Merge pull request #737 from hvac/flake8_cleanup

Restore Flake8 to PR Workflow
hvac · Jul 12, 2021 · 126fc45 · 126fc45
2 parents 8863f77 + d964b8c
commit 126fc45
Show file tree

Hide file tree

Showing 7 changed files with 61 additions and 27 deletions.
diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml
@@ -30,12 +30,19 @@ jobs:
       with:
         python-version: ${{ matrix.python-version }}
 
-    - name: Install black
-      run: pip install black
+    - name: Install `black` and `flake8`
+      run: |
+        pip install \
+          black \
+          flake8 \
+          ;
 
-    - name: Lint with black
+    - name: Check formatting with `black`
       run: black --check .
 
+    - name: Lint with `flake8`
+      run: flake8 . --count --statistics
+
   unit-tests:
     name: Unit Tests
     runs-on: ubuntu-latest

diff --git a/hvac/api/auth_methods/cert.py b/hvac/api/auth_methods/cert.py
@@ -35,8 +35,8 @@ def create_ca_certificate_role(
         token_type="",
         mount_point="cert",
     ):
-        """
-        Create CA Certificate Role
+        """Create CA Certificate Role.
+
         Sets a CA cert and associated parameters in a role name.
 
         Supported methods:
@@ -47,37 +47,60 @@ def create_ca_certificate_role(
         :type name: str
         :param certificate: The PEM-format CA certificate.
         :type certificate: str
-        :param allowed_common_names: Constrain the Common Names in the client certificate with a globbed pattern. Value is a comma-separated list of patterns. Authentication requires at least one Name matching at least one pattern. If not set, defaults to allowing all names.
+        :param allowed_common_names: Constrain the Common Names in the client certificate with a globbed pattern. Value
+            is a comma-separated list of patterns. Authentication requires at least one Name matching at least one
+            pattern. If not set, defaults to allowing all names.
         :type allowed_common_names: str | list
-        :param allowed_dns_sans: Constrain the Alternative Names in the client certificate with a globbed pattern. Value is a comma-separated list of patterns. Authentication requires at least one DNS matching at least one pattern. If not set, defaults to allowing all dns.
+        :param allowed_dns_sans: Constrain the Alternative Names in the client certificate with a globbed pattern. Value
+            is a comma-separated list of patterns. Authentication requires at least one DNS matching at least one pattern.
+            If not set, defaults to allowing all dns.
         :type allowed_dns_sans: str | list
-        :param allowed_email_sans: Constrain the Alternative Names in the client certificate with a globbed pattern. Value is a comma-separated list of patterns. Authentication requires at least one Email matching at least one pattern. If not set, defaults to allowing all emails.
+        :param allowed_email_sans: Constrain the Alternative Names in the client certificate with a globbed pattern.
+            Value is a comma-separated list of patterns. Authentication requires at least one Email matching at least
+            one pattern. If not set, defaults to allowing all emails.
         :type allowed_email_sans: str | list
-        :param allowed_uri_sans: Constrain the Alternative Names in the client certificate with a globbed pattern. Value is a comma-separated list of URI patterns. Authentication requires at least one URI matching at least one pattern. If not set, defaults to allowing all URIs.
+        :param allowed_uri_sans: Constrain the Alternative Names in the client certificate with a globbed pattern.
+            Value is a comma-separated list of URI patterns. Authentication requires at least one URI matching at least
+            one pattern. If not set, defaults to allowing all URIs.
         :type allowed_uri_sans: str | list
-        :param allowed_organizational_units: Constrain the Organizational Units (OU) in the client certificate with a globbed pattern. Value is a comma-separated list of OU patterns. Authentication requires at least one OU matching at least one pattern. If not set, defaults to allowing all OUs.
+        :param allowed_organizational_units: Constrain the Organizational Units (OU) in the client certificate with a
+            globbed pattern. Value is a comma-separated list of OU patterns. Authentication requires at least one OU
+            matching at least one pattern. If not set, defaults to allowing all OUs.
         :type allowed_organizational_units: str | list
-        :param required_extensions: Require specific Custom Extension OIDs to exist and match the pattern. Value is a comma separated string or array of oid:value. Expects the extension value to be some type of ASN1 encoded string. All conditions must be met. Supports globbing on value.
+        :param required_extensions: Require specific Custom Extension OIDs to exist and match the pattern. Value is a
+            comma separated string or array of oid:value. Expects the extension value to be some type of ASN1 encoded
+            string. All conditions must be met. Supports globbing on value.
         :type required_extensions: str | list
-        :param display_name: The display_name to set on tokens issued when authenticating against this CA certificate. If not set, defaults to the name of the role.
+        :param display_name: The display_name to set on tokens issued when authenticating against this CA certificate.
+            If not set, defaults to the name of the role.
         :type display_name: str | unicode
-        :param token_ttl: The incremental lifetime for generated tokens. This current value of this will be referenced at renewal time.
+        :param token_ttl: The incremental lifetime for generated tokens. This current value of this will be referenced
+            at renewal time.
         :type token_ttl: int | str
-        :param token_max_ttl: The maximum lifetime for generated tokens. This current value of this will be referenced at renewal time.
+        :param token_max_ttl: The maximum lifetime for generated tokens. This current value of this will be referenced
+            at renewal time.
         :type token_max_ttl: int | str
-        :param token_policies: List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
+        :param token_policies: List of policies to encode onto generated tokens. Depending on the auth method, this list
+            may be supplemented by user/group/other values.
         :type token_policies: list | str
-        :param token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
+        :param token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate
+            successfully, and ties the resulting token to these blocks as well.
         :type token_bound_cidrs: list | str
-        :param token_explicit_max_ttl: If set, will encode an explicit max TTL onto the token. This is a hard cap even if token_ttl and token_max_ttl would otherwise allow a renewal.
+        :param token_explicit_max_ttl: If set, will encode an explicit max TTL onto the token. This is a hard cap even
+            if token_ttl and token_max_ttl would otherwise allow a renewal.
         :type token_explicit_max_ttl: int | str
-        :param token_no_default_policy: If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
+        :param token_no_default_policy: If set, the default policy will not be set on generated tokens; otherwise it
+            will be added to the policies set in token_policies.
         :type token_no_default_policy: bool
-        :param token_num_uses: The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited. If you require the token to have the ability to create child tokens, you will need to set this value to 0.
+        :param token_num_uses: The maximum number of times a generated token may be used (within its lifetime); 0 means
+            unlimited. If you require the token to have the ability to create child tokens, you will need to set this value to 0.
         :type token_num_uses: int
         :param token_period: The period, if any, to set on the token.
         :type token_period: int | str
-        :param token_type: The type of token that should be generated. Can be service, batch, or default to use the mount's tuned default (which unless changed will be service tokens). For token store roles, there are two additional possibilities: default-service and default-batch which specify the type to return unless the client requests a different type at generation time.
+        :param token_type: The type of token that should be generated. Can be service, batch, or default to use the
+            mount's tuned default (which unless changed will be service tokens). For token store roles, there are two
+            additional possibilities: default-service and default-batch which specify the type to return unless the
+            client requests a different type at generation time.
         :type token_type: str
         :param mount_point:
         :type mount_point:

diff --git a/hvac/api/auth_methods/kubernetes.py b/hvac/api/auth_methods/kubernetes.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
 """Kubernetes methods module."""
-from hvac import exceptions, utils
+from hvac import utils
 from hvac.api.vault_api_base import VaultApiBase
 from hvac.utils import (
     validate_list_of_strings_param,

diff --git a/requirements-dev.in b/requirements-dev.in
@@ -3,6 +3,7 @@ Authlib
 black
 Flask
 Flask-SQLAlchemy
+flake8
 codecov
 coverage
 ipaddress

diff --git a/requirements-dev.txt b/requirements-dev.txt
@@ -39,6 +39,8 @@ cryptography==3.4.7
     #   jwcrypto
 deprecated==1.2.12
     # via jwcrypto
+flake8==3.9.2
+    # via -r requirements-dev.in
 flask==2.0.1
     # via
     #   -r requirements-dev.in
@@ -63,6 +65,8 @@ jwcrypto==0.9.1
     # via python-jwt
 markupsafe==2.0.1
     # via jinja2
+mccabe==0.6.1
+    # via flake8
 mock==4.0.3
     # via -r requirements-dev.in
 mypy-extensions==0.4.3
@@ -81,8 +85,12 @@ py==1.10.0
     # via pytest
 py4j==0.10.9.2
     # via python-ldap-test
+pycodestyle==2.7.0
+    # via flake8
 pycparser==2.20
     # via cffi
+pyflakes==2.3.1
+    # via flake8
 pyhcl==0.4.4
     # via -r ./requirements.txt
 pyparsing==2.4.7

diff --git a/tests/integration_tests/api/auth_methods/test_cert.py b/tests/integration_tests/api/auth_methods/test_cert.py
@@ -1,12 +1,9 @@
 from unittest import TestCase
-from unittest import skipIf
 
+from hvac import exceptions
 from parameterized import parameterized
-
-from hvac import exceptions, Client
 from tests import utils
 from tests.utils.hvac_integration_test_case import HvacIntegrationTestCase
-import pytest
 
 
 class TestCert(HvacIntegrationTestCase, TestCase):

diff --git a/tests/unit_tests/v1/test_auth_methods.py b/tests/unit_tests/v1/test_auth_methods.py
@@ -11,7 +11,6 @@ class TestAuthMethods(TestCase):
     @requests_mock.Mocker()
     def test_tune_auth_backend(self, requests_mocker):
         expected_status_code = 204
-        test_backend_type = "approle"
         test_mount_point = "approle-test"
         test_description = "this is a test description"
         requests_mocker.register_uri(
@@ -41,7 +40,6 @@ def test_tune_auth_backend(self, requests_mocker):
     @requests_mock.Mocker()
     def test_get_auth_backend_tuning(self, requests_mocker):
         expected_status_code = 200
-        test_backend_type = "approle"
         test_mount_point = "approle-test"
         mock_response = {
             "max_lease_ttl": 12345678,