Merge lp:~salgado/launchpad/apidoc into lp:launchpad

Hi Salgado. Very cool. Thank you. Comments below.

Requested:

- Let's put the changes from lib/canonical/launchpad/webapp/configure.zcml into apidoc-configure-normal.zcml.

Questions and comments:

- Why is this necessary, do you know? I realize it is an existing code that you moved around, but neither the comment nor the "provides" made much sense to me, though Google did show me some hints that it might be standard practice for enabling the apidoc for some reason. Did you try removing it?
+ <!-- Turn on devmode for the following includes principal=work -->
+ <meta:provides feature="devmode" />

- I'm concerned that the tests are going to be run with even more registrations that will not be part of production. I wish there were a light, easy way to start up another LP instance for the apidoc smoke test that then would not pollute the rest of the tests with the apidoc registrations in the zcml file. However, I don't know of one, and unless you do, I won't insist that we address this concern. It's certainly just slightly enlarging an existing problem, rather than making a new one.

- Did you audit zope.login to make sure it's registrations don't do something we need to be worried about from a security perspective? If not, one of us should. I'd feel somewhat happier if ``<include package="zope.login" />`` were part of the apidoc zcml, but then we're exacerbating the previous problem (that is, production registrations are more and more different from test registrations).

Suggested:

- I suggest renaming LaunchpadPrincipalAnnotations to TemporaryPrincipalAnnotations: the behavior (and the fact that the implementation is effectively a stub) is something worth highlighting. Calling it "Launchpad" doesn't buy us anything.

- FWIW, LaunchpadPrincipalAnnotations could subclass UserDict.UserDict and be shortened to the __init__ plus a call to the shared constructor and the interface declarations. Do it if you want.

- For this comment:
+ <!-- XXX: Copied from zope.browserresource as apidoc breaks if we make
+ IAPIDocRoot implement ISite so that the original registration works
+ for us. -->
I suggest that this is not an XXX. To that point, this is not "Copied" but "Modified" (the "for" is different, and that's the key).

- For this comment:
+ <!-- XXX Probably make this in overrides for ISimpleReadContainer. Safer:
+ register for all apidoc containers, one way or another -->
You mentioned that these comments came from me. I think we can just remove the comment entirely. As I said on IRC, for the first half, I think I expected that this was going to have to go in overrides. Since it works without being in overrides, this is a "never mind...". For the second half ("Safer:..."), I think we're probably fine. It would be nice if we could easily register this only for the bots we care about, but, eh. It's all right, I think.

- I have said that I was fine with the change to authorization.py, but actually I had another idea. I'm not 100% convinced the new idea is better, but it is simpler, at least. The idea is to revert all current changes from that file, and then add ``from zope.proxy import removeAllProx...

On Wed, 2010-07-21 at 17:08 +0000, Gary Poster wrote:
> Hi Salgado. Very cool. Thank you. Comments below.
>
> Requested:
>
> - Let's put the changes from
> lib/canonical/launchpad/webapp/configure.zcml into
> apidoc-configure-normal.zcml.

Good catch. Done.

>
> Questions and comments:
>
> - Why is this necessary, do you know? I realize it is an existing
> code that you moved around, but neither the comment nor the "provides"
> made much sense to me, though Google did show me some hints that it
> might be standard practice for enabling the apidoc for some reason.
> Did you try removing it?
> + <!-- Turn on devmode for the following includes principal=work
> -->
> + <meta:provides feature="devmode" />

For some reason it became necessary when I moved the zcml to
apidoc-configure-normal.zcml. I've moved the principal= part.

>
> - I'm concerned that the tests are going to be run with even more
> registrations that will not be part of production. I wish there were
> a light, easy way to start up another LP instance for the apidoc smoke
> test that then would not pollute the rest of the tests with the apidoc
> registrations in the zcml file. However, I don't know of one, and
> unless you do, I won't insist that we address this concern. It's
> certainly just slightly enlarging an existing problem, rather than
> making a new one.

I hadn't thought about that, but I'll see if I can find a way to not
make this situation any worse.

>
> - Did you audit zope.login to make sure it's registrations don't do
> something we need to be worried about from a security perspective? If
> not, one of us should. I'd feel somewhat happier if ``<include
> package="zope.login" />`` were part of the apidoc zcml, but then we're
> exacerbating the previous problem (that is, production registrations
> are more and more different from test registrations).

zope.login is now needed because the ILoginPassword adapter has been
moved there from zope.publisher, but you have a good point that it
should be audited.

I've just checked and it just registers the ILoginPassword adapters for
both IHTTPCredentials and IFTPCredentials as zope.publisher did until
version 3.10.

I'm now wondering if I should do the same for all the eggs that I've
updated as part of this -- they could also register new things that
we're not expecting.

>
> Suggested:
>
> - I suggest renaming LaunchpadPrincipalAnnotations to
> TemporaryPrincipalAnnotations: the behavior (and the fact that the
> implementation is effectively a stub) is something worth highlighting.
> Calling it "Launchpad" doesn't buy us anything.

I like your suggestion; renamed.

>
> - FWIW, LaunchpadPrincipalAnnotations could subclass UserDict.UserDict
> and be shortened to the __init__ plus a call to the shared constructor
> and the interface declarations. Do it if you want.

I'm all for it!

Also, I thought I could make apidoc.lp.dev work for anonymous users by
just registering an adapter like the above for
IUnauthenticatedPrincipal, but then I got
http://paste.ubuntu.com/467401/

I'm thinking that it may be better to actually require a logged-in user
to use apidoc.lp.dev and ask them to login in case they're no...

Another alternative to deal with the fact that apidoc.lp.dev doesn't seem to work for anonymous users would be to somehow pretend all requests on apidoc.lp.dev are authenticated. I did that by making APIDocBrowserPublication.getPrincipal() return a fixed principal, but now I always get that same LocationError traceback: http://paste.ubuntu.com/467401/

Hey Salgado. Thank you. Below, I've deleted sections for which I thought no further discussion was necessary.

On Jul 22, 2010, at 5:15 AM, Guilherme Salgado wrote:

> On Wed, 2010-07-21 at 17:08 +0000, Gary Poster wrote:
>> Hi Salgado. Very cool. Thank you. Comments below.
>>
>> Requested:
>>
>> - Let's put the changes from
>> lib/canonical/launchpad/webapp/configure.zcml into
>> apidoc-configure-normal.zcml.
>
> Good catch. Done.

I don't understand why you didn't also move this:
+ <utility
+ component="canonical.launchpad.systemhomes.apidocroot"
+ provides="canonical.launchpad.webapp.interfaces.IAPIDocRoot" />
Was it an oversight, or is there a reason to keep it where it is?

...

>> - I'm concerned that the tests are going to be run with even more
>> registrations that will not be part of production. I wish there were
>> a light, easy way to start up another LP instance for the apidoc smoke
>> test that then would not pollute the rest of the tests with the apidoc
>> registrations in the zcml file. However, I don't know of one, and
>> unless you do, I won't insist that we address this concern. It's
>> certainly just slightly enlarging an existing problem, rather than
>> making a new one.
>
> I hadn't thought about that, but I'll see if I can find a way to not
> make this situation any worse.

Ack, thanks.

>> - Did you audit zope.login to make sure it's registrations don't do
>> something we need to be worried about from a security perspective? If
>> not, one of us should. I'd feel somewhat happier if ``<include
>> package="zope.login" />`` were part of the apidoc zcml, but then we're
>> exacerbating the previous problem (that is, production registrations
>> are more and more different from test registrations).
>
> zope.login is now needed because the ILoginPassword adapter has been
> moved there from zope.publisher, but you have a good point that it
> should be audited.
>
> I've just checked and it just registers the ILoginPassword adapters for
> both IHTTPCredentials and IFTPCredentials as zope.publisher did until
> version 3.10.

Cool.

> I'm now wondering if I should do the same for all the eggs that I've
> updated as part of this -- they could also register new things that
> we're not expecting.

The reason why I singled in on this one is that it is registered in zopeapp.zcml, so it will affect production. The rest will only affect tests and development, so I'm less concerned in this regard.

zope.publisher's update I guess is worth a look, actually. But that's the only other one I see.

> - FWIW, LaunchpadPrincipalAnnotations could subclass UserDict.UserDict
>> and be shortened to the __init__ plus a call to the shared constructor
>> and the interface declarations. Do it if you want.
>
> I'm all for it!
>
> Also, I thought I could make apidoc.lp.dev work for anonymous users by
> just registering an adapter like the above for
> IUnauthenticatedPrincipal, but then I got
> http://paste.ubuntu.com/467401/

Meh, digging into it just a bit, I see that preference group thing is doing somewhat unusual security dances. I wouldn't be all that surprised if that LocationError were actually hiding a Forbidd...

On Fri, 2010-07-23 at 12:42 +0000, Gary Poster wrote:
> Hey Salgado. Thank you. Below, I've deleted sections for which I thought no further discussion was necessary.
>
> On Jul 22, 2010, at 5:15 AM, Guilherme Salgado wrote:
>
> > On Wed, 2010-07-21 at 17:08 +0000, Gary Poster wrote:
> >> Hi Salgado. Very cool. Thank you. Comments below.
> >>
> >> Requested:
> >>
> >> - Let's put the changes from
> >> lib/canonical/launchpad/webapp/configure.zcml into
> >> apidoc-configure-normal.zcml.
> >
> > Good catch. Done.
>
> I don't understand why you didn't also move this:
> + <utility
> + component="canonical.launchpad.systemhomes.apidocroot"
> + provides="canonical.launchpad.webapp.interfaces.IAPIDocRoot" />
> Was it an oversight, or is there a reason to keep it where it is?

Yep, oversight. Moved.

>
> > I'm now wondering if I should do the same for all the eggs that I've
> > updated as part of this -- they could also register new things that
> > we're not expecting.
>
> The reason why I singled in on this one is that it is registered in
> zopeapp.zcml, so it will affect production. The rest will only affect
> tests and development, so I'm less concerned in this regard.
>
> zope.publisher's update I guess is worth a look, actually. But that's
> the only other one I see.
>

http://paste.ubuntu.com/467986/ is the diff between the previous
configure.zcml and the current version, so nothing to worry about, I
think?

> > - FWIW, LaunchpadPrincipalAnnotations could subclass UserDict.UserDict
> >> and be shortened to the __init__ plus a call to the shared constructor
> >> and the interface declarations. Do it if you want.
> >
> > I'm all for it!
> >
> > Also, I thought I could make apidoc.lp.dev work for anonymous users by
> > just registering an adapter like the above for
> > IUnauthenticatedPrincipal, but then I got
> > http://paste.ubuntu.com/467401/
>
> Meh, digging into it just a bit, I see that preference group thing is
> doing somewhat unusual security dances. I wouldn't be all that
> surprised if that LocationError were actually hiding a
> ForbiddenAttribute on a value that should be there, but maybe I'm
> wrong.
>
> > I'm thinking that it may be better to actually require a logged-in user
> > to use apidoc.lp.dev and ask them to login in case they're not, just
> > like we do on other launchpad.AnyPerson pages. What do you think?
>
> Since this is only for devel instances, in the abstract there's no
> reason not to expose this for anonymous users that I see. That will
> also make it easier to make a static version of the apidoc, which I
> think is part of the plan.

Agreed. All I wanted was to make sure we require people to login as
early as possible so that they don't see these obscure errors that one
has no idea can be worked around just by logging in.

>
> If you want me to look into the traceback further just ask.

I'd really appreciate as I wouldn't know where to start. Just some
pointers so I can get started would be great.

>
> ...
>
> >> - I have said that I was fine with the change to authorization.py, but
> >> actually I had another idea. I'm not 100% convinced the new idea is
> >> better, ...

On Jul 23, 2010, at 9:12 AM, Guilherme Salgado wrote:

> On Fri, 2010-07-23 at 12:42 +0000, Gary Poster wrote:
>> Hey Salgado. Thank you. Below, I've deleted sections for which I thought no further discussion was necessary.

Doing that again.

>>
>> On Jul 22, 2010, at 5:15 AM, Guilherme Salgado wrote:
>>
>>> On Wed, 2010-07-21 at 17:08 +0000, Gary Poster wrote:
>
...

>>
>>> I'm now wondering if I should do the same for all the eggs that I've
>>> updated as part of this -- they could also register new things that
>>> we're not expecting.
>>
>> The reason why I singled in on this one is that it is registered in
>> zopeapp.zcml, so it will affect production. The rest will only affect
>> tests and development, so I'm less concerned in this regard.
>>
>> zope.publisher's update I guess is worth a look, actually. But that's
>> the only other one I see.
>>
>
> http://paste.ubuntu.com/467986/ is the diff between the previous
> configure.zcml and the current version, so nothing to worry about, I
> think?

Agreed, thanks.

>
>
>>> - FWIW, LaunchpadPrincipalAnnotations could subclass UserDict.UserDict
>>>> and be shortened to the __init__ plus a call to the shared constructor
>>>> and the interface declarations. Do it if you want.
>>>
>>> I'm all for it!
>>>
>>> Also, I thought I could make apidoc.lp.dev work for anonymous users by
>>> just registering an adapter like the above for
>>> IUnauthenticatedPrincipal, but then I got
>>> http://paste.ubuntu.com/467401/
>>
>> Meh, digging into it just a bit, I see that preference group thing is
>> doing somewhat unusual security dances. I wouldn't be all that
>> surprised if that LocationError were actually hiding a
>> ForbiddenAttribute on a value that should be there, but maybe I'm
>> wrong.
>>
>>> I'm thinking that it may be better to actually require a logged-in user
>>> to use apidoc.lp.dev and ask them to login in case they're not, just
>>> like we do on other launchpad.AnyPerson pages. What do you think?
>>
>> Since this is only for devel instances, in the abstract there's no
>> reason not to expose this for anonymous users that I see. That will
>> also make it easier to make a static version of the apidoc, which I
>> think is part of the plan.
>
> Agreed. All I wanted was to make sure we require people to login as
> early as possible so that they don't see these obscure errors that one
> has no idea can be worked around just by logging in.
>
>>
>> If you want me to look into the traceback further just ask.
>
> I'd really appreciate as I wouldn't know where to start. Just some
> pointers so I can get started would be great.

I was skeptical of the way you were using object and UserDict together--that doesn't make UserDict a new-style class, so it doesn't play the "super" game. This fixes the traceback for unauthenticated users, and is generally more correct:

=== modified file 'lib/canonical/launchpad/webapp/authentication.py'
--- lib/canonical/launchpad/webapp/authentication.py 2010-07-22 09:12:46 +0000
+++ lib/canonical/launchpad/webapp/authentication.py 2010-07-23 14:54:07 +0000
@@ -326,12 +326,12 @@

 # zope.app.apidoc expects our principals to be adaptable into IAnno...

One more thing, but it's really important.

I think LP devs might get a lot more excited about this if you just add this little bit.

=== modified file 'configs/development/apidoc-configure-normal.zcml'
--- configs/development/apidoc-configure-normal.zcml 2010-07-22 09:12:46 +0000
+++ configs/development/apidoc-configure-normal.zcml 2010-07-23 18:25:06 +0000
@@ -3,6 +3,7 @@
     xmlns:browser="http://namespaces.zope.org/browser"
     xmlns:meta="http://namespaces.zope.org/meta"
     xmlns:i18n="http://namespaces.zope.org/i18n"
+ xmlns:apidoc="http://namespaces.zope.org/apidoc"
     i18n_domain="canonical">

     <!-- These packages/declarations are required by apidoc. If they are
@@ -48,7 +49,7 @@
     <!-- apidoc.lp.dev breaks if we make IAPIDocRoot subclass ISite, so we
       need to register this view here. -->
     <view
- for="canonical.launchpad.webapp.interfaces.IAPIDocRoot"
+ for="canonical.launchpad.webapp.interfaces.IAPIDocRoot"
         type="zope.publisher.interfaces.browser.IDefaultBrowserLayer"
         name=""
         factory="zope.browserresource.resources.Resources"
@@ -74,5 +75,15 @@
     <include package="zope.app.tree" />
     <include package="zope.app.apidoc" />

+ <apidoc:rootModule module="canonical" />
+ <apidoc:rootModule module="lp" />
+ <apidoc:rootModule module="lazr" />
+ <apidoc:rootModule module="zc" />
+ <apidoc:rootModule module="wadllib" />
+ <apidoc:rootModule module="martian" />
+ <apidoc:rootModule module="manuel" />
+ <apidoc:rootModule module="chameleon" />
+ <apidoc:rootModule module="bzrlib" />
+ <apidoc:rootModule module="storm" />
+
 </configure>
-

With this, all of that code is browsable and searchable, and the work you've done shows what we expect in the apidoc. It's pretty cool, I think.