Tox and Zuul cleanup for python3.9

Added in the following tox targets for fm-rest-api:
 - bandit
 - flake8 / pep8
 - pylint (suppressing most of the codes)

All the tox targets run on python3
The test-requirements.txt have been updated
The StarlingX Debian upper constraints are utilized.
The spec-lint (rpm) job is removed from Zuul.

Zuul runs pylint for sub directories
Bandit exclusions are updated.

Included a change to a .py file to trigger
the bandit zuul job.

Test Plan (for fm-rest-api)
  PASS: tox -e bandit
  PASS: tox -e coverage
  PASS: tox -e flake8
  PASS: tox -e pylint

Story: 2010531
Task: 47575
Signed-off-by: Al Bailey <al.bailey@windriver.com>
Change-Id: I7ecaf1c90495b283c26e02e3b481bfe4c77c3939
This commit is contained in:
Al Bailey 2023-02-09 18:54:15 +00:00
parent bd8857357b
commit e5a8ba7ff4
8 changed files with 751 additions and 151 deletions

View File

@ -5,7 +5,6 @@
- publish-stx-docs
- stx-api-ref-jobs
- stx-release-notes-jobs
- stx-lint-specfile-jobs
- stx-bandit-jobs
check:
jobs:
@ -42,7 +41,7 @@
parent: tox
description: |
Run pylint for python files in fault
nodeset: ubuntu-bionic
nodeset: debian-bullseye
required-projects:
- starlingx/config
vars:

View File

@ -1,6 +1,6 @@
# -*- encoding: utf-8 -*-
#
# Copyright (c) 2014 Wind River Systems, Inc.
# Copyright (c) 2014-2022 Wind River Systems, Inc.
#
# Author:
#

663
fm-rest-api/fm/pylint.rc Normal file
View File

@ -0,0 +1,663 @@
[MAIN]
# Analyse import fallback blocks. This can be used to support both Python 2 and
# 3 compatible code, which means that the block might have code that exists
# only in one or another interpreter, leading to false positives when analysed.
analyse-fallback-blocks=no
# Clear in-memory caches upon conclusion of linting. Useful if running pylint
# in a server-like mode.
clear-cache-post-run=no
# Load and enable all available extensions. Use --list-extensions to see a list
# all available extensions.
#enable-all-extensions=
# In error mode, messages with a category besides ERROR or FATAL are
# suppressed, and no reports are done by default. Error mode is compatible with
# disabling specific errors.
#errors-only=
# Always return a 0 (non-error) status code, even if lint errors are found.
# This is primarily useful in continuous integration scripts.
#exit-zero=
# A comma-separated list of package or module names from where C extensions may
# be loaded. Extensions are loading into the active Python interpreter and may
# run arbitrary code.
extension-pkg-allow-list=
# A comma-separated list of package or module names from where C extensions may
# be loaded. Extensions are loading into the active Python interpreter and may
# run arbitrary code. (This is an alternative name to extension-pkg-allow-list
# for backward compatibility.)
extension-pkg-whitelist=
# Return non-zero exit code if any of these messages/categories are detected,
# even if score is above --fail-under value. Syntax same as enable. Messages
# specified are enabled, while categories only check already-enabled messages.
fail-on=
# Specify a score threshold under which the program will exit with error.
fail-under=10
# Interpret the stdin as a python script, whose filename needs to be passed as
# the module_or_package argument.
#from-stdin=
# Files or directories to be skipped. They should be base names, not paths.
ignore=CVS
# Add files or directories matching the regular expressions patterns to the
# ignore-list. The regex matches against paths and can be in Posix or Windows
# format. Because '\\' represents the directory delimiter on Windows systems,
# it can't be used as an escape character.
ignore-paths=
# Files or directories matching the regular expression patterns are skipped.
# The regex matches against base names, not paths. The default value ignores
# Emacs file locks
ignore-patterns=^\.#
# List of module names for which member attributes should not be checked
# (useful for modules/projects where namespaces are manipulated during runtime
# and thus existing member attributes cannot be deduced by static analysis). It
# supports qualified module names, as well as Unix pattern matching.
ignored-modules=
# Python code to execute, usually for sys.path manipulation such as
# pygtk.require().
#init-hook=
# Use multiple processes to speed up Pylint. Specifying 0 will auto-detect the
# number of processors available to use, and will cap the count on Windows to
# avoid hangs.
jobs=1
# Control the amount of potential inferred values when inferring a single
# object. This can help the performance when dealing with large functions or
# complex, nested conditions.
limit-inference-results=100
# List of plugins (as comma separated values of python module names) to load,
# usually to register additional checkers.
load-plugins=
# Pickle collected data for later comparisons.
persistent=yes
# Minimum Python version to use for version dependent checks. Will default to
# the version used to run pylint.
py-version=3.9
# Discover python modules and packages in the file system subtree.
recursive=no
# When enabled, pylint would attempt to guess common misconfiguration and emit
# user-friendly hints instead of false-positive error messages.
suggestion-mode=yes
# Allow loading of arbitrary C extensions. Extensions are imported into the
# active Python interpreter and may run arbitrary code.
unsafe-load-any-extension=no
# In verbose mode, extra non-checker-related info will be displayed.
#verbose=
[BASIC]
# Naming style matching correct argument names.
argument-naming-style=snake_case
# Regular expression matching correct argument names. Overrides argument-
# naming-style. If left empty, argument names will be checked with the set
# naming style.
#argument-rgx=
# Naming style matching correct attribute names.
attr-naming-style=snake_case
# Regular expression matching correct attribute names. Overrides attr-naming-
# style. If left empty, attribute names will be checked with the set naming
# style.
#attr-rgx=
# Bad variable names which should always be refused, separated by a comma.
bad-names=foo,
bar,
baz,
toto,
tutu,
tata
# Bad variable names regexes, separated by a comma. If names match any regex,
# they will always be refused
bad-names-rgxs=
# Naming style matching correct class attribute names.
class-attribute-naming-style=any
# Regular expression matching correct class attribute names. Overrides class-
# attribute-naming-style. If left empty, class attribute names will be checked
# with the set naming style.
#class-attribute-rgx=
# Naming style matching correct class constant names.
class-const-naming-style=UPPER_CASE
# Regular expression matching correct class constant names. Overrides class-
# const-naming-style. If left empty, class constant names will be checked with
# the set naming style.
#class-const-rgx=
# Naming style matching correct class names.
class-naming-style=PascalCase
# Regular expression matching correct class names. Overrides class-naming-
# style. If left empty, class names will be checked with the set naming style.
#class-rgx=
# Naming style matching correct constant names.
const-naming-style=UPPER_CASE
# Regular expression matching correct constant names. Overrides const-naming-
# style. If left empty, constant names will be checked with the set naming
# style.
#const-rgx=
# Minimum line length for functions/classes that require docstrings, shorter
# ones are exempt.
docstring-min-length=-1
# Naming style matching correct function names.
function-naming-style=snake_case
# Regular expression matching correct function names. Overrides function-
# naming-style. If left empty, function names will be checked with the set
# naming style.
#function-rgx=
# Good variable names which should always be accepted, separated by a comma.
good-names=i,
j,
k,
ex,
Run,
_
# Good variable names regexes, separated by a comma. If names match any regex,
# they will always be accepted
good-names-rgxs=
# Include a hint for the correct naming format with invalid-name.
include-naming-hint=no
# Naming style matching correct inline iteration names.
inlinevar-naming-style=any
# Regular expression matching correct inline iteration names. Overrides
# inlinevar-naming-style. If left empty, inline iteration names will be checked
# with the set naming style.
#inlinevar-rgx=
# Naming style matching correct method names.
method-naming-style=snake_case
# Regular expression matching correct method names. Overrides method-naming-
# style. If left empty, method names will be checked with the set naming style.
#method-rgx=
# Naming style matching correct module names.
module-naming-style=snake_case
# Regular expression matching correct module names. Overrides module-naming-
# style. If left empty, module names will be checked with the set naming style.
#module-rgx=
# Colon-delimited sets of names that determine each other's naming style when
# the name regexes allow several styles.
name-group=
# Regular expression which should only match function or class names that do
# not require a docstring.
no-docstring-rgx=^_
# List of decorators that produce properties, such as abc.abstractproperty. Add
# to this list to register other decorators that produce valid properties.
# These decorators are taken in consideration only for invalid-name.
property-classes=abc.abstractproperty
# Regular expression matching correct type variable names. If left empty, type
# variable names will be checked with the set naming style.
#typevar-rgx=
# Naming style matching correct variable names.
variable-naming-style=snake_case
# Regular expression matching correct variable names. Overrides variable-
# naming-style. If left empty, variable names will be checked with the set
# naming style.
#variable-rgx=
[CLASSES]
# Warn about protected attribute access inside special methods
check-protected-access-in-special-methods=no
# List of method names used to declare (i.e. assign) instance attributes.
defining-attr-methods=__init__,
__new__,
setUp,
__post_init__
# List of member names, which should be excluded from the protected access
# warning.
exclude-protected=_asdict,
_fields,
_replace,
_source,
_make
# List of valid names for the first argument in a class method.
valid-classmethod-first-arg=cls
# List of valid names for the first argument in a metaclass class method.
valid-metaclass-classmethod-first-arg=mcs
[DESIGN]
# List of regular expressions of class ancestor names to ignore when counting
# public methods (see R0903)
exclude-too-few-public-methods=
# List of qualified class names to ignore when counting class parents (see
# R0901)
ignored-parents=
# Maximum number of arguments for function / method.
max-args=5
# Maximum number of attributes for a class (see R0902).
max-attributes=7
# Maximum number of boolean expressions in an if statement (see R0916).
max-bool-expr=5
# Maximum number of branch for function / method body.
max-branches=12
# Maximum number of locals for function / method body.
max-locals=15
# Maximum number of parents for a class (see R0901).
max-parents=7
# Maximum number of public methods for a class (see R0904).
max-public-methods=20
# Maximum number of return / yield for function / method body.
max-returns=6
# Maximum number of statements in function / method body.
max-statements=50
# Minimum number of public methods for a class (see R0903).
min-public-methods=2
[EXCEPTIONS]
# Exceptions that will emit a warning when caught.
overgeneral-exceptions=builtins.BaseException,builtins.Exception
[FORMAT]
# Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
expected-line-ending-format=
# Regexp for a line that is allowed to be longer than the limit.
ignore-long-lines=^\s*(# )?<?https?://\S+>?$
# Number of spaces of indent required inside a hanging or continued line.
indent-after-paren=4
# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1
# tab).
indent-string=' '
# Maximum number of characters on a single line.
max-line-length=100
# Maximum number of lines in a module.
max-module-lines=1000
# Allow the body of a class to be on the same line as the declaration if body
# contains single statement.
single-line-class-stmt=no
# Allow the body of an if to be on the same line as the test if there is no
# else.
single-line-if-stmt=no
[IMPORTS]
# List of modules that can be imported at any level, not just the top level
# one.
allow-any-import-level=
# Allow explicit reexports by alias from a package __init__.
allow-reexport-from-package=no
# Allow wildcard imports from modules that define __all__.
allow-wildcard-with-all=no
# Deprecated modules which should not be used, separated by a comma.
deprecated-modules=
# Output a graph (.gv or any supported image format) of external dependencies
# to the given file (report RP0402 must not be disabled).
ext-import-graph=
# Output a graph (.gv or any supported image format) of all (i.e. internal and
# external) dependencies to the given file (report RP0402 must not be
# disabled).
import-graph=
# Output a graph (.gv or any supported image format) of internal dependencies
# to the given file (report RP0402 must not be disabled).
int-import-graph=
# Force import order to recognize a module as part of the standard
# compatibility libraries.
known-standard-library=
# Force import order to recognize a module as part of a third party library.
known-third-party=enchant
# Couples of modules and preferred modules, separated by a comma.
preferred-modules=
[LOGGING]
# The type of string formatting that logging methods do. `old` means using %
# formatting, `new` is for `{}` formatting.
logging-format-style=old
# Logging modules to check that the string format arguments are in logging
# function parameter format.
logging-modules=logging
[MESSAGES CONTROL]
# Only show warnings with the listed confidence levels. Leave empty to show
# all. Valid levels: HIGH, CONTROL_FLOW, INFERENCE, INFERENCE_FAILURE,
# UNDEFINED.
confidence=HIGH,
CONTROL_FLOW,
INFERENCE,
INFERENCE_FAILURE,
UNDEFINED
# Disable the message, report, category or checker with the given id(s). You
# can either give multiple identifiers separated by comma (,) or put this
# option multiple times (only on the command line, not in the configuration
# file where it should appear only once). You can also use "--disable=all" to
# disable everything first and then re-enable specific checks. For example, if
# you want to run only the similarities checker, you can use "--disable=all
# --enable=similarities". If you want to run only the classes checker, but have
# no Warning level messages displayed, use "--disable=all --enable=classes
# --disable=W".
disable=
C0103, # invalid-name
C0113, # unneeded-not
C0114, # missing-module-docstring
C0115, # missing-class-docstring
C0116, # missing-function-docstring
C0202, # bad-classmethod-argument
C0206, # consider-using-dict-items
C0209, # consider-using-fstring
C0411, # wrong-import-order
C0412, # ungrouped-imports
C0413, # wrong-import-position
C0415, # import-outside-toplevel
R0205, # useless-object-inheritance
R0801, # similar-lines
R0902, # too-many-instance-attributes
R0903, # too-few-public-methods
R0913, # too-many-arguments
R0914, # too-many-locals
R1705, # no-else-return
R1714, # consider-using-in
R1720, # no-else-raise
R1725, # super-with-arguments
R1729, # use-a-generator
W0102, # dangerous-default-value !!!
W0106, # expression-not-assigned
W0107, # unnecessary-pass
W0221, # arguments-differ
W0223, # abstract-method
W0231, # super-init-not-called
W0237, # arguments-renamed
W0246, # useless-parent-delegation
W0602, # global-variable-not-assigned
W0603, # global-statement
W0613, # unused-argument
W0621, # redefining-outer-name
W0622, # redefined-builtin
W0707, # raise-missing-from
W0718, # broad-exception-caught
W0719, # broad-exception-raised
W1401, # anomalous-backslash-in-string
W4902, # deprecated-method !!!
E0604, # invalid-all-object
E1101, # no-member
E1121, # too-many-function-args
E1123 # unexpected-keyword-arg
# Enable the message, report, category or checker with the given id(s). You can
# either give multiple identifier separated by comma (,) or put this option
# multiple time (only on the command line, not in the configuration file where
# it should appear only once). See also the "--disable" option for examples.
enable=c-extension-no-member
[METHOD_ARGS]
# List of qualified names (i.e., library.method) which require a timeout
# parameter e.g. 'requests.api.get,requests.api.post'
timeout-methods=requests.api.delete,requests.api.get,requests.api.head,requests.api.options,requests.api.patch,requests.api.post,requests.api.put,requests.api.request
[MISCELLANEOUS]
# List of note tags to take in consideration, separated by a comma.
notes=FIXME,
XXX,
TODO
# Regular expression of note tags to take in consideration.
notes-rgx=
[REFACTORING]
# Maximum number of nested blocks for function / method body
max-nested-blocks=5
# Complete name of functions that never returns. When checking for
# inconsistent-return-statements if a never returning function is called then
# it will be considered as an explicit return statement and no message will be
# printed.
never-returning-functions=sys.exit,argparse.parse_error
[REPORTS]
# Python expression which should return a score less than or equal to 10. You
# have access to the variables 'fatal', 'error', 'warning', 'refactor',
# 'convention', and 'info' which contain the number of messages in each
# category, as well as 'statement' which is the total number of statements
# analyzed. This score is used by the global evaluation report (RP0004).
evaluation=max(0, 0 if fatal else 10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10))
# Template used to display messages. This is a python new-style format string
# used to format the message information. See doc for all details.
msg-template=
# Set the output format. Available formats are text, parseable, colorized, json
# and msvs (visual studio). You can also give a reporter class, e.g.
# mypackage.mymodule.MyReporterClass.
#output-format=
# Tells whether to display a full report or only the messages.
reports=no
# Activate the evaluation score.
score=yes
[SIMILARITIES]
# Comments are removed from the similarity computation
ignore-comments=yes
# Docstrings are removed from the similarity computation
ignore-docstrings=yes
# Imports are removed from the similarity computation
ignore-imports=yes
# Signatures are removed from the similarity computation
ignore-signatures=yes
# Minimum lines number of a similarity.
min-similarity-lines=4
[SPELLING]
# Limits count of emitted suggestions for spelling mistakes.
max-spelling-suggestions=4
# Spelling dictionary name. Available dictionaries: none. To make it work,
# install the 'python-enchant' package.
spelling-dict=
# List of comma separated words that should be considered directives if they
# appear at the beginning of a comment and should not be checked.
spelling-ignore-comment-directives=fmt: on,fmt: off,noqa:,noqa,nosec,isort:skip,mypy:
# List of comma separated words that should not be checked.
spelling-ignore-words=
# A path to a file that contains the private dictionary; one word per line.
spelling-private-dict-file=
# Tells whether to store unknown words to the private dictionary (see the
# --spelling-private-dict-file option) instead of raising a message.
spelling-store-unknown-words=no
[STRING]
# This flag controls whether inconsistent-quotes generates a warning when the
# character used as a quote delimiter is used inconsistently within a module.
check-quote-consistency=no
# This flag controls whether the implicit-str-concat should generate a warning
# on implicit string concatenation in sequences defined over several lines.
check-str-concat-over-line-jumps=no
[TYPECHECK]
# List of decorators that produce context managers, such as
# contextlib.contextmanager. Add to this list to register other decorators that
# produce valid context managers.
contextmanager-decorators=contextlib.contextmanager
# List of members which are set dynamically and missed by pylint inference
# system, and so shouldn't trigger E1101 when accessed. Python regular
# expressions are accepted.
generated-members=
# Tells whether to warn about missing members when the owner of the attribute
# is inferred to be None.
ignore-none=yes
# This flag controls whether pylint should warn about no-member and similar
# checks whenever an opaque object is returned when inferring. The inference
# can return multiple potential results while evaluating a Python object, but
# some branches might not be evaluated, which results in partial inference. In
# that case, it might be useful to still emit no-member and other checks for
# the rest of the inferred objects.
ignore-on-opaque-inference=yes
# List of symbolic message names to ignore for Mixin members.
ignored-checks-for-mixins=no-member,
not-async-context-manager,
not-context-manager,
attribute-defined-outside-init
# List of class names for which member attributes should not be checked (useful
# for classes with dynamically set attributes). This supports the use of
# qualified names.
ignored-classes=optparse.Values,thread._local,_thread._local,argparse.Namespace
# Show a hint with possible names when a member name was not found. The aspect
# of finding the hint is based on edit distance.
missing-member-hint=yes
# The minimum edit distance a name should have in order to be considered a
# similar match for a missing member name.
missing-member-hint-distance=1
# The total number of similar names that should be taken in consideration when
# showing a hint for a missing member.
missing-member-max-choices=1
# Regex pattern to define which classes are considered mixins.
mixin-class-rgx=.*[Mm]ixin
# List of decorators that change the signature of a decorated function.
signature-mutators=
[VARIABLES]
# List of additional names supposed to be defined in builtins. Remember that
# you should avoid defining new builtins when possible.
additional-builtins=
# Tells whether unused global variables should be treated as a violation.
allow-global-unused-variables=yes
# List of names allowed to shadow builtins
allowed-redefined-builtins=
# List of strings which can identify a callback function by name. A callback
# name must start or end with one of those strings.
callbacks=cb_,
_cb
# A regular expression matching the name of dummy variables (i.e. expected to
# not be used).
dummy-variables-rgx=_+$|(_[a-zA-Z0-9_]*[a-zA-Z0-9]+?$)|dummy|^ignored_|^unused_
# Argument names that match this expression will be ignored.
ignored-argument-names=_.*|^ignored_|^unused_
# Tells whether we should check for unused import in __init__ files.
init-import=no
# List of qualified module names which can have objects that can redefine
# builtins.
redefining-builtins-modules=six.moves,past.builtins,future.builtins,builtins,io

View File

@ -1,7 +1,13 @@
hacking!=0.13.0,<0.14,>=0.12.0
bashate >= 0.2
# The order of packages is significant, because pip processes them in the order
# of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later.
hacking>=1.1.0,<=2.0.0 # Apache-2.0
bashate
bandit
coverage
pylint
PyYAML >= 3.1.0
yamllint<1.26.1;python_version>="3.0" # GPLv2
yamllint<1.26.1
stestr != 3.0.0
testtools!=1.2.0,>=0.9.36
iso8601

View File

@ -1,16 +1,17 @@
[tox]
envlist = py27,py36,py39
envlist = flake8,py39,bandit,pylint
minversion = 2.3
skipsdist = True
stxdir = {toxinidir}/../../../
[testenv]
basepython = python3
install_command = pip install -U {opts} {packages}
setenv = VIRTUAL_ENV={envdir}
OS_STDOUT_CAPTURE=1
OS_STDERR_CAPTURE=1
OS_TEST_TIMEOUT=60
deps = -chttps://opendev.org/openstack/requirements/raw/branch/stable/stein/upper-constraints.txt
deps = -chttps://opendev.org/starlingx/root/raw/branch/master/build-tools/requirements/debian/upper-constraints.txt
-r{toxinidir}/test-requirements.txt
-e{[tox]stxdir}/config/tsconfig/tsconfig
-e{[tox]stxdir}/config/sysinv/cgts-client/cgts-client
@ -18,39 +19,55 @@ deps = -chttps://opendev.org/openstack/requirements/raw/branch/stable/stein/uppe
-e{[tox]stxdir}/fault/fm-rest-api/fm
[testenv:venv]
basepython = python3
commands = {posargs}
[testenv:py27]
basepython = python2.7
commands =
stestr run {posargs}
stestr slowest
[bandit]
# B101 assert_used
# B104 hardcoded_bind_all_interfaces
# B314 blacklist xml.etree
skips = B101,B104,B314
exclude = tests
[testenv:py36]
basepython = python3.6
commands =
stestr run {posargs}
stestr slowest
[testenv:bandit]
commands = bandit --ini tox.ini -n 5 -r fm
[flake8]
# WE WANT TO ENABLE H106: Don't put vim configuration in source files (off by default).
# WE WANT TO ENABLE H904 Delay string interpolations at logging calls (off by default)
# H203: Use assertIs(Not)None to check for None (off by default).
enable-extensions = H203
exclude = .venv,.git,.tox,dist,doc,*lib/python*,*egg,build,release-tag-*
# the following are ignored. These may be cleaned up in a future commit
# H104: File contains nothing but comments
# H105: Don't use author tags
# H301: one import per line
# H306: imports not in alphabetical order
# H401: docstring should not start with a space
# H404: multi line docstring should start without a leading new line
# H405: multi line docstring summary not separated with an empty line
# W504: line break after binary operator
# W605 invalid escape sequence
ignore = H104,H105,H301,H306,H401,H404,H405,W504,W605
# auth_token.py is 99 chars wide. The max length can be reduced as the files are updated
max-line-length = 99
show-source = True
[testenv:flake8]
commands = flake8 {posargs}
[testenv:pep8]
commands = flake8 {posargs}
[testenv:py39]
basepython = python3.9
deps = -chttps://opendev.org/starlingx/root/raw/branch/master/build-tools/requirements/debian/upper-constraints.txt
-r{toxinidir}/test-requirements.txt
-e{[tox]stxdir}/config/tsconfig/tsconfig
-e{[tox]stxdir}/config/sysinv/cgts-client/cgts-client
-e{[tox]stxdir}/fault/fm-api/source
-e{[tox]stxdir}/fault/fm-rest-api/fm
commands =
stestr run {posargs}
stestr slowest
[testenv:cover]
deps = {[testenv]deps}
coverage
setenv = {[testenv]setenv}
PYTHON=coverage run --parallel-mode
commands =
coverage erase
stestr run {posargs}
@ -59,6 +76,9 @@ commands =
coverage xml -o cover/coverage.xml
coverage report
[testenv:pylint]
commands = pylint fm --rcfile=./pylint.rc
[testenv:bindep]
# Do not install any requirements. We want this to be fast and work even if
# system dependencies are missing, since it's used to tell you what system

111
pylint.rc
View File

@ -34,87 +34,6 @@ extension-pkg-whitelist=lxml.etree,greenlet
# Enable the message, report, category or checker with the given id(s). You can
# either give multiple identifier separated by comma (,) or put this option
# multiple time.
#
# Python3 checker:
#
# E1601: print-statement
# E1602: parameter-unpacking
# E1603: unpacking-in-except
# E1604: old-raise-syntax
# E1605: backtick
# E1606: long-suffix
# E1607: old-ne-operator
# E1608: old-octal-literal
# E1609: import-star-module-level
# E1610: non-ascii-bytes-literal
# E1611: invalid-unicode-literal
# W1601: apply-builtin
# W1602: basestring-builtin
# W1603: buffer-builtin
# W1604: cmp-builtin
# W1605: coerce-builtin
# W1606: execfile-builtin
# W1607: file-builtin
# W1608: long-builtin
# W1609: raw_input-builtin
# W1610: reduce-builtin
# W1611: standarderror-builtin
# W1612: unicode-builtin
# W1613: xrange-builtin
# W1614: coerce-method
# W1615: delslice-method
# W1616: getslice-method
# W1617: setslice-method
# W1618: no-absolute-import
# W1619: old-division
# W1620: dict-iter-method
# W1621: dict-view-method
# W1622: next-method-called
# W1623: metaclass-assignment
# W1624: indexing-exception
# W1625: raising-string
# W1626: reload-builtin
# W1627: oct-method
# W1628: hex-method
# W1629: nonzero-method
# W1630: cmp-method
# W1632: input-builtin
# W1633: round-builtin
# W1634: intern-builtin
# W1635: unichr-builtin
# W1636: map-builtin-not-iterating
# W1637: zip-builtin-not-iterating
# W1638: range-builtin-not-iterating
# W1639: filter-builtin-not-iterating
# W1640: using-cmp-argument
# W1641: eq-without-hash
# W1642: div-method
# W1643: idiv-method
# W1644: rdiv-method
# W1645: exception-message-attribute
# W1646: invalid-str-codec
# W1647: sys-max-int
# W1648: bad-python3-import
# W1649: deprecated-string-function
# W1650: deprecated-str-translate-call
# W1651: deprecated-itertools-function
# W1652: deprecated-types-field
# W1653: next-method-defined
# W1654: dict-items-not-iterating
# W1655: dict-keys-not-iterating
# W1656: dict-values-not-iterating
# W1657: deprecated-operator-function
# W1658: deprecated-urllib-function
# W1659: xreadlines-attribute
# W1660: deprecated-sys-function
# W1661: exception-escape
# W1662: comprehension-escape
enable=E1603,E1609,E1610,E1602,E1606,E1608,E1607,E1605,E1604,E1601,E1611,W1652,
W1651,W1649,W1657,W1660,W1658,W1659,W1623,W1622,W1620,W1621,W1645,W1641,
W1624,W1648,W1625,W1611,W1662,W1661,W1650,W1640,W1630,W1614,W1615,W1642,
W1616,W1628,W1643,W1629,W1627,W1644,W1617,W1601,W1602,W1603,W1604,W1605,
W1654,W1655,W1656,W1619,W1606,W1607,W1639,W1618,W1632,W1634,W1608,W1636,
W1653,W1646,W1638,W1609,W1610,W1626,W1633,W1647,W1635,W1612,W1613,W1637
# Disable the message, report, category or checker with the given id(s). You
# can either give multiple identifier separated by comma (,) or put this option
@ -128,7 +47,6 @@ enable=E1603,E1609,E1610,E1602,E1606,E1608,E1607,E1605,E1604,E1601,E1611,W1652,
# W0102 dangerous-default-value
# W0106 expression-not-assigned
# W0107 unnecessary-pass
# W0110 deprecated-lambda
# W0201 attribute-defined-outside-init
# W0212 protected-access
# W0221 arguments-differ
@ -137,14 +55,17 @@ enable=E1603,E1609,E1610,E1602,E1606,E1608,E1607,E1605,E1604,E1601,E1611,W1652,
# W0237 arguments-renamed
# W0235 useless-super-delegation
# W0311 bad-indentation
# W0403 relative-import (this needs to be fixed in py3)
# W0602 global-variable-not-assigned
# W0603 global-statement
# W0612 unused-variable
# W0613 unused-argument
# W0621 redefined-outer-name
# W0622 redefined-builtin
# W0703 broad-except
# W0707 raise-missing-from
# W0719 broad-exception-raised
# W1401 anomalous-backslash-in-string
# W1514 unspecified-encoding
# W1618: no-absolute-import
# E are error codes
# E0604 invalid-all-object
@ -152,24 +73,20 @@ enable=E1603,E1609,E1610,E1602,E1606,E1608,E1607,E1605,E1604,E1601,E1611,W1652,
# E1102 not-callable
# E1120 no-value-for-parameter
# E1121 too-many-function-args
# E1123 unexpected-keyword-arg
# NOTE: these are suppressed until py3 support merges:
# W0143,W1505,E0604,E0611,E0702,E1136,E0401
disable=C, R, fixme,
W0102,W0106,W0107,W0110,W0201,W0212,W0221,W0223,W0231,
W0237,W0235,W0311,W0403,W0603,W0612,W0613,W0621,W0622,
W0703,W1401,W0143,W1505,W1618,E0604,E0611,E0702,E1136,
E0401,E0604,E1101,E1102,E1120,E1121
W0102,W0106,W0107,W0201,W0212,W0221,W0223,W0231,
W0237,W0235,W0311,W0602,W0603,W0612,W0613,W0621,W0622,
W0703,W0707,W0719,W1401,W0143,W1505,W1514,W1618,E0604,E0611,E0702,E1136,
E0401,E0604,E1101,E1102,E1120,E1121,E1123
[REPORTS]
# Set the output format. Available formats are text, parseable, colorized, msvs
# (visual studio) and html
output-format=text
# Put messages in a separate file for each module / package specified on the
# command line instead of printing them on stdout. Reports (if any) will be
# written in a file name "pylint_global.[txt|html]".
files-output=no
# Tells whether to display a full report or only the messages
reports=yes
@ -228,9 +145,6 @@ generated-members=REQUEST,acl_users,aq_parent
[BASIC]
# List of builtins function names that should not be used, separated by a comma
bad-functions=map,filter,apply,input
# Regular expression which should only match correct module names
module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
@ -320,7 +234,7 @@ max-locals=15
max-returns=6
# Maximum number of branch for function / method body
max-branchs=12
max-branches=12
# Maximum number of statements in function / method body
max-statements=50
@ -347,6 +261,5 @@ valid-classmethod-first-arg=cls
[EXCEPTIONS]
# Exceptions that will emit a warning when being caught. Defaults to
# "Exception"
overgeneral-exceptions=Exception
# Exceptions that will emit a warning when caught.
overgeneral-exceptions=builtins.BaseException,builtins.Exception

View File

@ -1,9 +1,10 @@
# The order of packages is significant, because pip processes them in the order
# of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later.
hacking<4.0.1
bandit
bashate >= 0.2
mock
pylint
PyYAML >= 3.1.0
astroid<= 2.2.5;python_version>="3.0" # GPLv2
bandit;python_version>="3.5"
isort<5;python_version>="3.5"
pylint<2.4.0;python_version>="3.0" # GPLv2
yamllint<1.26.1;python_version>="3.0" # GPLv2
yamllint<1.26.1

36
tox.ini
View File

@ -1,5 +1,5 @@
[tox]
envlist = linters,pep8,pylint,rpm-packaging-lint
envlist = linters,pep8,pylint
minversion = 2.3
skipsdist = True
stxdir = {toxinidir}/../
@ -7,7 +7,7 @@ stxdir = {toxinidir}/../
[testenv]
usedevelop = False
install_command = pip install \
-c{env:UPPER_CONSTRAINTS_FILE:https://opendev.org/openstack/requirements/raw/branch/stable/stein/upper-constraints.txt} \
-c{env:UPPER_CONSTRAINTS_FILE:https://opendev.org/starlingx/root/raw/branch/master/build-tools/requirements/debian/upper-constraints.txt} \
{opts} {packages}
setenv = VIRTUAL_ENV={envdir}
OS_STDOUT_CAPTURE=1
@ -15,21 +15,6 @@ setenv = VIRTUAL_ENV={envdir}
OS_TEST_TIMEOUT=60
deps = -r{toxinidir}/test-requirements.txt
[testenv:rpm-packaging-lint]
basepython = python3
setenv =
VIRTUAL_ENV={envdir}
LC_ALL=en_US.utf-8
deps = -r{toxinidir}/test-requirements.txt
allowlist_externals = bash
commands =
bash -c 'if [ -d {toxinidir}/../zuul-jobs ]; then \
find . \
-not \( -type d -name .?\* -prune \) \
-not \( -type d -name centos -prune \) \
-type f -name \*.spec \
-print0 | xargs -0 {toxinidir}/../zuul-jobs/scripts/speclint.sh; \
fi'
[testenv:linters]
basepython = python3
@ -162,8 +147,21 @@ basepython = python3
allowlist_externals = cat
commands = cat /etc/fm/fm.conf
[bandit]
# B101 assert_used
# B104 hardcoded_bind_all_interfaces
# B110 try_except_pass
# B324 hashlib
# B314 blacklist xml
# B506 yaml_load
skips = B101,B104,B110,B314,B324,B506
exclude=.tox,.eggs
[testenv:bandit]
basepython = python3
description = Bandit code scan for *.py files under config folder
description = Bandit code scan for *.py files
deps = -r{toxinidir}/test-requirements.txt
commands = bandit -r {toxinidir}/ -x '**/.tox/**',**/.eggs/** -lll
commands = bandit --ini tox.ini -r fm-api/source/fm_api \
fm-common/sources/fm_db_sync_event_suppression.py \
fm-rest-api/fm/fm \
python-fmclient/fmclient/fmclient