60740282c9
This change adds a basic bandit config for cloudkitty. It can be invoked
by running the tox environment for bandit;
tox -e bandit
These changes also fix potential security issues find during bandit checks.
- binding to all interface: remove useless host_ip option to avoid issue
- hash function issue: switch from sha1 to sha512
- use of exec: can't be removed for moment so using #nosec comment
Change-Id: Iae7d7604457345fe6d482cf48311c9b75fdde947
87 lines
2.3 KiB
YAML
87 lines
2.3 KiB
YAML
- job:
|
|
name: cloudkitty-tempest-full
|
|
parent: devstack-tempest
|
|
description: |
|
|
Job testing cloudkitty installation on devstack and running tempest tests
|
|
required-projects:
|
|
- name: openstack/cloudkitty
|
|
- name: openstack/cloudkitty-tempest-plugin
|
|
- name: openstack/python-cloudkittyclient
|
|
roles:
|
|
- zuul: openstack-infra/devstack
|
|
timeout: 5400
|
|
irrelevant-files:
|
|
- ^.*\.rst$
|
|
- ^doc/.*$
|
|
- ^releasenotes/.*$
|
|
vars:
|
|
devstack_plugins:
|
|
cloudkitty: https://git.openstack.org/openstack/cloudkitty
|
|
cloudkitty-tempest-plugin: https://git.openstack.org/openstack/cloudkitty-tempest-plugin
|
|
devstack_services:
|
|
ck-api: true
|
|
ck-proc: true
|
|
horizon: false
|
|
tempest: true
|
|
tempest_concurrency: 1
|
|
tempest_test_regex: cloudkitty_tempest_plugin.*
|
|
tox_envlist: all
|
|
devstack_localrc:
|
|
CLOUDKITTY_FETCHER: keystone
|
|
TEMPEST_PLUGINS: /opt/stack/cloudkitty-tempest-plugin
|
|
|
|
- job:
|
|
name: cloudkitty-tempest-full-python3
|
|
parent: cloudkitty-tempest-full
|
|
description: |
|
|
Job testing cloudkitty installation on devstack with python 3 and running
|
|
vars:
|
|
devstack_localrc:
|
|
DEVSTACK_GATE_USE_PYTHON3: "True"
|
|
USE_PYTHON3: "True"
|
|
|
|
- job:
|
|
name: cloudkitty-tox-bandit
|
|
parent: openstack-tox
|
|
timeout: 2400
|
|
vars:
|
|
tox_envlist: bandit
|
|
required-projects:
|
|
- openstack/requirements
|
|
irrelevant-files:
|
|
- ^.*\.rst$
|
|
- ^.*\.txt$
|
|
- ^api-ref/.*$
|
|
- ^apidocs/.*$
|
|
- ^contrib/.*$
|
|
- ^doc/.*$
|
|
- ^etc/.*$
|
|
- ^releasenotes/.*$
|
|
- ^setup.cfg$
|
|
- ^tools/.*$
|
|
- ^cloudkitty/hacking/.*$
|
|
- ^cloudkitty/tests/scenario/.*$
|
|
- ^cloudkitty/tests/unittests/.*$
|
|
|
|
- project:
|
|
templates:
|
|
- check-requirements
|
|
- openstack-cover-jobs
|
|
- openstack-python-jobs
|
|
- openstack-python35-jobs
|
|
- openstack-python36-jobs
|
|
- openstack-python37-jobs
|
|
- publish-openstack-docs-pti
|
|
- release-notes-jobs-python3
|
|
check:
|
|
jobs:
|
|
- cloudkitty-tempest-full
|
|
- cloudkitty-tempest-full-python3
|
|
- cloudkitty-tox-bandit:
|
|
voting: false
|
|
gate:
|
|
queue: cloudkitty
|
|
jobs:
|
|
- cloudkitty-tempest-full
|
|
- cloudkitty-tempest-full-python3
|