Setup Security Specs Repo

Contains the basic minimal setup for creating a spec

Change-Id: Ia22486f3f07420aad0925bfac1009f99386820ca
Closes-Bug: #1469248

.gitignore

@@ -0,0 +1,18 @@
+.DS_Store
+
+AUTHORS
+ChangeLog
+build
+.tox
+.venv
+*.egg*
+*.swp
+*.swo
+*.pyc
+.testrepository
+
+# Editors
+*~
+.*.swp
+.bak
+/.project

LICENSE

@@ -0,0 +1,3 @@
+This work is licensed under a Creative Commons Attribution 3.0 Unported License.
+
+http://creativecommons.org/licenses/by/3.0/legalcode

README.rst

@@ -0,0 +1,51 @@
+======================================
+OpenStack Security Specifications
+======================================
+
+This git repository is used to hold approved design specifications for
+additions to the OpenStack Security Projects. Reviews of the specs
+are done in gerrit, using a similar workflow to how we review and
+merge changes to the security projects and supporting tools.
+
+The layout of this repository is::
+
+  specs/<release>/
+
+You can find an example spec in `doc/source/specs/template.rst`.
+Fill it in with the details of a new blueprint for documentation.
+
+For security projects, blueprints are required for larger, coordinated projects
+but not for small fixes. It's a judgement call for whether you need a
+spec, so feel free to ask in the
+#openstack-security IRC channel or on the openstack-security mailing list.
+
+To propose a specification for a release-specific project, add a new file to
+the `specs/<release>` directory and post it for review.  The implementation
+status of a blueprint for a given release can be found by looking at the
+blueprint in Launchpad (and the spec links to Launchpad).
+
+Please realize that not all approved blueprints will get fully implemented.
+
+Security blueprints are being introduced with the Liberty development cycle
+using this repository.
+
+Please note, Launchpad blueprints are still used for tracking the
+current status of blueprints. For more information, see
+https://wiki.openstack.org/wiki/Blueprints.
+
+For more information about working with gerrit, see
+http://docs.openstack.org/infra/manual/developers.html#development-workflow.
+
+To validate that the specification is syntactically correct (i.e. get more
+confidence in the Jenkins result), please execute the following command::
+
+  $ tox
+
+After running ``tox``, the documentation will be available for viewing in HTML
+format in the ``doc/build/`` directory. Please do not check in the generated
+HTML files as a part of your commit.
+
+The files are published at http://specs.openstack.org/openstack/security-specs.
+
+The git repository is located at
+http://git.openstack.org/cgit/openstack/security-specs/.

doc/source/conf.py

@@ -0,0 +1,93 @@
+# -*- coding: utf-8 -*-
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import datetime
+import os
+import sys
+
+sys.path.insert(0, os.path.abspath('../..'))
+# -- General configuration ----------------------------------------------------
+
+# Add any Sphinx extension module names here, as strings. They can be
+# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
+extensions = [
+    'sphinx.ext.autodoc',
+    #'sphinx.ext.intersphinx',
+    'oslosphinx',
+    'yasfb',
+]
+
+# Feed configuration for yasfb
+feed_base_url = 'http://specs.openstack.org/openstack/security-specs'
+feed_author = 'OpenStack Development Team'
+
+exclude_patterns = [
+    'template.rst',
+]
+
+# Optionally allow the use of sphinxcontrib.spelling to verify the
+# spelling of the documents.
+try:
+    import sphinxcontrib.spelling
+    extensions.append('sphinxcontrib.spelling')
+except ImportError:
+    pass
+
+# autodoc generation is a bit aggressive and a nuisance when doing heavy
+# text edit cycles.
+# execute "export SPHINX_DEBUG=1" in your terminal to disable
+
+# The suffix of source filenames.
+source_suffix = '.rst'
+
+# The master toctree document.
+master_doc = 'index'
+
+# General information about the project.
+project = u'security-specs'
+copyright = u'%s, OpenStack Foundation' % datetime.date.today().year
+
+# If true, '()' will be appended to :func: etc. cross-reference text.
+add_function_parentheses = True
+
+# If true, the current module name will be prepended to all description
+# unit titles (such as .. function::).
+add_module_names = True
+
+# The name of the Pygments (syntax highlighting) style to use.
+pygments_style = 'sphinx'
+
+# -- Options for HTML output --------------------------------------------------
+
+# The theme to use for HTML and HTML Help pages.  Major themes that come with
+# Sphinx are currently 'default' and 'sphinxdoc'.
+# html_theme_path = ["."]
+# html_theme = '_theme'
+# html_static_path = ['static']
+
+# Output file base name for HTML help builder.
+htmlhelp_basename = '%sdoc' % project
+
+# Grouping the document tree into LaTeX files. List of tuples
+# (source start file, target name, title, author, documentclass
+# [howto/manual]).
+latex_documents = [
+    ('index',
+     '%s.tex' % project,
+     u'%s Documentation' % project,
+     u'OpenStack Foundation', 'manual'),
+]
+
+# Example configuration for intersphinx: refer to the Python standard library.
+#intersphinx_mapping = {'http://docs.python.org/': None}

doc/source/contributing.rst

@@ -0,0 +1,26 @@
+=============================================
+Contributing to: security-specs
+=============================================
+
+If you would like to contribute to the development of OpenStack,
+you must follow the steps in this page:
+
+   http://docs.openstack.org/infra/manual/developers.html
+
+Once those steps have been completed, changes to OpenStack
+should be submitted for review via the Gerrit tool, following
+the workflow documented at:
+
+   http://docs.openstack.org/infra/manual/developers.html#development-workflow
+
+Pull requests submitted through GitHub will be ignored.
+
+Bugs should be filed on Launchpad, not GitHub.
+
+   For OpenStack Security Guide and OpenStack Security Notes:
+
+       https://bugs.launchpad.net/openstack-manuals
+
+   For Bandit:
+
+       https://bugs.launchpad.net/bandit

doc/source/index.rst

@@ -0,0 +1,35 @@
+.. security-specs documentation master file, created by
+   sphinx-quickstart on Tue Jul  9 22:26:36 2013.
+   You can adapt this file completely to your liking, but it should at least
+   contain the root `toctree` directive.
+
+Security Design Specifications
+==================================================
+
+This repository contains specifications and policies that apply to OpenStack
+Security Projects. These projects include OpenStack Security Guide, OpenStack
+Security Notes, and Bandit.
+
+.. toctree::
+   :glob:
+   :maxdepth: 1
+
+
+Repository Information
+===================================================
+
+.. toctree::
+   :maxdepth: 1
+
+   README <readme>
+   Specification Template <specs/template>
+   contributing
+
+
+Indices and tables
+==================
+
+* :ref:`genindex`
+* :ref:`modindex`
+* :ref:`search`
+

doc/source/readme.rst

@@ -0,0 +1 @@
+.. include:: ../../README.rst

doc/source/specs

@@ -0,0 +1 @@
+../../specs

requirements.txt

@@ -0,0 +1,7 @@
+pbr>=0.6,!=0.7,<1.0
+doc8  # Apache-2.0
+oslosphinx>=2.5.0  # Apache-2.0
+sphinx>=1.1.2,!=1.2.0,!=1.3b1,<1.3
+testrepository>=0.0.18
+testtools>=0.9.36,!=1.2.0
+yasfb>=0.5.1

setup.cfg

@@ -0,0 +1,24 @@
+[metadata]
+name = security-specs
+summary = OpenStack Security Specifications
+description-file =
+    README.rst
+author = OpenStack
+author-email = openstack-dev@lists.openstack.org
+home-page = http://www.openstack.org/
+classifier =
+    Environment :: OpenStack
+    Intended Audience :: Developers
+    License :: OSI Approved :: Apache Software License
+    Operating System :: POSIX :: Linux
+
+[build_sphinx]
+source-dir = doc/source
+build-dir = doc/build
+all_files = 1
+
+[pbr]
+warnerrors = True
+
+[upload_sphinx]
+upload-dir = doc/build/html

setup.py

@@ -0,0 +1,22 @@
+#!/usr/bin/env python
+# Copyright (c) 2013 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# THIS FILE IS MANAGED BY THE GLOBAL REQUIREMENTS REPO - DO NOT EDIT
+import setuptools
+
+setuptools.setup(
+    setup_requires=['pbr'],
+    pbr=True)

specs/template.rst

@@ -0,0 +1,110 @@
+..
+
+This work is licensed under a Creative Commons Attribution 3.0 Unported
+License.
+http://creativecommons.org/licenses/by/3.0/legalcode
+
+..
+  This template should be in ReSTructured text. The filename in the git
+  repository should match the launchpad URL, for example a URL of
+  https://blueprints.launchpad.net/openstack-manuals/+spec/awesome-thing should
+  be named awesome-thing.rst .  Please do not delete any of the sections in
+  this template.  If you have nothing to say for a whole section, just write:
+  None For help with syntax, see http://sphinx-doc.org/rest.html
+  To test out your formatting, see http://www.tele3.cz/jbar/rest/rest.html
+
+=============================
+ The title of your blueprint
+=============================
+
+Include the URL of your launchpad blueprint:
+
+https://blueprints.launchpad.net/openstack-manuals/+spec/example
+
+Or
+
+https://blueprints.launchpad.net/bandit/+spec/example
+
+Introduction paragraph -- why are we doing anything?
+
+Problem description
+===================
+
+A detailed description of the problem.
+
+Proposed change
+===============
+
+Here is where you cover the change you propose to make in detail. How do you
+propose to solve this problem?
+
+If this is one part of a larger effort make it clear where this piece ends. In
+other words, what's the scope of this effort?
+
+Include which OpenStack security project this will apply to (OpenStack Security
+Guide, OpenStack Security Notes, Bandit, etc). Also include where in the
+OpenStack security project tree hierarchy this will reside.
+
+Alternatives
+------------
+
+This is an optional section, where it does apply we'd just like a demonstration
+that some thought has been put into why the proposed approach is the best one.
+
+Implementation
+==============
+
+Assignee(s)
+-----------
+
+Who is leading the writing of the code? Or is this a blueprint where you're
+throwing it out there to see who picks it up?
+
+If more than one person is working on the implementation, please designate the
+primary author and contact.
+
+Primary assignee:
+  <launchpad-id or None>
+
+Can optionally can list additional ids if they intend on doing
+substantial implementation work on this blueprint.
+
+Milestones
+----------
+
+Target Milestone for completion:
+  Liberty-1
+
+Work Items
+----------
+
+Work items or tasks -- break the feature up into the things that need to be
+done to implement it. Those parts might end up being done by different people,
+but we're mostly trying to understand the timeline for implementation.
+
+
+Dependencies
+============
+
+- Include specific references to specs and/or blueprints in openstack-manuals,
+  or in other projects, that this one either depends on or is related to.
+
+- Does this feature require any new library dependencies or code otherwise not
+  included in OpenStack? Or does it depend on a specific version of library?
+
+References
+==========
+
+Please add any useful references here. You are not required to have any
+reference. Moreover, this specification should still make sense when your
+references are unavailable. Examples of what you could include are:
+
+* Links to mailing list or IRC discussions
+
+* Links to notes from a summit session
+
+* Links to relevant research, if appropriate
+
+* Related specifications as appropriate
+
+* Anything else you feel it is worthwhile to refer to

tox.ini

@@ -0,0 +1,22 @@
+[tox]
+minversion = 1.6
+envlist = docs,py27
+skipsdist = True
+
+[testenv]
+usedevelop = True
+setenv = VIRTUAL_ENV={envdir}
+install_command = pip install -U {opts} {packages}
+deps = -r{toxinidir}/requirements.txt
+# The gate jobs run build_sphinx without using tox (thus ignore the
+# docs target) and also call "tox -e py27", thus add doc8 here as
+# default job.
+commands = doc8 -e .rst specs/ doc/ README.rst
+
+[testenv:venv]
+commands = {posargs}
+
+[testenv:docs]
+commands =
+  doc8 -e .rst specs/ doc/ README.rst
+  python setup.py build_sphinx