6cddec7db9
This change adds a basic bandit config for Cinder. It can be invoked
by running the tox environment for bandit;
tox -e bandit
This is intended as a starting point for using bandit with Cinder
and it should be revisited to improve the testing as more is learned
about the specific needs of the Cinder code base.
Tox is configured to only show results for high and medium severity
results.
https://wiki.openstack.org/wiki/Security/Projects/Bandit
Change-Id: I0247e0ccaed6faacacb2b8d2f8b141a8edc704af
158 lines
5.0 KiB
INI
158 lines
5.0 KiB
INI
[tox]
|
|
minversion = 1.6
|
|
skipsdist = True
|
|
envlist = py27,pep8
|
|
|
|
[testenv]
|
|
# Note the hash seed is set to 0 until cinder can be tested with a
|
|
# random hash seed successfully.
|
|
setenv = VIRTUAL_ENV={envdir}
|
|
PYTHONHASHSEED=0
|
|
usedevelop = True
|
|
install_command = pip install {opts} {packages}
|
|
|
|
deps = -r{toxinidir}/requirements.txt
|
|
-r{toxinidir}/test-requirements.txt
|
|
|
|
# By default ostestr will set concurrency
|
|
# to ncpu, to specify something else use
|
|
# the concurrency=<n> option.
|
|
# call ie: 'tox -epy27 -- --concurrency=4'
|
|
commands = ostestr {posargs}
|
|
|
|
whitelist_externals = bash
|
|
passenv = http_proxy HTTP_PROXY https_proxy HTTPS_PROXY no_proxy NO_PROXY
|
|
|
|
[tox:jenkins]
|
|
downloadcache = ~/cache/pip
|
|
|
|
[testenv:py34]
|
|
commands =
|
|
python -m testtools.run \
|
|
cinder.tests.unit.image.test_glance \
|
|
cinder.tests.unit.targets.test_base_iscsi_driver \
|
|
cinder.tests.unit.targets.test_cxt_driver \
|
|
cinder.tests.unit.targets.test_iser_driver \
|
|
cinder.tests.unit.targets.test_lio_driver \
|
|
cinder.tests.unit.targets.test_scst_driver \
|
|
cinder.tests.unit.targets.test_tgt_driver \
|
|
cinder.tests.unit.test_api \
|
|
cinder.tests.unit.test_api_urlmap \
|
|
cinder.tests.unit.test_backup \
|
|
cinder.tests.unit.test_backup_ceph \
|
|
cinder.tests.unit.test_backup_driver_base \
|
|
cinder.tests.unit.test_backup_swift \
|
|
cinder.tests.unit.test_backup_tsm \
|
|
cinder.tests.unit.test_block_device \
|
|
cinder.tests.unit.test_blockbridge \
|
|
cinder.tests.unit.test_cloudbyte \
|
|
cinder.tests.unit.test_cmd \
|
|
cinder.tests.unit.test_conf \
|
|
cinder.tests.unit.test_context \
|
|
cinder.tests.unit.test_create_volume_flow \
|
|
cinder.tests.unit.test_db_api \
|
|
cinder.tests.unit.test_dellfc \
|
|
cinder.tests.unit.test_dellsc \
|
|
cinder.tests.unit.test_dellscapi \
|
|
cinder.tests.unit.test_dothill \
|
|
cinder.tests.unit.test_drbdmanagedrv \
|
|
cinder.tests.unit.test_emc_xtremio \
|
|
cinder.tests.unit.test_eqlx \
|
|
cinder.tests.unit.test_evaluator \
|
|
cinder.tests.unit.test_exception \
|
|
cinder.tests.unit.test_gpfs \
|
|
cinder.tests.unit.test_hitachi_hbsd_horcm_fc \
|
|
cinder.tests.unit.test_hitachi_hbsd_snm2_fc \
|
|
cinder.tests.unit.test_hitachi_hbsd_snm2_iscsi \
|
|
cinder.tests.unit.test_hp_xp_fc \
|
|
cinder.tests.unit.test_hplefthand \
|
|
cinder.tests.unit.test_huawei_drivers \
|
|
cinder.tests.unit.test_huawei_drivers_compatibility \
|
|
cinder.tests.unit.test_ibm_xiv_ds8k \
|
|
cinder.tests.unit.test_infortrend_cli \
|
|
cinder.tests.unit.test_netapp_nfs \
|
|
cinder.tests.unit.test_nimble \
|
|
cinder.tests.unit.test_qos_specs \
|
|
cinder.tests.unit.test_quota \
|
|
cinder.tests.unit.test_rbd \
|
|
cinder.tests.unit.test_remotefs \
|
|
cinder.tests.unit.test_replication \
|
|
cinder.tests.unit.test_san \
|
|
cinder.tests.unit.test_scality \
|
|
cinder.tests.unit.test_sheepdog \
|
|
cinder.tests.unit.test_smbfs \
|
|
cinder.tests.unit.test_solidfire \
|
|
cinder.tests.unit.test_test \
|
|
cinder.tests.unit.test_test_utils \
|
|
cinder.tests.unit.test_v6000_common \
|
|
cinder.tests.unit.test_vmware_vmdk \
|
|
cinder.tests.unit.test_vmware_volumeops \
|
|
cinder.tests.unit.test_volume_configuration \
|
|
cinder.tests.unit.test_volume_glance_metadata \
|
|
cinder.tests.unit.test_volume_rpcapi \
|
|
cinder.tests.unit.test_volume_types \
|
|
cinder.tests.unit.test_volume_types_extra_specs \
|
|
cinder.tests.unit.test_volume_utils
|
|
|
|
[testenv:pep8]
|
|
commands =
|
|
flake8 {posargs} . cinder/common
|
|
# Check that .po and .pot files are valid:
|
|
bash -c "find cinder -type f -regex '.*\.pot?' -print0|xargs -0 -n 1 msgfmt --check-format -o /dev/null"
|
|
|
|
[testenv:pylint]
|
|
deps = -r{toxinidir}/requirements.txt
|
|
pylint==0.26.0
|
|
commands = bash tools/lintstack.sh
|
|
|
|
[testenv:cover]
|
|
# Also do not run test_coverage_ext tests while gathering coverage as those
|
|
# tests conflict with coverage.
|
|
commands =
|
|
python setup.py testr --coverage \
|
|
--testr-args='^(?!.*test.*coverage).*$'
|
|
|
|
[testenv:genconfig]
|
|
sitepackages = False
|
|
envdir = {toxworkdir}/venv
|
|
commands = {toxinidir}/tools/config/generate_sample.sh -b . -p cinder -o etc/cinder
|
|
|
|
[testenv:venv]
|
|
commands = {posargs}
|
|
|
|
[testenv:docs]
|
|
commands = python setup.py build_sphinx
|
|
|
|
[testenv:gendriverlist]
|
|
sitepackages = False
|
|
envdir = {toxworkdir}/venv
|
|
commands = python {toxinidir}/tools/generate_driver_list.py
|
|
|
|
[testenv:bandit]
|
|
deps = -r{toxinidir}/test-requirements.txt
|
|
commands = bandit -c tools/bandit.yaml -r cinder -n 5 -ll
|
|
|
|
[flake8]
|
|
# Following checks are ignored on purpose.
|
|
#
|
|
# E251 unexpected spaces around keyword / parameter equals
|
|
# reason: no improvement in readability
|
|
#
|
|
# Due to the upgrade to hacking 0.9.2 the following checking are
|
|
# ignored on purpose for the moment and should be re-enabled.
|
|
#
|
|
# H405
|
|
# Due to the upgrade to hacking 0.10.0 the following checking are
|
|
# ignored on purpose for the moment and should be cleaned up and re-enabled.
|
|
#
|
|
# H105 Don't use author tags
|
|
#
|
|
|
|
ignore = E251,H405,H105
|
|
exclude = .git,.venv,.tox,dist,tools,doc,common,*egg,build
|
|
max-complexity=30
|
|
|
|
[hacking]
|
|
local-check-factory = cinder.hacking.checks.factory
|
|
import_exceptions = cinder.i18n
|