Upgrade for stable/stein branch

* Added bandit to find common security issues in 'tox.ini'. * Updated test-requirements.txt with relevant 'stable/stein' branch libraries. * Added zuul jobs w.r.t. 'stable/stein' release. * Added F601,W503,W504,W605 errors in flake8 ignore. Change-Id: I0a1ef1f9b99dce8fa95c74e21df119069b6dcbe4
2020-06-17 17:13:58 +05:30
parent 366ab2bfdb
commit 6bad01e32d
4 changed files with 27 additions and 13 deletions
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -14,26 +14,26 @@
        - openstack-tox-pep8:
            required-projects:
              - name: openstack/requirements
-                override-checkout: stable/rocky
+                override-checkout: stable/stein
        - openstack-tox-py27:
            required-projects:
              - name: openstack/requirements
-                override-checkout: stable/rocky
+                override-checkout: stable/stein
        - openstack-tox-py35:
            required-projects:
              - name: openstack/requirements
-                override-checkout: stable/rocky
+                override-checkout: stable/stein
    gate:
      jobs:
        - openstack-tox-pep8:
            required-projects:
              - name: openstack/requirements
-                override-checkout: stable/rocky
+                override-checkout: stable/stein
        - openstack-tox-py27:
            required-projects:
              - name: openstack/requirements
-                override-checkout: stable/rocky
+                override-checkout: stable/stein
        - openstack-tox-py35:
            required-projects:
              - name: openstack/requirements
-                override-checkout: stable/rocky
+                override-checkout: stable/stein
--- a/gbpclient/gbp/v2_0/groupbasedpolicy.py
+++ b/gbpclient/gbp/v2_0/groupbasedpolicy.py
@@ -596,7 +596,7 @@ class CreateL3Policy(neutronV20.CreateCommand):
                    self.get_client(), 'external_segment',
                    list(external_segment.keys())[0])
                ipaddrs = next(iter(external_segment.values()))
-                if ipaddrs is "":
+                if ipaddrs == "":
                    ipaddrs = []
                else:
                    ipaddrs = next(iter(external_segment.values())).split(':')
@@ -679,7 +679,7 @@ class UpdateL3Policy(neutronV20.UpdateCommand):
                    self.get_client(), 'external_segment',
                    list(external_segment.keys())[0])
                ipaddrs = next(iter(external_segment.values()))
-                if ipaddrs is "":
+                if ipaddrs == "":
                    ipaddrs = []
                else:
                    ipaddrs = next(iter(external_segment.values())).split(':')
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -1,8 +1,9 @@
 # The order of packages is significant, because pip processes them in the order
 # of appearance. Changing the order has an impact on the overall integration
 # process, which may cause wedges in the gate later.
-hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0
+hacking>=1.1.0 # Apache-2.0

+bandit>=1.1.0,<1.6.0 # Apache-2.0
 coverage!=4.4,>=4.0 # Apache-2.0
 flake8-import-order==0.12 # LGPLv3
 httpretty>=0.8.0,!=0.8.1,!=0.8.2,!=0.8.3
@@ -10,7 +11,7 @@ oslotest>=3.2.0 # Apache-2.0
 python-openstackclient>=3.12.0 # Apache-2.0
 sphinx!=1.6.6,>=1.6.2 # BSD
 oslosphinx>=4.7.0 # Apache-2.0
-stestr>=1.0.0 # Apache-2.0
+stestr>=2.0.0 # Apache-2.0
 testrepository>=0.0.18 # Apache-2.0/BSD
 testtools>=2.2.0 # MIT
 testscenarios>=0.4 # Apache-2.0/BSD
--- a/tox.ini
+++ b/tox.ini
@@ -11,14 +11,16 @@ setenv = VIRTUAL_ENV={envdir}
 usedevelop = True
 install_command = pip install {opts} {packages}
 deps =
-    -c{env:UPPER_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/rocky}
+    -c{env:UPPER_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/stein}
    -r{toxinidir}/requirements.txt
    -r{toxinidir}/test-requirements.txt
 commands = stestr run {posargs}

 [testenv:pep8]
 basepython = python2.7
-commands = flake8
+commands =
+  flake8
+  {[testenv:bandit]commands}
 distribute = false

 [testenv:venv]
@@ -37,12 +39,23 @@ basepython = python3
 commands=
    sphinx-build -W -b html doc/source doc/build/html

+[testenv:bandit]
+basepython = python2.7
+# B303: blacklist calls: md5, sha1
+# B112: Test for a continue in the except block
+deps = -r{toxinidir}/test-requirements.txt
+commands = bandit -r {toxinidir}/gbpclient -x {toxinidir}/gbpclient/tests -n5 -s B303,B112
+
 [flake8]
 # E125 continuation line does not distinguish itself from next logical line
+# F601 dictionary key name repeated with different values - REVISIT
 # H302 import only modules
+# W503 line break before binary operator - REVISIT
+# W504 line break after binary operator - REVISIT
+# W605 invalid escape sequence - REVISIT
 #
 # REVISIT: Fix code and remove E129,E251,H305,H307,H405,H904 added for
 # hacking 0.9.2
-ignore = E125,H302,E129,E251,H305,H307,H405,H904
+ignore = E125,H302,E129,E251,F601,H305,H307,H405,H904,W503,W504,W605
 show-source = true
 exclude=.venv,.git,.tox,dist,doc,*openstack/common*,*lib/python*,*egg,tools