gitlab-swat 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: d7764e07cd7efc9efec68895fe07f7c8a2c3db9d
+  data.tar.gz: 679cc6ac1ae287113cb9fc3f70c6282c2eaaedb6
+SHA512:
+  metadata.gz: f323d1a8b248bad4c21b11a734a97697bb96961df59dee5b724dbe64bf4ecda27773a8120b40438349097c6f5511a30c60996412671fb40a49f8fe5e6b00deef
+  data.tar.gz: d5165ea4b0ebfb42e9ddc10d63fae6b8e2a5b1ea80e30f324ed0514b2ec99fc812b674684aebe3cb21f2e16bef0c0f40698f9bbe88dde91f0a57bc031d508a0a

data/.gitlab-ci.yml

@@ -0,0 +1,20 @@
+image: ruby:2.3
+before_script:
+  - ruby -v
+  - which ruby
+  - gem install bundler --no-ri --no-rdoc
+  - bundle install --jobs $(nproc)  "${FLAGS[@]}" --path vendor
+  - git config --global user.email "you@example.com"
+  - git config --global user.name "Your Name"
+
+cache:
+  paths:
+    - vendor
+
+rspec:
+  script:
+    - bundle exec rspec -f d -c -b
+
+rubocop:
+  script:
+    - bundle exec rubocop

data/.rubocop.yml

@@ -0,0 +1,30 @@
+# Commonly used screens these days easily fit more than 80 characters.
+Metrics/LineLength:
+  Max: 120
+# Just use double quotes please
+#
+Style/StringLiterals:
+  EnforcedStyle: double_quotes
+
+Style/FrozenStringLiteralComment:
+  Enabled: false
+
+# Jim Weirich block style
+Style/BlockDelimiters:
+  EnforcedStyle: semantic
+
+Style/SignalException:
+  EnforcedStyle: semantic
+
+Style/RaiseArgs:
+  EnforcedStyle: compact
+
+Metrics/MethodLength:
+  Max: 15
+
+Metrics/AbcSize:
+  Enabled: false
+
+Metrics/BlockLength:
+    Exclude:
+      - 'spec/**/*.rb'

data/Gemfile

@@ -0,0 +1,9 @@
+source "https://rubygems.org"
+
+gem "cog-rb", "~>0.4"
+
+group "development", "test" do
+  gem "rspec", "~>3.5"
+  gem "rubocop", "~>0.42"
+  gem "simplecov", "~>0.13", require: false
+end

data/Gemfile.lock

@@ -0,0 +1,52 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    ast (2.3.0)
+    cog-rb (0.4.4)
+      rake (~> 11.2)
+    diff-lcs (1.3)
+    docile (1.1.5)
+    json (2.0.3)
+    parser (2.4.0.0)
+      ast (~> 2.2)
+    powerpack (0.1.1)
+    rainbow (2.2.1)
+    rake (11.3.0)
+    rspec (3.5.0)
+      rspec-core (~> 3.5.0)
+      rspec-expectations (~> 3.5.0)
+      rspec-mocks (~> 3.5.0)
+    rspec-core (3.5.4)
+      rspec-support (~> 3.5.0)
+    rspec-expectations (3.5.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.5.0)
+    rspec-mocks (3.5.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.5.0)
+    rspec-support (3.5.0)
+    rubocop (0.48.0)
+      parser (>= 2.3.3.1, < 3.0)
+      powerpack (~> 0.1)
+      rainbow (>= 1.99.1, < 3.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (~> 1.0, >= 1.0.1)
+    ruby-progressbar (1.8.1)
+    simplecov (0.14.1)
+      docile (~> 1.1.0)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.0)
+    unicode-display_width (1.1.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  cog-rb (~> 0.4)
+  rspec (~> 3.5)
+  rubocop (~> 0.42)
+  simplecov (~> 0.13)
+
+BUNDLED WITH
+   1.13.7

data/README.md

@@ -0,0 +1,101 @@
+[![coverage report](https://gitlab.com/gitlab-cog/swat/badges/master/coverage.svg)](https://gitlab.com/gitlab-cog/swat/commits/master)
+
+# GitLab SWAT
+
+A Successful Deployment Ends Peacefully With No Bullets Fired.
+If That’s Simply Not Possible, SWAT Uses Special Weapons and Tactics to Keep the Public Safe
+
+## Defining ~~Weapons~~ Scripts
+
+A script should only contain one class with the following structure
+
+```ruby
+module Swat
+  #
+  # Command to use when calling the script file, it has to respect the module and class name
+  # because it will be imported from rails and called by name
+  #
+  class Command < BaseCommand
+    def prepare(context)
+      fail "I need at least 1 argument" if @args.empty?
+      context[:some_key] = "something"
+      "text to add to the prepare stage result"
+    end
+
+    def pre_check(context)
+      fail "something is not right" unless context[:some_key] == "something"
+      "text to add to the pre_check stage result"
+    end
+
+    def execute(context)
+      fail "execution failed!" if context.empty?
+      "Context so far is #{context}"
+    end
+  end
+end
+```
+
+### Execution Stages
+
+* prepare: initial stage, used to parse arguments, or whatever is necessary before getting into the pre_check stage.
+* pre_check: stage used to validate that the command should continue to the execute stage if it is running in execute mode. Dryrun would only reach this stage.
+* execute: the actual operation.
+
+Any stage that raises an exception will stop the execution, and will force and early return with a failure state and the different messages from the executed phases.
+
+### Available tools
+
+* `@args` the arguments tha are sent from the execution and reach the command, simply a string array.
+* `context` a hashmap that is created before the prepare stage and is sent to all methods, use this to accumulate state across stages.
+
+# Configuring in cog
+
+## Environment variables
+
+* **SCRIPTS_REMOTE_URL** url pointing to the remote repository
+* **SCRIPTS_LOCAL_PATH** folder where the remote repository will be downloaded to
+* **RAILS_RUNNER_COMMAND** command used to run rails, for example: bundle exec rails runner ./scripts/lib/swat_run.rb
+* **RAILS_WORKING_DIR** working dir in which to execute the rails runner command
+
+## Cog Commands
+
+* `dryrun <script> [args]` executes the given script with arguments in dryrun mode
+* `strike <script> [args]` executes the given script with arguments in execute mode
+* `reload [-f]` clones or pulls the scripts repo, use _-f_ to wipe the repo and clone it from scratch
+
+# Development
+
+## How to run integration tests
+
+### Dry Run Mode
+
+```sh
+$ SCRIPTS_LOCAL_PATH=/home/user/src/gitlab.com/gitlab-cog/swat/scripts RAILS_RUNNER_COMMAND="rails r /home/user/src/gitlab.com/gitlab-cog/swat/lib/swat_run.rb" RAILS_WORKING_DIR=/home/user/src/gitlab.com/gitlab-cog/rails-project COG_COMMAND="dryrun" COG_ARGV_0="test" COG_ARGV_1="success" COG_ARGV_2="success" COG_ARGC=3 ./cog-command
+COG_TEMPLATE: execution_result
+{"execution_mode":"dryrun","prepare":{"successful":true,"output":"preparation is fine so far"},"pre_check":{"successful":true,"output":"all is gut"}}
+```
+
+### Strike Mode
+
+```sh
+$ SCRIPTS_LOCAL_PATH=/home/user/src/gitlab.com/gitlab-cog/swat/scripts RAILS_RUNNER_COMMAND="rails r /home/user/src/gitlab.com/gitlab-cog/swat/lib/swat_run.rb" RAILS_WORKING_DIR=/home/user/src/gitlab.com/gitlab-cog/rails-project COG_COMMAND="strike" COG_ARGV_0="test" COG_ARGV_1="success" COG_ARGV_2="success" COG_ARGC=3 ./cog-command
+COG_TEMPLATE: execution_result
+{"execution_mode":"execute","prepare":{"successful":true,"output":"preparation is fine so far"},"pre_check":{"successful":true,"output":"all is gut"},"execute":{"successful":true,"output":"Context so far is {:prepared=\u003e\"done\", :checks=\u003e\"done\"}"}}
+```
+
+### Reload command
+
+```sh
+$ SCRIPTS_LOCAL_PATH=/tmp/testing-cog/second SCRIPTS_REMOTE_URL=$(pwd) COG_COMMAND="reload" ./cog-command
+{"source":"/home/user/src/gitlab.com/gitlab-cog/swat","target":"/tmp/testing-cog/scripts","action":"clone","wiped":false, "head":"1234 current commit"}
+```
+
+```sh
+$ SCRIPTS_LOCAL_PATH=/tmp/testing-cog/second SCRIPTS_REMOTE_URL=$(pwd) COG_COMMAND="reload" ./cog-command
+{"source":"/home/user/src/gitlab.com/gitlab-cog/swat","target":"/tmp/testing-cog/scripts","action":"pull","wiped":false, "head":"1234 current commit"}
+```
+
+```sh
+$ SCRIPTS_LOCAL_PATH=/tmp/testing-cog/second SCRIPTS_REMOTE_URL=$(pwd) COG_COMMAND="reload" COG_OPTS=wipe COG_OPT_WIPE=true ./cog-command
+{"source":"/home/user/src/gitlab.com/gitlab-cog/swat","target":"/tmp/testing-cog/scripts","action":"clone","wiped":true, "head":"1234 current commit"}
+```

data/cog-command

@@ -0,0 +1,10 @@
+#!/usr/bin/env ruby
+
+# Add the lib directory to the load path
+libdir = File.join(File.dirname(__FILE__), "lib")
+$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
+
+require "bundler/setup"
+require "cog"
+
+Cog.bundle("swat")

data/config.yaml

@@ -0,0 +1,50 @@
+---
+cog_bundle_version: 4
+name: swat
+version: 0.0.1
+docker:
+  image: gitlab/swat
+  tag: 0.0.1
+description: >
+  A Successful Deployment Ends Peacefully With No Bullets Fired.
+  If That’s Simply Not Possible, SWAT Uses Special Weapons and Tactics to Keep the Public Safe
+config:
+  env:
+    - var: SCRIPT_REMOTE_URL
+      description: Required Url for a git repo where the scripts are stored
+    - var: SCRIPT_LOCAL_PATH
+      description: Required path to a local semi-persistent folder where to clone and update the scripts repo
+    - var: RAILS_EXECUTABLE
+      description: Required path in which to find the rails executable script with which load the script
+homepage: https://gitlab.com/gitlab-cog/swat
+author: Pablo Carranza <pablo@gitlab.com>
+permissions:
+  - swat:reload
+  - swat:dryrun
+  - swat:strike
+commands:
+  reload:
+    description: Clones or pulls the scripts repo
+    executable: /home/bundle/cog-command
+    options:
+      wipe:
+        type: bool
+        required: false
+    rules:
+     - must have swat:reload
+  dryrun:
+    description: Runs a script up to the precheck phase, used for training, showing or simply checking
+    executable: /home/bundle/cog-command
+    arguments: "<script> [args...]"
+    rules:
+     - must have swat:dryrun
+  strike:
+    description: Runs a script to the end, performing changes to the system.
+    executable: /home/bundle/cog-command
+    arguments: "<script> [args...]"
+    rules:
+      - must have swat:execute
+templates:
+  execution_result:
+    body: |
+      ~json var=$results~

data/gitlab-swat.gemspec

@@ -0,0 +1,27 @@
+Gem::Specification.new do |s|
+  s.name          = "gitlab-swat"
+  s.version       = "0.1.0"
+  s.date          = "2017-04-01"
+  s.summary       = "ChatOps Cog Bundle that enables admins to remotely run predefined scripts in a rails console"
+  s.description   = <<~eos
+    A Successful Deployment Ends Peacefully With No Bullets Fired.
+    If That’s Simply Not Possible, SWAT Uses Special Weapons and Tactics to Keep the Public Safe
+
+    GitLab-Swat allows admins to quickly deploy scripts that can be remotely executed through a rails console
+
+    Allowing fast action by using an external git repository as the scripts source, but keeping safety high by
+    enforcing a prepare-pre check-execute model that allows execution break at any stage if things are not going
+    as expected
+eos
+  s.authors       = ["Pablo Carranza"]
+  s.email         = "pablo@gitlab.com"
+  s.files         = `git ls-files -z`.split("\x0")
+  s.test_files    = s.files.grep(%r{^(spec)/})
+  s.license       = "MIT"
+
+  s.add_dependency "cog-rb", "~> 0.4"
+
+  s.add_development_dependency "rspec", "~> 3.5"
+  s.add_development_dependency "rubocop", "~> 0.42"
+  s.add_development_dependency "simplecov", "~> 0.13"
+end

data/lib/cog_cmd/swat/dryrun.rb

@@ -0,0 +1,18 @@
+require "cog"
+require "swat"
+require "rails_loader"
+
+module CogCmd
+  module Swat
+    #
+    # Cog Command that loads and dryruns the given script
+    #
+    class Dryrun < Cog::Command
+      def run_command
+        rails = ::Swat::RailsLoader.new
+        response.template = "execution_result"
+        response.content = rails.run("dryrun #{request.args.join(' ')}")
+      end
+    end
+  end
+end

data/lib/cog_cmd/swat/reload.rb

@@ -0,0 +1,25 @@
+require "cog"
+require "json"
+require "swat_git"
+
+module CogCmd
+  module Swat
+    #
+    # Cog Command that [re]loads a local git repo for scripts
+    #
+    class Reload < Cog::Command
+      def run_command
+        git = ::Swat::Git.new
+        git.wipe if wipe?
+        result = { source: git.source,
+                   target: git.target,
+                   wiped: wipe? }.merge(git.update)
+        response.content = result.to_json
+      end
+
+      def wipe?
+        request.options["wipe"] == true || request.options["wipe"] == "true"
+      end
+    end
+  end
+end

data/lib/cog_cmd/swat/strike.rb

@@ -0,0 +1,18 @@
+require "cog"
+require "swat"
+require "rails_loader"
+
+module CogCmd
+  module Swat
+    #
+    # Cog Command that loads and executes the given script
+    #
+    class Strike < Cog::Command
+      def run_command
+        rails = ::Swat::RailsLoader.new
+        response.template = "execution_result"
+        response.content = rails.run("execute #{request.args.join(' ')}").to_s
+      end
+    end
+  end
+end

data/lib/rails_loader.rb

@@ -0,0 +1,44 @@
+require "open3"
+
+module Swat
+  #
+  # Loads Rails command runner
+  #
+  # Loads RAILS_RUNNER_COMMAND from the environment to define
+  #
+  # Sample script:
+  #
+  # SCRIPTS_LOCAL_PATH=path_to/scripts bundle exec rails runner
+  # path_to/scripts/lib/swat_run.rb execute test success success 2&>/dev/null
+  #
+  # Can read the runner command and the working dir from environment variables
+  # such as:
+  #   RAILS_RUNNER_COMMAND
+  #   RAILS_WORKING_DIR
+  #
+  class RailsLoader
+    def initialize(command = ENV["RAILS_RUNNER_COMMAND"] || "",
+                   working_dir = ENV["RAILS_WORKING_DIR"] || Dir.getwd)
+      fail "Invalid RAILS_RUNNER_COMMAND, please provide a rails command" if command.nil? || command.empty?
+      fail "Invalid RAILS_WORKING_DIR, '#{working_dir}' does not exists" unless Dir.exist?(working_dir)
+      @rails_command = command
+      @rails_working_dir = working_dir
+    end
+
+    def run(args)
+      command = "#{@rails_command} #{args}"
+      env = {
+        "PATH" => ENV["PATH"],
+        "SCRIPTS_REMOTE_URL" => ENV["SCRIPTS_REMOTE_URL"],
+        "SCRIPTS_LOCAL_PATH" => ENV["SCRIPTS_LOCAL_PATH"]
+      }
+      Open3.popen3(env, command, unsetenv_others: true, chdir: @rails_working_dir) do |_, stdout, stderr, wait_thr|
+        if wait_thr.value != 0
+          fail "Command #{args} failed with err: '#{stderr.read.strip}' " \
+               "out: '#{stdout.read.strip}'"
+        end
+        stdout.read.strip
+      end
+    end
+  end
+end

data/lib/swat.rb

@@ -0,0 +1,131 @@
+require "pathname"
+#
+# Swat module, where all the stuff lives
+#
+module Swat
+  #
+  # Defines the basic behavior of a command
+  #
+  # Inherith to reuse all this logic, only pre-check and execute are mandatory methods
+  # the rest can be as is
+  #
+  # Use the context object to send state from one stage to the next
+  class BaseCommand
+    def initialize(args)
+      @args = args
+    end
+
+    def prepare(_context)
+      # validate arguments here
+    end
+
+    def pre_check(_context)
+      fail "PreChecks are not defined"
+    end
+
+    def execute(_context)
+      fail "Execution is not defined"
+    end
+  end
+
+  #
+  # Represents the whole execution pipeline of a command
+  #
+  # Returns a hashmap that contains the following keys
+  #   execution_mode: self descriptive
+  #   prepare, precheck, execute: the different stages of execution
+  #     each stage will include a hash with:
+  #       succesful: boolean, indicating if it was successful or not
+  #       output: the stdout in case the stage was successfull, stderr otherwise
+  class CommandExecution
+    def initialize(command, execution_mode = "dryrun")
+      @command = command
+      @stages = stages(execution_mode)
+      @result = { execution_mode: execution_mode }
+      @context = {}
+    end
+
+    def run
+      @stages.each do |stage|
+        execute_stage(stage)
+        break unless @result[stage][:successful]
+      end
+      @result
+    end
+
+    def execute_stage(stage)
+      @result[stage] = { successful: true, output: @command.public_send(stage, @context) }
+    rescue => e
+      @result[stage] = { successful: false, output: e.to_s }
+    end
+
+    def stages(execution_mode)
+      case execution_mode
+      when "dryrun"
+        %i(prepare pre_check)
+      when "execute"
+        %i(prepare pre_check execute)
+      else
+        fail "Invalid execution mode '#{execution_mode}'"
+      end
+    end
+  end
+
+  #
+  # Parameters parsing helper class
+  #
+  # Assumes the first parameter to be the execution mode (dryrun or execute)
+  # Assumes the second parameter to be the script name
+  # Captures the rest as arguments that are piped in to the script
+  class Parameters
+    attr_accessor :execution_mode, :command, :args
+
+    def initialize(args = ARGV.clone)
+      @args = args
+      @execution_mode = @args.shift
+      @command = @args.shift
+      fail "Execution mode is mandatory" if @execution_mode.nil?
+      fail "No command was specified" if @command.nil?
+    end
+
+    def to_s
+      "#{@execution_mode} #{@command} #{@args.inspect}"
+    end
+  end
+
+  #
+  # An executable script
+  #
+  # Loads the script from file system using ruby's `require` command, then creates a
+  # ::Swat::Command and then calls `run` on it
+  #
+  # If a Swat::Command object cannot be found (NameError) the command is considered bogus.
+  class Script
+    def initialize(parameters, scripts_path = ENV["SCRIPTS_LOCAL_PATH"])
+      @parameters = parameters
+      @scripts_path = Pathname.new(scripts_path || "scripts")
+    end
+
+    def run
+      CommandExecution.new(create_command, @parameters.execution_mode).run
+    end
+
+    private
+
+    def command_file
+      @command_file ||= @scripts_path.join("#{@parameters.command}.rb")
+    end
+
+    def create_command
+      fail "Could not find command #{@parameters.command} in #{command_file.expand_path}" unless command_file.file?
+      require command_file.expand_path
+      ::Swat::Command.new(@parameters.args)
+    rescue NameError
+      raise "#{@parameters.command} does not define a Swat::Command object"
+    end
+  end
+
+  def self.run
+    Script.new(Parameters.new).run
+  end
+end

data/lib/swat_git.rb

@@ -0,0 +1,62 @@
+require "fileutils"
+
+module Swat
+  #
+  # Git handler
+  #
+  class Git
+    attr_accessor :source, :target
+
+    def initialize(source = ENV["SCRIPTS_REMOTE_URL"], target = ENV["SCRIPTS_LOCAL_PATH"])
+      @source = source
+      @target = target
+    end
+
+    def wipe
+      FileUtils.rm_rf(@target) if File.writable?(@target)
+    end
+
+    def update
+      if Dir.exist?(@target)
+        pull
+      else
+        clone
+      end
+    end
+
+    def valid?
+      return false unless File.exist?(@target)
+      Dir.chdir(@target) {
+        `git config --get remote.origin.url`.strip == @source
+      }
+    end
+
+    private
+
+    def clone
+      repo_path = Pathname.new(@target)
+      parent_folder = repo_path.parent
+      repo_name = repo_path.basename
+      fail "Invalid target path #{parent_folder}" unless File.writable?(parent_folder)
+      Dir.chdir(parent_folder) do
+        `git clone #{@source} #{repo_name} 2> /dev/null`
+      end
+      { action: "clone", head: current_commit }
+    end
+
+    def pull
+      fail "Invalid target repo #{@target}" unless valid?
+      Dir.chdir(@target) do
+        `git pull origin 2> /dev/null`
+      end
+      { action: "pull", head: current_commit }
+    end
+
+    def current_commit
+      fail "Invalid target repo #{@target}" unless valid?
+      Dir.chdir(@target) do
+        `git log --oneline -1 HEAD`.strip
+      end
+    end
+  end
+end

data/lib/swat_run.rb

@@ -0,0 +1,20 @@
+# Usage: through rails execute the following command:
+#   bundle exec rails runner <path to>/marvin_run.rb <command> [arguments]
+#
+# Such as:
+#   - <path to>/marvin.rb points to the place where this file is located
+#   - command is the name of a file existing inside the scripts folder of this repo
+#   - arguments are the required arguments for the given command
+#
+# Implementing new commands:
+#   - Create a file in the scripts folder such as scripts/<command>.rb
+#   - In this file create a Swat::Command class that inheriths Swat::BaseCommand
+#   - It is mandatory to override pre_check and execute, these methods should either execute or fail with an exception
+#   - Optionally the method `validate` can be implemented to validate the received arguments before execution
+
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+
+require "json"
+require_relative "swat"
+
+puts Swat.run.to_json

data/scripts/test.rb

@@ -0,0 +1,23 @@
+module Swat
+  #
+  # Test command
+  #
+  class Command < BaseCommand
+    def prepare(context)
+      fail "I need at least 1 argument" if @args.empty?
+      context[:prepared] = "done"
+      "preparation is fine so far"
+    end
+
+    def pre_check(context)
+      fail "something is not right" unless @args[0].to_sym == :success
+      context[:checks] = "done"
+      "all is gut"
+    end
+
+    def execute(context)
+      fail "execution failed!" unless @args[1].to_sym == :success
+      "Context so far is #{context}"
+    end
+  end
+end

data/spec/helpers/fail_stub.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+>&2 echo "This is all wrong, and in stderr"
+echo "This is in stdout"
+
+exit 1

data/spec/helpers/rails_stub.rb

@@ -0,0 +1,8 @@
+#!/usr/bin/env ruby
+
+require "pathname"
+
+$LOAD_PATH << Pathname.new(Dir.getwd).join("lib").expand_path.to_path
+file = Pathname.new(Dir.getwd).join(ARGV.shift).expand_path.to_path
+
+require_relative file

data/spec/rails_loader_spec.rb

@@ -0,0 +1,21 @@
+require_relative "spec_helper"
+require "rails_loader"
+
+describe Swat::RailsLoader do
+  it "can load and execute a command" do
+    expect(::Swat::RailsLoader
+      .new("./spec/helpers/rails_stub.rb lib/swat_run.rb")
+      .run("dryrun test success"))
+      .to eq("{\"execution_mode\":\"dryrun\",\"prepare\":{\"successful\":true," \
+              "\"output\":\"preparation is fine so far\"}," \
+             "\"pre_check\":{\"successful\":true,\"output\":\"all is gut\"}}")
+  end
+
+  it "can err out when the return code is not 0" do
+    expect {
+      ::Swat::RailsLoader
+        .new("./spec/helpers/fail_stub.sh")
+        .run("dryrun")
+    }.to raise_error(/Command dryrun failed with err/)
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,43 @@
+require "simplecov"
+
+SimpleCov.start do
+  add_filter "vendor"
+end
+
+require "rspec"
+require "swat"
+require "tmpdir"
+require "fileutils"
+
+class GitSpecHelper
+  attr_accessor :source_repo, :target_dir
+
+  def initialize
+    @source_repo = Dir.mktmpdir
+    @target_dir = Dir.mktmpdir
+    Dir.chdir(@source_repo) do
+      `git init`
+      `echo "hi" > readme.md`
+      `git add readme.md`
+      `git commit -m "initial commit"`
+    end
+    clean_target
+  end
+
+  def destroy
+    FileUtils.rm_rf(@source_repo)
+    FileUtils.rm_rf(@target_dir) if File.exist?(@target_dir)
+  end
+
+  def clean_target
+    FileUtils.rm_rf(@target_dir)
+  end
+end
+
+def with_environment(args: [])
+  ENV["COG_ARGC"] = args.length.times { |n| ENV["COG_ARGV_#{n}"] = args[n] }.to_s
+  yield
+ensure
+  ENV.delete("COG_ARGC")
+  args.length.times { |n| ENV.delete("COG_ARGV_#{n}") }
+end

data/spec/swat_command_execution_spec.rb

@@ -0,0 +1,64 @@
+require_relative "spec_helper"
+require_relative "../scripts/test"
+
+describe Swat::CommandExecution do
+  it "fails with an invalid execution mode" do
+    expect { Swat::CommandExecution.new(Swat::Command.new([]), "invalid") }
+      .to raise_error(/Invalid execution mode 'invalid'/)
+  end
+
+  it "fails prepare stage without arguments" do
+    executor = Swat::CommandExecution.new(Swat::Command.new([]))
+    expect(executor.run).to eq(
+      execution_mode: "dryrun",
+      prepare: { successful: false, output: "I need at least 1 argument" }
+    )
+  end
+
+  it "stops execution on pre_checks when constraints are not met" do
+    executor = Swat::CommandExecution.new(Swat::Command.new([:failure]))
+    expect(executor.run).to eq(
+      execution_mode: "dryrun",
+      prepare: { successful: true, output: "preparation is fine so far" },
+      pre_check: { successful: false, output: "something is not right" }
+    )
+  end
+
+  it "it only goes as far as pre checks in dry run mode" do
+    executor = Swat::CommandExecution.new(Swat::Command.new([:success]))
+    expect(executor.run).to eq(
+      execution_mode: "dryrun",
+      prepare: { successful: true, output: "preparation is fine so far" },
+      pre_check: { successful: true, output: "all is gut" }
+    )
+  end
+
+  it "stops execution on pre_checks when prechecks fail" do
+    executor = Swat::CommandExecution.new(Swat::Command.new([:failure]), "execute")
+    expect(executor.run).to eq(
+      execution_mode: "execute",
+      prepare: { successful: true, output: "preparation is fine so far" },
+      pre_check: { successful: false, output: "something is not right" }
+    )
+  end
+
+  it "execution can fail and report it" do
+    executor = Swat::CommandExecution.new(Swat::Command.new(%i(success failure)), "execute")
+    expect(executor.run).to eq(
+      execution_mode: "execute",
+      prepare: { successful: true, output: "preparation is fine so far" },
+      pre_check: { successful: true, output: "all is gut" },
+      execute: { successful: false, output: "execution failed!" }
+    )
+  end
+
+  it "execution can succeed" do
+    executor = Swat::CommandExecution.new(Swat::Command.new(%i(success success)), "execute")
+    expect(executor.run).to eq(
+      execution_mode: "execute",
+      prepare: { successful: true, output: "preparation is fine so far" },
+      pre_check: { successful: true, output: "all is gut" },
+      execute: { successful: true, output: "Context so far is {:prepared=>\"done\", :checks=>\"done\"}" }
+    )
+  end
+end

data/spec/swat_command_spec.rb

@@ -0,0 +1,13 @@
+require_relative "spec_helper"
+
+describe Swat::BaseCommand do
+  it "errs when calling prechecks" do
+    cmd = Swat::BaseCommand.new(:sentinel)
+    expect { cmd.pre_check({}) }.to raise_error(/PreChecks are not defined/)
+  end
+
+  it "errs when calling execute" do
+    cmd = Swat::BaseCommand.new(:sentinel)
+    expect { cmd.execute({}) }.to raise_error(/Execution is not defined/)
+  end
+end

data/spec/swat_config_spec.rb

@@ -0,0 +1,8 @@
+require_relative "spec_helper"
+require "yaml"
+
+describe "Configuration file" do
+  it "can be parsed as correct yaml" do
+    expect(YAML.parse("config.yaml")).not_to be_nil
+  end
+end

data/spec/swat_dryrun_spec.rb

@@ -0,0 +1,21 @@
+require "spec_helper"
+require "cog_cmd/swat/dryrun"
+
+describe CogCmd::Swat::Dryrun do
+  before do allow(STDIN).to receive(:tty?) { true } end
+  before do
+    ENV["RAILS_RUNNER_COMMAND"] = "./spec/helpers/rails_stub.rb lib/swat_run.rb"
+  end
+  after do ENV.delete("RAILS_RUNNER_COMMAND") end
+
+  it "can be called" do
+    command = CogCmd::Swat::Dryrun.new
+    with_environment(args: ["test success"]) do
+      command.run_command
+    end
+    expect(command.response.content)
+      .to eq("{\"execution_mode\":\"dryrun\",\"prepare\":{\"successful\":true," \
+             "\"output\":\"preparation is fine so far\"}," \
+             "\"pre_check\":{\"successful\":true,\"output\":\"all is gut\"}}")
+  end
+end

data/spec/swat_git_spec.rb

@@ -0,0 +1,66 @@
+require "spec_helper"
+require "swat_git"
+
+describe Swat::Git do
+  context "Given a valid URL" do
+    before(:all) do
+      @git = GitSpecHelper.new
+    end
+
+    def add_commit
+      Dir.chdir(@git.source_repo) {
+        `echo "how you doing?" >> readme.md`
+        `git commit -a -m "Another line in"`
+      }
+    end
+
+    before(:each) do @git.clean_target end
+
+    it "can clone a repo" do
+      repo = Swat::Git.new(@git.source_repo, @git.target_dir)
+      repo.update
+      expect(repo.valid?).to be_truthy
+    end
+
+    it "can determine that a repo is invalid when it doesn't exists" do
+      expect(Swat::Git.new(@git.source_repo, @git.target_dir).valid?).to be_falsey
+    end
+
+    it "can clone and then update a repo" do
+      repo = Swat::Git.new(@git.source_repo, @git.target_dir)
+      repo.update
+      add_commit
+      repo.update
+      expect(repo.valid?).to be_truthy
+    end
+
+    it "can wipe a non existing repo" do
+      repo = Swat::Git.new(@git.source_repo, @git.target_dir)
+      repo.wipe
+      expect(File.exist?(@git.target_dir)).to be_falsey
+    end
+
+    it "can clone and then wipe a repo" do
+      repo = Swat::Git.new(@git.source_repo, @git.target_dir)
+      repo.update
+      repo.wipe
+      expect(File.exist?(@git.target_dir)).to be_falsey
+    end
+
+    it "can clone and then update a repo multiple times" do
+      repo = Swat::Git.new(@git.source_repo, @git.target_dir)
+      repo.update
+      3.times do
+        add_commit
+        repo.update
+      end
+      expect(Dir.chdir(@git.target_dir) {
+               `git log --oneline | wc -l`.strip
+             }).to eq("5")
+    end
+
+    after(:all) do
+      @git.destroy
+    end
+  end
+end

data/spec/swat_parameters_spec.rb

@@ -0,0 +1,17 @@
+require_relative "spec_helper"
+
+describe Swat::Parameters do
+  it "loads the command with arguments" do
+    allow(ARGV).to receive(:clone) { %w(dryrun command arg) }
+    params = Swat::Parameters.new
+    expect(params.execution_mode).to eq("dryrun")
+    expect(params.command).to eq("command")
+    expect(params.args).to eq(["arg"])
+    expect(params.to_s).to eq("dryrun command [\"arg\"]")
+  end
+
+  it "fails to load if there is no command" do
+    allow(ARGV).to receive(:clone) { [] }
+    expect { Swat::Parameters.new }.to raise_error(/Execution mode is mandatory/)
+  end
+end

data/spec/swat_reload_spec.rb

@@ -0,0 +1,61 @@
+require "spec_helper"
+require "cog_cmd/swat/reload"
+
+describe CogCmd::Swat::Reload do
+  before do allow(STDIN).to receive(:tty?) { true } end
+
+  let(:git) { GitSpecHelper.new }
+
+  before do
+    ENV["SCRIPTS_REMOTE_URL"] = git.source_repo
+    ENV["SCRIPTS_LOCAL_PATH"] = git.target_dir
+  end
+
+  it "reloads the repo" do
+    command = CogCmd::Swat::Reload.new
+    command.run_command
+    expect(JSON.parse(command.response.content)).to include(
+      "source" => git.source_repo,
+      "target" => git.target_dir,
+      "action" => "clone",
+      "wiped" => false
+    )
+  end
+
+  it "reloads the repo" do
+    begin
+      command = CogCmd::Swat::Reload.new
+      ENV["COG_OPTS"] = "wipe"
+      ENV["COG_OPT_WIPE"] = "true"
+      command.run_command
+      expect(JSON.parse(command.response.content)).to include(
+        "source" => git.source_repo,
+        "target" => git.target_dir,
+        "action" => "clone",
+        "wiped" => true
+      )
+    ensure
+      ENV.delete("COG_OPTS")
+      ENV.delete("COG_OPT_WIPE")
+    end
+  end
+
+  it "reloads the repo 2 times" do
+    command = CogCmd::Swat::Reload.new
+    command.run_command
+    command.run_command
+    command.run_command
+    expect(JSON.parse(command.response.content)).to include(
+      "source" => git.source_repo,
+      "target" => git.target_dir,
+      "action" => "pull",
+      "wiped" => false
+    )
+  end
+
+  after do
+    ENV.delete("SCRIPTS_REMOTE_URL")
+    ENV.delete("SCRIPTS_LOCAL_PATH")
+    git.destroy
+  end
+end

data/spec/swat_script_spec.rb

@@ -0,0 +1,24 @@
+require_relative "spec_helper"
+
+describe Swat::Script do
+  context "with valid parameters" do
+    let(:params) {
+      Swat::Parameters.new(%w(dryrun test arg1 arg2))
+    }
+
+    it "can be created" do
+      script = Swat::Script.new(params)
+      expect(script).not_to be_nil
+    end
+
+    it "finds the test script" do
+      script = Swat::Script.new(params)
+      script.run
+    end
+
+    it "fils to find a valid script with a descriptive message" do
+      script = Swat::Script.new(params, "scr")
+      expect { script.run }.to raise_error(/Could not find command test in /)
+    end
+  end
+end

data/spec/swat_strike_spec.rb

@@ -0,0 +1,22 @@
+require "spec_helper"
+require "cog_cmd/swat/strike"
+
+describe CogCmd::Swat::Strike do
+  before do allow(STDIN).to receive(:tty?) { true } end
+  before do
+    ENV["RAILS_RUNNER_COMMAND"] = "./spec/helpers/rails_stub.rb lib/swat_run.rb"
+  end
+  after do ENV.delete("RAILS_RUNNER_COMMAND") end
+
+  it "can be called" do
+    command = CogCmd::Swat::Strike.new
+    with_environment(args: ["test success success"]) do
+      command.run_command
+    end
+    expect(command.response.content)
+      .to eq("{\"execution_mode\":\"execute\",\"prepare\":{\"successful\":true," \
+            "\"output\":\"preparation is fine so far\"},\"pre_check\":{\"successful\":true," \
+            "\"output\":\"all is gut\"},\"execute\":{\"successful\":true," \
+            "\"output\":\"Context so far is {:prepared=>\\\"done\\\", :checks=>\\\"done\\\"}\"}}")
+  end
+end

metadata

@@ -0,0 +1,151 @@
+--- !ruby/object:Gem::Specification
+name: gitlab-swat
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Pablo Carranza
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-04-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: cog-rb
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.42'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.42'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.13'
+description: |
+  A Successful Deployment Ends Peacefully With No Bullets Fired.
+  If That’s Simply Not Possible, SWAT Uses Special Weapons and Tactics to Keep the Public Safe
+
+  GitLab-Swat allows admins to quickly deploy scripts that can be remotely executed through a rails console
+
+  Allowing fast action by using an external git repository as the scripts source, but keeping safety high by
+  enforcing a prepare-pre check-execute model that allows execution break at any stage if things are not going
+  as expected
+email: pablo@gitlab.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitlab-ci.yml"
+- ".rubocop.yml"
+- Gemfile
+- Gemfile.lock
+- README.md
+- cog-command
+- config.yaml
+- gitlab-swat.gemspec
+- lib/cog_cmd/swat/dryrun.rb
+- lib/cog_cmd/swat/reload.rb
+- lib/cog_cmd/swat/strike.rb
+- lib/rails_loader.rb
+- lib/swat.rb
+- lib/swat_git.rb
+- lib/swat_run.rb
+- scripts/invalid.rb
+- scripts/test.rb
+- spec/helpers/fail_stub.sh
+- spec/helpers/rails_stub.rb
+- spec/rails_loader_spec.rb
+- spec/spec_helper.rb
+- spec/swat_command_execution_spec.rb
+- spec/swat_command_spec.rb
+- spec/swat_config_spec.rb
+- spec/swat_dryrun_spec.rb
+- spec/swat_git_spec.rb
+- spec/swat_parameters_spec.rb
+- spec/swat_reload_spec.rb
+- spec/swat_script_spec.rb
+- spec/swat_strike_spec.rb
+homepage: 
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.2
+signing_key: 
+specification_version: 4
+summary: ChatOps Cog Bundle that enables admins to remotely run predefined scripts
+  in a rails console
+test_files:
+- spec/helpers/fail_stub.sh
+- spec/helpers/rails_stub.rb
+- spec/rails_loader_spec.rb
+- spec/spec_helper.rb
+- spec/swat_command_execution_spec.rb
+- spec/swat_command_spec.rb
+- spec/swat_config_spec.rb
+- spec/swat_dryrun_spec.rb
+- spec/swat_git_spec.rb
+- spec/swat_parameters_spec.rb
+- spec/swat_reload_spec.rb
+- spec/swat_script_spec.rb
+- spec/swat_strike_spec.rb