diff options
-rw-r--r-- | keystonemiddleware/auth_token/_cache.py | 3 | ||||
-rw-r--r-- | keystonemiddleware/auth_token/_memcache_crypt.py | 24 | ||||
-rw-r--r-- | keystonemiddleware/auth_token/_user_plugin.py | 8 | ||||
-rw-r--r-- | keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py | 14 | ||||
-rw-r--r-- | keystonemiddleware/tests/unit/utils.py | 6 | ||||
-rw-r--r-- | tox.ini | 8 |
6 files changed, 39 insertions, 24 deletions
diff --git a/keystonemiddleware/auth_token/_cache.py b/keystonemiddleware/auth_token/_cache.py index 11d0228..3d12d1b 100644 --- a/keystonemiddleware/auth_token/_cache.py +++ b/keystonemiddleware/auth_token/_cache.py @@ -135,8 +135,7 @@ class TokenCache(object): self._initialized = True def store(self, token_id, data): - """Put token data into the cache. - """ + """Put token data into the cache.""" self._LOG.debug('Storing token in cache') self._cache_store(token_id, data) diff --git a/keystonemiddleware/auth_token/_memcache_crypt.py b/keystonemiddleware/auth_token/_memcache_crypt.py index 2e45571..2c88733 100644 --- a/keystonemiddleware/auth_token/_memcache_crypt.py +++ b/keystonemiddleware/auth_token/_memcache_crypt.py @@ -107,9 +107,9 @@ else: def derive_keys(token, secret, strategy): - """Derives keys for MAC and ENCRYPTION from the user-provided - secret. The resulting keys should be passed to the protect and - unprotect functions. + """Derives keys for MAC and ENCRYPTION from the user-provided secret. + + The resulting keys should be passed to the protect and unprotect functions. As suggested by NIST Special Publication 800-108, this uses the first 128 bits from the sha384 KDF for the obscured cache key @@ -160,8 +160,10 @@ def decrypt_data(key, data): def protect_data(keys, data): - """Given keys and serialized data, returns an appropriately - protected string suitable for storage in the cache. + """Serialize data given a dict of keys. + + Given keys and serialized data, returns an appropriately protected string + suitable for storage in the cache. """ if keys['strategy'] == b'ENCRYPT': @@ -174,8 +176,10 @@ def protect_data(keys, data): def unprotect_data(keys, signed_data): - """Given keys and cached string data, verifies the signature, - decrypts if necessary, and returns the original serialized data. + """De-serialize data given a dict of keys. + + Given keys and cached string data, verifies the signature, decrypts if + necessary, and returns the original serialized data. """ # cache backends return None when no data is found. We don't mind @@ -203,8 +207,10 @@ def unprotect_data(keys, signed_data): def get_cache_key(keys): - """Given keys generated by derive_keys(), returns a base64 - encoded value suitable for use as a cache key in memcached. + """Return a cache key. + + Given keys generated by derive_keys(), returns a base64 encoded value + suitable for use as a cache key in memcached. """ return base64.b64encode(keys['CACHE_KEY']) diff --git a/keystonemiddleware/auth_token/_user_plugin.py b/keystonemiddleware/auth_token/_user_plugin.py index 93075c5..4a8e7f9 100644 --- a/keystonemiddleware/auth_token/_user_plugin.py +++ b/keystonemiddleware/auth_token/_user_plugin.py @@ -47,7 +47,9 @@ class _TokenData(object): @property def user_domain_id(self): - """Returns the domain id of the user associated with the authentication + """The domain ID of the user associated with the authentication. + + Returns the domain id of the user associated with the authentication request. :returns: str @@ -69,7 +71,9 @@ class _TokenData(object): @property def project_domain_id(self): - """The domain id of the project associated with the authentication + """The ID of the project associated with the authentication. + + The domain id of the project associated with the authentication request. :rtype: str diff --git a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py index 016673a..cd0d148 100644 --- a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py +++ b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py @@ -377,9 +377,8 @@ class DiabloAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest, class CachePoolTest(BaseAuthTokenMiddlewareTest): def test_use_cache_from_env(self): - """If `swift.cache` is set in the environment and `cache` is set in the - config then the env cache is used. - """ + # If `swift.cache` is set in the environment and `cache` is set in the + # config then the env cache is used. env = {'swift.cache': 'CACHE_TEST'} conf = { 'cache': 'swift.cache' @@ -390,9 +389,8 @@ class CachePoolTest(BaseAuthTokenMiddlewareTest): self.assertEqual(cache, 'CACHE_TEST') def test_not_use_cache_from_env(self): - """If `swift.cache` is set in the environment but `cache` isn't set in - the config then the env cache isn't used. - """ + # If `swift.cache` is set in the environment but `cache` isn't set + # initialize the config then the env cache isn't used. self.set_middleware() env = {'swift.cache': 'CACHE_TEST'} self.middleware._token_cache.initialize(env) @@ -433,7 +431,9 @@ class CachePoolTest(BaseAuthTokenMiddlewareTest): class GeneralAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest, testresources.ResourcedTestCase): - """These tests are not affected by the token format + """General Token Behavior tests. + + These tests are not affected by the token format (see CommonAuthTokenMiddlewareTest). """ diff --git a/keystonemiddleware/tests/unit/utils.py b/keystonemiddleware/tests/unit/utils.py index 8c6c0e9..75c2b84 100644 --- a/keystonemiddleware/tests/unit/utils.py +++ b/keystonemiddleware/tests/unit/utils.py @@ -77,8 +77,10 @@ if tuple(sys.version_info)[0:2] < (2, 7): class TestResponse(requests.Response): - """Class used to wrap requests.Response and provide some - convenience to initialize with a dict. + """Utility class to wrap requests.Response. + + Class used to wrap requests.Response and provide some convenience to + initialize with a dict. """ def __init__(self, data): @@ -36,8 +36,12 @@ deps = -r{toxinidir}/test-requirements.txt commands = bandit -c bandit.yaml -r keystonemiddleware -n5 -p keystone_conservative [flake8] -# H405: multi line docstring summary not separated with an empty line -ignore = H405 +# NOTE(lbragstad): Even though we aren't ignoring any hacking checks, we have +# to leave it assigned in the environment specification otherwise some error +# checks will be ignored by default. If we need to ignore a specific hacking +# check in the future, we will have to remove '___' from the ignore line. +# See: http://flake8.readthedocs.org/en/latest/config.html#default +ignore = ___ show-source = True exclude = .venv,.tox,dist,doc,*egg,build,*openstack/common* |