Go to file

Felipe Monteiro 582dee6fb9 DECKHAND-61: oslo.policy integration

This PS implements oslo.policy integration in Deckhand.
The policy.py file implements 2 types of functions for
performing policy enforcement in Deckhand: authorize,
which is a decorator that is used directly around
falcon on_HTTP_VERB methods that raises a 403 immediately
if policy enforcement fails; and conditional_authorize,
to be used inside controller code conditionally.

For example, since Deckhand has two types of documents
with respect to security -- encrypted and cleartext
documents -- policy enforcement is conditioned on the
type of the documents' metadata.storagePolicy.

Included in this PS:
  - policy framework implementation
  - policy in code and policy documentation for all
    Deckhand policies
  - modification of functional test script to override
    default admin-only policies with custom policy file
    dynamically created using lax permissions
  - bug fix for filtering out deleted documents (and
    its predecessors in previous revisions) for
    PUT /revisions/{revision_id}/documents
  - policy documentation
  - basic unit tests for policy enforcement framework
  - allow functional tests to be filtered via regex

Due to the size of this PS, functional tests related to
policy enforcement will be done in a follow up.

Change-Id: If418129f9b401091e098c0bd6c7336b8a5cd2359

2017-10-07 18:43:28 +01:00

deckhand

DECKHAND-61: oslo.policy integration

2017-10-07 18:43:28 +01:00

doc

DECKHAND-61: oslo.policy integration

2017-10-07 18:43:28 +01:00

etc/deckhand

DECKHAND-61: oslo.policy integration

2017-10-07 18:43:28 +01:00

releasenotes

DECKHAND-61: oslo.policy integration

2017-10-07 18:43:28 +01:00

tools

DECKHAND-61: oslo.policy integration

2017-10-07 18:43:28 +01:00

.coveragerc

Add Deckhand coverage job

2017-08-15 16:11:35 -04:00

.gitignore

Add Deckhand coverage job

2017-08-15 16:11:35 -04:00

.gitreview

Add gitreview file

2017-08-11 01:22:26 -05:00

.testr.conf

[feat] DECKHAND-28: Document pre-validation logic and API integration

2017-08-08 18:52:44 +01:00

AUTHORS

Initial implementation of buckets

2017-08-24 20:58:26 +01:00

Dockerfile

DeckHand Dockerfile

2017-09-14 16:50:06 +00:00

entrypoint.sh

DeckHand Dockerfile

2017-09-14 16:50:06 +00:00

HACKING.rst

Add sphinx job for auto-generating docs

2017-09-21 16:16:23 +01:00

LICENSE

Initial commit

2017-06-16 08:29:03 -07:00

README.rst

[feat] DECKHAND-28: Document pre-validation logic and API integration

2017-08-08 18:52:44 +01:00

requirements.txt

Support filtering revision (documents) by any legal filter

2017-10-06 16:48:45 -04:00

setup.cfg

DECKHAND-61: oslo.policy integration

2017-10-07 18:43:28 +01:00

setup.py

Oslo config integration (#1 )

2017-06-26 16:57:50 -07:00

test-requirements.txt

Add releasenote management

2017-10-03 20:58:12 +01:00

tox.ini

DECKHAND-61: oslo.policy integration

2017-10-07 18:43:28 +01:00

README.rst

Deckhand

A foundational python REST YAML processing engine providing data and secrets management to other platform services.

To generate a configuration file automatically:

$ tox -e genconfig

Resulting deckhand.conf.sample file is output to :path:etc/deckhand/deckhand.conf.sample

Copy the config file to a directory discoverably by oslo.conf:

$ cp etc/deckhand/deckhand.conf.sample ~/deckhand.conf

To setup an in-memory database for testing:

[database]

#
# From oslo.db
#

# The SQLAlchemy connection string to use to connect to the database.
# (string value)
connection = sqlite:///:memory:

To run locally in a development environment:

$ sudo pip install uwsgi
$ virtualenv -p python3 /var/tmp/deckhand
$ . /var/tmp/deckhand/bin/activate
$ sudo pip install .
$ sudo python setup.py install
$ uwsgi --http :9000 -w deckhand.cmd --callable deckhand_callable --enable-threads -L