b22fa5d2f3
The framework for being able to do RBAC unit testing in Deckhand was added here: #I86f269a5b616b518e5f742a4005891412226fe2a https://review.gerrithub.io/#/c/381205/ This PS expands on that foundation by implementing negative RBAC tests for the remainder of the Deckhand APIs. Negative testing means attempting to call APIs with insufficient permissions and expecting 403s or empty response bodies, depending on whether the policy enforcement is critical or conditionally applied. Also fixes a minor bug related to returning a deleted document for the endpoint PUT /api/v1.0/bucket/{bucket_name}/documents Change-Id: I7ae50f300c1c877c3c162a032611a380f8948065 |
||
---|---|---|
charts/deckhand | ||
deckhand | ||
doc/source | ||
etc/deckhand | ||
releasenotes | ||
tools | ||
.coveragerc | ||
.gitignore | ||
.gitreview | ||
.testr.conf | ||
AUTHORS | ||
Dockerfile | ||
HACKING.rst | ||
LICENSE | ||
Makefile | ||
README.rst | ||
entrypoint.sh | ||
requirements.txt | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini | ||
uwsgi.ini |
README.rst
Deckhand
Deckhand is a document-based configuration storage service built with auditability and validation in mind.
Core Responsibilities
- layering - helps reduce duplication in configuration while maintaining auditability across many sites
- substitution - provides separation between secret data and other configuration data, while allowing a simple interface for clients
- revision history - improves auditability and enables services to provide functional validation of a well-defined collection of documents that are meant to operate together
- validation - allows services to implement and register different kinds of validations and report errors
Getting Started
To generate a configuration file automatically:
$ tox -e genconfig
Resulting deckhand.conf.sample file is output to :path:etc/deckhand/deckhand.conf.sample
Copy the config file to a directory discoverably by
oslo.conf
:
$ cp etc/deckhand/deckhand.conf.sample ~/deckhand.conf
To setup an in-memory database for testing:
[database]
#
# From oslo.db
#
# The SQLAlchemy connection string to use to connect to the database.
# (string value)
connection = sqlite:///:memory:
To run locally in a development environment:
$ sudo pip install uwsgi
$ virtualenv -p python3 /var/tmp/deckhand
$ . /var/tmp/deckhand/bin/activate
$ sudo pip install .
$ sudo python setup.py install
$ uwsgi --ini uwsgi.ini
Testing
Automated Testing
To run unit tests using sqlite, execute:
$ tox -epy27
$ tox -epy35
against a py27- or py35-backed environment, respectively. To run individual unit tests, run:
$ tox -e py27 -- deckhand.tests.unit.db.test_revisions
for example.
To run unit tests using postgresql, postgresql must be installed in your environment. Then execute:
$ tox -epy27-postgresql
$ tox -epy35-postgresql
To run functional tests:
$ tox -e functional
You can also run a subset of tests via a regex:
$ tox -e functional -- gabbi.suitemaker.test_gabbi_document-crud-success-multi-bucket
Intgration Points
Deckhand has the following integration points:
- Keystone (OpenStack Identity service) provides authentication and support for role based authorization.
- PostgreSQL is used to persist information to correlate workflows with users and history of workflow commands.
Though, being a low-level service, has many other UCP services that integrate with it, including: