+ * xref:index.adoc[Developer Guide]

+ ** xref:getting-started.adoc[Getting Started]

+ ** xref:dev-environment.adoc[Development Environment]

+ ** xref:documentation.adoc[Documentation]

+ ** xref:code-style.adoc[Code Style]

+ ** xref:frameworks.adoc[Frameworks and Tools]

+ ** xref:db.adoc[Databases]

+ ** xref:writing-tests.adoc[Tests]

+ ** xref:auth.adoc[Authentication]

+ ** xref:fedmsg.adoc[fedmsg]

+ ** xref:messaging.adoc[Messaging]

+ ** xref:sops.adoc[Developing Standard Operating Procedures]

+ ** xref:source_control.adoc[Source Control]

+ ** xref:openshift.adoc[Openshift]

+ ** xref:security_policy.adoc[Fedora Infrastructure Application Security Policy]

+ == Authentication

+ 

+ Fedora applications that require authentication should support, at a

+ minimum, authentication against https://ipsilon-project.org/[Ipsilon].

+ Ipsilon is an Identity Provider that uses a separate Identity Management

+ system to perform authentication. In Fedora, Ipsilon is currently backed

+ by the https://admin.fedoraproject.org/accounts/[Fedora Account System].

+ In the future, it will be backed by http://www.freeipa.org/[FreeIPA].

+ 

+ Ipsilon supports

+ https://openid.net/specs/openid-authentication-2_0.html[OpenID 2.0],

+ https://openid.net/connect/[OpenID Connect],

+ https://tools.ietf.org/html/rfc6749[OAuth 2.0], and more.

+ 

+ === Authentication

+ 

+ All new applications should use OpenID Connect for user authentication.

+ 

+ [NOTE]

+ .Note

+ ====

+ Many existing applications use OpenID 2.0 and should eventually migrate

+ to OpenID Connect.

+ ====OpenID Connect is an authentication layer built on top of OAuth 2.0

+ so to understand OpenID Connect you should first be familiar with OAuth

+ 2.0 and its various flows prior to learning about OpenID Connect.

+ 

+ When requesting an access token in OAuth 2.0, clients are allowed to

+ specify the https://tools.ietf.org/html/rfc6749#section-3.3[scope] of

+ the access token. This scope indicates what the token is allowed to be

+ used for. In most cases, your application should require a scope or

+ scopes of its own so users can issue access tokens that can only be used

+ with a particular application. To do so, consult the

+ https://fedoraproject.org/wiki/Infrastructure/Authentication[Authentication

+ Wiki page].

+ 

+ [WARNING]

+ .Warning

+ ====

+ OpenID Connect

+ https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest[requires

+ that the "openid" scope is requested]. Failing to do so will result in

+ undefined behavior. In the case of Ipsilon, you won't have access to the

+ UserInfo or recieve an ID token.

+ ======= Libraries

+ 

+ ==== OAuthLib

+ 

+ https://oauthlib.readthedocs.io/[OAuthLib] is a low-level implementation

+ of OAuth 2.0 with OpenID Connect support. It does not tie itself to a

+ HTTP request framework. Typically, you will only use this library

+ indirectly. If you are investigating this library, note that it is a

+ library for both OAuth clients and OAuth providers. You will be most

+ interested in the

+ https://oauthlib.readthedocs.io/en/latest/oauth2/clients/client.html[OAuth

+ client] sub-package.

+ 

+ ==== Requests-OAuthlib

+ 

+ https://requests-oauthlib.readthedocs.io/[Requests-OAuthlib] uses the

+ http://docs.python-requests.org/[Requests] library with OAuthLib to

+ provide an easy-to-use interface for OAuth 2.0 clients. If you need to

+ add support to an application that doesn't have an extension for

+ OAuthLib, you should use this library.

+ 

+ ==== Flask-OAuthlib

+ 

+ https://flask-oauthlib.readthedocs.io/en/latest/[Flask-OAuthlib] is a

+ Flask extension that builds on top of Requests-OAuthlib. It comes with

+ plenty of examples in the

+ https://github.com/lepture/flask-oauthlib/tree/master/example[examples]

+ directory of the repository. Flask applications within Fedora

+ Infrastructure should use this extension unless there is a good reason

+ not to (and that reason is documented here).

+ 

+ ==== Pyramid-OAuthLib

+ 

+ https://github.com/tilgovi/pyramid-oauthlib[Pyramid-OAuthLib] is a

+ Pyramid extension that uses OAuthlib. It does not appear to be actively

+ maintained, but it is a reasonable starting point for our few Pyramid

+ applications.

+ 

+ ==== Flask-OIDC

+ 

+ link:#flask-oidc[Flask-OIDC] is a Flask extension.

+ 

+ ==== Mozilla-Django-OIDC

+ 

+ https://github.com/mozilla/mozilla-django-oidc[Mozilla-Django-OIDC] is a

+ Django extension for OpenID Connect.

+ == Code Style

+ 

+ We attempt to maintain a consistent coding style across projects so

+ contributors do not have to keep dozens of different styles in their

+ head as they move from project to project.

+ 

+ === Python

+ 

+ We follow the https://www.python.org/dev/peps/pep-0008/[PEP8] style

+ guide for Python. Projects should make it easy to check new code for

+ PEP8 violations preferably by

+ https://pypi.python.org/pypi/flake8[flake8]. It is up to the individual

+ project to choose an enforcement method, but it should be clearly

+ documented and continuous integration tests should ensure code is

+ correctly styled before merging pull requests.

+ 

+ [NOTE]

+ .Note

+ ====

+ There are a few PEP8 rules which will vary from project to project. For

+ example, the maximum line length might vary. The test suite should

+ enforce this.

+ ======== Enforcement

+ 

+ Projects should automatically enforce code style. How a project does so

+ is up to the maintainers, but several good options are documented here.

+ 

+ ===== Tox

+ 

+ `tox-config` is an excellent way to test style. `flake8` looks in, among

+ other places, `tox.ini` for its configuration so if you're already using

+ tox this is a good place to place your configuration. For example,

+ adding the following snippet to your `tox.ini` file will run `flake8` as

+ part of your test suite:

+ 

+ ....

+ [testenv:lint]

+ deps =

+     flake8 > 3.0

+ commands =

+     python -m flake8 {posargs}

+ 

+ [flake8]

+ show-source = True

+ max-line-length = 100

+ exclude = .git,.tox,dist,*egg

+ ....

+ 

+ ===== Unit Test

+ 

+ If you're not using `tox`, you can add a unit test to your test suite:

+ 

+ ....

+ """This module runs flake8 on a subset of the code base"""

+ import os

+ import subprocess

+ import unittest

+ 

+ # Adjust this as necessary to ensure REPO_PATH resolves to the root of your

+ # repository.

+ REPO_PATH = os.path.abspath(os.path.dirname(os.path.join(os.path.dirname(__file__), '../')))

+ 

+ class TestStyle(unittest.TestCase):

+     """Run flake8 on the repository directory as part of the unit tests."""

+ 

+     def test_code_with_flake8(self):

+         """Assert the code is PEP8-compliant"""

+ 

+         # enforced_paths = [

+         #     'mypackage/pep8subpackage/',

+         #     'mypackage/a_module.py',

+         # ]

+         # enforced_paths = [os.path.join(REPO_PATH, p) for p in enforced_paths]

+ 

+         # If your entire codebase is not already PEP8 compliant, you can enforce

+         # the style incrementally using ``enforced_paths``.

+         #

+         # flake8_command = ['flake8', '--max-line-length', '100'] + enforced_paths

+         flake8_command = ['flake8', '--max-line-length', '100', REPO_PATH]

+ 

+         self.assertEqual(subprocess.call(flake8_command), 0)

+ 

+ 

+ if __name__ == '__main__':

+     unittest.main()

+ ....

+ 

+ ==== Auto formatting

+ 

+ The https://black.readthedocs.io/[Black] tool is an automatic code

+ formatter for Python. From the website:

+ 

+ ____

+ By using Black, you agree to cede control over minutiae of

+ hand-formatting. In return, Black gives you speed, determinism, and

+ freedom from pycodestyle nagging about formatting. You will save time

+ and mental energy for more important matters.

+ 

+ Black makes code review faster by producing the smallest diffs possible.

+ Blackened code looks the same regardless of the project you’re reading.

+ Formatting becomes transparent after a while and you can focus on the

+ content instead.

+ ____

+ 

+ Your text editor is very likely to have a plugin to run Black on file

+ saving. The documentation has instructions to set it up in Vim and in VS

+ Code (and in Emacs).

+ 

+ You can check that your code is properly formatted according to Black's

+ settings by adding the following snippet to your `tox.ini` file:

+ 

+ ....

+ [testenv:format]

+ deps =

+     black

+ commands =

+     python -m black --check {posargs:.}

+ ....

+ 

+ Remember to add `format` to your Tox `envlist`.

+ 

+ === Javascript

+ 

+ Javascript files should be formatted using the

+ https://prettier.io/[prettier] code formatter. It has support for many

+ editors and can integrate with ESLint to check the code automatically.

+ == Databases

+ 

+ We use PostgreSQL throughout Fedora Infrastructure.

+ 

+ === Bi-directional Replication

+ 

+ http://bdr-project.org/docs/stable/index.html[Bi-directional

+ replication] (BDR) is a project that adds asynchronous multi-master

+ logical replication to PostgreSQL. Fedora has a PostgreSQL deployment

+ with BDR enabled. In Fedora, only one master is written to at any time.

+ 

+ Applications are not required to use the BDR-enabled database, but it is

+ encouraged since it provides redundancy and more flexibility for the

+ system administrators.

+ 

+ Applications need to take several things into account when considering

+ whether or not to use BDR.

+ 

+ ==== Primary Keys

+ 

+ All tables need to have primary keys.

+ 

+ ==== Conflicts

+ 

+ BDR does not use any consensus algorithm or locking between nodes so

+ writing to multiple masters can result in

+ http://bdr-project.org/docs/stable/conflicts.html[conflicts]. There are

+ several types of conflicts that can occur, and applications should

+ carefully consider each one and be prepared to handle them. Some

+ conflicts are handled automatically, while others can result in a

+ deadlock that requires manual intervention.

+ 

+ ==== Global DDL Lock

+ 

+ BDR uses a

+ link:bdr-project.org/docs/stable/ddl-replication-advice.html[global DDL

+ lock] (across all PostgreSQL nodes) for DDL changes, which applications

+ must explicitly acquire prior to emitting DDL statements.

+ 

+ This can be done in Alembic by modifying the `run_migrations_offline`

+ and `run_migrations_online` functions in `env.py` to emit the SQL when

+ connecting to the database. An example of the `run_migrations_offline`:

+ 

+ ....

+ def run_migrations_offline():

+     """Run migrations in 'offline' mode.

+ 

+     This requires a configuration options since it's not known whether the

+     target database is a BDR cluster or not. Alternatively, you can simply

+     add the SQL to the script manually and not bother with a setting.

+     """

+     url = config.get_main_option("sqlalchemy.url")

+     context.configure(url=url)

+ 

+     with context.begin_transaction():

+         # If the configuration indicates this script is for a Postgres-BDR database,

+         # then we need to acquire the global DDL lock before migrating.

+         postgres_bdr = config.get_main_option('offline_postgres_bdr')

+         if postgres_bdr is not None and postgres_bdr.strip().lower() == 'true':

+             _log.info('Emitting SQL to allow for global DDL locking with BDR')

+             context.execute('SET LOCAL bdr.permit_ddl_locking = true')

+         context.run_migrations()

+ ....

+ 

+ An example of the `run_migrations_online` function:

+ 

+ ....

+ def run_migrations_online():

+     """Run migrations in 'online' mode.

+ 

+     This auto-detects when it's run against a Postgres-BDR system.

+     """

+     engine = engine_from_config(

+         config.get_section(config.config_ini_section),

+         prefix='sqlalchemy.',

+         poolclass=pool.NullPool)

+ 

+     connection = engine.connect()

+     context.configure(

+         connection=connection,

+         target_metadata=target_metadata)

+ 

+     try:

+         try:

+             connection.execute('SHOW bdr.permit_ddl_locking')

+             postgres_bdr = True

+         except exc.ProgrammingError:

+             # bdr.permit_ddl_locking is an unknown option, so this isn't a BDR database

+             postgres_bdr = False

+         with context.begin_transaction():

+             if postgres_bdr:

+                 _log.info('Emitting SQL to allow for global DDL locking with BDR')

+                 connection.execute('SET LOCAL bdr.permit_ddl_locking = true')

+             context.run_migrations()

+     finally:

+         connection.close()

+ ....

+ 

+ Be aware that long-running migrations will hold the global lock for the

+ entire migration and while the global lock is held by a node, no other

+ nodes may perform any DDL or make any changes to rows.

+ 

+ ==== DDL Restrictions

+ 

+ BDR has a set of

+ http://bdr-project.org/docs/stable/ddl-replication-statements.html#DDL-REPLICATION-PROHIBITED-COMMANDS[DDL

+ Restrictions]. Some of the restrictions are easily worked around by

+ performing the task in several steps, while others are simply not

+ available.

+ == Development Environment

+ 

+ In order to make contributing easy, all projects should have an

+ automated way to create a development environment. This might be as

+ simple as a Python virtual environment, or it could be a virtual machine

+ or container. This document provides guidelines for setting up

+ development environments.

+ 

+ === Ansible

+ 

+ link:#ansible[Ansible] is used throughout Fedora Infrastructure to

+ automate tasks. If the project requires anything more than a Python

+ virtual environment to be set up, you should use Ansible to automate the

+ setup.

+ 

+ === Vagrant

+ 

+ link:#vagrant[Vagrant] is a tool to provision virtual machines. It

+ allows you to define a base image (called a "box"), virtual machine

+ resources, network configuration, directories to share between the host

+ and guest machine, and much more. It can be configured to use

+ link:[libvirt] to provision the virtual machines.

+ 

+ You can install link:#vagrant[Vagrant] on a Fedora host with:

+ 

+ ....

+ $ sudo dnf install libvirt vagrant vagrant-libvirt vagrant-sshfs

+ ....

+ 

+ You can combine your link:[Ansible playbook] with link:#vagrant[Vagrant]

+ very easily. Simply point Vagrant to your Ansible playbook and it will

+ run it. Users who would prefer to provision their virtual machines in

+ some other way are free to do so and only need to run the Ansible

+ playbook on their host.

+ 

+ [NOTE]

+ ====

+ How a project lays out its development-related content is up to the

+ individual project, but a good approach is to create a `devel`

+ directory. Within that directory you can create an `ansible` directory

+ and use the layout suggested in the link:[Ansible roles] documentation.

+ ====

+ 

+ Below is a Vagrantfile that provisions a Fedora 25 virtual machine,

+ updates it, and runs an Ansible playbook on it. You can place it in the

+ root of your repository as `Vagrantfile.example` and instruct users to

+ copy it to `Vagrantfile` and customize as they wish.

+ 

+ [source,ruby]

+ ----

+ # -*- mode: ruby -*-

+ # vi: set ft=ruby :

+ #

+ # Copy this file to ``Vagrantfile`` and customize it as you see fit.

+ 

+ VAGRANTFILE_API_VERSION = "2"

+ 

+ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|

+  # If you'd prefer to pull your boxes from Hashicorp's repository, you can

+  # replace the config.vm.box and config.vm.box_url declarations with the line below.

+  #

+  # config.vm.box = "fedora/25-cloud-base"

+  config.vm.box = "f25-cloud-libvirt"

+  config.vm.box_url = "https://download.fedoraproject.org/pub/fedora/linux/releases"\

+                      "/25/CloudImages/x86_64/images/Fedora-Cloud-Base-Vagrant-25-1"\

+                      ".3.x86_64.vagrant-libvirt.box"

+ 

+  # Forward traffic on the host to the development server on the guest.

+  # You can change the host port that is fo

+ ----

+ == Documentation

+ 

+ Since Fedora contributors live around the world and don't often have the

+ opportunity to meet in person, it's important to maintain up-to-date

+ high quality documentation for all our projects. Our preferred

+ documentation tool is http://www.sphinx-doc.org/[Sphinx]. In fact, this

+ documentation is written using http://www.sphinx-doc.org/[Sphinx]!

+ 

+ A project's documentation should at a minimum contain:

+ 

+ * An introduction to the project

+ * A user guide

+ * A contributor guide

+ * API documentation.

+ 

+ The easiest way to maintain up-to-date documentation is to include the

+ majority of the documentation in the code itself.

+ http://www.sphinx-doc.org/[Sphinx] includes several extensions to turn

+ Python documentation into HTML pages.

+ 

+ [NOTE]

+ .Note

+ ====

+ Improving documentation is a great way to get involved in a project.

+ When adding new documentation or cleaning up existing documentation,

+ please follow the guidelines below.

+ ======= Style

+ 

+ Sphinx supports three different documentation styles. By default, Sphinx

+ expects ReStructuredText. However, it has included an extension to

+ support the

+ http://www.sphinx-doc.org/en/1.5.2/ext/example_google.html[Google style]

+ and the http://www.sphinx-doc.org/en/1.5.2/ext/example_numpy.html[NumPy

+ style] since version 1.3. The style of the documentation blocks is left

+ up to the individual project, but it should document the choice and be

+ consistent.

+ 

+ === Introduction

+ 

+ The project introduction should be easy to find - preferably it should

+ be the documentation's index page. It should provide an overview of the

+ project and should be easy for a complete new-comer to understand.

+ 

+ === User Guide

+ 

+ Have a clear user guide that covers most, if not all, features of the

+ project as well as potential use cases. Keep in mind that your users may

+ be non-technical as well as technical. Some users will want to use the

+ project's web interface, while others are interested in the API and the

+ documentation should make it easy for both types of users to find the

+ documentation for them.

+ 

+ === Contributor Guide

+ 

+ Documenting how to start contributing makes it much easier for new

+ contributors to get involved. This is a good place to cover the

+ expectations about code style, documentation, tests, etc.

+ 

+ === API Documentation

+ 

+ All APIs should be documented. Users should never have to consult the

+ source code to use the project's API.

+ 

+ ==== Python

+ 

+ Python API documentation is easily generated by using the

+ http://www.sphinx-doc.org/en/stable/tutorial.html#autodoc[autodoc]

+ extension. Following these steps will create rich HTML, PDF, EPUB, or

+ man format documentation:

+ 

+ [arabic]

+ . All modules should contain a documentation block at the top of the

+ file that describes the module's purpose and documents module-level

+ attributes it provides as part of its public interface. In the case of a

+ package's `__init__.py`, this should document the package's purpose.

+ . All classes should have documentation blocks that describe their

+ purpose, any attributes they have, and example usage if appropriate.

+ . All methods and functions should have documentation blocks that

+ describe their purpose, the arguments they accept, the types of those

+ arguments, and example usage if appropriate.

+ . Make use of Sphinx's

+ http://www.sphinx-doc.org/en/stable/domains.html#cross-referencing-python-objects[cross-referencing]

+ feature. This will generate links between objects in the documentation.

+ 

+ ==== HTTP APIs

+ 

+ Many projects provide an HTTP-based API. Use

+ http://pythonhosted.org/sphinxcontrib-httpdomain/[sphinxcontrib-httpdomain]

+ to produce the HTTP interface documentation. This task is made

+ significantly easier if the project using a web framework that

+ http://pythonhosted.org/sphinxcontrib-httpdomain/[sphinxcontrib-httpdomain]

+ supports, like Flask. In that case, all you need to do is add the

+ http://pythonhosted.org/sphinxcontrib-httpdomain/[sphinxcontrib-httpdomain]

+ ReStructuredText directives to the functions or classes that provide the

+ Flask endpoints.

+ 

+ After that, all you need to do is use the `autoflask` ReStructuredText

+ directive.

+ 

+ === Release Notes and ChangeLog

+ 

+ The release notes (or the changelog) can be managed using

+ https://pypi.org/project/towncrier/[towncrier]. It can build a release

+ notes files by assembling items that would be written in separate files

+ by each pull request (or commit). This way, the different commits will

+ not conflict by writing in the same changelog file, and a link to the

+ issue, the pull request or the commit is automatically inserted.

+ 

+ In your project root, add a `pyproject.toml` file with a

+ `tool.towncrier` section similar to the one in

+ https://raw.githubusercontent.com/fedora-infra/fedora-messaging/master/pyproject.toml[fedora-messaging].

+ 

+ Create a `news` directory where the news items will be written, and in

+ there create a `_template.rst` file with a content similar to the one in

+ https://raw.githubusercontent.com/fedora-infra/fedora-messaging/master/news/_template.rst[fedora-messaging].

+ 

+ Of course, replace `fedora_messaging` and the project URL by yours,

+ where applicable.

+ 

+ Then create a `docs/changelog.rst` file (location configured in the

+ `pyproject.toml` file) with the follwing content:

+ 

+ ....

+ =============

+ Release Notes

+ =============

+ 

+ .. towncrier release notes start

+ ....

+ 

+ Then each commit can add a file in the `news` folder to document the

+ change. The file has the `source.type` name format, where `type` is one

+ of:

+ 

+ * `feature`: for new features

+ * `bug`: for bug fixes

+ * `api`: for API changes

+ * `dev`: for development-related changes

+ * `author`: for contributor names

+ * `other`: for other changes

+ 

+ And where the `source` part of the filename is:

+ 

+ * `42` when the change is described in issue `42`

+ * `PR42` when the change has been implemented in pull request `42`, and

+ there is no associated issue

+ * `Cabcdef` when the change has been implemented in changeset `abcdef`,

+ and there is no associated issue or pull request.

+ * `username` for contributors (`author` extention). It should be the

+ username part of their commits' email address.

+ 

+ A preview of the release notes can be generated with

+ `towncrier --draft`.

+ 

+ When running `towncrier`, the tool will write the changelog file and

+ remove the individual news fragments. These changes can then be

+ committed as part of the release commit.

+ == fedmsg

+ 

+ https://fedmsg.readthedocs.io/[fedmsg] is a ZeroMQ-based messaging

+ library used throughout Fedora Infrastructure applications. It uses a

+ publish/subscribe design so applications can decide what messages

+ they're interested in receiving.

+ 

+ [WARNING]

+ .Warning

+ ====

+ fedmsg does not guarantee message delivery. Messages will be lost and

+ your application should never depend on the reliable delivery of fedmsgs

+ to function.

+ ======= Topics

+ 

+ ==== Existing Topics

+ 

+ There are many existing https://fedora-fedmsg.readthedocs.org/[topics]

+ in Fedora Infrastructure.

+ 

+ ==== New Topics

+ 

+ When creating new message topics, please use the following format:

+ 

+ ....

+ org.fedoraproject.ENV.CATEGORY.OBJECT[.SUBOBJECT].EVENT

+ ....

+ 

+ Where:

+ 

+ ____

+ * `ENV` is one of [.title-ref]#dev#, [.title-ref]#stg#, or

+ [.title-ref]#production#.

+ * `CATEGORY` is the name of the service emitting the message --

+ something like [.title-ref]#koji#, [.title-ref]#bodhi#, or

+ [.title-ref]#fedoratagger#

+ * `OBJECT` is something like [.title-ref]#package#, [.title-ref]#user#,

+ or [.title-ref]#tag#

+ * `SUBOBJECT` is something like [.title-ref]#owner# or

+ [.title-ref]#build# (in the case where `OBJECT` is

+ [.title-ref]#package#, for instance)

+ * `EVENT` is a verb like [.title-ref]#update#, [.title-ref]#create#, or

+ [.title-ref]#complete#.

+ ____

+ 

+ All 'fields' in a topic *should*:

+ 

+ ____

+ * Be [.title-ref]#singular# (Use [.title-ref]#package#, not

+ [.title-ref]#packages#)

+ * Use existing fields as much as possible (since [.title-ref]#complete#

+ is already used by other topics, use that instead of using

+ [.title-ref]#finished#).

+ ____

+ 

+ *Furthermore*, the _body_ of messages will contain the following

+ envelope:

+ 

+ * A `topic` field indicating the topic of the message.

+ * A `timestamp` indicating the seconds since the epoch when the message

+ was published.

+ * A `msg_id` bearing a unique value distinguishing the message. It is

+ typically of the form <YEAR>-<UUID>. These can be used to uniquely query

+ for messages in the datagrepper web services.

+ * A `crypto` field indicating if the message is signed with the `X509`

+ method or the `gpg` method.

+ * An `i` field indicating the sequence of the message if it comes from a

+ permanent service.

+ * A `username` field indicating the username of the process that

+ published the message (sometimes, `apache` or `fedmsg` or something

+ else).

+ * Lastly, the application-specific body of the message will be contained

+ in a nested `msg` dictionary.

+ == Frameworks and Tools

+ 

+ We attempt to use the same set of frameworks and tools across projects

+ to minimize the number of frameworks developers must keep in their

+ heads.

+ 

+ === Python

+ 

+ ==== Flask

+ 

+ http://flask.pocoo.org/[Flask] is a web microframework for Python based

+ on http://werkzeug.pocoo.org/[Werkzeug] and

+ http://jinja.pocoo.org/[Jinja 2]. It is our preferred framework and all

+ new applications should use it unless there is a very good reason not to

+ do so.

+ 

+ [NOTE]

+ .Note

+ ====

+ For historical reasons, you may find applications that don't use Flask.

+ Other frameworks currently in use include

+ https://www.djangoproject.com/[Django] and

+ http://docs.pylonsproject.org/projects/pyramid/en/latest/[Pyramid].

+ ====Flask is designed to be extensible, so it's common to use extensions

+ with the core flask library. A few common extensions are documented

+ below.

+ 

+ ===== Flask-SQLAlchemy

+ 

+ http://flask-sqlalchemy.pocoo.org/[Flask-SQLAlchemy] integrates Flask

+ with SQLAlchemy. It will configure a scoped session for you, set up a

+ declarative base class, and provide a convenient

+ `flask_sqlalchemy.BaseQuery` sub-class for you.

+ 

+ ==== SQLAlchemy

+ 

+ http://www.sqlalchemy.org/[SQLAlchemy] is an SQL toolkit and Object

+ Relational Mapper. It provides a core set of tools (surprisingly called

+ SQLAlchemy Core) for working with SQL databases, as well as an Object

+ Relational Mapper (SQLAlchemy ORM) which is built using SQLAlchemy Core.

+ 

+ SQLAlchemy is quite flexible and provides a myriad of options. We use

+ SQLAlchemy with its

+ http://docs.sqlalchemy.org/en/latest/orm/extensions/declarative/index.html[Declarative]

+ extension to map SQL tables to Python classes. Once mapped, instances of

+ those Python classes are created from database rows using the

+ http://docs.sqlalchemy.org/en/latest/orm/session.html[Session]

+ interfaces.

+ == Getting Started

+ :toc: right

+ 

+ This document is intended to guide you through your first contribution

+ to a Fedora Infrastructure project. It assumes you are already familiar

+ with the https://git-scm.com/[git] version control system and the

+ https://www.python.org/[Python] programming language.

+ 

+ === Development Environment

+ 

+ The Fedora Infrastructure team uses https://www.ansible.com/[Ansible]

+ and https://vagrantup.com/[Vagrant] to set up development environments

+ for the majority of our projects. It's recommended that you develop on a

+ Fedora host, but that is not strictly required.

+ 

+ To install https://www.ansible.com/[Ansible] and

+ https://vagrantup.com/[Vagrant] on Fedora, run:

+ 

+ ....

+ $ sudo dnf install vagrant libvirt vagrant-libvirt vagrant-sshfs ansible

+ ....

+ 

+ Projects will provide a `Vagrantfile.example` file in the root of their

+ repository if they support using https://vagrantup.com/[Vagrant]. Copy

+ this to `Vagrantfile`, adjust it as you see fit, and then run:

+ 

+ ....

+ $ vagrant up

+ $ vagrant reload

+ $ vagrant ssh

+ ....

+ 

+ This will create a new virtual machine, configure it with

+ https://www.ansible.com/[Ansible], restart it to ensure you're running

+ the latest updates, and then SSH into the virtual machine.

+ 

+ Individual projects will provide detailed instructions for their

+ particular setup.

+ 

+ === Finding a Project

+ 

+ Fedora Infrastructure applications are either on

+ https://github.com/[GitHub] in the

+ https://github.com/fedora-infra[fedora-infra] organization, or on

+ https://pagure.io/[Pagure]. Check out the issues tagged with

+ https://fedoraproject.org/easyfix/[easyfix] for an issue to fix.

+ = Developer Guide

+ 

+ This is a complete guide to contributing to Fedora Infrastructure applications. It targets both new and experienced contributors, and is maintained by those contributors. If the documentation is in need of improvement, please https://pagure.io/infra-docs-fpo/new_issue[file an issue] or submit a pull request.

+ == Messaging

+ 

+ Fedora uses many event-driven services triggered by messages. In the

+ past, this was done with ZeroMQ and

+ https://fedmsg.readthedocs.io/en/stable/[fedmsg]. This has been replaced

+ by an AMQP message broker and the

+ https://fedora-messaging.readthedocs.io/en/latest/[fedora-messaging] for

+ Python applications. This documentation outlines the policies for

+ sending and receiving messages. To learn how to send and receive

+ messages, see the fedora-messaging documentation.

+ 

+ === Broker URLs

+ 

+ The broker consists of multiple RabbitMQ nodes. They are available

+ through the proxies at `amqps://rabbitmq.fedoraproject.org` for

+ production and `amqps://rabbitmq.stg.fedoraproject.org` for staging.

+ Clients can connect using these URLs both inside and outside the Fedora

+ VPN, but users outside need to use a separate virtual host. Consult the

+ https://fedora-messaging.readthedocs.io/en/stable/fedora-broker.html[fedora-messaging

+ documentation] for details on how to connect externally.

+ 

+ === Identity

+ 

+ In order to help with debugging, clients must configure the

+ https://fedora-messaging.readthedocs.io/en/latest/configuration.html#client-properties[client_properties]

+ option to include their application name under the `app` key. Clients

+ should include the application version, if possible, in the

+ `app_version` key.

+ 

+ === Authentication

+ 

+ When applications are deployed, clients must authenticate with the

+ message broker over a TLS connection using x509 certificates. There are

+ https://fedora-messaging.readthedocs.io/en/stable/configuration.html#tls[configuration

+ options] for this in fedora-messaging.

+ 

+ Clients require certificates issued by Fedora Infrastructure. If you're

+ not using the external, read-only user, file a

+ https://pagure.io/fedora-infrastructure/issues[ticket] requesting a

+ certificate for the AMQP broker and be sure to provide the username you

+ plan to use. This is placed in the Common Name of the client certificate

+ and must match the name of the user you create in AMQP. Consult the

+ Authorization section below for details on creating users, queues, and

+ bindings.

+ 

+ === Authorization

+ 

+ The message broker can use https://www.rabbitmq.com/vhosts.html[virtual

+ hosts] to allow multiple applications to use the broker. The general

+ purpose publish-subscribe virtual host is called `/pubsub` and has its

+ authorization policy is outlined below. If your application is using a

+ different virtual host for private messaging (for example, your

+ application uses Celery), different authorization rules apply.

+ 

+ ==== pubsub Virtual Host

+ 

+ AMQP clients do not have permission to create exchanges, queues, or

+ bindings. However, they can and should declare the exchanges, queues,

+ and bindings they expect to exist in their fedora-messaging

+ configuration so that if they do not exist, the application will fail

+ with a helpful error message about which resource is not available.

+ 

+ [WARNING]

+ .Warning

+ ====

+ Because AMQP clients don't have permission to create objects, you need

+ to set

+ https://fedora-messaging.readthedocs.io/en/stable/configuration.html#passive-declares[passive_declares

+ = true] or you will get 403 Permission Denied errors.

+ ====Users, exchanges, queues, bindings, and

+ https://www.rabbitmq.com/vhosts.html[virtual hosts] other objects are

+ managed in the broker using the Fedora Infrastructure Ansible project

+ and must be declared there.

+ 

+ To do so, you can use the `rabbit/queue` role in the Ansible repository.

+ An example usage in your deployment playbook would be:

+ 

+ ....

+ roles:

+   - role: rabbit/queue

+     username: bodhi

+     queue_name: bodhi_masher

+     routing_keys:

+       - "routing_key1"

+       - "routing_key2"

+ ....

+ 

+ Note that users only have permissions to read from queues prefixed with

+ their name so if your username is "bodhi", all queues must start with

+ "bodhi". The username must also match the common name in the x509

+ certificate used for authentication.

+ 

+ If you want to create a user that will only need to publish messages,

+ and not consume them, you can use the `rabbit/user` role in the Ansible

+ repository. An example usage in your deployment playbook would be:

+ 

+ ....

+ roles:

+   - role: rabbit/user

+     username: bodhi