Add locker and notifier logging (#69)

- Add locker git ops logging
- Add notifier logging
- Ensure STDOUT notifier always runs
- Add remote locker push failure notification behavior
- Fix links in CONTRIBUTING.md
- Fix formatting and content in coding standards rst
- Update notifier unit tests

Author: alfinkel

CHANGES.md

@@ -1,3 +1,10 @@
+# 1.5.0 (2020-09-14)
+
+- [ADDED] Remote locker push failure notifications were added.
+- [ADDED] Logging for git locker operations was added.
+- [ADDED] Notifier logging was added.
+- [CHANGED] The file descriptor (stdout) notifier always notifies now.
+
 # 1.4.0 (2020-09-03)
 
 - [CHANGED] PagerDuty notifier can send alerts for a subset of the accreditation checks based on the config.

CONTRIBUTING.md

@@ -1,12 +1,12 @@
 # Contributing
 
-If you want to add to the framework, please familiarise yourself with the code & our [Coding Standards][]. Make a fork of the repository & file a Pull Request from your fork with the changes. You will need to click the checkbox in the template to show you agree to the [Developer Certificate of Origin](../blob/master/DCO1.1.txt).
+If you want to add to the framework, please familiarize yourself with the code & our [Coding Standards][]. Make a fork of the repository & file a Pull Request from your fork with the changes. You will need to click the checkbox in the template to show you agree to the [Developer Certificate of Origin](https://github.com/ComplianceAsCode/auditree-framework/blob/main/DCO1.1.txt).
 
 If you make **regular & substantial contributions** to Auditree, you may want to become a collaborator. This means you can approve pull requests (though not your own) & create releases of the tool. Please [file an issue][new collab] to request collaborator access. A collaborator supports the project, ensuring coding standards are met & best practices are followed in contributed code, cutting & documenting releases, promoting the project etc.
 
 ## Fetchers & checks
 
-If you would like to contribute checks, either add them via PR to[Arboretum][] or push to your own repository & let us know of its existence.
+If you would like to contribute checks, either add them via PR to [Arboretum][] or push to your own repository & let us know of its existence.
 
 There are some guidelines to follow when making a common fetcher or check:
 
@@ -77,9 +77,8 @@ example `[ADDED]`, `[CHANGED]`, etc.
 
 [semver]: https://semver.org/
 [changelog]: https://keepachangelog.com/en/1.0.0/#how
-
 [Arboretum]: https://github.com/ComplianceAsCode/auditree-arboretum
-[Coding Standards]: https://github.com/ComplianceAsCode/auditree-framework/blob/master/doc/coding-standards.rst
+[Coding Standards]: https://complianceascode.github.io/auditree-framework/coding-standards.html
 [flake8]: https://gitlab.com/pycqa/flake8
 [new collab]: https://github.com/ComplianceAsCode/auditree-framework/issues/new?template=new-collaborator.md
 [yapf]: https://github.com/google/yapf

compliance/__init__.py

@@ -14,4 +14,4 @@
 # limitations under the License.
 """Compliance automation package."""
 
-__version__ = '1.4.0'
+__version__ = '1.5.0'

compliance/locker.py

@@ -30,7 +30,10 @@
     format_json, get_sha256_hash, parse_dot_key
 )
 from compliance.utils.exceptions import (
-    EvidenceNotFoundError, HistoricalEvidenceNotFoundError, StaleEvidenceError
+    EvidenceNotFoundError,
+    HistoricalEvidenceNotFoundError,
+    LockerPushError,
+    StaleEvidenceError
 )
 
 import git
@@ -180,11 +183,10 @@ def init(self):
 
     def logger_init_msgs(self):
         """Log locker initialization information."""
-        self.logger.info(f'Local locker location is {self.local_path}')
         gpgsign = self.gitconfig.get('commit', {}).get('gpgsign')
         if self._do_push and not gpgsign:
             self.logger.warning(
-                'Commits will not be cryptographically signed, best '
+                'Commits may not be cryptographically signed, best '
                 'practice is to set gitconfig.commit.gpgsign to true '
                 'in your locker configuration.'
             )
@@ -523,8 +525,12 @@ def validate(self, evidence, ignore_ttl=False):
     def checkout(self):
         """Pull (clone) the remote repository to the local git repository."""
         if os.path.isdir(os.path.join(self.local_path, '.git')):
+            self.logger.info(f'Using locker found in {self.local_path}...')
             self.repo = git.Repo(self.local_path)
         else:
+            self.logger.info(
+                f'Cloning locker {self.repo_url} to {self.local_path}...'
+            )
             self.repo = git.Repo.clone_from(
                 self.repo_url_with_creds, self.local_path, branch=self.branch
             )
@@ -550,6 +556,9 @@ def checkin(self, message=None):
                 f'Files updated at local time {time.ctime(time.time())}'
                 f'\n\n{updated_files}'
             )
+        self.logger.info(
+            f'Committing changes to local locker in {self.local_path}...'
+        )
         try:
             diff = self.repo.index.diff('HEAD')
             if len(diff) > 0:
@@ -560,7 +569,12 @@ def checkin(self, message=None):
     def push(self):
         """Push the local git repository to the remote repository."""
         if self._do_push:
-            self.repo.remotes[0].push()
+            self.logger.info(
+                f'Pushing local locker to remote repo {self.repo_url}...'
+            )
+            push_info = self.repo.remotes[0].push()[0]
+            if push_info.flags >= git.remote.PushInfo.ERROR:
+                raise LockerPushError(push_info)
 
     def add_content_to_locker(self, content, folder='', filename=None):
         """
@@ -694,7 +708,7 @@ def __enter__(self):
 
     def __exit__(self, exc_type, exc_val, exc_tb):
         """
-        Handle local locker checkin and remote push if applicable.
+        Handle local locker check-in and remote push if applicable.
 
         Log an exception if raised, commit the files to the repo and if
         configured push it up to the `repo_url`.
@@ -708,8 +722,10 @@ def __exit__(self, exc_type, exc_val, exc_tb):
 
     def _repo_init(self):
         if os.path.isdir(os.path.join(self.local_path, '.git')):
+            self.logger.info(f'Using locker found in {self.local_path}...')
             self.repo = git.Repo(self.local_path)
         else:
+            self.logger.info(f'Creating locker in {self.local_path}...')
             self.repo = git.Repo.init(self.local_path)
         self.init_config()