Unwrap managed documents during the linting process before passing
them to deckhand, to avoid namespace collisions.
Change-Id: I0467560154c737dc664a126241cd56257091125d
Fix an error where secrets in global directories are erroneously
flagged for being outside a secrets directory. Now, any file
that is a child of a directory called secrets should be handled
correctly.
Change-Id: I827aa75110d761601dc65df64e1accf1b1a54544
Per [0], fernet decrypt can never throw an InvalidSignature exception as that
is re-raised as InvalidToken. This patch set corrects the handling of the
exception, and added additional unit tests for coverage.
[0] https://cryptography.io/en/latest/fernet/#cryptography.fernet.Fernet.decrypt
Co-Authored-By: Drew Walters <drewwalters96@gmail.com>
Change-Id: Ic5ee7ef451a5657519c5397fc4b903b5adcb1d18
Signed-off-by: Tin Lam <tin@irrational.io>
Documentation previously did not clearly indicate behavior of invalid lengths
Lengths less than 24 default to 24.
Change-Id: I490ac840f4ed215e6bbbc6cc823eb958076c411c
Salts and Passphrases are both strings used in cryptography. This patch:
1. Adds CLI generation of salt
2. Adds unit test for CLI generation of salt
3. Updates passphrase.py code to be more generic as it is used to generate
both a passphrase and a salt
4. Update name of passphrase.py to be more generic
5. Update all references to, and tests of passphrase.py
6. Add documentation for CLI generation of salt
Co-Authored-By: chittibabu <cg329x@att.com>
Change-Id: I71858d63a2846290d22be96686ccfea3ba8aa6c0
Metadata schema for managed documents should now be metadata/Document/v1,
not deckhand/Document/v1.
Change-Id: Id500fc7d5b68a4c296848c07a9644f375e949289
1. Add support to pegleg to generate a passphrase from CLI
2. Update unit test to ensure encryption/decryption supports passphrase rotation
3. Update order of import statements to satisfy pep8
4. Add unit test for CLI passphrase generation
5. Resolve merge conflicts via rebase
Change-Id: I5cb9e41b2f0fac2451bd2b74f33c48cda417c22d
This is patch set adds in a trivial fix for a mismatch between a comment
and the actual hacking rule that is being enabled.
Change-Id: I7b1b6146f0cc0222d050e9aabd42a965af63730f
Signed-off-by: Tin Lam <tin@irrational.io>
1. Adds the passphrases generation capability in Pegleg CLI,
so that pegleg can generation random passwords based on a
specification declared in pegleg/PassphrasesCatalog documents
2. Pegleg also wraps the generated passphrase documents in
pegleg managed documents, and encrypts the data.
3. Adds unit test cases for passphrase generation.
4. Updates pegleg CLI document.
Change-Id: I21d7668788cc24a8e0cc9cb0fb11df97600d0090
This patch set expands on the unit test coverage for lint checks
in test_selectable_linting which only covers a small subset of
the lint checks handled by Pegleg. This logic should be properly
tested as linting is fundamental to Pegleg functionality.
Change-Id: I6a59295982abd22bba8036827cefd4186b68e2fb
This patch set adds hacking rule to pegleg and fixes outstanding non-
docstring related violations.
Change-Id: I5bb5e78c211f24cf95669124bfcf9603bea8bf15
Signed-off-by: Tin Lam <tin@irrational.io>
This patch set adds releasenotes (reno) to the airship-pegleg repository.
Change-Id: I1ed98460f40eb851ca53f8a5b68ab17f8272a2e2
Signed-off-by: Tin Lam <tin@irrational.io>
This PS enables Pegleg to upload documents directly to Shipyard
thus ensuring that unencrypted data never gets stored in disk.
The flow for this new CLI command is as follows:
- Collect documents as per the provided site repository
- Decrypt the collected documets(TODO)
- Upload document to Shipyard:
- one collection per repository will be uploaded to Shipyard
Eg-
pegleg site -r /opt/aic-clcp-site-manifests \
-e global=/opt/aic-clcp-manifests upload <site-name>
Two collections will be created in shipyard since there are two
repositories provided. The name of the collections will be the
name of repositories provided.
- Commit the documents in shipyard buffer.
Change-Id: I6275252b044ebb82d8bb2009c0bea6ebf7033bce
This adds Pegleg's lint codes to the operator documentation
to obviously assist operators with figuring out failing Pegleg
lint checks.
Change-Id: I6742af48c563f6dd4b4f1d363b678cdcd000347e
This removes all PEP8 ignores and places in default settings for flake8.
Change-Id: I3c4df02dea959dfe58f44e7c0e0ac58078a81abc
Signed-off-by: Tin Lam <tin@irrational.io>
This patch set cleans up the current implementation of pegleg. As
all the git exceptions inconsistently inits or override the message.
This also cleans up a handful of incorrect kwarg keywords, and improve
handling of the exception messages.
Change-Id: I438eb032728c71cbf972c2120a76d06106cb1580
Signed-off-by: Tin Lam <tin@irrational.io>
Consolidating all the linting to a single job rather than having a one-off
just to lint for trailing whitespaces. As most of this projects are python,
this should already be covered by PEP8, but will be scanning for yamls with
trailing whitespaces.
Change-Id: Iee33a69ff234d21c08217faa33a19e11dfef0ad9
Signed-off-by: Tin Lam <tin@irrational.io>
This patch set sanitizes and changes the default proxy URLs.
Change-Id: Ibaeb501b59eeea8427fa812078236cfc4fe39623
Signed-off-by: Tin Lam <tin@irrational.io>
This patch set changes Pegleg in two similar ways:
1) Ignore certain types of files altogether:
- those located in hidden folders
- those prefixed with "." (files like .zuul.yaml)
2) Only read Deckhand-formatted documents for lint/collect/etc.
commands as Pegleg need not consider other types of documents
(it separately reads the site-definition.yaml for internal
processing still).
The tools/ subfolder is also ignored as it can contain
.yaml files which are not Deckhand-formatted documents,
so need not be processed by pegleg.engine.
Change-Id: I8996b5d430cf893122af648ef8e5805b36c1bfd9
As the default Docker image support for Pegleg is using py36 as a base
image, this patch set simply removes the support for py35. This allows
us to use py36 features such as secrets and f-strings without needing to
cope with backward compatibility.
Change-Id: Ic156ca67d2a0fe6fdc74c2c9da253a1cb8a3f456
Signed-off-by: Tin Lam <tin@irrational.io>
This patch set adds in a python coverage job for pegleg using pytest.
Change-Id: Ice0332cc454f488e0372d5ab03e8b0a37db9efd1
Signed-off-by: Tin Lam <tin@irrational.io>
1. Added the method to decrypt a secret file and return its contents
as a list of documents (instead of printing out the file content).
2. Added clarifications for a encrypt and decrypt commands.
Change-Id: I77bce21be214c880c8413f5e6a2d0c2d1993fc8e
It looks like there's a missing % in pegleg/engine/util/definition.py, where
pluck creates its ClickException. This adds it in.
Change-Id: I26c12423af11f7d02944a077f762bcdd1e03be41
Update the .gitignore to be more comprehensive and that it is more
inline with airship-deckhand's .gitignore.
Change-Id: I0f2860034d060461a441be65feea274ef1fef30a
Signed-off-by: Tin Lam <tin@irrational.io>