From b0c16f13b4b8aeeb33b05106cd9bade8fd9991f4 Mon Sep 17 00:00:00 2001 From: Stanislav Zaprudskiy Date: Wed, 26 Nov 2025 09:21:03 +0100 Subject: [PATCH] Commit pep8 suggestions --- keystone/api/_shared/authentication.py | 6 ++- keystone/api/projects.py | 3 +- keystone/cmd/doctor/tokens.py | 2 +- keystone/common/render_token.py | 11 ++-- keystone/conf/default.py | 3 +- keystone/conf/resource.py | 4 +- keystone/notifications.py | 9 +++- keystone/oauth1/backends/sql.py | 2 +- keystone/server/flask/core.py | 42 +++++++++------ .../tests/unit/common/test_notifications.py | 8 ++- .../unit/common/test_password_hashing.py | 1 + keystone/tests/unit/test_v3_resource.py | 54 +++++++++++-------- 12 files changed, 93 insertions(+), 52 deletions(-) diff --git a/keystone/api/_shared/authentication.py b/keystone/api/_shared/authentication.py index caa7e4aad1..edbd48129c 100644 --- a/keystone/api/_shared/authentication.py +++ b/keystone/api/_shared/authentication.py @@ -243,8 +243,10 @@ def authenticate_for_token(auth=None): 'after authenticating with application credentials' ) raise exception.Unauthorized( - _('Cannot reauthenticate with a token issued with ' - 'application credentials') + _( + 'Cannot reauthenticate with a token issued with ' + 'application credentials' + ) ) # Do MFA Rule Validation for the user diff --git a/keystone/api/projects.py b/keystone/api/projects.py index 4317eced02..1f46397988 100644 --- a/keystone/api/projects.py +++ b/keystone/api/projects.py @@ -195,7 +195,8 @@ def get(self): # requested; otherwise all domains are getting filtered out try: is_domain_requested = utils.attr_as_boolean( - flask.request.args['is_domain']) + flask.request.args['is_domain'] + ) except KeyError: is_domain_requested = False diff --git a/keystone/cmd/doctor/tokens.py b/keystone/cmd/doctor/tokens.py index 74f177bfad..cd62a22808 100644 --- a/keystone/cmd/doctor/tokens.py +++ b/keystone/cmd/doctor/tokens.py @@ -33,4 +33,4 @@ def symptom_unreasonable_max_token_size(): """ # return 'fernet' in CONF.token.provider and CONF.max_token_size > 255 # CCloud: we are using ldap, hence the max_token_size needs to go up. - return ('fernet' in CONF.token.provider and CONF.max_token_size > 268) + return 'fernet' in CONF.token.provider and CONF.max_token_size > 268 diff --git a/keystone/common/render_token.py b/keystone/common/render_token.py index 0d8876c228..06d511830f 100644 --- a/keystone/common/render_token.py +++ b/keystone/common/render_token.py @@ -97,11 +97,14 @@ def render_token_response_from_model(token, include_catalog=True): # ccloud: additional bootstrap project support bootstrap_name = CONF.resource.bootstrap_project_name bootstrap_domain_name = CONF.resource.bootstrap_project_domain_name - if bootstrap_name and bootstrap_domain_name and \ - not token_reference['token'].get('is_admin_project', False): + if ( + bootstrap_name + and bootstrap_domain_name + and not token_reference['token'].get('is_admin_project', False) + ): is_ap = ( - token.project['name'] == bootstrap_name and - bootstrap_domain_name == token.project_domain['name'] + token.project['name'] == bootstrap_name + and bootstrap_domain_name == token.project_domain['name'] ) token_reference['token']['is_admin_project'] = is_ap if include_catalog and not token.unscoped: diff --git a/keystone/conf/default.py b/keystone/conf/default.py index 2dfbfed95e..035317f816 100644 --- a/keystone/conf/default.py +++ b/keystone/conf/default.py @@ -156,7 +156,8 @@ order to set multiple default tags, for example: default_tag=tag_0 default_tag=tag_1 -""")) +"""), +) notification_format = cfg.StrOpt( 'notification_format', diff --git a/keystone/conf/resource.py b/keystone/conf/resource.py index 332380d54f..471ae190ad 100644 --- a/keystone/conf/resource.py +++ b/keystone/conf/resource.py @@ -92,7 +92,7 @@ Name of the domain that owns the `bootstrap_project_name`. If left unset, then there is no admin project. `[resource] bootstrap_project_name` must also be set to use this option. -""") +"""), ) bootstrap_project_name = cfg.StrOpt( @@ -105,7 +105,7 @@ If left unset, then there is no admin project, and thus no explicit means of cross-project role assignments. `[resource] bootstrap_project_domain_name` must also be set to use this option. -""") +"""), ) project_name_url_safe = cfg.StrOpt( diff --git a/keystone/notifications.py b/keystone/notifications.py index bf8d70062a..de66ce14db 100644 --- a/keystone/notifications.py +++ b/keystone/notifications.py @@ -948,7 +948,14 @@ class _CatalogHelperObj(provider_api.ProviderAPIMixin): def _send_audit_notification( - action, initiator, outcome, target, event_type, reason=None, attachments=None, **kwargs + action, + initiator, + outcome, + target, + event_type, + reason=None, + attachments=None, + **kwargs, ): """Send CADF notification to inform observers about the affected resource. diff --git a/keystone/oauth1/backends/sql.py b/keystone/oauth1/backends/sql.py index 69ca79a26e..a3b9b96339 100644 --- a/keystone/oauth1/backends/sql.py +++ b/keystone/oauth1/backends/sql.py @@ -207,7 +207,7 @@ def authorize_request_token(self, request_token_id, user_id, role_ids): token_dict['authorizing_user_id'] = user_id token_dict['verifier'] = ''.join( random.sample(base.VERIFIER_CHARS, 8) - ) # nosec + ) # nosec token_dict['role_ids'] = jsonutils.dumps(role_ids) new_token = RequestToken.from_dict(token_dict) diff --git a/keystone/server/flask/core.py b/keystone/server/flask/core.py index 8f14a15986..afbed42468 100644 --- a/keystone/server/flask/core.py +++ b/keystone/server/flask/core.py @@ -73,16 +73,18 @@ # AuthContextMiddleware _CC_MIDDLEWARE = ( # CCloud: add watcher middleware - _Middleware(namespace='watcher.middleware', - ep='watcher', - conf={'service_type': 'identity', - 'config_file': '/etc/keystone/watcher.yaml', - 'include_initiator_user_id_in_metric': 'true', - 'include_target_project_id_in_metric': 'false'}), + _Middleware( + namespace='watcher.middleware', + ep='watcher', + conf={ + 'service_type': 'identity', + 'config_file': '/etc/keystone/watcher.yaml', + 'include_initiator_user_id_in_metric': 'true', + 'include_target_project_id_in_metric': 'false', + }, + ), # CCloud: add lifesaver middleware - _Middleware(namespace='lifesaver.middleware', - ep='lifesaver', - conf={}), + _Middleware(namespace='lifesaver.middleware', ep='lifesaver', conf={}), # CCloud: add rate_limit middleware # _Middleware(namespace='rate_limit.middleware', # ep='rate-limit', @@ -152,8 +154,9 @@ def setup_app_middleware(app): if mw.ep == 'watcher' and os.environ.get('WATCHER_DISABLED', None): continue - loaded = stevedore.DriverManager(mw.namespace, mw.ep, - invoke_on_load=False) + loaded = stevedore.DriverManager( + mw.namespace, mw.ep, invoke_on_load=False + ) factory_func = loaded.driver.factory({}, **mw.conf) app.wsgi_app = factory_func(app.wsgi_app) @@ -196,11 +199,20 @@ def setup_app_middleware(app): 'raven.processors.RemovePostDataProcessor', ) sanitize_keys = [ - 'old_password', 'new_password', 'password', 'cred', 'secret', - 'passwd', 'credentials'] + 'old_password', + 'new_password', + 'password', + 'cred', + 'secret', + 'passwd', + 'credentials', + ] app.config['SENTRY_CONFIG'] = { - 'ignore_exceptions': [exception.NotFound, exception.Unauthorized, - 'INVALID_CREDENTIALS'], + 'ignore_exceptions': [ + exception.NotFound, + exception.Unauthorized, + 'INVALID_CREDENTIALS', + ], 'processors': processors, 'sanitize_keys': sanitize_keys, } diff --git a/keystone/tests/unit/common/test_notifications.py b/keystone/tests/unit/common/test_notifications.py index c2c3461167..ac932648db 100644 --- a/keystone/tests/unit/common/test_notifications.py +++ b/keystone/tests/unit/common/test_notifications.py @@ -364,7 +364,13 @@ def _assert_last_note( self.assertEqual(actor_operation, note['actor_operation']) def _assert_last_audit( - self, resource_id, operation, resource_type, target_uri, reason=None, attachments=None + self, + resource_id, + operation, + resource_type, + target_uri, + reason=None, + attachments=None, ): # NOTE(stevemar): If 'cadf' format is not used, then simply # return since this assertion is not valid. diff --git a/keystone/tests/unit/common/test_password_hashing.py b/keystone/tests/unit/common/test_password_hashing.py index c450b44ee7..7564bb9d94 100644 --- a/keystone/tests/unit/common/test_password_hashing.py +++ b/keystone/tests/unit/common/test_password_hashing.py @@ -107,6 +107,7 @@ def test_pbkdf2_sha512(self): hashed = password_hashing.hash_password(password) self.assertTrue(password_hashing.check_password(password, hashed)) + class TestGeneratePartialPasswordHash(unit.BaseTestCase): def setUp(self): super().setUp() diff --git a/keystone/tests/unit/test_v3_resource.py b/keystone/tests/unit/test_v3_resource.py index 1141362367..1f0c2b8db7 100644 --- a/keystone/tests/unit/test_v3_resource.py +++ b/keystone/tests/unit/test_v3_resource.py @@ -863,12 +863,9 @@ def _create_project_and_tags(self, num_of_tags=1, with_default_tag=False): tags.pop() # add default tag instead tags += _DEFAULT_TAG - ref = unit.new_project_ref( - domain_id=self.domain_id, - tags=tags) + ref = unit.new_project_ref(domain_id=self.domain_id, tags=tags) else: - ref = unit.new_project_without_tags_ref( - domain_id=self.domain_id) + ref = unit.new_project_without_tags_ref(domain_id=self.domain_id) resp = self.post('/projects', body={'project': ref}) return resp.result['project'], tags @@ -1400,36 +1397,46 @@ def test_list_project_is_domain_filter(self): def test_list_projects_is_domain_filter_domain_scoped_token(self): """Call ``GET /projects?is_domain=True/False`` with domain scope.""" # grant the domain role to user - path = '/domains/%s/users/%s/roles/%s' % ( - self.domain_id, self.user['id'], self.role['id']) + path = '/domains/{}/users/{}/roles/{}'.format( + self.domain_id, self.user['id'], self.role['id'] + ) self.put(path=path) auth = self.build_authentication_request( user_id=self.user['id'], password=self.user['password'], - domain_id=self.domain_id) + domain_id=self.domain_id, + ) # Check that listing the domains does not result in an empty list new_is_domain_project = unit.new_project_ref(is_domain=True) new_is_domain_project = PROVIDERS.resource_api.create_project( - new_is_domain_project['id'], new_is_domain_project) + new_is_domain_project['id'], new_is_domain_project + ) - r = self.get('/projects?is_domain=True', auth=auth, - expected_status=200) - self.assertIn(new_is_domain_project['id'], - [p['id'] for p in r.result['projects']]) + r = self.get( + '/projects?is_domain=True', auth=auth, expected_status=200 + ) + self.assertIn( + new_is_domain_project['id'], + [p['id'] for p in r.result['projects']], + ) # Check that the projects are still being filtered # The previously created is_domain project is a domain, so # we can reuse it for the project new_regular_project = unit.new_project_ref( - is_domain=False, domain_id=new_is_domain_project['id']) + is_domain=False, domain_id=new_is_domain_project['id'] + ) new_regular_project = PROVIDERS.resource_api.create_project( - new_regular_project['id'], new_regular_project) - r = self.get('/projects?is_domain=False', auth=auth, - expected_status=200) - self.assertNotIn(new_regular_project['id'], - [p['id'] for p in r.result['projects']]) + new_regular_project['id'], new_regular_project + ) + r = self.get( + '/projects?is_domain=False', auth=auth, expected_status=200 + ) + self.assertNotIn( + new_regular_project['id'], [p['id'] for p in r.result['projects']] + ) def test_list_project_is_domain_filter_default(self): """Default project list should not see projects acting as domains.""" @@ -1814,11 +1821,12 @@ def test_create_project_with_tags(self): self.config_fixture.config(default_tag=config_setting) for tag_number in [0, 10]: project, tags = self._create_project_and_tags( - num_of_tags=tag_number, with_default_tag=True) + num_of_tags=tag_number, with_default_tag=True + ) ref = self.get( - '/projects/%(project_id)s' % { - 'project_id': project['id']}, - expected_status=http.client.OK) + '/projects/{project_id}'.format(project_id=project['id']), + expected_status=http.client.OK, + ) self.assertIn('tags', ref.result['project']) for tag in tags: self.assertIn(tag, ref.result['project']['tags'])