idlc-sdk-pfm 1.0.0.pre.2

data/lib/idlc-sdk-pfm/command/templates/base/files/config/init.ps1.userdata

@@ -0,0 +1,219 @@
+<powershell>
+# Configure a Windows host for remote management with Ansible
+# -----------------------------------------------------------
+#
+# This script checks the current WinRM/PSRemoting configuration and makes the
+# necessary changes to allow Ansible to connect, authenticate and execute
+# PowerShell commands.
+#
+# Set $VerbosePreference = "Continue" before running the script in order to
+# see the output messages.
+# Set $SkipNetworkProfileCheck to skip the network profile check.  Without
+# specifying this the script will only run if the device's interfaces are in
+# DOMAIN or PRIVATE zones.  Provide this switch if you want to enable winrm on
+# a device with an interface in PUBLIC zone.
+#
+# Written by Trond Hindenes <trond@hindenes.com>
+# Updated by Chris Church <cchurch@ansible.com>
+# Updated by Michael Crilly <mike@autologic.cm>
+#
+# Version 1.0 - July 6th, 2014
+# Version 1.1 - November 11th, 2014
+# Version 1.2 - May 15th, 2015
+
+Param (
+    [string]$SubjectName = $env:COMPUTERNAME,
+    [int]$CertValidityDays = 365,
+    [switch]$SkipNetworkProfileCheck,
+    $CreateSelfSignedCert = $true
+)
+
+Function New-LegacySelfSignedCert
+{
+    Param (
+        [string]$SubjectName,
+        [int]$ValidDays = 365
+    )
+
+    $name = New-Object -COM "X509Enrollment.CX500DistinguishedName.1"
+    $name.Encode("CN=$SubjectName", 0)
+
+    $key = New-Object -COM "X509Enrollment.CX509PrivateKey.1"
+    $key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
+    $key.KeySpec = 1
+    $key.Length = 1024
+    $key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)"
+    $key.MachineContext = 1
+    $key.Create()
+
+    $serverauthoid = New-Object -COM "X509Enrollment.CObjectId.1"
+    $serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1")
+    $ekuoids = New-Object -COM "X509Enrollment.CObjectIds.1"
+    $ekuoids.Add($serverauthoid)
+    $ekuext = New-Object -COM "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1"
+    $ekuext.InitializeEncode($ekuoids)
+
+    $cert = New-Object -COM "X509Enrollment.CX509CertificateRequestCertificate.1"
+    $cert.InitializeFromPrivateKey(2, $key, "")
+    $cert.Subject = $name
+    $cert.Issuer = $cert.Subject
+    $cert.NotBefore = (Get-Date).AddDays(-1)
+    $cert.NotAfter = $cert.NotBefore.AddDays($ValidDays)
+    $cert.X509Extensions.Add($ekuext)
+    $cert.Encode()
+
+    $enrollment = New-Object -COM "X509Enrollment.CX509Enrollment.1"
+    $enrollment.InitializeFromRequest($cert)
+    $certdata = $enrollment.CreateRequest(0)
+    $enrollment.InstallResponse(2, $certdata, 0, "")
+
+    # Return the thumbprint of the last installed certificate;
+    # This is needed for the new HTTPS WinRM listerner we're
+    # going to create further down.
+    Get-ChildItem "Cert:\LocalMachine\my"| Sort-Object NotBefore -Descending | Select -First 1 | Select -Expand Thumbprint
+}
+
+# Setup error handling.
+Trap
+{
+    $_
+    Exit 1
+}
+$ErrorActionPreference = "Stop"
+
+# Detect PowerShell version.
+If ($PSVersionTable.PSVersion.Major -lt 3)
+{
+    Throw "PowerShell version 3 or higher is required."
+}
+
+# Find and start the WinRM service.
+Write-Verbose "Verifying WinRM service."
+If (!(Get-Service "WinRM"))
+{
+    Throw "Unable to find the WinRM service."
+}
+ElseIf ((Get-Service "WinRM").Status -ne "Running")
+{
+    Write-Verbose "Starting WinRM service."
+    Start-Service -Name "WinRM" -ErrorAction Stop
+}
+
+# WinRM should be running; check that we have a PS session config.
+If (!(Get-PSSessionConfiguration -Verbose:$false) -or (!(Get-ChildItem WSMan:\localhost\Listener)))
+{
+  if ($SkipNetworkProfileCheck) {
+    Write-Verbose "Enabling PS Remoting without checking Network profile."
+    Enable-PSRemoting -SkipNetworkProfileCheck -Force -ErrorAction Stop
+  }
+  else {
+    Write-Verbose "Enabling PS Remoting"
+    Enable-PSRemoting -Force -ErrorAction Stop
+  }
+}
+Else
+{
+    Write-Verbose "PS Remoting is already enabled."
+}
+
+# Make sure there is a SSL listener.
+$listeners = Get-ChildItem WSMan:\localhost\Listener
+If (!($listeners | Where {$_.Keys -like "TRANSPORT=HTTPS"}))
+{
+    # HTTPS-based endpoint does not exist.
+    If (Get-Command "New-SelfSignedCertificate" -ErrorAction SilentlyContinue)
+    {
+        $cert = New-SelfSignedCertificate -DnsName $SubjectName -CertStoreLocation "Cert:\LocalMachine\My"
+        $thumbprint = $cert.Thumbprint
+        Write-Host "Self-signed SSL certificate generated; thumbprint: $thumbprint"
+    }
+    Else
+    {
+        $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName
+        Write-Host "(Legacy) Self-signed SSL certificate generated; thumbprint: $thumbprint"
+    }
+
+    # Create the hashtables of settings to be used.
+    $valueset = @{}
+    $valueset.Add('Hostname', $SubjectName)
+    $valueset.Add('CertificateThumbprint', $thumbprint)
+
+    $selectorset = @{}
+    $selectorset.Add('Transport', 'HTTPS')
+    $selectorset.Add('Address', '*')
+
+    Write-Verbose "Enabling SSL listener."
+    New-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset -ValueSet $valueset
+}
+Else
+{
+    Write-Verbose "SSL listener is already active."
+}
+
+# Check for basic authentication.
+$basicAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where {$_.Name -eq "Basic"}
+If (($basicAuthSetting.Value) -eq $false)
+{
+    Write-Verbose "Enabling basic auth support."
+    Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $true
+}
+Else
+{
+    Write-Verbose "Basic auth is already enabled."
+}
+
+# Configure firewall to allow WinRM HTTPS connections.
+$fwtest1 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS"
+$fwtest2 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS" profile=any
+If ($fwtest1.count -lt 5)
+{
+    Write-Verbose "Adding firewall rule to allow WinRM HTTPS."
+    netsh advfirewall firewall add rule profile=any name="Allow WinRM HTTPS" dir=in localport=5986 protocol=TCP action=allow
+}
+ElseIf (($fwtest1.count -ge 5) -and ($fwtest2.count -lt 5))
+{
+    Write-Verbose "Updating firewall rule to allow WinRM HTTPS for any profile."
+    netsh advfirewall firewall set rule name="Allow WinRM HTTPS" new profile=any
+}
+Else
+{
+    Write-Verbose "Firewall rule already exists to allow WinRM HTTPS."
+}
+
+# Test a remoting connection to localhost, which should work.
+$httpResult = Invoke-Command -ComputerName "localhost" -ScriptBlock {$env:COMPUTERNAME} -ErrorVariable httpError -ErrorAction SilentlyContinue
+$httpsOptions = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck
+
+$httpsResult = New-PSSession -UseSSL -ComputerName "localhost" -SessionOption $httpsOptions -ErrorVariable httpsError -ErrorAction SilentlyContinue
+
+If ($httpResult -and $httpsResult)
+{
+    Write-Verbose "HTTP: Enabled | HTTPS: Enabled"
+}
+ElseIf ($httpsResult -and !$httpResult)
+{
+    Write-Verbose "HTTP: Disabled | HTTPS: Enabled"
+}
+ElseIf ($httpResult -and !$httpsResult)
+{
+    Write-Verbose "HTTP: Enabled | HTTPS: Disabled"
+}
+Else
+{
+    Throw "Unable to establish an HTTP or HTTPS remoting session."
+}
+Write-Verbose "PS Remoting has been successfully configured for Ansible."
+
+# Change the Administrator password to something temporary for provisioning.
+# This will be changed back to something secure on deployment, so we can safely
+# store this password in plain text in SCM.
+$user = "Administrator"
+$pass = 'Aut0m@t0r'
+$newpass = [ADSI]"WinNT://localhost/$user,user"
+$newpass.SetPassword($pass)
+$newpass.SetInfo()
+
+# Turn off PowerShell execution policy restrictions
+Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope LocalMachine
+
+</powershell>

data/lib/idlc-sdk-pfm/command/validate.rb

@@ -0,0 +1,85 @@
+require 'idlc-sdk-pfm/command/base'
+require 'idlc-sdk-pfm/command/validator_commands'
+require 'idlc-sdk-pfm/command/validator_commands/base'
+require 'idlc-sdk-pfm/command/validator_commands/server_build'
+require 'idlc-sdk-pfm/command/validator_commands/infrastructure'
+
+module Pfm
+  module Command
+    class Validate < Base
+
+      ValidatorCommand = Struct.new(:name, :class_name, :description)
+
+      def self.validators
+        @validators ||= []
+      end
+
+      def self.validator(name, class_name, description)
+        validators << ValidatorCommand.new(name, class_name, description)
+      end
+
+      validator('server-build', :ServerBuild, 'Validate a server build repo')
+      validator('infrastructure', :Infrastructure, 'Validate an infrastructure repo')
+
+      def self.banner_headline
+        <<-E
+Usage: pfm validate VALIDATOR [options]
+Available validators:
+E
+      end
+
+      def self.validator_list
+        justify_size = validators.map { |g| g.name.size }.max + 2
+        validators.map { |g| "  #{g.name.to_s.ljust(justify_size)}#{g.description}" }.join("\n")
+      end
+
+      def self.banner
+        banner_headline + validator_list + "\n"
+      end
+
+      # pfm validate app path/to/basename --skel=path/to/skeleton --example
+      # pfm validate file name [path/to/cookbook_root] (inferred from cwd) --from=source_file
+
+      def initialize(*args)
+        super
+      end
+
+      def run(params)
+        if validator_spec = validator_for(params[0])
+          params.shift
+          validator = ValidatorCommands.build(validator_spec.class_name, params)
+          validator.run
+        else
+          msg(banner)
+          1
+        end
+      rescue OptionParser::InvalidOption, OptionParser::MissingArgument => e
+        # Pfm::Command::Base also handles this error in the same way, but it
+        # does not have access to the correct option parser, so it cannot print
+        # the usage correctly. Therefore, invalid CLI usage needs to be handled
+        # here.
+        err("ERROR: #{e.message}\n")
+        msg(validator.opt_parser)
+        1
+      end
+
+      def validator_for(arg)
+        self.class.validators.find { |g| g.name.to_s == arg }
+      end
+
+      # In the Base class, this is defined to be true if any args match "-h" or
+      # "--help". Here we override that behavior such that if the first
+      # argument is a valid validator name, like `pfm validate server-build -h`,
+      # we delegate the request to the specified validator.
+      def needs_help?(params)
+        return false if have_validator?(params[0])
+        super
+      end
+
+      def have_validator?(name)
+        self.class.validators.map { |g| g.name.to_s }.include?(name)
+      end
+
+    end
+  end
+end

data/lib/idlc-sdk-pfm/command/validator_commands/base.rb

@@ -0,0 +1,65 @@
+require "idlc-sdk-pfm/command/validator_commands"
+
+module Pfm
+  module Command
+    module ValidatorCommands
+      class ValidationError < StandardError; end
+
+      class Base < Command::Base
+        attr_reader :params
+        attr_reader :errors
+
+        options.merge!(SharedValidatorOptions.options)
+
+        def initialize(params)
+          super()
+          @params_valid = true
+          @errors = []
+          @params = params
+          @failure = false
+
+          @reports_dir = "#{Pfm::Settings.new.config_directory}/tests/reports"
+          @artifacts_dir = "#{Pfm::Settings.new.config_directory}/tests/artifacts"
+        end
+
+        def setup_context; end
+
+        def read_and_validate_params
+          arguments = parse_options(@params)
+
+          case arguments.size
+          when 0
+            @params_valid = (@config[:validator_name] == 'infrastructure')
+
+          when 1
+            @params_valid = build_exists?
+
+          when 2
+
+          else
+            @params_valid = false
+          end
+        end
+
+        def params_valid?
+          @params_valid
+        end
+
+        def use_circle_ci?
+          @params.include?('-c') || @params.include?('--circle-ci')
+        end
+
+        def setup_artifacts_dirs
+          if use_circle_ci?
+            @reports_dir = ENV['CIRCLE_TEST_REPORTS']
+            @artifacts_dir = ENV['CIRCLE_ARTIFACTS']
+            return
+          end
+
+          FileUtils.mkdir_p(@reports_dir)
+          FileUtils.mkdir_p(@artifacts_dir)
+        end
+      end
+    end
+  end
+end

data/lib/idlc-sdk-pfm/command/validator_commands/infrastructure.rb

@@ -0,0 +1,46 @@
+module Pfm
+  module Command
+    module ValidatorCommands
+      class Infrastructure < Base
+        banner 'Usage: pfm validate infrastructure [options]'
+
+        option :app_release,
+               short:        '-a VERSION',
+               long:         '--app-release VERSION',
+               description:  'Application Version Number to Deploy',
+               default:      ''
+
+        options.merge!(SharedValidatorOptions.options)
+
+        def run
+          @config[:validator_name] = 'infrastructure'
+
+          read_and_validate_params
+          setup_artifacts_dirs
+
+          if params_valid?
+            deploy_setup
+            validate
+            # @workspace.cleanup causing bundler issues
+            0
+          else
+            errors.each { |error| err("Error: #{error}") }
+            parse_options(params)
+            msg(opt_parser)
+            1
+          end
+        rescue ValidationError => e
+          err("ERROR: #{e}")
+          1
+        end
+
+        def validate
+          Terraform::Binary.validate(@workspace.tmp_dir.to_s)
+          msg('Verified repository..')
+        rescue Terraform::Binary::Command::CommandFailure
+          raise ValidationError, 'Failures reported during validation!'
+        end
+      end
+    end
+  end
+end

data/lib/idlc-sdk-pfm/command/validator_commands/server_build.rb

@@ -0,0 +1,135 @@
+module Pfm
+  module Command
+    module ValidatorCommands
+      class ServerBuild < Base
+        banner 'Usage: pfm validate server-build BUILD_NAME [options]'
+
+        option :build_version,
+               short:        '-b VERSION',
+               long:         '--build-version VERSION',
+               description:  'override version number of build',
+               default:      nil
+
+        option :build_template,
+               short:        '-t TEMPLATE',
+               long:         '--build-template TEMPLATE',
+               description:  'The Build Template to use. Defaults to build.json',
+               default:      'build.json'
+
+        option :build_metadata,
+               short:        '-m METADATA_FILE',
+               long:         '--build-metadata METADATA_FILE',
+               description:  'The build metadata file to use. Defaults to \'metadata\'',
+               default:      'metadata'
+
+        options.merge!(SharedValidatorOptions.options)
+
+        def run
+          read_and_validate_params
+          setup_artifacts_dirs
+
+          if params_valid?
+            build_setup
+            validate
+            # @workspace.cleanup causing bundler issues
+            0
+          else
+            errors.each { |error| err("Error: #{error}") }
+            parse_options(params)
+            msg(opt_parser)
+            1
+          end
+        rescue ValidationError => e
+          err("ERROR: #{e}")
+          1
+        end
+
+        def validate
+          lint_packer
+          lint_chef
+          unit_test
+
+          raise ValidationError, 'Failures reported during validation!' if @failure
+          msg('Verified repository..')
+        end
+
+        def lint_packer
+          Packer::Binary.validate("#{@build_config.dump_build_vars} #{@config[:build_template]}")
+        rescue Packer::Binary::Command::CommandFailure
+          @failure = true
+        end
+
+        def lint_chef
+          base_path = 'chef'
+          cookbooks_dir = 'cookbooks'
+
+          # Loop through the base directory looking through all of the cookbooks
+          # for unit tests
+          Dir.entries(base_path).each do |dir|
+            next unless File.directory? "#{base_path}/#{dir}/#{cookbooks_dir}"
+            next if dir.to_s == 'vendor'
+
+            Dir.entries("#{base_path}/#{dir}/#{cookbooks_dir}").each do |cookbook|
+              next unless File.directory? "#{base_path}/#{dir}/#{cookbooks_dir}/#{cookbook}"
+              # skip directories eg. '.' and '..'
+              next if cookbook.to_s == '.' || cookbook.to_s == '..'
+
+              # Run the syntax and semantics checkers
+              msg("\nRunning Rubocop on #{cookbook} cookbook")
+
+              # Copy in global .foodcritic file if set
+              debug("copying #{SETTINGS['RUBOCOP_RULES_FILE']} to #{Dir.pwd}")
+              system("cp #{SETTINGS['RUBOCOP_RULES_FILE']} #{Dir.pwd}") if File.exist? SETTINGS['RUBOCOP_RULES_FILE']
+
+              gem_path = `bundle show rubocop-junit-formatter`.strip!
+              system("rubocop \\
+                --format html -o #{@artifacts_dir}/rubocop/#{cookbook}_rubocop_output.html \\
+                -r #{gem_path}/lib/rubocop/formatter/junit_formatter.rb \\
+                --format RuboCop::Formatter::JUnitFormatter -o #{@reports_dir}/rubocop/#{cookbook}_junit.xml \\
+                #{base_path}/#{dir}/#{cookbooks_dir}/#{cookbook}") || @failure = true
+
+              msg("Running Foodcritic on #{cookbook} cookbook")
+              ENV['FOODCRITIC_JUNIT_OUTPUT_DIR'] = "#{@reports_dir}/foodcritic"
+              ENV['FOODCRITIC_JUNIT_OUTPUT_FILE'] = "#{cookbook}_foodcritic_junit.xml"
+
+              # Copy in global .foodcritic file if set
+              debug("copying #{SETTINGS['FOODCRITIC_RULES_FILE']} to #{Dir.pwd}")
+              system("cp #{SETTINGS['FOODCRITIC_RULES_FILE']} #{base_path}/#{dir}/#{cookbooks_dir}/#{cookbook}") if File.exist? SETTINGS['FOODCRITIC_RULES_FILE']
+
+              # Capure output but also fail if applicable
+              system("foodcritic #{base_path}/#{dir}/#{cookbooks_dir}/#{cookbook} -C > #{cookbook}_foodcritic.out") || @failure = true
+              system("foodcritic-junit < #{cookbook}_foodcritic.out")
+            end
+          end
+        end
+
+        def unit_test
+          # load chefspec here as it load chef and can take a long time on some systems
+          # so we only want to load it when we absolutely need it
+          require 'chefspec'
+          base_path = 'chef'
+          cookbooks_dir = 'cookbooks'
+
+          # Loop through the base directory looking through all of the cookbooks
+          # for unit tests
+          Dir.entries(base_path).each do |dir|
+            next unless File.directory? "#{base_path}/#{dir}/#{cookbooks_dir}"
+            next if dir.to_s == 'vendor'
+
+            Dir.entries("#{base_path}/#{dir}/#{cookbooks_dir}").each do |cookbook|
+              next unless File.directory? "#{base_path}/#{dir}/#{cookbooks_dir}/#{cookbook}"
+              # skip directories eg. '.' and '..'
+              next if cookbook.to_s == '.' || cookbook.to_s == '..'
+
+              # run rspec unit tests
+              Dir.chdir("#{base_path}/#{dir}/#{cookbooks_dir}/#{cookbook}") do
+                msg("\nRunning unit tests for #{cookbook} cookbook")
+                system("rspec -r rspec_junit_formatter --format progress --format RspecJunitFormatter -o #{@reports_dir}/rspec/#{cookbook}_junit.xml") || @failure = true
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/idlc-sdk-pfm/command/validator_commands.rb

@@ -0,0 +1,32 @@
+require 'mixlib/cli'
+require 'rbconfig'
+require 'pathname'
+require 'idlc-sdk-pfm/command/base'
+require 'idlc-sdk-pfm/validator'
+
+module Pfm
+  module Command
+    # ## SharedValidatorOptions
+    #
+    # These CLI options are shared amongst the validator commands
+    module SharedValidatorOptions
+      include Mixlib::CLI
+
+      option :circle_ci,
+             short:        '-c',
+             long:         '--circle-ci',
+             description: 'Use Circle Ci artifact output directories',
+             boolean: true,
+             default: false
+    end
+
+    # ## ValidatorCommands
+    #
+    # This module is the namespace for all subcommands of `pfm validate`
+    module ValidatorCommands
+      def self.build(class_name, params)
+        const_get(class_name).new(params)
+      end
+    end
+  end
+end

data/lib/idlc-sdk-pfm/commands_map.rb

@@ -0,0 +1,61 @@
+module Pfm
+  class CommandsMap
+    NULL_ARG = Object.new
+
+    CommandSpec = Struct.new(:name, :constant_name, :require_path, :description)
+
+    class CommandSpec
+
+      def instantiate
+        require require_path
+        command_class = Pfm::Command.const_get(constant_name)
+        command_class.new
+      end
+
+    end
+
+    attr_reader :command_specs
+
+    def initialize
+      @command_specs = {}
+    end
+
+    def builtin(name, constant_name, require_path: NULL_ARG, desc: "")
+      if null?(require_path)
+        snake_case_path = name.tr("-", "_")
+        require_path = "idlc-sdk-pfm/command/#{snake_case_path}"
+      end
+      command_specs[name] = CommandSpec.new(name, constant_name, require_path, desc)
+    end
+
+    def instantiate(name)
+      spec_for(name).instantiate
+    end
+
+    def have_command?(name)
+      command_specs.key?(name)
+    end
+
+    def command_names
+      command_specs.keys
+    end
+
+    def spec_for(name)
+      command_specs[name]
+    end
+
+    private
+
+    def null?(argument)
+      argument.equal?(NULL_ARG)
+    end
+  end
+
+  def self.commands_map
+    @commands_map ||= CommandsMap.new
+  end
+
+  def self.commands
+    yield commands_map
+  end
+end

data/lib/idlc-sdk-pfm/generator.rb

@@ -0,0 +1,52 @@
+module Pfm
+  module Generator
+    # This is here to hold attr_accessor data for Generator context variables
+    class Context
+      def self.add_attr(name)
+        @attributes ||= []
+
+        unless @attributes.include?(name)
+          @attributes << name
+          attr_accessor(name)
+        end
+      end
+
+      def self.reset
+        return if @attributes.nil?
+
+        @attributes.each do |attr|
+          remove_method(attr)
+        end
+
+        @attributes = nil
+      end
+    end
+
+    def self.reset
+      @context = nil
+    end
+
+    def self.context
+      @context ||= Context.new
+    end
+
+    def self.add_attr_to_context(name, value = nil)
+      sym_name = name.to_sym
+      Pfm::Generator::Context.add_attr(sym_name)
+      Pfm::Generator::TemplateHelper.delegate_to_app_context(sym_name)
+      context.public_send("#{sym_name}=", value)
+    end
+
+    module TemplateHelper
+      def self.delegate_to_app_context(name)
+        define_method(name) do
+          Pfm::Generator.context.public_send(name)
+        end
+      end
+
+      def year
+        Time.now.year
+      end
+    end
+  end
+end