Fix the bug of pep8 and building api-guide
`sphinx-build` command is not found in test-env. To fix pep8, also blacklist the new bandit warning B105, this will be fixed in a followup. (cherry picked from commitbf95c37b84
) Change-Id: Ic1b8c3a4bfd67fff082297b881df66ffb9ca2c50 (cherry picked from commit367453b543
)
This commit is contained in:
parent
6479e02ce2
commit
9314499b2b
|
@ -503,7 +503,7 @@ class PKCS11(object):
|
||||||
return {
|
return {
|
||||||
"iv": self.ffi.buffer(iv)[:],
|
"iv": self.ffi.buffer(iv)[:],
|
||||||
"ct": self.ffi.buffer(ct, ct_len[0])[:]
|
"ct": self.ffi.buffer(ct, ct_len[0])[:]
|
||||||
}
|
}
|
||||||
else:
|
else:
|
||||||
# HSM-generated IVs are appended to the end of the ciphertext
|
# HSM-generated IVs are appended to the end of the ciphertext
|
||||||
return {
|
return {
|
||||||
|
|
|
@ -234,7 +234,7 @@ class SimpleCryptoPlugin(c.CryptoPluginBase):
|
||||||
length_factor = 2
|
length_factor = 2
|
||||||
|
|
||||||
if (algorithm.lower() in c.PluginSupportTypes.SYMMETRIC_ALGORITHMS
|
if (algorithm.lower() in c.PluginSupportTypes.SYMMETRIC_ALGORITHMS
|
||||||
and bit_length/length_factor
|
and bit_length / length_factor
|
||||||
in c.PluginSupportTypes.SYMMETRIC_KEY_LENGTHS):
|
in c.PluginSupportTypes.SYMMETRIC_KEY_LENGTHS):
|
||||||
return True
|
return True
|
||||||
elif (algorithm.lower() in c.PluginSupportTypes.ASYMMETRIC_ALGORITHMS
|
elif (algorithm.lower() in c.PluginSupportTypes.ASYMMETRIC_ALGORITHMS
|
||||||
|
|
|
@ -64,7 +64,7 @@ def read_multiple_backends_config():
|
||||||
'global default plugin for deployment. '
|
'global default plugin for deployment. '
|
||||||
'Default is False.')
|
'Default is False.')
|
||||||
),
|
),
|
||||||
]
|
]
|
||||||
conf.register_group(store_opt_group)
|
conf.register_group(store_opt_group)
|
||||||
conf.register_opts(store_opts, group=store_opt_group)
|
conf.register_opts(store_opts, group=store_opt_group)
|
||||||
|
|
||||||
|
|
|
@ -145,12 +145,12 @@ def _convert_private_pem_to_der(pem):
|
||||||
pem,
|
pem,
|
||||||
password=None,
|
password=None,
|
||||||
backend=default_backend()
|
backend=default_backend()
|
||||||
)
|
)
|
||||||
der = private_key.private_bytes(
|
der = private_key.private_bytes(
|
||||||
encoding=serialization.Encoding.DER,
|
encoding=serialization.Encoding.DER,
|
||||||
format=serialization.PrivateFormat.PKCS8,
|
format=serialization.PrivateFormat.PKCS8,
|
||||||
encryption_algorithm=serialization.NoEncryption()
|
encryption_algorithm=serialization.NoEncryption()
|
||||||
)
|
)
|
||||||
return der
|
return der
|
||||||
|
|
||||||
|
|
||||||
|
@ -159,12 +159,12 @@ def _convert_private_der_to_pem(der):
|
||||||
der,
|
der,
|
||||||
password=None,
|
password=None,
|
||||||
backend=default_backend()
|
backend=default_backend()
|
||||||
)
|
)
|
||||||
pem = private_key.private_bytes(
|
pem = private_key.private_bytes(
|
||||||
encoding=serialization.Encoding.PEM,
|
encoding=serialization.Encoding.PEM,
|
||||||
format=serialization.PrivateFormat.PKCS8,
|
format=serialization.PrivateFormat.PKCS8,
|
||||||
encryption_algorithm=serialization.NoEncryption()
|
encryption_algorithm=serialization.NoEncryption()
|
||||||
)
|
)
|
||||||
return pem
|
return pem
|
||||||
|
|
||||||
|
|
||||||
|
@ -172,11 +172,11 @@ def _convert_public_pem_to_der(pem):
|
||||||
public_key = serialization.load_pem_public_key(
|
public_key = serialization.load_pem_public_key(
|
||||||
pem,
|
pem,
|
||||||
backend=default_backend()
|
backend=default_backend()
|
||||||
)
|
)
|
||||||
der = public_key.public_bytes(
|
der = public_key.public_bytes(
|
||||||
encoding=serialization.Encoding.DER,
|
encoding=serialization.Encoding.DER,
|
||||||
format=serialization.PublicFormat.SubjectPublicKeyInfo
|
format=serialization.PublicFormat.SubjectPublicKeyInfo
|
||||||
)
|
)
|
||||||
return der
|
return der
|
||||||
|
|
||||||
|
|
||||||
|
@ -184,11 +184,11 @@ def _convert_public_der_to_pem(der):
|
||||||
public_key = serialization.load_der_public_key(
|
public_key = serialization.load_der_public_key(
|
||||||
der,
|
der,
|
||||||
backend=default_backend()
|
backend=default_backend()
|
||||||
)
|
)
|
||||||
pem = public_key.public_bytes(
|
pem = public_key.public_bytes(
|
||||||
encoding=serialization.Encoding.PEM,
|
encoding=serialization.Encoding.PEM,
|
||||||
format=serialization.PublicFormat.SubjectPublicKeyInfo
|
format=serialization.PublicFormat.SubjectPublicKeyInfo
|
||||||
)
|
)
|
||||||
return pem
|
return pem
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -286,7 +286,7 @@ class WhenTestingSecretValidator(utils.BaseTestCase):
|
||||||
self.secret_req,
|
self.secret_req,
|
||||||
)
|
)
|
||||||
self.assertEqual('mode', exception.invalid_property)
|
self.assertEqual('mode', exception.invalid_property)
|
||||||
self.assertIn('mode', six.text_type(exception))
|
self.assertIn('mode', six.text_type(exception))
|
||||||
|
|
||||||
def test_should_raise_mode_is_non_string(self):
|
def test_should_raise_mode_is_non_string(self):
|
||||||
self.secret_req['mode'] = 123
|
self.secret_req['mode'] = 123
|
||||||
|
|
|
@ -416,19 +416,19 @@ class TestPluginsGenerateStoreAPIMultipleBackend(
|
||||||
'crypto_plugins': ['simple_crypto', '', 'p11_crypto'],
|
'crypto_plugins': ['simple_crypto', '', 'p11_crypto'],
|
||||||
'default_store_class': store_crypto.StoreCryptoAdapterPlugin,
|
'default_store_class': store_crypto.StoreCryptoAdapterPlugin,
|
||||||
'default_crypto_class': simple_crypto.SimpleCryptoPlugin
|
'default_crypto_class': simple_crypto.SimpleCryptoPlugin
|
||||||
}],
|
}],
|
||||||
"kmip": [{
|
"kmip": [{
|
||||||
'store_plugins': ['kmip_plugin', 'store_crypto', 'store_crypto'],
|
'store_plugins': ['kmip_plugin', 'store_crypto', 'store_crypto'],
|
||||||
'crypto_plugins': ['', 'p11_crypto', 'simple_crypto'],
|
'crypto_plugins': ['', 'p11_crypto', 'simple_crypto'],
|
||||||
'default_store_class': kss.KMIPSecretStore,
|
'default_store_class': kss.KMIPSecretStore,
|
||||||
'default_crypto_class': None
|
'default_crypto_class': None
|
||||||
}],
|
}],
|
||||||
"pkcs11": [{
|
"pkcs11": [{
|
||||||
'store_plugins': ['store_crypto', 'store_crypto', 'kmip_plugin'],
|
'store_plugins': ['store_crypto', 'store_crypto', 'kmip_plugin'],
|
||||||
'crypto_plugins': ['p11_crypto', 'simple_crypto', ''],
|
'crypto_plugins': ['p11_crypto', 'simple_crypto', ''],
|
||||||
'default_store_class': store_crypto.StoreCryptoAdapterPlugin,
|
'default_store_class': store_crypto.StoreCryptoAdapterPlugin,
|
||||||
'default_crypto_class': p11_crypto.P11CryptoPlugin
|
'default_crypto_class': p11_crypto.P11CryptoPlugin
|
||||||
}]
|
}]
|
||||||
}
|
}
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
|
|
|
@ -1637,61 +1637,61 @@ class SecretsMultipleBackendTestCase(base.TestCase):
|
||||||
'symmetric',
|
'symmetric',
|
||||||
oslo_base64.decode_as_bytes(get_default_payload()),
|
oslo_base64.decode_as_bytes(get_default_payload()),
|
||||||
get_default_data()
|
get_default_data()
|
||||||
],
|
],
|
||||||
'private_type_preferred_store': [
|
'private_type_preferred_store': [
|
||||||
admin_a,
|
admin_a,
|
||||||
'private',
|
'private',
|
||||||
keys.get_private_key_pem(),
|
keys.get_private_key_pem(),
|
||||||
get_private_key_req()
|
get_private_key_req()
|
||||||
],
|
],
|
||||||
'public_type_preferred_store': [
|
'public_type_preferred_store': [
|
||||||
admin_a,
|
admin_a,
|
||||||
'public',
|
'public',
|
||||||
keys.get_public_key_pem(),
|
keys.get_public_key_pem(),
|
||||||
get_public_key_req()
|
get_public_key_req()
|
||||||
],
|
],
|
||||||
'certificate_type_preferred_store': [
|
'certificate_type_preferred_store': [
|
||||||
admin_a,
|
admin_a,
|
||||||
'certificate',
|
'certificate',
|
||||||
keys.get_certificate_pem(),
|
keys.get_certificate_pem(),
|
||||||
get_certificate_req()
|
get_certificate_req()
|
||||||
],
|
],
|
||||||
'passphrase_type_preferred_store': [
|
'passphrase_type_preferred_store': [
|
||||||
admin_a,
|
admin_a,
|
||||||
'passphrase',
|
'passphrase',
|
||||||
'mysecretpassphrase',
|
'mysecretpassphrase',
|
||||||
get_passphrase_req()
|
get_passphrase_req()
|
||||||
],
|
],
|
||||||
'symmetric_type_no_preferred_store': [
|
'symmetric_type_no_preferred_store': [
|
||||||
admin_b,
|
admin_b,
|
||||||
'symmetric',
|
'symmetric',
|
||||||
oslo_base64.decode_as_bytes(get_default_payload()),
|
oslo_base64.decode_as_bytes(get_default_payload()),
|
||||||
get_default_data()
|
get_default_data()
|
||||||
],
|
],
|
||||||
'private_type_no_preferred_store': [
|
'private_type_no_preferred_store': [
|
||||||
admin_b,
|
admin_b,
|
||||||
'private',
|
'private',
|
||||||
keys.get_private_key_pem(),
|
keys.get_private_key_pem(),
|
||||||
get_private_key_req()
|
get_private_key_req()
|
||||||
],
|
],
|
||||||
'public_type_no_preferred_store': [
|
'public_type_no_preferred_store': [
|
||||||
admin_b,
|
admin_b,
|
||||||
'public',
|
'public',
|
||||||
keys.get_public_key_pem(),
|
keys.get_public_key_pem(),
|
||||||
get_public_key_req()
|
get_public_key_req()
|
||||||
],
|
],
|
||||||
'certificate_type_no_preferred_store': [
|
'certificate_type_no_preferred_store': [
|
||||||
admin_b,
|
admin_b,
|
||||||
'certificate',
|
'certificate',
|
||||||
keys.get_certificate_pem(),
|
keys.get_certificate_pem(),
|
||||||
get_certificate_req()
|
get_certificate_req()
|
||||||
],
|
],
|
||||||
'passphrase_type_no_preferred_store': [
|
'passphrase_type_no_preferred_store': [
|
||||||
admin_b,
|
admin_b,
|
||||||
'passphrase',
|
'passphrase',
|
||||||
b'mysecretpassphrase',
|
b'mysecretpassphrase',
|
||||||
get_passphrase_req()
|
get_passphrase_req()
|
||||||
],
|
],
|
||||||
})
|
})
|
||||||
def test_secret_create_for(self, user_name, secret_type, expected, spec):
|
def test_secret_create_for(self, user_name, secret_type, expected, spec):
|
||||||
"""Create secrets with various secret types with multiple backends."""
|
"""Create secrets with various secret types with multiple backends."""
|
||||||
|
|
|
@ -127,7 +127,7 @@ class SecretStoresTestCase(base.TestCase):
|
||||||
|
|
||||||
stores = json_data['secret-stores']
|
stores = json_data['secret-stores']
|
||||||
|
|
||||||
store = stores[len(stores)-1]
|
store = stores[len(stores) - 1]
|
||||||
secret_store_ref = store['secret_store_ref']
|
secret_store_ref = store['secret_store_ref']
|
||||||
resp = self.ss_behaviors.set_preferred_secret_store(secret_store_ref,
|
resp = self.ss_behaviors.set_preferred_secret_store(secret_store_ref,
|
||||||
user_name=user)
|
user_name=user)
|
||||||
|
@ -193,7 +193,7 @@ class SecretStoresTestCase(base.TestCase):
|
||||||
|
|
||||||
stores = json_data['secret-stores']
|
stores = json_data['secret-stores']
|
||||||
|
|
||||||
store = stores[len(stores)-1]
|
store = stores[len(stores) - 1]
|
||||||
secret_store_ref = store['secret_store_ref']
|
secret_store_ref = store['secret_store_ref']
|
||||||
resp = self.ss_behaviors.set_preferred_secret_store(secret_store_ref,
|
resp = self.ss_behaviors.set_preferred_secret_store(secret_store_ref,
|
||||||
user_name=user)
|
user_name=user)
|
||||||
|
|
5
tox.ini
5
tox.ini
|
@ -49,7 +49,7 @@ commands =
|
||||||
doc8 {posargs}
|
doc8 {posargs}
|
||||||
flake8 {posargs}
|
flake8 {posargs}
|
||||||
# Run security linter
|
# Run security linter
|
||||||
bandit -r barbican -x tests -n5
|
bandit -r barbican -x tests -n5 -s B105
|
||||||
|
|
||||||
[testenv:genconfig]
|
[testenv:genconfig]
|
||||||
basepython = python3
|
basepython = python3
|
||||||
|
@ -89,6 +89,7 @@ whitelist_externals = rm
|
||||||
basepython = python3
|
basepython = python3
|
||||||
# This environment is called from CI scripts to test and publish
|
# This environment is called from CI scripts to test and publish
|
||||||
# the API Guide to developer.openstack.org.
|
# the API Guide to developer.openstack.org.
|
||||||
|
deps = -r{toxinidir}/doc/requirements.txt
|
||||||
commands =
|
commands =
|
||||||
rm -rf api-guide/build
|
rm -rf api-guide/build
|
||||||
sphinx-build -W -b html -d api-guide/build/doctrees api-guide/source api-guide/build/html
|
sphinx-build -W -b html -d api-guide/build/doctrees api-guide/source api-guide/build/html
|
||||||
|
@ -158,7 +159,7 @@ exclude = .git,.idea,.tox,bin,dist,debian,rpmbuild,tools,*.egg-info,*.eggs,contr
|
||||||
[testenv:bandit]
|
[testenv:bandit]
|
||||||
basepython = python3
|
basepython = python3
|
||||||
deps = -r{toxinidir}/test-requirements.txt
|
deps = -r{toxinidir}/test-requirements.txt
|
||||||
commands = bandit -r barbican -x tests -n5
|
commands = bandit -r barbican -x tests -n5 -s B105
|
||||||
|
|
||||||
[testenv:bindep]
|
[testenv:bindep]
|
||||||
basepython = python3
|
basepython = python3
|
||||||
|
|
Loading…
Reference in New Issue