vagrant-proxyconf 2.0.2 → 2.0.7

data/lib/vagrant-proxyconf/action.rb

@@ -33,14 +33,11 @@ module VagrantPlugins
           b.use Builtin::Call, IsEnabled do |env, b2|
             # next if !env[:result]
 
-            # TODO: Do we really need to configure only specific proxies after the provisioner runs?
-            #       Shouldn't they already be configured by this point?
-            #       Cody Lane - Dec 2018
-            # b2.use ConfigureDockerProxy
-            # b2.use ConfigureGitProxy
-            # b2.use ConfigureNpmProxy
-            # b2.use ConfigurePearProxy
-            # b2.use ConfigureSvnProxy
+            b2.use ConfigureDockerProxy
+            b2.use ConfigureGitProxy
+            b2.use ConfigureNpmProxy
+            b2.use ConfigurePearProxy
+            b2.use ConfigureSvnProxy
           end
         end
       end

data/lib/vagrant-proxyconf/action/base.rb

@@ -87,13 +87,17 @@ module VagrantPlugins
           local_tmp = tempfile(config)
 
           logger.debug "Configuration (#{path}):\n#{config}"
+
           @machine.communicate.tap do |comm|
-            comm.sudo("rm -f #{tmp}", error_check: false)
             comm.upload(local_tmp.path, tmp)
-            comm.sudo("chmod #{opts[:mode] || '0644'} #{tmp}")
-            comm.sudo("chown #{opts[:owner] || 'root:root'} #{tmp}")
-            comm.sudo("mkdir -p #{File.dirname(path)}")
-            comm.sudo("mv -f #{tmp} #{path}")
+            if comm.test("command -v sudo")
+              comm.sudo("chmod #{opts[:mode] || '0644'} #{tmp}")
+              comm.sudo("chown #{opts[:owner] || 'root:root'} #{tmp}")
+              comm.sudo("mkdir -p #{File.dirname(path)}")
+              comm.sudo("mv -f #{tmp} #{path}")
+            else
+              raise Vagrant::Errors::CommandUnavailable.new(file: "sudo")
+            end
           end
         end
 

data/lib/vagrant-proxyconf/action/configure_docker_proxy.rb

@@ -97,9 +97,10 @@ module VagrantPlugins
           @machine.communicate.tap do |comm|
             comm.upload(@docker_client_config_path.path, "/tmp/vagrant-proxyconf-docker-config.json")
             comm.sudo("mkdir -p /etc/docker")
-            comm.sudo("chown root:root /etc/docker")
+            comm.sudo("chown root:docker /etc/docker")
             comm.sudo("mv /tmp/vagrant-proxyconf-docker-config.json /etc/docker/config.json")
-            comm.sudo("chown root:root /etc/docker/config.json")
+            comm.sudo("chown root:docker /etc/docker/config.json")
+            comm.sudo("chmod 0644 /etc/docker/config.json")
             comm.sudo("rm -f /tmp/vagrant-proxyconf-docker-config.json")
 
             comm.sudo("sed -i.bak -e '/^DOCKER_CONFIG/d' /etc/environment")
@@ -154,6 +155,7 @@ module VagrantPlugins
             end
 
             comm.sudo('chown -R 0:0 /etc/systemd/system/docker.service.d/')
+            comm.sudo('touch /etc/systemd/system/docker.service.d/http-proxy.conf')
             comm.sudo('chmod 0644 /etc/systemd/system/docker.service.d/http-proxy.conf')
 
             if changed
@@ -197,10 +199,11 @@ module VagrantPlugins
 
           # https://docs.docker.com/network/proxy/#configure-the-docker-client
           # if docker version >= 17.07 it supports config.json
-          return true if major >= 17 && minor >= 7
-
           # docker version < 17.07 so it does not support config.json
-          return false
+          return false if major <= 17 && minor < 7
+
+          # docker version must be >= 17.07 so we return true
+          return true
         end
 
         def supports_systemd?
@@ -234,7 +237,7 @@ module VagrantPlugins
 
           # update config and restart docker when config changed
           comm.sudo("chmod 0644 #{path}.new")
-          comm.sudo("chown root:root #{path}.new")
+          comm.sudo("chown root:docker #{path}.new")
           comm.sudo("mv -f #{path}.new #{path}")
           comm.sudo(service_restart_command)
         end

data/lib/vagrant-proxyconf/config/apt_proxy.rb

@@ -20,6 +20,12 @@ module VagrantPlugins
         # @return [String] the FTP proxy
         key :ftp, env_var: 'VAGRANT_APT_FTP_PROXY'
 
+        # @return [String] whether APT should verify peer certificate
+        key :verify_peer, env_var: 'VAGRANT_APT_VERIFY_PEER'
+
+        # @return [String] whether APT should verify that certificate name matches server name
+        key :verify_host, env_var: 'VAGRANT_APT_VERIFY_HOST'
+
         def finalize!
           super
 
@@ -33,7 +39,15 @@ module VagrantPlugins
 
         # (see KeyMixin#config_for)
         def config_for(key, value)
-          %Q{Acquire::#{key.name}::Proxy #{value.inspect};\n} if value
+          if value
+            if key.name == :verify_host
+              %Q{Acquire::https::Verify-Host #{value.inspect};\n}
+            elsif key.name == :verify_peer
+              %Q{Acquire::https::Verify-Peer #{value.inspect};\n}
+            else
+              %Q{Acquire::#{key.name}::Proxy #{value.inspect};\n}
+            end
+          end
         end
 
         def finalize_uri(key, value)
@@ -55,7 +69,8 @@ module VagrantPlugins
           end
 
           def to_s
-            direct || "#{prefix}#{value}#{suffix}"
+            # direct || "#{prefix}#{value}#{suffix}"
+            direct || verify || "#{prefix}#{value}#{suffix}"
           end
 
           private
@@ -64,6 +79,10 @@ module VagrantPlugins
             'DIRECT' if value.upcase == 'DIRECT'
           end
 
+          def verify
+            value if ["true", "false"].to_set.include? value
+          end
+
           # Hash of deprecation warning sentinels
           @@warned = {}
 

data/lib/vagrant-proxyconf/version.rb

@@ -1,5 +1,5 @@
 module VagrantPlugins
   module ProxyConf
-    VERSION = '2.0.2'
+    VERSION = '2.0.7'
   end
 end

data/spec/unit/support/shared/apt_proxy_config.rb

@@ -8,6 +8,10 @@ end
 def conf_line(proto, name, port = 3142)
   if name == :direct
     %Q{Acquire::#{proto}::Proxy "DIRECT";\n}
+  elsif proto == :verify_peer
+    %Q{Acquire::https::Verify-Peer "#{name}";\n}
+  elsif proto == :verify_host
+    %Q{Acquire::https::Verify-Host "#{name}";\n}
   else
     port = ":#{port}" if port
     %Q{Acquire::#{proto}::Proxy "#{proto}://#{name}#{port}";\n}
@@ -65,6 +69,14 @@ shared_examples "apt proxy config" do |proto|
       end
     end
 
+    [:verify_peer, :verify_host].each do |verify|
+      context "with #{verify.inspect}" do
+        subject        { config_with(verify => "false") }
+        its(:enabled?) { should be_truthy }
+        its(:to_s)     { should eq conf_line(verify, "false") }
+      end
+    end
+
     [false, ""].each do |unset|
       context "with #{unset.inspect}" do
         subject        { config_with(proto => unset) }

data/spec/unit/vagrant-proxyconf/action/configure_docker_proxy_spec.rb

@@ -10,7 +10,7 @@ def mock_write_docker_config(machine)
   allow(machine).to receive_message_chain(:communicate, :sudo).with("cat /tmp/vagrant-proxyconf >> /etc/default/docker.new")
   allow(machine).to receive_message_chain(:communicate, :test).with("diff /etc/default/docker.new /etc/default/docker")
   allow(machine).to receive_message_chain(:communicate, :sudo).with("chmod 0644 /etc/default/docker.new")
-  allow(machine).to receive_message_chain(:communicate, :sudo).with("chown root:root /etc/default/docker.new")
+  allow(machine).to receive_message_chain(:communicate, :sudo).with("chown root:docker /etc/default/docker.new")
   allow(machine).to receive_message_chain(:communicate, :sudo).with("mv -f /etc/default/docker.new /etc/default/docker")
   allow(machine).to receive_message_chain(:communicate, :sudo).with("kill -HUP `pgrep -f 'docker'` || systemctl restart docker || service docker restart || /etc/init.d/docker restart")
   allow(machine).to receive_message_chain(:communicate, :sudo).with("rm -f /tmp/vagrant-proxyconf /etc/default/docker.new")
@@ -19,12 +19,13 @@ end
 def mock_update_docker_client_config(machine)
   allow(machine).to receive_message_chain(:communicate, :upload)
   allow(machine).to receive_message_chain(:communicate, :sudo).with("mv /tmp/vagrant-proxyconf-docker-config.json /etc/docker/config.json")
-  allow(machine).to receive_message_chain(:communicate, :sudo).with("chown root:root /etc/docker/config.json")
+  allow(machine).to receive_message_chain(:communicate, :sudo).with("chown root:docker /etc/docker/config.json")
+  allow(machine).to receive_message_chain(:communicate, :sudo).with("chmod 0644 /etc/docker/config.json")
   allow(machine).to receive_message_chain(:communicate, :sudo).with("rm -f /tmp/vagrant-proxyconf-docker-config.json")
   allow(machine).to receive_message_chain(:communicate, :sudo).with("sed -i.bak -e '/^DOCKER_CONFIG/d' /etc/environment")
   allow(machine).to receive_message_chain(:communicate, :sudo).with("echo DOCKER_CONFIG=/etc/docker >> /etc/environment")
   allow(machine).to receive_message_chain(:communicate, :sudo).with("mkdir -p /etc/docker")
-  allow(machine).to receive_message_chain(:communicate, :sudo).with("chown root:root /etc/docker")
+  allow(machine).to receive_message_chain(:communicate, :sudo).with("chown root:docker /etc/docker")
 end
 
 def mock_update_docker_systemd_config(machine)
@@ -163,6 +164,7 @@ describe VagrantPlugins::ProxyConf::Action::ConfigureDockerProxy do
             allow(machine).to receive_message_chain(:communicate, :sudo).with("mkdir -p /etc/systemd/system/docker.service.d")
             allow(machine).to receive_message_chain(:communicate, :upload).with(@docker_proxy.instance_variable_get(:@docker_systemd_config), "/tmp")
             allow(machine).to receive_message_chain(:communicate, :sudo).with('chown -R 0:0 /etc/systemd/system/docker.service.d/')
+            allow(machine).to receive_message_chain(:communicate, :sudo).with('touch /etc/systemd/system/docker.service.d/http-proxy.conf')
             allow(machine).to receive_message_chain(:communicate, :sudo).with('chmod 0644 /etc/systemd/system/docker.service.d/http-proxy.conf')
             allow(machine).to receive_message_chain(:communicate, :test).with('command -v systemctl').and_return(false)
             allow(machine).to receive_message_chain(:communicate, :test).with('diff -Naur /etc/systemd/system/docker.service.d/http-proxy.conf /tmp/vagrant-proxyconf-docker-systemd-config').and_return(false)

data/spec/unit/vagrant-proxyconf/action/configure_svn_proxy_spec.rb

@@ -4,6 +4,7 @@ require 'vagrant-proxyconf/action/configure_svn_proxy'
 def mock_write_config(machine)
   allow(machine).to receive_message_chain(:communicate, :sudo).with("rm -f /tmp/vagrant-proxyconf", error_check: false)
   allow(machine).to receive_message_chain(:communicate, :upload)
+  allow(machine).to receive_message_chain(:communicate, :test).with('command -v sudo').and_return(true)
   allow(machine).to receive_message_chain(:communicate, :sudo).with("chmod 0644 /tmp/vagrant-proxyconf")
   allow(machine).to receive_message_chain(:communicate, :sudo).with("chown root:root /tmp/vagrant-proxyconf")
   allow(machine).to receive_message_chain(:communicate, :sudo).with("mkdir -p /etc/subversion")

data/test/issues/172/README.md

@@ -10,7 +10,7 @@ bundle exec vagrant up default
 ## Expect
 
 
-### Box `default``
+### Box `default`
 
   - The box `default` is a docker container that will be a reverse
     proxy. It should provision itself and work without errors.
@@ -21,7 +21,7 @@ bundle exec vagrant up default
   - **NOTE**: You'll need to use `docker exec <hash> -it bash` to get into the container
 
 
-### Box `docker-host`
+### Box `docker_host`
 
   - Vagrant should automatically instally docker-ce.
   - The box should come up and provision itself with the proxy settings

data/test/issues/172/Vagrantfile

@@ -27,9 +27,10 @@ Vagrant.configure("2") do |config|
 
     c.vm.provider "docker" do |d|
       d.build_dir = "."
-      d.expose = ["#{$PROXY_PORT}"]
       d.has_ssh = true
-      d.ports = ["#{$PROXY_PORT}", "#{$PROXY_PORT}"].join(':')
+      d.ports = [
+        "#{$PROXY_PORT}:#{$PROXY_PORT}",
+      ]
     end
   end
 

data/test/issues/180/spec/docker_host/redhat_spec.rb

@@ -10,9 +10,9 @@ end
 describe file('/etc/docker/config.json') do
   it { should be_file }
   it { should exist }
-  it { should be_mode 600 }
+  it { should be_mode 644 }
   it { should be_owned_by "root" }
-  it { should be_grouped_into "root" }
+  it { should be_grouped_into "docker" }
 end
 
 context 'when proxy is enabled' do

data/test/issues/192/.rspec

@@ -0,0 +1,2 @@
+--color
+--format documentation

data/test/issues/192/Dockerfile

@@ -0,0 +1,47 @@
+FROM centos:7
+
+ENV CI_USERNAME vagrant
+ENV CI_PASSWORD vagrant
+ENV CI_HOMEDIR  /home/vagrant
+ENV CI_SHELL    /bin/bash
+
+EXPOSE 8888
+
+RUN yum clean all && \
+    yum makecache fast && \
+    yum -y install epel-release && \
+    yum clean expire-cache && \
+    yum -y install \
+      curl \
+      initscripts \
+      openssh-clients \
+      openssh-server \
+      sudo \
+      tinyproxy
+
+RUN /usr/sbin/sshd-keygen && \
+    mkdir -p /var/run/sshd && \
+    rm -f /usr/lib/tmpfiles.d/systemd-nologin.conf
+
+RUN if ! getent passwd $CI_USERNAME; then \
+      useradd -m -d ${CI_HOMEDIR} -s ${CI_SHELL} $CI_USERNAME; \
+    fi && \
+    echo "${CI_USERNAME}:${CI_PASSWORD}" | chpasswd && \
+    echo "${CI_USERNAME} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && \
+    mkdir -p /etc/sudoers.d && \
+    echo "${CI_USERNAME} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/${CI_USERNAME} && \
+    chmod 0440 /etc/sudoers.d/${CI_USERNAME} && \
+    mkdir -p ${CI_HOMEDIR}/.ssh && \
+    chown -R ${CI_USERNAME}:${CI_USERNAME} ${CI_HOMEDIR}/.ssh && \
+    chmod 0700 ${CI_HOMEDIR}/.ssh && \
+    curl -L https://raw.githubusercontent.com/hashicorp/vagrant/master/keys/vagrant.pub > ${CI_HOMEDIR}/.ssh/vagrant.pub && \
+    touch ${CI_HOMEDIR}/.ssh/authorized_keys && \
+    grep -q "$(cat ${CI_HOMEDIR}/.ssh/vagrant.pub | awk '{print $2}')" ${CI_HOMEDIR}/.ssh/authorized_keys || cat ${CI_HOMEDIR}/.ssh/vagrant.pub >> ${CI_HOMEDIR}/.ssh/authorized_keys && \
+    chown ${CI_USERNAME}:${CI_USERNAME} ${CI_HOMEDIR}/.ssh/authorized_keys && \
+    chmod 0600 ${CI_HOMEDIR}/.ssh/authorized_keys
+
+COPY tinyproxy.conf /etc/tinyproxy/tinyproxy.conf
+COPY entrypoint.sh /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
+CMD [ "start" ]

data/test/issues/192/Dockerfile.bionic

@@ -0,0 +1,40 @@
+FROM ubuntu:bionic
+
+ENV CI_USERNAME vagrant
+ENV CI_PASSWORD vagrant
+ENV CI_HOMEDIR  /home/vagrant
+ENV CI_SHELL    /bin/bash
+
+RUN apt-get -y update && \
+    mkdir -p /run/sshd && \
+    apt-get -y install \
+      apt-transport-https \
+      ca-certificates \
+      curl \
+      gnupg-agent \
+      openssh-client \
+      openssh-server \
+      software-properties-common \
+      sudo
+
+RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - && \
+    sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" && \
+    rm -f /usr/lib/tmpfiles.d/systemd-nologin.conf && \
+    if ! getent passwd $CI_USERNAME; then \
+      useradd -m -d ${CI_HOMEDIR} -s ${CI_SHELL} $CI_USERNAME; \
+    fi && \
+    echo "${CI_USERNAME}:${CI_PASSWORD}" | chpasswd && \
+    echo "${CI_USERNAME} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && \
+    mkdir -p /etc/sudoers.d && \
+    echo "${CI_USERNAME} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/${CI_USERNAME} && \
+    chmod 0440 /etc/sudoers.d/${CI_USERNAME} && \
+    mkdir -p ${CI_HOMEDIR}/.ssh && \
+    chown -R ${CI_USERNAME}:${CI_USERNAME} ${CI_HOMEDIR}/.ssh && \
+    chmod 0700 ${CI_HOMEDIR}/.ssh && \
+    curl -L https://raw.githubusercontent.com/hashicorp/vagrant/master/keys/vagrant.pub > ${CI_HOMEDIR}/.ssh/vagrant.pub && \
+    touch ${CI_HOMEDIR}/.ssh/authorized_keys && \
+    grep -q "$(cat ${CI_HOMEDIR}/.ssh/vagrant.pub | awk '{print $2}')" ${CI_HOMEDIR}/.ssh/authorized_keys || cat ${CI_HOMEDIR}/.ssh/vagrant.pub >> ${CI_HOMEDIR}/.ssh/authorized_keys && \
+    chown ${CI_USERNAME}:${CI_USERNAME} ${CI_HOMEDIR}/.ssh/authorized_keys && \
+    chmod 0600 ${CI_HOMEDIR}/.ssh/authorized_keys
+
+CMD [ "/usr/sbin/sshd", "-D" ]

data/test/issues/192/README.md

@@ -0,0 +1,29 @@
+Tests
+-----
+
+If you are testing the current release of this plugin via bundler
+
+```
+bundle exec vagrant up default
+```
+
+## Expect
+
+
+### Box `default`
+
+  - The box `default` is a docker container that will be a reverse
+    proxy. It should provision itself and work without errors.
+
+  - You can check that the proxy is working by
+    `tail -f /var/log/tinyproxy/tinyproxy.log` inside the container
+
+  - **NOTE**: You'll need to use `docker exec <hash> -it bash` to get into the container
+
+
+### Box `docker-host`
+
+  - Vagrant should automatically instally docker-ce.
+  - The box should come up and provision itself with the proxy settings
+    configured in your Vagrantfile.
+  - **NOTE**: You can use `ssh` to connect to this container.

data/test/issues/192/Rakefile

@@ -0,0 +1,27 @@
+require 'rake'
+require 'rspec/core/rake_task'
+
+task :spec    => 'spec:all'
+task :default => :spec
+
+namespace :spec do
+  targets = []
+  Dir.glob('./spec/*').each do |dir|
+    next unless File.directory?(dir)
+    target = File.basename(dir)
+    target = "_#{target}" if target == "default"
+    targets << target
+  end
+
+  task :all     => targets
+  task :default => :all
+
+  targets.each do |target|
+    original_target = target == "_default" ? target[1..-1] : target
+    desc "Run serverspec tests to #{original_target}"
+    RSpec::Core::RakeTask.new(target.to_sym) do |t|
+      ENV['TARGET_HOST'] = original_target
+      t.pattern = "spec/#{original_target}/*_spec.rb"
+    end
+  end
+end

data/test/issues/192/Vagrantfile

@@ -0,0 +1,64 @@
+# this should be the IP address of the :default box
+$PROXY_HOST ="172.17.0.1"
+$PROXY_PORT="8888"
+$PROXY_NO_PROXY=[
+  'localhost',
+]
+
+ENV['HTTP_PROXY']  = ENV.fetch('HTTP_PROXY',  "http://#{$PROXY_HOST}:#{$PROXY_PORT}")
+ENV['HTTPS_PROXY'] = ENV.fetch('HTTPS_PROXY', "http://#{$PROXY_HOST}:#{$PROXY_PORT}")
+ENV['NO_PROXY']    = ENV.fetch('NO_PROXY',    $PROXY_NO_PROXY.join(","))
+
+puts "HTTP_PROXY  = '#{ENV["HTTP_PROXY"]}'"
+puts "HTTPS_PROXY = '#{ENV["HTTPS_PROXY"]}'"
+puts "NO_PROXY    = '#{ENV["NO_PROXY"]}'"
+
+puts "vagrant-proxyconf is installed? #{Vagrant.has_plugin?('vagrant-proxyconf')}"
+
+
+Vagrant.configure("2") do |config|
+
+  config.vm.define 'default' do |c|
+    c.vm.box = nil
+
+    if Vagrant.has_plugin?('vagrant-proxyconf')
+      c.proxy.enabled = false
+    end
+
+    c.vm.provider "docker" do |d|
+      d.build_dir = "."
+      d.has_ssh = true
+      d.ports = [
+        "#{$PROXY_PORT}:#{$PROXY_PORT}",
+      ]
+    end
+  end
+
+  config.vm.define 'docker_host' do |c|
+    c.vm.box = nil
+
+   if Vagrant.has_plugin?('vagrant-proxyconf')
+      c.proxy.http     = ENV['HTTP_PROXY']
+      c.proxy.https    = ENV['HTTPS_PROXY']
+      c.proxy.no_proxy = ENV['NO_PROXY']
+      c.proxy.enabled = {
+        :apt => {
+          :enabled => true,
+          :skip    => false,
+        },
+        :env => {
+          :enabled => false,
+          :skip    => false,
+        }
+      }
+    end
+
+    c.vm.provider "docker" do |d|
+      d.build_dir = "."
+      d.dockerfile = "Dockerfile.bionic"
+      d.has_ssh = true
+    end
+
+  end
+
+end