starlingx
/
vault-armada-app
Code Issues Proposed changes

Initial commit for stx-vault app 

Story: 2007718
Task: 40272

Depends-On: https://review.opendev.org/739486
Change-Id: I6326fe94f79694c80dbf585df7311fdde46faf9e
Signed-off-by: Cole Walker <cole.walker@windriver.com>
This commit is contained in:
Cole Walker 2020-07-02 12:07:51 -04:00
parent c92fc3309e
commit 431f8e0874
43 changed files with 1430 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
.zuul.yaml Normal file
View File

@ -0,0 +1,103 @@
---
- project:
check:
jobs:
- openstack-tox-linters
gate:
jobs:
- openstack-tox-linters
post:
jobs:
- stx-vault-armada-app-upload-git-mirror
- job:
name: stx-vault-armada-app-upload-git-mirror
parent: upload-git-mirror
description: >
Mirrors opendev.org/starlingx/vault-armada-app to
github.com/starlingx/vault-armada-app
vars:
git_mirror_repository: starlingx/vault-armada-app
secrets:
- name: git_mirror_credentials
secret: stx-vault-armada-app-github-secret
pass-to-parent: true
- secret:
name: stx-vault-armada-app-github-secret
data:
user: git
host: github.com
# yamllint disable-line rule:line-length
host_key: github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
ssh_key: !encrypted/pkcs1-oaep
- M9/eBIvjveG8F1/YHXenJhuIi2nRigBs0vwNwEtwCp+l0sXVMHj9wDYRKegZqsAJRw4Pf
c9j6T+3DaCP8rlYOZXeaVMZb9WGWbwNDv8jBOzuW1k5rHbzmQOVKfTlz0b0acgEBPbwJy
bf1mVI02Qfs9Fgz9G+ytS8Xd3itNYvN/OoeRkEqiMpDLwoyXxHUqx/gpN4G4fFxuRTDsw
rENwVFbgRjlY98DwQvpdVgbI+TT9YPrKOD59phYrGOkfCZA2fwleOS8Ps+nDNNAO+l0BW
LiWBipBQPwkkFHgKcARA2Axs9Tao3WME+YiiL1Suh99kk1D8C2XvZT9XdBY0e63QhnCLd
fUXqrrL5jputZ/iKC7vBc1z+p3CE64aq7v9OJPP+f5e2xH7xXIBoCco2Uftp35dlvn2Tz
f/odMj/q2ewj3yXONYso+UJhvnes+usQ3FPr3Hdb7vet5LPeR75YwYWjingsrxsViYwMa
Q0Msf+S1YY1tfm/f4GjZ6z6nXspXNsS3LpGWySO5o0PspdGaxbcXHA0H0T4v0iacRxVsY
zSCa9coDhSNN4itoDfz7Zn9DvsJH3PL2RsI2eS9+0tQc42Nr03eRPEeuiHezY+aOjSQfs
rYxs5ZYoClIgMmwyJ5iujcPwQewDN4u2dU7YDUu2Ye4BUZlT8ALb3QEamUYt/U=
- mOAd1R3hc670dxRgkxyUzI554YRbJY3liCCbpYdUJn27wptGwr1fhd/g4UqxytF44PUPU
7xRH54DK8JG/F1F61stUKmx1Zoh1MaiZRz2pxEfwlZcYPv/mKJ/7vEItCVjh4u57R9BVL
0cwQzj6maLc3n5M2oy74JgigLp6IvJqBeNnhwRYfVfZRDyjClLE14ZOU4iyCqetx8AWzf
sKxuIZGUSAYJUEQBrLeo4KV5qf1z6NcvjnNVEU1P+YnJIA3Tymw8epqDM9CKTwRhcKJG3
rrnhuyL3G9I6ryobflIx80jStWKaTappkwfrAruUWnFEWwJlSOAlEbuFBkXS/7k1Y/e1x
A2KG9xCfP0itiF3GMu2kSJPMljA3GY+rfrJ0lOMZhfBNJR4eTCtpytr5/51Vj93WV23wS
uPU5NhSL7WOqaJ3Lv/jQtOa1otGDIUX2g70SUufzgEM7h5xYgvRddMBLkkOK18vCqoOCq
Ka37FW4DT7pPvAWBxqB9MUNG+GlU8UmlT8Tpc+QYj46VoOknkst8RGFJmeLM0T76IwCFG
6R80PGRTLlbkTtTIwc1L3z349eM7DxVRFEnUEJyGa8g/NqrKCaX5+e+PWYunWqcabVyUQ
CKAXEjxVFGyID2cTnvKP0dXtX+k0CYcCFqppu/7m1R3Qkc6Yu2/u0LShkg2Z5Q=
- Tgc236DwNZu5LHU2yA4preI5groMPONXv/xnWHO526ZjDI3lD9HwYbbmgOcQ0AEwULGrr
1Qyd21kHL8DIQ1T7WgGgIAPHJAmXXqiPbybpbaJ6xjXX+pXNz/LPTECdBlEgiy2zoch2e
yfuKUuc9vSNEvuNyj/AsU2h/+MPerhbRfQVA+jm+AIuKsEf6efAVvf2q+OzXCqg77PyOj
TqLUZZxwmOZfq5YNFTUlQC9evjixRGQCxgf1HowEc3MTK2C6lvtI/ommV2RQQnOItttbT
4wCKz6RWzm4+sEShEj9deQ88D377Grmy9pbH9jYKR+2JelkD39eQoTsEYEhxRpB7rfPOd
yTOWZ3LX6sHkldgnbPq58tty5M7T4CpWJaCNC1Hbvw3mw1IUUVxDWHyAkWVDKoZl5FlnD
97+UOGjEVE2L5tFk+vTuA03/aHChdPPEYpYgOzycUA4ED+zQT0mZZLjkSDYXnLeNQvN5F
Qjbp2buK8m4GRx/AGhVkMRGkjYcxiK5eTmuvYsoMvKM9+h6KfywESSpaaGRzSyqJPko4y
yaA0h0zAUPmXLOghUPksEOzewOFnCThlzoGN4mRkIkOUUZX48Z1sTyY2X8uuLPhvir270
mFmKWH0XJnj/gmX48oLTQ+tHVDastuNcwoEym9y0/UrpJty+YD8KbGARKPWJZU=
- fy1l68npdASzT1e5+YN3gzsr5oFRw9/LuB4NYZ502YmkkvLOsvhbbWu7c8zSKzshgGwnO
Ky2SmIsZOzSbhIHR1TLWKXZDPYuQXRXEEX5xR+3N0TzkfmH3XxRfcb5vrdGUeg/ac3O/d
tpvg9wkKoa3xBO1p7ynZOWDYVQiQ3qbuZOx1FpvGzDKmQAY7xbkzFzZ4I8kM8Bs4FDHwf
Rpsafx8/fwHklYcFs393AcvZiTHBxHV3nOA9HQyAm9N0pHd5z3/x7mDySBScH8IrGEtpP
UwMurxy20cQrMfSsLkIiLXYMPCRTtNsHGAuXqqjLQA4oifrf+LgoUNSaK9n4G67QI8os8
w47b6WHhYLMBaj1GM4GmVZG2+J3BmnAaVEHau772G4AJqq/jXx6WJIJ4z21S3urFjxAUs
XXyT2tbmLeOuwmFbE+LDpdhA0aMwG29a/S9SmOmNkfLl+9JtJ0VYrFhHSjtbGzpiMTcEN
vzTVHRpq7SJsvIcXHhWLFV5PwVYnooUDSk4kCgs1GpJ4L0RQrcF9JcEae1Yk+Wn5ZnKNP
Id467d4BB26BruetFE5yNE40vGhdpixeMi8kCvscxWUl/xfvdDOx3GclWaMBHJC0XGaLM
5BI7DgmYr420ZTVOervUmyy01sWG7K9uxS7e+A1AMtkGIzq/iJ+e9Or8CiptfE=
- lslBu2m2OjpRbVzxra+Lmw7OmHP8JyZM5M8RpdBDVMUmfb7IcYo/Madzn+X9SAltGCggo
G5Guj3ATRjDNp+ts7U3RCLWsAj7URgM5HdDAyQRO5tzx9perCuHI709f/KYDVQYKcxF/p
da0+sZsTPNtKDOZV4heoTey3b4yGFBzl1Wlq+eILeUPoR2197KdJlQg6Qh5gXeGp8XEyM
BM99IV+lFsNM+putCg7XSCqesTPhb38TPxf0kbjWJslnHf1xFHs8+ghrhKilAZqLIrZF9
/LKNxpTr8bhkQbZaK1VgpOQCxaHXDhs3huBqco0Zb6IaPV2Ricb13SmHg1Pq3tJkxFb/w
6Sy0argpKh5e8wpYfUrHpoV2zsMbztnEI7lHxjj1ASq5+007ffMHzFY1ckOzUknBU74S3
PiSb1C09fSbUr2aocVEhC6wel3cAPB0XgCwhn6asV5mWfgwBbNApuriQMmCOlJgbqqqp2
F/JxuXFTGKfMwoXZo9I3cBqu+twVDDftjAaDap+2yAFYwCJvc5GJnd//4OxEW/Jz0BCQu
GP0va6xy4BkXaD+0IGDIA+r8CltiK4UEgF0/g01p+siS+l+cpwRIPGEmlPsqLCUc3EM3a
0I1EgiMWFY/hc0+qijzO5PlHjsJ8rQeTBdGMwCp24aEI1DhHL0CZDW/wyDwkYQ=
- gc9mp5gwWDgR9UMl63RTzYyKY0vFCu57PfbpvAD64SsVhiNbvWMKYU5KVA9F+XtaIC+zC
wLwZO8jHZHJC4zSR7K0zZ0lu+f4TegX5OjZ5WnjNkHCdvOVdLvjPORGmaWyNCjoolc2RT
qdw7Sk8XNd+LT2HeNEV7LoFj2EbaeJBwZ3V8qOU/yjRPPjbi7uLzsjzSRByQX/5fbGOsI
4x42gmOrbi1w0H11dOskrg2LLvBvv7VCr7LqvLEawRp+huyP/0xpE1qKKhDSGuGhf8gFY
jB5okNdgJqR2ClUQS5fUqgrXFmCtad7RDGkhL7XYJL6sd7osH/lgBMyCX3pL6LRvDos5V
4KAInr0u8WEgv7jAFJK1a1o5nqzaSJ/BSKiWfhdj8pvbEXufirHjtYtBXmeQGSPRWfYnA
C/ihRk+WCAUZZuLDbXQLNDKBYZbqd3gUE0bA9bNix7hzVT/k1oa8aYzHbQPDvL0pt/5HF
xp5s6TxwGy0Ut2CyY8Kc07NjSL6f0eGaZPl3xN94+keTTDtBCds7OMN1nbvfKBM/WQ7Wj
GP/sCk18NKUdidDpBvFVCTzIAVALwHrDgBX4MDwBJvlHerP6qkEX60guYSyBSXp1dCBx2
ndpVj+/YpUB4EgECWS/oBc+PyFsZlWA+d9LwzsapAOFJkgWhesPYNjW1zuRzig=
- E+4MKgGD+qnen7Ym5YmkqjdZQ7buqYAFUqqZ3fPn5wbmDGCq2iqkO1JhQvSvHL1r7Yp1a
eQPI3YxUQpM6Dbdqp1Au+omz0hd8GedufTTyzhh7fGUd8LKBXaM/fPL2g1s70NF3iJ+oK
v003KLVNIYlRigAWKUOzeQLn+gl92bRSip5RSIWyOVpprjAFq8BePFMg+ZsERisANaJxN
QzDaYFVadL2dCxMcuZ7Y8z0RNzgb9Mi6D2dnDBoFSfFnJGLZIwGIdcQfz88gWFsuCLXGb
VLVxGsU1/WXKngSoKuVpVNdShvjj9LzznLvoaO9IDig+NnPzVf6zJ2TklIYs/vFamHriC
zBUb0KRC7U34iBmc+62kbqokpvVP0KAuzgtaDzGRhdZJXvahn0tI0WEDVuq4QOcUwA9I1
UlcQK6MHMgwhqfZI2RmbARFgPov9OzmKrM8M4AZ4TYQwdgj57na6DOl7UEal5cHWsvR+8
t230YyZJ6MLy9l6R2zHPicgbJj3w5aERp3ipTkofL47FokPT8eFtPhy5BYIKFtjPDNAc7
2LF69MtEMJtfb9g6u4uzOp5Y/bg+4fsDYWd5Dw7kRjeKvWmmH9Uplh6Y569GW2z2NFekr
QxX8x0Bpt4ZvOGXiJIP0KWcFAEceSjds6DPzCX9z8HyK9CWX0aFC2R4Wis8PyY=

16
CONTRIBUTING.rst Normal file
View File

@ -0,0 +1,16 @@
If you would like to contribute to the development of OpenStack,
you must follow the steps in this page:
https://docs.openstack.org/infra/manual/developers.html
Once those steps have been completed, changes to OpenStack
should be submitted for review via the Gerrit tool, following
the workflow documented at:
https://docs.openstack.org/infra/manual/developers.html#development-workflow
Pull requests submitted through GitHub will be ignored.
Bugs should be filed in Launchpad:
https://bugs.launchpad.net/starlingx

17
HACKING.rst Normal file
View File

@ -0,0 +1,17 @@
StarlingX Vault-Armada-App Style Commandments
================================================================
- Step 1: Read the OpenStack style commandments
https://docs.openstack.org/hacking/latest/
- Step 2: Read on
Vault-Armada-App Specific Commandments
---------------------------------------------------------
None so far
Running tests
-------------
The approach to running tests is to simply run the command ``tox``. This will
create virtual environments, populate them with dependencies and run all of
the tests that OpenStack CI systems run.

1
centos_build_layer.cfg Normal file
View File

@ -0,0 +1 @@
flock

1
centos_iso_image.inc Normal file
View File

@ -0,0 +1 @@
stx-vault-helm

2
centos_pkg_dirs Normal file
View File

@ -0,0 +1,2 @@
stx-vault-helm
python-k8sapp-vault

2
centos_pkg_dirs_containers Normal file
View File

@ -0,0 +1,2 @@
stx-vault-helm
python-k8sapp-vault

1
centos_tarball-dl.lst Normal file
View File

@ -0,0 +1 @@
helm-charts-vault-0-6-0.tar.gz#helm-charts-vault#https://github.com/hashicorp/vault-helm/archive/v0.6.0.tar.gz#http##

12
config Normal file
View File

@ -0,0 +1,12 @@
[core]
repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
[remote "origin"]
url = https://review.opendev.org/starlingx/vault-armada-app.git
fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
remote = origin
merge = refs/heads/master
rebase = true

2
github_sync.trigger Normal file
View File

@ -0,0 +1,2 @@
# to trigger the upload job to sync to GitHub
1

7
python-k8sapp-vault/centos/build_srpm.data Normal file
View File

@ -0,0 +1,7 @@
SRC_DIR="k8sapp_vault"
# Keep the SRCREV in sync with stx-vault-helm so the app version is the
# same as the plugin version
#TIS_BASE_SRCREV=94d4c26f982e2e8c222517900c504580d1e3a09d
#TIS_PATCH_VER=GITREVCOUNT
TIS_PATCH_VER=0

61
python-k8sapp-vault/centos/python-k8sapp-vault.spec Normal file
View File

@ -0,0 +1,61 @@
%global app_name vault
%global pypi_name k8sapp-vault
%global sname k8sapp_vault
Name: python-%{pypi_name}
Version: 20.06
Release: %{tis_patch_ver}%{?_tis_dist}
Summary: StarlingX sysinv extensions: Vault
License: Apache-2.0
Source0: %{name}-%{version}.tar.gz
BuildArch: noarch
BuildRequires: python-setuptools
BuildRequires: python-pbr
BuildRequires: python2-pip
BuildRequires: python2-wheel
%description
StarlingX sysinv extensions: Vault K8S app
%package -n python2-%{pypi_name}
Summary: StarlingX sysinv extensions: Vault K8S app
Requires: python-pbr >= 2.0.0
Requires: sysinv >= 1.0
%description -n python2-%{pypi_name}
StarlingX sysinv extensions: Vault K8S app
%prep
%setup
# Remove bundled egg-info
rm -rf %{pypi_name}.egg-info
%build
export PBR_VERSION=%{version}
%{__python2} setup.py build
%py2_build_wheel
%install
export PBR_VERSION=%{version}.%{tis_patch_ver}
export SKIP_PIP_INSTALL=1
%{__python2} setup.py install --skip-build --root %{buildroot}
mkdir -p ${RPM_BUILD_ROOT}/plugins/%{app_name}
install -m 644 dist/*.whl ${RPM_BUILD_ROOT}/plugins/%{app_name}/
%files
%{python2_sitelib}/%{sname}
%{python2_sitelib}/%{sname}-*.egg-info
%package wheels
Summary: %{name} wheels
%description wheels
Contains python wheels for %{name}
%files wheels
/plugins/*

35
python-k8sapp-vault/k8sapp_vault/.gitignore vendored Normal file
View File

@ -0,0 +1,35 @@
# Compiled files
*.py[co]
*.a
*.o
*.so
# Sphinx
_build
doc/source/api/
# Packages/installer info
*.egg
*.egg-info
dist
build
eggs
parts
var
sdist
develop-eggs
.installed.cfg
# Other
*.DS_Store
.stestr
.testrepository
.tox
.venv
.*.swp
.coverage
bandit.xml
cover
AUTHORS
ChangeLog
*.sqlite

4
python-k8sapp-vault/k8sapp_vault/.stestr.conf Normal file
View File

@ -0,0 +1,4 @@
[DEFAULT]
test_path=./k8sapp_vault/tests
top_dir=./k8sapp_vault
#parallel_class=True

202
python-k8sapp-vault/k8sapp_vault/LICENSE Normal file
View File

@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright 2019 Wind River Systems, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

7
python-k8sapp-vault/k8sapp_vault/README.rst Normal file
View File

@ -0,0 +1,7 @@
k8sapp-vault
===================
This project contains StarlingX Kubernetes application specific python plugins
for Vault. These plugins are required to integrate the oidc authorization
application into the StarlingX application framework and to support the
various StarlingX deployments.

0
python-k8sapp-vault/k8sapp_vault/k8sapp_vault/__init__.py Normal file
View File

0
python-k8sapp-vault/k8sapp_vault/k8sapp_vault/common/__init__.py Normal file
View File

10
python-k8sapp-vault/k8sapp_vault/k8sapp_vault/common/constants.py Normal file
View File

@ -0,0 +1,10 @@
#
# Copyright (c) 2020 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# Helm: Supported charts:
# These values match the names in the chart package's Chart.yaml
HELM_CHART_VAULT = 'vault'
HELM_CHART_PSP_ROLEBINDING = 'psp-rolebinding'

0
python-k8sapp-vault/k8sapp_vault/k8sapp_vault/helm/__init__.py Normal file
View File

43
python-k8sapp-vault/k8sapp_vault/k8sapp_vault/helm/psp_rolebinding.py Normal file
View File

@ -0,0 +1,43 @@
#
# Copyright (c) 2020 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
from k8sapp_vault.common import constants as app_constants
from sysinv.common import constants
from sysinv.common import exception
from sysinv.helm import base
from sysinv.helm import common
class PSPRolebindingHelm(base.BaseHelm):
"""Class to encapsulate helm operations for the psp rolebinding chart"""
SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + \
[common.HELM_NS_VAULT]
SUPPORTED_APP_NAMESPACES = {
constants.HELM_APP_VAULT:
base.BaseHelm.SUPPORTED_NAMESPACES + [common.HELM_NS_VAULT],
}
CHART = app_constants.HELM_CHART_PSP_ROLEBINDING
SERVICE_NAME = 'psp-rolebinding'
def get_namespaces(self):
return self.SUPPORTED_NAMESPACES
def get_overrides(self, namespace=None):
overrides = {
common.HELM_NS_VAULT: {}
}
if namespace in self.SUPPORTED_NAMESPACES:
return overrides[namespace]
elif namespace:
raise exception.InvalidHelmNamespace(chart=self.CHART,
namespace=namespace)
else:
return overrides

51
python-k8sapp-vault/k8sapp_vault/k8sapp_vault/helm/vault.py Normal file
View File

@ -0,0 +1,51 @@
#
# Copyright (c) 2020 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
from k8sapp_vault.common import constants as app_constants
from sysinv.common import constants
from sysinv.common import exception
from sysinv.helm import base
from sysinv.helm import common
class VaultHelm(base.BaseHelm):
"""Class to encapsulate helm operations for the vault chart"""
SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + \
[common.HELM_NS_VAULT]
SUPPORTED_APP_NAMESPACES = {
constants.HELM_APP_VAULT:
base.BaseHelm.SUPPORTED_NAMESPACES + [common.HELM_NS_VAULT],
}
CHART = app_constants.HELM_CHART_VAULT
SERVICE_NAME = 'vault'
def get_namespaces(self):
return self.SUPPORTED_NAMESPACES
def get_overrides(self, namespace=None):
overrides = {
common.HELM_NS_VAULT: {
'server': {
'ha': {
'replicas': max(1, self._num_provisioned_controllers()),
},
},
}
}
if namespace in self.SUPPORTED_NAMESPACES:
return overrides[namespace]
elif namespace:
raise exception.InvalidHelmNamespace(chart=self.CHART,
namespace=namespace)
else:
return overrides

0
python-k8sapp-vault/k8sapp_vault/k8sapp_vault/tests/__init__.py Normal file
View File

42
python-k8sapp-vault/k8sapp_vault/k8sapp_vault/tests/test_plugins.py Normal file
View File

@ -0,0 +1,42 @@
#
# Copyright (c) 2020 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
from sysinv.common import constants
from sysinv.tests.db import base as dbbase
from sysinv.tests.helm.test_helm import HelmOperatorTestSuiteMixin
class K8SAppVaultAppMixin(object):
app_name = constants.HELM_APP_VAULT
path_name = app_name + '.tgz'
def setUp(self):
super(K8SAppVaultAppMixin, self).setUp()
# Test Configuration:
# - Controller
# - IPv6
# - Ceph Storage
# - vault app
class K8sAppVaultControllerTestCase(K8SAppVaultAppMixin,
dbbase.BaseIPv6Mixin,
dbbase.BaseCephStorageBackendMixin,
HelmOperatorTestSuiteMixin,
dbbase.ControllerHostTestCase):
pass
# Test Configuration:
# - AIO
# - IPv4
# - Ceph Storage
# - vault app
class K8SAppVaultAIOTestCase(K8SAppVaultAppMixin,
dbbase.BaseCephStorageBackendMixin,
HelmOperatorTestSuiteMixin,
dbbase.AIOSimplexHostTestCase):
pass

51
python-k8sapp-vault/k8sapp_vault/k8sapp_vault/tests/test_vault.py Normal file
View File

@ -0,0 +1,51 @@
# Copyright (c) 2020 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
from k8sapp_vault.common import constants as app_constants
from k8sapp_vault.tests import test_plugins
from sysinv.db import api as dbapi
from sysinv.helm import common
from sysinv.tests.db import base as dbbase
from sysinv.tests.db import utils as dbutils
from sysinv.tests.helm import base
class VaultTestCase(test_plugins.K8SAppVaultAppMixin,
base.HelmTestCaseMixin):
def setUp(self):
super(VaultTestCase, self).setUp()
self.app = dbutils.create_test_app(name='vault')
self.dbapi = dbapi.get_instance()
class VaultIPv4ControllerHostTestCase(VaultTestCase,
dbbase.ProvisionedControllerHostTestCase):
def test_replicas(self):
overrides = self.operator.get_helm_chart_overrides(
app_constants.HELM_CHART_VAULT,
cnamespace=common.HELM_NS_VAULT)
self.assertOverridesParameters(overrides, {
# 1 replica for 1 controller
'replicaCount': 1
})
class VaultIPv6AIODuplexSystemTestCase(VaultTestCase,
dbbase.BaseIPv6Mixin,
dbbase.ProvisionedAIODuplexSystemTestCase):
def test_replicas(self):
overrides = self.operator.get_helm_chart_overrides(
app_constants.HELM_CHART_VAULT,
cnamespace=common.HELM_NS_VAULT)
self.assertOverridesParameters(overrides, {
# 2 replicas for 2 controllers
'replicaCount': 2
})

238
python-k8sapp-vault/k8sapp_vault/pylint.rc Normal file
View File

@ -0,0 +1,238 @@
[MASTER]
# Specify a configuration file.
rcfile=pylint.rc
# Python code to execute, usually for sys.path manipulation such as
# pygtk.require().
#init-hook=
# Add files or directories to the blacklist. Should be base names, not paths.
ignore=tests
# Pickle collected data for later comparisons.
persistent=yes
# List of plugins (as comma separated values of python modules names) to load,
# usually to register additional checkers.
load-plugins=
# Use multiple processes to speed up Pylint.
jobs=4
# Allow loading of arbitrary C extensions. Extensions are imported into the
# active Python interpreter and may run arbitrary code.
unsafe-load-any-extension=no
# A comma-separated list of package or module names from where C extensions may
# be loaded. Extensions are loading into the active Python interpreter and may
# run arbitrary code
extension-pkg-whitelist=lxml.etree,greenlet
[MESSAGES CONTROL]
# Enable the message, report, category or checker with the given id(s). You can
# either give multiple identifier separated by comma (,) or put this option
# multiple time.
#enable=
# Disable the message, report, category or checker with the given id(s). You
# can either give multiple identifier separated by comma (,) or put this option
# multiple time (only on the command line, not in the configuration file where
# it should appear only once).
# See "Messages Control" section of
# https://pylint.readthedocs.io/en/latest/user_guide
# We are disabling (C)onvention
# We are disabling (R)efactor
disable=C, R
[REPORTS]
# Set the output format. Available formats are text, parseable, colorized, msvs
# (visual studio) and html
output-format=text
# Put messages in a separate file for each module / package specified on the
# command line instead of printing them on stdout. Reports (if any) will be
# written in a file name "pylint_global.[txt|html]".
files-output=no
# Tells whether to display a full report or only the messages
reports=yes
# Python expression which should return a note less than 10 (10 is the highest
# note). You have access to the variables errors warning, statement which
# respectively contain the number of errors / warnings messages and the total
# number of statements analyzed. This is used by the global evaluation report
# (RP0004).
evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)
[SIMILARITIES]
# Minimum lines number of a similarity.
min-similarity-lines=4
# Ignore comments when computing similarities.
ignore-comments=yes
# Ignore docstrings when computing similarities.
ignore-docstrings=yes
[FORMAT]
# Maximum number of characters on a single line.
max-line-length=85
# Maximum number of lines in a module
max-module-lines=1000
# String used as indentation unit. This is usually 4 spaces or "\t" (1 tab).
indent-string=' '
[TYPECHECK]
# Tells whether missing members accessed in mixin class should be ignored. A
# mixin class is detected if its name ends with "mixin" (case insensitive).
ignore-mixin-members=yes
# List of module names for which member attributes should not be checked
# (useful for modules/projects where namespaces are manipulated during runtime
# and thus existing member attributes cannot be deduced by static analysis
ignored-modules=distutils,eventlet.green.subprocess,six,six.moves
# List of classes names for which member attributes should not be checked
# (useful for classes with attributes dynamically set).
# pylint is confused by sqlalchemy Table, as well as sqlalchemy Enum types
# ie: (unprovisioned, identity)
# LookupDict in requests library confuses pylint
ignored-classes=SQLObject, optparse.Values, thread._local, _thread._local,
Table, unprovisioned, identity, LookupDict
# List of members which are set dynamically and missed by pylint inference
# system, and so shouldn't trigger E0201 when accessed. Python regular
# expressions are accepted.
generated-members=REQUEST,acl_users,aq_parent
[BASIC]
# List of builtins function names that should not be used, separated by a comma
bad-functions=map,filter,apply,input
# Regular expression which should only match correct module names
module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
# Regular expression which should only match correct module level names
const-rgx=(([A-Z_][A-Z0-9_]*)|(__.*__))$
# Regular expression which should only match correct class names
class-rgx=[A-Z_][a-zA-Z0-9]+$
# Regular expression which should only match correct function names
function-rgx=[a-z_][a-z0-9_]{2,30}$
# Regular expression which should only match correct method names
method-rgx=[a-z_][a-z0-9_]{2,30}$
# Regular expression which should only match correct instance attribute names
attr-rgx=[a-z_][a-z0-9_]{2,30}$
# Regular expression which should only match correct argument names
argument-rgx=[a-z_][a-z0-9_]{2,30}$
# Regular expression which should only match correct variable names
variable-rgx=[a-z_][a-z0-9_]{2,30}$
# Regular expression which should only match correct list comprehension /
# generator expression variable names
inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$
# Good variable names which should always be accepted, separated by a comma
good-names=i,j,k,ex,Run,_
# Bad variable names which should always be refused, separated by a comma
bad-names=foo,bar,baz,toto,tutu,tata
# Regular expression which should only match functions or classes name which do
# not require a docstring
no-docstring-rgx=__.*__
[MISCELLANEOUS]
# List of note tags to take in consideration, separated by a comma.
notes=FIXME,XXX,TODO
[VARIABLES]
# Tells whether we should check for unused import in __init__ files.
init-import=no
# A regular expression matching the beginning of the name of dummy variables
# (i.e. not used).
dummy-variables-rgx=_|dummy
# List of additional names supposed to be defined in builtins. Remember that
# you should avoid to define new builtins when possible.
additional-builtins=
[IMPORTS]
# Deprecated modules which should not be used, separated by a comma
deprecated-modules=regsub,string,TERMIOS,Bastion,rexec
# Create a graph of every (i.e. internal and external) dependencies in the
# given file (report RP0402 must not be disabled)
import-graph=
# Create a graph of external dependencies in the given file (report RP0402 must
# not be disabled)
ext-import-graph=
# Create a graph of internal dependencies in the given file (report RP0402 must
# not be disabled)
int-import-graph=
[DESIGN]
# Maximum number of arguments for function / method
max-args=5
# Argument names that match this expression will be ignored. Default to name
# with leading underscore
ignored-argument-names=_.*
# Maximum number of locals for function / method body
max-locals=15
# Maximum number of return / yield for function / method body
max-returns=6
# Maximum number of branch for function / method body
max-branchs=12
# Maximum number of statements in function / method body
max-statements=50
# Maximum number of parents for a class (see R0901).
max-parents=7
# Maximum number of attributes for a class (see R0902).
max-attributes=7
# Minimum number of public methods for a class (see R0903).
min-public-methods=2
# Maximum number of public methods for a class (see R0904).
max-public-methods=20
[CLASSES]
# List of method names used to declare (i.e. assign) instance attributes.
defining-attr-methods=__init__,__new__,setUp
# List of valid names for the first argument in a class method.
valid-classmethod-first-arg=cls
[EXCEPTIONS]
# Exceptions that will emit a warning when being caught. Defaults to
# "Exception"
overgeneral-exceptions=Exception

2
python-k8sapp-vault/k8sapp_vault/requirements.txt Normal file
View File

@ -0,0 +1,2 @@
pbr>=2.0.0
PyYAML==3.10

40
python-k8sapp-vault/k8sapp_vault/setup.cfg Normal file
View File

@ -0,0 +1,40 @@
[metadata]
name = k8sapp-vault
summary = StarlingX sysinv extensions for vault
long_description = file: README.rst
long_description_content_type = text/x-rst
license = Apache 2.0
author = StarlingX
author-email = starlingx-discuss@lists.starlingx.io
home-page = https://www.starlingx.io/
classifier =
Environment :: OpenStack
Intended Audience :: Information Technology
Intended Audience :: System Administrators
License :: OSI Approved :: Apache Software License
Operating System :: POSIX :: Linux
Programming Language :: Python
Programming Language :: Python :: 2
Programming Language :: Python :: 2.7
Programming Language :: Python :: 3
Programming Language :: Python :: 3.4
Programming Language :: Python :: 3.5
[files]
packages =
k8sapp_vault
[global]
setup-hooks =
pbr.hooks.setup_hook
[entry_points]
systemconfig.helm_applications =
vault = systemconfig.helm_plugins.vault
systemconfig.helm_plugins.vault =
001_vault = k8sapp_vault.helm.vault:VaultHelm
002_psp-rolebinding = k8sapp_vault.helm.psp_rolebinding:PSPRolebindingHelm
[wheel]
universal = 1

12
python-k8sapp-vault/k8sapp_vault/setup.py Normal file
View File

@ -0,0 +1,12 @@
#
# Copyright (c) 2020 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
import setuptools
setuptools.setup(
setup_requires=['pbr>=2.0.0'],
pbr=True)

26
python-k8sapp-vault/k8sapp_vault/test-requirements.txt Normal file
View File

@ -0,0 +1,26 @@
# The order of packages is significant, because pip processes them in the order
# of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later.
flake8<3.8.0
pycodestyle<2.6.0 # MIT License
hacking>=1.1.0,<=2.0.0 # Apache-2.0
coverage>=3.6
discover
fixtures>=3.0.0 # Apache-2.0/BSD
mock>=2.0.0 # BSD
passlib>=1.7.0
psycopg2-binary
python-subunit>=0.0.18
requests-mock>=0.6.0 # Apache-2.0
sphinx!=1.2.0,!=1.3b1,<1.3,>=1.1.2
oslosphinx<2.6.0,>=2.5.0 # Apache-2.0
oslotest>=3.2.0 # Apache-2.0
stestr>=1.0.0 # Apache-2.0
testrepository>=0.0.18
testtools!=1.2.0,>=0.9.36
tempest-lib<0.5.0,>=0.4.0
ipaddr
pytest
pyudev
migrate
markupsafe

131
python-k8sapp-vault/k8sapp_vault/tox.ini Normal file
View File

@ -0,0 +1,131 @@
[tox]
envlist = flake8,py27,py36,pylint,bandit
minversion = 1.6
# skipsdist = True
#,pip-missing-reqs
# tox does not work if the path to the workdir is too long, so move it to /tmp
toxworkdir = /tmp/{env:USER}_k8svaulttox
stxdir = {toxinidir}/../../..
distshare={toxworkdir}/.tox/distshare
[testenv]
# usedevelop = True
# enabling usedevelop results in py27 develop-inst:
# Exception: Versioning for this project requires either an sdist tarball,
# or access to an upstream git repository.
# Note. site-packages is true and rpm-python must be yum installed on your dev machine.
sitepackages = True
# tox is silly... these need to be separated by a newline....
whitelist_externals = bash
find
install_command = pip install \
-v -v -v \
-c{toxinidir}/upper-constraints.txt \
-c{env:UPPER_CONSTRAINTS_FILE:https://opendev.org/openstack/requirements/raw/branch/stable/stein/upper-constraints.txt} \
{opts} {packages}
# Note the hash seed is set to 0 until can be tested with a
# random hash seed successfully.
setenv = VIRTUAL_ENV={envdir}
PYTHONHASHSEED=0
PYTHONDONTWRITEBYTECODE=1
OS_TEST_PATH=./k8sapp_vault/tests
LANG=en_US.UTF-8
LANGUAGE=en_US:en
LC_ALL=C
EVENTS_YAML=./k8sapp_vault/tests/events_for_testing.yaml
SYSINV_TEST_ENV=True
TOX_WORK_DIR={toxworkdir}
PYLINTHOME={toxworkdir}
deps = -r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
-e{[tox]stxdir}/config/sysinv/sysinv/sysinv
-e{[tox]stxdir}/config/tsconfig/tsconfig
-e{[tox]stxdir}/fault/fm-api
-e{[tox]stxdir}/fault/python-fmclient/fmclient
-e{[tox]stxdir}/utilities/ceph/python-cephclient/python-cephclient
-e{[tox]stxdir}/update/cgcs-patch/cgcs-patch
commands =
find . -type f -name "*.pyc" -delete
[flake8]
exclude = build,dist,tools,.eggs
max-line-length=120
[testenv:flake8]
basepython = python3
deps = -r{toxinidir}/test-requirements.txt
flake8-bugbear
commands =
flake8 {posargs} .
[testenv:py27]
basepython = python2.7
commands =
{[testenv]commands}
stestr run {posargs}
stestr slowest
[testenv:py36]
basepython = python3.6
commands =
{[testenv]commands}
stestr run {posargs}
stestr slowest
[testenv:pep8]
# testenv:flake8 clone
basepython = {[testenv:flake8]basepython}
deps = {[testenv:flake8]deps}
commands = {[testenv:flake8]commands}
[testenv:venv]
commands = {posargs}
[bandit]
[testenv:bandit]
basepython = python3
deps = -r{toxinidir}/test-requirements.txt
bandit
commands = bandit --ini tox.ini -n 5 -r k8sapp_vault
[testenv:pylint]
basepython = python2.7
sitepackages = False
deps = {[testenv]deps}
pylint
commands =
pylint {posargs} k8sapp_vault --rcfile=./pylint.rc
[testenv:cover]
basepython = python2.7
deps = {[testenv]deps}
setenv = {[testenv]setenv}
PYTHON=coverage run --parallel-mode
commands =
{[testenv]commands}
coverage erase
stestr run {posargs}
coverage combine
coverage html -d cover
coverage xml -o cover/coverage.xml
coverage report
[testenv:pip-missing-reqs]
# do not install test-requirements as that will pollute the virtualenv for
# determining missing packages
# this also means that pip-missing-reqs must be installed separately, outside
# of the requirements.txt files
deps = pip_missing_reqs
-rrequirements.txt
commands=pip-missing-reqs -d --ignore-file=/k8sapp_vault/tests k8sapp_vault

1
python-k8sapp-vault/k8sapp_vault/upper-constraints.txt Normal file
View File

@ -0,0 +1 @@
# Override upstream constraints based on StarlingX load

1
requirements.txt Normal file
View File

@ -0,0 +1 @@
# Nothing

14
stx-vault-helm/centos/build_srpm.data Normal file
View File

@ -0,0 +1,14 @@
SRC_DIR="stx-vault-helm"
TAR_NAME=helm-charts-vault-0-6-0
VERSION=1.0.0
TAR="$TAR_NAME.tar.gz"
COPY_LIST="${CGCS_BASE}/downloads/$TAR $PKG_BASE/$SRC_DIR/files/* $PKG_BASE/$SRC_DIR/manifests/*"
TIS_PATCH_VER=0
# Keep the SRCREV in sync with python-k8sapp-cert-manager so the app version is
# the same as the plugin version
#TIS_BASE_SRCREV=94d4c26f982e2e8c222517900c504580d1e3a09d
#TIS_PATCH_VER=GITREVCOUNT

116
stx-vault-helm/centos/stx-vault-helm.spec Normal file
View File

@ -0,0 +1,116 @@
# Application tunables (maps to metadata)
%global app_name vault
%global helm_repo stx-platform
%global armada_folder /usr/lib/armada
# Install location
%global app_folder /usr/local/share/applications/helm
# Build variables
%global helm_folder /usr/lib/helm
%global toolkit_version 0.1.0
Summary: StarlingX Vault Armada Helm Charts
Name: stx-vault-helm
Version: 1.0
Release: %{tis_patch_ver}%{?_tis_dist}
License: Apache-2.0
Group: base
Packager: Wind River <info@windriver.com>
URL: unknown
Source0: helm-charts-vault-0-6-0.tar.gz
Source1: repositories.yaml
Source2: index.yaml
Source3: Makefile
Source4: metadata.yaml
Source5: vault_manifest.yaml
BuildArch: noarch
BuildRequires: helm
BuildRequires: python-k8sapp-vault
BuildRequires: python-k8sapp-vault-wheels
%description
StarlingX Vault Helm Charts
%prep
%setup -n helm-charts-vault
%build
# initialize helm and build the toolkit
# helm init --client-only does not work if there is no networking
# The following commands do essentially the same as: helm init
%define helm_home %{getenv:HOME}/.helm
mkdir %{helm_home}
mkdir %{helm_home}/repository
mkdir %{helm_home}/repository/cache
mkdir %{helm_home}/repository/local
mkdir %{helm_home}/plugins
mkdir %{helm_home}/starters
mkdir %{helm_home}/cache
mkdir %{helm_home}/cache/archive
# Stage a repository file that only has a local repo
cp %{SOURCE1} %{helm_home}/repository/repositories.yaml
# Stage a local repo index that can be updated by the build
cp %{SOURCE2} %{helm_home}/repository/local/index.yaml
# Host a server for the charts
helm serve --repo-path . &
helm repo rm local
helm repo add local http://localhost:8879/charts
# Create the tgz file
cp %{SOURCE3} ./
mkdir ./vault
cp ./Chart.yaml ./vault
mv ./values.yaml ./vault
mv ./templates ./vault/templates
make vault
make psp-rolebinding
cd -
# Terminate helm server (the last backgrounded task)
kill %1
# Create a chart tarball compliant with sysinv kube-app.py
%define app_staging %{_builddir}/staging
%define app_tarball %{app_name}-%{version}-%{tis_patch_ver}.tgz
# Setup staging
mkdir -p %{app_staging}
cp %{SOURCE4} %{app_staging}
cp %{SOURCE5} %{app_staging}
mkdir -p %{app_staging}/charts
cp ./helm-charts-vault/*.tgz %{app_staging}/charts
cd %{app_staging}
# Populate metadata
sed -i 's/@APP_NAME@/%{app_name}/g' %{app_staging}/metadata.yaml
sed -i 's/@APP_VERSION@/%{version}-%{tis_patch_ver}/g' %{app_staging}/metadata.yaml
sed -i 's/@HELM_REPO@/%{helm_repo}/g' %{app_staging}/metadata.yaml
# Copy the plugins: installed in the buildroot
mkdir -p %{app_staging}/plugins
cp /plugins/%{app_name}/*.whl %{app_staging}/plugins
# package it up
find . -type f ! -name '*.md5' -print0 | xargs -0 md5sum > checksum.md5
tar -zcf %{_builddir}/%{app_tarball} -C %{app_staging}/ .
# Cleanup staging
rm -fr %{app_staging}
%install
install -d -m 755 %{buildroot}/%{app_folder}
install -p -D -m 755 %{_builddir}/%{app_tarball} %{buildroot}/%{app_folder}
%files
%defattr(-,root,root,-)
%{app_folder}/*

5
stx-vault-helm/stx-vault-helm/README Normal file
View File

@ -0,0 +1,5 @@
This directory contains all StarlingX charts that need to be built for this
application. Some charts are common across applications. These common charts
reside in the stx-config/kubernetes/helm-charts directory. To include these in
this application update the build_srpm.data file and use the COPY_LIST_TO_TAR
mechanism to populate these common charts.

43
stx-vault-helm/stx-vault-helm/files/Makefile Normal file
View File

@ -0,0 +1,43 @@
#
# Copyright 2017 The Openstack-Helm Authors.
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# It's necessary to set this because some environments don't link sh -> bash.
SHELL := /bin/bash
TASK := build
EXCLUDES := helm-toolkit doc tests tools logs tmp
CHARTS := helm-toolkit $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.)))
.PHONY: $(EXCLUDES) $(CHARTS)
all: $(CHARTS)
$(CHARTS):
@if [ -d $@ ]; then \
echo; \
echo "===== Processing [$@] chart ====="; \
make $(TASK)-$@; \
fi
init-%:
if [ -f $*/Makefile ]; then make -C $*; fi
if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
lint-%: init-%
if [ -d $* ]; then helm lint $*; fi
build-%:
if [ -d $* ]; then helm package $*; fi
clean:
@echo "Clean all build artifacts"
rm -f */templates/_partials.tpl */templates/_globals.tpl
rm -f *tgz */charts/*tgz */requirements.lock
rm -rf */charts */tmpcharts
%:
@:

3
stx-vault-helm/stx-vault-helm/files/index.yaml Normal file
View File

@ -0,0 +1,3 @@
apiVersion: v1
entries: {}
generated: 2019-01-07T12:33:46.098166523-06:00

6
stx-vault-helm/stx-vault-helm/files/metadata.yaml Normal file
View File

@ -0,0 +1,6 @@
maintain_user_overrides: true
app_name: @APP_NAME@
app_version: @APP_VERSION@
helm_repo: @HELM_REPO@

12
stx-vault-helm/stx-vault-helm/files/repositories.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
generated: 2019-01-02T15:19:36.215111369-06:00
repositories:
- caFile: ""
cache: /builddir/.helm/repository/cache/local-index.yaml
certFile: ""
keyFile: ""
name: local
password: ""
url: http://127.0.0.1:8879/charts
username: ""

72
stx-vault-helm/stx-vault-helm/manifests/vault_manifest.yaml Normal file
View File

@ -0,0 +1,72 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: vault
data:
chart_name: vault
release: vault
namespace: vault
wait:
timeout: 1800
labels:
app: vault
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
app: vault
values:
global:
enabled: true
injector:
enabled: true
image:
repository: hashicorp/vault-k8s
tag: 0.4.0
agentImage:
repository: vault
tag: 1.4.2
server:
image:
repository: vault
tag: 1.4.2
auditStorage:
enabled: true
size: 10Gi
ha:
enabled: true
replicas: 3
raft:
enabled: true
extraLabels:
app: vault
source:
type: tar
location: http://172.17.0.1/helm_charts/stx-platform/vault-0.6.0.tgz
subpath: vault
reference: master
dependencies: []
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: vault
data:
description: "Deploy Vault"
sequenced: false
chart_group:
- vault
---
schema: armada/Manifest/v1
metadata:
schema: metadata/Document/v1
name: vault-manifest
data:
release_prefix: stx
chart_groups:
- vault

3
test-requirements.txt Normal file
View File

@ -0,0 +1,3 @@
# hacking pulls in flake8
hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0
bashate >= 0.2

35
tox.ini Normal file
View File

@ -0,0 +1,35 @@
[tox]
envlist = linters
minversion = 2.3
skipsdist = True
sitepackages=False
[testenv]
install_command = pip install -U {opts} {packages}
setenv =
VIRTUAL_ENV={envdir}
OS_STDOUT_CAPTURE=1
OS_STDERR_CAPTURE=1
OS_DEBUG=1
OS_LOG_CAPTURE=1
deps =
-r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
whitelist_externals =
bash
[testenv:bashate]
# Treat all E* codes as Errors rather than warnings using: -e 'E*'
commands =
bash -c "find {toxinidir} \
-not \( -type d -name .?\* -prune \) \
-type f \
-not -name \*~ \
-not -name \*.md \
-name \*.sh \
-print0 | xargs -r -n 1 -0 bashate -v \
-e 'E*'"
[testenv:linters]
commands =
{[testenv:bashate]commands}