X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FNBI.git;a=blobdiff_plain;f=osm_nbi%2Fauthconn_keystone.py;h=5e344855dd3129ce85e69966bd88754172c9c7a6;hp=05f803af29dc33b1035aa32f0d61214efb2ef860;hb=4568a372eb5a204e04d917213de03ec51f9110c1;hpb=786aeddab7b7491a139c958ecec6439bee5da83a diff --git a/osm_nbi/authconn_keystone.py b/osm_nbi/authconn_keystone.py index 05f803a..5e34485 100644 --- a/osm_nbi/authconn_keystone.py +++ b/osm_nbi/authconn_keystone.py @@ -25,12 +25,19 @@ it for OSM. """ -__author__ = "Eduardo Sousa , " \ - "Pedro de la Cruz Ramos " +__author__ = ( + "Eduardo Sousa , " + "Pedro de la Cruz Ramos " +) __date__ = "$27-jul-2018 23:59:59$" -from osm_nbi.authconn import Authconn, AuthException, AuthconnOperationException, AuthconnNotFoundException, \ - AuthconnConflictException +from osm_nbi.authconn import ( + Authconn, + AuthException, + AuthconnOperationException, + AuthconnNotFoundException, + AuthconnConflictException, +) import logging import requests @@ -56,14 +63,19 @@ class AuthconnKeystone(Authconn): if config.get("auth_url"): validate_input(self.auth_url, http_schema) else: - self.auth_url = "http://{0}:{1}/v3".format(config.get("auth_host", "keystone"), - config.get("auth_port", "5000")) + self.auth_url = "http://{0}:{1}/v3".format( + config.get("auth_host", "keystone"), config.get("auth_port", "5000") + ) self.user_domain_name_list = config.get("user_domain_name", "default") self.user_domain_name_list = self.user_domain_name_list.split(",") # read only domain list - self.user_domain_ro_list = [x[:-3] for x in self.user_domain_name_list if x.endswith(":ro")] + self.user_domain_ro_list = [ + x[:-3] for x in self.user_domain_name_list if x.endswith(":ro") + ] # remove the ":ro" - self.user_domain_name_list = [x if not x.endswith(":ro") else x[:-3] for x in self.user_domain_name_list] + self.user_domain_name_list = [ + x if not x.endswith(":ro") else x[:-3] for x in self.user_domain_name_list + ] self.admin_project = config.get("service_project", "service") self.admin_username = config.get("service_username", "nbi") @@ -71,10 +83,12 @@ class AuthconnKeystone(Authconn): self.project_domain_name_list = config.get("project_domain_name", "default") self.project_domain_name_list = self.project_domain_name_list.split(",") if len(self.user_domain_name_list) != len(self.project_domain_name_list): - raise ValueError("Invalid configuration parameter fo authenticate. 'project_domain_name' and " - "'user_domain_name' must be a comma-separated list with the same size. Revise " - "configuration or/and 'OSMNBI_AUTHENTICATION_PROJECT_DOMAIN_NAME', " - "'OSMNBI_AUTHENTICATION_USER_DOMAIN_NAME' Variables") + raise ValueError( + "Invalid configuration parameter fo authenticate. 'project_domain_name' and " + "'user_domain_name' must be a comma-separated list with the same size. Revise " + "configuration or/and 'OSMNBI_AUTHENTICATION_PROJECT_DOMAIN_NAME', " + "'OSMNBI_AUTHENTICATION_USER_DOMAIN_NAME' Variables" + ) # Waiting for Keystone to be up available = None @@ -89,14 +103,18 @@ class AuthconnKeystone(Authconn): if counter == 0: raise AuthException("Keystone not available after 300s timeout") - self.auth = v3.Password(user_domain_name=self.user_domain_name_list[0], - username=self.admin_username, - password=self.admin_password, - project_domain_name=self.project_domain_name_list[0], - project_name=self.admin_project, - auth_url=self.auth_url) + self.auth = v3.Password( + user_domain_name=self.user_domain_name_list[0], + username=self.admin_username, + password=self.admin_password, + project_domain_name=self.project_domain_name_list[0], + project_name=self.admin_project, + auth_url=self.auth_url, + ) self.sess = session.Session(auth=self.auth) - self.keystone = client.Client(session=self.sess, endpoint_override=self.auth_url) + self.keystone = client.Client( + session=self.sess, endpoint_override=self.auth_url + ) def authenticate(self, credentials, token_info=None): """ @@ -122,11 +140,11 @@ class AuthconnKeystone(Authconn): project_id = None project_name = None if credentials.get("project_domain_name"): - project_domain_name_list = (credentials["project_domain_name"], ) + project_domain_name_list = (credentials["project_domain_name"],) else: project_domain_name_list = self.project_domain_name_list if credentials.get("user_domain_name"): - user_domain_name_list = (credentials["user_domain_name"], ) + user_domain_name_list = (credentials["user_domain_name"],) else: user_domain_name_list = self.user_domain_name_list @@ -146,19 +164,30 @@ class AuthconnKeystone(Authconn): username=username, password=credentials.get("password"), user_domain_name=user_domain_name, - project_domain_name=project_domain_name) + project_domain_name=project_domain_name, + ) elif token_info: - unscoped_token = self.keystone.tokens.validate(token=token_info.get("_id")) + unscoped_token = self.keystone.tokens.validate( + token=token_info.get("_id") + ) else: - raise AuthException("Provide credentials: username/password or Authorization Bearer token", - http_code=HTTPStatus.UNAUTHORIZED) + raise AuthException( + "Provide credentials: username/password or Authorization Bearer token", + http_code=HTTPStatus.UNAUTHORIZED, + ) if not credentials.get("project_id"): # get first project for the user - project_list = self.keystone.projects.list(user=unscoped_token["user"]["id"]) + project_list = self.keystone.projects.list( + user=unscoped_token["user"]["id"] + ) if not project_list: - raise AuthException("The user {} has not any project and cannot be used for authentication". - format(credentials.get("username")), http_code=HTTPStatus.UNAUTHORIZED) + raise AuthException( + "The user {} has not any project and cannot be used for authentication".format( + credentials.get("username") + ), + http_code=HTTPStatus.UNAUTHORIZED, + ) project_id = project_list[0].id else: if is_valid_uuid(credentials["project_id"]): @@ -172,7 +201,8 @@ class AuthconnKeystone(Authconn): project_id=project_id, user_domain_name=user_domain_name, project_domain_name=project_domain_name, - token=unscoped_token["auth_token"]) + token=unscoped_token["auth_token"], + ) auth_token = { "_id": scoped_token.auth_token, @@ -184,16 +214,21 @@ class AuthconnKeystone(Authconn): "project_domain_name": scoped_token.project_domain_name, "user_domain_name": scoped_token.user_domain_name, "expires": scoped_token.expires.timestamp(), - "issued_at": scoped_token.issued.timestamp() + "issued_at": scoped_token.issued.timestamp(), } return auth_token except ClientException as e: - if index >= len(user_domain_name_list)-1 or index >= len(project_domain_name_list)-1: + if ( + index >= len(user_domain_name_list) - 1 + or index >= len(project_domain_name_list) - 1 + ): # if last try, launch exception # self.logger.exception("Error during user authentication using keystone: {}".format(e)) - raise AuthException("Error during user authentication using Keystone: {}".format(e), - http_code=HTTPStatus.UNAUTHORIZED) + raise AuthException( + "Error during user authentication using Keystone: {}".format(e), + http_code=HTTPStatus.UNAUTHORIZED, + ) def validate_token(self, token): """ @@ -222,14 +257,16 @@ class AuthconnKeystone(Authconn): "username": token_info["user"]["name"], "roles": token_info["roles"], "expires": token_info.expires.timestamp(), - "issued_at": token_info.issued.timestamp() + "issued_at": token_info.issued.timestamp(), } return ses except ClientException as e: # self.logger.exception("Error during token validation using keystone: {}".format(e)) - raise AuthException("Error during token validation using Keystone: {}".format(e), - http_code=HTTPStatus.UNAUTHORIZED) + raise AuthException( + "Error during token validation using Keystone: {}".format(e), + http_code=HTTPStatus.UNAUTHORIZED, + ) def revoke_token(self, token): """ @@ -244,8 +281,10 @@ class AuthconnKeystone(Authconn): return True except ClientException as e: # self.logger.exception("Error during token revocation using keystone: {}".format(e)) - raise AuthException("Error during token revocation using Keystone: {}".format(e), - http_code=HTTPStatus.UNAUTHORIZED) + raise AuthException( + "Error during token revocation using Keystone: {}".format(e), + http_code=HTTPStatus.UNAUTHORIZED, + ) def _get_domain_id(self, domain_name, fail_if_not_found=True): """ @@ -262,7 +301,9 @@ class AuthconnKeystone(Authconn): # domain_name is already an id return domain_name if not domain_id and fail_if_not_found: - raise AuthconnNotFoundException("Domain {} cannot be found".format(domain_name)) + raise AuthconnNotFoundException( + "Domain {} cannot be found".format(domain_name) + ) return domain_id def _get_domains(self): @@ -288,24 +329,38 @@ class AuthconnKeystone(Authconn): """ try: - if user_info.get("domain_name") and user_info["domain_name"] in self.user_domain_ro_list: - raise AuthconnConflictException("Cannot create a user in the read only domain {}". - format(user_info["domain_name"])) + if ( + user_info.get("domain_name") + and user_info["domain_name"] in self.user_domain_ro_list + ): + raise AuthconnConflictException( + "Cannot create a user in the read only domain {}".format( + user_info["domain_name"] + ) + ) new_user = self.keystone.users.create( - user_info["username"], password=user_info["password"], - domain=self._get_domain_id(user_info.get("domain_name", self.user_domain_name_list[0])), - _admin=user_info["_admin"]) + user_info["username"], + password=user_info["password"], + domain=self._get_domain_id( + user_info.get("domain_name", self.user_domain_name_list[0]) + ), + _admin=user_info["_admin"], + ) if "project_role_mappings" in user_info.keys(): for mapping in user_info["project_role_mappings"]: - self.assign_role_to_user(new_user, mapping["project"], mapping["role"]) + self.assign_role_to_user( + new_user, mapping["project"], mapping["role"] + ) return {"username": new_user.name, "_id": new_user.id} except Conflict as e: # self.logger.exception("Error during user creation using keystone: {}".format(e)) raise AuthconnOperationException(e, http_code=HTTPStatus.CONFLICT) except ClientException as e: # self.logger.exception("Error during user creation using keystone: {}".format(e)) - raise AuthconnOperationException("Error during user creation using Keystone: {}".format(e)) + raise AuthconnOperationException( + "Error during user creation using Keystone: {}".format(e) + ) def update_user(self, user_info): """ @@ -322,14 +377,18 @@ class AuthconnKeystone(Authconn): user_obj = None if not user_obj: for user_domain in self.user_domain_name_list: - domain_id = self._get_domain_id(user_domain, fail_if_not_found=False) + domain_id = self._get_domain_id( + user_domain, fail_if_not_found=False + ) if not domain_id: continue - user_obj_list = self.keystone.users.list(name=user, domain=domain_id) + user_obj_list = self.keystone.users.list( + name=user, domain=domain_id + ) if user_obj_list: user_obj = user_obj_list[0] break - else: # user not found + else: # user not found raise AuthconnNotFoundException("User '{}' not found".format(user)) user_id = user_obj.id @@ -338,29 +397,51 @@ class AuthconnKeystone(Authconn): if domain_name in self.user_domain_ro_list: if user_info.get("password") or user_info.get("username"): - raise AuthconnConflictException("Cannot update the user {} belonging to a read only domain {}". - format(user, domain_name)) - - elif user_info.get("password") or user_info.get("username") \ - or user_info.get("add_project_role_mappings") or user_info.get("remove_project_role_mappings"): + raise AuthconnConflictException( + "Cannot update the user {} belonging to a read only domain {}".format( + user, domain_name + ) + ) + + elif ( + user_info.get("password") + or user_info.get("username") + or user_info.get("add_project_role_mappings") + or user_info.get("remove_project_role_mappings") + ): # if user_index>0, it is an external domain, that should not be updated - ctime = user_obj._admin.get("created", 0) if hasattr(user_obj, "_admin") else 0 + ctime = ( + user_obj._admin.get("created", 0) + if hasattr(user_obj, "_admin") + else 0 + ) try: - self.keystone.users.update(user_id, password=user_info.get("password"), - name=user_info.get("username"), - _admin={"created": ctime, "modified": time.time()}) + self.keystone.users.update( + user_id, + password=user_info.get("password"), + name=user_info.get("username"), + _admin={"created": ctime, "modified": time.time()}, + ) except Exception as e: if user_info.get("username") or user_info.get("password"): - raise AuthconnOperationException("Error during username/password change: {}".format(str(e))) - self.logger.error("Error during updating user profile: {}".format(str(e))) + raise AuthconnOperationException( + "Error during username/password change: {}".format(str(e)) + ) + self.logger.error( + "Error during updating user profile: {}".format(str(e)) + ) for mapping in user_info.get("remove_project_role_mappings", []): - self.remove_role_from_user(user_obj, mapping["project"], mapping["role"]) + self.remove_role_from_user( + user_obj, mapping["project"], mapping["role"] + ) for mapping in user_info.get("add_project_role_mappings", []): self.assign_role_to_user(user_obj, mapping["project"], mapping["role"]) except ClientException as e: # self.logger.exception("Error during user password/name update using keystone: {}".format(e)) - raise AuthconnOperationException("Error during user update using Keystone: {}".format(e)) + raise AuthconnOperationException( + "Error during user update using Keystone: {}".format(e) + ) def delete_user(self, user_id): """ @@ -374,8 +455,11 @@ class AuthconnKeystone(Authconn): domain_id = user_obj.domain_id domain_name = self.domains_id2name.get(domain_id) if domain_name in self.user_domain_ro_list: - raise AuthconnConflictException("Cannot delete user {} belonging to a read only domain {}". - format(user_id, domain_name)) + raise AuthconnConflictException( + "Cannot delete user {} belonging to a read only domain {}".format( + user_id, domain_name + ) + ) result, detail = self.keystone.users.delete(user_id) if result.status_code != 204: @@ -383,7 +467,9 @@ class AuthconnKeystone(Authconn): return True except ClientException as e: # self.logger.exception("Error during user deletion using keystone: {}".format(e)) - raise AuthconnOperationException("Error during user deletion using Keystone: {}".format(e)) + raise AuthconnOperationException( + "Error during user deletion using Keystone: {}".format(e) + ) def get_user_list(self, filter_q=None): """ @@ -401,7 +487,9 @@ class AuthconnKeystone(Authconn): if filter_q: filter_name = filter_q.get("name") or filter_q.get("username") if filter_q.get("domain_name"): - filter_domain = self._get_domain_id(filter_q["domain_name"], fail_if_not_found=False) + filter_domain = self._get_domain_id( + filter_q["domain_name"], fail_if_not_found=False + ) # If domain is not found, use the same name to obtain an empty list filter_domain = filter_domain or filter_q["domain_name"] if filter_q.get("domain_id"): @@ -411,7 +499,9 @@ class AuthconnKeystone(Authconn): # get users from user_domain_name_list[1:], because it will not be provided in case of LDAP if filter_domain is None and len(self.user_domain_name_list) > 1: for user_domain in self.user_domain_name_list[1:]: - domain_id = self._get_domain_id(user_domain, fail_if_not_found=False) + domain_id = self._get_domain_id( + user_domain, fail_if_not_found=False + ) if not domain_id: continue # find if users of this domain are already provided. In this case ignore @@ -419,7 +509,9 @@ class AuthconnKeystone(Authconn): if u.domain_id == domain_id: break else: - users += self.keystone.users.list(name=filter_name, domain=domain_id) + users += self.keystone.users.list( + name=filter_name, domain=domain_id + ) # if filter name matches a user id, provide it also if filter_name: @@ -430,13 +522,17 @@ class AuthconnKeystone(Authconn): except Exception: pass - users = [{ - "username": user.name, - "_id": user.id, - "id": user.id, - "_admin": user.to_dict().get("_admin", {}), # TODO: REVISE - "domain_name": self.domains_id2name.get(user.domain_id) - } for user in users if user.name != self.admin_username] + users = [ + { + "username": user.name, + "_id": user.id, + "id": user.id, + "_admin": user.to_dict().get("_admin", {}), # TODO: REVISE + "domain_name": self.domains_id2name.get(user.domain_id), + } + for user in users + if user.name != self.admin_username + ] if filter_q and filter_q.get("_id"): users = [user for user in users if filter_q["_id"] == user["_id"]] @@ -448,7 +544,9 @@ class AuthconnKeystone(Authconn): for project in projects: user["projects"].append(project.name) - roles = self.keystone.roles.list(user=user["_id"], project=project.id) + roles = self.keystone.roles.list( + user=user["_id"], project=project.id + ) for role in roles: prm = { "project": project.id, @@ -461,7 +559,9 @@ class AuthconnKeystone(Authconn): return users except ClientException as e: # self.logger.exception("Error during user listing using keystone: {}".format(e)) - raise AuthconnOperationException("Error during user listing using Keystone: {}".format(e)) + raise AuthconnOperationException( + "Error during user listing using Keystone: {}".format(e) + ) def get_role_list(self, filter_q=None): """ @@ -476,12 +576,16 @@ class AuthconnKeystone(Authconn): filter_name = filter_q.get("name") roles_list = self.keystone.roles.list(name=filter_name) - roles = [{ - "name": role.name, - "_id": role.id, - "_admin": role.to_dict().get("_admin", {}), - "permissions": role.to_dict().get("permissions", {}) - } for role in roles_list if role.name != "service"] + roles = [ + { + "name": role.name, + "_id": role.id, + "_admin": role.to_dict().get("_admin", {}), + "permissions": role.to_dict().get("permissions", {}), + } + for role in roles_list + if role.name != "service" + ] if filter_q and filter_q.get("_id"): roles = [role for role in roles if filter_q["_id"] == role["_id"]] @@ -489,8 +593,10 @@ class AuthconnKeystone(Authconn): return roles except ClientException as e: # self.logger.exception("Error during user role listing using keystone: {}".format(e)) - raise AuthException("Error during user role listing using Keystone: {}".format(e), - http_code=HTTPStatus.UNAUTHORIZED) + raise AuthException( + "Error during user role listing using Keystone: {}".format(e), + http_code=HTTPStatus.UNAUTHORIZED, + ) def create_role(self, role_info): """ @@ -500,14 +606,19 @@ class AuthconnKeystone(Authconn): :raises AuthconnOperationException: if role creation failed. """ try: - result = self.keystone.roles.create(role_info["name"], permissions=role_info.get("permissions"), - _admin=role_info.get("_admin")) + result = self.keystone.roles.create( + role_info["name"], + permissions=role_info.get("permissions"), + _admin=role_info.get("_admin"), + ) return result.id except Conflict as ex: raise AuthconnConflictException(str(ex)) except ClientException as e: # self.logger.exception("Error during role creation using keystone: {}".format(e)) - raise AuthconnOperationException("Error during role creation using Keystone: {}".format(e)) + raise AuthconnOperationException( + "Error during role creation using Keystone: {}".format(e) + ) def delete_role(self, role_id): """ @@ -525,7 +636,9 @@ class AuthconnKeystone(Authconn): return True except ClientException as e: # self.logger.exception("Error during role deletion using keystone: {}".format(e)) - raise AuthconnOperationException("Error during role deletion using Keystone: {}".format(e)) + raise AuthconnOperationException( + "Error during role deletion using Keystone: {}".format(e) + ) def update_role(self, role_info): """ @@ -535,16 +648,22 @@ class AuthconnKeystone(Authconn): """ try: rid = role_info["_id"] - if not is_valid_uuid(rid): # Is this required? + if not is_valid_uuid(rid): # Is this required? role_obj_list = self.keystone.roles.list(name=rid) if not role_obj_list: raise AuthconnNotFoundException("Role '{}' not found".format(rid)) rid = role_obj_list[0].id - self.keystone.roles.update(rid, name=role_info["name"], permissions=role_info.get("permissions"), - _admin=role_info.get("_admin")) + self.keystone.roles.update( + rid, + name=role_info["name"], + permissions=role_info.get("permissions"), + _admin=role_info.get("_admin"), + ) except ClientException as e: # self.logger.exception("Error during role update using keystone: {}".format(e)) - raise AuthconnOperationException("Error during role updating using Keystone: {}".format(e)) + raise AuthconnOperationException( + "Error during role updating using Keystone: {}".format(e) + ) def get_project_list(self, filter_q=None): """ @@ -563,25 +682,33 @@ class AuthconnKeystone(Authconn): if filter_q.get("domain_id"): filter_domain = filter_q["domain_id"] - projects = self.keystone.projects.list(name=filter_name, domain=filter_domain) + projects = self.keystone.projects.list( + name=filter_name, domain=filter_domain + ) - projects = [{ - "name": project.name, - "_id": project.id, - "_admin": project.to_dict().get("_admin", {}), # TODO: REVISE - "quotas": project.to_dict().get("quotas", {}), # TODO: REVISE - "domain_name": self.domains_id2name.get(project.domain_id) - } for project in projects] + projects = [ + { + "name": project.name, + "_id": project.id, + "_admin": project.to_dict().get("_admin", {}), # TODO: REVISE + "quotas": project.to_dict().get("quotas", {}), # TODO: REVISE + "domain_name": self.domains_id2name.get(project.domain_id), + } + for project in projects + ] if filter_q and filter_q.get("_id"): - projects = [project for project in projects - if filter_q["_id"] == project["_id"]] + projects = [ + project for project in projects if filter_q["_id"] == project["_id"] + ] return projects except ClientException as e: # self.logger.exception("Error during user project listing using keystone: {}".format(e)) - raise AuthException("Error during user project listing using Keystone: {}".format(e), - http_code=HTTPStatus.UNAUTHORIZED) + raise AuthException( + "Error during user project listing using Keystone: {}".format(e), + http_code=HTTPStatus.UNAUTHORIZED, + ) def create_project(self, project_info): """ @@ -594,14 +721,18 @@ class AuthconnKeystone(Authconn): try: result = self.keystone.projects.create( project_info["name"], - domain=self._get_domain_id(project_info.get("domain_name", self.project_domain_name_list[0])), + domain=self._get_domain_id( + project_info.get("domain_name", self.project_domain_name_list[0]) + ), _admin=project_info["_admin"], - quotas=project_info.get("quotas", {}) + quotas=project_info.get("quotas", {}), ) return result.id except ClientException as e: # self.logger.exception("Error during project creation using keystone: {}".format(e)) - raise AuthconnOperationException("Error during project creation using Keystone: {}".format(e)) + raise AuthconnOperationException( + "Error during project creation using Keystone: {}".format(e) + ) def delete_project(self, project_id): """ @@ -622,7 +753,9 @@ class AuthconnKeystone(Authconn): return True except ClientException as e: # self.logger.exception("Error during project deletion using keystone: {}".format(e)) - raise AuthconnOperationException("Error during project deletion using Keystone: {}".format(e)) + raise AuthconnOperationException( + "Error during project deletion using Keystone: {}".format(e) + ) def update_project(self, project_id, project_info): """ @@ -632,13 +765,17 @@ class AuthconnKeystone(Authconn): :return: None """ try: - self.keystone.projects.update(project_id, name=project_info["name"], - _admin=project_info["_admin"], - quotas=project_info.get("quotas", {}) - ) + self.keystone.projects.update( + project_id, + name=project_info["name"], + _admin=project_info["_admin"], + quotas=project_info.get("quotas", {}), + ) except ClientException as e: # self.logger.exception("Error during project update using keystone: {}".format(e)) - raise AuthconnOperationException("Error during project update using Keystone: {}".format(e)) + raise AuthconnOperationException( + "Error during project update using Keystone: {}".format(e) + ) def assign_role_to_user(self, user_obj, project, role): """ @@ -655,7 +792,9 @@ class AuthconnKeystone(Authconn): except Exception: project_obj_list = self.keystone.projects.list(name=project) if not project_obj_list: - raise AuthconnNotFoundException("Project '{}' not found".format(project)) + raise AuthconnNotFoundException( + "Project '{}' not found".format(project) + ) project_obj = project_obj_list[0] try: @@ -669,8 +808,10 @@ class AuthconnKeystone(Authconn): self.keystone.roles.grant(role_obj, user=user_obj, project=project_obj) except ClientException as e: # self.logger.exception("Error during user role assignment using keystone: {}".format(e)) - raise AuthconnOperationException("Error during role '{}' assignment to user '{}' and project '{}' using " - "Keystone: {}".format(role, user_obj.name, project, e)) + raise AuthconnOperationException( + "Error during role '{}' assignment to user '{}' and project '{}' using " + "Keystone: {}".format(role, user_obj.name, project, e) + ) def remove_role_from_user(self, user_obj, project, role): """ @@ -688,7 +829,9 @@ class AuthconnKeystone(Authconn): except Exception: project_obj_list = self.keystone.projects.list(name=project) if not project_obj_list: - raise AuthconnNotFoundException("Project '{}' not found".format(project)) + raise AuthconnNotFoundException( + "Project '{}' not found".format(project) + ) project_obj = project_obj_list[0] try: @@ -702,5 +845,7 @@ class AuthconnKeystone(Authconn): self.keystone.roles.revoke(role_obj, user=user_obj, project=project_obj) except ClientException as e: # self.logger.exception("Error during user role revocation using keystone: {}".format(e)) - raise AuthconnOperationException("Error during role '{}' revocation to user '{}' and project '{}' using " - "Keystone: {}".format(role, user_obj.name, project, e)) + raise AuthconnOperationException( + "Error during role '{}' revocation to user '{}' and project '{}' using " + "Keystone: {}".format(role, user_obj.name, project, e) + )