From 611bad878bbcdd91e04dca4e075475ad5f704da2 Mon Sep 17 00:00:00 2001 From: priti_desai1 Date: Wed, 1 Jul 2015 13:51:36 -0700 Subject: [PATCH] Setup Security Specs Repo Contains the basic minimal setup for creating a spec Change-Id: Ia22486f3f07420aad0925bfac1009f99386820ca Closes-Bug: #1469248 --- .gitignore | 18 ++++++ LICENSE | 3 + README.rst | 51 +++++++++++++++++ doc/source/conf.py | 93 ++++++++++++++++++++++++++++++ doc/source/contributing.rst | 26 +++++++++ doc/source/index.rst | 35 ++++++++++++ doc/source/readme.rst | 1 + doc/source/specs | 1 + requirements.txt | 7 +++ setup.cfg | 24 ++++++++ setup.py | 22 ++++++++ specs/.gitignore | 0 specs/template.rst | 110 ++++++++++++++++++++++++++++++++++++ tox.ini | 22 ++++++++ 14 files changed, 413 insertions(+) create mode 100644 .gitignore create mode 100644 LICENSE create mode 100644 README.rst create mode 100755 doc/source/conf.py create mode 100644 doc/source/contributing.rst create mode 100644 doc/source/index.rst create mode 100644 doc/source/readme.rst create mode 120000 doc/source/specs create mode 100644 requirements.txt create mode 100644 setup.cfg create mode 100755 setup.py create mode 100644 specs/.gitignore create mode 100644 specs/template.rst create mode 100644 tox.ini diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a310ca9 --- /dev/null +++ b/.gitignore @@ -0,0 +1,18 @@ +.DS_Store + +AUTHORS +ChangeLog +build +.tox +.venv +*.egg* +*.swp +*.swo +*.pyc +.testrepository + +# Editors +*~ +.*.swp +.bak +/.project diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..75a29c4 --- /dev/null +++ b/LICENSE @@ -0,0 +1,3 @@ +This work is licensed under a Creative Commons Attribution 3.0 Unported License. + +http://creativecommons.org/licenses/by/3.0/legalcode diff --git a/README.rst b/README.rst new file mode 100644 index 0000000..9418421 --- /dev/null +++ b/README.rst @@ -0,0 +1,51 @@ +====================================== +OpenStack Security Specifications +====================================== + +This git repository is used to hold approved design specifications for +additions to the OpenStack Security Projects. Reviews of the specs +are done in gerrit, using a similar workflow to how we review and +merge changes to the security projects and supporting tools. + +The layout of this repository is:: + + specs// + +You can find an example spec in `doc/source/specs/template.rst`. +Fill it in with the details of a new blueprint for documentation. + +For security projects, blueprints are required for larger, coordinated projects +but not for small fixes. It's a judgement call for whether you need a +spec, so feel free to ask in the +#openstack-security IRC channel or on the openstack-security mailing list. + +To propose a specification for a release-specific project, add a new file to +the `specs/` directory and post it for review. The implementation +status of a blueprint for a given release can be found by looking at the +blueprint in Launchpad (and the spec links to Launchpad). + +Please realize that not all approved blueprints will get fully implemented. + +Security blueprints are being introduced with the Liberty development cycle +using this repository. + +Please note, Launchpad blueprints are still used for tracking the +current status of blueprints. For more information, see +https://wiki.openstack.org/wiki/Blueprints. + +For more information about working with gerrit, see +http://docs.openstack.org/infra/manual/developers.html#development-workflow. + +To validate that the specification is syntactically correct (i.e. get more +confidence in the Jenkins result), please execute the following command:: + + $ tox + +After running ``tox``, the documentation will be available for viewing in HTML +format in the ``doc/build/`` directory. Please do not check in the generated +HTML files as a part of your commit. + +The files are published at http://specs.openstack.org/openstack/security-specs. + +The git repository is located at +http://git.openstack.org/cgit/openstack/security-specs/. diff --git a/doc/source/conf.py b/doc/source/conf.py new file mode 100755 index 0000000..67d1471 --- /dev/null +++ b/doc/source/conf.py @@ -0,0 +1,93 @@ +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import datetime +import os +import sys + +sys.path.insert(0, os.path.abspath('../..')) +# -- General configuration ---------------------------------------------------- + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom ones. +extensions = [ + 'sphinx.ext.autodoc', + #'sphinx.ext.intersphinx', + 'oslosphinx', + 'yasfb', +] + +# Feed configuration for yasfb +feed_base_url = 'http://specs.openstack.org/openstack/security-specs' +feed_author = 'OpenStack Development Team' + +exclude_patterns = [ + 'template.rst', +] + +# Optionally allow the use of sphinxcontrib.spelling to verify the +# spelling of the documents. +try: + import sphinxcontrib.spelling + extensions.append('sphinxcontrib.spelling') +except ImportError: + pass + +# autodoc generation is a bit aggressive and a nuisance when doing heavy +# text edit cycles. +# execute "export SPHINX_DEBUG=1" in your terminal to disable + +# The suffix of source filenames. +source_suffix = '.rst' + +# The master toctree document. +master_doc = 'index' + +# General information about the project. +project = u'security-specs' +copyright = u'%s, OpenStack Foundation' % datetime.date.today().year + +# If true, '()' will be appended to :func: etc. cross-reference text. +add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +add_module_names = True + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + +# -- Options for HTML output -------------------------------------------------- + +# The theme to use for HTML and HTML Help pages. Major themes that come with +# Sphinx are currently 'default' and 'sphinxdoc'. +# html_theme_path = ["."] +# html_theme = '_theme' +# html_static_path = ['static'] + +# Output file base name for HTML help builder. +htmlhelp_basename = '%sdoc' % project + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, author, documentclass +# [howto/manual]). +latex_documents = [ + ('index', + '%s.tex' % project, + u'%s Documentation' % project, + u'OpenStack Foundation', 'manual'), +] + +# Example configuration for intersphinx: refer to the Python standard library. +#intersphinx_mapping = {'http://docs.python.org/': None} diff --git a/doc/source/contributing.rst b/doc/source/contributing.rst new file mode 100644 index 0000000..d83e94b --- /dev/null +++ b/doc/source/contributing.rst @@ -0,0 +1,26 @@ +============================================= +Contributing to: security-specs +============================================= + +If you would like to contribute to the development of OpenStack, +you must follow the steps in this page: + + http://docs.openstack.org/infra/manual/developers.html + +Once those steps have been completed, changes to OpenStack +should be submitted for review via the Gerrit tool, following +the workflow documented at: + + http://docs.openstack.org/infra/manual/developers.html#development-workflow + +Pull requests submitted through GitHub will be ignored. + +Bugs should be filed on Launchpad, not GitHub. + + For OpenStack Security Guide and OpenStack Security Notes: + + https://bugs.launchpad.net/openstack-manuals + + For Bandit: + + https://bugs.launchpad.net/bandit diff --git a/doc/source/index.rst b/doc/source/index.rst new file mode 100644 index 0000000..4d9dacf --- /dev/null +++ b/doc/source/index.rst @@ -0,0 +1,35 @@ +.. security-specs documentation master file, created by + sphinx-quickstart on Tue Jul 9 22:26:36 2013. + You can adapt this file completely to your liking, but it should at least + contain the root `toctree` directive. + +Security Design Specifications +================================================== + +This repository contains specifications and policies that apply to OpenStack +Security Projects. These projects include OpenStack Security Guide, OpenStack +Security Notes, and Bandit. + +.. toctree:: + :glob: + :maxdepth: 1 + + +Repository Information +=================================================== + +.. toctree:: + :maxdepth: 1 + + README + Specification Template + contributing + + +Indices and tables +================== + +* :ref:`genindex` +* :ref:`modindex` +* :ref:`search` + diff --git a/doc/source/readme.rst b/doc/source/readme.rst new file mode 100644 index 0000000..a6210d3 --- /dev/null +++ b/doc/source/readme.rst @@ -0,0 +1 @@ +.. include:: ../../README.rst diff --git a/doc/source/specs b/doc/source/specs new file mode 120000 index 0000000..87a4030 --- /dev/null +++ b/doc/source/specs @@ -0,0 +1 @@ +../../specs \ No newline at end of file diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..b5a84a1 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,7 @@ +pbr>=0.6,!=0.7,<1.0 +doc8 # Apache-2.0 +oslosphinx>=2.5.0 # Apache-2.0 +sphinx>=1.1.2,!=1.2.0,!=1.3b1,<1.3 +testrepository>=0.0.18 +testtools>=0.9.36,!=1.2.0 +yasfb>=0.5.1 diff --git a/setup.cfg b/setup.cfg new file mode 100644 index 0000000..b0c6eff --- /dev/null +++ b/setup.cfg @@ -0,0 +1,24 @@ +[metadata] +name = security-specs +summary = OpenStack Security Specifications +description-file = + README.rst +author = OpenStack +author-email = openstack-dev@lists.openstack.org +home-page = http://www.openstack.org/ +classifier = + Environment :: OpenStack + Intended Audience :: Developers + License :: OSI Approved :: Apache Software License + Operating System :: POSIX :: Linux + +[build_sphinx] +source-dir = doc/source +build-dir = doc/build +all_files = 1 + +[pbr] +warnerrors = True + +[upload_sphinx] +upload-dir = doc/build/html diff --git a/setup.py b/setup.py new file mode 100755 index 0000000..70c2b3f --- /dev/null +++ b/setup.py @@ -0,0 +1,22 @@ +#!/usr/bin/env python +# Copyright (c) 2013 Hewlett-Packard Development Company, L.P. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# THIS FILE IS MANAGED BY THE GLOBAL REQUIREMENTS REPO - DO NOT EDIT +import setuptools + +setuptools.setup( + setup_requires=['pbr'], + pbr=True) diff --git a/specs/.gitignore b/specs/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/specs/template.rst b/specs/template.rst new file mode 100644 index 0000000..e62f617 --- /dev/null +++ b/specs/template.rst @@ -0,0 +1,110 @@ +.. + +This work is licensed under a Creative Commons Attribution 3.0 Unported +License. +http://creativecommons.org/licenses/by/3.0/legalcode + +.. + This template should be in ReSTructured text. The filename in the git + repository should match the launchpad URL, for example a URL of + https://blueprints.launchpad.net/openstack-manuals/+spec/awesome-thing should + be named awesome-thing.rst . Please do not delete any of the sections in + this template. If you have nothing to say for a whole section, just write: + None For help with syntax, see http://sphinx-doc.org/rest.html + To test out your formatting, see http://www.tele3.cz/jbar/rest/rest.html + +============================= + The title of your blueprint +============================= + +Include the URL of your launchpad blueprint: + +https://blueprints.launchpad.net/openstack-manuals/+spec/example + +Or + +https://blueprints.launchpad.net/bandit/+spec/example + +Introduction paragraph -- why are we doing anything? + +Problem description +=================== + +A detailed description of the problem. + +Proposed change +=============== + +Here is where you cover the change you propose to make in detail. How do you +propose to solve this problem? + +If this is one part of a larger effort make it clear where this piece ends. In +other words, what's the scope of this effort? + +Include which OpenStack security project this will apply to (OpenStack Security +Guide, OpenStack Security Notes, Bandit, etc). Also include where in the +OpenStack security project tree hierarchy this will reside. + +Alternatives +------------ + +This is an optional section, where it does apply we'd just like a demonstration +that some thought has been put into why the proposed approach is the best one. + +Implementation +============== + +Assignee(s) +----------- + +Who is leading the writing of the code? Or is this a blueprint where you're +throwing it out there to see who picks it up? + +If more than one person is working on the implementation, please designate the +primary author and contact. + +Primary assignee: + + +Can optionally can list additional ids if they intend on doing +substantial implementation work on this blueprint. + +Milestones +---------- + +Target Milestone for completion: + Liberty-1 + +Work Items +---------- + +Work items or tasks -- break the feature up into the things that need to be +done to implement it. Those parts might end up being done by different people, +but we're mostly trying to understand the timeline for implementation. + + +Dependencies +============ + +- Include specific references to specs and/or blueprints in openstack-manuals, + or in other projects, that this one either depends on or is related to. + +- Does this feature require any new library dependencies or code otherwise not + included in OpenStack? Or does it depend on a specific version of library? + +References +========== + +Please add any useful references here. You are not required to have any +reference. Moreover, this specification should still make sense when your +references are unavailable. Examples of what you could include are: + +* Links to mailing list or IRC discussions + +* Links to notes from a summit session + +* Links to relevant research, if appropriate + +* Related specifications as appropriate + +* Anything else you feel it is worthwhile to refer to diff --git a/tox.ini b/tox.ini new file mode 100644 index 0000000..721fce8 --- /dev/null +++ b/tox.ini @@ -0,0 +1,22 @@ +[tox] +minversion = 1.6 +envlist = docs,py27 +skipsdist = True + +[testenv] +usedevelop = True +setenv = VIRTUAL_ENV={envdir} +install_command = pip install -U {opts} {packages} +deps = -r{toxinidir}/requirements.txt +# The gate jobs run build_sphinx without using tox (thus ignore the +# docs target) and also call "tox -e py27", thus add doc8 here as +# default job. +commands = doc8 -e .rst specs/ doc/ README.rst + +[testenv:venv] +commands = {posargs} + +[testenv:docs] +commands = + doc8 -e .rst specs/ doc/ README.rst + python setup.py build_sphinx