Merge "Fix D401 PEP8 violation."
This commit is contained in:
commit
3a266929cf
@ -301,7 +301,7 @@ class Assignment(keystone_assignment.AssignmentDriverV8):
|
|||||||
return [AssignmentType.USER_DOMAIN, AssignmentType.GROUP_DOMAIN]
|
return [AssignmentType.USER_DOMAIN, AssignmentType.GROUP_DOMAIN]
|
||||||
|
|
||||||
def _get_assignment_types(self, user, group, project, domain):
|
def _get_assignment_types(self, user, group, project, domain):
|
||||||
"""Returns a list of role assignment types based on provided entities
|
"""Return a list of role assignment types based on provided entities
|
||||||
|
|
||||||
If one of user or group (the "actor") as well as one of project or
|
If one of user or group (the "actor") as well as one of project or
|
||||||
domain (the "target") are provided, the list will contain the role
|
domain (the "target") are provided, the list will contain the role
|
||||||
|
@ -151,7 +151,7 @@ class Assignment(keystone_assignment.AssignmentDriverV9):
|
|||||||
return [AssignmentType.USER_DOMAIN, AssignmentType.GROUP_DOMAIN]
|
return [AssignmentType.USER_DOMAIN, AssignmentType.GROUP_DOMAIN]
|
||||||
|
|
||||||
def _get_assignment_types(self, user, group, project, domain):
|
def _get_assignment_types(self, user, group, project, domain):
|
||||||
"""Returns a list of role assignment types based on provided entities
|
"""Return a list of role assignment types based on provided entities
|
||||||
|
|
||||||
If one of user or group (the "actor") as well as one of project or
|
If one of user or group (the "actor") as well as one of project or
|
||||||
domain (the "target") are provided, the list will contain the role
|
domain (the "target") are provided, the list will contain the role
|
||||||
|
@ -218,7 +218,7 @@ class RoleAssignmentV2(controller.V2Controller):
|
|||||||
# COMPAT(diablo): CRUD extension
|
# COMPAT(diablo): CRUD extension
|
||||||
@controller.v2_deprecated
|
@controller.v2_deprecated
|
||||||
def create_role_ref(self, context, user_id, role):
|
def create_role_ref(self, context, user_id, role):
|
||||||
"""This is actually used for adding a user to a tenant.
|
"""Used for adding a user to a tenant.
|
||||||
|
|
||||||
In the legacy data model adding a user to a tenant required setting
|
In the legacy data model adding a user to a tenant required setting
|
||||||
a role.
|
a role.
|
||||||
@ -237,7 +237,7 @@ class RoleAssignmentV2(controller.V2Controller):
|
|||||||
# COMPAT(diablo): CRUD extension
|
# COMPAT(diablo): CRUD extension
|
||||||
@controller.v2_deprecated
|
@controller.v2_deprecated
|
||||||
def delete_role_ref(self, context, user_id, role_ref_id):
|
def delete_role_ref(self, context, user_id, role_ref_id):
|
||||||
"""This is actually used for deleting a user from a tenant.
|
"""Used for deleting a user from a tenant.
|
||||||
|
|
||||||
In the legacy data model removing a user from a tenant required
|
In the legacy data model removing a user from a tenant required
|
||||||
deleting a role.
|
deleting a role.
|
||||||
@ -616,7 +616,7 @@ class GrantAssignmentV3(controller.V3Controller):
|
|||||||
@controller.protected(callback=_check_grant_protection)
|
@controller.protected(callback=_check_grant_protection)
|
||||||
def create_grant(self, context, role_id, user_id=None,
|
def create_grant(self, context, role_id, user_id=None,
|
||||||
group_id=None, domain_id=None, project_id=None):
|
group_id=None, domain_id=None, project_id=None):
|
||||||
"""Grants a role to a user or group on either a domain or project."""
|
"""Grant a role to a user or group on either a domain or project."""
|
||||||
self._require_domain_xor_project(domain_id, project_id)
|
self._require_domain_xor_project(domain_id, project_id)
|
||||||
self._require_user_xor_group(user_id, group_id)
|
self._require_user_xor_group(user_id, group_id)
|
||||||
|
|
||||||
@ -627,7 +627,7 @@ class GrantAssignmentV3(controller.V3Controller):
|
|||||||
@controller.protected(callback=_check_grant_protection)
|
@controller.protected(callback=_check_grant_protection)
|
||||||
def list_grants(self, context, user_id=None,
|
def list_grants(self, context, user_id=None,
|
||||||
group_id=None, domain_id=None, project_id=None):
|
group_id=None, domain_id=None, project_id=None):
|
||||||
"""Lists roles granted to user/group on either a domain or project."""
|
"""List roles granted to user/group on either a domain or project."""
|
||||||
self._require_domain_xor_project(domain_id, project_id)
|
self._require_domain_xor_project(domain_id, project_id)
|
||||||
self._require_user_xor_group(user_id, group_id)
|
self._require_user_xor_group(user_id, group_id)
|
||||||
|
|
||||||
@ -639,7 +639,7 @@ class GrantAssignmentV3(controller.V3Controller):
|
|||||||
@controller.protected(callback=_check_grant_protection)
|
@controller.protected(callback=_check_grant_protection)
|
||||||
def check_grant(self, context, role_id, user_id=None,
|
def check_grant(self, context, role_id, user_id=None,
|
||||||
group_id=None, domain_id=None, project_id=None):
|
group_id=None, domain_id=None, project_id=None):
|
||||||
"""Checks if a role has been granted on either a domain or project."""
|
"""Check if a role has been granted on either a domain or project."""
|
||||||
self._require_domain_xor_project(domain_id, project_id)
|
self._require_domain_xor_project(domain_id, project_id)
|
||||||
self._require_user_xor_group(user_id, group_id)
|
self._require_user_xor_group(user_id, group_id)
|
||||||
|
|
||||||
@ -654,7 +654,7 @@ class GrantAssignmentV3(controller.V3Controller):
|
|||||||
_check_grant_protection, allow_no_user=True))
|
_check_grant_protection, allow_no_user=True))
|
||||||
def revoke_grant(self, context, role_id, user_id=None,
|
def revoke_grant(self, context, role_id, user_id=None,
|
||||||
group_id=None, domain_id=None, project_id=None):
|
group_id=None, domain_id=None, project_id=None):
|
||||||
"""Revokes a role from user/group on either a domain or project."""
|
"""Revoke a role from user/group on either a domain or project."""
|
||||||
self._require_domain_xor_project(domain_id, project_id)
|
self._require_domain_xor_project(domain_id, project_id)
|
||||||
self._require_user_xor_group(user_id, group_id)
|
self._require_user_xor_group(user_id, group_id)
|
||||||
|
|
||||||
|
@ -435,7 +435,7 @@ class Manager(manager.Manager):
|
|||||||
|
|
||||||
def _expand_indirect_assignment(self, ref, user_id=None, project_id=None,
|
def _expand_indirect_assignment(self, ref, user_id=None, project_id=None,
|
||||||
subtree_ids=None, expand_groups=True):
|
subtree_ids=None, expand_groups=True):
|
||||||
"""Returns a list of expanded role assignments.
|
"""Return a list of expanded role assignments.
|
||||||
|
|
||||||
This methods is called for each discovered assignment that either needs
|
This methods is called for each discovered assignment that either needs
|
||||||
a group assignment expanded into individual user assignments, or needs
|
a group assignment expanded into individual user assignments, or needs
|
||||||
@ -457,7 +457,7 @@ class Manager(manager.Manager):
|
|||||||
|
|
||||||
"""
|
"""
|
||||||
def create_group_assignment(base_ref, user_id):
|
def create_group_assignment(base_ref, user_id):
|
||||||
"""Creates a group assignment from the provided ref."""
|
"""Create a group assignment from the provided ref."""
|
||||||
ref = copy.deepcopy(base_ref)
|
ref = copy.deepcopy(base_ref)
|
||||||
|
|
||||||
ref['user_id'] = user_id
|
ref['user_id'] = user_id
|
||||||
@ -468,7 +468,7 @@ class Manager(manager.Manager):
|
|||||||
return ref
|
return ref
|
||||||
|
|
||||||
def expand_group_assignment(ref, user_id):
|
def expand_group_assignment(ref, user_id):
|
||||||
"""Expands group role assignment.
|
"""Expand group role assignment.
|
||||||
|
|
||||||
For any group role assignment on a target, it is replaced by a list
|
For any group role assignment on a target, it is replaced by a list
|
||||||
of role assignments containing one for each user of that group on
|
of role assignments containing one for each user of that group on
|
||||||
@ -511,7 +511,7 @@ class Manager(manager.Manager):
|
|||||||
|
|
||||||
def expand_inherited_assignment(ref, user_id, project_id, subtree_ids,
|
def expand_inherited_assignment(ref, user_id, project_id, subtree_ids,
|
||||||
expand_groups):
|
expand_groups):
|
||||||
"""Expands inherited role assignments.
|
"""Expand inherited role assignments.
|
||||||
|
|
||||||
If expand_groups is True and this is a group role assignment on a
|
If expand_groups is True and this is a group role assignment on a
|
||||||
target, replace it by a list of role assignments containing one for
|
target, replace it by a list of role assignments containing one for
|
||||||
@ -561,7 +561,7 @@ class Manager(manager.Manager):
|
|||||||
|
|
||||||
"""
|
"""
|
||||||
def create_inherited_assignment(base_ref, project_id):
|
def create_inherited_assignment(base_ref, project_id):
|
||||||
"""Creates a project assignment from the provided ref.
|
"""Create a project assignment from the provided ref.
|
||||||
|
|
||||||
base_ref can either be a project or domain inherited
|
base_ref can either be a project or domain inherited
|
||||||
assignment ref.
|
assignment ref.
|
||||||
@ -1130,7 +1130,7 @@ class AssignmentDriverBase(object):
|
|||||||
def create_grant(self, role_id, user_id=None, group_id=None,
|
def create_grant(self, role_id, user_id=None, group_id=None,
|
||||||
domain_id=None, project_id=None,
|
domain_id=None, project_id=None,
|
||||||
inherited_to_projects=False):
|
inherited_to_projects=False):
|
||||||
"""Creates a new assignment/grant.
|
"""Create a new assignment/grant.
|
||||||
|
|
||||||
If the assignment is to a domain, then optionally it may be
|
If the assignment is to a domain, then optionally it may be
|
||||||
specified as inherited to owned projects (this requires
|
specified as inherited to owned projects (this requires
|
||||||
@ -1143,14 +1143,14 @@ class AssignmentDriverBase(object):
|
|||||||
def list_grant_role_ids(self, user_id=None, group_id=None,
|
def list_grant_role_ids(self, user_id=None, group_id=None,
|
||||||
domain_id=None, project_id=None,
|
domain_id=None, project_id=None,
|
||||||
inherited_to_projects=False):
|
inherited_to_projects=False):
|
||||||
"""Lists role ids for assignments/grants."""
|
"""List role ids for assignments/grants."""
|
||||||
raise exception.NotImplemented() # pragma: no cover
|
raise exception.NotImplemented() # pragma: no cover
|
||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def check_grant_role_id(self, role_id, user_id=None, group_id=None,
|
def check_grant_role_id(self, role_id, user_id=None, group_id=None,
|
||||||
domain_id=None, project_id=None,
|
domain_id=None, project_id=None,
|
||||||
inherited_to_projects=False):
|
inherited_to_projects=False):
|
||||||
"""Checks an assignment/grant role id.
|
"""Check an assignment/grant role id.
|
||||||
|
|
||||||
:raises keystone.exception.RoleAssignmentNotFound: If the role
|
:raises keystone.exception.RoleAssignmentNotFound: If the role
|
||||||
assignment doesn't exist.
|
assignment doesn't exist.
|
||||||
@ -1163,7 +1163,7 @@ class AssignmentDriverBase(object):
|
|||||||
def delete_grant(self, role_id, user_id=None, group_id=None,
|
def delete_grant(self, role_id, user_id=None, group_id=None,
|
||||||
domain_id=None, project_id=None,
|
domain_id=None, project_id=None,
|
||||||
inherited_to_projects=False):
|
inherited_to_projects=False):
|
||||||
"""Deletes assignments/grants.
|
"""Delete assignments/grants.
|
||||||
|
|
||||||
:raises keystone.exception.RoleAssignmentNotFound: If the role
|
:raises keystone.exception.RoleAssignmentNotFound: If the role
|
||||||
assignment doesn't exist.
|
assignment doesn't exist.
|
||||||
@ -1176,7 +1176,7 @@ class AssignmentDriverBase(object):
|
|||||||
user_id=None, group_ids=None,
|
user_id=None, group_ids=None,
|
||||||
domain_id=None, project_ids=None,
|
domain_id=None, project_ids=None,
|
||||||
inherited_to_projects=None):
|
inherited_to_projects=None):
|
||||||
"""Returns a list of role assignments for actors on targets.
|
"""Return a list of role assignments for actors on targets.
|
||||||
|
|
||||||
Available parameters represent values in which the returned role
|
Available parameters represent values in which the returned role
|
||||||
assignments attributes need to be filtered on.
|
assignments attributes need to be filtered on.
|
||||||
@ -1186,7 +1186,7 @@ class AssignmentDriverBase(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_project_assignments(self, project_id):
|
def delete_project_assignments(self, project_id):
|
||||||
"""Deletes all assignments for a project.
|
"""Delete all assignments for a project.
|
||||||
|
|
||||||
:raises keystone.exception.ProjectNotFound: If the project doesn't
|
:raises keystone.exception.ProjectNotFound: If the project doesn't
|
||||||
exist.
|
exist.
|
||||||
@ -1196,12 +1196,12 @@ class AssignmentDriverBase(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_role_assignments(self, role_id):
|
def delete_role_assignments(self, role_id):
|
||||||
"""Deletes all assignments for a role."""
|
"""Delete all assignments for a role."""
|
||||||
raise exception.NotImplemented() # pragma: no cover
|
raise exception.NotImplemented() # pragma: no cover
|
||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_user_assignments(self, user_id):
|
def delete_user_assignments(self, user_id):
|
||||||
"""Deletes all assignments for a user.
|
"""Delete all assignments for a user.
|
||||||
|
|
||||||
:raises keystone.exception.RoleNotFound: If the role doesn't exist.
|
:raises keystone.exception.RoleNotFound: If the role doesn't exist.
|
||||||
|
|
||||||
@ -1210,7 +1210,7 @@ class AssignmentDriverBase(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_group_assignments(self, group_id):
|
def delete_group_assignments(self, group_id):
|
||||||
"""Deletes all assignments for a group.
|
"""Delete all assignments for a group.
|
||||||
|
|
||||||
:raises keystone.exception.RoleNotFound: If the role doesn't exist.
|
:raises keystone.exception.RoleNotFound: If the role doesn't exist.
|
||||||
|
|
||||||
@ -1230,7 +1230,7 @@ class AssignmentDriverV8(AssignmentDriverBase):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def list_user_ids_for_project(self, tenant_id):
|
def list_user_ids_for_project(self, tenant_id):
|
||||||
"""Lists all user IDs with a role assignment in the specified project.
|
"""List all user IDs with a role assignment in the specified project.
|
||||||
|
|
||||||
:returns: a list of user_ids or an empty set.
|
:returns: a list of user_ids or an empty set.
|
||||||
|
|
||||||
@ -1355,7 +1355,7 @@ class AssignmentDriverV9(AssignmentDriverBase):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_domain_assignments(self, domain_id):
|
def delete_domain_assignments(self, domain_id):
|
||||||
"""Deletes all assignments for a domain."""
|
"""Delete all assignments for a domain."""
|
||||||
raise exception.NotImplemented()
|
raise exception.NotImplemented()
|
||||||
|
|
||||||
|
|
||||||
@ -1390,7 +1390,7 @@ class V9AssignmentWrapperForV8Driver(AssignmentDriverV9):
|
|||||||
self.driver = wrapped_driver
|
self.driver = wrapped_driver
|
||||||
|
|
||||||
def delete_domain_assignments(self, domain_id):
|
def delete_domain_assignments(self, domain_id):
|
||||||
"""Deletes all assignments for a domain."""
|
"""Delete all assignments for a domain."""
|
||||||
msg = _LW('delete_domain_assignments method not found in custom '
|
msg = _LW('delete_domain_assignments method not found in custom '
|
||||||
'assignment driver. Domain assignments for domain (%s) to '
|
'assignment driver. Domain assignments for domain (%s) to '
|
||||||
'users from other domains will not be removed. This was '
|
'users from other domains will not be removed. This was '
|
||||||
@ -1561,7 +1561,7 @@ class RoleDriverBase(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def create_role(self, role_id, role):
|
def create_role(self, role_id, role):
|
||||||
"""Creates a new role.
|
"""Create a new role.
|
||||||
|
|
||||||
:raises keystone.exception.Conflict: If a duplicate role exists.
|
:raises keystone.exception.Conflict: If a duplicate role exists.
|
||||||
|
|
||||||
@ -1606,7 +1606,7 @@ class RoleDriverBase(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def update_role(self, role_id, role):
|
def update_role(self, role_id, role):
|
||||||
"""Updates an existing role.
|
"""Update an existing role.
|
||||||
|
|
||||||
:raises keystone.exception.RoleNotFound: If the role doesn't exist.
|
:raises keystone.exception.RoleNotFound: If the role doesn't exist.
|
||||||
:raises keystone.exception.Conflict: If a duplicate role exists.
|
:raises keystone.exception.Conflict: If a duplicate role exists.
|
||||||
@ -1616,7 +1616,7 @@ class RoleDriverBase(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_role(self, role_id):
|
def delete_role(self, role_id):
|
||||||
"""Deletes an existing role.
|
"""Delete an existing role.
|
||||||
|
|
||||||
:raises keystone.exception.RoleNotFound: If the role doesn't exist.
|
:raises keystone.exception.RoleNotFound: If the role doesn't exist.
|
||||||
|
|
||||||
@ -1647,7 +1647,7 @@ class RoleDriverV9(RoleDriverBase):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def get_implied_role(self, prior_role_id, implied_role_id):
|
def get_implied_role(self, prior_role_id, implied_role_id):
|
||||||
"""Fetches a role inference rule
|
"""Fetche a role inference rule
|
||||||
|
|
||||||
:raises keystone.exception.ImpliedRoleNotFound: If the implied role
|
:raises keystone.exception.ImpliedRoleNotFound: If the implied role
|
||||||
doesn't exist.
|
doesn't exist.
|
||||||
@ -1657,7 +1657,7 @@ class RoleDriverV9(RoleDriverBase):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def create_implied_role(self, prior_role_id, implied_role_id):
|
def create_implied_role(self, prior_role_id, implied_role_id):
|
||||||
"""Creates a role inference rule
|
"""Create a role inference rule
|
||||||
|
|
||||||
:raises: keystone.exception.RoleNotFound: If the role doesn't exist.
|
:raises: keystone.exception.RoleNotFound: If the role doesn't exist.
|
||||||
|
|
||||||
@ -1666,7 +1666,7 @@ class RoleDriverV9(RoleDriverBase):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_implied_role(self, prior_role_id, implied_role_id):
|
def delete_implied_role(self, prior_role_id, implied_role_id):
|
||||||
"""Deletes a role inference rule
|
"""Delete a role inference rule
|
||||||
|
|
||||||
:raises keystone.exception.ImpliedRoleNotFound: If the implied role
|
:raises keystone.exception.ImpliedRoleNotFound: If the implied role
|
||||||
doesn't exist.
|
doesn't exist.
|
||||||
@ -1676,12 +1676,12 @@ class RoleDriverV9(RoleDriverBase):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def list_role_inference_rules(self):
|
def list_role_inference_rules(self):
|
||||||
"""Lists all the rules used to imply one role from another"""
|
"""List all the rules used to imply one role from another"""
|
||||||
raise exception.NotImplemented() # pragma: no cover
|
raise exception.NotImplemented() # pragma: no cover
|
||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def list_implied_roles(self, prior_role_id):
|
def list_implied_roles(self, prior_role_id):
|
||||||
"""Lists roles implied from the prior role ID"""
|
"""List roles implied from the prior role ID"""
|
||||||
raise exception.NotImplemented() # pragma: no cover
|
raise exception.NotImplemented() # pragma: no cover
|
||||||
|
|
||||||
|
|
||||||
|
@ -305,7 +305,7 @@ class AuthInfo(object):
|
|||||||
self._validate_and_normalize_scope_data()
|
self._validate_and_normalize_scope_data()
|
||||||
|
|
||||||
def get_method_names(self):
|
def get_method_names(self):
|
||||||
"""Returns the identity method names.
|
"""Return the identity method names.
|
||||||
|
|
||||||
:returns: list of auth method names
|
:returns: list of auth method names
|
||||||
|
|
||||||
|
@ -408,7 +408,7 @@ class EndpointFilterV3Controller(controller.V3Controller):
|
|||||||
|
|
||||||
@controller.protected()
|
@controller.protected()
|
||||||
def add_endpoint_to_project(self, context, project_id, endpoint_id):
|
def add_endpoint_to_project(self, context, project_id, endpoint_id):
|
||||||
"""Establishes an association between an endpoint and a project."""
|
"""Establish an association between an endpoint and a project."""
|
||||||
# NOTE(gyee): we just need to make sure endpoint and project exist
|
# NOTE(gyee): we just need to make sure endpoint and project exist
|
||||||
# first. We don't really care whether if project is disabled.
|
# first. We don't really care whether if project is disabled.
|
||||||
# The relationship can still be established even with a disabled
|
# The relationship can still be established even with a disabled
|
||||||
@ -420,7 +420,7 @@ class EndpointFilterV3Controller(controller.V3Controller):
|
|||||||
|
|
||||||
@controller.protected()
|
@controller.protected()
|
||||||
def check_endpoint_in_project(self, context, project_id, endpoint_id):
|
def check_endpoint_in_project(self, context, project_id, endpoint_id):
|
||||||
"""Verifies endpoint is currently associated with given project."""
|
"""Verify endpoint is currently associated with given project."""
|
||||||
self.catalog_api.get_endpoint(endpoint_id)
|
self.catalog_api.get_endpoint(endpoint_id)
|
||||||
self.resource_api.get_project(project_id)
|
self.resource_api.get_project(project_id)
|
||||||
self.catalog_api.check_endpoint_in_project(endpoint_id,
|
self.catalog_api.check_endpoint_in_project(endpoint_id,
|
||||||
@ -474,7 +474,7 @@ class EndpointGroupV3Controller(controller.V3Controller):
|
|||||||
@controller.protected()
|
@controller.protected()
|
||||||
@validation.validated(schema.endpoint_group_create, 'endpoint_group')
|
@validation.validated(schema.endpoint_group_create, 'endpoint_group')
|
||||||
def create_endpoint_group(self, context, endpoint_group):
|
def create_endpoint_group(self, context, endpoint_group):
|
||||||
"""Creates an Endpoint Group with the associated filters."""
|
"""Create an Endpoint Group with the associated filters."""
|
||||||
ref = self._assign_unique_id(self._normalize_dict(endpoint_group))
|
ref = self._assign_unique_id(self._normalize_dict(endpoint_group))
|
||||||
self._require_attribute(ref, 'filters')
|
self._require_attribute(ref, 'filters')
|
||||||
self._require_valid_filter(ref)
|
self._require_valid_filter(ref)
|
||||||
@ -590,7 +590,7 @@ class ProjectEndpointGroupV3Controller(controller.V3Controller):
|
|||||||
@controller.protected()
|
@controller.protected()
|
||||||
def add_endpoint_group_to_project(self, context, endpoint_group_id,
|
def add_endpoint_group_to_project(self, context, endpoint_group_id,
|
||||||
project_id):
|
project_id):
|
||||||
"""Creates an association between an endpoint group and project."""
|
"""Create an association between an endpoint group and project."""
|
||||||
self.resource_api.get_project(project_id)
|
self.resource_api.get_project(project_id)
|
||||||
self.catalog_api.get_endpoint_group(endpoint_group_id)
|
self.catalog_api.get_endpoint_group(endpoint_group_id)
|
||||||
self.catalog_api.add_endpoint_group_to_project(
|
self.catalog_api.add_endpoint_group_to_project(
|
||||||
|
@ -56,7 +56,7 @@ MEMOIZE_COMPUTED_CATALOG = cache.get_memoization_decorator(
|
|||||||
|
|
||||||
|
|
||||||
def format_url(url, substitutions, silent_keyerror_failures=None):
|
def format_url(url, substitutions, silent_keyerror_failures=None):
|
||||||
"""Formats a user-defined URL with the given substitutions.
|
"""Format a user-defined URL with the given substitutions.
|
||||||
|
|
||||||
:param string url: the URL to be formatted
|
:param string url: the URL to be formatted
|
||||||
:param dict substitutions: the dictionary used for substitution
|
:param dict substitutions: the dictionary used for substitution
|
||||||
@ -409,7 +409,7 @@ class CatalogDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def create_region(self, region_ref):
|
def create_region(self, region_ref):
|
||||||
"""Creates a new region.
|
"""Create a new region.
|
||||||
|
|
||||||
:raises keystone.exception.Conflict: If the region already exists.
|
:raises keystone.exception.Conflict: If the region already exists.
|
||||||
:raises keystone.exception.RegionNotFound: If the parent region
|
:raises keystone.exception.RegionNotFound: If the parent region
|
||||||
@ -453,7 +453,7 @@ class CatalogDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_region(self, region_id):
|
def delete_region(self, region_id):
|
||||||
"""Deletes an existing region.
|
"""Delete an existing region.
|
||||||
|
|
||||||
:raises keystone.exception.RegionNotFound: If the region doesn't exist.
|
:raises keystone.exception.RegionNotFound: If the region doesn't exist.
|
||||||
|
|
||||||
@ -462,7 +462,7 @@ class CatalogDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def create_service(self, service_id, service_ref):
|
def create_service(self, service_id, service_ref):
|
||||||
"""Creates a new service.
|
"""Create a new service.
|
||||||
|
|
||||||
:raises keystone.exception.Conflict: If a duplicate service exists.
|
:raises keystone.exception.Conflict: If a duplicate service exists.
|
||||||
|
|
||||||
@ -506,7 +506,7 @@ class CatalogDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_service(self, service_id):
|
def delete_service(self, service_id):
|
||||||
"""Deletes an existing service.
|
"""Delete an existing service.
|
||||||
|
|
||||||
:raises keystone.exception.ServiceNotFound: If the service doesn't
|
:raises keystone.exception.ServiceNotFound: If the service doesn't
|
||||||
exist.
|
exist.
|
||||||
@ -516,7 +516,7 @@ class CatalogDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def create_endpoint(self, endpoint_id, endpoint_ref):
|
def create_endpoint(self, endpoint_id, endpoint_ref):
|
||||||
"""Creates a new endpoint for a service.
|
"""Create a new endpoint for a service.
|
||||||
|
|
||||||
:raises keystone.exception.Conflict: If a duplicate endpoint exists.
|
:raises keystone.exception.Conflict: If a duplicate endpoint exists.
|
||||||
:raises keystone.exception.ServiceNotFound: If the service doesn't
|
:raises keystone.exception.ServiceNotFound: If the service doesn't
|
||||||
@ -564,7 +564,7 @@ class CatalogDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_endpoint(self, endpoint_id):
|
def delete_endpoint(self, endpoint_id):
|
||||||
"""Deletes an endpoint for a service.
|
"""Delete an endpoint for a service.
|
||||||
|
|
||||||
:raises keystone.exception.EndpointNotFound: If the endpoint doesn't
|
:raises keystone.exception.EndpointNotFound: If the endpoint doesn't
|
||||||
exist.
|
exist.
|
||||||
@ -677,7 +677,7 @@ class CatalogDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def remove_endpoint_from_project(self, endpoint_id, project_id):
|
def remove_endpoint_from_project(self, endpoint_id, project_id):
|
||||||
"""Removes an endpoint to project association.
|
"""Remove an endpoint to project association.
|
||||||
|
|
||||||
:param endpoint_id: identity of endpoint to remove
|
:param endpoint_id: identity of endpoint to remove
|
||||||
:type endpoint_id: string
|
:type endpoint_id: string
|
||||||
@ -692,7 +692,7 @@ class CatalogDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def check_endpoint_in_project(self, endpoint_id, project_id):
|
def check_endpoint_in_project(self, endpoint_id, project_id):
|
||||||
"""Checks if an endpoint is associated with a project.
|
"""Check if an endpoint is associated with a project.
|
||||||
|
|
||||||
:param endpoint_id: identity of endpoint to check
|
:param endpoint_id: identity of endpoint to check
|
||||||
:type endpoint_id: string
|
:type endpoint_id: string
|
||||||
@ -729,7 +729,7 @@ class CatalogDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_association_by_endpoint(self, endpoint_id):
|
def delete_association_by_endpoint(self, endpoint_id):
|
||||||
"""Removes all the endpoints to project association with endpoint.
|
"""Remove all the endpoints to project association with endpoint.
|
||||||
|
|
||||||
:param endpoint_id: identity of endpoint to check
|
:param endpoint_id: identity of endpoint to check
|
||||||
:type endpoint_id: string
|
:type endpoint_id: string
|
||||||
@ -740,7 +740,7 @@ class CatalogDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_association_by_project(self, project_id):
|
def delete_association_by_project(self, project_id):
|
||||||
"""Removes all the endpoints to project association with project.
|
"""Remove all the endpoints to project association with project.
|
||||||
|
|
||||||
:param project_id: identity of the project to check
|
:param project_id: identity of the project to check
|
||||||
:type project_id: string
|
:type project_id: string
|
||||||
@ -805,7 +805,7 @@ class CatalogDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def add_endpoint_group_to_project(self, endpoint_group_id, project_id):
|
def add_endpoint_group_to_project(self, endpoint_group_id, project_id):
|
||||||
"""Adds an endpoint group to project association.
|
"""Add an endpoint group to project association.
|
||||||
|
|
||||||
:param endpoint_group_id: identity of endpoint to associate
|
:param endpoint_group_id: identity of endpoint to associate
|
||||||
:type endpoint_group_id: string
|
:type endpoint_group_id: string
|
||||||
|
@ -1138,7 +1138,7 @@ def set_default_for_default_log_levels():
|
|||||||
|
|
||||||
|
|
||||||
def setup_logging():
|
def setup_logging():
|
||||||
"""Sets up logging for the keystone package."""
|
"""Set up logging for the keystone package."""
|
||||||
log.setup(CONF, 'keystone')
|
log.setup(CONF, 'keystone')
|
||||||
logging.captureWarnings(True)
|
logging.captureWarnings(True)
|
||||||
|
|
||||||
|
@ -108,7 +108,7 @@ def _build_policy_check_credentials(self, action, context, kwargs):
|
|||||||
|
|
||||||
|
|
||||||
def protected(callback=None):
|
def protected(callback=None):
|
||||||
"""Wraps API calls with role based access controls (RBAC).
|
"""Wrap API calls with role based access controls (RBAC).
|
||||||
|
|
||||||
This handles both the protection of the API parameters as well as any
|
This handles both the protection of the API parameters as well as any
|
||||||
target entities for single-entity API calls.
|
target entities for single-entity API calls.
|
||||||
@ -184,7 +184,7 @@ def protected(callback=None):
|
|||||||
|
|
||||||
|
|
||||||
def filterprotected(*filters, **callback):
|
def filterprotected(*filters, **callback):
|
||||||
"""Wraps API list calls with role based access controls (RBAC).
|
"""Wrap API list calls with role based access controls (RBAC).
|
||||||
|
|
||||||
This handles both the protection of the API parameters as well as any
|
This handles both the protection of the API parameters as well as any
|
||||||
filters supplied.
|
filters supplied.
|
||||||
@ -288,7 +288,7 @@ class V2Controller(wsgi.Application):
|
|||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def normalize_username_in_response(ref):
|
def normalize_username_in_response(ref):
|
||||||
"""Adds username to outgoing user refs to match the v2 spec.
|
"""Add username to outgoing user refs to match the v2 spec.
|
||||||
|
|
||||||
Internally we use `name` to represent a user's name. The v2 spec
|
Internally we use `name` to represent a user's name. The v2 spec
|
||||||
requires the use of `username` instead.
|
requires the use of `username` instead.
|
||||||
@ -300,7 +300,7 @@ class V2Controller(wsgi.Application):
|
|||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def normalize_username_in_request(ref):
|
def normalize_username_in_request(ref):
|
||||||
"""Adds name in incoming user refs to match the v2 spec.
|
"""Add name in incoming user refs to match the v2 spec.
|
||||||
|
|
||||||
Internally we use `name` to represent a user's name. The v2 spec
|
Internally we use `name` to represent a user's name. The v2 spec
|
||||||
requires the use of `username` instead.
|
requires the use of `username` instead.
|
||||||
@ -527,7 +527,7 @@ class V3Controller(wsgi.Application):
|
|||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def limit(cls, refs, hints):
|
def limit(cls, refs, hints):
|
||||||
"""Limits a list of entities.
|
"""Limit a list of entities.
|
||||||
|
|
||||||
The underlying driver layer may have already truncated the collection
|
The underlying driver layer may have already truncated the collection
|
||||||
for us, but in case it was unable to handle truncation we check here.
|
for us, but in case it was unable to handle truncation we check here.
|
||||||
@ -560,9 +560,9 @@ class V3Controller(wsgi.Application):
|
|||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def filter_by_attributes(cls, refs, hints):
|
def filter_by_attributes(cls, refs, hints):
|
||||||
"""Filters a list of references by filter values."""
|
"""Filter a list of references by filter values."""
|
||||||
def _attr_match(ref_attr, val_attr):
|
def _attr_match(ref_attr, val_attr):
|
||||||
"""Matches attributes allowing for booleans as strings.
|
"""Matche attributes allowing for booleans as strings.
|
||||||
|
|
||||||
We test explicitly for a value that defines it as 'False',
|
We test explicitly for a value that defines it as 'False',
|
||||||
which also means that the existence of the attribute with
|
which also means that the existence of the attribute with
|
||||||
@ -575,7 +575,7 @@ class V3Controller(wsgi.Application):
|
|||||||
return ref_attr == val_attr
|
return ref_attr == val_attr
|
||||||
|
|
||||||
def _inexact_attr_match(filter, ref):
|
def _inexact_attr_match(filter, ref):
|
||||||
"""Applies an inexact filter to a result dict.
|
"""Apply an inexact filter to a result dict.
|
||||||
|
|
||||||
:param filter: the filter in question
|
:param filter: the filter in question
|
||||||
:param ref: the dict to check
|
:param ref: the dict to check
|
||||||
@ -678,7 +678,7 @@ class V3Controller(wsgi.Application):
|
|||||||
return hints
|
return hints
|
||||||
|
|
||||||
def _require_matching_id(self, value, ref):
|
def _require_matching_id(self, value, ref):
|
||||||
"""Ensures the value matches the reference's ID, if any."""
|
"""Ensure the value matches the reference's ID, if any."""
|
||||||
if 'id' in ref and ref['id'] != value:
|
if 'id' in ref and ref['id'] != value:
|
||||||
raise exception.ValidationError('Cannot change ID')
|
raise exception.ValidationError('Cannot change ID')
|
||||||
|
|
||||||
@ -705,7 +705,7 @@ class V3Controller(wsgi.Application):
|
|||||||
raise exception.ValidationError(_('Cannot change Domain ID'))
|
raise exception.ValidationError(_('Cannot change Domain ID'))
|
||||||
|
|
||||||
def _assign_unique_id(self, ref):
|
def _assign_unique_id(self, ref):
|
||||||
"""Generates and assigns a unique identifier to a reference."""
|
"""Generate and assigns a unique identifier to a reference."""
|
||||||
ref = ref.copy()
|
ref = ref.copy()
|
||||||
ref['id'] = uuid.uuid4().hex
|
ref['id'] = uuid.uuid4().hex
|
||||||
return ref
|
return ref
|
||||||
|
@ -173,7 +173,7 @@ def requires(*dependencies):
|
|||||||
|
|
||||||
|
|
||||||
def resolve_future_dependencies(__provider_name=None):
|
def resolve_future_dependencies(__provider_name=None):
|
||||||
"""Forces injection of all dependencies.
|
"""Force injection of all dependencies.
|
||||||
|
|
||||||
Before this function is called, circular dependencies may not have been
|
Before this function is called, circular dependencies may not have been
|
||||||
injected. This function should be called only once, after all global
|
injected. This function should be called only once, after all global
|
||||||
|
@ -97,7 +97,7 @@ class Hints(object):
|
|||||||
|
|
||||||
def add_filter(self, name, value, comparator='equals',
|
def add_filter(self, name, value, comparator='equals',
|
||||||
case_sensitive=False):
|
case_sensitive=False):
|
||||||
"""Adds a filter to the filters list, which is publicly accessible."""
|
"""Add a filter to the filters list, which is publicly accessible."""
|
||||||
self.filters.append({'name': name, 'value': value,
|
self.filters.append({'name': name, 'value': value,
|
||||||
'comparator': comparator,
|
'comparator': comparator,
|
||||||
'case_sensitive': case_sensitive,
|
'case_sensitive': case_sensitive,
|
||||||
|
@ -235,7 +235,7 @@ def prep_case_insensitive(value):
|
|||||||
|
|
||||||
|
|
||||||
def is_ava_value_equal(attribute_type, val1, val2):
|
def is_ava_value_equal(attribute_type, val1, val2):
|
||||||
"""Returns True if and only if the AVAs are equal.
|
"""Return True if and only if the AVAs are equal.
|
||||||
|
|
||||||
When comparing AVAs, the equality matching rule for the attribute type
|
When comparing AVAs, the equality matching rule for the attribute type
|
||||||
should be taken into consideration. For simplicity, this implementation
|
should be taken into consideration. For simplicity, this implementation
|
||||||
@ -249,7 +249,7 @@ def is_ava_value_equal(attribute_type, val1, val2):
|
|||||||
|
|
||||||
|
|
||||||
def is_rdn_equal(rdn1, rdn2):
|
def is_rdn_equal(rdn1, rdn2):
|
||||||
"""Returns True if and only if the RDNs are equal.
|
"""Return True if and only if the RDNs are equal.
|
||||||
|
|
||||||
* RDNs must have the same number of AVAs.
|
* RDNs must have the same number of AVAs.
|
||||||
* Each AVA of the RDNs must be the equal for the same attribute type. The
|
* Each AVA of the RDNs must be the equal for the same attribute type. The
|
||||||
@ -284,7 +284,7 @@ def is_rdn_equal(rdn1, rdn2):
|
|||||||
|
|
||||||
|
|
||||||
def is_dn_equal(dn1, dn2):
|
def is_dn_equal(dn1, dn2):
|
||||||
"""Returns True if and only if the DNs are equal.
|
"""Return True if and only if the DNs are equal.
|
||||||
|
|
||||||
Two DNs are equal if they've got the same number of RDNs and if the RDNs
|
Two DNs are equal if they've got the same number of RDNs and if the RDNs
|
||||||
are the same at each position. See RFC4517.
|
are the same at each position. See RFC4517.
|
||||||
@ -311,7 +311,7 @@ def is_dn_equal(dn1, dn2):
|
|||||||
|
|
||||||
|
|
||||||
def dn_startswith(descendant_dn, dn):
|
def dn_startswith(descendant_dn, dn):
|
||||||
"""Returns True if and only if the descendant_dn is under the dn.
|
"""Return True if and only if the descendant_dn is under the dn.
|
||||||
|
|
||||||
:param descendant_dn: Either a string DN or a DN parsed by ldap.dn.str2dn.
|
:param descendant_dn: Either a string DN or a DN parsed by ldap.dn.str2dn.
|
||||||
:param dn: Either a string DN or a DN parsed by ldap.dn.str2dn.
|
:param dn: Either a string DN or a DN parsed by ldap.dn.str2dn.
|
||||||
@ -777,7 +777,7 @@ class PooledLDAPHandler(LDAPHandler):
|
|||||||
filterstr='(objectClass=*)', attrlist=None, attrsonly=0,
|
filterstr='(objectClass=*)', attrlist=None, attrsonly=0,
|
||||||
serverctrls=None, clientctrls=None,
|
serverctrls=None, clientctrls=None,
|
||||||
timeout=-1, sizelimit=0):
|
timeout=-1, sizelimit=0):
|
||||||
"""Asynchronous API to return a ``MsgId`` instance.
|
"""Return a ``MsgId`` instance, it asynchronous API.
|
||||||
|
|
||||||
The ``MsgId`` instance can be safely used in a call to ``result3()``.
|
The ``MsgId`` instance can be safely used in a call to ``result3()``.
|
||||||
|
|
||||||
@ -805,7 +805,7 @@ class PooledLDAPHandler(LDAPHandler):
|
|||||||
|
|
||||||
def result3(self, msgid, all=1, timeout=None,
|
def result3(self, msgid, all=1, timeout=None,
|
||||||
resp_ctrl_classes=None):
|
resp_ctrl_classes=None):
|
||||||
"""This method is used to wait for and return result.
|
"""Wait for and return the result.
|
||||||
|
|
||||||
This method returns the result of an operation previously initiated by
|
This method returns the result of an operation previously initiated by
|
||||||
one of the LDAP asynchronous operation routines (eg search_ext()). It
|
one of the LDAP asynchronous operation routines (eg search_ext()). It
|
||||||
@ -1238,7 +1238,7 @@ class BaseLdap(object):
|
|||||||
return mapping
|
return mapping
|
||||||
|
|
||||||
def _is_dumb_member(self, member_dn):
|
def _is_dumb_member(self, member_dn):
|
||||||
"""Checks that member is a dumb member.
|
"""Check that member is a dumb member.
|
||||||
|
|
||||||
:param member_dn: DN of member to be checked.
|
:param member_dn: DN of member to be checked.
|
||||||
"""
|
"""
|
||||||
@ -1709,7 +1709,7 @@ class BaseLdap(object):
|
|||||||
'dots': '...' if len(not_deleted_nodes) > 3 else ''})
|
'dots': '...' if len(not_deleted_nodes) > 3 else ''})
|
||||||
|
|
||||||
def filter_query(self, hints, query=None):
|
def filter_query(self, hints, query=None):
|
||||||
"""Applies filtering to a query.
|
"""Apply filtering to a query.
|
||||||
|
|
||||||
:param hints: contains the list of filters, which may be None,
|
:param hints: contains the list of filters, which may be None,
|
||||||
indicating that there are no filters to be applied.
|
indicating that there are no filters to be applied.
|
||||||
|
@ -130,7 +130,7 @@ class DictBase(models.ModelBase):
|
|||||||
return cls(**new_d)
|
return cls(**new_d)
|
||||||
|
|
||||||
def to_dict(self, include_extra_dict=False):
|
def to_dict(self, include_extra_dict=False):
|
||||||
"""Returns the model's attributes as a dictionary.
|
"""Return the model's attributes as a dictionary.
|
||||||
|
|
||||||
If include_extra_dict is True, 'extra' attributes are literally
|
If include_extra_dict is True, 'extra' attributes are literally
|
||||||
included in the resulting dictionary twice, for backwards-compatibility
|
included in the resulting dictionary twice, for backwards-compatibility
|
||||||
@ -156,11 +156,11 @@ class ModelDictMixin(object):
|
|||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def from_dict(cls, d):
|
def from_dict(cls, d):
|
||||||
"""Returns a model instance from a dictionary."""
|
"""Return a model instance from a dictionary."""
|
||||||
return cls(**d)
|
return cls(**d)
|
||||||
|
|
||||||
def to_dict(self):
|
def to_dict(self):
|
||||||
"""Returns the model's attributes as a dictionary."""
|
"""Return the model's attributes as a dictionary."""
|
||||||
names = (column.name for column in self.__table__.columns)
|
names = (column.name for column in self.__table__.columns)
|
||||||
return {name: getattr(self, name) for name in names}
|
return {name: getattr(self, name) for name in names}
|
||||||
|
|
||||||
@ -259,7 +259,7 @@ class _WontMatch(Exception):
|
|||||||
|
|
||||||
|
|
||||||
def _filter(model, query, hints):
|
def _filter(model, query, hints):
|
||||||
"""Applies filtering to a query.
|
"""Apply filtering to a query.
|
||||||
|
|
||||||
:param model: the table model in question
|
:param model: the table model in question
|
||||||
:param query: query to apply filters to
|
:param query: query to apply filters to
|
||||||
@ -271,7 +271,7 @@ def _filter(model, query, hints):
|
|||||||
|
|
||||||
"""
|
"""
|
||||||
def inexact_filter(model, query, filter_, satisfied_filters):
|
def inexact_filter(model, query, filter_, satisfied_filters):
|
||||||
"""Applies an inexact filter to a query.
|
"""Apply an inexact filter to a query.
|
||||||
|
|
||||||
:param model: the table model in question
|
:param model: the table model in question
|
||||||
:param query: query to apply filters to
|
:param query: query to apply filters to
|
||||||
@ -312,7 +312,7 @@ def _filter(model, query, hints):
|
|||||||
return query.filter(query_term)
|
return query.filter(query_term)
|
||||||
|
|
||||||
def exact_filter(model, query, filter_, satisfied_filters):
|
def exact_filter(model, query, filter_, satisfied_filters):
|
||||||
"""Applies an exact filter to a query.
|
"""Apply an exact filter to a query.
|
||||||
|
|
||||||
:param model: the table model in question
|
:param model: the table model in question
|
||||||
:param query: query to apply filters to
|
:param query: query to apply filters to
|
||||||
@ -357,7 +357,7 @@ def _filter(model, query, hints):
|
|||||||
|
|
||||||
|
|
||||||
def _limit(query, hints):
|
def _limit(query, hints):
|
||||||
"""Applies a limit to a query.
|
"""Apply a limit to a query.
|
||||||
|
|
||||||
:param query: query to apply filters to
|
:param query: query to apply filters to
|
||||||
:param hints: contains the list of filters and limit details.
|
:param hints: contains the list of filters and limit details.
|
||||||
@ -375,7 +375,7 @@ def _limit(query, hints):
|
|||||||
|
|
||||||
|
|
||||||
def filter_limit_query(model, query, hints):
|
def filter_limit_query(model, query, hints):
|
||||||
"""Applies filtering and limit to a query.
|
"""Apply filtering and limit to a query.
|
||||||
|
|
||||||
:param model: table model
|
:param model: table model
|
||||||
:param query: query to apply filters to
|
:param query: query to apply filters to
|
||||||
@ -412,7 +412,7 @@ def filter_limit_query(model, query, hints):
|
|||||||
|
|
||||||
|
|
||||||
def handle_conflicts(conflict_type='object'):
|
def handle_conflicts(conflict_type='object'):
|
||||||
"""Converts select sqlalchemy exceptions into HTTP 409 Conflict."""
|
"""Convert select sqlalchemy exceptions into HTTP 409 Conflict."""
|
||||||
_conflict_msg = 'Conflict %(conflict_type)s: %(details)s'
|
_conflict_msg = 'Conflict %(conflict_type)s: %(details)s'
|
||||||
|
|
||||||
def decorator(method):
|
def decorator(method):
|
||||||
|
@ -18,7 +18,7 @@ from keystone.assignment.backends import sql as assignment_sql
|
|||||||
|
|
||||||
|
|
||||||
def upgrade(migrate_engine):
|
def upgrade(migrate_engine):
|
||||||
"""Inserts inherited column to assignment table PK constraints.
|
"""Insert inherited column to assignment table PK constraints.
|
||||||
|
|
||||||
For non-SQLite databases, it changes the constraint in the existing table.
|
For non-SQLite databases, it changes the constraint in the existing table.
|
||||||
|
|
||||||
|
@ -95,7 +95,7 @@ def add_constraints(constraints):
|
|||||||
|
|
||||||
|
|
||||||
def rename_tables_with_constraints(renames, constraints, engine):
|
def rename_tables_with_constraints(renames, constraints, engine):
|
||||||
"""Renames tables with foreign key constraints.
|
"""Rename tables with foreign key constraints.
|
||||||
|
|
||||||
Tables are renamed after first removing constraints. The constraints are
|
Tables are renamed after first removing constraints. The constraints are
|
||||||
replaced after the rename is complete.
|
replaced after the rename is complete.
|
||||||
|
@ -51,7 +51,7 @@ RESOURCE_ID_NAMESPACE = uuid.UUID('4332ecab-770b-4288-a680-b9aca3b1b153')
|
|||||||
|
|
||||||
|
|
||||||
def resource_uuid(value):
|
def resource_uuid(value):
|
||||||
"""Converts input to valid UUID hex digits."""
|
"""Convert input to valid UUID hex digits."""
|
||||||
try:
|
try:
|
||||||
uuid.UUID(value)
|
uuid.UUID(value)
|
||||||
return value
|
return value
|
||||||
@ -173,7 +173,7 @@ def check_password(password, hashed):
|
|||||||
|
|
||||||
|
|
||||||
def attr_as_boolean(val_attr):
|
def attr_as_boolean(val_attr):
|
||||||
"""Returns the boolean value, decoded from a string.
|
"""Return the boolean value, decoded from a string.
|
||||||
|
|
||||||
We test explicitly for a value meaning False, which can be one of
|
We test explicitly for a value meaning False, which can be one of
|
||||||
several formats as specified in oslo strutils.FALSE_STRINGS.
|
several formats as specified in oslo strutils.FALSE_STRINGS.
|
||||||
@ -537,7 +537,7 @@ def strtime():
|
|||||||
|
|
||||||
|
|
||||||
def get_token_ref(context):
|
def get_token_ref(context):
|
||||||
"""Retrieves KeystoneToken object from the auth context and returns it.
|
"""Retrieve KeystoneToken object from the auth context and returns it.
|
||||||
|
|
||||||
:param dict context: The request context.
|
:param dict context: The request context.
|
||||||
:raises keystone.exception.Unauthorized: If auth context cannot be found.
|
:raises keystone.exception.Unauthorized: If auth context cannot be found.
|
||||||
|
@ -113,7 +113,7 @@ def validate_token_bind(context, token_ref):
|
|||||||
|
|
||||||
|
|
||||||
def best_match_language(req):
|
def best_match_language(req):
|
||||||
"""Determines the best available locale.
|
"""Determine the best available locale.
|
||||||
|
|
||||||
This returns best available locale based on the Accept-Language HTTP
|
This returns best available locale based on the Accept-Language HTTP
|
||||||
header passed in the request.
|
header passed in the request.
|
||||||
@ -153,7 +153,7 @@ class BaseApplication(object):
|
|||||||
return cls(**local_config)
|
return cls(**local_config)
|
||||||
|
|
||||||
def __call__(self, environ, start_response):
|
def __call__(self, environ, start_response):
|
||||||
r"""Subclasses will probably want to implement __call__ like this:
|
r"""Provide subclasses how to implement __call__, probably like this:
|
||||||
|
|
||||||
@webob.dec.wsgify()
|
@webob.dec.wsgify()
|
||||||
def __call__(self, req):
|
def __call__(self, req):
|
||||||
@ -333,7 +333,7 @@ class Application(BaseApplication):
|
|||||||
return ref.get(attribute) is None or ref.get(attribute) == ''
|
return ref.get(attribute) is None or ref.get(attribute) == ''
|
||||||
|
|
||||||
def _require_attribute(self, ref, attribute):
|
def _require_attribute(self, ref, attribute):
|
||||||
"""Ensures the reference contains the specified attribute.
|
"""Ensure the reference contains the specified attribute.
|
||||||
|
|
||||||
Raise a ValidationError if the given attribute is not present
|
Raise a ValidationError if the given attribute is not present
|
||||||
"""
|
"""
|
||||||
@ -342,7 +342,7 @@ class Application(BaseApplication):
|
|||||||
raise exception.ValidationError(message=msg)
|
raise exception.ValidationError(message=msg)
|
||||||
|
|
||||||
def _require_attributes(self, ref, attrs):
|
def _require_attributes(self, ref, attrs):
|
||||||
"""Ensures the reference contains the specified attributes.
|
"""Ensure the reference contains the specified attributes.
|
||||||
|
|
||||||
Raise a ValidationError if any of the given attributes is not present
|
Raise a ValidationError if any of the given attributes is not present
|
||||||
"""
|
"""
|
||||||
@ -726,7 +726,7 @@ class V3ExtensionRouter(ExtensionRouter, RoutersBase):
|
|||||||
|
|
||||||
|
|
||||||
def render_response(body=None, status=None, headers=None, method=None):
|
def render_response(body=None, status=None, headers=None, method=None):
|
||||||
"""Forms a WSGI response."""
|
"""Form a WSGI response."""
|
||||||
if headers is None:
|
if headers is None:
|
||||||
headers = []
|
headers = []
|
||||||
else:
|
else:
|
||||||
@ -801,7 +801,7 @@ def render_response(body=None, status=None, headers=None, method=None):
|
|||||||
|
|
||||||
|
|
||||||
def render_exception(error, context=None, request=None, user_locale=None):
|
def render_exception(error, context=None, request=None, user_locale=None):
|
||||||
"""Forms a WSGI response based on the current error."""
|
"""Form a WSGI response based on the current error."""
|
||||||
error_message = error.args[0]
|
error_message = error.args[0]
|
||||||
message = oslo_i18n.translate(error_message, desired_locale=user_locale)
|
message = oslo_i18n.translate(error_message, desired_locale=user_locale)
|
||||||
if message is error_message:
|
if message is error_message:
|
||||||
|
@ -82,7 +82,7 @@ class S3Controller(controllers.Ec2Controller):
|
|||||||
message=_('Credential signature mismatch'))
|
message=_('Credential signature mismatch'))
|
||||||
|
|
||||||
def _calculate_signature_v1(self, string_to_sign, secret_key):
|
def _calculate_signature_v1(self, string_to_sign, secret_key):
|
||||||
"""Calculates a v1 signature.
|
"""Calculate a v1 signature.
|
||||||
|
|
||||||
:param bytes string_to_sign: String that contains request params and
|
:param bytes string_to_sign: String that contains request params and
|
||||||
is used for calculate signature of request
|
is used for calculate signature of request
|
||||||
@ -99,7 +99,7 @@ class S3Controller(controllers.Ec2Controller):
|
|||||||
return signed
|
return signed
|
||||||
|
|
||||||
def _calculate_signature_v4(self, string_to_sign, secret_key):
|
def _calculate_signature_v4(self, string_to_sign, secret_key):
|
||||||
"""Calculates a v4 signature.
|
"""Calculate a v4 signature.
|
||||||
|
|
||||||
:param bytes string_to_sign: String that contains request params and
|
:param bytes string_to_sign: String that contains request params and
|
||||||
is used for calculate signature of request
|
is used for calculate signature of request
|
||||||
|
@ -56,7 +56,7 @@ class CredentialDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def create_credential(self, credential_id, credential):
|
def create_credential(self, credential_id, credential):
|
||||||
"""Creates a new credential.
|
"""Create a new credential.
|
||||||
|
|
||||||
:raises keystone.exception.Conflict: If a duplicate credential exists.
|
:raises keystone.exception.Conflict: If a duplicate credential exists.
|
||||||
|
|
||||||
@ -101,7 +101,7 @@ class CredentialDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def update_credential(self, credential_id, credential):
|
def update_credential(self, credential_id, credential):
|
||||||
"""Updates an existing credential.
|
"""Update an existing credential.
|
||||||
|
|
||||||
:raises keystone.exception.CredentialNotFound: If credential doesn't
|
:raises keystone.exception.CredentialNotFound: If credential doesn't
|
||||||
exist.
|
exist.
|
||||||
@ -112,7 +112,7 @@ class CredentialDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_credential(self, credential_id):
|
def delete_credential(self, credential_id):
|
||||||
"""Deletes an existing credential.
|
"""Delete an existing credential.
|
||||||
|
|
||||||
:raises keystone.exception.CredentialNotFound: If credential doesn't
|
:raises keystone.exception.CredentialNotFound: If credential doesn't
|
||||||
exist.
|
exist.
|
||||||
@ -122,12 +122,12 @@ class CredentialDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_credentials_for_project(self, project_id):
|
def delete_credentials_for_project(self, project_id):
|
||||||
"""Deletes all credentials for a project."""
|
"""Delete all credentials for a project."""
|
||||||
self._delete_credentials(lambda cr: cr['project_id'] == project_id)
|
self._delete_credentials(lambda cr: cr['project_id'] == project_id)
|
||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_credentials_for_user(self, user_id):
|
def delete_credentials_for_user(self, user_id):
|
||||||
"""Deletes all credentials for a user."""
|
"""Delete all credentials for a user."""
|
||||||
self._delete_credentials(lambda cr: cr['user_id'] == user_id)
|
self._delete_credentials(lambda cr: cr['user_id'] == user_id)
|
||||||
|
|
||||||
def _delete_credentials(self, match_fn):
|
def _delete_credentials(self, match_fn):
|
||||||
|
@ -35,7 +35,7 @@ class PolicyAssociation(sql.ModelBase, sql.ModelDictMixin):
|
|||||||
'region_id'),)
|
'region_id'),)
|
||||||
|
|
||||||
def to_dict(self):
|
def to_dict(self):
|
||||||
"""Returns the model's attributes as a dictionary.
|
"""Return the model's attributes as a dictionary.
|
||||||
|
|
||||||
We override the standard method in order to hide the id column,
|
We override the standard method in order to hide the id column,
|
||||||
since this only exists to provide the table with a primary key.
|
since this only exists to provide the table with a primary key.
|
||||||
|
@ -273,7 +273,7 @@ class EndpointPolicyDriverV8(object):
|
|||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def create_policy_association(self, policy_id, endpoint_id=None,
|
def create_policy_association(self, policy_id, endpoint_id=None,
|
||||||
service_id=None, region_id=None):
|
service_id=None, region_id=None):
|
||||||
"""Creates a policy association.
|
"""Create a policy association.
|
||||||
|
|
||||||
:param policy_id: identity of policy that is being associated
|
:param policy_id: identity of policy that is being associated
|
||||||
:type policy_id: string
|
:type policy_id: string
|
||||||
@ -297,7 +297,7 @@ class EndpointPolicyDriverV8(object):
|
|||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def check_policy_association(self, policy_id, endpoint_id=None,
|
def check_policy_association(self, policy_id, endpoint_id=None,
|
||||||
service_id=None, region_id=None):
|
service_id=None, region_id=None):
|
||||||
"""Checks existence a policy association.
|
"""Check existence a policy association.
|
||||||
|
|
||||||
:param policy_id: identity of policy that is being associated
|
:param policy_id: identity of policy that is being associated
|
||||||
:type policy_id: string
|
:type policy_id: string
|
||||||
@ -317,7 +317,7 @@ class EndpointPolicyDriverV8(object):
|
|||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_policy_association(self, policy_id, endpoint_id=None,
|
def delete_policy_association(self, policy_id, endpoint_id=None,
|
||||||
service_id=None, region_id=None):
|
service_id=None, region_id=None):
|
||||||
"""Deletes a policy association.
|
"""Delete a policy association.
|
||||||
|
|
||||||
:param policy_id: identity of policy that is being associated
|
:param policy_id: identity of policy that is being associated
|
||||||
:type policy_id: string
|
:type policy_id: string
|
||||||
@ -335,7 +335,7 @@ class EndpointPolicyDriverV8(object):
|
|||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def get_policy_association(self, endpoint_id=None,
|
def get_policy_association(self, endpoint_id=None,
|
||||||
service_id=None, region_id=None):
|
service_id=None, region_id=None):
|
||||||
"""Gets the policy for an explicit association.
|
"""Get the policy for an explicit association.
|
||||||
|
|
||||||
This method is not exposed as a public API, but is used by
|
This method is not exposed as a public API, but is used by
|
||||||
get_policy_for_endpoint().
|
get_policy_for_endpoint().
|
||||||
@ -393,7 +393,7 @@ class EndpointPolicyDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_association_by_endpoint(self, endpoint_id):
|
def delete_association_by_endpoint(self, endpoint_id):
|
||||||
"""Removes all the policy associations with the specific endpoint.
|
"""Remove all the policy associations with the specific endpoint.
|
||||||
|
|
||||||
:param endpoint_id: identity of endpoint to check
|
:param endpoint_id: identity of endpoint to check
|
||||||
:type endpoint_id: string
|
:type endpoint_id: string
|
||||||
@ -404,7 +404,7 @@ class EndpointPolicyDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_association_by_service(self, service_id):
|
def delete_association_by_service(self, service_id):
|
||||||
"""Removes all the policy associations with the specific service.
|
"""Remove all the policy associations with the specific service.
|
||||||
|
|
||||||
:param service_id: identity of endpoint to check
|
:param service_id: identity of endpoint to check
|
||||||
:type service_id: string
|
:type service_id: string
|
||||||
@ -415,7 +415,7 @@ class EndpointPolicyDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_association_by_region(self, region_id):
|
def delete_association_by_region(self, region_id):
|
||||||
"""Removes all the policy associations with the specific region.
|
"""Remove all the policy associations with the specific region.
|
||||||
|
|
||||||
:param region_id: identity of endpoint to check
|
:param region_id: identity of endpoint to check
|
||||||
:type region_id: string
|
:type region_id: string
|
||||||
@ -426,7 +426,7 @@ class EndpointPolicyDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_association_by_policy(self, policy_id):
|
def delete_association_by_policy(self, policy_id):
|
||||||
"""Removes all the policy associations with the specific policy.
|
"""Remove all the policy associations with the specific policy.
|
||||||
|
|
||||||
:param policy_id: identity of endpoint to check
|
:param policy_id: identity of endpoint to check
|
||||||
:type policy_id: string
|
:type policy_id: string
|
||||||
|
@ -69,7 +69,7 @@ class Error(Exception):
|
|||||||
super(Error, self).__init__(message)
|
super(Error, self).__init__(message)
|
||||||
|
|
||||||
def _build_message(self, message, **kwargs):
|
def _build_message(self, message, **kwargs):
|
||||||
"""Builds and returns an exception message.
|
"""Build and returns an exception message.
|
||||||
|
|
||||||
:raises KeyError: given insufficient kwargs
|
:raises KeyError: given insufficient kwargs
|
||||||
|
|
||||||
|
@ -330,7 +330,7 @@ class Auth(auth_controllers.Auth):
|
|||||||
return self.render_html_response(host, token_id)
|
return self.render_html_response(host, token_id)
|
||||||
|
|
||||||
def render_html_response(self, host, token_id):
|
def render_html_response(self, host, token_id):
|
||||||
"""Forms an HTML Form from a template with autosubmit."""
|
"""Form an HTML Form from a template with autosubmit."""
|
||||||
headers = [('Content-Type', 'text/html')]
|
headers = [('Content-Type', 'text/html')]
|
||||||
|
|
||||||
with open(CONF.federation.sso_callback_template) as template:
|
with open(CONF.federation.sso_callback_template) as template:
|
||||||
|
@ -202,7 +202,7 @@ class DirectMaps(object):
|
|||||||
self._matches = []
|
self._matches = []
|
||||||
|
|
||||||
def add(self, values):
|
def add(self, values):
|
||||||
"""Adds a matched value to the list of matches.
|
"""Add a matched value to the list of matches.
|
||||||
|
|
||||||
:param list value: the match to save
|
:param list value: the match to save
|
||||||
|
|
||||||
|
@ -64,7 +64,7 @@ class IdentityDriverV8(object):
|
|||||||
CONF.identity.list_limit or CONF.list_limit)
|
CONF.identity.list_limit or CONF.list_limit)
|
||||||
|
|
||||||
def is_domain_aware(self):
|
def is_domain_aware(self):
|
||||||
"""Indicates if Driver supports domains."""
|
"""Indicate if Driver supports domains."""
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def default_assignment_driver(self):
|
def default_assignment_driver(self):
|
||||||
@ -74,7 +74,7 @@ class IdentityDriverV8(object):
|
|||||||
|
|
||||||
@property
|
@property
|
||||||
def is_sql(self):
|
def is_sql(self):
|
||||||
"""Indicates if this Driver uses SQL."""
|
"""Indicate if this Driver uses SQL."""
|
||||||
return False
|
return False
|
||||||
|
|
||||||
@property
|
@property
|
||||||
@ -83,7 +83,7 @@ class IdentityDriverV8(object):
|
|||||||
CONF.identity.domain_specific_drivers_enabled)
|
CONF.identity.domain_specific_drivers_enabled)
|
||||||
|
|
||||||
def generates_uuids(self):
|
def generates_uuids(self):
|
||||||
"""Indicates if Driver generates UUIDs as the local entity ID."""
|
"""Indicate if Driver generates UUIDs as the local entity ID."""
|
||||||
return True
|
return True
|
||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
@ -99,7 +99,7 @@ class IdentityDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def create_user(self, user_id, user):
|
def create_user(self, user_id, user):
|
||||||
"""Creates a new user.
|
"""Create a new user.
|
||||||
|
|
||||||
:raises keystone.exception.Conflict: If a duplicate user exists.
|
:raises keystone.exception.Conflict: If a duplicate user exists.
|
||||||
|
|
||||||
@ -143,7 +143,7 @@ class IdentityDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def update_user(self, user_id, user):
|
def update_user(self, user_id, user):
|
||||||
"""Updates an existing user.
|
"""Update an existing user.
|
||||||
|
|
||||||
:raises keystone.exception.UserNotFound: If the user doesn't exist.
|
:raises keystone.exception.UserNotFound: If the user doesn't exist.
|
||||||
:raises keystone.exception.Conflict: If a duplicate user exists.
|
:raises keystone.exception.Conflict: If a duplicate user exists.
|
||||||
@ -153,7 +153,7 @@ class IdentityDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def add_user_to_group(self, user_id, group_id):
|
def add_user_to_group(self, user_id, group_id):
|
||||||
"""Adds a user to a group.
|
"""Add a user to a group.
|
||||||
|
|
||||||
:raises keystone.exception.UserNotFound: If the user doesn't exist.
|
:raises keystone.exception.UserNotFound: If the user doesn't exist.
|
||||||
:raises keystone.exception.GroupNotFound: If the group doesn't exist.
|
:raises keystone.exception.GroupNotFound: If the group doesn't exist.
|
||||||
@ -163,7 +163,7 @@ class IdentityDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def check_user_in_group(self, user_id, group_id):
|
def check_user_in_group(self, user_id, group_id):
|
||||||
"""Checks if a user is a member of a group.
|
"""Check if a user is a member of a group.
|
||||||
|
|
||||||
:raises keystone.exception.UserNotFound: If the user doesn't exist.
|
:raises keystone.exception.UserNotFound: If the user doesn't exist.
|
||||||
:raises keystone.exception.GroupNotFound: If the group doesn't exist.
|
:raises keystone.exception.GroupNotFound: If the group doesn't exist.
|
||||||
@ -173,7 +173,7 @@ class IdentityDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def remove_user_from_group(self, user_id, group_id):
|
def remove_user_from_group(self, user_id, group_id):
|
||||||
"""Removes a user from a group.
|
"""Remove a user from a group.
|
||||||
|
|
||||||
:raises keystone.exception.NotFound: If the entity not found.
|
:raises keystone.exception.NotFound: If the entity not found.
|
||||||
|
|
||||||
@ -182,7 +182,7 @@ class IdentityDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_user(self, user_id):
|
def delete_user(self, user_id):
|
||||||
"""Deletes an existing user.
|
"""Delete an existing user.
|
||||||
|
|
||||||
:raises keystone.exception.UserNotFound: If the user doesn't exist.
|
:raises keystone.exception.UserNotFound: If the user doesn't exist.
|
||||||
|
|
||||||
@ -203,7 +203,7 @@ class IdentityDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def create_group(self, group_id, group):
|
def create_group(self, group_id, group):
|
||||||
"""Creates a new group.
|
"""Create a new group.
|
||||||
|
|
||||||
:raises keystone.exception.Conflict: If a duplicate group exists.
|
:raises keystone.exception.Conflict: If a duplicate group exists.
|
||||||
|
|
||||||
@ -257,7 +257,7 @@ class IdentityDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def update_group(self, group_id, group):
|
def update_group(self, group_id, group):
|
||||||
"""Updates an existing group.
|
"""Update an existing group.
|
||||||
|
|
||||||
:raises keystone.exception.GroupNotFound: If the group doesn't exist.
|
:raises keystone.exception.GroupNotFound: If the group doesn't exist.
|
||||||
:raises keystone.exception.Conflict: If a duplicate group exists.
|
:raises keystone.exception.Conflict: If a duplicate group exists.
|
||||||
@ -267,7 +267,7 @@ class IdentityDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_group(self, group_id):
|
def delete_group(self, group_id):
|
||||||
"""Deletes an existing group.
|
"""Delete an existing group.
|
||||||
|
|
||||||
:raises keystone.exception.GroupNotFound: If the group doesn't exist.
|
:raises keystone.exception.GroupNotFound: If the group doesn't exist.
|
||||||
|
|
||||||
|
@ -300,7 +300,7 @@ class UserApi(common_ldap.EnabledEmuMixIn, common_ldap.BaseLdap):
|
|||||||
return base.filter_user(common_ldap.filter_entity(user))
|
return base.filter_user(common_ldap.filter_entity(user))
|
||||||
|
|
||||||
def is_user(self, dn):
|
def is_user(self, dn):
|
||||||
"""Returns True if the entry is a user."""
|
"""Return True if the entry is a user."""
|
||||||
# NOTE(blk-u): It's easy to check if the DN is under the User tree,
|
# NOTE(blk-u): It's easy to check if the DN is under the User tree,
|
||||||
# but may not be accurate. A more accurate test would be to fetch the
|
# but may not be accurate. A more accurate test would be to fetch the
|
||||||
# entry to see if it's got the user objectclass, but this could be
|
# entry to see if it's got the user objectclass, but this could be
|
||||||
|
@ -184,7 +184,7 @@ class User(controller.V2Controller):
|
|||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def _normalize_OSKSADM_password_on_request(ref):
|
def _normalize_OSKSADM_password_on_request(ref):
|
||||||
"""Sets the password from the OS-KSADM Admin Extension.
|
"""Set the password from the OS-KSADM Admin Extension.
|
||||||
|
|
||||||
The OS-KSADM Admin Extension documentation says that
|
The OS-KSADM Admin Extension documentation says that
|
||||||
`OS-KSADM:password` can be used in place of `password`.
|
`OS-KSADM:password` can be used in place of `password`.
|
||||||
|
@ -387,7 +387,7 @@ class DomainConfigs(dict):
|
|||||||
|
|
||||||
|
|
||||||
def domains_configured(f):
|
def domains_configured(f):
|
||||||
"""Wraps API calls to lazy load domain configs after init.
|
"""Wrap API calls to lazy load domain configs after init.
|
||||||
|
|
||||||
This is required since the assignment manager needs to be initialized
|
This is required since the assignment manager needs to be initialized
|
||||||
before this manager, and yet this manager's init wants to be
|
before this manager, and yet this manager's init wants to be
|
||||||
@ -413,7 +413,7 @@ def domains_configured(f):
|
|||||||
|
|
||||||
|
|
||||||
def exception_translated(exception_type):
|
def exception_translated(exception_type):
|
||||||
"""Wraps API calls to map to correct exception."""
|
"""Wrap API calls to map to correct exception."""
|
||||||
def _exception_translated(f):
|
def _exception_translated(f):
|
||||||
@functools.wraps(f)
|
@functools.wraps(f)
|
||||||
def wrapper(self, *args, **kwargs):
|
def wrapper(self, *args, **kwargs):
|
||||||
@ -573,7 +573,7 @@ class Manager(manager.Manager):
|
|||||||
raise ValueError(_('Expected dict or list: %s') % type(ref))
|
raise ValueError(_('Expected dict or list: %s') % type(ref))
|
||||||
|
|
||||||
def _needs_post_processing(self, driver):
|
def _needs_post_processing(self, driver):
|
||||||
"""Returns whether entity from driver needs domain added or mapping."""
|
"""Return whether entity from driver needs domain added or mapping."""
|
||||||
return (driver is not self.driver or not driver.generates_uuids() or
|
return (driver is not self.driver or not driver.generates_uuids() or
|
||||||
not driver.is_domain_aware())
|
not driver.is_domain_aware())
|
||||||
|
|
||||||
@ -605,7 +605,7 @@ class Manager(manager.Manager):
|
|||||||
return ref
|
return ref
|
||||||
|
|
||||||
def _insert_domain_id_if_needed(self, ref, driver, domain_id, conf):
|
def _insert_domain_id_if_needed(self, ref, driver, domain_id, conf):
|
||||||
"""Inserts the domain ID into the ref, if required.
|
"""Insert the domain ID into the ref, if required.
|
||||||
|
|
||||||
If the driver can't handle domains, then we need to insert the
|
If the driver can't handle domains, then we need to insert the
|
||||||
domain_id into the entity being returned. If the domain_id is
|
domain_id into the entity being returned. If the domain_id is
|
||||||
@ -618,7 +618,7 @@ class Manager(manager.Manager):
|
|||||||
ref['domain_id'] = domain_id
|
ref['domain_id'] = domain_id
|
||||||
|
|
||||||
def _is_mapping_needed(self, driver):
|
def _is_mapping_needed(self, driver):
|
||||||
"""Returns whether mapping is needed.
|
"""Return whether mapping is needed.
|
||||||
|
|
||||||
There are two situations where we must use the mapping:
|
There are two situations where we must use the mapping:
|
||||||
- this isn't the default driver (i.e. multiple backends), or
|
- this isn't the default driver (i.e. multiple backends), or
|
||||||
@ -747,7 +747,7 @@ class Manager(manager.Manager):
|
|||||||
|
|
||||||
def _assert_user_and_group_in_same_backend(
|
def _assert_user_and_group_in_same_backend(
|
||||||
self, user_entity_id, user_driver, group_entity_id, group_driver):
|
self, user_entity_id, user_driver, group_entity_id, group_driver):
|
||||||
"""Ensures that user and group IDs are backed by the same backend.
|
"""Ensure that user and group IDs are backed by the same backend.
|
||||||
|
|
||||||
Raise a CrossBackendNotAllowed exception if they are not from the same
|
Raise a CrossBackendNotAllowed exception if they are not from the same
|
||||||
backend, otherwise return None.
|
backend, otherwise return None.
|
||||||
@ -1204,7 +1204,7 @@ class Manager(manager.Manager):
|
|||||||
@MEMOIZE
|
@MEMOIZE
|
||||||
def shadow_federated_user(self, idp_id, protocol_id, unique_id,
|
def shadow_federated_user(self, idp_id, protocol_id, unique_id,
|
||||||
display_name):
|
display_name):
|
||||||
"""Shadows a federated user by mapping to a user.
|
"""Map a federated user to a user.
|
||||||
|
|
||||||
:param idp_id: identity provider id
|
:param idp_id: identity provider id
|
||||||
:param protocol_id: protocol id
|
:param protocol_id: protocol id
|
||||||
|
@ -25,7 +25,7 @@ class MappingDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def get_public_id(self, local_entity):
|
def get_public_id(self, local_entity):
|
||||||
"""Returns the public ID for the given local entity.
|
"""Return the public ID for the given local entity.
|
||||||
|
|
||||||
:param dict local_entity: Containing the entity domain, local ID and
|
:param dict local_entity: Containing the entity domain, local ID and
|
||||||
type ('user' or 'group').
|
type ('user' or 'group').
|
||||||
@ -36,7 +36,7 @@ class MappingDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def get_id_mapping(self, public_id):
|
def get_id_mapping(self, public_id):
|
||||||
"""Returns the local mapping.
|
"""Return the local mapping.
|
||||||
|
|
||||||
:param public_id: The public ID for the mapping required.
|
:param public_id: The public ID for the mapping required.
|
||||||
:returns dict: Containing the entity domain, local ID and type. If no
|
:returns dict: Containing the entity domain, local ID and type. If no
|
||||||
@ -60,7 +60,7 @@ class MappingDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_id_mapping(self, public_id):
|
def delete_id_mapping(self, public_id):
|
||||||
"""Deletes an entry for the given public_id.
|
"""Delete an entry for the given public_id.
|
||||||
|
|
||||||
:param public_id: The public ID for the mapping to be deleted.
|
:param public_id: The public ID for the mapping to be deleted.
|
||||||
|
|
||||||
|
@ -36,7 +36,7 @@ class ShadowUsersDriverV9(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def get_federated_user(self, idp_id, protocol_id, unique_id):
|
def get_federated_user(self, idp_id, protocol_id, unique_id):
|
||||||
"""Returns the found user for the federated identity
|
"""Return the found user for the federated identity
|
||||||
|
|
||||||
:param idp_id: The identity provider ID
|
:param idp_id: The identity provider ID
|
||||||
:param protocol_id: The federation protocol ID
|
:param protocol_id: The federation protocol ID
|
||||||
@ -49,7 +49,7 @@ class ShadowUsersDriverV9(object):
|
|||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def update_federated_user_display_name(self, idp_id, protocol_id,
|
def update_federated_user_display_name(self, idp_id, protocol_id,
|
||||||
unique_id, display_name):
|
unique_id, display_name):
|
||||||
"""Updates federated user's display name if changed
|
"""Update federated user's display name if changed
|
||||||
|
|
||||||
:param idp_id: The identity provider ID
|
:param idp_id: The identity provider ID
|
||||||
:param protocol_id: The federation protocol ID
|
:param protocol_id: The federation protocol ID
|
||||||
|
@ -38,7 +38,7 @@ class ShadowUsers(base.ShadowUsersDriverV9):
|
|||||||
return identity_base.filter_user(user_ref.to_dict())
|
return identity_base.filter_user(user_ref.to_dict())
|
||||||
|
|
||||||
def _get_federated_user(self, idp_id, protocol_id, unique_id):
|
def _get_federated_user(self, idp_id, protocol_id, unique_id):
|
||||||
"""Returns the found user for the federated identity
|
"""Return the found user for the federated identity
|
||||||
|
|
||||||
:param idp_id: The identity provider ID
|
:param idp_id: The identity provider ID
|
||||||
:param protocol_id: The federation protocol ID
|
:param protocol_id: The federation protocol ID
|
||||||
|
@ -128,7 +128,7 @@ class NormalizingFilter(wsgi.Middleware):
|
|||||||
"""Middleware filter to handle URL normalization."""
|
"""Middleware filter to handle URL normalization."""
|
||||||
|
|
||||||
def process_request(self, request):
|
def process_request(self, request):
|
||||||
"""Normalizes URLs."""
|
"""Normalize URLs."""
|
||||||
# Removes a trailing slash from the given path, if any.
|
# Removes a trailing slash from the given path, if any.
|
||||||
if (len(request.environ['PATH_INFO']) > 1 and
|
if (len(request.environ['PATH_INFO']) > 1 and
|
||||||
request.environ['PATH_INFO'][-1] == '/'):
|
request.environ['PATH_INFO'][-1] == '/'):
|
||||||
|
@ -140,7 +140,7 @@ class RevokeTree(object):
|
|||||||
self.add_events(revoke_events)
|
self.add_events(revoke_events)
|
||||||
|
|
||||||
def add_event(self, event):
|
def add_event(self, event):
|
||||||
"""Updates the tree based on a revocation event.
|
"""Update the tree based on a revocation event.
|
||||||
|
|
||||||
Creates any necessary internal nodes in the tree corresponding to the
|
Creates any necessary internal nodes in the tree corresponding to the
|
||||||
fields of the revocation event. The leaf node will always be set to
|
fields of the revocation event. The leaf node will always be set to
|
||||||
|
@ -303,7 +303,7 @@ def listener(cls):
|
|||||||
|
|
||||||
|
|
||||||
def notify_event_callbacks(service, resource_type, operation, payload):
|
def notify_event_callbacks(service, resource_type, operation, payload):
|
||||||
"""Sends a notification to registered extensions."""
|
"""Send a notification to registered extensions."""
|
||||||
if operation in _SUBSCRIBERS:
|
if operation in _SUBSCRIBERS:
|
||||||
if resource_type in _SUBSCRIBERS[operation]:
|
if resource_type in _SUBSCRIBERS[operation]:
|
||||||
for cb in _SUBSCRIBERS[operation][resource_type]:
|
for cb in _SUBSCRIBERS[operation][resource_type]:
|
||||||
@ -506,7 +506,7 @@ class CadfNotificationWrapper(object):
|
|||||||
def __call__(self, f):
|
def __call__(self, f):
|
||||||
@functools.wraps(f)
|
@functools.wraps(f)
|
||||||
def wrapper(wrapped_self, context, user_id, *args, **kwargs):
|
def wrapper(wrapped_self, context, user_id, *args, **kwargs):
|
||||||
"""Always send a notification."""
|
"""Alway send a notification."""
|
||||||
initiator = _get_request_audit_info(context, user_id)
|
initiator = _get_request_audit_info(context, user_id)
|
||||||
target = resource.Resource(typeURI=taxonomy.ACCOUNT_USER)
|
target = resource.Resource(typeURI=taxonomy.ACCOUNT_USER)
|
||||||
try:
|
try:
|
||||||
|
@ -42,7 +42,7 @@ def init():
|
|||||||
|
|
||||||
|
|
||||||
def enforce(credentials, action, target, do_raise=True):
|
def enforce(credentials, action, target, do_raise=True):
|
||||||
"""Verifies that the action is valid on the target in this context.
|
"""Verify that the action is valid on the target in this context.
|
||||||
|
|
||||||
:param credentials: user credentials
|
:param credentials: user credentials
|
||||||
:param action: string representing the action to be checked, which should
|
:param action: string representing the action to be checked, which should
|
||||||
|
@ -37,7 +37,7 @@ class Tenant(controller.V2Controller):
|
|||||||
|
|
||||||
@controller.v2_deprecated
|
@controller.v2_deprecated
|
||||||
def get_all_projects(self, context, **kw):
|
def get_all_projects(self, context, **kw):
|
||||||
"""Gets a list of all tenants for an admin user."""
|
"""Get a list of all tenants for an admin user."""
|
||||||
self.assert_admin(context)
|
self.assert_admin(context)
|
||||||
|
|
||||||
if 'name' in context['query_string']:
|
if 'name' in context['query_string']:
|
||||||
|
@ -46,7 +46,7 @@ def calc_default_domain():
|
|||||||
|
|
||||||
|
|
||||||
def _get_project_from_domain(domain_ref):
|
def _get_project_from_domain(domain_ref):
|
||||||
"""Creates a project ref from the provided domain ref."""
|
"""Create a project ref from the provided domain ref."""
|
||||||
project_ref = domain_ref.copy()
|
project_ref = domain_ref.copy()
|
||||||
project_ref['is_domain'] = True
|
project_ref['is_domain'] = True
|
||||||
project_ref['domain_id'] = None
|
project_ref['domain_id'] = None
|
||||||
@ -106,7 +106,7 @@ class Manager(manager.Manager):
|
|||||||
_('Max hierarchy depth reached for %s branch.') % project_id)
|
_('Max hierarchy depth reached for %s branch.') % project_id)
|
||||||
|
|
||||||
def _assert_is_domain_project_constraints(self, project_ref):
|
def _assert_is_domain_project_constraints(self, project_ref):
|
||||||
"""Enforces specific constraints of projects that act as domains
|
"""Enforce specific constraints of projects that act as domains
|
||||||
|
|
||||||
Called when is_domain is true, this method ensures that:
|
Called when is_domain is true, this method ensures that:
|
||||||
|
|
||||||
@ -130,7 +130,7 @@ class Manager(manager.Manager):
|
|||||||
'domains.'))
|
'domains.'))
|
||||||
|
|
||||||
def _assert_regular_project_constraints(self, project_ref):
|
def _assert_regular_project_constraints(self, project_ref):
|
||||||
"""Enforces regular project hierarchy constraints
|
"""Enforce regular project hierarchy constraints
|
||||||
|
|
||||||
Called when is_domain is false. The project must contain a valid
|
Called when is_domain is false. The project must contain a valid
|
||||||
domain_id and parent_id. The goal of this method is to check
|
domain_id and parent_id. The goal of this method is to check
|
||||||
@ -581,7 +581,7 @@ class Manager(manager.Manager):
|
|||||||
return traverse_parents_hierarchy(project)
|
return traverse_parents_hierarchy(project)
|
||||||
|
|
||||||
def get_project_parents_as_ids(self, project):
|
def get_project_parents_as_ids(self, project):
|
||||||
"""Gets the IDs from the parents from a given project.
|
"""Get the IDs from the parents from a given project.
|
||||||
|
|
||||||
The project IDs are returned as a structured dictionary traversing up
|
The project IDs are returned as a structured dictionary traversing up
|
||||||
the hierarchy to the top level project. For example, considering the
|
the hierarchy to the top level project. For example, considering the
|
||||||
@ -637,7 +637,7 @@ class Manager(manager.Manager):
|
|||||||
return traverse_subtree_hierarchy(project_id)
|
return traverse_subtree_hierarchy(project_id)
|
||||||
|
|
||||||
def get_projects_in_subtree_as_ids(self, project_id):
|
def get_projects_in_subtree_as_ids(self, project_id):
|
||||||
"""Gets the IDs from the projects in the subtree from a given project.
|
"""Get the IDs from the projects in the subtree from a given project.
|
||||||
|
|
||||||
The project IDs are returned as a structured dictionary representing
|
The project IDs are returned as a structured dictionary representing
|
||||||
their hierarchy. For example, considering the following project
|
their hierarchy. For example, considering the following project
|
||||||
@ -719,7 +719,7 @@ class Manager(manager.Manager):
|
|||||||
return self._get_domain_from_project(project)
|
return self._get_domain_from_project(project)
|
||||||
|
|
||||||
def _get_domain_from_project(self, project_ref):
|
def _get_domain_from_project(self, project_ref):
|
||||||
"""Creates a domain ref from a project ref.
|
"""Create a domain ref from a project ref.
|
||||||
|
|
||||||
Based on the provided project ref, create a domain ref, so that the
|
Based on the provided project ref, create a domain ref, so that the
|
||||||
result can be returned in response to a domain API call.
|
result can be returned in response to a domain API call.
|
||||||
@ -878,7 +878,7 @@ class Manager(manager.Manager):
|
|||||||
return self.driver.get_project_by_name(project_name, domain_id)
|
return self.driver.get_project_by_name(project_name, domain_id)
|
||||||
|
|
||||||
def ensure_default_domain_exists(self):
|
def ensure_default_domain_exists(self):
|
||||||
"""Creates the default domain if it doesn't exist.
|
"""Create the default domain if it doesn't exist.
|
||||||
|
|
||||||
This is only used for the v2 API and can go away when V2 does.
|
This is only used for the v2 API and can go away when V2 does.
|
||||||
|
|
||||||
@ -990,7 +990,7 @@ class ResourceDriverBase(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def update_project(self, project_id, project):
|
def update_project(self, project_id, project):
|
||||||
"""Updates an existing project.
|
"""Update an existing project.
|
||||||
|
|
||||||
:raises keystone.exception.ProjectNotFound: if project_id does not
|
:raises keystone.exception.ProjectNotFound: if project_id does not
|
||||||
exist
|
exist
|
||||||
@ -1001,7 +1001,7 @@ class ResourceDriverBase(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_project(self, project_id):
|
def delete_project(self, project_id):
|
||||||
"""Deletes an existing project.
|
"""Delete an existing project.
|
||||||
|
|
||||||
:raises keystone.exception.ProjectNotFound: if project_id does not
|
:raises keystone.exception.ProjectNotFound: if project_id does not
|
||||||
exist
|
exist
|
||||||
@ -1039,7 +1039,7 @@ class ResourceDriverBase(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def is_leaf_project(self, project_id):
|
def is_leaf_project(self, project_id):
|
||||||
"""Checks if a project is a leaf in the hierarchy.
|
"""Check if a project is a leaf in the hierarchy.
|
||||||
|
|
||||||
:param project_id: the driver will check if this project
|
:param project_id: the driver will check if this project
|
||||||
is a leaf in the hierarchy.
|
is a leaf in the hierarchy.
|
||||||
@ -1080,7 +1080,7 @@ class ResourceDriverV8(ResourceDriverBase):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def create_project(self, tenant_id, tenant):
|
def create_project(self, tenant_id, tenant):
|
||||||
"""Creates a new project.
|
"""Create a new project.
|
||||||
|
|
||||||
:param tenant_id: This parameter can be ignored.
|
:param tenant_id: This parameter can be ignored.
|
||||||
:param dict tenant: The new project
|
:param dict tenant: The new project
|
||||||
@ -1146,7 +1146,7 @@ class ResourceDriverV8(ResourceDriverBase):
|
|||||||
# domain crud
|
# domain crud
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def create_domain(self, domain_id, domain):
|
def create_domain(self, domain_id, domain):
|
||||||
"""Creates a new domain.
|
"""Create a new domain.
|
||||||
|
|
||||||
:raises keystone.exception.Conflict: if the domain_id or domain name
|
:raises keystone.exception.Conflict: if the domain_id or domain name
|
||||||
already exists
|
already exists
|
||||||
@ -1203,7 +1203,7 @@ class ResourceDriverV8(ResourceDriverBase):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def update_domain(self, domain_id, domain):
|
def update_domain(self, domain_id, domain):
|
||||||
"""Updates an existing domain.
|
"""Update an existing domain.
|
||||||
|
|
||||||
:raises keystone.exception.DomainNotFound: if domain_id does not exist
|
:raises keystone.exception.DomainNotFound: if domain_id does not exist
|
||||||
:raises keystone.exception.Conflict: if domain name already exists
|
:raises keystone.exception.Conflict: if domain name already exists
|
||||||
@ -1213,7 +1213,7 @@ class ResourceDriverV8(ResourceDriverBase):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_domain(self, domain_id):
|
def delete_domain(self, domain_id):
|
||||||
"""Deletes an existing domain.
|
"""Delete an existing domain.
|
||||||
|
|
||||||
:raises keystone.exception.DomainNotFound: if domain_id does not exist
|
:raises keystone.exception.DomainNotFound: if domain_id does not exist
|
||||||
|
|
||||||
@ -1231,7 +1231,7 @@ class ResourceDriverV9(ResourceDriverBase):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def create_project(self, project_id, project):
|
def create_project(self, project_id, project):
|
||||||
"""Creates a new project.
|
"""Create a new project.
|
||||||
|
|
||||||
:param project_id: This parameter can be ignored.
|
:param project_id: This parameter can be ignored.
|
||||||
:param dict project: The new project
|
:param dict project: The new project
|
||||||
@ -1281,7 +1281,7 @@ class ResourceDriverV9(ResourceDriverBase):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_projects_from_ids(self, project_ids):
|
def delete_projects_from_ids(self, project_ids):
|
||||||
"""Deletes a given list of projects.
|
"""Delete a given list of projects.
|
||||||
|
|
||||||
Deletes a list of projects. Ensures no project on the list exists
|
Deletes a list of projects. Ensures no project on the list exists
|
||||||
after it is successfully called. If an empty list is provided,
|
after it is successfully called. If an empty list is provided,
|
||||||
@ -1344,7 +1344,7 @@ class V9ResourceWrapperForV8Driver(ResourceDriverV9):
|
|||||||
self.driver = wrapped_driver
|
self.driver = wrapped_driver
|
||||||
|
|
||||||
def _get_domain_from_project(self, project_ref):
|
def _get_domain_from_project(self, project_ref):
|
||||||
"""Creates a domain ref from a project ref.
|
"""Create a domain ref from a project ref.
|
||||||
|
|
||||||
Based on the provided project ref (or partial ref), creates a
|
Based on the provided project ref (or partial ref), creates a
|
||||||
domain ref, so that the result can be passed to the driver
|
domain ref, so that the result can be passed to the driver
|
||||||
@ -2006,7 +2006,7 @@ class DomainConfigDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def create_config_options(self, domain_id, option_list):
|
def create_config_options(self, domain_id, option_list):
|
||||||
"""Creates config options for a domain.
|
"""Create config options for a domain.
|
||||||
|
|
||||||
Any existing config options will first be deleted.
|
Any existing config options will first be deleted.
|
||||||
|
|
||||||
@ -2033,7 +2033,7 @@ class DomainConfigDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def get_config_option(self, domain_id, group, option, sensitive=False):
|
def get_config_option(self, domain_id, group, option, sensitive=False):
|
||||||
"""Gets the config option for a domain.
|
"""Get the config option for a domain.
|
||||||
|
|
||||||
:param domain_id: the domain for this option
|
:param domain_id: the domain for this option
|
||||||
:param group: the group name
|
:param group: the group name
|
||||||
@ -2050,7 +2050,7 @@ class DomainConfigDriverV8(object):
|
|||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def list_config_options(self, domain_id, group=None, option=False,
|
def list_config_options(self, domain_id, group=None, option=False,
|
||||||
sensitive=False):
|
sensitive=False):
|
||||||
"""Gets a config options for a domain.
|
"""Get a config options for a domain.
|
||||||
|
|
||||||
:param domain_id: the domain for this option
|
:param domain_id: the domain for this option
|
||||||
:param group: optional group option name
|
:param group: optional group option name
|
||||||
@ -2065,7 +2065,7 @@ class DomainConfigDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def update_config_options(self, domain_id, option_list):
|
def update_config_options(self, domain_id, option_list):
|
||||||
"""Updates config options for a domain.
|
"""Update config options for a domain.
|
||||||
|
|
||||||
:param domain_id: the domain for this option
|
:param domain_id: the domain for this option
|
||||||
:param option_list: a list of dicts, each one specifying an option
|
:param option_list: a list of dicts, each one specifying an option
|
||||||
@ -2075,7 +2075,7 @@ class DomainConfigDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_config_options(self, domain_id, group=None, option=None):
|
def delete_config_options(self, domain_id, group=None, option=None):
|
||||||
"""Deletes config options for a domain.
|
"""Delete config options for a domain.
|
||||||
|
|
||||||
Allows deletion of all options for a domain, all options in a group
|
Allows deletion of all options for a domain, all options in a group
|
||||||
or a specific option. The driver is silent if there are no options
|
or a specific option. The driver is silent if there are no options
|
||||||
|
@ -213,7 +213,7 @@ class Manager(manager.Manager):
|
|||||||
return revoke_tree
|
return revoke_tree
|
||||||
|
|
||||||
def check_token(self, token_values):
|
def check_token(self, token_values):
|
||||||
"""Checks the values from a token against the revocation list
|
"""Check the values from a token against the revocation list
|
||||||
|
|
||||||
:param token_values: dictionary of values from a token, normalized for
|
:param token_values: dictionary of values from a token, normalized for
|
||||||
differences between v2 and v3. The checked values
|
differences between v2 and v3. The checked values
|
||||||
|
@ -45,7 +45,7 @@ CONF = cfg.CONF
|
|||||||
|
|
||||||
|
|
||||||
class ServerWrapper(object):
|
class ServerWrapper(object):
|
||||||
"""Wraps a Server with some launching info & capabilities."""
|
"""Wrap a Server with some launching info & capabilities."""
|
||||||
|
|
||||||
def __init__(self, server, workers):
|
def __init__(self, server, workers):
|
||||||
self.server = server
|
self.server = server
|
||||||
|
@ -44,7 +44,7 @@ class BaseASTChecker(ast.NodeVisitor):
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
def __init__(self, tree, filename):
|
def __init__(self, tree, filename):
|
||||||
"""This object is created automatically by pep8.
|
"""Created object automatically by pep8.
|
||||||
|
|
||||||
:param tree: an AST tree
|
:param tree: an AST tree
|
||||||
:param filename: name of the file being analyzed
|
:param filename: name of the file being analyzed
|
||||||
@ -66,7 +66,7 @@ class BaseASTChecker(ast.NodeVisitor):
|
|||||||
|
|
||||||
|
|
||||||
class CheckForMutableDefaultArgs(BaseASTChecker):
|
class CheckForMutableDefaultArgs(BaseASTChecker):
|
||||||
"""Checks for the use of mutable objects as function/method defaults.
|
"""Check for the use of mutable objects as function/method defaults.
|
||||||
|
|
||||||
We are only checking for list and dict literals at this time. This means
|
We are only checking for list and dict literals at this time. This means
|
||||||
that a developer could specify an instance of their own and cause a bug.
|
that a developer could specify an instance of their own and cause a bug.
|
||||||
@ -115,7 +115,7 @@ def block_comments_begin_with_a_space(physical_line, line_number):
|
|||||||
|
|
||||||
|
|
||||||
class CheckForAssertingNoneEquality(BaseASTChecker):
|
class CheckForAssertingNoneEquality(BaseASTChecker):
|
||||||
"""Ensures that code does not use a None with assert(Not*)Equal."""
|
"""Ensure that code does not use a None with assert(Not*)Equal."""
|
||||||
|
|
||||||
CHECK_DESC_IS = ('K003 Use self.assertIsNone(...) when comparing '
|
CHECK_DESC_IS = ('K003 Use self.assertIsNone(...) when comparing '
|
||||||
'against None')
|
'against None')
|
||||||
@ -193,7 +193,7 @@ class CheckForLoggingIssues(BaseASTChecker):
|
|||||||
self.visit(value)
|
self.visit(value)
|
||||||
|
|
||||||
def _filter_imports(self, module_name, alias):
|
def _filter_imports(self, module_name, alias):
|
||||||
"""Keeps lists of logging and i18n imports."""
|
"""Keep lists of logging and i18n imports."""
|
||||||
if module_name in self.LOG_MODULES:
|
if module_name in self.LOG_MODULES:
|
||||||
self.logger_module_names.append(alias.asname or alias.name)
|
self.logger_module_names.append(alias.asname or alias.name)
|
||||||
elif module_name in self.I18N_MODULES:
|
elif module_name in self.I18N_MODULES:
|
||||||
|
@ -2532,7 +2532,7 @@ class InheritanceTests(AssignmentTestHelperMixin):
|
|||||||
self.execute_assignment_plan(test_plan)
|
self.execute_assignment_plan(test_plan)
|
||||||
|
|
||||||
def _test_crud_inherited_and_direct_assignment(self, **kwargs):
|
def _test_crud_inherited_and_direct_assignment(self, **kwargs):
|
||||||
"""Tests inherited and direct assignments for the actor and target
|
"""Test inherited and direct assignments for the actor and target
|
||||||
|
|
||||||
Ensure it is possible to create both inherited and direct role
|
Ensure it is possible to create both inherited and direct role
|
||||||
assignments for the same actor on the same target. The actor and the
|
assignments for the same actor on the same target. The actor and the
|
||||||
|
@ -49,7 +49,7 @@ class BaseBackendLdapCommon(object):
|
|||||||
self.addCleanup(self.clear_database)
|
self.addCleanup(self.clear_database)
|
||||||
|
|
||||||
def _get_domain_fixture(self):
|
def _get_domain_fixture(self):
|
||||||
"""Domains in LDAP are read-only, so just return the static one."""
|
"""Return the static domain, since domains in LDAP are read-only."""
|
||||||
return self.resource_api.get_domain(CONF.identity.default_domain_id)
|
return self.resource_api.get_domain(CONF.identity.default_domain_id)
|
||||||
|
|
||||||
def clear_database(self):
|
def clear_database(self):
|
||||||
|
@ -38,7 +38,7 @@ class FederatedIdentityProviderTestsV8(
|
|||||||
self.useV8driver()
|
self.useV8driver()
|
||||||
|
|
||||||
def test_create_idp_remote_repeated(self):
|
def test_create_idp_remote_repeated(self):
|
||||||
"""Creates two IdentityProvider entities with some remote_ids
|
"""Create two IdentityProvider entities with some remote_ids
|
||||||
|
|
||||||
A remote_id is the same for both so the second IdP is not
|
A remote_id is the same for both so the second IdP is not
|
||||||
created because of the uniqueness of the remote_ids
|
created because of the uniqueness of the remote_ids
|
||||||
|
@ -34,7 +34,7 @@ CONF = cfg.CONF
|
|||||||
|
|
||||||
|
|
||||||
class DnCompareTest(unit.BaseTestCase):
|
class DnCompareTest(unit.BaseTestCase):
|
||||||
"""Tests for the DN comparison functions in keystone.common.ldap.core."""
|
"""Test for the DN comparison functions in keystone.common.ldap.core."""
|
||||||
|
|
||||||
def test_prep(self):
|
def test_prep(self):
|
||||||
# prep_case_insensitive returns the string with spaces at the front and
|
# prep_case_insensitive returns the string with spaces at the front and
|
||||||
@ -287,7 +287,7 @@ class LDAPDeleteTreeTest(unit.TestCase):
|
|||||||
|
|
||||||
|
|
||||||
class MultiURLTests(unit.TestCase):
|
class MultiURLTests(unit.TestCase):
|
||||||
"""Tests for setting multiple LDAP URLs."""
|
"""Test for setting multiple LDAP URLs."""
|
||||||
|
|
||||||
def test_multiple_urls_with_comma_no_conn_pool(self):
|
def test_multiple_urls_with_comma_no_conn_pool(self):
|
||||||
urls = 'ldap://localhost,ldap://backup.localhost'
|
urls = 'ldap://localhost,ldap://backup.localhost'
|
||||||
@ -305,7 +305,7 @@ class MultiURLTests(unit.TestCase):
|
|||||||
|
|
||||||
|
|
||||||
class SslTlsTest(unit.TestCase):
|
class SslTlsTest(unit.TestCase):
|
||||||
"""Tests for the SSL/TLS functionality in keystone.common.ldap.core."""
|
"""Test for the SSL/TLS functionality in keystone.common.ldap.core."""
|
||||||
|
|
||||||
@mock.patch.object(ks_ldap.core.KeystoneLDAPHandler, 'simple_bind_s')
|
@mock.patch.object(ks_ldap.core.KeystoneLDAPHandler, 'simple_bind_s')
|
||||||
@mock.patch.object(ldap.ldapobject.LDAPObject, 'start_tls_s')
|
@mock.patch.object(ldap.ldapobject.LDAPObject, 'start_tls_s')
|
||||||
@ -372,7 +372,7 @@ class SslTlsTest(unit.TestCase):
|
|||||||
|
|
||||||
|
|
||||||
class LDAPPagedResultsTest(unit.TestCase):
|
class LDAPPagedResultsTest(unit.TestCase):
|
||||||
"""Tests the paged results functionality in keystone.common.ldap.core."""
|
"""Test the paged results functionality in keystone.common.ldap.core."""
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(LDAPPagedResultsTest, self).setUp()
|
super(LDAPPagedResultsTest, self).setUp()
|
||||||
|
@ -381,7 +381,7 @@ class MappingRuleEngineTests(unit.BaseTestCase):
|
|||||||
self.assertEqual([], mapped_properties['group_ids'])
|
self.assertEqual([], mapped_properties['group_ids'])
|
||||||
|
|
||||||
def test_rule_engine_blacklist_and_direct_groups_mapping_multiples(self):
|
def test_rule_engine_blacklist_and_direct_groups_mapping_multiples(self):
|
||||||
"""Tests matching multiple values before the blacklist.
|
"""Test matching multiple values before the blacklist.
|
||||||
|
|
||||||
Verifies that the local indexes are correct when matching multiple
|
Verifies that the local indexes are correct when matching multiple
|
||||||
remote values for a field when the field occurs before the blacklist
|
remote values for a field when the field occurs before the blacklist
|
||||||
|
@ -171,7 +171,7 @@ def remove_generated_paste_config(extension_name):
|
|||||||
|
|
||||||
|
|
||||||
def skip_if_cache_disabled(*sections):
|
def skip_if_cache_disabled(*sections):
|
||||||
"""This decorator is used to skip a test if caching is disabled.
|
"""Skip a test if caching is disabled, this is a decorator.
|
||||||
|
|
||||||
Caching can be disabled either globally or for a specific section.
|
Caching can be disabled either globally or for a specific section.
|
||||||
|
|
||||||
@ -674,7 +674,7 @@ class TestCase(BaseTestCase):
|
|||||||
CONF(args=[], project='keystone', default_config_files=config_files)
|
CONF(args=[], project='keystone', default_config_files=config_files)
|
||||||
|
|
||||||
def load_backends(self):
|
def load_backends(self):
|
||||||
"""Initializes each manager and assigns them to an attribute."""
|
"""Initialize each manager and assigns them to an attribute."""
|
||||||
# TODO(blk-u): Shouldn't need to clear the registry here, but some
|
# TODO(blk-u): Shouldn't need to clear the registry here, but some
|
||||||
# tests call load_backends multiple times. These should be fixed to
|
# tests call load_backends multiple times. These should be fixed to
|
||||||
# only call load_backends once.
|
# only call load_backends once.
|
||||||
@ -814,7 +814,7 @@ class TestCase(BaseTestCase):
|
|||||||
auth.controllers.AUTH_PLUGINS_LOADED = False
|
auth.controllers.AUTH_PLUGINS_LOADED = False
|
||||||
|
|
||||||
def assertCloseEnoughForGovernmentWork(self, a, b, delta=3):
|
def assertCloseEnoughForGovernmentWork(self, a, b, delta=3):
|
||||||
"""Asserts that two datetimes are nearly equal within a small delta.
|
"""Assert that two datetimes are nearly equal within a small delta.
|
||||||
|
|
||||||
:param delta: Maximum allowable time delta, defined in seconds.
|
:param delta: Maximum allowable time delta, defined in seconds.
|
||||||
"""
|
"""
|
||||||
@ -831,7 +831,7 @@ class TestCase(BaseTestCase):
|
|||||||
|
|
||||||
def assertRaisesRegexp(self, expected_exception, expected_regexp,
|
def assertRaisesRegexp(self, expected_exception, expected_regexp,
|
||||||
callable_obj, *args, **kwargs):
|
callable_obj, *args, **kwargs):
|
||||||
"""Asserts that the message in a raised exception matches a regexp."""
|
"""Assert that the message in a raised exception matches a regexp."""
|
||||||
try:
|
try:
|
||||||
callable_obj(*args, **kwargs)
|
callable_obj(*args, **kwargs)
|
||||||
except expected_exception as exc_value:
|
except expected_exception as exc_value:
|
||||||
|
@ -190,7 +190,7 @@ def _match(key, value, attrs):
|
|||||||
|
|
||||||
|
|
||||||
def _subs(value):
|
def _subs(value):
|
||||||
"""Returns a list of subclass strings.
|
"""Return a list of subclass strings.
|
||||||
|
|
||||||
The strings represent the ldap objectclass plus any subclasses that
|
The strings represent the ldap objectclass plus any subclasses that
|
||||||
inherit from it. Fakeldap doesn't know about the ldap object structure,
|
inherit from it. Fakeldap doesn't know about the ldap object structure,
|
||||||
@ -295,7 +295,7 @@ class FakeLdap(core.LDAPHandler):
|
|||||||
|
|
||||||
def simple_bind_s(self, who='', cred='',
|
def simple_bind_s(self, who='', cred='',
|
||||||
serverctrls=None, clientctrls=None):
|
serverctrls=None, clientctrls=None):
|
||||||
"""This method is ignored, but provided for compatibility."""
|
"""Provide for compatibility but this method is ignored."""
|
||||||
if server_fail:
|
if server_fail:
|
||||||
raise ldap.SERVER_DOWN
|
raise ldap.SERVER_DOWN
|
||||||
whos = ['cn=Admin', CONF.ldap.user]
|
whos = ['cn=Admin', CONF.ldap.user]
|
||||||
@ -322,7 +322,7 @@ class FakeLdap(core.LDAPHandler):
|
|||||||
raise ldap.INVALID_CREDENTIALS
|
raise ldap.INVALID_CREDENTIALS
|
||||||
|
|
||||||
def unbind_s(self):
|
def unbind_s(self):
|
||||||
"""This method is ignored, but provided for compatibility."""
|
"""Provide for compatibility but this method is ignored."""
|
||||||
if server_fail:
|
if server_fail:
|
||||||
raise ldap.SERVER_DOWN
|
raise ldap.SERVER_DOWN
|
||||||
|
|
||||||
|
@ -69,11 +69,11 @@ class AppServer(fixtures.Fixture):
|
|||||||
cert_required=self.cert_required)
|
cert_required=self.cert_required)
|
||||||
|
|
||||||
def _update_config_opt(self):
|
def _update_config_opt(self):
|
||||||
"""Updates the config with the actual port used."""
|
"""Update the config with the actual port used."""
|
||||||
opt_name = self._get_config_option_for_section_name()
|
opt_name = self._get_config_option_for_section_name()
|
||||||
CONF.set_override(opt_name, self.port, group='eventlet_server',
|
CONF.set_override(opt_name, self.port, group='eventlet_server',
|
||||||
enforce_type=True)
|
enforce_type=True)
|
||||||
|
|
||||||
def _get_config_option_for_section_name(self):
|
def _get_config_option_for_section_name(self):
|
||||||
"""Maps Paster config section names to port option names."""
|
"""Map Paster config section names to port option names."""
|
||||||
return {'admin': 'admin_port', 'main': 'public_port'}[self.name]
|
return {'admin': 'admin_port', 'main': 'public_port'}[self.name]
|
||||||
|
@ -49,7 +49,7 @@ class ResourceTests(object):
|
|||||||
|
|
||||||
@unit.skip_if_no_multiple_domains_support
|
@unit.skip_if_no_multiple_domains_support
|
||||||
def test_get_project_by_name_for_project_acting_as_a_domain(self):
|
def test_get_project_by_name_for_project_acting_as_a_domain(self):
|
||||||
"""Tests get_project_by_name works when the domain_id is None."""
|
"""Test get_project_by_name works when the domain_id is None."""
|
||||||
project = unit.new_project_ref(
|
project = unit.new_project_ref(
|
||||||
domain_id=CONF.identity.default_domain_id, is_domain=False)
|
domain_id=CONF.identity.default_domain_id, is_domain=False)
|
||||||
project = self.resource_api.create_project(project['id'], project)
|
project = self.resource_api.create_project(project['id'], project)
|
||||||
@ -475,7 +475,7 @@ class ResourceTests(object):
|
|||||||
domain_id=None,
|
domain_id=None,
|
||||||
is_domain=False,
|
is_domain=False,
|
||||||
parent_project_id=None):
|
parent_project_id=None):
|
||||||
"""Creates a project hierarchy with specified size.
|
"""Create a project hierarchy with specified size.
|
||||||
|
|
||||||
:param hierarchy_size: the desired hierarchy size, default is 2 -
|
:param hierarchy_size: the desired hierarchy size, default is 2 -
|
||||||
a project with one child.
|
a project with one child.
|
||||||
@ -521,7 +521,7 @@ class ResourceTests(object):
|
|||||||
|
|
||||||
@unit.skip_if_no_multiple_domains_support
|
@unit.skip_if_no_multiple_domains_support
|
||||||
def test_project_as_a_domain_uniqueness_constraints(self):
|
def test_project_as_a_domain_uniqueness_constraints(self):
|
||||||
"""Tests project uniqueness for those acting as domains.
|
"""Test project uniqueness for those acting as domains.
|
||||||
|
|
||||||
If it is a project acting as a domain, we can't have two or more with
|
If it is a project acting as a domain, we can't have two or more with
|
||||||
the same name.
|
the same name.
|
||||||
@ -980,7 +980,7 @@ class ResourceTests(object):
|
|||||||
leaf_project['id'])
|
leaf_project['id'])
|
||||||
|
|
||||||
def test_delete_projects_from_ids(self):
|
def test_delete_projects_from_ids(self):
|
||||||
"""Tests the resource backend call delete_projects_from_ids.
|
"""Test the resource backend call delete_projects_from_ids.
|
||||||
|
|
||||||
Tests the normal flow of the delete_projects_from_ids backend call,
|
Tests the normal flow of the delete_projects_from_ids backend call,
|
||||||
that ensures no project on the list exists after it is succesfully
|
that ensures no project on the list exists after it is succesfully
|
||||||
@ -1008,7 +1008,7 @@ class ResourceTests(object):
|
|||||||
self.resource_api.driver.delete_projects_from_ids([])
|
self.resource_api.driver.delete_projects_from_ids([])
|
||||||
|
|
||||||
def test_delete_projects_from_ids_with_no_existing_project_id(self):
|
def test_delete_projects_from_ids_with_no_existing_project_id(self):
|
||||||
"""Tests delete_projects_from_ids issues warning if not found.
|
"""Test delete_projects_from_ids issues warning if not found.
|
||||||
|
|
||||||
Tests the resource backend call delete_projects_from_ids passing a
|
Tests the resource backend call delete_projects_from_ids passing a
|
||||||
non existing ID in project_ids, which is logged and ignored by
|
non existing ID in project_ids, which is logged and ignored by
|
||||||
@ -1592,7 +1592,7 @@ class ResourceTests(object):
|
|||||||
|
|
||||||
|
|
||||||
class ResourceDriverTests(object):
|
class ResourceDriverTests(object):
|
||||||
"""Tests for the resource driver.
|
"""Test for the resource driver.
|
||||||
|
|
||||||
Subclasses must set self.driver to the driver instance.
|
Subclasses must set self.driver to the driver instance.
|
||||||
|
|
||||||
|
@ -92,7 +92,7 @@ class RestfulTestCase(unit.TestCase):
|
|||||||
return response
|
return response
|
||||||
|
|
||||||
def assertResponseSuccessful(self, response):
|
def assertResponseSuccessful(self, response):
|
||||||
"""Asserts that a status code lies inside the 2xx range.
|
"""Assert that a status code lies inside the 2xx range.
|
||||||
|
|
||||||
:param response: :py:class:`httplib.HTTPResponse` to be
|
:param response: :py:class:`httplib.HTTPResponse` to be
|
||||||
verified to have a status code between 200 and 299.
|
verified to have a status code between 200 and 299.
|
||||||
@ -107,7 +107,7 @@ class RestfulTestCase(unit.TestCase):
|
|||||||
(response.status, response.body))
|
(response.status, response.body))
|
||||||
|
|
||||||
def assertResponseStatus(self, response, expected_status):
|
def assertResponseStatus(self, response, expected_status):
|
||||||
"""Asserts a specific status code on the response.
|
"""Assert a specific status code on the response.
|
||||||
|
|
||||||
:param response: :py:class:`httplib.HTTPResponse`
|
:param response: :py:class:`httplib.HTTPResponse`
|
||||||
:param expected_status: The specific ``status`` result expected
|
:param expected_status: The specific ``status`` result expected
|
||||||
@ -122,7 +122,7 @@ class RestfulTestCase(unit.TestCase):
|
|||||||
(response.status_code, expected_status, response.body))
|
(response.status_code, expected_status, response.body))
|
||||||
|
|
||||||
def assertValidResponseHeaders(self, response):
|
def assertValidResponseHeaders(self, response):
|
||||||
"""Ensures that response headers appear as expected."""
|
"""Ensure that response headers appear as expected."""
|
||||||
self.assertIn('X-Auth-Token', response.headers.get('Vary'))
|
self.assertIn('X-Auth-Token', response.headers.get('Vary'))
|
||||||
|
|
||||||
def assertValidErrorResponse(self, response,
|
def assertValidErrorResponse(self, response,
|
||||||
@ -168,7 +168,7 @@ class RestfulTestCase(unit.TestCase):
|
|||||||
def restful_request(self, method='GET', headers=None, body=None,
|
def restful_request(self, method='GET', headers=None, body=None,
|
||||||
content_type=None, response_content_type=None,
|
content_type=None, response_content_type=None,
|
||||||
**kwargs):
|
**kwargs):
|
||||||
"""Serializes/deserializes json as request/response body.
|
"""Serialize/deserialize json as request/response body.
|
||||||
|
|
||||||
.. WARNING::
|
.. WARNING::
|
||||||
|
|
||||||
|
@ -1368,7 +1368,7 @@ class EndpointGroupCRUDTestCase(EndpointFilterTestCase):
|
|||||||
'project_id': project_id})
|
'project_id': project_id})
|
||||||
|
|
||||||
def _create_endpoint_and_associations(self, project_id, service_id=None):
|
def _create_endpoint_and_associations(self, project_id, service_id=None):
|
||||||
"""Creates an endpoint associated with service and project."""
|
"""Create an endpoint associated with service and project."""
|
||||||
if not service_id:
|
if not service_id:
|
||||||
# create a new service
|
# create a new service
|
||||||
service_ref = unit.new_service_ref()
|
service_ref = unit.new_service_ref()
|
||||||
|
@ -1312,7 +1312,7 @@ class TokenExpirationTest(AuthTest):
|
|||||||
|
|
||||||
|
|
||||||
class AuthCatalog(unit.SQLDriverOverrides, AuthTest):
|
class AuthCatalog(unit.SQLDriverOverrides, AuthTest):
|
||||||
"""Tests for the catalog provided in the auth response."""
|
"""Test for the catalog provided in the auth response."""
|
||||||
|
|
||||||
def config_files(self):
|
def config_files(self):
|
||||||
config_files = super(AuthCatalog, self).config_files()
|
config_files = super(AuthCatalog, self).config_files()
|
||||||
|
@ -135,7 +135,7 @@ class BaseLDAPIdentity(identity_tests.IdentityTests,
|
|||||||
self.config_fixture.config(group='os_inherit', enabled=False)
|
self.config_fixture.config(group='os_inherit', enabled=False)
|
||||||
|
|
||||||
def _get_domain_fixture(self):
|
def _get_domain_fixture(self):
|
||||||
"""Domains in LDAP are read-only, so just return the static one."""
|
"""Return the static domain, since domains in LDAP are read-only."""
|
||||||
return self.resource_api.get_domain(CONF.identity.default_domain_id)
|
return self.resource_api.get_domain(CONF.identity.default_domain_id)
|
||||||
|
|
||||||
def get_config(self, domain_id):
|
def get_config(self, domain_id):
|
||||||
@ -2190,7 +2190,7 @@ class LDAPPosixGroupsTest(unit.TestCase):
|
|||||||
return config_files
|
return config_files
|
||||||
|
|
||||||
def _get_domain_fixture(self):
|
def _get_domain_fixture(self):
|
||||||
"""Domains in LDAP are read-only, so just return the static one."""
|
"""Return the static domain, since domains in LDAP are read-only."""
|
||||||
return self.resource_api.get_domain(CONF.identity.default_domain_id)
|
return self.resource_api.get_domain(CONF.identity.default_domain_id)
|
||||||
|
|
||||||
def test_posix_member_id(self):
|
def test_posix_member_id(self):
|
||||||
|
@ -358,7 +358,7 @@ class SqlIdentity(SqlTests, identity_tests.IdentityTests,
|
|||||||
self.assertEqual([], tenants)
|
self.assertEqual([], tenants)
|
||||||
|
|
||||||
def test_update_project_returns_extra(self):
|
def test_update_project_returns_extra(self):
|
||||||
"""This tests for backwards-compatibility with an essex/folsom bug.
|
"""Test for backward compatibility with an essex/folsom bug.
|
||||||
|
|
||||||
Non-indexed attributes were returned in an 'extra' attribute, instead
|
Non-indexed attributes were returned in an 'extra' attribute, instead
|
||||||
of on the entity itself; for consistency and backwards compatibility,
|
of on the entity itself; for consistency and backwards compatibility,
|
||||||
@ -382,7 +382,7 @@ class SqlIdentity(SqlTests, identity_tests.IdentityTests,
|
|||||||
self.assertEqual(arbitrary_value, ref['extra'][arbitrary_key])
|
self.assertEqual(arbitrary_value, ref['extra'][arbitrary_key])
|
||||||
|
|
||||||
def test_update_user_returns_extra(self):
|
def test_update_user_returns_extra(self):
|
||||||
"""This tests for backwards-compatibility with an essex/folsom bug.
|
"""Test for backwards-compatibility with an essex/folsom bug.
|
||||||
|
|
||||||
Non-indexed attributes were returned in an 'extra' attribute, instead
|
Non-indexed attributes were returned in an 'extra' attribute, instead
|
||||||
of on the entity itself; for consistency and backwards compatibility,
|
of on the entity itself; for consistency and backwards compatibility,
|
||||||
|
@ -107,7 +107,7 @@ class ExceptionTestCase(unit.BaseTestCase):
|
|||||||
|
|
||||||
|
|
||||||
class UnexpectedExceptionTestCase(ExceptionTestCase):
|
class UnexpectedExceptionTestCase(ExceptionTestCase):
|
||||||
"""Tests if internal info is exposed to the API user on UnexpectedError."""
|
"""Test if internal info is exposed to the API user on UnexpectedError."""
|
||||||
|
|
||||||
class SubClassExc(exception.UnexpectedError):
|
class SubClassExc(exception.UnexpectedError):
|
||||||
debug_message_format = 'Debug Message: %(debug_info)s'
|
debug_message_format = 'Debug Message: %(debug_info)s'
|
||||||
@ -177,7 +177,7 @@ class UnexpectedExceptionTestCase(ExceptionTestCase):
|
|||||||
|
|
||||||
|
|
||||||
class SecurityErrorTestCase(ExceptionTestCase):
|
class SecurityErrorTestCase(ExceptionTestCase):
|
||||||
"""Tests whether security-related info is exposed to the API user."""
|
"""Test whether security-related info is exposed to the API user."""
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(SecurityErrorTestCase, self).setUp()
|
super(SecurityErrorTestCase, self).setUp()
|
||||||
|
@ -28,7 +28,7 @@ class BaseStyleCheck(unit.BaseTestCase):
|
|||||||
self.addCleanup(delattr, self, 'code_ex')
|
self.addCleanup(delattr, self, 'code_ex')
|
||||||
|
|
||||||
def get_checker(self):
|
def get_checker(self):
|
||||||
"""Returns the checker to be used for tests in this class."""
|
"""Return the checker to be used for tests in this class."""
|
||||||
raise NotImplemented('subclasses must provide a real implementation')
|
raise NotImplemented('subclasses must provide a real implementation')
|
||||||
|
|
||||||
def get_fixture(self):
|
def get_fixture(self):
|
||||||
|
@ -302,7 +302,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests,
|
|||||||
|
|
||||||
def _create_context(self, request, mapping_ref=None,
|
def _create_context(self, request, mapping_ref=None,
|
||||||
exception_expected=False):
|
exception_expected=False):
|
||||||
"""Builds the auth context from the given arguments.
|
"""Build the auth context from the given arguments.
|
||||||
|
|
||||||
auth context will be returned from the AuthContextMiddleware based on
|
auth context will be returned from the AuthContextMiddleware based on
|
||||||
what is being passed in the given request and what mapping is being
|
what is being passed in the given request and what mapping is being
|
||||||
|
@ -228,7 +228,7 @@ class SqlMigrateBase(test_base.DbTestCase):
|
|||||||
raise AssertionError('Table "%s" does not exist' % table_name)
|
raise AssertionError('Table "%s" does not exist' % table_name)
|
||||||
|
|
||||||
def assertTableDoesNotExist(self, table_name):
|
def assertTableDoesNotExist(self, table_name):
|
||||||
"""Asserts that a given table exists cannot be selected by name."""
|
"""Assert that a given table exists cannot be selected by name."""
|
||||||
# Switch to a different metadata otherwise you might still
|
# Switch to a different metadata otherwise you might still
|
||||||
# detect renamed or dropped tables
|
# detect renamed or dropped tables
|
||||||
try:
|
try:
|
||||||
@ -241,7 +241,7 @@ class SqlMigrateBase(test_base.DbTestCase):
|
|||||||
raise AssertionError('Table "%s" already exists' % table_name)
|
raise AssertionError('Table "%s" already exists' % table_name)
|
||||||
|
|
||||||
def calc_table_row_count(self, table_name):
|
def calc_table_row_count(self, table_name):
|
||||||
"""Returns the number of rows in the table."""
|
"""Return the number of rows in the table."""
|
||||||
t = sqlalchemy.Table(table_name, self.metadata, autoload=True)
|
t = sqlalchemy.Table(table_name, self.metadata, autoload=True)
|
||||||
session = self.sessionmaker()
|
session = self.sessionmaker()
|
||||||
row_count = session.query(
|
row_count = session.query(
|
||||||
@ -275,7 +275,7 @@ class SqlMigrateBase(test_base.DbTestCase):
|
|||||||
self.assertEqual(self.schema_.version, version)
|
self.assertEqual(self.schema_.version, version)
|
||||||
|
|
||||||
def assertTableColumns(self, table_name, expected_cols):
|
def assertTableColumns(self, table_name, expected_cols):
|
||||||
"""Asserts that the table contains the expected set of columns."""
|
"""Assert that the table contains the expected set of columns."""
|
||||||
self.initialize_sql()
|
self.initialize_sql()
|
||||||
table = self.select_table(table_name)
|
table = self.select_table(table_name)
|
||||||
actual_cols = [col.name for col in table.columns]
|
actual_cols = [col.name for col in table.columns]
|
||||||
@ -423,7 +423,7 @@ class SqlUpgradeTests(SqlMigrateBase):
|
|||||||
assignments)
|
assignments)
|
||||||
|
|
||||||
def does_pk_exist(self, table, pk_column):
|
def does_pk_exist(self, table, pk_column):
|
||||||
"""Checks whether a column is primary key on a table."""
|
"""Check whether a column is primary key on a table."""
|
||||||
inspector = reflection.Inspector.from_engine(self.engine)
|
inspector = reflection.Inspector.from_engine(self.engine)
|
||||||
pk_columns = inspector.get_pk_constraint(table)['constrained_columns']
|
pk_columns = inspector.get_pk_constraint(table)['constrained_columns']
|
||||||
|
|
||||||
|
@ -39,7 +39,7 @@ class UrlMiddlewareTest(unit.TestCase):
|
|||||||
self.response_headers = dict(headers)
|
self.response_headers = dict(headers)
|
||||||
|
|
||||||
def test_trailing_slash_normalization(self):
|
def test_trailing_slash_normalization(self):
|
||||||
"""Tests /v2.0/tokens and /v2.0/tokens/ normalized URLs match."""
|
"""Test /v2.0/tokens and /v2.0/tokens/ normalized URLs match."""
|
||||||
req1 = webob.Request.blank('/v2.0/tokens')
|
req1 = webob.Request.blank('/v2.0/tokens')
|
||||||
req2 = webob.Request.blank('/v2.0/tokens/')
|
req2 = webob.Request.blank('/v2.0/tokens/')
|
||||||
self.middleware(req1.environ, self.start_fake_response)
|
self.middleware(req1.environ, self.start_fake_response)
|
||||||
@ -48,7 +48,7 @@ class UrlMiddlewareTest(unit.TestCase):
|
|||||||
self.assertEqual('http://localhost/v2.0/tokens', req1.path_url)
|
self.assertEqual('http://localhost/v2.0/tokens', req1.path_url)
|
||||||
|
|
||||||
def test_rewrite_empty_path(self):
|
def test_rewrite_empty_path(self):
|
||||||
"""Tests empty path is rewritten to root."""
|
"""Test empty path is rewritten to root."""
|
||||||
req = webob.Request.blank('')
|
req = webob.Request.blank('')
|
||||||
self.middleware(req.environ, self.start_fake_response)
|
self.middleware(req.environ, self.start_fake_response)
|
||||||
self.assertEqual('http://localhost/', req.path_url)
|
self.assertEqual('http://localhost/', req.path_url)
|
||||||
|
@ -382,7 +382,7 @@ class CoreApiTests(object):
|
|||||||
expected_status=http_client.OK)
|
expected_status=http_client.OK)
|
||||||
|
|
||||||
def test_error_response(self):
|
def test_error_response(self):
|
||||||
"""This triggers assertValidErrorResponse by convention."""
|
"""Trigger assertValidErrorResponse by convention."""
|
||||||
self.public_request(path='/v2.0/tenants',
|
self.public_request(path='/v2.0/tenants',
|
||||||
expected_status=http_client.UNAUTHORIZED)
|
expected_status=http_client.UNAUTHORIZED)
|
||||||
|
|
||||||
@ -701,7 +701,7 @@ class CoreApiTests(object):
|
|||||||
|
|
||||||
|
|
||||||
class LegacyV2UsernameTests(object):
|
class LegacyV2UsernameTests(object):
|
||||||
"""Tests to show the broken username behavior in V2.
|
"""Test to show the broken username behavior in V2.
|
||||||
|
|
||||||
The V2 API is documented to use `username` instead of `name`. The
|
The V2 API is documented to use `username` instead of `name`. The
|
||||||
API forced used to use name and left the username to fall into the
|
API forced used to use name and left the username to fall into the
|
||||||
@ -712,7 +712,7 @@ class LegacyV2UsernameTests(object):
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
def create_user(self, **user_attrs):
|
def create_user(self, **user_attrs):
|
||||||
"""Creates a users and returns the response object.
|
"""Create a users and returns the response object.
|
||||||
|
|
||||||
:param user_attrs: attributes added to the request body (optional)
|
:param user_attrs: attributes added to the request body (optional)
|
||||||
"""
|
"""
|
||||||
|
@ -30,7 +30,7 @@ _ADMIN_CONTEXT = {'is_admin': True, 'query_string': {}}
|
|||||||
|
|
||||||
|
|
||||||
class TenantTestCase(unit.TestCase):
|
class TenantTestCase(unit.TestCase):
|
||||||
"""Tests for the V2 Tenant controller.
|
"""Test for the V2 Tenant controller.
|
||||||
|
|
||||||
These tests exercise :class:`keystone.assignment.controllers.Tenant`.
|
These tests exercise :class:`keystone.assignment.controllers.Tenant`.
|
||||||
|
|
||||||
@ -48,7 +48,7 @@ class TenantTestCase(unit.TestCase):
|
|||||||
assignment_controllers.RoleAssignmentV2())
|
assignment_controllers.RoleAssignmentV2())
|
||||||
|
|
||||||
def test_get_project_users_no_user(self):
|
def test_get_project_users_no_user(self):
|
||||||
"""get_project_users when user doesn't exist.
|
"""Test the user's existence for get_project_users.
|
||||||
|
|
||||||
When a user that's not known to `identity` has a role on a project,
|
When a user that's not known to `identity` has a role on a project,
|
||||||
then `get_project_users` just skips that user.
|
then `get_project_users` just skips that user.
|
||||||
|
@ -894,14 +894,14 @@ class RoleAssignmentBaseTestCase(test_v3.RestfulTestCase,
|
|||||||
MAX_HIERARCHY_DEPTH = CONF.max_project_tree_depth - 1
|
MAX_HIERARCHY_DEPTH = CONF.max_project_tree_depth - 1
|
||||||
|
|
||||||
def load_sample_data(self):
|
def load_sample_data(self):
|
||||||
"""Creates sample data to be used on tests.
|
"""Create sample data to be used on tests.
|
||||||
|
|
||||||
Created data are i) a role and ii) a domain containing: a project
|
Created data are i) a role and ii) a domain containing: a project
|
||||||
hierarchy and 3 users within 3 groups.
|
hierarchy and 3 users within 3 groups.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
def create_project_hierarchy(parent_id, depth):
|
def create_project_hierarchy(parent_id, depth):
|
||||||
"""Creates a random project hierarchy."""
|
"""Create a random project hierarchy."""
|
||||||
if depth == 0:
|
if depth == 0:
|
||||||
return
|
return
|
||||||
|
|
||||||
@ -967,7 +967,7 @@ class RoleAssignmentBaseTestCase(test_v3.RestfulTestCase,
|
|||||||
self.default_group_id = self.group_ids[0]
|
self.default_group_id = self.group_ids[0]
|
||||||
|
|
||||||
def get_role_assignments(self, expected_status=http_client.OK, **filters):
|
def get_role_assignments(self, expected_status=http_client.OK, **filters):
|
||||||
"""Returns the result from querying role assignment API + queried URL.
|
"""Return the result from querying role assignment API + queried URL.
|
||||||
|
|
||||||
Calls GET /v3/role_assignments?<params> and returns its result, where
|
Calls GET /v3/role_assignments?<params> and returns its result, where
|
||||||
<params> is the HTTP query parameters form of effective option plus
|
<params> is the HTTP query parameters form of effective option plus
|
||||||
@ -983,7 +983,7 @@ class RoleAssignmentBaseTestCase(test_v3.RestfulTestCase,
|
|||||||
return (response, query_url)
|
return (response, query_url)
|
||||||
|
|
||||||
def _get_role_assignments_query_url(self, **filters):
|
def _get_role_assignments_query_url(self, **filters):
|
||||||
"""Returns non-effective role assignments query URL from given filters.
|
"""Return non-effective role assignments query URL from given filters.
|
||||||
|
|
||||||
:param filters: query parameters are created with the provided filters
|
:param filters: query parameters are created with the provided filters
|
||||||
on role assignments attributes. Valid filters are:
|
on role assignments attributes. Valid filters are:
|
||||||
@ -1080,7 +1080,7 @@ class RoleAssignmentDirectTestCase(RoleAssignmentBaseTestCase):
|
|||||||
self.assignment_api.delete_grant(**test_assignment)
|
self.assignment_api.delete_grant(**test_assignment)
|
||||||
|
|
||||||
def _set_default_assignment_attributes(self, **attribs):
|
def _set_default_assignment_attributes(self, **attribs):
|
||||||
"""Inserts default values for missing attributes of role assignment.
|
"""Insert default values for missing attributes of role assignment.
|
||||||
|
|
||||||
If no actor, target or role are provided, they will default to values
|
If no actor, target or role are provided, they will default to values
|
||||||
from sample data.
|
from sample data.
|
||||||
@ -1186,7 +1186,7 @@ class RoleAssignmentInheritedTestCase(RoleAssignmentDirectTestCase):
|
|||||||
self.config_fixture.config(group='os_inherit', enabled=True)
|
self.config_fixture.config(group='os_inherit', enabled=True)
|
||||||
|
|
||||||
def _test_get_role_assignments(self, **filters):
|
def _test_get_role_assignments(self, **filters):
|
||||||
"""Adds inherited_to_project filter to expected entity in tests."""
|
"""Add inherited_to_project filter to expected entity in tests."""
|
||||||
super(RoleAssignmentInheritedTestCase,
|
super(RoleAssignmentInheritedTestCase,
|
||||||
self)._test_get_role_assignments(inherited_to_projects=True,
|
self)._test_get_role_assignments(inherited_to_projects=True,
|
||||||
**filters)
|
**filters)
|
||||||
@ -1204,7 +1204,7 @@ class RoleAssignmentEffectiveTestCase(RoleAssignmentInheritedTestCase):
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
def _get_role_assignments_query_url(self, **filters):
|
def _get_role_assignments_query_url(self, **filters):
|
||||||
"""Returns effective role assignments query URL from given filters.
|
"""Return effective role assignments query URL from given filters.
|
||||||
|
|
||||||
For test methods in this class, effetive will always be true. As in
|
For test methods in this class, effetive will always be true. As in
|
||||||
effective mode, inherited_to_projects, group_id, domain_id and
|
effective mode, inherited_to_projects, group_id, domain_id and
|
||||||
@ -1933,7 +1933,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase,
|
|||||||
self.assertRoleAssignmentInListResponse(r, gd_entity)
|
self.assertRoleAssignmentInListResponse(r, gd_entity)
|
||||||
|
|
||||||
def _setup_hierarchical_projects_scenario(self):
|
def _setup_hierarchical_projects_scenario(self):
|
||||||
"""Creates basic hierarchical projects scenario.
|
"""Create basic hierarchical projects scenario.
|
||||||
|
|
||||||
This basic scenario contains a root with one leaf project and
|
This basic scenario contains a root with one leaf project and
|
||||||
two roles with the following names: non-inherited and inherited.
|
two roles with the following names: non-inherited and inherited.
|
||||||
@ -2779,7 +2779,7 @@ class DomainSpecificRoleTests(test_v3.RestfulTestCase, unit.TestCase):
|
|||||||
|
|
||||||
|
|
||||||
class ListUserProjectsTestCase(test_v3.RestfulTestCase):
|
class ListUserProjectsTestCase(test_v3.RestfulTestCase):
|
||||||
"""Tests for /users/<user>/projects"""
|
"""Test for /users/<user>/projects"""
|
||||||
|
|
||||||
def load_sample_data(self):
|
def load_sample_data(self):
|
||||||
# do not load base class's data, keep it focused on the tests
|
# do not load base class's data, keep it focused on the tests
|
||||||
|
@ -791,7 +791,7 @@ class CatalogTestCase(test_v3.RestfulTestCase):
|
|||||||
|
|
||||||
|
|
||||||
class TestCatalogAPISQL(unit.TestCase):
|
class TestCatalogAPISQL(unit.TestCase):
|
||||||
"""Tests for the catalog Manager against the SQL backend."""
|
"""Test for the catalog Manager against the SQL backend."""
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestCatalogAPISQL, self).setUp()
|
super(TestCatalogAPISQL, self).setUp()
|
||||||
@ -882,7 +882,7 @@ class TestCatalogAPISQL(unit.TestCase):
|
|||||||
# TODO(dstanek): this needs refactoring with the test above, but we are in a
|
# TODO(dstanek): this needs refactoring with the test above, but we are in a
|
||||||
# crunch so that will happen in a future patch.
|
# crunch so that will happen in a future patch.
|
||||||
class TestCatalogAPISQLRegions(unit.TestCase):
|
class TestCatalogAPISQLRegions(unit.TestCase):
|
||||||
"""Tests for the catalog Manager against the SQL backend."""
|
"""Test for the catalog Manager against the SQL backend."""
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestCatalogAPISQLRegions, self).setUp()
|
super(TestCatalogAPISQLRegions, self).setUp()
|
||||||
|
@ -857,7 +857,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase):
|
|||||||
return r
|
return r
|
||||||
|
|
||||||
def test_create_idp(self):
|
def test_create_idp(self):
|
||||||
"""Creates the IdentityProvider entity associated to remote_ids."""
|
"""Create the IdentityProvider entity associated to remote_ids."""
|
||||||
keys_to_check = list(self.idp_keys)
|
keys_to_check = list(self.idp_keys)
|
||||||
body = self.default_body.copy()
|
body = self.default_body.copy()
|
||||||
body['description'] = uuid.uuid4().hex
|
body['description'] = uuid.uuid4().hex
|
||||||
@ -867,7 +867,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase):
|
|||||||
ref=body)
|
ref=body)
|
||||||
|
|
||||||
def test_create_idp_remote(self):
|
def test_create_idp_remote(self):
|
||||||
"""Creates the IdentityProvider entity associated to remote_ids."""
|
"""Create the IdentityProvider entity associated to remote_ids."""
|
||||||
keys_to_check = list(self.idp_keys)
|
keys_to_check = list(self.idp_keys)
|
||||||
keys_to_check.append('remote_ids')
|
keys_to_check.append('remote_ids')
|
||||||
body = self.default_body.copy()
|
body = self.default_body.copy()
|
||||||
@ -881,7 +881,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase):
|
|||||||
ref=body)
|
ref=body)
|
||||||
|
|
||||||
def test_create_idp_remote_repeated(self):
|
def test_create_idp_remote_repeated(self):
|
||||||
"""Creates two IdentityProvider entities with some remote_ids
|
"""Create two IdentityProvider entities with some remote_ids
|
||||||
|
|
||||||
A remote_id is the same for both so the second IdP is not
|
A remote_id is the same for both so the second IdP is not
|
||||||
created because of the uniqueness of the remote_ids
|
created because of the uniqueness of the remote_ids
|
||||||
@ -908,7 +908,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase):
|
|||||||
resp_data.get('error', {}).get('message'))
|
resp_data.get('error', {}).get('message'))
|
||||||
|
|
||||||
def test_create_idp_remote_empty(self):
|
def test_create_idp_remote_empty(self):
|
||||||
"""Creates an IdP with empty remote_ids."""
|
"""Create an IdP with empty remote_ids."""
|
||||||
keys_to_check = list(self.idp_keys)
|
keys_to_check = list(self.idp_keys)
|
||||||
keys_to_check.append('remote_ids')
|
keys_to_check.append('remote_ids')
|
||||||
body = self.default_body.copy()
|
body = self.default_body.copy()
|
||||||
@ -920,7 +920,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase):
|
|||||||
ref=body)
|
ref=body)
|
||||||
|
|
||||||
def test_create_idp_remote_none(self):
|
def test_create_idp_remote_none(self):
|
||||||
"""Creates an IdP with a None remote_ids."""
|
"""Create an IdP with a None remote_ids."""
|
||||||
keys_to_check = list(self.idp_keys)
|
keys_to_check = list(self.idp_keys)
|
||||||
keys_to_check.append('remote_ids')
|
keys_to_check.append('remote_ids')
|
||||||
body = self.default_body.copy()
|
body = self.default_body.copy()
|
||||||
@ -988,7 +988,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase):
|
|||||||
sorted(returned_idp.get('remote_ids')))
|
sorted(returned_idp.get('remote_ids')))
|
||||||
|
|
||||||
def test_list_idps(self, iterations=5):
|
def test_list_idps(self, iterations=5):
|
||||||
"""Lists all available IdentityProviders.
|
"""List all available IdentityProviders.
|
||||||
|
|
||||||
This test collects ids of created IdPs and
|
This test collects ids of created IdPs and
|
||||||
intersects it with the list of all available IdPs.
|
intersects it with the list of all available IdPs.
|
||||||
@ -1617,7 +1617,7 @@ class FederatedTokenTests(test_v3.RestfulTestCase, FederatedSetupMixin):
|
|||||||
self.assertValidMappedUser(r.json['token'])
|
self.assertValidMappedUser(r.json['token'])
|
||||||
|
|
||||||
def test_issue_unscoped_token_disabled_idp(self):
|
def test_issue_unscoped_token_disabled_idp(self):
|
||||||
"""Checks if authentication works with disabled identity providers.
|
"""Check if authentication works with disabled identity providers.
|
||||||
|
|
||||||
Test plan:
|
Test plan:
|
||||||
1) Disable default IdP
|
1) Disable default IdP
|
||||||
@ -2584,7 +2584,7 @@ class FederatedTokenTestsMethodToken(FederatedTokenTests):
|
|||||||
|
|
||||||
|
|
||||||
class FederatedUserTests(test_v3.RestfulTestCase, FederatedSetupMixin):
|
class FederatedUserTests(test_v3.RestfulTestCase, FederatedSetupMixin):
|
||||||
"""Tests for federated users
|
"""Test for federated users
|
||||||
|
|
||||||
Tests new shadow users functionality
|
Tests new shadow users functionality
|
||||||
|
|
||||||
|
@ -731,7 +731,7 @@ class UserSelfServiceChangingPasswordsTestCase(test_v3.RestfulTestCase):
|
|||||||
return r.headers.get('X-Subject-Token')
|
return r.headers.get('X-Subject-Token')
|
||||||
|
|
||||||
def change_password(self, expected_status, **kwargs):
|
def change_password(self, expected_status, **kwargs):
|
||||||
"""Returns a test response for a change password request."""
|
"""Return a test response for a change password request."""
|
||||||
return self.post('/users/%s/password' % self.user_ref['id'],
|
return self.post('/users/%s/password' % self.user_ref['id'],
|
||||||
body={'user': kwargs},
|
body={'user': kwargs},
|
||||||
token=self.token,
|
token=self.token,
|
||||||
|
@ -1388,7 +1388,7 @@ class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase,
|
|||||||
expected_status=exception.ForbiddenAction.code)
|
expected_status=exception.ForbiddenAction.code)
|
||||||
|
|
||||||
def test_get_and_delete_ec2_credentials(self):
|
def test_get_and_delete_ec2_credentials(self):
|
||||||
"""Tests getting and deleting ec2 credentials through the ec2 API."""
|
"""Test getting and deleting ec2 credentials through the ec2 API."""
|
||||||
another_user = unit.create_user(self.identity_api,
|
another_user = unit.create_user(self.identity_api,
|
||||||
domain_id=self.domainA['id'])
|
domain_id=self.domainA['id'])
|
||||||
|
|
||||||
|
@ -675,7 +675,7 @@ class ResourceTestCase(test_v3.RestfulTestCase,
|
|||||||
self.assertValidProjectResponse(r, ref_child)
|
self.assertValidProjectResponse(r, ref_child)
|
||||||
|
|
||||||
def _create_projects_hierarchy(self, hierarchy_size=1):
|
def _create_projects_hierarchy(self, hierarchy_size=1):
|
||||||
"""Creates a single-branched project hierarchy with the specified size.
|
"""Create a single-branched project hierarchy with the specified size.
|
||||||
|
|
||||||
:param hierarchy_size: the desired hierarchy size, default is 1 -
|
:param hierarchy_size: the desired hierarchy size, default is 1 -
|
||||||
a project with one child.
|
a project with one child.
|
||||||
|
@ -399,12 +399,12 @@ class EntityValidationTestCase(unit.BaseTestCase):
|
|||||||
request_to_validate)
|
request_to_validate)
|
||||||
|
|
||||||
def test_update_entity_with_a_valid_optional_parameter_validates(self):
|
def test_update_entity_with_a_valid_optional_parameter_validates(self):
|
||||||
"""Succeeds with only a single valid optional parameter."""
|
"""Succeed with only a single valid optional parameter."""
|
||||||
request_to_validate = {'email': self.valid_email}
|
request_to_validate = {'email': self.valid_email}
|
||||||
self.update_schema_validator.validate(request_to_validate)
|
self.update_schema_validator.validate(request_to_validate)
|
||||||
|
|
||||||
def test_update_entity_with_invalid_optional_parameter_fails(self):
|
def test_update_entity_with_invalid_optional_parameter_fails(self):
|
||||||
"""Fails when an optional parameter is invalid."""
|
"""Fail when an optional parameter is invalid."""
|
||||||
request_to_validate = {'email': 0}
|
request_to_validate = {'email': 0}
|
||||||
self.assertRaises(exception.SchemaValidationError,
|
self.assertRaises(exception.SchemaValidationError,
|
||||||
self.update_schema_validator.validate,
|
self.update_schema_validator.validate,
|
||||||
|
@ -960,7 +960,7 @@ class VersionTestCase(unit.TestCase):
|
|||||||
|
|
||||||
|
|
||||||
class VersionSingleAppTestCase(unit.TestCase):
|
class VersionSingleAppTestCase(unit.TestCase):
|
||||||
"""Tests running with a single application loaded.
|
"""Test running with a single application loaded.
|
||||||
|
|
||||||
These are important because when Keystone is running in Apache httpd
|
These are important because when Keystone is running in Apache httpd
|
||||||
there's only one application loaded for each instance.
|
there's only one application loaded for each instance.
|
||||||
|
@ -43,12 +43,12 @@ class FakeAttributeCheckerApp(wsgi.Application):
|
|||||||
return context['query_string']
|
return context['query_string']
|
||||||
|
|
||||||
def assert_attribute(self, body, attr):
|
def assert_attribute(self, body, attr):
|
||||||
"""Asserts that the given request has a certain attribute."""
|
"""Assert that the given request has a certain attribute."""
|
||||||
ref = jsonutils.loads(body)
|
ref = jsonutils.loads(body)
|
||||||
self._require_attribute(ref, attr)
|
self._require_attribute(ref, attr)
|
||||||
|
|
||||||
def assert_attributes(self, body, attr):
|
def assert_attributes(self, body, attr):
|
||||||
"""Asserts that the given request has a certain set attributes."""
|
"""Assert that the given request has a certain set attributes."""
|
||||||
ref = jsonutils.loads(body)
|
ref = jsonutils.loads(body)
|
||||||
self._require_attributes(ref, attr)
|
self._require_attributes(ref, attr)
|
||||||
|
|
||||||
|
@ -525,7 +525,7 @@ class TestFernetKeyRotation(unit.TestCase):
|
|||||||
self.assertUniqueRepositoryState()
|
self.assertUniqueRepositoryState()
|
||||||
|
|
||||||
def assertUniqueRepositoryState(self):
|
def assertUniqueRepositoryState(self):
|
||||||
"""Ensures that the current key repo state has not been seen before."""
|
"""Ensure that the current key repo state has not been seen before."""
|
||||||
# This is assigned to a variable because it takes some work to
|
# This is assigned to a variable because it takes some work to
|
||||||
# calculate.
|
# calculate.
|
||||||
signature = self.key_repository_signature
|
signature = self.key_repository_signature
|
||||||
|
@ -380,7 +380,7 @@ class Auth(controller.V2Controller):
|
|||||||
return tenant_id
|
return tenant_id
|
||||||
|
|
||||||
def _get_project_roles_and_ref(self, user_id, tenant_id):
|
def _get_project_roles_and_ref(self, user_id, tenant_id):
|
||||||
"""Returns the project roles for this user, and the project ref."""
|
"""Return the project roles for this user, and the project ref."""
|
||||||
tenant_ref = None
|
tenant_ref = None
|
||||||
role_list = []
|
role_list = []
|
||||||
if tenant_id:
|
if tenant_id:
|
||||||
@ -401,7 +401,7 @@ class Auth(controller.V2Controller):
|
|||||||
return (tenant_ref, role_list)
|
return (tenant_ref, role_list)
|
||||||
|
|
||||||
def _get_token_ref(self, token_id, belongs_to=None):
|
def _get_token_ref(self, token_id, belongs_to=None):
|
||||||
"""Returns a token if a valid one exists.
|
"""Return a token if a valid one exists.
|
||||||
|
|
||||||
Optionally, limited to a token owned by a specific tenant.
|
Optionally, limited to a token owned by a specific tenant.
|
||||||
|
|
||||||
@ -491,7 +491,7 @@ class Auth(controller.V2Controller):
|
|||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def format_endpoint_list(cls, catalog_ref):
|
def format_endpoint_list(cls, catalog_ref):
|
||||||
"""Formats a list of endpoints according to Identity API v2.
|
"""Format a list of endpoints according to Identity API v2.
|
||||||
|
|
||||||
The v2.0 API wants an endpoint list to look like::
|
The v2.0 API wants an endpoint list to look like::
|
||||||
|
|
||||||
|
@ -48,7 +48,7 @@ class TokenModel(sql.ModelBase, sql.DictBase):
|
|||||||
|
|
||||||
|
|
||||||
def _expiry_range_batched(session, upper_bound_func, batch_size):
|
def _expiry_range_batched(session, upper_bound_func, batch_size):
|
||||||
"""Returns the stop point of the next batch for expiration.
|
"""Return the stop point of the next batch for expiration.
|
||||||
|
|
||||||
Return the timestamp of the next token that is `batch_size` rows from
|
Return the timestamp of the next token that is `batch_size` rows from
|
||||||
being the oldest expired token.
|
being the oldest expired token.
|
||||||
@ -77,7 +77,7 @@ def _expiry_range_batched(session, upper_bound_func, batch_size):
|
|||||||
|
|
||||||
|
|
||||||
def _expiry_range_all(session, upper_bound_func):
|
def _expiry_range_all(session, upper_bound_func):
|
||||||
"""Expires all tokens in one pass."""
|
"""Expire all tokens in one pass."""
|
||||||
yield upper_bound_func()
|
yield upper_bound_func()
|
||||||
|
|
||||||
|
|
||||||
@ -114,7 +114,7 @@ class Token(token.persistence.TokenDriverV8):
|
|||||||
|
|
||||||
def delete_tokens(self, user_id, tenant_id=None, trust_id=None,
|
def delete_tokens(self, user_id, tenant_id=None, trust_id=None,
|
||||||
consumer_id=None):
|
consumer_id=None):
|
||||||
"""Deletes all tokens in one session
|
"""Delete all tokens in one session
|
||||||
|
|
||||||
The user_id will be ignored if the trust_id is specified. user_id
|
The user_id will be ignored if the trust_id is specified. user_id
|
||||||
will always be specified.
|
will always be specified.
|
||||||
|
@ -266,7 +266,7 @@ class TokenDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_token(self, token_id):
|
def delete_token(self, token_id):
|
||||||
"""Deletes a token by id.
|
"""Delete a token by id.
|
||||||
|
|
||||||
:param token_id: identity of the token
|
:param token_id: identity of the token
|
||||||
:type token_id: string
|
:type token_id: string
|
||||||
@ -279,7 +279,7 @@ class TokenDriverV8(object):
|
|||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def delete_tokens(self, user_id, tenant_id=None, trust_id=None,
|
def delete_tokens(self, user_id, tenant_id=None, trust_id=None,
|
||||||
consumer_id=None):
|
consumer_id=None):
|
||||||
"""Deletes tokens by user.
|
"""Delete tokens by user.
|
||||||
|
|
||||||
If the tenant_id is not None, only delete the tokens by user id under
|
If the tenant_id is not None, only delete the tokens by user id under
|
||||||
the specified tenant.
|
the specified tenant.
|
||||||
@ -320,7 +320,7 @@ class TokenDriverV8(object):
|
|||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def _list_tokens(self, user_id, tenant_id=None, trust_id=None,
|
def _list_tokens(self, user_id, tenant_id=None, trust_id=None,
|
||||||
consumer_id=None):
|
consumer_id=None):
|
||||||
"""Returns a list of current token_id's for a user
|
"""Return a list of current token_id's for a user
|
||||||
|
|
||||||
This is effectively a private method only used by the ``delete_tokens``
|
This is effectively a private method only used by the ``delete_tokens``
|
||||||
method and should not be called by anything outside of the
|
method and should not be called by anything outside of the
|
||||||
@ -341,7 +341,7 @@ class TokenDriverV8(object):
|
|||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def list_revoked_tokens(self):
|
def list_revoked_tokens(self):
|
||||||
"""Returns a list of all revoked tokens
|
"""Return a list of all revoked tokens
|
||||||
|
|
||||||
:returns: list of token_id's
|
:returns: list of token_id's
|
||||||
|
|
||||||
|
@ -34,7 +34,7 @@ CONF = cfg.CONF
|
|||||||
|
|
||||||
@dependency.requires('catalog_api', 'resource_api', 'assignment_api')
|
@dependency.requires('catalog_api', 'resource_api', 'assignment_api')
|
||||||
class V2TokenDataHelper(object):
|
class V2TokenDataHelper(object):
|
||||||
"""Creates V2 token data."""
|
"""Create V2 token data."""
|
||||||
|
|
||||||
def v3_to_v2_token(self, v3_token_data):
|
def v3_to_v2_token(self, v3_token_data):
|
||||||
"""Convert v3 token data into v2.0 token data.
|
"""Convert v3 token data into v2.0 token data.
|
||||||
|
@ -119,7 +119,7 @@ class TokenFormatter(object):
|
|||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def creation_time(cls, fernet_token):
|
def creation_time(cls, fernet_token):
|
||||||
"""Returns the creation time of a valid Fernet token.
|
"""Return the creation time of a valid Fernet token.
|
||||||
|
|
||||||
:type fernet_token: six.text_type
|
:type fernet_token: six.text_type
|
||||||
|
|
||||||
@ -178,7 +178,7 @@ class TokenFormatter(object):
|
|||||||
return token
|
return token
|
||||||
|
|
||||||
def validate_token(self, token):
|
def validate_token(self, token):
|
||||||
"""Validates a Fernet token and returns the payload attributes.
|
"""Validate a Fernet token and returns the payload attributes.
|
||||||
|
|
||||||
:type token: six.text_type
|
:type token: six.text_type
|
||||||
|
|
||||||
|
@ -207,7 +207,7 @@ class TrustV3(controller.V3Controller):
|
|||||||
return expiration_time
|
return expiration_time
|
||||||
|
|
||||||
def _check_role_for_trust(self, context, trust_id, role_id):
|
def _check_role_for_trust(self, context, trust_id, role_id):
|
||||||
"""Checks if a role has been assigned to a trust."""
|
"""Check if a role has been assigned to a trust."""
|
||||||
trust = self.trust_api.get_trust(trust_id)
|
trust = self.trust_api.get_trust(trust_id)
|
||||||
user_id = self._get_user_id(context)
|
user_id = self._get_user_id(context)
|
||||||
_trustor_trustee_only(trust, user_id)
|
_trustor_trustee_only(trust, user_id)
|
||||||
|
@ -111,7 +111,7 @@ class Version(wsgi.Application):
|
|||||||
super(Version, self).__init__()
|
super(Version, self).__init__()
|
||||||
|
|
||||||
def _get_identity_url(self, context, version):
|
def _get_identity_url(self, context, version):
|
||||||
"""Returns a URL to keystone's own endpoint."""
|
"""Return a URL to keystone's own endpoint."""
|
||||||
url = self.base_url(context, self.endpoint_url_type)
|
url = self.base_url(context, self.endpoint_url_type)
|
||||||
return '%s/%s/' % (url, version)
|
return '%s/%s/' % (url, version)
|
||||||
|
|
||||||
|
@ -55,7 +55,7 @@ def loadapp(conf, name):
|
|||||||
|
|
||||||
|
|
||||||
def fail_gracefully(f):
|
def fail_gracefully(f):
|
||||||
"""Logs exceptions and aborts."""
|
"""Log exceptions and aborts."""
|
||||||
@functools.wraps(f)
|
@functools.wraps(f)
|
||||||
def wrapper(*args, **kw):
|
def wrapper(*args, **kw):
|
||||||
try:
|
try:
|
||||||
|
3
tox.ini
3
tox.ini
@ -125,8 +125,7 @@ show-source = true
|
|||||||
# D203: 1 blank required before class docstring.
|
# D203: 1 blank required before class docstring.
|
||||||
# D205: Blank line required between one-line summary and description.
|
# D205: Blank line required between one-line summary and description.
|
||||||
# D400: First line should end with a period.
|
# D400: First line should end with a period.
|
||||||
# D401: First line should be in imperative mood.
|
ignore = D100,D101,D102,D103,D104,D105,D203,D205,D400
|
||||||
ignore = D100,D101,D102,D103,D104,D105,D203,D205,D400,D401
|
|
||||||
|
|
||||||
exclude=.venv,.git,.tox,build,dist,doc,*openstack/common*,*lib/python*,*egg,tools,vendor,.update-venv,*.ini,*.po,*.pot
|
exclude=.venv,.git,.tox,build,dist,doc,*openstack/common*,*lib/python*,*egg,tools,vendor,.update-venv,*.ini,*.po,*.pot
|
||||||
max-complexity=24
|
max-complexity=24
|
||||||
|
Loading…
Reference in New Issue
Block a user