capistrano-ext-superusers 0.2.0 → 0.3.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: e126ff631b7eabbf7b7c701110997f97914bb617
4
- data.tar.gz: 5be909d886dbe9264909788ff944b67d2560910d
3
+ metadata.gz: e1cab0c735883f7f277943a7f27a37e5ce8b955a
4
+ data.tar.gz: 0cd390a64b985483982053edc02517828cc191e8
5
5
  SHA512:
6
- metadata.gz: 2a3eb655d5529855625c50a4858afc630a291a2f9abb20116cc7a08848612953dcf93cf9c7f597d83be17be0286852f68b02aba7ec9270953b3cc2fe5f02c64f
7
- data.tar.gz: 4a1a09c77998d56e9c5599df607f1d9997341f3eb77e75b5cc4b2c575c8d86a0349c175e311b09625e58a9f1bce84ff06be456753eccb8aaeea133a54b6eb614
6
+ metadata.gz: 9693dccf32d7e9a8caf7945a1b5822d5c369660a3e5629cb4b6a058801dbe2249f7e369539dfe103e990a3d0c13513e1ac56d668c3169bb8da705d65165a0c3e
7
+ data.tar.gz: 5fefdee5527f610b9ce75d5661644038dea0f7a01d35fa8ce11c6ca99976f9bfec7ac85f7f053875bc3463566ee4fcfa2c6192d5e51a9d83f385a8112c22152d
data/README.md ADDED
@@ -0,0 +1,59 @@
1
+ Capistrano::Ext::Superusers
2
+ ==
3
+
4
+ A simple rubygem to help run commands and environments as a named user to a common deploy user
5
+
6
+ Rationale
7
+ --
8
+
9
+ Its pretty common to want to have named access to a server but to be able to automate running and connecting as a shared/common user. And to not over engineer groups and ACLs
10
+
11
+ Config
12
+ --
13
+
14
+ ```ruby
15
+ set :owner, 'common_user' # Defaults to 'nobody'
16
+ set :user_sudo, '/path/to/script' # Defaults to "sudo -u #{owner} -i"
17
+ set :ssh_forward, '/path/to/script' # Defaults to "setfacl -m #{owner}:rx $(dirname $SSH_AUTH_SOCK) && setfacl -m #{owner}:rwx $SSH_AUTH_SOCK")"
18
+ ```
19
+
20
+ I don't get it....
21
+ --
22
+
23
+ Consider the simple bundler sort of task as per:
24
+
25
+ ```ruby
26
+ namespace :deploy do
27
+ task :bundle do
28
+ run "cd #{current_path} && bundle install --deployment --binstubs --without test cucumber development ruby-debug"
29
+ end
30
+ end
31
+ ```
32
+
33
+ We could prepend the sudo command (as above) and do:
34
+
35
+ ```ruby
36
+ run "sudo -u nobody -i cd #{current_path} && bundle install --deployment --binstubs --without test cucumber development ruby-debug"
37
+ ```
38
+
39
+ But this will change the dir as 'nobody' then drop back to the deploy user. We could then do, instead;
40
+
41
+ ```ruby
42
+ run "sudo -u nobody -i bash -c 'cd #{current_path} && bundle install --deployment --binstubs --without test cucumber development ruby-debug'"
43
+ ```
44
+
45
+ Or; more betterly:
46
+
47
+ ```ruby
48
+ run "sudo -u nobody -i #{default_shell} -c 'cd #{current_path} && bundle install --deployment --binstubs --without test cucumber development ruby-debug'"
49
+ ```
50
+
51
+ Which has already lost DRY points.
52
+
53
+ But what, then, if the Gemfile has gems pointing to git repos we need a key for? We would then need to do two things; add `$SSH_AUTH_SOCK` to env_keep in our sudoers file and then give the `:owner` access to this to. We could extend further without this gem and chain out a massive:
54
+
55
+ ```ruby
56
+ run "#{update_perms_on_key} && sudo -u nobody -i #{default_shell} -c 'cd #{current_path} && bundle install --deployment --binstubs --without test cucumber development ruby-debug'"
57
+ ```
58
+
59
+ And, because every new session creates another of these and Capistrano is a tad wasteful we'd end up needing to do this for every `run`.
@@ -0,0 +1,23 @@
1
+ $:.push File.expand_path("../lib", __FILE__)
2
+
3
+ Gem::Specification.new do |spec|
4
+ spec.name = 'capistrano-ext-superusers'
5
+ spec.version = '0.3.1'
6
+ spec.platform = Gem::Platform::RUBY
7
+ spec.authors = ['Funding Circle Engineering']
8
+ spec.email = ['engineering+capistrano-ext-superusers@fundingcircle.com']
9
+ spec.summary = 'Run Capistrano commands as a superuser'
10
+ spec.description = 'Capistrano extension to run commands as an unprivileged user in a sensible manner'
11
+ spec.homepage = 'https://github.com/FundingCircle/capistrano-ext-superusers'
12
+ spec.license = 'BSD-3-Clause'
13
+
14
+ spec.files = `git ls-files -z -- ./* ':(exclude)spec/*'`.split("\x0")
15
+
16
+ spec.add_dependency 'capistrano', '>=2.11.0'
17
+ spec.add_dependency 'capistrano-ext'
18
+
19
+ spec.add_development_dependency 'rspec'
20
+ spec.add_development_dependency 'capistrano-spec'
21
+
22
+ spec.require_path = 'lib'
23
+ end
@@ -0,0 +1,14 @@
1
+ require 'capistrano'
2
+ Capistrano::Configuration.class_eval do
3
+ def superuser cmd, options={}
4
+ owner = fetch(:owner, 'nobody')
5
+
6
+ user_sudo = fetch(:user_sudo, "sudo -u #{owner} -i")
7
+ ssh_forward = fetch(:ssh_forward, "setfacl -m #{owner}:rwx $(dirname $SSH_AUTH_SOCK) && setfacl -m #{owner}:rwx $SSH_AUTH_SOCK")
8
+ shell = fetch(:user_shell, :default_shell)
9
+
10
+ cmd.gsub! "\n", ""
11
+
12
+ run "#{ssh_forward} && #{user_sudo} #{shell} -c '#{cmd}'", options
13
+ end
14
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: capistrano-ext-superusers
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.3.1
5
5
  platform: ruby
6
6
  authors:
7
- - Funding Circle
7
+ - Funding Circle Engineering
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-06-13 00:00:00.000000000 Z
11
+ date: 2017-10-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: capistrano
@@ -66,16 +66,20 @@ dependencies:
66
66
  - - ">="
67
67
  - !ruby/object:Gem::Version
68
68
  version: '0'
69
- description: Capistrano extension to run sensible userage
69
+ description: Capistrano extension to run commands as an unprivileged user in a sensible
70
+ manner
70
71
  email:
71
- - james.condron@fundingcircle.co.uk
72
+ - engineering+capistrano-ext-superusers@fundingcircle.com
72
73
  executables: []
73
74
  extensions: []
74
75
  extra_rdoc_files: []
75
- files: []
76
- homepage:
76
+ files:
77
+ - README.md
78
+ - capistrano-ext-superusers.gemspec
79
+ - lib/capistrano/ext/superusers.rb
80
+ homepage: https://github.com/FundingCircle/capistrano-ext-superusers
77
81
  licenses:
78
- - Simplified BSD
82
+ - BSD-3-Clause
79
83
  metadata: {}
80
84
  post_install_message:
81
85
  rdoc_options: []
@@ -93,8 +97,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
93
97
  version: '0'
94
98
  requirements: []
95
99
  rubyforge_project:
96
- rubygems_version: 2.6.12
100
+ rubygems_version: 2.6.14
97
101
  signing_key:
98
102
  specification_version: 4
99
- summary: Extend out from capistrano deploy user stuff and bits
103
+ summary: Run Capistrano commands as a superuser
100
104
  test_files: []