From 6e6166bda47bd1fc8687340e479a913e7fc0ed58 Mon Sep 17 00:00:00 2001
From: Max <mpavlukhin@mirantis.com>
Date: Thu, 15 Mar 2018 19:05:55 +0400
Subject: [PATCH] Replace assert to raise AssertionError

This patch is a fix for the issue B101 assert_used found by bandit
scanner:
https://docs.openstack.org/bandit/latest/plugins/b101_assert_used.html
As assert functionality could be turned off by the -O option for python
interpreter, assert statements were replaced to raise AssertionError.

The main reasoning for that is rest code after assert could be not
ready for values that assert filters.

Change-Id: I92a871b1b496c96c0c76cb37e4dda51bfc007e38
Related-Bug: #1759250
---
 neutron/common/_deprecate.py           |  4 +++-
 neutron/common/rpc.py                  | 18 ++++++++++++------
 neutron/db/api.py                      |  5 ++++-
 neutron/pecan_wsgi/controllers/root.py |  4 +++-
 tox.ini                                |  3 +--
 5 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/neutron/common/_deprecate.py b/neutron/common/_deprecate.py
index d155e3454f5..3c9a291497f 100644
--- a/neutron/common/_deprecate.py
+++ b/neutron/common/_deprecate.py
@@ -157,7 +157,9 @@ def _moved_global(old_name, new_module=None, new_name=None):
     :type new_name: str
 
     """
-    assert new_module or new_name  # One or both must be new
+    if not (new_module or new_name):
+        raise AssertionError("'new_module' and 'new_name' "
+                             "must not be both None")
     if isinstance(new_module, _MovedGlobals):
         # The new module has been shimmed, get the original
         new_module = new_module._mg__old_ref
diff --git a/neutron/common/rpc.py b/neutron/common/rpc.py
index 72d19c38bbb..743fd631bfc 100644
--- a/neutron/common/rpc.py
+++ b/neutron/common/rpc.py
@@ -64,9 +64,12 @@ def init(conf, rpc_ext_mods=None):
 
 def cleanup():
     global TRANSPORT, NOTIFICATION_TRANSPORT, NOTIFIER
-    assert TRANSPORT is not None
-    assert NOTIFICATION_TRANSPORT is not None
-    assert NOTIFIER is not None
+    if TRANSPORT is None:
+        raise AssertionError("'TRANSPORT' must not be None")
+    if NOTIFICATION_TRANSPORT is None:
+        raise AssertionError("'NOTIFICATION_TRANSPORT' must not be None")
+    if NOTIFIER is None:
+        raise AssertionError("'NOTIFIER' must not be None")
     TRANSPORT.cleanup()
     NOTIFICATION_TRANSPORT.cleanup()
     _BackingOffContextWrapper.reset_timeouts()
@@ -192,7 +195,8 @@ class BackingOffClient(oslo_messaging.RPCClient):
 
 
 def get_client(target, version_cap=None, serializer=None):
-    assert TRANSPORT is not None
+    if TRANSPORT is None:
+        raise AssertionError("'TRANSPORT' must not be None")
     serializer = RequestContextSerializer(serializer)
     return BackingOffClient(TRANSPORT,
                             target,
@@ -201,7 +205,8 @@ def get_client(target, version_cap=None, serializer=None):
 
 
 def get_server(target, endpoints, serializer=None):
-    assert TRANSPORT is not None
+    if TRANSPORT is None:
+        raise AssertionError("'TRANSPORT' must not be None")
     serializer = RequestContextSerializer(serializer)
     access_policy = dispatcher.DefaultRPCAccessPolicy
     return oslo_messaging.get_rpc_server(TRANSPORT, target, endpoints,
@@ -210,7 +215,8 @@ def get_server(target, endpoints, serializer=None):
 
 
 def get_notifier(service=None, host=None, publisher_id=None):
-    assert NOTIFIER is not None
+    if NOTIFIER is None:
+        raise AssertionError("'NOTIFIER' must not be None")
     if not publisher_id:
         publisher_id = "%s.%s" % (service, host or cfg.CONF.host)
     return NOTIFIER.prepare(publisher_id=publisher_id)
diff --git a/neutron/db/api.py b/neutron/db/api.py
index ffce6ae2c58..1def914eb25 100644
--- a/neutron/db/api.py
+++ b/neutron/db/api.py
@@ -282,4 +282,7 @@ def load_one_to_manys(session):
                 continue
             if relationship_attr.key not in state.dict:
                 getattr(new_object, relationship_attr.key)
-                assert relationship_attr.key in state.dict
+                if relationship_attr.key not in state.dict:
+                    msg = ("Relationship %s attributes must be loaded in db"
+                           " object %s" % (relationship_attr.key, state.dict))
+                    raise AssertionError(msg)
diff --git a/neutron/pecan_wsgi/controllers/root.py b/neutron/pecan_wsgi/controllers/root.py
index 7c1df62caef..9bfa69c0ae6 100644
--- a/neutron/pecan_wsgi/controllers/root.py
+++ b/neutron/pecan_wsgi/controllers/root.py
@@ -42,7 +42,9 @@ _CORE_RESOURCES = {net_def.RESOURCE_NAME: net_def.COLLECTION_NAME,
 
 
 def _load_version_info(version_info):
-    assert version_info['id'] not in _VERSION_INFO
+    if version_info['id'] in _VERSION_INFO:
+        raise AssertionError("ID %s must not be in "
+                             "VERSION_INFO" % version_info['id'])
     _VERSION_INFO[version_info['id']] = version_info
 
 
diff --git a/tox.ini b/tox.ini
index c93cc80e06a..a3a84545e42 100644
--- a/tox.ini
+++ b/tox.ini
@@ -161,13 +161,12 @@ import_exceptions = neutron._i18n
 local-check-factory = neutron.hacking.checks.factory
 
 [testenv:bandit]
-# B101: Use of assert detected
 # B104: Possible binding to all interfaces
 # B108: Probable insecure usage of temp file/directory
 # B111: Execute with run_as_root=True identified, possible security issue
 # B311: Standard pseudo-random generators are not suitable for security/cryptographic purpose
 deps = -r{toxinidir}/test-requirements.txt
-commands = bandit -r neutron -x tests -n5 -s B101,B104,B108,B111,B311
+commands = bandit -r neutron -x tests -n5 -s B104,B108,B111,B311
 
 [testenv:bashate]
 commands = bash -c "find {toxinidir}             \