A configuration management service with support for secrets.

Go to file

Felipe Monteiro 3dc3f4c47b Simplify document wrapper class This PS simplifies the DocumentWrapper class by changing the way it is designed. The purpose of the class was to make it easier to retrieve nested dictionary attributes from a document. The class previously inherited from `object` meaning that the object could not directly be treated as a dictionary, complicating usage of the class. With this change, the class now inherits from a `dict` meaning that it can be manipulated the same way a dictionary can, while still able to return nested dictionary attributes without having to worry about exceptions getting thrown. Each property implemented by `DocumentWrapper` uses jsonpath_parse implements in `deckhand.utils` to retrieve nested attributes or else self.get() to retrieve first-level dictionary attributes. Change-Id: I1d73a79aa4c3117be31aab978c20258c1052ad6d		2018-01-19 20:47:56 +00:00
charts/deckhand	Update Deckhand image: logging configuration values.	2018-01-12 19:51:10 -05:00
deckhand	Simplify document wrapper class	2018-01-19 20:47:56 +00:00
doc	Move DB calls out of engine module into controllers	2018-01-18 14:59:43 -05:00
etc/deckhand	Rename Deckhand bucket endpoint to buckets for consistency	2017-10-27 19:21:03 +01:00
releasenotes	Only allow one LayeringPolicy to exist in the system.	2017-10-26 17:38:24 -04:00
tools	Merge "Improve document validation module."	2018-01-19 13:04:06 -05:00
.coveragerc	Add Deckhand coverage job	2017-08-15 16:11:35 -04:00
.gitignore	Deckhand Negative RBAC test scenarios	2017-10-31 17:37:39 +00:00
.gitreview	Add gitreview file	2017-08-11 01:22:26 -05:00
.testr.conf	[feat] DECKHAND-28: Document pre-validation logic and API integration	2017-08-08 18:52:44 +01:00
AUTHORS	[docs] Document schemas used for document validation	2017-11-30 16:36:27 -04:00
Dockerfile	DeckHand Dockerfile	2017-09-14 16:50:06 +00:00
entrypoint.sh	Update entrypoint.sh	2018-01-05 18:19:08 +00:00
HACKING.rst	Add sphinx job for auto-generating docs	2017-09-21 16:16:23 +01:00
LICENSE	Initial commit	2017-06-16 08:29:03 -07:00
Makefile	Fix initial 'make charts' failure	2017-11-09 16:23:32 -07:00
README.rst	Docs: Include a high-level overview of Deckhand functionality	2018-01-14 22:40:41 -05:00
requirements.txt	DECKHAND-87: Deckhand API client library	2017-12-13 20:56:23 +00:00
setup.cfg	Integrate Deckhand with keystone auth	2017-10-16 19:54:46 +01:00
setup.py	Oslo config integration (#1 )	2017-06-26 16:57:50 -07:00
test-requirements.txt	Revert fix pifpaf run postgresql failing	2018-01-12 11:57:44 -04:00
tox.ini	Fix pifpaf not returning error code upon test failure	2018-01-15 17:01:34 -05:00
uwsgi.ini	Add health resource for ucp-integration API convention	2017-10-23 17:34:03 +01:00

README.rst

Deckhand

Deckhand is a storage service for YAML-based configuration documents, which are managed through version control and automatically validated. Deckhand provides users with a variety of different document types that describe complex configurations using the features listed below.

Core Responsibilities

layering - helps reduce duplication in configuration while maintaining auditability across many sites
substitution - provides separation between secret data and other configuration data, while allowing a simple interface for clients
revision history - improves auditability and enables services to provide functional validation of a well-defined collection of documents that are meant to operate together
validation - allows services to implement and register different kinds of validations and report errors

Getting Started

To generate a configuration file automatically:

$ tox -e genconfig

Resulting deckhand.conf.sample file is output to :path:etc/deckhand/deckhand.conf.sample

Copy the config file to a directory discoverably by oslo.conf:

$ cp etc/deckhand/deckhand.conf.sample ~/deckhand.conf

To setup an in-memory database for testing:

[database]

#
# From oslo.db
#

# The SQLAlchemy connection string to use to connect to the database.
# (string value)
connection = sqlite:///:memory:

To run locally in a development environment:

$ sudo pip install uwsgi
$ virtualenv -p python3 /var/tmp/deckhand
$ . /var/tmp/deckhand/bin/activate
$ sudo pip install .
$ sudo python setup.py install
$ uwsgi --ini uwsgi.ini

Testing

Automated Testing

To run unit tests using sqlite, execute:

$ tox -epy27
$ tox -epy35

against a py27- or py35-backed environment, respectively. To run individual unit tests, run:

$ tox -e py27 -- deckhand.tests.unit.db.test_revisions

for example.

To run unit tests using postgresql, postgresql must be installed in your environment. Then execute:

$ tox -epy27-postgresql
$ tox -epy35-postgresql

To run functional tests:

$ tox -e functional

You can also run a subset of tests via a regex:

$ tox -e functional -- gabbi.suitemaker.test_gabbi_document-crud-success-multi-bucket

Intgration Points

Deckhand has the following integration points:

Keystone (OpenStack Identity service) provides authentication and support for role based authorization.

PostgreSQL is used to persist information to correlate workflows with users and history of workflow commands.

Note

Currently, other database backends are not supported.

Though, being a low-level service, has many other UCP services that integrate with it, including:

Drydock is orchestrated by Shipyard to perform bare metal node provisioning.

Promenade is indirectly orchestrated by Shipyard to configure and join Kubernetes nodes.

Armada is orchestrated by Shipyard to deploy and test Kubernetes workloads.