Browse Source

Merge "Remove six usage"

changes/91/706791/1
Zuul Gerrit Code Review 2 weeks ago
parent
commit
04316beecc
100 changed files with 700 additions and 821 deletions
  1. +1
    -7
      keystone/api/_shared/EC2_S3_Resource.py
  2. +2
    -3
      keystone/api/_shared/authentication.py
  3. +8
    -8
      keystone/api/auth.py
  4. +3
    -3
      keystone/api/credentials.py
  5. +2
    -2
      keystone/api/discovery.py
  6. +11
    -11
      keystone/api/domains.py
  7. +2
    -2
      keystone/api/ec2tokens.py
  8. +3
    -3
      keystone/api/endpoints.py
  9. +6
    -6
      keystone/api/groups.py
  10. +3
    -3
      keystone/api/limits.py
  11. +8
    -8
      keystone/api/os_ep_filter.py
  12. +11
    -11
      keystone/api/os_federation.py
  13. +13
    -13
      keystone/api/os_inherit.py
  14. +6
    -6
      keystone/api/os_oauth1.py
  15. +12
    -12
      keystone/api/policy.py
  16. +13
    -13
      keystone/api/projects.py
  17. +4
    -4
      keystone/api/regions.py
  18. +3
    -3
      keystone/api/registered_limits.py
  19. +6
    -6
      keystone/api/roles.py
  20. +3
    -7
      keystone/api/s3tokens.py
  21. +3
    -3
      keystone/api/services.py
  22. +7
    -7
      keystone/api/system.py
  23. +3
    -3
      keystone/api/trusts.py
  24. +10
    -10
      keystone/api/users.py
  25. +1
    -4
      keystone/application_credential/backends/base.py
  26. +1
    -4
      keystone/assignment/backends/base.py
  27. +1
    -4
      keystone/assignment/role_backends/base.py
  28. +8
    -12
      keystone/auth/core.py
  29. +2
    -4
      keystone/auth/plugins/base.py
  30. +6
    -11
      keystone/auth/plugins/core.py
  31. +1
    -3
      keystone/auth/plugins/external.py
  32. +1
    -1
      keystone/auth/plugins/mapped.py
  33. +1
    -2
      keystone/auth/plugins/token.py
  34. +1
    -2
      keystone/auth/plugins/totp.py
  35. +2
    -4
      keystone/catalog/backends/base.py
  36. +1
    -1
      keystone/cmd/doctor/ldap.py
  37. +1
    -3
      keystone/common/manager.py
  38. +2
    -4
      keystone/common/resource_options/core.py
  39. +4
    -5
      keystone/common/sql/core.py
  40. +1
    -2
      keystone/common/sql/upgrades.py
  41. +10
    -12
      keystone/common/utils.py
  42. +4
    -5
      keystone/common/validation/validators.py
  43. +1
    -3
      keystone/credential/backends/base.py
  44. +1
    -2
      keystone/credential/backends/sql.py
  45. +1
    -4
      keystone/credential/providers/core.py
  46. +2
    -3
      keystone/credential/providers/fernet/core.py
  47. +1
    -3
      keystone/endpoint_policy/backends/base.py
  48. +27
    -29
      keystone/exception.py
  49. +1
    -4
      keystone/federation/backends/base.py
  50. +1
    -2
      keystone/federation/backends/sql.py
  51. +2
    -3
      keystone/federation/utils.py
  52. +1
    -4
      keystone/identity/backends/base.py
  53. +11
    -22
      keystone/identity/backends/ldap/common.py
  54. +1
    -2
      keystone/identity/backends/ldap/core.py
  55. +1
    -3
      keystone/identity/backends/resource_options.py
  56. +1
    -4
      keystone/identity/generator.py
  57. +2
    -4
      keystone/identity/mapping_backends/base.py
  58. +1
    -4
      keystone/identity/shadow_backends/base.py
  59. +1
    -4
      keystone/limit/backends/base.py
  60. +1
    -3
      keystone/limit/models/base.py
  61. +2
    -3
      keystone/models/receipt_model.py
  62. +2
    -3
      keystone/models/token_model.py
  63. +1
    -4
      keystone/oauth1/backends/base.py
  64. +1
    -3
      keystone/oauth1/validator.py
  65. +1
    -3
      keystone/policy/backends/base.py
  66. +2
    -2
      keystone/receipt/handlers.py
  67. +1
    -2
      keystone/receipt/provider.py
  68. +1
    -4
      keystone/receipt/providers/base.py
  69. +16
    -16
      keystone/receipt/receipt_formatters.py
  70. +1
    -4
      keystone/resource/backends/base.py
  71. +1
    -2
      keystone/resource/backends/sql_model.py
  72. +1
    -4
      keystone/resource/config_backends/base.py
  73. +1
    -2
      keystone/resource/core.py
  74. +1
    -3
      keystone/revoke/backends/base.py
  75. +3
    -4
      keystone/server/flask/application.py
  76. +4
    -6
      keystone/server/flask/common.py
  77. +9
    -10
      keystone/server/flask/request_processing/middleware/auth_context.py
  78. +1
    -3
      keystone/tests/hacking/checks.py
  79. +14
    -14
      keystone/tests/protection/v3/test_access_rules.py
  80. +12
    -12
      keystone/tests/protection/v3/test_application_credential.py
  81. +12
    -12
      keystone/tests/protection/v3/test_assignment.py
  82. +4
    -4
      keystone/tests/protection/v3/test_consumer.py
  83. +21
    -21
      keystone/tests/protection/v3/test_credentials.py
  84. +23
    -23
      keystone/tests/protection/v3/test_domain_config.py
  85. +9
    -9
      keystone/tests/protection/v3/test_domain_roles.py
  86. +14
    -14
      keystone/tests/protection/v3/test_domains.py
  87. +5
    -5
      keystone/tests/protection/v3/test_ec2_credential.py
  88. +17
    -17
      keystone/tests/protection/v3/test_endpoint_group.py
  89. +9
    -9
      keystone/tests/protection/v3/test_endpoints.py
  90. +68
    -68
      keystone/tests/protection/v3/test_grants.py
  91. +35
    -35
      keystone/tests/protection/v3/test_groups.py
  92. +10
    -10
      keystone/tests/protection/v3/test_identity_providers.py
  93. +5
    -5
      keystone/tests/protection/v3/test_implied_roles.py
  94. +23
    -23
      keystone/tests/protection/v3/test_limits.py
  95. +13
    -13
      keystone/tests/protection/v3/test_mappings.py
  96. +9
    -9
      keystone/tests/protection/v3/test_policy.py
  97. +27
    -27
      keystone/tests/protection/v3/test_policy_association.py
  98. +9
    -9
      keystone/tests/protection/v3/test_project_endpoint.py
  99. +32
    -32
      keystone/tests/protection/v3/test_project_tags.py
  100. +32
    -32
      keystone/tests/protection/v3/test_projects.py

+ 1
- 7
keystone/api/_shared/EC2_S3_Resource.py View File

@@ -12,10 +12,7 @@

# Common base resource for EC2 and S3 Authentication

import sys

from oslo_serialization import jsonutils
import six
from werkzeug import exceptions

from keystone.common import provider_api
@@ -102,10 +99,7 @@ class ResourceBase(ks_flask.ResourceBase):
PROVIDERS.resource_api.assert_project_enabled(
project_id=project_ref['id'], project=project_ref)
except AssertionError as e:
six.reraise(
ks_exceptions.Unauthorized,
ks_exceptions.Unauthorized(e),
sys.exc_info()[2])
raise ks_exceptions.Unauthorized from e

roles = PROVIDERS.assignment_api.get_roles_for_user_and_project(
user_ref['id'], project_ref['id'])


+ 2
- 3
keystone/api/_shared/authentication.py View File

@@ -19,7 +19,6 @@

import flask
from oslo_log import log
import six

from keystone.auth import core
from keystone.common import provider_api
@@ -55,7 +54,7 @@ def _check_and_set_default_scoping(auth_info, auth_context):
try:
user_ref = PROVIDERS.identity_api.get_user(auth_context['user_id'])
except exception.UserNotFound as e:
LOG.warning(six.text_type(e))
LOG.warning(e)
raise exception.Unauthorized(e)

default_project_id = user_ref.get('default_project_id')
@@ -235,7 +234,7 @@ def authenticate_for_token(auth=None):

return token
except exception.TrustNotFound as e:
LOG.warning(six.text_type(e))
LOG.warning(e)
raise exception.Unauthorized(e)




+ 8
- 8
keystone/api/auth.py View File

@@ -15,11 +15,11 @@ import string

import flask
import flask_restful
import http.client
from oslo_log import log
from oslo_serialization import jsonutils
from oslo_utils import strutils
from six.moves import http_client
from six.moves import urllib
import urllib
import werkzeug.exceptions

from keystone.api._shared import authentication
@@ -107,7 +107,7 @@ class _AuthFederationWebSSOBase(ks_flask.ResourceBase):
src = string.Template(template.read())
subs = {'host': host, 'token': token_id}
body = src.substitute(subs)
resp = flask.make_response(body, http_client.OK)
resp = flask.make_response(body, http.client.OK)
resp.charset = 'utf-8'
resp.headers['Content-Type'] = 'text/html'
return resp
@@ -298,7 +298,7 @@ class AuthTokenResource(_AuthFederationWebSSOBase):
token_resp = render_token.render_token_response_from_model(
token, include_catalog=include_catalog)
resp_body = jsonutils.dumps(token_resp)
response = flask.make_response(resp_body, http_client.OK)
response = flask.make_response(resp_body, http.client.OK)
response.headers['X-Subject-Token'] = token_id
response.headers['Content-Type'] = 'application/json'
return response
@@ -317,7 +317,7 @@ class AuthTokenResource(_AuthFederationWebSSOBase):
token, include_catalog=include_catalog
)
resp_body = jsonutils.dumps(resp_data)
response = flask.make_response(resp_body, http_client.CREATED)
response = flask.make_response(resp_body, http.client.CREATED)
response.headers['X-Subject-Token'] = token.id
response.headers['Content-Type'] = 'application/json'
return response
@@ -331,7 +331,7 @@ class AuthTokenResource(_AuthFederationWebSSOBase):
token_id = flask.request.headers.get(
authorization.SUBJECT_TOKEN_HEADER)
PROVIDERS.token_provider_api.revoke_token(token_id)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class AuthFederationWebSSOResource(_AuthFederationWebSSOBase):
@@ -404,7 +404,7 @@ class AuthFederationSaml2Resource(_AuthFederationWebSSOBase):
validation.lazy_validate(federation_schema.saml_create, auth)
response, service_provider = saml.create_base_saml_assertion(auth)
headers = _build_response_headers(service_provider)
response = flask.make_response(response.to_string(), http_client.OK)
response = flask.make_response(response.to_string(), http.client.OK)
for header, value in headers:
response.headers[header] = value
return response
@@ -431,7 +431,7 @@ class AuthFederationSaml2ECPResource(_AuthFederationWebSSOBase):
saml_assertion, relay_state_prefix)
headers = _build_response_headers(service_provider)
response = flask.make_response(
ecp_assertion.to_string(), http_client.OK)
ecp_assertion.to_string(), http.client.OK)
for header, value in headers:
response.headers[header] = value
return response


+ 3
- 3
keystone/api/credentials.py View File

@@ -15,8 +15,8 @@
import hashlib

import flask
import http.client
from oslo_serialization import jsonutils
from six.moves import http_client

from keystone.common import provider_api
from keystone.common import rbac_enforcer
@@ -150,7 +150,7 @@ class CredentialResource(ks_flask.ResourceBase):
self._normalize_dict(credential), trust_id=trust_id)
ref = PROVIDERS.credential_api.create_credential(
ref['id'], ref, initiator=self.audit_initiator)
return self.wrap_member(ref), http_client.CREATED
return self.wrap_member(ref), http.client.CREATED

def patch(self, credential_id):
# Update Credential
@@ -176,7 +176,7 @@ class CredentialResource(ks_flask.ResourceBase):

return (PROVIDERS.credential_api.delete_credential(
credential_id, initiator=self.audit_initiator),
http_client.NO_CONTENT)
http.client.NO_CONTENT)


class CredentialAPI(ks_flask.APIBase):


+ 2
- 2
keystone/api/discovery.py View File

@@ -12,8 +12,8 @@

import flask
from flask import request
import http.client
from oslo_serialization import jsonutils
from six.moves import http_client

from keystone.common import json_home
import keystone.conf
@@ -79,7 +79,7 @@ def get_versions():
{'versions': {
'values': list(versions.values())}}),
mimetype=MimeTypes.JSON,
status=http_client.MULTIPLE_CHOICES)
status=http.client.MULTIPLE_CHOICES)
response.headers['Location'] = preferred_location
return response



+ 11
- 11
keystone/api/domains.py View File

@@ -15,7 +15,7 @@
import flask
import flask_restful
import functools
from six.moves import http_client
import http.client

from keystone.common import json_home
from keystone.common import provider_api
@@ -127,7 +127,7 @@ class DomainResource(ks_flask.ResourceBase):
domain = self._normalize_dict(domain)
ref = PROVIDERS.resource_api.create_domain(
domain['id'], domain, initiator=self.audit_initiator)
return self.wrap_member(ref), http_client.CREATED
return self.wrap_member(ref), http.client.CREATED

def patch(self, domain_id):
"""Update domain.
@@ -150,7 +150,7 @@ class DomainResource(ks_flask.ResourceBase):
ENFORCER.enforce_call(action='identity:delete_domain')
PROVIDERS.resource_api.delete_domain(
domain_id, initiator=self.audit_initiator)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class DomainConfigBase(ks_flask.ResourceBase):
@@ -217,7 +217,7 @@ class DomainConfigBase(ks_flask.ResourceBase):
PROVIDERS.resource_api.get_domain(domain_id)
PROVIDERS.domain_config_api.delete_config(
domain_id, group, option=option)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class DomainConfigResource(DomainConfigBase):
@@ -247,7 +247,7 @@ class DomainConfigResource(DomainConfigBase):
if original_config:
return {self.member_key: ref}
else:
return {self.member_key: ref}, http_client.CREATED
return {self.member_key: ref}, http.client.CREATED


class DomainConfigGroupResource(DomainConfigBase):
@@ -337,7 +337,7 @@ class DomainUserResource(ks_flask.ResourceBase):
PROVIDERS.assignment_api.get_grant(
role_id, domain_id=domain_id, user_id=user_id,
inherited_to_projects=False)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def put(self, domain_id=None, user_id=None, role_id=None):
"""Create a role to a user on a domain.
@@ -350,7 +350,7 @@ class DomainUserResource(ks_flask.ResourceBase):
PROVIDERS.assignment_api.create_grant(
role_id, domain_id=domain_id, user_id=user_id,
inherited_to_projects=False, initiator=self.audit_initiator)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def delete(self, domain_id=None, user_id=None, role_id=None):
"""Revoke a role from user on a domain.
@@ -364,7 +364,7 @@ class DomainUserResource(ks_flask.ResourceBase):
PROVIDERS.assignment_api.delete_grant(
role_id, domain_id=domain_id, user_id=user_id,
inherited_to_projects=False, initiator=self.audit_initiator)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class DomainGroupListResource(flask_restful.Resource):
@@ -398,7 +398,7 @@ class DomainGroupResource(ks_flask.ResourceBase):
PROVIDERS.assignment_api.get_grant(
role_id, domain_id=domain_id, group_id=group_id,
inherited_to_projects=False)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def put(self, domain_id=None, group_id=None, role_id=None):
"""Grant a role to a group on a domain.
@@ -411,7 +411,7 @@ class DomainGroupResource(ks_flask.ResourceBase):
PROVIDERS.assignment_api.create_grant(
role_id, domain_id=domain_id, group_id=group_id,
inherited_to_projects=False, initiator=self.audit_initiator)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def delete(self, domain_id=None, group_id=None, role_id=None):
"""Revoke a role from a group on a domain.
@@ -425,7 +425,7 @@ class DomainGroupResource(ks_flask.ResourceBase):
PROVIDERS.assignment_api.delete_grant(
role_id, domain_id=domain_id, group_id=group_id,
inherited_to_projects=False, initiator=self.audit_initiator)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class DomainAPI(ks_flask.APIBase):


+ 2
- 2
keystone/api/ec2tokens.py View File

@@ -13,9 +13,9 @@
# This file handles all flask-restful resources for /v3/ec2tokens

import flask
import http.client
from keystoneclient.contrib.ec2 import utils as ec2_utils
from oslo_serialization import jsonutils
from six.moves import http_client

from keystone.api._shared import EC2_S3_Resource
from keystone.api._shared import json_home_relations
@@ -67,7 +67,7 @@ class EC2TokensResource(EC2_S3_Resource.ResourceBase):
token = self.handle_authenticate()
token_reference = render_token.render_token_response_from_model(token)
resp_body = jsonutils.dumps(token_reference)
response = flask.make_response(resp_body, http_client.OK)
response = flask.make_response(resp_body, http.client.OK)
response.headers['X-Subject-Token'] = token.id
response.headers['Content-Type'] = 'application/json'
return response


+ 3
- 3
keystone/api/endpoints.py View File

@@ -13,7 +13,7 @@
# This file handles all flask-restful resources for /v3/services

import flask_restful
from six.moves import http_client
import http.client

from keystone.api._shared import json_home_relations
from keystone.catalog import schema
@@ -97,7 +97,7 @@ class EndpointResource(ks_flask.ResourceBase):
endpoint = self._validate_endpoint_region(endpoint)
ref = PROVIDERS.catalog_api.create_endpoint(
endpoint['id'], endpoint, initiator=self.audit_initiator)
return self.wrap_member(_filter_endpoint(ref)), http_client.CREATED
return self.wrap_member(_filter_endpoint(ref)), http.client.CREATED

def patch(self, endpoint_id):
ENFORCER.enforce_call(action='identity:update_endpoint')
@@ -113,7 +113,7 @@ class EndpointResource(ks_flask.ResourceBase):
ENFORCER.enforce_call(action='identity:delete_endpoint')
PROVIDERS.catalog_api.delete_endpoint(endpoint_id,
initiator=self.audit_initiator)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class EndpointPolicyEndpointResource(flask_restful.Resource):


+ 6
- 6
keystone/api/groups.py View File

@@ -15,7 +15,7 @@
import flask
import flask_restful
import functools
from six.moves import http_client
import http.client

from keystone.common import json_home
from keystone.common import provider_api
@@ -107,7 +107,7 @@ class GroupsResource(ks_flask.ResourceBase):
group = self._normalize_domain_id(group)
ref = PROVIDERS.identity_api.create_group(
group, initiator=self.audit_initiator)
return self.wrap_member(ref), http_client.CREATED
return self.wrap_member(ref), http.client.CREATED

def patch(self, group_id):
"""Update group.
@@ -133,7 +133,7 @@ class GroupsResource(ks_flask.ResourceBase):
ENFORCER.enforce_call(action='identity:delete_group')
PROVIDERS.identity_api.delete_group(
group_id, initiator=self.audit_initiator)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class GroupUsersResource(ks_flask.ResourceBase):
@@ -194,7 +194,7 @@ class UserGroupCRUDResource(flask_restful.Resource):
build_target=functools.partial(self._build_enforcement_target_attr,
user_id, group_id))
PROVIDERS.identity_api.check_user_in_group(user_id, group_id)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def put(self, group_id, user_id):
"""Add user to group.
@@ -207,7 +207,7 @@ class UserGroupCRUDResource(flask_restful.Resource):
user_id, group_id))
PROVIDERS.identity_api.add_user_to_group(
user_id, group_id, initiator=notifications.build_audit_initiator())
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def delete(self, group_id, user_id):
"""Remove user from group.
@@ -220,7 +220,7 @@ class UserGroupCRUDResource(flask_restful.Resource):
user_id, group_id))
PROVIDERS.identity_api.remove_user_from_group(
user_id, group_id, initiator=notifications.build_audit_initiator())
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class GroupAPI(ks_flask.APIBase):


+ 3
- 3
keystone/api/limits.py View File

@@ -14,7 +14,7 @@

import flask
import flask_restful
from six.moves import http_client
import http.client

from keystone.common import json_home
from keystone.common import provider_api
@@ -110,7 +110,7 @@ class LimitsResource(ks_flask.ResourceBase):
refs = PROVIDERS.unified_limit_api.create_limits(limits)
refs = self.wrap_collection(refs)
refs.pop('links')
return refs, http_client.CREATED
return refs, http.client.CREATED

def patch(self, limit_id):
ENFORCER.enforce_call(action='identity:update_limit')
@@ -124,7 +124,7 @@ class LimitsResource(ks_flask.ResourceBase):
def delete(self, limit_id):
ENFORCER.enforce_call(action='identity:delete_limit')
return (PROVIDERS.unified_limit_api.delete_limit(limit_id),
http_client.NO_CONTENT)
http.client.NO_CONTENT)


class LimitModelResource(flask_restful.Resource):


+ 8
- 8
keystone/api/os_ep_filter.py View File

@@ -13,7 +13,7 @@
# This file handles all flask-restful resources for /OS-EP-FILTER

import flask_restful
from six.moves import http_client
import http.client

from keystone.api._shared import json_home_relations
from keystone.api import endpoints as _endpoints_api
@@ -90,7 +90,7 @@ class EndpointGroupsResource(ks_flask.ResourceBase):
self._require_valid_filter(ep_group)
ep_group = self._assign_unique_id(ep_group)
return self.wrap_member(PROVIDERS.catalog_api.create_endpoint_group(
ep_group['id'], ep_group)), http_client.CREATED
ep_group['id'], ep_group)), http.client.CREATED

def patch(self, endpoint_group_id):
ENFORCER.enforce_call(action='identity:update_endpoint_group')
@@ -105,7 +105,7 @@ class EndpointGroupsResource(ks_flask.ResourceBase):
def delete(self, endpoint_group_id):
ENFORCER.enforce_call(action='identity:delete_endpoint_group')
return (PROVIDERS.catalog_api.delete_endpoint_group(endpoint_group_id),
http_client.NO_CONTENT)
http.client.NO_CONTENT)


class EPFilterEndpointProjectsResource(flask_restful.Resource):
@@ -127,19 +127,19 @@ class EPFilterProjectsEndpointsResource(flask_restful.Resource):
PROVIDERS.resource_api.get_project(project_id)
PROVIDERS.catalog_api.check_endpoint_in_project(
endpoint_id, project_id)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def put(self, project_id, endpoint_id):
ENFORCER.enforce_call(action='identity:add_endpoint_to_project')
PROVIDERS.catalog_api.get_endpoint(endpoint_id)
PROVIDERS.resource_api.get_project(project_id)
PROVIDERS.catalog_api.add_endpoint_to_project(endpoint_id, project_id)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def delete(self, project_id, endpoint_id):
ENFORCER.enforce_call(action='identity:remove_endpoint_from_project')
return (PROVIDERS.catalog_api.remove_endpoint_from_project(
endpoint_id, project_id), http_client.NO_CONTENT)
endpoint_id, project_id), http.client.NO_CONTENT)


class EPFilterProjectEndpointsListResource(flask_restful.Resource):
@@ -219,7 +219,7 @@ class EPFilterGroupsProjectsResource(ks_flask.ResourceBase):
PROVIDERS.catalog_api.get_endpoint_group(endpoint_group_id)
PROVIDERS.catalog_api.add_endpoint_group_to_project(
endpoint_group_id, project_id)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def delete(self, endpoint_group_id, project_id):
ENFORCER.enforce_call(
@@ -228,7 +228,7 @@ class EPFilterGroupsProjectsResource(ks_flask.ResourceBase):
PROVIDERS.catalog_api.get_endpoint_group(endpoint_group_id)
PROVIDERS.catalog_api.remove_endpoint_group_from_project(
endpoint_group_id, project_id)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class EPFilterAPI(ks_flask.APIBase):


+ 11
- 11
keystone/api/os_federation.py View File

@@ -14,8 +14,8 @@

import flask
import flask_restful
import http.client
from oslo_serialization import jsonutils
from six.moves import http_client

from keystone.api._shared import authentication
from keystone.api._shared import json_home_relations
@@ -137,7 +137,7 @@ class IdentityProvidersResource(_ResourceBase):
idp.setdefault('enabled', False)
idp_ref = PROVIDERS.federation_api.create_idp(
idp_id, idp)
return self.wrap_member(idp_ref), http_client.CREATED
return self.wrap_member(idp_ref), http.client.CREATED

def patch(self, idp_id):
ENFORCER.enforce_call(action='identity:update_identity_provider')
@@ -151,7 +151,7 @@ class IdentityProvidersResource(_ResourceBase):
def delete(self, idp_id):
ENFORCER.enforce_call(action='identity:delete_identity_provider')
PROVIDERS.federation_api.delete_idp(idp_id)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class _IdentityProvidersProtocolsResourceBase(_ResourceBase):
@@ -218,7 +218,7 @@ class IDPProtocolsCRUDResource(_IdentityProvidersProtocolsResourceBase):
protocol = self._normalize_dict(protocol)
ref = PROVIDERS.federation_api.create_protocol(idp_id, protocol_id,
protocol)
return self.wrap_member(ref), http_client.CREATED
return self.wrap_member(ref), http.client.CREATED

def patch(self, idp_id, protocol_id):
"""Update protocol for an IDP.
@@ -241,7 +241,7 @@ class IDPProtocolsCRUDResource(_IdentityProvidersProtocolsResourceBase):
"""
ENFORCER.enforce_call(action='identity:delete_protocol')
PROVIDERS.federation_api.delete_protocol(idp_id, protocol_id)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class MappingResource(_ResourceBase):
@@ -282,7 +282,7 @@ class MappingResource(_ResourceBase):
utils.validate_mapping_structure(mapping)
mapping_ref = PROVIDERS.federation_api.create_mapping(
mapping_id, mapping)
return self.wrap_member(mapping_ref), http_client.CREATED
return self.wrap_member(mapping_ref), http.client.CREATED

def patch(self, mapping_id):
"""Update a mapping.
@@ -304,7 +304,7 @@ class MappingResource(_ResourceBase):
"""
ENFORCER.enforce_call(action='identity:delete_mapping')
PROVIDERS.federation_api.delete_mapping(mapping_id)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class ServiceProvidersResource(_ResourceBase):
@@ -355,7 +355,7 @@ class ServiceProvidersResource(_ResourceBase):
sp.setdefault('relay_state_prefix',
CONF.saml.relay_state_prefix)
sp_ref = PROVIDERS.federation_api.create_sp(sp_id, sp)
return self.wrap_member(sp_ref), http_client.CREATED
return self.wrap_member(sp_ref), http.client.CREATED

def patch(self, sp_id):
"""Update a service provider.
@@ -376,7 +376,7 @@ class ServiceProvidersResource(_ResourceBase):
"""
ENFORCER.enforce_call(action='identity:delete_service_provider')
PROVIDERS.federation_api.delete_sp(sp_id)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class SAML2MetadataResource(flask_restful.Resource):
@@ -393,7 +393,7 @@ class SAML2MetadataResource(flask_restful.Resource):
except IOError as e:
# Raise HTTP 500 in case Metadata file cannot be read.
raise exception.MetadataFileError(reason=e)
resp = flask.make_response(metadata, http_client.OK)
resp = flask.make_response(metadata, http.client.OK)
resp.headers['Content-Type'] = 'text/xml'
return resp

@@ -436,7 +436,7 @@ class OSFederationAuthResource(flask_restful.Resource):
token = authentication.authenticate_for_token(auth)
token_data = render_token.render_token_response_from_model(token)
resp_data = jsonutils.dumps(token_data)
flask_resp = flask.make_response(resp_data, http_client.CREATED)
flask_resp = flask.make_response(resp_data, http.client.CREATED)
flask_resp.headers['X-Subject-Token'] = token.id
flask_resp.headers['Content-Type'] = 'application/json'
return flask_resp


+ 13
- 13
keystone/api/os_inherit.py View File

@@ -14,8 +14,8 @@

import flask_restful
import functools
import http.client
from oslo_log import log
from six.moves import http_client

from keystone.api._shared import json_home_relations
from keystone.common import json_home
@@ -118,7 +118,7 @@ class OSInheritDomainGroupRolesResource(flask_restful.Resource):
PROVIDERS.assignment_api.get_grant(
domain_id=domain_id, group_id=group_id, role_id=role_id,
inherited_to_projects=True)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def put(self, domain_id, group_id, role_id):
"""Create an inherited grant for a group on a domain.
@@ -135,7 +135,7 @@ class OSInheritDomainGroupRolesResource(flask_restful.Resource):
PROVIDERS.assignment_api.create_grant(
domain_id=domain_id, group_id=group_id, role_id=role_id,
inherited_to_projects=True)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def delete(self, domain_id, group_id, role_id):
"""Revoke an inherited grant for a group on a domain.
@@ -152,7 +152,7 @@ class OSInheritDomainGroupRolesResource(flask_restful.Resource):
PROVIDERS.assignment_api.delete_grant(
domain_id=domain_id, group_id=group_id, role_id=role_id,
inherited_to_projects=True)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class OSInheritDomainGroupRolesListResource(flask_restful.Resource):
@@ -189,7 +189,7 @@ class OSInheritDomainUserRolesResource(flask_restful.Resource):
PROVIDERS.assignment_api.get_grant(
domain_id=domain_id, user_id=user_id, role_id=role_id,
inherited_to_projects=True)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def put(self, domain_id, user_id, role_id):
"""Create an inherited grant for a user on a domain.
@@ -206,7 +206,7 @@ class OSInheritDomainUserRolesResource(flask_restful.Resource):
PROVIDERS.assignment_api.create_grant(
domain_id=domain_id, user_id=user_id, role_id=role_id,
inherited_to_projects=True)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def delete(self, domain_id, user_id, role_id):
"""Revoke a grant from a user on a domain.
@@ -223,7 +223,7 @@ class OSInheritDomainUserRolesResource(flask_restful.Resource):
PROVIDERS.assignment_api.delete_grant(
domain_id=domain_id, user_id=user_id, role_id=role_id,
inherited_to_projects=True)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class OSInheritDomainUserRolesListResource(flask_restful.Resource):
@@ -260,7 +260,7 @@ class OSInheritProjectUserResource(flask_restful.Resource):
PROVIDERS.assignment_api.get_grant(
project_id=project_id, user_id=user_id, role_id=role_id,
inherited_to_projects=True)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def put(self, project_id, user_id, role_id):
"""Create an inherited grant for a user on a project.
@@ -277,7 +277,7 @@ class OSInheritProjectUserResource(flask_restful.Resource):
PROVIDERS.assignment_api.create_grant(
project_id=project_id, user_id=user_id, role_id=role_id,
inherited_to_projects=True)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def delete(self, project_id, user_id, role_id):
"""Revoke an inherited grant for a user on a project.
@@ -294,7 +294,7 @@ class OSInheritProjectUserResource(flask_restful.Resource):
PROVIDERS.assignment_api.delete_grant(
project_id=project_id, user_id=user_id, role_id=role_id,
inherited_to_projects=True)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class OSInheritProjectGroupResource(flask_restful.Resource):
@@ -313,7 +313,7 @@ class OSInheritProjectGroupResource(flask_restful.Resource):
PROVIDERS.assignment_api.get_grant(
project_id=project_id, group_id=group_id, role_id=role_id,
inherited_to_projects=True)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def put(self, project_id, group_id, role_id):
"""Create an inherited grant for a group on a project.
@@ -330,7 +330,7 @@ class OSInheritProjectGroupResource(flask_restful.Resource):
PROVIDERS.assignment_api.create_grant(
project_id=project_id, group_id=group_id, role_id=role_id,
inherited_to_projects=True)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def delete(self, project_id, group_id, role_id):
"""Revoke an inherited grant for a group on a project.
@@ -347,7 +347,7 @@ class OSInheritProjectGroupResource(flask_restful.Resource):
PROVIDERS.assignment_api.delete_grant(
project_id=project_id, group_id=group_id, role_id=role_id,
inherited_to_projects=True)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class OSInheritAPI(ks_flask.APIBase):


+ 6
- 6
keystone/api/os_oauth1.py View File

@@ -14,10 +14,10 @@

import flask
import flask_restful
import http.client
from oslo_log import log
from oslo_utils import timeutils
from six.moves import http_client
from six.moves.urllib import parse as urlparse
from urllib import parse as urlparse
from werkzeug import exceptions

from keystone.api._shared import json_home_relations
@@ -108,7 +108,7 @@ class ConsumerResource(ks_flask.ResourceBase):
consumer = self._assign_unique_id(consumer)
ref = PROVIDERS.oauth_api.create_consumer(
consumer, initiator=self.audit_initiator)
return self.wrap_member(ref), http_client.CREATED
return self.wrap_member(ref), http.client.CREATED

def delete(self, consumer_id):
ENFORCER.enforce_call(action='identity:delete_consumer')
@@ -122,7 +122,7 @@ class ConsumerResource(ks_flask.ResourceBase):
notifications.invalidate_token_cache_notification(reason)
PROVIDERS.oauth_api.delete_consumer(
consumer_id, initiator=self.audit_initiator)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def patch(self, consumer_id):
ENFORCER.enforce_call(action='identity:update_consumer')
@@ -184,7 +184,7 @@ class RequestTokenResource(_OAuth1ResourceBase):
expiry_bit = '&oauth_expires_at=%s' % token_ref['expires_at']
result += expiry_bit

resp = flask.make_response(result, http_client.CREATED)
resp = flask.make_response(result, http.client.CREATED)
resp.headers['Content-Type'] = 'application/x-www-form-urlencoded'
return resp

@@ -276,7 +276,7 @@ class AccessTokenResource(_OAuth1ResourceBase):
expiry_bit = '&oauth_expires_at=%s' % (token_ref['expires_at'])
result += expiry_bit

resp = flask.make_response(result, http_client.CREATED)
resp = flask.make_response(result, http.client.CREATED)
resp.headers['Content-Type'] = 'application/x-www-form-urlencoded'
return resp



+ 12
- 12
keystone/api/policy.py View File

@@ -13,8 +13,8 @@
# This file handles all flask-restful resources for /policy

import flask_restful
import http.client
from oslo_log import versionutils
from six.moves import http_client

from keystone.api._shared import json_home_relations
from keystone.common import json_home
@@ -72,7 +72,7 @@ class PolicyResource(ks_flask.ResourceBase):
ref = PROVIDERS.policy_api.create_policy(
policy['id'], policy, initiator=self.audit_initiator
)
return self.wrap_member(ref), http_client.CREATED
return self.wrap_member(ref), http.client.CREATED

@versionutils.deprecated(
as_of=versionutils.deprecated.QUEENS,
@@ -97,7 +97,7 @@ class PolicyResource(ks_flask.ResourceBase):
res = PROVIDERS.policy_api.delete_policy(
policy_id, initiator=self.audit_initiator
)
return (res, http_client.NO_CONTENT)
return (res, http.client.NO_CONTENT)


class EndpointPolicyResource(flask_restful.Resource):
@@ -128,7 +128,7 @@ class EndpointPolicyAssociations(flask_restful.Resource):
PROVIDERS.endpoint_policy_api.check_policy_association(
policy_id, endpoint_id=endpoint_id
)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def put(self, policy_id, endpoint_id):
action = 'identity:create_policy_association_for_endpoint'
@@ -138,7 +138,7 @@ class EndpointPolicyAssociations(flask_restful.Resource):
PROVIDERS.endpoint_policy_api.create_policy_association(
policy_id, endpoint_id=endpoint_id
)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def delete(self, policy_id, endpoint_id):
action = 'identity:delete_policy_association_for_endpoint'
@@ -148,7 +148,7 @@ class EndpointPolicyAssociations(flask_restful.Resource):
PROVIDERS.endpoint_policy_api.delete_policy_association(
policy_id, endpoint_id=endpoint_id
)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class ServicePolicyAssociations(flask_restful.Resource):
@@ -161,7 +161,7 @@ class ServicePolicyAssociations(flask_restful.Resource):
PROVIDERS.endpoint_policy_api.check_policy_association(
policy_id, service_id=service_id
)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def put(self, policy_id, service_id):
action = 'identity:create_policy_association_for_service'
@@ -171,7 +171,7 @@ class ServicePolicyAssociations(flask_restful.Resource):
PROVIDERS.endpoint_policy_api.create_policy_association(
policy_id, service_id=service_id
)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def delete(self, policy_id, service_id):
action = 'identity:delete_policy_association_for_service'
@@ -181,7 +181,7 @@ class ServicePolicyAssociations(flask_restful.Resource):
PROVIDERS.endpoint_policy_api.delete_policy_association(
policy_id, service_id=service_id
)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class ServiceRegionPolicyAssociations(flask_restful.Resource):
@@ -195,7 +195,7 @@ class ServiceRegionPolicyAssociations(flask_restful.Resource):
PROVIDERS.endpoint_policy_api.check_policy_association(
policy_id, service_id=service_id, region_id=region_id
)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def put(self, policy_id, service_id, region_id):
action = 'identity:create_policy_association_for_region_and_service'
@@ -206,7 +206,7 @@ class ServiceRegionPolicyAssociations(flask_restful.Resource):
PROVIDERS.endpoint_policy_api.create_policy_association(
policy_id, service_id=service_id, region_id=region_id
)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def delete(self, policy_id, service_id, region_id):
action = 'identity:delete_policy_association_for_region_and_service'
@@ -217,7 +217,7 @@ class ServiceRegionPolicyAssociations(flask_restful.Resource):
PROVIDERS.endpoint_policy_api.delete_policy_association(
policy_id, service_id=service_id, region_id=region_id
)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class PolicyAPI(ks_flask.APIBase):


+ 13
- 13
keystone/api/projects.py View File

@@ -15,7 +15,7 @@
import functools

import flask
from six.moves import http_client
import http.client

from keystone.common import json_home
from keystone.common import provider_api
@@ -179,7 +179,7 @@ class ProjectResource(ks_flask.ResourceBase):
initiator=self.audit_initiator)
except (exception.DomainNotFound, exception.ProjectNotFound) as e:
raise exception.ValidationError(e)
return self.wrap_member(ref), http_client.CREATED
return self.wrap_member(ref), http.client.CREATED

def patch(self, project_id):
"""Update project.
@@ -211,7 +211,7 @@ class ProjectResource(ks_flask.ResourceBase):
PROVIDERS.resource_api.delete_project(
project_id,
initiator=self.audit_initiator)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class _ProjectTagResourceBase(ks_flask.ResourceBase):
@@ -268,7 +268,7 @@ class ProjectTagsResource(_ProjectTagResourceBase):
build_target=_build_project_target_enforcement
)
PROVIDERS.resource_api.update_project_tags(project_id, [])
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class ProjectTagResource(_ProjectTagResourceBase):
@@ -282,7 +282,7 @@ class ProjectTagResource(_ProjectTagResourceBase):
build_target=_build_project_target_enforcement,
)
PROVIDERS.resource_api.get_project_tag(project_id, value)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def put(self, project_id, value):
"""Add a single tag to a project.
@@ -304,7 +304,7 @@ class ProjectTagResource(_ProjectTagResourceBase):
initiator=self.audit_initiator
)
url = '/'.join((ks_flask.base_url(), project_id, 'tags', value))
response = flask.make_response('', http_client.CREATED)
response = flask.make_response('', http.client.CREATED)
response.headers['Location'] = url
return response

@@ -318,7 +318,7 @@ class ProjectTagResource(_ProjectTagResourceBase):
build_target=_build_project_target_enforcement
)
PROVIDERS.resource_api.delete_project_tag(project_id, value)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class _ProjectGrantResourceBase(ks_flask.ResourceBase):
@@ -375,7 +375,7 @@ class ProjectUserGrantResource(_ProjectGrantResourceBase):
PROVIDERS.assignment_api.get_grant(
role_id=role_id, user_id=user_id, project_id=project_id,
inherited_to_projects=inherited)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def put(self, project_id, user_id, role_id):
"""Grant role for user on project.
@@ -392,7 +392,7 @@ class ProjectUserGrantResource(_ProjectGrantResourceBase):
PROVIDERS.assignment_api.create_grant(
role_id=role_id, user_id=user_id, project_id=project_id,
inherited_to_projects=inherited, initiator=self.audit_initiator)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def delete(self, project_id, user_id, role_id):
"""Delete grant of role for user on project.
@@ -410,7 +410,7 @@ class ProjectUserGrantResource(_ProjectGrantResourceBase):
PROVIDERS.assignment_api.delete_grant(
role_id=role_id, user_id=user_id, project_id=project_id,
inherited_to_projects=inherited, initiator=self.audit_initiator)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class ProjectUserListGrantResource(_ProjectGrantResourceBase):
@@ -448,7 +448,7 @@ class ProjectGroupGrantResource(_ProjectGrantResourceBase):
PROVIDERS.assignment_api.get_grant(
role_id=role_id, group_id=group_id, project_id=project_id,
inherited_to_projects=inherited)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def put(self, project_id, group_id, role_id):
"""Grant role for group on project.
@@ -465,7 +465,7 @@ class ProjectGroupGrantResource(_ProjectGrantResourceBase):
PROVIDERS.assignment_api.create_grant(
role_id=role_id, group_id=group_id, project_id=project_id,
inherited_to_projects=inherited, initiator=self.audit_initiator)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def delete(self, project_id, group_id, role_id):
"""Delete grant of role for group on project.
@@ -483,7 +483,7 @@ class ProjectGroupGrantResource(_ProjectGrantResourceBase):
PROVIDERS.assignment_api.delete_grant(
role_id=role_id, group_id=group_id, project_id=project_id,
inherited_to_projects=inherited, initiator=self.audit_initiator)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class ProjectGroupListGrantResource(_ProjectGrantResourceBase):


+ 4
- 4
keystone/api/regions.py View File

@@ -12,7 +12,7 @@

# This file handles all flask-restful resources for /v3/regions

from six.moves import http_client
import http.client

from keystone.catalog import schema
from keystone.common import provider_api
@@ -59,7 +59,7 @@ class RegionResource(ks_flask.ResourceBase):
region = self._assign_unique_id(region)
ref = PROVIDERS.catalog_api.create_region(
region, initiator=self.audit_initiator)
return self.wrap_member(ref), http_client.CREATED
return self.wrap_member(ref), http.client.CREATED

def put(self, region_id):
ENFORCER.enforce_call(action='identity:create_region')
@@ -77,7 +77,7 @@ class RegionResource(ks_flask.ResourceBase):

ref = PROVIDERS.catalog_api.create_region(
region, initiator=self.audit_initiator)
return self.wrap_member(ref), http_client.CREATED
return self.wrap_member(ref), http.client.CREATED

def patch(self, region_id):
ENFORCER.enforce_call(action='identity:update_region')
@@ -90,7 +90,7 @@ class RegionResource(ks_flask.ResourceBase):
def delete(self, region_id):
ENFORCER.enforce_call(action='identity:delete_region')
return PROVIDERS.catalog_api.delete_region(
region_id, initiator=self.audit_initiator), http_client.NO_CONTENT
region_id, initiator=self.audit_initiator), http.client.NO_CONTENT


class RegionAPI(ks_flask.APIBase):


+ 3
- 3
keystone/api/registered_limits.py View File

@@ -13,7 +13,7 @@
# This file handles all flask-restful resources for /v3/registered_limits

import flask
from six.moves import http_client
import http.client

from keystone.common import json_home
from keystone.common import provider_api
@@ -62,7 +62,7 @@ class RegisteredLimitResource(ks_flask.ResourceBase):
registered_limits)
refs = self.wrap_collection(refs)
refs.pop('links')
return refs, http_client.CREATED
return refs, http.client.CREATED

def patch(self, registered_limit_id):
ENFORCER.enforce_call(action='identity:update_registered_limit')
@@ -78,7 +78,7 @@ class RegisteredLimitResource(ks_flask.ResourceBase):
def delete(self, registered_limit_id):
ENFORCER.enforce_call(action='identity:delete_registered_limit')
return (PROVIDERS.unified_limit_api.delete_registered_limit(
registered_limit_id), http_client.NO_CONTENT)
registered_limit_id), http.client.NO_CONTENT)


class RegisteredLimitsAPI(ks_flask.APIBase):


+ 6
- 6
keystone/api/roles.py View File

@@ -14,7 +14,7 @@

import flask
import flask_restful
from six.moves import http_client
import http.client

from keystone.api._shared import implied_roles as shared
from keystone.assignment import schema
@@ -114,7 +114,7 @@ class RoleResource(ks_flask.ResourceBase):
role = self._normalize_dict(role)
ref = PROVIDERS.role_api.create_role(
role['id'], role, initiator=self.audit_initiator)
return self.wrap_member(ref), http_client.CREATED
return self.wrap_member(ref), http.client.CREATED

def patch(self, role_id):
"""Update role.
@@ -170,7 +170,7 @@ class RoleResource(ks_flask.ResourceBase):
member_target_type='role',
member_target=role)
PROVIDERS.role_api.delete_role(role_id, initiator=self.audit_initiator)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


def _build_enforcement_target_ref():
@@ -222,7 +222,7 @@ class RoleImplicationResource(flask_restful.Resource):
# for a future fix. This should just return the above "get" however,
# we document and implment this as a NO_CONTENT response. NO_CONTENT
# here is incorrect. It is maintained as is for API contract reasons.
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def get(self, prior_role_id, implied_role_id):
"""Get implied role.
@@ -258,7 +258,7 @@ class RoleImplicationResource(flask_restful.Resource):
build_target=_build_enforcement_target_ref)
PROVIDERS.role_api.create_implied_role(prior_role_id, implied_role_id)
response_json = self._get_implied_role(prior_role_id, implied_role_id)
return response_json, http_client.CREATED
return response_json, http.client.CREATED

def delete(self, prior_role_id, implied_role_id):
"""Delete implied role.
@@ -268,7 +268,7 @@ class RoleImplicationResource(flask_restful.Resource):
ENFORCER.enforce_call(action='identity:delete_implied_role',
build_target=_build_enforcement_target_ref)
PROVIDERS.role_api.delete_implied_role(prior_role_id, implied_role_id)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class RoleAPI(ks_flask.APIBase):


+ 3
- 7
keystone/api/s3tokens.py View File

@@ -17,9 +17,8 @@ import hashlib
import hmac

import flask
import http.client
from oslo_serialization import jsonutils
import six
from six.moves import http_client

from keystone.api._shared import EC2_S3_Resource
from keystone.api._shared import json_home_relations
@@ -39,10 +38,7 @@ def _calculate_signature_v1(string_to_sign, secret_key):
sign requests
"""
key = str(secret_key).encode('utf-8')
if six.PY2:
b64_encode = base64.encodestring
else:
b64_encode = base64.encodebytes
b64_encode = base64.encodebytes
signed = b64_encode(hmac.new(key, string_to_sign, hashlib.sha1)
.digest()).decode('utf-8').strip()
return signed
@@ -100,7 +96,7 @@ class S3Resource(EC2_S3_Resource.ResourceBase):
token = self.handle_authenticate()
token_reference = render_token.render_token_response_from_model(token)
resp_body = jsonutils.dumps(token_reference)
response = flask.make_response(resp_body, http_client.OK)
response = flask.make_response(resp_body, http.client.OK)
response.headers['Content-Type'] = 'application/json'
return response



+ 3
- 3
keystone/api/services.py View File

@@ -12,7 +12,7 @@

# This file handles all flask-restful resources for /v3/services

from six.moves import http_client
import http.client

from keystone.catalog import schema
from keystone.common import provider_api
@@ -52,7 +52,7 @@ class ServicesResource(ks_flask.ResourceBase):
service = self._assign_unique_id(self._normalize_dict(service))
ref = PROVIDERS.catalog_api.create_service(
service['id'], service, initiator=self.audit_initiator)
return self.wrap_member(ref), http_client.CREATED
return self.wrap_member(ref), http.client.CREATED

def patch(self, service_id):
ENFORCER.enforce_call(action='identity:update_service')
@@ -66,7 +66,7 @@ class ServicesResource(ks_flask.ResourceBase):
def delete(self, service_id):
ENFORCER.enforce_call(action='identity:delete_service')
return PROVIDERS.catalog_api.delete_service(
service_id, initiator=self.audit_initiator), http_client.NO_CONTENT
service_id, initiator=self.audit_initiator), http.client.NO_CONTENT


class ServiceAPI(ks_flask.APIBase):


+ 7
- 7
keystone/api/system.py View File

@@ -15,7 +15,7 @@
import flask
import flask_restful
import functools
from six.moves import http_client
import http.client

from keystone.common import json_home
from keystone.common import provider_api
@@ -73,7 +73,7 @@ class SystemUsersResource(flask_restful.Resource):
ENFORCER.enforce_call(action='identity:check_system_grant_for_user',
build_target=_build_enforcement_target)
PROVIDERS.assignment_api.check_system_grant_for_user(user_id, role_id)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def put(self, user_id, role_id):
"""Grant a role to a user on the system.
@@ -83,7 +83,7 @@ class SystemUsersResource(flask_restful.Resource):
ENFORCER.enforce_call(action='identity:create_system_grant_for_user',
build_target=_build_enforcement_target)
PROVIDERS.assignment_api.create_system_grant_for_user(user_id, role_id)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def delete(self, user_id, role_id):
"""Revoke a role from user on the system.
@@ -96,7 +96,7 @@ class SystemUsersResource(flask_restful.Resource):
_build_enforcement_target,
allow_non_existing=True))
PROVIDERS.assignment_api.delete_system_grant_for_user(user_id, role_id)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class SystemGroupsRolesListResource(flask_restful.Resource):
@@ -122,7 +122,7 @@ class SystemGroupsRolestResource(flask_restful.Resource):
build_target=_build_enforcement_target)
PROVIDERS.assignment_api.check_system_grant_for_group(
group_id, role_id)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def put(self, group_id, role_id):
"""Grant a role to a group on the system.
@@ -133,7 +133,7 @@ class SystemGroupsRolestResource(flask_restful.Resource):
build_target=_build_enforcement_target)
PROVIDERS.assignment_api.create_system_grant_for_group(
group_id, role_id)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT

def delete(self, group_id, role_id):
"""Revoke a role from the group on the system.
@@ -147,7 +147,7 @@ class SystemGroupsRolestResource(flask_restful.Resource):
allow_non_existing=True))
PROVIDERS.assignment_api.delete_system_grant_for_group(
group_id, role_id)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class SystemAPI(ks_flask.APIBase):


+ 3
- 3
keystone/api/trusts.py View File

@@ -17,9 +17,9 @@

import flask
import flask_restful
import http.client
from oslo_log import log
from oslo_policy import _checks as op_checks
from six.moves import http_client

from keystone.api._shared import json_home_relations
from keystone.common import context
@@ -305,7 +305,7 @@ class TrustResource(ks_flask.ResourceBase):
initiator=self.audit_initiator)
_normalize_trust_expires_at(return_trust)
_normalize_trust_roles(return_trust)
return self.wrap_member(return_trust), http_client.CREATED
return self.wrap_member(return_trust), http.client.CREATED

def delete(self, trust_id):
ENFORCER.enforce_call(action='identity:delete_trust',
@@ -336,7 +336,7 @@ class TrustResource(ks_flask.ResourceBase):
raise exception.ForbiddenAction(action=action)
PROVIDERS.trust_api.delete_trust(trust_id,
initiator=self.audit_initiator)
return '', http_client.NO_CONTENT
return '', http.client.NO_CONTENT


# NOTE(morgan): Since this Resource is not being used with the automatic


+ 10
- 10
keystone/api/users.py View File

@@ -17,8 +17,8 @@ import os
import uuid

import flask
import http.client
from oslo_serialization import jsonutils
from six.moves import http_client
from werkzeug import exceptions

from keystone.api._shared import json_home_relations
@@ -209,7 +209,7 @@ class UserResource(ks_flask.ResourceBase):
ref = PROVIDERS.identity_api.create_user(
user_data,
initiator=self.audit_initiator)
return self.wrap_member(ref), http_client.CREATED
return self.wrap_member(ref), http.client.CREATED

def patch(self, user_id):
"""Update a user.
@@ -238,7 +238,7 @@ class UserResource(ks_flask.ResourceBase):
build_target=_build_user_target_enforcement
)
PROVIDERS.identity_api.delete_user(user_id)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class UserChangePasswordResource(ks_flask.ResourceBase):
@@ -262,7 +262,7 @@ class UserChangePasswordResource(ks_flask.ResourceBase):
raise ks_exception.Unauthorized(
_('Error when changing user password: %s') % e
)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class UserProjectsResource(ks_flask.ResourceBase):
@@ -370,7 +370,7 @@ class UserOSEC2CredentialsResourceListCreate(_UserOSEC2CredBaseResource):
)
PROVIDERS.credential_api.create_credential(credential_id, cred_data)
ref = _convert_v3_to_ec2_credential(cred_data)
return self.wrap_member(ref), http_client.CREATED
return self.wrap_member(ref), http.client.CREATED


class UserOSEC2CredentialsResourceGetDelete(_UserOSEC2CredBaseResource):
@@ -408,7 +408,7 @@ class UserOSEC2CredentialsResourceGetDelete(_UserOSEC2CredBaseResource):
ec2_cred_id = utils.hash_access_key(credential_id)
self._get_cred_data(ec2_cred_id)
PROVIDERS.credential_api.delete_credential(ec2_cred_id)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class _OAuth1ResourceBase(ks_flask.ResourceBase):
@@ -476,7 +476,7 @@ class OAuth1AccessTokenCRUDResource(_OAuth1ResourceBase):
notifications.invalidate_token_cache_notification(reason)
PROVIDERS.oauth_api.delete_access_token(
user_id, access_token_id, initiator=self.audit_initiator)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class OAuth1AccessTokenRoleListResource(ks_flask.ResourceBase):
@@ -621,7 +621,7 @@ class UserAppCredListCreateResource(ks_flask.ResourceBase):
# https://specs.openstack.org/openstack/api-wg/guidelines/http.html#failure-code-clarifications
raise ks_exception.ApplicationCredentialValidationError(
detail=str(e))
return self.wrap_member(ref), http_client.CREATED
return self.wrap_member(ref), http.client.CREATED


class UserAppCredGetDeleteResource(ks_flask.ResourceBase):
@@ -650,7 +650,7 @@ class UserAppCredGetDeleteResource(ks_flask.ResourceBase):
_check_unrestricted_application_credential(token)
PROVIDERS.application_credential_api.delete_application_credential(
application_credential_id, initiator=self.audit_initiator)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class UserAccessRuleListResource(ks_flask.ResourceBase):
@@ -701,7 +701,7 @@ class UserAccessRuleGetDeleteResource(ks_flask.ResourceBase):
)
PROVIDERS.application_credential_api.delete_access_rule(
access_rule_id, initiator=self.audit_initiator)
return None, http_client.NO_CONTENT
return None, http.client.NO_CONTENT


class UserAPI(ks_flask.APIBase):


+ 1
- 4
keystone/application_credential/backends/base.py View File

@@ -14,13 +14,10 @@

import abc

import six

from keystone import exception


@six.add_metaclass(abc.ABCMeta)
class ApplicationCredentialDriverBase(object):
class ApplicationCredentialDriverBase(object, metaclass=abc.ABCMeta):

@abc.abstractmethod
def authenticate(self, application_credential_id, secret):


+ 1
- 4
keystone/assignment/backends/base.py View File

@@ -14,8 +14,6 @@

import abc

import six

import keystone.conf
from keystone import exception

@@ -23,8 +21,7 @@ from keystone import exception
CONF = keystone.conf.CONF


@six.add_metaclass(abc.ABCMeta)
class AssignmentDriverBase(object):
class AssignmentDriverBase(object, metaclass=abc.ABCMeta):

def _get_list_limit(self):
return CONF.assignment.list_limit or CONF.list_limit


+ 1
- 4
keystone/assignment/role_backends/base.py View File

@@ -14,8 +14,6 @@

import abc

import six

import keystone.conf
from keystone import exception

@@ -31,8 +29,7 @@ NULL_DOMAIN_ID = '<<null>>'
CONF = keystone.conf.CONF


@six.add_metaclass(abc.ABCMeta)
class RoleDriverBase(object):
class RoleDriverBase(object, metaclass=abc.ABCMeta):

def _get_list_limit(self):
return CONF.role.list_limit or CONF.list_limit


+ 8
- 12
keystone/auth/core.py View File

@@ -11,10 +11,8 @@
# under the License.

from functools import partial
import sys

from oslo_log import log
import six
import stevedore

from keystone.common import driver_hints
@@ -146,9 +144,8 @@ class AuthInfo(provider_api.ProviderAPIMixin, object):
project_id=project_ref['id'],
project=project_ref)
except AssertionError as e:
LOG.warning(six.text_type(e))
six.reraise(exception.Unauthorized, exception.Unauthorized(e),
sys.exc_info()[2])
LOG.warning(e)
raise exception.Unauthorized from e

def _assert_domain_is_enabled(self, domain_ref):
try:
@@ -156,9 +153,8 @@ class AuthInfo(provider_api.ProviderAPIMixin, object):
domain_id=domain_ref['id'],
domain=domain_ref)
except AssertionError as e:
LOG.warning(six.text_type(e))
six.reraise(exception.Unauthorized, exception.Unauthorized(e),
sys.exc_info()[2])
LOG.warning(e)
raise exception.Unauthorized from e

def _lookup_domain(self, domain_info):
domain_id = domain_info.get('id')
@@ -177,7 +173,7 @@ class AuthInfo(provider_api.ProviderAPIMixin, object):
else:
domain_ref = PROVIDERS.resource_api.get_domain(domain_id)
except exception.DomainNotFound as e:
LOG.warning(six.text_type(e))
LOG.warning(e)
raise exception.Unauthorized(e)
self._assert_domain_is_enabled(domain_ref)
return domain_ref
@@ -210,7 +206,7 @@ class AuthInfo(provider_api.ProviderAPIMixin, object):
# disabled.
self._lookup_domain({'id': domain_id})
except exception.ProjectNotFound as e:
LOG.warning(six.text_type(e))
LOG.warning(e)
raise exception.Unauthorized(e)
self._assert_project_is_enabled(project_ref)
return project_ref
@@ -254,7 +250,7 @@ class AuthInfo(provider_api.ProviderAPIMixin, object):
if len(app_creds) != 1:
message = "Could not find application credential: %s" % name
tr_message = _("Could not find application credential: %s") % name
LOG.warning(six.text_type(message))
LOG.warning(message)
raise exception.Unauthorized(tr_message)
return app_creds[0]

@@ -515,7 +511,7 @@ class UserMFARulesValidator(provider_api.ProviderAPIMixin, object):
# No empty rules are allowed.
_ok_rule = True
for item in r_list:
if not isinstance(item, six.string_types):
if not isinstance(item, str):
# Rules may only contain strings for method names
# Reject a rule with non-string values
LOG.info('Ignoring Rule %(rule)r; rule contains '


+ 2
- 4
keystone/auth/plugins/base.py View File

@@ -15,8 +15,6 @@
import abc
import collections

import six

from keystone.common import provider_api
from keystone import exception

@@ -25,8 +23,8 @@ AuthHandlerResponse = collections.namedtuple(
'AuthHandlerResponse', 'status, response_body, response_data')


@six.add_metaclass(abc.ABCMeta)
class AuthMethodHandler(provider_api.ProviderAPIMixin, object):
class AuthMethodHandler(provider_api.ProviderAPIMixin, object,
metaclass=abc.ABCMeta):
"""Abstract base class for an authentication plugin."""

def __init__(self):


+ 6
- 11
keystone/auth/plugins/core.py View File

@@ -12,13 +12,10 @@
# License for the specific language governing permissions and limitations
# under the License.

import sys

from oslo_log import log
from pycadf import cadftaxonomy as taxonomy
from pycadf import reason
from pycadf import resource
import six

from keystone.common import driver_hints
from keystone.common import provider_api
@@ -121,9 +118,8 @@ class BaseUserInfo(provider_api.ProviderAPIMixin, object):
domain_id=domain_ref['id'],
domain=domain_ref)
except AssertionError as e:
LOG.warning(six.text_type(e))
six.reraise(exception.Unauthorized, exception.Unauthorized(e),
sys.exc_info()[2])
LOG.warning(e)
raise exception.Unauthorized from e

def _assert_user_is_enabled(self, user_ref):
try:
@@ -131,9 +127,8 @@ class BaseUserInfo(provider_api.ProviderAPIMixin, object):
user_id=user_ref['id'],
user=user_ref)
except AssertionError as e:
LOG.warning(six.text_type(e))
six.reraise(exception.Unauthorized, exception.Unauthorized(e),
sys.exc_info()[2])
LOG.warning(e)
raise exception.Unauthorized from e

def _lookup_domain(self, domain_info):
domain_id = domain_info.get('id')
@@ -148,7 +143,7 @@ class BaseUserInfo(provider_api.ProviderAPIMixin, object):
else:
domain_ref = PROVIDERS.resource_api.get_domain(domain_id)
except exception.DomainNotFound as e:
LOG.warning(six.text_type(e))
LOG.warning(e)
raise exception.Unauthorized(e)
self._assert_domain_is_enabled(domain_ref)
return domain_ref
@@ -178,7 +173,7 @@ class BaseUserInfo(provider_api.ProviderAPIMixin, object):
user_ref['domain_id'])
self._assert_domain_is_enabled(domain_ref)
except exception.UserNotFound as e:
LOG.warning(six.text_type(e))
LOG.warning(e)

# We need to special case USER NOT FOUND here for CADF
# notifications as the normal path for notification(s) come from


+ 1
- 3
keystone/auth/plugins/external.py View File

@@ -17,7 +17,6 @@
import abc

import flask
import six

from keystone.auth.plugins import base
from keystone.common import provider_api
@@ -30,8 +29,7 @@ CONF = keystone.conf.CONF
PROVIDERS = provider_api.ProviderAPIs


@six.add_metaclass(abc.ABCMeta)
class Base(base.AuthMethodHandler):
class Base(base.AuthMethodHandler, metaclass=abc.ABCMeta):
def authenticate(self, auth_payload):
"""Use REMOTE_USER to look up the user in the identity backend.



+ 1
- 1
keystone/auth/plugins/mapped.py View File

@@ -16,7 +16,7 @@ import uuid
import flask
from oslo_log import log
from pycadf import cadftaxonomy as taxonomy
from six.moves.urllib import parse
from urllib import parse

from keystone.auth import plugins as auth_plugins
from keystone.auth.plugins import base


+ 1
- 2
keystone/auth/plugins/token.py View File

@@ -14,7 +14,6 @@

import flask
from oslo_log import log
import six

from keystone.auth.plugins import base
from keystone.auth.plugins import mapped
@@ -124,5 +123,5 @@ def token_authenticate(token):
return response_data

except AssertionError as e:
LOG.error(six.text_type(e))
LOG.error(e)
raise exception.Unauthorized(e)

+ 1
- 2
keystone/auth/plugins/totp.py View File

@@ -29,7 +29,6 @@ from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.twofactor import totp as crypto_totp
from oslo_log import log
from oslo_utils import timeutils
import six

from keystone.auth import plugins
from keystone.auth.plugins import base
@@ -57,7 +56,7 @@ def _generate_totp_passcodes(secret, included_previous_windows=0):
:param bytes secret: A base32 encoded secret for the TOTP authentication
:returns: totp passcode as bytes
"""
if isinstance(secret, six.text_type):
if isinstance(secret, str):
# NOTE(dstanek): since this may be coming from the JSON stored in the
# database it may be UTF-8 encoded
secret = secret.encode('utf-8')


+ 2
- 4
keystone/catalog/backends/base.py View File

@@ -14,8 +14,6 @@

import abc

import six

from keystone.common import provider_api
import keystone.conf
from keystone import exception
@@ -24,8 +22,8 @@ from keystone import exception
CONF = keystone.conf.CONF


@six.add_metaclass(abc.ABCMeta)
class CatalogDriverBase(provider_api.ProviderAPIMixin, object):
class CatalogDriverBase(provider_api.ProviderAPIMixin, object,
metaclass=abc.ABCMeta):
"""Interface description for the Catalog driver."""

def _get_list_limit(self):


+ 1
- 1
keystone/cmd/doctor/ldap.py View File

@@ -15,7 +15,7 @@ from __future__ import print_function
import os
import re

from six.moves import configparser
import configparser

import keystone.conf



+ 1
- 3
keystone/common/manager.py View File

@@ -18,7 +18,6 @@ import time
import types

from oslo_log import log
import six
import stevedore

from keystone.common import provider_api
@@ -155,8 +154,7 @@ class _TraceMeta(type):
return type.__new__(meta, classname, bases, final_cls_dict)


@six.add_metaclass(_TraceMeta)
class Manager(object):
class Manager(object, metaclass=_TraceMeta):
"""Base class for intermediary request layer.

The Manager layer exists to support additional logic that applies to all


+ 2
- 4
keystone/common/resource_options/core.py View File

@@ -12,8 +12,6 @@

"""Options specific to resources managed by Keystone (Domain, User, etc)."""

import six

from keystone.common import validation
from keystone.i18n import _

@@ -202,14 +200,14 @@ class ResourceOption(object):
validator(s) used at the API layer
:type json_schema_validation: dict
"""