1 files changed, 9 insertions, 8 deletions

diff --git a/keystone/token/controllers.py b/keystone/token/controllers.py
index e9296216..a7fcbb2c 100644
--- a/keystone/token/controllers.py
+++ b/keystone/token/controllers.py
@@ -18,7 +18,7 @@ DEFAULT_DOMAIN_ID = CONF.identity.default_domain_id
 
 
 class ExternalAuthNotApplicable(Exception):
-    """External authentication is not applicable"""
+    """External authentication is not applicable."""
     pass
 
 
@@ -396,7 +396,7 @@ class Auth(controller.V2Controller):
         return domain_id
 
     def _get_project_ref(self, context, user_id, tenant_id):
-        """Returns the tenant_ref for the user's tenant"""
+        """Returns the tenant_ref for the user's tenant."""
         tenant_ref = None
         if tenant_id:
             tenants = self.identity_api.get_projects_for_user(context, user_id)
@@ -415,7 +415,7 @@ class Auth(controller.V2Controller):
 
     def _get_metadata_ref(self, context, user_id=None, tenant_id=None,
                           domain_id=None, group_id=None):
-        """Returns metadata_ref for a user or group in a tenant or domain"""
+        """Returns metadata_ref for a user or group in a tenant or domain."""
 
         metadata_ref = {}
         if (user_id or group_id) and (tenant_id or domain_id):
@@ -429,7 +429,7 @@ class Auth(controller.V2Controller):
 
     def _get_group_metadata_ref(self, context, user_id,
                                 tenant_id=None, domain_id=None):
-        """Return any metadata for this project/domain due to group grants"""
+        """Return any metadata for this project/domain due to group grants."""
         group_refs = self.identity_api.list_groups_for_user(context=context,
                                                             user_id=user_id)
         metadata_ref = {}
@@ -441,9 +441,10 @@ class Auth(controller.V2Controller):
         return metadata_ref
 
     def _append_roles(self, metadata, additional_metadata):
-        """
-        Update the roles in metadata to be the union of the roles from
-        both of the passed metadatas
+        """Add additional roles to the roles in metadata.
+
+        The final set of roles represents the union of existing roles and
+        additional roles.
         """
 
         first = set(metadata.get('roles', []))
@@ -470,7 +471,7 @@ class Auth(controller.V2Controller):
         return data
 
     def _assert_default_domain(self, context, token_ref):
-        """ Make sure we are operating on default domain only. """
+        """Make sure we are operating on default domain only."""
         if token_ref.get('token_data'):
             # this is a V3 token
             msg = _('Non-default domain is not supported')