Age | Commit message (Collapse) | Author | Files | Lines |
|
- create new YAML schema for PDF validation;
- add basic python script for checking a PDF against the schema;
- add bash wrapper for checking all PDFs in Pharos, to be leveraged
later via a new verify CI job;
Change-Id: I47e02642756b7a231138dec3d5258b100b4db72b
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
The Pharos git repo already has a CI verify job for `yamllint`-ing
the PDF files (check-jinja input yaml), so drop that check and keep
linting only output YAML files.
While at it, slightly rework the output log to make it easier to
read.
Change-Id: I2e47902d71514709eb48432f87d6ce68fb795d73
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
During PDF validation using `check-jinja.sh`, most if not all
encrypted strings will fail to decrypt due to missing keys on the
build server. The templater will fallback to using raw plaintext,
leading to `line too long` yamllint violations.
Since we don't care about the actual value of the unencrypted
string, replace the encrypted one with a dummy (shorter) string.
Change-Id: I0f96db0e055bf84ad43a1df4a0f2bd86cc50fd22
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
config/pdf/pod1*yaml files are not valid PDFs, but only templates.
Trying to expand said files against installer adapters would lead
to funky results, since most fields are expressed as '{val1|val2}'
in the template files.
Change-Id: Ieec4d596d0b5246aa506239183a31463951403e7
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Silence misleading warnings about failed decription for PDFs
that do not use this feature.
While at it, print yamllint version used by check-jinja.sh.
Change-Id: Ica1ff90abaee8c9bb20996899c8f0a7527133618
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
If keys do not exist, the skipping decryption python stuff doesn't
work, see:
https://build.opnfv.org/ci/job/validate-pdf-jinja2-templates-master/16/consoleFull
Still does not fallback to plain in the case of a 'bad decryption',
but the current code does not either, bad decryption is logged
in any case.
Change-Id: I8da2c7cf8568a6e77ca24cc9ce665410d93b7ba9
Signed-off-by: agardner <agardner@linuxfoundation.org>
|
|
The example configuration file in the directory pharos/config/utils/
is config.example.yaml.
Change-Id: I493274e4ddb689eb729ed642b5f495b5be0b75b0
Signed-off-by: Alex Yang <yangyang1@zte.com.cn>
|
|
On CentOS7 systems the gem command is contained in the 'rubygems'
package, not 'ruby-gems'.
After the keys have been moved, there is not reason to keep around the
'keys' directory.
Change-Id: I5cb9f474276de75b650ddf323a279e139fb62d37
Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
|
|
If eyaml is not installed or misconfigured, we should output raw
encrypted data and throw a warn/error accordingly, instead of
bailing out completely.
Needed for Fuel deploys on PODs that do not use PDF encryption, e.g.
lf-pod2.
Change-Id: I2905df11a3cf2f2eb1ab9bfd8bd88619af2cab04
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Stupid jenkins
Change-Id: Ibfd83e7dadd674cfe7d7a9c2a712ef069fb8d5de
Signed-off-by: agardner <agardner@linuxfoundation.org>
|
|
Securedlab will be going away now that we can encrypt strings
(eyaml)
we need to check jinja2 PDF templates that will be moving into pharos
This adds one pod yaml files and fixes paths in check-jinja2.sh
After this is merged I can create a jenkins job for pharos.
Then I can start moving pdf files into the pharos repo
Change-Id: I2f2f2925275de49035d7d0160249d75b25ca0d20
Signed-off-by: agardner <agardner@linuxfoundation.org>
|
|
Note: IDF data encryption is not supported. Supporting that is
trivial, but it leads to slightly more complicated code, plus it
breaks support for multiline scalar encrypted data in the PDF ('>'),
forcing us to define each encrypted value as inline string.
While at it, fix silly limitation of jinja2 path residing in a subdir
of CWD.
Change-Id: I441ec754d8b6e4aad2ed73aba0b9b18ed65f05f4
Signed-off-by: agardner <agardner@linuxfoundation.org>
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
For a given 'podN.yaml' file, check whether a file named
'idf-podN.yaml' exists in the same directory, and if it does,
pass its contents under the 'idf' dict key to the j2 template.
This assumes the contents of IDF yaml have a root 'idf' key.
Change-Id: I6c6f1b9f28c38989f8a6ed4a389c9a1da423d76d
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Previously, generate_config.py resided in securedlab git repo, but
since we want to be able to use it in both securedlab (for validation
of new PDF files during verify jobs) and installer projects (for
actually parsing the PDF file into usable installer inputs), we
decided to move it to a common location, also available for regular
users.
This change merely replicates the file from securedlab git repo.
Change-Id: I9ff7889e408338d3911853fe01b752b013de1db7
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|