google-cloud-gemserver 0.1.0

data/bin/google-cloud-gemserver

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+require "bundler/setup"
+require "google/cloud/gemserver/cli"
+
+Google::Cloud::Gemserver::CLI.start ARGV

data/bin/setup

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install

data/lib/google/cloud/gemserver.rb

@@ -0,0 +1,33 @@
+# Copyright 2017 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#  https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module Google
+  module Cloud
+    ##
+    #
+    # # Gemserver
+    #
+    # Gemserver provides a command line interface to create, manage, and deploy
+    # a gemserver to a Google Cloud Platform project.
+    #
+    module Gemserver
+      autoload :CLI,            "google/cloud/gemserver/cli"
+      autoload :VERSION,        "google/cloud/gemserver/version"
+      autoload :Configuration,  "google/cloud/gemserver/configuration"
+      autoload :GCS,            "google/cloud/gemserver/gcs"
+      autoload :Authentication, "google/cloud/gemserver/authentication"
+      autoload :Backend,        "google/cloud/gemserver/backend"
+    end
+  end
+end

data/lib/google/cloud/gemserver/authentication.rb

@@ -0,0 +1,254 @@
+# Copyright 2017 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#  https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "google/cloud/gemserver"
+require "json"
+require "googleauth"
+require "net/http"
+require "uri"
+
+module Google
+  module Cloud
+    module Gemserver
+      ##
+      #
+      # # Authentication
+      #
+      # Manages the permissions of the currently logged in user with the gcloud
+      # sdk.
+      #
+      class Authentication
+
+        ##
+        # The project id of the Google App Engine project the gemserver was
+        # deployed to.
+        # @return [String]
+        attr_accessor :proj
+
+        ##
+        # Creates the Authentication object and sets the project id field.
+        def initialize
+          @proj = Configuration.new[:proj_id]
+        end
+
+        ##
+        # Checks if the currently logged in user can modify the gemserver
+        # i.e. create keys.
+        #
+        # @return [Boolean]
+        def can_modify?
+          user = curr_user
+          owners.each do |owner|
+            return true if extract_account(owner) == user
+          end
+          editors.each do |editor|
+            return true if extract_account(editor) == user
+          end
+          puts "You are either not authenticated with gcloud or lack access" \
+            " to the gemserver."
+          false
+        end
+
+        ##
+        # Generates an access token from a user authenticated by gcloud.
+        #
+        # @return [String]
+        def access_token
+          return unless can_modify?
+          scope = ["https://www.googleapis.com/auth/cloud-platform"]
+          auth = Google::Auth.get_application_default scope
+          auth.fetch_access_token!
+        end
+
+        ##
+        # @private Implicitly checks if the account that generated the token
+        # has edit permissions on the Google Cloud Platform project by issuing
+        # a redundant update to the project (update to original settings).
+        #
+        # @param [String] The authentication token generated from gcloud.
+        #
+        # @return [Boolean]
+        def validate_token auth_header
+          token = auth_header.split.drop(1)[0]
+
+          appengine_url = "https://appengine.googleapis.com"
+          endpoint = "/v1/apps/#{@proj}/services/default?updateMask=split"
+          version = appengine_version token
+          split = {
+            "split" => {
+              "allocations" => {
+                version.to_s => 1
+              }
+            }
+          }
+          res = send_req appengine_url, endpoint, Net::HTTP::Patch, token, split
+          if check_status(res)
+            op = JSON.parse(res.body)["name"]
+            wait_for_op appengine_url, "/v1/#{op}", token
+            true
+          else
+            false
+          end
+        end
+
+        private
+
+        ##
+        # @private Fetches the latest version of the deployed Google App Engine
+        # instance running the gemserver (default service only).
+        #
+        # @param [String] The authentication token generated from gcloud.
+        #
+        # @return [String]
+        def appengine_version token
+          appengine_url = "https://appengine.googleapis.com"
+          path = "/v1/apps/#{@proj}/services/default"
+          res = send_req appengine_url, path, Net::HTTP::Get, token
+
+          fail "Unauthorized" unless check_status(res)
+
+          JSON.parse(res.body)["split"]["allocations"].first[0]
+        end
+
+        ##
+        # @private Sends a request to a given URL with given parameters.
+        #
+        # @param [String] dom The protocol + domain name of the request.
+        #
+        # @param [String] path The path of the URL.
+        #
+        # @param [Net::HTTP] type The type of request to be made.
+        #
+        # @param [String] token The authentication token used in the header.
+        #
+        # @param [Hash] params Additional parameters send in the request body.
+        #
+        # @return [Net::HTTPResponse]
+        def send_req dom, path, type, token, params = nil
+          uri = URI.parse dom
+          http = Net::HTTP.new uri.host, uri.port
+          http.use_ssl = true if dom.include? "https"
+
+          req = type.new path
+          req["Authorization"] = Signet::OAuth2.generate_bearer_authorization_header token
+          unless type == Net::HTTP::Get
+            if params
+              req["Content-Type"] = "application/json"
+              req.body = params.to_json
+            end
+          end
+          http.request req
+        end
+
+        ##
+        # @private Waits for a project update operation to complete.
+        #
+        # @param [String] dom The domain and protocol of the request.
+        #
+        # @param [String] path The path of the request containing the operation
+        # ID.
+        #
+        # @param [String] token The authorization token in the request.
+        #
+        # @param [Integer] timeout The length of time the operation is polled.
+        def wait_for_op dom, path, token, timeout = 60
+          start = Time.now
+          loop do
+            if Time.now - start > timeout
+              fail "Operation at #{path} failed to complete in time"
+            else
+              res = send_req dom, path, Net::HTTP::Get, token
+              if JSON.parse(res.body)["done"] == true
+                break
+              end
+              sleep 1
+            end
+          end
+        end
+
+        ##
+        # @private Checks if a request response matches a given status code.
+        #
+        # @param [Net::HTTPResponse] reponse The response from a request.
+        #
+        # @param [Integer] code The desired response code.
+        #
+        # @return [Boolean]
+        def check_status response, code = 200
+          response.code.to_i == code
+        end
+
+        ##
+        # @private Fetches the members with a specific role that have access
+        # to the Google App Engine project the gemserver was deployed to.
+        #
+        # @return [Array]
+        def members type
+          yml = YAML.load(run_cmd "gcloud projects get-iam-policy #{@proj}")
+          yml["bindings"].select do |member_set|
+            member_set["role"] == type
+          end[0]["members"]
+        end
+
+        ##
+        # @private Fetches members with a role of editor that can access the
+        # gemserver.
+        #
+        # @return [Array]
+        def editors
+          members "roles/editor"
+        end
+
+        ##
+        # @private Fetches members with a role of owner that can access the
+        # gemserver.
+        #
+        # @return [Array]
+        def owners
+          members "roles/owner"
+        end
+
+        ##
+        # @private Fetches the active account of the currently logged in user.
+        #
+        # @return [String]
+        def curr_user
+          raw = run_cmd "gcloud auth list --format json"
+          JSON.load(raw).map do |i|
+            return i["account"] if i["status"] == "ACTIVE"
+          end
+          abort "You are not authenticated with gcloud"
+        end
+
+        ##
+        # @private Parses a gcloud "member" and removes the account prefix.
+        #
+        # @param [String] acc The member the account is extracted from.
+        #
+        # @return [String]
+        def extract_account acc
+          acc[acc.index(":") + 1 .. acc.size]
+        end
+
+        ##
+        # @private Runs a given command on the local machine.
+        #
+        # @param [String] args The command to be run.
+        def run_cmd args
+          `#{args}`
+        end
+      end
+    end
+  end
+end

data/lib/google/cloud/gemserver/backend.rb

@@ -0,0 +1,33 @@
+# Copyright 2017 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#  https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module Google
+  module Cloud
+    module Gemserver
+      ##
+      #
+      # # Backend
+      #
+      # Contains services that run on Google App Engine directly leveraging
+      # tools such as Cloud SQL proxy.
+      #
+      module Backend
+        autoload :GemstashServer, "google/cloud/gemserver/backend/gemstash_server"
+        autoload :Key,            "google/cloud/gemserver/backend/key"
+        autoload :Stats,          "google/cloud/gemserver/backend/stats"
+        autoload :StorageSync,    "google/cloud/gemserver/backend/storage_sync"
+      end
+    end
+  end
+end

data/lib/google/cloud/gemserver/backend/gemstash_server.rb

@@ -0,0 +1,60 @@
+# Copyright 2017 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#  @https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "patched/configuration"
+require "patched/dependencies"
+require "patched/env"
+require "patched/gem_pusher"
+require "patched/gem_yanker"
+require "patched/storage"
+require "patched/web"
+require "gemstash"
+
+module Google
+  module Cloud
+    module Gemserver
+      module Backend
+        ##
+        #
+        # # GemstashServer
+        #
+        # The class that runs gemstash specific commands and starts the gemstash
+        # server. Parts of gemstash are monkey-patched with lib/patched for
+        # compatibility with Google Cloud Platform services such as Cloud Storage
+        # and Cloud SQL.
+        module GemstashServer
+
+          ##
+          # Runs a given command through the gemstash gem.
+          #
+          # @param [String] args The argument passed to gemstash.
+          def self.start args
+            Gemstash::CLI.start args
+          end
+
+          ##
+          # Fetches the gemstash environment given a configuration file.
+          #
+          # @param [String] config_path The path to the configuration file.
+          #
+          # @return [Gemstash::Env]
+          def self.env config_path
+            config = Gemstash::Configuration.new file: config_path
+            Gemstash::Env.new config
+          end
+        end
+      end
+    end
+  end
+end

data/lib/google/cloud/gemserver/backend/key.rb

@@ -0,0 +1,152 @@
+# Copyright 2017 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#  https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "google/cloud/gemserver"
+require "stringio"
+require "fileutils"
+require "yaml"
+
+module Google
+  module Cloud
+    module Gemserver
+      module Backend
+        ##
+        # # Key
+        #
+        # Manages the creation and deletion of a key used to push gems to the
+        # gemserver and download them.
+        #
+        class Key
+          ##
+          # A mapping from gemserver permissions to gemstash permissions.
+          MAPPING = {
+            "write" => %w[push yank],
+            "read"  => %w[fetch]
+          }.freeze
+
+          ##
+          # Aliases for read and write permissions.
+          ALL         = ["both", "all", "", nil].freeze
+
+          ##
+          # Path to the credentials file checked when pushing gems to the gem
+          # server (or any endpoint).
+          GEM_CREDS   = File.expand_path("~/.gem")
+
+          ##
+          # The length of a key generated by gemstash.
+          KEY_LENGTH  = 32
+
+          ##
+          # Creates a key with given permissions.
+          #
+          # @param permissions [String] The permissions for a key. Optional.
+          #
+          # @return [String]
+          def self.create_key permissions = nil
+            mapped = map_perms permissions
+            args = base_args.concat mapped
+            output = capture_stdout { GemstashServer.start args }
+            key = parse_key(output)
+            puts "Created key: #{key}"
+            key
+          end
+
+          ##
+          # Deletes a given key.
+          #
+          # @param [String] key The key to delete.
+          def self.delete_key key
+            args = [
+              "--remove",
+              "--key=#{key}"
+            ]
+            GemstashServer.start base_args.concat(args)
+            puts "Deleted key: #{key}"
+            true
+          end
+
+          ##
+          # @private Maps read/write permissions to the permissions the
+          # gemstash gem uses.
+          #
+          # @param [String] perms The permissions to be mapped.
+          def self.map_perms perms
+            if perms == "write"
+              MAPPING["write"]
+            elsif ALL.include? perms
+              MAPPING["write"] + MAPPING["read"]
+            else
+              MAPPING["read"]
+            end
+          end
+
+          ##
+          # @private Temporarily routes stdout to a temporary variable such
+          # that stdout from gemstash is captured.
+          #
+          # @return [String]
+          def self.capture_stdout
+            old_stdout = $stdout
+            $stdout = StringIO.new
+            yield
+            $stdout.string
+          ensure
+            $stdout = old_stdout
+          end
+
+          ##
+          # @private The arguments passed to every gemstash key generation
+          # command.
+          #
+          # @return [Array]
+          def self.base_args
+            [
+              "authorize",
+              "--config-file=#{Google::Cloud::Gemserver::Configuration.new.config_path}"
+            ]
+          end
+
+          ##
+          # @private Outputs important information to the user on how they
+          # should set up their keys so pushing/installing gems works as
+          # intended.
+          def self.output_key_info
+            puts "Note: remember to add this key to ~/.gem/credentials" \
+              " so that you are able to push gems to the gemserver."
+            puts "Note: remember to add this key to your bundle config so " \
+              "that `bundle install` works for private gems (bundle config" \
+              " http://my-gemserver.appspot.com/private/ my-key"
+          end
+
+          ##
+          # Parses the key from output generated from the corresponding key
+          # creation command in gemstash.
+          #
+          # @param [String] output The output to parse.
+          #
+          # @return [String]
+          def self.parse_key output
+            i = output.index(":")
+            output[i+2..i+2+KEY_LENGTH].chomp
+          end
+
+          private_class_method :map_perms
+          private_class_method :capture_stdout
+          private_class_method :parse_key
+        end
+      end
+    end
+  end
+end