airship/deckhand
Code Issues Proposed changes
6ff443de2d
deckhand/tox.ini
Felipe Monteiro 582dee6fb9 DECKHAND-61: oslo.policy integration 
This PS implements oslo.policy integration in Deckhand.
The policy.py file implements 2 types of functions for
performing policy enforcement in Deckhand: authorize,
which is a decorator that is used directly around
falcon on_HTTP_VERB methods that raises a 403 immediately
if policy enforcement fails; and conditional_authorize,
to be used inside controller code conditionally.

For example, since Deckhand has two types of documents
with respect to security -- encrypted and cleartext
documents -- policy enforcement is conditioned on the
type of the documents' metadata.storagePolicy.

Included in this PS:
  - policy framework implementation
  - policy in code and policy documentation for all
    Deckhand policies
  - modification of functional test script to override
    default admin-only policies with custom policy file
    dynamically created using lax permissions
  - bug fix for filtering out deleted documents (and
    its predecessors in previous revisions) for
    PUT /revisions/{revision_id}/documents
  - policy documentation
  - basic unit tests for policy enforcement framework
  - allow functional tests to be filtered via regex

Due to the size of this PS, functional tests related to
policy enforcement will be done in a follow up.

Change-Id: If418129f9b401091e098c0bd6c7336b8a5cd2359
2017-10-07 18:43:28 +01:00

91 lines
2.6 KiB
INI
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

[tox]
envlist = py{35,27},pep8
[testenv]
usedevelop = True
whitelist_externals = bash
find
rm
flake8
setenv = VIRTUAL_ENV={envdir}
OS_TEST_PATH=./deckhand/tests/unit
LANGUAGE=en_US
LC_ALL=en_US.utf-8
passenv = OS_STDOUT_CAPTURE OS_STDERR_CAPTURE OS_TEST_TIMEOUT OS_TEST_LOCK_PATH OS_TEST_PATH http_proxy HTTP_PROXY https_proxy HTTPS_PROXY no_proxy NO_PROXY
deps = -r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
commands =
find . -type f -name "*.pyc" -delete
rm -Rf .testrepository/times.dbm
[testenv:py27]
commands =
{[testenv]commands}
ostestr '{posargs}'
[testenv:py27-postgresql]
commands =
{[testenv]commands}
pifpaf run postgresql -- '{toxinidir}'/tools/pretty_tox.sh '--concurrency=1 {posargs}'
[testenv:py35]
commands =
{[testenv]commands}
ostestr '{posargs}'
[testenv:py35-postgresql]
commands =
{[testenv]commands}
pifpaf run postgresql -- '{toxinidir}'/tools/pretty_tox.sh '--concurrency=1 {posargs}'
[testenv:functional]
usedevelop = True
setenv = VIRTUAL_ENV={envdir}
OS_TEST_PATH=./deckhand/tests/functional
LANGUAGE=en_US
deps = -r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
commands =
find . -type f -name "*.pyc" -delete
{toxinidir}/tools/functional-tests.sh '{posargs}'
[testenv:cover]
commands =
coverage erase
find . -type f -name "*.pyc" -delete
python setup.py testr --coverage --testr-args='{posargs}'
coverage report
[testenv:bandit]
whitelist_externals = bandit
commands =
bandit -r deckhand -x deckhand/tests -n 5
[testenv:releasenotes]
commands = sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html
[testenv:genconfig]
commands = oslo-config-generator --config-file=etc/deckhand/config-generator.conf
[testenv:genpolicy]
commands = oslopolicy-sample-generator --config-file=etc/deckhand/policy-generator.conf
[testenv:pep8]
commands = flake8 {posargs}
[flake8]
# [H106] Dont put vim configuration in source files.
# [H203] Use assertIs(Not)None to check for None.
# [H204] Use assert(Not)Equal to check for equality.
# [H205] Use assert(Greater|Less)(Equal) for comparison.
# [H210] Require autospec, spec, or spec_set in mock.patch/mock.patch.object calls
# [H904] Delay string interpolations at logging calls.
enable-extensions = H106,H203,H204,H205,H210,H904
ignore = E127,E128,E129,E131,H405
exclude = .venv,.git,.tox,dist,*lib/python*,*egg,build,releasenotes,doc
[testenv:docs]
commands =
rm -rf doc/build
python setup.py build_sphinx {posargs}
View Git Blame Copy Permalink