Development¶
Development for PyKMIP is open to all contributors. Use the information provided here to inform your contributions and help the project maintainers review and accept your work.
Getting Started¶
File a new issue on the project issue tracker on GitHub describing the work you intend on doing. This is especially recommended for any sizable contributions, like adding support for a new KMIP operation or adding a new cryptographic backend for the server. Provide as much information on your feature request as possible, using information from the KMIP specifications or existing feature support in PyKMIP where applicable.
The issue number for your new issue should be included at the end of the commit message of each patch related to that issue.
If you simply want to request a new feature but do not intend on working on it, file your issue as normal and the project maintainers will triage it for future work.
Writing Code¶
New code should be written in its own Git branch, ideally branched from
HEAD
on master
. If other commits are merged into master
after your
branch was created, be sure to rebase your work on the current state of
master
before submitting a pull request to GitHub.
New code should generally follow PEP 8
style guidelines, though there are
exceptions that will be allowed in special cases. Run the flake8
tests to
check your code before submitting a pull request (see Running Tests).
Writing Documentation¶
Like new code, new documentation should be written in its own Git branch.
All PyKMIP documentation is written in RST format and managed using
sphinx
. It can be found under docs/source
.
If you are interested in contributing to the project documentation, install the project documentation requirements:
$ pip install -r doc-requirements.txt
To build the documentation, navigate into the docs
directory and run:
$ make html
This will build the PyKMIP documentation as HTML and place it under the new
docs/build/html
directory. View it using your preferred web browser.
Commit Messages¶
Commit messages should include a single line title (75 character max) followed by a blank line and a description of the change, including feature details, testing and documentation updates, feature limitations, known issues, etc.
The issue number for the issue associated with the commit should be included
at the end of the commit message, if it exists. If the commit is the final one
for a specific issue, use Closes #XXX
or Fixes #XXX
to link the issue
and close it simultaneously. For example, see ths commit for Issue #312:
Fix bug generating detached instance errors in server tests
This patch fixes a bug that generates intermittent sqlalchemy
DetachedInstanceErrors during the KMIP server engine unit test
execution. Specifically, this fix disables instance expiration on
commit for the sqlalchemy sessions used throughout the unit tests,
allowing access to instance attributes even if the instance is
detached from a session.
Fixes #312
Bug Fixes¶
If you have found a bug in PyKMIP, file a new issue and use the title format
Bug: <brief description here>
. In the body of the issue please provide as
much information as you can, including Python version, PyKMIP version,
operating system version, and any stacktraces or logging information produced
by PyKMIP related to the bug. See What to put in your bug report for a
breakdown of bug reporting best practices.
If you are working on a bug fix for a bug in master
, follow the general
guidelines above for branching and code development (see Writing Code).
If you are working on a bug fix for an older version of PyKMIP, your branch
should be based on the latest commit of the repository branch for the version
of PyKMIP the bug applies to (e.g., branch release-0.6.0
for PyKMIP 0.6).
The pull request for your bug fix should also target the version branch in
question. If applicable, it will be pulled forward to newer versions of
PyKMIP, up to and including master
.
Running Tests¶
PyKMIP uses tox
to manage testing across multiple Python versions. tox
in turn uses pytest
to run individual tests. Test infrastructure currently
supports Python 2.7, 3.4, 3.5, 3.6, and 3.7. Additional test environments are
provided for security, style, and documentation checks.
Note
All of the tox
commands discussed in this section should be run from
the root of the PyKMIP repository, in the same directory as the
tox.ini
configuration file.
The style checks leverage flake8
and can be run like so:
$ tox -e pep8
The security checks use bandit
and can be run like so:
$ tox -e bandit
The documentation checks leverage sphinx
to build the HTML documentation
in a temporary directory, verifying that there are no errors. These checks
can be run like so:
$ tox -e docs
To run the above checks along with the entire unit test suite, simply run
tox
without any arguments:
$ tox
Unit Tests¶
The unit test suite tests many of the individual components of the PyKMIP code base, verifying that each component works correctly in isolation. Ideal code coverage would include the entire code base. To facilitate improving coverage, test coverage results are included with each Python unit test environment.
To test against a specific Python version (e.g., Python 2.7), run:
$ tox -e py27
To run an individual test suite method or class, use the pytest
-k
flag to specify the name of the method or class to execute. For example, to
run the TestProxyKmipClient
test suite class under Python 2.7, run:
$ tox -e py27 -- -k TestProxyKmipClient
For more information on the -k
flag, see the pytest documentation.
Integration Tests¶
The integration test suite tests the functionality of the PyKMIP clients against a KMIP server, verifying that the right response data and status codes are returned for specific KMIP requests. A KMIP server must already be running and available over the network for the integration test cases to pass.
Code base coverage is not a goal of the integration test suite. Code coverage statistics are therefore not included in the output of the integration tests. For code coverage, run the unit tests above.
For the Travis CI tests run through GitHub, the KMIP server used for integration testing is actually an instance of the PyKMIP server, allowing us to verify the functionality of the clients and server simultaneously.
Any third-party KMIP server can be tested using the integration test suite. Simply add a section to the client configuration file containing the connection settings for the server and provide the name of the new section when invoking the integration tests.
To run the integration test suite, the configuration file section name for
the client settings must be passed to the test suite using the --config
configuration argument. Assuming the section name is server_1
, the
following tox
command will set up and execute the integration tests:
$ tox -r -e integration -- --config server_1
Like the unit tests, use the -k
flag to specify a specific test suite
method or class.
$ tox -r -e integration -- --config server_1 -k TestProxyKmipClientIntegration
Functional Tests¶
The functional test suite tests capabilities and functionality specific to the PyKMIP server. While similar in structure to the integration test suite described above, the functional tests cannot be used with arbitrary third-party servers and require a very specific environment in which to operate successfully. Therefore, the functional tests are usually only used for continuous integration testing via Travis CI.
Like the integration test suite, code base coverage is not a goal of the functional test suite. For code coverage, run the unit tests above.
The functional tests specifically exercise third-party authentication and
group-based access control features supported by the PyKMIP server. The
third-party authentication system in this case is an instance of SLUGS.
The PyKMIP client/server certificates and server operation policies must
align exactly with the user/group information provided by SLUGS for the
functional tests to pass. For more information, see the Travis CI build
information under .travis
in the PyKMIP repository.
To invoke the functional tests, the configuration file path must be passed
to the test suite using the --config-file
configuration argument. Assuming
the file path is /tmp/pykmip/client.conf
, the following tox
command
will set up and execute the functional tests:
$ tox -r -e functional -- --config-file /tmp/pykmip/client.conf
Like the unit and integration tests, use the -k
flag to specify a specific
test suite method or class.
$ tox -r -e functional -- --config-file /tmp/pykmip/client.conf -k test_policy_caching
For more information on the testing tools used here, see the following resources: