openstack/deb-python-django-openstack-auth
Code Issues Proposed changes

Fix H4xx docstring issues

Browse Source 
Completes blueprint openstack-hacking-compliant

Change-Id: Ib286972b65e0e3282db483718421f7f28e8c6cd1
This commit is contained in:
Akihiro Motoki
2014-04-03 06:17:05 +09:00
parent 95dffe082a
commit 58da8b38a9
9 changed files with 43 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
openstack_auth/backend.py
View File

@@ -67,7 +67,7 @@ class KeystoneBackend(object):
def authenticate(self, request=None, username=None, password=None, def authenticate(self, request=None, username=None, password=None,
user_domain_name=None, auth_url=None): user_domain_name=None, auth_url=None):
"""Authenticates a user via the Keystone Identity API. """ """Authenticates a user via the Keystone Identity API."""
LOG.debug('Beginning user authentication for user "%s".' % username) LOG.debug('Beginning user authentication for user "%s".' % username)
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False) insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
@@ -170,7 +170,7 @@ class KeystoneBackend(object):
return user return user
def get_group_permissions(self, user, obj=None): def get_group_permissions(self, user, obj=None):
"""Returns an empty set since Keystone doesn't support "groups". """ """Returns an empty set since Keystone doesn't support "groups"."""
# Keystone V3 added "groups". The Auth token response includes the # Keystone V3 added "groups". The Auth token response includes the
# roles from the user's Group assignment. It should be fine just # roles from the user's Group assignment. It should be fine just
# returning an empty set here. # returning an empty set here.
@@ -196,7 +196,7 @@ class KeystoneBackend(object):
return role_perms | service_perms return role_perms | service_perms
def has_perm(self, user, perm, obj=None): def has_perm(self, user, perm, obj=None):
"""Returns True if the given user has the specified permission. """ """Returns True if the given user has the specified permission."""
if not user.is_active: if not user.is_active:
return False return False
return perm in self.get_all_permissions(user, obj) return perm in self.get_all_permissions(user, obj)

2
openstack_auth/exceptions.py
View File

@@ -13,5 +13,5 @@
class KeystoneAuthException(Exception): class KeystoneAuthException(Exception):
""" Generic error class to identify and catch our own errors. """ """Generic error class to identify and catch our own errors."""
pass pass

2
openstack_auth/forms.py
View File

@@ -27,7 +27,7 @@ LOG = logging.getLogger(__name__)
class Login(django_auth_forms.AuthenticationForm): class Login(django_auth_forms.AuthenticationForm):
""" Form used for logging in a user. """Form used for logging in a user.
Handles authentication with Keystone by providing the domain name, username Handles authentication with Keystone by providing the domain name, username
and password. A scoped token is fetched after successful authentication. and password. A scoped token is fetched after successful authentication.

4
openstack_auth/tests/data_v2.py
View File

@@ -24,12 +24,12 @@ from keystoneclient.v2_0 import users
class TestDataContainer(object): class TestDataContainer(object):
""" Arbitrary holder for test data in an object-oriented fashion. """ """Arbitrary holder for test data in an object-oriented fashion."""
pass pass
def generate_test_data(): def generate_test_data():
''' Builds a set of test_data data as returned by Keystone V2. ''' '''Builds a set of test_data data as returned by Keystone V2.'''
test_data = TestDataContainer() test_data = TestDataContainer()
keystone_service = { keystone_service = {

10
openstack_auth/tests/data_v3.py
View File

@@ -27,13 +27,15 @@ from keystoneclient.v3 import users
class TestDataContainer(object): class TestDataContainer(object):
""" Arbitrary holder for test data in an object-oriented fashion. """ """Arbitrary holder for test data in an object-oriented fashion."""
pass pass
class TestResponse(requests.Response): class TestResponse(requests.Response):
""" Class used to wrap requests.Response and provide some """Class used to wrap requests.Response.
convenience to initialize with a dict """
It also provides some convenience to initialize with a dict.
"""
def __init__(self, data): def __init__(self, data):
self._text = None self._text = None
@@ -55,7 +57,7 @@ class TestResponse(requests.Response):
def generate_test_data(): def generate_test_data():
''' Builds a set of test_data data as returned by Keystone V2. ''' '''Builds a set of test_data data as returned by Keystone V2.'''
test_data = TestDataContainer() test_data = TestDataContainer()
keystone_service = { keystone_service = {

40
openstack_auth/user.py
View File

@@ -185,7 +185,8 @@ class User(models.AnonymousUser):
return "<%s: %s>" % (self.__class__.__name__, self.username) return "<%s: %s>" % (self.__class__.__name__, self.username)
def is_token_expired(self): def is_token_expired(self):
""" """Determine if the token is expired.
Returns ``True`` if the token is expired, ``False`` if not, and Returns ``True`` if the token is expired, ``False`` if not, and
``None`` if there is no token set. ``None`` if there is no token set.
""" """
@@ -194,13 +195,14 @@ class User(models.AnonymousUser):
return not utils.check_token_expiration(self.token) return not utils.check_token_expiration(self.token)
def is_authenticated(self): def is_authenticated(self):
""" Checks for a valid token that has not yet expired. """ """Checks for a valid token that has not yet expired."""
return (self.token is not None and return (self.token is not None and
utils.check_token_expiration(self.token)) utils.check_token_expiration(self.token))
def is_anonymous(self): def is_anonymous(self):
""" """Return if the user is not authenticated.
Returns ``True`` if the user is not authenticated,``False`` otherwise.
Returns ``True`` if not authenticated,``False`` otherwise.
""" """
return not self.is_authenticated() return not self.is_authenticated()
@@ -210,15 +212,15 @@ class User(models.AnonymousUser):
@property @property
def is_superuser(self): def is_superuser(self):
""" """Evaluates whether this user has admin privileges.
Evaluates whether this user has admin privileges. Returns
``True`` or ``False``. Returns ``True`` or ``False``.
""" """
return 'admin' in [role['name'].lower() for role in self.roles] return 'admin' in [role['name'].lower() for role in self.roles]
@property @property
def authorized_tenants(self): def authorized_tenants(self):
""" Returns a memoized list of tenants this user may access. """ """Returns a memoized list of tenants this user may access."""
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False) insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
ca_cert = getattr(settings, "OPENSTACK_SSL_CACERT", None) ca_cert = getattr(settings, "OPENSTACK_SSL_CACERT", None)
@@ -243,9 +245,9 @@ class User(models.AnonymousUser):
self._authorized_tenants = tenant_list self._authorized_tenants = tenant_list
def default_services_region(self): def default_services_region(self):
""" """Returns the first endpoint region for first non-identity service.
Returns the first endpoint region for first non-identity service
in the service catalog Extracted from the service catalog.
""" """
if self.service_catalog: if self.service_catalog:
for service in self.service_catalog: for service in self.service_catalog:
@@ -265,9 +267,7 @@ class User(models.AnonymousUser):
@property @property
def available_services_regions(self): def available_services_regions(self):
""" """Returns list of unique region name values in service catalog."""
Returns list of unique region name values found in service catalog
"""
regions = [] regions = []
if self.service_catalog: if self.service_catalog:
for service in self.service_catalog: for service in self.service_catalog:
@@ -289,10 +289,10 @@ class User(models.AnonymousUser):
# Check for OR'd permission rules, check that user has one of the # Check for OR'd permission rules, check that user has one of the
# required permission. # required permission.
def has_a_matching_perm(self, perm_list, obj=None): def has_a_matching_perm(self, perm_list, obj=None):
""" """Returns True if the user has one of the specified permissions.
Returns True if the user has one of the specified permissions. If
object is passed, it checks if the user has any of the required perms If object is passed, it checks if the user has any of the required
for this object. perms for this object.
""" """
# If there are no permissions to check, just return true # If there are no permissions to check, just return true
if not perm_list: if not perm_list:
@@ -316,8 +316,8 @@ class User(models.AnonymousUser):
# ('openstack.roles.admin', ('openstack.roles.L3-support', # ('openstack.roles.admin', ('openstack.roles.L3-support',
# 'openstack.roles.L2-support'),) # 'openstack.roles.L2-support'),)
def has_perms(self, perm_list, obj=None): def has_perms(self, perm_list, obj=None):
""" """Returns True if the user has all of the specified permissions.
Returns True if the user has all of the specified permissions.
Tuples in the list will possess the required permissions if Tuples in the list will possess the required permissions if
the user has a permissions matching one of the elements of the user has a permissions matching one of the elements of
that tuple that tuple

7
openstack_auth/utils.py
View File

@@ -60,7 +60,7 @@ def patch_middleware_get_user():
def check_token_expiration(token): def check_token_expiration(token):
""" Timezone-aware checking of the auth token's expiration timestamp. """Timezone-aware checking of the auth token's expiration timestamp.
Returns ``True`` if the token has not yet expired, otherwise ``False``. Returns ``True`` if the token has not yet expired, otherwise ``False``.
""" """
@@ -80,10 +80,9 @@ def check_token_expiration(token):
# Added in Django 1.4.3, 1.5b2 # Added in Django 1.4.3, 1.5b2
# Vendored here for compatibility with old Django versions. # Vendored here for compatibility with old Django versions.
def is_safe_url(url, host=None): def is_safe_url(url, host=None):
""" """Return ``True`` if the url is a safe redirection.
Return ``True`` if the url is a safe redirection (i.e. it doesn't point to
a different host).
The safe redirection means that it doesn't point to a different host.
Always returns ``False`` on an empty url. Always returns ``False`` on an empty url.
""" """
if not url: if not url:

11
openstack_auth/views.py
View File

@@ -49,7 +49,7 @@ LOG = logging.getLogger(__name__)
@csrf_protect @csrf_protect
@never_cache @never_cache
def login(request): def login(request):
""" Logs a user in using the :class:`~openstack_auth.forms.Login` form. """ """Logs a user in using the :class:`~openstack_auth.forms.Login` form."""
# If the user is already authenticated, redirect them to the # If the user is already authenticated, redirect them to the
# dashboard straight away, unless the 'next' parameter is set as it # dashboard straight away, unless the 'next' parameter is set as it
# usually indicates requesting access to a page that requires different # usually indicates requesting access to a page that requires different
@@ -140,7 +140,7 @@ def delete_token(endpoint, token_id):
@login_required @login_required
def switch(request, tenant_id, redirect_field_name=auth.REDIRECT_FIELD_NAME): def switch(request, tenant_id, redirect_field_name=auth.REDIRECT_FIELD_NAME):
""" Switches an authenticated user from one project to another. """ """Switches an authenticated user from one project to another."""
LOG.debug('Switching to tenant %s for user "%s".' LOG.debug('Switching to tenant %s for user "%s".'
% (tenant_id, request.user.username)) % (tenant_id, request.user.username))
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False) insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
@@ -188,9 +188,10 @@ def switch(request, tenant_id, redirect_field_name=auth.REDIRECT_FIELD_NAME):
@login_required @login_required
def switch_region(request, region_name, def switch_region(request, region_name,
redirect_field_name=auth.REDIRECT_FIELD_NAME): redirect_field_name=auth.REDIRECT_FIELD_NAME):
""" """Switches the user's region for all services except Identity service.
Switches the non-identity services region that is being managed
for the scoped project. The region will be switched if the given region is one of the regions
available for the scoped project. Otherwise the region is not switched.
""" """
if region_name in request.user.available_services_regions: if region_name in request.user.available_services_regions:
request.session['services_region'] = region_name request.session['services_region'] = region_name

3
tox.ini
View File

@@ -41,9 +41,8 @@ downloadcache = ~/cache/pip
[flake8] [flake8]
builtins = _ builtins = _
exclude = .venv,.git,.tox,dist,doc,*openstack/common*,*lib/python*,*egg,build,panel_template,dash_template,local_settings.py exclude = .venv,.git,.tox,dist,doc,*openstack/common*,*lib/python*,*egg,build,panel_template,dash_template,local_settings.py
# H4xx docstrings
# H803 git commit title should not end with period (disabled on purpose, see bug #1236621) # H803 git commit title should not end with period (disabled on purpose, see bug #1236621)
ignore = H4,H803 ignore = H803
[hacking] [hacking]
import_exceptions = django.conf.settings, import_exceptions = django.conf.settings,