conjur-debify 0.10.2 → 0.11.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +23 -16
- data/README.md +41 -0
- data/lib/conjur/debify/version.rb +1 -1
- data/lib/conjur/debify.rb +119 -34
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 78917789d9da713b2e98a491456b69d07252e735
|
4
|
+
data.tar.gz: 61ac786410504111370c50e72c7b86074e69168f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5eefdfdae70c3fa8d5ba418751e2931d2b3e951b13f256c4a2e5c5ee0dd79225506e4b95784c8f43906fdd856ffce7d4bf74e8b8b21956291ae45a9800a4789d
|
7
|
+
data.tar.gz: 7d577222d5d3dfb5777fdfa0ff13a3615142d4a8b688038c1604a23141021cd838c8676479420484a3b759276e67077d3c20625b028f6b4d578a4340593c680c
|
data/CHANGELOG.md
CHANGED
@@ -1,39 +1,46 @@
|
|
1
|
+
# 0.11.0
|
2
|
+
|
3
|
+
* Add `debify sandbox`.
|
4
|
+
|
1
5
|
# 0.10.2
|
2
|
-
|
6
|
+
|
7
|
+
* Fixed publish internal Dockerfile.
|
3
8
|
|
4
9
|
# 0.10.1
|
5
|
-
|
10
|
+
|
11
|
+
* Run internal containers as privileged if Docker >= 1.10.0.
|
6
12
|
|
7
13
|
# 0.10.0
|
8
|
-
|
14
|
+
|
15
|
+
* Upgrading Ruby for packaging from 2.0 to 2.2.4.
|
9
16
|
|
10
17
|
# 0.9.2
|
11
18
|
|
12
|
-
* Print messages to stderr instead of stdout during packaging
|
13
|
-
* Only consider tags matching v*.*.* when determining package version string
|
19
|
+
* Print messages to stderr instead of stdout during packaging.
|
20
|
+
* Only consider tags matching v*.*.* when determining package version string.
|
14
21
|
|
15
22
|
# 0.9.1
|
16
23
|
|
17
|
-
* Provide the package to purge before installing the new version
|
24
|
+
* Provide the package to purge before installing the new version.
|
18
25
|
|
19
26
|
# 0.9.0
|
20
27
|
|
21
|
-
* Don't nuke the entire existing source install dir, there may be necessary files in there
|
28
|
+
* Don't nuke the entire existing source install dir, there may be necessary files in there.
|
22
29
|
|
23
30
|
# 0.8.0
|
24
31
|
|
25
|
-
* Remove the need for a 'latest' debian
|
26
|
-
* Fix bug in the error message for 'detect_version'
|
27
|
-
* Use a more reliable way to detect the current branch
|
28
|
-
* `publish` : Remove the default value of the 'component' flag
|
29
|
-
* `clean` : Don't create a container unless deletions will actually be performed
|
32
|
+
* Remove the need for a 'latest' debian.
|
33
|
+
* Fix bug in the error message for 'detect_version'.
|
34
|
+
* Use a more reliable way to detect the current branch.
|
35
|
+
* `publish` : Remove the default value of the 'component' flag.
|
36
|
+
* `clean` : Don't create a container unless deletions will actually be performed.
|
30
37
|
|
31
38
|
# 0.7.0
|
32
39
|
|
33
|
-
* Add `debify clean
|
40
|
+
* Add `debify clean`.
|
34
41
|
|
35
42
|
# 0.6.0
|
36
43
|
|
37
|
-
* `package` : Add `--dockerfile` option
|
38
|
-
* `package` : Ensure that `Gemfile.lock` is in the container
|
39
|
-
* `test` : Propagate `SSH_AUTH_SOCK` to the container
|
44
|
+
* `package` : Add `--dockerfile` option.
|
45
|
+
* `package` : Ensure that `Gemfile.lock` is in the container.
|
46
|
+
* `test` : Propagate `SSH_AUTH_SOCK` to the container.
|
data/README.md
CHANGED
@@ -132,6 +132,47 @@ $ summon debify publish -c stable conjur-example_0.0.1_amd64.deb
|
|
132
132
|
Uploaded 1 artifacts to Artifactory.
|
133
133
|
```
|
134
134
|
|
135
|
+
## Create a development session in a Conjur appliance container
|
136
|
+
|
137
|
+
|
138
|
+
```
|
139
|
+
$ debify help sandbox
|
140
|
+
NAME
|
141
|
+
sandbox - Setup a development sandbox for a Conjur debian package in a Conjur appliance container
|
142
|
+
|
143
|
+
SYNOPSIS
|
144
|
+
debify [global options] sandbox [command options]
|
145
|
+
|
146
|
+
DESCRIPTION
|
147
|
+
First, a Conjur appliance container is created and started. By default, the container image is
|
148
|
+
registry.tld/conjur-appliance-cuke-master. An image tag MUST be supplied. This image
|
149
|
+
is configured with all the CONJUR_ environment variables setup for the local environment (appliance URL,
|
150
|
+
cert path, admin username and password, etc). The project source tree is
|
151
|
+
also mounted into the container, at /src/<project-name>, where <project-name> is taken from the name of the
|
152
|
+
current working directory.
|
153
|
+
|
154
|
+
Once in the container, use "/opt/conjur/evoke/bin/dev-install" to install the development bundle of your project.
|
155
|
+
|
156
|
+
COMMAND OPTIONS
|
157
|
+
--bind=arg - Bind another source directory into the container. Use <src>:<dest>, where both are full paths. (default: none)
|
158
|
+
-d, --dir=arg - Set the current working directory (default: none)
|
159
|
+
-i, --image=arg - Image name (default: registry.tld/conjur-appliance-cuke-master)
|
160
|
+
--[no-]pull - 'docker pull' the Conjur container image
|
161
|
+
-t, --image-tag=arg - Image tag, e.g. 4.5-stable, 4.6-stable (default: none)
|
162
|
+
```
|
163
|
+
|
164
|
+
### Example usage
|
165
|
+
|
166
|
+
```sh-session
|
167
|
+
authz $ debify sandbox -t $(cat VERSION_APPLIANCE)-stable
|
168
|
+
... much logging
|
169
|
+
authz $ docker exec -it authz-sandbox bash
|
170
|
+
root@7d4217655332:/src/authz# /opt/conjur/evoke/bin/dev-install
|
171
|
+
...
|
172
|
+
root@7d4217655332:/src/authz# export RAILS_ENV=test
|
173
|
+
root@7d4217655332:/src/authz# bundle exec rake db:migrate
|
174
|
+
```
|
175
|
+
|
135
176
|
## Installation
|
136
177
|
|
137
178
|
Add this line to your application's Gemfile:
|
data/lib/conjur/debify.rb
CHANGED
@@ -250,6 +250,37 @@ command "package" do |c|
|
|
250
250
|
end
|
251
251
|
end
|
252
252
|
|
253
|
+
def wait_for_conjur appliance_image, container
|
254
|
+
wait_options = {
|
255
|
+
'Image' => appliance_image.id,
|
256
|
+
'Entrypoint' => '/opt/conjur/evoke/bin/wait_for_conjur',
|
257
|
+
'HostConfig' => {
|
258
|
+
'Links' => [
|
259
|
+
[ container.id, 'conjur' ].join(":")
|
260
|
+
]
|
261
|
+
}
|
262
|
+
}
|
263
|
+
wait_options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
|
264
|
+
|
265
|
+
wait_container = Docker::Container.create wait_options
|
266
|
+
begin
|
267
|
+
spawn("docker logs -f #{wait_container.id}", [ :out, :err ] => $stderr).tap do |pid|
|
268
|
+
Process.detach pid
|
269
|
+
end
|
270
|
+
wait_container.start
|
271
|
+
status = wait_container.wait
|
272
|
+
raise "wait_for_conjur failed" unless status['StatusCode'] == 0
|
273
|
+
ensure
|
274
|
+
wait_container.delete(force: true)
|
275
|
+
end
|
276
|
+
end
|
277
|
+
|
278
|
+
def container_command container, *args
|
279
|
+
stdout, stderr, exitcode = container.exec args, &DebugMixin::DOCKER
|
280
|
+
exit_now! "Command failed : #{args.join(' ')}", exitcode unless exitcode == 0
|
281
|
+
stdout
|
282
|
+
end
|
283
|
+
|
253
284
|
desc "Test a Conjur debian package in a Conjur appliance container"
|
254
285
|
long_desc <<DESC
|
255
286
|
First, a Conjur appliance container is created and started. By default, the
|
@@ -365,37 +396,6 @@ RUN touch /etc/service/conjur/down
|
|
365
396
|
|
366
397
|
container = Docker::Container.create(options)
|
367
398
|
|
368
|
-
def wait_for_conjur appliance_image, container
|
369
|
-
wait_options = {
|
370
|
-
'Image' => appliance_image.id,
|
371
|
-
'Entrypoint' => '/opt/conjur/evoke/bin/wait_for_conjur',
|
372
|
-
'HostConfig' => {
|
373
|
-
'Links' => [
|
374
|
-
[ container.id, 'conjur' ].join(":")
|
375
|
-
]
|
376
|
-
}
|
377
|
-
}
|
378
|
-
wait_options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
|
379
|
-
|
380
|
-
wait_container = Docker::Container.create wait_options
|
381
|
-
begin
|
382
|
-
spawn("docker logs -f #{wait_container.id}", [ :out, :err ] => $stderr).tap do |pid|
|
383
|
-
Process.detach pid
|
384
|
-
end
|
385
|
-
wait_container.start
|
386
|
-
status = wait_container.wait
|
387
|
-
raise "wait_for_conjur failed" unless status['StatusCode'] == 0
|
388
|
-
ensure
|
389
|
-
wait_container.delete(force: true)
|
390
|
-
end
|
391
|
-
end
|
392
|
-
|
393
|
-
def command container, *args
|
394
|
-
stdout, stderr, exitcode = container.exec args, &DebugMixin::DOCKER
|
395
|
-
exit_now! "Command failed : #{args.join(' ')}", exitcode unless exitcode == 0
|
396
|
-
stdout
|
397
|
-
end
|
398
|
-
|
399
399
|
begin
|
400
400
|
DebugMixin.debug_write "Testing #{project_name} in container #{container.id}\n"
|
401
401
|
|
@@ -412,12 +412,12 @@ RUN touch /etc/service/conjur/down
|
|
412
412
|
sleep 1
|
413
413
|
end
|
414
414
|
|
415
|
-
|
415
|
+
container_command container, "/opt/conjur/evoke/bin/test-install", project_name
|
416
416
|
|
417
417
|
DebugMixin.debug_write "Starting conjur\n"
|
418
418
|
|
419
|
-
|
420
|
-
|
419
|
+
container_command container, "rm", "/etc/service/conjur/down"
|
420
|
+
container_command container, "sv", "start", "conjur"
|
421
421
|
wait_for_conjur appliance_image, container
|
422
422
|
|
423
423
|
system "./#{test_script} #{container.id}"
|
@@ -429,6 +429,91 @@ RUN touch /etc/service/conjur/down
|
|
429
429
|
end
|
430
430
|
end
|
431
431
|
|
432
|
+
desc "Setup a development sandbox for a Conjur debian package in a Conjur appliance container"
|
433
|
+
long_desc <<DESC
|
434
|
+
First, a Conjur appliance container is created and started. By default, the
|
435
|
+
container image is registry.tld/conjur-appliance-cuke-master. An image tag
|
436
|
+
MUST be supplied. This image is configured with all the CONJUR_ environment
|
437
|
+
variables setup for the local environment (appliance URL, cert path, admin username and
|
438
|
+
password, etc). The project source tree is also mounted into the container, at
|
439
|
+
/src/<project-name>, where <project-name> is taken from the name of the current working directory.
|
440
|
+
|
441
|
+
Once in the containter, use "/opt/conjur/evoke/bin/dev-install" to install the development bundle of your project.
|
442
|
+
DESC
|
443
|
+
command "sandbox" do |c|
|
444
|
+
c.desc "Set the current working directory"
|
445
|
+
c.flag [ :d, :dir ]
|
446
|
+
|
447
|
+
c.desc "Image name"
|
448
|
+
c.default_value "registry.tld/conjur-appliance-cuke-master"
|
449
|
+
c.flag [ :i, :image ]
|
450
|
+
|
451
|
+
c.desc "Image tag, e.g. 4.5-stable, 4.6-stable"
|
452
|
+
c.flag [ :t, "image-tag"]
|
453
|
+
|
454
|
+
c.desc "Bind another source directory into the container. Use <src>:<dest>, where both are full paths."
|
455
|
+
c.flag [ :"bind" ]
|
456
|
+
|
457
|
+
c.desc "'docker pull' the Conjur container image"
|
458
|
+
c.default_value false
|
459
|
+
c.switch [ :pull ]
|
460
|
+
|
461
|
+
c.action do |global_options,cmd_options,args|
|
462
|
+
raise "Receive extra command-line arguments" if args.shift
|
463
|
+
|
464
|
+
dir = cmd_options[:dir] || '.'
|
465
|
+
dir = File.expand_path(dir)
|
466
|
+
|
467
|
+
raise "Directory #{dir} does not exist or is not a directory" unless File.directory?(dir)
|
468
|
+
|
469
|
+
Dir.chdir dir do
|
470
|
+
image_tag = cmd_options["image-tag"] or raise "image-tag is required"
|
471
|
+
appliance_image_id = [ cmd_options[:image], image_tag ].join(":")
|
472
|
+
|
473
|
+
appliance_image = if cmd_options[:pull]
|
474
|
+
Docker::Image.create 'fromImage' => appliance_image_id, &DebugMixin::DOCKER if cmd_options[:pull]
|
475
|
+
else
|
476
|
+
Docker::Image.get appliance_image_id
|
477
|
+
end
|
478
|
+
|
479
|
+
project_name = File.basename(Dir.getwd)
|
480
|
+
vendor_dir = File.expand_path("tmp/debify/#{project_name}/vendor", ENV['HOME'])
|
481
|
+
dot_bundle_dir = File.expand_path("tmp/debify/#{project_name}/.bundle", ENV['HOME'])
|
482
|
+
FileUtils.mkdir_p vendor_dir
|
483
|
+
FileUtils.mkdir_p dot_bundle_dir
|
484
|
+
|
485
|
+
options = {
|
486
|
+
'Image' => appliance_image.id,
|
487
|
+
'Name' => "#{project_name}-sandbox",
|
488
|
+
'Env' => [
|
489
|
+
"CONJUR_AUTHN_LOGIN=admin",
|
490
|
+
"CONJUR_ENV=appliance",
|
491
|
+
"CONJUR_AUTHN_API_KEY=secret",
|
492
|
+
"CONJUR_ADMIN_PASSWORD=secret",
|
493
|
+
],
|
494
|
+
'Binds' => [
|
495
|
+
[ File.expand_path(".ssh/id_rsa", ENV['HOME']), "/root/.ssh/id_rsa", 'ro' ].join(':'),
|
496
|
+
[ dir, "/src/#{project_name}" ].join(':'),
|
497
|
+
[ vendor_dir, "/src/#{project_name}/vendor" ].join(':'),
|
498
|
+
[ dot_bundle_dir, "/src/#{project_name}/.bundle" ].join(':')
|
499
|
+
].concat(Array(cmd_options[:bind]))
|
500
|
+
}
|
501
|
+
options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
|
502
|
+
|
503
|
+
container = Docker::Container.create(options)
|
504
|
+
$stdout.puts container.id
|
505
|
+
|
506
|
+
spawn("docker logs -f #{container.id}", [ :out, :err ] => $stderr).tap do |pid|
|
507
|
+
Process.detach pid
|
508
|
+
end
|
509
|
+
container.start
|
510
|
+
|
511
|
+
container_command container, %w(apt-get install -y git)
|
512
|
+
wait_for_conjur appliance_image, container
|
513
|
+
end
|
514
|
+
end
|
515
|
+
end
|
516
|
+
|
432
517
|
desc "Publish a debian package to apt repository"
|
433
518
|
long_desc <<DESC
|
434
519
|
Publishes a deb created with `debify package` to our private apt repository.
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: conjur-debify
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.11.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Kevin Gilpin
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-03-
|
11
|
+
date: 2016-03-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: gli
|