airship/pegleg
Code Issues Proposed changes
2a8d2638b3
pegleg/tox.ini
Felipe Monteiro 2a8d2638b3 pki: Port Promenade's PKI catalog into Pegleg 
This patch set implements the PKICatalog [0] requirements
as well as PeglegManagedDocument [1] generation requirements
outlined in the spec [2].

Included in this patch set:

* New CLI entry point called "pegleg site secrets generate-pki"
* PeglegManagedDocument generation logic in
  engine.cache.managed_document
* Refactored PKICatalog logic in engine.cache.pki_catalog derived
  from the Promenade PKI implementation [3], responsible for
  generating certificates, CAs, and keypairs
* Refactored PKIGenerator logic in engine.cache.pki_generator
  derived from Promenade Generator implementation [4],
  responsible for reading in pegleg/PKICatalog/v1 documents (as
  well as promenade/PKICatalog/v1 documents for backwards
  compatibility) and generating required secrets and storing
  them into the paths specified under [0]
* Unit tests for all of the above [5]
* Example pki-catalog.yaml document under pegleg/site_yamls
* Validation schema for pki-catalog.yaml (TODO: implement
  validation logic here: [6])
* Updates to CLI documentation and inclusion of PKICatalog
  and PeglegManagedDocument documentation
* Documentation updates with PKI information [7]

TODO (in follow-up patch sets):

* Expand on overview documentation to include new Pegleg
  responsibilities
* Allow the original repository (not the copied one) to
  be the destination where the secrets are written to
* Finish up cert expiry/revocation logic

[0] https://airship-specs.readthedocs.io/en/latest/specs/approved/pegleg-secrets.html#document-generation
[1] https://airship-specs.readthedocs.io/en/latest/specs/approved/pegleg-secrets.html#peglegmanageddocument
[2] https://airship-specs.readthedocs.io/en/latest/specs/approved/pegleg-secrets.html
[3] https://github.com/openstack/airship-promenade/blob/master/promenade/pki.py
[4] https://github.com/openstack/airship-promenade/blob/master/promenade/generator.py
[5] https://review.openstack.org/#/c/611739/
[6] https://review.openstack.org/#/c/608159/
[7] https://review.openstack.org/#/c/611738/

Change-Id: I3010d04cac6d22c656d144f0dafeaa5e19a13068
2019-01-15 13:29:21 -06:00

93 lines
2.4 KiB
INI
Raw Blame History

[tox]
envlist = py36,pep8,docs,cover
minversion = 2.3.1
skipsdist = True
[testenv]
usedevelop = True
setenv =
VIRTUAL_ENV={envdir}
LANGUAGE=en_US
LC_ALL=en_US.utf-8
deps =
-r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
passenv = http_proxy https_proxy HTTP_PROXY HTTPS_PROXY no_proxy NO_PROXY PBR_VERSION
whitelist_externals =
find
commands =
find . -type f -name "*.pyc" -delete
{toxinidir}/tools/gate/run-unit-tests.sh '{posargs}'
[testenv:fmt]
basepython = python3
deps =
-r{toxinidir}/test-requirements.txt
commands =
yapf --style=pep8 -ir {toxinidir}/pegleg {toxinidir}/tests
[testenv:pep8]
basepython = python3
deps =
-r{toxinidir}/test-requirements.txt
commands =
bash -c "{toxinidir}/tools/gate/whitespace-linter.sh"
bandit -r pegleg -n 5
flake8 {toxinidir}/pegleg
whitelist_externals =
bash
[testenv:docs]
basepython = python3
deps =
-r{toxinidir}/requirements.txt
-r{toxinidir}/doc/requirements.txt
commands =
bash -c "{toxinidir}/tools/gate/build-docs.sh"
whitelist_externals =
bash
[testenv:bandit]
basepython = python3
commands = bandit -r pegleg -n 5
[testenv:cover]
basepython = python3
deps =
-r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
commands =
{toxinidir}/tools/install-cfssl.sh
bash -c 'PATH=$PATH:~/.local/bin; pytest --cov=pegleg --cov-report \
html:cover --cov-report xml:cover/coverage.xml --cov-report term \
--cov-fail-under 84 tests/'
whitelist_externals =
bash
[testenv:releasenotes]
basepython = python3
deps = -r{toxinidir}/doc/requirements.txt
commands =
rm -rf releasenotes/build
sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html
whitelist_externals =
rm
[testenv:venv]
commands = {posargs}
[flake8]
filename = *.py
show-source = true
# [H106] Don't put vim configuration in source files.
# [H210] Require 'autospec', 'spec', or 'spec_set' in mock.patch/mock.patch.object calls
# [H904] Delay string interpolations at logging calls.
enable-extensions = H106,H201,H904
# TODO(lamt) Clean up these docstring violations if possible
# [H403] multi line docstrings should end on a new line
# [H404] multi line docstring should start without a leading new line
# [H405] multi line docstring summary not separated with an empty line
ignore = H403,H404,H405
exclude=.venv,.git,.tox,build,dist,*lib/python*,*egg,tools,*.ini,*.po,*.pot
max-complexity = 24
View Git Blame Copy Permalink