Merge "Add a space after the hash for block comments"
This commit is contained in:
commit
55fca26eaa
|
@ -41,9 +41,9 @@ class Assignment(assignment.Driver):
|
|||
self.LDAP_PASSWORD = CONF.ldap.password
|
||||
self.suffix = CONF.ldap.suffix
|
||||
|
||||
#These are the only deep dependency from assignment back
|
||||
#to identity. The assumption is that if you are using
|
||||
#LDAP for assignments, you are using it for Id as well.
|
||||
# These are the only deep dependency from assignment back
|
||||
# to identity. The assumption is that if you are using
|
||||
# LDAP for assignments, you are using it for Id as well.
|
||||
self.user = ldap_identity.UserApi(CONF)
|
||||
self.group = ldap_identity.GroupApi(CONF)
|
||||
|
||||
|
@ -264,7 +264,7 @@ class Assignment(assignment.Driver):
|
|||
def list_domains(self, hints):
|
||||
return [assignment.calc_default_domain()]
|
||||
|
||||
#Bulk actions on User From identity
|
||||
# Bulk actions on User From identity
|
||||
def delete_user(self, user_id):
|
||||
user_dn = self.user._id_to_dn(user_id)
|
||||
for ref in self.role.list_global_roles_for_user(user_dn):
|
||||
|
@ -280,8 +280,8 @@ class Assignment(assignment.Driver):
|
|||
self.project.remove_user(user.tenant_id,
|
||||
self.user._id_to_dn(user_id))
|
||||
|
||||
#LDAP assignments only supports LDAP identity. Assignments under identity
|
||||
#are already deleted
|
||||
# LDAP assignments only supports LDAP identity. Assignments under
|
||||
# identity are already deleted
|
||||
def delete_group(self, group_id):
|
||||
if not self.group.subtree_delete_enabled:
|
||||
# TODO(spzala): this is only placeholder for group and domain
|
||||
|
@ -447,8 +447,8 @@ class ProjectApi(common_ldap.EnabledEmuMixIn, common_ldap.BaseLdap):
|
|||
project_ids.add(self._dn_to_id(assoc.project_dn))
|
||||
projects = []
|
||||
for project_id in project_ids:
|
||||
#slower to get them one at a time, but a huge list could blow out
|
||||
#the connection. This is the safer way
|
||||
# slower to get them one at a time, but a huge list could blow out
|
||||
# the connection. This is the safer way
|
||||
projects.append(self.get(project_id))
|
||||
return projects
|
||||
|
||||
|
@ -633,10 +633,10 @@ class RoleApi(common_ldap.BaseLdap):
|
|||
|
||||
res = []
|
||||
for role_dn, _ in roles:
|
||||
#ldap.dn.dn2str returns an array, where the first
|
||||
#element is the first segment.
|
||||
#For a role assignment, this contains the role ID,
|
||||
#The remainder is the DN of the tenant.
|
||||
# ldap.dn.dn2str returns an array, where the first
|
||||
# element is the first segment.
|
||||
# For a role assignment, this contains the role ID,
|
||||
# The remainder is the DN of the tenant.
|
||||
tenant = ldap.dn.str2dn(role_dn)
|
||||
tenant.pop(0)
|
||||
tenant_dn = ldap.dn.dn2str(tenant)
|
||||
|
|
|
@ -245,7 +245,7 @@ class Manager(manager.Manager):
|
|||
role = {'id': CONF.member_role_id,
|
||||
'name': CONF.member_role_name}
|
||||
self.driver.create_role(config.CONF.member_role_id, role)
|
||||
#now that default role exists, the add should succeed
|
||||
# now that default role exists, the add should succeed
|
||||
self.driver.add_role_to_user_and_project(
|
||||
user_id,
|
||||
tenant_id,
|
||||
|
@ -970,7 +970,7 @@ class Driver(object):
|
|||
"""
|
||||
raise exception.NotImplemented()
|
||||
|
||||
#TODO(ayoung): determine what else these two functions raise
|
||||
# TODO(ayoung): determine what else these two functions raise
|
||||
@abc.abstractmethod
|
||||
def delete_user(self, user_id):
|
||||
"""Deletes all assignments for a user.
|
||||
|
@ -989,9 +989,9 @@ class Driver(object):
|
|||
"""
|
||||
raise exception.NotImplemented()
|
||||
|
||||
#domain management functions for backends that only allow a single domain.
|
||||
#currently, this is only LDAP, but might be used by PAM or other backends
|
||||
#as well. This is used by both identity and assignment drivers.
|
||||
# domain management functions for backends that only allow a single
|
||||
# domain. currently, this is only LDAP, but might be used by PAM or other
|
||||
# backends as well. This is used by both identity and assignment drivers.
|
||||
def _set_default_domain(self, ref):
|
||||
"""If the domain ID has not been set, set it to the default."""
|
||||
if isinstance(ref, dict):
|
||||
|
|
|
@ -466,7 +466,7 @@ class Auth(controller.V3Controller):
|
|||
return {'signed': signed_text}
|
||||
|
||||
|
||||
#FIXME(gyee): not sure if it belongs here or keystone.common. Park it here
|
||||
# FIXME(gyee): not sure if it belongs here or keystone.common. Park it here
|
||||
# for now.
|
||||
def render_token_data_response(token_id, token_data, created=False):
|
||||
"""Render token data HTTP response.
|
||||
|
|
|
@ -37,14 +37,14 @@ class Token(auth.AuthMethodHandler):
|
|||
target=self.method)
|
||||
token_id = auth_payload['id']
|
||||
response = self.provider.validate_token(token_id)
|
||||
#for V3 tokens, the essential data is under the 'token' value.
|
||||
#For V2, the comparable data was nested under 'access'
|
||||
# For V3 tokens, the essential data is under the 'token' value.
|
||||
# For V2, the comparable data was nested under 'access'.
|
||||
token_ref = response.get('token', response.get('access'))
|
||||
|
||||
#Do not allow tokens used for delegation to
|
||||
#create another token, or perform any changes of
|
||||
#state in Keystone. TO do so is to invite elevation of
|
||||
#privilege attacks
|
||||
# Do not allow tokens used for delegation to
|
||||
# create another token, or perform any changes of
|
||||
# state in Keystone. TO do so is to invite elevation of
|
||||
# privilege attacks
|
||||
if 'OS-TRUST:trust' in token_ref:
|
||||
raise exception.Forbidden()
|
||||
if 'trust' in token_ref:
|
||||
|
@ -56,10 +56,10 @@ class Token(auth.AuthMethodHandler):
|
|||
|
||||
wsgi.validate_token_bind(context, token_ref)
|
||||
|
||||
#new tokens are not allowed to extend the expiration
|
||||
#time of an old token, otherwise, they could be extened
|
||||
#forever. The expiration value was stored at different
|
||||
#locations in v2 and v3 tokens.
|
||||
# New tokens are not allowed to extend the expiration
|
||||
# time of an old token, otherwise, they could be extened
|
||||
# forever. The expiration value was stored at different
|
||||
# locations in v2 and v3 tokens.
|
||||
expires_at = token_ref.get('expires_at')
|
||||
if not expires_at:
|
||||
expires_at = token_ref.get('expires')
|
||||
|
|
|
@ -615,7 +615,7 @@ FILE_OPTIONS = {
|
|||
cfg.StrOpt('token',
|
||||
default='keystone.auth.plugins.token.Token',
|
||||
help='The token auth plugin module.'),
|
||||
#deals with REMOTE_USER authentication
|
||||
# deals with REMOTE_USER authentication
|
||||
cfg.StrOpt('external',
|
||||
default='keystone.auth.plugins.external.DefaultDomain',
|
||||
help='The external (REMOTE_USER) auth plugin module.')],
|
||||
|
|
|
@ -632,7 +632,7 @@ class V3Controller(wsgi.Application):
|
|||
blocked_keys = ref_keys.difference(cls._mutable_parameters)
|
||||
|
||||
if not blocked_keys:
|
||||
#No immutable parameters changed
|
||||
# No immutable parameters changed
|
||||
return
|
||||
|
||||
exception_args = {'target': cls.__name__,
|
||||
|
|
|
@ -501,9 +501,9 @@ class LdapWrapper(object):
|
|||
'tls_avail': ldap.TLS_AVAIL
|
||||
})
|
||||
|
||||
#NOTE(topol)
|
||||
#for extra debugging uncomment the following line
|
||||
#ldap.set_option(ldap.OPT_DEBUG_LEVEL, 4095)
|
||||
# NOTE(topol)
|
||||
# for extra debugging uncomment the following line
|
||||
# ldap.set_option(ldap.OPT_DEBUG_LEVEL, 4095)
|
||||
|
||||
using_ldaps = url.lower().startswith("ldaps")
|
||||
|
||||
|
@ -515,24 +515,24 @@ class LdapWrapper(object):
|
|||
raise ValueError(_('Invalid LDAP TLS_AVAIL option: %s. TLS '
|
||||
'not available') % ldap.TLS_AVAIL)
|
||||
if tls_cacertfile:
|
||||
#NOTE(topol)
|
||||
#python ldap TLS does not verify CACERTFILE or CACERTDIR
|
||||
#so we add some extra simple sanity check verification
|
||||
#Also, setting these values globally (i.e. on the ldap object)
|
||||
#works but these values are ignored when setting them on the
|
||||
#connection
|
||||
# NOTE(topol)
|
||||
# python ldap TLS does not verify CACERTFILE or CACERTDIR
|
||||
# so we add some extra simple sanity check verification
|
||||
# Also, setting these values globally (i.e. on the ldap object)
|
||||
# works but these values are ignored when setting them on the
|
||||
# connection
|
||||
if not os.path.isfile(tls_cacertfile):
|
||||
raise IOError(_("tls_cacertfile %s not found "
|
||||
"or is not a file") %
|
||||
tls_cacertfile)
|
||||
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, tls_cacertfile)
|
||||
elif tls_cacertdir:
|
||||
#NOTE(topol)
|
||||
#python ldap TLS does not verify CACERTFILE or CACERTDIR
|
||||
#so we add some extra simple sanity check verification
|
||||
#Also, setting these values globally (i.e. on the ldap object)
|
||||
#works but these values are ignored when setting them on the
|
||||
#connection
|
||||
# NOTE(topol)
|
||||
# python ldap TLS does not verify CACERTFILE or CACERTDIR
|
||||
# so we add some extra simple sanity check verification
|
||||
# Also, setting these values globally (i.e. on the ldap object)
|
||||
# works but these values are ignored when setting them on the
|
||||
# connection
|
||||
if not os.path.isdir(tls_cacertdir):
|
||||
raise IOError(_("tls_cacertdir %s not found "
|
||||
"or is not a directory") %
|
||||
|
|
|
@ -250,8 +250,6 @@ class PEMParseResult(object):
|
|||
self._pem_type = pem_type
|
||||
self._pem_header = pem_header
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
|
||||
def pem_search(text, start=0):
|
||||
"""Search for a block of PEM formatted data
|
||||
|
|
|
@ -92,9 +92,9 @@ class XmlDeserializer(object):
|
|||
return tag_name
|
||||
bracket = re.search('[^{]+$', tag)
|
||||
ns = m.string[bracket.start():m.start() - 1]
|
||||
#If the namespace is
|
||||
#http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0
|
||||
#for the root element, a prefix needs to add in front of the tag name.
|
||||
# If the namespace is
|
||||
# http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0 for the
|
||||
# root element, a prefix needs to add in front of the tag name.
|
||||
prefix = None
|
||||
for xmlns in XMLNS_LIST:
|
||||
if xmlns['value'] == ns:
|
||||
|
|
|
@ -17,7 +17,7 @@ from sqlalchemy import Column, MetaData, String, Table, Text, types
|
|||
from sqlalchemy.orm import sessionmaker
|
||||
|
||||
|
||||
#sqlite doesn't support dropping columns. Copy to a new table instead
|
||||
# sqlite doesn't support dropping columns. Copy to a new table instead
|
||||
def downgrade_user_table_with_copy(meta, migrate_engine):
|
||||
maker = sessionmaker(bind=migrate_engine)
|
||||
session = maker()
|
||||
|
|
|
@ -18,9 +18,9 @@ from sqlalchemy import exc
|
|||
|
||||
def downgrade_token_table_with_column_drop(meta, migrate_engine):
|
||||
token_table = sqlalchemy.Table('token', meta, autoload=True)
|
||||
#delete old tokens, as the format has changed.
|
||||
#We don't guarantee that existing tokens will be
|
||||
#usable after a migration
|
||||
# delete old tokens, as the format has changed.
|
||||
# We don't guarantee that existing tokens will be
|
||||
# usable after a migration
|
||||
token_table.delete()
|
||||
token_table.drop_column(
|
||||
sqlalchemy.Column('trust_id',
|
||||
|
@ -37,19 +37,19 @@ def create_column_forgiving(migrate_engine, table, column):
|
|||
except exc.OperationalError as e:
|
||||
if (e.args[0].endswith('duplicate column name: %s' % column.name)
|
||||
and migrate_engine.name == "sqlite"):
|
||||
#sqlite does not drop columns, so if we have already
|
||||
#done a downgrade and are now upgrading, we will hit
|
||||
#this: the SQLite driver previously reported success
|
||||
#dropping the columns but it hasn't.
|
||||
# sqlite does not drop columns, so if we have already
|
||||
# done a downgrade and are now upgrading, we will hit
|
||||
# this: the SQLite driver previously reported success
|
||||
# dropping the columns but it hasn't.
|
||||
pass
|
||||
else:
|
||||
raise
|
||||
|
||||
|
||||
def upgrade_token_table(meta, migrate_engine):
|
||||
#delete old tokens, as the format has changed.
|
||||
#The existing tokens will not
|
||||
#support some of the list functions
|
||||
# delete old tokens, as the format has changed.
|
||||
# The existing tokens will not
|
||||
# support some of the list functions
|
||||
|
||||
token_table = sqlalchemy.Table('token', meta, autoload=True)
|
||||
token_table.delete()
|
||||
|
|
|
@ -16,8 +16,8 @@ import sqlalchemy
|
|||
|
||||
|
||||
def upgrade(migrate_engine):
|
||||
#This migration is relevant only for mysql because for all other
|
||||
#migrate engines these indexes were successfully dropped.
|
||||
# This migration is relevant only for mysql because for all other
|
||||
# migrate engines these indexes were successfully dropped.
|
||||
if migrate_engine.name != 'mysql':
|
||||
return
|
||||
meta = sqlalchemy.MetaData(bind=migrate_engine)
|
||||
|
|
|
@ -187,9 +187,9 @@ class Application(BaseApplication):
|
|||
context['path'] = req.environ['PATH_INFO']
|
||||
context['host_url'] = req.host_url
|
||||
params = req.environ.get(PARAMS_ENV, {})
|
||||
#authentication and authorization attributes are set as environment
|
||||
#values by the container and processed by the pipeline. the complete
|
||||
#set is not yet know.
|
||||
# authentication and authorization attributes are set as environment
|
||||
# values by the container and processed by the pipeline. the complete
|
||||
# set is not yet know.
|
||||
context['environment'] = req.environ
|
||||
req.environ = None
|
||||
|
||||
|
|
|
@ -75,7 +75,7 @@ class IdentityProvider(_ControllerBase):
|
|||
ref = cls.filter_params(ref)
|
||||
return {cls.member_name: ref}
|
||||
|
||||
#TODO(marek-denis): Implement, when mapping engine is ready
|
||||
# TODO(marek-denis): Implement, when mapping engine is ready
|
||||
def _delete_tokens_issued_by_idp(self, idp_id):
|
||||
"""Delete tokens created upon authentication from an IdP
|
||||
|
||||
|
|
|
@ -29,14 +29,14 @@ LOG = log.getLogger(__name__)
|
|||
@dependency.requires('oauth_api')
|
||||
class OAuthValidator(oauth1.RequestValidator):
|
||||
|
||||
#TODO(mhu) set as option probably ?
|
||||
# TODO(mhu) set as option probably?
|
||||
@property
|
||||
def enforce_ssl(self):
|
||||
return False
|
||||
|
||||
@property
|
||||
def safe_characters(self):
|
||||
#oauth tokens are generated from a uuid hex value
|
||||
# oauth tokens are generated from a uuid hex value
|
||||
return set("abcdef0123456789")
|
||||
|
||||
def _check_token(self, token):
|
||||
|
|
|
@ -31,7 +31,7 @@ _VERSIONS = []
|
|||
class Extensions(wsgi.Application):
|
||||
"""Base extensions controller to be extended by public and admin API's."""
|
||||
|
||||
#extend in subclass to specify the set of extensions
|
||||
# extend in subclass to specify the set of extensions
|
||||
@property
|
||||
def extensions(self):
|
||||
return None
|
||||
|
|
|
@ -808,4 +808,4 @@ class Driver(object):
|
|||
"""Indicates if Driver supports domains."""
|
||||
raise exception.NotImplemented()
|
||||
|
||||
#end of identity
|
||||
# end of identity
|
||||
|
|
|
@ -40,7 +40,8 @@ SCOPE_NAMES = {
|
|||
ldap.SCOPE_SUBTREE: 'SCOPE_SUBTREE',
|
||||
}
|
||||
|
||||
#http://msdn.microsoft.com/en-us/library/windows/desktop/aa366991(v=vs.85).aspx
|
||||
# http://msdn.microsoft.com\
|
||||
# /en-us/library/windows/desktop/aa366991(v=vs.85).aspx
|
||||
CONTROL_TREEDELETE = '1.2.840.113556.1.4.805'
|
||||
|
||||
LOG = log.getLogger(__name__)
|
||||
|
|
|
@ -82,10 +82,10 @@ class AuthTest(tests.TestCase):
|
|||
self.empty_context = {'environment': {}}
|
||||
|
||||
self.controller = token.controllers.Auth()
|
||||
#This call sets up, among other things, the call to popen
|
||||
#that will be used to run the CMS command. These tests were
|
||||
#passing only due to the global nature of the call. If the
|
||||
#tests in this file are run alone, API calls return unauthorized.
|
||||
# This call sets up, among other things, the call to popen
|
||||
# that will be used to run the CMS command. These tests were
|
||||
# passing only due to the global nature of the call. If the
|
||||
# tests in this file are run alone, API calls return unauthorized.
|
||||
environment.use_eventlet(monkeypatch_thread=False)
|
||||
|
||||
def assertEqualTokens(self, a, b):
|
||||
|
|
|
@ -1516,7 +1516,7 @@ class IdentityTests(object):
|
|||
self.identity_api.get_user(user1['id'])
|
||||
|
||||
def test_delete_domain_with_user_group_project_links(self):
|
||||
#TODO(chungg):add test case once expected behaviour defined
|
||||
# TODO(chungg):add test case once expected behaviour defined
|
||||
pass
|
||||
|
||||
def test_role_crud(self):
|
||||
|
@ -2303,8 +2303,8 @@ class IdentityTests(object):
|
|||
self.identity_api.create_group(new_group['id'], new_group)
|
||||
test_groups.append(new_group)
|
||||
|
||||
#add the user to the group and ensure that the
|
||||
#group count increases by one for each
|
||||
# add the user to the group and ensure that the
|
||||
# group count increases by one for each
|
||||
group_refs = self.identity_api.list_groups_for_user(
|
||||
positive_user['id'])
|
||||
self.assertEqual(len(group_refs), before_count)
|
||||
|
@ -2315,14 +2315,13 @@ class IdentityTests(object):
|
|||
positive_user['id'])
|
||||
self.assertEqual(len(group_refs), after_count)
|
||||
|
||||
#Make sure the group count for the unrelated user
|
||||
#did not change
|
||||
# Make sure the group count for the unrelated user did not change
|
||||
group_refs = self.identity_api.list_groups_for_user(
|
||||
negative_user['id'])
|
||||
self.assertEqual(len(group_refs), 0)
|
||||
|
||||
#remove the user from each group and ensure that
|
||||
#the group count reduces by one for each
|
||||
# remove the user from each group and ensure that
|
||||
# the group count reduces by one for each
|
||||
for x in range(0, 3):
|
||||
before_count = GROUP_COUNT - x
|
||||
after_count = GROUP_COUNT - x - 1
|
||||
|
@ -2335,8 +2334,8 @@ class IdentityTests(object):
|
|||
group_refs = self.identity_api.list_groups_for_user(
|
||||
positive_user['id'])
|
||||
self.assertEqual(len(group_refs), after_count)
|
||||
#Make sure the group count for the unrelated user
|
||||
#did not change
|
||||
# Make sure the group count for the unrelated user
|
||||
# did not change
|
||||
group_refs = self.identity_api.list_groups_for_user(
|
||||
negative_user['id'])
|
||||
self.assertEqual(len(group_refs), 0)
|
||||
|
@ -4159,7 +4158,7 @@ class FilterTests(filtering.FilterTests):
|
|||
self.assertEqual(len(users), 5)
|
||||
self._match_with_list(users, user_list,
|
||||
list_start=6, list_end=11)
|
||||
#TODO(henry-nash) Check inexact filter has been removed.
|
||||
# TODO(henry-nash) Check inexact filter has been removed.
|
||||
|
||||
hints = driver_hints.Hints()
|
||||
hints.add_filter('name', 'The', comparator='startswith')
|
||||
|
@ -4167,7 +4166,7 @@ class FilterTests(filtering.FilterTests):
|
|||
self.assertEqual(len(users), 6)
|
||||
self._match_with_list(users, user_list,
|
||||
list_start=5, list_end=11)
|
||||
#TODO(henry-nash) Check inexact filter has been removed.
|
||||
# TODO(henry-nash) Check inexact filter has been removed.
|
||||
|
||||
hints = driver_hints.Hints()
|
||||
hints.add_filter('name', 'of', comparator='endswith')
|
||||
|
@ -4175,7 +4174,7 @@ class FilterTests(filtering.FilterTests):
|
|||
self.assertEqual(len(users), 2)
|
||||
self.assertEqual(users[0]['id'], user_list[7]['id'])
|
||||
self.assertEqual(users[1]['id'], user_list[10]['id'])
|
||||
#TODO(henry-nash) Check inexact filter has been removed.
|
||||
# TODO(henry-nash) Check inexact filter has been removed.
|
||||
|
||||
# TODO(henry-nash): Add some case sensitive tests. The issue
|
||||
# is that MySQL 0.7, by default, is installed in case
|
||||
|
|
|
@ -1292,7 +1292,7 @@ class LdapIdentitySqlAssignment(BaseLDAPIdentity, tests.SQLDriverOverrides,
|
|||
self.addCleanup(sql.ModelBase.metadata.drop_all, bind=self.engine)
|
||||
|
||||
self.load_fixtures(default_fixtures)
|
||||
#defaulted by the data load
|
||||
# defaulted by the data load
|
||||
self.user_foo['enabled'] = True
|
||||
|
||||
def config_overrides(self):
|
||||
|
|
|
@ -42,7 +42,7 @@ class SqlTests(tests.SQLDriverOverrides, tests.TestCase):
|
|||
|
||||
# populate the engine with tables & fixtures
|
||||
self.load_fixtures(default_fixtures)
|
||||
#defaulted by the data load
|
||||
# defaulted by the data load
|
||||
self.user_foo['enabled'] = True
|
||||
|
||||
def config_files(self):
|
||||
|
|
|
@ -139,7 +139,7 @@ class KcMasterSqlTestCase(test_keystoneclient.KcMasterTestCase):
|
|||
resp, token = self._send_ec2_auth_request(credentials)
|
||||
self.assertEqual(resp.status_code, 200)
|
||||
self.assertEqual(trust_id, token['access']['trust']['id'])
|
||||
#TODO(shardy) we really want to check the roles and trustee
|
||||
# TODO(shardy) we really want to check the roles and trustee
|
||||
# but because of where the stubbing happens we don't seem to
|
||||
# hit the necessary code in controllers.py _authenticate_token
|
||||
# so although all is OK via a real request, it incorrect in
|
||||
|
|
|
@ -90,7 +90,7 @@ class LiveLDAPIdentity(test_backend_ldap.LDAPIdentity):
|
|||
def test_build_tree(self):
|
||||
"""Regression test for building the tree names
|
||||
"""
|
||||
#logic is different from the fake backend.
|
||||
# logic is different from the fake backend.
|
||||
user_api = identity_ldap.UserApi(CONF)
|
||||
self.assertTrue(user_api)
|
||||
self.assertEqual(user_api.tree_dn, CONF.ldap.user_tree_dn)
|
||||
|
@ -169,8 +169,8 @@ class LiveLDAPIdentity(test_backend_ldap.LDAPIdentity):
|
|||
self.assertEqual(ldap.DEREF_SEARCHING,
|
||||
ldap_wrapper.conn.get_option(ldap.OPT_DEREF))
|
||||
|
||||
#FakeLDAP does not correctly process filters, so this test can only be run
|
||||
#against a live LDAP server
|
||||
# FakeLDAP does not correctly process filters, so this test can only be
|
||||
# run against a live LDAP server
|
||||
def test_list_groups_for_user_filtered(self):
|
||||
domain = self._get_domain_fixture()
|
||||
test_groups = []
|
||||
|
|
|
@ -458,7 +458,7 @@ class CadfNotificationsWrapperTestCase(test_v3.RestfulTestCase):
|
|||
'initiator': initiator,
|
||||
# NOTE(stevemar): outcome has 2 stages, pending and success
|
||||
# so we are ignoring it for now.
|
||||
#'outcome': outcome,
|
||||
# 'outcome': outcome,
|
||||
'send_notification_called': True}
|
||||
self._notifications.append(note)
|
||||
|
||||
|
|
|
@ -167,7 +167,7 @@ class RevokeTests(object):
|
|||
# 'synchronize' should now be exercised and remove old expired events
|
||||
mock_utcnow.return_value = now_plus_2h
|
||||
self.revoke_api.revoke_by_expiration(_new_id(), now_plus_2h)
|
||||
#should no longer throw an exception
|
||||
# should no longer throw an exception
|
||||
self.revoke_api.check_token(token_values)
|
||||
|
||||
|
||||
|
|
|
@ -79,7 +79,7 @@ class RestfulTestCase(tests.SQLDriverOverrides, rest.RestfulTestCase):
|
|||
|
||||
self.empty_context = {'environment': {}}
|
||||
|
||||
#drop the policy rules
|
||||
# drop the policy rules
|
||||
self.addCleanup(rules.reset)
|
||||
|
||||
self.addCleanup(self.teardown_database)
|
||||
|
@ -609,14 +609,14 @@ class RestfulTestCase(tests.SQLDriverOverrides, rest.RestfulTestCase):
|
|||
# region validation
|
||||
|
||||
def assertValidRegionListResponse(self, resp, *args, **kwargs):
|
||||
#NOTE(jaypipes): I have to pass in a blank keys_to_check parameter
|
||||
# below otherwise the base assertValidEntity method
|
||||
# tries to find a "name" and an "enabled" key in the
|
||||
# returned ref dicts. The issue is, I don't understand
|
||||
# how the service and endpoint entity assertions below
|
||||
# actually work (they don't raise assertions), since
|
||||
# AFAICT, the service and endpoint tables don't have
|
||||
# a "name" column either... :(
|
||||
# NOTE(jaypipes): I have to pass in a blank keys_to_check parameter
|
||||
# below otherwise the base assertValidEntity method
|
||||
# tries to find a "name" and an "enabled" key in the
|
||||
# returned ref dicts. The issue is, I don't understand
|
||||
# how the service and endpoint entity assertions below
|
||||
# actually work (they don't raise assertions), since
|
||||
# AFAICT, the service and endpoint tables don't have
|
||||
# a "name" column either... :(
|
||||
return self.assertValidListResponse(
|
||||
resp,
|
||||
'regions',
|
||||
|
@ -1112,7 +1112,7 @@ class VersionTestCase(RestfulTestCase):
|
|||
pass
|
||||
|
||||
|
||||
#NOTE(gyee): test AuthContextMiddleware here instead of test_middleware.py
|
||||
# NOTE(gyee): test AuthContextMiddleware here instead of test_middleware.py
|
||||
# because we need the token
|
||||
class AuthContextMiddlewareTestCase(RestfulTestCase):
|
||||
def _mock_request_object(self, token_id):
|
||||
|
|
|
@ -2078,8 +2078,8 @@ class TestAuthJSON(test_v3.RestfulTestCase):
|
|||
auth_context)
|
||||
|
||||
def test_remote_user_and_password(self):
|
||||
#both REMOTE_USER and password methods must pass.
|
||||
#note that they do not have to match
|
||||
# both REMOTE_USER and password methods must pass.
|
||||
# note that they do not have to match
|
||||
api = auth.controllers.Auth()
|
||||
auth_data = self.build_authentication_request(
|
||||
user_domain_id=self.domain['id'],
|
||||
|
@ -2091,8 +2091,8 @@ class TestAuthJSON(test_v3.RestfulTestCase):
|
|||
api.authenticate(context, auth_info, auth_context)
|
||||
|
||||
def test_remote_user_and_explicit_external(self):
|
||||
#both REMOTE_USER and password methods must pass.
|
||||
#note that they do not have to match
|
||||
# both REMOTE_USER and password methods must pass.
|
||||
# note that they do not have to match
|
||||
auth_data = self.build_authentication_request(
|
||||
user_domain_id=self.domain['id'],
|
||||
username=self.user['name'],
|
||||
|
@ -2109,7 +2109,7 @@ class TestAuthJSON(test_v3.RestfulTestCase):
|
|||
auth_context)
|
||||
|
||||
def test_remote_user_bad_password(self):
|
||||
#both REMOTE_USER and password methods must pass.
|
||||
# both REMOTE_USER and password methods must pass.
|
||||
api = auth.controllers.Auth()
|
||||
auth_data = self.build_authentication_request(
|
||||
user_domain_id=self.domain['id'],
|
||||
|
@ -2133,7 +2133,7 @@ class TestAuthJSON(test_v3.RestfulTestCase):
|
|||
token = self.assertValidUnscopedTokenResponse(r)
|
||||
self.assertNotIn('bind', token)
|
||||
|
||||
#TODO(ayoung): move to TestPKITokenAPIs; it will be run for both formats
|
||||
# TODO(ayoung): move to TestPKITokenAPIs; it will be run for both formats
|
||||
def test_verify_with_bound_token(self):
|
||||
self.config_fixture.config(group='token', bind='kerberos')
|
||||
auth_data = self.build_authentication_request(
|
||||
|
|
|
@ -43,7 +43,7 @@ class IdentityTestFilteredCase(filtering.FilterTests,
|
|||
_unused, self.tmpfilename = tempfile.mkstemp()
|
||||
self.config_fixture.config(policy_file=self.tmpfilename)
|
||||
|
||||
#drop the policy rules
|
||||
# drop the policy rules
|
||||
self.addCleanup(rules.reset)
|
||||
|
||||
def load_sample_data(self):
|
||||
|
|
|
@ -537,9 +537,9 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
|||
self.put('/groups/%(group_id)s/users/%(user_id)s' % {
|
||||
'group_id': self.group_id, 'user_id': self.user1['id']})
|
||||
|
||||
#Scenarios below are written to test the default policy configuration
|
||||
# Scenarios below are written to test the default policy configuration
|
||||
|
||||
#One should be allowed to list one's own groups
|
||||
# One should be allowed to list one's own groups
|
||||
auth = self.build_authentication_request(
|
||||
user_id=self.user1['id'],
|
||||
password=self.user1['password'])
|
||||
|
@ -547,12 +547,12 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
|||
'user_id': self.user1['id']}, auth=auth)
|
||||
self.assertValidGroupListResponse(r, ref=self.group)
|
||||
|
||||
#Administrator is allowed to list others' groups
|
||||
# Administrator is allowed to list others' groups
|
||||
r = self.get('/users/%(user_id)s/groups' % {
|
||||
'user_id': self.user1['id']})
|
||||
self.assertValidGroupListResponse(r, ref=self.group)
|
||||
|
||||
#Ordinary users should not be allowed to list other's groups
|
||||
# Ordinary users should not be allowed to list other's groups
|
||||
auth = self.build_authentication_request(
|
||||
user_id=self.user2['id'],
|
||||
password=self.user2['password'])
|
||||
|
@ -782,10 +782,10 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
|||
|
||||
# FIXME(gyee): this test is no longer valid as user
|
||||
# have no role in the project. Can't get a scoped token
|
||||
#self.delete(member_url)
|
||||
#r = self.get(collection_url)
|
||||
#self.assertValidRoleListResponse(r, expected_length=0)
|
||||
#self.assertIn(collection_url, r.result['links']['self'])
|
||||
# self.delete(member_url)
|
||||
# r = self.get(collection_url)
|
||||
# self.assertValidRoleListResponse(r, expected_length=0)
|
||||
# self.assertIn(collection_url, r.result['links']['self'])
|
||||
|
||||
def test_crud_user_project_role_grants_no_user(self):
|
||||
"""Grant role on a project to a user that doesn't exist, 404 result.
|
||||
|
|
|
@ -466,7 +466,7 @@ class AuthTokenTests(OAuthFlowTests):
|
|||
def test_token_chaining_is_not_allowed(self):
|
||||
self.test_oauth_flow()
|
||||
|
||||
#attempt to re-authenticate (token chain) with the given token
|
||||
# attempt to re-authenticate (token chain) with the given token
|
||||
path = '/v3/auth/tokens/'
|
||||
auth_data = self.build_authentication_request(
|
||||
token=self.keystone_token_id)
|
||||
|
|
|
@ -156,7 +156,7 @@ class Auth(controller.V2Controller):
|
|||
|
||||
wsgi.validate_token_bind(context, old_token_ref)
|
||||
|
||||
#A trust token cannot be used to get another token
|
||||
# A trust token cannot be used to get another token
|
||||
if 'trust' in old_token_ref:
|
||||
raise exception.Forbidden()
|
||||
if 'trust_id' in old_token_ref['metadata']:
|
||||
|
@ -289,7 +289,7 @@ class Auth(controller.V2Controller):
|
|||
if 'REMOTE_USER' not in context.get('environment', {}):
|
||||
raise ExternalAuthNotApplicable()
|
||||
|
||||
#NOTE(jamielennox): xml and json differ and get confused about what
|
||||
# NOTE(jamielennox): xml and json differ and get confused about what
|
||||
# empty auth should look like so just reset it.
|
||||
if not auth:
|
||||
auth = {}
|
||||
|
|
|
@ -254,7 +254,7 @@ class V3TokenDataHelper(object):
|
|||
if CONF.trust.enabled and trust:
|
||||
token_user_id = trust['trustor_user_id']
|
||||
token_project_id = trust['project_id']
|
||||
#trusts do not support domains yet
|
||||
# trusts do not support domains yet
|
||||
token_domain_id = None
|
||||
else:
|
||||
token_user_id = user_id
|
||||
|
|
|
@ -24,9 +24,9 @@ class TrustModel(sql.ModelBase, sql.DictBase):
|
|||
'project_id', 'impersonation', 'expires_at',
|
||||
'remaining_uses']
|
||||
id = sql.Column(sql.String(64), primary_key=True)
|
||||
#user id Of owner
|
||||
# user id of owner
|
||||
trustor_user_id = sql.Column(sql.String(64), nullable=False,)
|
||||
#user_id of user allowed to consume this preauth
|
||||
# user_id of user allowed to consume this preauth
|
||||
trustee_user_id = sql.Column(sql.String(64), nullable=False)
|
||||
project_id = sql.Column(sql.String(64))
|
||||
impersonation = sql.Column(sql.Boolean, nullable=False)
|
||||
|
|
|
@ -141,7 +141,7 @@ class TrustV3(controller.V3Controller):
|
|||
try:
|
||||
user_id = self._get_user_id(context)
|
||||
_trustor_only(context, trust, user_id)
|
||||
#confirm that the trustee exists
|
||||
# confirm that the trustee exists
|
||||
self.identity_api.get_user(trust['trustee_user_id'])
|
||||
all_roles = self.assignment_api.list_roles()
|
||||
clean_roles = self._clean_role_list(context, trust, all_roles)
|
||||
|
|
Loading…
Reference in New Issue