c914eb14d7
This change is being proposed as part of the OpenStack Security Project working session at the Austin 2016 summit. It adds support for running the bandit[1] security linting tool against the Senlin codebase. This change adds a targeted environment for bandit. The bandit configuration has been tailored to exclude tests that are currently producing warning against the codebase. These issues will be followed up with bug reports and patches. At the time of submission, Senlin passes all Bandit tests configured in tox. [1]: https://wiki.openstack.org/wiki/Security/Projects/Bandit Change-Id: I54ef7329b9d6f6429838afdc5319f48bcc2e9f33
108 lines
2.9 KiB
INI
108 lines
2.9 KiB
INI
[tox]
|
|
minversion = 1.6
|
|
envlist = py35,py34,py27,pep8,functional
|
|
skipsdist = True
|
|
|
|
[testenv]
|
|
|
|
# Note the hash seed is set to 0 until senlin can be tested with a
|
|
# random hash seed successfully.
|
|
setenv = VIRTUAL_ENV={envdir}
|
|
PYTHONHASHSEED=0
|
|
OS_TEST_PATH=senlin/tests/unit
|
|
|
|
deps = -r{toxinidir}/test-requirements.txt
|
|
|
|
usedevelop = True
|
|
install_command = pip install -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} {opts} {packages}
|
|
commands =
|
|
find . -type f -name "*.pyc" -delete
|
|
ostestr --slowest {posargs}
|
|
|
|
whitelist_externals = bash
|
|
find
|
|
|
|
[testenv:api]
|
|
setenv = VIRTUAL_ENV={envdir}
|
|
PYTHONHASHSEED=0
|
|
OS_TEST_PATH=senlin/tests/tempest/api
|
|
commands =
|
|
find . -type f -name "*.pyc" -delete
|
|
ostestr --slowest {posargs}
|
|
|
|
[testenv:functional]
|
|
setenv = VIRTUAL_ENV={envdir}
|
|
PYTHONHASHSEED=0
|
|
OS_TEST_PATH=senlin/tests/tempest/functional
|
|
# By default ostestr will set concurrency
|
|
# to ncpu, to specify something else use
|
|
# the concurrency=<n> option.
|
|
# call ie: 'tox -efunctional -- --concurrency=4'
|
|
commands =
|
|
find . -type f -name "*.pyc" -delete
|
|
ostestr --slowest {posargs}
|
|
|
|
[testenv:debug]
|
|
commands = oslo_debug_helper {posargs}
|
|
|
|
[testenv:debug-py27]
|
|
basepython = python2.7
|
|
commands = oslo_debug_helper {posargs}
|
|
|
|
[testenv:debug-py34]
|
|
basepython = python3.4
|
|
commands = oslo_debug_helper {posargs}
|
|
|
|
[testenv:debug-py35]
|
|
basepython = python3.5
|
|
commands = oslo_debug_helper {posargs}
|
|
|
|
[testenv:pep8]
|
|
commands =
|
|
flake8 senlin
|
|
# Check that .po and .pot files are valid:
|
|
bash -c "find senlin -type f -regex '.*\.pot?' -print0|xargs -0 -n 1 msgfmt --check-format -o /dev/null"
|
|
|
|
[testenv:genconfig]
|
|
envdir = {toxworkdir}/venv
|
|
commands =
|
|
{toxinidir}/tools/gen-config
|
|
|
|
[testenv:venv]
|
|
commands = {posargs}
|
|
|
|
[testenv:cover]
|
|
setenv = VIRTUAL_ENV={envdir}
|
|
commands = {toxinidir}/tools/cover.sh {posargs}
|
|
|
|
[testenv:docs]
|
|
deps = -r{toxinidir}/test-requirements.txt
|
|
sphinxcontrib-httpdomain
|
|
commands =
|
|
rm -rf doc/build
|
|
python setup.py build_sphinx
|
|
|
|
whitelist_externals = rm
|
|
|
|
[testenv:releasenotes]
|
|
commands = sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html
|
|
|
|
[testenv:api-ref]
|
|
commands =
|
|
sphinx-build -W -b html -d api-ref/build/doctrees api-ref/source api-ref/build/html
|
|
|
|
[flake8]
|
|
# Temporarily disable complaints about docstring for public module/class/method
|
|
ignore = D100,D101,D102,D103,D104,D105,D200,D201,D202,D204,D205,D300,D301,D400,D401
|
|
show-source = true
|
|
exclude=.venv,.git,.tox,cover,dist,*lib/python*,*egg,tools,build,releasenotes
|
|
max-complexity=20
|
|
|
|
[hacking]
|
|
local-check-factory = senlin.hacking.checks.factory
|
|
import_exceptions = senlin.common.i18n
|
|
|
|
[testenv:bandit]
|
|
deps = -r{toxinidir}/test-requirements.txt
|
|
commands = bandit -r senlin -x tests -s B101,B104,B110,B310,B311,B506
|