bosh-workspace 0.9.2 → 0.9.3

data/spec/rugged_spec.rb

@@ -0,0 +1,64 @@
+# Excluded by default can be executed by running:
+# rspec spec/rugged_spec.rb --tag rugged
+
+describe "Rugged::Credentials allowed_types", rugged: true do
+  let(:repo) { Rugged::Repository.new(project_root)}
+  let(:remote) { repo.remotes.create_anonymous(url) }
+  let(:auth_callback) { double }
+
+  subject { remote.ls(credentials: auth_callback).first }
+
+  context 'git protocol' do
+    let(:url) { "git://github.com/example/foo.git" }
+    it "does not support authentication" do
+      allow(auth_callback).to receive(:call)
+      expect{ subject }.to raise_error /repository not found/i
+    end
+  end
+
+  context "with allowed_types" do
+    let(:user) { nil }
+    before do
+      expect(auth_callback).to receive(:call).with(url, user, allowed_types)
+        .and_return(Rugged::Credentials::Default.new)
+    end
+
+    context 'https protocol' do
+      let(:url) { "https://github.com/example/foo.git" }
+      let(:allowed_types) { [:plaintext] }
+
+      it "allows plaintext" do
+        expect{ subject }.to raise_error /invalid credential type/i
+      end
+    end
+
+    context 'http protocol' do
+      let(:url) { "http://github.com/example/foo.git" }
+      let(:allowed_types) { [:plaintext] }
+
+      it "allows plaintext" do
+        expect{ subject }.to raise_error /invalid credential type/i
+      end
+    end
+
+    context 'ssh protocol style 1' do
+      let(:url) { "git@github.com:example/foo.git" }
+      let(:user) { "git" }
+      let(:allowed_types) { [:ssh_key] }
+
+      it "allows ssh_key" do
+        expect{ subject }.to raise_error /invalid credential type/i
+      end
+    end
+
+    context 'ssh protocol style 2' do
+      let(:url) { "ssh://git@github.com/example/foo.git" }
+      let(:user) { "git" }
+      let(:allowed_types) { [:ssh_key] }
+
+      it "allows ssh_key" do
+        expect{ subject }.to raise_error /invalid credential type/i
+      end
+    end
+  end
+end

data/spec/schemas/credentials_spec.rb

@@ -1,28 +1,45 @@
 module Bosh::Workspace::Schemas
   describe Credentials do
-    let(:username_password) do
-      { "url" => "foo", "username" => "bar", "password" => "baz" }
+    let(:user_pass_url) { "http://foo" }
+    let(:user_pass) do
+      { "url" => user_pass_url, "username" => "bar", "password" => "baz" }
     end
+    let(:ssh_url) { "ssh://bar" }
     let(:ssh_key) do
-      { "url" => "bar", "private_key" => "foobarkey" }
+      { "url" => ssh_url, "private_key" => "foobarkey" }
     end
+    let(:credentials) { [user_pass, ssh_key] }
 
     subject { Credentials.new.validate(credentials) }
 
     context "valid credentials" do
-      let(:credentials) { [username_password, ssh_key] }
       it { expect { subject }.to_not raise_error }
     end
 
     %w(url username password private_key).each do |field_name|
       context "missing #{field_name}" do
         let(:credentials) do
-          [username_password, ssh_key].map do |c|
+          [user_pass, ssh_key].map do |c|
             c.delete_if { |k| k == field_name }
           end
         end
         it { expect { subject }.to raise_error(/doesn't validate/i) }
       end
     end
+
+    context "unsupported protocol" do
+      let(:ssh_url) { 'git://foo' }
+      it { expect { subject }.to raise_error /not supported/ }
+    end
+
+    context "http protocol credentials mismatch" do
+      let(:ssh_url) { 'http://foo' }
+      it { expect { subject }.to raise_error /username\/password/ }
+    end
+
+    context "ssh protocol credentials mismatch" do
+      let(:user_pass_url) { 'ssh://foo' }
+      it { expect { subject }.to raise_error /private_key/ }
+    end
   end
 end

data/spec/spec_helper.rb

@@ -23,6 +23,7 @@ require "bosh/workspace/tasks"
 
 RSpec.configure do |config|
   config.filter_run focus: true
+  config.filter_run_excluding rugged: true
   config.run_all_when_everything_filtered = true
   config.raise_errors_for_deprecations!
   config.expect_with :rspec do |c|

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bosh-workspace
 version: !ruby/object:Gem::Version
-  version: 0.9.2
+  version: 0.9.3
 platform: ruby
 authors:
 - Ruben Koster
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-09-16 00:00:00.000000000 Z
+date: 2015-10-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bosh_cli
@@ -38,6 +38,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.2905.0
+- !ruby/object:Gem::Dependency
+  name: bosh-template
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2905.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2905.0
 - !ruby/object:Gem::Dependency
   name: semi_semantic
   requirement: !ruby/object:Gem::Requirement
@@ -114,28 +128,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: 3.3.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: 3.3.0
 - !ruby/object:Gem::Dependency
   name: rspec-its
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.1.0
+        version: 1.2.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.1.0
+        version: 1.2.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -188,14 +202,14 @@ files:
 - lib/bosh/workspace.rb
 - lib/bosh/workspace/credentials.rb
 - lib/bosh/workspace/deployment_patch.rb
-- lib/bosh/workspace/git_remote_url.rb
+- lib/bosh/workspace/git_credentials_provider.rb
 - lib/bosh/workspace/helpers/dns_helper.rb
-- lib/bosh/workspace/helpers/git_credentials_helper.rb
+- lib/bosh/workspace/helpers/git_protocol_helper.rb
 - lib/bosh/workspace/helpers/project_deployment_helper.rb
 - lib/bosh/workspace/helpers/release_helper.rb
-- lib/bosh/workspace/helpers/spiff_helper.rb
 - lib/bosh/workspace/helpers/stemcell_helper.rb
 - lib/bosh/workspace/manifest_builder.rb
+- lib/bosh/workspace/merge_tool.rb
 - lib/bosh/workspace/project_deployment.rb
 - lib/bosh/workspace/release.rb
 - lib/bosh/workspace/schemas/credentials.rb
@@ -212,6 +226,7 @@ files:
 - lib/bosh/workspace/tasks/workspace.rake
 - lib/bosh/workspace/version.rb
 - spec/assets/bin/spiff
+- spec/assets/bin/spruce
 - spec/assets/dns/job-properties.yml
 - spec/assets/dns/jobs.yml
 - spec/assets/dns/networks-manual.yml
@@ -227,6 +242,7 @@ files:
 - spec/assets/manifests-repo/.manifests/foo.yml
 - spec/assets/manifests-repo/deployments/bar.yml
 - spec/assets/manifests-repo/deployments/foo.yml
+- spec/assets/manifests-repo/stubs/foo.yml
 - spec/assets/manifests-repo/templates/foo/bar.yml
 - spec/assets/submodule-boshrelease-repo.zip
 - spec/assets/supermodule-boshrelease-repo.zip
@@ -236,16 +252,17 @@ files:
 - spec/commands/project_deployment_spec.rb
 - spec/credentials_spec.rb
 - spec/deployment_patch_spec.rb
-- spec/git_remote_url_spec.rb
+- spec/git_credentials_provider_spec.rb
 - spec/helpers/dns_helper_spec.rb
-- spec/helpers/git_credentials_helper_spec.rb
+- spec/helpers/git_protocol_helper_spec.rb
 - spec/helpers/project_deployment_helper_spec.rb
 - spec/helpers/release_helper_spec.rb
-- spec/helpers/spiff_helper_spec.rb
 - spec/helpers/stemcell_helper_spec.rb
 - spec/manifest_builder_spec.rb
+- spec/merge_tool_spec.rb
 - spec/project_deployment_spec.rb
 - spec/release_spec.rb
+- spec/rugged_spec.rb
 - spec/schemas/credentials_spec.rb
 - spec/schemas/deployment_patch_spec.rb
 - spec/schemas/project_deployment_spec.rb
@@ -285,6 +302,7 @@ specification_version: 4
 summary: Manage your bosh workspace
 test_files:
 - spec/assets/bin/spiff
+- spec/assets/bin/spruce
 - spec/assets/dns/job-properties.yml
 - spec/assets/dns/jobs.yml
 - spec/assets/dns/networks-manual.yml
@@ -300,6 +318,7 @@ test_files:
 - spec/assets/manifests-repo/.manifests/foo.yml
 - spec/assets/manifests-repo/deployments/bar.yml
 - spec/assets/manifests-repo/deployments/foo.yml
+- spec/assets/manifests-repo/stubs/foo.yml
 - spec/assets/manifests-repo/templates/foo/bar.yml
 - spec/assets/submodule-boshrelease-repo.zip
 - spec/assets/supermodule-boshrelease-repo.zip
@@ -309,16 +328,17 @@ test_files:
 - spec/commands/project_deployment_spec.rb
 - spec/credentials_spec.rb
 - spec/deployment_patch_spec.rb
-- spec/git_remote_url_spec.rb
+- spec/git_credentials_provider_spec.rb
 - spec/helpers/dns_helper_spec.rb
-- spec/helpers/git_credentials_helper_spec.rb
+- spec/helpers/git_protocol_helper_spec.rb
 - spec/helpers/project_deployment_helper_spec.rb
 - spec/helpers/release_helper_spec.rb
-- spec/helpers/spiff_helper_spec.rb
 - spec/helpers/stemcell_helper_spec.rb
 - spec/manifest_builder_spec.rb
+- spec/merge_tool_spec.rb
 - spec/project_deployment_spec.rb
 - spec/release_spec.rb
+- spec/rugged_spec.rb
 - spec/schemas/credentials_spec.rb
 - spec/schemas/deployment_patch_spec.rb
 - spec/schemas/project_deployment_spec.rb

data/lib/bosh/workspace/helpers/git_credentials_helper.rb

@@ -1,111 +0,0 @@
-module Bosh::Workspace
-  module GitCredentialsHelper
-    REFSPEC = ['HEAD:refs/remotes/origin/HEAD']
-
-    def fetch_or_clone_repo(dir, url)
-      repo = File.exist?(File.join(dir, '.git')) ? open_repo(dir) : init_repo(dir, url)
-      fetch_and_checkout(repo)
-    end
-
-    def fetch_repo(dir)
-      fetch_and_checkout(open_repo(dir))
-    end
-
-    private
-
-    def fetch_and_checkout(repo)
-      url = repo.remotes['origin'].url
-      repo.fetch('origin', REFSPEC, connection_options_for(repo, url))
-      commit = repo.references['refs/remotes/origin/HEAD'].resolve.target_id
-      repo.checkout_tree commit, strategy: :force
-      repo.checkout commit, strategy: :force
-    end
-
-    def connection_options_for(repo, url)
-      return {} if check_connection(repo, url)
-      validate_url_protocol_support!(url)
-
-      options = { credentials: require_credentials_for(url) }
-      unless check_connection(repo, url, options)
-        say "Using credentials from: #{git_credentials_file}"
-        err "Invalid credentials for: #{url}"
-      end
-      options
-    end
-
-    def check_connection(repo, url, options = {})
-      repo.remotes.create_anonymous(url).check_connection(:fetch, options)
-    end
-
-    def init_repo(dir, url)
-      FileUtils.mkdir_p File.dirname(dir)
-      Rugged::Repository.init_at(dir).tap do |repo|
-        repo.remotes.create('origin', url)
-      end
-    end
-
-    def open_repo(dir)
-      Rugged::Repository.new(dir)
-    end
-
-    def git_credentials
-      @git_credentials ||= Credentials.new(git_credentials_file)
-    end
-
-    def require_credentials_for(url)
-      unless File.exist? git_credentials_file
-        say("Authentication is required for: #{url}".make_red)
-        err("Credentials file does not exist: #{git_credentials_file}".make_red)
-      end
-      unless git_credentials.valid?
-        say("Validation errors:".make_red)
-        git_credentials.errors.each { |error| say("- #{error}") }
-        err("'#{git_credentials_file}' is not valid".make_red)
-      end
-      if creds = git_credentials.find_by_url(url)
-        load_git_credentials(creds)
-      else
-        say("Credential look up failed in: #{git_credentials_file}")
-        err("No credentials found for: #{url}".make_red)
-      end
-    end
-
-    def validate_url_protocol_support!(url)
-      protocol = GitRemoteUrl.new(url).protocol
-      case protocol
-      when :git
-        err("Somthing is wrong, the git protocol does not support authentication")
-      when :https, :ssh
-        unless Rugged.features.include? protocol
-          say("Please reinstall Rugged gem with #{protocol} support: http://git.io/veiyJ")
-          err("Rugged requires #{protocol} support for: #{url}")
-        end
-      end
-    end
-
-    def git_credentials_file
-      File.join work_dir, '.credentials.yml'
-    end
-
-    def load_git_credentials(git_credentials)
-      case git_credentials.keys
-      when %i(private_key)
-        options = {
-          username: 'git',
-          privatekey: temp_key_file(git_credentials[:private_key])
-        }
-        Rugged::Credentials::SshKey.new(options)
-      when %i(username password)
-        Rugged::Credentials::UserPassword.new(git_credentials)
-      end
-    end
-
-    def temp_key_file(key)
-      file = Tempfile.new('sshkey')
-      file.write key
-      file.close
-      File.chmod(0600, file.path)
-      file.path
-    end
-  end
-end

data/lib/bosh/workspace/helpers/spiff_helper.rb

@@ -1,34 +0,0 @@
-module Bosh::Workspace
-  module SpiffHelper
-    include Bosh::Exec
-
-    def spiff_merge(templates, target_file)
-      spiff(:merge, templates) do |output|
-        File.open(target_file, 'w') { |file| file.write(output) }
-      end
-    end
-
-    private
-
-    def spiff(verb, params)
-      params.map!(&:shellescape)
-      cmd = ["spiff", verb.to_s] + params + ["2>&1"]
-      sh(cmd.join(" "), :yield => :on_false) do |result|
-        spiff_not_found if result.not_found?
-        spiff_failed(result.command, result.output) if result.failed?
-        yield result.output
-      end
-    end
-
-    def spiff_not_found
-      say("Can't find spiff in $PATH".make_red)
-      say("Go to spiff.cfapps.io for installation instructions")
-      err("Please make sure spiff is installed")
-    end
-
-    def spiff_failed(command, output)
-      say("Command failed: '#{command}'")
-      err(output)
-    end
-  end
-end

data/spec/helpers/git_credentials_helper_spec.rb

@@ -1,190 +0,0 @@
-module Bosh::Workspace
-  describe GitCredentialsHelper do
-    class GitCredentialsHelperTester
-      include Bosh::Workspace::GitCredentialsHelper
-
-      attr_reader :work_dir
-
-      def initialize(work_dir)
-        @work_dir = work_dir
-      end
-    end
-
-    let(:work_dir) { asset_dir("manifests-repo") }
-    let(:url) { "foo/bar.git" }
-    let(:dir) { File.join(work_dir, '.releases', 'foo') }
-    let(:repo) { instance_double 'Rugged::Repository' }
-    let(:remote) { instance_double 'Rugged::Remote', url: url }
-    let(:protocol) { :http }
-    let(:git_url) { instance_double 'GitRemoteURL', protocol: protocol }
-
-    before do
-      allow(Rugged::Repository).to receive(:new).with(dir).and_return(repo)
-      allow(File).to receive(:exist?).with(File.join(dir, '.git')).and_return(dir_exist)
-      allow(repo).to receive_message_chain("remotes.[]").and_return(remote)
-      allow(repo).to receive_message_chain("remotes.create_anonymous")
-        .with(url).and_return(remote)
-      allow(repo).to receive_message_chain("references.[].resolve.target_id")
-        .and_return(:commit_id)
-      allow(remote).to receive(:check_connection).with(:fetch, Hash)
-        .and_return(!auth_required, credentials_auth_valid)
-      allow(repo).to receive(:checkout_tree).with(:commit_id, strategy: :force)
-      allow(repo).to receive(:checkout).with(:commit_id, strategy: :force)
-      allow(GitRemoteUrl).to receive(:new).and_return(git_url)
-    end
-
-    def expect_no_credentials
-      expect(repo).to receive(:fetch).with('origin', Array, {})
-    end
-
-    let(:dir_exist) { true }
-    let(:auth_required) { false }
-    let(:credentials_auth_valid) { true }
-
-    describe "fetch_repo" do
-      subject do
-        GitCredentialsHelperTester.new(work_dir).fetch_repo(dir)
-      end
-
-      context "with existing repo" do
-        it do
-          expect_no_credentials
-          expect(repo).to receive("checkout_tree")
-          expect(repo).to receive("checkout")
-          subject
-        end
-      end
-    end
-
-    describe "fetch_or_clone_repo" do
-      subject do
-        GitCredentialsHelperTester.new(work_dir).fetch_or_clone_repo(dir, url)
-      end
-
-      context "with existing repo" do
-        it do
-          expect_no_credentials
-          expect(repo).to receive("checkout_tree")
-          expect(repo).to receive("checkout")
-          subject
-        end
-      end
-
-      context "repo does not yet exist" do
-        let(:dir_exist) { false }
-
-        it "initializes a new repository and sets up a remote" do
-          expect(Rugged::Repository).to receive(:init_at).with(dir)
-            .and_return(repo)
-          expect(repo).to receive_message_chain("remotes.create")
-            .with('origin', url)
-          expect_no_credentials
-          subject
-        end
-      end
-
-      context "repo requires authentication" do
-        let(:auth_required) { true }
-        let(:credentials_file_exist) { true }
-        let(:credentials_valid) { true }
-        let(:credentials) { instance_double "Bosh::Workspace::Credentials" }
-        let(:creds_hash) { {} }
-
-        def expect_credentials(credentials)
-          expect(repo).to receive(:fetch)
-            .with('origin', Array, credentials: credentials)
-        end
-
-        before do
-          allow(File).to receive(:exist?).with(/.credentials.yml/)
-            .and_return(credentials_file_exist)
-          allow(Bosh::Workspace::Credentials).to receive(:new)
-            .with(/.credentials.yml/).and_return(credentials)
-          allow(credentials).to receive(:valid?).and_return(credentials_valid)
-          allow(credentials).to receive(:find_by_url)
-            .with(url).and_return(creds_hash)
-        end
-
-        context "without supported protocol" do
-          before do
-            expect(Rugged).to receive(:features).and_return([])
-          end
-
-          let(:protocol) { :https }
-
-          it "raises" do
-            expect { subject }.to raise_error /rugged requires https/i
-          end
-        end
-
-        context "with git protocol" do
-          let(:protocol) { :git }
-
-          it "raises" do
-            expect { subject }.to raise_error /not support authentication/i
-          end
-        end
-
-        context "with sshkey" do
-          let(:creds_hash) { { private_key: "foobarkey" } }
-
-          it "uses a key" do
-            expect(Rugged::Credentials::SshKey).to receive(:new) do |args|
-              expect(IO.read(args[:privatekey])).to eq "foobarkey"
-              :ssh_credentials
-            end
-            expect_credentials :ssh_credentials
-            subject
-          end
-        end
-
-        context "with username/password" do
-          let(:creds_hash) { { username: "foo", password: "bar" } }
-
-          it "uses a username/password" do
-            expect(Rugged::Credentials::UserPassword).to receive(:new) do |args|
-              expect(args[:username]).to eq "foo"
-              expect(args[:password]).to eq "bar"
-              :user_pw_credentials
-            end
-            expect_credentials :user_pw_credentials
-            subject
-          end
-        end
-
-        context "with invalid credentials" do
-          let(:credentials_auth_valid) { false }
-
-          it "raises and error" do
-            expect { subject }.to raise_error /invalid credentials/i
-          end
-        end
-
-        context "without credentials file" do
-          let(:credentials_file_exist) { false }
-
-          it "raises and error" do
-            expect { subject }.to raise_error /credentials file does not exist/i
-          end
-        end
-
-        context "with invalid credentials file" do
-          let(:credentials_valid) { false }
-
-          it "raises and error" do
-            expect(credentials).to receive(:errors) { ["fooerror"] }
-            expect { subject }.to raise_error /not valid/
-          end
-        end
-
-        context "without credentials for given url" do
-          let(:creds_hash) { nil }
-
-          it "raises and error" do
-            expect { subject }.to raise_error /no credentials found/i
-          end
-        end
-      end
-    end
-  end
-end