Use pre-commit to run pep8 checks

Change-Id: Icfbdee104baa60f1507ce61f06797d0adb3e947d
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>

.pre-commit-config.yaml

@@ -1,29 +1,31 @@
 ---
-default_language_version:
-  # force all unspecified python hooks to run python3
-  python: python3
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.4.0
+    rev: v6.0.0
     hooks:
       - id: trailing-whitespace
+      # Replaces or checks mixed line ending
       - id: mixed-line-ending
         args: ['--fix', 'lf']
         exclude: '.*\.(svg)$'
-      - id: check-byte-order-marker
+      - id: fix-byte-order-marker
       - id: check-executables-have-shebangs
       - id: check-merge-conflict
       - id: debug-statements
       - id: check-yaml
         files: .*\.(yaml|yml)$
         exclude: 'rally-scenarios/heat-fakevirt.yaml'
-  - repo: local
+  - repo: https://opendev.org/openstack/hacking
+    rev: 6.1.0
     hooks:
-      - id: flake8
-        name: flake8
-        additional_dependencies:
-          - hacking>=6.1.0,<6.2.0
-        language: python
-        entry: flake8
-        files: '^.*\.py$'
-        exclude: '^(doc|releasenotes|tools)/.*$'
+      - id: hacking
+        additional_dependencies: []
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.8.6
+    hooks:
+      - id: bandit
+        args: ['-c', 'pyproject.toml']
+  - repo: https://github.com/PyCQA/doc8
+    rev: v1.1.2
+    hooks:
+      - id: doc8

bin/heat-keystone-setup-domain

@@ -40,21 +40,21 @@ opts = [
     cfg.StrOpt('stack-domain-admin',
                default="heat_stack_admin",
                help=_("Keystone username with roles sufficient to manage users"
-                    " and projects in the stack-user-domain")),
+                      " and projects in the stack-user-domain")),
     cfg.StrOpt('stack-domain-admin-password',
                secret=True,
                help=_("Password to set for stack-domain-admin")),
     cfg.BoolOpt('insecure',
                 default=False,
                 help=_("If set, then the server's certificate will not "
-                     "be verified.")),
+                       "be verified.")),
     cfg.StrOpt('os-cacert',
                help=_('Optional CA cert file to use in SSL connections.')),
     cfg.StrOpt('os-cert',
                help=_('Optional PEM-formatted certificate chain file.')),
     cfg.StrOpt('os-key',
                help=_('Optional PEM-formatted file that contains the '
-                    'private key.')),
+                      'private key.')),
 
 ]
 
@@ -65,7 +65,8 @@ logging.set_defaults(
     logging_context_format_string="%(levelname)s (%(module)s:"
                                   "%(lineno)d) %(message)s",
     default_log_levels=(logging.get_default_log_levels() +
-                       extra_log_level_defaults))
+                        extra_log_level_defaults)
+)
 logging.setup(cfg.CONF, 'heat-keystone-setup-domain',
               version.version_info.version_string())
 
@@ -102,7 +103,6 @@ def main():
         'project_domain_name': PROJECT_DOMAIN_NAME
     }
 
-
     if insecure:
         client_kwargs['verify'] = False
     else:

pyproject.toml

@@ -1,3 +1,18 @@
 [build-system]
 requires = ["pbr>=6.0.0", "setuptools>=64.0.0"]
 build-backend = "pbr.build"
+
+[tool.bandit]
+# B101: Test for use of assert
+# B104: Test for binding to all interfaces
+# B107: Test for use of hard-coded password argument defaults
+# B110: Try, Except, Pass detected.
+# B310: Audit url open for permitted schemes
+# B311: Standard pseudo-random generators are not suitable for security/cryptographic purposes
+# B404: Import of subprocess module
+# B504: Test for SSL use with no version specified
+# B506: Test for use of yaml load
+# B603: Test for use of subprocess with shell equals true
+# B607: Test for starting a process with a partial path
+skips = ['B101', 'B104', 'B107', 'B110', 'B310', 'B311', 'B404', 'B504', 'B506', 'B603', 'B607']
+exclude_dirs = ['tests']

releasenotes/notes/online-volume-extension-bb9d6554bda5b682.yaml

@@ -3,4 +3,4 @@ features:
   - |
     The ``OS::Cinder::Volume`` resource type now supports extending volumes
     in use. Note that this requires that Cinder supports API microversion
-    3.42 or later. 
+    3.42 or later.

test-requirements.txt

@@ -1,7 +1,6 @@
 # Hacking already pins down pep8, pyflakes and flake8
 hacking>=6.1.0,<6.2.0 # Apache-2.0
 
-bandit>=1.8.1 # Apache-2.0
 coverage>=4.0 # Apache-2.0
 ddt>=1.4.1 # MIT
 fixtures>=3.0.0 # Apache-2.0/BSD
@@ -12,7 +11,6 @@ stestr>=2.0.0 # Apache-2.0
 testscenarios>=0.4 # Apache-2.0/BSD
 testtools>=2.2.0 # MIT
 testresources>=2.0.0 # Apache-2.0/BSD
-doc8>=0.8.1 # Apache-2.0
 Pygments>=2.2.0 # BSD license
 # Next are used in integration tests only
 tempest>=17.1.0 # Apache-2.0

tools/cfn-json2yaml

@@ -12,13 +12,13 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-import sys
 import os
-import yaml
-import json
 import re
+import sys
+
 from heat.common import template_format
 
+
 def main():
     path = sys.argv[1]
     if os.path.isdir(path):
@@ -28,15 +28,17 @@ def main():
     else:
         print('File or directory not valid: %s' % path)
 
+
 def convert_file(path):
     f = open(path, 'r')
     print(template_format.convert_json_to_yaml(f.read()))
 
+
 def convert_directory(dirpath):
     for path in os.listdir(dirpath):
         if not path.endswith('.template') and not path.endswith('.json'):
             continue
-        yamlpath = re.sub('\..*$', '.yaml', path)
+        yamlpath = re.sub(r'\..*$', '.yaml', path)
         print('Writing to %s' % yamlpath)
         f = open(os.path.join(dirpath, path), 'r')
         out = open(os.path.join(dirpath, yamlpath), 'w')
@@ -44,5 +46,6 @@ def convert_directory(dirpath):
         out.write(yml)
         out.close()
 
+
 if __name__ == '__main__':
     main()

tools/custom_guidelines.py

@@ -172,15 +172,15 @@ class HeatCustomGuidelines(object):
                     while level != 0:
                         level += len(re.findall(r'(\{|\()', lines[idx]))
                         level -= len(re.findall(r'(\}|\))', lines[idx]))
-                        if re.search("^((\'|\") )", lines[idx]):
+                        if re.search(r"^((\'|\") )", lines[idx]):
                             kwargs.update(
                                 {'details': 'line %s' % idx,
                                  'message': _('Trailing whitespace should '
                                               'be on previous line'),
                                  'snippet': lines[idx]})
                             self.print_guideline_error(**kwargs)
-                        elif (re.search("(\\S(\'|\"))$", lines[idx - 1]) and
-                              re.search("^((\'|\")\\S)", lines[idx])):
+                        elif (re.search(r"(\\S(\'|\"))$", lines[idx - 1]) and
+                              re.search(r"^((\'|\")\\S)", lines[idx])):
                             kwargs.update(
                                 {'details': 'line %s' % (idx - 1),
                                  'message': _('Omitted whitespace at the '
@@ -192,7 +192,7 @@ class HeatCustomGuidelines(object):
 
     def _check_description_summary(self, description, error_kwargs,
                                    error_key):
-        if re.search("^[a-z]", description):
+        if re.search(r"^[a-z]", description):
             error_kwargs.update(
                 {'message': _('%s description summary should start '
                               'with uppercase letter') % error_key.title(),
@@ -239,16 +239,15 @@ class HeatCustomGuidelines(object):
 
         params = False
         for line in doclines[1:]:
-                if re.search(r"\s{2,}", line):
-                    error_kwargs.update(
-                        {'message': _('%s description '
-                                      'contains double or more '
-                                      'whitespaces') % error_key.title(),
-                         'snippet': line})
-                    self.print_guideline_error(**error_kwargs)
-                if re.search("^(:param|:type|:returns|:rtype|:raises)",
-                             line):
-                    params = True
+            if re.search(r"\s{2,}", line):
+                error_kwargs.update(
+                    {'message': _('%s description '
+                                  'contains double or more '
+                                  'whitespaces') % error_key.title(),
+                     'snippet': line})
+                self.print_guideline_error(**error_kwargs)
+            if re.search(r"^(:param|:type|:returns|:rtype|:raises)", line):
+                params = True
         if not params and not (doclines[-2].endswith('.') or
                                doclines[-2].endswith('.)')):
             error_kwargs.update(

tox.ini

@@ -19,23 +19,12 @@ passenv =
   no_proxy
 
 [testenv:pep8]
+deps =
+    {[testenv]deps}
+    pre-commit
 commands =
-    flake8 heat contrib heat_integrationtests doc/source
+    pre-commit run -a
     python tools/custom_guidelines.py --exclude heat/engine/resources/aws
-    # The following bandit tests are being skipped:
-    # B101: Test for use of assert
-    # B104: Test for binding to all interfaces
-    # B107: Test for use of hard-coded password argument defaults
-    # B110: Try, Except, Pass detected.
-    # B310: Audit url open for permitted schemes
-    # B311: Standard pseudo-random generators are not suitable for security/cryptographic purposes
-    # B404: Import of subprocess module
-    # B504: Test for SSL use with no version specified
-    # B506: Test for use of yaml load
-    # B603: Test for use of subprocess with shell equals true
-    # B607: Test for starting a process with a partial path
-    bandit -r heat -x tests --skip B101,B104,B107,B110,B310,B311,B404,B504,B506,B603,B607
-    doc8 {posargs}
 
 [testenv:venv]
 commands = {posargs}
@@ -89,24 +78,6 @@ commands =
 commands =
     oslopolicy-sample-generator --config-file etc/heat/heat-policy-generator.conf
 
-[testenv:bandit]
-deps =
-  -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master}
-  -r{toxinidir}/test-requirements.txt
-# The following bandit tests are being skipped:
-# B101: Test for use of assert
-# B104: Test for binding to all interfaces
-# B110: Try, Except, Pass detected.
-# B310: Audit url open for permitted schemes
-# B311: Standard pseudo-random generators are not suitable for security/cryptographic purposes
-# B404: Import of subprocess module
-# B410: Import of lxml module
-# B504: Test for SSL use with no version specified
-# B506: Test for use of yaml load
-# B603: Test for use of subprocess with shell equals true
-# B607: Test for starting a process with a partial path
-commands = bandit -r heat -x tests --skip B101,B104,B110,B310,B311,B404,B410,B504,B506,B603,B607
-
 [flake8]
 show-source = true
 # E123 closing bracket does not match indentation of opening bracket's line