chore(bandit): add bandit

This patch set puts the bandit check as part of the pep8 gating job for airship-armada and remove the separate bandit gate. Change-Id: I3871bb20f04aedb80a1ffca4038e94a156156a14 Signed-off-by: Tin Lam <tin@irrational.io>
2018-06-03 03:20:52 -05:00 · 2018-06-03 03:20:52 -05:00 · 333f4ba284
commit 333f4ba284
parent 6f025d1d27
3 changed files with 5 additions and 32 deletions
--- a/.zuul.yaml
+++ b/.zuul.yaml
@ -17,14 +17,12 @@
        - airship-armada-lint-pep8
        - airship-armada-ubuntu
        - airship-armada-unit-py35
-        - airship-armada-security-bandit

    gate:
      jobs:
        - airship-armada-linter
        - airship-armada-lint-pep8
        - airship-armada-unit-py35
-        - airship-armada-security-bandit

 - job:
    name: airship-armada-linter
@ -72,16 +70,6 @@
    timeout: 300
    nodeset: airship-armada-single-node

- job:
-    name: airship-armada-security-bandit
-    description: |
-      Executes the Bandit security scanner against Python files
-    run: tools/gate/playbooks/security-bandit.yaml
-    timeout: 300
-    nodeset: airship-armada-single-node
-    files:
-      - ^.*\.py$
-
 - job:
    name: airship-armada-lint-pep8
    description: |
--- a/tools/gate/playbooks/security-bandit.yaml
+++ b/tools/gate/playbooks/security-bandit.yaml
@ -1,20 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
- hosts: primary
-  tasks:
-    - name: Execute the make target for security scanning
-      make:
-        chdir: "{{ zuul.project.src_dir }}"
-        target: test-bandit
-      register: result
-      failed_when: result.failed
--- a/tox.ini
+++ b/tox.ini
@ -40,8 +40,13 @@ deps = -r{toxinidir}/doc/requirements.txt
 commands = sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html

 [testenv:pep8]
+deps =
+    .[bandit]
+    {[testenv]deps}
 commands =
    flake8 {posargs}
+    # Run security linter as part of the pep8 gate instead of a separate zuul job.
+    bandit -r armada -x armada/tests -n 5

 [testenv:bandit]
 commands =