diff --git a/.zuul.yaml b/.zuul.yaml index 04a14b25..448bfc80 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -5,7 +5,6 @@ - publish-stx-docs - stx-api-ref-jobs - stx-release-notes-jobs - - stx-lint-specfile-jobs - stx-bandit-jobs check: jobs: @@ -42,7 +41,7 @@ parent: tox description: | Run pylint for python files in fault - nodeset: ubuntu-bionic + nodeset: debian-bullseye required-projects: - starlingx/config vars: diff --git a/fm-api/source/fm_api_test.py b/fm-api/source/fm_api_test.py index a63c9dfa..3a7f2942 100644 --- a/fm-api/source/fm_api_test.py +++ b/fm-api/source/fm_api_test.py @@ -1,6 +1,6 @@ # -*- encoding: utf-8 -*- # -# Copyright (c) 2014 Wind River Systems, Inc. +# Copyright (c) 2014-2022 Wind River Systems, Inc. # # Author: # diff --git a/fm-rest-api/fm/pylint.rc b/fm-rest-api/fm/pylint.rc new file mode 100644 index 00000000..8a3669bf --- /dev/null +++ b/fm-rest-api/fm/pylint.rc @@ -0,0 +1,663 @@ +[MAIN] + +# Analyse import fallback blocks. This can be used to support both Python 2 and +# 3 compatible code, which means that the block might have code that exists +# only in one or another interpreter, leading to false positives when analysed. +analyse-fallback-blocks=no + +# Clear in-memory caches upon conclusion of linting. Useful if running pylint +# in a server-like mode. +clear-cache-post-run=no + +# Load and enable all available extensions. Use --list-extensions to see a list +# all available extensions. +#enable-all-extensions= + +# In error mode, messages with a category besides ERROR or FATAL are +# suppressed, and no reports are done by default. Error mode is compatible with +# disabling specific errors. +#errors-only= + +# Always return a 0 (non-error) status code, even if lint errors are found. +# This is primarily useful in continuous integration scripts. +#exit-zero= + +# A comma-separated list of package or module names from where C extensions may +# be loaded. Extensions are loading into the active Python interpreter and may +# run arbitrary code. +extension-pkg-allow-list= + +# A comma-separated list of package or module names from where C extensions may +# be loaded. Extensions are loading into the active Python interpreter and may +# run arbitrary code. (This is an alternative name to extension-pkg-allow-list +# for backward compatibility.) +extension-pkg-whitelist= + +# Return non-zero exit code if any of these messages/categories are detected, +# even if score is above --fail-under value. Syntax same as enable. Messages +# specified are enabled, while categories only check already-enabled messages. +fail-on= + +# Specify a score threshold under which the program will exit with error. +fail-under=10 + +# Interpret the stdin as a python script, whose filename needs to be passed as +# the module_or_package argument. +#from-stdin= + +# Files or directories to be skipped. They should be base names, not paths. +ignore=CVS + +# Add files or directories matching the regular expressions patterns to the +# ignore-list. The regex matches against paths and can be in Posix or Windows +# format. Because '\\' represents the directory delimiter on Windows systems, +# it can't be used as an escape character. +ignore-paths= + +# Files or directories matching the regular expression patterns are skipped. +# The regex matches against base names, not paths. The default value ignores +# Emacs file locks +ignore-patterns=^\.# + +# List of module names for which member attributes should not be checked +# (useful for modules/projects where namespaces are manipulated during runtime +# and thus existing member attributes cannot be deduced by static analysis). It +# supports qualified module names, as well as Unix pattern matching. +ignored-modules= + +# Python code to execute, usually for sys.path manipulation such as +# pygtk.require(). +#init-hook= + +# Use multiple processes to speed up Pylint. Specifying 0 will auto-detect the +# number of processors available to use, and will cap the count on Windows to +# avoid hangs. +jobs=1 + +# Control the amount of potential inferred values when inferring a single +# object. This can help the performance when dealing with large functions or +# complex, nested conditions. +limit-inference-results=100 + +# List of plugins (as comma separated values of python module names) to load, +# usually to register additional checkers. +load-plugins= + +# Pickle collected data for later comparisons. +persistent=yes + +# Minimum Python version to use for version dependent checks. Will default to +# the version used to run pylint. +py-version=3.9 + +# Discover python modules and packages in the file system subtree. +recursive=no + +# When enabled, pylint would attempt to guess common misconfiguration and emit +# user-friendly hints instead of false-positive error messages. +suggestion-mode=yes + +# Allow loading of arbitrary C extensions. Extensions are imported into the +# active Python interpreter and may run arbitrary code. +unsafe-load-any-extension=no + +# In verbose mode, extra non-checker-related info will be displayed. +#verbose= + + +[BASIC] + +# Naming style matching correct argument names. +argument-naming-style=snake_case + +# Regular expression matching correct argument names. Overrides argument- +# naming-style. If left empty, argument names will be checked with the set +# naming style. +#argument-rgx= + +# Naming style matching correct attribute names. +attr-naming-style=snake_case + +# Regular expression matching correct attribute names. Overrides attr-naming- +# style. If left empty, attribute names will be checked with the set naming +# style. +#attr-rgx= + +# Bad variable names which should always be refused, separated by a comma. +bad-names=foo, + bar, + baz, + toto, + tutu, + tata + +# Bad variable names regexes, separated by a comma. If names match any regex, +# they will always be refused +bad-names-rgxs= + +# Naming style matching correct class attribute names. +class-attribute-naming-style=any + +# Regular expression matching correct class attribute names. Overrides class- +# attribute-naming-style. If left empty, class attribute names will be checked +# with the set naming style. +#class-attribute-rgx= + +# Naming style matching correct class constant names. +class-const-naming-style=UPPER_CASE + +# Regular expression matching correct class constant names. Overrides class- +# const-naming-style. If left empty, class constant names will be checked with +# the set naming style. +#class-const-rgx= + +# Naming style matching correct class names. +class-naming-style=PascalCase + +# Regular expression matching correct class names. Overrides class-naming- +# style. If left empty, class names will be checked with the set naming style. +#class-rgx= + +# Naming style matching correct constant names. +const-naming-style=UPPER_CASE + +# Regular expression matching correct constant names. Overrides const-naming- +# style. If left empty, constant names will be checked with the set naming +# style. +#const-rgx= + +# Minimum line length for functions/classes that require docstrings, shorter +# ones are exempt. +docstring-min-length=-1 + +# Naming style matching correct function names. +function-naming-style=snake_case + +# Regular expression matching correct function names. Overrides function- +# naming-style. If left empty, function names will be checked with the set +# naming style. +#function-rgx= + +# Good variable names which should always be accepted, separated by a comma. +good-names=i, + j, + k, + ex, + Run, + _ + +# Good variable names regexes, separated by a comma. If names match any regex, +# they will always be accepted +good-names-rgxs= + +# Include a hint for the correct naming format with invalid-name. +include-naming-hint=no + +# Naming style matching correct inline iteration names. +inlinevar-naming-style=any + +# Regular expression matching correct inline iteration names. Overrides +# inlinevar-naming-style. If left empty, inline iteration names will be checked +# with the set naming style. +#inlinevar-rgx= + +# Naming style matching correct method names. +method-naming-style=snake_case + +# Regular expression matching correct method names. Overrides method-naming- +# style. If left empty, method names will be checked with the set naming style. +#method-rgx= + +# Naming style matching correct module names. +module-naming-style=snake_case + +# Regular expression matching correct module names. Overrides module-naming- +# style. If left empty, module names will be checked with the set naming style. +#module-rgx= + +# Colon-delimited sets of names that determine each other's naming style when +# the name regexes allow several styles. +name-group= + +# Regular expression which should only match function or class names that do +# not require a docstring. +no-docstring-rgx=^_ + +# List of decorators that produce properties, such as abc.abstractproperty. Add +# to this list to register other decorators that produce valid properties. +# These decorators are taken in consideration only for invalid-name. +property-classes=abc.abstractproperty + +# Regular expression matching correct type variable names. If left empty, type +# variable names will be checked with the set naming style. +#typevar-rgx= + +# Naming style matching correct variable names. +variable-naming-style=snake_case + +# Regular expression matching correct variable names. Overrides variable- +# naming-style. If left empty, variable names will be checked with the set +# naming style. +#variable-rgx= + + +[CLASSES] + +# Warn about protected attribute access inside special methods +check-protected-access-in-special-methods=no + +# List of method names used to declare (i.e. assign) instance attributes. +defining-attr-methods=__init__, + __new__, + setUp, + __post_init__ + +# List of member names, which should be excluded from the protected access +# warning. +exclude-protected=_asdict, + _fields, + _replace, + _source, + _make + +# List of valid names for the first argument in a class method. +valid-classmethod-first-arg=cls + +# List of valid names for the first argument in a metaclass class method. +valid-metaclass-classmethod-first-arg=mcs + + +[DESIGN] + +# List of regular expressions of class ancestor names to ignore when counting +# public methods (see R0903) +exclude-too-few-public-methods= + +# List of qualified class names to ignore when counting class parents (see +# R0901) +ignored-parents= + +# Maximum number of arguments for function / method. +max-args=5 + +# Maximum number of attributes for a class (see R0902). +max-attributes=7 + +# Maximum number of boolean expressions in an if statement (see R0916). +max-bool-expr=5 + +# Maximum number of branch for function / method body. +max-branches=12 + +# Maximum number of locals for function / method body. +max-locals=15 + +# Maximum number of parents for a class (see R0901). +max-parents=7 + +# Maximum number of public methods for a class (see R0904). +max-public-methods=20 + +# Maximum number of return / yield for function / method body. +max-returns=6 + +# Maximum number of statements in function / method body. +max-statements=50 + +# Minimum number of public methods for a class (see R0903). +min-public-methods=2 + + +[EXCEPTIONS] + +# Exceptions that will emit a warning when caught. +overgeneral-exceptions=builtins.BaseException,builtins.Exception + + +[FORMAT] + +# Expected format of line ending, e.g. empty (any line ending), LF or CRLF. +expected-line-ending-format= + +# Regexp for a line that is allowed to be longer than the limit. +ignore-long-lines=^\s*(# )??$ + +# Number of spaces of indent required inside a hanging or continued line. +indent-after-paren=4 + +# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1 +# tab). +indent-string=' ' + +# Maximum number of characters on a single line. +max-line-length=100 + +# Maximum number of lines in a module. +max-module-lines=1000 + +# Allow the body of a class to be on the same line as the declaration if body +# contains single statement. +single-line-class-stmt=no + +# Allow the body of an if to be on the same line as the test if there is no +# else. +single-line-if-stmt=no + + +[IMPORTS] + +# List of modules that can be imported at any level, not just the top level +# one. +allow-any-import-level= + +# Allow explicit reexports by alias from a package __init__. +allow-reexport-from-package=no + +# Allow wildcard imports from modules that define __all__. +allow-wildcard-with-all=no + +# Deprecated modules which should not be used, separated by a comma. +deprecated-modules= + +# Output a graph (.gv or any supported image format) of external dependencies +# to the given file (report RP0402 must not be disabled). +ext-import-graph= + +# Output a graph (.gv or any supported image format) of all (i.e. internal and +# external) dependencies to the given file (report RP0402 must not be +# disabled). +import-graph= + +# Output a graph (.gv or any supported image format) of internal dependencies +# to the given file (report RP0402 must not be disabled). +int-import-graph= + +# Force import order to recognize a module as part of the standard +# compatibility libraries. +known-standard-library= + +# Force import order to recognize a module as part of a third party library. +known-third-party=enchant + +# Couples of modules and preferred modules, separated by a comma. +preferred-modules= + + +[LOGGING] + +# The type of string formatting that logging methods do. `old` means using % +# formatting, `new` is for `{}` formatting. +logging-format-style=old + +# Logging modules to check that the string format arguments are in logging +# function parameter format. +logging-modules=logging + + +[MESSAGES CONTROL] + +# Only show warnings with the listed confidence levels. Leave empty to show +# all. Valid levels: HIGH, CONTROL_FLOW, INFERENCE, INFERENCE_FAILURE, +# UNDEFINED. +confidence=HIGH, + CONTROL_FLOW, + INFERENCE, + INFERENCE_FAILURE, + UNDEFINED + +# Disable the message, report, category or checker with the given id(s). You +# can either give multiple identifiers separated by comma (,) or put this +# option multiple times (only on the command line, not in the configuration +# file where it should appear only once). You can also use "--disable=all" to +# disable everything first and then re-enable specific checks. For example, if +# you want to run only the similarities checker, you can use "--disable=all +# --enable=similarities". If you want to run only the classes checker, but have +# no Warning level messages displayed, use "--disable=all --enable=classes +# --disable=W". +disable= + C0103, # invalid-name + C0113, # unneeded-not + C0114, # missing-module-docstring + C0115, # missing-class-docstring + C0116, # missing-function-docstring + C0202, # bad-classmethod-argument + C0206, # consider-using-dict-items + C0209, # consider-using-fstring + C0411, # wrong-import-order + C0412, # ungrouped-imports + C0413, # wrong-import-position + C0415, # import-outside-toplevel + R0205, # useless-object-inheritance + R0801, # similar-lines + R0902, # too-many-instance-attributes + R0903, # too-few-public-methods + R0913, # too-many-arguments + R0914, # too-many-locals + R1705, # no-else-return + R1714, # consider-using-in + R1720, # no-else-raise + R1725, # super-with-arguments + R1729, # use-a-generator + W0102, # dangerous-default-value !!! + W0106, # expression-not-assigned + W0107, # unnecessary-pass + W0221, # arguments-differ + W0223, # abstract-method + W0231, # super-init-not-called + W0237, # arguments-renamed + W0246, # useless-parent-delegation + W0602, # global-variable-not-assigned + W0603, # global-statement + W0613, # unused-argument + W0621, # redefining-outer-name + W0622, # redefined-builtin + W0707, # raise-missing-from + W0718, # broad-exception-caught + W0719, # broad-exception-raised + W1401, # anomalous-backslash-in-string + W4902, # deprecated-method !!! + E0604, # invalid-all-object + E1101, # no-member + E1121, # too-many-function-args + E1123 # unexpected-keyword-arg + + +# Enable the message, report, category or checker with the given id(s). You can +# either give multiple identifier separated by comma (,) or put this option +# multiple time (only on the command line, not in the configuration file where +# it should appear only once). See also the "--disable" option for examples. +enable=c-extension-no-member + + +[METHOD_ARGS] + +# List of qualified names (i.e., library.method) which require a timeout +# parameter e.g. 'requests.api.get,requests.api.post' +timeout-methods=requests.api.delete,requests.api.get,requests.api.head,requests.api.options,requests.api.patch,requests.api.post,requests.api.put,requests.api.request + + +[MISCELLANEOUS] + +# List of note tags to take in consideration, separated by a comma. +notes=FIXME, + XXX, + TODO + +# Regular expression of note tags to take in consideration. +notes-rgx= + + +[REFACTORING] + +# Maximum number of nested blocks for function / method body +max-nested-blocks=5 + +# Complete name of functions that never returns. When checking for +# inconsistent-return-statements if a never returning function is called then +# it will be considered as an explicit return statement and no message will be +# printed. +never-returning-functions=sys.exit,argparse.parse_error + + +[REPORTS] + +# Python expression which should return a score less than or equal to 10. You +# have access to the variables 'fatal', 'error', 'warning', 'refactor', +# 'convention', and 'info' which contain the number of messages in each +# category, as well as 'statement' which is the total number of statements +# analyzed. This score is used by the global evaluation report (RP0004). +evaluation=max(0, 0 if fatal else 10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)) + +# Template used to display messages. This is a python new-style format string +# used to format the message information. See doc for all details. +msg-template= + +# Set the output format. Available formats are text, parseable, colorized, json +# and msvs (visual studio). You can also give a reporter class, e.g. +# mypackage.mymodule.MyReporterClass. +#output-format= + +# Tells whether to display a full report or only the messages. +reports=no + +# Activate the evaluation score. +score=yes + + +[SIMILARITIES] + +# Comments are removed from the similarity computation +ignore-comments=yes + +# Docstrings are removed from the similarity computation +ignore-docstrings=yes + +# Imports are removed from the similarity computation +ignore-imports=yes + +# Signatures are removed from the similarity computation +ignore-signatures=yes + +# Minimum lines number of a similarity. +min-similarity-lines=4 + + +[SPELLING] + +# Limits count of emitted suggestions for spelling mistakes. +max-spelling-suggestions=4 + +# Spelling dictionary name. Available dictionaries: none. To make it work, +# install the 'python-enchant' package. +spelling-dict= + +# List of comma separated words that should be considered directives if they +# appear at the beginning of a comment and should not be checked. +spelling-ignore-comment-directives=fmt: on,fmt: off,noqa:,noqa,nosec,isort:skip,mypy: + +# List of comma separated words that should not be checked. +spelling-ignore-words= + +# A path to a file that contains the private dictionary; one word per line. +spelling-private-dict-file= + +# Tells whether to store unknown words to the private dictionary (see the +# --spelling-private-dict-file option) instead of raising a message. +spelling-store-unknown-words=no + + +[STRING] + +# This flag controls whether inconsistent-quotes generates a warning when the +# character used as a quote delimiter is used inconsistently within a module. +check-quote-consistency=no + +# This flag controls whether the implicit-str-concat should generate a warning +# on implicit string concatenation in sequences defined over several lines. +check-str-concat-over-line-jumps=no + + +[TYPECHECK] + +# List of decorators that produce context managers, such as +# contextlib.contextmanager. Add to this list to register other decorators that +# produce valid context managers. +contextmanager-decorators=contextlib.contextmanager + +# List of members which are set dynamically and missed by pylint inference +# system, and so shouldn't trigger E1101 when accessed. Python regular +# expressions are accepted. +generated-members= + +# Tells whether to warn about missing members when the owner of the attribute +# is inferred to be None. +ignore-none=yes + +# This flag controls whether pylint should warn about no-member and similar +# checks whenever an opaque object is returned when inferring. The inference +# can return multiple potential results while evaluating a Python object, but +# some branches might not be evaluated, which results in partial inference. In +# that case, it might be useful to still emit no-member and other checks for +# the rest of the inferred objects. +ignore-on-opaque-inference=yes + +# List of symbolic message names to ignore for Mixin members. +ignored-checks-for-mixins=no-member, + not-async-context-manager, + not-context-manager, + attribute-defined-outside-init + +# List of class names for which member attributes should not be checked (useful +# for classes with dynamically set attributes). This supports the use of +# qualified names. +ignored-classes=optparse.Values,thread._local,_thread._local,argparse.Namespace + +# Show a hint with possible names when a member name was not found. The aspect +# of finding the hint is based on edit distance. +missing-member-hint=yes + +# The minimum edit distance a name should have in order to be considered a +# similar match for a missing member name. +missing-member-hint-distance=1 + +# The total number of similar names that should be taken in consideration when +# showing a hint for a missing member. +missing-member-max-choices=1 + +# Regex pattern to define which classes are considered mixins. +mixin-class-rgx=.*[Mm]ixin + +# List of decorators that change the signature of a decorated function. +signature-mutators= + + +[VARIABLES] + +# List of additional names supposed to be defined in builtins. Remember that +# you should avoid defining new builtins when possible. +additional-builtins= + +# Tells whether unused global variables should be treated as a violation. +allow-global-unused-variables=yes + +# List of names allowed to shadow builtins +allowed-redefined-builtins= + +# List of strings which can identify a callback function by name. A callback +# name must start or end with one of those strings. +callbacks=cb_, + _cb + +# A regular expression matching the name of dummy variables (i.e. expected to +# not be used). +dummy-variables-rgx=_+$|(_[a-zA-Z0-9_]*[a-zA-Z0-9]+?$)|dummy|^ignored_|^unused_ + +# Argument names that match this expression will be ignored. +ignored-argument-names=_.*|^ignored_|^unused_ + +# Tells whether we should check for unused import in __init__ files. +init-import=no + +# List of qualified module names which can have objects that can redefine +# builtins. +redefining-builtins-modules=six.moves,past.builtins,future.builtins,builtins,io diff --git a/fm-rest-api/fm/test-requirements.txt b/fm-rest-api/fm/test-requirements.txt index f78c5148..fa058dec 100644 --- a/fm-rest-api/fm/test-requirements.txt +++ b/fm-rest-api/fm/test-requirements.txt @@ -1,7 +1,13 @@ -hacking!=0.13.0,<0.14,>=0.12.0 -bashate >= 0.2 +# The order of packages is significant, because pip processes them in the order +# of appearance. Changing the order has an impact on the overall integration +# process, which may cause wedges in the gate later. +hacking>=1.1.0,<=2.0.0 # Apache-2.0 +bashate +bandit +coverage +pylint PyYAML >= 3.1.0 -yamllint<1.26.1;python_version>="3.0" # GPLv2 +yamllint<1.26.1 stestr != 3.0.0 testtools!=1.2.0,>=0.9.36 iso8601 diff --git a/fm-rest-api/fm/tox.ini b/fm-rest-api/fm/tox.ini index 738dfeb3..73c911e7 100644 --- a/fm-rest-api/fm/tox.ini +++ b/fm-rest-api/fm/tox.ini @@ -1,16 +1,17 @@ [tox] -envlist = py27,py36,py39 +envlist = flake8,py39,bandit,pylint minversion = 2.3 skipsdist = True stxdir = {toxinidir}/../../../ [testenv] +basepython = python3 install_command = pip install -U {opts} {packages} setenv = VIRTUAL_ENV={envdir} OS_STDOUT_CAPTURE=1 OS_STDERR_CAPTURE=1 OS_TEST_TIMEOUT=60 -deps = -chttps://opendev.org/openstack/requirements/raw/branch/stable/stein/upper-constraints.txt +deps = -chttps://opendev.org/starlingx/root/raw/branch/master/build-tools/requirements/debian/upper-constraints.txt -r{toxinidir}/test-requirements.txt -e{[tox]stxdir}/config/tsconfig/tsconfig -e{[tox]stxdir}/config/sysinv/cgts-client/cgts-client @@ -18,39 +19,55 @@ deps = -chttps://opendev.org/openstack/requirements/raw/branch/stable/stein/uppe -e{[tox]stxdir}/fault/fm-rest-api/fm [testenv:venv] -basepython = python3 commands = {posargs} -[testenv:py27] -basepython = python2.7 -commands = - stestr run {posargs} - stestr slowest +[bandit] +# B101 assert_used +# B104 hardcoded_bind_all_interfaces +# B314 blacklist xml.etree +skips = B101,B104,B314 +exclude = tests -[testenv:py36] -basepython = python3.6 -commands = - stestr run {posargs} - stestr slowest +[testenv:bandit] +commands = bandit --ini tox.ini -n 5 -r fm + +[flake8] +# WE WANT TO ENABLE H106: Don't put vim configuration in source files (off by default). +# WE WANT TO ENABLE H904 Delay string interpolations at logging calls (off by default) +# H203: Use assertIs(Not)None to check for None (off by default). +enable-extensions = H203 +exclude = .venv,.git,.tox,dist,doc,*lib/python*,*egg,build,release-tag-* + +# the following are ignored. These may be cleaned up in a future commit +# H104: File contains nothing but comments +# H105: Don't use author tags +# H301: one import per line +# H306: imports not in alphabetical order +# H401: docstring should not start with a space +# H404: multi line docstring should start without a leading new line +# H405: multi line docstring summary not separated with an empty line +# W504: line break after binary operator +# W605 invalid escape sequence +ignore = H104,H105,H301,H306,H401,H404,H405,W504,W605 +# auth_token.py is 99 chars wide. The max length can be reduced as the files are updated +max-line-length = 99 +show-source = True + +[testenv:flake8] +commands = flake8 {posargs} + +[testenv:pep8] +commands = flake8 {posargs} [testenv:py39] basepython = python3.9 -deps = -chttps://opendev.org/starlingx/root/raw/branch/master/build-tools/requirements/debian/upper-constraints.txt - -r{toxinidir}/test-requirements.txt - -e{[tox]stxdir}/config/tsconfig/tsconfig - -e{[tox]stxdir}/config/sysinv/cgts-client/cgts-client - -e{[tox]stxdir}/fault/fm-api/source - -e{[tox]stxdir}/fault/fm-rest-api/fm commands = stestr run {posargs} stestr slowest [testenv:cover] -deps = {[testenv]deps} - coverage setenv = {[testenv]setenv} PYTHON=coverage run --parallel-mode - commands = coverage erase stestr run {posargs} @@ -59,6 +76,9 @@ commands = coverage xml -o cover/coverage.xml coverage report +[testenv:pylint] +commands = pylint fm --rcfile=./pylint.rc + [testenv:bindep] # Do not install any requirements. We want this to be fast and work even if # system dependencies are missing, since it's used to tell you what system diff --git a/pylint.rc b/pylint.rc index 1d879ad3..69214dd0 100755 --- a/pylint.rc +++ b/pylint.rc @@ -34,87 +34,6 @@ extension-pkg-whitelist=lxml.etree,greenlet # Enable the message, report, category or checker with the given id(s). You can # either give multiple identifier separated by comma (,) or put this option # multiple time. -# -# Python3 checker: -# -# E1601: print-statement -# E1602: parameter-unpacking -# E1603: unpacking-in-except -# E1604: old-raise-syntax -# E1605: backtick -# E1606: long-suffix -# E1607: old-ne-operator -# E1608: old-octal-literal -# E1609: import-star-module-level -# E1610: non-ascii-bytes-literal -# E1611: invalid-unicode-literal -# W1601: apply-builtin -# W1602: basestring-builtin -# W1603: buffer-builtin -# W1604: cmp-builtin -# W1605: coerce-builtin -# W1606: execfile-builtin -# W1607: file-builtin -# W1608: long-builtin -# W1609: raw_input-builtin -# W1610: reduce-builtin -# W1611: standarderror-builtin -# W1612: unicode-builtin -# W1613: xrange-builtin -# W1614: coerce-method -# W1615: delslice-method -# W1616: getslice-method -# W1617: setslice-method -# W1618: no-absolute-import -# W1619: old-division -# W1620: dict-iter-method -# W1621: dict-view-method -# W1622: next-method-called -# W1623: metaclass-assignment -# W1624: indexing-exception -# W1625: raising-string -# W1626: reload-builtin -# W1627: oct-method -# W1628: hex-method -# W1629: nonzero-method -# W1630: cmp-method -# W1632: input-builtin -# W1633: round-builtin -# W1634: intern-builtin -# W1635: unichr-builtin -# W1636: map-builtin-not-iterating -# W1637: zip-builtin-not-iterating -# W1638: range-builtin-not-iterating -# W1639: filter-builtin-not-iterating -# W1640: using-cmp-argument -# W1641: eq-without-hash -# W1642: div-method -# W1643: idiv-method -# W1644: rdiv-method -# W1645: exception-message-attribute -# W1646: invalid-str-codec -# W1647: sys-max-int -# W1648: bad-python3-import -# W1649: deprecated-string-function -# W1650: deprecated-str-translate-call -# W1651: deprecated-itertools-function -# W1652: deprecated-types-field -# W1653: next-method-defined -# W1654: dict-items-not-iterating -# W1655: dict-keys-not-iterating -# W1656: dict-values-not-iterating -# W1657: deprecated-operator-function -# W1658: deprecated-urllib-function -# W1659: xreadlines-attribute -# W1660: deprecated-sys-function -# W1661: exception-escape -# W1662: comprehension-escape -enable=E1603,E1609,E1610,E1602,E1606,E1608,E1607,E1605,E1604,E1601,E1611,W1652, - W1651,W1649,W1657,W1660,W1658,W1659,W1623,W1622,W1620,W1621,W1645,W1641, - W1624,W1648,W1625,W1611,W1662,W1661,W1650,W1640,W1630,W1614,W1615,W1642, - W1616,W1628,W1643,W1629,W1627,W1644,W1617,W1601,W1602,W1603,W1604,W1605, - W1654,W1655,W1656,W1619,W1606,W1607,W1639,W1618,W1632,W1634,W1608,W1636, - W1653,W1646,W1638,W1609,W1610,W1626,W1633,W1647,W1635,W1612,W1613,W1637 # Disable the message, report, category or checker with the given id(s). You # can either give multiple identifier separated by comma (,) or put this option @@ -128,7 +47,6 @@ enable=E1603,E1609,E1610,E1602,E1606,E1608,E1607,E1605,E1604,E1601,E1611,W1652, # W0102 dangerous-default-value # W0106 expression-not-assigned # W0107 unnecessary-pass -# W0110 deprecated-lambda # W0201 attribute-defined-outside-init # W0212 protected-access # W0221 arguments-differ @@ -137,14 +55,17 @@ enable=E1603,E1609,E1610,E1602,E1606,E1608,E1607,E1605,E1604,E1601,E1611,W1652, # W0237 arguments-renamed # W0235 useless-super-delegation # W0311 bad-indentation -# W0403 relative-import (this needs to be fixed in py3) +# W0602 global-variable-not-assigned # W0603 global-statement # W0612 unused-variable # W0613 unused-argument # W0621 redefined-outer-name # W0622 redefined-builtin # W0703 broad-except +# W0707 raise-missing-from +# W0719 broad-exception-raised # W1401 anomalous-backslash-in-string +# W1514 unspecified-encoding # W1618: no-absolute-import # E are error codes # E0604 invalid-all-object @@ -152,24 +73,20 @@ enable=E1603,E1609,E1610,E1602,E1606,E1608,E1607,E1605,E1604,E1601,E1611,W1652, # E1102 not-callable # E1120 no-value-for-parameter # E1121 too-many-function-args +# E1123 unexpected-keyword-arg # NOTE: these are suppressed until py3 support merges: # W0143,W1505,E0604,E0611,E0702,E1136,E0401 disable=C, R, fixme, - W0102,W0106,W0107,W0110,W0201,W0212,W0221,W0223,W0231, - W0237,W0235,W0311,W0403,W0603,W0612,W0613,W0621,W0622, - W0703,W1401,W0143,W1505,W1618,E0604,E0611,E0702,E1136, - E0401,E0604,E1101,E1102,E1120,E1121 + W0102,W0106,W0107,W0201,W0212,W0221,W0223,W0231, + W0237,W0235,W0311,W0602,W0603,W0612,W0613,W0621,W0622, + W0703,W0707,W0719,W1401,W0143,W1505,W1514,W1618,E0604,E0611,E0702,E1136, + E0401,E0604,E1101,E1102,E1120,E1121,E1123 [REPORTS] # Set the output format. Available formats are text, parseable, colorized, msvs # (visual studio) and html output-format=text -# Put messages in a separate file for each module / package specified on the -# command line instead of printing them on stdout. Reports (if any) will be -# written in a file name "pylint_global.[txt|html]". -files-output=no - # Tells whether to display a full report or only the messages reports=yes @@ -228,9 +145,6 @@ generated-members=REQUEST,acl_users,aq_parent [BASIC] -# List of builtins function names that should not be used, separated by a comma -bad-functions=map,filter,apply,input - # Regular expression which should only match correct module names module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$ @@ -320,7 +234,7 @@ max-locals=15 max-returns=6 # Maximum number of branch for function / method body -max-branchs=12 +max-branches=12 # Maximum number of statements in function / method body max-statements=50 @@ -347,6 +261,5 @@ valid-classmethod-first-arg=cls [EXCEPTIONS] -# Exceptions that will emit a warning when being caught. Defaults to -# "Exception" -overgeneral-exceptions=Exception +# Exceptions that will emit a warning when caught. +overgeneral-exceptions=builtins.BaseException,builtins.Exception diff --git a/test-requirements.txt b/test-requirements.txt index ce23df38..d65af0a7 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,9 +1,10 @@ +# The order of packages is significant, because pip processes them in the order +# of appearance. Changing the order has an impact on the overall integration +# process, which may cause wedges in the gate later. hacking<4.0.1 +bandit bashate >= 0.2 mock +pylint PyYAML >= 3.1.0 -astroid<= 2.2.5;python_version>="3.0" # GPLv2 -bandit;python_version>="3.5" -isort<5;python_version>="3.5" -pylint<2.4.0;python_version>="3.0" # GPLv2 -yamllint<1.26.1;python_version>="3.0" # GPLv2 +yamllint<1.26.1 diff --git a/tox.ini b/tox.ini index d008525a..d3eab343 100644 --- a/tox.ini +++ b/tox.ini @@ -1,5 +1,5 @@ [tox] -envlist = linters,pep8,pylint,rpm-packaging-lint +envlist = linters,pep8,pylint minversion = 2.3 skipsdist = True stxdir = {toxinidir}/../ @@ -7,7 +7,7 @@ stxdir = {toxinidir}/../ [testenv] usedevelop = False install_command = pip install \ - -c{env:UPPER_CONSTRAINTS_FILE:https://opendev.org/openstack/requirements/raw/branch/stable/stein/upper-constraints.txt} \ + -c{env:UPPER_CONSTRAINTS_FILE:https://opendev.org/starlingx/root/raw/branch/master/build-tools/requirements/debian/upper-constraints.txt} \ {opts} {packages} setenv = VIRTUAL_ENV={envdir} OS_STDOUT_CAPTURE=1 @@ -15,21 +15,6 @@ setenv = VIRTUAL_ENV={envdir} OS_TEST_TIMEOUT=60 deps = -r{toxinidir}/test-requirements.txt -[testenv:rpm-packaging-lint] -basepython = python3 -setenv = - VIRTUAL_ENV={envdir} - LC_ALL=en_US.utf-8 -deps = -r{toxinidir}/test-requirements.txt -allowlist_externals = bash -commands = - bash -c 'if [ -d {toxinidir}/../zuul-jobs ]; then \ - find . \ - -not \( -type d -name .?\* -prune \) \ - -not \( -type d -name centos -prune \) \ - -type f -name \*.spec \ - -print0 | xargs -0 {toxinidir}/../zuul-jobs/scripts/speclint.sh; \ - fi' [testenv:linters] basepython = python3 @@ -162,8 +147,21 @@ basepython = python3 allowlist_externals = cat commands = cat /etc/fm/fm.conf +[bandit] +# B101 assert_used +# B104 hardcoded_bind_all_interfaces +# B110 try_except_pass +# B324 hashlib +# B314 blacklist xml +# B506 yaml_load +skips = B101,B104,B110,B314,B324,B506 +exclude=.tox,.eggs + [testenv:bandit] basepython = python3 -description = Bandit code scan for *.py files under config folder +description = Bandit code scan for *.py files deps = -r{toxinidir}/test-requirements.txt -commands = bandit -r {toxinidir}/ -x '**/.tox/**',**/.eggs/** -lll +commands = bandit --ini tox.ini -r fm-api/source/fm_api \ + fm-common/sources/fm_db_sync_event_suppression.py \ + fm-rest-api/fm/fm \ + python-fmclient/fmclient/fmclient