18 Commits

Author SHA1 Message Date
Zuul
177486d8e6 Merge "zuul: Remove redundant airship-pegleg-tox-py36 job." 2019-05-08 18:58:35 +00:00
Felipe Monteiro
ba338e78a7 zuul: Add python37 job
This allows Pegleg unit tests to be run against py37 interpreter
as py37 is the latest version of Python supported under OpenStack
and eventually most projects, including Pegleg, will likely use
it as its default interpreter.

Change-Id: I6bfe5b10a73b29edaed0a58e563c14aefb5dc043
2019-04-04 04:10:20 +00:00
Felipe Monteiro
6c1b6e65b8 zuul: Remove redundant airship-pegleg-tox-py36 job.
The openstack-python36-jobs template already exists; thus there
is no need for airship-pegleg-tox-py36. Since airship-pegleg-tox-py36
installs cfssl as a prerequisite for unit tests, move the install-cfssl.sh
command to tox.ini prior to unit test execution, allowing for the
airship-pegleg-tox-py36 Zuul job and its associated playbook to be
removed.

Change-Id: I66de957a1a57ef246476c1a81954cd0f822cb8be
2019-03-26 20:38:14 +00:00
Felipe Monteiro
2a8d2638b3 pki: Port Promenade's PKI catalog into Pegleg
This patch set implements the PKICatalog [0] requirements
as well as PeglegManagedDocument [1] generation requirements
outlined in the spec [2].

Included in this patch set:

* New CLI entry point called "pegleg site secrets generate-pki"
* PeglegManagedDocument generation logic in
  engine.cache.managed_document
* Refactored PKICatalog logic in engine.cache.pki_catalog derived
  from the Promenade PKI implementation [3], responsible for
  generating certificates, CAs, and keypairs
* Refactored PKIGenerator logic in engine.cache.pki_generator
  derived from Promenade Generator implementation [4],
  responsible for reading in pegleg/PKICatalog/v1 documents (as
  well as promenade/PKICatalog/v1 documents for backwards
  compatibility) and generating required secrets and storing
  them into the paths specified under [0]
* Unit tests for all of the above [5]
* Example pki-catalog.yaml document under pegleg/site_yamls
* Validation schema for pki-catalog.yaml (TODO: implement
  validation logic here: [6])
* Updates to CLI documentation and inclusion of PKICatalog
  and PeglegManagedDocument documentation
* Documentation updates with PKI information [7]

TODO (in follow-up patch sets):

* Expand on overview documentation to include new Pegleg
  responsibilities
* Allow the original repository (not the copied one) to
  be the destination where the secrets are written to
* Finish up cert expiry/revocation logic

[0] https://airship-specs.readthedocs.io/en/latest/specs/approved/pegleg-secrets.html#document-generation
[1] https://airship-specs.readthedocs.io/en/latest/specs/approved/pegleg-secrets.html#peglegmanageddocument
[2] https://airship-specs.readthedocs.io/en/latest/specs/approved/pegleg-secrets.html
[3] https://github.com/openstack/airship-promenade/blob/master/promenade/pki.py
[4] https://github.com/openstack/airship-promenade/blob/master/promenade/generator.py
[5] https://review.openstack.org/#/c/611739/
[6] https://review.openstack.org/#/c/608159/
[7] https://review.openstack.org/#/c/611738/

Change-Id: I3010d04cac6d22c656d144f0dafeaa5e19a13068
2019-01-15 13:29:21 -06:00
Tin Lam
dc1d36ba1b Add releasenotes
This patch set adds releasenotes (reno) to the airship-pegleg repository.

Change-Id: I1ed98460f40eb851ca53f8a5b68ab17f8272a2e2
Signed-off-by: Tin Lam <tin@irrational.io>
2018-11-28 02:48:40 -06:00
Tin Lam
152b42bc3b Consolidate linter jobs
Consolidating all the linting to a single job rather than having a one-off
just to lint for trailing whitespaces. As most of this projects are python,
this should already be covered by PEP8, but will be scanning for yamls with
trailing whitespaces.

Change-Id: Iee33a69ff234d21c08217faa33a19e11dfef0ad9
Signed-off-by: Tin Lam <tin@irrational.io>
2018-11-12 02:30:20 -06:00
Tin Lam
253b15cc33 Remove py35 support
As the default Docker image support for Pegleg is using py36 as a base
image, this patch set simply removes the support for py35. This allows
us to use py36 features such as secrets and f-strings without needing to
cope with backward compatibility.

Change-Id: Ic156ca67d2a0fe6fdc74c2c9da253a1cb8a3f456
Signed-off-by: Tin Lam <tin@irrational.io>
2018-11-07 13:04:34 -06:00
Tin Lam
178c058474 Add coverage job
This patch set adds in a python coverage job for pegleg using pytest.

Change-Id: Ice0332cc454f488e0372d5ab03e8b0a37db9efd1
Signed-off-by: Tin Lam <tin@irrational.io>
2018-11-06 20:59:01 -06:00
Felipe Monteiro
17b4d6e563 Switch to openstack-python35-jobs template for py35 CI gate
This patch set switches to openstack-python35-jobs for the py35
CI gate.

Change-Id: I12239086984a387dde33e5fdc451a9c51deec953
2018-10-02 22:32:47 +00:00
Felipe Monteiro
893ea9f4bb Standardize Pegleg directory structure
This patch set standardizes the Pegleg directory
structure because of the following reasons:

1) src/bin/pegleg is not necessary and only makes
building (e.g. documentation building) and running
of tox targets unnecessarily difficult.
2) src/bin/pegleg is a Java-like standard that
bears no relevance to Python.

Change-Id: I37d39d3d6186b92f8fbfe234221c9e44da48cf10
2018-09-23 10:33:40 -04:00
Zuul
549950291f Merge "add python 3.6 unit test job" 2018-09-21 14:08:55 +00:00
Felipe Monteiro
ab717d8c2f add python 3.6 unit test job
This is a mechanically generated patch to add a unit test job running
under Python 3.6 as part of the python3-first goal.

See the python3-first goal document for details:
https://governance.openstack.org/tc/goals/stein/python3-first.html

Change-Id: Ie2187958a3090e05902c51d1aa5d9acacf508c2c
Story: #2002586
2018-08-23 23:51:04 +01:00
Felipe Monteiro
5638a6e3bb trivial: Rename docs/ => doc/ in .zuul.yaml
This renames docs/ => doc/ in .zuul.yaml ignore-files
stanza as Pegleg documentation directory was renamed to doc/

Change-Id: Ice37901d3a4fbb1f5978a847a83320873a451e82
2018-08-23 23:26:35 +01:00
Gage Hugo
ad7e855cf8 Consolidate pep8/bandit zuul gating
This change adds the global zuul pep8 tox job, which runs both
bandit and pep8 using tox. This also removes the two other airship
specific lint-pep8 and bandit zuul jobs since they are both covered
by the default openstack global one.

Also cleaned up the tox.ini by moving the requirements into the
test-requirements.txt file.

Change-Id: Iab37a8090515936732e390b1f7c6d281e014e31c
2018-08-21 20:55:39 +00:00
Scott Hussey
f7b7946e4b (zuul) Docker image jobs
- Add check/gate jobs for image building
- Add post job for image building and publish to quay.io

Change-Id: Ia7c1f67ec4a5ae11e1fad489259f8418bac0a644
2018-06-08 08:54:34 -05:00
Felipe Monteiro
3487046ef4 Add irrelevant-files to all appropriate .zuul.yaml jobs
This patchset either expands on existing entries in irrelevant-files
or adds irrelevant-files to various jobs to save on resources
in Zuul.

Change-Id: I6a3c052c3982a70160a6bee9a07975201eee1f0a
2018-06-05 13:13:16 -04:00
Scott Hussey
4ad86e0728 Basic zuul gates
- Pep8, bandit and unit tests
- Document build (no publish)

Change-Id: I2ca67e69f80aff63576bebd14da412e2f138f54a
2018-05-31 13:10:41 -05:00
Felipe Monteiro
bfac6ada6c Zuul: Initial Airship-Pegleg checks
This PS adds the skeleton for a set of zuul checks and gates for
Airship, using the framework from OpenStack-Helm.

Change-Id: I4cc071d0076e265e5c34f15616ccf40c0b3a83a8
2018-05-17 22:09:35 +00:00