add-quality-check-script #20

Open

jandd wants to merge 6 commits from add-quality-check-script into main

jandd commented

2024-05-26 08:57:47 +00:00

Owner

This pull requests adds a script to check the quality of certificate signing requests and certificates recorded in the webdb database. The script uses read-only access to the database and filesystem.

Poetry is used to manage the required Python dependencies. Database access uses SQLAlchemy and the MariaDB connector/Python. The cryptography library is used to check the CSR and certificate data.

Script operation can be controlled using a set of environment variables.

Environment Variable	Usage
`DB_USER`	database user
`DB_PASSWORD`	database password
`DB_HOST`	database hostname
`DB_PORT`	database TCP port
`DB_NAME`	database name
`ROOT_CA_CERTIFICATE`	filename to the class 1 root CA certificate
`SUB_CA_CERTIFICATE`	filename to the class 3 sub CA certificate
`DEBUG`	enable debug logging

DEBUG is evaluated using the bool builtin function.

This pull requests adds a script to check the quality of certificate signing requests and certificates recorded in the webdb database. The script uses read-only access to the database and filesystem. [Poetry](https://python-poetry.org/docs/) is used to manage the required Python dependencies. Database access uses [SQLAlchemy](https://www.sqlalchemy.org/) and the [MariaDB connector/Python](https://pypi.org/project/mariadb/). The [cryptography](https://cryptography.io/en/latest/) library is used to check the CSR and certificate data. Script operation can be controlled using a set of environment variables. | Environment Variable | Usage | | --------------------- | ------------------------------------------- | | `DB_USER` | database user | | `DB_PASSWORD` | database password | | `DB_HOST` | database hostname | | `DB_PORT` | database TCP port | | `DB_NAME` | database name | | `ROOT_CA_CERTIFICATE` | filename to the class 1 root CA certificate | | `SUB_CA_CERTIFICATE` | filename to the class 3 sub CA certificate | | `DEBUG` | enable debug logging | `DEBUG` is evaluated using the [bool](https://docs.python.org/3/library/functions.html#bool) builtin function.

jandd added 3 commits 2024-05-26 08:57:48 +00:00

Start Python database tooling b3878cac77

Implement basic analyzer script ef68be8b60

Refactor and improve statistic script 52992aad46

jandd requested review from dirk 2024-05-26 08:58:00 +00:00

jandd added 1 commit 2024-05-26 09:30:33 +00:00

Format using isort and black fe02217028

bmc approved these changes 2024-05-26 22:08:10 +00:00

jandd added 1 commit 2024-06-02 11:08:18 +00:00

Switch to Python 3.9 for Debian 11 compatibilty c18f78741b

jandd added 1 commit 2024-06-02 11:22:30 +00:00

Use mariadb version compatible with Debian 11 46db965846

webdb is currently deployed on a Debian 11 system that comes with
mariadb client library version 10.5.23. The mariadb driver version broke
compatibilty in release 1.1.x. This commit ensures that versions below
1.1.x are used. This should be changed when upgrading the webdb systems
to Debian 12 or later.

dirk approved these changes 2024-06-08 20:47:26 +00:00

dirk left a comment

Owner

I'm only able to understand Python a little bit, so I don't know special details about this language ...

... but as far as I'm able to read the code, it could be installed on webdb2 (for testing) AS LONG AS THERE IS A SECOND REVIEW by a person having more/detailed python-knowledge.

(After successful testing on webdb2 with production data it could be installed on webdb1, too).

I'm only able to understand Python a little bit, so I don't know special details about this language ... ... but as far as I'm able to read the code, it could be installed on webdb2 (for testing) AS LONG AS THERE IS A SECOND REVIEW by a person having more/detailed python-knowledge. (After successful testing on webdb2 with production data it could be installed on webdb1, too).

This pull request can be merged automatically.

This branch is out-of-date with the base branch

You are not authorized to merge this pull request.

View command line instructions