v2 calls."""
|
"""Convert default_project_id to tenantId for v2 calls."""
|
||||||
default_project_id = ref.pop('default_project_id', None)
|
default_project_id = ref.pop('default_project_id', None)
|
||||||
@ -342,7 +340,6 @@ class V2Controller(wsgi.Application):
|
|||||||
If ref is a list type, we will iterate through each element and do the
|
If ref is a list type, we will iterate through each element and do the
|
||||||
conversion.
|
conversion.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def _filter_project_properties(ref):
|
def _filter_project_properties(ref):
|
||||||
"""Run through the various filter methods."""
|
"""Run through the various filter methods."""
|
||||||
V2Controller.filter_domain_id(ref)
|
V2Controller.filter_domain_id(ref)
|
||||||
@ -450,7 +447,6 @@ class V3Controller(wsgi.Application):
|
|||||||
True, including the absence of a value
|
True, including the absence of a value
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if (isinstance(filter_value, six.string_types) and
|
if (isinstance(filter_value, six.string_types) and
|
||||||
filter_value == '0'):
|
filter_value == '0'):
|
||||||
val = False
|
val = False
|
||||||
@ -545,7 +541,6 @@ class V3Controller(wsgi.Application):
|
|||||||
@classmethod
|
@classmethod
|
||||||
def filter_by_attributes(cls, refs, hints):
|
def filter_by_attributes(cls, refs, hints):
|
||||||
"""Filters a list of references by filter values."""
|
"""Filters a list of references by filter values."""
|
||||||
|
|
||||||
def _attr_match(ref_attr, val_attr):
|
def _attr_match(ref_attr, val_attr):
|
||||||
"""Matches attributes allowing for booleans as strings.
|
"""Matches attributes allowing for booleans as strings.
|
||||||
|
|
||||||
|
@ -225,6 +225,5 @@ def reset():
|
|||||||
This is useful for unit testing to ensure that tests don't use providers
|
This is useful for unit testing to ensure that tests don't use providers
|
||||||
from previous tests.
|
from previous tests.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
_REGISTRY.clear()
|
_REGISTRY.clear()
|
||||||
_future_dependencies.clear()
|
_future_dependencies.clear()
|
||||||
|
@ -93,7 +93,6 @@ class Server(service.ServiceBase):
|
|||||||
|
|
||||||
Raises Exception if this has already been called.
|
Raises Exception if this has already been called.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# TODO(dims): eventlet's green dns/socket module does not actually
|
# TODO(dims): eventlet's green dns/socket module does not actually
|
||||||
# support IPv6 in getaddrinfo(). We need to get around this in the
|
# support IPv6 in getaddrinfo(). We need to get around this in the
|
||||||
# future or monitor upstream for a fix.
|
# future or monitor upstream for a fix.
|
||||||
@ -121,7 +120,6 @@ class Server(service.ServiceBase):
|
|||||||
|
|
||||||
def start(self, key=None, backlog=128):
|
def start(self, key=None, backlog=128):
|
||||||
"""Run a WSGI server with the given application."""
|
"""Run a WSGI server with the given application."""
|
||||||
|
|
||||||
if self.socket is None:
|
if self.socket is None:
|
||||||
self.listen(key=key, backlog=backlog)
|
self.listen(key=key, backlog=backlog)
|
||||||
|
|
||||||
|
@ -41,5 +41,4 @@ def register_admin_extension(url_prefix, extension_data):
|
|||||||
|
|
||||||
def register_public_extension(url_prefix, extension_data):
|
def register_public_extension(url_prefix, extension_data):
|
||||||
"""Same as register_admin_extension but for public extensions."""
|
"""Same as register_admin_extension but for public extensions."""
|
||||||
|
|
||||||
PUBLIC_EXTENSIONS[url_prefix] = extension_data
|
PUBLIC_EXTENSIONS[url_prefix] = extension_data
|
||||||
|
@ -79,7 +79,6 @@ class Status(object):
|
|||||||
|
|
||||||
def translate_urls(json_home, new_prefix):
|
def translate_urls(json_home, new_prefix):
|
||||||
"""Given a JSON Home document, sticks new_prefix on each of the urls."""
|
"""Given a JSON Home document, sticks new_prefix on each of the urls."""
|
||||||
|
|
||||||
for dummy_rel, resource in json_home['resources'].items():
|
for dummy_rel, resource in json_home['resources'].items():
|
||||||
if 'href' in resource:
|
if 'href' in resource:
|
||||||
resource['href'] = new_prefix + resource['href']
|
resource['href'] = new_prefix + resource['href']
|
||||||
|
@ -110,7 +110,6 @@ def py2ldap(val):
|
|||||||
|
|
||||||
def enabled2py(val):
|
def enabled2py(val):
|
||||||
"""Similar to ldap2py, only useful for the enabled attribute."""
|
"""Similar to ldap2py, only useful for the enabled attribute."""
|
||||||
|
|
||||||
try:
|
try:
|
||||||
return LDAP_VALUES[val]
|
return LDAP_VALUES[val]
|
||||||
except KeyError:
|
except KeyError:
|
||||||
@ -239,7 +238,6 @@ def is_ava_value_equal(attribute_type, val1, val2):
|
|||||||
that function apply here.
|
that function apply here.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
return prep_case_insensitive(val1) == prep_case_insensitive(val2)
|
return prep_case_insensitive(val1) == prep_case_insensitive(val2)
|
||||||
|
|
||||||
|
|
||||||
@ -259,7 +257,6 @@ def is_rdn_equal(rdn1, rdn2):
|
|||||||
limitations of that function apply here.
|
limitations of that function apply here.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if len(rdn1) != len(rdn2):
|
if len(rdn1) != len(rdn2):
|
||||||
return False
|
return False
|
||||||
|
|
||||||
@ -292,7 +289,6 @@ def is_dn_equal(dn1, dn2):
|
|||||||
:param dn2: Either a string DN or a DN parsed by ldap.dn.str2dn.
|
:param dn2: Either a string DN or a DN parsed by ldap.dn.str2dn.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if not isinstance(dn1, list):
|
if not isinstance(dn1, list):
|
||||||
dn1 = ldap.dn.str2dn(utf8_encode(dn1))
|
dn1 = ldap.dn.str2dn(utf8_encode(dn1))
|
||||||
if not isinstance(dn2, list):
|
if not isinstance(dn2, list):
|
||||||
@ -314,7 +310,6 @@ def dn_startswith(descendant_dn, dn):
|
|||||||
:param dn: Either a string DN or a DN parsed by ldap.dn.str2dn.
|
:param dn: Either a string DN or a DN parsed by ldap.dn.str2dn.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if not isinstance(descendant_dn, list):
|
if not isinstance(descendant_dn, list):
|
||||||
descendant_dn = ldap.dn.str2dn(utf8_encode(descendant_dn))
|
descendant_dn = ldap.dn.str2dn(utf8_encode(descendant_dn))
|
||||||
if not isinstance(dn, list):
|
if not isinstance(dn, list):
|
||||||
@ -815,7 +810,6 @@ class PooledLDAPHandler(LDAPHandler):
|
|||||||
which requested msgId and used it in result3 exits.
|
which requested msgId and used it in result3 exits.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
conn, msg_id = msgid
|
conn, msg_id = msgid
|
||||||
return conn.result3(msg_id, all, timeout)
|
return conn.result3(msg_id, all, timeout)
|
||||||
|
|
||||||
@ -858,7 +852,6 @@ class KeystoneLDAPHandler(LDAPHandler):
|
|||||||
OpenStack.
|
OpenStack.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def __init__(self, conn=None):
|
def __init__(self, conn=None):
|
||||||
super(KeystoneLDAPHandler, self).__init__(conn=conn)
|
super(KeystoneLDAPHandler, self).__init__(conn=conn)
|
||||||
self.page_size = 0
|
self.page_size = 0
|
||||||
|
@ -121,7 +121,6 @@ def create_legacy_driver(driver_class):
|
|||||||
Driver = create_legacy_driver(CatalogDriverV8)
|
Driver = create_legacy_driver(CatalogDriverV8)
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
module_name = driver_class.__module__
|
module_name = driver_class.__module__
|
||||||
class_name = driver_class.__name__
|
class_name = driver_class.__name__
|
||||||
|
|
||||||
|
@ -68,7 +68,6 @@ flag_modified = flag_modified
|
|||||||
|
|
||||||
def initialize():
|
def initialize():
|
||||||
"""Initialize the module."""
|
"""Initialize the module."""
|
||||||
|
|
||||||
db_options.set_defaults(
|
db_options.set_defaults(
|
||||||
CONF,
|
CONF,
|
||||||
connection="sqlite:///keystone.db")
|
connection="sqlite:///keystone.db")
|
||||||
|
@ -26,7 +26,6 @@ def upgrade(migrate_engine):
|
|||||||
assignment table with the new PK constraint and migrates the existing data.
|
assignment table with the new PK constraint and migrates the existing data.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
ASSIGNMENT_TABLE_NAME = 'assignment'
|
ASSIGNMENT_TABLE_NAME = 'assignment'
|
||||||
|
|
||||||
metadata = sql.MetaData()
|
metadata = sql.MetaData()
|
||||||
|
@ -117,7 +117,6 @@ def rename_tables_with_constraints(renames, constraints, engine):
|
|||||||
|
|
||||||
`renames` is a dict, mapping {'to_table_name': from_table, ...}
|
`renames` is a dict, mapping {'to_table_name': from_table, ...}
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if engine.name != 'sqlite':
|
if engine.name != 'sqlite':
|
||||||
# Sqlite doesn't support constraints, so nothing to remove.
|
# Sqlite doesn't support constraints, so nothing to remove.
|
||||||
remove_constraints(constraints)
|
remove_constraints(constraints)
|
||||||
|
@ -45,7 +45,6 @@ class TokenlessAuthHelper(object):
|
|||||||
SSL_CLIENT_S_DN_CN, SSL_CLIENT_S_DN_O
|
SSL_CLIENT_S_DN_CN, SSL_CLIENT_S_DN_O
|
||||||
:type env: dict
|
:type env: dict
|
||||||
"""
|
"""
|
||||||
|
|
||||||
self.env = env
|
self.env = env
|
||||||
|
|
||||||
def _build_scope_info(self):
|
def _build_scope_info(self):
|
||||||
|
@ -274,7 +274,6 @@ def get_unix_user(user=None):
|
|||||||
:return: tuple of (uid, name)
|
:return: tuple of (uid, name)
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if isinstance(user, six.string_types):
|
if isinstance(user, six.string_types):
|
||||||
try:
|
try:
|
||||||
user_info = pwd.getpwnam(user)
|
user_info = pwd.getpwnam(user)
|
||||||
@ -331,7 +330,6 @@ def get_unix_group(group=None):
|
|||||||
:return: tuple of (gid, name)
|
:return: tuple of (gid, name)
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if isinstance(group, six.string_types):
|
if isinstance(group, six.string_types):
|
||||||
try:
|
try:
|
||||||
group_info = grp.getgrnam(group)
|
group_info = grp.getgrnam(group)
|
||||||
@ -380,7 +378,6 @@ def set_permissions(path, mode=None, user=None, group=None, log=None):
|
|||||||
if None no logging is performed.
|
if None no logging is performed.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if user is None:
|
if user is None:
|
||||||
user_uid, user_name = None, None
|
user_uid, user_name = None, None
|
||||||
else:
|
else:
|
||||||
@ -447,7 +444,6 @@ def make_dirs(path, mode=None, user=None, group=None, log=None):
|
|||||||
if None no logging is performed.
|
if None no logging is performed.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if log:
|
if log:
|
||||||
if mode is None:
|
if mode is None:
|
||||||
mode_string = str(mode)
|
mode_string = str(mode)
|
||||||
@ -483,7 +479,6 @@ _ISO8601_TIME_FORMAT = '%Y-%m-%dT%H:%M:%S'
|
|||||||
|
|
||||||
def isotime(at=None, subsecond=False):
|
def isotime(at=None, subsecond=False):
|
||||||
"""Stringify time in ISO 8601 format."""
|
"""Stringify time in ISO 8601 format."""
|
||||||
|
|
||||||
# Python provides a similar instance method for datetime.datetime objects
|
# Python provides a similar instance method for datetime.datetime objects
|
||||||
# called isoformat(). The format of the strings generated by isoformat()
|
# called isoformat(). The format of the strings generated by isoformat()
|
||||||
# have a couple of problems:
|
# have a couple of problems:
|
||||||
|
@ -115,7 +115,6 @@ def best_match_language(req):
|
|||||||
"""Determines the best available locale from the Accept-Language
|
"""Determines the best available locale from the Accept-Language
|
||||||
HTTP header passed in the request.
|
HTTP header passed in the request.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if not req.accept_language:
|
if not req.accept_language:
|
||||||
return None
|
return None
|
||||||
return req.accept_language.best_match(
|
return req.accept_language.best_match(
|
||||||
@ -124,7 +123,6 @@ def best_match_language(req):
|
|||||||
|
|
||||||
class BaseApplication(object):
|
class BaseApplication(object):
|
||||||
"""Base WSGI application wrapper. Subclasses need to implement __call__."""
|
"""Base WSGI application wrapper. Subclasses need to implement __call__."""
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def factory(cls, global_config, **local_config):
|
def factory(cls, global_config, **local_config):
|
||||||
"""Used for paste app factories in paste.deploy config files.
|
"""Used for paste app factories in paste.deploy config files.
|
||||||
@ -305,7 +303,6 @@ class Application(BaseApplication):
|
|||||||
does not have the admin role
|
does not have the admin role
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if not context['is_admin']:
|
if not context['is_admin']:
|
||||||
user_token_ref = utils.get_token_ref(context)
|
user_token_ref = utils.get_token_ref(context)
|
||||||
|
|
||||||
@ -398,7 +395,6 @@ class Middleware(Application):
|
|||||||
behavior.
|
behavior.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def factory(cls, global_config, **local_config):
|
def factory(cls, global_config, **local_config):
|
||||||
"""Used for paste app factories in paste.deploy config files.
|
"""Used for paste app factories in paste.deploy config files.
|
||||||
@ -477,7 +473,6 @@ class Debug(Middleware):
|
|||||||
about the request and response.
|
about the request and response.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
@webob.dec.wsgify()
|
@webob.dec.wsgify()
|
||||||
def __call__(self, req):
|
def __call__(self, req):
|
||||||
if not hasattr(LOG, 'isEnabledFor') or LOG.isEnabledFor(LOG.debug):
|
if not hasattr(LOG, 'isEnabledFor') or LOG.isEnabledFor(LOG.debug):
|
||||||
@ -789,7 +784,6 @@ def render_response(body=None, status=None, headers=None, method=None):
|
|||||||
|
|
||||||
def render_exception(error, context=None, request=None, user_locale=None):
|
def render_exception(error, context=None, request=None, user_locale=None):
|
||||||
"""Forms a WSGI response based on the current error."""
|
"""Forms a WSGI response based on the current error."""
|
||||||
|
|
||||||
error_message = error.args[0]
|
error_message = error.args[0]
|
||||||
message = oslo_i18n.translate(error_message, desired_locale=user_locale)
|
message = oslo_i18n.translate(error_message, desired_locale=user_locale)
|
||||||
if message is error_message:
|
if message is error_message:
|
||||||
|
@ -39,7 +39,6 @@ def set_default_for_default_log_levels():
|
|||||||
This function needs to be called before CONF().
|
This function needs to be called before CONF().
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
extra_log_level_defaults = [
|
extra_log_level_defaults = [
|
||||||
'dogpile=INFO',
|
'dogpile=INFO',
|
||||||
'routes=INFO',
|
'routes=INFO',
|
||||||
|
@ -111,7 +111,6 @@ class Ec2ControllerCommon(object):
|
|||||||
|
|
||||||
:returns: user_ref, tenant_ref, metadata_ref, roles_ref, catalog_ref
|
:returns: user_ref, tenant_ref, metadata_ref, roles_ref, catalog_ref
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# FIXME(ja): validate that a service token was used!
|
# FIXME(ja): validate that a service token was used!
|
||||||
|
|
||||||
# NOTE(termie): backwards compat hack
|
# NOTE(termie): backwards compat hack
|
||||||
@ -171,7 +170,6 @@ class Ec2ControllerCommon(object):
|
|||||||
:param tenant_id: id of tenant
|
:param tenant_id: id of tenant
|
||||||
:returns: credential: dict of ec2 credential
|
:returns: credential: dict of ec2 credential
|
||||||
"""
|
"""
|
||||||
|
|
||||||
self.identity_api.get_user(user_id)
|
self.identity_api.get_user(user_id)
|
||||||
self.resource_api.get_project(tenant_id)
|
self.resource_api.get_project(tenant_id)
|
||||||
trust_id = self._get_trust_id_for_request(context)
|
trust_id = self._get_trust_id_for_request(context)
|
||||||
@ -193,7 +191,6 @@ class Ec2ControllerCommon(object):
|
|||||||
:param user_id: id of user
|
:param user_id: id of user
|
||||||
:returns: credentials: list of ec2 credential dicts
|
:returns: credentials: list of ec2 credential dicts
|
||||||
"""
|
"""
|
||||||
|
|
||||||
self.identity_api.get_user(user_id)
|
self.identity_api.get_user(user_id)
|
||||||
credential_refs = self.credential_api.list_credentials_for_user(
|
credential_refs = self.credential_api.list_credentials_for_user(
|
||||||
user_id)
|
user_id)
|
||||||
@ -210,7 +207,6 @@ class Ec2ControllerCommon(object):
|
|||||||
:param credential_id: access key for credentials
|
:param credential_id: access key for credentials
|
||||||
:returns: credential: dict of ec2 credential
|
:returns: credential: dict of ec2 credential
|
||||||
"""
|
"""
|
||||||
|
|
||||||
self.identity_api.get_user(user_id)
|
self.identity_api.get_user(user_id)
|
||||||
return {'credential': self._get_credentials(credential_id)}
|
return {'credential': self._get_credentials(credential_id)}
|
||||||
|
|
||||||
@ -223,7 +219,6 @@ class Ec2ControllerCommon(object):
|
|||||||
:param credential_id: access key for credentials
|
:param credential_id: access key for credentials
|
||||||
:returns: bool: success
|
:returns: bool: success
|
||||||
"""
|
"""
|
||||||
|
|
||||||
self.identity_api.get_user(user_id)
|
self.identity_api.get_user(user_id)
|
||||||
self._get_credentials(credential_id)
|
self._get_credentials(credential_id)
|
||||||
ec2_credential_id = utils.hash_access_key(credential_id)
|
ec2_credential_id = utils.hash_access_key(credential_id)
|
||||||
|
@ -153,7 +153,6 @@ class EndpointGroupV3Controller(_ControllerBase):
|
|||||||
@classmethod
|
@classmethod
|
||||||
def base_url(cls, context, path=None):
|
def base_url(cls, context, path=None):
|
||||||
"""Construct a path and pass it to V3Controller.base_url method."""
|
"""Construct a path and pass it to V3Controller.base_url method."""
|
||||||
|
|
||||||
path = '/OS-EP-FILTER/' + cls.collection_name
|
path = '/OS-EP-FILTER/' + cls.collection_name
|
||||||
return super(EndpointGroupV3Controller, cls).base_url(context,
|
return super(EndpointGroupV3Controller, cls).base_url(context,
|
||||||
path=path)
|
path=path)
|
||||||
|
@ -44,7 +44,6 @@ class _ControllerBase(controller.V3Controller):
|
|||||||
@classmethod
|
@classmethod
|
||||||
def base_url(cls, context, path=None):
|
def base_url(cls, context, path=None):
|
||||||
"""Construct a path and pass it to V3Controller.base_url method."""
|
"""Construct a path and pass it to V3Controller.base_url method."""
|
||||||
|
|
||||||
path = '/OS-FEDERATION/' + cls.collection_name
|
path = '/OS-FEDERATION/' + cls.collection_name
|
||||||
return super(_ControllerBase, cls).base_url(context, path=path)
|
return super(_ControllerBase, cls).base_url(context, path=path)
|
||||||
|
|
||||||
@ -327,7 +326,6 @@ class Auth(auth_controllers.Auth):
|
|||||||
|
|
||||||
def render_html_response(self, host, token_id):
|
def render_html_response(self, host, token_id):
|
||||||
"""Forms an HTML Form from a template with autosubmit."""
|
"""Forms an HTML Form from a template with autosubmit."""
|
||||||
|
|
||||||
headers = [('Content-Type', 'text/html')]
|
headers = [('Content-Type', 'text/html')]
|
||||||
|
|
||||||
with open(CONF.federation.sso_callback_template) as template:
|
with open(CONF.federation.sso_callback_template) as template:
|
||||||
@ -380,7 +378,6 @@ class Auth(auth_controllers.Auth):
|
|||||||
:param auth: Dictionary that contains a token and service provider ID
|
:param auth: Dictionary that contains a token and service provider ID
|
||||||
:returns: SAML Assertion based on properties from the token
|
:returns: SAML Assertion based on properties from the token
|
||||||
"""
|
"""
|
||||||
|
|
||||||
t = self._create_base_saml_assertion(context, auth)
|
t = self._create_base_saml_assertion(context, auth)
|
||||||
(response, service_provider) = t
|
(response, service_provider) = t
|
||||||
|
|
||||||
@ -396,7 +393,6 @@ class Auth(auth_controllers.Auth):
|
|||||||
:param auth: Dictionary that contains a token and service provider ID
|
:param auth: Dictionary that contains a token and service provider ID
|
||||||
:returns: ECP Assertion based on properties from the token
|
:returns: ECP Assertion based on properties from the token
|
||||||
"""
|
"""
|
||||||
|
|
||||||
t = self._create_base_saml_assertion(context, auth)
|
t = self._create_base_saml_assertion(context, auth)
|
||||||
(saml_assertion, service_provider) = t
|
(saml_assertion, service_provider) = t
|
||||||
relay_state_prefix = service_provider.get('relay_state_prefix')
|
relay_state_prefix = service_provider.get('relay_state_prefix')
|
||||||
|
@ -195,7 +195,6 @@ class SAMLGenerator(object):
|
|||||||
:return: XML <AttributeStatement> object
|
:return: XML <AttributeStatement> object
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def _build_attribute(attribute_name, attribute_values):
|
def _build_attribute(attribute_name, attribute_values):
|
||||||
attribute = saml.Attribute()
|
attribute = saml.Attribute()
|
||||||
attribute.name = attribute_name
|
attribute.name = attribute_name
|
||||||
@ -550,7 +549,6 @@ class MetadataGenerator(object):
|
|||||||
|
|
||||||
def _ensure_required_values_present(self):
|
def _ensure_required_values_present(self):
|
||||||
"""Ensure idp_sso_endpoint and idp_entity_id have values."""
|
"""Ensure idp_sso_endpoint and idp_entity_id have values."""
|
||||||
|
|
||||||
if CONF.saml.idp_entity_id is None:
|
if CONF.saml.idp_entity_id is None:
|
||||||
msg = _('Ensure configuration option idp_entity_id is set.')
|
msg = _('Ensure configuration option idp_entity_id is set.')
|
||||||
raise exception.ValidationError(msg)
|
raise exception.ValidationError(msg)
|
||||||
@ -560,7 +558,6 @@ class MetadataGenerator(object):
|
|||||||
|
|
||||||
def _check_contact_person_values(self):
|
def _check_contact_person_values(self):
|
||||||
"""Determine if contact information is included in metadata."""
|
"""Determine if contact information is included in metadata."""
|
||||||
|
|
||||||
# Check if we should include contact information
|
# Check if we should include contact information
|
||||||
params = [CONF.saml.idp_contact_company,
|
params = [CONF.saml.idp_contact_company,
|
||||||
CONF.saml.idp_contact_name,
|
CONF.saml.idp_contact_name,
|
||||||
@ -582,7 +579,6 @@ class MetadataGenerator(object):
|
|||||||
|
|
||||||
def _check_organization_values(self):
|
def _check_organization_values(self):
|
||||||
"""Determine if organization information is included in metadata."""
|
"""Determine if organization information is included in metadata."""
|
||||||
|
|
||||||
params = [CONF.saml.idp_organization_name,
|
params = [CONF.saml.idp_organization_name,
|
||||||
CONF.saml.idp_organization_display_name,
|
CONF.saml.idp_organization_display_name,
|
||||||
CONF.saml.idp_organization_url]
|
CONF.saml.idp_organization_url]
|
||||||
|
@ -216,7 +216,6 @@ def get_remote_id_parameter(protocol):
|
|||||||
|
|
||||||
def validate_idp(idp, protocol, assertion):
|
def validate_idp(idp, protocol, assertion):
|
||||||
"""The IdP providing the assertion should be registered for the mapping."""
|
"""The IdP providing the assertion should be registered for the mapping."""
|
||||||
|
|
||||||
remote_id_parameter = get_remote_id_parameter(protocol)
|
remote_id_parameter = get_remote_id_parameter(protocol)
|
||||||
if not remote_id_parameter or not idp['remote_ids']:
|
if not remote_id_parameter or not idp['remote_ids']:
|
||||||
LOG.debug('Impossible to identify the IdP %s ', idp['id'])
|
LOG.debug('Impossible to identify the IdP %s ', idp['id'])
|
||||||
@ -324,7 +323,6 @@ def transform_to_group_ids(group_names, mapping_id,
|
|||||||
exist in the backend.
|
exist in the backend.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def resolve_domain(domain):
|
def resolve_domain(domain):
|
||||||
"""Return domain id.
|
"""Return domain id.
|
||||||
|
|
||||||
@ -385,7 +383,6 @@ class RuleProcessor(object):
|
|||||||
:type rules: dict
|
:type rules: dict
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
self.rules = rules
|
self.rules = rules
|
||||||
|
|
||||||
def process(self, assertion_data):
|
def process(self, assertion_data):
|
||||||
@ -438,7 +435,6 @@ class RuleProcessor(object):
|
|||||||
}
|
}
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# Assertions will come in as string key-value pairs, and will use a
|
# Assertions will come in as string key-value pairs, and will use a
|
||||||
# semi-colon to indicate multiple values, i.e. groups.
|
# semi-colon to indicate multiple values, i.e. groups.
|
||||||
# This will create a new dictionary where the values are arrays, and
|
# This will create a new dictionary where the values are arrays, and
|
||||||
@ -505,7 +501,6 @@ class RuleProcessor(object):
|
|||||||
:rtype: dict
|
:rtype: dict
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def extract_groups(groups_by_domain):
|
def extract_groups(groups_by_domain):
|
||||||
for groups in list(groups_by_domain.values()):
|
for groups in list(groups_by_domain.values()):
|
||||||
for group in list({g['name']: g for g in groups}.values()):
|
for group in list({g['name']: g for g in groups}.values()):
|
||||||
@ -513,7 +508,6 @@ class RuleProcessor(object):
|
|||||||
|
|
||||||
def normalize_user(user):
|
def normalize_user(user):
|
||||||
"""Parse and validate user mapping."""
|
"""Parse and validate user mapping."""
|
||||||
|
|
||||||
user_type = user.get('type')
|
user_type = user.get('type')
|
||||||
|
|
||||||
if user_type and user_type not in (UserType.EPHEMERAL,
|
if user_type and user_type not in (UserType.EPHEMERAL,
|
||||||
@ -601,7 +595,6 @@ class RuleProcessor(object):
|
|||||||
{'user': {'name': 'Bob Thompson', 'email': 'bob@example.org'}}
|
{'user': {'name': 'Bob Thompson', 'email': 'bob@example.org'}}
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
LOG.debug('direct_maps: %s', direct_maps)
|
LOG.debug('direct_maps: %s', direct_maps)
|
||||||
LOG.debug('local: %s', local)
|
LOG.debug('local: %s', local)
|
||||||
new = {}
|
new = {}
|
||||||
@ -666,7 +659,6 @@ class RuleProcessor(object):
|
|||||||
:rtype: keystone.contrib.federation.utils.DirectMaps or None
|
:rtype: keystone.contrib.federation.utils.DirectMaps or None
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
direct_maps = DirectMaps()
|
direct_maps = DirectMaps()
|
||||||
|
|
||||||
for requirement in requirements:
|
for requirement in requirements:
|
||||||
|
@ -50,7 +50,6 @@ class ConsumerCrudV3(controller.V3Controller):
|
|||||||
@classmethod
|
@classmethod
|
||||||
def base_url(cls, context, path=None):
|
def base_url(cls, context, path=None):
|
||||||
"""Construct a path and pass it to V3Controller.base_url method."""
|
"""Construct a path and pass it to V3Controller.base_url method."""
|
||||||
|
|
||||||
# NOTE(stevemar): Overriding path to /OS-OAUTH1/consumers so that
|
# NOTE(stevemar): Overriding path to /OS-OAUTH1/consumers so that
|
||||||
# V3Controller.base_url handles setting the self link correctly.
|
# V3Controller.base_url handles setting the self link correctly.
|
||||||
path = '/OS-OAUTH1/' + cls.collection_name
|
path = '/OS-OAUTH1/' + cls.collection_name
|
||||||
|
@ -127,7 +127,6 @@ class Manager(manager.Manager):
|
|||||||
:returns: list of endpoints that match
|
:returns: list of endpoints that match
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if region_id in regions_examined:
|
if region_id in regions_examined:
|
||||||
msg = _LE('Circular reference or a repeated entry found '
|
msg = _LE('Circular reference or a repeated entry found '
|
||||||
'in region tree - %(region_id)s.')
|
'in region tree - %(region_id)s.')
|
||||||
|
@ -272,7 +272,6 @@ class UserApi(common_ldap.EnabledEmuMixIn, common_ldap.BaseLdap):
|
|||||||
|
|
||||||
def is_user(self, dn):
|
def is_user(self, dn):
|
||||||
"""Returns True if the entry is a user."""
|
"""Returns True if the entry is a user."""
|
||||||
|
|
||||||
# NOTE(blk-u): It's easy to check if the DN is under the User tree,
|
# NOTE(blk-u): It's easy to check if the DN is under the User tree,
|
||||||
# but may not be accurate. A more accurate test would be to fetch the
|
# but may not be accurate. A more accurate test would be to fetch the
|
||||||
# entry to see if it's got the user objectclass, but this could be
|
# entry to see if it's got the user objectclass, but this could be
|
||||||
@ -349,7 +348,6 @@ class GroupApi(common_ldap.BaseLdap):
|
|||||||
|
|
||||||
def list_user_groups(self, user_dn):
|
def list_user_groups(self, user_dn):
|
||||||
"""Return a list of groups for which the user is a member."""
|
"""Return a list of groups for which the user is a member."""
|
||||||
|
|
||||||
user_dn_esc = ldap.filter.escape_filter_chars(user_dn)
|
user_dn_esc = ldap.filter.escape_filter_chars(user_dn)
|
||||||
query = '(%s=%s)%s' % (self.member_attribute,
|
query = '(%s=%s)%s' % (self.member_attribute,
|
||||||
user_dn_esc,
|
user_dn_esc,
|
||||||
@ -358,7 +356,6 @@ class GroupApi(common_ldap.BaseLdap):
|
|||||||
|
|
||||||
def list_user_groups_filtered(self, user_dn, hints):
|
def list_user_groups_filtered(self, user_dn, hints):
|
||||||
"""Return a filtered list of groups for which the user is a member."""
|
"""Return a filtered list of groups for which the user is a member."""
|
||||||
|
|
||||||
user_dn_esc = ldap.filter.escape_filter_chars(user_dn)
|
user_dn_esc = ldap.filter.escape_filter_chars(user_dn)
|
||||||
query = '(%s=%s)%s' % (self.member_attribute,
|
query = '(%s=%s)%s' % (self.member_attribute,
|
||||||
user_dn_esc,
|
user_dn_esc,
|
||||||
|
@ -424,7 +424,6 @@ def domains_configured(f):
|
|||||||
|
|
||||||
def exception_translated(exception_type):
|
def exception_translated(exception_type):
|
||||||
"""Wraps API calls to map to correct exception."""
|
"""Wraps API calls to map to correct exception."""
|
||||||
|
|
||||||
def _exception_translated(f):
|
def _exception_translated(f):
|
||||||
@functools.wraps(f)
|
@functools.wraps(f)
|
||||||
def wrapper(self, *args, **kwargs):
|
def wrapper(self, *args, **kwargs):
|
||||||
@ -485,7 +484,6 @@ class Manager(manager.Manager):
|
|||||||
mapping by default is a more prudent way to introduce this functionality.
|
mapping by default is a more prudent way to introduce this functionality.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
driver_namespace = 'keystone.identity'
|
driver_namespace = 'keystone.identity'
|
||||||
|
|
||||||
_USER = 'user'
|
_USER = 'user'
|
||||||
|
@ -259,7 +259,6 @@ class AuthContextMiddleware(wsgi.Middleware):
|
|||||||
:type env: dict
|
:type env: dict
|
||||||
:returns: True if client_issuer is trusted; otherwise False
|
:returns: True if client_issuer is trusted; otherwise False
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if not CONF.tokenless_auth.trusted_issuer:
|
if not CONF.tokenless_auth.trusted_issuer:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
@ -326,7 +326,6 @@ def listener(cls):
|
|||||||
}
|
}
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def init_wrapper(init):
|
def init_wrapper(init):
|
||||||
@functools.wraps(init)
|
@functools.wraps(init)
|
||||||
def __new_init__(self, *args, **kwargs):
|
def __new_init__(self, *args, **kwargs):
|
||||||
@ -424,7 +423,6 @@ def _create_cadf_payload(operation, resource_type, resource_id,
|
|||||||
:param outcome: outcomes of the operation (SUCCESS, FAILURE, etc)
|
:param outcome: outcomes of the operation (SUCCESS, FAILURE, etc)
|
||||||
:param initiator: CADF representation of the user that created the request
|
:param initiator: CADF representation of the user that created the request
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if resource_type not in CADF_TYPE_MAP:
|
if resource_type not in CADF_TYPE_MAP:
|
||||||
target_uri = taxonomy.UNKNOWN
|
target_uri = taxonomy.UNKNOWN
|
||||||
else:
|
else:
|
||||||
@ -484,7 +482,6 @@ def _get_request_audit_info(context, user_id=None):
|
|||||||
:returns: Auditing data about the request
|
:returns: Auditing data about the request
|
||||||
:rtype: :class:`pycadf.Resource`
|
:rtype: :class:`pycadf.Resource`
|
||||||
"""
|
"""
|
||||||
|
|
||||||
remote_addr = None
|
remote_addr = None
|
||||||
http_user_agent = None
|
http_user_agent = None
|
||||||
project_id = None
|
project_id = None
|
||||||
@ -536,7 +533,6 @@ class CadfNotificationWrapper(object):
|
|||||||
def __call__(self, f):
|
def __call__(self, f):
|
||||||
def wrapper(wrapped_self, context, user_id, *args, **kwargs):
|
def wrapper(wrapped_self, context, user_id, *args, **kwargs):
|
||||||
"""Always send a notification."""
|
"""Always send a notification."""
|
||||||
|
|
||||||
initiator = _get_request_audit_info(context, user_id)
|
initiator = _get_request_audit_info(context, user_id)
|
||||||
target = resource.Resource(typeURI=taxonomy.ACCOUNT_USER)
|
target = resource.Resource(typeURI=taxonomy.ACCOUNT_USER)
|
||||||
try:
|
try:
|
||||||
@ -583,9 +579,9 @@ class CadfRoleAssignmentNotificationWrapper(object):
|
|||||||
|
|
||||||
def __call__(self, f):
|
def __call__(self, f):
|
||||||
def wrapper(wrapped_self, role_id, *args, **kwargs):
|
def wrapper(wrapped_self, role_id, *args, **kwargs):
|
||||||
"""Send a notification if the wrapped callable is successful."""
|
"""Send a notification if the wrapped callable is successful.
|
||||||
|
|
||||||
""" NOTE(stevemar): The reason we go through checking kwargs
|
NOTE(stevemar): The reason we go through checking kwargs
|
||||||
and args for possible target and actor values is because the
|
and args for possible target and actor values is because the
|
||||||
create_grant() (and delete_grant()) method are called
|
create_grant() (and delete_grant()) method are called
|
||||||
differently in various tests.
|
differently in various tests.
|
||||||
@ -686,7 +682,6 @@ def send_saml_audit_notification(action, context, user_id, group_ids,
|
|||||||
:param outcome: One of :class:`pycadf.cadftaxonomy`
|
:param outcome: One of :class:`pycadf.cadftaxonomy`
|
||||||
:type outcome: str
|
:type outcome: str
|
||||||
"""
|
"""
|
||||||
|
|
||||||
initiator = _get_request_audit_info(context)
|
initiator = _get_request_audit_info(context)
|
||||||
target = resource.Resource(typeURI=taxonomy.ACCOUNT_USER)
|
target = resource.Resource(typeURI=taxonomy.ACCOUNT_USER)
|
||||||
audit_type = SAML_AUDIT_TYPE
|
audit_type = SAML_AUDIT_TYPE
|
||||||
@ -718,7 +713,6 @@ def _send_audit_notification(action, initiator, outcome, target,
|
|||||||
key-value pairs to the CADF event.
|
key-value pairs to the CADF event.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
event = eventfactory.EventFactory().new_event(
|
event = eventfactory.EventFactory().new_event(
|
||||||
eventType=cadftype.EVENTTYPE_ACTIVITY,
|
eventType=cadftype.EVENTTYPE_ACTIVITY,
|
||||||
outcome=outcome,
|
outcome=outcome,
|
||||||
|
@ -143,7 +143,6 @@ class DomainConfig(resource.DomainConfigDriverV8):
|
|||||||
|
|
||||||
def release_registration(self, domain_id, type=None):
|
def release_registration(self, domain_id, type=None):
|
||||||
"""Silently delete anything registered for the domain specified."""
|
"""Silently delete anything registered for the domain specified."""
|
||||||
|
|
||||||
with sql.transaction() as session:
|
with sql.transaction() as session:
|
||||||
query = session.query(ConfigRegister)
|
query = session.query(ConfigRegister)
|
||||||
if type:
|
if type:
|
||||||
|
@ -483,7 +483,6 @@ class Manager(manager.Manager):
|
|||||||
associated with them as well as revoking any relevant tokens.
|
associated with them as well as revoking any relevant tokens.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def _delete_projects(project, projects, examined):
|
def _delete_projects(project, projects, examined):
|
||||||
if project['id'] in examined:
|
if project['id'] in examined:
|
||||||
msg = _LE('Circular reference or a repeated entry found '
|
msg = _LE('Circular reference or a repeated entry found '
|
||||||
@ -925,7 +924,6 @@ class DomainConfigManager(manager.Manager):
|
|||||||
|
|
||||||
def _config_to_list(self, config):
|
def _config_to_list(self, config):
|
||||||
"""Build whitelisted and sensitive lists for use by backend drivers."""
|
"""Build whitelisted and sensitive lists for use by backend drivers."""
|
||||||
|
|
||||||
whitelisted = []
|
whitelisted = []
|
||||||
sensitive = []
|
sensitive = []
|
||||||
for group in config:
|
for group in config:
|
||||||
@ -1083,7 +1081,6 @@ class DomainConfigManager(manager.Manager):
|
|||||||
"""
|
"""
|
||||||
def _assert_valid_update(domain_id, config, group=None, option=None):
|
def _assert_valid_update(domain_id, config, group=None, option=None):
|
||||||
"""Ensure the combination of config, group and option is valid."""
|
"""Ensure the combination of config, group and option is valid."""
|
||||||
|
|
||||||
self._assert_valid_config(config)
|
self._assert_valid_config(config)
|
||||||
self._assert_valid_group_and_option(group, option)
|
self._assert_valid_group_and_option(group, option)
|
||||||
|
|
||||||
@ -1142,7 +1139,6 @@ class DomainConfigManager(manager.Manager):
|
|||||||
|
|
||||||
def _update_or_create(domain_id, option, sensitive):
|
def _update_or_create(domain_id, option, sensitive):
|
||||||
"""Update the option, if it doesn't exist then create it."""
|
"""Update the option, if it doesn't exist then create it."""
|
||||||
|
|
||||||
try:
|
try:
|
||||||
self.create_config_option(
|
self.create_config_option(
|
||||||
domain_id, option['group'], option['option'],
|
domain_id, option['group'], option['option'],
|
||||||
|
@ -283,7 +283,6 @@ class CheckForLoggingIssues(BaseASTChecker):
|
|||||||
|
|
||||||
def visit_Call(self, node):
|
def visit_Call(self, node):
|
||||||
"""Look for the 'LOG.*' calls."""
|
"""Look for the 'LOG.*' calls."""
|
||||||
|
|
||||||
# obj.method
|
# obj.method
|
||||||
if isinstance(node.func, ast.Attribute):
|
if isinstance(node.func, ast.Attribute):
|
||||||
obj_name = self._find_name(node.func.value)
|
obj_name = self._find_name(node.func.value)
|
||||||
|
@ -71,7 +71,6 @@ class DomainConfigTests(object):
|
|||||||
|
|
||||||
def _list_domain_config(self, sensitive):
|
def _list_domain_config(self, sensitive):
|
||||||
"""Test listing by combination of domain, group & option."""
|
"""Test listing by combination of domain, group & option."""
|
||||||
|
|
||||||
config1 = {'group': uuid.uuid4().hex, 'option': uuid.uuid4().hex,
|
config1 = {'group': uuid.uuid4().hex, 'option': uuid.uuid4().hex,
|
||||||
'value': uuid.uuid4().hex}
|
'value': uuid.uuid4().hex}
|
||||||
# Put config2 in the same group as config1
|
# Put config2 in the same group as config1
|
||||||
@ -113,7 +112,6 @@ class DomainConfigTests(object):
|
|||||||
|
|
||||||
def _delete_domain_configs(self, sensitive):
|
def _delete_domain_configs(self, sensitive):
|
||||||
"""Test deleting by combination of domain, group & option."""
|
"""Test deleting by combination of domain, group & option."""
|
||||||
|
|
||||||
config1 = {'group': uuid.uuid4().hex, 'option': uuid.uuid4().hex,
|
config1 = {'group': uuid.uuid4().hex, 'option': uuid.uuid4().hex,
|
||||||
'value': uuid.uuid4().hex}
|
'value': uuid.uuid4().hex}
|
||||||
# Put config2 and config3 in the same group as config1
|
# Put config2 and config3 in the same group as config1
|
||||||
@ -162,7 +160,6 @@ class DomainConfigTests(object):
|
|||||||
|
|
||||||
def _create_domain_config_twice(self, sensitive):
|
def _create_domain_config_twice(self, sensitive):
|
||||||
"""Test conflict error thrown if create the same option twice."""
|
"""Test conflict error thrown if create the same option twice."""
|
||||||
|
|
||||||
config = {'group': uuid.uuid4().hex, 'option': uuid.uuid4().hex,
|
config = {'group': uuid.uuid4().hex, 'option': uuid.uuid4().hex,
|
||||||
'value': uuid.uuid4().hex}
|
'value': uuid.uuid4().hex}
|
||||||
|
|
||||||
@ -182,7 +179,6 @@ class DomainConfigTests(object):
|
|||||||
|
|
||||||
def test_delete_domain_deletes_configs(self):
|
def test_delete_domain_deletes_configs(self):
|
||||||
"""Test domain deletion clears the domain configs."""
|
"""Test domain deletion clears the domain configs."""
|
||||||
|
|
||||||
domain = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
|
domain = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
|
||||||
self.resource_api.create_domain(domain['id'], domain)
|
self.resource_api.create_domain(domain['id'], domain)
|
||||||
config1 = {'group': uuid.uuid4().hex, 'option': uuid.uuid4().hex,
|
config1 = {'group': uuid.uuid4().hex, 'option': uuid.uuid4().hex,
|
||||||
@ -479,7 +475,6 @@ class DomainConfigTests(object):
|
|||||||
|
|
||||||
def test_invalid_sensitive_substitution_in_domain_config(self):
|
def test_invalid_sensitive_substitution_in_domain_config(self):
|
||||||
"""Check that invalid substitutions raise warnings."""
|
"""Check that invalid substitutions raise warnings."""
|
||||||
|
|
||||||
mock_log = mock.Mock()
|
mock_log = mock.Mock()
|
||||||
|
|
||||||
invalid_option_config = {
|
invalid_option_config = {
|
||||||
@ -504,7 +499,6 @@ class DomainConfigTests(object):
|
|||||||
|
|
||||||
def test_escaped_sequence_in_domain_config(self):
|
def test_escaped_sequence_in_domain_config(self):
|
||||||
"""Check that escaped '%(' doesn't get interpreted."""
|
"""Check that escaped '%(' doesn't get interpreted."""
|
||||||
|
|
||||||
mock_log = mock.Mock()
|
mock_log = mock.Mock()
|
||||||
|
|
||||||
escaped_option_config = {
|
escaped_option_config = {
|
||||||
|
@ -1004,7 +1004,6 @@ class CadfNotificationsWrapperTestCase(test_v3.RestfulTestCase):
|
|||||||
'id': 'openstack:782689dd-f428-4f13-99c7-5c70f94a5ac1'
|
'id': 'openstack:782689dd-f428-4f13-99c7-5c70f94a5ac1'
|
||||||
}
|
}
|
||||||
"""
|
"""
|
||||||
|
|
||||||
note = self._notifications[-1]
|
note = self._notifications[-1]
|
||||||
event = note['event']
|
event = note['event']
|
||||||
if project:
|
if project:
|
||||||
|
@ -50,7 +50,6 @@ class MappingRuleEngineTests(unit.BaseTestCase):
|
|||||||
a direct mapping for the users name.
|
a direct mapping for the users name.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
mapping = mapping_fixtures.MAPPING_LARGE
|
mapping = mapping_fixtures.MAPPING_LARGE
|
||||||
assertion = mapping_fixtures.ADMIN_ASSERTION
|
assertion = mapping_fixtures.ADMIN_ASSERTION
|
||||||
rp = mapping_utils.RuleProcessor(mapping['rules'])
|
rp = mapping_utils.RuleProcessor(mapping['rules'])
|
||||||
@ -74,7 +73,6 @@ class MappingRuleEngineTests(unit.BaseTestCase):
|
|||||||
RuleProcessor should return list of empty group_ids.
|
RuleProcessor should return list of empty group_ids.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
mapping = mapping_fixtures.MAPPING_LARGE
|
mapping = mapping_fixtures.MAPPING_LARGE
|
||||||
assertion = mapping_fixtures.BAD_TESTER_ASSERTION
|
assertion = mapping_fixtures.BAD_TESTER_ASSERTION
|
||||||
rp = mapping_utils.RuleProcessor(mapping['rules'])
|
rp = mapping_utils.RuleProcessor(mapping['rules'])
|
||||||
@ -93,7 +91,6 @@ class MappingRuleEngineTests(unit.BaseTestCase):
|
|||||||
a match.
|
a match.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
mapping = mapping_fixtures.MAPPING_TESTER_REGEX
|
mapping = mapping_fixtures.MAPPING_TESTER_REGEX
|
||||||
assertion = mapping_fixtures.TESTER_ASSERTION
|
assertion = mapping_fixtures.TESTER_ASSERTION
|
||||||
rp = mapping_utils.RuleProcessor(mapping['rules'])
|
rp = mapping_utils.RuleProcessor(mapping['rules'])
|
||||||
@ -116,7 +113,6 @@ class MappingRuleEngineTests(unit.BaseTestCase):
|
|||||||
mapping.
|
mapping.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
mapping = mapping_fixtures.MAPPING_SMALL
|
mapping = mapping_fixtures.MAPPING_SMALL
|
||||||
assertion = mapping_fixtures.CONTRACTOR_ASSERTION
|
assertion = mapping_fixtures.CONTRACTOR_ASSERTION
|
||||||
rp = mapping_utils.RuleProcessor(mapping['rules'])
|
rp = mapping_utils.RuleProcessor(mapping['rules'])
|
||||||
@ -138,7 +134,6 @@ class MappingRuleEngineTests(unit.BaseTestCase):
|
|||||||
has `not_any_of`, and direct mapping to a username, no group.
|
has `not_any_of`, and direct mapping to a username, no group.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
mapping = mapping_fixtures.MAPPING_LARGE
|
mapping = mapping_fixtures.MAPPING_LARGE
|
||||||
assertion = mapping_fixtures.CUSTOMER_ASSERTION
|
assertion = mapping_fixtures.CUSTOMER_ASSERTION
|
||||||
rp = mapping_utils.RuleProcessor(mapping['rules'])
|
rp = mapping_utils.RuleProcessor(mapping['rules'])
|
||||||
@ -160,7 +155,6 @@ class MappingRuleEngineTests(unit.BaseTestCase):
|
|||||||
rules must be matched, including a `not_any_of`.
|
rules must be matched, including a `not_any_of`.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
mapping = mapping_fixtures.MAPPING_SMALL
|
mapping = mapping_fixtures.MAPPING_SMALL
|
||||||
assertion = mapping_fixtures.EMPLOYEE_ASSERTION
|
assertion = mapping_fixtures.EMPLOYEE_ASSERTION
|
||||||
rp = mapping_utils.RuleProcessor(mapping['rules'])
|
rp = mapping_utils.RuleProcessor(mapping['rules'])
|
||||||
@ -183,7 +177,6 @@ class MappingRuleEngineTests(unit.BaseTestCase):
|
|||||||
regex set to True.
|
regex set to True.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
mapping = mapping_fixtures.MAPPING_DEVELOPER_REGEX
|
mapping = mapping_fixtures.MAPPING_DEVELOPER_REGEX
|
||||||
assertion = mapping_fixtures.DEVELOPER_ASSERTION
|
assertion = mapping_fixtures.DEVELOPER_ASSERTION
|
||||||
rp = mapping_utils.RuleProcessor(mapping['rules'])
|
rp = mapping_utils.RuleProcessor(mapping['rules'])
|
||||||
@ -206,7 +199,6 @@ class MappingRuleEngineTests(unit.BaseTestCase):
|
|||||||
RuleProcessor should return list of empty group_ids.
|
RuleProcessor should return list of empty group_ids.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
mapping = mapping_fixtures.MAPPING_DEVELOPER_REGEX
|
mapping = mapping_fixtures.MAPPING_DEVELOPER_REGEX
|
||||||
assertion = mapping_fixtures.BAD_DEVELOPER_ASSERTION
|
assertion = mapping_fixtures.BAD_DEVELOPER_ASSERTION
|
||||||
rp = mapping_utils.RuleProcessor(mapping['rules'])
|
rp = mapping_utils.RuleProcessor(mapping['rules'])
|
||||||
@ -223,7 +215,6 @@ class MappingRuleEngineTests(unit.BaseTestCase):
|
|||||||
Expect DEVELOPER_GROUP_ID and TESTER_GROUP_ID in the results.
|
Expect DEVELOPER_GROUP_ID and TESTER_GROUP_ID in the results.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
mapping = mapping_fixtures.MAPPING_LARGE
|
mapping = mapping_fixtures.MAPPING_LARGE
|
||||||
rp = mapping_utils.RuleProcessor(mapping['rules'])
|
rp = mapping_utils.RuleProcessor(mapping['rules'])
|
||||||
values = rp.process(assertion)
|
values = rp.process(assertion)
|
||||||
@ -317,7 +308,6 @@ class MappingRuleEngineTests(unit.BaseTestCase):
|
|||||||
correctly filters out Manager and only allows Developer and Contractor.
|
correctly filters out Manager and only allows Developer and Contractor.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
mapping = mapping_fixtures.MAPPING_GROUPS_WHITELIST
|
mapping = mapping_fixtures.MAPPING_GROUPS_WHITELIST
|
||||||
assertion = mapping_fixtures.EMPLOYEE_ASSERTION_MULTIPLE_GROUPS
|
assertion = mapping_fixtures.EMPLOYEE_ASSERTION_MULTIPLE_GROUPS
|
||||||
rp = mapping_utils.RuleProcessor(mapping['rules'])
|
rp = mapping_utils.RuleProcessor(mapping['rules'])
|
||||||
@ -354,7 +344,6 @@ class MappingRuleEngineTests(unit.BaseTestCase):
|
|||||||
correctly filters out Manager and Developer and only allows Contractor.
|
correctly filters out Manager and Developer and only allows Contractor.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
mapping = mapping_fixtures.MAPPING_GROUPS_BLACKLIST
|
mapping = mapping_fixtures.MAPPING_GROUPS_BLACKLIST
|
||||||
assertion = mapping_fixtures.EMPLOYEE_ASSERTION_MULTIPLE_GROUPS
|
assertion = mapping_fixtures.EMPLOYEE_ASSERTION_MULTIPLE_GROUPS
|
||||||
rp = mapping_utils.RuleProcessor(mapping['rules'])
|
rp = mapping_utils.RuleProcessor(mapping['rules'])
|
||||||
@ -383,7 +372,6 @@ class MappingRuleEngineTests(unit.BaseTestCase):
|
|||||||
entry in the remote rules.
|
entry in the remote rules.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
mapping = mapping_fixtures.MAPPING_GROUPS_BLACKLIST_MULTIPLES
|
mapping = mapping_fixtures.MAPPING_GROUPS_BLACKLIST_MULTIPLES
|
||||||
assertion = mapping_fixtures.EMPLOYEE_ASSERTION_MULTIPLE_GROUPS
|
assertion = mapping_fixtures.EMPLOYEE_ASSERTION_MULTIPLE_GROUPS
|
||||||
rp = mapping_utils.RuleProcessor(mapping['rules'])
|
rp = mapping_utils.RuleProcessor(mapping['rules'])
|
||||||
|
@ -515,7 +515,6 @@ class TestCase(BaseTestCase):
|
|||||||
|
|
||||||
def load_backends(self):
|
def load_backends(self):
|
||||||
"""Initializes each manager and assigns them to an attribute."""
|
"""Initializes each manager and assigns them to an attribute."""
|
||||||
|
|
||||||
# TODO(blk-u): Shouldn't need to clear the registry here, but some
|
# TODO(blk-u): Shouldn't need to clear the registry here, but some
|
||||||
# tests call load_backends multiple times. These should be fixed to
|
# tests call load_backends multiple times. These should be fixed to
|
||||||
# only call load_backends once.
|
# only call load_backends once.
|
||||||
|
@ -132,7 +132,6 @@ def _paren_groups(source):
|
|||||||
|
|
||||||
def _match(key, value, attrs):
|
def _match(key, value, attrs):
|
||||||
"""Match a given key and value against an attribute list."""
|
"""Match a given key and value against an attribute list."""
|
||||||
|
|
||||||
def match_with_wildcards(norm_val, val_list):
|
def match_with_wildcards(norm_val, val_list):
|
||||||
# Case insensitive checking with wildcards
|
# Case insensitive checking with wildcards
|
||||||
if norm_val.startswith('*'):
|
if norm_val.startswith('*'):
|
||||||
|
@ -49,7 +49,6 @@ class FilterTests(object):
|
|||||||
one.
|
one.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
f = getattr(self.identity_api, 'create_%s' % entity_type, None)
|
f = getattr(self.identity_api, 'create_%s' % entity_type, None)
|
||||||
if f is None:
|
if f is None:
|
||||||
f = getattr(self.resource_api, 'create_%s' % entity_type, None)
|
f = getattr(self.resource_api, 'create_%s' % entity_type, None)
|
||||||
@ -65,7 +64,6 @@ class FilterTests(object):
|
|||||||
one.
|
one.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
f = getattr(self.identity_api, 'delete_%s' % entity_type, None)
|
f = getattr(self.identity_api, 'delete_%s' % entity_type, None)
|
||||||
if f is None:
|
if f is None:
|
||||||
f = getattr(self.resource_api, 'delete_%s' % entity_type, None)
|
f = getattr(self.resource_api, 'delete_%s' % entity_type, None)
|
||||||
@ -81,7 +79,6 @@ class FilterTests(object):
|
|||||||
one.
|
one.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
f = getattr(self.identity_api, 'list_%ss' % entity_type, None)
|
f = getattr(self.identity_api, 'list_%ss' % entity_type, None)
|
||||||
if f is None:
|
if f is None:
|
||||||
f = getattr(self.resource_api, 'list_%ss' % entity_type, None)
|
f = getattr(self.resource_api, 'list_%ss' % entity_type, None)
|
||||||
|
@ -17,7 +17,6 @@ from keystone.identity.mapping_backends import sql as mapping_sql
|
|||||||
|
|
||||||
def list_id_mappings():
|
def list_id_mappings():
|
||||||
"""List all id_mappings for testing purposes."""
|
"""List all id_mappings for testing purposes."""
|
||||||
|
|
||||||
a_session = sql.get_session()
|
a_session = sql.get_session()
|
||||||
refs = a_session.query(mapping_sql.IDMapping).all()
|
refs = a_session.query(mapping_sql.IDMapping).all()
|
||||||
return [x.to_dict() for x in refs]
|
return [x.to_dict() for x in refs]
|
||||||
|
@ -197,7 +197,6 @@ class AssignmentTestHelperMixin(object):
|
|||||||
|
|
||||||
def _create_entity_in_domain(entity_type, domain_id):
|
def _create_entity_in_domain(entity_type, domain_id):
|
||||||
"""Create a user or group entity in the domain."""
|
"""Create a user or group entity in the domain."""
|
||||||
|
|
||||||
new_entity = {'name': uuid.uuid4().hex, 'domain_id': domain_id}
|
new_entity = {'name': uuid.uuid4().hex, 'domain_id': domain_id}
|
||||||
if entity_type == 'users':
|
if entity_type == 'users':
|
||||||
new_entity = self.identity_api.create_user(new_entity)
|
new_entity = self.identity_api.create_user(new_entity)
|
||||||
@ -288,7 +287,6 @@ class AssignmentTestHelperMixin(object):
|
|||||||
|
|
||||||
def create_group_memberships(self, group_pattern, test_data):
|
def create_group_memberships(self, group_pattern, test_data):
|
||||||
"""Create the group memberships specified in the test plan."""
|
"""Create the group memberships specified in the test plan."""
|
||||||
|
|
||||||
for group_spec in group_pattern:
|
for group_spec in group_pattern:
|
||||||
# Each membership specification is a dict of the form:
|
# Each membership specification is a dict of the form:
|
||||||
#
|
#
|
||||||
@ -304,7 +302,6 @@ class AssignmentTestHelperMixin(object):
|
|||||||
|
|
||||||
def create_assignments(self, assignment_pattern, test_data):
|
def create_assignments(self, assignment_pattern, test_data):
|
||||||
"""Create the assignments specified in the test plan."""
|
"""Create the assignments specified in the test plan."""
|
||||||
|
|
||||||
# First store how many assignments are already in the system,
|
# First store how many assignments are already in the system,
|
||||||
# so during the tests we can check the number of new assignments
|
# so during the tests we can check the number of new assignments
|
||||||
# created.
|
# created.
|
||||||
@ -337,7 +334,6 @@ class AssignmentTestHelperMixin(object):
|
|||||||
|
|
||||||
def execute_assignment_tests(self, test_plan, test_data):
|
def execute_assignment_tests(self, test_plan, test_data):
|
||||||
"""Execute the test plan, based on the created test_data."""
|
"""Execute the test plan, based on the created test_data."""
|
||||||
|
|
||||||
def check_results(expected, actual, param_arg_count):
|
def check_results(expected, actual, param_arg_count):
|
||||||
if param_arg_count == 0:
|
if param_arg_count == 0:
|
||||||
# It was an unfiltered call, so default fixture assignments
|
# It was an unfiltered call, so default fixture assignments
|
||||||
@ -885,7 +881,6 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
|
|
||||||
def test_list_role_assignments_unfiltered(self):
|
def test_list_role_assignments_unfiltered(self):
|
||||||
"""Test unfiltered listing of role assignments."""
|
"""Test unfiltered listing of role assignments."""
|
||||||
|
|
||||||
test_plan = {
|
test_plan = {
|
||||||
# Create a domain, with a user, group & project
|
# Create a domain, with a user, group & project
|
||||||
'entities': {'domains': {'users': 1, 'groups': 1, 'projects': 1},
|
'entities': {'domains': {'users': 1, 'groups': 1, 'projects': 1},
|
||||||
@ -908,7 +903,6 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
|
|
||||||
def test_list_role_assignments_filtered_by_role(self):
|
def test_list_role_assignments_filtered_by_role(self):
|
||||||
"""Test listing of role assignments filtered by role ID."""
|
"""Test listing of role assignments filtered by role ID."""
|
||||||
|
|
||||||
test_plan = {
|
test_plan = {
|
||||||
# Create a user, group & project in the default domain
|
# Create a user, group & project in the default domain
|
||||||
'entities': {'domains': {'id': DEFAULT_DOMAIN_ID,
|
'entities': {'domains': {'id': DEFAULT_DOMAIN_ID,
|
||||||
@ -1647,7 +1641,6 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
|
|
||||||
def test_grant_crud_throws_exception_if_invalid_role(self):
|
def test_grant_crud_throws_exception_if_invalid_role(self):
|
||||||
"""Ensure RoleNotFound thrown if role does not exist."""
|
"""Ensure RoleNotFound thrown if role does not exist."""
|
||||||
|
|
||||||
def assert_role_not_found_exception(f, **kwargs):
|
def assert_role_not_found_exception(f, **kwargs):
|
||||||
self.assertRaises(exception.RoleNotFound, f,
|
self.assertRaises(exception.RoleNotFound, f,
|
||||||
role_id=uuid.uuid4().hex, **kwargs)
|
role_id=uuid.uuid4().hex, **kwargs)
|
||||||
@ -1990,7 +1983,6 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
|
|
||||||
def test_list_role_assignment_by_domain(self):
|
def test_list_role_assignment_by_domain(self):
|
||||||
"""Test listing of role assignment filtered by domain."""
|
"""Test listing of role assignment filtered by domain."""
|
||||||
|
|
||||||
test_plan = {
|
test_plan = {
|
||||||
# A domain with 3 users, 1 group, a spoiler domain and 2 roles.
|
# A domain with 3 users, 1 group, a spoiler domain and 2 roles.
|
||||||
'entities': {'domains': [{'users': 3, 'groups': 1}, 1],
|
'entities': {'domains': [{'users': 3, 'groups': 1}, 1],
|
||||||
@ -2020,7 +2012,6 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
|
|
||||||
def test_list_role_assignment_by_user_with_domain_group_roles(self):
|
def test_list_role_assignment_by_user_with_domain_group_roles(self):
|
||||||
"""Test listing assignments by user, with group roles on a domain."""
|
"""Test listing assignments by user, with group roles on a domain."""
|
||||||
|
|
||||||
test_plan = {
|
test_plan = {
|
||||||
# A domain with 3 users, 3 groups, a spoiler domain
|
# A domain with 3 users, 3 groups, a spoiler domain
|
||||||
# plus 3 roles.
|
# plus 3 roles.
|
||||||
@ -5706,7 +5697,6 @@ class CatalogTests(object):
|
|||||||
|
|
||||||
def test_get_catalog_endpoint_disabled(self):
|
def test_get_catalog_endpoint_disabled(self):
|
||||||
"""Get back only enabled endpoints when get the v2 catalog."""
|
"""Get back only enabled endpoints when get the v2 catalog."""
|
||||||
|
|
||||||
service_ref, enabled_endpoint_ref, dummy_disabled_endpoint_ref = (
|
service_ref, enabled_endpoint_ref, dummy_disabled_endpoint_ref = (
|
||||||
self._create_endpoints())
|
self._create_endpoints())
|
||||||
|
|
||||||
@ -5725,7 +5715,6 @@ class CatalogTests(object):
|
|||||||
|
|
||||||
def test_get_v3_catalog_endpoint_disabled(self):
|
def test_get_v3_catalog_endpoint_disabled(self):
|
||||||
"""Get back only enabled endpoints when get the v3 catalog."""
|
"""Get back only enabled endpoints when get the v3 catalog."""
|
||||||
|
|
||||||
enabled_endpoint_ref = self._create_endpoints()[1]
|
enabled_endpoint_ref = self._create_endpoints()[1]
|
||||||
|
|
||||||
user_id = uuid.uuid4().hex
|
user_id = uuid.uuid4().hex
|
||||||
@ -5927,7 +5916,6 @@ class InheritanceTests(AssignmentTestHelperMixin):
|
|||||||
('project_id' or 'domain_id'), respectively.
|
('project_id' or 'domain_id'), respectively.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# Create a new role to avoid assignments loaded from default fixtures
|
# Create a new role to avoid assignments loaded from default fixtures
|
||||||
role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
|
role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
|
||||||
role = self.role_api.create_role(role['id'], role)
|
role = self.role_api.create_role(role['id'], role)
|
||||||
@ -6700,7 +6688,6 @@ class FilterTests(filtering.FilterTests):
|
|||||||
name, both restrictions have been enforced on what is returned.
|
name, both restrictions have been enforced on what is returned.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
number_of_groups = 10
|
number_of_groups = 10
|
||||||
group_name_data = {
|
group_name_data = {
|
||||||
# entity index: name for entity
|
# entity index: name for entity
|
||||||
@ -6800,7 +6787,6 @@ class LimitTests(filtering.FilterTests):
|
|||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
"""Setup for Limit Test Cases."""
|
"""Setup for Limit Test Cases."""
|
||||||
|
|
||||||
self.domain1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
|
self.domain1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
|
||||||
self.resource_api.create_domain(self.domain1['id'], self.domain1)
|
self.resource_api.create_domain(self.domain1['id'], self.domain1)
|
||||||
self.addCleanup(self.clean_up_domain)
|
self.addCleanup(self.clean_up_domain)
|
||||||
@ -6817,7 +6803,6 @@ class LimitTests(filtering.FilterTests):
|
|||||||
|
|
||||||
def clean_up_domain(self):
|
def clean_up_domain(self):
|
||||||
"""Clean up domain test data from Limit Test Cases."""
|
"""Clean up domain test data from Limit Test Cases."""
|
||||||
|
|
||||||
self.domain1['enabled'] = False
|
self.domain1['enabled'] = False
|
||||||
self.resource_api.update_domain(self.domain1['id'], self.domain1)
|
self.resource_api.update_domain(self.domain1['id'], self.domain1)
|
||||||
self.resource_api.delete_domain(self.domain1['id'])
|
self.resource_api.delete_domain(self.domain1['id'])
|
||||||
|
@ -51,7 +51,6 @@ class PolicyAssociationTests(object):
|
|||||||
5 - region 2, Service 0
|
5 - region 2, Service 0
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def new_endpoint(region_id, service_id):
|
def new_endpoint(region_id, service_id):
|
||||||
endpoint = {'id': uuid.uuid4().hex, 'interface': 'test',
|
endpoint = {'id': uuid.uuid4().hex, 'interface': 'test',
|
||||||
'region_id': region_id, 'service_id': service_id,
|
'region_id': region_id, 'service_id': service_id,
|
||||||
|
@ -582,7 +582,6 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
|||||||
are returned.
|
are returned.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# Create a group
|
# Create a group
|
||||||
group = dict(name=uuid.uuid4().hex,
|
group = dict(name=uuid.uuid4().hex,
|
||||||
domain_id=CONF.identity.default_domain_id)
|
domain_id=CONF.identity.default_domain_id)
|
||||||
@ -818,7 +817,6 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
|||||||
|
|
||||||
def test_user_id_comma(self):
|
def test_user_id_comma(self):
|
||||||
"""Even if the user has a , in their ID, groups can be listed."""
|
"""Even if the user has a , in their ID, groups can be listed."""
|
||||||
|
|
||||||
# Create a user with a , in their ID
|
# Create a user with a , in their ID
|
||||||
# NOTE(blk-u): the DN for this user is hard-coded in fakeldap!
|
# NOTE(blk-u): the DN for this user is hard-coded in fakeldap!
|
||||||
|
|
||||||
@ -871,7 +869,6 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
|||||||
|
|
||||||
def test_user_id_comma_grants(self):
|
def test_user_id_comma_grants(self):
|
||||||
"""List user and group grants, even with a comma in the user's ID."""
|
"""List user and group grants, even with a comma in the user's ID."""
|
||||||
|
|
||||||
# Create a user with a , in their ID
|
# Create a user with a , in their ID
|
||||||
# NOTE(blk-u): the DN for this user is hard-coded in fakeldap!
|
# NOTE(blk-u): the DN for this user is hard-coded in fakeldap!
|
||||||
|
|
||||||
@ -2483,7 +2480,6 @@ class BaseMultiLDAPandSQLIdentity(object):
|
|||||||
|
|
||||||
def create_users_across_domains(self):
|
def create_users_across_domains(self):
|
||||||
"""Create a set of users, each with a role on their own domain."""
|
"""Create a set of users, each with a role on their own domain."""
|
||||||
|
|
||||||
# We also will check that the right number of id mappings get created
|
# We also will check that the right number of id mappings get created
|
||||||
initial_mappings = len(mapping_sql.list_id_mappings())
|
initial_mappings = len(mapping_sql.list_id_mappings())
|
||||||
|
|
||||||
@ -2952,7 +2948,6 @@ class MultiLDAPandSQLIdentityDomainConfigsInSQL(MultiLDAPandSQLIdentity):
|
|||||||
|
|
||||||
def test_reloading_domain_config(self):
|
def test_reloading_domain_config(self):
|
||||||
"""Ensure domain drivers are reloaded on a config modification."""
|
"""Ensure domain drivers are reloaded on a config modification."""
|
||||||
|
|
||||||
domain_cfgs = self.identity_api.domain_configs
|
domain_cfgs = self.identity_api.domain_configs
|
||||||
|
|
||||||
# Create a new config for the default domain, hence overwriting the
|
# Create a new config for the default domain, hence overwriting the
|
||||||
@ -2984,7 +2979,6 @@ class MultiLDAPandSQLIdentityDomainConfigsInSQL(MultiLDAPandSQLIdentity):
|
|||||||
|
|
||||||
def test_setting_multiple_sql_driver_raises_exception(self):
|
def test_setting_multiple_sql_driver_raises_exception(self):
|
||||||
"""Ensure setting multiple domain specific sql drivers is prevented."""
|
"""Ensure setting multiple domain specific sql drivers is prevented."""
|
||||||
|
|
||||||
new_config = {'identity': {'driver': 'sql'}}
|
new_config = {'identity': {'driver': 'sql'}}
|
||||||
self.domain_config_api.create_config(
|
self.domain_config_api.create_config(
|
||||||
CONF.identity.default_domain_id, new_config)
|
CONF.identity.default_domain_id, new_config)
|
||||||
@ -2998,7 +2992,6 @@ class MultiLDAPandSQLIdentityDomainConfigsInSQL(MultiLDAPandSQLIdentity):
|
|||||||
|
|
||||||
def test_same_domain_gets_sql_driver(self):
|
def test_same_domain_gets_sql_driver(self):
|
||||||
"""Ensure we can set an SQL driver if we have had it before."""
|
"""Ensure we can set an SQL driver if we have had it before."""
|
||||||
|
|
||||||
new_config = {'identity': {'driver': 'sql'}}
|
new_config = {'identity': {'driver': 'sql'}}
|
||||||
self.domain_config_api.create_config(
|
self.domain_config_api.create_config(
|
||||||
CONF.identity.default_domain_id, new_config)
|
CONF.identity.default_domain_id, new_config)
|
||||||
@ -3016,7 +3009,6 @@ class MultiLDAPandSQLIdentityDomainConfigsInSQL(MultiLDAPandSQLIdentity):
|
|||||||
|
|
||||||
def test_delete_domain_clears_sql_registration(self):
|
def test_delete_domain_clears_sql_registration(self):
|
||||||
"""Ensure registration is deleted when a domain is deleted."""
|
"""Ensure registration is deleted when a domain is deleted."""
|
||||||
|
|
||||||
domain = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
|
domain = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
|
||||||
domain = self.resource_api.create_domain(domain['id'], domain)
|
domain = self.resource_api.create_domain(domain['id'], domain)
|
||||||
new_config = {'identity': {'driver': 'sql'}}
|
new_config = {'identity': {'driver': 'sql'}}
|
||||||
@ -3044,7 +3036,6 @@ class MultiLDAPandSQLIdentityDomainConfigsInSQL(MultiLDAPandSQLIdentity):
|
|||||||
|
|
||||||
def test_orphaned_registration_does_not_prevent_getting_sql_driver(self):
|
def test_orphaned_registration_does_not_prevent_getting_sql_driver(self):
|
||||||
"""Ensure we self heal an orphaned sql registration."""
|
"""Ensure we self heal an orphaned sql registration."""
|
||||||
|
|
||||||
domain = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
|
domain = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
|
||||||
domain = self.resource_api.create_domain(domain['id'], domain)
|
domain = self.resource_api.create_domain(domain['id'], domain)
|
||||||
new_config = {'identity': {'driver': 'sql'}}
|
new_config = {'identity': {'driver': 'sql'}}
|
||||||
|
@ -748,7 +748,6 @@ class SqlFilterTests(SqlTests, test_backend.FilterTests):
|
|||||||
|
|
||||||
def clean_up_entities(self):
|
def clean_up_entities(self):
|
||||||
"""Clean up entity test data from Filter Test Cases."""
|
"""Clean up entity test data from Filter Test Cases."""
|
||||||
|
|
||||||
for entity in ['user', 'group', 'project']:
|
for entity in ['user', 'group', 'project']:
|
||||||
self._delete_test_data(entity, self.entity_list[entity])
|
self._delete_test_data(entity, self.entity_list[entity])
|
||||||
self._delete_test_data(entity, self.domain1_entity_list[entity])
|
self._delete_test_data(entity, self.domain1_entity_list[entity])
|
||||||
|
@ -67,7 +67,6 @@ def _matches(event, token_values):
|
|||||||
:returns if the token matches the revocation event, indicating the
|
:returns if the token matches the revocation event, indicating the
|
||||||
token has been revoked
|
token has been revoked
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# The token has three attributes that can match the user_id
|
# The token has three attributes that can match the user_id
|
||||||
if event.user_id is not None:
|
if event.user_id is not None:
|
||||||
for attribute_name in ['user_id', 'trustor_id', 'trustee_id']:
|
for attribute_name in ['user_id', 'trustor_id', 'trustee_id']:
|
||||||
|
@ -502,7 +502,6 @@ class SqlUpgradeTests(SqlMigrateBase):
|
|||||||
|
|
||||||
def does_pk_exist(self, table, pk_column):
|
def does_pk_exist(self, table, pk_column):
|
||||||
"""Checks whether a column is primary key on a table."""
|
"""Checks whether a column is primary key on a table."""
|
||||||
|
|
||||||
inspector = reflection.Inspector.from_engine(self.engine)
|
inspector = reflection.Inspector.from_engine(self.engine)
|
||||||
pk_columns = inspector.get_pk_constraint(table)['constrained_columns']
|
pk_columns = inspector.get_pk_constraint(table)['constrained_columns']
|
||||||
|
|
||||||
@ -856,7 +855,6 @@ class VersionTests(SqlMigrateBase):
|
|||||||
|
|
||||||
def test_unexpected_extension(self):
|
def test_unexpected_extension(self):
|
||||||
"""The version for a non-existent extension raises ImportError."""
|
"""The version for a non-existent extension raises ImportError."""
|
||||||
|
|
||||||
extension_name = uuid.uuid4().hex
|
extension_name = uuid.uuid4().hex
|
||||||
self.assertRaises(ImportError,
|
self.assertRaises(ImportError,
|
||||||
migration_helpers.get_db_version,
|
migration_helpers.get_db_version,
|
||||||
@ -864,7 +862,6 @@ class VersionTests(SqlMigrateBase):
|
|||||||
|
|
||||||
def test_unversioned_extension(self):
|
def test_unversioned_extension(self):
|
||||||
"""The version for extensions without migrations raise an exception."""
|
"""The version for extensions without migrations raise an exception."""
|
||||||
|
|
||||||
self.assertRaises(exception.MigrationNotProvided,
|
self.assertRaises(exception.MigrationNotProvided,
|
||||||
migration_helpers.get_db_version,
|
migration_helpers.get_db_version,
|
||||||
extension='admin_crud')
|
extension='admin_crud')
|
||||||
|
@ -1245,7 +1245,6 @@ class V2TestCase(RestfulTestCase, CoreApiTests, LegacyV2UsernameTests):
|
|||||||
"""If the server is configured for md5, then the revocation list has
|
"""If the server is configured for md5, then the revocation list has
|
||||||
tokens hashed with MD5.
|
tokens hashed with MD5.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# The default hash algorithm is md5.
|
# The default hash algorithm is md5.
|
||||||
hash_algorithm = 'md5'
|
hash_algorithm = 'md5'
|
||||||
|
|
||||||
@ -1257,7 +1256,6 @@ class V2TestCase(RestfulTestCase, CoreApiTests, LegacyV2UsernameTests):
|
|||||||
"""If the server is configured for sha256, then the revocation list has
|
"""If the server is configured for sha256, then the revocation list has
|
||||||
tokens hashed with SHA256
|
tokens hashed with SHA256
|
||||||
"""
|
"""
|
||||||
|
|
||||||
hash_algorithm = 'sha256'
|
hash_algorithm = 'sha256'
|
||||||
self.config_fixture.config(group='token',
|
self.config_fixture.config(group='token',
|
||||||
hash_algorithm=hash_algorithm)
|
hash_algorithm=hash_algorithm)
|
||||||
|
@ -74,7 +74,6 @@ class TenantTestCase(unit.TestCase):
|
|||||||
|
|
||||||
def test_list_projects_default_domain(self):
|
def test_list_projects_default_domain(self):
|
||||||
"""Test that list projects only returns those in the default domain."""
|
"""Test that list projects only returns those in the default domain."""
|
||||||
|
|
||||||
domain = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
domain = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||||
'enabled': True}
|
'enabled': True}
|
||||||
self.resource_api.create_domain(domain['id'], domain)
|
self.resource_api.create_domain(domain['id'], domain)
|
||||||
|
@ -406,7 +406,6 @@ class RestfulTestCase(unit.SQLDriverOverrides, rest.RestfulTestCase,
|
|||||||
|
|
||||||
def get_requested_token(self, auth):
|
def get_requested_token(self, auth):
|
||||||
"""Request the specific token we want."""
|
"""Request the specific token we want."""
|
||||||
|
|
||||||
r = self.v3_create_token(auth)
|
r = self.v3_create_token(auth)
|
||||||
return r.headers.get('X-Subject-Token')
|
return r.headers.get('X-Subject-Token')
|
||||||
|
|
||||||
@ -1307,7 +1306,6 @@ class AssignmentTestMixin(object):
|
|||||||
Available filters are: domain_id, project_id, user_id, group_id,
|
Available filters are: domain_id, project_id, user_id, group_id,
|
||||||
role_id and inherited_to_projects.
|
role_id and inherited_to_projects.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
query_params = '?effective' if effective else ''
|
query_params = '?effective' if effective else ''
|
||||||
|
|
||||||
for k, v in filters.items():
|
for k, v in filters.items():
|
||||||
@ -1332,7 +1330,6 @@ class AssignmentTestMixin(object):
|
|||||||
Provided attributes are expected to contain: domain_id or project_id,
|
Provided attributes are expected to contain: domain_id or project_id,
|
||||||
user_id or group_id, role_id and, optionally, inherited_to_projects.
|
user_id or group_id, role_id and, optionally, inherited_to_projects.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if attribs.get('domain_id'):
|
if attribs.get('domain_id'):
|
||||||
link = '/domains/' + attribs['domain_id']
|
link = '/domains/' + attribs['domain_id']
|
||||||
else:
|
else:
|
||||||
@ -1356,7 +1353,6 @@ class AssignmentTestMixin(object):
|
|||||||
Provided attributes are expected to contain: domain_id or project_id,
|
Provided attributes are expected to contain: domain_id or project_id,
|
||||||
user_id or group_id, role_id and, optionally, inherited_to_projects.
|
user_id or group_id, role_id and, optionally, inherited_to_projects.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
entity = {'links': {'assignment': (
|
entity = {'links': {'assignment': (
|
||||||
link or self.build_role_assignment_link(**attribs))}}
|
link or self.build_role_assignment_link(**attribs))}}
|
||||||
|
|
||||||
|
@ -184,7 +184,6 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
|
|
||||||
def test_delete_enabled_domain_fails(self):
|
def test_delete_enabled_domain_fails(self):
|
||||||
"""Call ``DELETE /domains/{domain_id}`` (when domain enabled)."""
|
"""Call ``DELETE /domains/{domain_id}`` (when domain enabled)."""
|
||||||
|
|
||||||
# Try deleting an enabled domain, which should fail
|
# Try deleting an enabled domain, which should fail
|
||||||
self.delete('/domains/%(domain_id)s' % {
|
self.delete('/domains/%(domain_id)s' % {
|
||||||
'domain_id': self.domain['id']},
|
'domain_id': self.domain['id']},
|
||||||
@ -210,7 +209,6 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
- Check entities in self.domain are unaffected
|
- Check entities in self.domain are unaffected
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# Create a 2nd set of entities in a 2nd domain
|
# Create a 2nd set of entities in a 2nd domain
|
||||||
self.domain2 = self.new_domain_ref()
|
self.domain2 = self.new_domain_ref()
|
||||||
self.resource_api.create_domain(self.domain2['id'], self.domain2)
|
self.resource_api.create_domain(self.domain2['id'], self.domain2)
|
||||||
@ -341,7 +339,6 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
becomes invalid once that domain is disabled.
|
becomes invalid once that domain is disabled.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
self.domain = self.new_domain_ref()
|
self.domain = self.new_domain_ref()
|
||||||
self.resource_api.create_domain(self.domain['id'], self.domain)
|
self.resource_api.create_domain(self.domain['id'], self.domain)
|
||||||
|
|
||||||
@ -457,7 +454,6 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
This includes operations like create, update, delete.
|
This includes operations like create, update, delete.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
non_default_name = 'beta_federated_domain'
|
non_default_name = 'beta_federated_domain'
|
||||||
self.config_fixture.config(group='federation',
|
self.config_fixture.config(group='federation',
|
||||||
federated_domain_name=non_default_name)
|
federated_domain_name=non_default_name)
|
||||||
@ -516,7 +512,6 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
@utils.wip('waiting for projects acting as domains implementation')
|
@utils.wip('waiting for projects acting as domains implementation')
|
||||||
def test_create_project_without_parent_id_and_without_domain_id(self):
|
def test_create_project_without_parent_id_and_without_domain_id(self):
|
||||||
"""Call ``POST /projects``."""
|
"""Call ``POST /projects``."""
|
||||||
|
|
||||||
# Grant a domain role for the user
|
# Grant a domain role for the user
|
||||||
collection_url = (
|
collection_url = (
|
||||||
'/domains/%(domain_id)s/users/%(user_id)s/roles' % {
|
'/domains/%(domain_id)s/users/%(user_id)s/roles' % {
|
||||||
@ -716,7 +711,6 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
'project' and 'parent'.
|
'project' and 'parent'.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# Create the project hierarchy
|
# Create the project hierarchy
|
||||||
parent, project, subproject = self._create_projects_hierarchy(2)
|
parent, project, subproject = self._create_projects_hierarchy(2)
|
||||||
|
|
||||||
@ -747,7 +741,6 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
'parent'.
|
'parent'.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# Create the project hierarchy
|
# Create the project hierarchy
|
||||||
parent, project, subproject = self._create_projects_hierarchy(2)
|
parent, project, subproject = self._create_projects_hierarchy(2)
|
||||||
|
|
||||||
@ -883,7 +876,6 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
and 'subproject'.
|
and 'subproject'.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# Create the project hierarchy
|
# Create the project hierarchy
|
||||||
parent, project, subproject = self._create_projects_hierarchy(2)
|
parent, project, subproject = self._create_projects_hierarchy(2)
|
||||||
|
|
||||||
@ -913,7 +905,6 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
- Check that calling subtree_as_list on 'parent' returns 'subproject'.
|
- Check that calling subtree_as_list on 'parent' returns 'subproject'.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# Create the project hierarchy
|
# Create the project hierarchy
|
||||||
parent, project, subproject = self._create_projects_hierarchy(2)
|
parent, project, subproject = self._create_projects_hierarchy(2)
|
||||||
|
|
||||||
@ -1153,7 +1144,6 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
returns Not Found for the user.
|
returns Not Found for the user.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
user_id = uuid.uuid4().hex
|
user_id = uuid.uuid4().hex
|
||||||
|
|
||||||
collection_url = (
|
collection_url = (
|
||||||
@ -1192,7 +1182,6 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
returns 404 Not Found for the user.
|
returns 404 Not Found for the user.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
user_id = uuid.uuid4().hex
|
user_id = uuid.uuid4().hex
|
||||||
|
|
||||||
collection_url = (
|
collection_url = (
|
||||||
@ -1231,7 +1220,6 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
server returns 404 Not Found for the group.
|
server returns 404 Not Found for the group.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
group_id = uuid.uuid4().hex
|
group_id = uuid.uuid4().hex
|
||||||
|
|
||||||
collection_url = (
|
collection_url = (
|
||||||
@ -1271,7 +1259,6 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
returns 404 Not Found for the group.
|
returns 404 Not Found for the group.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
group_id = uuid.uuid4().hex
|
group_id = uuid.uuid4().hex
|
||||||
|
|
||||||
collection_url = (
|
collection_url = (
|
||||||
@ -1392,7 +1379,6 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
been removed
|
been removed
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# Since the default fixtures already assign some roles to the
|
# Since the default fixtures already assign some roles to the
|
||||||
# user it creates, we also need a new user that will not have any
|
# user it creates, we also need a new user that will not have any
|
||||||
# existing assignments
|
# existing assignments
|
||||||
@ -1641,7 +1627,6 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
token (all effective roles for a user on a project)
|
token (all effective roles for a user on a project)
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# Since the default fixtures already assign some roles to the
|
# Since the default fixtures already assign some roles to the
|
||||||
# user it creates, we also need a new user that will not have any
|
# user it creates, we also need a new user that will not have any
|
||||||
# existing assignments
|
# existing assignments
|
||||||
@ -1888,7 +1873,6 @@ class RoleAssignmentBaseTestCase(test_v3.RestfulTestCase,
|
|||||||
queried URL.
|
queried URL.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
query_url = self._get_role_assignments_query_url(**filters)
|
query_url = self._get_role_assignments_query_url(**filters)
|
||||||
response = self.get(query_url, expected_status=expected_status)
|
response = self.get(query_url, expected_status=expected_status)
|
||||||
|
|
||||||
@ -1967,7 +1951,6 @@ class RoleAssignmentDirectTestCase(RoleAssignmentBaseTestCase):
|
|||||||
group_id, user_id and inherited_to_projects.
|
group_id, user_id and inherited_to_projects.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# Fills default assignment with provided filters
|
# Fills default assignment with provided filters
|
||||||
test_assignment = self._set_default_assignment_attributes(**filters)
|
test_assignment = self._set_default_assignment_attributes(**filters)
|
||||||
|
|
||||||
@ -2511,7 +2494,6 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase,
|
|||||||
shows up.
|
shows up.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
role_list = []
|
role_list = []
|
||||||
for _ in range(4):
|
for _ in range(4):
|
||||||
role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
|
role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
|
||||||
|
@ -981,7 +981,6 @@ class TestTokenRevokeById(test_v3.RestfulTestCase):
|
|||||||
the one for Project C
|
the one for Project C
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
self.role_data_fixtures()
|
self.role_data_fixtures()
|
||||||
|
|
||||||
# Now we are ready to start issuing requests
|
# Now we are ready to start issuing requests
|
||||||
@ -1281,7 +1280,6 @@ class TestTokenRevokeById(test_v3.RestfulTestCase):
|
|||||||
|
|
||||||
def test_removing_role_assignment_does_not_affect_other_users(self):
|
def test_removing_role_assignment_does_not_affect_other_users(self):
|
||||||
"""Revoking a role from one user should not affect other users."""
|
"""Revoking a role from one user should not affect other users."""
|
||||||
|
|
||||||
# This group grant is not needed for the test
|
# This group grant is not needed for the test
|
||||||
self.delete(
|
self.delete(
|
||||||
'/projects/%(project_id)s/groups/%(group_id)s/roles/%(role_id)s' %
|
'/projects/%(project_id)s/groups/%(group_id)s/roles/%(role_id)s' %
|
||||||
@ -1990,7 +1988,6 @@ class TestAuth(test_v3.RestfulTestCase):
|
|||||||
|
|
||||||
def test_auth_catalog_disabled_endpoint(self):
|
def test_auth_catalog_disabled_endpoint(self):
|
||||||
"""On authenticate, get a catalog that excludes disabled endpoints."""
|
"""On authenticate, get a catalog that excludes disabled endpoints."""
|
||||||
|
|
||||||
# Create a disabled endpoint that's like the enabled one.
|
# Create a disabled endpoint that's like the enabled one.
|
||||||
disabled_endpoint_ref = copy.copy(self.endpoint)
|
disabled_endpoint_ref = copy.copy(self.endpoint)
|
||||||
disabled_endpoint_id = uuid.uuid4().hex
|
disabled_endpoint_id = uuid.uuid4().hex
|
||||||
@ -2044,7 +2041,6 @@ class TestAuth(test_v3.RestfulTestCase):
|
|||||||
tokens
|
tokens
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
domainA = self.new_domain_ref()
|
domainA = self.new_domain_ref()
|
||||||
self.resource_api.create_domain(domainA['id'], domainA)
|
self.resource_api.create_domain(domainA['id'], domainA)
|
||||||
projectA = self.new_project_ref(domain_id=domainA['id'])
|
projectA = self.new_project_ref(domain_id=domainA['id'])
|
||||||
@ -4507,7 +4503,6 @@ class TestFernetTokenProvider(test_v3.RestfulTestCase):
|
|||||||
Test that validating an domain scoped token in v2.0
|
Test that validating an domain scoped token in v2.0
|
||||||
returns unauthorized.
|
returns unauthorized.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# Grant user access to domain
|
# Grant user access to domain
|
||||||
self.assignment_api.create_grant(self.role['id'],
|
self.assignment_api.create_grant(self.role['id'],
|
||||||
user_id=self.user['id'],
|
user_id=self.user['id'],
|
||||||
@ -4524,7 +4519,6 @@ class TestFernetTokenProvider(test_v3.RestfulTestCase):
|
|||||||
Test that validating an trust scoped token in v2.0 returns
|
Test that validating an trust scoped token in v2.0 returns
|
||||||
unauthorized.
|
unauthorized.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
trustee_user, trust = self._create_trust()
|
trustee_user, trust = self._create_trust()
|
||||||
trust_scoped_token = self._get_trust_scoped_token(trustee_user, trust)
|
trust_scoped_token = self._get_trust_scoped_token(trustee_user, trust)
|
||||||
self.assertRaises(exception.Unauthorized,
|
self.assertRaises(exception.Unauthorized,
|
||||||
|
@ -238,7 +238,6 @@ class CatalogTestCase(test_v3.RestfulTestCase):
|
|||||||
|
|
||||||
def test_delete_region(self):
|
def test_delete_region(self):
|
||||||
"""Call ``DELETE /regions/{region_id}``."""
|
"""Call ``DELETE /regions/{region_id}``."""
|
||||||
|
|
||||||
ref = self.new_region_ref()
|
ref = self.new_region_ref()
|
||||||
r = self.post(
|
r = self.post(
|
||||||
'/regions',
|
'/regions',
|
||||||
|
@ -69,7 +69,6 @@ class EndpointPolicyTestCase(test_v3.RestfulTestCase):
|
|||||||
|
|
||||||
def test_crud_for_policy_for_explicit_endpoint(self):
|
def test_crud_for_policy_for_explicit_endpoint(self):
|
||||||
"""PUT, HEAD and DELETE for explicit endpoint policy."""
|
"""PUT, HEAD and DELETE for explicit endpoint policy."""
|
||||||
|
|
||||||
url = ('/policies/%(policy_id)s/OS-ENDPOINT-POLICY'
|
url = ('/policies/%(policy_id)s/OS-ENDPOINT-POLICY'
|
||||||
'/endpoints/%(endpoint_id)s') % {
|
'/endpoints/%(endpoint_id)s') % {
|
||||||
'policy_id': self.policy['id'],
|
'policy_id': self.policy['id'],
|
||||||
@ -78,7 +77,6 @@ class EndpointPolicyTestCase(test_v3.RestfulTestCase):
|
|||||||
|
|
||||||
def test_crud_for_policy_for_service(self):
|
def test_crud_for_policy_for_service(self):
|
||||||
"""PUT, HEAD and DELETE for service endpoint policy."""
|
"""PUT, HEAD and DELETE for service endpoint policy."""
|
||||||
|
|
||||||
url = ('/policies/%(policy_id)s/OS-ENDPOINT-POLICY'
|
url = ('/policies/%(policy_id)s/OS-ENDPOINT-POLICY'
|
||||||
'/services/%(service_id)s') % {
|
'/services/%(service_id)s') % {
|
||||||
'policy_id': self.policy['id'],
|
'policy_id': self.policy['id'],
|
||||||
@ -87,7 +85,6 @@ class EndpointPolicyTestCase(test_v3.RestfulTestCase):
|
|||||||
|
|
||||||
def test_crud_for_policy_for_region_and_service(self):
|
def test_crud_for_policy_for_region_and_service(self):
|
||||||
"""PUT, HEAD and DELETE for region and service endpoint policy."""
|
"""PUT, HEAD and DELETE for region and service endpoint policy."""
|
||||||
|
|
||||||
url = ('/policies/%(policy_id)s/OS-ENDPOINT-POLICY'
|
url = ('/policies/%(policy_id)s/OS-ENDPOINT-POLICY'
|
||||||
'/services/%(service_id)s/regions/%(region_id)s') % {
|
'/services/%(service_id)s/regions/%(region_id)s') % {
|
||||||
'policy_id': self.policy['id'],
|
'policy_id': self.policy['id'],
|
||||||
@ -97,7 +94,6 @@ class EndpointPolicyTestCase(test_v3.RestfulTestCase):
|
|||||||
|
|
||||||
def test_get_policy_for_endpoint(self):
|
def test_get_policy_for_endpoint(self):
|
||||||
"""GET /endpoints/{endpoint_id}/policy."""
|
"""GET /endpoints/{endpoint_id}/policy."""
|
||||||
|
|
||||||
self.put('/policies/%(policy_id)s/OS-ENDPOINT-POLICY'
|
self.put('/policies/%(policy_id)s/OS-ENDPOINT-POLICY'
|
||||||
'/endpoints/%(endpoint_id)s' % {
|
'/endpoints/%(endpoint_id)s' % {
|
||||||
'policy_id': self.policy['id'],
|
'policy_id': self.policy['id'],
|
||||||
@ -115,7 +111,6 @@ class EndpointPolicyTestCase(test_v3.RestfulTestCase):
|
|||||||
|
|
||||||
def test_list_endpoints_for_policy(self):
|
def test_list_endpoints_for_policy(self):
|
||||||
"""GET /policies/%(policy_id}/endpoints."""
|
"""GET /policies/%(policy_id}/endpoints."""
|
||||||
|
|
||||||
self.put('/policies/%(policy_id)s/OS-ENDPOINT-POLICY'
|
self.put('/policies/%(policy_id)s/OS-ENDPOINT-POLICY'
|
||||||
'/endpoints/%(endpoint_id)s' % {
|
'/endpoints/%(endpoint_id)s' % {
|
||||||
'policy_id': self.policy['id'],
|
'policy_id': self.policy['id'],
|
||||||
|
@ -137,7 +137,6 @@ class FederatedSetupMixin(object):
|
|||||||
|
|
||||||
def assertValidMappedUser(self, token):
|
def assertValidMappedUser(self, token):
|
||||||
"""Check if user object meets all the criteria."""
|
"""Check if user object meets all the criteria."""
|
||||||
|
|
||||||
user = token['user']
|
user = token['user']
|
||||||
self.assertIn('id', user)
|
self.assertIn('id', user)
|
||||||
self.assertIn('name', user)
|
self.assertIn('name', user)
|
||||||
@ -209,7 +208,6 @@ class FederatedSetupMixin(object):
|
|||||||
|
|
||||||
def load_federation_sample_data(self):
|
def load_federation_sample_data(self):
|
||||||
"""Inject additional data."""
|
"""Inject additional data."""
|
||||||
|
|
||||||
# Create and add domains
|
# Create and add domains
|
||||||
self.domainA = self.new_domain_ref()
|
self.domainA = self.new_domain_ref()
|
||||||
self.resource_api.create_domain(self.domainA['id'],
|
self.resource_api.create_domain(self.domainA['id'],
|
||||||
@ -856,7 +854,6 @@ class FederatedIdentityProviderTests(FederationTests):
|
|||||||
|
|
||||||
def test_create_idp(self):
|
def test_create_idp(self):
|
||||||
"""Creates the IdentityProvider entity associated to remote_ids."""
|
"""Creates the IdentityProvider entity associated to remote_ids."""
|
||||||
|
|
||||||
keys_to_check = list(self.idp_keys)
|
keys_to_check = list(self.idp_keys)
|
||||||
body = self.default_body.copy()
|
body = self.default_body.copy()
|
||||||
body['description'] = uuid.uuid4().hex
|
body['description'] = uuid.uuid4().hex
|
||||||
@ -867,7 +864,6 @@ class FederatedIdentityProviderTests(FederationTests):
|
|||||||
|
|
||||||
def test_create_idp_remote(self):
|
def test_create_idp_remote(self):
|
||||||
"""Creates the IdentityProvider entity associated to remote_ids."""
|
"""Creates the IdentityProvider entity associated to remote_ids."""
|
||||||
|
|
||||||
keys_to_check = list(self.idp_keys)
|
keys_to_check = list(self.idp_keys)
|
||||||
keys_to_check.append('remote_ids')
|
keys_to_check.append('remote_ids')
|
||||||
body = self.default_body.copy()
|
body = self.default_body.copy()
|
||||||
@ -889,7 +885,6 @@ class FederatedIdentityProviderTests(FederationTests):
|
|||||||
Expect HTTP 409 Conflict code for the latter call.
|
Expect HTTP 409 Conflict code for the latter call.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
body = self.default_body.copy()
|
body = self.default_body.copy()
|
||||||
repeated_remote_id = uuid.uuid4().hex
|
repeated_remote_id = uuid.uuid4().hex
|
||||||
body['remote_ids'] = [uuid.uuid4().hex,
|
body['remote_ids'] = [uuid.uuid4().hex,
|
||||||
@ -906,7 +901,6 @@ class FederatedIdentityProviderTests(FederationTests):
|
|||||||
|
|
||||||
def test_create_idp_remote_empty(self):
|
def test_create_idp_remote_empty(self):
|
||||||
"""Creates an IdP with empty remote_ids."""
|
"""Creates an IdP with empty remote_ids."""
|
||||||
|
|
||||||
keys_to_check = list(self.idp_keys)
|
keys_to_check = list(self.idp_keys)
|
||||||
keys_to_check.append('remote_ids')
|
keys_to_check.append('remote_ids')
|
||||||
body = self.default_body.copy()
|
body = self.default_body.copy()
|
||||||
@ -919,7 +913,6 @@ class FederatedIdentityProviderTests(FederationTests):
|
|||||||
|
|
||||||
def test_create_idp_remote_none(self):
|
def test_create_idp_remote_none(self):
|
||||||
"""Creates an IdP with a None remote_ids."""
|
"""Creates an IdP with a None remote_ids."""
|
||||||
|
|
||||||
keys_to_check = list(self.idp_keys)
|
keys_to_check = list(self.idp_keys)
|
||||||
keys_to_check.append('remote_ids')
|
keys_to_check.append('remote_ids')
|
||||||
body = self.default_body.copy()
|
body = self.default_body.copy()
|
||||||
@ -1072,7 +1065,6 @@ class FederatedIdentityProviderTests(FederationTests):
|
|||||||
|
|
||||||
def test_delete_idp_also_deletes_assigned_protocols(self):
|
def test_delete_idp_also_deletes_assigned_protocols(self):
|
||||||
"""Deleting an IdP will delete its assigned protocol."""
|
"""Deleting an IdP will delete its assigned protocol."""
|
||||||
|
|
||||||
# create default IdP
|
# create default IdP
|
||||||
default_resp = self._create_default_idp()
|
default_resp = self._create_default_idp()
|
||||||
default_idp = self._fetch_attribute_from_response(default_resp,
|
default_idp = self._fetch_attribute_from_response(default_resp,
|
||||||
@ -1178,7 +1170,6 @@ class FederatedIdentityProviderTests(FederationTests):
|
|||||||
|
|
||||||
def test_assign_protocol_to_idp(self):
|
def test_assign_protocol_to_idp(self):
|
||||||
"""Assign a protocol to existing IdP."""
|
"""Assign a protocol to existing IdP."""
|
||||||
|
|
||||||
self._assign_protocol_to_idp(expected_status=http_client.CREATED)
|
self._assign_protocol_to_idp(expected_status=http_client.CREATED)
|
||||||
|
|
||||||
def test_protocol_composite_pk(self):
|
def test_protocol_composite_pk(self):
|
||||||
@ -1224,7 +1215,6 @@ class FederatedIdentityProviderTests(FederationTests):
|
|||||||
Expect HTTP 404 Not Found code.
|
Expect HTTP 404 Not Found code.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
idp_id = uuid.uuid4().hex
|
idp_id = uuid.uuid4().hex
|
||||||
kwargs = {'expected_status': http_client.NOT_FOUND}
|
kwargs = {'expected_status': http_client.NOT_FOUND}
|
||||||
self._assign_protocol_to_idp(proto='saml2',
|
self._assign_protocol_to_idp(proto='saml2',
|
||||||
@ -1234,7 +1224,6 @@ class FederatedIdentityProviderTests(FederationTests):
|
|||||||
|
|
||||||
def test_get_protocol(self):
|
def test_get_protocol(self):
|
||||||
"""Create and later fetch protocol tied to IdP."""
|
"""Create and later fetch protocol tied to IdP."""
|
||||||
|
|
||||||
resp, idp_id, proto = self._assign_protocol_to_idp(
|
resp, idp_id, proto = self._assign_protocol_to_idp(
|
||||||
expected_status=http_client.CREATED)
|
expected_status=http_client.CREATED)
|
||||||
proto_id = self._fetch_attribute_from_response(resp, 'protocol')['id']
|
proto_id = self._fetch_attribute_from_response(resp, 'protocol')['id']
|
||||||
@ -1280,7 +1269,6 @@ class FederatedIdentityProviderTests(FederationTests):
|
|||||||
|
|
||||||
def test_update_protocols_attribute(self):
|
def test_update_protocols_attribute(self):
|
||||||
"""Update protocol's attribute."""
|
"""Update protocol's attribute."""
|
||||||
|
|
||||||
resp, idp_id, proto = self._assign_protocol_to_idp(
|
resp, idp_id, proto = self._assign_protocol_to_idp(
|
||||||
expected_status=http_client.CREATED)
|
expected_status=http_client.CREATED)
|
||||||
new_mapping_id = uuid.uuid4().hex
|
new_mapping_id = uuid.uuid4().hex
|
||||||
@ -1697,7 +1685,6 @@ class FederatedTokenTests(FederationTests, FederatedSetupMixin):
|
|||||||
|
|
||||||
def test_scope_to_bad_project(self):
|
def test_scope_to_bad_project(self):
|
||||||
"""Scope unscoped token with a project we don't have access to."""
|
"""Scope unscoped token with a project we don't have access to."""
|
||||||
|
|
||||||
self.v3_create_token(
|
self.v3_create_token(
|
||||||
self.TOKEN_SCOPE_PROJECT_EMPLOYEE_FROM_CUSTOMER,
|
self.TOKEN_SCOPE_PROJECT_EMPLOYEE_FROM_CUSTOMER,
|
||||||
expected_status=http_client.UNAUTHORIZED)
|
expected_status=http_client.UNAUTHORIZED)
|
||||||
@ -1711,7 +1698,6 @@ class FederatedTokenTests(FederationTests, FederatedSetupMixin):
|
|||||||
* Employees' project
|
* Employees' project
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
bodies = (self.TOKEN_SCOPE_PROJECT_EMPLOYEE_FROM_ADMIN,
|
bodies = (self.TOKEN_SCOPE_PROJECT_EMPLOYEE_FROM_ADMIN,
|
||||||
self.TOKEN_SCOPE_PROJECT_CUSTOMER_FROM_ADMIN)
|
self.TOKEN_SCOPE_PROJECT_CUSTOMER_FROM_ADMIN)
|
||||||
project_ids = (self.proj_employees['id'],
|
project_ids = (self.proj_employees['id'],
|
||||||
@ -1892,7 +1878,6 @@ class FederatedTokenTests(FederationTests, FederatedSetupMixin):
|
|||||||
* Scope token to one of available projects
|
* Scope token to one of available projects
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
r = self._issue_unscoped_token()
|
r = self._issue_unscoped_token()
|
||||||
token_resp = r.json_body['token']
|
token_resp = r.json_body['token']
|
||||||
self.assertValidMappedUser(token_resp)
|
self.assertValidMappedUser(token_resp)
|
||||||
@ -2054,7 +2039,6 @@ class FederatedTokenTests(FederationTests, FederatedSetupMixin):
|
|||||||
assigned
|
assigned
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
domain_id = self.domainA['id']
|
domain_id = self.domainA['id']
|
||||||
domain_name = self.domainA['name']
|
domain_name = self.domainA['name']
|
||||||
|
|
||||||
@ -2129,7 +2113,6 @@ class FederatedTokenTests(FederationTests, FederatedSetupMixin):
|
|||||||
assigned
|
assigned
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
domain_id = self.domainA['id']
|
domain_id = self.domainA['id']
|
||||||
domain_name = self.domainA['name']
|
domain_name = self.domainA['name']
|
||||||
|
|
||||||
@ -2799,7 +2782,6 @@ class SAMLGenerationTests(FederationTests):
|
|||||||
Raises exception.SchemaValidationError() - error 400 Bad Request
|
Raises exception.SchemaValidationError() - error 400 Bad Request
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
token_id = uuid.uuid4().hex
|
token_id = uuid.uuid4().hex
|
||||||
body = self._create_generate_saml_request(token_id,
|
body = self._create_generate_saml_request(token_id,
|
||||||
self.SERVICE_PROVDIER_ID)
|
self.SERVICE_PROVDIER_ID)
|
||||||
@ -2814,7 +2796,6 @@ class SAMLGenerationTests(FederationTests):
|
|||||||
Raises exception.SchemaValidationError() - error 400 Bad Request
|
Raises exception.SchemaValidationError() - error 400 Bad Request
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
token_id = uuid.uuid4().hex
|
token_id = uuid.uuid4().hex
|
||||||
body = self._create_generate_saml_request(token_id,
|
body = self._create_generate_saml_request(token_id,
|
||||||
self.SERVICE_PROVDIER_ID)
|
self.SERVICE_PROVDIER_ID)
|
||||||
@ -2837,7 +2818,6 @@ class SAMLGenerationTests(FederationTests):
|
|||||||
|
|
||||||
def test_sp_disabled(self):
|
def test_sp_disabled(self):
|
||||||
"""Try generating assertion for disabled Service Provider."""
|
"""Try generating assertion for disabled Service Provider."""
|
||||||
|
|
||||||
# Disable Service Provider
|
# Disable Service Provider
|
||||||
sp_ref = {'enabled': False}
|
sp_ref = {'enabled': False}
|
||||||
self.federation_api.update_sp(self.SERVICE_PROVDIER_ID, sp_ref)
|
self.federation_api.update_sp(self.SERVICE_PROVDIER_ID, sp_ref)
|
||||||
@ -2854,7 +2834,6 @@ class SAMLGenerationTests(FederationTests):
|
|||||||
Raises exception.TokenNotFound() - error Not Found 404
|
Raises exception.TokenNotFound() - error Not Found 404
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
token_id = uuid.uuid4().hex
|
token_id = uuid.uuid4().hex
|
||||||
body = self._create_generate_saml_request(token_id,
|
body = self._create_generate_saml_request(token_id,
|
||||||
self.SERVICE_PROVDIER_ID)
|
self.SERVICE_PROVDIER_ID)
|
||||||
@ -2870,7 +2849,6 @@ class SAMLGenerationTests(FederationTests):
|
|||||||
The controller should return a SAML assertion that is wrapped in a
|
The controller should return a SAML assertion that is wrapped in a
|
||||||
SOAP envelope.
|
SOAP envelope.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
self.config_fixture.config(group='saml', idp_entity_id=self.ISSUER)
|
self.config_fixture.config(group='saml', idp_entity_id=self.ISSUER)
|
||||||
token_id = self._fetch_valid_token()
|
token_id = self._fetch_valid_token()
|
||||||
body = self._create_generate_saml_request(token_id,
|
body = self._create_generate_saml_request(token_id,
|
||||||
@ -3439,7 +3417,6 @@ class K2KServiceCatalogTests(FederationTests):
|
|||||||
|
|
||||||
def test_service_providers_in_token(self):
|
def test_service_providers_in_token(self):
|
||||||
"""Check if service providers are listed in service catalog."""
|
"""Check if service providers are listed in service catalog."""
|
||||||
|
|
||||||
token = self.token_v3_helper.get_token_data(self.user_id, ['password'])
|
token = self.token_v3_helper.get_token_data(self.user_id, ['password'])
|
||||||
ref = {}
|
ref = {}
|
||||||
for r in (self.sp_alpha, self.sp_beta, self.sp_gamma):
|
for r in (self.sp_alpha, self.sp_beta, self.sp_gamma):
|
||||||
|
@ -33,7 +33,6 @@ class IdentityTestFilteredCase(filtering.FilterTests,
|
|||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
"""Setup for Identity Filter Test Cases."""
|
"""Setup for Identity Filter Test Cases."""
|
||||||
|
|
||||||
super(IdentityTestFilteredCase, self).setUp()
|
super(IdentityTestFilteredCase, self).setUp()
|
||||||
self.tempfile = self.useFixture(temporaryfile.SecureTempFile())
|
self.tempfile = self.useFixture(temporaryfile.SecureTempFile())
|
||||||
self.tmpfilename = self.tempfile.file_name
|
self.tmpfilename = self.tempfile.file_name
|
||||||
@ -329,7 +328,6 @@ class IdentityTestListLimitCase(IdentityTestFilteredCase):
|
|||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
"""Setup for Identity Limit Test Cases."""
|
"""Setup for Identity Limit Test Cases."""
|
||||||
|
|
||||||
super(IdentityTestListLimitCase, self).setUp()
|
super(IdentityTestListLimitCase, self).setUp()
|
||||||
|
|
||||||
# Create 10 entries for each of the entities we are going to test
|
# Create 10 entries for each of the entities we are going to test
|
||||||
@ -359,18 +357,15 @@ class IdentityTestListLimitCase(IdentityTestFilteredCase):
|
|||||||
|
|
||||||
def clean_up_entity(self, entity):
|
def clean_up_entity(self, entity):
|
||||||
"""Clean up entity test data from Identity Limit Test Cases."""
|
"""Clean up entity test data from Identity Limit Test Cases."""
|
||||||
|
|
||||||
self._delete_test_data(entity, self.entity_lists[entity])
|
self._delete_test_data(entity, self.entity_lists[entity])
|
||||||
|
|
||||||
def clean_up_service(self):
|
def clean_up_service(self):
|
||||||
"""Clean up service test data from Identity Limit Test Cases."""
|
"""Clean up service test data from Identity Limit Test Cases."""
|
||||||
|
|
||||||
for service in self.service_list:
|
for service in self.service_list:
|
||||||
self.catalog_api.delete_service(service['id'])
|
self.catalog_api.delete_service(service['id'])
|
||||||
|
|
||||||
def clean_up_policy(self):
|
def clean_up_policy(self):
|
||||||
"""Clean up policy test data from Identity Limit Test Cases."""
|
"""Clean up policy test data from Identity Limit Test Cases."""
|
||||||
|
|
||||||
for policy in self.policy_list:
|
for policy in self.policy_list:
|
||||||
self.policy_api.delete_policy(policy['id'])
|
self.policy_api.delete_policy(policy['id'])
|
||||||
|
|
||||||
@ -430,7 +425,6 @@ class IdentityTestListLimitCase(IdentityTestFilteredCase):
|
|||||||
|
|
||||||
def test_no_limit(self):
|
def test_no_limit(self):
|
||||||
"""Check truncated attribute not set when list not limited."""
|
"""Check truncated attribute not set when list not limited."""
|
||||||
|
|
||||||
self._set_policy({"identity:list_services": []})
|
self._set_policy({"identity:list_services": []})
|
||||||
r = self.get('/services', auth=self.auth)
|
r = self.get('/services', auth=self.auth)
|
||||||
self.assertEqual(10, len(r.result.get('services')))
|
self.assertEqual(10, len(r.result.get('services')))
|
||||||
@ -438,7 +432,6 @@ class IdentityTestListLimitCase(IdentityTestFilteredCase):
|
|||||||
|
|
||||||
def test_at_limit(self):
|
def test_at_limit(self):
|
||||||
"""Check truncated attribute not set when list at max size."""
|
"""Check truncated attribute not set when list at max size."""
|
||||||
|
|
||||||
# Test this by overriding the general limit with a higher
|
# Test this by overriding the general limit with a higher
|
||||||
# driver-specific limit (allowing all entities to be returned
|
# driver-specific limit (allowing all entities to be returned
|
||||||
# in the collection), which should result in a non truncated list
|
# in the collection), which should result in a non truncated list
|
||||||
|
@ -209,7 +209,6 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
|||||||
|
|
||||||
def test_list_groups_for_user(self):
|
def test_list_groups_for_user(self):
|
||||||
"""Call ``GET /users/{user_id}/groups``."""
|
"""Call ``GET /users/{user_id}/groups``."""
|
||||||
|
|
||||||
self.user1 = self.new_user_ref(
|
self.user1 = self.new_user_ref(
|
||||||
domain_id=self.domain['id'])
|
domain_id=self.domain['id'])
|
||||||
password = self.user1['password']
|
password = self.user1['password']
|
||||||
|
@ -801,7 +801,6 @@ class OAuthNotificationTests(OAuth1Tests,
|
|||||||
notifications for request token creation, and access token
|
notifications for request token creation, and access token
|
||||||
creation/deletion are emitted.
|
creation/deletion are emitted.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
consumer = self._create_single_consumer()
|
consumer = self._create_single_consumer()
|
||||||
consumer_id = consumer['id']
|
consumer_id = consumer['id']
|
||||||
consumer_secret = consumer['secret']
|
consumer_secret = consumer['secret']
|
||||||
|
@ -72,7 +72,6 @@ def wip(message):
|
|||||||
>>> pass
|
>>> pass
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def _wip(f):
|
def _wip(f):
|
||||||
@six.wraps(f)
|
@six.wraps(f)
|
||||||
def run_test(*args, **kwargs):
|
def run_test(*args, **kwargs):
|
||||||
|
@ -82,7 +82,6 @@ class Auth(controller.V2Controller):
|
|||||||
Alternatively, this call accepts auth with only a token and tenant
|
Alternatively, this call accepts auth with only a token and tenant
|
||||||
that will return a token that is scoped to that tenant.
|
that will return a token that is scoped to that tenant.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if auth is None:
|
if auth is None:
|
||||||
raise exception.ValidationError(attribute='auth',
|
raise exception.ValidationError(attribute='auth',
|
||||||
target='request body')
|
target='request body')
|
||||||
@ -379,7 +378,6 @@ class Auth(controller.V2Controller):
|
|||||||
|
|
||||||
def _get_project_roles_and_ref(self, user_id, tenant_id):
|
def _get_project_roles_and_ref(self, user_id, tenant_id):
|
||||||
"""Returns the project roles for this user, and the project ref."""
|
"""Returns the project roles for this user, and the project ref."""
|
||||||
|
|
||||||
tenant_ref = None
|
tenant_ref = None
|
||||||
role_list = []
|
role_list = []
|
||||||
if tenant_id:
|
if tenant_id:
|
||||||
|
@ -53,7 +53,6 @@ def _expiry_range_batched(session, upper_bound_func, batch_size):
|
|||||||
Return the timestamp of the next token that is `batch_size` rows from
|
Return the timestamp of the next token that is `batch_size` rows from
|
||||||
being the oldest expired token.
|
being the oldest expired token.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# This expiry strategy splits the tokens into roughly equal sized batches
|
# This expiry strategy splits the tokens into roughly equal sized batches
|
||||||
# to be deleted. It does this by finding the timestamp of a token
|
# to be deleted. It does this by finding the timestamp of a token
|
||||||
# `batch_size` rows from the oldest token and yielding that to the caller.
|
# `batch_size` rows from the oldest token and yielding that to the caller.
|
||||||
@ -79,7 +78,6 @@ def _expiry_range_batched(session, upper_bound_func, batch_size):
|
|||||||
|
|
||||||
def _expiry_range_all(session, upper_bound_func):
|
def _expiry_range_all(session, upper_bound_func):
|
||||||
"""Expires all tokens in one pass."""
|
"""Expires all tokens in one pass."""
|
||||||
|
|
||||||
yield upper_bound_func()
|
yield upper_bound_func()
|
||||||
|
|
||||||
|
|
||||||
@ -245,7 +243,6 @@ class Token(token.persistence.TokenDriverV8):
|
|||||||
Based on the DB dialect, select an expiry range callable that is
|
Based on the DB dialect, select an expiry range callable that is
|
||||||
appropriate.
|
appropriate.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# DB2 and MySQL can both benefit from a batched strategy. On DB2 the
|
# DB2 and MySQL can both benefit from a batched strategy. On DB2 the
|
||||||
# transaction log can fill up and on MySQL w/Galera, large
|
# transaction log can fill up and on MySQL w/Galera, large
|
||||||
# transactions can exceed the maximum write set size.
|
# transactions can exceed the maximum write set size.
|
||||||
|
@ -212,7 +212,6 @@ class Manager(object):
|
|||||||
|
|
||||||
def __getattr__(self, item):
|
def __getattr__(self, item):
|
||||||
"""Forward calls to the `token_provider_api` persistence manager."""
|
"""Forward calls to the `token_provider_api` persistence manager."""
|
||||||
|
|
||||||
# NOTE(morganfainberg): Prevent infinite recursion, raise an
|
# NOTE(morganfainberg): Prevent infinite recursion, raise an
|
||||||
# AttributeError for 'token_provider_api' ensuring that the dep
|
# AttributeError for 'token_provider_api' ensuring that the dep
|
||||||
# injection doesn't infinitely try and lookup self.token_provider_api
|
# injection doesn't infinitely try and lookup self.token_provider_api
|
||||||
|
@ -266,7 +266,6 @@ class Manager(manager.Manager):
|
|||||||
|
|
||||||
def _is_valid_token(self, token):
|
def _is_valid_token(self, token):
|
||||||
"""Verify the token is valid format and has not expired."""
|
"""Verify the token is valid format and has not expired."""
|
||||||
|
|
||||||
current_time = timeutils.normalize_time(timeutils.utcnow())
|
current_time = timeutils.normalize_time(timeutils.utcnow())
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
@ -596,7 +596,6 @@ class FederatedUnscopedPayload(BasePayload):
|
|||||||
:returns: the payload of a federated token
|
:returns: the payload of a federated token
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
b_user_id = cls.attempt_convert_uuid_hex_to_bytes(user_id)
|
b_user_id = cls.attempt_convert_uuid_hex_to_bytes(user_id)
|
||||||
methods = auth_plugins.convert_method_list_to_integer(methods)
|
methods = auth_plugins.convert_method_list_to_integer(methods)
|
||||||
b_group_ids = list(map(cls.pack_group_id,
|
b_group_ids = list(map(cls.pack_group_id,
|
||||||
@ -622,7 +621,6 @@ class FederatedUnscopedPayload(BasePayload):
|
|||||||
federated domain ID
|
federated domain ID
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
(is_stored_as_bytes, user_id) = payload[0]
|
(is_stored_as_bytes, user_id) = payload[0]
|
||||||
if is_stored_as_bytes:
|
if is_stored_as_bytes:
|
||||||
user_id = cls.attempt_convert_uuid_bytes_to_hex(user_id)
|
user_id = cls.attempt_convert_uuid_bytes_to_hex(user_id)
|
||||||
|
@ -56,7 +56,6 @@ class TrustV3(controller.V3Controller):
|
|||||||
@classmethod
|
@classmethod
|
||||||
def base_url(cls, context, path=None):
|
def base_url(cls, context, path=None):
|
||||||
"""Construct a path and pass it to V3Controller.base_url method."""
|
"""Construct a path and pass it to V3Controller.base_url method."""
|
||||||
|
|
||||||
# NOTE(stevemar): Overriding path to /OS-TRUST/trusts so that
|
# NOTE(stevemar): Overriding path to /OS-TRUST/trusts so that
|
||||||
# V3Controller.base_url handles setting the self link correctly.
|
# V3Controller.base_url handles setting the self link correctly.
|
||||||
path = '/OS-TRUST/' + cls.collection_name
|
path = '/OS-TRUST/' + cls.collection_name
|
||||||
@ -128,7 +127,6 @@ class TrustV3(controller.V3Controller):
|
|||||||
The user creating the trust must be the trustor.
|
The user creating the trust must be the trustor.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
auth_context = context.get('environment',
|
auth_context = context.get('environment',
|
||||||
{}).get('KEYSTONE_AUTH_CONTEXT', {})
|
{}).get('KEYSTONE_AUTH_CONTEXT', {})
|
||||||
|
|
||||||
|
2
tox.ini
2
tox.ini
@ -115,7 +115,7 @@ show-source = true
|
|||||||
# D205: Blank line required between one-line summary and description.
|
# D205: Blank line required between one-line summary and description.
|
||||||
# D400: First line should end with a period.
|
# D400: First line should end with a period.
|
||||||
# D401: First line should be in imperative mood.
|
# D401: First line should be in imperative mood.
|
||||||
ignore = H405,D100,D101,D102,D103,D104,D105,D202,D203,D204,D205,D400,D401
|
ignore = H405,D100,D101,D102,D103,D104,D105,D203,D204,D205,D400,D401
|
||||||
|
|
||||||
exclude=.venv,.git,.tox,build,dist,doc,*openstack/common*,*lib/python*,*egg,tools,vendor,.update-venv,*.ini,*.po,*.pot
|
exclude=.venv,.git,.tox,build,dist,doc,*openstack/common*,*lib/python*,*egg,tools,vendor,.update-venv,*.ini,*.po,*.pot
|
||||||
max-complexity=24
|
max-complexity=24
|
||||||
|
Loading…
Reference in New Issue
Block a user