A configuration management service with support for secrets.

Go to file

Felipe Monteiro 582dee6fb9 DECKHAND-61: oslo.policy integration This PS implements oslo.policy integration in Deckhand. The policy.py file implements 2 types of functions for performing policy enforcement in Deckhand: authorize, which is a decorator that is used directly around falcon on_HTTP_VERB methods that raises a 403 immediately if policy enforcement fails; and conditional_authorize, to be used inside controller code conditionally. For example, since Deckhand has two types of documents with respect to security -- encrypted and cleartext documents -- policy enforcement is conditioned on the type of the documents' metadata.storagePolicy. Included in this PS: - policy framework implementation - policy in code and policy documentation for all Deckhand policies - modification of functional test script to override default admin-only policies with custom policy file dynamically created using lax permissions - bug fix for filtering out deleted documents (and its predecessors in previous revisions) for PUT /revisions/{revision_id}/documents - policy documentation - basic unit tests for policy enforcement framework - allow functional tests to be filtered via regex Due to the size of this PS, functional tests related to policy enforcement will be done in a follow up. Change-Id: If418129f9b401091e098c0bd6c7336b8a5cd2359		2017-10-07 18:43:28 +01:00
deckhand	DECKHAND-61: oslo.policy integration	2017-10-07 18:43:28 +01:00
doc	DECKHAND-61: oslo.policy integration	2017-10-07 18:43:28 +01:00
etc/deckhand	DECKHAND-61: oslo.policy integration	2017-10-07 18:43:28 +01:00
releasenotes	DECKHAND-61: oslo.policy integration	2017-10-07 18:43:28 +01:00
tools	DECKHAND-61: oslo.policy integration	2017-10-07 18:43:28 +01:00
.coveragerc	Add Deckhand coverage job	2017-08-15 16:11:35 -04:00
.gitignore	Add Deckhand coverage job	2017-08-15 16:11:35 -04:00
.gitreview	Add gitreview file	2017-08-11 01:22:26 -05:00
.testr.conf	[feat] DECKHAND-28: Document pre-validation logic and API integration	2017-08-08 18:52:44 +01:00
AUTHORS	Initial implementation of buckets	2017-08-24 20:58:26 +01:00
Dockerfile	DeckHand Dockerfile	2017-09-14 16:50:06 +00:00
HACKING.rst	Add sphinx job for auto-generating docs	2017-09-21 16:16:23 +01:00
LICENSE	Initial commit	2017-06-16 08:29:03 -07:00
README.rst	[feat] DECKHAND-28: Document pre-validation logic and API integration	2017-08-08 18:52:44 +01:00
entrypoint.sh	DeckHand Dockerfile	2017-09-14 16:50:06 +00:00
requirements.txt	Support filtering revision (documents) by any legal filter	2017-10-06 16:48:45 -04:00
setup.cfg	DECKHAND-61: oslo.policy integration	2017-10-07 18:43:28 +01:00
setup.py	Oslo config integration (#1 )	2017-06-26 16:57:50 -07:00
test-requirements.txt	Add releasenote management	2017-10-03 20:58:12 +01:00
tox.ini	DECKHAND-61: oslo.policy integration	2017-10-07 18:43:28 +01:00

README.rst

Deckhand

A foundational python REST YAML processing engine providing data and secrets management to other platform services.

To generate a configuration file automatically:

$ tox -e genconfig

Resulting deckhand.conf.sample file is output to :path:etc/deckhand/deckhand.conf.sample

Copy the config file to a directory discoverably by oslo.conf:

$ cp etc/deckhand/deckhand.conf.sample ~/deckhand.conf

To setup an in-memory database for testing:

[database]

#
# From oslo.db
#

# The SQLAlchemy connection string to use to connect to the database.
# (string value)
connection = sqlite:///:memory:

To run locally in a development environment:

$ sudo pip install uwsgi
$ virtualenv -p python3 /var/tmp/deckhand
$ . /var/tmp/deckhand/bin/activate
$ sudo pip install .
$ sudo python setup.py install
$ uwsgi --http :9000 -w deckhand.cmd --callable deckhand_callable --enable-threads -L