From 333f4ba2841d37f37bfcd2de4579f03e3b6d77eb Mon Sep 17 00:00:00 2001
From: Tin Lam <tin@irrational.io>
Date: Sun, 3 Jun 2018 03:20:52 -0500
Subject: [PATCH] chore(bandit): add bandit

This patch set puts the bandit check as part of the pep8 gating job
for airship-armada and remove the separate bandit gate.

Change-Id: I3871bb20f04aedb80a1ffca4038e94a156156a14
Signed-off-by: Tin Lam <tin@irrational.io>
---
 .zuul.yaml                                | 12 ------------
 tools/gate/playbooks/security-bandit.yaml | 20 --------------------
 tox.ini                                   |  5 +++++
 3 files changed, 5 insertions(+), 32 deletions(-)
 delete mode 100644 tools/gate/playbooks/security-bandit.yaml

diff --git a/.zuul.yaml b/.zuul.yaml
index 8a8036f4..1edb7902 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -17,14 +17,12 @@
         - airship-armada-lint-pep8
         - airship-armada-ubuntu
         - airship-armada-unit-py35
-        - airship-armada-security-bandit
 
     gate:
       jobs:
         - airship-armada-linter
         - airship-armada-lint-pep8
         - airship-armada-unit-py35
-        - airship-armada-security-bandit
 
 - job:
     name: airship-armada-linter
@@ -72,16 +70,6 @@
     timeout: 300
     nodeset: airship-armada-single-node
 
-- job:
-    name: airship-armada-security-bandit
-    description: |
-      Executes the Bandit security scanner against Python files
-    run: tools/gate/playbooks/security-bandit.yaml
-    timeout: 300
-    nodeset: airship-armada-single-node
-    files:
-      - ^.*\.py$
-
 - job:
     name: airship-armada-lint-pep8
     description: |
diff --git a/tools/gate/playbooks/security-bandit.yaml b/tools/gate/playbooks/security-bandit.yaml
deleted file mode 100644
index 354d26c9..00000000
--- a/tools/gate/playbooks/security-bandit.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-- hosts: primary
-  tasks:
-    - name: Execute the make target for security scanning
-      make:
-        chdir: "{{ zuul.project.src_dir }}"
-        target: test-bandit
-      register: result
-      failed_when: result.failed
diff --git a/tox.ini b/tox.ini
index a90f9296..63aa1bc6 100644
--- a/tox.ini
+++ b/tox.ini
@@ -40,8 +40,13 @@ deps = -r{toxinidir}/doc/requirements.txt
 commands = sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html
 
 [testenv:pep8]
+deps =
+    .[bandit]
+    {[testenv]deps}
 commands =
     flake8 {posargs}
+    # Run security linter as part of the pep8 gate instead of a separate zuul job.
+    bandit -r armada -x armada/tests -n 5
 
 [testenv:bandit]
 commands =