airship/drydock
Code Issues Proposed changes

[focal] Python modules sync with Airship project

Browse Source 
- uplifted some python modules
- fixed tox4 requirements
- added focal build node as a default one
- added bindep.txt and bindep role to playbooks and docker image build process
- changes Makefile to reflect GoLang and dependency management changes
- upgraded Helm to v3 for chart build process
- uplifted postgresql version to 14.6
- fixed deprecated falcon.API - replaced with falcon.APP
- fixed upstream docker image publishing process

Change-Id: I307d72bb7680f6f5c71e42ad30666cf786420460
This commit is contained in:
Sergiy Markin 2023-04-07 00:00:12 +00:00
parent 98f3d886d8
commit 415a8b52c5
34 changed files with 2137 additions and 427 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.gitignore vendored
View File

@ -6,6 +6,9 @@ __pycache__/
# C extensions
*.so
# Go
baclient_built
# Distribution / packaging
.Python
build/
@ -108,3 +111,8 @@ ENV/
# Chart artifacts
charts/drydock/charts
charts/drydock/requirements.lock
/charts/*.tgz
/charts/*/charts
/charts/*/requirements.lock
/charts/deps/*/
/*.tgz

2
.readthedocs.yaml
View File

@ -19,7 +19,7 @@ formats:
# Optionally set the version of Python and requirements required to build your docs
python:
version: 3.7
version: 3.8
install:
- requirements: doc/requirements-doc.txt
- requirements: python/requirements-lock.txt

68
.zuul.yaml
View File

@ -21,18 +21,15 @@
- airship-drydock-omni-test
- airship-drydock-chart-build-gate
- airship-drydock-chart-build-latest-htk
- airship-drydock-docker-build-gate-ubuntu_xenial
- airship-drydock-docker-build-gate-ubuntu_bionic
- airship-drydock-docker-build-gate-ubuntu_focal
gate:
jobs:
- airship-drydock-omni-test
- airship-drydock-chart-build-gate
- airship-drydock-docker-build-gate-ubuntu_xenial
- airship-drydock-docker-build-gate-ubuntu_bionic
- airship-drydock-docker-build-gate-ubuntu_focal
post:
jobs:
- airship-drydock-docker-publish-ubuntu_xenial
- airship-drydock-docker-publish-ubuntu_bionic
- airship-drydock-docker-publish-ubuntu_focal
- drydock-upload-git-mirror
- nodeset:
@ -41,6 +38,12 @@
- name: primary
label: ubuntu-bionic
- nodeset:
name: airship-drydock-single-node-focal
nodes:
- name: primary
label: ubuntu-focal
- job:
name: airship-drydock-omni-test
description: |
@ -50,7 +53,7 @@
required-projects:
- openstack/openstack-helm-infra
timeout: 3600
nodeset: airship-drydock-single-node
nodeset: airship-drydock-single-node-focal
- job:
name: airship-drydock-chart-build-gate
@ -58,7 +61,7 @@
Builds charts using pinned Helm toolkit.
timeout: 900
run: tools/gate/playbooks/build-charts.yaml
nodeset: airship-drydock-single-node
nodeset: airship-drydock-single-node-focal
- job:
name: airship-drydock-chart-build-latest-htk
@ -67,46 +70,31 @@
timeout: 900
voting: false
run: tools/gate/playbooks/build-charts.yaml
nodeset: airship-drydock-single-node
nodeset: airship-drydock-single-node-focal
vars:
HTK_COMMIT: master
- job:
name: airship-drydock-docker-build-gate-ubuntu_xenial
name: airship-drydock-docker-build-gate-ubuntu_focal
timeout: 1800
run: tools/gate/playbooks/docker-image-build.yaml
nodeset: airship-drydock-single-node
nodeset: airship-drydock-single-node-focal
irrelevant-files:
- '^doc/.*'
- '^charts/.*'
vars:
publish: false
distro: ubuntu_xenial
tags:
dynamic:
patch_set: true
- job:
name: airship-drydock-docker-build-gate-ubuntu_bionic
timeout: 1800
run: tools/gate/playbooks/docker-image-build.yaml
nodeset: airship-drydock-single-node
irrelevant-files:
- '^doc/.*'
- '^charts/.*'
vars:
publish: false
distro: ubuntu_bionic
distro: ubuntu_focal
tags:
dynamic:
patch_set: true
- job:
name: airship-drydock-docker-publish-ubuntu_xenial
name: airship-drydock-docker-publish-ubuntu_focal
timeout: 1800
run: tools/gate/playbooks/docker-image-build.yaml
nodeset: airship-drydock-single-node
nodeset: airship-drydock-single-node-focal
secrets:
- airship_drydock_quay_creds
irrelevant-files:
@ -114,27 +102,7 @@
- '^charts/.*'
vars:
publish: true
distro: ubuntu_xenial
tags:
dynamic:
branch: true
commit: true
static:
- latest
- job:
name: airship-drydock-docker-publish-ubuntu_bionic
timeout: 1800
run: tools/gate/playbooks/docker-image-build.yaml
nodeset: airship-drydock-single-node
secrets:
- airship_drydock_quay_creds
irrelevant-files:
- '^doc/.*'
- '^charts/.*'
vars:
publish: true
distro: ubuntu_bionic
distro: ubuntu_focal
tags:
dynamic:
branch: true

31
Makefile
View File

@ -19,7 +19,7 @@ IMAGE_PREFIX ?= airshipit
IMAGE_TAG ?= dev
HELM := $(shell realpath $(BUILD_DIR))/helm
UBUNTU_BASE_IMAGE ?=
DISTRO ?= ubuntu_bionic
DISTRO ?= ubuntu_focal
PROXY ?= http://proxy.foo.com:8000
NO_PROXY ?= localhost,127.0.0.1,.svc.cluster.local
USE_PROXY ?= false
@ -40,21 +40,16 @@ run_images: run_drydock
# Run tests
tests: pep8 security docs unit_tests test_baclient
# Install external (not managed by tox/pip) dependencies
external_dep: requirements-host.txt requirements-host-test.txt
sudo ./hostdeps.sh
touch external_dep
# Run unit and Postgres integration tests in coverage mode
coverage_test: build_drydock
tox -re cover
# Run just unit tests
unit_tests: external_dep
tox -re py36 $(TESTS)
unit_tests:
tox -re py38 $(TESTS)
# Run just DB integration tests
db_integration_tests: external_dep
db_integration_tests:
tox -re integration $(TESTS)
# Freeze full set of Python requirements
@ -91,27 +86,27 @@ helm-install:
# Make targets intended for use by the primary targets above.
build_drydock: external_dep
build_drydock:
export; tools/drydock_image_build.sh
ifeq ($(PUSH_IMAGE), true)
docker push $(IMAGE)
endif
# Make target for building bootaction signal client
build_baclient: external_dep
sudo ./tools/baclient_build.sh $(shell realpath go) $(shell realpath ${BUILD_DIR})
build_baclient:
./tools/baclient_build.sh $(shell realpath go) $(shell realpath ${BUILD_DIR})
touch ./baclient_built
# Make target for testing bootaction signal client
test_baclient: external_dep build_baclient
GOPATH=$(shell realpath go) go test -v baclient
test_baclient: build_baclient
GOPATH=$(shell realpath go) GO111MODULE=off go test -v baclient
docs: clean drydock_docs
security: external_dep
security:
tox -e bandit
drydock_docs: external_dep render_diagrams genpolicy genconfig
drydock_docs: render_diagrams genpolicy genconfig
tox -e docs
render_diagrams:
@ -129,12 +124,14 @@ clean:
rm -rf charts/drydock/charts
rm -rf charts/drydock/requirements.lock
pep8: external_dep
pep8:
tox -e pep8
helm_lint: helm-init
$(HELM) dep up charts/drydock
$(HELM) lint charts/drydock
.PHONY: build_baclient build_drydock charts clean coverage_test \
db_integration_tests docs drydock drydock_docs dry-run genconfig \
genpolicy helm-init helm-install helm_lint images lint pep8 \

25
bindep.txt Normal file
View File

@ -0,0 +1,25 @@
# These are host packages needed for Drydock
# that don't come on a minimal Ubuntu install
build-essential
curl
git
golang-go
libffi-dev
libkrb5-dev
libpq-dev
libre2-dev
libsasl2-dev
libssl-dev
libvirt-dev
libzmq3-dev
netbase
pkg-config
python3-dev
python3-pip
python3-setuptools
ssh
tox
# PlantUML is used for documentation builds, graphviz is it's soft dependancy
plantuml
graphviz

0
charts/deps/.gitkeep Normal file
View File

2
charts/drydock/requirements.yaml
View File

@ -14,5 +14,5 @@
dependencies:
- name: helm-toolkit
repository: http://localhost:8879/charts
repository: file://../deps/helm-toolkit
version: ">= 0.1.0"

2
charts/drydock/values.yaml
View File

@ -35,7 +35,7 @@ images:
ks_user: docker.io/openstackhelm/heat:newton
ks_service: docker.io/openstackhelm/heat:newton
ks_endpoints: docker.io/openstackhelm/heat:newton
drydock_db_init: docker.io/postgres:9.5
drydock_db_init: docker.io/postgres:14.6
drydock_db_cleanup: quay.io/airshipit/drydock:master
drydock_db_sync: quay.io/airshipit/drydock:master
pull_policy: "IfNotPresent"

9
doc/requirements-doc.txt
View File

@ -1,4 +1,5 @@
sphinx>=1.6.2
sphinx_rtd_theme==0.2.4
oslo.versionedobjects
falcon
sphinx_rtd_theme==1.2.0
pylibyaml==0.1.0
oslo_versionedobjects==3.1.0
falcon==3.1.1
keystoneauth1==5.1.2

117
doc/source/_static/drydock.conf.sample
View File

@ -78,7 +78,7 @@
# Domain name containing project (string value)
#project_domain_name = <None>
# Trust ID (string value)
# ID of the trust to use as a trustee use (string value)
#trust_id = <None>
# Optional domain ID to use with v3 and v2 parameters. It will be used for both
@ -114,15 +114,35 @@
# Complete "public" Identity API endpoint. This endpoint should not be an
# "admin" endpoint, as it should be accessible by all end users. Unauthenticated
# clients are redirected to this endpoint to authenticate. Although this
# endpoint should ideally be unversioned, client support in the wild varies.
# If you're using a versioned v2 endpoint here, then this should *not* be the
# same endpoint the service user utilizes for validating tokens, because normal
# end users may not be able to reach that endpoint. (string value)
# endpoint should ideally be unversioned, client support in the wild varies. If
# you're using a versioned v2 endpoint here, then this should *not* be the same
# endpoint the service user utilizes for validating tokens, because normal end
# users may not be able to reach that endpoint. (string value)
# Deprecated group/name - [keystone_authtoken]/auth_uri
#www_authenticate_uri = <None>
# DEPRECATED: Complete "public" Identity API endpoint. This endpoint should not
# be an "admin" endpoint, as it should be accessible by all end users.
# Unauthenticated clients are redirected to this endpoint to authenticate.
# Although this endpoint should ideally be unversioned, client support in the
# wild varies. If you're using a versioned v2 endpoint here, then this should
# *not* be the same endpoint the service user utilizes for validating tokens,
# because normal end users may not be able to reach that endpoint. This option
# is deprecated in favor of www_authenticate_uri and will be removed in the S
# release. (string value)
# This option is deprecated for removal since Queens.
# Its value may be silently ignored in the future.
# Reason: The auth_uri option is deprecated in favor of www_authenticate_uri and
# will be removed in the S release.
#auth_uri = <None>
# API version of the admin Identity API endpoint. (string value)
# API version of the Identity API endpoint. (string value)
#auth_version = <None>
# Interface to use for the Identity API endpoint. Valid values are "public",
# "internal" (default) or "admin". (string value)
#interface = internal
# Do not handle authorization requests within the middleware, but delegate the
# authorization decision to downstream WSGI components. (boolean value)
#delay_auth_decision = false
@ -157,9 +177,6 @@
# The region in which the identity server can be found. (string value)
#region_name = <None>
# Directory used to cache files related to PKI tokens. (string value)
#signing_dir = <None>
# Optionally specify a list of memcached server(s) to use for caching. If left
# undefined, tokens will instead be cached in-process. (list value)
# Deprecated group/name - [keystone_authtoken]/memcache_servers
@ -170,12 +187,6 @@
# -1 to disable caching completely. (integer value)
#token_cache_time = 300
# Determines the frequency at which the list of revoked tokens is retrieved from
# the Identity service (in seconds). A high number of revocation events combined
# with a low cache duration may significantly reduce performance. Only valid for
# PKI tokens. (integer value)
#revocation_cache_time = 10
# (Optional) If defined, indicate whether token data should be authenticated or
# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
# in the cache. If ENCRYPT, token data is encrypted and authenticated in the
@ -211,9 +222,9 @@
# client connection from the pool. (integer value)
#memcache_pool_conn_get_timeout = 10
# (Optional) Use the advanced (eventlet safe) memcached client pool. The
# advanced pool will only work under python 2.x. (boolean value)
#memcache_use_advanced_pool = false
# (Optional) Use the advanced (eventlet safe) memcached client pool. (boolean
# value)
#memcache_use_advanced_pool = true
# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
# middleware will not ask for service catalog on token validation and will not
@ -229,19 +240,23 @@
# value)
#enforce_token_bind = permissive
# If true, the revocation list will be checked for cached tokens. This requires
# that PKI tokens are configured on the identity server. (boolean value)
#check_revocations_for_cached = false
# A choice of roles that must be present in a service token. Service tokens are
# allowed to request that an expired token can be used and so this check should
# tightly control that only actual services should be sending this token. Roles
# here are applied as an ANY check so any role in this list must be present. For
# backwards compatibility reasons this currently only affects the allow_expired
# check. (list value)
#service_token_roles = service
# Hash algorithms to use for hashing PKI tokens. This may be a single algorithm
# or multiple. The algorithms are those supported by Python standard
# hashlib.new(). The hashes will be tried in the order given, so put the
# preferred one first for performance. The result of the first hash will be
# stored in the cache. This will typically be set to multiple values only while
# migrating from a less secure algorithm to a more secure one. Once all the old
# tokens are expired this option should be set to a single value for better
# performance. (list value)
#hash_algorithms = md5
# For backwards compatibility reasons we must let valid service tokens pass that
# don't pass the service_token_roles check as valid. Setting this true will
# become the default in a future release and should be enabled if possible.
# (boolean value)
#service_token_roles_required = false
# The name or type of the service as it appears in the service catalog. This is
# used to validate tokens that have restricted access rules. (string value)
#service_type = <None>
# Authentication type to load (string value)
# Deprecated group/name - [keystone_authtoken]/auth_plugin
@ -335,7 +350,28 @@
# From oslo.policy
#
# The file that defines policies. (string value)
# This option controls whether or not to enforce scope when evaluating policies.
# If ``True``, the scope of the token used in the request is compared to the
# ``scope_types`` of the policy being enforced. If the scopes do not match, an
# ``InvalidScope`` exception will be raised. If ``False``, a message will be
# logged informing operators that policies are being invoked with mismatching
# scope. (boolean value)
#enforce_scope = false
# This option controls whether or not to use old deprecated defaults when
# evaluating policies. If ``True``, the old deprecated defaults are not going to
# be evaluated. This means if any existing token is allowed for old defaults but
# is disallowed for new defaults, it will be disallowed. It is encouraged to
# enable this flag along with the ``enforce_scope`` flag so that you can get the
# benefits of new defaults and ``scope_type`` together. If ``False``, the
# deprecated policy check string is logically OR'd with the new policy check
# string, allowing for a graceful upgrade experience between releases with new
# policies, which is the default behavior. (boolean value)
#enforce_new_defaults = false
# The relative or absolute path of a file that maps roles to permissions for a
# given service. Relative paths must be specified in relation to the
# configuration file setting this option. (string value)
#policy_file = policy.json
# Default rule. Enforced when a requested rule is not found. (string value)
@ -348,6 +384,25 @@
# valued)
#policy_dirs = policy.d
# Content Type to send and receive data for REST based policy check (string
# value)
# Possible values:
# application/x-www-form-urlencoded - <No description provided>
# application/json - <No description provided>
#remote_content_type = application/x-www-form-urlencoded
# server identity verification for REST based policy check (boolean value)
#remote_ssl_verify_server_crt = false
# Absolute path to ca cert file for REST based policy check (string value)
#remote_ssl_ca_crt_file = <None>
# Absolute path to client cert for REST based policy check (string value)
#remote_ssl_client_crt_file = <None>
# Absolute path client key file REST based policy check (string value)
#remote_ssl_client_key_file = <None>
[plugins]

2
doc/source/conf.py
View File

@ -77,7 +77,7 @@ release = u'0.1.0'
#
# This is also used if you do content translation via gettext catalogs.
# Usually you set "language" from the command line for these cases.
language = None
language = 'en'
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.

BIN
doc/source/images/architecture.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 21 KiB

After

Width:  |  Height:  |  Size: 26 KiB

BIN
doc/source/images/basic_task_sequence.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 57 KiB

After

Width:  |  Height:  |  Size: 69 KiB

117
etc/drydock/drydock.conf.sample
View File

@ -78,7 +78,7 @@
# Domain name containing project (string value)
#project_domain_name = <None>
# Trust ID (string value)
# ID of the trust to use as a trustee use (string value)
#trust_id = <None>
# Optional domain ID to use with v3 and v2 parameters. It will be used for both
@ -114,15 +114,35 @@
# Complete "public" Identity API endpoint. This endpoint should not be an
# "admin" endpoint, as it should be accessible by all end users. Unauthenticated
# clients are redirected to this endpoint to authenticate. Although this
# endpoint should ideally be unversioned, client support in the wild varies.
# If you're using a versioned v2 endpoint here, then this should *not* be the
# same endpoint the service user utilizes for validating tokens, because normal
# end users may not be able to reach that endpoint. (string value)
# endpoint should ideally be unversioned, client support in the wild varies. If
# you're using a versioned v2 endpoint here, then this should *not* be the same
# endpoint the service user utilizes for validating tokens, because normal end
# users may not be able to reach that endpoint. (string value)
# Deprecated group/name - [keystone_authtoken]/auth_uri
#www_authenticate_uri = <None>
# DEPRECATED: Complete "public" Identity API endpoint. This endpoint should not
# be an "admin" endpoint, as it should be accessible by all end users.
# Unauthenticated clients are redirected to this endpoint to authenticate.
# Although this endpoint should ideally be unversioned, client support in the
# wild varies. If you're using a versioned v2 endpoint here, then this should
# *not* be the same endpoint the service user utilizes for validating tokens,
# because normal end users may not be able to reach that endpoint. This option
# is deprecated in favor of www_authenticate_uri and will be removed in the S
# release. (string value)
# This option is deprecated for removal since Queens.
# Its value may be silently ignored in the future.
# Reason: The auth_uri option is deprecated in favor of www_authenticate_uri and
# will be removed in the S release.
#auth_uri = <None>
# API version of the admin Identity API endpoint. (string value)
# API version of the Identity API endpoint. (string value)
#auth_version = <None>
# Interface to use for the Identity API endpoint. Valid values are "public",
# "internal" (default) or "admin". (string value)
#interface = internal
# Do not handle authorization requests within the middleware, but delegate the
# authorization decision to downstream WSGI components. (boolean value)
#delay_auth_decision = false
@ -157,9 +177,6 @@
# The region in which the identity server can be found. (string value)
#region_name = <None>
# Directory used to cache files related to PKI tokens. (string value)
#signing_dir = <None>
# Optionally specify a list of memcached server(s) to use for caching. If left
# undefined, tokens will instead be cached in-process. (list value)
# Deprecated group/name - [keystone_authtoken]/memcache_servers
@ -170,12 +187,6 @@
# -1 to disable caching completely. (integer value)
#token_cache_time = 300
# Determines the frequency at which the list of revoked tokens is retrieved from
# the Identity service (in seconds). A high number of revocation events combined
# with a low cache duration may significantly reduce performance. Only valid for
# PKI tokens. (integer value)
#revocation_cache_time = 10
# (Optional) If defined, indicate whether token data should be authenticated or
# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
# in the cache. If ENCRYPT, token data is encrypted and authenticated in the
@ -211,9 +222,9 @@
# client connection from the pool. (integer value)
#memcache_pool_conn_get_timeout = 10
# (Optional) Use the advanced (eventlet safe) memcached client pool. The
# advanced pool will only work under python 2.x. (boolean value)
#memcache_use_advanced_pool = false
# (Optional) Use the advanced (eventlet safe) memcached client pool. (boolean
# value)
#memcache_use_advanced_pool = true
# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
# middleware will not ask for service catalog on token validation and will not
@ -229,19 +240,23 @@
# value)
#enforce_token_bind = permissive
# If true, the revocation list will be checked for cached tokens. This requires
# that PKI tokens are configured on the identity server. (boolean value)
#check_revocations_for_cached = false
# A choice of roles that must be present in a service token. Service tokens are
# allowed to request that an expired token can be used and so this check should
# tightly control that only actual services should be sending this token. Roles
# here are applied as an ANY check so any role in this list must be present. For
# backwards compatibility reasons this currently only affects the allow_expired
# check. (list value)
#service_token_roles = service
# Hash algorithms to use for hashing PKI tokens. This may be a single algorithm
# or multiple. The algorithms are those supported by Python standard
# hashlib.new(). The hashes will be tried in the order given, so put the
# preferred one first for performance. The result of the first hash will be
# stored in the cache. This will typically be set to multiple values only while
# migrating from a less secure algorithm to a more secure one. Once all the old
# tokens are expired this option should be set to a single value for better
# performance. (list value)
#hash_algorithms = md5
# For backwards compatibility reasons we must let valid service tokens pass that
# don't pass the service_token_roles check as valid. Setting this true will
# become the default in a future release and should be enabled if possible.
# (boolean value)
#service_token_roles_required = false
# The name or type of the service as it appears in the service catalog. This is
# used to validate tokens that have restricted access rules. (string value)
#service_type = <None>
# Authentication type to load (string value)
# Deprecated group/name - [keystone_authtoken]/auth_plugin
@ -335,7 +350,28 @@
# From oslo.policy
#
# The file that defines policies. (string value)
# This option controls whether or not to enforce scope when evaluating policies.
# If ``True``, the scope of the token used in the request is compared to the
# ``scope_types`` of the policy being enforced. If the scopes do not match, an
# ``InvalidScope`` exception will be raised. If ``False``, a message will be
# logged informing operators that policies are being invoked with mismatching
# scope. (boolean value)
#enforce_scope = false
# This option controls whether or not to use old deprecated defaults when
# evaluating policies. If ``True``, the old deprecated defaults are not going to
# be evaluated. This means if any existing token is allowed for old defaults but
# is disallowed for new defaults, it will be disallowed. It is encouraged to
# enable this flag along with the ``enforce_scope`` flag so that you can get the
# benefits of new defaults and ``scope_type`` together. If ``False``, the
# deprecated policy check string is logically OR'd with the new policy check
# string, allowing for a graceful upgrade experience between releases with new
# policies, which is the default behavior. (boolean value)
#enforce_new_defaults = false
# The relative or absolute path of a file that maps roles to permissions for a
# given service. Relative paths must be specified in relation to the
# configuration file setting this option. (string value)
#policy_file = policy.json
# Default rule. Enforced when a requested rule is not found. (string value)
@ -348,6 +384,25 @@
# valued)
#policy_dirs = policy.d
# Content Type to send and receive data for REST based policy check (string
# value)
# Possible values:
# application/x-www-form-urlencoded - <No description provided>
# application/json - <No description provided>
#remote_content_type = application/x-www-form-urlencoded
# server identity verification for REST based policy check (boolean value)
#remote_ssl_verify_server_crt = false
# Absolute path to ca cert file for REST based policy check (string value)
#remote_ssl_ca_crt_file = <None>
# Absolute path to client cert for REST based policy check (string value)
#remote_ssl_client_crt_file = <None>
# Absolute path client key file REST based policy check (string value)
#remote_ssl_client_key_file = <None>
[plugins]

1
go/src/baclient/go.mod Normal file
View File

@ -0,0 +1 @@
module baclient

43
hostdeps.sh
View File

@ -1,43 +0,0 @@
#!/bin/bash
# Install host-level package dependencies
# needed for local testing
set -x
if [[ ! -z $(uname -a | grep Ubuntu) ]]
then
apt-get update
installed_pkgs=$(dpkg --get-selections | awk '!/deinstall/ { gsub(/:.*/,"",$1); print $1 }')
set -a added_pkgs
for reqfile in $(ls requirements-host*.txt)
do
for l in $(grep -vE '(^ *#)|(^$)' "${reqfile}")
do
# Do extra magic to support a list of alternative packages separated by '|'
# none of the packages are found, install the first one listed
IFS='|' read -a pkgalts <<< "${l}"
pkgfound=0
for a in "${pkgalts[@]}"
do
if grep -qE "^${a}$" <<< "${installed_pkgs}"
then
pkgfound=1
break
fi
done
if [[ "${pkgfound}" -eq 0 ]]
then
added_pkgs+=("${pkgalts[0]}")
fi
done
done
if [[ ${#added_pkgs[@]} -gt 0 ]]
then
DEBIAN_FRONTEND=noninteractive apt-get \
-o Dpkg::Options::="--force-confdef" \
-o Dpkg::Options::="--force-confold" \
install -y --no-install-recommends "${added_pkgs[@]}"
fi
else
echo "Only support testing on Ubuntu hosts at this time."
fi

56
images/drydock/Dockerfile.ubuntu_xenial → images/drydock/Dockerfile.ubuntu_focal
View File

@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
ARG FROM=ubuntu:16.04
ARG FROM=ubuntu:20.04
FROM ${FROM} AS baclient_builder
ARG UBUNTU_REPO=http://archive.ubuntu.com/ubuntu
@ -23,16 +23,23 @@ ENV container docker
ENV LC_ALL C.UTF-8
ENV LANG C.UTF-8
# Copy direct dependency requirements only to build a dependency layer
RUN echo "deb ${UBUNTU_REPO} xenial main restricted universe multiverse" > /etc/apt/sources.list; \
echo "deb ${UBUNTU_REPO} xenial-security main restricted universe multiverse" >> /etc/apt/sources.list; \
echo "deb ${UBUNTU_REPO} xenial-updates main restricted universe multiverse" >> /etc/apt/sources.list; \
cat /etc/apt/sources.list; \
echo "APT::Get::AllowUnauthenticated ${ALLOW_UNAUTHENTICATED};" >> /etc/apt/apt.conf.d/00-local-mirrors;
COPY ./bindep.txt /tmp/drydock/
WORKDIR /tmp/drydock
RUN apt update \
&& apt install -y --allow-downgrades \
python3 \
python3-dev \
python3-pip \
python3-venv \
python3-setuptools \
&& DEBIAN_FRONTEND=noninteractive apt install --no-install-recommends -y tzdata \
&& pip3 install bindep \
&& bindep -f /tmp/drydock/bindep.txt --brief | xargs apt install -y
COPY ./tools/baclient_build.sh /tmp/drydock/
COPY ./go /tmp/drydock/go
WORKDIR /tmp/drydock
RUN ./baclient_build.sh /tmp/drydock/go /tmp/drydock/baclient
@ -73,29 +80,36 @@ ENV PORT 9000
ENV LC_ALL C.UTF-8
ENV LANG C.UTF-8
# Copy direct dependency requirements only to build a dependency layer
RUN echo "deb ${UBUNTU_REPO} xenial main restricted universe multiverse" > /etc/apt/sources.list; \
echo "deb ${UBUNTU_REPO} xenial-security main restricted universe multiverse" >> /etc/apt/sources.list; \
echo "deb ${UBUNTU_REPO} xenial-updates main restricted universe multiverse" >> /etc/apt/sources.list; \
cat /etc/apt/sources.list; \
echo "APT::Get::AllowUnauthenticated ${ALLOW_UNAUTHENTICATED};" >> /etc/apt/apt.conf.d/00-local-mirrors;
COPY ./requirements-host.txt /tmp/drydock/
COPY ./hostdeps.sh /tmp/drydock
# COPY ./bindep-python.txt /tmp/drydock/
WORKDIR /tmp/drydock
RUN ./hostdeps.sh; \
rm -r /var/lib/apt/lists/*
RUN DEBIAN_FRONTEND=noninteractive \
apt update \
&& DEBIAN_FRONTEND=noninteractive \
apt install -y \
--allow-downgrades \
--no-install-recommends \
python3-dev \
python3-pip \
python3-setuptools \
pkg-config \
libvirt-dev \
libssl-dev \
gcc \
ssh\
curl \
netbase \
&& rm -r /var/lib/apt/lists/*
# Install LibYAML
ENV LD_LIBRARY_PATH=/usr/local/lib
COPY --from=baclient_builder /usr/local/lib /usr/local/lib
COPY --from=baclient_builder /usr/local/include/yaml.h /usr/local/include/yaml.h
RUN python3 -m pip install -U 'pip<21.0'
COPY ./python/requirements-lock.txt /tmp/drydock/
RUN cat /tmp/drydock/requirements-lock.txt | xargs -d '\n' \
-l1 pip3 -vv install --no-cache-dir
RUN pip3 install \
--no-cache-dir \
-r /tmp/drydock/requirements-lock.txt
COPY ./python /tmp/drydock/python
WORKDIR /tmp/drydock/python

2
python/drydock_provisioner/control/api.py
View File

@ -45,7 +45,7 @@ def start_api(state_manager=None, ingester=None, orchestrator=None):
part input
:param orchestrator: Instance of drydock_provisioner.orchestrator.Orchestrator for managing tasks
"""
control_api = falcon.API(
control_api = falcon.App(
request_type=DrydockRequest,
middleware=[
AuthMiddleware(),

53
python/requirements-direct.txt
View File

@ -1,29 +1,30 @@
pylibyaml~=0.1
PyYAML~=5.3.1
pyghmi==1.0.18
netaddr
falcon
oslo.versionedobjects==1.23.0
requests
oauthlib
uwsgi==2.0.17.1
pymongo==3.6.1
oslo.config==7.0.0
# edited with compartibility with shipyard's apache-airflow 1.10.15
alembic==1.4.3
Beaker==1.12.0
click==6.7
PasteDeploy==1.5.2
PTable==0.9.2
keystonemiddleware==4.9.1
oslo.policy==1.22.1
iso8601==0.1.11
keystoneauth1==3.18.0
alembic==0.8.2
sqlalchemy==1.2.8
defusedxml===0.6.0
falcon==3.1.1
iso8601==0.1.13
jinja2==3.0.3
jsonschema==3.2.0
keystoneauth1==5.1.1
keystonemiddleware==10.2.0
libvirt-python==9.2.0
netaddr==0.8.0
oauthlib==3.1.0
oslo.config==8.7.1
oslo.policy==3.10.1
oslo.versionedobjects==2.4.0
Paste==3.5.0
PasteDeploy==3.0.1
psycopg2-binary==2.8.4
jsonschema==2.6.0
jsonschema>=3.0.1<4
jinja2==2.10
PTable==0.9.2
pyghmi==1.5.60
pylibyaml==0.1.0
pymongo==3.10.1
PyYAML==5.4.1
redfish==3.1.9
requests==2.23.0
SQLAlchemy==1.2.8
ulid2==0.1.1
defusedxml===0.5.0
libvirt-python==3.10.0
beaker==1.9.1
redfish==2.0.1
uWSGI==2.0.21

198
python/requirements-lock.txt
View File

@ -1,82 +1,132 @@
alembic==0.8.2
amqp==2.6.0
Babel==2.6.0
Beaker==1.9.1
cachetools==2.1.0
certifi==2018.8.24
alabaster==0.7.13
alembic==1.4.3
amqp==5.1.1
attrs==22.2.0
Babel==2.12.1
bandit==1.7.5
bcrypt==4.0.1
Beaker==1.12.0
cachetools==5.3.0
certifi==2022.12.7
cffi==1.15.1
chardet==3.0.4
click==6.7
contextlib2==0.5.5
debtcollector==1.20.0
defusedxml==0.5.0
dnspython==1.15.0
eventlet==0.24.1
falcon==1.4.1
fasteners==0.14.1
futurist==1.7.0
greenlet==0.4.15
idna==2.7
iso8601==0.1.11
Jinja2==2.10
jsonschema>=3.0.1<4
keystoneauth1==3.18.0
keystonemiddleware==4.9.1
kombu==4.6.11
libvirt-python==3.10.0
Mako==1.0.7
MarkupSafe~=1.1.1
monotonic==1.5
msgpack==0.5.6
netaddr==0.7.19
netifaces==0.10.7
oauthlib==2.1.0
oslo.concurrency==3.28.0
oslo.config==7.0.0
oslo.context==2.21.0
oslo.i18n==3.22.0
oslo.log==3.45.2
oslo.messaging==8.1.1
oslo.middleware==3.36.0
oslo.policy==1.22.1
oslo.serialization==2.29.2
oslo.service==1.32.0
oslo.utils==3.42.1
oslo.versionedobjects==1.23.0
Paste==2.0.3
PasteDeploy==1.5.2
pbr==5.4.5
pip==18.0
positional==1.2.1
prettytable==0.7.2
coverage==7.2.3
cryptography==40.0.1
debtcollector==2.5.0
decorator==5.1.1
defusedxml==0.6.0
dnspython==2.3.0
docutils==0.19
dogpile.cache==1.1.8
eventlet==0.33.3
falcon==3.1.1
fasteners==0.18
fixtures==4.0.1
flake8==6.0.0
futurist==2.4.1
gitdb==4.0.10
GitPython==3.1.31
greenlet==2.0.2
idna==2.10
imagesize==1.4.1
iniconfig==2.0.0
iso8601==0.1.13
Jinja2==3.0.3
jsonpatch==1.32
jsonpath-rw==1.4.0
jsonpointer==2.3
jsonschema==3.2.0
keystoneauth1==5.1.1
keystonemiddleware==10.2.0
kombu==5.2.4
libvirt-python==9.2.0
Mako==1.2.4
markdown-it-py==2.2.0
MarkupSafe==2.1.2
mccabe==0.7.0
mdurl==0.1.2
mock==5.0.1
msgpack==1.0.5
netaddr==0.8.0
netifaces==0.11.0
oauthlib==3.1.0
os-service-types==1.7.0
oslo.cache==3.3.1
oslo.concurrency==5.1.1
oslo.config==8.7.1
oslo.context==5.1.1
oslo.i18n==6.0.0
oslo.log==5.2.0
oslo.messaging==14.2.0
oslo.metrics==0.6.0
oslo.middleware==5.1.1
oslo.policy==3.10.1
oslo.serialization==5.1.1
oslo.service==3.1.1
oslo.utils==6.1.0
oslo.versionedobjects==2.4.0
packaging==23.0
Paste==3.5.0
PasteDeploy==3.0.1
pbr==5.11.1
pip==23.0.1
pluggy==1.0.0
ply==3.11
prometheus-client==0.16.0
psycopg2-binary==2.8.4
PTable==0.9.2
pycadf==2.8.0
pycrypto==2.6.1
pyghmi==1.0.18
py==1.11.0
pycadf==3.1.1
pycodestyle==2.10.0
pycparser==2.21
pyflakes==3.0.1
pyghmi==1.5.60
Pygments==2.14.0
pylibyaml==0.1.0
pymongo==3.6.1
pyparsing==2.2.1
python-dateutil==2.8.1
python-editor==1.0.3
python-keystoneclient==3.22.0
python-mimeparse==1.6.0
pytz==2018.5
PyYAML==5.3.1
redfish==2.0.1
pymongo==3.10.1
pyparsing==3.0.9
pyrsistent==0.19.3
pytest==6.2.5
pytest-cov==4.0.0
pytest-mock==3.10.0
python-dateutil==2.8.2
python-editor==1.0.4
python-keystoneclient==5.1.0
pytz==2023.3
PyYAML==5.4.1
redfish==3.1.9
repoze.lru==0.7
requests==2.22.0
rfc3986==1.2.0
Routes==2.4.1
setuptools==40.4.3
six==1.15.0
requests==2.23.0
requests-toolbelt==0.10.1
requests-unixsocket==0.3.0
responses==0.23.1
rfc3986==2.0.0
rich==13.3.3
Routes==2.5.1
setuptools==56.0.0
six==1.16.0
smmap==5.0.0
snowballstemmer==2.2.0
Sphinx==5.3.0
sphinxcontrib-applehelp==1.0.4
sphinxcontrib-devhelp==1.0.2
sphinxcontrib-htmlhelp==2.0.1
sphinxcontrib-jsmath==1.0.1
sphinxcontrib-qthelp==1.0.3
sphinxcontrib-serializinghtml==1.1.5
SQLAlchemy==1.2.8
statsd==3.3.0
stevedore==1.29.0
tenacity==5.0.2
statsd==4.0.1
stevedore==5.0.0
toml==0.10.2
tomli==2.0.1
types-PyYAML==6.0.12.9
ulid2==0.1.1
urllib3==1.25.9
uWSGI==2.0.15
vine==1.1.4
WebOb==1.8.2
wheel==0.31.1
wrapt==1.10.11
urllib3==1.25.11
uWSGI==2.0.21
vine==5.0.0
WebOb==1.8.7
wheel==0.38.4
wrapt==1.15.0
yapf==0.32.0
yappi==1.4.0

22
python/requirements-test.txt
View File

@ -1,13 +1,19 @@
pytest-mock==3.1.0
pytest
# tests
click==6.7
falcon==3.1.1
jsonschema==3.2.0
mock==5.0.1
pylibyaml==0.1.0
pymongo==3.10.1
pytest==6.2.5
pytest-cov
responses
mock
tox
oslo.versionedobjects[fixtures]>=1.23.0
oslo.config[fixtures]
pytest-mock
responses==0.23.1
setuptools==56.0.0
ulid2==0.1.1
# tools
yapf
flake8
bandit>=1.1.0
sphinx>=1.6.2
sphinx_rtd_theme==0.2.4

1625
python/requirements-tree.txt Normal file
View File

File diff suppressed because it is too large Load Diff

6
python/tests/postgres/start_postgres.sh
View File

@ -14,11 +14,11 @@ then
sudo docker stop 'psql_integration'
fi
sudo docker run --rm -dp 5432:5432 --name 'psql_integration' postgres:9.5
sudo docker run --rm -dp 5432:5432 --name 'psql_integration' postgres:14.6
sleep 15
docker run --rm --net host postgres:9.5 psql -h localhost -c "create user drydock with password 'drydock';" postgres postgres
docker run --rm --net host postgres:9.5 psql -h localhost -c "create database drydock;" postgres postgres
docker run --rm --net host postgres:14.6 psql -h localhost -c "create user drydock with password 'drydock';" postgres postgres
docker run --rm --net host postgres:14.6 psql -h localhost -c "create database drydock;" postgres postgres
export DRYDOCK_DB_URL="postgresql+psycopg2://drydock:drydock@localhost:5432/drydock"

5
requirements-host-test.txt
View File

@ -1,5 +0,0 @@
# These are host packages needed for Drydock
# that don't come on a minimal Ubuntu install
python-tox
docker.io|docker-ce
plantuml

12
requirements-host.txt
View File

@ -1,12 +0,0 @@
# These are host packages needed for Drydock
# that don't come on a minimal Ubuntu install
libvirt-dev
pkg-config
python3-dev
gcc
netbase
libssl-dev
python3-pip
python3-setuptools
ssh
curl

7
tools/baclient_build.sh
View File

@ -7,12 +7,7 @@ if $(uname -a | grep -q Ubuntu); then
GOPATH=$1
BUILD_DIR=$2
if [[ ! -f ./baclient_built ]]; then
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get \
-o Dpkg::Options::="--force-confdef" \
-o Dpkg::Options::="--force-confold" \
install -y --no-install-recommends golang-go
GOPATH=${GOPATH} go build -o ${BUILD_DIR}/baclient baclient
GO111MODULE=off GOPATH=${GOPATH} go build -v -o ${BUILD_DIR}/baclient baclient
else
echo "Baclient library is already built. No action."
fi

2
tools/drydock_image_build.sh
View File

@ -3,7 +3,7 @@ set -x
UBUNTU_BASE_IMAGE=${UBUNTU_BASE_IMAGE:-""}
UBUNTU_REPO=${UBUNTU_REPO:-""}
DISTRO=${DISTRO:-"ubuntu_bionic"}
DISTRO=${DISTRO:-"ubuntu_focal"}
TRUSTED_UBUNTU_REPO=${TRUSTED_UBUNTU_REPO:-"no"}
ALLOW_UNATHENTICATED=${ALLOW_UNAUTHENTICATED:-"false"}
PIP_INDEX_URL=${PIP_INDEX_URL:-""}

6
tools/drydock_image_run.sh
View File

@ -9,11 +9,11 @@ function start_db {
sudo docker stop 'psql_integration'
fi
docker run --rm -dp 5432:5432 --name 'psql_integration' postgres:9.5
docker run --rm -dp 5432:5432 --name 'psql_integration' -e POSTGRES_HOST_AUTH_METHOD=trust postgres:14.6
sleep 15
docker run --rm --net host postgres:9.5 psql -h localhost -c "create user drydock with password 'drydock';" postgres postgres
docker run --rm --net host postgres:9.5 psql -h localhost -c "create database drydock;" postgres postgres
docker run --rm --net host postgres:14.6 psql -h localhost -c "create user drydock with password 'drydock';" postgres postgres
docker run --rm --net host postgres:14.6 psql -h localhost -c "create database drydock;" postgres postgres
}
function customize_conf {

9
tools/gate/playbooks/build-charts.yaml
View File

@ -13,6 +13,15 @@
# limitations under the License.
- hosts: primary
roles:
- bindep
- ensure-docker
- ensure-python
- ensure-pip
tasks:
- name: Execute the make target to package Helm charts.
make:

19
tools/gate/playbooks/docker-image-build.yaml
View File

@ -13,6 +13,14 @@
# limitations under the License.
- hosts: primary
roles:
- bindep
- ensure-docker
- ensure-python
- ensure-pip
tasks:
- name: Debug tag generation inputs
block:
@ -40,18 +48,11 @@
debug:
var: image_tags
- name: Install Docker (Debian)
- name: Install Docker python module for ansible docker login
block:
- apt:
name: "{{ item }}"
with_items:
- docker.io
- python3-pip
- python3-setuptools
when: ansible_os_family == 'Debian'
- pip:
name: docker
version: 2.7.0
version: 4.4.4
executable: pip3
become: True

22
tools/gate/playbooks/omni_test.yaml
View File

@ -14,6 +14,16 @@
# to minimize Zuul node consumption
- hosts: primary
roles:
- bindep
- ensure-docker
- ensure-python
- ensure-pip
tasks:
- name: Execute the make target for PEP8 linting
make:
@ -41,12 +51,6 @@
target: test_baclient
become: true
register: result
- name: Execute the make target for building and running the Drydock Docker image
make:
chdir: "{{ zuul.project.src_dir }}"
target: run_drydock
register: result
become: true
- name: Setup Apparmor
shell: |
set -xe;
@ -54,3 +58,9 @@
args:
chdir: "{{ zuul.projects['opendev.org/openstack/openstack-helm-infra'].src_dir }}"
executable: /bin/bash
- name: Execute the make target for building and running the Drydock Docker image
make:
chdir: "{{ zuul.project.src_dir }}"
target: run_drydock
register: result
become: true

2
tools/helm_install.sh
View File

@ -17,7 +17,7 @@
set -x
HELM=$1
HELM_ARTIFACT_URL=${HELM_ARTIFACT_URL:-"https://get.helm.sh/helm-v2.17.0-linux-amd64.tar.gz"}
HELM_ARTIFACT_URL=${HELM_ARTIFACT_URL:-"https://get.helm.sh/helm-v3.6.3-linux-amd64.tar.gz"}
function install_helm_binary {

69
tools/helm_tk.sh
View File

@ -12,65 +12,20 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Script to setup helm-toolkit and helm dep up the shipyard chart
#
HELM=$1
HTK_REPO=${HTK_REPO:-"https://github.com/openstack/openstack-helm-infra"}
HTK_PATH=${HTK_PATH:-""}
set -eux
HTK_REPO=${HTK_REPO:-"https://opendev.org/openstack/openstack-helm-infra.git"}
HTK_STABLE_COMMIT=${HTK_COMMIT:-"f4972121bcb41c8d74748917804d2b239ab757f9"}
DEP_UP_LIST=${DEP_UP_LIST:-"drydock"}
BUILD_DIR=${BUILD_DIR:-$(mktemp -d)}
if [[ ! -z $(echo $http_proxy) ]]
then
export no_proxy=$no_proxy,127.0.0.1
fi
TMP_DIR=$(mktemp -d)
set -x
# Use ./helm as we expect this to be run in a already
# configured build directory
function helm_serve {
if [[ -d "$HOME/.helm" ]]; then
echo ".helm directory found"
else
${HELM} init --client-only --skip-refresh
fi
if [[ -z $(curl --noproxy '*' -s 127.0.0.1:8879 | grep 'Helm Repository') ]]; then
"${HELM}" serve & > /dev/null
while [[ -z $(curl --noproxy '*' -s 127.0.0.1:8879 | grep 'Helm Repository') ]]; do
sleep 1
echo "Waiting for Helm Repository"
done
else
echo "Helm serve already running"
fi
if "${HELM}" repo list | grep -q "^stable" ; then
"${HELM}" repo remove stable
fi
${HELM} repo add local http://localhost:8879/charts
{
HTK_REPO_DIR=$TMP_DIR/htk
git clone "$HTK_REPO" "$HTK_REPO_DIR"
(cd "$HTK_REPO_DIR" && git reset --hard "${HTK_STABLE_COMMIT}")
cp -r "${HTK_REPO_DIR}/helm-toolkit" charts/deps/
}
mkdir -p "$BUILD_DIR"
pushd "$BUILD_DIR"
git clone $HTK_REPO || true
pushd openstack-helm-infra/$HTK_PATH
git reset --hard "${HTK_STABLE_COMMIT}"
helm_serve
# OSH Makefile is bugged, so ensure helm is in the path
if [[ ${HELM} != "helm" ]]
then
export PATH=${PATH}:$(dirname ${HELM})
fi
make helm-toolkit
popd && popd
for c in $DEP_UP_LIST
do
${HELM} dep up charts/$c
done
rm -rf "${TMP_DIR}"

22
tox.ini
View File

@ -1,32 +1,32 @@
[tox]
envlist = py36,pep8,bandit
envlist = py38,pep8,bandit
setupdir=python/
[testenv]
setenv = YAMLDIR = {toxinidir}/python/tests/yaml_samples/
passenv = http_proxy,HTTP_PROXY,https_proxy,HTTPS_PROXY,no_proxy,NO_PROXY
deps=
-r{toxinidir}/python/requirements-lock.txt
-r{toxinidir}/python/requirements-test.txt
[testenv:venv]
basepython=python3
commands = {posargs}
[testenv:freeze]
basepython=python3
recreate = True
allowlist_externals=
rm
sh
pipdeptree
deps=
-rpython/requirements-direct.txt
-rpython/requirements-test.txt
commands=
rm python/requirements-lock.txt
rm -f python/requirements-lock.txt
sh -c "pip freeze --all | grep -vE 'drydock-provisioner|pyinotify|pkg-resources==0.0.0' > python/requirements-lock.txt"
sh -c "pipdeptree > python/requirements-tree.txt"
[testenv:yapf]
basepython=python3
allowlist_externals=find
commands=
yapf -i -r --style=pep8 {toxinidir}/python/setup.py
@ -35,7 +35,7 @@ commands=
yapf -i -r --style=pep8 {toxinidir}/python/tests
find {toxinidir}/python/drydock_provisioner -name '__init__.py' -exec yapf -i --style=pep8 \{\} ;
[testenv:py36]
[testenv:py38]
usedevelop=True
setenv=
PYTHONWARNING=all
@ -46,7 +46,6 @@ commands=
{toxinidir}/python/tests/unit/{posargs}
[testenv:integration]
basepython=python3
passenv=DOCKER_REGISTRY,IMAGE_NAME,IMAGE_PREFIX,IMAGE_TAG
setenv=
PYTHONWARNING=all
@ -57,7 +56,6 @@ commands=
{toxinidir}/python/tests/integration/postgres/{posargs}
[testenv:cover]
basepython=python3
usedevelop=True
passenv=DOCKER_REGISTRY,IMAGE_NAME,IMAGE_PREFIX,IMAGE_TAG
setenv=
@ -68,24 +66,20 @@ commands=
{toxinidir}/python/tests/unit/ {toxinidir}/python/tests/integration/postgres
[testenv:genconfig]
basepython=python3
allowlist_externals=tee
sh
commands = sh -c 'oslo-config-generator --config-file=etc/drydock/drydock-config-generator.conf | tee etc/drydock/drydock.conf.sample doc/source/_static/drydock.conf.sample'
[testenv:genpolicy]
basepython=python3
allowlist_externals=tee
sh
commands = sh -c 'oslopolicy-sample-generator --config-file etc/drydock/drydock-policy-generator.conf | tee etc/drydock/policy.yaml.sample doc/source/_static/policy.yaml.sample'
[testenv:pep8]
basepython=python3
commands = flake8 \
{posargs}
[testenv:bandit]
basepython=python3
commands = bandit -r drydock_provisioner -n 5
[flake8]
@ -94,9 +88,9 @@ exclude= venv,.venv,.git,.idea,.tox,*.egg-info,*.eggs,bin,dist,./build/,alembic/
max-line-length=119
[testenv:docs]
basepython=python3
deps=
-rdoc/requirements-doc.txt
-epython
allowlist_externals=rm
recreate=true
commands =