Apply a few pylint suggestions

usr/lib/python3.6/vmmgr/crypto.py

@@ -28,37 +28,12 @@ def create_cert(domain):
         .serial_number(x509.random_serial_number()) \
         .not_valid_before(now) \
         .not_valid_after(now + datetime.timedelta(days=7305)) \
-        .add_extension(
+        .add_extension(x509.SubjectAlternativeName((x509.DNSName(domain), x509.DNSName('*.{}'.format(domain)))), critical=False) \
-            x509.SubjectAlternativeName((
+        .add_extension(x509.SubjectKeyIdentifier.from_public_key(public_key), critical=False) \
-                x509.DNSName(domain),
+        .add_extension(x509.AuthorityKeyIdentifier.from_issuer_public_key(public_key), critical=False) \
-                x509.DNSName('*.{}'.format(domain)),
+        .add_extension(x509.BasicConstraints(ca=False, path_length=None), critical=True) \
-            )),
+        .add_extension(x509.KeyUsage(digital_signature=True, content_commitment=False, key_encipherment=False, data_encipherment=False, key_agreement=False, key_cert_sign=False, crl_sign=False, encipher_only=False, decipher_only=False), critical=True) \
-            critical=False) \
+        .add_extension(x509.ExtendedKeyUsage((ExtendedKeyUsageOID.SERVER_AUTH, ExtendedKeyUsageOID.CLIENT_AUTH)), critical=False) \
-        .add_extension(
-            x509.SubjectKeyIdentifier.from_public_key(public_key),
-            critical=False) \
-        .add_extension(
-            x509.AuthorityKeyIdentifier.from_issuer_public_key(public_key),
-            critical=False) \
-        .add_extension(
-            x509.BasicConstraints(ca=False, path_length=None),
-            critical=True) \
-        .add_extension(
-            x509.KeyUsage(digital_signature=True,
-                content_commitment=False,
-                key_encipherment=False,
-                data_encipherment=False,
-                key_agreement=False,
-                key_cert_sign=False,
-                crl_sign=False,
-                encipher_only=False,
-                decipher_only=False),
-            critical=True) \
-        .add_extension(
-            x509.ExtendedKeyUsage((
-                ExtendedKeyUsageOID.SERVER_AUTH,
-                ExtendedKeyUsageOID.CLIENT_AUTH)),
-            critical=False) \
         .sign(private_key, hashes.SHA256(), default_backend())
     with open(CERT_PUB_FILE, 'wb') as f:
         f.write(cert.public_bytes(serialization.Encoding.PEM))
@@ -91,5 +66,5 @@ def verify_signature(file, signature):
 def adminpwd_hash(password):
     return bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode()
 
-def adminpwd_verify(password, hash):
+def adminpwd_verify(password, pwhash):
-    return bcrypt.checkpw(password.encode(), hash.encode())
+    return bcrypt.checkpw(password.encode(), pwhash.encode())

usr/lib/python3.6/vmmgr/net.py

@@ -2,7 +2,6 @@
 
 import dns.exception
 import dns.resolver
-import os
 import requests
 import socket
 import subprocess
@@ -40,10 +39,10 @@ resolver.timeout = 3
 resolver.lifetime = 3
 resolver.nameservers = ['8.8.8.8', '8.8.4.4', '2001:4860:4860::8888', '2001:4860:4860::8844']
 
-def resolve_ip(domain, type):
+def resolve_ip(domain, qtype):
     # Resolve domain name using Google Public DNS
     try:
-        return resolver.query(domain, type)[0].address
+        return resolver.query(domain, qtype)[0].address
     except dns.exception.Timeout:
         raise
     except:

usr/lib/python3.6/vmmgr/templates.py

@@ -64,7 +64,7 @@ server {{
 
 server {{
     listen [::]:{port} ssl http2;
-    server_name ~^(.*)\.{domain_esc}$;
+    server_name ~^(.*)\\.{domain_esc}$;
 
     location / {{
         return 503;

usr/lib/python3.6/vmmgr/validator.py

@@ -12,7 +12,7 @@ def is_valid_domain(domain):
 def is_valid_port(port):
     try:
         port = int(port)
-        return port > 0 and port < 65536 and port not in (22, 25, 80, 8080)
+        return 0 < port < 65536 and port not in (22, 25, 80, 8080)
     except:
         pass
     return False

usr/lib/python3.6/vmmgr/vmmgr.py

@@ -8,7 +8,6 @@ import subprocess
 from . import crypto
 from . import templates
 from . import net
-from .config import Config
 
 VERSION = '0.0.1'
 
@@ -42,7 +41,7 @@ class VMMgr:
     def rebuild_nginx(self):
         # Rebuild nginx config for the portal app. Web interface calls restart_nginx() in WSGI close handler
         with open(os.path.join(NGINX_DIR, 'default.conf'), 'w') as f:
-            f.write(templates.NGINX_DEFAULT.format(port=self.port, domain_esc=self.domain.replace('.', '\.')))
+            f.write(templates.NGINX_DEFAULT.format(port=self.port, domain_esc=self.domain.replace('.', '\\.')))
 
     def reload_nginx(self):
         subprocess.run(['/usr/sbin/nginx', '-s', 'reload'])
@@ -57,8 +56,8 @@ class VMMgr:
 
     def update_password(self, oldpassword, newpassword):
         # Update LUKS password and adminpwd for WSGI application
-        input = '{}\n{}'.format(oldpassword, newpassword).encode()
+        pwinput = '{}\n{}'.format(oldpassword, newpassword).encode()
-        subprocess.run(['cryptsetup', 'luksChangeKey', '/dev/sda2'], input=input, check=True)
+        subprocess.run(['cryptsetup', 'luksChangeKey', '/dev/sda2'], input=pwinput, check=True)
         # Update bcrypt-hashed password in config
         self.conf['host']['adminpwd'] = crypto.adminpwd_hash(newpassword)
         # Save config to file

usr/lib/python3.6/vmmgr/wsgiapp.py

@@ -23,7 +23,7 @@ from .wsgisession import WSGISession
 
 SESSION_KEY = os.urandom(26)
 
-class WSGIApp(object):
+class WSGIApp:
     def __init__(self):
         self.conf = Config()
         self.vmmgr = VMMgr(self.conf)
@@ -78,8 +78,8 @@ class WSGIApp(object):
         return response(environ, start_response)
 
     def dispatch_request(self, request):
-        map = self.admin_url_map if request.session['admin'] else self.url_map
+        url_map = self.admin_url_map if request.session['admin'] else self.url_map
-        adapter = map.bind_to_environ(request.environ)
+        adapter = url_map.bind_to_environ(request.environ)
         try:
             endpoint, values = adapter.match()
             response = getattr(self, endpoint)(request, **values)
@@ -120,7 +120,7 @@ class WSGIApp(object):
         # Message is in format location:type:text
         return message.split(':', 3)
 
-    def login_view(self, request, **kwargs):
+    def login_view(self, request):
         redir = request.args.get('redir', '')
         message = self.get_session_message(request)
         return self.render_html('login.html', request, redir=redir, message=message)
@@ -238,7 +238,7 @@ class WSGIApp(object):
         port = request.form['port']
         if not validator.is_valid_domain(domain):
             return self.render_json({'error': request.session.lang.invalid_domain(domain)})
-        elif not validator.is_valid_port(port):
+        if not validator.is_valid_port(port):
             return self.render_json({'error': request.session.lang.invalid_port(port)})
         self.vmmgr.update_host(domain, port)
         url = '{}/setup-host'.format(net.compile_url(net.get_local_ip(), port))