From 0e502cc463252ba9affe7e2cf059f2ddbc610f97 Mon Sep 17 00:00:00 2001 From: Witek Bedyk Date: Thu, 27 Jun 2019 13:56:32 +0200 Subject: [PATCH] [GateFix] Ignore false positive bandit B105 test failure Bandit B105 hardcoded_password_string[1] is causing gate failure, which is false positive. Added a # nosec comment to skip Bandit testing of that line. [1] https://bandit.readthedocs.io/en/latest/plugins/b105_hardcoded_password_string.html Add local bindep.txt to include PostgreSQL dependendencies for testing. Story: 2006058 Task: 34771 Change-Id: I579754a0e093e192366ad2783bd766473227e761 --- bindep.txt | 4 ++++ monasca_notification/conf/database.py | 2 +- tox.ini | 12 ++++++++++++ 3 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 bindep.txt diff --git a/bindep.txt b/bindep.txt new file mode 100644 index 0000000..a26945b --- /dev/null +++ b/bindep.txt @@ -0,0 +1,4 @@ +# This is a cross-platform list tracking distribution packages needed for install and tests; +# see https://docs.openstack.org/infra/bindep/ for additional information. + +libpq-dev [platform:dpkg] diff --git a/monasca_notification/conf/database.py b/monasca_notification/conf/database.py index 2a654f2..1476e3f 100644 --- a/monasca_notification/conf/database.py +++ b/monasca_notification/conf/database.py @@ -32,7 +32,7 @@ _ACCEPTABLE_DRIVER_KEYS = set(list(_REPO_DRIVERS_MAP.keys()) + _DEFAULT_DB_HOST = '127.0.0.1' _DEFAULT_DB_USER = 'notification' -_DEFAULT_DB_PASSWORD = 'password' +_DEFAULT_DB_PASSWORD = 'password' # nosec bandit B105 _DEFAULT_DB_NAME = 'mon' _DEFAULT_POSTGRESQL_PORT = 5432 _DEFAULT_MYSQL_PORT = 3306 diff --git a/tox.ini b/tox.ini index 0217ebd..14d4e6f 100644 --- a/tox.ini +++ b/tox.ini @@ -90,3 +90,15 @@ deps = -r{toxinidir}/doc/requirements.txt commands = sphinx-build -a -E -W -d releasenotes/build/doctrees -b html \ releasenotes/source releasenotes/build/html + +[testenv:bindep] +basepython = python3 +# Do not install any requirements. We want this to be fast and work even if +# system dependencies are missing, since it's used to tell you what system +# dependencies are missing! This also means that bindep must be installed +# separately, outside of the requirements files, and develop mode disabled +# explicitly to avoid unnecessarily installing the checked-out repo too (this +# further relies on "tox.skipsdist = True" above). +deps = bindep +commands = bindep test +usedevelop = False