api_deploy 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 4356024b83ed5522e9d629fadd46d4f9748c8272
+  data.tar.gz: 903189ec8f159c851a7f2a62f8db0a158240e242
+SHA512:
+  metadata.gz: 28a04b7beadb8c10581ff3d065c81a5b5004239380c6c56751dcaf8a83332f652985a2058391eb21aa1f63ea67d6c8b864ebc605d98a96522c21b471fe09c90e
+  data.tar.gz: 4ffc454e8dcb6b52e7339be99d694248dacc2ec15679d56d6d6b67cb22e3ecf444f5ae1c7dc4e2398cc669e2010d28610b1f01cce933f3a1dc2418a338359dbb

data/.dockerignore

@@ -0,0 +1 @@
+Dockerfile

data/.gitattributes

@@ -0,0 +1 @@
+*vault binary

data/.gitignore

@@ -0,0 +1,37 @@
+*.gem
+*.swp
+*.rbc
+/.config
+config/overrides*
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/test/tmp/
+/test/version_tmp/
+/tmp/
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalisation:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+# Gemfile.lock
+# .ruby-version
+# .ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc

data/.vault_pass.py

@@ -0,0 +1,4 @@
+#!/usr/bin/env python
+import os
+
+print(os.environ['VP'])

data/Dockerfile

@@ -0,0 +1,29 @@
+# ruby dependencies and ansible
+#FROM docker.artifactory.yoox.net/ruby:2.4.0-alpine
+FROM ruby:2.4-alpine
+RUN apk add --update --no-cache make ansible less
+
+# takes VP as --build-arg for vault pass
+ARG VP=''
+
+# creates workdir
+ENV APP_PATH /app/
+RUN mkdir $APP_PATH
+WORKDIR $APP_PATH
+
+# decrypts vault in machine
+COPY config/vault vault
+COPY .vault_pass.py .
+RUN mkdir ~/.config/
+RUN ansible-vault view --vault-password-file=.vault_pass.py vault > ~/.config/api_deploy_overrides.json
+
+# setup gem deps
+COPY Gemfile* $APP_PATH
+RUN bundle config build.nokogiri --use-system-libraries
+RUN bundle install
+
+# copy in app
+COPY . $APP_PATH
+
+# set LOG_LEVEL to verbose
+#ENV LOG_LEVEL info

data/Gemfile

@@ -0,0 +1,12 @@
+#source 'https://rubygems.org'
+source 'http://artifactory.yoox.net/artifactory/api/gems/gems'
+
+gem 'faraday'
+gem 'artifactory'
+gem 'github_api'
+gem 'require_all'
+gem 'logging'
+gem 'hashie'
+gem 'net-ldap'
+gem 'rspec'
+gem 'pry'

data/Gemfile.lock

@@ -0,0 +1,73 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.4.0)
+    artifactory (2.7.0)
+    coderay (1.1.1)
+    descendants_tracker (0.0.4)
+      thread_safe (~> 0.3, >= 0.3.1)
+    diff-lcs (1.3)
+    faraday (0.9.2)
+      multipart-post (>= 1.2, < 3)
+    github_api (0.14.5)
+      addressable (~> 2.4.0)
+      descendants_tracker (~> 0.0.4)
+      faraday (~> 0.8, < 0.10)
+      hashie (>= 3.4)
+      oauth2 (~> 1.0)
+    hashie (3.5.5)
+    jwt (1.5.6)
+    little-plugger (1.1.4)
+    logging (2.1.0)
+      little-plugger (~> 1.1)
+      multi_json (~> 1.10)
+    method_source (0.8.2)
+    multi_json (1.12.1)
+    multi_xml (0.6.0)
+    multipart-post (2.0.0)
+    net-ldap (0.16.0)
+    oauth2 (1.3.1)
+      faraday (>= 0.8, < 0.12)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
+    pry (0.10.4)
+      coderay (~> 1.1.0)
+      method_source (~> 0.8.1)
+      slop (~> 3.4)
+    rack (2.0.1)
+    require_all (1.4.0)
+    rspec (3.5.0)
+      rspec-core (~> 3.5.0)
+      rspec-expectations (~> 3.5.0)
+      rspec-mocks (~> 3.5.0)
+    rspec-core (3.5.4)
+      rspec-support (~> 3.5.0)
+    rspec-expectations (3.5.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.5.0)
+    rspec-mocks (3.5.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.5.0)
+    rspec-support (3.5.0)
+    slop (3.6.0)
+    thread_safe (0.3.6)
+
+PLATFORMS
+  ruby
+  x64-mingw32
+
+DEPENDENCIES
+  artifactory
+  faraday
+  github_api
+  hashie
+  logging
+  net-ldap
+  pry
+  require_all
+  rspec
+
+BUNDLED WITH
+   1.14.2

data/Jenkinsfile

@@ -0,0 +1,14 @@
+#!/usr/bin/env groovy
+env.dockerTag = env.BUILD_TAG.toLowerCase()
+
+properties([pipelineTriggers([cron('H 23 * * *')])])
+
+stage("apply_restrictions"){
+  node(){
+    withCredentials([usernamePassword( credentialsId: 'vault_jenkins_cred_ansible_api_deploy_vault_password',
+          usernameVariable: 'UNUSED', passwordVariable: 'VP')]) {
+      checkout scm
+        sh "make apply_restrictions"
+    }
+  }
+}

data/Makefile

@@ -0,0 +1,38 @@
+.PHONY: all
+all: shell
+
+setup:
+dockerTag := "localtest-$(shell date +%s)"
+
+shell: build
+	@docker run --rm -it ${dockerTag} /bin/sh
+
+build:
+	@docker build -f Dockerfile --build-arg VP=${VP} -t ${dockerTag} .
+
+run: build
+	@docker run -e VP=${VP} --rm --name ${dockerTag} -t ${dockerTag} ./bin/${command}
+
+run_interactive: build
+	@docker run -e VP=${VP} --rm --name ${dockerTag} -it ${dockerTag} ./bin/${command}
+
+test: build
+	docker run --rm --name ${dockerTag} -t ${dockerTag} rake
+
+apply_restrictions:
+	make run command=apply_restrictions
+
+ruby:
+	make run_interactive command=api_deploy
+
+ldap:
+	make run_interactive command=ldap
+
+bb:
+	make run_interactive command=bitbucket
+
+get_all_repo_sizes:
+	make run_interactive command=get_all_repo_sizes
+
+edit_config_vault:
+	ansible-vault edit --vault-password-file=.vault_pass.py config/vault

data/README.md

@@ -0,0 +1,38 @@
+# ApiDeploy
+
+## Console tools
+
+### LDAP
+Opens a ruby shell with a ldap query object
+```
+$> VP='vault_pass' NAP_BIND_USER='' NAP_BIND_PASS='' YOOX_BIND_USER='' YOOX_BIND_PASS='' make ldap
+
+[1] pry(main)> ldap.user 'hawkinsf'
+....
+
+[1] pry(main)> ldap.group 'cicd'
+...
+```
+
+### Shell
+Opens a bash shell in the api_deployer
+```
+$> VP='vault_pass' make shell
+
+$>
+```
+
+### Interactive
+Opens a ruby shell in the api_deployer
+```
+$> VP='vault_pass' make interactive
+
+[1] pry(main)>
+```
+
+### Apply restrictions
+Applies bitbucket repo restrictions
+```
+$> VP='vault_pass' make apply_restrictions
+...
+```

data/Rakefile

@@ -0,0 +1,9 @@
+begin
+  require 'rspec/core/rake_task'
+
+  RSpec::Core::RakeTask.new(:spec)
+
+  task :default => :spec
+rescue LoadError
+  # no rspec available
+end

data/api_deploy.gemspec

@@ -0,0 +1,16 @@
+Gem::Specification.new do |s|
+  s.name        = 'api_deploy'
+  s.version     = '0.1.0'
+  s.licenses    = ['MIT']
+  s.summary     = "gem for yoox-nap api deployment"
+  s.description = "can also be run as a server"
+  s.authors     = ["Felix Hawkins"]
+  s.email       = 'felix@whimsicaldoodles.com'
+  s.homepage    = 'https://rubygems.org/gems/example'
+  s.require_paths = ['lib']
+  s.files         = `git ls-files`.split("\n")
+
+  %w{ require_all rspec github_api faraday artifactory logging thin hashie net-ldap pry}.each do |gem|
+    s.add_runtime_dependency gem
+  end
+end

data/bin/api_deploy

@@ -0,0 +1,6 @@
+#! /usr/bin/env ruby
+
+$: << 'lib'
+require 'libraries'
+
+require 'pry';binding.pry

data/bin/apply_restrictions

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+
+$: << 'lib'
+require 'libraries'
+
+bb = Bitbucket.new
+bb.apply_restrictions

data/bin/bitbucket

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+
+$: << 'lib'
+require 'libraries'
+
+bb = Bitbucket.new
+require 'pry';binding.pry

data/bin/get_all_repo_sizes

@@ -0,0 +1,18 @@
+#!/usr/bin/env ruby
+
+$: << 'lib'
+require 'libraries'
+
+g = GithubApi.new
+
+list = g.api.repos.list(per_page: 10000)
+sizes = {}
+list.each_page do |page|
+  page.each do |page|
+    sizes[page[:name]] = page[:size]
+  end
+end
+
+sorted = sizes.sort_by {|k,v| v }
+
+require 'pry';binding.pry

data/bin/ldap

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+
+$: << 'lib'
+require 'libraries'
+
+ldap = LdapApi.new
+require 'pry';binding.pry

data/config/defaults.json

@@ -0,0 +1,21 @@
+{
+  "teamcity":{
+    "url":"http://teamcity.yoox.net/httpAuth/app/rest",
+    "user":"continuous_integration",
+    "pass":"PASSWORD"
+  },
+  "artifactory":{
+    "url":"http://artifactory.yoox.net/artifactory",
+    "user":"continuous_integration",
+    "pass":"PASSWORD"
+  },
+  "octopus":{
+    "url":"http://octopus3.yoox.net/api",
+    "api_key":"APIKEY"
+  },
+  "bitbucket":{
+    "url":"https://git.yoox.net/",
+    "user":"administrator",
+    "pass":"PASSWORD"
+  }
+}

data/lib/api.rb

@@ -0,0 +1,45 @@
+module API
+  attr_reader :api
+
+  def create_api(config)
+    @api = Faraday.new(url: config.url) do |connection|
+      connection.ssl[:verify] = false
+      connection.adapter :net_http
+      if config.api_key
+        connection.headers['X-Octopus-ApiKey'] = config.api_key
+      else
+        connection.basic_auth(config.user, config.pass)
+      end
+    end
+  end
+
+  def request(method, url, query=nil, type="json", parse=true)
+    if query
+      Log.warn "request url: #{method.upcase} #{api.url_prefix}#{url}"
+      Log.info "request body: #{query}"
+      response = api.send(method) do |request|
+        request.url url
+        request.body = query
+        request.headers['Content-Type'] = "application/#{type}"
+      end
+    else
+      Log.warn "request url: #{method.upcase} #{api.url_prefix}#{url}"
+      response = api.send(method) do |request|
+        request.url url
+        request.headers['Content-Type'] = "application/#{type}"
+      end
+    end
+
+    Log.warn "response code: #{response.status}"
+    Log.info "response body: #{response.body}"
+    parse ? parsed_response(response) : response
+  end
+
+  def parsed_response(resp)
+    if resp.headers['content-type'] =~ /application\/json/
+      JSON.parse(resp.body)
+    else
+      resp
+    end
+  end
+end

data/lib/api_deploy.rb

@@ -0,0 +1,5 @@
+require 'require_all'
+require_relative 'libraries'
+
+class ApiDeploy
+end

data/lib/artifactory_api.rb

@@ -0,0 +1,13 @@
+class ArtifactoryApi
+  include Artifactory::Resource
+  attr_reader :api
+
+  def initialize
+    @api = Artifactory::Client.new(
+      endpoint: ConfigStore.artifactory.url,
+      username: ConfigStore.artifactory.user,
+      password: ConfigStore.artifactory.pass
+    )
+  end
+
+end