openstack/python-keystoneclient
Code Issues Proposed changes

replace double quotes with single.

Browse Source 
Change-Id: Ib2c828525fe3bafac8ed2f402a477ba62bbf6471
This commit is contained in:
Adam Young
2014-04-21 16:49:09 -04:00
parent 02572377fa
commit 7e1700c565
2 changed files with 53 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
keystoneclient/common/cms.py
View File

@@ -89,7 +89,7 @@ def _process_communicate_handle_oserror(process, text, files):
if process.stderr: if process.stderr:
err += process.stderr.read() err += process.stderr.read()
output = "" output = ''
retcode = -1 retcode = -1
else: else:
retcode = process.poll() retcode = process.poll()
@@ -104,12 +104,12 @@ def cms_verify(formatted, signing_cert_file_name, ca_file_name):
:raises: CertificateConfigError if certificate is not configured properly. :raises: CertificateConfigError if certificate is not configured properly.
""" """
_ensure_subprocess() _ensure_subprocess()
process = subprocess.Popen(["openssl", "cms", "-verify", process = subprocess.Popen(['openssl', 'cms', '-verify',
"-certfile", signing_cert_file_name, '-certfile', signing_cert_file_name,
"-CAfile", ca_file_name, '-CAfile', ca_file_name,
"-inform", "PEM", '-inform', 'PEM',
"-nosmimecap", "-nodetach", '-nosmimecap', '-nodetach',
"-nocerts", "-noattr"], '-nocerts', '-noattr'],
stdin=subprocess.PIPE, stdin=subprocess.PIPE,
stdout=subprocess.PIPE, stdout=subprocess.PIPE,
stderr=subprocess.PIPE, stderr=subprocess.PIPE,
@@ -135,7 +135,7 @@ def cms_verify(formatted, signing_cert_file_name, ca_file_name):
elif retcode: elif retcode:
# NOTE(dmllr): Python 2.6 compatibility: # NOTE(dmllr): Python 2.6 compatibility:
# CalledProcessError did not have output keyword argument # CalledProcessError did not have output keyword argument
e = subprocess.CalledProcessError(retcode, "openssl") e = subprocess.CalledProcessError(retcode, 'openssl')
e.output = err e.output = err
raise e raise e
return output return output
@@ -144,7 +144,7 @@ def cms_verify(formatted, signing_cert_file_name, ca_file_name):
def token_to_cms(signed_text): def token_to_cms(signed_text):
copy_of_text = signed_text.replace('-', '/') copy_of_text = signed_text.replace('-', '/')
formatted = "-----BEGIN CMS-----\n" formatted = '-----BEGIN CMS-----\n'
line_length = 64 line_length = 64
while len(copy_of_text) > 0: while len(copy_of_text) > 0:
if (len(copy_of_text) > line_length): if (len(copy_of_text) > line_length):
@@ -152,10 +152,10 @@ def token_to_cms(signed_text):
copy_of_text = copy_of_text[line_length:] copy_of_text = copy_of_text[line_length:]
else: else:
formatted += copy_of_text formatted += copy_of_text
copy_of_text = "" copy_of_text = ''
formatted += "\n" formatted += '\n'
formatted += "-----END CMS-----\n" formatted += '-----END CMS-----\n'
return formatted return formatted
@@ -218,8 +218,8 @@ def is_asn1_token(token):
def is_ans1_token(token): def is_ans1_token(token):
"""Deprecated. Use is_asn1_token() instead.""" """Deprecated. Use is_asn1_token() instead."""
LOG.warning("The function is_ans1_token() is deprecated, " LOG.warning('The function is_ans1_token() is deprecated, '
"use is_asn1_token() instead.") 'use is_asn1_token() instead.')
return is_asn1_token(token) return is_asn1_token(token)
@@ -230,12 +230,12 @@ def cms_sign_text(text, signing_cert_file_name, signing_key_file_name):
http://en.wikipedia.org/wiki/Cryptographic_Message_Syntax http://en.wikipedia.org/wiki/Cryptographic_Message_Syntax
""" """
_ensure_subprocess() _ensure_subprocess()
process = subprocess.Popen(["openssl", "cms", "-sign", process = subprocess.Popen(['openssl', 'cms', '-sign',
"-signer", signing_cert_file_name, '-signer', signing_cert_file_name,
"-inkey", signing_key_file_name, '-inkey', signing_key_file_name,
"-outform", "PEM", '-outform', 'PEM',
"-nosmimecap", "-nodetach", '-nosmimecap', '-nodetach',
"-nocerts", "-noattr"], '-nocerts', '-noattr'],
stdin=subprocess.PIPE, stdin=subprocess.PIPE,
stdout=subprocess.PIPE, stdout=subprocess.PIPE,
stderr=subprocess.PIPE, stderr=subprocess.PIPE,
@@ -244,9 +244,9 @@ def cms_sign_text(text, signing_cert_file_name, signing_key_file_name):
output, err, retcode = _process_communicate_handle_oserror( output, err, retcode = _process_communicate_handle_oserror(
process, text, (signing_cert_file_name, signing_key_file_name)) process, text, (signing_cert_file_name, signing_key_file_name))
if retcode or "Error" in err: if retcode or 'Error' in err:
LOG.error('Signing error: %s' % err) LOG.error('Signing error: %s' % err)
raise subprocess.CalledProcessError(retcode, "openssl") raise subprocess.CalledProcessError(retcode, 'openssl')
return output return output
@@ -257,8 +257,8 @@ def cms_sign_token(text, signing_cert_file_name, signing_key_file_name):
def cms_to_token(cms_text): def cms_to_token(cms_text):
start_delim = "-----BEGIN CMS-----" start_delim = '-----BEGIN CMS-----'
end_delim = "-----END CMS-----" end_delim = '-----END CMS-----'
signed_text = cms_text signed_text = cms_text
signed_text = signed_text.replace('/', '-') signed_text = signed_text.replace('/', '-')
signed_text = signed_text.replace(start_delim, '') signed_text = signed_text.replace(start_delim, '')

57
keystoneclient/middleware/auth_token.py
View File

@@ -420,8 +420,9 @@ class AuthProtocol(object):
# are backwards. We need to do it this way so that we can handle the # are backwards. We need to do it this way so that we can handle the
# same deprecation strategy for CONF and the conf variable. # same deprecation strategy for CONF and the conf variable.
if not self.identity_uri: if not self.identity_uri:
self.LOG.warning("Configuring admin URI using auth fragments. " self.LOG.warning('Configuring admin URI using auth fragments. '
"This is deprecated, use 'identity_uri' instead.") 'This is deprecated, use \'identity_uri\''
' instead.')
auth_host = self._conf_get('auth_host') auth_host = self._conf_get('auth_host')
auth_port = int(self._conf_get('auth_port')) auth_port = int(self._conf_get('auth_port'))
@@ -572,8 +573,8 @@ class AuthProtocol(object):
versions = [] versions = []
response, data = self._json_request('GET', '/') response, data = self._json_request('GET', '/')
if response.status_code == 501: if response.status_code == 501:
self.LOG.warning("Old keystone installation found...assuming v2.0") self.LOG.warning('Old keystone installation found...assuming v2.0')
versions.append("v2.0") versions.append('v2.0')
elif response.status_code != 300: elif response.status_code != 300:
self.LOG.error('Unable to get version info from keystone: %s', self.LOG.error('Unable to get version info from keystone: %s',
response.status_code) response.status_code)
@@ -675,9 +676,9 @@ class AuthProtocol(object):
return token return token
else: else:
if not self.delay_auth_decision: if not self.delay_auth_decision:
self.LOG.warn("Unable to find authentication token" self.LOG.warn('Unable to find authentication token'
" in headers") ' in headers')
self.LOG.debug("Headers: %s", env) self.LOG.debug('Headers: %s', env)
raise InvalidUserToken('Unable to find token in headers') raise InvalidUserToken('Unable to find token in headers')
def _reject_request(self, env, start_response): def _reject_request(self, env, start_response):
@@ -723,7 +724,7 @@ class AuthProtocol(object):
:raise ServerError when unable to communicate with keystone :raise ServerError when unable to communicate with keystone
""" """
url = "%s/%s" % (self.identity_uri, path.lstrip('/')) url = '%s/%s' % (self.identity_uri, path.lstrip('/'))
kwargs.setdefault('timeout', self.http_connect_timeout) kwargs.setdefault('timeout', self.http_connect_timeout)
if self.cert_file and self.key_file: if self.cert_file and self.key_file:
@@ -822,12 +823,12 @@ class AuthProtocol(object):
return (token, timeutils.normalize_time(datetime_expiry)) return (token, timeutils.normalize_time(datetime_expiry))
except (AssertionError, KeyError): except (AssertionError, KeyError):
self.LOG.warn( self.LOG.warn(
"Unexpected response from keystone service: %s", data) 'Unexpected response from keystone service: %s', data)
raise ServiceError('invalid json response') raise ServiceError('invalid json response')
except (ValueError): except (ValueError):
data['access']['token']['id'] = '<SANITIZED>' data['access']['token']['id'] = '<SANITIZED>'
self.LOG.warn( self.LOG.warn(
"Unable to parse expiration time from token: %s", data) 'Unable to parse expiration time from token: %s', data)
raise ServiceError('invalid json response') raise ServiceError('invalid json response')
def _validate_user_token(self, user_token, env, retry=True): def _validate_user_token(self, user_token, env, retry=True):
@@ -858,13 +859,13 @@ class AuthProtocol(object):
return data return data
except NetworkError: except NetworkError:
self.LOG.debug('Token validation failure.', exc_info=True) self.LOG.debug('Token validation failure.', exc_info=True)
self.LOG.warn("Authorization failed for token") self.LOG.warn('Authorization failed for token')
raise InvalidUserToken('Token authorization failed') raise InvalidUserToken('Token authorization failed')
except Exception: except Exception:
self.LOG.debug('Token validation failure.', exc_info=True) self.LOG.debug('Token validation failure.', exc_info=True)
if token_id: if token_id:
self._cache_store_invalid(token_id) self._cache_store_invalid(token_id)
self.LOG.warn("Authorization failed for token") self.LOG.warn('Authorization failed for token')
raise InvalidUserToken('Token authorization failed') raise InvalidUserToken('Token authorization failed')
def _build_user_headers(self, token_info): def _build_user_headers(self, token_info):
@@ -878,7 +879,7 @@ class AuthProtocol(object):
""" """
auth_ref = access.AccessInfo.factory(body=token_info) auth_ref = access.AccessInfo.factory(body=token_info)
roles = ",".join(auth_ref.role_names) roles = ','.join(auth_ref.role_names)
if _token_is_v2(token_info) and not auth_ref.project_id: if _token_is_v2(token_info) and not auth_ref.project_id:
raise InvalidUserToken('Unable to determine tenancy.') raise InvalidUserToken('Unable to determine tenancy.')
@@ -904,8 +905,8 @@ class AuthProtocol(object):
'X-Role': roles, 'X-Role': roles,
} }
self.LOG.debug("Received request from user: %s with project_id : %s" self.LOG.debug('Received request from user: %s with project_id : %s'
" and roles: %s ", ' and roles: %s ',
auth_ref.user_id, auth_ref.project_id, roles) auth_ref.user_id, auth_ref.project_id, roles)
if self.include_service_catalog and auth_ref.has_service_catalog(): if self.include_service_catalog and auth_ref.has_service_catalog():
@@ -1070,7 +1071,7 @@ class AuthProtocol(object):
# no bind provided and none required # no bind provided and none required
return return
else: else:
self.LOG.info("No bind information present in token.") self.LOG.info('No bind information present in token.')
self._invalid_user_token() self._invalid_user_token()
# get the named mode if bind_mode is not one of the predefined # get the named mode if bind_mode is not one of the predefined
@@ -1080,32 +1081,32 @@ class AuthProtocol(object):
name = bind_mode name = bind_mode
if name and name not in bind: if name and name not in bind:
self.LOG.info("Named bind mode %s not in bind information", name) self.LOG.info('Named bind mode %s not in bind information', name)
self._invalid_user_token() self._invalid_user_token()
for bind_type, identifier in six.iteritems(bind): for bind_type, identifier in six.iteritems(bind):
if bind_type == BIND_MODE.KERBEROS: if bind_type == BIND_MODE.KERBEROS:
if not env.get('AUTH_TYPE', '').lower() == 'negotiate': if not env.get('AUTH_TYPE', '').lower() == 'negotiate':
self.LOG.info("Kerberos credentials required and " self.LOG.info('Kerberos credentials required and '
"not present.") 'not present.')
self._invalid_user_token() self._invalid_user_token()
if not env.get('REMOTE_USER') == identifier: if not env.get('REMOTE_USER') == identifier:
self.LOG.info("Kerberos credentials do not match " self.LOG.info('Kerberos credentials do not match '
"those in bind.") 'those in bind.')
self._invalid_user_token() self._invalid_user_token()
self.LOG.debug("Kerberos bind authentication successful.") self.LOG.debug('Kerberos bind authentication successful.')
elif bind_mode == BIND_MODE.PERMISSIVE: elif bind_mode == BIND_MODE.PERMISSIVE:
self.LOG.debug("Ignoring Unknown bind for permissive mode: " self.LOG.debug('Ignoring Unknown bind for permissive mode: '
"%(bind_type)s: %(identifier)s.", '%(bind_type)s: %(identifier)s.',
{'bind_type': bind_type, {'bind_type': bind_type,
'identifier': identifier}) 'identifier': identifier})
else: else:
self.LOG.info("Couldn't verify unknown bind: %(bind_type)s: " self.LOG.info('Couldn`t verify unknown bind: %(bind_type)s: '
"%(identifier)s.", '%(identifier)s.',
{'bind_type': bind_type, {'bind_type': bind_type,
'identifier': identifier}) 'identifier': identifier})
self._invalid_user_token() self._invalid_user_token()
@@ -1162,7 +1163,7 @@ class AuthProtocol(object):
if response.status_code == 200: if response.status_code == 200:
return data return data
if response.status_code == 404: if response.status_code == 404:
self.LOG.warn("Authorization failed for token") self.LOG.warn('Authorization failed for token')
raise InvalidUserToken('Token authorization failed') raise InvalidUserToken('Token authorization failed')
if response.status_code == 401: if response.status_code == 401:
self.LOG.info( self.LOG.info(
@@ -1175,7 +1176,7 @@ class AuthProtocol(object):
self.LOG.info('Retrying validation') self.LOG.info('Retrying validation')
return self.verify_uuid_token(user_token, False) return self.verify_uuid_token(user_token, False)
else: else:
self.LOG.warn("Invalid user token. Keystone response: %s", data) self.LOG.warn('Invalid user token. Keystone response: %s', data)
raise InvalidUserToken() raise InvalidUserToken()