puppet_webhook 0.1.0 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ede16a1d630dd4e207c8249f16be15a60c8e03c5765c9149430b3c25e2b4ac48
-  data.tar.gz: db4e418f871c2b1cf183c8c8c70dba59beee16d91be479504c3c93b289757d42
+  metadata.gz: 4a2bedbab06ccd3b043abda7e4e3c4711f90bae1fcc6cc102c283c63c517f783
+  data.tar.gz: b609d99c486ef605836756939f1ff33ae40056b38641d13c2665b33ecbd56093
 SHA512:
-  metadata.gz: 407f56e4b09e33150731e45d5ae4a3a3124d5579dd0ed75ca324ba6398cfc2a9b468661d74e5530474536d5723c78b7e5908ab4ae2751bcb60dbc51f0aae470e
-  data.tar.gz: 9e8d88704b8150b81470c4be40551a1021aea567230b19715f7df8c89c6164d312b4ce3c6308d4cbd331c12cdd2030ebaa4e179f7beb5432ad644df01a43d29d
+  metadata.gz: 4cd5c13d66c1fef5b8eda9c5768e5ecc216cb24617cdd04ec07e0655213b543561074aec522790b394879e3906cd8835896d8bdf7abaffb265ade893cb2496ff
+  data.tar.gz: d3870a2daffca879005cac928fa0fbe46a4c65c7d3594fb12a8333d9394afc2fb5e181027e45a57dfea6505ceb92e1369587aefe4dc4abe49a3025a4fd9d988f

data/CHANGELOG.md

@@ -1,7 +1,33 @@
-# Change Log
+# Changelog
 
-## [Unreleased](https://github.com/voxpupuli/puppet_webhook/tree/HEAD)
+All notable changes to this project will be documented in this file.
+Each new release typically also includes the latest modulesync defaults.
+These should not affect the functionality of the module.
 
+## [v1.0.0](https://github.com/voxpupuli/puppet_webhook/tree/v1.0.0) (2017-12-21)
+[Full Changelog](https://github.com/voxpupuli/puppet_webhook/compare/v0.1.0...v1.0.0)
+
+**Implemented enhancements:**
+
+- \(\#puppethack\) Add cli binary [\#40](https://github.com/voxpupuli/puppet_webhook/pull/40) ([dhollinger](https://github.com/dhollinger))
+
+**Closed issues:**
+
+- Move all routes into a routes/ directory [\#26](https://github.com/voxpupuli/puppet_webhook/issues/26)
+
+**Merged pull requests:**
+
+- Update config options and docs [\#41](https://github.com/voxpupuli/puppet_webhook/pull/41) ([dhollinger](https://github.com/dhollinger))
+- Fix payload gentypes [\#39](https://github.com/voxpupuli/puppet_webhook/pull/39) ([dhollinger](https://github.com/dhollinger))
+- Add simple config.ru file [\#38](https://github.com/voxpupuli/puppet_webhook/pull/38) ([dhollinger](https://github.com/dhollinger))
+- Switch to using rack-bodyparser [\#36](https://github.com/voxpupuli/puppet_webhook/pull/36) ([alexjfisher](https://github.com/alexjfisher))
+- Move routes into a routes directory [\#35](https://github.com/voxpupuli/puppet_webhook/pull/35) ([dhollinger](https://github.com/dhollinger))
+- Fix generate\_types typo [\#34](https://github.com/voxpupuli/puppet_webhook/pull/34) ([alexjfisher](https://github.com/alexjfisher))
+- Fix Code Climate badges [\#33](https://github.com/voxpupuli/puppet_webhook/pull/33) ([alexjfisher](https://github.com/alexjfisher))
+- Add reporting to CodeClimate and associated badges [\#32](https://github.com/voxpupuli/puppet_webhook/pull/32) ([alexjfisher](https://github.com/alexjfisher))
+- Report coverage to Codacy and add badge [\#31](https://github.com/voxpupuli/puppet_webhook/pull/31) ([alexjfisher](https://github.com/alexjfisher))
+
+## [v0.1.0](https://github.com/voxpupuli/puppet_webhook/tree/v0.1.0) (2017-11-17)
 **Implemented enhancements:**
 
 - Cleanup config loader [\#2](https://github.com/voxpupuli/puppet_webhook/issues/2)
@@ -13,6 +39,7 @@
 
 **Merged pull requests:**
 
+- Development release 0.1.0 [\#24](https://github.com/voxpupuli/puppet_webhook/pull/24) ([dhollinger](https://github.com/dhollinger))
 - Add rubygems deploy to travis [\#23](https://github.com/voxpupuli/puppet_webhook/pull/23) ([dhollinger](https://github.com/dhollinger))
 - Fix TFS checks and add more fixtures/tests [\#22](https://github.com/voxpupuli/puppet_webhook/pull/22) ([dhollinger](https://github.com/dhollinger))
 - Fix README badges after project rename [\#21](https://github.com/voxpupuli/puppet_webhook/pull/21) ([dhollinger](https://github.com/dhollinger))

data/README.md

@@ -4,6 +4,9 @@
 [![Build Status](https://img.shields.io/travis/voxpupuli/puppet_webhook.svg)](https://travis-ci.org/voxpupuli/puppet_webhook)
 [![Gem Version](https://img.shields.io/gem/v/puppet_webhook.svg)](https://rubygems.org/gems/puppet_webhook)
 [![Gem Downloads](https://img.shields.io/gem/dt/puppet_webhook.svg)](https://rubygems.org/gems/puppet_webhook)
+[![Maintainability](https://api.codeclimate.com/v1/badges/f4f083a54a85f4cc97f0/maintainability)](https://codeclimate.com/github/voxpupuli/puppet_webhook/maintainability)
+[![Test Coverage](https://api.codeclimate.com/v1/badges/f4f083a54a85f4cc97f0/test_coverage)](https://codeclimate.com/github/voxpupuli/puppet_webhook/test_coverage)
+[![Codacy Badge](https://api.codacy.com/project/badge/Grade/f73823762ec947889866c63c4ea47540)](https://www.codacy.com/app/VoxPupuli/puppet_webhook?utm_source=github.com&utm_medium=referral&utm_content=voxpupuli/puppet_webhook&utm_campaign=Badge_Grade)
 [![Coverage Status](https://coveralls.io/repos/github/voxpupuli/puppet_webhook/badge.svg?branch=master)](https://coveralls.io/github/voxpupuli/puppet_webhook?branch=master)
 [![Dependency Status](https://gemnasium.com/badges/github.com/voxpupuli/puppet_webhook.svg)](https://gemnasium.com/github.com/voxpupuli/puppet_webhook)
 
@@ -12,11 +15,6 @@
 puppet_webhook is a Sinatra-based application receiving REST-based calls to trigger Puppet and r10k-related tasks such as:
 
 * Webhooks from Source Code systems to trigger r10k environment and module deploys
-* REST calls from systems to trigger Puppet Decommissions such as:
-    * `puppet node clean`
-    * `puppet cert clean`
-    * `puppet cert revoke`
-    * etc.
 * Send notifications via Slack
 
 ## Prerequisites
@@ -39,12 +37,24 @@ NOTE: RPM, DEB, and Arch packages are planned for future releases.
 
 ### Running puppet_webhook
 
-Once installed, you can run the application by simply executing the `puppet_webhook` binary.
+#### Quick Start
 
-This binary will default to using the bundled configuration files and run in a non-daemon mode. This mode is useful for debugging purposes, but it probably not ideal for production use.
-You can also set the `server_type` option in `/etc/puppet_webhook/server.yml` to `daemon` to run the application in the background. By default the application will log to `/var/log/puppet_webhook/access.log`.
+Simply run `# puppet_webhook` after installation to start puppet_webhook in non-daemon mode on your system. This is great for testing the server out.
 
-NOTE: During the Prerelease stage, the `/etc/puppet_webhook` and `/var/log/puppet_webhook` directories need to be manually created. This will be fixed in for General Availability.
+#### CLI Tool
+
+The `puppet_webhook` CLI command has several options you can pass it as well.
+
+To see these options run `# puppet_webook -h` in your terminal to see all the options.
+
+#### Start using Rack-based server software
+
+A `config.ru` file is also packaged with the application to provide users with the ability to start the app using their own rack-based server such as
+unicorn or puma. It will use the defaults passed to it by said server.
+
+#### Service Start
+
+Once the native packages are built, they will include default systemd and/or sysvinit service files that you can use to start puppet_webhook as well.
 
 ### Configuring puppet_webhook
 
@@ -56,154 +66,194 @@ Any configuration option is placed in `/etc/puppet_webhook/server.yml` or `/etc/
 
 #### Configuration options
 
-#### server.yml
+#### Command-Line Options
+
+* `-h, --help`: Display the default help output.
+* `-d, --debug`: Set logging to debug mode.
+* `-l [LOGFILE], --logfile [LOGFILE]`: Define a logfile to log to.
+* `-p PORT, --port PORT`: Define port to listen on. Default: `8088`
+* `-D, --daemon`: Run WEBrick in Daemon mode.
+* `--pidfile FILE`: Define the PID File for the application's process. Default: `/var/run/puppet_webhook/webhook.pid`
+* `--ssl`: Enable SSL Support.
+* `--ssl-cert FILE`: Specify the SSL cert to use. Pair with `--ssl-key`. Requires `--ssl` option or `ssl_enable: true` in config file.
+* `--ssl-key FILE`: Specify the SSL Private key to use. Pair with `--ssl-cert`. Requires `--ssl` or `ssl_enable: true` in config file.
+* `-c FILE, --configfile FILE`: Specifies a config file to use. Must be a `.yml` file in YAML format.
+
+
+#### Server Configuration File
+
+The Server configuration file is a YAML formatted file with file extension `.yml` and defined with the `-c` or `--configfile`
+command line option. These settings are exclusively for setting server configs and currently will override any command line settings
+passed.
+
+When using the default SystemD unit file or SysVInit service file, the server configuration file will default to `/etc/puppet_webhook/server.yml` (Not implemented yet).
+
+##### Options
 
 #####`server_type`
+
 Determines if the Webrick server should run in Simple or Daemon mode.     
 * Valid options: [ `simple`, `daemon` ].      
 * Default: `simple` 
 
 ##### `logfile`
+
 Location to write the log file to.
-* Default: `/var/log/puppet_webhook/access.log`
+* Default: `/var/log/puppet_webhook`
 
-##### `pidfile`
-Location of the application's PID file
-* Default: `/var/run/puppet_webhook/webhook.pid`
+##### `loglevel`
 
-##### `lockfile`
-Location of the application's Lockfile
-* Default: `/var/run/puppet_webhook/webhook.lock`
+Define the logging level.
+* Default: `WARN`
 
-##### `approot`
-Location of the Root of the application's directory
-* Default: `./`
-NOTE: Currently unused
+##### `pidfile`
 
-##### `bind_address`
-IPv4 Address to bind to.
-* MUST BE VALID IPv4 ADDRESS.
-* Default: `0.0.0.0`
+Location of the application's PID file
+* Default: `/var/run/puppet_webhook/webhook.pid`
 
 ##### `port`
+
 Port number to bind to.
 * Valid options: Integer between `1024` and `65535`
 * Default: `8088`
 
 ##### `enable_ssl`
+
 Whether or not to enable SSL communication.
 * Valid options: [ `true`, `false` ]
 * Default: `false`
 
-##### `verify_ssl`
+##### `ssl_verify`
+
 Whether or not to verify the SSL CA/Peer on the certifcate. Set to false if using a self-signed certificate and the CA is not installed locally.
 * Valid options: [ `true`, `false` ]
 * Default: `false`
 
-##### `public_key_path`
+##### `ssl_cert`
+
 Path to the public SSL certificate for puppet_webhook. REQUIRED IF `ssl_enable` IS SET TO `true`
-* Default: ''
 
-##### `private_key_path`
+##### `ssl_key`
+
 Path to the SSL Private Key for puppet_webhook. REQUIRED IF `ssl_enable` IS SET TO `true`
-* Default: ''
 
-##### `command_prefix`
-Command to prefix the r10k and puppet commands with when executed.
-* Default: 'umask 0022;'
+#### Application Configuration File
 
-#### app.yml
+This file stores the configuration for the Application itself. A default configuration file is included in the `APP_ROOT/config/app.yml`.
 
-##### `enable_mutex_lock`
-Force all requests to syncronize on a mutex lock, ensuring that only a single request is processed at a time.
+The SystemD unit and SysVInit service files will use `/etc/puppet_webhook/app.yml` by default (Not implemented yet).
+
+Currently, the above two locations are the only valid locations for the app.yml file. Like the Server Config, it must be a .yml file in YAML format.
+
+##### Options
+
+##### `protected`
+
+Whether or not to require authentication when sending to puppet_webhook.
 * Valid options: [ `true`, `false` ]
 * Default: `false`
 
 ##### `user`
-User for which the sending application must authenticate with.
-* Default: `puppet`
+
+User for which the sending application must authenticate with. Required if `protected` is true.
 
 ##### `pass`
-Password for which the sending application must authenticate with.
-* Default: `puppet`
 
-##### `protected`
-Whether or not to require authentication when sending to puppet_webhook.
-* Valid options: [ `true`, `false` ]
-* Default: `true`
+Password for which the sending application must authenticate with. Require if `protected` is true.
 
 ##### client_cfg
+
 Mcollective client configuration file.
 * Default: `/var/lib/peadmin/.mcollective`
 
 ##### client_timeout
+
 Mcollective client timeout in seconds.
 * MUST BE A STRING
 * Default: `"120"`
 
 ##### use_mco_ruby
+
 Whether or not to execute MCollective via Ruby Client Library or not. REQUIRES MCOLLECTIVE AND MCOLLECTIVE R10K!
 * Valid options: [ `true`, `false` ]
 * Default: `false`
 
-##### discovery_timeout
-MCollective Ruby discovery timeout. REQUIRES `use_mco_ruby` TO BE `true`.
-* Default: `'10'`
-
 ##### use_mcollective
+
 Whether or not to use MCollective CLI command. REQUIRES MCOLLECTIVE AND MCOLLECTIVE R10K.
 * Valid options: [ `true`, `false` ]
 * Default: `false`
 
+##### discovery_timeout
+
+MCollective Ruby discovery timeout. REQUIRES `use_mco_ruby` TO BE `true`.
+* Default: `'10'`
+
 ##### slack_webhook
+
 Whether or not to use Slack Notifications.
 * Valid options: [ `true`, `false` ]
 * Default: `false`
 
-##### slack_channel
-Slack channel to notify.
-* Default: `'#default'`
-
-##### slack_user
-Slack user to notify as.
-* Default: `'r10k'`
-
 ##### slack_proxy_url
+
 The proxy URL for Slack if used.
 * MUST BE A VALID URL.
 * Default: `nil`
 
 ##### default_branch
+
 The default git branch to use with the r10k Control Repo.
 * Default: `production`
 
 ##### ignore_environment
+
 An Array of environments for r10k to ignore during deployment.
 * Default: []
 
 ##### prefix
+
 r10k Environment Prefix to use. When set to `repo`, `user`, or `command`, the prefix will be generated from the repo_name, repo_user, or `prefix_command`. Otherwise it will set the prefix to the passed string. `false` disables prefix.
 * Valid Options: [ `repo`, `user`, `command`, `<String_value>`, `false` ]
-* Default: `false`
+* Default: `nil`
 
 ##### prefix_command
+
 Command to execute that will generate an r10k environment prefix.
 * Default: ''
 
 ##### r10k_deploy_arguments
+
 r10k command arguments to pass to the `r10k deploy environment` command.
 * Default: `"-pv"`
 
 ##### allow_uppercase
+
 Whether or not to allow uppercase letters in environment names. If false, then puppet_webhook assumes environment names are downcase. If `true`, then puppet_webhook will normalize the environment name.
 * Valid options: [ `true`, `false` ]
 * Default: `true`
 
 ##### github_secret
+
 Used to verify the signature on a repo. Currently only supported for Github repos.
 * MUST BE A VALID OPENSSL `sha1` HASH.
 * Default: `nil`
 
 ##### repository_events
+
 Array of webhook events to ignore.
 * Default: `nil`
+
+## Getting Help
+
+* IRC: Vox Pupuli has a dedicated channel, `#voxpupuli`, on Freenode where `puppet_webhook` questions can be directed.
+* Mailing Lists: [voxpupuli](https://groups.io/g/voxpupuli)
+* Slack: Vox Pupuli has a dedicated Slack Channel, `#voxpupuli`, on  the [Puppet Community](https://slack.puppet.com/) Slack.
+
+## Contributors
+
+A big thank you to all our [Contributor](https://github.com/voxpupuli/puppet_webhook/graphs/contributors)
+
+## License
+
+See LICENSE

data/bin/puppet_webhook

@@ -1,43 +1,111 @@
 #!/usr/bin/env ruby
 require 'openssl'
-require 'sinatra'
-require 'sinatra/config_file'
+require 'optparse'
 require 'webrick'
 require 'webrick/https'
 require 'puppet_webhook'
 
-config_file(File.join(__dir__, '..', 'config', 'server.yml'), '/etc/puppet_webhook/server.yml')
+approot = File.expand_path(File.join(File.dirname(__FILE__), '..'))
+options = {
+  host: '0.0.0.0',
+  port: '8088',
+  logfile: $stderr,
+  loglevel: WEBrick::Log::WARN,
+  server_type: WEBrick::SimpleServer
+}
+
+ssl_opts = { ssl_verify: false }
+
+optparse = OptionParser.new do |opts| # rubocop:disable Metrics/BlockLength
+  opts.banner = 'Usage: puppet_webhook [-p <port>] [-l <logfile>] [-d]
+       -- Starts the Puppet Webhook API service.
+
+'
+
+  opts.on('-d', '--debug', 'Display or log messages.') do
+    options[:loglevel] = WEBrick::Log::DEBUG
+  end
+
+  opts.on('-l [LOGFILE]', '--logfile [LOGFILE]',
+          'Path to logfile. Defaults to no logging, or /var/log/puppet_webhook if no filename is passed.') do |arg|
+    options[:logfile] = arg || '/var/log/puppet_webhook'
+  end
+
+  opts.on('-p PORT', '--port PORT', 'Port to listen on. Defaults to 8088.') do |arg|
+    options[:port] = arg
+  end
+
+  opts.on('-D', '--daemon', 'Run the server in daemon mode. Defaults to simple if not passed') do
+    options[:server_type] = WEBrick::Daemon
+  end
+
+  opts.on('--pidfile FILE', 'Specify the PID file to use.') do |arg|
+    options[:pidfile] = arg || '/var/run/puppet_webhook/webhook.pid'
+  end
 
-PIDFILE = settings.pidfile
-LOCKFILE = settings.lockfile
-APP_ROOT = settings.approot
-COMMAND_PREFIX = settings.command_prefix
-LOGGER = WEBrick::Log.new(settings.logfile, WEBrick::Log::DEBUG)
+  opts.on('--ssl', 'Enable SSL Support.') do
+    ssl_opts[:enable_ssl] = true
+  end
 
-case settings.server_type
-when 'simple'
-  server_type = WEBrick::SimpleServer
-when 'daemon'
-  server_type = WEBrick::Daemon
+  opts.on('--ssl-cert FILE', 'Specify the SSL cert to use. Pair with --ssl-key.') do |arg|
+    ssl_opts[:ssl_cert] = OpenSSL::X509::Certificate.new(File.open(arg).read)
+  end
+
+  opts.on('--ssl-key FILE', 'Specify the SSL key to use. Pair with --ssl-cert.') do |arg|
+    ssl_opts[:ssl_key] = OpenSSL::PKey::RSA.new(File.open(arg))
+  end
+
+  opts.on('-c FILE', '--configfile FILE', 'Specifies a configuration file to use.') do |arg|
+    @server_config = arg
+  end
+
+  opts.separator('')
+
+  opts.on('-h', '--help') do
+    puts
+    puts opts
+    puts
+    exit
+  end
 end
 
-opts = {
-  Host: settings.bind_address,
-  Port: settings.port,
-  Logger: LOGGER,
-  ServerType: server_type,
-  ServerSoftware: settings.server_software,
-  SSLEnable: settings.enable_ssl,
-  StartCallBack: proc { File.open(PIDFILE, 'w') { |f| f.write Process.pid } }
+optparse.parse!
+
+if @server_config
+  config_file(@server_config)
+  if settings.respond_to? :server_type=
+    options[:server_type] = WEBrick::Daemon if settings.server_type == 'daemon'
+  end
+  options[:host] = settings.host if settings.respond_to? :host=
+  options[:port] = settings.port if settings.respond_to? :port=
+  options[:pidfile] = settings.pidfile if settings.respond_to? :pidfile=
+  options[:logfile] = settings.logfile if settings.respond_to? :logfile=
+  options[:loglevel] = settings.loglevel if settings.respond_to? :loglevel=
+  ssl_opts[:enable_ssl] = settings.enable_ssl if settings.respond_to? :enable_ssl=
+  ssl_opts[:ssl_verify] = settings.ssl_verify if settings.respond_to? :ssl_verify=
+  ssl_opts[:ssl_cert] = settings.ssl_cert if settings.respond_to? :ssl_cert=
+  ssl_opts[:ssl_key] = settings.enable_ssl if settings.respond_to? :ssl_key=
+end
+
+LOGGER = WEBrick::Log.new(options[:logfile], options[:loglevel])
+
+webrick_opts = {
+  Host: options[:host],
+  Port: options[:port],
+  DocumentRoot: approot,
+  ServerType: options[:server_type],
+  ServerSoftware: PuppetWebhook,
+  StartCallBack: proc { File.open(options[:pidfile], 'w') { |f| f.write Process.pid } }
 }
 
-if settings.enable_ssl
-  opts[:SSLVerifyClient] = settings.verify_ssl
-  opts[:SSLCertificate] = OpenSSL::X509::Certificate.new(File.open(settings.public_key_path).read)
-  opts[:SSLPrivateKey] = OpenSSL::PKey::RSA.new(File.open(settings.private_key_path).read)
-  opts[:SSLCertName] = [['CN', WEBrick::Utils.getservername]]
+if ssl_opts[:enable_ssl]
+  webrick_opts[:SSLEnable] = ssl_opts[:enable_ssl]
+  webrick_opts[:SSLVerifyClient] = ssl_opts[:ssl_verify]
+  webrick_opts[:SSLCertificate] = ssl_opts[:ssl_cert]
+  webrick_opts[:SSLPrivateKey] = ssl_opts[:ssl_key]
+  webrick_opts[:SSLCertName] = [['CN', WEBrick::Utils.getservername]]
 end
 
-Rack::Handler::WEBrick.run(PuppetWebhook, opts) do |server|
+Rack::Handler::WEBrick.run(PuppetWebhook, webrick_opts) do |server|
   %i[INT TERM].each { |sig| trap(sig) { server.stop } }
 end

data/config/app.yml

@@ -1,21 +1,22 @@
-enable_mutex_lock: false
+# Authentication
+protected: true
 user: puppet
 pass: puppet
-protected: true
+
+# Mcollective
 client_cfg: "/var/lib/peadmin/.mcollective"
 client_timeout: "120"
 use_mco_ruby: false
 use_mcollective: false
+discovery_timeout: '10'
+
+# Slack Notifications
 slack_webhook: false
-slack_channel: '#default'
-slack_username: 'r10k'
-slack_proxy_url: ~
+
+# R10k
 default_branch: production
-discovery_timeout: '10'
 ignore_environments: []
-prefix: ~
 prefix_command: ''
 r10k_deploy_arguments: "-pv"
 allow_uppercase: true
-github_secret: ~
-repository_events: ~
+command_prefix: 'umask 0022;'

data/lib/helpers/data_parsers.rb

@@ -15,4 +15,8 @@ module DataParsers # rubocop:disable Style/Documentation
     signature = 'sha1=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), settings.github_secret, payload_body)
     throw(:halt, [500, "Signatures didn't match!\n"]) unless Rack::Utils.secure_compare(signature, request.env['HTTP_X_HUB_SIGNATURE'])
   end
+
+  def payload
+    env['parsed_body']
+  end
 end

data/lib/helpers/deployments.rb

@@ -7,10 +7,10 @@ module Deployments # rubocop:disable Style/Documentation
       message = result.results[:statusmsg]
     else
       command = if settings.use_mcollective
-                  "#{COMMAND_PREFIX} mco r10k deploy #{branch} #{settings.mco_arguments}"
+                  "#{settings.command_prefix} mco r10k deploy #{branch} #{settings.mco_arguments}"
                 else
                   # If you don't use mcollective then this hook needs to be running as r10k's user i.e. root
-                  "#{COMMAND_PREFIX} r10k deploy environment #{branch} #{settings.r10k_deploy_arguments}"
+                  "#{settings.command_prefix} r10k deploy environment #{branch} #{settings.r10k_deploy_arguments}"
                 end
       message = run_command(command)
     end
@@ -31,9 +31,9 @@ module Deployments # rubocop:disable Style/Documentation
 
   def deploy_module(module_name)
     command = if settings.use_mcollective
-                "#{COMMAND_PREFIX} mco r10k deploy_module #{module_name} #{settings.mco_arguments}"
+                "#{settings.command_prefix} mco r10k deploy_module #{module_name} #{settings.mco_arguments}"
               else
-                "#{COMMAND_PREFIX} r10k deploy module #{module_name}"
+                "#{settings.command_prefix} r10k deploy module #{module_name}"
               end
     message = run_command(command)
     LOGGER.info("message: #{message} module_name: #{module_name}")

data/lib/helpers/tasks.rb

@@ -1,9 +1,10 @@
 require 'open3'
 require 'slack-notifier'
 require 'mcollective'
-include MCollective::RPC
 
 module Tasks # rubocop:disable Style/Documentation
+  include MCollective::RPC
+
   def ignore_env?(env)
     list = settings.ignore_environments
     return false if list.nil? || list.empty?
@@ -46,28 +47,20 @@ module Tasks # rubocop:disable Style/Documentation
   end
 
   def run_command(command)
-    message = ''
-    File.open(LOCKFILE, 'w+') do |file|
-      # r10k has a small race condition which can cause failed deploys if two happen
-      # more or less simultaneously. To mitigate, we just lock on a file and wait for
-      # the other one to complete.
-      file.flock(File::LOCK_EX)
-
-      if Open3.respond_to?('capture3')
-        stdout, stderr, exit_status = Open3.capture3(command)
-        message = "triggered: #{command}\n#{stdout}\n#{stderr}"
-      else
-        message = "forked: #{command}"
-        Process.detach(fork { exec "#{command} &" })
-        exit_status = 0
-      end
-      raise "#{stdout}\n#{stderr}" if exit_status != 0
+    if Open3.respond_to?('capture3')
+      stdout, stderr, exit_status = Open3.capture3(command)
+      message = "triggered: #{command}\n#{stdout}\n#{stderr}"
+    else
+      message = "forked: #{command}"
+      Process.detach(fork { exec "#{command} &" })
+      exit_status = 0
     end
+    raise "#{stdout}\n#{stderr}" if exit_status != 0
     message
   end
 
   def generate_types(environment)
-    command = "#{COMMAND_PREFIX} /opt/puppetlabs/puppet/bin generate types --environment #{environment}"
+    command = "#{settings.command_prefix} /opt/puppetlabs/puppet/bin generate types --environment #{environment}"
 
     message = run_command(command)
     LOGGER.info("message: #{message} environment: #{environment}")
@@ -82,9 +75,6 @@ module Tasks # rubocop:disable Style/Documentation
   def notify_slack(status_message)
     return unless settings.slack_webhook
 
-    slack_channel = settings.slack_channel  || '#default'
-    slack_user    = settings.slack_username || 'r10k'
-
     if settings.slack_proxy_url
       uri = URI(settings.slack_proxy_url)
       http_options = {
@@ -97,8 +87,8 @@ module Tasks # rubocop:disable Style/Documentation
     end
 
     notifier = Slack::Notifier.new settings.slack_webhook do
-      defaults channel: slack_channel,
-               username: slack_user,
+      defaults channel: '#general',
+               username: 'puppet_webhook',
                icon_emoji: ':ocean:',
                http_options: http_options
     end
@@ -138,8 +128,9 @@ module Tasks # rubocop:disable Style/Documentation
   end
 
   def types?
-    return false if settings.generate_tasks.nil?
-    settings.generate_tasks
+    return false unless settings.respond_to?(:generate_types=)
+    return false if settings.generate_types.nil?
+    settings.generate_types
   end
 
   def authorized?

data/lib/parsers/webhook_json_parser.rb

@@ -1,9 +1,11 @@
-require 'rack/parser'
+require 'rack/bodyparser'
 require 'json'
 
 module Sinatra
   module Parsers
     class WebhookJsonParser # rubocop:disable Style/Documentation
+      attr_accessor :env, :data
+
       def call(body)
         @data = JSON.parse(body, quirks_mode: true)
         @vcs  = detect_vcs
@@ -27,35 +29,23 @@ module Sinatra
 
       def github_webhook?
         # https://developer.github.com/v3/activity/events/types/#pushevent
-        # X-GitHub-Event header is set, but not accessible here.
-        return false unless @data.key? 'repository'
-        return false unless @data['repository'].key? 'id'
-        return false unless @data['repository'].key? 'html_url'
-        return false unless @data['repository']['html_url'] =~ %r{github\.com}
-        true
+        env.key?('HTTP_X_GITHUB_EVENT')
       end
 
       def gitlab_webhook?
         # https://docs.gitlab.com/ce/user/project/integrations/webhooks.html
-        # X-Gitlab-Event is set, but not accessible here.
-        return false unless @data.key? 'object_kind'
-        return false unless @data.key? 'ref'
-        true
+        env.key?('HTTP_X_GITLAB_EVENT')
       end
 
       # stash/bitbucket server
       def stash_webhook?
         # https://confluence.atlassian.com/bitbucketserver/post-service-webhook-for-bitbucket-server-776640367.html
-        return false unless @data.key? 'refChanges'
-        true
+        env.key?('HTTP_X_ATLASSIAN_TOKEN')
       end
 
       def bitbucket_webhook?
         # https://confluence.atlassian.com/bitbucket/event-payloads-740262817.html
-        return false unless @data.key? 'actor'
-        return false unless @data.key? 'repository'
-        return false unless @data.key? 'push'
-        true
+        env.key?('HTTP_X_EVENT_KEY')
       end
 
       def tfs_webhook?
@@ -97,8 +87,6 @@ module Sinatra
           @data['push']['changes'][0]['closed']
         when 'tfs'
           @data['resource']['refUpdates'][0]['newObjectId'] == '0000000000000000000000000000000000000000'
-        else
-          false
         end
       end
 

data/lib/puppet_webhook.rb

@@ -4,148 +4,48 @@ require 'json'
 require 'cgi'
 require 'parsers/webhook_json_parser'
 
+# Routes
+require_relative 'routes/default'
+require_relative 'routes/module'
+require_relative 'routes/payload'
+
 class PuppetWebhook < Sinatra::Base # rubocop:disable Style/Documentation
   set :root, File.dirname(__FILE__)
-  use Rack::Parser,
+  use Rack::BodyParser,
       parsers: { 'application/json' => Sinatra::Parsers::WebhookJsonParser.new },
       handlers: { 'application/json' => proc { |e, type| [400, { 'Content-Type' => type }, [{ error: e.to_s }.to_json]] } }
   register Sinatra::ConfigFile
 
   config_file(File.join(__dir__, '..', 'config', 'app.yml'), '/etc/puppet_webhook/app.yml')
 
+  # Sinatra settings
   set :static, false
-  set :lock, true if settings.enable_mutex_lock
+  set :lock, true
+
+  # Custom Settings
+  set :protected, false unless settings.respond_to? :protected=
+  set :client_cfg, '/var/lib/peadmin/.mcollective' unless settings.respond_to? :client_cfg=
+  set :client_timeout, '120' unless settings.respond_to? :client_timeout=
+  set :use_mco_ruby, false unless settings.respond_to? :use_mco_ruby=
+  set :use_mcollective, false unless settings.respond_to? :use_mcollective=
+  set :discovery_timeout, false unless settings.respond_to? :discovery_timeout=
+  set :slack_webhook, false unless settings.respond_to? :slack_webhook=
+  set :slack_proxy_url, nil unless settings.respond_to? :slack_proxy_url=
+  set :default_branch, 'production' unless settings.respond_to? :default_branch=
+  set :ignore_environments, [] unless settings.respond_to? :ignore_environments=
+  set :prefix, nil unless settings.respond_to? :prefix=
+  set :prefix_command, '' unless settings.respond_to? :prefix_command=
+  set :r10k_deploy_arguments, '-pv' unless settings.respond_to? :r10k_deploy_arguments=
+  set :allow_uppercase, true unless settings.respond_to? :allow_uppercase=
+  set :command_prefix, 'umask 0022;' unless settings.respond_to? :command_prefix=
+  set :github_secret, nil unless settings.respond_to? :github_secret=
+  set :repository_events, nil unless settings.respond_to? :respository_events=
 
   require 'helpers/init'
 
-  get '/' do
-    raise Sinatra::NotFound
-  end
-
-  get '/heartbeat' do
-    return 200, { status: :success, message: 'running' }.to_json
-  end
-
-  # TODO: Move examples into the README.md
-  # Simulate a github post:
-  # curl -X POST \
-  #      -H "Content-Type: application/json" \
-  #      -d '{ \
-  #            "repository": { \
-  #              "id": 12345, \
-  #              "name": "puppetlabs-stdlib", \
-  #              "html_url": "http://github.com", \
-  #              "owner": {\
-  #                "login": "foo"
-  #              } \
-  #            } \
-  #          }' \
-  #      'https://puppet:puppet@localhost:8088/module' -k -q
-  #
-  # Simulate a BitBucket post:
-  # curl -X POST \
-  #      -H "Content-Type: application/json" \
-  #      -d '{ \
-  #            "repository": { \
-  #              "full_name": "puppetlabs/puppetlabs-stdlib", \
-  #              "name": "PuppetLabs : StdLib"
-  #        } }' \
-  #      'https://puppet:puppet@localhost:8088/module' -k -q
-  #
-  # This example shows that, unlike github, BitBucket allows special characters
-  # in repository names but translates it to generate a full_name which
-  # is used in the repository URL and is most useful for this webhook handler.
-  post '/module' do
-    protected! if settings.protected
-    request.body.rewind # in case someone has already read it
-
-    # Short circuit if we're ignoring this event
-    return 200 if ignore_event?
-
-    # TODO: Move these two lines of code into the parser
-    decoded = request.body.read
-    verify_signature(decoded) if verify_signature?
-
-    module_name = params['module_name']
-
-    module_name = sanitize_input(module_name)
-    LOGGER.info("Deploying module #{module_name}")
-    deploy_module(module_name)
-  end
-
-  # Simulate a github post:
-  # curl -d '{ "ref": "refs/heads/production" }' -H "Accept: application/json" 'https://puppet:puppet@localhost:8088/payload' -k -q
-  #
-  # If using stash look at the stash_mco.rb script included here.
-  # It will filter the stash post and make it look like a github post.
-  #
-  # Simulate a Gitorious post:
-  # curl -X POST -d '%7b%22ref%22%3a%22master%22%7d' 'http://puppet:puppet@localhost:8088/payload' -q
-  # Yes, Gitorious does not support https...
-  #
-  # Simulate a BitBucket post:
-  # curl -X POST -d '{ "push": { "changes": [ { "new": { "name": "production" } } ] } }' \
-  #      'https://puppet:puppet@localhost:8088/payload' -k -q
-
-  post '/payload' do # rubocop:disable Metrics/BlockLength
-    LOGGER.info "params = #{params}"
-    protected! if settings.protected
-    request.body.rewind # in case someone already read it
-
-    # Short circuit if we're ignoring this event
-    return 200 if ignore_event?
-
-    # Check if content type is x-www-form-urlencoded
-    decoded = if request.content_type.to_s.casecmp('application/x-www-form-urlencoded').zero?
-                CGI.unescape(request.body.read).gsub(%r{^payload\=}, '')
-              else
-                request.body.read
-              end
-    verify_signature(decoded) if verify_signature?
-    data = JSON.parse(decoded, quirks_mode: true)
-
-    # Iterate the data structure to determine what's should be deployed
-    branch = params['branch']
-
-    # If prefix is enabled in our config file, determine what the prefix should be
-    prefix = case settings.prefix
-             when :repo
-               params['repo_name']
-             when :user
-               params['repo_user']
-             when :command, TrueClass
-               run_prefix_command(data.to_json)
-             when String
-               settings.prefix
-             end
-
-    # When a branch is being deleted, a deploy against it will result in a failure, as it no longer exists.
-    # Instead, deploy the default branch, which will purge deleted branches per the user's configuration
-    deleted = params['deleted']
-
-    branch = if deleted
-               settings.default_branch
-             else
-               sanitize_input(branch)
-             end
-
-    # r10k doesn't yet know how to deploy all branches from a single source.
-    # The best we can do is just deploy all environments by passing nil to
-    # deploy() if we don't know the correct branch.
-    env = if prefix.nil? || prefix.empty? || branch.nil? || branch.empty?
-            normalize(branch)
-          else
-            normalize("#{prefix}_#{branch}")
-          end
-
-    if ignore_env?(env)
-      LOGGER.info("Skipping deployment of environment #{env} according to ignore_environments configuration parameter")
-      return 200
-    else
-      LOGGER.info("Deploying environment #{env}")
-      deploy(env, deleted)
-    end
-  end
+  register Sinatra::PuppetWebhookRoutes::Default
+  register Sinatra::PuppetWebhookRoutes::Module
+  register Sinatra::PuppetWebhookRoutes::Payload
 
   not_found do
     halt 404, "You shall not pass! (page not found)\n"

data/lib/routes/default.rb

@@ -0,0 +1,18 @@
+require 'sinatra'
+
+module Sinatra
+  module PuppetWebhookRoutes
+    # Registers the default GET routes for PuppetWebhook
+    module Default
+      def self.registered(puppet_webhook)
+        puppet_webhook.get '/' do
+          raise Sinatra::NotFound
+        end
+
+        puppet_webhook.get '/heartbeat' do
+          return 200, { status: :success, message: 'running' }.to_json
+        end
+      end
+    end
+  end
+end

data/lib/routes/module.rb

@@ -0,0 +1,28 @@
+require 'sinatra'
+
+module Sinatra
+  module PuppetWebhookRoutes
+    # Registers a POST endpoint for the PuppetWebhook App
+    module Module
+      def self.registered(puppet_webhook)
+        puppet_webhook.post '/module' do
+          protected! if settings.protected
+          request.body.rewind # in case someone has already read it
+
+          # Short circuit if we're ignoring this event
+          return 200 if ignore_event?
+
+          # TODO: Move these two lines of code into the parser
+          decoded = request.body.read
+          verify_signature(decoded) if verify_signature?
+
+          module_name = payload[:module_name]
+
+          module_name = sanitize_input(module_name)
+          LOGGER.info("Deploying module #{module_name}")
+          deploy_module(module_name)
+        end
+      end
+    end
+  end
+end

data/lib/routes/payload.rb

@@ -0,0 +1,70 @@
+require 'sinatra'
+
+module Sinatra
+  module PuppetWebhookRoutes
+    # Registers a POST route for the Payload endpoint on PuppetWebhook
+    module Payload
+      def self.registered(puppet_webhook)
+        puppet_webhook.post '/payload' do # rubocop:disable Metrics/BlockLength
+          LOGGER.info "parsed payload contained: #{payload}"
+          protected! if settings.protected
+          request.body.rewind # in case someone already read it
+
+          # Short circuit if we're ignoring this event
+          return 200 if ignore_event?
+
+          # Check if content type is x-www-form-urlencoded
+          decoded = if request.content_type.to_s.casecmp('application/x-www-form-urlencoded').zero?
+                      CGI.unescape(request.body.read).gsub(%r{^payload\=}, '')
+                    else
+                      request.body.read
+                    end
+          verify_signature(decoded) if verify_signature?
+          data = JSON.parse(decoded, quirks_mode: true)
+
+          # Iterate the data structure to determine what's should be deployed
+          branch = payload[:branch]
+
+          # If prefix is enabled in our config file, determine what the prefix should be
+          prefix = case settings.prefix
+                   when :repo
+                     payload[:repo_name]
+                   when :user
+                     payload[:repo_user]
+                   when :command, TrueClass
+                     run_prefix_command(data.to_json)
+                   when String
+                     settings.prefix
+                   end
+
+          # When a branch is being deleted, a deploy against it will result in a failure, as it no longer exists.
+          # Instead, deploy the default branch, which will purge deleted branches per the user's configuration
+          deleted = payload[:deleted]
+
+          branch = if deleted
+                     settings.default_branch
+                   else
+                     sanitize_input(branch)
+                   end
+
+          # r10k doesn't yet know how to deploy all branches from a single source.
+          # The best we can do is just deploy all environments by passing nil to
+          # deploy() if we don't know the correct branch.
+          env = if prefix.nil? || prefix.empty? || branch.nil? || branch.empty?
+                  normalize(branch)
+                else
+                  normalize("#{prefix}_#{branch}")
+                end
+
+          if ignore_env?(env)
+            LOGGER.info("Skipping deployment of environment #{env} according to ignore_environments configuration parameter")
+            return 200
+          else
+            LOGGER.info("Deploying environment #{env}")
+            deploy(env, deleted)
+          end
+        end
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: puppet_webhook
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 1.0.0
 platform: ruby
 authors:
 - Vox Pupuli
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-11-17 00:00:00.000000000 Z
+date: 2017-12-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json
@@ -39,7 +39,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rack-parser
+  name: rack-bodyparser
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -108,6 +108,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: codacy-coverage
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: coveralls
   requirement: !ruby/object:Gem::Requirement
@@ -218,13 +232,15 @@ files:
 - README.md
 - bin/puppet_webhook
 - config/app.yml
-- config/server.yml
 - lib/helpers/data_parsers.rb
 - lib/helpers/deployments.rb
 - lib/helpers/init.rb
 - lib/helpers/tasks.rb
 - lib/parsers/webhook_json_parser.rb
 - lib/puppet_webhook.rb
+- lib/routes/default.rb
+- lib/routes/module.rb
+- lib/routes/payload.rb
 homepage: https://github.com/voxpupuli/puppet_webhook
 licenses:
 - apache
@@ -246,7 +262,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.2
+rubygems_version: 2.7.3
 signing_key: 
 specification_version: 4
 summary: Sinatra Webhook Server for Puppet/R10K

data/config/server.yml

@@ -1,13 +0,0 @@
-server_type: simple
-logfile: /var/log/puppet_webhook/access.log
-pidfile: /var/run/puppet_webhook/webhook.pid
-lockfile: /var/run/puppet_webhook/webhook.lock
-approot: './'
-server_software: PuppetWebhook
-bind_address: 0.0.0.0
-port: 8088
-enable_ssl: false
-verify_ssl: false
-public_key_path: ''
-private_key_path: ''
-command_prefix: 'umask 0022;'