Labels Milestones

add-quality-check-script #20

Open

jandd wants to merge 6 commits from add-quality-check-script into main

pull from: add-quality-check-script

merge into: cacert:main

cacert:bug-1537

cacert:bug-1562

cacert:bug-1561

cacert:bug-1560

cacert:bug-1559

cacert:main

cacert:fix/bug-1550

Conversation 0 Commits 6 Files Changed 3

jandd commented 2 months ago

Owner

This pull requests adds a script to check the quality of certificate signing requests and certificates recorded in the webdb database. The script uses read-only access to the database and filesystem.

Poetry is used to manage the required Python dependencies. Database access uses SQLAlchemy and the MariaDB connector/Python. The cryptography library is used to check the CSR and certificate data.

Script operation can be controlled using a set of environment variables.

Environment Variable	Usage
DB_USER	database user
DB_PASSWORD	database password
DB_HOST	database hostname
DB_PORT	database TCP port
DB_NAME	database name
ROOT_CA_CERTIFICATE	filename to the class 1 root CA certificate
SUB_CA_CERTIFICATE	filename to the class 3 sub CA certificate
DEBUG	enable debug logging

DEBUG is evaluated using the bool builtin function.

This pull requests adds a script to check the quality of certificate signing requests and certificates recorded in the webdb database. The script uses read-only access to the database and filesystem. [Poetry](https://python-poetry.org/docs/) is used to manage the required Python dependencies. Database access uses [SQLAlchemy](https://www.sqlalchemy.org/) and the [MariaDB connector/Python](https://pypi.org/project/mariadb/). The [cryptography](https://cryptography.io/en/latest/) library is used to check the CSR and certificate data. Script operation can be controlled using a set of environment variables. | Environment Variable | Usage | | --------------------- | ------------------------------------------- | | `DB_USER` | database user | | `DB_PASSWORD` | database password | | `DB_HOST` | database hostname | | `DB_PORT` | database TCP port | | `DB_NAME` | database name | | `ROOT_CA_CERTIFICATE` | filename to the class 1 root CA certificate | | `SUB_CA_CERTIFICATE` | filename to the class 3 sub CA certificate | | `DEBUG` | enable debug logging | `DEBUG` is evaluated using the [bool](https://docs.python.org/3/library/functions.html#bool) builtin function.

jandd added 3 commits 2 months ago

b3878cac77 Start Python database tooling

ef68be8b60 Implement basic analyzer script

52992aad46 Refactor and improve statistic script

jandd requested review from dirk 2 months ago

jandd added 1 commit 2 months ago

fe02217028 Format using isort and black

bmc approved these changes 2 months ago

jandd added 1 commit 2 months ago

c18f78741b Switch to Python 3.9 for Debian 11 compatibilty

jandd added 1 commit 2 months ago

46db965846 Use mariadb version compatible with Debian 11 ...

webdb is currently deployed on a Debian 11 system that comes with
mariadb client library version 10.5.23. The mariadb driver version broke
compatibilty in release 1.1.x. This commit ensures that versions below
1.1.x are used. This should be changed when upgrading the webdb systems
to Debian 12 or later.

dirk approved these changes 2 months ago

dirk left a comment

Owner

I'm only able to understand Python a little bit, so I don't know special details about this language ...

... but as far as I'm able to read the code, it could be installed on webdb2 (for testing) AS LONG AS THERE IS A SECOND REVIEW by a person having more/detailed python-knowledge.

(After successful testing on webdb2 with production data it could be installed on webdb1, too).

I'm only able to understand Python a little bit, so I don't know special details about this language ... ... but as far as I'm able to read the code, it could be installed on webdb2 (for testing) AS LONG AS THERE IS A SECOND REVIEW by a person having more/detailed python-knowledge. (After successful testing on webdb2 with production data it could be installed on webdb1, too).

Reviewers

bmc approved these changes 2 months ago

dirk approved these changes 2 months ago

This pull request can be merged automatically.

You are not authorized to merge this pull request.

Sign in to join this conversation.

Reviewers

Request review

No reviewers

bmc

dirk

Labels

Apply labels

Clear labels

  

bug

Something is not working   

duplicate

This issue or pull request already exists   

enhancement

New feature   

help wanted

Need some help   

invalid

Something is wrong   

question

More information is needed   

wontfix

This won't be fixed

No Label

bug

duplicate

enhancement

help wanted

invalid

question

wontfix

Milestone

Set milestone

Clear milestone

No items

No Milestone

Projects

Set Project

Clear projects

No project

Assignees

Assign users

Clear assignees

No Assignees

3 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: cacert/cacert-webdb#20

Write Preview

Loading…

Cancel

Save

There is no content yet.