airship/armada
Code Issues Proposed changes

chore(bandit): add bandit

Browse Source 
This patch set puts the bandit check as part of the pep8 gating job
for airship-armada and remove the separate bandit gate.

Change-Id: I3871bb20f04aedb80a1ffca4038e94a156156a14
Signed-off-by: Tin Lam <tin@irrational.io>
This commit is contained in:
Tin Lam 2018-06-03 03:20:52 -05:00
parent 6f025d1d27
commit 333f4ba284
3 changed files with 5 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.zuul.yaml
View File

@ -17,14 +17,12 @@
- airship-armada-lint-pep8 - airship-armada-lint-pep8
- airship-armada-ubuntu - airship-armada-ubuntu
- airship-armada-unit-py35 - airship-armada-unit-py35
- airship-armada-security-bandit
gate: gate:
jobs: jobs:
- airship-armada-linter - airship-armada-linter
- airship-armada-lint-pep8 - airship-armada-lint-pep8
- airship-armada-unit-py35 - airship-armada-unit-py35
- airship-armada-security-bandit
- job: - job:
name: airship-armada-linter name: airship-armada-linter
@ -72,16 +70,6 @@
timeout: 300 timeout: 300
nodeset: airship-armada-single-node nodeset: airship-armada-single-node
- job:
name: airship-armada-security-bandit
description: |
Executes the Bandit security scanner against Python files
run: tools/gate/playbooks/security-bandit.yaml
timeout: 300
nodeset: airship-armada-single-node
files:
- ^.*\.py$
- job: - job:
name: airship-armada-lint-pep8 name: airship-armada-lint-pep8
description: | description: |

20
tools/gate/playbooks/security-bandit.yaml
View File

@ -1,20 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- hosts: primary
tasks:
- name: Execute the make target for security scanning
make:
chdir: "{{ zuul.project.src_dir }}"
target: test-bandit
register: result
failed_when: result.failed

5
tox.ini
View File

@ -40,8 +40,13 @@ deps = -r{toxinidir}/doc/requirements.txt
commands = sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html commands = sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html
[testenv:pep8] [testenv:pep8]
deps =
.[bandit]
{[testenv]deps}
commands = commands =
flake8 {posargs} flake8 {posargs}
# Run security linter as part of the pep8 gate instead of a separate zuul job.
bandit -r armada -x armada/tests -n 5
[testenv:bandit] [testenv:bandit]
commands = commands =