Make tests pass in 2020queens-eolstable/queens

Without this patch, build failed after 2019-12-31 with
Traceback (most recent call last):
  File "keystoneclient/tests/unit/v3/test_auth.py", line 226, in test_authenticate_success_password_unscoped
    self.assertRequestBodyIs(json=self.TEST_REQUEST_BODY)
  File "keystoneclient/tests/unit/utils.py", line 72, in assertRequestBodyIs
    self.assertEqual(json, val)

NOTE: in addition to the orginal backport, this patch adds the following
changes. The changes has to be combined into a single patch in order to
avoid circular dependencies.

1. fixed bandit complains in keystoneclient/common/cms.py. The literal 'sha256'
is the default hash algorithm, not a sensitive password. Marking it as false
positive so bandit can stop chirping.

2. combined with cherry pick from commit
f2d3fec9b254f9c47e97ddf48e3c5f7614b87f1b to avoid circular dependency. Without
combining them, neither backport will pass all the gates since pep8 has
switched over to use python3 now.

Change-Id: I0e44d9896c5970f0ca07438c372aec826aeb5c77
(cherry picked from commit f2d3fec9b254f9c47e97ddf48e3c5f7614b87f1b)
(cherry picked from commit acc21ff06154e16de16583fe6994207d689ed054)

1 files changed, 1 insertions, 1 deletions

diff --git a/keystoneclient/common/cms.py b/keystoneclient/common/cms.py
index 9c3e0bd..601d9c9 100644
--- a/keystoneclient/common/cms.py
+++ b/keystoneclient/common/cms.py
@@ -38,7 +38,7 @@ PKI_ASN1_PREFIX = 'MII'
 PKIZ_PREFIX = 'PKIZ_'
 PKIZ_CMS_FORM = 'DER'
 PKI_ASN1_FORM = 'PEM'
-DEFAULT_TOKEN_DIGEST_ALGORITHM = 'sha256'
+DEFAULT_TOKEN_DIGEST_ALGORITHM = 'sha256'  # nosec
 
 
 # The openssl cms command exits with these status codes.