Commit Graph

31 Commits

Author SHA1 Message Date
lhinds 93aacb43e6 Retiring Project
http://lists.openstack.org/pipermail/openstack-sigs/2018-August/000481.html

Depends-On: 90ca23f2ef5bf2cfdaf63552a7d8d8be325a03e6

Change-Id: I9ebc8cfcbb8906e9c4e1fd9e91205fe364bdc3c9
2018-08-28 09:41:53 +01:00
Jenkins b050019661 Merge "Anchor can now be installed and invoked as simply "anchor"" 2017-02-20 14:24:49 +00:00
Eric Brown 1eb0157271 Remove references to Python 3.4
Now that there exists only a gate job for Python 3.5 and not 3.4,
we should remove those references to the 3.4 that is untested.

Change-Id: I03caf829a7b1a07345bb29f07629c575fdab22a9
2017-01-09 10:02:45 -08:00
Jenkins e54e491393 Merge "Anchor is source-only, so build common py2/py3 wheel" 2016-12-21 04:15:33 +00:00
Tim Kelsey ef2160e82e Anchor can now be installed and invoked as simply "anchor"
This installs stuff in the right places to run anchor from the
included startup scripts. The config is installed into /etc/anchor

This will work from within a venv or without.

The anchor config.py file has been moved into the project package
so that it will install with the other stuff. Eventually we should
strip it out as much as possible and move the details into the JSON
file.

Change-Id: Iffaa7669ce8118fbd41011f9e965704c2ad51b44
2016-09-08 17:00:37 +00:00
Eric Brown 5066629ada Add Python 3.5 classifier and venv
Now that there is a passing gate job, we can claim support for
Python 3.5 in the classifier. This patch also adds the convenience
py35 venv.

Change-Id: If31d87617e59c1fd59da183ac56148d32ef54b6d
2016-07-09 22:35:04 -07:00
Jenkins a49fdbf87d Merge "Clean up validator lists" 2016-02-23 11:44:56 +00:00
Jenkins 639ab9cd99 Merge "Add the PKCS11-based signing backend" 2016-02-23 11:13:19 +00:00
Jenkins 737d1efc57 Merge "Refactor the signing backends" 2016-02-23 11:12:11 +00:00
Stanisław Pitucha 7a85d86f7c Install sample configuration into etc/anchor
Change-Id: Id10936468d7f3932e1b4b0c0def386a17310cbb0
Partial-Bug: #1548610
2016-02-23 16:56:55 +11:00
Stanisław Pitucha 65621def14 Clean up validator lists
Move signature validation to standards validators. Remove old validator entries
from the setup.cfg.

Partial-Bug: #1548610
Change-Id: I667b0ad1a49766c2df09489ea3a11e0e77bc4333
2016-02-23 04:53:26 +00:00
Stanisław Pitucha a1d7e9a9a5 Anchor is source-only, so build common py2/py3 wheel
Partial-Bug: #1548610
Change-Id: Ic5c89f79e5d7bd0c758593ffb074f5e6d7efc71d
2016-02-23 04:51:44 +00:00
Stanisław Pitucha 524a4cef34 Add the PKCS11-based signing backend
Change-Id: I576a6837f2239d4e82baaacc68342a897db07f1d
2016-02-19 13:09:27 +11:00
Stanisław Pitucha d0fa9b519d Refactor the signing backends
Prepare for new signing backend implementations which reuse the existing
functionality. This abstracts most of the current signing function, so that the
signature generation itself can be replaced.

Change-Id: I99a28f4bcb08f010f397faf49e23276672977bc1
2016-02-19 13:09:25 +11:00
Eric Brown 90098c48ba Convert docs from md to rst
This patches converts the README and other files  to rst since that
is the widely accepted format versus markdown.

Change-Id: I68782f37d7339d7d26772a9f9e23a80debe159d0
2016-01-30 16:52:16 -08:00
Stanisław Pitucha 8644dc5834 Add better names validator and deprecate older one
Previous name validators have multiple issues. They do not prevent
unknown entires from passing through. They require repeating rules for
various name locations (cn, san). They also disregard wildcards when
matching only the suffix. The inflexible configuration also makes
specific validators like server_group required.

The new validator whitelist_names solves all those issues and allows to
deprecate old validators.

Implements: blueprint validator-improvement

Change-Id: Id31889f735eb34323f21a91d68a50602351f6611
2015-11-05 16:28:06 +11:00
Stanisław Pitucha c6cb4d9b3d Remove bad ca_status validator. Always reject CA
Remove a validator which has been marked for an update for some time.
CA certificate signing should not be handled by Anchor at all.

Change-Id: Ib13a0ca3445956e35c23c559f59f37e6721c1a33
Closes-bug: 1508776
2015-10-30 14:00:32 +11:00
Stanisław Pitucha cb86576afa Move validators to separate modules
Separate the utils function so they can be used from other places
without circular dependencies.

Change-Id: I57b1a28926e67077c3d2207cdefabdb57692941a
2015-09-28 14:32:59 +01:00
Jenkins 580d6edcce Merge "Add rfc based validators" 2015-09-28 12:24:37 +00:00
Jenkins e5f4233141 Merge "Add fixup enforcing SAN extension" 2015-09-28 12:23:02 +00:00
Stanisław Pitucha b48f43e146 Add EKU extension validator
Add a validator for the extended key usage, matching the existing key
usage one.

Change-Id: I10efc01cabf3a63adce95f2a3a2b615070d84e2b
2015-09-24 10:24:40 +10:00
Stanisław Pitucha 29552eb45f Add rfc based validators
Add a validator which collects various standard format/behaviour tests.
These are not user-configurable and any valid request failing them is a
bug in Anchor.

All checks reference the document where they're defined.

Closes-bug: 1476877
Partial-bug: 1476875
Change-Id: I208685d8d7cde40ed5294e7235d64ca17617c094
2015-09-21 12:21:05 +10:00
Stanisław Pitucha 81264fb9bb Add fixup enforcing SAN extension
Fixup to make sure that if we have a CN, we have a matching SAN entry.

Change-Id: Ic37a053d909f2411e8f08acfa7cf9606a6316e58
Closes-bug: 1401580
2015-09-21 12:19:04 +10:00
Jenkins 2bd9477ea2 Merge "Remove old validator" 2015-09-19 12:01:41 +00:00
Robert Clark 6040112312 Changes to allow sphinx to build correctly
This should allow our documentation to post to
http://docs.openstack.org/developer/anchor

Running locally both pass:
python setup.py build_sphinx
tox -e venv python setup.py build_sphinx

"tox -e docs" still works and you can run
that if you desire.

"tox -e venv python setup.py build_sphinx"
is what's required to work by infra so that
documentation can be built upstream and
published to the developer documentation pages.
It also allows the documentation jobs to run in
the gate so that documentation is built at
review time.

Change-Id: If67961a1b68223ed4ca002037cb7e8c6a51fbe3e
2015-09-04 08:48:44 -07:00
Stanisław Pitucha d47079ad84 Remove old validator
Validator check_network_strict doesn't exist anymore.

Change-Id: I2b6eafc556355cf77625e63de0b210bb28a68c88
2015-09-04 15:00:19 +10:00
Stanisław Pitucha 97418019e4 Move all plugins to stevedore
Move validators and authentication to stevedore backend.  There should be no
impact on normal usage. Configuration also remains the same.

Change-Id: Iea2e772efe240656c2824e36e860d8ce5147551e
2015-08-20 11:56:41 +10:00
Stanisław Pitucha 8e19fc9e9c Allow configurable signing backends
Make the signing backends configurable and expose the local implementation as a
default option.

Change-Id: I4d4fc649c9539d90d02b0e4d6888f79958a670da
2015-08-20 11:56:39 +10:00
Stanisław Pitucha 99b20074fc Update package description to include py3
Change-Id: I0de1a9258184f5eaf1da0259c70616c1008b6f3e
2015-08-04 17:16:06 +10:00
Eric Brown 87e40cc0f7 Clean up nits in setup.cfg
- The author should be OpenStack Security Group
- Remove Python 3 support until a jenkins job for it is enabled

Change-Id: I1a26a21c2d27c4b502ae37ae8ffae032aea61f4c
2015-03-27 12:11:49 -07:00
Tim Kelsey 9eada1323e Bringing Anchor project setup inline with OpenStack
- Adding scaffolding for testing (PEP8 mostly disabled for now)
- Adding requirments lists

Change-Id: I7b585a1e30c473df089ba508099af159e432cc78
2015-01-08 14:20:38 +00:00