openstack
/
keystone
Code Issues Proposed changes

Merge "Add a space after the hash for block comments"

This commit is contained in:
Jenkins 2014-03-27 02:16:20 +00:00 committed by Gerrit Code Review
parent d8c6cdcaca 0da01435fa
commit 55fca26eaa
35 changed files with 126 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
keystone/assignment/backends/ldap.py
View File

@ -41,9 +41,9 @@ class Assignment(assignment.Driver):
self.LDAP_PASSWORD = CONF.ldap.password
self.suffix = CONF.ldap.suffix
#These are the only deep dependency from assignment back
#to identity. The assumption is that if you are using
#LDAP for assignments, you are using it for Id as well.
# These are the only deep dependency from assignment back
# to identity. The assumption is that if you are using
# LDAP for assignments, you are using it for Id as well.
self.user = ldap_identity.UserApi(CONF)
self.group = ldap_identity.GroupApi(CONF)
@ -264,7 +264,7 @@ class Assignment(assignment.Driver):
def list_domains(self, hints):
return [assignment.calc_default_domain()]
#Bulk actions on User From identity
# Bulk actions on User From identity
def delete_user(self, user_id):
user_dn = self.user._id_to_dn(user_id)
for ref in self.role.list_global_roles_for_user(user_dn):
@ -280,8 +280,8 @@ class Assignment(assignment.Driver):
self.project.remove_user(user.tenant_id,
self.user._id_to_dn(user_id))
#LDAP assignments only supports LDAP identity. Assignments under identity
#are already deleted
# LDAP assignments only supports LDAP identity. Assignments under
# identity are already deleted
def delete_group(self, group_id):
if not self.group.subtree_delete_enabled:
# TODO(spzala): this is only placeholder for group and domain
@ -447,8 +447,8 @@ class ProjectApi(common_ldap.EnabledEmuMixIn, common_ldap.BaseLdap):
project_ids.add(self._dn_to_id(assoc.project_dn))
projects = []
for project_id in project_ids:
#slower to get them one at a time, but a huge list could blow out
#the connection. This is the safer way
# slower to get them one at a time, but a huge list could blow out
# the connection. This is the safer way
projects.append(self.get(project_id))
return projects
@ -633,10 +633,10 @@ class RoleApi(common_ldap.BaseLdap):
res = []
for role_dn, _ in roles:
#ldap.dn.dn2str returns an array, where the first
#element is the first segment.
#For a role assignment, this contains the role ID,
#The remainder is the DN of the tenant.
# ldap.dn.dn2str returns an array, where the first
# element is the first segment.
# For a role assignment, this contains the role ID,
# The remainder is the DN of the tenant.
tenant = ldap.dn.str2dn(role_dn)
tenant.pop(0)
tenant_dn = ldap.dn.dn2str(tenant)

10
keystone/assignment/core.py
View File

@ -245,7 +245,7 @@ class Manager(manager.Manager):
role = {'id': CONF.member_role_id,
'name': CONF.member_role_name}
self.driver.create_role(config.CONF.member_role_id, role)
#now that default role exists, the add should succeed
# now that default role exists, the add should succeed
self.driver.add_role_to_user_and_project(
user_id,
tenant_id,
@ -970,7 +970,7 @@ class Driver(object):
"""
raise exception.NotImplemented()
#TODO(ayoung): determine what else these two functions raise
# TODO(ayoung): determine what else these two functions raise
@abc.abstractmethod
def delete_user(self, user_id):
"""Deletes all assignments for a user.
@ -989,9 +989,9 @@ class Driver(object):
"""
raise exception.NotImplemented()
#domain management functions for backends that only allow a single domain.
#currently, this is only LDAP, but might be used by PAM or other backends
#as well. This is used by both identity and assignment drivers.
# domain management functions for backends that only allow a single
# domain. currently, this is only LDAP, but might be used by PAM or other
# backends as well. This is used by both identity and assignment drivers.
def _set_default_domain(self, ref):
"""If the domain ID has not been set, set it to the default."""
if isinstance(ref, dict):

2
keystone/auth/controllers.py
View File

@ -466,7 +466,7 @@ class Auth(controller.V3Controller):
return {'signed': signed_text}
#FIXME(gyee): not sure if it belongs here or keystone.common. Park it here
# FIXME(gyee): not sure if it belongs here or keystone.common. Park it here
# for now.
def render_token_data_response(token_id, token_data, created=False):
"""Render token data HTTP response.

20
keystone/auth/plugins/token.py
View File

@ -37,14 +37,14 @@ class Token(auth.AuthMethodHandler):
target=self.method)
token_id = auth_payload['id']
response = self.provider.validate_token(token_id)
#for V3 tokens, the essential data is under the 'token' value.
#For V2, the comparable data was nested under 'access'
# For V3 tokens, the essential data is under the 'token' value.
# For V2, the comparable data was nested under 'access'.
token_ref = response.get('token', response.get('access'))
#Do not allow tokens used for delegation to
#create another token, or perform any changes of
#state in Keystone. TO do so is to invite elevation of
#privilege attacks
# Do not allow tokens used for delegation to
# create another token, or perform any changes of
# state in Keystone. TO do so is to invite elevation of
# privilege attacks
if 'OS-TRUST:trust' in token_ref:
raise exception.Forbidden()
if 'trust' in token_ref:
@ -56,10 +56,10 @@ class Token(auth.AuthMethodHandler):
wsgi.validate_token_bind(context, token_ref)
#new tokens are not allowed to extend the expiration
#time of an old token, otherwise, they could be extened
#forever. The expiration value was stored at different
#locations in v2 and v3 tokens.
# New tokens are not allowed to extend the expiration
# time of an old token, otherwise, they could be extened
# forever. The expiration value was stored at different
# locations in v2 and v3 tokens.
expires_at = token_ref.get('expires_at')
if not expires_at:
expires_at = token_ref.get('expires')

2
keystone/common/config.py
View File

@ -615,7 +615,7 @@ FILE_OPTIONS = {
cfg.StrOpt('token',
default='keystone.auth.plugins.token.Token',
help='The token auth plugin module.'),
#deals with REMOTE_USER authentication
# deals with REMOTE_USER authentication
cfg.StrOpt('external',
default='keystone.auth.plugins.external.DefaultDomain',
help='The external (REMOTE_USER) auth plugin module.')],

2
keystone/common/controller.py
View File

@ -632,7 +632,7 @@ class V3Controller(wsgi.Application):
blocked_keys = ref_keys.difference(cls._mutable_parameters)
if not blocked_keys:
#No immutable parameters changed
# No immutable parameters changed
return
exception_args = {'target': cls.__name__,

30
keystone/common/ldap/core.py
View File

@ -501,9 +501,9 @@ class LdapWrapper(object):
'tls_avail': ldap.TLS_AVAIL
})
#NOTE(topol)
#for extra debugging uncomment the following line
#ldap.set_option(ldap.OPT_DEBUG_LEVEL, 4095)
# NOTE(topol)
# for extra debugging uncomment the following line
# ldap.set_option(ldap.OPT_DEBUG_LEVEL, 4095)
using_ldaps = url.lower().startswith("ldaps")
@ -515,24 +515,24 @@ class LdapWrapper(object):
raise ValueError(_('Invalid LDAP TLS_AVAIL option: %s. TLS '
'not available') % ldap.TLS_AVAIL)
if tls_cacertfile:
#NOTE(topol)
#python ldap TLS does not verify CACERTFILE or CACERTDIR
#so we add some extra simple sanity check verification
#Also, setting these values globally (i.e. on the ldap object)
#works but these values are ignored when setting them on the
#connection
# NOTE(topol)
# python ldap TLS does not verify CACERTFILE or CACERTDIR
# so we add some extra simple sanity check verification
# Also, setting these values globally (i.e. on the ldap object)
# works but these values are ignored when setting them on the
# connection
if not os.path.isfile(tls_cacertfile):
raise IOError(_("tls_cacertfile %s not found "
"or is not a file") %
tls_cacertfile)
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, tls_cacertfile)
elif tls_cacertdir:
#NOTE(topol)
#python ldap TLS does not verify CACERTFILE or CACERTDIR
#so we add some extra simple sanity check verification
#Also, setting these values globally (i.e. on the ldap object)
#works but these values are ignored when setting them on the
#connection
# NOTE(topol)
# python ldap TLS does not verify CACERTFILE or CACERTDIR
# so we add some extra simple sanity check verification
# Also, setting these values globally (i.e. on the ldap object)
# works but these values are ignored when setting them on the
# connection
if not os.path.isdir(tls_cacertdir):
raise IOError(_("tls_cacertdir %s not found "
"or is not a directory") %

2
keystone/common/pemutils.py
View File

@ -250,8 +250,6 @@ class PEMParseResult(object):
self._pem_type = pem_type
self._pem_header = pem_header
#------------------------------------------------------------------------------
def pem_search(text, start=0):
"""Search for a block of PEM formatted data

6
keystone/common/serializer.py
View File

@ -92,9 +92,9 @@ class XmlDeserializer(object):
return tag_name
bracket = re.search('[^{]+$', tag)
ns = m.string[bracket.start():m.start() - 1]
#If the namespace is
#http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0
#for the root element, a prefix needs to add in front of the tag name.
# If the namespace is
# http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0 for the
# root element, a prefix needs to add in front of the tag name.
prefix = None
for xmlns in XMLNS_LIST:
if xmlns['value'] == ns:

2
keystone/common/sql/migrate_repo/versions/009_normalize_identity.py
View File

@ -17,7 +17,7 @@ from sqlalchemy import Column, MetaData, String, Table, Text, types
from sqlalchemy.orm import sessionmaker
#sqlite doesn't support dropping columns. Copy to a new table instead
# sqlite doesn't support dropping columns. Copy to a new table instead
def downgrade_user_table_with_copy(meta, migrate_engine):
maker = sessionmaker(bind=migrate_engine)
session = maker()

20
keystone/common/sql/migrate_repo/versions/021_add_trust_to_token.py
View File

@ -18,9 +18,9 @@ from sqlalchemy import exc
def downgrade_token_table_with_column_drop(meta, migrate_engine):
token_table = sqlalchemy.Table('token', meta, autoload=True)
#delete old tokens, as the format has changed.
#We don't guarantee that existing tokens will be
#usable after a migration
# delete old tokens, as the format has changed.
# We don't guarantee that existing tokens will be
# usable after a migration
token_table.delete()
token_table.drop_column(
sqlalchemy.Column('trust_id',
@ -37,19 +37,19 @@ def create_column_forgiving(migrate_engine, table, column):
except exc.OperationalError as e:
if (e.args[0].endswith('duplicate column name: %s' % column.name)
and migrate_engine.name == "sqlite"):
#sqlite does not drop columns, so if we have already
#done a downgrade and are now upgrading, we will hit
#this: the SQLite driver previously reported success
#dropping the columns but it hasn't.
# sqlite does not drop columns, so if we have already
# done a downgrade and are now upgrading, we will hit
# this: the SQLite driver previously reported success
# dropping the columns but it hasn't.
pass
else:
raise
def upgrade_token_table(meta, migrate_engine):
#delete old tokens, as the format has changed.
#The existing tokens will not
#support some of the list functions
# delete old tokens, as the format has changed.
# The existing tokens will not
# support some of the list functions
token_table = sqlalchemy.Table('token', meta, autoload=True)
token_table.delete()

4
keystone/common/sql/migrate_repo/versions/031_drop_credential_indexes.py
View File

@ -16,8 +16,8 @@ import sqlalchemy
def upgrade(migrate_engine):
#This migration is relevant only for mysql because for all other
#migrate engines these indexes were successfully dropped.
# This migration is relevant only for mysql because for all other
# migrate engines these indexes were successfully dropped.
if migrate_engine.name != 'mysql':
return
meta = sqlalchemy.MetaData(bind=migrate_engine)

6
keystone/common/wsgi.py
View File

@ -187,9 +187,9 @@ class Application(BaseApplication):
context['path'] = req.environ['PATH_INFO']
context['host_url'] = req.host_url
params = req.environ.get(PARAMS_ENV, {})
#authentication and authorization attributes are set as environment
#values by the container and processed by the pipeline. the complete
#set is not yet know.
# authentication and authorization attributes are set as environment
# values by the container and processed by the pipeline. the complete
# set is not yet know.
context['environment'] = req.environ
req.environ = None

2
keystone/contrib/federation/controllers.py
View File

@ -75,7 +75,7 @@ class IdentityProvider(_ControllerBase):
ref = cls.filter_params(ref)
return {cls.member_name: ref}
#TODO(marek-denis): Implement, when mapping engine is ready
# TODO(marek-denis): Implement, when mapping engine is ready
def _delete_tokens_issued_by_idp(self, idp_id):
"""Delete tokens created upon authentication from an IdP

4
keystone/contrib/oauth1/validator.py
View File

@ -29,14 +29,14 @@ LOG = log.getLogger(__name__)
@dependency.requires('oauth_api')
class OAuthValidator(oauth1.RequestValidator):
#TODO(mhu) set as option probably ?
# TODO(mhu) set as option probably?
@property
def enforce_ssl(self):
return False
@property
def safe_characters(self):
#oauth tokens are generated from a uuid hex value
# oauth tokens are generated from a uuid hex value
return set("abcdef0123456789")
def _check_token(self, token):

2
keystone/controllers.py
View File

@ -31,7 +31,7 @@ _VERSIONS = []
class Extensions(wsgi.Application):
"""Base extensions controller to be extended by public and admin API's."""
#extend in subclass to specify the set of extensions
# extend in subclass to specify the set of extensions
@property
def extensions(self):
return None

2
keystone/identity/core.py
View File

@ -808,4 +808,4 @@ class Driver(object):
"""Indicates if Driver supports domains."""
raise exception.NotImplemented()
#end of identity
# end of identity

3
keystone/tests/fakeldap.py
View File

@ -40,7 +40,8 @@ SCOPE_NAMES = {
ldap.SCOPE_SUBTREE: 'SCOPE_SUBTREE',
}
#http://msdn.microsoft.com/en-us/library/windows/desktop/aa366991(v=vs.85).aspx
# http://msdn.microsoft.com\
# /en-us/library/windows/desktop/aa366991(v=vs.85).aspx
CONTROL_TREEDELETE = '1.2.840.113556.1.4.805'
LOG = log.getLogger(__name__)

8
keystone/tests/test_auth.py
View File

@ -82,10 +82,10 @@ class AuthTest(tests.TestCase):
self.empty_context = {'environment': {}}
self.controller = token.controllers.Auth()
#This call sets up, among other things, the call to popen
#that will be used to run the CMS command. These tests were
#passing only due to the global nature of the call. If the
#tests in this file are run alone, API calls return unauthorized.
# This call sets up, among other things, the call to popen
# that will be used to run the CMS command. These tests were
# passing only due to the global nature of the call. If the
# tests in this file are run alone, API calls return unauthorized.
environment.use_eventlet(monkeypatch_thread=False)
def assertEqualTokens(self, a, b):

23
keystone/tests/test_backend.py
View File

@ -1516,7 +1516,7 @@ class IdentityTests(object):
self.identity_api.get_user(user1['id'])
def test_delete_domain_with_user_group_project_links(self):
#TODO(chungg):add test case once expected behaviour defined
# TODO(chungg):add test case once expected behaviour defined
pass
def test_role_crud(self):
@ -2303,8 +2303,8 @@ class IdentityTests(object):
self.identity_api.create_group(new_group['id'], new_group)
test_groups.append(new_group)
#add the user to the group and ensure that the
#group count increases by one for each
# add the user to the group and ensure that the
# group count increases by one for each
group_refs = self.identity_api.list_groups_for_user(
positive_user['id'])
self.assertEqual(len(group_refs), before_count)
@ -2315,14 +2315,13 @@ class IdentityTests(object):
positive_user['id'])
self.assertEqual(len(group_refs), after_count)
#Make sure the group count for the unrelated user
#did not change
# Make sure the group count for the unrelated user did not change
group_refs = self.identity_api.list_groups_for_user(
negative_user['id'])
self.assertEqual(len(group_refs), 0)
#remove the user from each group and ensure that
#the group count reduces by one for each
# remove the user from each group and ensure that
# the group count reduces by one for each
for x in range(0, 3):
before_count = GROUP_COUNT - x
after_count = GROUP_COUNT - x - 1
@ -2335,8 +2334,8 @@ class IdentityTests(object):
group_refs = self.identity_api.list_groups_for_user(
positive_user['id'])
self.assertEqual(len(group_refs), after_count)
#Make sure the group count for the unrelated user
#did not change
# Make sure the group count for the unrelated user
# did not change
group_refs = self.identity_api.list_groups_for_user(
negative_user['id'])
self.assertEqual(len(group_refs), 0)
@ -4159,7 +4158,7 @@ class FilterTests(filtering.FilterTests):
self.assertEqual(len(users), 5)
self._match_with_list(users, user_list,
list_start=6, list_end=11)
#TODO(henry-nash) Check inexact filter has been removed.
# TODO(henry-nash) Check inexact filter has been removed.
hints = driver_hints.Hints()
hints.add_filter('name', 'The', comparator='startswith')
@ -4167,7 +4166,7 @@ class FilterTests(filtering.FilterTests):
self.assertEqual(len(users), 6)
self._match_with_list(users, user_list,
list_start=5, list_end=11)
#TODO(henry-nash) Check inexact filter has been removed.
# TODO(henry-nash) Check inexact filter has been removed.
hints = driver_hints.Hints()
hints.add_filter('name', 'of', comparator='endswith')
@ -4175,7 +4174,7 @@ class FilterTests(filtering.FilterTests):
self.assertEqual(len(users), 2)
self.assertEqual(users[0]['id'], user_list[7]['id'])
self.assertEqual(users[1]['id'], user_list[10]['id'])
#TODO(henry-nash) Check inexact filter has been removed.
# TODO(henry-nash) Check inexact filter has been removed.
# TODO(henry-nash): Add some case sensitive tests. The issue
# is that MySQL 0.7, by default, is installed in case

2
keystone/tests/test_backend_ldap.py
View File

@ -1292,7 +1292,7 @@ class LdapIdentitySqlAssignment(BaseLDAPIdentity, tests.SQLDriverOverrides,
self.addCleanup(sql.ModelBase.metadata.drop_all, bind=self.engine)
self.load_fixtures(default_fixtures)
#defaulted by the data load
# defaulted by the data load
self.user_foo['enabled'] = True
def config_overrides(self):

2
keystone/tests/test_backend_sql.py
View File

@ -42,7 +42,7 @@ class SqlTests(tests.SQLDriverOverrides, tests.TestCase):
# populate the engine with tables & fixtures
self.load_fixtures(default_fixtures)
#defaulted by the data load
# defaulted by the data load
self.user_foo['enabled'] = True
def config_files(self):

2
keystone/tests/test_keystoneclient_sql.py
View File

@ -139,7 +139,7 @@ class KcMasterSqlTestCase(test_keystoneclient.KcMasterTestCase):
resp, token = self._send_ec2_auth_request(credentials)
self.assertEqual(resp.status_code, 200)
self.assertEqual(trust_id, token['access']['trust']['id'])
#TODO(shardy) we really want to check the roles and trustee
# TODO(shardy) we really want to check the roles and trustee
# but because of where the stubbing happens we don't seem to
# hit the necessary code in controllers.py _authenticate_token
# so although all is OK via a real request, it incorrect in

6
keystone/tests/test_ldap_livetest.py
View File

@ -90,7 +90,7 @@ class LiveLDAPIdentity(test_backend_ldap.LDAPIdentity):
def test_build_tree(self):
"""Regression test for building the tree names
"""
#logic is different from the fake backend.
# logic is different from the fake backend.
user_api = identity_ldap.UserApi(CONF)
self.assertTrue(user_api)
self.assertEqual(user_api.tree_dn, CONF.ldap.user_tree_dn)
@ -169,8 +169,8 @@ class LiveLDAPIdentity(test_backend_ldap.LDAPIdentity):
self.assertEqual(ldap.DEREF_SEARCHING,
ldap_wrapper.conn.get_option(ldap.OPT_DEREF))
#FakeLDAP does not correctly process filters, so this test can only be run
#against a live LDAP server
# FakeLDAP does not correctly process filters, so this test can only be
# run against a live LDAP server
def test_list_groups_for_user_filtered(self):
domain = self._get_domain_fixture()
test_groups = []

2
keystone/tests/test_notifications.py
View File

@ -458,7 +458,7 @@ class CadfNotificationsWrapperTestCase(test_v3.RestfulTestCase):
'initiator': initiator,
# NOTE(stevemar): outcome has 2 stages, pending and success
# so we are ignoring it for now.
#'outcome': outcome,
# 'outcome': outcome,
'send_notification_called': True}
self._notifications.append(note)

2
keystone/tests/test_revoke.py
View File

@ -167,7 +167,7 @@ class RevokeTests(object):
# 'synchronize' should now be exercised and remove old expired events
mock_utcnow.return_value = now_plus_2h
self.revoke_api.revoke_by_expiration(_new_id(), now_plus_2h)
#should no longer throw an exception
# should no longer throw an exception
self.revoke_api.check_token(token_values)

20
keystone/tests/test_v3.py
View File

@ -79,7 +79,7 @@ class RestfulTestCase(tests.SQLDriverOverrides, rest.RestfulTestCase):
self.empty_context = {'environment': {}}
#drop the policy rules
# drop the policy rules
self.addCleanup(rules.reset)
self.addCleanup(self.teardown_database)
@ -609,14 +609,14 @@ class RestfulTestCase(tests.SQLDriverOverrides, rest.RestfulTestCase):
# region validation
def assertValidRegionListResponse(self, resp, *args, **kwargs):
#NOTE(jaypipes): I have to pass in a blank keys_to_check parameter
# below otherwise the base assertValidEntity method
# tries to find a "name" and an "enabled" key in the
# returned ref dicts. The issue is, I don't understand
# how the service and endpoint entity assertions below
# actually work (they don't raise assertions), since
# AFAICT, the service and endpoint tables don't have
# a "name" column either... :(
# NOTE(jaypipes): I have to pass in a blank keys_to_check parameter
# below otherwise the base assertValidEntity method
# tries to find a "name" and an "enabled" key in the
# returned ref dicts. The issue is, I don't understand
# how the service and endpoint entity assertions below
# actually work (they don't raise assertions), since
# AFAICT, the service and endpoint tables don't have
# a "name" column either... :(
return self.assertValidListResponse(
resp,
'regions',
@ -1112,7 +1112,7 @@ class VersionTestCase(RestfulTestCase):
pass
#NOTE(gyee): test AuthContextMiddleware here instead of test_middleware.py
# NOTE(gyee): test AuthContextMiddleware here instead of test_middleware.py
# because we need the token
class AuthContextMiddlewareTestCase(RestfulTestCase):
def _mock_request_object(self, token_id):

12
keystone/tests/test_v3_auth.py
View File

@ -2078,8 +2078,8 @@ class TestAuthJSON(test_v3.RestfulTestCase):
auth_context)
def test_remote_user_and_password(self):
#both REMOTE_USER and password methods must pass.
#note that they do not have to match
# both REMOTE_USER and password methods must pass.
# note that they do not have to match
api = auth.controllers.Auth()
auth_data = self.build_authentication_request(
user_domain_id=self.domain['id'],
@ -2091,8 +2091,8 @@ class TestAuthJSON(test_v3.RestfulTestCase):
api.authenticate(context, auth_info, auth_context)
def test_remote_user_and_explicit_external(self):
#both REMOTE_USER and password methods must pass.
#note that they do not have to match
# both REMOTE_USER and password methods must pass.
# note that they do not have to match
auth_data = self.build_authentication_request(
user_domain_id=self.domain['id'],
username=self.user['name'],
@ -2109,7 +2109,7 @@ class TestAuthJSON(test_v3.RestfulTestCase):
auth_context)
def test_remote_user_bad_password(self):
#both REMOTE_USER and password methods must pass.
# both REMOTE_USER and password methods must pass.
api = auth.controllers.Auth()
auth_data = self.build_authentication_request(
user_domain_id=self.domain['id'],
@ -2133,7 +2133,7 @@ class TestAuthJSON(test_v3.RestfulTestCase):
token = self.assertValidUnscopedTokenResponse(r)
self.assertNotIn('bind', token)
#TODO(ayoung): move to TestPKITokenAPIs; it will be run for both formats
# TODO(ayoung): move to TestPKITokenAPIs; it will be run for both formats
def test_verify_with_bound_token(self):
self.config_fixture.config(group='token', bind='kerberos')
auth_data = self.build_authentication_request(

2
keystone/tests/test_v3_filters.py
View File

@ -43,7 +43,7 @@ class IdentityTestFilteredCase(filtering.FilterTests,
_unused, self.tmpfilename = tempfile.mkstemp()
self.config_fixture.config(policy_file=self.tmpfilename)
#drop the policy rules
# drop the policy rules
self.addCleanup(rules.reset)
def load_sample_data(self):

16
keystone/tests/test_v3_identity.py
View File

@ -537,9 +537,9 @@ class IdentityTestCase(test_v3.RestfulTestCase):
self.put('/groups/%(group_id)s/users/%(user_id)s' % {
'group_id': self.group_id, 'user_id': self.user1['id']})
#Scenarios below are written to test the default policy configuration
# Scenarios below are written to test the default policy configuration
#One should be allowed to list one's own groups
# One should be allowed to list one's own groups
auth = self.build_authentication_request(
user_id=self.user1['id'],
password=self.user1['password'])
@ -547,12 +547,12 @@ class IdentityTestCase(test_v3.RestfulTestCase):
'user_id': self.user1['id']}, auth=auth)
self.assertValidGroupListResponse(r, ref=self.group)
#Administrator is allowed to list others' groups
# Administrator is allowed to list others' groups
r = self.get('/users/%(user_id)s/groups' % {
'user_id': self.user1['id']})
self.assertValidGroupListResponse(r, ref=self.group)
#Ordinary users should not be allowed to list other's groups
# Ordinary users should not be allowed to list other's groups
auth = self.build_authentication_request(
user_id=self.user2['id'],
password=self.user2['password'])
@ -782,10 +782,10 @@ class IdentityTestCase(test_v3.RestfulTestCase):
# FIXME(gyee): this test is no longer valid as user
# have no role in the project. Can't get a scoped token
#self.delete(member_url)
#r = self.get(collection_url)
#self.assertValidRoleListResponse(r, expected_length=0)
#self.assertIn(collection_url, r.result['links']['self'])
# self.delete(member_url)
# r = self.get(collection_url)
# self.assertValidRoleListResponse(r, expected_length=0)
# self.assertIn(collection_url, r.result['links']['self'])
def test_crud_user_project_role_grants_no_user(self):
"""Grant role on a project to a user that doesn't exist, 404 result.

2
keystone/tests/test_v3_oauth1.py
View File

@ -466,7 +466,7 @@ class AuthTokenTests(OAuthFlowTests):
def test_token_chaining_is_not_allowed(self):
self.test_oauth_flow()
#attempt to re-authenticate (token chain) with the given token
# attempt to re-authenticate (token chain) with the given token
path = '/v3/auth/tokens/'
auth_data = self.build_authentication_request(
token=self.keystone_token_id)

4
keystone/token/controllers.py
View File

@ -156,7 +156,7 @@ class Auth(controller.V2Controller):
wsgi.validate_token_bind(context, old_token_ref)
#A trust token cannot be used to get another token
# A trust token cannot be used to get another token
if 'trust' in old_token_ref:
raise exception.Forbidden()
if 'trust_id' in old_token_ref['metadata']:
@ -289,7 +289,7 @@ class Auth(controller.V2Controller):
if 'REMOTE_USER' not in context.get('environment', {}):
raise ExternalAuthNotApplicable()
#NOTE(jamielennox): xml and json differ and get confused about what
# NOTE(jamielennox): xml and json differ and get confused about what
# empty auth should look like so just reset it.
if not auth:
auth = {}

2
keystone/token/providers/common.py
View File

@ -254,7 +254,7 @@ class V3TokenDataHelper(object):
if CONF.trust.enabled and trust:
token_user_id = trust['trustor_user_id']
token_project_id = trust['project_id']
#trusts do not support domains yet
# trusts do not support domains yet
token_domain_id = None
else:
token_user_id = user_id

4
keystone/trust/backends/sql.py
View File

@ -24,9 +24,9 @@ class TrustModel(sql.ModelBase, sql.DictBase):
'project_id', 'impersonation', 'expires_at',
'remaining_uses']
id = sql.Column(sql.String(64), primary_key=True)
#user id Of owner
# user id of owner
trustor_user_id = sql.Column(sql.String(64), nullable=False,)
#user_id of user allowed to consume this preauth
# user_id of user allowed to consume this preauth
trustee_user_id = sql.Column(sql.String(64), nullable=False)
project_id = sql.Column(sql.String(64))
impersonation = sql.Column(sql.Boolean, nullable=False)

2
keystone/trust/controllers.py
View File

@ -141,7 +141,7 @@ class TrustV3(controller.V3Controller):
try:
user_id = self._get_user_id(context)
_trustor_only(context, trust, user_id)
#confirm that the trustee exists
# confirm that the trustee exists
self.identity_api.get_user(trust['trustee_user_id'])
all_roles = self.assignment_api.list_roles()
clean_roles = self._clean_role_list(context, trust, all_roles)