pact_broker 2.81.0 → 2.82.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 264cb3fe694b76c1efc4ee585043f68957485f477ef60154357d72535741dc9e
-  data.tar.gz: 2081f35b9a33d5e8ebe9817f5fda62b35378f437a66e69c2611555dc0f78228b
+  metadata.gz: 9a0cf4f6c970fd0fa0535eca1d44605e3e40d79407e6edf5e06f6ceea7160ece
+  data.tar.gz: bb6533b81dd28846a3ccda8d3fe2479c1621cd2117814ee63d5f6cf55f500079
 SHA512:
-  metadata.gz: bf0de96a30b0893206130d39f9ae19d23eb411e81440d7a2099aa6dfe36cdb5ddd9d135f51d164f17b439d7a8db07ea060e5bc0a7e6b0a980e87b100f6e23cf1
-  data.tar.gz: de1636fa911c024295c7b6d94df91219f7a7fe9a8ed3d838cbad635477b4623b220a0493181bac49652994bd19fb7a40f330a8a9bfc8efc25ceb20727c2653bd
+  metadata.gz: c5f7da8fe0a477ee49d54a3d2e034be142d3af6b7a942b47818e2809ae34c1d3add710ba316871d41001e4a1ec708769d51de176b37a47b4785b81778c729a0c
+  data.tar.gz: cd91ad22fb076907f240deb3322701f272b802839f2c1a6c3f44e232a452eb17fa5d5f61fe6ef0cfab3ac912d2b9700c5f33e30b918ba6bd1125735ace3af743

data/.github/workflows/test.yml

@@ -24,7 +24,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        ruby_version: ["2.5", "2.7"]
+        ruby_version: ["2.6", "2.7"]
     services:
       postgres:
         image: postgres

data/CHANGELOG.md

@@ -1,3 +1,33 @@
+<a name="v2.82.0"></a>
+### v2.82.0 (2021-08-14)
+
+#### Features
+
+* do not allow contract content for a consumer version to be modified for all new Broker instances (#484)	 ([b1819749](/../../commit/b1819749))
+* ensure saved configuration is loaded appropriately into the RuntimeConfiguration	 ([c5ab52ad](/../../commit/c5ab52ad))
+* automatically set main branch (#483)	 ([63e287ee](/../../commit/63e287ee))
+* allow the first tag to be used as the branch name to assist migrating to branches (#478)	 ([a086214a](/../../commit/a086214a))
+* add support for contract_requiring_verification_published webhook (#476)	 ([b4699df0](/../../commit/b4699df0))
+* automatically create database connection from YAML or environment variable config	 ([ca34b030](/../../commit/ca34b030))
+* move basic auth code in from pact-broker-docker	 ([869bcd61](/../../commit/869bcd61))
+* allow Pact Broker to be configured using a YAML file and environment variables (#471)	 ([6e3d0e62](/../../commit/6e3d0e62))
+
+* **pacts for verification**
+  * if no consumer version selectors are specified, return the pacts for the latest main version, and all the deployed and released versions	 ([5fccd524](/../../commit/5fccd524))
+
+* **metrics**
+  * add counts for environment, deployed version, released version, pacticipants and versions with branch set	 ([8272b08b](/../../commit/8272b08b))
+
+#### Bug Fixes
+
+* lazy load latest verification using select max, and eager load using the skynet query	 ([e6ee6ab5](/../../commit/e6ee6ab5))
+* improve performance of query for latest verification for pact_version	 ([d63081d8](/../../commit/d63081d8))
+* do not allow the deployment of a provider version with no results when one of its consumers is already deployed (#486)	 ([219029c0](/../../commit/219029c0))
+* add cache busting parameters to css and js links	 ([9cab749a](/../../commit/9cab749a))
+
+* **can-i-deploy**
+  * correctly construct options when environment is used in the can-i-deploy GET endpoint	 ([cb79a404](/../../commit/cb79a404))
+
 <a name="v2.81.0"></a>
 ### v2.81.0 (2021-07-17)
 

data/DEVELOPER_SETUP.md

@@ -125,7 +125,7 @@ To run:
 1. Load an exported real database into a postgres docker image. The exported file must be in the pg dump format to use this script, and it must be located in the project root directory for it to be found via the mounted directory.
 
     ```
-    script/docker/reload.sh <export>
+    script/docker/restore.sh <export>
 
     ```
 1. Clear any previously generated approvals.

data/README.md

@@ -3,13 +3,11 @@
  ![Build status](https://github.com/pact-foundation/pact_broker/workflows/Test/badge.svg)
  [![Join the chat at https://pact-foundation.slack.com/](https://img.shields.io/badge/chat-on%20slack-blue.svg?logo=slack)](https://slack.pact.io)
  [![security](https://hakiri.io/github/pact-foundation/pact_broker/master.svg)](https://hakiri.io/github/pact-foundation/pact_broker/master)
- [![Code Climate](https://codeclimate.com/github/pact-foundation/pact_broker/badges/gpa.svg)](https://codeclimate.com/github/pact-foundation/pact_broker)
- [![Test Coverage](https://codeclimate.com/github/pact-foundation/pact_broker/badges/coverage.svg)](https://codeclimate.com/github/pact-foundation/pact_broker/coverage)
 
 The Pact Broker is an application for sharing of consumer driven contracts and verification results. It is optimised for use with "pacts" (contracts created by the [Pact][pact-docs] framework), but can be used for any type of contract that can be serialized to JSON.
 
 <br/>
-<a href="https:/pactflow.io/?utm_source=github&utm_campaign=pact_broker_intro"><img src="docs/images/Pactflow logo - black small.png"></a>
+<a href="https://pactflow.io/?utm_source=github&utm_campaign=pact_broker_intro"><img src="docs/images/Pactflow logo - black small.png"></a>
 <br/>
 
 You can try out a Pact Broker for free at <a href="https://pactflow.io/?utm_source=github&utm_campaign=pact_broker_intro"/>pactflow.io</a>. Built by a group of core Pact maintainers, Pactflow is a fork of the OSS Pact Broker with extra goodies like an improved UI, field level verification results and federated login.
@@ -160,13 +158,17 @@ You can use the [Pact Broker Docker image][docker] or [Terraform on AWS][terrafo
 
 Please read the [UPGRADING.md](UPGRADING.md) documentation before upgrading your Pact Broker, for information on the supported upgrade paths.
 
-[decouple]: http://techblog.realestate.com.au/enter-the-pact-matrix-or-how-to-decouple-the-release-cycles-of-your-microservices/
+## Versioning
+
+The Pact Broker follows the [semantic versioning](https://semver.org/) scheme.
+
+[decouple]: https://www.rea-group.com/blog/enter-the-pact-matrix-or-how-to-decouple-the-release-cycles-of-your-microservices/
 [pact]: https://github.com/pact-foundation/pact-ruby
 [nerf]: https://github.com/pact-foundation/pact_broker/wiki/pact-broker-ci-nerf-gun
 [different-teams]: https://github.com/pact-foundation/pact-ruby/wiki/Using-pact-where-the-consumer-team-is-different-from-the-provider-team
 [docker]: https://github.com/pact-foundation/pact-broker-docker
 [terraform]: https://github.com/nadnerb/terraform-pact-broker
-[pactflow]: https:/pactflow.io/?utm_source=github&utm_campaign=pact_broker_usage
+[pactflow]: https://pactflow.io/?utm_source=github&utm_campaign=pact_broker_usage
 [wiki]: https://github.com/pact-foundation/pact_broker/wiki
 [reverse-proxy-docs]: https://github.com/pact-foundation/pact_broker/wiki/Configuration#running-the-broker-behind-a-reverse-proxy
 [stackoverflow]: http://stackoverflow.com/questions/tagged/pact-broker

data/config.ru

@@ -1,36 +1,11 @@
-require "fileutils"
-require "logger"
-require "sequel"
 require "pact_broker"
 
-FileUtils.mkdir_p("tmp") unless ENV["PACT_BROKER_DATABASE_URL"]
-
-DATABASE_URL = ENV["PACT_BROKER_DATABASE_URL"] || "sqlite://tmp/pact_broker_database.sqlite3"
-DB_OPTIONS = { encoding: "utf8", sql_log_level: :debug }
-
 ENV["TZ"] = "Australia/Melbourne"
 
-SemanticLogger.add_appender(io: $stderr)
-SemanticLogger.default_level = :info
-
 app = PactBroker::App.new do | config |
-  # config.logger.level = ::Logger::INFO
-  config.auto_migrate_db = true
-  config.enable_public_badge_access = true
-  config.order_versions_by_date = true
-  config.allow_missing_migration_files = true
-  config.base_equality_only_on_content_that_affects_verification_results = true
-  config.badge_provider_mode = :redirect
-
-  config.webhook_retry_schedule = [3, 3, 3]
-  config.webhook_host_whitelist = [/.*/, "10.0.0.0/8"]
-  config.webhook_scheme_whitelist = ["http", "https"]
-  config.webhook_http_method_whitelist = ["GET", "POST"]
-  config.webhook_http_code_success = [200, 201, 202, 203, 204, 205, 206]
-  config.base_url = ENV["PACT_BROKER_BASE_URL"]
-
-  database_logger = PactBroker::DB::LogQuietener.new(config.logger)
-  config.database_connection = Sequel.connect(DATABASE_URL, DB_OPTIONS.merge(logger: database_logger))
+  config.log_stream = :stdout
+  config.base_urls = ["http://localhost:9292"]
+  config.database_url = "sqlite:////tmp/pact_broker_database.sqlite3"
 end
 
 run app

data/db/migrations/20210722_add_index_to_triggered_webhooks_webhook_uuid.rb

@@ -0,0 +1,7 @@
+Sequel.migration do
+  change do
+    alter_table(:triggered_webhooks) do
+      add_index([:webhook_uuid], name: "triggered_webhooks_webhook_uuid_index")
+    end
+  end
+end

data/db/migrations/20210810_set_allow_contract_modification.rb

@@ -0,0 +1,17 @@
+Sequel.migration do
+  up do
+    if from(:pact_publications).count != 0
+      from(:config).insert(
+        name: "allow_dangerous_contract_modification",
+        type: "boolean",
+        value: "1",
+        created_at: Sequel.datetime_class.now,
+        updated_at: Sequel.datetime_class.now
+      )
+    end
+  end
+
+  down do
+
+  end
+end

data/docs/CONFIGURATION.md

@@ -0,0 +1,398 @@
+# Pact Broker Configuration
+
+
+<br/>
+
+## Database
+
+<hr/>
+
+
+### database_adapter
+
+The database adapter. For production use, Postgres must be used.
+
+For investigations/spikes on a development machine, you can use SQlite. It is not supported as a production database, as it does not support
+concurrent requests.
+
+**Default:** `postgres`<br/>
+**Allowed values:** `postgres` (for production use), `sqlite` (for spikes only)<br/>
+
+### database_username
+
+The database username
+
+
+### database_password
+
+The database password
+
+
+### database_name
+
+The database name. If using the `sqlite` adapter, this will be the path to the database file.
+
+**Examples:** `pact_broker`, `/tmp/pact_broker.sqlite3`, `./tmp/pact_broker.sqlite3`<br/>
+
+### database_host
+
+The database host
+
+
+### database_port
+
+The database port. If ommited, the default port for the adapter will be used.
+
+
+### database_url
+
+The full database URL may be specified instead of the separate adapter, username, password, name, host and port.
+
+**Format:** {database_adapter}://{database_username}:{database_password}@{database_host}:{database_port}/{database_name}<br/>
+**Examples:** `postgres://pact_broker_user:pact_broker_password@pact_broker_db_host/pact_broker`, `sqlite:////tmp/pact_broker.sqlite3`<br/>
+
+### database_sslmode
+
+The Postgresql ssl mode.
+
+**Default:** `prefer`<br/>
+**Allowed values:** `disable`, `allow`, `prefer`, `require`, `verify-ca`, `verify-full`<br/>
+**More information:** https://ankane.org/postgres-sslmode-explained<br/>
+
+### sql_log_level
+
+The log level that will be used when the SQL query statements are logged.
+
+To disable noisy SQL query logging when the application `log_level` is set to `debug` for other reasons, use the value `none`.
+
+**Default:** `debug`<br/>
+**Allowed values:** `none`, `debug`, `info`, `warn`, `error`, `fatal`<br/>
+
+### sql_log_warn_duration
+
+
+
+**Default:** `5`<br/>
+
+### database_max_connections
+
+
+
+**Default:** `nil`<br/>
+
+### database_pool_timeout
+
+
+
+**Default:** `5`<br/>
+
+### database_connect_max_retries
+
+
+
+**Default:** `0`<br/>
+
+### auto_migrate_db
+
+
+
+**Default:** `true`<br/>
+
+### auto_migrate_db_data
+
+
+
+**Default:** `true`<br/>
+
+### allow_missing_migration_files
+
+
+
+**Default:** `true`<br/>
+
+### validate_database_connection_config
+
+
+
+**Default:** `true`<br/>
+
+### database_statement_timeout
+
+
+
+**Default:** `15`<br/>
+
+### metrics_sql_statement_timeout
+
+
+
+**Default:** `30`<br/>
+
+### database_connection_validation_timeout
+
+
+
+
+<br/>
+
+## Logging
+
+<hr/>
+
+
+### log_level
+
+The application log level
+
+**Default:** `info`<br/>
+**Allowed values:** `debug`, `info`, `warn`, `error`, `fatal`<br/>
+
+### log_format
+
+The application log format. Can be any value supported by Semantic Logger.
+
+**Default:** `default`<br/>
+**Allowed values:** `default`, `json`, `color`<br/>
+**More information:** https://github.com/rocketjob/semantic_logger/tree/master/lib/semantic_logger/formatters<br/>
+
+### log_dir
+
+The log file directory
+
+**Default:** `./logs`<br/>
+
+### log_stream
+
+The stream to which the logs will be sent.
+
+While the default is `file` for the Ruby application, it is set to `stdout` on the supported Docker images.
+
+**Default:** `file`<br/>
+**Allowed values:** `stdout`, `file`<br/>
+
+### hide_pactflow_messages
+
+Set to `true` to hide the messages in the logs about Pactflow
+
+**Default:** `true`<br/>
+**Allowed values:** `true`, `false`<br/>
+**More information:** https://pactflow.io<br/>
+
+<br/>
+
+## Authentication and authorization
+
+<hr/>
+The Pact Broker comes with 2 configurable basic auth users - one with read/write privileges, and one with read only privileges.
+The read only credentials should be distributed to the developers for use from development machines, and the read/write credentials
+should be used for CI/CD.
+
+
+### basic_auth_enabled
+
+Whether to enable basic authorization
+
+**Default:** `false`<br/>
+**Allowed values:** `true`, `false`<br/>
+
+### basic_auth_username
+
+The username for the read/write basic auth user.
+
+
+### basic_auth_password
+
+The password for the read/write basic auth user.
+
+
+### basic_auth_read_only_username
+
+The username for the read only basic auth user.
+
+
+### basic_auth_read_only_password
+
+The password for the read only basic auth user.
+
+
+### allow_public_read
+
+If you want to allow public read access, but still require credentials for writing, then leave `basic_auth_read_only_username` and `basic_auth_read_only_password` unset, and set `allow_public_read` to `true`.
+
+**Default:** `false`<br/>
+**Allowed values:** `true`, `false`<br/>
+
+### public_heartbeat
+
+If you have enabled basic auth, but require unauthenticated access to the heartbeat URL (eg. for use within an AWS autoscaling group), set `public_heartbeat` to `true`.
+
+**Default:** `false`<br/>
+**Allowed values:** `true`, `false`<br/>
+
+### enable_public_badge_access
+
+Set this to true to allow status badges to be embedded in README files without requiring a hardcoded password.
+
+**Default:** `false`<br/>
+**Allowed values:** `true`, `false`<br/>
+
+<br/>
+
+## Webhooks
+
+<hr/>
+
+
+### webhook_retry_schedule
+
+The schedule of seconds to wait between webhook execution attempts.
+The default schedule is 10 sec, 1 min, 2 min, 5 min, 10 min, 20 min (38 minutes in total).
+
+**Format:** A space separated list of integers.<br/>
+**Default:** `10 60 120 300 600 1200`<br/>
+
+### webhook_http_method_whitelist
+
+The allowed HTTP methods for webhooks.
+It is highly recommended that only `POST` requests are allowed to ensure that webhooks cannot be used to retrieve sensitive information from hosts within the same network.
+
+**Format:** A space separated list.<br/>
+**Default:** `POST`<br/>
+**Allowed values:** `POST`, `GET` (not recommended), `PUT` (not recommended), `PATCH` (not recommended), `DELETE` (not recommended)<br/>
+
+### webhook_http_code_success
+
+If webhook call returns the response with an HTTP code that is listed in the success codes then the operation is
+considered a success, otherwise the webhook will be re-triggered based on the `webhook_retry_schedule` configuration.
+
+In most cases, configuring this is not necessary, but there are some CI systems that return a non 200 status for a success,
+which is why this feature exists.
+
+**Format:** A space separated list of integers.<br/>
+**Default:** `200 201 202 203 204 205 206`<br/>
+**Allowed values:** `Any valid HTTP status code`<br/>
+
+### webhook_scheme_whitelist
+
+The allowed URL schemes for webhooks.
+
+**Format:** A space delimited list.<br/>
+**Default:** `https`<br/>
+**Allowed values:** `https`, `http`<br/>
+
+### webhook_host_whitelist
+
+A list of hosts, network ranges, or host regular expressions.
+Regular expressions should start and end with a `/` to differentiate them from Strings.
+Note that backslashes need to be escaped with a second backslash when setting via an environment variable.
+Please read the Webhook whitelists section of the Pact Broker configuration documentation to understand how the whitelist is used.
+
+**Examples:** `github.com`, `10.2.3.41/24`, `/.*\\.foo\\.com$/`<br/>
+**More information:** https://docs.pact.io/pact_broker/configuration/#webhook-whitelists<br/>
+
+### disable_ssl_verification
+
+If set to true, SSL verification will be disabled for the HTTP requests made by the webhooks
+
+**Default:** `false`<br/>
+**Allowed values:** `true`, `false`<br/>
+
+<br/>
+
+## HTTP
+
+<hr/>
+
+
+### port
+
+The HTTP port that the Pact Broker application will run on. This will only be honoured if you are deploying the Pact Broker using
+a package that actually reads this property (eg. one of the supported Docker images). If you are running the vanilla Ruby application,
+the application will run on the port the server has been configured to run on (eg. `bundle exec rackup -p 9393`)
+
+**Default:** `9292`<br/>
+
+### base_url
+
+The full URL (including port, if non-standard for the protocol) at which the application will be made available to users.
+This is used to create the links in the API.
+The application may run correctly without this attribute, however, it is strongly recommended to set it when
+deploying the Pact Broker to production as it prevents cache poisoning security vulnerabilities.
+It is also required when deploying the Broker behind a reverse proxy, and when the application has been mounted at a non-root context.
+Note that this attribute does not change where the application is actually mounted (that is the concern of the deployment configuration) - it just changes the links.
+
+**Examples:** `https://pact-broker.mycompany.com`, `https://my-company.com:9292/pact-broker`<br/>
+
+### base_urls
+
+An alias of base_url. From version 2.79.0, multiple base URLs can be configured for architectures that use
+gateways or proxies that allow the same Pact Broker instance to be addressed with different base URLs.
+
+**Format:** A space separated list.<br/>
+**Example:** `http://my-internal-pact-broker:9292 https://my-external-pact-broker`<br/>
+
+### shields_io_base_url
+
+The URL of the shields.io server used to generate the README badges.
+
+**Default:** `https://img.shields.io`<br/>
+**More information:** https://shields.io<br/>
+
+<br/>
+
+## Domain
+
+<hr/>
+
+
+### check_for_potential_duplicate_pacticipant_names
+
+When a pact is published, the consumer, provider and consumer version resources are automatically created.
+
+To prevent a pacticipant (consumer or provider) being created multiple times with slightly different name variants
+(eg. FooBar/foo-bar/foo bar/Foo Bar Service), a check is performed to determine if a new pacticipant name is likely to be a duplicate
+of any existing applications. If it is deemed similar enough to an existing name, a 409 will be returned.
+
+The response body will contain instructions indicating that the pacticipant name should be corrected if it was intended to be an existing one,
+or that the pacticipant should be created manually if it was intended to be a new one.
+
+To turn this feature off, set `check_for_potential_duplicate_pacticipant_names` to `false`, and make sure everyone is very careful with their naming!
+The usefulness of the Broker depends on the integrity of the data, which in turn depends on the correctness of the pacticipant names.
+
+**Default:** `true`<br/>
+**Allowed values:** `true`, `false`<br/>
+
+### create_deployed_versions_for_tags
+
+When `create_deployed_versions_for_tags` is `true` and a tag is created, if there is an environment with the name of the newly created tag, a deployed version is
+also created for the pacticipant version.
+
+This is to assist in the migration from using tags to track deployments to using the deployed and released versions feature.
+
+**Default:** `true`<br/>
+**Allowed values:** `true`, `false`<br/>
+**More information:** https://docs.pact.io/pact_broker/recording_deployments_and_releases/<br/>
+
+### use_first_tag_as_branch
+
+When `use_first_tag_as_branch` is `true`, the first tag applied to a version within the `use_first_tag_as_branch_time_limit` (10 seconds)
+will be used to populate the `branch` property of the version.
+
+This is to assist in the migration from using tags to track branches to using the branches feature.
+
+**Default:** `true`<br/>
+**Allowed values:** `true`, `false`<br/>
+
+<br/>
+
+## Miscellaneous
+
+<hr/>
+
+
+### features
+
+A list of features to enable in the Pact Broker for beta testing before public release.
+
+**Format:** A space separated list.<br/>
+