- adjusted .gitignore to keep fresh egg-info and omit build artifacts
- fresh egg-info data is needed for promenade that depends on Deckhand
- restored deckhand-functional-uwsgi-py38 gate
- restored deckhand-integration-uwsgi-py38 gate
- made deckhand-airskiff-deployment gate voting ( treasuremap project
has been updated)
- removed bionic gates
- updated focal dockerfile
- added more binary deps into bindep.txt
- updated deckhand chart values to latest images - focal and wallaby
- fixed python code to compy with CVE's found by fresh version of bandit
- implemented pip freeze approach
- added tox -e freeze profile to manage it
- requirements-frozen.txt is now main file with requirements
- requirements-direct.txt is the file to control deps
- updated setup.cfg to adjust to newer version of setuptools
- fixed airskiff-deploy gate
- fixed docker-image-build playbook to restore Quay repo image publish
- updated other playbooks to include roles from zuul/base-jobs in order
to setup build hosts properly
- removed workaround with hardcoded dns resolver ip 10.96.0.10 as it
became obsolette due to recent fix in openstack-helm-infra
- adjusted tools/whitespace-linter.sh script
- tox.ini has been brought to compliance with tox4 requirements
- replaced str() calls with six.text_type() according to D325 Deckhand specific
commandment from Hacking.rst
- locked python-barbicanclient version with 5.2.0 because of breaking
changes in the upper versions
Change-Id: I1cd3c97e83569c4db7e958b3400bdd4b7ea5e668
update dockerfile for python deckhand install
add deckhand version to chart 1.0
add chart version 0.2.0
update all packages to latest in requirements.txt
update zuul jobs for focal and python 3.8
remove zuul job functional-uwsgi-py38 in favor of functional-docker-py38
update tox config
typecast to string in re.sub() function
add stestr to test-requirements.txt
add SQLAlchemy jsonpickle sphinx-rtd-theme stestr to requirements.txt
deprecated function: BarbicanException -> BarbicanClientException
fix mock import using unittest
fix import collections to collections.abc
fix for collections modules for older than python 3.10 versions.
deprecated function: json -> to_json
deprecated function: werkzeug.contrib.profiler ->
werkzeug.middleware.profiler
deprecated function: falcon.AIP -> falcon.App
deprecation warning: switch from resp.body to resp.text
rename fixtures to dh_fixtures because there is an imported module
fixtures
switch from stream.read to bounded_stream.read
deprecated function: falcon process_response needed additional parameter
deprecated function: falcon default_exception_handler changed parameter
order
move from MagicMock object to falcon test generated object to fix
incompatability with upgraded Falcon module.
Adjust gabbi tests to fix incompatability with upgraded DeepDiff module
update Makefile to execute ubuntu_focal
update HTK (helmtoolkit)
unpin barbican to pass integration tests
Use helm 3 in chart build.
`helm serve` is removed in helm 3 so this moves
to using local `file://` dependencies [0] instead.
Change-Id: I180416f480edea1b8968d80c993b3e1fcc95c08d
Unpin python3-six for Opensuse image build.
Update helm-toolkit stable commit to merge of this change:
https://review.opendev.org/#/c/803654/
Update the helm installation script to download and install v2.17.0
Fix integration tests by pinning Barbican to stable commit.
Pinn jsonschema to 4.0.0a2 to fix tox tests
Change-Id: I2badd0e2f6c934098f0c9f5ef7e52354756c12e0
When pip is upgraded to 20.3, the pip dependency resolver is much more
strict and will no longer install a combination of packages that is mutually
inconsistent[0].
These changes account for the fact that Shipyard imports Armada, Drydock,
Promenade, and Deckhand. Having said that, with pip 20.3, the pip
packages amongst those projects cannot conflict. A follow-up change may
be needed if more conflicts are found.
[0] https://pip.pypa.io/en/latest/user_guide/#changes-to-the-pip-dependency-resolver-in-20-2-2020
Change-Id: Id75acea82ddf5d915a8b8805e076dac49cab800f
Patch PyYAML (via the pylibyaml library) to automatically enable the
LibYAML parser and emitter, which are faster than the Python versions.
https://pypi.org/project/pylibyaml/
Change-Id: Iebcc50b5db87518b3b7e0fac124c712afd06da2b
Updated obsolete uwsgi default configuration parameters for better
performance.
Increased number of worker threads to increase performance.
Uplifted uwsgi to the latest for bug fixes since 2018.
For more info please see:
https://uwsgi-docs.readthedocs.io/en/latest/ThingsToKnow.html
Change-Id: Ifedb9c6279e64be86deb6ec375810c5ecf97958a
- With Ubuntu bionic based deckhand docker image, uswsi crashes with
segmentation fault when it tries to load psycopg2 library, causing
the deckhand service become unavailable.
The root cause of this problem seems to be that uwsgi and psycopg2
binary wheels are built with different ssl libraries.
To address this issue, upgrading psycopg2 to the latest release to
the latest binary release.
- For opensuse 15.1 image build, python3-six was updated to address
package not found issue.
- Updated gating ansbile playbooks to address non-voting gate failures.
Change-Id: I7be920e16e6114eb2bdbc052a6761f29008baf81
- Added ability to build deckhand docker image, using either the
Ubuntu xenial or the Ubuntu bionic base image.
- Made the bionic base image the default base image for deckhand
docker image build.
Change-Id: I26657de34a233ee3223a7f93fc667e734ac9140b
Apache-airflow release 1.10.3 and later use Flask 1.10.1,
which needs at least Werkzeug 0.15.1.
https://issues.apache.org/jira/browse/AIRFLOW-4900
Airflow depends on deckhand for document validation. But,
deckhand locks the Werkzeug package version to 0.14.1,
which breaks airflow.
This PS lets deckhand use the latest Werkzeug available release.
Change-Id: I4385a69c41571010c426dfaee1082109914c7d2a
Upgrades the six package from 1.11.0 to 1.12.0 to match requirement in
Pegleg
Adds system six 1.12.0 installation in OpenSUSE dockerfile.
Change-Id: Ie03235157c4b30e8e94866ea5bd8f634b61eb0d8
Pegleg Promenade Deckhand and Shipyard should all use same versions
of packages when able. Requests currently is giving a warning
in Pegleg:
ERROR: deckhand 0.0.1.dev657 has requirement urllib3==1.24, but
you'll have urllib3 1.24.3 which is incompatible.
Change-Id: I271da8c5e3bcf635b24f88c69d966cd39e7ec7f6
Deckhand's integration job relies on OpenStack-Helm-Infra to deploy
Kubernetes using Kubeadm. Since [0] was merged, Calico requires AppArmor
to be deployed. This commit adds the same role to deploy AppArmor that
exists in OpenStack-Helm-Infra to prevent inadvertent gate failures.
[0] https://review.openstack.org/614805/
This also includes gate fix in https://review.openstack.org/#/c/627906/
because of a circular dependency; that change in question fixes
failing CI jobs for all non-integration jobs.
Change-Id: Ie3fb04ea0fbe0487ae743033315e2a4211248d32
Version 4.17.0 of the `keystonemiddleware` package is incompatible
Python 3 and will cause Deckhand operations to fail when using
Keystone authentication. This change uplifts the versions in
`requirements.txt` using pur (see [0]).
[0] https://pypi.org/project/pur/
Change-Id: Ie63add37828e4b859751b9c45d05164be31d4a33
1. There is no exception called `InvalidRollback` in Deckhand (it
was removed a while back). Instead, the only exception that
db_api.revision_rollback raises is RevisionNotFound from
the revision_get call internally.
So catch that instead from the controller.
2. The default value of parameters is `str` so when revision_id
of '0' is passed to the db module for processing, it skips over
the check for `if revision_id == 0` as revision_id is a str,
not int. So this leverages builtin int converter logic in
falcon [0] but requires uplifting the version of falcon to
at least 1.3.0 to make use of it [1].
[0] https://falcon.readthedocs.io/en/stable/api/routing.html#field-converters
[1] https://falcon.readthedocs.io/en/1.3.0/api/routing.html#field-converters
Change-Id: I068cd9e9b6818a5d51501f2718ee2d40d556c094
This patch set pins down package requirements for the following
reasons:
* Inconsistencies between ranges and direct pins
* Deckhand isn't gated against requirements repo so changes to
some packages isn't actively tested
* Other Airship components use pins, so Deckhand might break them
when package requirements go out of sync between components
* Deckhand as of yet has no stable release so Airship relies on
master for stability so it is better to ensure stability over
anything else
Change-Id: I20ef4be3e01cd267771098d33447ccb61aee20b4
This patch set pins oslo.messaging to the last stable version
to fix the gate [0]. 9.0.0 is incompatible with current
requirements.
[0] https://pypi.org/project/oslo.messaging/#history
Change-Id: I6cf3e9f33ac3efcbf48675273899af38fef86e91
GET /revisions/{{revision_id}}/deepdiff/{{comparison_revision_id}}
- Added deepdiff api for generating diff between
two rendered documents.
- Deep diffing for data and metadata
- Refactor diff functions
- Client update
- Added unit testcases
- Added funtional testcases
- Doc update
Change-Id: Ib60fa60a3b33e9125a1595a999272ca595721b38
Use of memcached, which is enabled by default in the Deckhand Helm
chart, requires the cryptography package.
Change-Id: I13970b43bf5616d4e0ece933d438a55245eea4e0
This patchset uses beaker (used by Promenade and Drydock) to
achieve better caching around jsonpath-ng wrapper functions
(jsonpath_replace and jsonpath_parse).
Change-Id: Ifae24775b4741ade7673dc91776c35d2de5b9065
This simply updates Deckhand's package versions in
test-requirements.txt and requirements.txt using `pur -r` command
line tool.
Change-Id: If4bbd85190502c52a7f10adf6af750172b54c234
This patch set allows the functional gate of airship-deckhand to pass
once again.
Change-Id: I72406464ee490319dc6fa31851a235f0b5850467
Signed-off-by: Tin Lam <tin@irrational.io>
Updates Deckhand to use alembic to manage database upgrades.
Moves from creating tables at startup of Deckhand to the
db-sync job.
Change-Id: I6f4cb237fadc46fbee81d1c33096f48a720f589f
- Seeing issues with a lot of Drydock
requests timing out and it seems to be a
downstream issue with pulling Deckhand
docs
- Add jsonpath cacheing as the jsonpath-ng
parser was consuming 54s of the total 56s
runtime of a rendered-documents GET call.
With caching, the call is taking closer to 2s.
- All add a .dockerignore file to make image
building a little faster
Change-Id: I6ef84ffd946dcf2713b4f7570b985156deb1d697
Currently, Deckhand fails to perform substitution given
a substitution dependency chain for a group of documents.
That is, if A depends on B and C depends on B for substitution
then substitution will fail. Deckhand, at present, can only
perform substitution if A depends on B and C depends on B
and D depends on B, for example: In this case, the dependency
chain is no bigger than 2.
However, for cases where the substitution dependency chain
is larger than 2, then the dependency is no longer trivial. This
is because the substitution dependencies form a DAG that must
be topologically sorted in order to derive the correct order of
substitution. Once the documents are correctly sorted according
to this scheme, then substitution can be carried out as usual.
This PS makes the aforementioned changes to Deckhand's layering
module to make substitution work for non-cyclical dependencies:
A DAG is used to topologically sort the documents according to
their substitution dependency chain. A unit and functional
test has been added to verify the code.
If a cycle is detected, a critical error is thrown. Unit tests
have been added to validate this case as well.
Change-Id: Iaca3963f44aec6c897ad9fd690ce314a3a4d97a2
Also, this accounts for the the resp.to_dict() call not absorbing
the secret_ref key.
This commit also adds type mapping for missing secret types to
their barbican equivalents.
Change-Id: Idd4895fd441443a3dc41a3358edf6bd3648be5c1
This PS implements the Deckhand API client library
which is based off the python-novaclient code base.
The client library includes managers for all the
Deckhand APIs.
The following features have been implemented:
* Framework for API client library
* Manager for each Deckhand API (buckets, revisions, etc.)
* API client library documentation
Tests will be added in a follow-up (once Deckhand functional
tests use Keystone).
Change-Id: I829a030738f42dc7ddec623d881a99ed97d04520
This PS integrates Deckhand with keystone auth so
that Deckhand can check whether a keystone token is
authenticated (by way of keystonemiddleware)
before proceeding with any requests.
The architecture for this PS is borrowed from [0]
which successfully integrates keystone authentication
with the falcon web application framework. However,
additional Deckhand-specific changes were made for
tests to pass.
The following changes have been made:
- add paste deploy configuration file which adds
keystonemiddleware integration to Deckhand; this
makes it trivial for keystonemiddleware to determine
whether a token in the X-Auth-Token header is authenticated
- use paste.deploy to create a web app
- update unit tests for testing controllers
- update functional test script to ignore keystone authentication
because functional tests don't currently support keystone
integration
[0] https://github.com/stannum-l/nautilus
Change-Id: I6eeeb4a4d9ab1f1cc8fb338e5cc21136ab4d5684
This PS adds support for filtering revisions and
revision documents documents by any legal filter
(those enumerated in the design document).
Deckhand now supports the following filter arguments:
* schema
* metadata.name
* metadata.label
* metadata.layeringDefinition.abstract
* metadata.layeringDefinition.layer
* status.bucket
Deckhand now supports the following filter arguments for filtering
revisions:
* tag
Deckhand now supports multiple filters, e.g.:
* ?metdata.layeringDefinition.layer=site&metadata.name=foo
Deckhand now supports repeated filters, e.g.:
* ?metadata.label=foo=bar&metadata.label=baz=qux
The following has yet to be implemented will be done in a future
follow-up PS:
- support sorting by specific keywords as well
- support query limit and offset filters
Change-Id: I8558481e075715fe7fab98140094d37782a986d9
Currently, Deckhand is not fully compatible with postgresql as
it uses sqlite for all of its testing, including functional testing.
Since postgresql will be used in prod, Deckhand obviously must
support it, in addition to sqlite, needed for unit testing.
This commit alters the functional testing script to use postgresql
as well as makes necessary back-end changes to support postgresql.
Included in this commit:
- alter tools/functional-tests.sh so that it uses postgresql
as the db connection
- modifies primary key for Bucket DB model to be an Integer rather
than a String
- updates foreign key to point to new primary key
- updates necessary integration logic so that the bucket name
is still known by the Document DB model and returned in
appropriate response bodies
Change-Id: I7bc806fb18f7b47c13978dcd806d422a573a06b3
Update test-requirements.txt to use latest version of:
* hacking
Enable the following off-by-default checks:
* [H203] Use assertIs(Not)None to check for None.
* [H204] Use assert(Not)Equal to check for equality.
* [H205] Use assert(Greater|Less)(Equal) for comparison.
* [H210] Require ‘autospec’, ‘spec’, or ‘spec_set’ in
mock.patch/mock.patch.object calls
* [H904] Delay string interpolations at logging calls.
Made minimal code changes to comply with changes.
Change-Id: I3559ead76b5476650d7193e7023d349175234922
1) Add Dockerfile
2) Add entrypoint.sh
3) Add uwsgi in requirements.txt and remove it from
tox.ini
Change-Id: Ie9086335b5e6403e5b1e46981db110894606b9d1
This commit adds oslo.config options for keystone auth and
updates Deckhand's request context to use oslo_context for
facilitating integration with keystone auth options.
Change-Id: Ifd170e1a192402a970f8538f0c06bf017fe77f88
This commit fixes flake8 errors and fixes a minor bug related to
a schema version being v1 rather than v1.0.
OpenStack hacking rules are used to pin down flake8 to sane
standards using [0].
[0] 06e676c461/test-requirements.txt (L5)
Change-Id: Ib236df6f5ec9505c0e635f0faa9877d3397a2e55
This commit adds the following namespaces to deckhand's
config-generator.conf file used by oslo-config-generator
to generate deckhand's conf file automatically:
* oslo.db
* oslo.db.concurrency
* oslo.log
This will automatically populate the generate conf file with
needed oslo config options.
Previously Deckhand was using manual validation of YAML files.
However, schema validation is much cleaner, robust and thorough.
So, this commit adds jsonschema as a dependence in Deckhand.
Tempest already uses it as a dependence as well -- so a precedence
already exists.
This commit also updates unit tests as needed. Documentation
changes will be made in a follow-up patch.
This commit implements the core Deckhand API framework.
It does not implement any real API routes. The core
framework is modeled after Drydock's [0].
This commit specifically:
- implements the core API framework which uses falcon
- implements errors.py for preliminary errors
- implements base resource class from which other API
resources will inherit to build out the API itself
- implements base API router
- implements entry-point for kicking off deckhand
- updates base README.rst with instructions on
- running and installing -- similar to Drydock's
- implements dummy API resource for secrets, to
be fleshed out further in a follow-up commit
[0] https://github.com/att-comdev/drydock