From ea0bfd8e206cd42e923240546a6af170b6712d71 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Fri, 3 Oct 2025 00:12:54 +0900 Subject: [PATCH] Use pre-commit to run pep8 checks Change-Id: Icfbdee104baa60f1507ce61f06797d0adb3e947d Signed-off-by: Takashi Kajinami --- .pre-commit-config.yaml | 30 ++++++++------- bin/heat-keystone-setup-domain | 10 ++--- pyproject.toml | 15 ++++++++ ...ine-volume-extension-bb9d6554bda5b682.yaml | 2 +- test-requirements.txt | 2 - tools/cfn-json2yaml | 11 ++++-- tools/custom_guidelines.py | 27 +++++++------- tox.ini | 37 ++----------------- 8 files changed, 61 insertions(+), 73 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index ee085de17b..2404ea6618 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,29 +1,31 @@ --- -default_language_version: - # force all unspecified python hooks to run python3 - python: python3 repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.4.0 + rev: v6.0.0 hooks: - id: trailing-whitespace + # Replaces or checks mixed line ending - id: mixed-line-ending args: ['--fix', 'lf'] exclude: '.*\.(svg)$' - - id: check-byte-order-marker + - id: fix-byte-order-marker - id: check-executables-have-shebangs - id: check-merge-conflict - id: debug-statements - id: check-yaml files: .*\.(yaml|yml)$ exclude: 'rally-scenarios/heat-fakevirt.yaml' - - repo: local + - repo: https://opendev.org/openstack/hacking + rev: 6.1.0 hooks: - - id: flake8 - name: flake8 - additional_dependencies: - - hacking>=6.1.0,<6.2.0 - language: python - entry: flake8 - files: '^.*\.py$' - exclude: '^(doc|releasenotes|tools)/.*$' + - id: hacking + additional_dependencies: [] + - repo: https://github.com/PyCQA/bandit + rev: 1.8.6 + hooks: + - id: bandit + args: ['-c', 'pyproject.toml'] + - repo: https://github.com/PyCQA/doc8 + rev: v1.1.2 + hooks: + - id: doc8 diff --git a/bin/heat-keystone-setup-domain b/bin/heat-keystone-setup-domain index ae17bcb748..9c435fee08 100755 --- a/bin/heat-keystone-setup-domain +++ b/bin/heat-keystone-setup-domain @@ -40,21 +40,21 @@ opts = [ cfg.StrOpt('stack-domain-admin', default="heat_stack_admin", help=_("Keystone username with roles sufficient to manage users" - " and projects in the stack-user-domain")), + " and projects in the stack-user-domain")), cfg.StrOpt('stack-domain-admin-password', secret=True, help=_("Password to set for stack-domain-admin")), cfg.BoolOpt('insecure', default=False, help=_("If set, then the server's certificate will not " - "be verified.")), + "be verified.")), cfg.StrOpt('os-cacert', help=_('Optional CA cert file to use in SSL connections.')), cfg.StrOpt('os-cert', help=_('Optional PEM-formatted certificate chain file.')), cfg.StrOpt('os-key', help=_('Optional PEM-formatted file that contains the ' - 'private key.')), + 'private key.')), ] @@ -65,7 +65,8 @@ logging.set_defaults( logging_context_format_string="%(levelname)s (%(module)s:" "%(lineno)d) %(message)s", default_log_levels=(logging.get_default_log_levels() + - extra_log_level_defaults)) + extra_log_level_defaults) +) logging.setup(cfg.CONF, 'heat-keystone-setup-domain', version.version_info.version_string()) @@ -102,7 +103,6 @@ def main(): 'project_domain_name': PROJECT_DOMAIN_NAME } - if insecure: client_kwargs['verify'] = False else: diff --git a/pyproject.toml b/pyproject.toml index 5e862a9593..71a2c0ff85 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,3 +1,18 @@ [build-system] requires = ["pbr>=6.0.0", "setuptools>=64.0.0"] build-backend = "pbr.build" + +[tool.bandit] +# B101: Test for use of assert +# B104: Test for binding to all interfaces +# B107: Test for use of hard-coded password argument defaults +# B110: Try, Except, Pass detected. +# B310: Audit url open for permitted schemes +# B311: Standard pseudo-random generators are not suitable for security/cryptographic purposes +# B404: Import of subprocess module +# B504: Test for SSL use with no version specified +# B506: Test for use of yaml load +# B603: Test for use of subprocess with shell equals true +# B607: Test for starting a process with a partial path +skips = ['B101', 'B104', 'B107', 'B110', 'B310', 'B311', 'B404', 'B504', 'B506', 'B603', 'B607'] +exclude_dirs = ['tests'] diff --git a/releasenotes/notes/online-volume-extension-bb9d6554bda5b682.yaml b/releasenotes/notes/online-volume-extension-bb9d6554bda5b682.yaml index 11dd347bc6..d415b6d66a 100644 --- a/releasenotes/notes/online-volume-extension-bb9d6554bda5b682.yaml +++ b/releasenotes/notes/online-volume-extension-bb9d6554bda5b682.yaml @@ -3,4 +3,4 @@ features: - | The ``OS::Cinder::Volume`` resource type now supports extending volumes in use. Note that this requires that Cinder supports API microversion - 3.42 or later. + 3.42 or later. diff --git a/test-requirements.txt b/test-requirements.txt index 262eaade78..645d384800 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,7 +1,6 @@ # Hacking already pins down pep8, pyflakes and flake8 hacking>=6.1.0,<6.2.0 # Apache-2.0 -bandit>=1.8.1 # Apache-2.0 coverage>=4.0 # Apache-2.0 ddt>=1.4.1 # MIT fixtures>=3.0.0 # Apache-2.0/BSD @@ -12,7 +11,6 @@ stestr>=2.0.0 # Apache-2.0 testscenarios>=0.4 # Apache-2.0/BSD testtools>=2.2.0 # MIT testresources>=2.0.0 # Apache-2.0/BSD -doc8>=0.8.1 # Apache-2.0 Pygments>=2.2.0 # BSD license # Next are used in integration tests only tempest>=17.1.0 # Apache-2.0 diff --git a/tools/cfn-json2yaml b/tools/cfn-json2yaml index ec2f371a7c..8feb5ca9b8 100755 --- a/tools/cfn-json2yaml +++ b/tools/cfn-json2yaml @@ -12,13 +12,13 @@ # License for the specific language governing permissions and limitations # under the License. -import sys import os -import yaml -import json import re +import sys + from heat.common import template_format + def main(): path = sys.argv[1] if os.path.isdir(path): @@ -28,15 +28,17 @@ def main(): else: print('File or directory not valid: %s' % path) + def convert_file(path): f = open(path, 'r') print(template_format.convert_json_to_yaml(f.read())) + def convert_directory(dirpath): for path in os.listdir(dirpath): if not path.endswith('.template') and not path.endswith('.json'): continue - yamlpath = re.sub('\..*$', '.yaml', path) + yamlpath = re.sub(r'\..*$', '.yaml', path) print('Writing to %s' % yamlpath) f = open(os.path.join(dirpath, path), 'r') out = open(os.path.join(dirpath, yamlpath), 'w') @@ -44,5 +46,6 @@ def convert_directory(dirpath): out.write(yml) out.close() + if __name__ == '__main__': main() diff --git a/tools/custom_guidelines.py b/tools/custom_guidelines.py index 53306d0cce..606d62bf83 100644 --- a/tools/custom_guidelines.py +++ b/tools/custom_guidelines.py @@ -172,15 +172,15 @@ class HeatCustomGuidelines(object): while level != 0: level += len(re.findall(r'(\{|\()', lines[idx])) level -= len(re.findall(r'(\}|\))', lines[idx])) - if re.search("^((\'|\") )", lines[idx]): + if re.search(r"^((\'|\") )", lines[idx]): kwargs.update( {'details': 'line %s' % idx, 'message': _('Trailing whitespace should ' 'be on previous line'), 'snippet': lines[idx]}) self.print_guideline_error(**kwargs) - elif (re.search("(\\S(\'|\"))$", lines[idx - 1]) and - re.search("^((\'|\")\\S)", lines[idx])): + elif (re.search(r"(\\S(\'|\"))$", lines[idx - 1]) and + re.search(r"^((\'|\")\\S)", lines[idx])): kwargs.update( {'details': 'line %s' % (idx - 1), 'message': _('Omitted whitespace at the ' @@ -192,7 +192,7 @@ class HeatCustomGuidelines(object): def _check_description_summary(self, description, error_kwargs, error_key): - if re.search("^[a-z]", description): + if re.search(r"^[a-z]", description): error_kwargs.update( {'message': _('%s description summary should start ' 'with uppercase letter') % error_key.title(), @@ -239,16 +239,15 @@ class HeatCustomGuidelines(object): params = False for line in doclines[1:]: - if re.search(r"\s{2,}", line): - error_kwargs.update( - {'message': _('%s description ' - 'contains double or more ' - 'whitespaces') % error_key.title(), - 'snippet': line}) - self.print_guideline_error(**error_kwargs) - if re.search("^(:param|:type|:returns|:rtype|:raises)", - line): - params = True + if re.search(r"\s{2,}", line): + error_kwargs.update( + {'message': _('%s description ' + 'contains double or more ' + 'whitespaces') % error_key.title(), + 'snippet': line}) + self.print_guideline_error(**error_kwargs) + if re.search(r"^(:param|:type|:returns|:rtype|:raises)", line): + params = True if not params and not (doclines[-2].endswith('.') or doclines[-2].endswith('.)')): error_kwargs.update( diff --git a/tox.ini b/tox.ini index bb718367cb..1fee482a91 100644 --- a/tox.ini +++ b/tox.ini @@ -19,23 +19,12 @@ passenv = no_proxy [testenv:pep8] +deps = + {[testenv]deps} + pre-commit commands = - flake8 heat contrib heat_integrationtests doc/source + pre-commit run -a python tools/custom_guidelines.py --exclude heat/engine/resources/aws - # The following bandit tests are being skipped: - # B101: Test for use of assert - # B104: Test for binding to all interfaces - # B107: Test for use of hard-coded password argument defaults - # B110: Try, Except, Pass detected. - # B310: Audit url open for permitted schemes - # B311: Standard pseudo-random generators are not suitable for security/cryptographic purposes - # B404: Import of subprocess module - # B504: Test for SSL use with no version specified - # B506: Test for use of yaml load - # B603: Test for use of subprocess with shell equals true - # B607: Test for starting a process with a partial path - bandit -r heat -x tests --skip B101,B104,B107,B110,B310,B311,B404,B504,B506,B603,B607 - doc8 {posargs} [testenv:venv] commands = {posargs} @@ -89,24 +78,6 @@ commands = commands = oslopolicy-sample-generator --config-file etc/heat/heat-policy-generator.conf -[testenv:bandit] -deps = - -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master} - -r{toxinidir}/test-requirements.txt -# The following bandit tests are being skipped: -# B101: Test for use of assert -# B104: Test for binding to all interfaces -# B110: Try, Except, Pass detected. -# B310: Audit url open for permitted schemes -# B311: Standard pseudo-random generators are not suitable for security/cryptographic purposes -# B404: Import of subprocess module -# B410: Import of lxml module -# B504: Test for SSL use with no version specified -# B506: Test for use of yaml load -# B603: Test for use of subprocess with shell equals true -# B607: Test for starting a process with a partial path -commands = bandit -r heat -x tests --skip B101,B104,B110,B310,B311,B404,B410,B504,B506,B603,B607 - [flake8] show-source = true # E123 closing bracket does not match indentation of opening bracket's line