on_container 0.0.3 → 0.0.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 20a0354095f53ceb65e945d63fb79c4daaac2c20
-  data.tar.gz: bcf5aa4c31eeeb52a7ac97ecbfa8f9fa4ee7ca4c
+SHA256:
+  metadata.gz: 0b3faf030bfb28175d373fcaf06d219b8e89eae377a881e0655b0ea71a4248d9
+  data.tar.gz: 4b0a1a13bfea4e50a199b92caf15cf8c53361e03f4312057a0c10f7e33fa8e8a
 SHA512:
-  metadata.gz: ce35b61eb314e07871f4e2004dedaff36c3c64d3abcd3e303b43d33c1a079ab115ea9ae8921cf07601c7275a678783d6fb6c28649b985937abe621703ccde6bf
-  data.tar.gz: 51f7dee953ae4692733673f72cd0c87ed08ec32b341f82e3baa767ae5cdc2c4aab1791a3239b829af842d7438d277a34ab36994dcb9a36aac0af9e1feeb78f32
+  metadata.gz: ff47344c4ca8270ffc7b3aebc028aecc7bc1858bcb50016301c65c21e2ec94dfe0b4a334d18e7c4fa5722f319fd14c72808246094d707dcae15c3f5e8625d9e9
+  data.tar.gz: 166f0b25ea8db2af892eeeabffe15d96419d57688f9f6531d5f6fb88f7b7a9b6551a00e5049264cf6245eff9566bfa270404cd1af58fec6315593cc8b5a8fcb2

data/README.md

@@ -22,7 +22,71 @@ Or install it yourself as:
 
 ## Usage
 
-TODO: Write usage instructions here
+### Development Routines & Docker Entrypoint Scripts
+
+We use some routines included in this gem to create compelling development entrypoint scripts for docker development containers.
+
+In this example, we'll be using the `on_container/dev/rails` routine bundle to create our dev entrypoint:
+
+```ruby
+#!/usr/bin/env ruby
+
+# frozen_string_literal: true
+
+require 'on_container/dev/rails'
+
+set_given_or_default_command
+
+# `on_setup_lock_acquired` prevents multiple app containers from running
+# the setup process concurrently:
+on_setup_lock_acquired do
+  ensure_project_gems_are_installed
+  ensure_project_node_packages_are_installed
+
+  wait_for_service_to_accept_connections 'tcp://postgres:5432'
+  setup_activerecord_database unless activerecord_database_ready?
+
+  remove_rails_pidfile if rails_server?
+end if command_requires_setup?
+
+execute_given_or_default_command
+```
+
+### Loading secrets into environment variables, and inserting credentials into URL environment variables
+
+When using Docker Swarm, the secrets are loaded as files mounted into the container's filesystem.
+
+The `on_container/load_env_secrets` runs a couple of routines that reads these files into environment variables.
+
+For our Rails example app, we added the following line to the `config/boot.rb` file:
+
+```ruby
+# frozen_string_literal: true
+
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__)
+
+require 'on_container/load_env_secrets' # Load secrets injected by Kubernetes/Swarm
+
+require 'bundler/setup' # Set up gems listed in the Gemfile.
+require 'bootsnap/setup' # Speed up boot time by caching expensive operations.
+```
+
+The `on_container/load_env_secrets` also merges any credential available in environment variables into any matching
+`_URL` environment variable. For example, consider the following environment variables:
+
+```shell
+DATABASE_URL=postgres://postgres:5432/?encoding=unicode
+DATABASE_USER=postgres
+DATABASE_PASS=3x4mpl3P455w0rd
+```
+
+The routine will merge `DATABASE_USER` and `DATABASE_PASS` into `DATABASE_URL`:
+
+```ruby
+puts ENV['DATABASE_URL']
+> postgres://postgres:3x4mpl3P455w0rd@postgres:5432/?encoding=unicode
+```
+
 
 ## Development
 

data/lib/on_container/dev/active_record_ops.rb

@@ -26,15 +26,7 @@ module OnContainer
       end
       
       def establish_activerecord_database_connection
-        unless defined?(ActiveRecord)
-          require 'rubygems'
-          require 'bundler'
-
-          Bundler.setup(:default)
-
-          require 'active_record'
-        end
-
+        require 'active_record' unless defined?(ActiveRecord)
         ActiveRecord::Base.establish_connection activerecord_config
         ActiveRecord::Base.connection_pool.with_connection { |connection| }
       end

data/lib/on_container/dev/rails.rb

@@ -12,4 +12,8 @@ include OnContainer::Dev::SetupOps
 include OnContainer::Dev::BundlerOps
 include OnContainer::Dev::NodeModulesOps
 include OnContainer::Dev::ActiveRecordOps
-include OnContainer::Dev::ContainerCommandOps
+include OnContainer::Dev::ContainerCommandOps
+
+require 'on_container/ops/service_connection_checks'
+
+include OnContainer::Ops::ServiceConnectionChecks

data/lib/on_container/dev/setup_ops.rb

@@ -21,12 +21,19 @@ module OnContainer
         puts 'Waiting for app setup to finish...'
         sleep app_setup_wait
       end
-      
+
       def on_setup_lock_acquired
         wait_setup while File.exist?(app_setup_lock_path)
-      
+
         lock_setup
+
+        %w[HUP INT QUIT TERM EXIT].each do |signal_string|
+          Signal.trap(signal_string) { unlock_setup }
+        end
+
         yield
+
+      ensure
         unlock_setup
       end
 

data/lib/on_container/load_env_secrets.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+# Reads the specified secret paths (i.e. Docker Secrets) into environment
+# variables:
+
+require 'active_support'
+require 'active_support/core_ext/object'
+
+# Process only a known list of env vars that can filled by reading a file (i.e.
+# a docker secret):
+Dir["#{ENV.fetch('SECRETS_PATH', '/run/secrets/')}*"].each do |secret_filepath|
+  next unless File.file?(secret_filepath)
+
+  secret_envvarname = File.basename(secret_filepath, '.*').upcase
+
+  # Skip if variable is already set - already-set variables have precedence over
+  # the secret files:
+  next if ENV.key?(secret_envvarname) && ENV[secret_envvarname].present?
+
+  ENV[secret_envvarname] = File.read(secret_filepath).strip
+end
+
+# For each *_URL environment variable where there's also a *_(USER|USERNAME) or
+# *_(PASS|PASSWORD), update the URL environment variable with the given
+# credentials. For example:
+#
+# DATABASE_URL: postgres://postgres:5432/demo_production
+# DATABASE_USERNAME: lalito
+# DATABASE_PASSWORD: lepass
+#
+# Results in the following updated DATABASE_URL:
+#  DATABASE_URL = postgres://lalito:lepass@postgres:5432/demo_production
+require 'uri' if (url_keys = ENV.keys.select { |key| key =~ /_URL/ }).any?
+
+url_keys.each do |url_key|
+  credential_pattern_string = url_key.gsub('_URL', '_(USER(NAME)?|PASS(WORD)?)')
+  credential_pattern = Regexp.new "\\A#{credential_pattern_string}\\z"
+  credential_keys = ENV.keys.select { |key| key =~ credential_pattern }
+  next unless credential_keys.any?
+
+  uri = URI(ENV[url_key])
+
+  credential_keys.each do |credential_key|
+    credential_value = URI.encode_www_form_component ENV[credential_key]
+    case credential_key
+    when /USER/ then uri.user = credential_value
+    when /PASS/ then uri.password = credential_value
+    end
+  end
+
+  ENV[url_key] = uri.to_s
+end
+
+# STDERR.puts ENV.inspect

data/lib/on_container/ops/service_connection_checks.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require 'socket'
+require 'timeout'
+require 'uri'
+
+module OnContainer
+  module Ops
+    module ServiceConnectionChecks
+      def service_accepts_connections?(service_uri, seconds_to_wait = 30)
+        uri = URI(service_uri)
+
+        Timeout::timeout(seconds_to_wait) do
+          TCPSocket.new(uri.host, uri.port).close
+        rescue Errno::ECONNREFUSED
+          retry
+        end
+
+        true
+
+      rescue => e
+        puts "Connection to #{uri.to_s} failed: '#{e.inspect}'"
+      end
+      
+      def wait_for_service_to_accept_connections(service_uri, seconds_to_wait = 30, exit_on_fail = true)
+        wait_loop = Thread.new do
+          loop do
+            sleep(5)
+            puts "Waiting for #{service_uri} to accept connections..."
+          end
+        end
+
+        if service_accepts_connections?(service_uri, seconds_to_wait)
+          return wait_loop.exit
+        else
+          exit 1 if exit_on_fail
+        end
+      end
+    end
+  end
+end

data/lib/on_container/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module OnContainer
-  VERSION = '0.0.3'
+  VERSION = '0.0.9'
 end

data/on_container.gemspec

@@ -24,5 +24,5 @@ Gem::Specification.new do |spec|
   spec.bindir        = 'exe'
   spec.require_paths = ['lib']
 
-  spec.add_development_dependency 'bundler', '~> 1.17'
+  spec.add_development_dependency 'bundler', '~> 2.1'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: on_container
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.9
 platform: ruby
 authors:
 - Roberto Quintanilla
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-11-12 00:00:00.000000000 Z
+date: 2020-12-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.17'
+        version: '2.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.17'
+        version: '2.1'
 description: A small collection of scripts and routines to help ruby development within
   containers
 email:
@@ -45,12 +45,10 @@ files:
 - lib/on_container/dev/rails.rb
 - lib/on_container/dev/rails_ops.rb
 - lib/on_container/dev/setup_ops.rb
-- lib/on_container/step_down_from_root.rb
+- lib/on_container/load_env_secrets.rb
+- lib/on_container/ops/service_connection_checks.rb
 - lib/on_container/version.rb
 - on_container.gemspec
-- spec/on_container_spec.rb
-- spec/spec_helper.rb
-- spec/step_down_from_root_spec.rb
 homepage: https://github.com/IcaliaLabs/on-container-for-ruby
 licenses:
 - MIT
@@ -74,13 +72,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.5.2.3
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: A small collection of scripts and routines to help ruby development within
   containers
-test_files:
-- spec/on_container_spec.rb
-- spec/spec_helper.rb
-- spec/step_down_from_root_spec.rb
+test_files: []

data/lib/on_container/step_down_from_root.rb

@@ -1,55 +0,0 @@
-# frozen_string_literal: true
-
-require 'etc'
-
-module OnContainer
-  class StepDownFromRoot
-    attr_reader :curent_user, :target_user
-    
-    def initialize
-      @curent_user = Etc.getpwuid
-    end
-
-    def target_user
-      @target_user ||= Etc.getpwuid(developer_uid)
-    end
-
-    def perform
-      return unless root_user?
-      return warn_no_developer_uid unless developer_uid?
-
-      switch_to_developer_user
-    end
-
-    def root_user?
-      curent_user.name == 'root'
-    end
-
-    def developer_uid?
-      developer_uid > 0
-    end
-
-    def developer_uid
-      @developer_uid ||= ENV.fetch('DEVELOPER_UID', '').to_i
-    end
-
-    protected
-
-    def switch_to_developer_user
-      target_user_name = target_user.name
-      puts "Switching from 'root' user to '#{target_user_name}'..."
-      Kernel.exec 'su-exec', target_user_name, $0, *$*
-    end
-
-    def warn_no_developer_uid
-      puts "The 'DEVELOPER_UID' environment variable is not set... " \
-           'still running as root!'
-    end
-
-    def self.perform
-      new.perform
-    end
-  end
-end
-
-OnContainer::StepDownFromRoot.perform

data/spec/on_container_spec.rb

@@ -1,5 +0,0 @@
-RSpec.describe OnContainer do
-  it "has a version number" do
-    expect(OnContainer::VERSION).not_to be nil
-  end
-end

data/spec/spec_helper.rb

@@ -1,14 +0,0 @@
-require "bundler/setup"
-require "on_container"
-
-RSpec.configure do |config|
-  # Enable flags like --only-failures and --next-failure
-  config.example_status_persistence_file_path = ".rspec_status"
-
-  # Disable RSpec exposing methods globally on `Module` and `main`
-  config.disable_monkey_patching!
-
-  config.expect_with :rspec do |c|
-    c.syntax = :expect
-  end
-end

data/spec/step_down_from_root_spec.rb

@@ -1,63 +0,0 @@
-# frozen_string_literal: true
-
-require 'on_container/step_down_from_root'
-
-RSpec.describe OnContainer::StepDownFromRoot do
-  let(:root_user) do
-    instance_double "struct Etc::Passwd",
-                    name: 'root',
-                    passwd: 'x',
-                    uid: 0,
-                    gid: 0,
-                    gecos: 'root',
-                    dir: '/root',
-                    shell: '/bin/bash'
-  end
-
-  let(:developer_user) do
-    instance_double "struct Etc::Passwd",
-                    name: 'developer',
-                    passwd: 'x',
-                    uid: 1000,
-                    gid: 1000,
-                    gecos: 'Developer User,,,',
-                    dir: '/usr/src',
-                    shell: '/bin/bash'
-  end
-
-  let(:example_current_user) { root_user }
-  let(:example_target_user) { developer_user }
-  let(:example_developer_uid) { '1000' }
-
-  before do
-    allow(ENV).to receive(:fetch).with('DEVELOPER_UID', '') { example_developer_uid }
-    allow(Etc).to receive(:getpwuid) { example_current_user }
-    allow(Etc).to receive(:getpwuid).with(example_target_user.uid) { example_target_user }
-    allow(Kernel).to receive(:exec).with('su-exec', example_target_user.name, any_args)
-  end
-
-  describe '#perform' do
-    it 'changes to the target user' do
-      subject.perform
-      expect(Kernel).to have_received(:exec).with 'su-exec', example_target_user.name, any_args
-    end
-
-    context 'without a developer uid' do
-      let(:example_developer_uid) { '' }
-      
-      example 'does not change the current user' do
-        subject.perform
-        expect(Kernel).not_to have_received(:exec)
-      end
-    end
-
-    context 'when not as root' do
-      let(:example_current_user) { developer_user }
-      
-      example 'does not change the current user' do
-        subject.perform
-        expect(Kernel).not_to have_received(:exec)
-      end
-    end
-  end
-end