trinidad_sandbox_extension 0.4.2 → 1.0.0

data/Gemfile

@@ -0,0 +1,4 @@
+source :gemcutter
+
+# Specify your gem's dependencies in test_gem.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,56 @@
+PATH
+  remote: .
+  specs:
+    trinidad_sandbox_extension (0.4.2)
+      grit
+      haml
+      json
+      sinatra
+      sinatra-authorization
+      sinatra-flash
+      sinatra-respond_to
+      trinidad (>= 1.0.1)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    diff-lcs (1.1.2)
+    grit (2.4.1)
+      diff-lcs (~> 1.1)
+      mime-types (~> 1.15)
+    haml (3.0.25)
+    jruby-rack (1.0.7)
+    json (1.5.1-java)
+    mime-types (1.16)
+    mocha (0.9.12)
+    rack (1.2.1)
+    rspec (2.5.0)
+      rspec-core (~> 2.5.0)
+      rspec-expectations (~> 2.5.0)
+      rspec-mocks (~> 2.5.0)
+    rspec-core (2.5.1)
+    rspec-expectations (2.5.0)
+      diff-lcs (~> 1.1.2)
+    rspec-mocks (2.5.0)
+    sinatra (1.2.0)
+      rack (~> 1.1)
+      tilt (>= 1.2.2, < 2.0)
+    sinatra-authorization (1.0.0)
+      sinatra (>= 0.9.1.1)
+    sinatra-flash (0.3.0)
+      sinatra (>= 1.0.0)
+    sinatra-respond_to (0.6.0)
+      sinatra (~> 1.1)
+    tilt (1.2.2)
+    trinidad (1.0.5)
+      jruby-rack (>= 1.0.2)
+      trinidad_jars (>= 0.3.0)
+    trinidad_jars (1.0.0)
+
+PLATFORMS
+  java
+
+DEPENDENCIES
+  mocha
+  rspec (>= 2.2)
+  trinidad_sandbox_extension!

data/History.txt

@@ -1,3 +1,9 @@
+== 1.0.0 (2011-03-17)
+
+* New design
+* Git based deployment
+* Readonly mode
+
 == 0.4.2 (2010-12-21)
 
 * Fix application name when the context path is an empty string

data/README

@@ -36,11 +36,38 @@ It also supports basic authentication, we'll have to specify the username and pa
       username: manager
       password: XXXXXXX
 
+We can also use the console in readonly mode, so users can see the applications deployed but they cannot deploy new ones or modify them:
+
+--- 
+  extensions:
+    sandbox:
+      readonly: true
+
 # FEATURES
 
 The console as well as the REST api allow to list all the applications managed by that Trinidad's instance and start/stop them.
 By security reasons the sandbox application is not listed nor can be stopped.
 
+# GIT DEPLOYMENT
+
+The sandbox console also allows to deploy new applications into Trinidad via Git. By default it uses ssh keys to access to the repository with the user `git`.
+
+We can also use git hooks to deploy applications via a POST-Receive callback. 
+In this case we use a token for authentication that must be set in the configuration, then we'll use an url like we show bellow in our hook:
+
+---
+  extensions:
+    sandbox:
+      deploy_token: ULTRA_SECRET_TOKEN
+
+POST-Receive url: http://host/sandbox/deploy?deploy_token=ULTRA_SECRET_TOKEN
+
+If we want to let users to deploy applications in public git repositories we can also disable the ssh authentication with the option `git_ssh`:
+
+---
+  extensions:
+    sandbox:
+      git_ssh: false
 
 # TODO
 

data/git-hooks/post-commit

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+git log --name-only -n1 | grep 'src/main/java' > /dev/null
+
+if [ $? = 0 ]; then
+  rake "ant:build" && git add trinidad-libs/trinidad-sandbox-extension.jar && git ci -m "update extension jar with the latest source code"
+fi

data/lib/trinidad_sandbox_extension.rb

@@ -6,7 +6,7 @@ require File.expand_path('../../trinidad-libs/trinidad-sandbox-extension', __FIL
 module Trinidad
   module Extensions
     class SandboxServerExtension < ServerExtension
-      VERSION = '0.4.2'
+      VERSION = '1.0.0'
 
       def configure(tomcat)
         opts = prepare_options
@@ -42,12 +42,33 @@ module Trinidad
         app_ctx.privileged = true
 
         if opts[:username] && opts[:password]
-          app_ctx.servlet_context.setAttribute("sandbox_username", opts[:username].to_s);
-          app_ctx.servlet_context.setAttribute("sandbox_password", opts[:password].to_s);
+          app_ctx.servlet_context.set_attribute("sandbox_username", opts[:username].to_s);
+          app_ctx.servlet_context.set_attribute("sandbox_password", opts[:password].to_s);
         end
 
+        app_ctx.servlet_context.set_attribute('deploy_token', opts[:deploy_token]) if opts[:deploy_token]
+        app_ctx.servlet_context.set_attribute('host_name', opts[:host_name]) if opts[:host_name]
+
+        app_ctx.servlet_context.set_attribute('enable_default', boolean_option(opts[:enable_default]))
+
+        app_ctx.servlet_context.set_attribute('git_ssh', boolean_option(opts[:git_ssh]))
+
+        app_ctx.servlet_context.set_attribute('readonly', boolean_option(opts[:readonly], false))
+
         app_ctx
       end
+
+      private
+      def boolean_option(option, default = true)
+        option.nil? ? default : option
+      end
+    end
+
+    class SandboxOptionsExtension < OptionsExtension
+      def configure(parser, default_options)
+        default_options[:extensions] ||= {}
+        default_options[:extensions][:sandbox] = {}
+      end
     end
   end
 end

data/lib/trinidad_sandbox_extension/app/helpers/{sandbox.rb → auth.rb}

@@ -1,8 +1,6 @@
-
 module Trinidad
   module Sandbox
     module Helpers
-
       module Auth
         require 'sinatra/authorization'
         include Sinatra::Authorization
@@ -17,6 +15,24 @@ module Trinidad
 
         def authorization_realm; "Trinidad's sandbox"; end
 
+        def basic_auth_required?(request)
+          !token_required?(request)
+        end
+
+        def token_required?(request)
+          request.path == '/deploy'
+        end
+
+        def token_required(params, realm = authorization_realm)
+          return if authorized_by_token?(params)
+          response["WWW-Authenticate"] = %(Basic realm="#{realm}")
+          throw :halt, [401, "Deploy Token Required"]
+        end
+
+        def authorized_by_token?(params)
+          deploy_token.nil? || params[:deploy_token] == deploy_token
+        end
+
         private
         def sandbox_username
           @sandbox_username ||= $servlet_context.getAttribute('sandbox_username')
@@ -25,24 +41,9 @@ module Trinidad
         def sandbox_password
           @sandbox_password ||= $servlet_context.getAttribute('sandbox_password')
         end
-      end
-
-      module Context
-        def sandbox_context
-          @sandbox_context ||= $servlet_context.getAttribute('sandbox_context')
-        end
-
-        def context_not_found(name)
-          flash[:warning] = "application not found: #{name}"
-          $servlet_context.log "application not found: #{name}"
-          respond_to do |wants|
-            wants.html { redirect sandbox_context.path }
-            wants.xml { status 404 }
-          end
-        end
 
-        def host
-          $servlet_context.getAttribute('tomcat_host')
+        def deploy_token
+          @deploy_token ||= $servlet_context.get_attribute('deploy_token')
         end
       end
     end

data/lib/trinidad_sandbox_extension/app/helpers/context.rb

@@ -0,0 +1,72 @@
+module Trinidad
+  module Sandbox
+    module Helpers
+      module Context
+        def sandbox_context
+          @sandbox_context ||= $servlet_context.getAttribute('sandbox_context')
+        end
+
+        def enable_default?
+          !!$servlet_context.getAttribute('enable_default')
+        end
+
+        def git_ssh?
+          !!$servlet_context.getAttribute('git_ssh')
+        end
+
+        def readonly?
+          !!$servlet_context.get_attribute('readonly')
+        end
+
+        def render_readonly
+          warning "The console has been started as READONLY, you can access to that resource"
+          redirect_to_home 401
+        end
+
+        def context_not_found(name)
+          warning "It seems the application #{name} is not running on Trinidad"
+          redirect_to_home 404
+        end
+
+        def repo_not_found
+          warning "The repository url is required to clone the application", :now
+          respond_to_invalid_deploy
+        end
+
+        def invalid_app_path(path)
+          warning "The path #{path} is not valid, please remove the slashes", :now
+          respond_to_invalid_deploy
+        end
+
+        def host
+          $servlet_context.getAttribute('tomcat_host')
+        end
+
+        def redirect_to_home(status_code)
+          respond_to do |wants|
+            wants.html { redirect sandbox_context.path }
+            wants.xml { status status_code }
+          end
+        end
+
+        def respond_to_invalid_deploy
+          @page_id = 'deploy'
+          respond_to do |wants|
+            wants.html { haml :deploy }
+            wants.xml { status 400 }
+          end
+        end
+
+        def warning(message, req = :next)
+          flash.send(req)[:warning] = message
+          $servlet_context.log message
+        end
+
+        def available_context?(context)
+          context.name != sandbox_context.name || enable_default? ||
+            (!enable_default? && context.name == 'default')
+        end
+      end
+    end
+  end
+end

data/lib/trinidad_sandbox_extension/app/helpers/deploy.rb

@@ -0,0 +1,106 @@
+module Trinidad
+  module Sandbox
+    module Helpers
+      module Deploy
+        require 'grit'
+        require 'json'
+        require 'uri'
+        require 'fileutils'
+
+        def deploy_from_form(params)
+          repo_url = params["repo"]
+          if repo_url.empty?
+            repo_not_found
+          else
+            branch = params["branch"]
+            branch = 'master' if branch.empty?
+
+            ssh = normalize_uri repo_url
+            path = params["path"]
+            path = path_from_repo(ssh) if path.empty? && !enable_default?
+
+            unless valid_path? path
+              invalid_app_path(path)
+            else
+              status = find_and_deploy(ssh, branch, path)
+              redirect_to_home status
+            end
+          end
+        end
+
+        def deploy_from_web_hook(params)
+          payload = JSON.parse(params['payload'])
+          url = payload['repository']['url']
+          branch = File.basename payload['ref']
+
+          ssh = normalize_uri url
+          path = path_from_repo(ssh)
+
+          status = find_and_deploy(ssh, branch, path)
+        end
+
+        def find_and_deploy(repo, branch, path)
+          dest = File.join(host.app_base, path)
+
+          deployed_app = ApplicationContext.find_by_doc_base(dest)
+          status = if deployed_app
+            redeploy_application(deployed_app, repo, branch, dest)
+            204
+          else
+            deploy_new_application(path, repo, branch, dest)
+            201
+          end
+        end
+
+        def deploy_new_application(path, repo, branch, dest)
+          clone(repo, branch, dest)
+          bundle(dest)
+          ApplicationContext.create(path, dest)
+        end
+
+        def redeploy_application(context, repo, branch, dest)
+          context.send(:setPaused, true)
+          FileUtils.rm_rf File.expand_path(dest)
+
+          clone(repo, branch, dest)
+
+          context.reload
+        end
+
+        private
+        def clone(repo, branch, dest)
+          Grit.debug = true
+          Grit::Git.with_timeout(1000) do
+            Grit::Git.new(dest).clone({:branch => branch}, repo, dest)
+          end
+        end
+
+        def bundle(dest)
+          Dir.chdir(dest) do
+            `jruby -S bundle install` if File.exist? 'Gemfile'
+          end
+        end
+
+        def normalize_uri(url)
+          normalized = if git_ssh?
+            return url if url =~ /^git@/
+            uri = URI.parse(url)
+
+            "git@#{uri.host}#{uri.path.sub('/', ':')}"
+          end || url
+
+          normalized << '.git' unless normalized =~ /\.git$/
+          normalized
+        end
+
+        def path_from_repo(repo)
+          repo.split('/').last.sub('.git', '')
+        end
+
+        def valid_path?(path)
+          path.split('/').length == 1
+        end
+      end
+    end
+  end
+end

data/lib/trinidad_sandbox_extension/app/helpers/view.rb

@@ -0,0 +1,39 @@
+module Trinidad
+  module Sandbox
+    module Helpers
+      module View
+        def link_to_deploy
+          %q{<a href="deploy">deploy</a>}
+        end
+
+        def render_parameters(parameters)
+          render = ''
+
+          parameters.keys.sort.each_with_index do |key, index|
+            column = find_column(parameters, index)
+
+            klass = "column#{column}"
+            klass << " reset" if column == 2 && find_column(parameters, index - 1) == 1
+
+            render << %Q{<li class="#{klass}">#{key} => #{parameters[key]}</li>}
+          end
+
+          render
+        end
+
+        def render_host_name
+          $servlet_context.get_attribute('host_name') || 'HOST_NAME'
+        end
+
+        def render_deploy_token
+          $servlet_context.get_attribute('deploy_token') || 'SECRET_DEPLOY_TOKEN'
+        end
+
+        private
+        def find_column(parameters, index)
+          (parameters.length / 2) > index ? 1 : 2
+        end
+      end
+    end
+  end
+end