From 431f8e08744c6aec444ee70092db4728a2e32665 Mon Sep 17 00:00:00 2001 From: Cole Walker Date: Thu, 2 Jul 2020 12:07:51 -0400 Subject: [PATCH] Initial commit for stx-vault app Story: 2007718 Task: 40272 Depends-On: https://review.opendev.org/739486 Change-Id: I6326fe94f79694c80dbf585df7311fdde46faf9e Signed-off-by: Cole Walker --- .zuul.yaml | 103 ++++++++ CONTRIBUTING.rst | 16 ++ HACKING.rst | 17 ++ centos_build_layer.cfg | 1 + centos_iso_image.inc | 1 + centos_pkg_dirs | 2 + centos_pkg_dirs_containers | 2 + centos_tarball-dl.lst | 1 + config | 12 + github_sync.trigger | 2 + python-k8sapp-vault/centos/build_srpm.data | 7 + .../centos/python-k8sapp-vault.spec | 61 +++++ python-k8sapp-vault/k8sapp_vault/.gitignore | 35 +++ python-k8sapp-vault/k8sapp_vault/.stestr.conf | 4 + python-k8sapp-vault/k8sapp_vault/LICENSE | 202 +++++++++++++++ python-k8sapp-vault/k8sapp_vault/README.rst | 7 + .../k8sapp_vault/k8sapp_vault/__init__.py | 0 .../k8sapp_vault/common/__init__.py | 0 .../k8sapp_vault/common/constants.py | 10 + .../k8sapp_vault/helm/__init__.py | 0 .../k8sapp_vault/helm/psp_rolebinding.py | 43 ++++ .../k8sapp_vault/k8sapp_vault/helm/vault.py | 51 ++++ .../k8sapp_vault/tests/__init__.py | 0 .../k8sapp_vault/tests/test_plugins.py | 42 ++++ .../k8sapp_vault/tests/test_vault.py | 51 ++++ python-k8sapp-vault/k8sapp_vault/pylint.rc | 238 ++++++++++++++++++ .../k8sapp_vault/requirements.txt | 2 + python-k8sapp-vault/k8sapp_vault/setup.cfg | 40 +++ python-k8sapp-vault/k8sapp_vault/setup.py | 12 + .../k8sapp_vault/test-requirements.txt | 26 ++ python-k8sapp-vault/k8sapp_vault/tox.ini | 131 ++++++++++ .../k8sapp_vault/upper-constraints.txt | 1 + requirements.txt | 1 + stx-vault-helm/centos/build_srpm.data | 14 ++ stx-vault-helm/centos/stx-vault-helm.spec | 116 +++++++++ stx-vault-helm/stx-vault-helm/README | 5 + stx-vault-helm/stx-vault-helm/files/Makefile | 43 ++++ .../stx-vault-helm/files/index.yaml | 3 + .../stx-vault-helm/files/metadata.yaml | 6 + .../stx-vault-helm/files/repositories.yaml | 12 + .../manifests/vault_manifest.yaml | 72 ++++++ test-requirements.txt | 3 + tox.ini | 35 +++ 43 files changed, 1430 insertions(+) create mode 100644 .zuul.yaml create mode 100644 CONTRIBUTING.rst create mode 100644 HACKING.rst create mode 100644 centos_build_layer.cfg create mode 100644 centos_iso_image.inc create mode 100644 centos_pkg_dirs create mode 100644 centos_pkg_dirs_containers create mode 100644 centos_tarball-dl.lst create mode 100644 config create mode 100644 github_sync.trigger create mode 100644 python-k8sapp-vault/centos/build_srpm.data create mode 100644 python-k8sapp-vault/centos/python-k8sapp-vault.spec create mode 100644 python-k8sapp-vault/k8sapp_vault/.gitignore create mode 100644 python-k8sapp-vault/k8sapp_vault/.stestr.conf create mode 100644 python-k8sapp-vault/k8sapp_vault/LICENSE create mode 100644 python-k8sapp-vault/k8sapp_vault/README.rst create mode 100644 python-k8sapp-vault/k8sapp_vault/k8sapp_vault/__init__.py create mode 100644 python-k8sapp-vault/k8sapp_vault/k8sapp_vault/common/__init__.py create mode 100644 python-k8sapp-vault/k8sapp_vault/k8sapp_vault/common/constants.py create mode 100644 python-k8sapp-vault/k8sapp_vault/k8sapp_vault/helm/__init__.py create mode 100644 python-k8sapp-vault/k8sapp_vault/k8sapp_vault/helm/psp_rolebinding.py create mode 100644 python-k8sapp-vault/k8sapp_vault/k8sapp_vault/helm/vault.py create mode 100644 python-k8sapp-vault/k8sapp_vault/k8sapp_vault/tests/__init__.py create mode 100644 python-k8sapp-vault/k8sapp_vault/k8sapp_vault/tests/test_plugins.py create mode 100644 python-k8sapp-vault/k8sapp_vault/k8sapp_vault/tests/test_vault.py create mode 100644 python-k8sapp-vault/k8sapp_vault/pylint.rc create mode 100644 python-k8sapp-vault/k8sapp_vault/requirements.txt create mode 100644 python-k8sapp-vault/k8sapp_vault/setup.cfg create mode 100644 python-k8sapp-vault/k8sapp_vault/setup.py create mode 100644 python-k8sapp-vault/k8sapp_vault/test-requirements.txt create mode 100644 python-k8sapp-vault/k8sapp_vault/tox.ini create mode 100644 python-k8sapp-vault/k8sapp_vault/upper-constraints.txt create mode 100644 requirements.txt create mode 100644 stx-vault-helm/centos/build_srpm.data create mode 100644 stx-vault-helm/centos/stx-vault-helm.spec create mode 100644 stx-vault-helm/stx-vault-helm/README create mode 100644 stx-vault-helm/stx-vault-helm/files/Makefile create mode 100644 stx-vault-helm/stx-vault-helm/files/index.yaml create mode 100644 stx-vault-helm/stx-vault-helm/files/metadata.yaml create mode 100644 stx-vault-helm/stx-vault-helm/files/repositories.yaml create mode 100644 stx-vault-helm/stx-vault-helm/manifests/vault_manifest.yaml create mode 100644 test-requirements.txt create mode 100644 tox.ini diff --git a/.zuul.yaml b/.zuul.yaml new file mode 100644 index 0000000..7dd42ac --- /dev/null +++ b/.zuul.yaml @@ -0,0 +1,103 @@ +--- +- project: + check: + jobs: + - openstack-tox-linters + gate: + jobs: + - openstack-tox-linters + post: + jobs: + - stx-vault-armada-app-upload-git-mirror + +- job: + name: stx-vault-armada-app-upload-git-mirror + parent: upload-git-mirror + description: > + Mirrors opendev.org/starlingx/vault-armada-app to + github.com/starlingx/vault-armada-app + vars: + git_mirror_repository: starlingx/vault-armada-app + secrets: + - name: git_mirror_credentials + secret: stx-vault-armada-app-github-secret + pass-to-parent: true + +- secret: + name: stx-vault-armada-app-github-secret + data: + user: git + host: github.com + # yamllint disable-line rule:line-length + host_key: github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== + ssh_key: !encrypted/pkcs1-oaep + - M9/eBIvjveG8F1/YHXenJhuIi2nRigBs0vwNwEtwCp+l0sXVMHj9wDYRKegZqsAJRw4Pf + c9j6T+3DaCP8rlYOZXeaVMZb9WGWbwNDv8jBOzuW1k5rHbzmQOVKfTlz0b0acgEBPbwJy + bf1mVI02Qfs9Fgz9G+ytS8Xd3itNYvN/OoeRkEqiMpDLwoyXxHUqx/gpN4G4fFxuRTDsw + rENwVFbgRjlY98DwQvpdVgbI+TT9YPrKOD59phYrGOkfCZA2fwleOS8Ps+nDNNAO+l0BW + LiWBipBQPwkkFHgKcARA2Axs9Tao3WME+YiiL1Suh99kk1D8C2XvZT9XdBY0e63QhnCLd + fUXqrrL5jputZ/iKC7vBc1z+p3CE64aq7v9OJPP+f5e2xH7xXIBoCco2Uftp35dlvn2Tz + f/odMj/q2ewj3yXONYso+UJhvnes+usQ3FPr3Hdb7vet5LPeR75YwYWjingsrxsViYwMa + Q0Msf+S1YY1tfm/f4GjZ6z6nXspXNsS3LpGWySO5o0PspdGaxbcXHA0H0T4v0iacRxVsY + zSCa9coDhSNN4itoDfz7Zn9DvsJH3PL2RsI2eS9+0tQc42Nr03eRPEeuiHezY+aOjSQfs + rYxs5ZYoClIgMmwyJ5iujcPwQewDN4u2dU7YDUu2Ye4BUZlT8ALb3QEamUYt/U= + - mOAd1R3hc670dxRgkxyUzI554YRbJY3liCCbpYdUJn27wptGwr1fhd/g4UqxytF44PUPU + 7xRH54DK8JG/F1F61stUKmx1Zoh1MaiZRz2pxEfwlZcYPv/mKJ/7vEItCVjh4u57R9BVL + 0cwQzj6maLc3n5M2oy74JgigLp6IvJqBeNnhwRYfVfZRDyjClLE14ZOU4iyCqetx8AWzf + sKxuIZGUSAYJUEQBrLeo4KV5qf1z6NcvjnNVEU1P+YnJIA3Tymw8epqDM9CKTwRhcKJG3 + rrnhuyL3G9I6ryobflIx80jStWKaTappkwfrAruUWnFEWwJlSOAlEbuFBkXS/7k1Y/e1x + A2KG9xCfP0itiF3GMu2kSJPMljA3GY+rfrJ0lOMZhfBNJR4eTCtpytr5/51Vj93WV23wS + uPU5NhSL7WOqaJ3Lv/jQtOa1otGDIUX2g70SUufzgEM7h5xYgvRddMBLkkOK18vCqoOCq + Ka37FW4DT7pPvAWBxqB9MUNG+GlU8UmlT8Tpc+QYj46VoOknkst8RGFJmeLM0T76IwCFG + 6R80PGRTLlbkTtTIwc1L3z349eM7DxVRFEnUEJyGa8g/NqrKCaX5+e+PWYunWqcabVyUQ + CKAXEjxVFGyID2cTnvKP0dXtX+k0CYcCFqppu/7m1R3Qkc6Yu2/u0LShkg2Z5Q= + - Tgc236DwNZu5LHU2yA4preI5groMPONXv/xnWHO526ZjDI3lD9HwYbbmgOcQ0AEwULGrr + 1Qyd21kHL8DIQ1T7WgGgIAPHJAmXXqiPbybpbaJ6xjXX+pXNz/LPTECdBlEgiy2zoch2e + yfuKUuc9vSNEvuNyj/AsU2h/+MPerhbRfQVA+jm+AIuKsEf6efAVvf2q+OzXCqg77PyOj + TqLUZZxwmOZfq5YNFTUlQC9evjixRGQCxgf1HowEc3MTK2C6lvtI/ommV2RQQnOItttbT + 4wCKz6RWzm4+sEShEj9deQ88D377Grmy9pbH9jYKR+2JelkD39eQoTsEYEhxRpB7rfPOd + yTOWZ3LX6sHkldgnbPq58tty5M7T4CpWJaCNC1Hbvw3mw1IUUVxDWHyAkWVDKoZl5FlnD + 97+UOGjEVE2L5tFk+vTuA03/aHChdPPEYpYgOzycUA4ED+zQT0mZZLjkSDYXnLeNQvN5F + Qjbp2buK8m4GRx/AGhVkMRGkjYcxiK5eTmuvYsoMvKM9+h6KfywESSpaaGRzSyqJPko4y + yaA0h0zAUPmXLOghUPksEOzewOFnCThlzoGN4mRkIkOUUZX48Z1sTyY2X8uuLPhvir270 + mFmKWH0XJnj/gmX48oLTQ+tHVDastuNcwoEym9y0/UrpJty+YD8KbGARKPWJZU= + - fy1l68npdASzT1e5+YN3gzsr5oFRw9/LuB4NYZ502YmkkvLOsvhbbWu7c8zSKzshgGwnO + Ky2SmIsZOzSbhIHR1TLWKXZDPYuQXRXEEX5xR+3N0TzkfmH3XxRfcb5vrdGUeg/ac3O/d + tpvg9wkKoa3xBO1p7ynZOWDYVQiQ3qbuZOx1FpvGzDKmQAY7xbkzFzZ4I8kM8Bs4FDHwf + Rpsafx8/fwHklYcFs393AcvZiTHBxHV3nOA9HQyAm9N0pHd5z3/x7mDySBScH8IrGEtpP + UwMurxy20cQrMfSsLkIiLXYMPCRTtNsHGAuXqqjLQA4oifrf+LgoUNSaK9n4G67QI8os8 + w47b6WHhYLMBaj1GM4GmVZG2+J3BmnAaVEHau772G4AJqq/jXx6WJIJ4z21S3urFjxAUs + XXyT2tbmLeOuwmFbE+LDpdhA0aMwG29a/S9SmOmNkfLl+9JtJ0VYrFhHSjtbGzpiMTcEN + vzTVHRpq7SJsvIcXHhWLFV5PwVYnooUDSk4kCgs1GpJ4L0RQrcF9JcEae1Yk+Wn5ZnKNP + Id467d4BB26BruetFE5yNE40vGhdpixeMi8kCvscxWUl/xfvdDOx3GclWaMBHJC0XGaLM + 5BI7DgmYr420ZTVOervUmyy01sWG7K9uxS7e+A1AMtkGIzq/iJ+e9Or8CiptfE= + - lslBu2m2OjpRbVzxra+Lmw7OmHP8JyZM5M8RpdBDVMUmfb7IcYo/Madzn+X9SAltGCggo + G5Guj3ATRjDNp+ts7U3RCLWsAj7URgM5HdDAyQRO5tzx9perCuHI709f/KYDVQYKcxF/p + da0+sZsTPNtKDOZV4heoTey3b4yGFBzl1Wlq+eILeUPoR2197KdJlQg6Qh5gXeGp8XEyM + BM99IV+lFsNM+putCg7XSCqesTPhb38TPxf0kbjWJslnHf1xFHs8+ghrhKilAZqLIrZF9 + /LKNxpTr8bhkQbZaK1VgpOQCxaHXDhs3huBqco0Zb6IaPV2Ricb13SmHg1Pq3tJkxFb/w + 6Sy0argpKh5e8wpYfUrHpoV2zsMbztnEI7lHxjj1ASq5+007ffMHzFY1ckOzUknBU74S3 + PiSb1C09fSbUr2aocVEhC6wel3cAPB0XgCwhn6asV5mWfgwBbNApuriQMmCOlJgbqqqp2 + F/JxuXFTGKfMwoXZo9I3cBqu+twVDDftjAaDap+2yAFYwCJvc5GJnd//4OxEW/Jz0BCQu + GP0va6xy4BkXaD+0IGDIA+r8CltiK4UEgF0/g01p+siS+l+cpwRIPGEmlPsqLCUc3EM3a + 0I1EgiMWFY/hc0+qijzO5PlHjsJ8rQeTBdGMwCp24aEI1DhHL0CZDW/wyDwkYQ= + - gc9mp5gwWDgR9UMl63RTzYyKY0vFCu57PfbpvAD64SsVhiNbvWMKYU5KVA9F+XtaIC+zC + wLwZO8jHZHJC4zSR7K0zZ0lu+f4TegX5OjZ5WnjNkHCdvOVdLvjPORGmaWyNCjoolc2RT + qdw7Sk8XNd+LT2HeNEV7LoFj2EbaeJBwZ3V8qOU/yjRPPjbi7uLzsjzSRByQX/5fbGOsI + 4x42gmOrbi1w0H11dOskrg2LLvBvv7VCr7LqvLEawRp+huyP/0xpE1qKKhDSGuGhf8gFY + jB5okNdgJqR2ClUQS5fUqgrXFmCtad7RDGkhL7XYJL6sd7osH/lgBMyCX3pL6LRvDos5V + 4KAInr0u8WEgv7jAFJK1a1o5nqzaSJ/BSKiWfhdj8pvbEXufirHjtYtBXmeQGSPRWfYnA + C/ihRk+WCAUZZuLDbXQLNDKBYZbqd3gUE0bA9bNix7hzVT/k1oa8aYzHbQPDvL0pt/5HF + xp5s6TxwGy0Ut2CyY8Kc07NjSL6f0eGaZPl3xN94+keTTDtBCds7OMN1nbvfKBM/WQ7Wj + GP/sCk18NKUdidDpBvFVCTzIAVALwHrDgBX4MDwBJvlHerP6qkEX60guYSyBSXp1dCBx2 + ndpVj+/YpUB4EgECWS/oBc+PyFsZlWA+d9LwzsapAOFJkgWhesPYNjW1zuRzig= + - E+4MKgGD+qnen7Ym5YmkqjdZQ7buqYAFUqqZ3fPn5wbmDGCq2iqkO1JhQvSvHL1r7Yp1a + eQPI3YxUQpM6Dbdqp1Au+omz0hd8GedufTTyzhh7fGUd8LKBXaM/fPL2g1s70NF3iJ+oK + v003KLVNIYlRigAWKUOzeQLn+gl92bRSip5RSIWyOVpprjAFq8BePFMg+ZsERisANaJxN + QzDaYFVadL2dCxMcuZ7Y8z0RNzgb9Mi6D2dnDBoFSfFnJGLZIwGIdcQfz88gWFsuCLXGb + VLVxGsU1/WXKngSoKuVpVNdShvjj9LzznLvoaO9IDig+NnPzVf6zJ2TklIYs/vFamHriC + zBUb0KRC7U34iBmc+62kbqokpvVP0KAuzgtaDzGRhdZJXvahn0tI0WEDVuq4QOcUwA9I1 + UlcQK6MHMgwhqfZI2RmbARFgPov9OzmKrM8M4AZ4TYQwdgj57na6DOl7UEal5cHWsvR+8 + t230YyZJ6MLy9l6R2zHPicgbJj3w5aERp3ipTkofL47FokPT8eFtPhy5BYIKFtjPDNAc7 + 2LF69MtEMJtfb9g6u4uzOp5Y/bg+4fsDYWd5Dw7kRjeKvWmmH9Uplh6Y569GW2z2NFekr + QxX8x0Bpt4ZvOGXiJIP0KWcFAEceSjds6DPzCX9z8HyK9CWX0aFC2R4Wis8PyY= \ No newline at end of file diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst new file mode 100644 index 0000000..f2f8e6d --- /dev/null +++ b/CONTRIBUTING.rst @@ -0,0 +1,16 @@ +If you would like to contribute to the development of OpenStack, +you must follow the steps in this page: + + https://docs.openstack.org/infra/manual/developers.html + +Once those steps have been completed, changes to OpenStack +should be submitted for review via the Gerrit tool, following +the workflow documented at: + + https://docs.openstack.org/infra/manual/developers.html#development-workflow + +Pull requests submitted through GitHub will be ignored. + +Bugs should be filed in Launchpad: + + https://bugs.launchpad.net/starlingx diff --git a/HACKING.rst b/HACKING.rst new file mode 100644 index 0000000..61c83c5 --- /dev/null +++ b/HACKING.rst @@ -0,0 +1,17 @@ +StarlingX Vault-Armada-App Style Commandments +================================================================ + +- Step 1: Read the OpenStack style commandments + https://docs.openstack.org/hacking/latest/ +- Step 2: Read on + +Vault-Armada-App Specific Commandments +--------------------------------------------------------- + +None so far + +Running tests +------------- +The approach to running tests is to simply run the command ``tox``. This will +create virtual environments, populate them with dependencies and run all of +the tests that OpenStack CI systems run. diff --git a/centos_build_layer.cfg b/centos_build_layer.cfg new file mode 100644 index 0000000..c581999 --- /dev/null +++ b/centos_build_layer.cfg @@ -0,0 +1 @@ +flock diff --git a/centos_iso_image.inc b/centos_iso_image.inc new file mode 100644 index 0000000..9ce391d --- /dev/null +++ b/centos_iso_image.inc @@ -0,0 +1 @@ +stx-vault-helm diff --git a/centos_pkg_dirs b/centos_pkg_dirs new file mode 100644 index 0000000..4c7c598 --- /dev/null +++ b/centos_pkg_dirs @@ -0,0 +1,2 @@ +stx-vault-helm +python-k8sapp-vault \ No newline at end of file diff --git a/centos_pkg_dirs_containers b/centos_pkg_dirs_containers new file mode 100644 index 0000000..4c7c598 --- /dev/null +++ b/centos_pkg_dirs_containers @@ -0,0 +1,2 @@ +stx-vault-helm +python-k8sapp-vault \ No newline at end of file diff --git a/centos_tarball-dl.lst b/centos_tarball-dl.lst new file mode 100644 index 0000000..40b11f5 --- /dev/null +++ b/centos_tarball-dl.lst @@ -0,0 +1 @@ +helm-charts-vault-0-6-0.tar.gz#helm-charts-vault#https://github.com/hashicorp/vault-helm/archive/v0.6.0.tar.gz#http## diff --git a/config b/config new file mode 100644 index 0000000..6c566d9 --- /dev/null +++ b/config @@ -0,0 +1,12 @@ +[core] + repositoryformatversion = 0 + filemode = true + bare = false + logallrefupdates = true +[remote "origin"] + url = https://review.opendev.org/starlingx/vault-armada-app.git + fetch = +refs/heads/*:refs/remotes/origin/* +[branch "master"] + remote = origin + merge = refs/heads/master + rebase = true diff --git a/github_sync.trigger b/github_sync.trigger new file mode 100644 index 0000000..b8a4ee2 --- /dev/null +++ b/github_sync.trigger @@ -0,0 +1,2 @@ +# to trigger the upload job to sync to GitHub +1 diff --git a/python-k8sapp-vault/centos/build_srpm.data b/python-k8sapp-vault/centos/build_srpm.data new file mode 100644 index 0000000..302126a --- /dev/null +++ b/python-k8sapp-vault/centos/build_srpm.data @@ -0,0 +1,7 @@ +SRC_DIR="k8sapp_vault" + +# Keep the SRCREV in sync with stx-vault-helm so the app version is the +# same as the plugin version +#TIS_BASE_SRCREV=94d4c26f982e2e8c222517900c504580d1e3a09d +#TIS_PATCH_VER=GITREVCOUNT +TIS_PATCH_VER=0 diff --git a/python-k8sapp-vault/centos/python-k8sapp-vault.spec b/python-k8sapp-vault/centos/python-k8sapp-vault.spec new file mode 100644 index 0000000..94cb728 --- /dev/null +++ b/python-k8sapp-vault/centos/python-k8sapp-vault.spec @@ -0,0 +1,61 @@ +%global app_name vault +%global pypi_name k8sapp-vault +%global sname k8sapp_vault + +Name: python-%{pypi_name} +Version: 20.06 +Release: %{tis_patch_ver}%{?_tis_dist} +Summary: StarlingX sysinv extensions: Vault + +License: Apache-2.0 +Source0: %{name}-%{version}.tar.gz + +BuildArch: noarch + +BuildRequires: python-setuptools +BuildRequires: python-pbr +BuildRequires: python2-pip +BuildRequires: python2-wheel + +%description +StarlingX sysinv extensions: Vault K8S app + +%package -n python2-%{pypi_name} +Summary: StarlingX sysinv extensions: Vault K8S app + +Requires: python-pbr >= 2.0.0 +Requires: sysinv >= 1.0 + +%description -n python2-%{pypi_name} +StarlingX sysinv extensions: Vault K8S app + +%prep +%setup +# Remove bundled egg-info +rm -rf %{pypi_name}.egg-info + +%build +export PBR_VERSION=%{version} +%{__python2} setup.py build + +%py2_build_wheel + +%install +export PBR_VERSION=%{version}.%{tis_patch_ver} +export SKIP_PIP_INSTALL=1 +%{__python2} setup.py install --skip-build --root %{buildroot} +mkdir -p ${RPM_BUILD_ROOT}/plugins/%{app_name} +install -m 644 dist/*.whl ${RPM_BUILD_ROOT}/plugins/%{app_name}/ + +%files +%{python2_sitelib}/%{sname} +%{python2_sitelib}/%{sname}-*.egg-info + +%package wheels +Summary: %{name} wheels + +%description wheels +Contains python wheels for %{name} + +%files wheels +/plugins/* diff --git a/python-k8sapp-vault/k8sapp_vault/.gitignore b/python-k8sapp-vault/k8sapp_vault/.gitignore new file mode 100644 index 0000000..78c457c --- /dev/null +++ b/python-k8sapp-vault/k8sapp_vault/.gitignore @@ -0,0 +1,35 @@ +# Compiled files +*.py[co] +*.a +*.o +*.so + +# Sphinx +_build +doc/source/api/ + +# Packages/installer info +*.egg +*.egg-info +dist +build +eggs +parts +var +sdist +develop-eggs +.installed.cfg + +# Other +*.DS_Store +.stestr +.testrepository +.tox +.venv +.*.swp +.coverage +bandit.xml +cover +AUTHORS +ChangeLog +*.sqlite diff --git a/python-k8sapp-vault/k8sapp_vault/.stestr.conf b/python-k8sapp-vault/k8sapp_vault/.stestr.conf new file mode 100644 index 0000000..d1ac0a0 --- /dev/null +++ b/python-k8sapp-vault/k8sapp_vault/.stestr.conf @@ -0,0 +1,4 @@ +[DEFAULT] +test_path=./k8sapp_vault/tests +top_dir=./k8sapp_vault +#parallel_class=True diff --git a/python-k8sapp-vault/k8sapp_vault/LICENSE b/python-k8sapp-vault/k8sapp_vault/LICENSE new file mode 100644 index 0000000..d6e2801 --- /dev/null +++ b/python-k8sapp-vault/k8sapp_vault/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2019 Wind River Systems, Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/python-k8sapp-vault/k8sapp_vault/README.rst b/python-k8sapp-vault/k8sapp_vault/README.rst new file mode 100644 index 0000000..865d801 --- /dev/null +++ b/python-k8sapp-vault/k8sapp_vault/README.rst @@ -0,0 +1,7 @@ +k8sapp-vault +=================== + +This project contains StarlingX Kubernetes application specific python plugins +for Vault. These plugins are required to integrate the oidc authorization +application into the StarlingX application framework and to support the +various StarlingX deployments. diff --git a/python-k8sapp-vault/k8sapp_vault/k8sapp_vault/__init__.py b/python-k8sapp-vault/k8sapp_vault/k8sapp_vault/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/python-k8sapp-vault/k8sapp_vault/k8sapp_vault/common/__init__.py b/python-k8sapp-vault/k8sapp_vault/k8sapp_vault/common/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/python-k8sapp-vault/k8sapp_vault/k8sapp_vault/common/constants.py b/python-k8sapp-vault/k8sapp_vault/k8sapp_vault/common/constants.py new file mode 100644 index 0000000..7e7603a --- /dev/null +++ b/python-k8sapp-vault/k8sapp_vault/k8sapp_vault/common/constants.py @@ -0,0 +1,10 @@ +# +# Copyright (c) 2020 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +# Helm: Supported charts: +# These values match the names in the chart package's Chart.yaml +HELM_CHART_VAULT = 'vault' +HELM_CHART_PSP_ROLEBINDING = 'psp-rolebinding' diff --git a/python-k8sapp-vault/k8sapp_vault/k8sapp_vault/helm/__init__.py b/python-k8sapp-vault/k8sapp_vault/k8sapp_vault/helm/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/python-k8sapp-vault/k8sapp_vault/k8sapp_vault/helm/psp_rolebinding.py b/python-k8sapp-vault/k8sapp_vault/k8sapp_vault/helm/psp_rolebinding.py new file mode 100644 index 0000000..7af36b2 --- /dev/null +++ b/python-k8sapp-vault/k8sapp_vault/k8sapp_vault/helm/psp_rolebinding.py @@ -0,0 +1,43 @@ +# +# Copyright (c) 2020 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +from k8sapp_vault.common import constants as app_constants + +from sysinv.common import constants +from sysinv.common import exception + +from sysinv.helm import base +from sysinv.helm import common + + +class PSPRolebindingHelm(base.BaseHelm): + """Class to encapsulate helm operations for the psp rolebinding chart""" + + SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + \ + [common.HELM_NS_VAULT] + SUPPORTED_APP_NAMESPACES = { + constants.HELM_APP_VAULT: + base.BaseHelm.SUPPORTED_NAMESPACES + [common.HELM_NS_VAULT], + } + + CHART = app_constants.HELM_CHART_PSP_ROLEBINDING + SERVICE_NAME = 'psp-rolebinding' + + def get_namespaces(self): + return self.SUPPORTED_NAMESPACES + + def get_overrides(self, namespace=None): + overrides = { + common.HELM_NS_VAULT: {} + } + + if namespace in self.SUPPORTED_NAMESPACES: + return overrides[namespace] + elif namespace: + raise exception.InvalidHelmNamespace(chart=self.CHART, + namespace=namespace) + else: + return overrides diff --git a/python-k8sapp-vault/k8sapp_vault/k8sapp_vault/helm/vault.py b/python-k8sapp-vault/k8sapp_vault/k8sapp_vault/helm/vault.py new file mode 100644 index 0000000..fc7593f --- /dev/null +++ b/python-k8sapp-vault/k8sapp_vault/k8sapp_vault/helm/vault.py @@ -0,0 +1,51 @@ +# +# Copyright (c) 2020 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +from k8sapp_vault.common import constants as app_constants + +from sysinv.common import constants +from sysinv.common import exception + +from sysinv.helm import base +from sysinv.helm import common + + +class VaultHelm(base.BaseHelm): + """Class to encapsulate helm operations for the vault chart""" + + SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + \ + [common.HELM_NS_VAULT] + SUPPORTED_APP_NAMESPACES = { + constants.HELM_APP_VAULT: + base.BaseHelm.SUPPORTED_NAMESPACES + [common.HELM_NS_VAULT], + } + + CHART = app_constants.HELM_CHART_VAULT + + SERVICE_NAME = 'vault' + + def get_namespaces(self): + return self.SUPPORTED_NAMESPACES + + def get_overrides(self, namespace=None): + + overrides = { + common.HELM_NS_VAULT: { + 'server': { + 'ha': { + 'replicas': max(1, self._num_provisioned_controllers()), + }, + }, + } + } + + if namespace in self.SUPPORTED_NAMESPACES: + return overrides[namespace] + elif namespace: + raise exception.InvalidHelmNamespace(chart=self.CHART, + namespace=namespace) + else: + return overrides diff --git a/python-k8sapp-vault/k8sapp_vault/k8sapp_vault/tests/__init__.py b/python-k8sapp-vault/k8sapp_vault/k8sapp_vault/tests/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/python-k8sapp-vault/k8sapp_vault/k8sapp_vault/tests/test_plugins.py b/python-k8sapp-vault/k8sapp_vault/k8sapp_vault/tests/test_plugins.py new file mode 100644 index 0000000..9968d73 --- /dev/null +++ b/python-k8sapp-vault/k8sapp_vault/k8sapp_vault/tests/test_plugins.py @@ -0,0 +1,42 @@ +# +# Copyright (c) 2020 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +from sysinv.common import constants +from sysinv.tests.db import base as dbbase +from sysinv.tests.helm.test_helm import HelmOperatorTestSuiteMixin + + +class K8SAppVaultAppMixin(object): + app_name = constants.HELM_APP_VAULT + path_name = app_name + '.tgz' + + def setUp(self): + super(K8SAppVaultAppMixin, self).setUp() + + +# Test Configuration: +# - Controller +# - IPv6 +# - Ceph Storage +# - vault app +class K8sAppVaultControllerTestCase(K8SAppVaultAppMixin, + dbbase.BaseIPv6Mixin, + dbbase.BaseCephStorageBackendMixin, + HelmOperatorTestSuiteMixin, + dbbase.ControllerHostTestCase): + pass + + +# Test Configuration: +# - AIO +# - IPv4 +# - Ceph Storage +# - vault app +class K8SAppVaultAIOTestCase(K8SAppVaultAppMixin, + dbbase.BaseCephStorageBackendMixin, + HelmOperatorTestSuiteMixin, + dbbase.AIOSimplexHostTestCase): + pass diff --git a/python-k8sapp-vault/k8sapp_vault/k8sapp_vault/tests/test_vault.py b/python-k8sapp-vault/k8sapp_vault/k8sapp_vault/tests/test_vault.py new file mode 100644 index 0000000..3813ad6 --- /dev/null +++ b/python-k8sapp-vault/k8sapp_vault/k8sapp_vault/tests/test_vault.py @@ -0,0 +1,51 @@ +# Copyright (c) 2020 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +from k8sapp_vault.common import constants as app_constants +from k8sapp_vault.tests import test_plugins + +from sysinv.db import api as dbapi +from sysinv.helm import common + +from sysinv.tests.db import base as dbbase +from sysinv.tests.db import utils as dbutils +from sysinv.tests.helm import base + + +class VaultTestCase(test_plugins.K8SAppVaultAppMixin, + base.HelmTestCaseMixin): + + def setUp(self): + super(VaultTestCase, self).setUp() + self.app = dbutils.create_test_app(name='vault') + self.dbapi = dbapi.get_instance() + + +class VaultIPv4ControllerHostTestCase(VaultTestCase, + dbbase.ProvisionedControllerHostTestCase): + + def test_replicas(self): + overrides = self.operator.get_helm_chart_overrides( + app_constants.HELM_CHART_VAULT, + cnamespace=common.HELM_NS_VAULT) + + self.assertOverridesParameters(overrides, { + # 1 replica for 1 controller + 'replicaCount': 1 + }) + + +class VaultIPv6AIODuplexSystemTestCase(VaultTestCase, + dbbase.BaseIPv6Mixin, + dbbase.ProvisionedAIODuplexSystemTestCase): + + def test_replicas(self): + overrides = self.operator.get_helm_chart_overrides( + app_constants.HELM_CHART_VAULT, + cnamespace=common.HELM_NS_VAULT) + + self.assertOverridesParameters(overrides, { + # 2 replicas for 2 controllers + 'replicaCount': 2 + }) diff --git a/python-k8sapp-vault/k8sapp_vault/pylint.rc b/python-k8sapp-vault/k8sapp_vault/pylint.rc new file mode 100644 index 0000000..6e869c3 --- /dev/null +++ b/python-k8sapp-vault/k8sapp_vault/pylint.rc @@ -0,0 +1,238 @@ +[MASTER] +# Specify a configuration file. +rcfile=pylint.rc + +# Python code to execute, usually for sys.path manipulation such as +# pygtk.require(). +#init-hook= + +# Add files or directories to the blacklist. Should be base names, not paths. +ignore=tests + +# Pickle collected data for later comparisons. +persistent=yes + +# List of plugins (as comma separated values of python modules names) to load, +# usually to register additional checkers. +load-plugins= + +# Use multiple processes to speed up Pylint. +jobs=4 + +# Allow loading of arbitrary C extensions. Extensions are imported into the +# active Python interpreter and may run arbitrary code. +unsafe-load-any-extension=no + +# A comma-separated list of package or module names from where C extensions may +# be loaded. Extensions are loading into the active Python interpreter and may +# run arbitrary code +extension-pkg-whitelist=lxml.etree,greenlet + + + +[MESSAGES CONTROL] +# Enable the message, report, category or checker with the given id(s). You can +# either give multiple identifier separated by comma (,) or put this option +# multiple time. +#enable= + +# Disable the message, report, category or checker with the given id(s). You +# can either give multiple identifier separated by comma (,) or put this option +# multiple time (only on the command line, not in the configuration file where +# it should appear only once). +# See "Messages Control" section of +# https://pylint.readthedocs.io/en/latest/user_guide +# We are disabling (C)onvention +# We are disabling (R)efactor +disable=C, R + +[REPORTS] +# Set the output format. Available formats are text, parseable, colorized, msvs +# (visual studio) and html +output-format=text + +# Put messages in a separate file for each module / package specified on the +# command line instead of printing them on stdout. Reports (if any) will be +# written in a file name "pylint_global.[txt|html]". +files-output=no + +# Tells whether to display a full report or only the messages +reports=yes + +# Python expression which should return a note less than 10 (10 is the highest +# note). You have access to the variables errors warning, statement which +# respectively contain the number of errors / warnings messages and the total +# number of statements analyzed. This is used by the global evaluation report +# (RP0004). +evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10) + + +[SIMILARITIES] +# Minimum lines number of a similarity. +min-similarity-lines=4 + +# Ignore comments when computing similarities. +ignore-comments=yes + +# Ignore docstrings when computing similarities. +ignore-docstrings=yes + + +[FORMAT] +# Maximum number of characters on a single line. +max-line-length=85 + +# Maximum number of lines in a module +max-module-lines=1000 + +# String used as indentation unit. This is usually 4 spaces or "\t" (1 tab). +indent-string=' ' + + +[TYPECHECK] +# Tells whether missing members accessed in mixin class should be ignored. A +# mixin class is detected if its name ends with "mixin" (case insensitive). +ignore-mixin-members=yes + +# List of module names for which member attributes should not be checked +# (useful for modules/projects where namespaces are manipulated during runtime +# and thus existing member attributes cannot be deduced by static analysis +ignored-modules=distutils,eventlet.green.subprocess,six,six.moves + +# List of classes names for which member attributes should not be checked +# (useful for classes with attributes dynamically set). +# pylint is confused by sqlalchemy Table, as well as sqlalchemy Enum types +# ie: (unprovisioned, identity) +# LookupDict in requests library confuses pylint +ignored-classes=SQLObject, optparse.Values, thread._local, _thread._local, + Table, unprovisioned, identity, LookupDict + +# List of members which are set dynamically and missed by pylint inference +# system, and so shouldn't trigger E0201 when accessed. Python regular +# expressions are accepted. +generated-members=REQUEST,acl_users,aq_parent + + +[BASIC] +# List of builtins function names that should not be used, separated by a comma +bad-functions=map,filter,apply,input + +# Regular expression which should only match correct module names +module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$ + +# Regular expression which should only match correct module level names +const-rgx=(([A-Z_][A-Z0-9_]*)|(__.*__))$ + +# Regular expression which should only match correct class names +class-rgx=[A-Z_][a-zA-Z0-9]+$ + +# Regular expression which should only match correct function names +function-rgx=[a-z_][a-z0-9_]{2,30}$ + +# Regular expression which should only match correct method names +method-rgx=[a-z_][a-z0-9_]{2,30}$ + +# Regular expression which should only match correct instance attribute names +attr-rgx=[a-z_][a-z0-9_]{2,30}$ + +# Regular expression which should only match correct argument names +argument-rgx=[a-z_][a-z0-9_]{2,30}$ + +# Regular expression which should only match correct variable names +variable-rgx=[a-z_][a-z0-9_]{2,30}$ + +# Regular expression which should only match correct list comprehension / +# generator expression variable names +inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$ + +# Good variable names which should always be accepted, separated by a comma +good-names=i,j,k,ex,Run,_ + +# Bad variable names which should always be refused, separated by a comma +bad-names=foo,bar,baz,toto,tutu,tata + +# Regular expression which should only match functions or classes name which do +# not require a docstring +no-docstring-rgx=__.*__ + + +[MISCELLANEOUS] +# List of note tags to take in consideration, separated by a comma. +notes=FIXME,XXX,TODO + + +[VARIABLES] +# Tells whether we should check for unused import in __init__ files. +init-import=no + +# A regular expression matching the beginning of the name of dummy variables +# (i.e. not used). +dummy-variables-rgx=_|dummy + +# List of additional names supposed to be defined in builtins. Remember that +# you should avoid to define new builtins when possible. +additional-builtins= + + +[IMPORTS] +# Deprecated modules which should not be used, separated by a comma +deprecated-modules=regsub,string,TERMIOS,Bastion,rexec + +# Create a graph of every (i.e. internal and external) dependencies in the +# given file (report RP0402 must not be disabled) +import-graph= + +# Create a graph of external dependencies in the given file (report RP0402 must +# not be disabled) +ext-import-graph= + +# Create a graph of internal dependencies in the given file (report RP0402 must +# not be disabled) +int-import-graph= + + +[DESIGN] +# Maximum number of arguments for function / method +max-args=5 + +# Argument names that match this expression will be ignored. Default to name +# with leading underscore +ignored-argument-names=_.* + +# Maximum number of locals for function / method body +max-locals=15 + +# Maximum number of return / yield for function / method body +max-returns=6 + +# Maximum number of branch for function / method body +max-branchs=12 + +# Maximum number of statements in function / method body +max-statements=50 + +# Maximum number of parents for a class (see R0901). +max-parents=7 + +# Maximum number of attributes for a class (see R0902). +max-attributes=7 + +# Minimum number of public methods for a class (see R0903). +min-public-methods=2 + +# Maximum number of public methods for a class (see R0904). +max-public-methods=20 + + +[CLASSES] +# List of method names used to declare (i.e. assign) instance attributes. +defining-attr-methods=__init__,__new__,setUp + +# List of valid names for the first argument in a class method. +valid-classmethod-first-arg=cls + + +[EXCEPTIONS] +# Exceptions that will emit a warning when being caught. Defaults to +# "Exception" +overgeneral-exceptions=Exception diff --git a/python-k8sapp-vault/k8sapp_vault/requirements.txt b/python-k8sapp-vault/k8sapp_vault/requirements.txt new file mode 100644 index 0000000..e71df21 --- /dev/null +++ b/python-k8sapp-vault/k8sapp_vault/requirements.txt @@ -0,0 +1,2 @@ +pbr>=2.0.0 +PyYAML==3.10 diff --git a/python-k8sapp-vault/k8sapp_vault/setup.cfg b/python-k8sapp-vault/k8sapp_vault/setup.cfg new file mode 100644 index 0000000..2f68f3c --- /dev/null +++ b/python-k8sapp-vault/k8sapp_vault/setup.cfg @@ -0,0 +1,40 @@ +[metadata] +name = k8sapp-vault +summary = StarlingX sysinv extensions for vault +long_description = file: README.rst +long_description_content_type = text/x-rst +license = Apache 2.0 +author = StarlingX +author-email = starlingx-discuss@lists.starlingx.io +home-page = https://www.starlingx.io/ +classifier = + Environment :: OpenStack + Intended Audience :: Information Technology + Intended Audience :: System Administrators + License :: OSI Approved :: Apache Software License + Operating System :: POSIX :: Linux + Programming Language :: Python + Programming Language :: Python :: 2 + Programming Language :: Python :: 2.7 + Programming Language :: Python :: 3 + Programming Language :: Python :: 3.4 + Programming Language :: Python :: 3.5 + +[files] +packages = + k8sapp_vault + +[global] +setup-hooks = + pbr.hooks.setup_hook + +[entry_points] +systemconfig.helm_applications = + vault = systemconfig.helm_plugins.vault + +systemconfig.helm_plugins.vault = + 001_vault = k8sapp_vault.helm.vault:VaultHelm + 002_psp-rolebinding = k8sapp_vault.helm.psp_rolebinding:PSPRolebindingHelm + +[wheel] +universal = 1 diff --git a/python-k8sapp-vault/k8sapp_vault/setup.py b/python-k8sapp-vault/k8sapp_vault/setup.py new file mode 100644 index 0000000..e8729b8 --- /dev/null +++ b/python-k8sapp-vault/k8sapp_vault/setup.py @@ -0,0 +1,12 @@ +# +# Copyright (c) 2020 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +import setuptools + + +setuptools.setup( + setup_requires=['pbr>=2.0.0'], + pbr=True) diff --git a/python-k8sapp-vault/k8sapp_vault/test-requirements.txt b/python-k8sapp-vault/k8sapp_vault/test-requirements.txt new file mode 100644 index 0000000..e248a36 --- /dev/null +++ b/python-k8sapp-vault/k8sapp_vault/test-requirements.txt @@ -0,0 +1,26 @@ +# The order of packages is significant, because pip processes them in the order +# of appearance. Changing the order has an impact on the overall integration +# process, which may cause wedges in the gate later. +flake8<3.8.0 +pycodestyle<2.6.0 # MIT License +hacking>=1.1.0,<=2.0.0 # Apache-2.0 +coverage>=3.6 +discover +fixtures>=3.0.0 # Apache-2.0/BSD +mock>=2.0.0 # BSD +passlib>=1.7.0 +psycopg2-binary +python-subunit>=0.0.18 +requests-mock>=0.6.0 # Apache-2.0 +sphinx!=1.2.0,!=1.3b1,<1.3,>=1.1.2 +oslosphinx<2.6.0,>=2.5.0 # Apache-2.0 +oslotest>=3.2.0 # Apache-2.0 +stestr>=1.0.0 # Apache-2.0 +testrepository>=0.0.18 +testtools!=1.2.0,>=0.9.36 +tempest-lib<0.5.0,>=0.4.0 +ipaddr +pytest +pyudev +migrate +markupsafe diff --git a/python-k8sapp-vault/k8sapp_vault/tox.ini b/python-k8sapp-vault/k8sapp_vault/tox.ini new file mode 100644 index 0000000..4cc980f --- /dev/null +++ b/python-k8sapp-vault/k8sapp_vault/tox.ini @@ -0,0 +1,131 @@ +[tox] +envlist = flake8,py27,py36,pylint,bandit +minversion = 1.6 +# skipsdist = True +#,pip-missing-reqs + +# tox does not work if the path to the workdir is too long, so move it to /tmp +toxworkdir = /tmp/{env:USER}_k8svaulttox +stxdir = {toxinidir}/../../.. +distshare={toxworkdir}/.tox/distshare + +[testenv] +# usedevelop = True +# enabling usedevelop results in py27 develop-inst: +# Exception: Versioning for this project requires either an sdist tarball, +# or access to an upstream git repository. +# Note. site-packages is true and rpm-python must be yum installed on your dev machine. +sitepackages = True + +# tox is silly... these need to be separated by a newline.... +whitelist_externals = bash + find + +install_command = pip install \ + -v -v -v \ + -c{toxinidir}/upper-constraints.txt \ + -c{env:UPPER_CONSTRAINTS_FILE:https://opendev.org/openstack/requirements/raw/branch/stable/stein/upper-constraints.txt} \ + {opts} {packages} + +# Note the hash seed is set to 0 until can be tested with a +# random hash seed successfully. +setenv = VIRTUAL_ENV={envdir} + PYTHONHASHSEED=0 + PYTHONDONTWRITEBYTECODE=1 + OS_TEST_PATH=./k8sapp_vault/tests + LANG=en_US.UTF-8 + LANGUAGE=en_US:en + LC_ALL=C + EVENTS_YAML=./k8sapp_vault/tests/events_for_testing.yaml + SYSINV_TEST_ENV=True + TOX_WORK_DIR={toxworkdir} + PYLINTHOME={toxworkdir} + +deps = -r{toxinidir}/requirements.txt + -r{toxinidir}/test-requirements.txt + -e{[tox]stxdir}/config/sysinv/sysinv/sysinv + -e{[tox]stxdir}/config/tsconfig/tsconfig + -e{[tox]stxdir}/fault/fm-api + -e{[tox]stxdir}/fault/python-fmclient/fmclient + -e{[tox]stxdir}/utilities/ceph/python-cephclient/python-cephclient + -e{[tox]stxdir}/update/cgcs-patch/cgcs-patch + + +commands = + find . -type f -name "*.pyc" -delete + +[flake8] +exclude = build,dist,tools,.eggs +max-line-length=120 + +[testenv:flake8] +basepython = python3 +deps = -r{toxinidir}/test-requirements.txt + flake8-bugbear +commands = + flake8 {posargs} . + +[testenv:py27] +basepython = python2.7 +commands = + {[testenv]commands} + stestr run {posargs} + stestr slowest + +[testenv:py36] +basepython = python3.6 +commands = + {[testenv]commands} + stestr run {posargs} + stestr slowest + +[testenv:pep8] +# testenv:flake8 clone +basepython = {[testenv:flake8]basepython} +deps = {[testenv:flake8]deps} +commands = {[testenv:flake8]commands} + +[testenv:venv] +commands = {posargs} + +[bandit] + +[testenv:bandit] +basepython = python3 +deps = -r{toxinidir}/test-requirements.txt + bandit + +commands = bandit --ini tox.ini -n 5 -r k8sapp_vault + +[testenv:pylint] +basepython = python2.7 +sitepackages = False + +deps = {[testenv]deps} + pylint +commands = + pylint {posargs} k8sapp_vault --rcfile=./pylint.rc + +[testenv:cover] +basepython = python2.7 +deps = {[testenv]deps} +setenv = {[testenv]setenv} + PYTHON=coverage run --parallel-mode + +commands = + {[testenv]commands} + coverage erase + stestr run {posargs} + coverage combine + coverage html -d cover + coverage xml -o cover/coverage.xml + coverage report + +[testenv:pip-missing-reqs] +# do not install test-requirements as that will pollute the virtualenv for +# determining missing packages +# this also means that pip-missing-reqs must be installed separately, outside +# of the requirements.txt files +deps = pip_missing_reqs + -rrequirements.txt +commands=pip-missing-reqs -d --ignore-file=/k8sapp_vault/tests k8sapp_vault diff --git a/python-k8sapp-vault/k8sapp_vault/upper-constraints.txt b/python-k8sapp-vault/k8sapp_vault/upper-constraints.txt new file mode 100644 index 0000000..9c30188 --- /dev/null +++ b/python-k8sapp-vault/k8sapp_vault/upper-constraints.txt @@ -0,0 +1 @@ +# Override upstream constraints based on StarlingX load diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..c01ade2 --- /dev/null +++ b/requirements.txt @@ -0,0 +1 @@ +# Nothing diff --git a/stx-vault-helm/centos/build_srpm.data b/stx-vault-helm/centos/build_srpm.data new file mode 100644 index 0000000..23ca50f --- /dev/null +++ b/stx-vault-helm/centos/build_srpm.data @@ -0,0 +1,14 @@ +SRC_DIR="stx-vault-helm" + +TAR_NAME=helm-charts-vault-0-6-0 +VERSION=1.0.0 +TAR="$TAR_NAME.tar.gz" + +COPY_LIST="${CGCS_BASE}/downloads/$TAR $PKG_BASE/$SRC_DIR/files/* $PKG_BASE/$SRC_DIR/manifests/*" + +TIS_PATCH_VER=0 + +# Keep the SRCREV in sync with python-k8sapp-cert-manager so the app version is +# the same as the plugin version +#TIS_BASE_SRCREV=94d4c26f982e2e8c222517900c504580d1e3a09d +#TIS_PATCH_VER=GITREVCOUNT \ No newline at end of file diff --git a/stx-vault-helm/centos/stx-vault-helm.spec b/stx-vault-helm/centos/stx-vault-helm.spec new file mode 100644 index 0000000..31c3ed4 --- /dev/null +++ b/stx-vault-helm/centos/stx-vault-helm.spec @@ -0,0 +1,116 @@ +# Application tunables (maps to metadata) +%global app_name vault +%global helm_repo stx-platform + +%global armada_folder /usr/lib/armada + +# Install location +%global app_folder /usr/local/share/applications/helm + +# Build variables +%global helm_folder /usr/lib/helm +%global toolkit_version 0.1.0 + +Summary: StarlingX Vault Armada Helm Charts +Name: stx-vault-helm +Version: 1.0 +Release: %{tis_patch_ver}%{?_tis_dist} +License: Apache-2.0 +Group: base +Packager: Wind River +URL: unknown + +Source0: helm-charts-vault-0-6-0.tar.gz +Source1: repositories.yaml +Source2: index.yaml +Source3: Makefile +Source4: metadata.yaml +Source5: vault_manifest.yaml + +BuildArch: noarch + +BuildRequires: helm +BuildRequires: python-k8sapp-vault +BuildRequires: python-k8sapp-vault-wheels + +%description +StarlingX Vault Helm Charts + +%prep +%setup -n helm-charts-vault + +%build +# initialize helm and build the toolkit +# helm init --client-only does not work if there is no networking +# The following commands do essentially the same as: helm init +%define helm_home %{getenv:HOME}/.helm +mkdir %{helm_home} +mkdir %{helm_home}/repository +mkdir %{helm_home}/repository/cache +mkdir %{helm_home}/repository/local +mkdir %{helm_home}/plugins +mkdir %{helm_home}/starters +mkdir %{helm_home}/cache +mkdir %{helm_home}/cache/archive + +# Stage a repository file that only has a local repo +cp %{SOURCE1} %{helm_home}/repository/repositories.yaml + +# Stage a local repo index that can be updated by the build +cp %{SOURCE2} %{helm_home}/repository/local/index.yaml + +# Host a server for the charts +helm serve --repo-path . & +helm repo rm local +helm repo add local http://localhost:8879/charts + +# Create the tgz file +cp %{SOURCE3} ./ +mkdir ./vault +cp ./Chart.yaml ./vault +mv ./values.yaml ./vault +mv ./templates ./vault/templates + +make vault +make psp-rolebinding +cd - + +# Terminate helm server (the last backgrounded task) +kill %1 + +# Create a chart tarball compliant with sysinv kube-app.py +%define app_staging %{_builddir}/staging +%define app_tarball %{app_name}-%{version}-%{tis_patch_ver}.tgz + +# Setup staging +mkdir -p %{app_staging} +cp %{SOURCE4} %{app_staging} +cp %{SOURCE5} %{app_staging} +mkdir -p %{app_staging}/charts +cp ./helm-charts-vault/*.tgz %{app_staging}/charts +cd %{app_staging} + +# Populate metadata +sed -i 's/@APP_NAME@/%{app_name}/g' %{app_staging}/metadata.yaml +sed -i 's/@APP_VERSION@/%{version}-%{tis_patch_ver}/g' %{app_staging}/metadata.yaml +sed -i 's/@HELM_REPO@/%{helm_repo}/g' %{app_staging}/metadata.yaml + + +# Copy the plugins: installed in the buildroot +mkdir -p %{app_staging}/plugins +cp /plugins/%{app_name}/*.whl %{app_staging}/plugins + +# package it up +find . -type f ! -name '*.md5' -print0 | xargs -0 md5sum > checksum.md5 +tar -zcf %{_builddir}/%{app_tarball} -C %{app_staging}/ . + +# Cleanup staging +rm -fr %{app_staging} + +%install +install -d -m 755 %{buildroot}/%{app_folder} +install -p -D -m 755 %{_builddir}/%{app_tarball} %{buildroot}/%{app_folder} + +%files +%defattr(-,root,root,-) +%{app_folder}/* diff --git a/stx-vault-helm/stx-vault-helm/README b/stx-vault-helm/stx-vault-helm/README new file mode 100644 index 0000000..b773ef4 --- /dev/null +++ b/stx-vault-helm/stx-vault-helm/README @@ -0,0 +1,5 @@ +This directory contains all StarlingX charts that need to be built for this +application. Some charts are common across applications. These common charts +reside in the stx-config/kubernetes/helm-charts directory. To include these in +this application update the build_srpm.data file and use the COPY_LIST_TO_TAR +mechanism to populate these common charts. diff --git a/stx-vault-helm/stx-vault-helm/files/Makefile b/stx-vault-helm/stx-vault-helm/files/Makefile new file mode 100644 index 0000000..03a3bb5 --- /dev/null +++ b/stx-vault-helm/stx-vault-helm/files/Makefile @@ -0,0 +1,43 @@ +# +# Copyright 2017 The Openstack-Helm Authors. +# +# Copyright (c) 2019 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +# It's necessary to set this because some environments don't link sh -> bash. +SHELL := /bin/bash +TASK := build + +EXCLUDES := helm-toolkit doc tests tools logs tmp +CHARTS := helm-toolkit $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) + +.PHONY: $(EXCLUDES) $(CHARTS) + +all: $(CHARTS) + +$(CHARTS): + @if [ -d $@ ]; then \ + echo; \ + echo "===== Processing [$@] chart ====="; \ + make $(TASK)-$@; \ + fi + +init-%: + if [ -f $*/Makefile ]; then make -C $*; fi + if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: init-% + if [ -d $* ]; then helm lint $*; fi + +build-%: + if [ -d $* ]; then helm package $*; fi + +clean: + @echo "Clean all build artifacts" + rm -f */templates/_partials.tpl */templates/_globals.tpl + rm -f *tgz */charts/*tgz */requirements.lock + rm -rf */charts */tmpcharts + +%: + @: diff --git a/stx-vault-helm/stx-vault-helm/files/index.yaml b/stx-vault-helm/stx-vault-helm/files/index.yaml new file mode 100644 index 0000000..36db709 --- /dev/null +++ b/stx-vault-helm/stx-vault-helm/files/index.yaml @@ -0,0 +1,3 @@ +apiVersion: v1 +entries: {} +generated: 2019-01-07T12:33:46.098166523-06:00 diff --git a/stx-vault-helm/stx-vault-helm/files/metadata.yaml b/stx-vault-helm/stx-vault-helm/files/metadata.yaml new file mode 100644 index 0000000..8a9e1c8 --- /dev/null +++ b/stx-vault-helm/stx-vault-helm/files/metadata.yaml @@ -0,0 +1,6 @@ +maintain_user_overrides: true + +app_name: @APP_NAME@ +app_version: @APP_VERSION@ +helm_repo: @HELM_REPO@ + diff --git a/stx-vault-helm/stx-vault-helm/files/repositories.yaml b/stx-vault-helm/stx-vault-helm/files/repositories.yaml new file mode 100644 index 0000000..e613b63 --- /dev/null +++ b/stx-vault-helm/stx-vault-helm/files/repositories.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +generated: 2019-01-02T15:19:36.215111369-06:00 +repositories: +- caFile: "" + cache: /builddir/.helm/repository/cache/local-index.yaml + certFile: "" + keyFile: "" + name: local + password: "" + url: http://127.0.0.1:8879/charts + username: "" + diff --git a/stx-vault-helm/stx-vault-helm/manifests/vault_manifest.yaml b/stx-vault-helm/stx-vault-helm/manifests/vault_manifest.yaml new file mode 100644 index 0000000..24252b8 --- /dev/null +++ b/stx-vault-helm/stx-vault-helm/manifests/vault_manifest.yaml @@ -0,0 +1,72 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: vault +data: + chart_name: vault + release: vault + namespace: vault + wait: + timeout: 1800 + labels: + app: vault + install: + no_hooks: false + upgrade: + no_hooks: false + pre: + delete: + - type: job + labels: + app: vault + values: + global: + enabled: true + injector: + enabled: true + image: + repository: hashicorp/vault-k8s + tag: 0.4.0 + agentImage: + repository: vault + tag: 1.4.2 + server: + image: + repository: vault + tag: 1.4.2 + auditStorage: + enabled: true + size: 10Gi + ha: + enabled: true + replicas: 3 + raft: + enabled: true + extraLabels: + app: vault + source: + type: tar + location: http://172.17.0.1/helm_charts/stx-platform/vault-0.6.0.tgz + subpath: vault + reference: master + dependencies: [] +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: vault +data: + description: "Deploy Vault" + sequenced: false + chart_group: + - vault +--- +schema: armada/Manifest/v1 +metadata: + schema: metadata/Document/v1 + name: vault-manifest +data: + release_prefix: stx + chart_groups: + - vault \ No newline at end of file diff --git a/test-requirements.txt b/test-requirements.txt new file mode 100644 index 0000000..8ae3e22 --- /dev/null +++ b/test-requirements.txt @@ -0,0 +1,3 @@ +# hacking pulls in flake8 +hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0 +bashate >= 0.2 diff --git a/tox.ini b/tox.ini new file mode 100644 index 0000000..cede375 --- /dev/null +++ b/tox.ini @@ -0,0 +1,35 @@ +[tox] +envlist = linters +minversion = 2.3 +skipsdist = True +sitepackages=False + +[testenv] +install_command = pip install -U {opts} {packages} +setenv = + VIRTUAL_ENV={envdir} + OS_STDOUT_CAPTURE=1 + OS_STDERR_CAPTURE=1 + OS_DEBUG=1 + OS_LOG_CAPTURE=1 +deps = + -r{toxinidir}/requirements.txt + -r{toxinidir}/test-requirements.txt +whitelist_externals = + bash + +[testenv:bashate] +# Treat all E* codes as Errors rather than warnings using: -e 'E*' +commands = + bash -c "find {toxinidir} \ + -not \( -type d -name .?\* -prune \) \ + -type f \ + -not -name \*~ \ + -not -name \*.md \ + -name \*.sh \ + -print0 | xargs -r -n 1 -0 bashate -v \ + -e 'E*'" + +[testenv:linters] +commands = + {[testenv:bashate]commands}