From 18361b3ca86abc4fdd1735a1e79580dbe745c8cd Mon Sep 17 00:00:00 2001 From: Andreas Jaeger Date: Wed, 3 Jun 2020 20:50:39 +0200 Subject: [PATCH] Switch to newer openstackdocstheme version Switch to openstackdocstheme 2.2.1 version. Using this version will allow especially: * Linking from HTML to PDF document * Allow parallel building of documents * Fix some rendering problems Update Sphinx version as well. Change pygments_style to 'native' since old theme version always used 'native' and the theme now respects the setting and using 'sphinx' can lead to some strange rendering. openstackdocstheme renames some variables, so follow the renames before the next release removes them. A couple of variables are also not needed anymore, remove them. See also http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html Update to use openstackdocstheme, cleanup setup.cfg, tox.ini for python3. Fix build problems with newer Sphinx. Change-Id: I433dee9372af6e477d96ded8cb93bc04f85e209d --- .../barbican/newton/architecture-page.rst | 3 +- .../pike/architecture-page.rst | 3 ++ .../pike/review-findings.rst | 2 +- doc/source/conf.py | 10 +++++-- doc/source/index.rst | 8 ++++++ setup.cfg | 28 ------------------- test-requirements.txt | 4 +-- tox.ini | 7 ++--- 8 files changed, 25 insertions(+), 40 deletions(-) diff --git a/doc/source/artifacts/barbican/newton/architecture-page.rst b/doc/source/artifacts/barbican/newton/architecture-page.rst index fd63c75..21a889f 100644 --- a/doc/source/artifacts/barbican/newton/architecture-page.rst +++ b/doc/source/artifacts/barbican/newton/architecture-page.rst @@ -170,8 +170,7 @@ Data Assets: - Availability Failure Impact: barbican could no longer create new secrets without access to the queue. -- *Identity Service (keystone) Event Queue Credentials [Including endpoint -address]*: +- *Identity Service (keystone) Event Queue Credentials [Including endpoint address]*: - Integrity Failure Impact: An attacker could setup their own queue, point barbican to this rogue queue and by publishing events, delete all diff --git a/doc/source/artifacts/keystonemiddleware/pike/architecture-page.rst b/doc/source/artifacts/keystonemiddleware/pike/architecture-page.rst index 1b1337e..117de3b 100644 --- a/doc/source/artifacts/keystonemiddleware/pike/architecture-page.rst +++ b/doc/source/artifacts/keystonemiddleware/pike/architecture-page.rst @@ -68,10 +68,12 @@ Data asset impact analysis Data Assets: - *Authorization Token*: + - Integrity Failure Impact: Attacker that can capture and hijack a valid auth token can get access to anything scoped to the token. - *keystonemiddleware.conf*: + - Integrity Failure Impact: Attacker who can read the config file can gain access to the memcache encryption key, which can allow them to access and modify all cached tokens. @@ -81,6 +83,7 @@ Interfaces ~~~~~~~~~~ 1. User -> KeystoneMiddleware *[TLS]*: + - Assets in flight: keystone Token - An attacker who can successfully intercept the token can modify anything that the token is scoped to. This has potential availability impact. diff --git a/doc/source/artifacts/keystonemiddleware/pike/review-findings.rst b/doc/source/artifacts/keystonemiddleware/pike/review-findings.rst index f8ace2d..161ef27 100644 --- a/doc/source/artifacts/keystonemiddleware/pike/review-findings.rst +++ b/doc/source/artifacts/keystonemiddleware/pike/review-findings.rst @@ -26,7 +26,7 @@ keystonemiddleware security review findings - 4.17.1/pike 1. Security memcache with Pycrypto library -~~~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - Risk: Project documentation recommends use of the pycrypto library to secure memcache. Pycrypto is no longer maintained [0] with a last release made in diff --git a/doc/source/conf.py b/doc/source/conf.py index 1e26509..3e5404d 100755 --- a/doc/source/conf.py +++ b/doc/source/conf.py @@ -23,7 +23,7 @@ sys.path.insert(0, os.path.abspath('../..')) extensions = [ 'sphinx.ext.autodoc', #'sphinx.ext.intersphinx', - 'oslosphinx' + 'openstackdocstheme' ] # autodoc generation is a bit aggressive and a nuisance when doing heavy @@ -40,6 +40,11 @@ master_doc = 'index' project = u'security-analysis' copyright = u'2013, OpenStack Foundation' +# openstackdocstheme options +openstackdocs_repo_name = 'openstack/security-analysis' +openstackdocs_bug_project = 'openstack-ossg' +openstackdocs_bug_tag = '' + # If true, '()' will be appended to :func: etc. cross-reference text. add_function_parentheses = True @@ -48,7 +53,7 @@ add_function_parentheses = True add_module_names = True # The name of the Pygments (syntax highlighting) style to use. -pygments_style = 'sphinx' +pygments_style = 'native' # -- Options for HTML output -------------------------------------------------- @@ -57,6 +62,7 @@ pygments_style = 'sphinx' # html_theme_path = ["."] # html_theme = '_theme' # html_static_path = ['static'] +html_theme = 'openstackdocs' # Output file base name for HTML help builder. htmlhelp_basename = '%sdoc' % project diff --git a/doc/source/index.rst b/doc/source/index.rst index bb88860..ace539a 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -42,6 +42,14 @@ Barbican (Newton) artifacts/barbican/newton/architecture-page.rst artifacts/barbican/newton/review-findings.rst +Keystonemiddleware (Pike) +------------------------- +.. toctree:: + :maxdepth: 1 + + artifacts/keystonemiddleware/pike/architecture-page.rst + artifacts/keystonemiddleware/pike/review-findings.rst + Indices and tables ================== diff --git a/setup.cfg b/setup.cfg index 6d83736..70e7402 100644 --- a/setup.cfg +++ b/setup.cfg @@ -22,31 +22,3 @@ classifier = [files] packages = security-analysis - -[build_sphinx] -source-dir = doc/source -build-dir = doc/build -all_files = 1 - -[upload_sphinx] -upload-dir = doc/build/html - -[compile_catalog] -directory = security-analysis/locale -domain = security-analysis - -[update_catalog] -domain = security-analysis -output_dir = security-analysis/locale -input_file = security-analysis/locale/security-analysis.pot - -[extract_messages] -keywords = _ gettext ngettext l_ lazy_gettext -mapping_file = babel.cfg -output_file = security-analysis/locale/security-analysis.pot - -[pbr] -# Treat sphinx warnings as errors during the docs build; this helps us keep -# the documentation clean. -warnerrors = true - diff --git a/test-requirements.txt b/test-requirements.txt index 5a48bff..6383eda 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -2,5 +2,5 @@ # of appearance. Changing the order has an impact on the overall integration # process, which may cause wedges in the gate later. -sphinx!=1.2.0,!=1.3b1,<1.3,>=1.1.2 -oslosphinx>=2.5.0 # Apache-2.0 +sphinx>=2.0.0,!=2.1.0 # BSD +openstackdocstheme>=2.2.1 # Apache-2.0 diff --git a/tox.ini b/tox.ini index 168bd7b..a281747 100644 --- a/tox.ini +++ b/tox.ini @@ -4,22 +4,19 @@ envlist = docs skipsdist = True [testenv] +basepython = python3 usedevelop = True -install_command = pip install -U {opts} {packages} setenv = VIRTUAL_ENV={envdir} deps = -r{toxinidir}/test-requirements.txt [testenv:venv] -basepython = python3 commands = {posargs} [testenv:docs] -basepython = python3 -commands = python setup.py build_sphinx +commands = sphinx-build -W -b html -d doc/build/doctrees doc/source doc/build/html [testenv:bindep] -basepython = python3 # Do not install any requirements. We want this to be fast and work even if # system dependencies are missing, since it's used to tell you what system # dependencies are missing! This also means that bindep must be installed