hieraviz 0.1.2 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/app/apiv1.rb +23 -18
- data/app/common.rb +38 -48
- data/app/public/js/base-switch.js +22 -20
- data/app/public/js/farms.js +4 -23
- data/app/public/js/main.js +35 -15
- data/app/public/js/nodes.js +17 -36
- data/app/views/_head.erb +4 -2
- data/app/views/_layout.erb +3 -1
- data/app/views/home.erb +1 -1
- data/app/views/store.erb +2 -2
- data/app/web.rb +50 -44
- data/config.ru +2 -4
- data/lib/hieraviz/auth_gitlab.rb +28 -25
- data/lib/hieraviz/config.rb +7 -6
- data/lib/hieraviz/facts.rb +6 -3
- data/lib/hieraviz/puppetdb.rb +1 -0
- data/lib/hieraviz/store.rb +28 -21
- data/lib/hieraviz/utilities.rb +14 -0
- data/lib/hieraviz.rb +6 -6
- data/spec/app/apiv1_spec.rb +188 -79
- data/spec/app/web_dummy_auth_spec.rb +11 -0
- data/spec/app/web_spec.rb +11 -13
- data/spec/files/config_dummy.yml +0 -1
- data/spec/lib/auth_gitlab_spec.rb +73 -21
- data/spec/lib/config_spec.rb +5 -8
- data/spec/lib/facts_spec.rb +14 -11
- data/spec/lib/puppetdb_spec.rb +18 -0
- data/spec/lib/store_spec.rb +40 -49
- data/spec/oauth2_helper.rb +5 -3
- data/spec/sinatra_helper.rb +2 -4
- data/spec/spec_helper.rb +10 -8
- metadata +73 -25
data/app/views/_layout.erb
CHANGED
@@ -11,7 +11,9 @@
|
|
11
11
|
<script src="/js/base-switch.js"></script>
|
12
12
|
<% end -%>
|
13
13
|
<% if session['access_token'] -%>
|
14
|
-
<script>
|
14
|
+
<script>
|
15
|
+
var session_key = "<%= session['access_token'] %>";
|
16
|
+
</script>
|
15
17
|
<% end -%>
|
16
18
|
<%= yield_content :more_js %>
|
17
19
|
</head>
|
data/app/views/home.erb
CHANGED
@@ -3,6 +3,6 @@ Welcome to hieraviz<br>
|
|
3
3
|
|
4
4
|
<% if settings.configdata['debug'] -%>
|
5
5
|
<%= session['access_token'] %><br>
|
6
|
-
<pre><%=
|
6
|
+
<pre><%= settings.store.get(session['access_token'], settings.configdata['session_renew']) if session['access_token'] %></pre>
|
7
7
|
</div>
|
8
8
|
<% end %>
|
data/app/views/store.erb
CHANGED
data/app/web.rb
CHANGED
@@ -11,14 +11,15 @@ require 'hieraviz'
|
|
11
11
|
require File.expand_path '../common.rb', __FILE__
|
12
12
|
|
13
13
|
module HieravizApp
|
14
|
+
# the unique web endpoints management
|
14
15
|
class Web < Common
|
15
16
|
helpers Sinatra::ContentFor
|
16
17
|
register Sinatra::Flash
|
17
18
|
|
18
19
|
configure do
|
19
20
|
set :session_secret, settings.configdata['session_seed']
|
20
|
-
set :public_folder,
|
21
|
-
set :views_folder,
|
21
|
+
set :public_folder, -> { File.join(root, 'public') }
|
22
|
+
set :views_folder, -> { File.join(root, 'views') }
|
22
23
|
set :erb, layout: :_layout
|
23
24
|
enable :sessions
|
24
25
|
end
|
@@ -32,26 +33,29 @@ module HieravizApp
|
|
32
33
|
when 'dummy'
|
33
34
|
|
34
35
|
get '/logout' do
|
35
|
-
session.delete
|
36
|
+
session.delete 'access_token'
|
36
37
|
erb :logout
|
37
38
|
end
|
38
39
|
|
39
40
|
get '/login' do
|
40
|
-
session[
|
41
|
+
session['access_token'] = '0000'
|
41
42
|
redirect '/'
|
42
43
|
end
|
43
44
|
|
44
45
|
helpers do
|
45
46
|
def check_authorization
|
46
|
-
'
|
47
|
+
if session['access_token']
|
48
|
+
return 'dummy'
|
49
|
+
end
|
50
|
+
false
|
47
51
|
end
|
48
52
|
end
|
49
53
|
|
50
54
|
when 'http'
|
51
55
|
|
52
|
-
use Rack::Auth::Basic,
|
53
|
-
|
54
|
-
|
56
|
+
use Rack::Auth::Basic, 'Puppet Private Access' do |user, pass|
|
57
|
+
user == settings.configdata['http_auth']['username'] &&
|
58
|
+
pass == settings.configdata['http_auth']['password']
|
55
59
|
end
|
56
60
|
|
57
61
|
get '/logout' do
|
@@ -60,10 +64,11 @@ module HieravizApp
|
|
60
64
|
|
61
65
|
helpers do
|
62
66
|
def check_authorization
|
63
|
-
|
64
|
-
|
67
|
+
http_auth = settings.configdata['http_auth']
|
68
|
+
unless session['access_token']
|
69
|
+
session[:access_token] = http_auth['access_token']
|
65
70
|
end
|
66
|
-
|
71
|
+
http_auth['username']
|
67
72
|
end
|
68
73
|
end
|
69
74
|
|
@@ -72,24 +77,32 @@ module HieravizApp
|
|
72
77
|
set :oauth, Hieraviz::AuthGitlab.new(settings.configdata['gitlab_auth'])
|
73
78
|
|
74
79
|
helpers do
|
75
|
-
|
76
80
|
def check_authorization
|
77
|
-
if
|
78
|
-
redirect settings.oauth.login_url(request)
|
79
|
-
else
|
80
|
-
session_info = Hieraviz::Store.get(session['access_token'], settings.configdata['session_renew'])
|
81
|
-
if !session_info
|
82
|
-
if !settings.oauth.authorized?(session['access_token'])
|
83
|
-
flash[:fatal] = "Sorry you are not authorized to read puppet repo on gitlab."
|
84
|
-
redirect '/'
|
85
|
-
else
|
86
|
-
Hieraviz::Store.set session['access_token'], settings.oauth.user_info(session['access_token'])
|
87
|
-
session_info = Hieraviz::Store.get(session['access_token'], settings.configdata['session_renew'])
|
88
|
-
end
|
89
|
-
end
|
81
|
+
if session_info['username']
|
90
82
|
session_info['username']
|
83
|
+
else
|
84
|
+
access_token = session['access_token']
|
85
|
+
oauth = settings.oauth
|
86
|
+
redirect oauth.login_url(request) unless access_token
|
87
|
+
return init_session(oauth, access_token) if oauth.authorized?(access_token)
|
88
|
+
sorry
|
91
89
|
end
|
92
90
|
end
|
91
|
+
|
92
|
+
def session_info
|
93
|
+
settings.store.get session['access_token'], settings.configdata['session_renew']
|
94
|
+
end
|
95
|
+
|
96
|
+
def init_session(oauth, access_token)
|
97
|
+
user_info = oauth.user_info(access_token)
|
98
|
+
settings.store.set access_token, user_info
|
99
|
+
user_info['username']
|
100
|
+
end
|
101
|
+
|
102
|
+
def sorry
|
103
|
+
flash[:fatal] = 'Sorry you are not authorized to read puppet repo on gitlab.'
|
104
|
+
redirect '/'
|
105
|
+
end
|
93
106
|
end
|
94
107
|
|
95
108
|
get '/login' do
|
@@ -99,8 +112,8 @@ module HieravizApp
|
|
99
112
|
get '/logged-in' do
|
100
113
|
access_token = settings.oauth.access_token(request, params[:code])
|
101
114
|
session[:access_token] = access_token.token
|
102
|
-
|
103
|
-
flash['info'] =
|
115
|
+
settings.store.set access_token.token, settings.oauth.user_info(access_token.token)
|
116
|
+
flash['info'] = 'Successfully authenticated with the server'
|
104
117
|
redirect '/'
|
105
118
|
end
|
106
119
|
|
@@ -109,15 +122,13 @@ module HieravizApp
|
|
109
122
|
redirect '/'
|
110
123
|
end
|
111
124
|
|
112
|
-
else
|
113
125
|
end
|
114
126
|
|
115
127
|
get '/' do
|
116
128
|
if settings.basepaths
|
117
129
|
redirect "/#{File.basename(settings.configdata['basepath'])}"
|
118
130
|
else
|
119
|
-
@username =
|
120
|
-
hieracles_config = prepare_config(nil)
|
131
|
+
@username = username
|
121
132
|
erb :home
|
122
133
|
end
|
123
134
|
end
|
@@ -126,7 +137,7 @@ module HieravizApp
|
|
126
137
|
@username = check_authorization
|
127
138
|
hieracles_config = prepare_config(base)
|
128
139
|
@nodes = Hieracles::Registry.nodes(hieracles_config)
|
129
|
-
erb :nodes
|
140
|
+
erb :nodes
|
130
141
|
end
|
131
142
|
|
132
143
|
get %r{^/?([-_\.a-zA-Z0-9]+)?/farms} do |base|
|
@@ -137,37 +148,33 @@ module HieravizApp
|
|
137
148
|
end
|
138
149
|
|
139
150
|
get %r{^/?([-_\.a-zA-Z0-9]+)?/modules} do |base|
|
151
|
+
prepare_config(base)
|
140
152
|
@username = check_authorization
|
141
|
-
hieracles_config = prepare_config(base)
|
142
153
|
erb :modules
|
143
154
|
end
|
144
155
|
|
145
156
|
get %r{^/?([-_\.a-zA-Z0-9]+)?/resources} do |base|
|
157
|
+
prepare_config(base)
|
146
158
|
@username = check_authorization
|
147
|
-
hieracles_config = prepare_config(base)
|
148
159
|
erb :resources
|
149
160
|
end
|
150
161
|
|
151
162
|
get %r{^/?([-_\.a-zA-Z0-9]+)?/user} do |base|
|
163
|
+
prepare_config(base)
|
152
164
|
@username = check_authorization
|
153
|
-
|
154
|
-
if session[:access_token]
|
155
|
-
@userinfo = get_userinfo
|
156
|
-
else
|
157
|
-
@userinfo = {}
|
158
|
-
end
|
165
|
+
@userinfo = session[:access_token] ? userinfo : {}
|
159
166
|
erb :user
|
160
167
|
end
|
161
168
|
|
162
169
|
get %r{^/([-_\.a-zA-Z0-9]+)$} do |base|
|
163
|
-
|
164
|
-
|
170
|
+
prepare_config(base)
|
171
|
+
@username = username
|
165
172
|
erb :home
|
166
173
|
end
|
167
174
|
|
168
175
|
# debug pages --------------------
|
169
176
|
# get '/store' do
|
170
|
-
# #
|
177
|
+
# # settings.store.set 'woot', 'nada'
|
171
178
|
# erb :store
|
172
179
|
# end
|
173
180
|
# error 401 do
|
@@ -180,10 +187,9 @@ module HieravizApp
|
|
180
187
|
# debug pages --------------------
|
181
188
|
|
182
189
|
not_found do
|
183
|
-
@username =
|
190
|
+
@username = username
|
184
191
|
erb :not_found, layout: :_layout
|
185
192
|
end
|
186
193
|
|
187
|
-
|
188
194
|
end
|
189
195
|
end
|
data/config.ru
CHANGED
data/lib/hieraviz/auth_gitlab.rb
CHANGED
@@ -1,50 +1,53 @@
|
|
1
1
|
require 'oauth2'
|
2
|
+
require 'hieraviz/utilities'
|
2
3
|
|
3
4
|
module Hieraviz
|
5
|
+
# class to manage gitlab oauth2 connection and authorization checks
|
4
6
|
class AuthGitlab
|
7
|
+
include Utilities
|
5
8
|
|
6
9
|
def initialize(settings)
|
7
|
-
@@client ||= OAuth2::Client.new(
|
8
|
-
settings['application_id'],
|
9
|
-
settings['secret'],
|
10
|
-
:site => settings['host']
|
11
|
-
)
|
12
10
|
@settings = settings
|
11
|
+
@client = OAuth2::Client.new(
|
12
|
+
@settings['application_id'],
|
13
|
+
@settings['secret'],
|
14
|
+
site: @settings['host']
|
15
|
+
)
|
13
16
|
end
|
14
17
|
|
15
18
|
def access_token(request, code)
|
16
|
-
|
19
|
+
@client.auth_code.get_token(code, redirect_uri: redirect_uri(request.url))
|
17
20
|
end
|
18
21
|
|
19
22
|
def get_response(url, token)
|
20
|
-
a_token = OAuth2::AccessToken.new(
|
23
|
+
a_token = OAuth2::AccessToken.new(@client, token)
|
21
24
|
begin
|
22
25
|
JSON.parse(a_token.get(url).body)
|
23
|
-
rescue
|
24
|
-
{ 'error' => JSON.parse(
|
26
|
+
rescue StandardError => error
|
27
|
+
{ 'error' => JSON.parse(error.message.split(/\n/)[1])['message'] }
|
25
28
|
end
|
26
29
|
end
|
27
30
|
|
28
|
-
def redirect_uri(url)
|
29
|
-
uri = URI.parse(url)
|
30
|
-
uri.path = '/logged-in'
|
31
|
-
uri.query = nil
|
32
|
-
uri.fragment = nil
|
33
|
-
uri.to_s
|
34
|
-
end
|
35
|
-
|
36
31
|
def login_url(request)
|
37
|
-
|
32
|
+
@client.auth_code.authorize_url(redirect_uri: redirect_uri(request.url))
|
38
33
|
end
|
39
34
|
|
40
35
|
def authorized?(token)
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
36
|
+
resource_required = @settings['resource_required']
|
37
|
+
if resource_required
|
38
|
+
return check_authorization(resource_required, token)
|
39
|
+
end
|
40
|
+
true
|
41
|
+
end
|
42
|
+
|
43
|
+
def check_authorization(resource_required, token)
|
44
|
+
resp = get_response(resource_required, token)
|
45
|
+
resp_required_response_key = resp[@settings['required_response_key']].to_s
|
46
|
+
resp_required_response_value = @settings['required_response_value'].to_s
|
47
|
+
if resp['error'] ||
|
48
|
+
( resp_required_response_key &&
|
49
|
+
resp_required_response_key != resp_required_response_value)
|
50
|
+
return false
|
48
51
|
end
|
49
52
|
true
|
50
53
|
end
|
data/lib/hieraviz/config.rb
CHANGED
@@ -1,18 +1,18 @@
|
|
1
1
|
module Hieraviz
|
2
|
+
# module to manage parsing and holding of configuration variables
|
2
3
|
module Config
|
3
|
-
extend self
|
4
|
-
|
5
4
|
def load
|
6
5
|
@_config = YAML.load_file(configfile)
|
7
6
|
end
|
8
7
|
|
9
8
|
def configfile
|
10
|
-
root_path(ENV['HIERAVIZ_CONFIG_FILE'] || File.join(
|
9
|
+
root_path(ENV['HIERAVIZ_CONFIG_FILE'] || File.join('config', 'hieraviz.yml'))
|
11
10
|
end
|
12
11
|
|
13
12
|
def basepaths
|
14
|
-
|
15
|
-
|
13
|
+
basepath_dir = @_config['basepath_dir']
|
14
|
+
if @_config && basepath_dir
|
15
|
+
Dir.glob(root_path(basepath_dir)).map { |path| File.expand_path(path) }
|
16
16
|
end
|
17
17
|
end
|
18
18
|
|
@@ -27,6 +27,7 @@ module Hieraviz
|
|
27
27
|
File.join(root, path)
|
28
28
|
end
|
29
29
|
end
|
30
|
-
|
30
|
+
|
31
|
+
module_function :load, :configfile, :basepaths, :root, :root_path
|
31
32
|
end
|
32
33
|
end
|
data/lib/hieraviz/facts.rb
CHANGED
@@ -1,10 +1,11 @@
|
|
1
1
|
module Hieraviz
|
2
|
+
# class for storage and retrieval of customized facts that can overlay hiera facts
|
2
3
|
class Facts
|
3
4
|
|
4
5
|
def initialize(tmpdir, base, node, user)
|
5
6
|
@filename = File.join(tmpdir, "#{base}__#{node}__#{user}")
|
6
7
|
end
|
7
|
-
|
8
|
+
|
8
9
|
def exist?
|
9
10
|
File.exist? @filename
|
10
11
|
end
|
@@ -12,11 +13,13 @@ module Hieraviz
|
|
12
13
|
def read
|
13
14
|
if exist?
|
14
15
|
Marshal.load(File.binread(@filename))
|
16
|
+
else
|
17
|
+
{}
|
15
18
|
end
|
16
19
|
end
|
17
|
-
|
20
|
+
|
18
21
|
def write(data)
|
19
|
-
File.open(@filename, 'wb') {|
|
22
|
+
File.open(@filename, 'wb') { |file| file.write(Marshal.dump(data)) }
|
20
23
|
end
|
21
24
|
|
22
25
|
def remove
|
data/lib/hieraviz/puppetdb.rb
CHANGED
data/lib/hieraviz/store.rb
CHANGED
@@ -1,25 +1,37 @@
|
|
1
1
|
module Hieraviz
|
2
|
-
|
3
|
-
|
2
|
+
class Store
|
3
|
+
|
4
|
+
def initialize(storedir)
|
5
|
+
@tmpdir = init_tmpdir(storedir)
|
6
|
+
end
|
4
7
|
|
5
8
|
def data
|
6
|
-
@_data ||=
|
9
|
+
@_data ||= {}
|
10
|
+
end
|
11
|
+
|
12
|
+
def clear_data
|
13
|
+
@_data = {}
|
14
|
+
data
|
7
15
|
end
|
8
16
|
|
9
17
|
def set(key, value)
|
10
|
-
File.open(tmpfile(key), 'w') do |
|
11
|
-
|
18
|
+
File.open(tmpfile(key), 'w') do |file|
|
19
|
+
file.print Marshal.dump(value)
|
12
20
|
end
|
13
21
|
data[key] = value
|
14
22
|
end
|
15
23
|
|
16
|
-
def get(key, expiration
|
17
|
-
|
18
|
-
if File.exist?(
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
24
|
+
def get(key, expiration)
|
25
|
+
file = tmpfile(key)
|
26
|
+
if File.exist?(file)
|
27
|
+
if expiration && expired?(file, expiration)
|
28
|
+
File.unlink(file)
|
29
|
+
clear_data
|
30
|
+
else
|
31
|
+
data[key] ||= Marshal.load(File.read(file).chomp)
|
32
|
+
end
|
33
|
+
else
|
34
|
+
clear_data
|
23
35
|
end
|
24
36
|
end
|
25
37
|
|
@@ -28,19 +40,14 @@ module Hieraviz
|
|
28
40
|
end
|
29
41
|
|
30
42
|
def tmpfile(name)
|
31
|
-
File.join tmpdir, name.gsub(/[^a-z0-9]/,'')
|
32
|
-
end
|
33
|
-
|
34
|
-
def tmpdir
|
35
|
-
@_tmpdir ||= init_tmpdir
|
43
|
+
File.join @tmpdir, name.gsub(/[^a-z0-9]/, '')
|
36
44
|
end
|
37
45
|
|
38
|
-
def init_tmpdir
|
39
|
-
|
40
|
-
tmp = config['tmpdir'] || '/tmp'
|
46
|
+
def init_tmpdir(storedir)
|
47
|
+
tmp = storedir || '/tmp'
|
41
48
|
begin
|
42
49
|
FileUtils.mkdir_p(tmp) unless Dir.exist?(tmp)
|
43
|
-
rescue
|
50
|
+
rescue
|
44
51
|
tmp = '/tmp'
|
45
52
|
end
|
46
53
|
tmp
|
data/lib/hieraviz.rb
CHANGED
@@ -1,10 +1,10 @@
|
|
1
1
|
require 'hieracles'
|
2
|
-
require
|
3
|
-
require
|
4
|
-
require
|
5
|
-
require
|
6
|
-
require
|
7
|
-
require
|
2
|
+
require 'hieraviz/version'
|
3
|
+
require 'hieraviz/config'
|
4
|
+
require 'hieraviz/store'
|
5
|
+
require 'hieraviz/facts'
|
6
|
+
require 'hieraviz/auth_gitlab'
|
7
|
+
require 'hieraviz/puppetdb'
|
8
8
|
|
9
9
|
module Hieraviz
|
10
10
|
# Your code goes here...
|