Enable bandit for utitilies

Story: 2008929 Task: 42530 Change-Id: Id63488414ae16b384549fcf8cbd9805b5b1a81ad Signed-off-by: Chen, Haochuan Z <haochuan.z.chen@intel.com>
2021-05-27 07:46:09 +08:00 · 2021-05-27 07:46:09 +08:00 · 93f3fe6009
parent 931887828b
commit 93f3fe6009
5 changed files with 35 additions and 0 deletions
--- a/.zuul.yaml
+++ b/.zuul.yaml
@ -4,10 +4,12 @@
      jobs:
        - openstack-tox-linters
        - stx-tox-pylint
+        - utilities-ceph-manager-tox-bandit
    gate:
      jobs:
        - openstack-tox-linters
        - stx-tox-pylint
+        - utilities-ceph-manager-tox-bandit
    post:
      jobs:
        - stx-utilities-upload-git-mirror
@ -35,6 +37,18 @@
        secret: stx-utilities-github-secret
        pass-to-parent: true

+- job:
+    name: utilities-ceph-manager-tox-bandit
+    parent: tox
+    description: |
+      Run bandit test for utilities
+    nodeset: ubuntu-bionic
+    files:
+      - ./ceph/ceph-manager/ceph-manager/*
+    vars:
+      tox_envlist: bandit
+      tox_extra_args: -c ./ceph/ceph-manager/ceph-manager/tox.ini
+
 - secret:
    name: stx-utilities-github-secret
    data:
--- a/ceph/ceph-manager/ceph-manager/tox.ini
+++ b/ceph/ceph-manager/ceph-manager/tox.ini
@ -22,3 +22,11 @@ commands =

 [flake8]
 exclude = .venv,.git,.tox,dist,doc,etc,*glance/locale*,*lib/python*,*egg,build
+
+[bandit]
+exclude = tests
+
+[testenv:bandit]
+basepython = python3
+deps = -r{toxinidir}/test-requirements.txt
+commands = bandit --ini tox.ini -n 5 -r ceph_manager
--- a/ceph/python-cephclient/python-cephclient/tox.ini
+++ b/ceph/python-cephclient/python-cephclient/tox.ini
@ -17,3 +17,11 @@ commands =

 [flake8]
 exclude = .venv,.git,.tox,dist,doc,*lib/python*,*egg,build
+
+[bandit]
+exclude = tests
+
+[testenv:bandit]
+basepython = python3
+deps = -r{toxinidir}/test-requirements.txt
+commands = bandit --ini tox.ini -n 5 -r cephclient
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -1,5 +1,6 @@
 # hacking pulls in flake8
 hacking>=1.1.0,<=2.0.0 # Apache-2.0
+bandit;python_version>="3.0"
 bashate >= 0.2
 isort<5;python_version>="3.0"
 pylint<2.1.0;python_version<"3.0" # GPLv2
--- a/tox.ini
+++ b/tox.ini
@ -98,3 +98,7 @@ commands = pylint {posargs}                                          \
 commands =
    {[testenv:bashate]commands}
    {[testenv:flake8]commands}
+
+[testenv:bandit]
+basepython = python3
+description = Dummy environment to allow bandit to be run in subdir tox