capistrano-ext-projectdx 0.0.7 → 0.1.14

data/bin/deploy.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+#Must fetch to retrieve most recent tags
+
+if [ ! -d ${APP} ]; then
+  git clone "git@github.com:projectdx/${APP}.git"
+fi
+
+cd "${APP}"
+git fetch origin
+git checkout origin/accepted-work
+
+if [ -z "${DEPLOY_VERSION}" ]; then
+  bundle check || bundle install --deployment --without development
+  export DEPLOY_VERSION=`bundle exec cap -q "${STAGE}" deploy:show_revision | egrep '^[a-f0-9]{40}.?$' | sed 's/[^a-f0-9]*//g'`
+fi
+
+if [ -z "${DEPLOY_VERSION}" ]; then
+  export DEPLOY_VERSION=`git tag -l "${STAGE}/*" | egrep "^${STAGE}/[0-9]{4}-[0-9][0-9]-[0-9][0-9](\.[0-9]+)?" | sort -r | head -1`
+fi
+
+if [ -z "${DEPLOY_VERSION}" ]; then
+  echo "No deployable version found!"
+  EXIT=1
+else
+  echo "Deploying ${DEPLOY_VERSION} to ${STAGE}"
+  git checkout "${DEPLOY_VERSION}"
+
+  bundle check || bundle install --deployment --without development
+
+  ssh-agent > .agent
+  . .agent
+  ssh-add
+
+  bundle exec cap ${STAGE} deploy
+  EXIT=$?
+
+  ssh-agent -k
+fi
+  
+exit $EXIT

data/lib/capistrano/ext/projectdx/db.rb

@@ -0,0 +1,68 @@
+namespace :deploy do
+  def with_tempfile_on_remote_server(&block)
+    tempfile_name = capture('mktemp -t preparedb.XXXXXXXX').strip
+
+    yield tempfile_name
+  ensure
+    run "rm #{tempfile_name}"
+  end
+
+  def db_connection
+    fetch(:db_connection, {})
+  end
+
+  def dbinfo
+    @dbinfo ||= db_defaults.merge(db_connection)
+    @dbinfo['database'] ||= '%s-%s' % [db_name, stage]
+    @dbinfo
+  end
+
+  def run_with_password(cmd, pwd)
+    once = false
+    run cmd do |ch, stream, data|
+      $stdout.write(data)
+      unless once
+        ch.send_data pwd + "\n"
+        $stdout.write('[not shown]')
+        once = true
+      end
+    end
+  end
+
+  namespace :db do
+    desc "Regenerate deployment database.yml"
+    task :copy_database_yml do
+      put({ rails_env => dbinfo }.to_yaml, "#{release_path}/config/database.yml")
+    end
+
+    desc "Drop and recreate stage DB"
+    task :create do
+      raise "Don't do this on production" if stage == 'production'
+      raise "Your database name #{dbinfo['database']} looks wrong" unless dbinfo['database'] =~ /^[\w-]+-#{stage}$/
+
+      with_tempfile_on_remote_server do |tf|
+        referencedb = "%s-reference" % db_name
+
+        popt = [['host', 'h'], ['username', 'U'], ['port', 'p']].
+          select { |key, flag| dbinfo[key] }.
+          map { |key, flag| '-%s "%s"' % [flag, dbinfo[key]] } * ' ' +
+          ' -W'
+
+        sql = <<-SQL % [referencedb, dbinfo['database'], dbinfo['database']]
+         select killusers('%s','%s');
+         drop database "%s";
+        SQL
+        put sql, tf
+
+        run_with_password %{psql postgres #{popt} -a -f #{tf} 2>&1}, dbinfo['password']
+        run_with_password %{createdb "#{dbinfo['database']}" #{popt} -T "#{referencedb}" 2>&1}, dbinfo['password']
+      end 
+    end 
+
+    task :create_hook do
+    end
+  end
+end
+
+after  'deploy:update_code', 'deploy:db:copy_database_yml'
+before 'deploy:migrate', 'deploy:db:create_hook'

data/lib/capistrano/ext/projectdx/git_branch.rb

@@ -1,61 +1,71 @@
-Capistrano::Configuration.instance.load do
-  def changed_in_git(filename)
-    `git diff --name-only`.grep(/^#{filename}$/).length > 0 ? true : false
+namespace :deploy do
+  desc "Return SHA-1 commit ID of deployed branch"
+  task :show_revision do
+    puts capture("cat #{deploy_to}/current/REVISION")
   end
 
-  def commit_of_rev(branch)
-    x=`git rev-parse --revs-only #{branch}`.chomp
-    return nil if x.empty?
-    return x
-  end
+  desc "Determine commit to use (may default to HEAD)."
+  task :get_revision do
+    def stage
+      variables[:stage] && variables[:stage].to_s
+    end
 
-  def commit_in_remote_branch?(commit,branch)
-    return false if commit.nil?
-    if  %x{git branch -r --contains #{commit}}.grep(/^\s*origin\/#{branch}/).empty?
-        puts ""
-        puts "no rev matches #{commit} in the remote #{branch} branch(es)"
-        return false
+    def changed_in_git(filename)
+      `git diff --name-only`.grep(/^#{filename}$/).length > 0 ? true : false
     end
-    true
-  end
 
-  def valid_commit?(commit)
-    return false if commit.nil?
-    if branch_stages.include? stage.to_s
-      return false unless commit_in_remote_branch?(commit,fetch(:deploy_branch, stage.to_s))
+    def commit_of_rev(branch)
+      x=`git rev-parse --revs-only #{branch}`.chomp
+      return nil if x.empty?
+      return x
     end
-    return true
-  end
 
-  # returns the actual branch name, if it exists.  nil if it does not
-  def remote_branch_name(branch)
-    return nil if branch.nil?
-    rem_branch = `git branch -r`.grep(/^\s*origin\/(v|)#{branch}$/)[0]
-    return nil if rem_branch.nil?
-    return rem_branch.sub(/^\s*origin\//, '').chomp
-  end
+    def commit_in_remote_branch?(commit,branch)
+      return false if commit.nil?
+      if  %x{git branch -r --contains #{commit}}.grep(/^\s*origin\/#{branch}/).empty?
+          puts ""
+          puts "no rev matches #{commit} in the remote #{branch} branch(es)"
+          return false
+      end
+      true
+    end
+
+    def valid_commit?(commit)
+      return false if commit.nil?
+      if branch_stages.include? stage.to_s
+        return false unless commit_in_remote_branch?(commit,fetch(:deploy_branch, stage.to_s))
+      end
+      return true
+    end
 
-  release = nil;
-  set :release_number do
-    commit=nil;
-    release=ENV[ 'DEPLOY_VERSION' ] if ENV[ 'DEPLOY_VERSION' ]
-    release=ENV['BUILD_VCS_NUMBER'][0,12] if ENV['BUILD_VCS_NUMBER']
-    if release.nil? && !branch_stages.include?(stage.to_s)
-      release='master'
+    # returns the actual branch name, if it exists.  nil if it does not
+    def remote_branch_name(branch)
+      return nil if branch.nil?
+      rem_branch = `git branch -r`.grep(/^\s*origin\/(v|)#{branch}$/)[0]
+      return nil if rem_branch.nil?
+      return rem_branch.sub(/^\s*origin\//, '').chomp
     end
-    commit = commit_of_rev(release)
-    while not valid_commit?(commit) do
-      release=Capistrano::CLI.ui.ask( 'Enter release number to deploy: ' )
-      commit=commit_of_rev(release)
+
+    set :revision, begin
+      deploy_version = ENV[ 'DEPLOY_VERSION' ]
+      deploy_version ||= 'HEAD' unless branch_stages.include?(stage.to_s)
+      
+      commit = commit_of_rev(deploy_version)
+      until valid_commit?(commit) do
+        deploy_version=Capistrano::CLI.ui.ask( 'Enter release number to deploy: ' )
+        commit = commit_of_rev(deploy_version)
+      end
+      commit
     end
-    commit
-  end
 
-  set :branch do
-    release_number
-  end
+    set :branch do
+      revision
+    end
 
-  set :release_commit do
-    branch
+    set :release_commit do
+      branch
+    end
   end
 end
+
+before 'deploy:update', 'deploy:get_revision'

data/lib/capistrano/ext/projectdx/misc.rb

@@ -3,15 +3,24 @@ namespace :misc do
   task :send_success, :on_error => :continue do
     t=end_time
     time_msg=t.nil? ? '' : " in #{t} minutes"
-    send_to_campfire("#{Etc.getpwnam(Etc.getlogin)['gecos'].split.first} tried to deploy branch #{branch} to #{stage}. It succeeded#{time_msg}!  :D")
+    puts "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+    puts ""
+    puts "%s deployed branch #{branch} to #{stage}. It succeeded#{time_msg}!  :D" % Etc.getpwnam(Etc.getlogin)['gecos'].split.first
+    puts ""
+    puts "SUCCESS SUCCESS SUCCESS SUCCESS SUCCESS"
   end
 
   desc "[internal] send notifications in case the deploy fails"
-  task :rollback_notification, :on_error => :continue do
+  task :setup_rollback_notification, :on_error => :continue do
     on_rollback {
       t=end_time
       time_msg=t.nil? ? '' : " after #{t} minutes"
-      send_to_campfire("#{Etc.getpwnam(Etc.getlogin)['gecos'].split.first} tried to deploy branch #{branch} to #{stage}. It failed#{time_msg}.  :.(")
+
+      puts "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+      puts ""
+      puts "%s tried to deploy branch #{branch} to #{stage}. It failed#{time_msg}!  8{" % Etc.getpwnam(Etc.getlogin)['gecos'].split.first
+      puts ""
+      puts "FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL"
     }
   end
 end
@@ -27,9 +36,11 @@ end
     before "deploy:migrate", "deploy:tables"
   end
   
-  namespace :rake do
-    desc "Allow running of remote rake tasks"
-    task :invoke do
-      run "cd #{deploy_to}/current && rake #{ENV['task']} RAILS_ENV=#{rails_env}"
-    end
+  desc "Allow running of remote rake tasks"
+  task :rake_invoke do
+    run "cd #{deploy_to}/current && rake #{ENV['task']} RAILS_ENV=#{rails_env}"
   end
+
+
+before 'deploy', 'misc:setup_rollback_notification'
+after 'deploy', 'misc:send_success'

data/lib/capistrano/ext/projectdx/projectdx.rb

@@ -1,5 +1,28 @@
 Capistrano::Configuration.instance.load do
+  def to_minutes(seconds)
+    m = (seconds/60).floor
+    s = (seconds - (m * 60)).round
+    # add leading zero to one-digit minute
+    if m < 10
+      m = "0#{m}"
+    end
+    # add leading zero to one-digit second
+    if s < 10
+      s = "0#{s}"
+    end
+    # return formatted time
+    return "#{m}:#{s}"
+  end
+
   namespace :deploy do
+    desc "install database.yml, and other things "
+    task :local_config do
+      run "mkdir -p #{shared_path}/cache"
+      run "/bin/ln -nsf  #{release_path}/../../shared/cache #{release_path}/public/cache"
+    end
+
+    after "deploy:symlink", "deploy:local_config"
+
     desc "update selinux context"
     task :selinux do
       run %Q{if [ -d #{release_path} ]; then 
@@ -15,28 +38,13 @@ Capistrano::Configuration.instance.load do
       }
     end
 
-    desc "install database.yml, and other things "
-    task :local_config do
-      run "cp #{release_path}/config/database.deploy.yml #{release_path}/config/database.yml"
-      case stage
-      when :alpha
-        run "rsync -a #{release_path}/features/ #{release_path}/public/features/"
-        run %Q{ /bin/ls -1 #{release_path}/public/features/ |  /bin/awk -v dq='"' 'BEGIN{print "<!DOCTYPE HTML PUBLIC " dq "-//W3C//DTD HTML 4.01//EN" dq "\n" dq "http://www.w3.org/TR/html4/strict.dtd"dq">\n<body><table>"} /feature$/ {print "<tr><td><a href="dq $1 dq ">" $1 "</a></td></tr>"} END{print "</table></body>"}' > #{release_path}/public/features/index.html}
-      end
-      run "mkdir -p #{shared_path}/cache"
-      run "/bin/ln -nsf  #{release_path}/../../shared/cache #{release_path}/public/cache"
-      #run "/bin/ln -nsf #{release_path}  #{release_path}/../latest"
-      #run "/bin/ln -nsf #{shared_path}/config/database.yml #{release_path}/config/database.yml"
-    end
-
     desc "Write Version file on server"
     task :write_version_file, :roles => :web do
       output=%Q{
       <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
       "http://www.w3.org/TR/html4/strict.dtd">
       <body>
-      <p>Release Branch: #{release_number}</p>
-      <p>Release Commit: #{release_commit}</p>
+      <p>Release Commit: #{revision}</p>
       <p>Deployed on: #{Time.now.strftime('%m/%d/%Y at %H:%M %Z')}</p>
       </body>
       }
@@ -57,7 +65,7 @@ Capistrano::Configuration.instance.load do
       run "cd #{deploy_to}/shared/cached-copy  && git clean -dxf vendor"
     end
 
-    before "deploy:update_code", "deploy:cleanup_vendor"
+    after "deploy:update_code", "deploy:cleanup_vendor"
     before "deploy:rollback:revision", "deploy:rollback_migrations"
 
     desc "Rolls back database to migration level of the previously deployed release"

data/lib/capistrano/ext/projectdx/time.rb

@@ -27,3 +27,6 @@ namespace :time do
      end
    end
 end
+
+after 'multistage:ensure', 'time:begin'
+after 'deploy', 'time:finish'

data/lib/capistrano/ext/projectdx/web.rb

@@ -32,8 +32,10 @@ namespace :deploy do
       result = ERB.new(template).result(binding)
       maint_files.each do |file|
         dir=File.dirname(file)
-        put result, "/tmp/disable_cap", :mode => 0644
-        run "if [ -d #{dir} -a \! -e #{file} ]; then mv /tmp/disable_cap #{file}; fi"
+        tmpfile=%x{mktemp -u /tmp/capXXXXXXXX} # this seems like the quickest way to just get a name.
+        tmpfile.chomp!
+        put result, tmpfile, :mode => 0644
+        run "if [ -d #{dir} -a \! -e #{file} ]; then mv #{tmpfile} #{file}; fi"
         run "chcon -t httpd_sys_content_t  #{file}; true" # we ignore this since some hosts have home on nfs
       end
     end

data/lib/capistrano/ext/projectdx.rb

@@ -1,18 +1,14 @@
 require 'capistrano'
 Capistrano::Configuration.instance.load do
-load_paths << File.dirname(__FILE__)+'/projectdx'
-  def to_minutes(seconds)
-    m = (seconds/60).floor
-    s = (seconds - (m * 60)).round
-    # add leading zero to one-digit minute
-    if m < 10
-      m = "0#{m}"
-    end
-    # add leading zero to one-digit second
-    if s < 10
-      s = "0#{s}"
-    end
-    # return formatted time
-    return "#{m}:#{s}"
-  end
+  load_paths << File.expand_path(File.dirname(__FILE__))
+
+  load 'projectdx/projectdx.rb'
+  load 'projectdx/git_branch.rb'
+  load 'projectdx/misc.rb'
+  load 'projectdx/time.rb'
+  load 'projectdx/web.rb'
+  load 'projectdx/passenger.rb'
+  load 'projectdx/docs.rb'
+  load 'projectdx/cache.rb'
+  load 'projectdx/db.rb'
 end

data/lib/capistrano-ext-projectdx.rb

@@ -0,0 +1 @@
+require File.dirname(__FILE__) + '/database_operations'

data/lib/database_operations.rb

@@ -0,0 +1,68 @@
+require 'open3'
+require 'tempfile'
+class DatabaseOperations
+  def self.pg(cfg, cmd)
+    ENV['PGPASSWORD'] = cfg["password"]
+
+    args = []
+    args << %{-h "#{cfg["host"]}"}     if cfg["host"]
+    args << %{-U "#{cfg["username"]}"} if cfg["username"]
+    args << %{-p "#{cfg["port"]}"}     if cfg["port"]
+    args << %{-w}
+
+    %x{#{cmd} #{args.join(' ')} "#{cfg['database']}"}
+  ensure
+    ENV.delete('PGPASSWORD')
+  end
+
+  def self.load_database_schema!(cfg, file)
+    pg(cfg, 'createdb') unless pg(cfg, "psql -l") =~ /^ #{cfg['database']}\s*\|/m
+
+    Tempfile.open('initdb') do |f|
+      f.puts "set client_min_messages=error;"
+      f.puts "drop schema if exists public cascade;"
+      f.puts "create schema public;"
+      f.puts "drop schema if exists tiger cascade;"
+
+      f.puts "drop language if exists plpgsql cascade;"
+      f.puts "create language plpgsql;"
+      f.flush
+      pg(cfg, "psql -f #{f.path}")
+    end
+
+    pg cfg, %{psql -f "#{file}"}
+  end
+
+  def self.dump_database_schema!(cfg, file)
+    search_path = cfg["schema_search_path"]
+    search_path = search_path.split(',').map{|x| "--schema=#{x}"}.join(' ') if search_path
+
+    File.open(Rails.root.join(file), "w") { |f|
+      f.puts "begin;"
+      f.write pg(cfg, %{pg_dump    -n tiger}).gsub('CREATE FUNCTION', 'CREATE OR REPLACE FUNCTION').lines.reject { |l| l =~ /soundex/ } * ""
+      f.write pg(cfg, %{pg_dump -s -n public}).gsub('CREATE FUNCTION', 'CREATE OR REPLACE FUNCTION')
+      f.write pg(cfg, %{pg_dump -a -t spatial_ref_sys})
+      f.write pg(cfg, %{pg_dump -a -t schema_migrations})
+      f.puts "commit;"
+    }
+  end
+
+  def self.load_views_and_triggers!
+    cfg = ActiveRecord::Base.configurations[Rails.env]
+    unless pg(cfg, "createlang -l") =~ /plpgsql/
+      pg(cfg, "createlang plpgsql")
+    end
+
+    output = nil 
+
+    Tempfile.open('load_views') do |temp|
+
+      Dir.glob(Rails.root.join('lib', 'sql_erb', '[0-9]*.sql.erb')).sort_by { |f| ('0.%s' % File.split(f).last.gsub(/\D.*/,'')).to_f }.each do |fpath|
+        temp.puts File.open(fpath){|io| ERB.new(io.read).result }
+      end 
+      temp.flush
+      output = pg cfg, %{psql --single-transaction -f #{temp.path} }
+    end 
+    output
+  end 
+end

data/lib/projectdx/tasks.rb

@@ -0,0 +1,87 @@
+def copy(src,dst)
+ %x{if [ -e #{dst} ]; then mv #{dst} #{dst}.bak; fi; cp #{src} #{dst}}
+end
+
+require File.dirname(__FILE__) + '/../database_operations'
+
+namespace :ci do
+  task :setup => 'setup:default'
+
+  namespace :setup do
+    task :default => [:copy_config, :clone_structure]
+
+    task :cucumber => [:copy_config, :clean_logdir, :clean_cache, :default]
+
+    task :clone_structure do
+      abcs = YAML.load_file('config/database.yml') 
+      DatabaseOperations.dump_database_schema!(abcs['reference'], 'db/ci_structure.sql')
+      DatabaseOperations.load_database_schema!(abcs['test'], 'db/ci_structure.sql')
+      puts %x{env RAILS_ENV=test rake db:migrate}
+      DatabaseOperations.dump_database_schema!(abcs['test'], 'db/ci_structure.sql')
+    end
+
+    task :copy_config do
+      ci = YAML.load_file('config/database.ci.yml')
+      ci['login']['database'] = '%s-ci-%s' % [ci['login']['application'], %x{hostname}.strip.split('.').first]
+      login = ci.delete('login')
+      ref = '%s-reference' % login['application']
+      environments = login.delete('environments')
+
+      ci['reference'] = login.clone
+      ci['reference']['database'] = ref
+      ci['development'] = login.clone
+      
+      environments.each do |e|
+        ci[e] = login.clone
+      end
+
+      File.rename("config/database.yml", "config/database.yml.bak") if File.exists?("config/database.yml")
+  
+      File.open('config/database.yml', 'w') do |f| 
+        f.write(ci.to_yaml);
+      end
+
+      if File.exists?("config/cms_config.deploy.yml")
+        File.rename("config/cms_config.yml", "config/cms_config.yml.bak") if File.exists?("config/cms_config.yml")
+        copy 'config/cms_config.deploy.yml', 'config/cms_config.yml'
+      end
+    end
+    
+    task :clean_cache do
+      `rm -f public/javascripts/cache_*.js`
+    end
+
+    task :clean_logdir do
+      `for f in log/* tmp/*; do if [ -f $f ]; then rm $f ; fi; done`
+    end
+  end
+end
+
+namespace :db do
+  Rake::Task['db:structure:dump'].clear_actions()
+  namespace :structure do
+    desc "Dump the database structure to a SQL file"
+    task :dump => :environment do
+      if File.exists?('db/ci_structure.sql')
+        STDERR.puts "CI environment detected: not dumping schema"
+      else 
+        abcs = ActiveRecord::Base.configurations
+        DatabaseOperations.dump_database_schema!(abcs['development'], 'db/development_structure.sql')
+      end 
+    end 
+  end 
+
+  Rake::Task['db:test:clone_structure'].clear_actions()
+  namespace :test do
+    desc "Recreate the test databases from the development structure"
+    task :clone_structure => [ "db:structure:dump", "db:test:purge"] do
+      abcs = ActiveRecord::Base.configurations
+      if File.exists?('db/ci_structure.sql')
+        STDERR.puts "CI environment detected"
+        DatabaseOperations.load_database_schema!(abcs['test'], 'db/ci_structure.sql')
+      else
+        DatabaseOperations.load_database_schema!(abcs['test'], 'db/development_structure.sql')
+      end
+    end
+  end
+end

data/lib/rf_filtering.rb

@@ -0,0 +1,64 @@
+# Include this from application.rb and call rf_param_filtering() with a 
+# whitelist and a blacklist set of params, as below.  Blacklisted parameters 
+# are filtered first by Rails, and any other parameters not in the whitelist 
+# are filtered by this code.
+#
+## application.rb: 
+#
+# require 'rf_filtering'
+# ...
+# class Application < Rails::Application
+#   ...
+#   include RFFiltering
+#   RFFiltering.UnfilteredEnvironments << 'unfiltered_environment'
+#   rf_param_filtering(
+#     :blacklist => %w[password card_number card_number],
+#     :whitelist => %w[brochure_nickname id])
+#
+
+module RFFiltering
+  extend ActiveSupport::Concern
+  
+  UnfilteredEnvironments = ['development']
+  FilteredReplacement = '[+++]'
+
+  included do
+    # this space intentionally left blank
+  end
+  
+  module ClassMethods
+    attr_reader :rf_filtering_blacklist, :rf_filtering_whitelist
+    
+    # Leaving this exposed for mockability
+    def should_filter_params?
+      # there are not a few non-positives in this code.
+      !UnfilteredEnvironments.include?(Rails.env)
+    end
+    
+    protected
+    def rf_param_filtering(options = {})
+      @rf_filtering_blacklist = (options[:blacklist] || []).map(&:to_s)
+      @rf_filtering_whitelist = (options[:whitelist] || []).map(&:to_s).to_set
+
+      config.filter_parameters += rf_filtering_blacklist
+      config.filter_parameters << rf_whitelist_filter_proc
+    end
+
+    def rf_whitelist_filter_proc
+      lambda do |k,v|
+        next unless should_filter_params?
+        next unless v.present?
+        next unless v.respond_to?(:to_str) && v.respond_to?(:replace)
+        next if param_filter_white_list.include?(k.to_s)
+        v.replace FilteredReplacement
+      end
+    end
+  end
+  
+  module InstanceMethods
+    # Leaving this exposed for mockability
+    def param_filter_white_list
+      self.class.rf_filtering_whitelist
+    end
+  end
+end

data/lib/sql_obfuscator.rb

@@ -0,0 +1,74 @@
+# Include this with an initializer similar to the one below.
+#
+# whitelisted_fields = %w[
+#   cached_cms_responses.filename
+#   cached_cms_responses.site
+#   customers.hostname
+#   sessions.session_id
+# ]
+# whitelisted_fields.each { |field| SqlObfuscator.whitelist(field) }
+# 
+# SqlObfuscator.dont_obfuscate_table_and_field do |table, field|
+#   %w[created_at updated_at nickname].include?(field)
+# end
+# 
+# NewRelic::Agent.set_sql_obfuscator(:replace) do |sql|
+#   SqlObfuscator.obfuscate(sql)
+# end
+#
+
+
+module SqlObfuscator
+  module_function
+
+  # Provide a facility for whitelisting certain fields
+  WhitelistHash = Hash.new(false)
+  def whitelist(field_expression)
+    WhitelistHash[field_expression] = true
+  end
+  def whitelisted?(field_expression)
+    WhitelistHash[field_expression]
+  end
+
+  DontObfuscateProcs = []
+  # Provides a facility for *not* obfuscating if the field meets some arbitrary criteria.
+  # Takes blocks, calls them on expressions for which a table and field can be found.
+  # Blocks should take two arguments, table and field, and return TRUE if the value should NOT be obfuscated.
+  def dont_obfuscate_table_and_field(&proc)
+    DontObfuscateProcs << proc
+  end
+
+  # Should match:
+  #   f_table_name = 'sensitive data'
+  #   "some_table"."some_field" = 'sensitive data'
+  #   "some_table"."some_field" somehow_matches 'sensitive data'
+  # ...but see also test/unit/lib/sql_obfuscator_unit_test.rb
+  ComparisonExpression = /(?:("\w+"\."\w+")([^"']+)?)?'([^'\\]*((?:\\.|'')[^'\\]+)*)'/
+
+  # Actually do the obfuscation
+  def obfuscate(sql)
+    sql.gsub(ComparisonExpression) do |match|
+      field_expression, comparison, sensitive_data = $1, $2, $3
+
+      # Obfuscate by default
+      obfuscated_sql = [field_expression, comparison, obfuscate_value(sensitive_data)].compact.join
+
+      # Don't obfuscate if we have a field expression that's on the whitelist or is on a 'nickname' field
+      if field_expression.present?
+        table_name, field_name = field_expression.to_s.gsub('"', '').split('.')
+        case
+        when whitelisted?('%s.%s' % [table_name, field_name])
+          obfuscated_sql = match
+        when DontObfuscateProcs.any? { |proc| proc.call(table_name, field_name) }
+          obfuscated_sql = match
+        end
+      end
+
+      obfuscated_sql
+    end
+  end
+
+  def obfuscate_value(value)
+    "'%s'" % Digest::MD5.hexdigest("%d:%s" % [value.to_s.length, value.to_s])
+  end
+end

metadata

@@ -1,27 +1,33 @@
 --- !ruby/object:Gem::Specification 
 name: capistrano-ext-projectdx
 version: !ruby/object:Gem::Version 
-  hash: 17
+  hash: 7
   prerelease: false
   segments: 
   - 0
-  - 0
-  - 7
-  version: 0.0.7
+  - 1
+  - 14
+  version: 0.1.14
 platform: ruby
 authors: 
 - Darrell Fuhriman
+- Joel Hoffman
+- Sam Livingston-Gray
+- Laurie Kemmerer
 autorequire: 
 bindir: bin
 cert_chain: []
 
-date: 2011-05-06 00:00:00 -07:00
+date: 2011-12-09 00:00:00 -08:00
 default_executable: 
 dependencies: []
 
 description: Local extensions to capistrano, which others may find useful
 email: 
 - darrell@renewfund.com
+- joel@renewfund.com
+- sam@renewfund.com
+- laurie@renewfund.com
 executables: []
 
 extensions: []
@@ -29,9 +35,9 @@ extensions: []
 extra_rdoc_files: []
 
 files: 
-- lib/capistrano/ext/projectdx/all.rb
+- bin/deploy.sh
 - lib/capistrano/ext/projectdx/cache.rb
-- lib/capistrano/ext/projectdx/campfire.rb
+- lib/capistrano/ext/projectdx/db.rb
 - lib/capistrano/ext/projectdx/docs.rb
 - lib/capistrano/ext/projectdx/git_branch.rb
 - lib/capistrano/ext/projectdx/misc.rb
@@ -40,6 +46,11 @@ files:
 - lib/capistrano/ext/projectdx/time.rb
 - lib/capistrano/ext/projectdx/web.rb
 - lib/capistrano/ext/projectdx.rb
+- lib/capistrano-ext-projectdx.rb
+- lib/database_operations.rb
+- lib/projectdx/tasks.rb
+- lib/rf_filtering.rb
+- lib/sql_obfuscator.rb
 has_rdoc: true
 homepage: http://github.com/projectdx/capistrano-ext-projectdx
 licenses: []

data/lib/capistrano/ext/projectdx/all.rb

@@ -1,14 +0,0 @@
-# we have to call this something else so
-# we do not keep loading this file over and over
-Capistrano::Configuration.instance.load do
-  load_paths << File.dirname(__FILE__)
-  load('projectdx.rb')
-  load('campfire.rb')
-  load('git_branch.rb')
-  load('misc.rb')
-  load('time.rb')
-  load('web.rb')
-  load('passenger.rb')
-  load('docs.rb')
-  load('cache.rb')
-end

data/lib/capistrano/ext/projectdx/campfire.rb

@@ -1,62 +0,0 @@
-namespace :misc do
-  
-  def send_to_campfire(message)
-    campfire_host=fetch(:campfire_host,'')
-    return nil if campfire_host.empty?
-    begin
-      gem 'tinder'
-    rescue Gem::LoadError
-      puts "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
-      puts ""
-      puts "not notifying because tinder not installed. Message is: '#{message}'"
-      puts ""
-      puts "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
-      return
-    end
-    require 'tinder'
-    # for some reason, ssl isn't working.
-    begin
-      campfire = Tinder::Campfire.new(campfire_host, :ssl => true)
-      campfire.login(campfire_login, campfire_password)
-    rescue => e
-      puts "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
-      puts ""
-      puts "Unable to login to campfire. Error is: '#{e}'"
-      puts "login: #{campfire_host}, #{campfire_login}, #{campfire_password}"
-      puts ""
-      puts "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
-      return
-    end
-    begin
-      room = campfire.find_room_by_name(campfire_room)
-    rescue => e
-      logger.error("Trouble initalizing campfire room #{campfire_room}")
-      return
-    end
-    begin
-      room.speak(message)
-    rescue => e
-      puts "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
-      puts ""
-      puts "Unable to send message to campfire. Message is: '#{message}'"
-      puts ""
-      puts "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
-      return
-    end
-  end
-  desc "[internal] Send campfire notifications on success"
-  task :send_success, :on_error => :continue do
-    t=end_time
-    time_msg=t.nil? ? '' : " in #{t} minutes"
-    send_to_campfire("#{Etc.getpwnam(Etc.getlogin)['gecos'].split.first} tried to deploy branch #{branch} to #{stage}. It succeeded#{time_msg}!  :D")
-  end
-
-  desc "[internal] send notifications in case the deploy fails"
-  task :rollback_notification, :on_error => :continue do
-    on_rollback {
-      t=end_time
-      time_msg=t.nil? ? '' : " after #{t} minutes"
-      send_to_campfire("#{Etc.getpwnam(Etc.getlogin)['gecos'].split.first} tried to deploy branch #{branch} to #{stage}. It failed#{time_msg}.  :.(")
-    }
-  end
-end