c9eaca9e59
With python 3 the input function is safe. The six dropping will re-introduce the usage of the input function and bandit checks will fails. We drop python 2.7 support so we ignore the bandit check B322 [1] before starting to drop six support. [1] https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b322-input Change-Id: Ie956a65ebc4c781c5e661e8021f674833be8b323
165 lines
5.5 KiB
INI
165 lines
5.5 KiB
INI
[tox]
|
|
envlist = py36,py37,pep8
|
|
ignore_basepython_conflict = True
|
|
minversion = 3.1.0
|
|
skipsdist = True
|
|
|
|
[testenv]
|
|
basepython = python3
|
|
setenv = VIRTUAL_ENV={envdir}
|
|
PYTHONWARNINGS=default::DeprecationWarning
|
|
OS_TEST_PATH=heat/tests
|
|
usedevelop = True
|
|
deps = -c{env:UPPER_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master}
|
|
-r{toxinidir}/requirements.txt
|
|
-r{toxinidir}/test-requirements.txt
|
|
commands =
|
|
stestr run {posargs}
|
|
stestr slowest
|
|
|
|
passenv = http_proxy HTTP_PROXY https_proxy HTTPS_PROXY no_proxy NO_PROXY
|
|
|
|
[testenv:pep8]
|
|
commands =
|
|
flake8 heat bin/heat-api bin/heat-api-cfn bin/heat-engine bin/heat-manage contrib heat_integrationtests doc/source
|
|
python tools/custom_guidelines.py --exclude heat/engine/resources/aws
|
|
# The following bandit tests are being skipped:
|
|
# B101: Test for use of assert
|
|
# B104: Test for binding to all interfaces
|
|
# B107: Test for use of hard-coded password argument defaults
|
|
# B110: Try, Except, Pass detected.
|
|
# B310: Audit url open for permitted schemes
|
|
# B311: Standard pseudo-random generators are not suitable for security/cryptographic purposes
|
|
# B322: The input method is safe in Python 3.
|
|
# B404: Import of subprocess module
|
|
# B410: Import of lxml module
|
|
# B504: Test for SSL use with no version specified
|
|
# B506: Test for use of yaml load
|
|
# B603: Test for use of subprocess with shell equals true
|
|
# B607: Test for starting a process with a partial path
|
|
bandit -r heat -x tests --skip B101,B104,B107,B110,B310,B311,B322,B404,B410,B504,B506,B603,B607
|
|
doc8 {posargs}
|
|
|
|
[testenv:venv]
|
|
commands = {posargs}
|
|
|
|
[testenv:cover]
|
|
setenv =
|
|
PYTHON=coverage run --source heat --parallel-mode
|
|
commands =
|
|
coverage erase
|
|
stestr run {posargs}
|
|
coverage combine
|
|
coverage html -d cover
|
|
coverage xml -o cover/coverage.xml
|
|
coverage report
|
|
|
|
[testenv:docs]
|
|
whitelist_externals =
|
|
rm
|
|
deps = -r{toxinidir}/doc/requirements.txt
|
|
commands =
|
|
rm -rf doc/build
|
|
sphinx-build -W --keep-going -b html doc/source doc/build/html
|
|
|
|
[testenv:pdf-docs]
|
|
deps = {[testenv:docs]deps}
|
|
whitelist_externals =
|
|
make
|
|
commands =
|
|
sphinx-build -W -b latex doc/source doc/build/pdf
|
|
make -C doc/build/pdf
|
|
|
|
[testenv:api-ref]
|
|
# This environment is called from CI scripts to test and publish
|
|
# the API Ref to docs.openstack.org.
|
|
deps = -r{toxinidir}/doc/requirements.txt
|
|
whitelist_externals = rm
|
|
commands =
|
|
rm -rf api-ref/build
|
|
sphinx-build -W --keep-going -b html -d api-ref/build/doctrees api-ref/source api-ref/build/html
|
|
|
|
[testenv:genconfig]
|
|
commands =
|
|
oslo-config-generator --config-file=config-generator.conf
|
|
|
|
[testenv:genpolicy]
|
|
commands =
|
|
oslopolicy-sample-generator --config-file etc/heat/heat-policy-generator.conf
|
|
|
|
[testenv:bandit]
|
|
deps =
|
|
-c{env:UPPER_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master}
|
|
-r{toxinidir}/test-requirements.txt
|
|
# The following bandit tests are being skipped:
|
|
# B101: Test for use of assert
|
|
# B104: Test for binding to all interfaces
|
|
# B107: Test for use of hard-coded password argument defaults
|
|
# B110: Try, Except, Pass detected.
|
|
# B310: Audit url open for permitted schemes
|
|
# B311: Standard pseudo-random generators are not suitable for security/cryptographic purposes
|
|
# B404: Import of subprocess module
|
|
# B410: Import of lxml module
|
|
# B504: Test for SSL use with no version specified
|
|
# B506: Test for use of yaml load
|
|
# B603: Test for use of subprocess with shell equals true
|
|
# B607: Test for starting a process with a partial path
|
|
commands = bandit -r heat -x tests --skip B101,B104,B107,B110,B310,B311,B404,B410,B504,B506,B603,B607
|
|
|
|
[flake8]
|
|
show-source = true
|
|
# E123 closing bracket does not match indentation of opening bracket's line
|
|
# E226 missing whitespace around arithmetic operator
|
|
# E241 multiple spaces after ','
|
|
# E305 expected 2 blank lines after class or function definition, found 1
|
|
# E402 module level import not at top of file
|
|
# W503 line break before binary operator
|
|
# W504 line break after binary operator
|
|
ignore = E123,E226,E241,E402,W503,W504
|
|
exclude=.*,dist,*lib/python*,*egg,build,*convergence/scenarios/*
|
|
max-complexity=23
|
|
|
|
[doc8]
|
|
ignore = D001
|
|
ignore-path = .venv,.git,.tox,.tmp,*heat/locale*,*lib/python*,openstack_heat.egg*,doc/build,releasenotes/*
|
|
|
|
[hacking]
|
|
import_exceptions = heat.common.i18n
|
|
|
|
[flake8:local-plugins]
|
|
extension =
|
|
Heat301 = checks:no_log_warn
|
|
Heat302 = checks:check_python3_no_iteritems
|
|
Heat303 = checks:check_python3_no_iterkeys
|
|
Heat304 = checks:check_python3_no_itervalues
|
|
paths = ./heat/hacking
|
|
|
|
[testenv:debug]
|
|
commands = oslo_debug_helper {posargs}
|
|
|
|
[testenv:releasenotes]
|
|
whitelist_externals =
|
|
rm
|
|
deps = -r{toxinidir}/doc/requirements.txt
|
|
commands =
|
|
rm -rf releasenotes/build
|
|
sphinx-build -a -E -W -d releasenotes/build/doctrees --keep-going -b html releasenotes/source releasenotes/build/html
|
|
|
|
[testenv:bindep]
|
|
# Do not install any requirements. We want this to be fast and work even if
|
|
# system dependencies are missing, since it's used to tell you what system
|
|
# dependencies are missing! This also means that bindep must be installed
|
|
# separately, outside of the requirements files, and develop mode disabled
|
|
# explicitly to avoid unnecessarily installing the checked-out repo too (this
|
|
# further relies on "tox.skipsdist = True" above).
|
|
deps = bindep
|
|
commands = bindep test
|
|
usedevelop = False
|
|
|
|
[testenv:lower-constraints]
|
|
install_command = pip install {opts} {packages}
|
|
deps =
|
|
-c{toxinidir}/lower-constraints.txt
|
|
-r{toxinidir}/test-requirements.txt
|
|
-r{toxinidir}/requirements.txt
|