conjur-debify 0.10.2 → 0.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3bca192d14cd153794620f7695001c62734a535b
-  data.tar.gz: a310d422277fae0539cc3910cc7dbbf26ab5e8f3
+  metadata.gz: 78917789d9da713b2e98a491456b69d07252e735
+  data.tar.gz: 61ac786410504111370c50e72c7b86074e69168f
 SHA512:
-  metadata.gz: afe7be6b0804aa876e8f1e4d1c5d656068cf78db7a3b59bcd680028ea2ff80e7eb2e1767bcde76413b1f0ca2aaf57183bfa811a52bb0c65473f4b0a484d7b812
-  data.tar.gz: c25e7bc16930741f9ea5314b548b46833d4bf43e9d3023761815bd3800e09bd90ee07e4c8785cbdca1be69c337efbe670d0f90d94cd6ff4121afb81c05cdbe2d
+  metadata.gz: 5eefdfdae70c3fa8d5ba418751e2931d2b3e951b13f256c4a2e5c5ee0dd79225506e4b95784c8f43906fdd856ffce7d4bf74e8b8b21956291ae45a9800a4789d
+  data.tar.gz: 7d577222d5d3dfb5777fdfa0ff13a3615142d4a8b688038c1604a23141021cd838c8676479420484a3b759276e67077d3c20625b028f6b4d578a4340593c680c

data/CHANGELOG.md

@@ -1,39 +1,46 @@
+# 0.11.0
+
+* Add `debify sandbox`.
+
 # 0.10.2
-* Fixed publish internal Dockerfile
+
+* Fixed publish internal Dockerfile.
 
 # 0.10.1
-* Run internal containers as privileged if Docker >= 1.10.0
+
+* Run internal containers as privileged if Docker >= 1.10.0.
 
 # 0.10.0
-* Upgrading Ruby for packaging from 2.0 to 2.2.4
+
+* Upgrading Ruby for packaging from 2.0 to 2.2.4.
 
 # 0.9.2
 
-* Print messages to stderr instead of stdout during packaging
-* Only consider tags matching v*.*.* when determining package version string
+* Print messages to stderr instead of stdout during packaging.
+* Only consider tags matching v*.*.* when determining package version string.
 
 # 0.9.1
 
-* Provide the package to purge before installing the new version
+* Provide the package to purge before installing the new version.
 
 # 0.9.0
 
-* Don't nuke the entire existing source install dir, there may be necessary files in there
+* Don't nuke the entire existing source install dir, there may be necessary files in there.
 
 # 0.8.0
 
-* Remove the need for a 'latest' debian
-* Fix bug in the error message for 'detect_version'
-* Use a more reliable way to detect the current branch
-* `publish` : Remove the default value of the 'component' flag
-* `clean` : Don't create a container unless deletions will actually be performed
+* Remove the need for a 'latest' debian.
+* Fix bug in the error message for 'detect_version'.
+* Use a more reliable way to detect the current branch.
+* `publish` : Remove the default value of the 'component' flag.
+* `clean` : Don't create a container unless deletions will actually be performed.
 
 # 0.7.0
 
-* Add `debify clean`
+* Add `debify clean`.
 
 # 0.6.0
 
-* `package` : Add `--dockerfile` option
-* `package` : Ensure that `Gemfile.lock` is in the container
-* `test` : Propagate `SSH_AUTH_SOCK` to the container
+* `package` : Add `--dockerfile` option.
+* `package` : Ensure that `Gemfile.lock` is in the container.
+* `test` : Propagate `SSH_AUTH_SOCK` to the container.

data/README.md

@@ -132,6 +132,47 @@ $ summon debify publish -c stable conjur-example_0.0.1_amd64.deb
 Uploaded 1 artifacts to Artifactory.
 ```
 
+## Create a development session in a Conjur appliance container
+
+
+```
+$ debify help sandbox
+NAME
+    sandbox - Setup a development sandbox for a Conjur debian package in a Conjur appliance container
+
+SYNOPSIS
+    debify [global options] sandbox [command options] 
+
+DESCRIPTION
+    First, a Conjur appliance container is created and started. By default, the container image is 
+    registry.tld/conjur-appliance-cuke-master. An image tag MUST be supplied. This image
+    is configured with all the CONJUR_ environment variables setup for the local environment (appliance URL, 
+    cert path, admin username and password, etc). The project source tree is
+    also mounted into the container, at /src/<project-name>, where <project-name> is taken from the name of the 
+    current working directory.
+
+    Once in the container, use "/opt/conjur/evoke/bin/dev-install" to install the development bundle of your project. 
+
+COMMAND OPTIONS
+    --bind=arg          - Bind another source directory into the container. Use <src>:<dest>, where both are full paths. (default: none)
+    -d, --dir=arg       - Set the current working directory (default: none)
+    -i, --image=arg     - Image name (default: registry.tld/conjur-appliance-cuke-master)
+    --[no-]pull         - 'docker pull' the Conjur container image
+    -t, --image-tag=arg - Image tag, e.g. 4.5-stable, 4.6-stable (default: none)
+```
+
+### Example usage
+
+```sh-session
+authz $ debify sandbox -t $(cat VERSION_APPLIANCE)-stable
+... much logging
+authz $ docker exec -it authz-sandbox bash
+root@7d4217655332:/src/authz# /opt/conjur/evoke/bin/dev-install
+...
+root@7d4217655332:/src/authz# export RAILS_ENV=test
+root@7d4217655332:/src/authz# bundle exec rake db:migrate
+```
+
 ## Installation
 
 Add this line to your application's Gemfile:

data/lib/conjur/debify/version.rb

@@ -1,5 +1,5 @@
 module Conjur
   module Debify
-    VERSION = "0.10.2"
+    VERSION = "0.11.0"
   end
 end

data/lib/conjur/debify.rb

@@ -250,6 +250,37 @@ command "package" do |c|
   end
 end
 
+def wait_for_conjur appliance_image, container
+  wait_options = {
+    'Image' => appliance_image.id,
+    'Entrypoint' => '/opt/conjur/evoke/bin/wait_for_conjur',
+    'HostConfig' => {
+      'Links' => [
+        [ container.id, 'conjur' ].join(":")
+      ]
+    }
+  }
+  wait_options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
+
+  wait_container = Docker::Container.create wait_options
+  begin
+    spawn("docker logs -f #{wait_container.id}", [ :out, :err ] => $stderr).tap do |pid|
+      Process.detach pid
+    end
+    wait_container.start
+    status = wait_container.wait
+    raise "wait_for_conjur failed" unless status['StatusCode'] == 0
+  ensure
+    wait_container.delete(force: true)
+  end
+end
+
+def container_command container, *args
+  stdout, stderr, exitcode = container.exec args, &DebugMixin::DOCKER
+  exit_now! "Command failed : #{args.join(' ')}", exitcode unless exitcode == 0
+  stdout
+end
+
 desc "Test a Conjur debian package in a Conjur appliance container"
 long_desc <<DESC
 First, a Conjur appliance container is created and started. By default, the
@@ -365,37 +396,6 @@ RUN touch /etc/service/conjur/down
       
       container = Docker::Container.create(options)
       
-      def wait_for_conjur appliance_image, container
-        wait_options = {
-          'Image' => appliance_image.id,
-          'Entrypoint' => '/opt/conjur/evoke/bin/wait_for_conjur',
-          'HostConfig' => {
-            'Links' => [
-              [ container.id, 'conjur' ].join(":")
-            ]
-          }
-        }
-        wait_options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
-  
-        wait_container = Docker::Container.create wait_options
-        begin
-          spawn("docker logs -f #{wait_container.id}", [ :out, :err ] => $stderr).tap do |pid|
-            Process.detach pid
-          end
-          wait_container.start
-          status = wait_container.wait
-          raise "wait_for_conjur failed" unless status['StatusCode'] == 0
-        ensure
-          wait_container.delete(force: true)
-        end
-      end
-      
-      def command container, *args
-        stdout, stderr, exitcode = container.exec args, &DebugMixin::DOCKER
-        exit_now! "Command failed : #{args.join(' ')}", exitcode unless exitcode == 0
-        stdout
-      end
-      
       begin
         DebugMixin.debug_write "Testing #{project_name} in container #{container.id}\n"
 
@@ -412,12 +412,12 @@ RUN touch /etc/service/conjur/down
           sleep 1
         end
         
-        command container, "/opt/conjur/evoke/bin/test-install", project_name
+        container_command container, "/opt/conjur/evoke/bin/test-install", project_name
 
         DebugMixin.debug_write "Starting conjur\n"
 
-        command container, "rm", "/etc/service/conjur/down"
-        command container, "sv", "start", "conjur"
+        container_command container, "rm", "/etc/service/conjur/down"
+        container_command container, "sv", "start", "conjur"
         wait_for_conjur appliance_image, container
   
         system "./#{test_script} #{container.id}"
@@ -429,6 +429,91 @@ RUN touch /etc/service/conjur/down
   end
 end
 
+desc "Setup a development sandbox for a Conjur debian package in a Conjur appliance container"
+long_desc <<DESC
+First, a Conjur appliance container is created and started. By default, the
+container image is registry.tld/conjur-appliance-cuke-master. An image tag
+MUST be supplied. This image is configured with all the CONJUR_ environment
+variables setup for the local environment (appliance URL, cert path, admin username and
+password, etc). The project source tree is also mounted into the container, at
+/src/<project-name>, where <project-name> is taken from the name of the current working directory.
+
+Once in the containter, use "/opt/conjur/evoke/bin/dev-install" to install the development bundle of your project.
+DESC
+command "sandbox" do |c|
+  c.desc "Set the current working directory"
+  c.flag [ :d, :dir ]
+
+  c.desc "Image name"
+  c.default_value "registry.tld/conjur-appliance-cuke-master"
+  c.flag [ :i, :image ]
+  
+  c.desc "Image tag, e.g. 4.5-stable, 4.6-stable"
+  c.flag [ :t, "image-tag"]
+
+  c.desc "Bind another source directory into the container. Use <src>:<dest>, where both are full paths."
+  c.flag [ :"bind" ]
+  
+  c.desc "'docker pull' the Conjur container image"
+  c.default_value false
+  c.switch [ :pull ]
+
+  c.action do |global_options,cmd_options,args|
+    raise "Receive extra command-line arguments" if args.shift
+    
+    dir = cmd_options[:dir] || '.'
+    dir = File.expand_path(dir)
+    
+    raise "Directory #{dir} does not exist or is not a directory" unless File.directory?(dir)
+    
+    Dir.chdir dir do
+      image_tag = cmd_options["image-tag"] or raise "image-tag is required"
+      appliance_image_id = [ cmd_options[:image], image_tag ].join(":")
+      
+      appliance_image = if cmd_options[:pull]
+        Docker::Image.create 'fromImage' => appliance_image_id, &DebugMixin::DOCKER if cmd_options[:pull]
+      else
+        Docker::Image.get appliance_image_id
+      end
+      
+      project_name = File.basename(Dir.getwd)
+      vendor_dir = File.expand_path("tmp/debify/#{project_name}/vendor", ENV['HOME'])
+      dot_bundle_dir = File.expand_path("tmp/debify/#{project_name}/.bundle", ENV['HOME'])
+      FileUtils.mkdir_p vendor_dir
+      FileUtils.mkdir_p dot_bundle_dir
+      
+      options = {
+        'Image' => appliance_image.id,
+        'Name' => "#{project_name}-sandbox", 
+        'Env' => [
+          "CONJUR_AUTHN_LOGIN=admin",
+          "CONJUR_ENV=appliance",
+          "CONJUR_AUTHN_API_KEY=secret",
+          "CONJUR_ADMIN_PASSWORD=secret",
+        ],
+        'Binds' => [
+          [ File.expand_path(".ssh/id_rsa", ENV['HOME']), "/root/.ssh/id_rsa", 'ro' ].join(':'), 
+          [ dir, "/src/#{project_name}" ].join(':'),
+          [ vendor_dir, "/src/#{project_name}/vendor" ].join(':'),
+          [ dot_bundle_dir, "/src/#{project_name}/.bundle" ].join(':')
+        ].concat(Array(cmd_options[:bind]))
+      }
+      options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
+      
+      container = Docker::Container.create(options)
+      $stdout.puts container.id
+      
+      spawn("docker logs -f #{container.id}", [ :out, :err ] => $stderr).tap do |pid|
+        Process.detach pid
+      end
+      container.start
+
+      container_command container, %w(apt-get install -y git)
+      wait_for_conjur appliance_image, container
+    end
+  end
+end
+
 desc "Publish a debian package to apt repository"
 long_desc <<DESC
 Publishes a deb created with `debify package` to our private apt repository.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: conjur-debify
 version: !ruby/object:Gem::Version
-  version: 0.10.2
+  version: 0.11.0
 platform: ruby
 authors:
 - Kevin Gilpin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-03-04 00:00:00.000000000 Z
+date: 2016-03-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gli