hoosegow 1.2.0

data/script/proxy-integration-test

@@ -0,0 +1,95 @@
+#!/usr/bin/env ruby
+
+require 'fileutils'
+require_relative '../lib/hoosegow'
+
+inmate_dir = '/hoosegow/inmate'
+inmate_file = File.join(inmate_dir, 'inmate.rb')
+if File.exist?(inmate_file)
+  system 'ls', '-l', inmate_dir
+  puts "ERROR: #{inmate_file} must not exist!"
+  exit 1
+end
+
+FileUtils.mkpath(inmate_dir)
+File.write(inmate_file, <<INMATE)
+class Hoosegow
+  module Inmate
+    def test_method(a, b)
+      yield :ok if block_given?
+      system "echo stdout in a child process"
+      $stderr.puts "stderr in this process"
+      raise b if a.to_s == 'raise'
+      a + b
+    end
+  end
+end
+INMATE
+
+at_exit { FileUtils.remove_entry_secure(inmate_file) }
+
+def main
+  each_hoosegow do |hoosegow|
+    try(hoosegow, :test_method, 1, 2)
+    try(hoosegow, :test_method, 1, 2) { |x| puts x }
+    try(hoosegow, :test_method, :raise, 'boom')
+  end
+end
+
+def try(hoosegow, method, *args, &block)
+  puts '-'*10
+  p :method => method, :args => args, :block? => !block.nil?
+  result = hoosegow.send(method, *args, &block)
+  p :result => result
+rescue => error
+  p :error => error
+  #puts error.backtrace
+end
+
+def each_hoosegow
+  puts '*'*10, 'no_proxy => true'
+  yield Hoosegow.new(:no_proxy => true)
+  puts '*'*10, 'no_proxy => false'
+  with_fake_docker do |docker|
+    yield docker.inject(Hoosegow.new)
+  end
+end
+
+def with_fake_docker
+  yield FakeDocker.new
+end
+
+class FakeDocker
+  def inject(hoosegow)
+    docker = self
+    hoosegow.define_singleton_method(:docker) { docker }
+    hoosegow
+  end
+
+  def run_container(image_name, input_data)
+    Open3.popen3("./bin/hoosegow") do |stdin, stdout, stderr, wait_thr|
+      stdin.write(input_data)
+      stdin.close
+      ios = [stdout, stderr]
+      while ios.any? do
+        readers, _, _ = IO.select(ios, [], [], 1)
+        if readers.nil?
+          break unless wait_thr.alive?
+        else
+          readers.each do |reader|
+            begin
+              type = reader == stdout ? 1 : 2
+              data = reader.read_nonblock(2**15)
+              yield([type, data.bytesize].pack('CxxxN') + data)
+            rescue EOFError
+              ios.delete(reader)
+            end
+          end
+        end
+      end
+      wait_thr.join
+    end
+  end
+end
+
+main

data/spec/hoosegow_docker_spec.rb

@@ -0,0 +1,109 @@
+require_relative '../lib/hoosegow'
+
+unless defined?(CONFIG)
+  begin
+    require_relative '../config'
+  rescue LoadError
+    CONFIG = {}
+  end
+end
+
+inmate_dir = File.join(File.dirname(__FILE__), 'test_inmate')
+CONFIG[:inmate_dir] = inmate_dir
+CONFIG[:image_name] ||= Hoosegow.new(CONFIG).image_name
+
+describe Hoosegow::Docker do
+  context 'volumes' do
+    subject { described_class.new(:volumes => volumes) }
+
+    context 'unspecified' do
+      subject { described_class.new }
+      its(:volumes_for_create) { should be_empty }
+      its(:volumes_for_bind) { should be_empty }
+    end
+
+    context 'empty' do
+      let(:volumes) { {} }
+      its(:volumes_for_create) { should be_empty }
+      its(:volumes_for_bind) { should be_empty }
+    end
+
+    context 'with volumes' do
+      let(:volumes) { {
+        "/inside/path" => "/home/burke/data-for-container:rw",
+        "/other/path" => "/etc/shared-config",
+      } }
+      its(:volumes_for_create) { should == {
+        "/inside/path" => {},
+        "/other/path" => {},
+      } }
+      its(:volumes_for_bind) { should == [
+        "/home/burke/data-for-container:/inside/path:rw",
+        "/etc/shared-config:/other/path:ro",
+      ] }
+    end
+  end
+
+  context 'docker_url' do
+    it "correctly generates TCP urls" do
+      hoosegow = Hoosegow::Docker.new CONFIG.merge(:host => "1.1.1.1", :port => 1234)
+      expect(::Docker.url).to eq("tcp://1.1.1.1:1234")
+    end
+
+    it "correctly generates Unix urls" do
+      hoosegow = Hoosegow::Docker.new CONFIG.merge(:socket => "/path/to/socket")
+      expect(::Docker.url).to eq("unix:///path/to/socket")
+    end
+  end
+
+  context "callbacks" do
+    let(:cb) { lambda { |info|  } }
+
+    it "calls after_create" do
+      expect(cb).to receive(:call).with { |*args| args.first.is_a? Hash }
+      docker = Hoosegow::Docker.new CONFIG.merge(:after_create => cb)
+      begin
+        docker.create_container CONFIG[:image_name]
+      ensure
+        docker.stop_container
+        docker.delete_container
+      end
+    end
+
+    it "calls after_start" do
+      expect(cb).to receive(:call).with { |*args| args.first.is_a? Hash }
+      docker = Hoosegow::Docker.new CONFIG.merge(:after_start => cb)
+      begin
+        docker.create_container CONFIG[:image_name]
+        docker.start_container
+      ensure
+        docker.stop_container
+        docker.delete_container
+      end
+    end
+
+    it "calls after_stop" do
+      expect(cb).to receive(:call).with { |*args| args.first.is_a? Hash }
+      docker = Hoosegow::Docker.new CONFIG.merge(:after_stop => cb)
+      begin
+        docker.create_container CONFIG[:image_name]
+        docker.start_container
+      ensure
+        docker.stop_container
+        docker.delete_container
+      end
+    end
+  end
+
+  context "image_exist?" do
+    it "returns true if the image exists" do
+      docker = Hoosegow::Docker.new CONFIG
+      expect(docker.image_exist?(CONFIG[:image_name])).to eq(true)
+    end
+
+    it "returns false if the image doesn't exist" do
+      docker = Hoosegow::Docker.new CONFIG
+      expect(docker.image_exist?("not_there")).to eq(false)
+    end
+  end
+end

data/spec/hoosegow_spec.rb

@@ -0,0 +1,170 @@
+require_relative '../lib/hoosegow'
+require 'msgpack'
+
+unless defined?(CONFIG)
+  begin
+    require_relative '../config'
+  rescue LoadError
+    CONFIG = {}
+  end
+end
+
+inmate_dir = File.join(File.dirname(__FILE__), 'test_inmate')
+CONFIG[:inmate_dir] = inmate_dir
+CONFIG[:image_name] ||= Hoosegow.new(CONFIG).image_name
+
+describe Hoosegow do
+  context "no_proxy option" do
+    it "runs directly if set" do
+      hoosegow = Hoosegow.new CONFIG.merge(:no_proxy => true)
+      hoosegow.stub :proxy_send => "not raboof"
+      hoosegow.render_reverse("foobar").should eq("raboof")
+    end
+
+    it "runs via proxy if not set" do
+      hoosegow = Hoosegow.new CONFIG
+      hoosegow.stub :proxy_send => "not raboof"
+      hoosegow.render_reverse("foobar").should eq("not raboof")
+      hoosegow.cleanup
+    end
+  end
+
+  context "image_exists?" do
+    it "returns true for existing images" do
+      hoosegow = Hoosegow.new CONFIG
+      expect(hoosegow.image_exists?).to eq(true)
+    end
+
+    it "returns false for images that don't exist" do
+      hoosegow = Hoosegow.new CONFIG.merge(:image_name => "not_there")
+      expect(hoosegow.image_exists?).to eq(false)
+    end
+  end
+end
+
+
+describe Hoosegow::Protocol::Proxy do
+  subject(:proxy) { Hoosegow::Protocol::Proxy.new(:yield => block, :stdout => stdout, :stderr => stderr) }
+  let(:block) { double('block') }
+  let(:stdout) { double('stdout') }
+  let(:stderr) { double('stderr') }
+
+  it "encodes the method call" do
+    expect(MessagePack.unpack(proxy.encode_send(:method_name, ["arg1", {:name => 'value'}]))).to eq(['method_name', ["arg1", {'name' => 'value'}]])
+  end
+
+  it "decodes a yield" do
+    block.should_receive(:call).with('a', 'b')
+    proxy.receive(:stdout, MessagePack.pack([:yield, ['a', 'b']]))
+  end
+
+  context 'with no block' do
+    let(:block) { nil }
+    it "decodes a yield" do
+      proxy.receive(:stdout, MessagePack.pack([:yield, ['a', 'b']]))
+    end
+  end
+
+  it "decodes the return value" do
+    proxy.receive(:stdout, MessagePack.pack([:return, 1]))
+    expect(proxy.return_value).to eq(1)
+  end
+
+  it "decodes a known error class" do
+    expect { proxy.receive(:stdout, MessagePack.pack([:raise, {:class => 'RuntimeError', :message => 'I went boom'}])) }.to raise_error(Hoosegow::InmateRuntimeError, "RuntimeError: I went boom")
+  end
+
+  it "decodes an error" do
+    expect { proxy.receive(:stdout, MessagePack.pack([:raise, {:class => 'SomeInternalError', :message => 'I went boom'}])) }.to raise_error(Hoosegow::InmateRuntimeError, "SomeInternalError: I went boom")
+  end
+
+  it "decodes an error with a stack trace" do
+    expect { proxy.receive(:stdout, MessagePack.pack([:raise, {:class => 'SomeInternalError', :message => 'I went boom', :backtrace => ['file.rb:33:in `example\'']}])) }.to raise_error(Hoosegow::InmateRuntimeError, "SomeInternalError: I went boom\nfile.rb:33:in `example'")
+  end
+
+  it "decodes stdout" do
+    stdout.should_receive(:write).with('abc')
+    proxy.receive(:stdout, MessagePack.pack([:stdout, 'abc']))
+  end
+
+  it "decodes stderr" do
+    stderr.should_receive(:write).with('abc')
+    proxy.receive(:stderr, 'abc')
+  end
+
+  it "decodes the return value, across several reads" do
+    MessagePack.pack([:return, :abcdefghijklmn]).each_char do |char|
+      proxy.receive(:stdout, char)
+    end
+    expect(proxy.return_value).to eq('abcdefghijklmn')
+  end
+end
+
+describe Hoosegow::Protocol::Inmate do
+  it "calls appropriate render method" do
+    inmate = double('inmate')
+    inmate.should_receive(:render).with('foobar').
+      and_yield(:a, 1).
+      and_yield(:b, 2, 3).
+      and_return('raboof')
+
+    stdin = StringIO.new(MessagePack.pack(['render', ['foobar']]))
+    stdout = StringIO.new
+    stdout.set_encoding('BINARY')
+    r,w = IO.pipe
+
+    Hoosegow::Protocol::Inmate.run(:inmate => inmate, :stdin => stdin, :stdout => stdout, :intercepted => r)
+
+    expect(stdout.string).to eq( MessagePack.pack([:yield, [:a, 1]]) + MessagePack.pack([:yield, [:b, 2, 3]]) + MessagePack.pack([:return, 'raboof']) )
+  end
+
+  it "encodes exceptions" do
+    inmate = Object.new
+    def inmate.render(s) ; raise 'boom' ; end
+
+    stdin = StringIO.new(MessagePack.pack(['render', ['foobar']]))
+    stdout = StringIO.new
+    stdout.set_encoding('BINARY')
+    r,w = IO.pipe
+
+    Hoosegow::Protocol::Inmate.run(:inmate => inmate, :stdin => stdin, :stdout => stdout, :intercepted => r)
+
+    unpacked_type, unpacked_data = MessagePack.unpack(stdout.string)
+    expect(unpacked_type).to eq('raise')
+    expect(unpacked_data).to include('class' => 'RuntimeError')
+    expect(unpacked_data).to include('message' => 'boom')
+    expect(unpacked_data['backtrace']).to be_a(Array)
+    expect(unpacked_data['backtrace'].first).to eq("#{__FILE__}:#{__LINE__ - 14}:in `render'")
+  end
+
+  it "does not hang if stdin isn't closed" do
+    # Use a pipe so that we have a not-closed IO
+    stdin, feed_stdin = IO.pipe
+    feed_stdin.write(MessagePack.pack(['render', ['foobar']]))
+
+    inmate = double('inmate')
+    inmate.should_receive(:render).with('foobar').and_return('raboof')
+    stdout = StringIO.new
+    stdout.set_encoding('BINARY')
+    r,w = IO.pipe
+
+    timeout(2) { Hoosegow::Protocol::Inmate.run(:inmate => inmate, :stdin => stdin, :stdout => stdout, :intercepted => r) }
+  end
+
+  it "encodes stdout" do
+    inmate = double('inmate')
+    inmate.should_receive(:render).with('foobar').and_return('raboof')
+
+    stdin = StringIO.new(MessagePack.pack(['render', ['foobar']]))
+    stdout = StringIO.new
+    stdout.set_encoding('BINARY')
+    r,w = IO.pipe
+    w.puts "STDOUT from somewhere"
+
+    Hoosegow::Protocol::Inmate.run(:inmate => inmate, :stdin => stdin, :stdout => stdout, :intercepted => r)
+
+    encoded_stdout = MessagePack.pack([:stdout, "STDOUT from somewhere\n"])
+    encoded_return = MessagePack.pack([:return, 'raboof'])
+    expect([encoded_stdout+encoded_return, encoded_return+encoded_stdout]).to include(stdout.string)
+  end
+end

data/spec/test_inmate/inmate.rb

@@ -0,0 +1,7 @@
+class Hoosegow
+  module Inmate
+    def render_reverse(s)
+      s.reverse
+    end
+  end
+end

metadata

@@ -0,0 +1,159 @@
+--- !ruby/object:Gem::Specification
+name: hoosegow
+version: !ruby/object:Gem::Version
+  version: 1.2.0
+platform: ruby
+authors:
+- Ben Toews
+- Matt Burke
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-10-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 10.3.2
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 10.3.2
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.3'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.14.1
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.14'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.14.1
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.14'
+- !ruby/object:Gem::Dependency
+  name: msgpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.5.6
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.5.6
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+- !ruby/object:Gem::Dependency
+  name: yajl-ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: docker-api
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.13.6
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.13.6
+description: Hoosegow provides an RPC layer on top of Docker containers so that you
+  can isolate unsafe parts of your application.
+email: mastahyeti@github.com
+executables:
+- hoosegow
+extensions: []
+extra_rdoc_files: []
+files:
+- Dockerfile
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- bin/hoosegow
+- docs/dispatch-seq.txt
+- docs/dispatch.md
+- docs/dispatch.png
+- hoosegow.gemspec
+- lib/hoosegow.rb
+- lib/hoosegow/docker.rb
+- lib/hoosegow/exceptions.rb
+- lib/hoosegow/image_bundle.rb
+- lib/hoosegow/protocol.rb
+- script/proxy-integration-test
+- spec/hoosegow_docker_spec.rb
+- spec/hoosegow_spec.rb
+- spec/test_inmate/inmate.rb
+homepage: https://github.com/github/hoosegow
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 1.9.3
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: A Docker jail for ruby code
+test_files: []