Merge "Address hacking check H405"

2016-01-23 04:17:00 +00:00
parent 0a0419d2b8 77ed0d4d0c
commit 1b9c9853cd
22 changed files with 176 additions and 131 deletions
--- a/keystoneclient/_discover.py
+++ b/keystoneclient/_discover.py
@@ -104,8 +104,7 @@ def normalize_version_number(version):
 def version_match(required, candidate):
-    """Test that an available version is a suitable match for a required
+    """Test that an available version satisfies the required version.
    version.
    To be suitable a version must be of the same major version as required
    and be at least a match in minor/patch level.
--- a/keystoneclient/access.py
+++ b/keystoneclient/access.py
@@ -38,8 +38,10 @@ class AccessInfo(dict):
    @classmethod
    def factory(cls, resp=None, body=None, region_name=None, auth_token=None,
                **kwargs):
-        """Create AccessInfo object given a successful auth response & body
+        """Factory function to create a new AccessInfo object.
-           or a user-provided dict.
+
        Create AccessInfo object given a successful auth response & body
        or a user-provided dict.
        .. warning::
@@ -112,8 +114,9 @@ class AccessInfo(dict):
    @classmethod
    def is_valid(cls, body, **kwargs):
-        """Determines if processing v2 or v3 token given a successful
+        """Determines if processing valid v2 or v3 token.
-        auth body or a user-provided dict.
+
        Validates from the auth body or a user-provided dict.
        :returns: true if auth body matches implementing class
        :rtype: boolean
@@ -129,8 +132,9 @@ class AccessInfo(dict):
    @property
    def auth_token(self):
-        """Returns the token_id associated with the auth request, to be used
+        """Returns the token_id associated with the auth request.
-        in headers for authenticating OpenStack API requests.
+
        To be used in headers for authenticating OpenStack API requests.
        :returns: str
        """
@@ -165,7 +169,8 @@ class AccessInfo(dict):
    @property
    def username(self):
-        """Returns the username associated with the authentication request.
+        """Returns the username associated with the auth request.
        Follows the pattern defined in the V2 API of first looking for 'name',
        returning that if available, and falling back to 'username' if name
        is unavailable.
@@ -176,7 +181,7 @@ class AccessInfo(dict):
    @property
    def user_id(self):
-        """Returns the user id associated with the authentication request.
+        """Returns the user id associated with the auth request.
        :returns: str
        """
@@ -184,8 +189,7 @@ class AccessInfo(dict):
    @property
    def user_domain_id(self):
-        """Returns the domain id of the user associated with the authentication
+        """Returns the user's domain id associated with the auth request.
        request.
        For v2, it always returns 'default' which may be different from the
        Keystone configuration.
@@ -196,8 +200,7 @@ class AccessInfo(dict):
    @property
    def user_domain_name(self):
-        """Returns the domain name of the user associated with the
+        """Returns the user's  domain name associated with the auth request.
        authentication request.
        For v2, it always returns 'Default' which may be different from the
        Keystone configuration.
@@ -208,8 +211,7 @@ class AccessInfo(dict):
    @property
    def role_ids(self):
-        """Returns a list of role ids of the user associated with the
+        """Returns a list of user's role ids associated with the auth request.
        authentication request.
        :returns: a list of strings of role ids
        """
@@ -217,8 +219,7 @@ class AccessInfo(dict):
    @property
    def role_names(self):
-        """Returns a list of role names of the user associated with the
+        """Returns a list of user's role names associated with the auth request.
        authentication request.
        :returns: a list of strings of role names
        """
@@ -226,7 +227,7 @@ class AccessInfo(dict):
    @property
    def domain_name(self):
-        """Returns the domain name associated with the authentication token.
+        """Returns the domain name associated with the auth request.
        :returns: str or None (if no domain associated with the token)
        """
@@ -234,7 +235,7 @@ class AccessInfo(dict):
    @property
    def domain_id(self):
-        """Returns the domain id associated with the authentication token.
+        """Returns the domain id associated with the auth request.
        :returns: str or None (if no domain associated with the token)
        """
@@ -242,7 +243,7 @@ class AccessInfo(dict):
    @property
    def project_name(self):
-        """Returns the project name associated with the authentication request.
+        """Returns the project name associated with the auth request.
        :returns: str or None (if no project associated with the token)
        """
@@ -255,8 +256,10 @@ class AccessInfo(dict):
    @property
    def scoped(self):
-        """Returns true if the authorization token was scoped to a tenant
+        """Returns true if the auth token was scoped.
-           (project), and contains a populated service catalog.
+
        Returns true if scoped to a tenant(project) or domain,
        and contains a populated service catalog.
        .. warning::
@@ -269,8 +272,7 @@ class AccessInfo(dict):
    @property
    def project_scoped(self):
-        """Returns true if the authorization token was scoped to a tenant
+        """Returns true if the auth token was scoped to a tenant(project).
           (project).
        :returns: bool
        """
@@ -278,7 +280,7 @@ class AccessInfo(dict):
    @property
    def domain_scoped(self):
-        """Returns true if the authorization token was scoped to a domain.
+        """Returns true if the auth token was scoped to a domain.
        :returns: bool
        """
@@ -286,7 +288,7 @@ class AccessInfo(dict):
    @property
    def trust_id(self):
-        """Returns the trust id associated with the authentication token.
+        """Returns the trust id associated with the auth request.
        :returns: str or None (if no trust associated with the token)
        """
@@ -294,8 +296,9 @@ class AccessInfo(dict):
    @property
    def trust_scoped(self):
-        """Returns true if the authorization token was scoped as delegated in a
+        """Returns true if the auth token was scoped from a delegated trust.
-        trust, via the OS-TRUST v3 extension.
+
        The trust delegation is via the OS-TRUST v3 extension.
        :returns: bool
        """
@@ -319,9 +322,9 @@ class AccessInfo(dict):
    @property
    def project_id(self):
-        """Returns the project ID associated with the authentication
+        """Returns the project ID associated with the auth request.
-        request, or None if the authentication request wasn't scoped to a
+
-        project.
+        This returns None if the auth token wasn't scoped to a project.
        :returns: str or None (if no project associated with the token)
        """
@@ -334,8 +337,7 @@ class AccessInfo(dict):
    @property
    def project_domain_id(self):
-        """Returns the domain id of the project associated with the
+        """Returns the project's domain id associated with the auth request.
        authentication request.
        For v2, it returns 'default' if a project is scoped or None which may
        be different from the keystone configuration.
@@ -346,8 +348,7 @@ class AccessInfo(dict):
    @property
    def project_domain_name(self):
-        """Returns the domain name of the project associated with the
+        """Returns the project's domain name associated with the auth request.
        authentication request.
        For v2, it returns 'Default' if a project is scoped or None  which may
        be different from the keystone configuration.
@@ -358,7 +359,9 @@ class AccessInfo(dict):
    @property
    def auth_url(self):
-        """Returns a tuple of URLs from publicURL and adminURL for the service
+        """Returns a tuple of identity URLs.
        The identity URLs are from publicURL and adminURL for the service
        'identity' from the service catalog associated with the authorization
        request. If the authentication request wasn't scoped to a tenant
        (project), this property will return None.
@@ -373,7 +376,9 @@ class AccessInfo(dict):
    @property
    def management_url(self):
-        """Returns the first adminURL for 'identity' from the service catalog
+        """Returns the first adminURL of the identity endpoint.
        The identity endpoint is from the service catalog
        associated with the authorization request, or None if the
        authentication request wasn't scoped to a tenant (project).
@@ -448,9 +453,7 @@ class AccessInfo(dict):
 class AccessInfoV2(AccessInfo):
-    """An object for encapsulating a raw v2 auth token from identity
+    """An object for encapsulating raw v2 auth token from identity service."""
       service.
    """
    def __init__(self, *args, **kwargs):
        super(AccessInfo, self).__init__(*args, **kwargs)
@@ -542,8 +545,10 @@ class AccessInfoV2(AccessInfo):
    @property
    def scoped(self):
-        """Deprecated as of the 1.7.0 release in favor of project_scoped and
+        """Deprecated as of the 1.7.0 release.
-        may be removed in the 2.0.0 release.
+
        Use project_scoped instead. It may be removed in the
        2.0.0 release.
        """
        warnings.warn(
            'scoped is deprecated as of the 1.7.0 release in favor of '
@@ -613,8 +618,10 @@ class AccessInfoV2(AccessInfo):
    @property
    def auth_url(self):
-        """Deprecated as of the 1.7.0 release in favor of
+        """Deprecated as of the 1.7.0 release.
-        service_catalog.get_urls() and may be removed in the 2.0.0 release.
+
        Use service_catalog.get_urls() instead. It may be removed in the
        2.0.0 release.
        """
        warnings.warn(
            'auth_url is deprecated as of the 1.7.0 release in favor of '
@@ -629,8 +636,10 @@ class AccessInfoV2(AccessInfo):
    @property
    def management_url(self):
-        """Deprecated as of the 1.7.0 release in favor of
+        """Deprecated as of the 1.7.0 release.
-        service_catalog.get_urls() and may be removed in the 2.0.0 release.
+
        Use service_catalog.get_urls() instead. It may be removed in the
        2.0.0 release.
        """
        warnings.warn(
            'management_url is deprecated as of the 1.7.0 release in favor of '
@@ -671,9 +680,7 @@ class AccessInfoV2(AccessInfo):
 class AccessInfoV3(AccessInfo):
-    """An object for encapsulating a raw v3 auth token from identity
+    """An object encapsulating raw v3 auth token from identity service."""
       service.
    """
    def __init__(self, token, *args, **kwargs):
        super(AccessInfo, self).__init__(*args, **kwargs)
@@ -781,8 +788,10 @@ class AccessInfoV3(AccessInfo):
    @property
    def scoped(self):
-        """Deprecated as of the 1.7.0 release in favor of project_scoped and
+        """Deprecated as of the 1.7.0 release.
-        may be removed in the 2.0.0 release.
+
        Use project_scoped instead. It may be removed in the
        2.0.0 release.
        """
        warnings.warn(
            'scoped is deprecated as of the 1.7.0 release in favor of '
@@ -816,8 +825,10 @@ class AccessInfoV3(AccessInfo):
    @property
    def auth_url(self):
-        """Deprecated as of the 1.7.0 release in favor of
+        """Deprecated as of the 1.7.0 release.
-        service_catalog.get_urls() and may be removed in the 2.0.0 release.
+
        Use service_catalog.get_urls() instead. It may be removed in the
        2.0.0 release.
        """
        warnings.warn(
            'auth_url is deprecated as of the 1.7.0 release in favor of '
@@ -832,8 +843,10 @@ class AccessInfoV3(AccessInfo):
    @property
    def management_url(self):
-        """Deprecated as of the 1.7.0 release in favor of
+        """Deprecated as of the 1.7.0 release.
-        service_catalog.get_urls() and may be removed in the 2.0.0 release.
+
        Use service_catalog.get_urls() instead. It may be removed in the
        2.0.0 release.
        """
        warnings.warn(
            'management_url is deprecated as of the 1.7.0 release in favor of '
--- a/keystoneclient/auth/identity/base.py
+++ b/keystoneclient/auth/identity/base.py
@@ -64,8 +64,9 @@ class BaseIdentityPlugin(base.BaseAuthPlugin):
    @property
    def username(self):
-        """Deprecated as of the 1.7.0 release and may be removed in the 2.0.0
+        """Deprecated as of the 1.7.0 release.
-        release.
+
        It may be removed in the 2.0.0 release.
        """
        warnings.warn(
@@ -76,8 +77,9 @@ class BaseIdentityPlugin(base.BaseAuthPlugin):
    @username.setter
    def username(self, value):
-        """Deprecated as of the 1.7.0 release and may be removed in the 2.0.0
+        """Deprecated as of the 1.7.0 release.
-        release.
+
        It may be removed in the 2.0.0 release.
        """
        warnings.warn(
@@ -88,8 +90,9 @@ class BaseIdentityPlugin(base.BaseAuthPlugin):
    @property
    def password(self):
-        """Deprecated as of the 1.7.0 release and may be removed in the 2.0.0
+        """Deprecated as of the 1.7.0 release.
-        release.
+
        It may be removed in the 2.0.0 release.
        """
        warnings.warn(
@@ -100,8 +103,9 @@ class BaseIdentityPlugin(base.BaseAuthPlugin):
    @password.setter
    def password(self, value):
-        """Deprecated as of the 1.7.0 release and may be removed in the 2.0.0
+        """Deprecated as of the 1.7.0 release.
-        release.
+
        It may be removed in the 2.0.0 release.
        """
        warnings.warn(
@@ -112,8 +116,9 @@ class BaseIdentityPlugin(base.BaseAuthPlugin):
    @property
    def token(self):
-        """Deprecated as of the 1.7.0 release and may be removed in the 2.0.0
+        """Deprecated as of the 1.7.0 release.
-        release.
+
        It may be removed in the 2.0.0 release.
        """
        warnings.warn(
@@ -124,8 +129,9 @@ class BaseIdentityPlugin(base.BaseAuthPlugin):
    @token.setter
    def token(self, value):
-        """Deprecated as of the 1.7.0 release and may be removed in the 2.0.0
+        """Deprecated as of the 1.7.0 release.
-        release.
+
        It may be removed in the 2.0.0 release.
        """
        warnings.warn(
@@ -136,8 +142,9 @@ class BaseIdentityPlugin(base.BaseAuthPlugin):
    @property
    def trust_id(self):
-        """Deprecated as of the 1.7.0 release and may be removed in the 2.0.0
+        """Deprecated as of the 1.7.0 release.
-        release.
+
        It may be removed in the 2.0.0 release.
        """
        warnings.warn(
@@ -148,8 +155,9 @@ class BaseIdentityPlugin(base.BaseAuthPlugin):
    @trust_id.setter
    def trust_id(self, value):
-        """Deprecated as of the 1.7.0 release and may be removed in the 2.0.0
+        """Deprecated as of the 1.7.0 release.
-        release.
+
        It may be removed in the 2.0.0 release.
        """
        warnings.warn(
--- a/keystoneclient/auth/identity/v3/base.py
+++ b/keystoneclient/auth/identity/v3/base.py
@@ -245,8 +245,10 @@ class AuthMethod(object):
@six.add_metaclass(abc.ABCMeta)
 class AuthConstructor(Auth):
-    """AuthConstructor is a means of creating an Auth Plugin that contains
+    """Abstract base class for creating an Auth Plugin.
-    only one authentication method. This is generally the required usage.
+
    The Auth Plugin created contains only one authentication method. This
    is generally the required usage.
    An AuthConstructor creates an AuthMethod based on the method's
    arguments and the auth_method_class defined by the plugin. It then
--- a/keystoneclient/base.py
+++ b/keystoneclient/base.py
@@ -465,8 +465,7 @@ class Resource(object):
    @property
    def human_id(self):
-        """Human-readable ID which can be used for bash completion.
+        """Human-readable ID which can be used for bash completion."""
        """
        if self.HUMAN_ID:
            name = getattr(self, self.NAME_ATTR, None)
            if name is not None:
--- a/keystoneclient/common/cms.py
+++ b/keystoneclient/common/cms.py
@@ -67,6 +67,7 @@ def _ensure_subprocess():
 def set_subprocess(_subprocess=None):
    """Set subprocess module to use.
    The subprocess could be eventlet.green.subprocess if using eventlet,
    or Python's subprocess otherwise.
    """
--- a/keystoneclient/contrib/ec2/utils.py
+++ b/keystoneclient/contrib/ec2/utils.py
@@ -28,8 +28,10 @@ from keystoneclient.i18n import _
 class Ec2Signer(object):
-    """Utility class which allows a request to be signed with an AWS style
+    """Utility class for EC2 signing of request.
-    signature, which can then be used for authentication via the keystone ec2
+
    This allows a request to be signed with an AWS style signature,
    which can then be used for authentication via the keystone ec2
    authentication extension.
    """
@@ -40,8 +42,10 @@ class Ec2Signer(object):
            self.hmac_256 = hmac.new(self.secret_key, digestmod=hashlib.sha256)
    def _v4_creds(self, credentials):
-        """Detect if the credentials are for a v4 signed request, since AWS
+        """Detect if the credentials are for a v4 signed request.
-        removed the SignatureVersion field from the v4 request spec...
+
        Check is needed since AWS removed the SignatureVersion field from
        the v4 request spec...
        This expects a dict of the request headers to be passed in the
        credentials dict, since the recommended way to pass v4 creds is
@@ -126,8 +130,9 @@ class Ec2Signer(object):
    @staticmethod
    def _canonical_qs(params):
-        """Construct a sorted, correctly encoded query string as required for
+        """Construct a sorted, correctly encoded query string.
-        _calc_signature_2 and _calc_signature_4.
+
        This is required for _calc_signature_2 and _calc_signature_4.
        """
        keys = list(params)
        keys.sort()
@@ -162,8 +167,9 @@ class Ec2Signer(object):
                            hashlib.sha256).digest()
        def signature_key(datestamp, region_name, service_name):
-            """Signature key derivation, see
+            """Signature key derivation.
-            http://docs.aws.amazon.com/general/latest/gr/
+
            See http://docs.aws.amazon.com/general/latest/gr/
            signature-v4-examples.html#signature-v4-examples-python
            """
            k_date = sign(self._get_utf8_value(b"AWS4" + self.secret_key),
@@ -189,8 +195,9 @@ class Ec2Signer(object):
            return param_str
        def date_param():
-            """Get the X-Amz-Date' value, which can be either a header
+            """Get the X-Amz-Date' value.
-            or parameter.
+
            The value can be either a header or parameter.
            Note AWS supports parsing the Date header also, but this is not
            currently supported here as it will require some format mangling
--- a/keystoneclient/discover.py
+++ b/keystoneclient/discover.py
@@ -56,8 +56,7 @@ def normalize_version_number(version):
 def version_match(required, candidate):
-    """Test that an available version is a suitable match for a required
+    """Test that an available version satisfies the required version.
    version.
    To be suitable a version must be of the same major version as required
    and be at least a match in minor/patch level.
@@ -82,8 +81,9 @@ def available_versions(url, session=None, **kwargs):
 class Discover(_discover.Discover):
-    """A means to discover and create clients depending on the supported API
+    """A means to discover and create clients.
-    versions on the server.
+
    Clients are created depending on the supported API versions on the server.
    Querying the server is done on object creation and every subsequent method
    operates upon the data that was retrieved.
@@ -187,8 +187,9 @@ class Discover(_discover.Discover):
    @removals.remove(message='Use raw_version_data instead.', version='1.7.0',
                     removal_version='2.0.0')
    def available_versions(self, **kwargs):
-        """Return a list of identity APIs available on the server and the data
+        """Return a list of identity APIs available on the server.
-        associated with them.
+
        The list returned includes the data associated with them.
        .. warning::
--- a/keystoneclient/generic/shell.py
+++ b/keystoneclient/generic/shell.py
@@ -25,8 +25,7 @@ CLIENT_CLASS = client.Client
@utils.unauthenticated
 def do_discover(cs, args):
-    """Discover Keystone servers, supported API versions and extensions.
+    """Discover Keystone servers, supported API versions and extensions."""
    """
    if cs.endpoint:
        versions = cs.discover(cs.endpoint)
    elif cs.auth_url:
--- a/keystoneclient/httpclient.py
+++ b/keystoneclient/httpclient.py
@@ -752,8 +752,10 @@ class HTTPClient(baseclient.Client, base.BaseAuthPlugin):
        return self._adapter.request(*args, **kwargs)
    def _cs_request(self, url, method, management=True, **kwargs):
-        """Makes an authenticated request to keystone endpoint by
+        """Makes an authenticated request to keystone endpoint.
-        concatenating self.management_url and url and passing in method and
+
        Request are made to keystone endpoint by concatenating
        self.management_url and url and passing in method and
        any associated kwargs.
        """
        if not management:
--- a/keystoneclient/service_catalog.py
+++ b/keystoneclient/service_catalog.py
@@ -180,8 +180,10 @@ class ServiceCatalog(object):
    def _get_service_endpoints(self, attr, filter_value, service_type,
                               endpoint_type, region_name, service_name):
-        """Fetch the endpoints of a particular service_type and handle
+        """Fetch the endpoints of a particular service_type.
-        the filtering.
+
        Endpoints returned are also filtered based on the attr and
        filter_value provided.
        """
        sc_endpoints = self.get_endpoints(service_type=service_type,
                                          endpoint_type=endpoint_type,
@@ -307,8 +309,9 @@ class ServiceCatalog(object):
 class ServiceCatalogV2(ServiceCatalog):
-    """An object for encapsulating the service catalog using raw v2 auth token
+    """An object for encapsulating the v2 service catalog.
-    from Keystone.
+
    The object is created using raw v2 auth token from Keystone.
    """
    def __init__(self, resource_dict, region_name=None):
@@ -364,8 +367,9 @@ class ServiceCatalogV2(ServiceCatalog):
 class ServiceCatalogV3(ServiceCatalog):
-    """An object for encapsulating the service catalog using raw v3 auth token
+    """An object for encapsulating the v3 service catalog.
-    from Keystone.
+
    The object is created using raw v3 auth token from Keystone.
    """
    def __init__(self, token, resource_dict, region_name=None):
--- a/keystoneclient/session.py
+++ b/keystoneclient/session.py
@@ -530,7 +530,9 @@ class Session(object):
    @classmethod
    def construct(cls, kwargs):
-        """Handles constructing a session from the older
+        """Handles constructing a session from both old and new arguments.
        Support constructing a session from the old
        :py:class:`~keystoneclient.httpclient.HTTPClient` args as well as the
        new request-style arguments.
@@ -766,8 +768,7 @@ class Session(object):
    @utils.positional.classmethod()
    def get_conf_options(cls, deprecated_opts=None):
-        """Get the oslo_config options that are needed for a
+        """Get oslo_config options that are needed for a :py:class:`.Session`.
        :py:class:`.Session`.
        These may be useful without being registered for config file generation
        or to manipulate the options before registering them yourself.
--- a/keystoneclient/tests/unit/client_fixtures.py
+++ b/keystoneclient/tests/unit/client_fixtures.py
@@ -704,8 +704,9 @@ EXAMPLES_RESOURCE = testresources.FixtureResource(Examples())
 class HackingCode(fixtures.Fixture):
-    """A fixture to house the various code examples for the keystoneclient
+    """A fixture to house the various code examples.
-    hacking style checks.
+
    Examples contains various keystoneclient hacking style checks.
    """
    oslo_namespace_imports = {
--- a/keystoneclient/tests/unit/test_ec2utils.py
+++ b/keystoneclient/tests/unit/test_ec2utils.py
@@ -189,9 +189,10 @@ class Ec2SignerTest(testtools.TestCase):
        self.assertEqual(signature, expected)
    def test_generate_v4_port_strip(self):
-        """Test v4 generator with host:port format, but for an old
+        """Test v4 generator with host:port format for old boto version.
-        (<2.9.3) version of boto, where the port should be stripped
+
-        to match boto behavior.
+        Validate for old (<2.9.3) version of boto, where the port should
        be stripped to match boto behavior.
        """
        # Create a new signer object with the AWS example key
        secret = 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
@@ -227,8 +228,10 @@ class Ec2SignerTest(testtools.TestCase):
        self.assertEqual(expected, signature)
    def test_generate_v4_port_nostrip(self):
-        """Test v4 generator with host:port format, but for an new
+        """Test v4 generator with host:port format for new boto version.
-        (>=2.9.3) version of boto, where the port should not be stripped.
+
        Validate for new (>=2.9.3) version of boto, where the port should
        not be stripped.
        """
        # Create a new signer object with the AWS example key
        secret = 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
--- a/keystoneclient/tests/unit/test_keyring.py
+++ b/keystoneclient/tests/unit/test_keyring.py
@@ -84,7 +84,9 @@ class KeyringTest(utils.TestCase):
        keyring.set_keyring(self.memory_keyring)
    def test_no_keyring_key(self):
-        """Ensure that if we don't have use_keyring set in the client that
+        """Test case when no keyring set.
        Ensure that if we don't have use_keyring set in the client that
        the keyring is never accessed.
        """
        # Creating a HTTPClient not using session is deprecated.
--- a/keystoneclient/tests/unit/test_shell.py
+++ b/keystoneclient/tests/unit/test_shell.py
@@ -330,8 +330,10 @@ class ShellTest(utils.TestCase):
            assert do_tenant_mock.called
    def test_shell_tenant_id_args(self):
-        """Test a corner case where --tenant_id appears on the
+        """Test where tenant_id is passed twice.
-           command-line twice.
+
        Test a corner case where --tenant_id appears on the
        command-line twice.
        """
        do_ec2_mock = mock.MagicMock()
        # grab the decorators for do_ec2_create_credentials
--- a/keystoneclient/tests/unit/utils.py
+++ b/keystoneclient/tests/unit/utils.py
@@ -128,8 +128,9 @@ if tuple(sys.version_info)[0:2] < (2, 7):
 class TestResponse(requests.Response):
-    """Class used to wrap requests.Response and provide some
+    """Class used to wrap requests.Response.
-       convenience to initialize with a dict.
+
    It also provides convenience to initialize with a dict.
    """
    def __init__(self, data):
--- a/keystoneclient/tests/unit/v3/test_federation.py
+++ b/keystoneclient/tests/unit/v3/test_federation.py
@@ -132,10 +132,7 @@ class ProtocolTests(utils.ClientTestCase, utils.CrudTests):
        self.path_prefix = 'OS-FEDERATION/identity_providers'
    def _transform_to_response(self, ref):
-        """Rebuild dictionary so it can be used as a
+        """Construct a response body from a dictionary."""
        reference response body.
        """
        response = copy.deepcopy(ref)
        del response['identity_provider']
        return response
--- a/keystoneclient/tests/unit/v3/test_oauth1.py
+++ b/keystoneclient/tests/unit/v3/test_oauth1.py
@@ -93,7 +93,9 @@ class TokenTests(object):
        return (key, secret, expires_at, token)
    def _validate_oauth_headers(self, auth_header, oauth_client):
-        """Assert that the data in the headers matches the data
+        """Validate data in the headers.
        Assert that the data in the headers matches the data
        that is produced from oauthlib.
        """
--- a/keystoneclient/utils.py
+++ b/keystoneclient/utils.py
@@ -134,7 +134,9 @@ def unauthenticated(f):
 def isunauthenticated(f):
-    """Checks to see if the function is marked as not requiring authentication
+    """Check if function requires authentication.
    Checks to see if the function is marked as not requiring authentication
    with the @unauthenticated decorator.
    Returns True if decorator is set to True, False otherwise.
@@ -167,8 +169,10 @@ def prompt_user_password():
 def prompt_for_password():
-    """Prompt user for password if not provided so the password
+    """Prompt user for password if not provided.
-    doesn't show up in the bash history.
+
    Prompt is used so the password doesn't show up in the
    bash history.
    """
    if not (hasattr(sys.stdin, 'isatty') and sys.stdin.isatty()):
        # nothing to do
--- a/keystoneclient/v3/auth.py
+++ b/keystoneclient/v3/auth.py
@@ -53,8 +53,7 @@ class AuthManager(base.Manager):
    _DOMAINS_URL = '/auth/domains'
    def projects(self):
-        """List projects that this token can be rescoped to.
+        """List projects that this token can be rescoped to."""
        """
        try:
            return self._list(self._PROJECTS_URL,
                              'projects',
@@ -67,8 +66,7 @@ class AuthManager(base.Manager):
                              endpoint_filter=endpoint_filter)
    def domains(self):
-        """List Domains that this token can be rescoped to.
+        """List Domains that this token can be rescoped to."""
        """
        try:
            return self._list(self._DOMAINS_URL,
                              'domains',
--- a/tox.ini
+++ b/tox.ini
@@ -46,7 +46,6 @@ deps = -r{toxinidir}/test-requirements.txt
 commands = bandit -c bandit.yaml -r keystoneclient -n5 -p keystone_conservative
 [flake8]
 # H405: multi line docstring summary not separated with an empty line
 # D100: Missing docstring in public module
 # D101: Missing docstring in public class
 # D102: Missing docstring in public method
@@ -64,7 +63,7 @@ commands = bandit -c bandit.yaml -r keystoneclient -n5 -p keystone_conservative
 # D301: Use r”“” if any backslashes in a docstring
 # D400: First line should end with a period.
 # D401: First line should be in imperative mood.
-ignore = H405,D100,D101,D102,D103,D104,D105,D200,D202,D203,D204,D205,D207,D208,D211,D301,D400,D401
+ignore = D100,D101,D102,D103,D104,D105,D200,D202,D203,D204,D205,D207,D208,D211,D301,D400,D401
 show-source = True
 exclude = .venv,.tox,dist,doc,*egg,build,*openstack/common*