ansible-hardening/tox.ini
Major Hayden 6476ef7635 Ensure V-38574 works reliably on CentOS
This patch ensures that the tasks can find the right PAM
files to do the checks for V-38574. CentOS systems usually
symlink password-auth to password-auth-ac, but this symlink
is missing in the gate image.

The tasks now look for the password-auth file and this will work
properly on a generic CentOS 7 system as well as within the gate image.

Change-Id: I24281530df8bc939a823ffcc6187882574d266f6
2016-05-31 15:39:56 +00:00

127 lines
4.1 KiB
INI

[tox]
minversion = 1.6
skipsdist = True
envlist = docs,linters,functional
[testenv]
usedevelop = True
install_command = pip install -U {opts} {packages}
deps = -r{toxinidir}/test-requirements.txt
commands = /usr/bin/find . -type f -name "*.pyc" -delete
passenv =
HOME
whitelist_externals =
bash
cat
git
rm
setenv =
VIRTUAL_ENV={envdir}
ANSIBLE_HOST_KEY_CHECKING = False
ANSIBLE_SSH_CONTROL_PATH = /tmp/%%h-%%r
# TODO (odyssey4me) These are only here as they are non-standard folder
# names for Ansible 1.9.x. We are using the standard folder names for
# Ansible v2.x. We can remove this when we move to Ansible 2.x.
ANSIBLE_ACTION_PLUGINS = {homedir}/.ansible/plugins/action
ANSIBLE_CALLBACK_PLUGINS = {homedir}/.ansible/plugins/callback
ANSIBLE_FILTER_PLUGINS = {homedir}/.ansible/plugins/filter
ANSIBLE_LOOKUP_PLUGINS = {homedir}/.ansible/plugins/lookup
# This is required as the default is the current path or a path specified
# in ansible.cfg
ANSIBLE_LIBRARY = {homedir}/.ansible/plugins/library
# This is required as the default is '/etc/ansible/roles' or a path
# specified in ansible.cfg
ANSIBLE_ROLES_PATH = {homedir}/.ansible/roles:{toxinidir}/..
[testenv:docs]
commands=
python setup.py build_sphinx
# environment used by the -infra templated docs job
[testenv:venv]
deps = -r{toxinidir}/test-requirements.txt
commands = {posargs}
[testenv:pep8]
commands =
# Run hacking/flake8 check for all python files
bash -c "grep --recursive --binary-files=without-match \
--files-with-match '^.!.*python$' \
--exclude-dir .eggs \
--exclude-dir .git \
--exclude-dir .tox \
--exclude-dir *.egg-info \
--exclude-dir doc \
{toxinidir} | xargs flake8 --verbose"
[flake8]
# Ignores the following rules due to how ansible modules work in general
# F403 'from ansible.module_utils.basic import *' used;
# unable to detect undefined names
# H303 No wildcard (*) import.
ignore=F403,H303
[testenv:bashate]
commands =
# Run bashate check for all bash scripts
# Ignores the following rules:
# E003: Indent not multiple of 4 (we prefer to use multiples of 2)
# E006: Line longer than 79 columns (as many scripts use jinja
# templating, this is very difficult)
# E040: Syntax error determined using `bash -n` (as many scripts
# use jinja templating, this will often fail and the syntax
# error will be discovered in execution anyway)
bash -c "grep --recursive --binary-files=without-match \
--files-with-match '^.!.*\(ba\)\?sh$' \
--exclude-dir .tox \
--exclude-dir .git \
{toxinidir} | xargs bashate --error . --verbose --ignore=E003,E006,E040"
[testenv:ansible-syntax]
commands =
rm -rf {homedir}/.ansible
git clone https://git.openstack.org/openstack/openstack-ansible-plugins \
{homedir}/.ansible/plugins
ansible-playbook -i {toxinidir}/tests/inventory \
--syntax-check \
--list-tasks \
-e "rolename={toxinidir}" \
-t ssh \
{toxinidir}/tests/test.yml
[testenv:ansible-lint]
commands =
ansible-lint {toxinidir}/tests/test.yml
[testenv:functional]
# NOTE(odyssey4me): We have to skip V-38462 as openstack-infra are now building
# images with apt config Apt::Get::AllowUnauthenticated set
# to true.
commands =
rm -rf {homedir}/.ansible
git clone https://git.openstack.org/openstack/openstack-ansible-plugins \
{homedir}/.ansible/plugins
ansible-playbook -i {toxinidir}/tests/inventory \
-e "rolename={toxinidir}" \
--skip-tag V-38462 \
{toxinidir}/tests/test.yml
[testenv:linters]
commands =
{[testenv:pep8]commands}
{[testenv:bashate]commands}
{[testenv:ansible-lint]commands}
{[testenv:ansible-syntax]commands}
[testenv:releasenotes]
commands = sphinx-build -a -E -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html