2bc0c07b01
This PS resolves a bug related to the _substitution_sources in secrets_manager.SecretsSubstitution not getting updated with the most recently updated layering data. Currently, the DocumentLayering class, during initialization, passes the list of substitution sources to the SecretsSubstitution class as an optimization. During layering, documents that are substitution sources can have their data updated -- and if their data is not updated then that implies that a substitution source's data is stale -- causing future substitutions using that substitution source data to use stale data. The solution is to introduce a new method called `update_substitution_sources` which updates a specific substitution source entry with the most update-to-date layered data following every single layering update, such that all substitution sources should always have the most up-to-date data. Change-Id: Idc375cfdf17375d3c401342dff259bdcd1718941 |
||
|---|---|---|
| charts/deckhand | ||
| deckhand | ||
| doc | ||
| etc/deckhand | ||
| releasenotes | ||
| tools | ||
| .coveragerc | ||
| .dockerignore | ||
| .gitignore | ||
| .gitreview | ||
| .testr.conf | ||
| Dockerfile | ||
| HACKING.rst | ||
| LICENSE | ||
| Makefile | ||
| README.rst | ||
| entrypoint.sh | ||
| requirements.txt | ||
| setup.cfg | ||
| setup.py | ||
| test-requirements.txt | ||
| tox.ini | ||
| uwsgi.ini | ||
README.rst
Deckhand
Deckhand is a storage service for YAML-based configuration documents, which are managed through version control and automatically validated. Deckhand provides users with a variety of different document types that describe complex configurations using the features listed below.
Core Responsibilities
- layering - helps reduce duplication in configuration while maintaining auditability across many sites
- substitution - provides separation between secret data and other configuration data, while allowing a simple interface for clients
- revision history - improves auditability and enables services to provide functional validation of a well-defined collection of documents that are meant to operate together
- validation - allows services to implement and register different kinds of validations and report errors
Getting Started
For more detailed installation and setup information, please refer to the Getting Started guide.
Testing
Automated Testing
To run unit tests using sqlite, execute:
$ tox -epy27
$ tox -epy35against a py27- or py35-backed environment, respectively. To run individual unit tests, run:
$ tox -e py27 -- deckhand.tests.unit.db.test_revisionsfor example.
To run functional tests:
$ tox -e functionalYou can also run a subset of tests via a regex:
$ tox -e functional -- gabbi.suitemaker.test_gabbi_document-crud-success-multi-bucketIntgration Points
Deckhand has the following integration points:
- Keystone (OpenStack Identity service) provides authentication and support for role based authorization.
- PostgreSQL is used to persist information to correlate workflows with users and history of workflow commands.
Note
Currently, other database backends are not supported.
Though, being a low-level service, has many other UCP services that integrate with it, including: