6 files changed, 39 insertions, 24 deletions

diff --git a/keystonemiddleware/auth_token/_cache.py b/keystonemiddleware/auth_token/_cache.py
index 11d0228..3d12d1b 100644
--- a/keystonemiddleware/auth_token/_cache.py
+++ b/keystonemiddleware/auth_token/_cache.py
@@ -135,8 +135,7 @@ class TokenCache(object):
         self._initialized = True
 
     def store(self, token_id, data):
-        """Put token data into the cache.
-        """
+        """Put token data into the cache."""
         self._LOG.debug('Storing token in cache')
         self._cache_store(token_id, data)
 
diff --git a/keystonemiddleware/auth_token/_memcache_crypt.py b/keystonemiddleware/auth_token/_memcache_crypt.py
index 2e45571..2c88733 100644
--- a/keystonemiddleware/auth_token/_memcache_crypt.py
+++ b/keystonemiddleware/auth_token/_memcache_crypt.py
@@ -107,9 +107,9 @@ else:
 
 
 def derive_keys(token, secret, strategy):
-    """Derives keys for MAC and ENCRYPTION from the user-provided
-    secret. The resulting keys should be passed to the protect and
-    unprotect functions.
+    """Derives keys for MAC and ENCRYPTION from the user-provided secret.
+
+    The resulting keys should be passed to the protect and unprotect functions.
 
     As suggested by NIST Special Publication 800-108, this uses the
     first 128 bits from the sha384 KDF for the obscured cache key
@@ -160,8 +160,10 @@ def decrypt_data(key, data):
 
 
 def protect_data(keys, data):
-    """Given keys and serialized data, returns an appropriately
-    protected string suitable for storage in the cache.
+    """Serialize data given a dict of keys.
+
+    Given keys and serialized data, returns an appropriately protected string
+    suitable for storage in the cache.
 
     """
     if keys['strategy'] == b'ENCRYPT':
@@ -174,8 +176,10 @@ def protect_data(keys, data):
 
 
 def unprotect_data(keys, signed_data):
-    """Given keys and cached string data, verifies the signature,
-    decrypts if necessary, and returns the original serialized data.
+    """De-serialize data given a dict of keys.
+
+    Given keys and cached string data, verifies the signature, decrypts if
+    necessary, and returns the original serialized data.
 
     """
     # cache backends return None when no data is found. We don't mind
@@ -203,8 +207,10 @@ def unprotect_data(keys, signed_data):
 
 
 def get_cache_key(keys):
-    """Given keys generated by derive_keys(), returns a base64
-    encoded value suitable for use as a cache key in memcached.
+    """Return a cache key.
+
+    Given keys generated by derive_keys(), returns a base64 encoded value
+    suitable for use as a cache key in memcached.
 
     """
     return base64.b64encode(keys['CACHE_KEY'])
diff --git a/keystonemiddleware/auth_token/_user_plugin.py b/keystonemiddleware/auth_token/_user_plugin.py
index 93075c5..4a8e7f9 100644
--- a/keystonemiddleware/auth_token/_user_plugin.py
+++ b/keystonemiddleware/auth_token/_user_plugin.py
@@ -47,7 +47,9 @@ class _TokenData(object):
 
     @property
     def user_domain_id(self):
-        """Returns the domain id of the user associated with the authentication
+        """The domain ID of the user associated with the authentication.
+
+        Returns the domain id of the user associated with the authentication
         request.
 
         :returns: str
@@ -69,7 +71,9 @@ class _TokenData(object):
 
     @property
     def project_domain_id(self):
-        """The domain id of the project associated with the authentication
+        """The ID of the project associated with the authentication.
+
+        The domain id of the project associated with the authentication
         request.
 
         :rtype: str
diff --git a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
index 016673a..cd0d148 100644
--- a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
+++ b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
@@ -377,9 +377,8 @@ class DiabloAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
 
 class CachePoolTest(BaseAuthTokenMiddlewareTest):
     def test_use_cache_from_env(self):
-        """If `swift.cache` is set in the environment and `cache` is set in the
-        config then the env cache is used.
-        """
+        # If `swift.cache` is set in the environment and `cache` is set in the
+        # config then the env cache is used.
         env = {'swift.cache': 'CACHE_TEST'}
         conf = {
             'cache': 'swift.cache'
@@ -390,9 +389,8 @@ class CachePoolTest(BaseAuthTokenMiddlewareTest):
             self.assertEqual(cache, 'CACHE_TEST')
 
     def test_not_use_cache_from_env(self):
-        """If `swift.cache` is set in the environment but `cache` isn't set in
-        the config then the env cache isn't used.
-        """
+        # If `swift.cache` is set in the environment but `cache` isn't set
+        # initialize the config then the env cache isn't used.
         self.set_middleware()
         env = {'swift.cache': 'CACHE_TEST'}
         self.middleware._token_cache.initialize(env)
@@ -433,7 +431,9 @@ class CachePoolTest(BaseAuthTokenMiddlewareTest):
 
 class GeneralAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
                                      testresources.ResourcedTestCase):
-    """These tests are not affected by the token format
+    """General Token Behavior tests.
+
+    These tests are not affected by the token format
     (see CommonAuthTokenMiddlewareTest).
     """
 
diff --git a/keystonemiddleware/tests/unit/utils.py b/keystonemiddleware/tests/unit/utils.py
index 8c6c0e9..75c2b84 100644
--- a/keystonemiddleware/tests/unit/utils.py
+++ b/keystonemiddleware/tests/unit/utils.py
@@ -77,8 +77,10 @@ if tuple(sys.version_info)[0:2] < (2, 7):
 
 
 class TestResponse(requests.Response):
-    """Class used to wrap requests.Response and provide some
-       convenience to initialize with a dict.
+    """Utility class to wrap requests.Response.
+
+    Class used to wrap requests.Response and provide some convenience to
+    initialize with a dict.
     """
 
     def __init__(self, data):
diff --git a/tox.ini b/tox.ini
index d8a4389..5466ef6 100644
--- a/tox.ini
+++ b/tox.ini
@@ -36,8 +36,12 @@ deps = -r{toxinidir}/test-requirements.txt
 commands = bandit -c bandit.yaml -r keystonemiddleware -n5 -p keystone_conservative
 
 [flake8]
-# H405: multi line docstring summary not separated with an empty line
-ignore = H405
+# NOTE(lbragstad): Even though we aren't ignoring any hacking checks, we have
+# to leave it assigned in the environment specification otherwise some error
+# checks will be ignored by default. If we need to ignore a specific hacking
+# check in the future, we will have to remove '___' from the ignore line.
+# See: http://flake8.readthedocs.org/en/latest/config.html#default
+ignore = ___
 show-source = True
 exclude = .venv,.tox,dist,doc,*egg,build,*openstack/common*