d888b3e138
This patchset adds support for globally encrypted secrets. Documents with a "site" layer will be encrypted/decrypted with the standard PEGLEG_PASSPHRASE and PEGLEG_SALT environment variables. If any secrets exist for the site with a schema of "global_passphrase" or "global_salt" their values will be captured and used to decrypt any secrets that do not belong to "site" layer. If the global keys do not exist, Pegleg will default to using site keys. Expected usage: 1. Set site passphrase/salt environment variables 2. Select a global passphrase and salt 3. Use Pegleg's "wrap" command to wrap and encrypt the global keys 4. Encrypt or wrap documents with "global" layer 5. Provide Pegleg path to decrypt In the case of (4) and (5) Pegleg will determine the correct keys to use automatically Change-Id: I5de6d63573619b346fe011628ae21e053e0711f6
103 lines
2.6 KiB
INI
103 lines
2.6 KiB
INI
[tox]
|
|
envlist = py36,py37,pep8,docs,cover
|
|
minversion = 2.3.1
|
|
skipsdist = True
|
|
|
|
[testenv]
|
|
usedevelop = True
|
|
setenv =
|
|
VIRTUAL_ENV={envdir}
|
|
LANGUAGE=en_US
|
|
LC_ALL=en_US.utf-8
|
|
deps =
|
|
-r{toxinidir}/requirements.txt
|
|
-r{toxinidir}/test-requirements.txt
|
|
passenv = http_proxy https_proxy HTTP_PROXY HTTPS_PROXY no_proxy NO_PROXY PBR_VERSION
|
|
whitelist_externals =
|
|
bash
|
|
find
|
|
commands =
|
|
find . -type f -name "*.pyc" -delete
|
|
bash -c "{toxinidir}/tools/install-cfssl.sh"
|
|
{toxinidir}/tools/gate/run-unit-tests.sh '{posargs}'
|
|
|
|
[testenv:fmt]
|
|
basepython = python3
|
|
deps =
|
|
-r{toxinidir}/test-requirements.txt
|
|
commands =
|
|
yapf -ir {toxinidir}/pegleg {toxinidir}/tests
|
|
|
|
[testenv:pep8]
|
|
basepython = python3
|
|
deps =
|
|
-r{toxinidir}/test-requirements.txt
|
|
commands =
|
|
bash -c "{toxinidir}/tools/gate/whitespace-linter.sh"
|
|
bandit -r pegleg -n 5
|
|
safety check -r requirements.txt --bare
|
|
flake8 {toxinidir}/pegleg
|
|
whitelist_externals =
|
|
bash
|
|
|
|
[testenv:docs]
|
|
basepython = python3
|
|
deps =
|
|
-r{toxinidir}/requirements.txt
|
|
-r{toxinidir}/doc/requirements.txt
|
|
commands =
|
|
bash -c "{toxinidir}/tools/gate/build-docs.sh"
|
|
whitelist_externals =
|
|
bash
|
|
|
|
[testenv:bandit]
|
|
basepython = python3
|
|
commands = bandit -r pegleg -n 5
|
|
|
|
[testenv:safety]
|
|
deps =
|
|
safety
|
|
commands =
|
|
safety check -r {toxinidir}/requirements.txt --full-report
|
|
safety check -r {toxinidir}/test-requirements.txt --full-report
|
|
|
|
[testenv:cover]
|
|
basepython = python3
|
|
deps =
|
|
-r{toxinidir}/requirements.txt
|
|
-r{toxinidir}/test-requirements.txt
|
|
commands =
|
|
{toxinidir}/tools/install-cfssl.sh
|
|
bash -c 'PATH=$PATH:~/.local/bin; pytest --cov=pegleg --cov-report \
|
|
html:cover --cov-report xml:cover/coverage.xml --cov-report term \
|
|
--cov-fail-under 87 tests/'
|
|
whitelist_externals =
|
|
bash
|
|
|
|
[testenv:releasenotes]
|
|
basepython = python3
|
|
deps = -r{toxinidir}/doc/requirements.txt
|
|
commands =
|
|
rm -rf releasenotes/build
|
|
sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html
|
|
whitelist_externals =
|
|
rm
|
|
|
|
[testenv:venv]
|
|
commands = {posargs}
|
|
|
|
[flake8]
|
|
filename = *.py
|
|
show-source = true
|
|
# [H106] Don't put vim configuration in source files.
|
|
# [H201] No 'except:' at least use 'except Exception:'
|
|
# [H904] Delay string interpolations at logging calls.
|
|
enable-extensions = H106,H201,H904
|
|
# TODO(lamt) Clean up these docstring violations if possible
|
|
# [H403] multi line docstrings should end on a new line
|
|
# [H404] multi line docstring should start without a leading new line
|
|
# [H405] multi line docstring summary not separated with an empty line
|
|
ignore = H403,H404,H405,W503
|
|
exclude=.venv,.git,.tox,build,dist,*lib/python*,*egg,tools,*.ini,*.po,*.pot
|
|
max-complexity = 24
|