[openstack-dev] [oslo][bandit] Handling bandit configuration files in Oslo.

Cyril Roelandt cyril at redhat.com
Tue Nov 3 15:41:04 UTC 2015


On 11/02/2015 07:40 PM, Brant Knudson wrote:
>
> We could use something like this in keystone since we've got a few
> repositories. There should be a way to document why the test was skipped
> since otherwise we'll have to figure it out every time we update the
> file. Putting a comment on the command line would wind up being
> unwieldy, so we should have a config file for bandit-conf-generator...
> but then why not just have bandit know how to read the
> bandit-conf-generator config file and skip the extra step?


The bandit.yaml from python-keystoneclient supports multiple profiles, 
which is already something my tool, in its current state, cannot do.

I don't know exactly which set of features should be supported by a 
configuration generator. If it becomes too hard to write the 
configuration for the configuration generator, we might as well just 
write the configuration for bandit manually :⁾

See my answer to Victor about enhancing Bandit so that it can read a 
"simpler" config file. I'm not a big fan of it.



More information about the OpenStack-dev mailing list