OpenStack Identity (keystone)

Possible refactor of keystone.common.validate_token_bind's code

Bug #1488451 reported by majianjun
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Low
Steve Martinelli
OpenStack Identity (keystone) mitaka-2 "m2"

Bug Description

The part original code of keystone.common.validate_token_bind function is as follows
---
def validate_token_bind(context, token_ref):
    ...
    bind = token_ref.bind

    # permissive and strict modes don't require there to be a bind
    permissive = bind_mode in ('permissive', 'strict')

    # get the named mode if bind_mode is not one of the known
    name = None if permissive or bind_mode == 'required' else bind_mode

    if not bind:
        if permissive:
            # no bind provided and none required
            return
        else:
            LOG.info(_LI("No bind information present in token"))
            raise exception.Unauthorized()
   ...
---

If the bind is None, It is not necessary to execute the "name = None if permissive or bind_mode == 'required' else bind_mode".
So It had better to adjust the sequence about the above code.
The changed code is as follows:
---
def validate_token_bind(context, token_ref):
    ...
    bind = token_ref.bind

    # permissive and strict modes don't require there to be a bind
    permissive = bind_mode in ('permissive', 'strict')

    if not bind:
        if permissive:
            # no bind provided and none required
            return
        else:
            LOG.info(_LI("No bind information present in token"))
            raise exception.Unauthorized()

    # get the named mode if bind_mode is not one of the known
    name = None if permissive or bind_mode == 'required' else bind_mode
   ...
---

majianjun (mjjun)
Changed in keystone:
assignee: nobody → majianjun (mjjun)
Revision history for this message
Dolph Mathews (dolph) wrote :

I've marked this as Low because there is no clear negative impact of the current code on end users (if there is some negative impact here, please describe it). If you're simply proposing a refactor, a bug report is unnecessary.

Changed in keystone:
importance: Undecided → Low
status: New → Triaged
Lance Bragstad (lbragstad)
summary: - It had better to change the sequence of
- keystone.common.validate_token_bind's code
+ Possible refactor of keystone.common.validate_token_bind's code
Revision history for this message
Steve Martinelli (stevemar) wrote :

as dolph said, there is no negative impact here, just propose the refactor

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/251222

Changed in keystone:
assignee: majianjun (mjjun) → Steve Martinelli (stevemar)
status: Triaged → In Progress
Revision history for this message
Steve Martinelli (stevemar) wrote :

i pushed a patch for this https://review.openstack.org/#/c/251222/

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/251222
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=6977f908fed3b5a64161990ad4716e3cf1f2e234
Submitter: Jenkins
Branch: master

commit 6977f908fed3b5a64161990ad4716e3cf1f2e234
Author: Steve Martinelli <email address hidden>
Date: Mon Nov 30 02:38:57 2015 -0500

    refactor: move variable to where it's needed

    the `name` variable wasn't needed before the conditional, bump
    it down.

    Change-Id: I688b6f902f40536f88f51b4e7e47d049573bdbc5
    Closes-Bug: 1488451

Changed in keystone:
status: In Progress → Fix Committed
Doug Hellmann (doug-hellmann)
Changed in keystone:
status: Fix Committed → Fix Released
Revision history for this message
Thierry Carrez (ttx) wrote : Fix included in openstack/keystone 9.0.0.0b2

This issue was fixed in the openstack/keystone 9.0.0.0b2 development milestone.

Steve Martinelli (stevemar)
Changed in keystone:
milestone: none → mitaka-2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.