e4ff07c793
This patchset aims to address least privileged concerns, namely that Pegleg's current behavior is to require decryption of all site documents prior to rendering. Failure to do so leads to a duplicate document error. Operators of Pegleg may not have a valid reason to access secrets that are not being modified during their current workflow, their work may be limited to non-secrets but need to test their changes by rendering the site manifests. To enable this, the get_rendered_documents function has been updated such that if a document is encrypted, the secret value will be converted to a string to pass schema validation, and then used for rendering. This will allow operators of Pegleg to render documents without decrypting secrets. Instead the encrypted string value of the secret will be used. Change-Id: I8656b5496e2225e6eb59727c4f79326a1406147c
Pegleg
Introduction
Pegleg is a document aggregator that provides early linting and validations via Deckhand, a document management micro-service within Airship.
Pegleg supports local and remote Git repositories. Remote repositories can be cloned using a variety of protocols -- HTTP(S) or SSH. Afterward, specific revisions within those repositories can be checked out, their documents aggregated, linted, and passed to the rest of Airship for orchestration, allowing document authors to manage their site definitions using version control.
Find more documentation for Pegleg on Read the Docs.
Core Responsibilities
- aggregation - Aggregates all documents required for site deployment across multiple Git repositories, each of which can be used to maintain separate document sets in isolation
- linting - Configurable linting checks documents for common syntactical and semantical mistakes
Getting Started
For more detailed installation and setup information, please refer to the Getting Started guide.
Integration Points
Pegleg has the following integration points: