"Resolve" bandit issue with sha1 hashes

We only use them as a consistent hash, not for anything security
related. Even if someone could manage a hash collision or something,
the worst that could happen is their own LB stops working...
So, just tell bandit to ignore them.
Added a docstring to one function to attempt to be extra clear.

Change-Id: Ic337c32020e12183e2246b844ded07a83c6d3ad8

octavia/common/tls_utils/cert_parser.py

@@ -361,7 +361,10 @@ def load_certificates_data(cert_mngr, listener, context=None):
 
 def _map_cert_tls_container(cert):
     return data_models.TLSContainer(
-        id=hashlib.sha1(cert.get_certificate()).hexdigest(),
+        # TODO(rm_work): applying nosec here because this is not intended to be
+        # secure, it's just a way to get a consistent ID. Changing this would
+        # break backwards compatibility with existing loadbalancers.
+        id=hashlib.sha1(cert.get_certificate()).hexdigest(),  # nosec
         primary_cn=get_primary_cn(cert),
         private_key=prepare_private_key(
             cert.get_private_key(),

octavia/common/utils.py

@@ -38,7 +38,11 @@ def get_hostname():
 
 
 def base64_sha1_string(string_to_hash):
-    hash_str = hashlib.sha1(string_to_hash.encode('utf-8')).digest()
+    """Get a b64-encoded sha1 hash of a string. Not intended to be secure!"""
+    # TODO(rm_work): applying nosec here because this is not intended to be
+    # secure, it's just a way to get a consistent ID. Changing this would
+    # break backwards compatibility with existing loadbalancers.
+    hash_str = hashlib.sha1(string_to_hash.encode('utf-8')).digest()  # nosec
     b64_str = base64.b64encode(hash_str, str.encode('_-', 'ascii'))
     return b64_str.decode('UTF-8')