[LIBCLOUD-568] Fixing cross service OAuth scopes for Google Compute Engine / DNS / Storage #302
Conversation
|
Hmm... not sure what to do about those travis failures, WARNING:test command found but not installed in testenvI don't think it has anything to do with my changes and if it does, I'm at a loss on how to interpret the error. |
| # Default scopes to read/write for compute, storage, and dns. Can | ||
| # override this when calling get_driver() or setting in secrets.py | ||
| self.scope = None | ||
| if kwargs and type(kwargs) is dict: |
There was a problem hiding this comment.
type(kwargs) is dict check shouldn't be necessary since, afaik, if you use ** kwarg expansion it will always be a dict.
There was a problem hiding this comment.
Actually, there is no need to use kwargs here (right?). If so, you should just explicitly put scope=None in the method signature. Even better would be to use scopes name since the argument value is a list.
|
@Kami - I think this is good to go unless you want to hear from @wrigri or @franckcuny. |
| # Default scopes to read/write for compute, storage, and dns. Can | ||
| # override this when calling get_driver() or setting in secrets.py | ||
| self.scopes = scopes | ||
| if self.scopes is None or not self.scopes: |
There was a problem hiding this comment.
Is there a reason to specifically test for None here? Wouldn't 'if not self.scopes:' work?
There was a problem hiding this comment.
Thanks for looking it over @wrigri!
Old habits. Back when I used to do a lot python development (circa 2002), this was considered a performance tip to use "is" for singleton comparisons. Since we set None as the default value in the method signature, and this change assumes the user will likely never pass in a non-None value for 'scopes', this would have (in my old brain) better performance.
But, I suspect that's either a) no longer a consideration 12 years later, and b) if there is a performance benefit, it's likely masked out by HTTP calls to remote services anyway. ;-)
As I said, just an "old habit". :)
There was a problem hiding this comment.
So you made me curious, and as it turns out, it looks like 'if not x:' is actually faster than 'if x is None:' even when x is an empty list.
Using Python 2.7.3 on Linux:
timeit.timeit('if a is None: pass', setup='a=None', number=100000000)
2.322221040725708
timeit.timeit('if not a: pass', setup='a=None', number=100000000)
1.8063910007476807
timeit.timeit('if not a: pass', setup='a=[]', number=100000000)
2.0614678859710693
|
Looks good to me |
|
@Kami - I think this is all set now. :) |
|
Thanks. I've merged it into trunk with a minor fix - I've changed the default value for The problem is that default values for arguments are created at the time of the function definition. This means that if you would mutate |
|
Thank you @Kami, nice catch! |
Prior to this fix, a user could call "get_driver()" for GCE but authorization was only allowed for the "compute" scope. With the addition of the DNS module, users calling its "get_driver()" would only be authorized to the DNS service.
This change allows scopes to be set as keyword params in get_driver() (or via secrets.py) that get propagated down to the authorization connection class. The default behavior is to grant authorization via scopes to all supported google services (compute, storage, dns).
It should be noted that the storage authorization via oauth scopes is bogus, but sets the stage for future enhancements we expect to contribute over the summer.
@wrigri, @franckcuny - A review would be much appreciated!