From befa5b5be8cbe62c5bd5dff6f7744a10113dfdd4 Mon Sep 17 00:00:00 2001
From: Eric Harney <eharney@redhat.com>
Date: Mon, 27 Jun 2022 10:51:48 -0400
Subject: [PATCH] Move bandit requirements to tox.ini

This makes bandit requirements work like our
pylint requirements.  (Neither are handled
in the typical way by openstack/requirements.)

This prevents needless installation of bandit
for each unit test job run.

Change-Id: I513de53520a4531067cea4e7a225fb1ad2e9ba06
---
 test-requirements.txt | 3 ---
 tox.ini               | 2 ++
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/test-requirements.txt b/test-requirements.txt
index 149b7995876..1f69b94702b 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -17,9 +17,6 @@ psycopg2>=2.8.5 # LGPL/ZPL
 SQLAlchemy-Utils>=0.37.8 # BSD License
 testtools>=2.4.0 # MIT
 
-# bandit is not included in upper-constraints,
-# so we need to pin it here to a known working version
-bandit==1.6.0 # Apache-2.0
 doc8>=0.8.1 # Apache-2.0
 mypy>=0.942 # MIT
 moto>=1.3.15 # Apache-2.0
diff --git a/tox.ini b/tox.ini
index 94cc36f2cb1..85a6bd32645 100644
--- a/tox.ini
+++ b/tox.ini
@@ -144,9 +144,11 @@ commands = python {toxinidir}/tools/generate_driver_list.py
 
 [testenv:bandit]
 deps = -r{toxinidir}/test-requirements.txt
+       bandit==1.6.0
 commands = bandit -r cinder -n5 -x cinder/tests/* -ll
 
 [testenv:bandit-baseline]
+deps = bandit==1.6.0
 envdir = {toxworkdir}/bandit
 commands = bandit-baseline -r cinder -n5 -x cinder/tests/* -ii -ll