Merge "Address hacking check H405."

This commit is contained in:
Jenkins 2015-11-27 02:58:32 +00:00 committed by Gerrit Code Review
commit 86d8c8de34
6 changed files with 39 additions and 24 deletions

View File

@ -135,8 +135,7 @@ class TokenCache(object):
self._initialized = True
def store(self, token_id, data):
"""Put token data into the cache.
"""
"""Put token data into the cache."""
self._LOG.debug('Storing token in cache')
self._cache_store(token_id, data)

View File

@ -107,9 +107,9 @@ else:
def derive_keys(token, secret, strategy):
"""Derives keys for MAC and ENCRYPTION from the user-provided
secret. The resulting keys should be passed to the protect and
unprotect functions.
"""Derives keys for MAC and ENCRYPTION from the user-provided secret.
The resulting keys should be passed to the protect and unprotect functions.
As suggested by NIST Special Publication 800-108, this uses the
first 128 bits from the sha384 KDF for the obscured cache key
@ -160,8 +160,10 @@ def decrypt_data(key, data):
def protect_data(keys, data):
"""Given keys and serialized data, returns an appropriately
protected string suitable for storage in the cache.
"""Serialize data given a dict of keys.
Given keys and serialized data, returns an appropriately protected string
suitable for storage in the cache.
"""
if keys['strategy'] == b'ENCRYPT':
@ -174,8 +176,10 @@ def protect_data(keys, data):
def unprotect_data(keys, signed_data):
"""Given keys and cached string data, verifies the signature,
decrypts if necessary, and returns the original serialized data.
"""De-serialize data given a dict of keys.
Given keys and cached string data, verifies the signature, decrypts if
necessary, and returns the original serialized data.
"""
# cache backends return None when no data is found. We don't mind
@ -203,8 +207,10 @@ def unprotect_data(keys, signed_data):
def get_cache_key(keys):
"""Given keys generated by derive_keys(), returns a base64
encoded value suitable for use as a cache key in memcached.
"""Return a cache key.
Given keys generated by derive_keys(), returns a base64 encoded value
suitable for use as a cache key in memcached.
"""
return base64.b64encode(keys['CACHE_KEY'])

View File

@ -47,7 +47,9 @@ class _TokenData(object):
@property
def user_domain_id(self):
"""Returns the domain id of the user associated with the authentication
"""The domain ID of the user associated with the authentication.
Returns the domain id of the user associated with the authentication
request.
:returns: str
@ -69,7 +71,9 @@ class _TokenData(object):
@property
def project_domain_id(self):
"""The domain id of the project associated with the authentication
"""The ID of the project associated with the authentication.
The domain id of the project associated with the authentication
request.
:rtype: str

View File

@ -377,9 +377,8 @@ class DiabloAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
class CachePoolTest(BaseAuthTokenMiddlewareTest):
def test_use_cache_from_env(self):
"""If `swift.cache` is set in the environment and `cache` is set in the
config then the env cache is used.
"""
# If `swift.cache` is set in the environment and `cache` is set in the
# config then the env cache is used.
env = {'swift.cache': 'CACHE_TEST'}
conf = {
'cache': 'swift.cache'
@ -390,9 +389,8 @@ class CachePoolTest(BaseAuthTokenMiddlewareTest):
self.assertEqual(cache, 'CACHE_TEST')
def test_not_use_cache_from_env(self):
"""If `swift.cache` is set in the environment but `cache` isn't set in
the config then the env cache isn't used.
"""
# If `swift.cache` is set in the environment but `cache` isn't set
# initialize the config then the env cache isn't used.
self.set_middleware()
env = {'swift.cache': 'CACHE_TEST'}
self.middleware._token_cache.initialize(env)
@ -433,7 +431,9 @@ class CachePoolTest(BaseAuthTokenMiddlewareTest):
class GeneralAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
testresources.ResourcedTestCase):
"""These tests are not affected by the token format
"""General Token Behavior tests.
These tests are not affected by the token format
(see CommonAuthTokenMiddlewareTest).
"""

View File

@ -77,8 +77,10 @@ if tuple(sys.version_info)[0:2] < (2, 7):
class TestResponse(requests.Response):
"""Class used to wrap requests.Response and provide some
convenience to initialize with a dict.
"""Utility class to wrap requests.Response.
Class used to wrap requests.Response and provide some convenience to
initialize with a dict.
"""
def __init__(self, data):

View File

@ -36,8 +36,12 @@ deps = -r{toxinidir}/test-requirements.txt
commands = bandit -c bandit.yaml -r keystonemiddleware -n5 -p keystone_conservative
[flake8]
# H405: multi line docstring summary not separated with an empty line
ignore = H405
# NOTE(lbragstad): Even though we aren't ignoring any hacking checks, we have
# to leave it assigned in the environment specification otherwise some error
# checks will be ignored by default. If we need to ignore a specific hacking
# check in the future, we will have to remove '___' from the ignore line.
# See: http://flake8.readthedocs.org/en/latest/config.html#default
ignore = ___
show-source = True
exclude = .venv,.tox,dist,doc,*egg,build,*openstack/common*