new release: 0.4.2-beta

lint(minor): fix import order
new release: 0.4.1-beta
2019-10-02 21:05:51 +00:00 · 2019-10-02 21:05:37 +00:00 · 2019-10-02 21:04:16 +00:00 · 2019-10-02 21:03:39 +00:00 · 2019-10-02 22:28:58 +02:00 · 2019-10-02 22:28:39 +02:00
23 changed files with 128 additions and 65 deletions
--- a/.bumpversion.cfg
+++ b/.bumpversion.cfg
@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.3.0-beta
+current_version = 0.4.2-beta
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-(?P<release>.*)
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -27,7 +27,7 @@ create-base-image:
  before_script:
    - echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json
  script:
-    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/base.Dockerfile --destination docker.beryju.org/passbook/base:latest --destination docker.beryju.org/passbook/base:0.3.0-beta
+    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/base.Dockerfile --destination docker.beryju.org/passbook/base:latest --destination docker.beryju.org/passbook/base:0.4.2-beta
  stage: build-base-image
  only:
    refs:
@ -41,7 +41,7 @@ build-dev-image:
  before_script:
    - echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json
  script:
-    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dev.Dockerfile --destination docker.beryju.org/passbook/dev:latest --destination docker.beryju.org/passbook/dev:0.3.0-beta
+    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dev.Dockerfile --destination docker.beryju.org/passbook/dev:latest --destination docker.beryju.org/passbook/dev:0.4.2-beta
  stage: build-dev-image
  only:
    refs:
@ -63,20 +63,20 @@ migrations:
  services:
  - postgres:latest
  - redis:latest
-prospector:
-  script:
-    - prospector
-  stage: test
-  services:
-  - postgres:latest
-  - redis:latest
-pylint:
-  script:
-    - pylint passbook
-  stage: test
-  services:
-  - postgres:latest
-  - redis:latest
+# prospector:
+#   script:
+#     - prospector
+#   stage: test
+#   services:
+#   - postgres:latest
+#   - redis:latest
+# pylint:
+#   script:
+#     - pylint passbook
+#   stage: test
+#   services:
+#   - postgres:latest
+#   - redis:latest
 coverage:
  script:
    - coverage run manage.py test
@ -94,7 +94,7 @@ package-passbook-server:
  before_script:
    - echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json
  script:
-    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination docker.beryju.org/passbook/server:latest --destination docker.beryju.org/passbook/server:0.3.0-beta
+    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination docker.beryju.org/passbook/server:latest --destination docker.beryju.org/passbook/server:0.4.2-beta
  stage: build
  only:
    - tags
@ -107,7 +107,7 @@ build-passbook-static:
  before_script:
    - echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json
  script:
-    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/static.Dockerfile --destination docker.beryju.org/passbook/static:latest --destination docker.beryju.org/passbook/static:0.3.0-beta
+    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/static.Dockerfile --destination docker.beryju.org/passbook/static:latest --destination docker.beryju.org/passbook/static:0.4.2-beta
  only:
    - tags
    - /^version/.*$/
@ -124,7 +124,7 @@ package-helm:
    - curl https://raw.githubusercontent.com/helm/helm/master/scripts/get | bash
  script:
    - helm init --client-only
-    - helm dependency build helm/passbook
+    - helm dependency update helm/passbook
    - helm package helm/passbook
  artifacts:
    paths:
--- a/9
+++ b/9
@ -42,20 +42,21 @@ signxml = "*"
 urllib3 = {extras = ["secure"],version = "*"}
 websocket_client = "*"
 structlog = "*"
+uwsgi = "*"

 [requires]
 python_version = "3.7"

 [dev-packages]
+astroid = "==2.2.5"
 coverage = "*"
 isort = "*"
-pylint = "*"
-pylint-django = "*"
-prospector = "*"
+pylint = "==2.3.1"
+pylint-django = "==2.0.10"
+prospector = "==1.1.7"
 django-debug-toolbar = "*"
 bumpversion = "*"
 unittest-xml-reporting = "*"
 autopep8 = "*"
 bandit = "*"
-twine = "*"
 colorama = "*"
--- a/Pipfile.lock
+++ b/Pipfile.lock
@ -1,7 +1,7 @@
 {
    "_meta": {
        "hash": {
-            "sha256": "f8694b0ee03f99560e853fd24e9cd7ac987c757cd50249398346e42cdd98cbbb"
+            "sha256": "cd82871d9aca8cfd548a6a62856196b2211524f12fbd416dfe5218aad9471e44"
        },
        "pipfile-spec": 6,
        "requires": {
@ -777,14 +777,6 @@
            ],
            "version": "==0.3.0"
        },
-        "structlog": {
-            "hashes": [
-                "sha256:5feae03167620824d3ae3e8915ea8589fc28d1ad6f3edf3cc90ed7c7cb33fab5",
-                "sha256:db441b81c65b0f104a7ce5d86c5432be099956b98b8a2c8be0b3fb3a7a0b1536"
-            ],
-            "index": "pypi",
-            "version": "==19.1.0"
-        },
        "tempora": {
            "hashes": [
                "sha256:cb60b1d2b1664104e307f8e5269d7f4acdb077c82e35cd57246ae14a3427d2d6",
@ -958,14 +950,6 @@
            ],
            "version": "==3.0.4"
        },
-        "colorama": {
-            "hashes": [
-                "sha256:05eed71e2e327246ad6b38c540c4a3117230b19679b875190486ddd2d721422d",
-                "sha256:f8ac84de7840f5b9c4e3347b3c1eaa50f7e49c2b07596221daec5edaabbd7c48"
-            ],
-            "index": "pypi",
-            "version": "==0.4.1"
-        },
        "coverage": {
            "hashes": [
                "sha256:08907593569fe59baca0bf152c43f3863201efb6113ecb38ce7e97ce339805a6",
--- a/helm/passbook/Chart.yaml
+++ b/helm/passbook/Chart.yaml
@ -1,6 +1,6 @@
 apiVersion: v1
-appVersion: "0.3.0-beta"
+appVersion: "0.4.2-beta"
 description: A Helm chart for passbook.
 name: passbook
-version: "0.3.0-beta"
+version: "0.4.2-beta"
 icon: https://git.beryju.org/uploads/-/system/project/avatar/108/logo.png
--- a/helm/passbook/charts/postgresql-4.2.2.tgz
+++ b/helm/passbook/charts/postgresql-4.2.2.tgz
--- a/helm/passbook/charts/postgresql-6.3.10.tgz
+++ b/helm/passbook/charts/postgresql-6.3.10.tgz
--- a/helm/passbook/requirements.lock
+++ b/helm/passbook/requirements.lock
@ -1,12 +1,9 @@
 dependencies:
- name: rabbitmq
-  repository: https://kubernetes-charts.storage.googleapis.com/
-  version: 4.3.2
 - name: postgresql
  repository: https://kubernetes-charts.storage.googleapis.com/
-  version: 3.10.1
+  version: 4.2.2
 - name: redis
  repository: https://kubernetes-charts.storage.googleapis.com/
-  version: 5.1.0
-digest: sha256:8bf68bc928a2e3c0f05139635be05fa0840554c7bde4cecd624fac78fb5fa5a3
-generated: 2019-03-21T11:06:51.553379+01:00
+  version: 9.2.1
+digest: sha256:8782e974a1094eaeecf1d68f093ca4fb84977217b2bd38b09790a05ec289aec2
+generated: "2019-10-02T21:03:25.90491153Z"
--- a/helm/passbook/requirements.yaml
+++ b/helm/passbook/requirements.yaml
@ -1,6 +1,6 @@
 dependencies:
 - name: postgresql
-  version: 6.3.10
+  version: 4.2.2
  repository: https://kubernetes-charts.storage.googleapis.com/
 - name: redis
  version: 9.2.1
--- a/helm/passbook/templates/appgw-deployment.yaml
+++ b/helm/passbook/templates/appgw-deployment.yaml
@ -32,6 +32,21 @@ spec:
            - ./manage.py
          args:
            - app_gw_web
+          envFrom:
+            - configMapRef:
+                name: {{ include "passbook.fullname" . }}-config
+              prefix: PASSBOOK_
+          env:
+            - name: PASSBOOK_REDIS__PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Release.Name }}-redis"
+                  key: redis-password
+            - name: PASSBOOK_POSTGRESQL__PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Release.Name }}-postgresql"
+                  key: postgresql-password
          ports:
            - name: http
              containerPort: 8000
--- a/helm/passbook/templates/configmap.yaml
+++ b/helm/passbook/templates/configmap.yaml
@ -8,10 +8,8 @@ data:
      host: "{{ .Release.Name }}-postgresql"
      name: "{{ .Values.postgresql.postgresqlDatabase }}"
      user: postgres
-      password: "{{ .Values.postgresql.postgresqlPassword }}"
    redis:
      host: "{{ .Release.Name }}-redis-master"
-      password: "{{ .Values.redis.password }}"
      cache_db: 0
      message_queue_db: 1

--- a/helm/passbook/templates/web-deployment.yaml
+++ b/helm/passbook/templates/web-deployment.yaml
@ -31,6 +31,21 @@ spec:
            - ./manage.py
          args:
            - migrate
+          envFrom:
+            - configMapRef:
+                name: {{ include "passbook.fullname" . }}-config
+              prefix: PASSBOOK_
+          env:
+            - name: PASSBOOK_REDIS__PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Release.Name }}-redis"
+                  key: redis-password
+            - name: PASSBOOK_POSTGRESQL__PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Release.Name }}-postgresql"
+                  key: postgresql-password
          volumeMounts:
            - mountPath: /etc/passbook
              name: config-volume
@ -39,9 +54,31 @@ spec:
          image: "docker.beryju.org/passbook/server:{{ .Values.image.tag }}"
          imagePullPolicy: IfNotPresent
          command:
-            - ./manage.py
+            - uwsgi
          args:
-            - web
+            - --http 0.0.0.0:8000
+            - --wsgi-file passbook/root/wsgi.py
+            - --master
+            - --processes 24
+            - --threads 2
+            - --offload-threads 4
+            - --stats 0.0.0.0:8001
+            - --stats-http
+          envFrom:
+            - configMapRef:
+                name: {{ include "passbook.fullname" . }}-config
+              prefix: PASSBOOK_
+          env:
+            - name: PASSBOOK_REDIS__PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Release.Name }}-redis"
+                  key: redis-password
+            - name: PASSBOOK_POSTGRESQL__PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Release.Name }}-postgresql"
+                  key: postgresql-password
          ports:
            - name: http
              containerPort: 8000
--- a/helm/passbook/templates/worker-deployment.yaml
+++ b/helm/passbook/templates/worker-deployment.yaml
@ -32,6 +32,21 @@ spec:
            - ./manage.py
          args:
            - worker
+          envFrom:
+            - configMapRef:
+                name: {{ include "passbook.fullname" . }}-config
+              prefix: PASSBOOK_
+          env:
+            - name: PASSBOOK_REDIS__PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Release.Name }}-redis"
+                  key: redis-password
+            - name: PASSBOOK_POSTGRESQL__PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Release.Name }}-postgresql"
+                  key: postgresql-password
          ports:
            - name: http
              containerPort: 8000
--- a/helm/passbook/values.yaml
+++ b/helm/passbook/values.yaml
@ -5,7 +5,7 @@
 replicaCount: 1

 image:
-  tag: 0.3.0-beta
+  tag: 0.4.2-beta

 nameOverride: ""

--- a/passbook/init.py
+++ b/passbook/init.py
@ -1,2 +1,2 @@
 """passbook"""
-__version__ = '0.3.0-beta'
+__version__ = '0.4.2-beta'
--- a/passbook/core/models.py
+++ b/passbook/core/models.py
@ -17,6 +17,7 @@ from structlog import get_logger

 from passbook.core.signals import password_changed
 from passbook.lib.models import CreatedUpdatedModel, UUIDModel
+from passbook.policy.exceptions import PolicyException

 LOGGER = get_logger(__name__)

@ -245,7 +246,7 @@ class Policy(UUIDModel, CreatedUpdatedModel):

    def passes(self, user: User) -> PolicyResult:
        """Check if user instance passes this policy"""
-        raise NotImplementedError()
+        raise PolicyException()

 class FieldMatcherPolicy(Policy):
    """Policy which checks if a field of the User model matches/doesn't match a
--- a/passbook/core/nginx.conf
+++ b/passbook/core/nginx.conf
@ -39,7 +39,7 @@ http {
        gzip on;
        gzip_types application/javascript image/* text/css;
        gunzip on;
-        add_header X-passbook-Version 0.3.0-beta;
+        add_header X-passbook-Version 0.4.2-beta;
        add_header Vary X-passbook-Version;
        root /static/;

--- a/passbook/policy/engine.py
+++ b/passbook/policy/engine.py
@ -58,6 +58,9 @@ class PolicyEngine:
                LOGGER.debug("Taking result from cache for %s", policy.pk.hex)
                cached_policies.append(cached_policy)
            else:
+                LOGGER.debug("Looking up real class of policy...")
+                # TODO: Rewrite this to lookup all policies at once
+                policy = Policy.objects.get_subclass(pk=policy.id)
                LOGGER.debug("Evaluating policy %s", policy.pk.hex)
                our_end, task_end = Pipe(False)
                task = PolicyTask()
--- a/passbook/policy/exceptions.py
+++ b/passbook/policy/exceptions.py
@ -0,0 +1,4 @@
+"""policy exceptions"""
+
+class PolicyException(Exception):
+    """Exception that should be raised during Policy Evaluation, and can be recovered from."""
--- a/passbook/policy/task.py
+++ b/passbook/policy/task.py
@ -5,7 +5,8 @@ from typing import Any, Dict

 from structlog import get_logger

-from passbook.core.models import Policy, User
+from passbook.core.models import Policy, PolicyResult, User
+from passbook.policy.exceptions import PolicyException

 LOGGER = get_logger(__name__)

@ -27,7 +28,11 @@ class PolicyTask(Process):
            setattr(self.user, key, value)
        LOGGER.debug("Running policy `%s`#%s for user %s...", self.policy.name,
                     self.policy.pk.hex, self.user)
-        policy_result = self.policy.passes(self.user)
+        try:
+            policy_result = self.policy.passes(self.user)
+        except PolicyException as exc:
+            LOGGER.debug(exc)
+            policy_result = PolicyResult(False, str(exc))
        # Invert result if policy.negate is set
        if self.policy.negate:
            policy_result = not policy_result
--- a/passbook/root/settings.py
+++ b/passbook/root/settings.py
@ -100,7 +100,8 @@ REST_FRAMEWORK = {
 CACHES = {
    "default": {
        "BACKEND": "django_redis.cache.RedisCache",
-        "LOCATION": f"redis://{CONFIG.y('redis.host')}:6379/{CONFIG.y('redis.cache_db')}",
+        "LOCATION": (f"redis://:{CONFIG.y('redis.password')}@{CONFIG.y('redis.host')}:6379"
+                     f"/{CONFIG.y('redis.cache_db')}"),
        "OPTIONS": {
            "CLIENT_CLASS": "django_redis.client.DefaultClient",
        }
--- a/passbook/root/wsgi.py
+++ b/passbook/root/wsgi.py
@ -12,6 +12,6 @@ import os
 from django.core.wsgi import get_wsgi_application
 from sentry_sdk.integrations.wsgi import SentryWsgiMiddleware

-os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'passbook.settings')
+os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'passbook.root.settings')

 application = SentryWsgiMiddleware(get_wsgi_application())
--- a/static.Dockerfile
+++ b/static.Dockerfile
@ -1,11 +1,13 @@
-FROM docker.beryju.org/passbook/dev:latest as static-build
+FROM docker.beryju.org/passbook/dev as static-build

 COPY ./passbook/ /app/passbook
 COPY ./manage.py /app/
-COPY ./requirements.txt /app/

 WORKDIR /app/

+ENV PASSBOOK_POSTGRESQL__USER=passbook
+# CI Password, same as in .gitlab-ci.yml
+ENV PASSBOOK_POSTGRESQL__PASSWORD="EK-5jnKfjrGRm<77"
 RUN ./manage.py collectstatic --no-input

 FROM nginx:latest
Author	SHA1	Message	Date
Jens Langhammer	f58bc61999	new release: 0.4.2-beta	2019-10-02 21:05:51 +00:00
Jens Langhammer	fb8ccc0283	lint(minor): fix import order	2019-10-02 21:05:37 +00:00
Jens Langhammer	c38012f147	new release: 0.4.1-beta	2019-10-02 21:04:16 +00:00
Jens Langhammer	3676ff21c2	helm(minor): use postgres 4.2.2	2019-10-02 21:03:39 +00:00
Jens Langhammer	920e705d75	policy(minor): lookup correct policy subclass	2019-10-02 22:28:58 +02:00
Jens Langhammer	de0b137b1e	policy(minor): improve error handling	2019-10-02 22:28:39 +02:00
Jens Langhammer	d44ac6e2a3	static(minor): fix build path for static image	2019-10-02 22:16:48 +02:00
Jens Langhammer	71039a4012	helm(minor): fix p2 to passbook	2019-10-02 22:16:32 +02:00
Langhammer, Jens	8745ac7932	new release: 0.4.0-beta	2019-10-01 17:01:30 +02:00
Langhammer, Jens	7f70048423	ci(minor): disable pylint since its currently broken upstream	2019-10-01 16:53:09 +02:00
Langhammer, Jens	97dbfc8885	req(minor): fix dependency issue by downgrading prospector	2019-10-01 15:54:29 +02:00
Langhammer, Jens	149ea22a93	k8s(minor): switch to uwsgi	2019-10-01 15:43:06 +02:00
Langhammer, Jens	404ed5406d	k8s(minor): remove passwords from configmap	2019-10-01 15:42:55 +02:00
Langhammer, Jens	b8656858ec	k8s(minor): load secrets as env vars	2019-10-01 15:42:14 +02:00
Langhammer, Jens	6b0f0e8993	deploy(minor): use 5.x postgresql chart for psql 10.x	2019-10-01 15:33:43 +02:00
Langhammer, Jens	aec1ccd88d	root(minor): fix redis password not being loaded	2019-10-01 15:30:35 +02:00
Langhammer, Jens	bee5c200b6	docker(minor): fix static build failing	2019-10-01 15:30:22 +02:00