From bf95c37b84688c99bda0849230508d955fc62f82 Mon Sep 17 00:00:00 2001 From: pengyuesheng Date: Tue, 25 Jun 2019 11:22:40 +0800 Subject: [PATCH] Fix the bug of pep8 and building api-guide `sphinx-build` command is not found in test-env. To fix pep8, also blacklist the new bandit warning B105, this will be fixed in a followup. Change-Id: Ic1b8c3a4bfd67fff082297b881df66ffb9ca2c50 --- barbican/plugin/crypto/pkcs11.py | 2 +- barbican/plugin/crypto/simple_crypto.py | 2 +- barbican/plugin/util/multiple_backends.py | 2 +- barbican/plugin/util/translations.py | 16 +++++++-------- barbican/tests/common/test_validators.py | 2 +- .../plugin/util/test_multiple_backends.py | 6 +++--- .../api/v1/functional/test_secrets.py | 20 +++++++++---------- .../api/v1/functional/test_secretstores.py | 4 ++-- tox.ini | 5 +++-- 9 files changed, 30 insertions(+), 29 deletions(-) diff --git a/barbican/plugin/crypto/pkcs11.py b/barbican/plugin/crypto/pkcs11.py index c394a16b5..a1033a98e 100644 --- a/barbican/plugin/crypto/pkcs11.py +++ b/barbican/plugin/crypto/pkcs11.py @@ -515,7 +515,7 @@ class PKCS11(object): return { "iv": self.ffi.buffer(iv)[:], "ct": self.ffi.buffer(ct, ct_len[0])[:] - } + } else: # HSM-generated IVs are appended to the end of the ciphertext return { diff --git a/barbican/plugin/crypto/simple_crypto.py b/barbican/plugin/crypto/simple_crypto.py index 59e7a42f1..e0c9e3a28 100644 --- a/barbican/plugin/crypto/simple_crypto.py +++ b/barbican/plugin/crypto/simple_crypto.py @@ -234,7 +234,7 @@ class SimpleCryptoPlugin(c.CryptoPluginBase): length_factor = 2 if (algorithm.lower() in c.PluginSupportTypes.SYMMETRIC_ALGORITHMS - and bit_length/length_factor + and bit_length / length_factor in c.PluginSupportTypes.SYMMETRIC_KEY_LENGTHS): return True elif (algorithm.lower() in c.PluginSupportTypes.ASYMMETRIC_ALGORITHMS diff --git a/barbican/plugin/util/multiple_backends.py b/barbican/plugin/util/multiple_backends.py index b8999139d..9d867c6ae 100644 --- a/barbican/plugin/util/multiple_backends.py +++ b/barbican/plugin/util/multiple_backends.py @@ -64,7 +64,7 @@ def read_multiple_backends_config(): 'global default plugin for deployment. ' 'Default is False.') ), - ] + ] conf.register_group(store_opt_group) conf.register_opts(store_opts, group=store_opt_group) diff --git a/barbican/plugin/util/translations.py b/barbican/plugin/util/translations.py index d517c4f09..447a2f266 100644 --- a/barbican/plugin/util/translations.py +++ b/barbican/plugin/util/translations.py @@ -145,12 +145,12 @@ def _convert_private_pem_to_der(pem): pem, password=None, backend=default_backend() - ) + ) der = private_key.private_bytes( encoding=serialization.Encoding.DER, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption() - ) + ) return der @@ -159,12 +159,12 @@ def _convert_private_der_to_pem(der): der, password=None, backend=default_backend() - ) + ) pem = private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption() - ) + ) return pem @@ -172,11 +172,11 @@ def _convert_public_pem_to_der(pem): public_key = serialization.load_pem_public_key( pem, backend=default_backend() - ) + ) der = public_key.public_bytes( encoding=serialization.Encoding.DER, format=serialization.PublicFormat.SubjectPublicKeyInfo - ) + ) return der @@ -184,11 +184,11 @@ def _convert_public_der_to_pem(der): public_key = serialization.load_der_public_key( der, backend=default_backend() - ) + ) pem = public_key.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo - ) + ) return pem diff --git a/barbican/tests/common/test_validators.py b/barbican/tests/common/test_validators.py index 2fd519972..99d156f99 100644 --- a/barbican/tests/common/test_validators.py +++ b/barbican/tests/common/test_validators.py @@ -286,7 +286,7 @@ class WhenTestingSecretValidator(utils.BaseTestCase): self.secret_req, ) self.assertEqual('mode', exception.invalid_property) - self.assertIn('mode', six.text_type(exception)) + self.assertIn('mode', six.text_type(exception)) def test_should_raise_mode_is_non_string(self): self.secret_req['mode'] = 123 diff --git a/barbican/tests/plugin/util/test_multiple_backends.py b/barbican/tests/plugin/util/test_multiple_backends.py index 8b9745acd..d9c6529b4 100644 --- a/barbican/tests/plugin/util/test_multiple_backends.py +++ b/barbican/tests/plugin/util/test_multiple_backends.py @@ -416,19 +416,19 @@ class TestPluginsGenerateStoreAPIMultipleBackend( 'crypto_plugins': ['simple_crypto', '', 'p11_crypto'], 'default_store_class': store_crypto.StoreCryptoAdapterPlugin, 'default_crypto_class': simple_crypto.SimpleCryptoPlugin - }], + }], "kmip": [{ 'store_plugins': ['kmip_plugin', 'store_crypto', 'store_crypto'], 'crypto_plugins': ['', 'p11_crypto', 'simple_crypto'], 'default_store_class': kss.KMIPSecretStore, 'default_crypto_class': None - }], + }], "pkcs11": [{ 'store_plugins': ['store_crypto', 'store_crypto', 'kmip_plugin'], 'crypto_plugins': ['p11_crypto', 'simple_crypto', ''], 'default_store_class': store_crypto.StoreCryptoAdapterPlugin, 'default_crypto_class': p11_crypto.P11CryptoPlugin - }] + }] } def setUp(self): diff --git a/functionaltests/api/v1/functional/test_secrets.py b/functionaltests/api/v1/functional/test_secrets.py index a92dbce27..d3cc77531 100644 --- a/functionaltests/api/v1/functional/test_secrets.py +++ b/functionaltests/api/v1/functional/test_secrets.py @@ -1642,61 +1642,61 @@ class SecretsMultipleBackendTestCase(base.TestCase): 'symmetric', oslo_base64.decode_as_bytes(get_default_payload()), get_default_data() - ], + ], 'private_type_preferred_store': [ admin_a, 'private', keys.get_private_key_pem(), get_private_key_req() - ], + ], 'public_type_preferred_store': [ admin_a, 'public', keys.get_public_key_pem(), get_public_key_req() - ], + ], 'certificate_type_preferred_store': [ admin_a, 'certificate', keys.get_certificate_pem(), get_certificate_req() - ], + ], 'passphrase_type_preferred_store': [ admin_a, 'passphrase', 'mysecretpassphrase', get_passphrase_req() - ], + ], 'symmetric_type_no_preferred_store': [ admin_b, 'symmetric', oslo_base64.decode_as_bytes(get_default_payload()), get_default_data() - ], + ], 'private_type_no_preferred_store': [ admin_b, 'private', keys.get_private_key_pem(), get_private_key_req() - ], + ], 'public_type_no_preferred_store': [ admin_b, 'public', keys.get_public_key_pem(), get_public_key_req() - ], + ], 'certificate_type_no_preferred_store': [ admin_b, 'certificate', keys.get_certificate_pem(), get_certificate_req() - ], + ], 'passphrase_type_no_preferred_store': [ admin_b, 'passphrase', b'mysecretpassphrase', get_passphrase_req() - ], + ], }) def test_secret_create_for(self, user_name, secret_type, expected, spec): """Create secrets with various secret types with multiple backends.""" diff --git a/functionaltests/api/v1/functional/test_secretstores.py b/functionaltests/api/v1/functional/test_secretstores.py index a45aba1ab..759d47fdb 100644 --- a/functionaltests/api/v1/functional/test_secretstores.py +++ b/functionaltests/api/v1/functional/test_secretstores.py @@ -127,7 +127,7 @@ class SecretStoresTestCase(base.TestCase): stores = json_data['secret_stores'] - store = stores[len(stores)-1] + store = stores[len(stores) - 1] secret_store_ref = store['secret_store_ref'] resp = self.ss_behaviors.set_preferred_secret_store(secret_store_ref, user_name=user) @@ -193,7 +193,7 @@ class SecretStoresTestCase(base.TestCase): stores = json_data['secret_stores'] - store = stores[len(stores)-1] + store = stores[len(stores) - 1] secret_store_ref = store['secret_store_ref'] resp = self.ss_behaviors.set_preferred_secret_store(secret_store_ref, user_name=user) diff --git a/tox.ini b/tox.ini index 05d77cc63..b44fd8bf2 100644 --- a/tox.ini +++ b/tox.ini @@ -50,7 +50,7 @@ commands = doc8 {posargs} flake8 {posargs} # Run security linter - bandit -r barbican -x tests -n5 + bandit -r barbican -x tests -n5 -s B105 [testenv:genconfig] basepython = python3 @@ -91,6 +91,7 @@ whitelist_externals = rm basepython = python3 # This environment is called from CI scripts to test and publish # the API Guide to developer.openstack.org. +deps = -r{toxinidir}/doc/requirements.txt commands = rm -rf api-guide/build sphinx-build -W -b html -d api-guide/build/doctrees api-guide/source api-guide/build/html @@ -148,7 +149,7 @@ exclude = .git,.idea,.tox,bin,dist,debian,rpmbuild,tools,*.egg-info,*.eggs,contr [testenv:bandit] basepython = python3 deps = -r{toxinidir}/test-requirements.txt -commands = bandit -r barbican -x tests -n5 +commands = bandit -r barbican -x tests -n5 -s B105 [testenv:bindep] basepython = python3