From 01297dce1a24d8506093f3a8c89c4e7484e9402c Mon Sep 17 00:00:00 2001 From: Lance Bragstad Date: Wed, 21 Oct 2015 16:37:58 +0000 Subject: [PATCH] Address hacking check H405. Previously, there were a string of commits to keystone that addresed ignored hacking checks. This commit does the same for H405 in keystonemiddleware. This also modifies our tox.ini so that we no longer ignore H405 violations. This is a non-functional change. Change-Id: I7bbe99719feb39e96634c903991294c18c33112b Closes-Bug: 1482773 --- keystonemiddleware/auth_token/_cache.py | 3 +-- .../auth_token/_memcache_crypt.py | 24 ++++++++++++------- keystonemiddleware/auth_token/_user_plugin.py | 8 +++++-- .../auth_token/test_auth_token_middleware.py | 14 +++++------ keystonemiddleware/tests/unit/utils.py | 6 +++-- tox.ini | 8 +++++-- 6 files changed, 39 insertions(+), 24 deletions(-) diff --git a/keystonemiddleware/auth_token/_cache.py b/keystonemiddleware/auth_token/_cache.py index 11d02284..3d12d1b2 100644 --- a/keystonemiddleware/auth_token/_cache.py +++ b/keystonemiddleware/auth_token/_cache.py @@ -135,8 +135,7 @@ class TokenCache(object): self._initialized = True def store(self, token_id, data): - """Put token data into the cache. - """ + """Put token data into the cache.""" self._LOG.debug('Storing token in cache') self._cache_store(token_id, data) diff --git a/keystonemiddleware/auth_token/_memcache_crypt.py b/keystonemiddleware/auth_token/_memcache_crypt.py index 2e45571f..2c887335 100644 --- a/keystonemiddleware/auth_token/_memcache_crypt.py +++ b/keystonemiddleware/auth_token/_memcache_crypt.py @@ -107,9 +107,9 @@ else: def derive_keys(token, secret, strategy): - """Derives keys for MAC and ENCRYPTION from the user-provided - secret. The resulting keys should be passed to the protect and - unprotect functions. + """Derives keys for MAC and ENCRYPTION from the user-provided secret. + + The resulting keys should be passed to the protect and unprotect functions. As suggested by NIST Special Publication 800-108, this uses the first 128 bits from the sha384 KDF for the obscured cache key @@ -160,8 +160,10 @@ def decrypt_data(key, data): def protect_data(keys, data): - """Given keys and serialized data, returns an appropriately - protected string suitable for storage in the cache. + """Serialize data given a dict of keys. + + Given keys and serialized data, returns an appropriately protected string + suitable for storage in the cache. """ if keys['strategy'] == b'ENCRYPT': @@ -174,8 +176,10 @@ def protect_data(keys, data): def unprotect_data(keys, signed_data): - """Given keys and cached string data, verifies the signature, - decrypts if necessary, and returns the original serialized data. + """De-serialize data given a dict of keys. + + Given keys and cached string data, verifies the signature, decrypts if + necessary, and returns the original serialized data. """ # cache backends return None when no data is found. We don't mind @@ -203,8 +207,10 @@ def unprotect_data(keys, signed_data): def get_cache_key(keys): - """Given keys generated by derive_keys(), returns a base64 - encoded value suitable for use as a cache key in memcached. + """Return a cache key. + + Given keys generated by derive_keys(), returns a base64 encoded value + suitable for use as a cache key in memcached. """ return base64.b64encode(keys['CACHE_KEY']) diff --git a/keystonemiddleware/auth_token/_user_plugin.py b/keystonemiddleware/auth_token/_user_plugin.py index 93075c5c..4a8e7f90 100644 --- a/keystonemiddleware/auth_token/_user_plugin.py +++ b/keystonemiddleware/auth_token/_user_plugin.py @@ -47,7 +47,9 @@ class _TokenData(object): @property def user_domain_id(self): - """Returns the domain id of the user associated with the authentication + """The domain ID of the user associated with the authentication. + + Returns the domain id of the user associated with the authentication request. :returns: str @@ -69,7 +71,9 @@ class _TokenData(object): @property def project_domain_id(self): - """The domain id of the project associated with the authentication + """The ID of the project associated with the authentication. + + The domain id of the project associated with the authentication request. :rtype: str diff --git a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py index 016673a2..cd0d1486 100644 --- a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py +++ b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py @@ -377,9 +377,8 @@ class DiabloAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest, class CachePoolTest(BaseAuthTokenMiddlewareTest): def test_use_cache_from_env(self): - """If `swift.cache` is set in the environment and `cache` is set in the - config then the env cache is used. - """ + # If `swift.cache` is set in the environment and `cache` is set in the + # config then the env cache is used. env = {'swift.cache': 'CACHE_TEST'} conf = { 'cache': 'swift.cache' @@ -390,9 +389,8 @@ class CachePoolTest(BaseAuthTokenMiddlewareTest): self.assertEqual(cache, 'CACHE_TEST') def test_not_use_cache_from_env(self): - """If `swift.cache` is set in the environment but `cache` isn't set in - the config then the env cache isn't used. - """ + # If `swift.cache` is set in the environment but `cache` isn't set + # initialize the config then the env cache isn't used. self.set_middleware() env = {'swift.cache': 'CACHE_TEST'} self.middleware._token_cache.initialize(env) @@ -433,7 +431,9 @@ class CachePoolTest(BaseAuthTokenMiddlewareTest): class GeneralAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest, testresources.ResourcedTestCase): - """These tests are not affected by the token format + """General Token Behavior tests. + + These tests are not affected by the token format (see CommonAuthTokenMiddlewareTest). """ diff --git a/keystonemiddleware/tests/unit/utils.py b/keystonemiddleware/tests/unit/utils.py index 8c6c0e9a..75c2b84e 100644 --- a/keystonemiddleware/tests/unit/utils.py +++ b/keystonemiddleware/tests/unit/utils.py @@ -77,8 +77,10 @@ if tuple(sys.version_info)[0:2] < (2, 7): class TestResponse(requests.Response): - """Class used to wrap requests.Response and provide some - convenience to initialize with a dict. + """Utility class to wrap requests.Response. + + Class used to wrap requests.Response and provide some convenience to + initialize with a dict. """ def __init__(self, data): diff --git a/tox.ini b/tox.ini index 790bf027..abaca300 100644 --- a/tox.ini +++ b/tox.ini @@ -36,8 +36,12 @@ deps = -r{toxinidir}/test-requirements.txt commands = bandit -c bandit.yaml -r keystonemiddleware -n5 -p keystone_conservative [flake8] -# H405: multi line docstring summary not separated with an empty line -ignore = H405 +# NOTE(lbragstad): Even though we aren't ignoring any hacking checks, we have +# to leave it assigned in the environment specification otherwise some error +# checks will be ignored by default. If we need to ignore a specific hacking +# check in the future, we will have to remove '___' from the ignore line. +# See: http://flake8.readthedocs.org/en/latest/config.html#default +ignore = ___ show-source = True exclude = .venv,.tox,dist,doc,*egg,build,*openstack/common*