Add ruff

We also address most of the manual issues here.

Change-Id: Icf59dab32c2572d56c49a343b27e8d6425b5ef45
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>

.pre-commit-config.yaml

@@ -18,18 +18,14 @@ repos:
       - id: debug-statements
       - id: check-yaml
         files: .*\.(yaml|yml)$
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.12.7
+    hooks:
+      - id: ruff-check
+        args: ['--fix', '--unsafe-fixes']
+      - id: ruff-format
   - repo: https://opendev.org/openstack/hacking
     rev: 7.0.0
     hooks:
       - id: hacking
         additional_dependencies: []
-  - repo: https://github.com/PyCQA/bandit
-    rev: 1.7.10
-    hooks:
-      - id: bandit
-        args: ['-x', 'tests']
-  - repo: https://github.com/asottile/pyupgrade
-    rev: v3.18.0
-    hooks:
-      - id: pyupgrade
-        args: [--py3-only]

oslo_utils/imageutils/__init__.py

@@ -1 +1,5 @@
 from .qemu import QemuImgInfo
+
+__all__ = [
+    'QemuImgInfo',
+]

oslo_utils/secretutils.py

@@ -37,7 +37,7 @@ def md5(string=b'', usedforsecurity=True):
     parameter, this passes the parameter through as expected.
     See https://bugs.python.org/issue9216
     """
-    return hashlib.md5(string, usedforsecurity=usedforsecurity)  # nosec
+    return hashlib.md5(string, usedforsecurity=usedforsecurity)  # noqa: S324
 
 
 if ctypes.util.find_library("crypt"):

oslo_utils/strutils.py

@@ -382,7 +382,7 @@ def to_slug(value, incoming=None, errors="strict"):
 # this file or, even better, pick an existing pattern or key to use in
 # your application to ensure that the value is masked by this
 # function.
-def mask_password(message, secret="***"):  # nosec
+def mask_password(message, secret="***"):  # noqa: S107
     """Replace password with *secret* in message.
 
     :param message: The string which includes security information.
@@ -454,7 +454,7 @@ def mask_password(message, secret="***"):  # nosec
     return message
 
 
-def mask_dict_password(dictionary, secret="***"):  # nosec
+def mask_dict_password(dictionary, secret="***"):  # noqa: S107
     """Replace password with *secret* in a dictionary recursively.
 
     :param dictionary: The dictionary which includes secret information.

oslo_utils/tests/test_secretutils.py

@@ -21,10 +21,13 @@ import testscenarios
 from oslo_utils import secretutils
 
 
-class SecretUtilsTest(testscenarios.TestWithScenarios, test_base.BaseTestCase):
-    _gen_digest = lambda text: hmac.new(
+def _gen_digest(text):
+    return hmac.new(
         b'foo', text.encode('utf-8'), digestmod=hashlib.sha1
     ).digest()
+
+
+class SecretUtilsTest(testscenarios.TestWithScenarios, test_base.BaseTestCase):
     scenarios = [
         ('binary', {'converter': _gen_digest}),
         ('unicode', {'converter': lambda text: text}),

oslo_utils/timeutils.py

@@ -157,7 +157,9 @@ def advance_time_delta(timedelta):
     See :py:class:`oslo_utils.fixture.TimeFixture`.
 
     """
-    assert utcnow.override_time is not None  # nosec
+    if utcnow.override_time is None:
+        raise RuntimeError('override_time must be configured')
+
     try:
         for dt in utcnow.override_time:
             dt += timedelta

pyproject.toml

@@ -34,3 +34,17 @@ Repository = "https://opendev.org/openstack/oslo.utils/"
 packages = [
     "oslo_utils"
 ]
+
+[tool.ruff]
+line-length = 79
+
+[tool.ruff.format]
+quote-style = "preserve"
+docstring-code-format = true
+
+[tool.ruff.lint]
+select = ["E4", "E7", "E9", "F", "S", "UP"]
+ignore = ["UP031"]
+
+[tool.ruff.lint.per-file-ignores]
+"oslo_utils/tests/*" = ["S"]