bandit-baseline finds *new* issues introduced in a commit, by comparing
results between two git commits. If the git repository has uncommitted
changes, bandit-baseline refuses to run.
This switches over to using plain bandit instead of bandit-baseline,
and resolves or stifles existing bandit errors so we have a clean run.
These updates apply to bandit running as part of `tox -e pep8` or `tox
* Have bandit runs from tox ignore the octavia/tests directory
* Resolve several instances of `B701 jinja2_autoescape_false`
* Stifle several instances of `B303 md5`
* Resolve two instances of `B104 hardcoded_bind_all_interfaces`
* Stifle one instance of `B104 hardcoded_bind_all_interfaces` (see
Currently, Amphora configuration data is being sent as personality
files as considered by Nova and some providers have limitations
and must use cloud-init user-data.
This patch introduces a new config option to enable user-data.
If enabled the files that were built, such as the amphora config
and certificates for the agent, will be templated into a cloud-init
user-data script that loads the files as expected. After this we
need to restart the agent as cloud-init happens at a higher level
than service scripts. This does increase the boot time.
This is configurable so there is no impact if it's not needed.