20769cd7b2
pip 20.3 finally includes a proper dependency resolver. Its use is
causing the following error messages on the lower-constraints job:
ERROR: Cannot install ... because these package versions have
conflicting dependencies.
The conflict is caused by:
bandit 1.1.0 depends on PyYAML>=3.1.0
cliff 3.4.0 depends on PyYAML>=3.12
openstacksdk 0.52.0 depends on PyYAML>=3.13
Bump our lower constraint for PyYAML to resolve this issue. With that
resolved, we see a new issue:
ERROR: Could not find a version that satisfies the requirement
cryptography>=2.7 (from openstacksdk)
ERROR: No matching distribution found for cryptography>=2.7
This is less self-explanatory but looking at the lower-constraints for
openstacksdk 0.52.0 shows a dependency on cryptography 2.7 [1], meaning
we need to bump this also.
Next up, flake8-import-order seems to cause the dependency resolver to
go nuts, eventually ending with the following error message in a Python
3.6 environment:
Using cached enum34-1.1.2.zip (49 kB)
ERROR: Command errored out with exit status 1:
command: ...
cwd: ...
Complete output (9 lines):
Traceback (most recent call last):
File "<string>", line 1, in <module>
File ".../lib/python3.6/site-packages/setuptools/__init__.py", line 7, in <module>
import setuptools.distutils_patch # noqa: F401
File ".../lib/python3.6/site-packages/setuptools/distutils_patch.py", line 9, in <module>
import re
File "/usr/lib64/python3.6/re.py", line 142, in <module>
class RegexFlag(enum.IntFlag):
AttributeError: module 'enum' has no attribute 'IntFlag'
----------------------------------------
A quick Google suggests this is because the enum34 package is not
complete [2]. We shouldn't even be using it since our base virtualenv
should at least use Python 3.6, but I guess some dependency doesn't
properly restrict the dependency to <= Python 3.4. This is moved from
'test-requirements.txt' to 'tox.ini' since we don't need to use our
constraints machinery for linters.
Finally, the versions of bandit and hacking that pip is bringing in both
requires in a newer version of babel, which in turn requires a new
version of pytz.
Collecting hacking>=2.0.0
...
ERROR: Cannot install oslo.i18n because these package versions have
conflicting dependencies.
The conflict is caused by:
babel 2.9.0 depends on pytz>=2015.7
babel 2.8.1 depends on pytz>=2015.7
babel 2.8.0 depends on pytz>=2015.7
babel 2.7.0 depends on pytz>=2015.7
Seeing as we shouldn't be tracking bandit in
lower-constraints, I'm not sure why we're want to bump these
dependencies for just that. As above, we move these dependencies out of
'test-requirements' and into 'tox.ini' since we can do that for linters.
[1] https://opendev.org/openstack/openstacksdk/src/tag/0.52.0/requirements.txt#L19
[2] https://github.com/iterative/dvc/issues/1995#issuecomment-491889669
Change-Id: I8ec738fbcabc8d8553db79a876e5592576cd18fa
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
147 lines
5.3 KiB
INI
147 lines
5.3 KiB
INI
[tox]
|
|
minversion = 3.2.0
|
|
envlist = py38,pep8
|
|
skipdist = True
|
|
# Automatic envs (pyXX) will only use the python version appropriate to that
|
|
# env and ignore basepython inherited from [testenv] if we set
|
|
# ignore_basepython_conflict.
|
|
ignore_basepython_conflict = True
|
|
|
|
[testenv]
|
|
usedevelop = True
|
|
basepython = python3
|
|
setenv = OS_STDOUT_CAPTURE=1
|
|
OS_STDERR_CAPTURE=1
|
|
OS_TEST_TIMEOUT=60
|
|
deps =
|
|
-c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master}
|
|
-r{toxinidir}/test-requirements.txt
|
|
-r{toxinidir}/requirements.txt
|
|
commands = stestr run {posargs}
|
|
whitelist_externals = stestr
|
|
|
|
[testenv:fast8]
|
|
# Use same environment directory as pep8 env to save space and install time
|
|
setenv = VIRTUAL_ENV={envdir}
|
|
envdir = {toxworkdir}/pep8
|
|
commands =
|
|
{toxinidir}/tools/fast8.sh
|
|
|
|
[testenv:pep8]
|
|
deps =
|
|
hacking>=2.0.0
|
|
bandit!=1.6.0,>=1.1.0
|
|
flake8-import-order>=0.13 # LGPLv3
|
|
commands =
|
|
flake8
|
|
bandit -r openstackclient -x tests -s B105,B106,B107,B401,B404,B603,B606,B607,B110,B605,B101
|
|
|
|
[testenv:bandit]
|
|
# This command runs the bandit security linter against the openstackclient
|
|
# codebase minus the tests directory. Some tests are being excluded to
|
|
# reduce the number of positives before a team inspection, and to ensure a
|
|
# passing gate job for initial addition. The excluded tests are:
|
|
# B105-B107: hardcoded password checks - likely to generate false positives
|
|
# in a gate environment
|
|
# B401: import subprocess - not necessarily a security issue; this plugin is
|
|
# mainly used for penetration testing workflow
|
|
# B603,B606: process without shell - not necessarily a security issue; this
|
|
# plugin is mainly used for penetration testing workflow
|
|
# B607: start process with a partial path - this should be a project level
|
|
# decision
|
|
# NOTE(elmiko): The following tests are being excluded specifically for
|
|
# python-openstackclient, they are being excluded to ensure that voting jobs
|
|
# in the project and in bandit integration tests continue to pass. These
|
|
# tests have generated issue within the project and should be investigated
|
|
# by the project.
|
|
# B110: try, except, pass detected - possible security issue; this should be
|
|
# investigated by the project for possible exploitation
|
|
# B605: process with a shell - possible security issue; this should be
|
|
# investigated by the project for possible exploitation
|
|
# B101: use of assert - this code will be removed when compiling to optimized
|
|
# byte code
|
|
commands =
|
|
bandit -r openstackclient -x tests -s B105,B106,B107,B401,B404,B603,B606,B607,B110,B605,B101
|
|
|
|
[testenv:unit-tips]
|
|
commands =
|
|
python -m pip install -q -U -e "git+file://{toxinidir}/../cliff#egg=cliff"
|
|
python -m pip install -q -U -e "git+file://{toxinidir}/../keystoneauth#egg=keystoneauth"
|
|
python -m pip install -q -U -e "git+file://{toxinidir}/../osc-lib#egg=osc_lib"
|
|
pythom -m pip install -q -e "git+file://{toxinidir}/../openstacksdk#egg=openstacksdk"
|
|
python -m pip freeze
|
|
stestr run {posargs}
|
|
whitelist_externals = stestr
|
|
|
|
[testenv:functional]
|
|
setenv = OS_TEST_PATH=./openstackclient/tests/functional
|
|
passenv = OS_*
|
|
commands =
|
|
stestr run {posargs}
|
|
|
|
[testenv:functional-tips]
|
|
setenv = OS_TEST_PATH=./openstackclient/tests/functional
|
|
passenv = OS_*
|
|
commands =
|
|
python -m pip install -q -U -e "git+file://{toxinidir}/../cliff#egg=cliff"
|
|
python -m pip install -q -U -e "git+file://{toxinidir}/../keystoneauth#egg=keystoneauth"
|
|
python -m pip install -q -U -e "git+file://{toxinidir}/../osc-lib#egg=osc_lib"
|
|
python -m pip install -q -U -e "git+file://{toxinidir}/../openstacksdk#egg=openstacksdk"
|
|
python -m pip freeze
|
|
stestr run {posargs}
|
|
|
|
[testenv:venv]
|
|
deps =
|
|
-c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master}
|
|
-r{toxinidir}/requirements.txt
|
|
-r{toxinidir}/doc/requirements.txt
|
|
commands = {posargs}
|
|
|
|
[testenv:cover]
|
|
setenv =
|
|
VIRTUAL_ENV={envdir}
|
|
PYTHON=coverage run --source openstackclient --parallel-mode
|
|
commands =
|
|
stestr -q run {posargs}
|
|
coverage combine
|
|
coverage html -d cover
|
|
coverage xml -o cover/coverage.xml
|
|
|
|
[testenv:debug]
|
|
passenv = OS_*
|
|
commands =
|
|
oslo_debug_helper -t openstackclient/tests {posargs}
|
|
|
|
[testenv:docs]
|
|
deps =
|
|
-c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master}
|
|
-r{toxinidir}/doc/requirements.txt
|
|
commands =
|
|
sphinx-build -a -E -W -d doc/build/doctrees -b html doc/source doc/build/html
|
|
sphinx-build -a -E -W -d doc/build/doctrees -b man doc/source doc/build/man
|
|
# Validate redirects (must be done after the docs build
|
|
whereto doc/build/html/.htaccess doc/test/redirect-tests.txt
|
|
|
|
[testenv:releasenotes]
|
|
deps =
|
|
-c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master}
|
|
-r{toxinidir}/doc/requirements.txt
|
|
commands =
|
|
sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html
|
|
|
|
[flake8]
|
|
show-source = True
|
|
# H203: Use assertIs(Not)None to check for None
|
|
enable-extensions = H203
|
|
exclude = .git,.tox,dist,doc,*lib/python*,*egg,build,tools
|
|
# W504 is disabled since you must choose between this or W503
|
|
ignore = W504
|
|
import-order-style = pep8
|
|
application_import_names = openstackclient
|
|
|
|
[testenv:lower-constraints]
|
|
deps =
|
|
-c{toxinidir}/lower-constraints.txt
|
|
-r{toxinidir}/test-requirements.txt
|
|
-r{toxinidir}/requirements.txt
|