b22fa5d2f3
The framework for being able to do RBAC unit testing
in Deckhand was added here:
#I86f269a5b616b518e5f742a4005891412226fe2a
https://review.gerrithub.io/#/c/381205/
This PS expands on that foundation by implementing
negative RBAC tests for the remainder of the Deckhand
APIs. Negative testing means attempting to call APIs
with insufficient permissions and expecting 403s or
empty response bodies, depending on whether the
policy enforcement is critical or conditionally
applied.
Also fixes a minor bug related to returning a deleted
document for the endpoint PUT /api/v1.0/bucket/{bucket_name}/documents
Change-Id: I7ae50f300c1c877c3c162a032611a380f8948065
Deckhand
Deckhand is a document-based configuration storage service built with auditability and validation in mind.
Core Responsibilities
- layering - helps reduce duplication in configuration while maintaining auditability across many sites
- substitution - provides separation between secret data and other configuration data, while allowing a simple interface for clients
- revision history - improves auditability and enables services to provide functional validation of a well-defined collection of documents that are meant to operate together
- validation - allows services to implement and register different kinds of validations and report errors
Getting Started
To generate a configuration file automatically:
$ tox -e genconfigResulting deckhand.conf.sample file is output to :path:etc/deckhand/deckhand.conf.sample
Copy the config file to a directory discoverably by
oslo.conf:
$ cp etc/deckhand/deckhand.conf.sample ~/deckhand.confTo setup an in-memory database for testing:
[database]
#
# From oslo.db
#
# The SQLAlchemy connection string to use to connect to the database.
# (string value)
connection = sqlite:///:memory:To run locally in a development environment:
$ sudo pip install uwsgi
$ virtualenv -p python3 /var/tmp/deckhand
$ . /var/tmp/deckhand/bin/activate
$ sudo pip install .
$ sudo python setup.py install
$ uwsgi --ini uwsgi.iniTesting
Automated Testing
To run unit tests using sqlite, execute:
$ tox -epy27
$ tox -epy35against a py27- or py35-backed environment, respectively. To run individual unit tests, run:
$ tox -e py27 -- deckhand.tests.unit.db.test_revisionsfor example.
To run unit tests using postgresql, postgresql must be installed in your environment. Then execute:
$ tox -epy27-postgresql
$ tox -epy35-postgresqlTo run functional tests:
$ tox -e functionalYou can also run a subset of tests via a regex:
$ tox -e functional -- gabbi.suitemaker.test_gabbi_document-crud-success-multi-bucketIntgration Points
Deckhand has the following integration points:
- Keystone (OpenStack Identity service) provides authentication and support for role based authorization.
- PostgreSQL is used to persist information to correlate workflows with users and history of workflow commands.
Though, being a low-level service, has many other UCP services that integrate with it, including: