From 3368c25194a11e5f9427f0cb1bcb224531abbaaa Mon Sep 17 00:00:00 2001 From: Kashif Saadat Date: Fri, 16 Aug 2019 14:41:37 +0100 Subject: [PATCH] Scan images via Anchore --- .drone.yml | 116 +++++------------- platform-hub-api/.env.test | 60 +++++---- platform-hub-api/Dockerfile | 9 +- platform-hub-api/Gemfile | 8 +- platform-hub-api/Gemfile.lock | 102 +++++++-------- platform-hub-api/app/models/docs_source.rb | 2 +- platform-hub-api/app/models/identity.rb | 2 +- .../app/models/kubernetes_cluster.rb | 4 +- .../app/models/kubernetes_namespace.rb | 2 +- .../app/models/kubernetes_token.rb | 2 +- platform-hub-api/app/models/service.rb | 2 +- .../spec/factories/allocations.rb | 2 +- .../spec/factories/announcement_templates.rb | 6 +- .../spec/factories/announcements.rb | 10 +- platform-hub-api/spec/factories/audits.rb | 14 +-- .../spec/factories/contact_lists.rb | 2 +- .../spec/factories/costs_reports.rb | 10 +- .../spec/factories/docker_repos.rb | 6 +- .../spec/factories/docs_source_entries.rb | 2 +- .../spec/factories/docs_sources.rb | 4 +- .../spec/factories/hash_records.rb | 18 +-- platform-hub-api/spec/factories/identities.rb | 8 +- .../spec/factories/kubernetes_clusters.rb | 4 +- .../spec/factories/kubernetes_groups.rb | 24 ++-- .../spec/factories/kubernetes_namespaces.rb | 2 +- .../spec/factories/kubernetes_tokens.rb | 6 +- .../spec/factories/platform_themes.rb | 10 +- .../spec/factories/project_memberships.rb | 4 +- platform-hub-api/spec/factories/projects.rb | 4 +- platform-hub-api/spec/factories/qa_entries.rb | 2 +- platform-hub-api/spec/factories/services.rb | 2 +- .../factories/support_request_templates.rb | 8 +- platform-hub-api/spec/factories/users.rb | 6 +- platform-hub-api/spec/rails_helper.rb | 4 +- .../spec/services/encryptor_service_spec.rb | 2 +- platform-hub-api/test.sh | 10 ++ 36 files changed, 221 insertions(+), 258 deletions(-) create mode 100755 platform-hub-api/test.sh diff --git a/.drone.yml b/.drone.yml index 15fd2b5a..165e2f3b 100644 --- a/.drone.yml +++ b/.drone.yml @@ -34,6 +34,12 @@ pipeline: when: event: [push, tag] + web_scan_image: + image: quay.io/ukhomeofficedigital/anchore-submission:latest + image_name: platform-hub-web:${DRONE_COMMIT_SHA} + when: + event: [push, tag] + web_latest_image_to_quay: image: docker:17.07.0-ce secrets: @@ -63,49 +69,17 @@ pipeline: when: event: tag - api_tests: - image: alpine:3.5 + image: ruby:2.3.8-alpine environment: - - SECRET_KEY_BASE=$(head -c30 < /dev/urandom | base64) - PHUB_DB_HOST=postgres - - PHUB_ELASTICSEARCH_URL=noop - - GITHUB_CLIENT_ID=NA - - GITHUB_CLIENT_SECRET=NA - - AGENT_GITHUB_TOKEN=noop - - AGENT_GITHUB_ORG=noop - - AGENT_GITLAB_BASE_URL="http://noop" - - AGENT_GITLAB_TOKEN=noop - - AGENT_GITHUB_ORG_MAIN_TEAM_ID=noop - - AGENT_KEYCLOAK_CLIENT_ID=noop - - AGENT_KEYCLOAK_CLIENT_SECRET=noop - - AGENT_KEYCLOAK_USERNAME=noop - - AGENT_KEYCLOAK_PASSWORD=noop - - AGENT_KEYCLOAK_BASE_URL=noop - - AGENT_KEYCLOAK_REALM=noop - - APP_BASE_URL="http://localhost:3000" - - EMAIL_FROM_ADDRESS="test@example.org" - - EMAIL_MAX_TO_ADDRESSES=10 - - SLACK_WEBHOOK=noop - - FILESTORE_S3_REGION=eu-west-2 - - FILESTORE_S3_BUCKET_NAME=noop - - FILESTORE_S3_ACCESS_KEY_ID=noop - - FILESTORE_S3_SECRET_ACCESS_KEY=noop - - SQS_REGION=noop - - SQS_ACCESS_KEY_ID=noop - - SQS_SECRET_ACCESS_KEY=noop - - SQS_ECR_AGENT_TASKS_QUEUE=noop - - SQS_ECR_AGENT_RESULTS_QUEUE=noop commands: - - apk update && apk upgrade - - apk --update add ca-certificates openssl + - apk -U add ca-certificates libressl postgresql-client postgresql-dev build-base make - update-ca-certificates - - apk --update add bash ruby ruby-irb ruby-rake ruby-io-console ruby-json ruby-bigdecimal libstdc++ tzdata postgresql-client - - apk --update add build-base ruby-dev libc-dev libressl-dev postgresql-dev libffi-dev zlib-dev - "echo 'gem: --no-document' > /etc/gemrc && gem install bundler -v 1.16.2" - cd platform-hub-api - - "/bin/bash -c 'bundle install --jobs 20 --retry 5 --deployment --no-cache'" - - "/bin/bash -c 'bin/setup && bundle exec rspec'" + - bundle install --jobs 20 --retry 5 --deployment + - ./test.sh when: event: [push, tag] @@ -123,64 +97,39 @@ pipeline: image: docker:17.10.0 environment: - DOCKER_HOST=tcp://172.17.0.1:2375 - - PORT=6055 - POSTGRES_USER=phub - POSTGRES_PASSWORD=phub_password commands: - - > - docker run - -d - --name phub-api-postgres-${DRONE_BUILD_NUMBER} - -e POSTGRES_USER - -e POSTGRES_PASSWORD - postgres:9.6.1 + - docker run -d -p 5432:5432 --name phub-api-postgres-${DRONE_BUILD_NUMBER} -e POSTGRES_USER -e POSTGRES_PASSWORD postgres:9.6.1 - sleep 5 - 'until docker exec -e POSTGRES_USER -e POSTGRES_PASSWORD phub-api-postgres-${DRONE_BUILD_NUMBER} psql -U $${POSTGRES_USER} -c "select 1" > /dev/null 2>&1; do sleep 2; done' - > docker run - --name platform-hub-api-test - -t --rm - --link phub-api-postgres-${DRONE_BUILD_NUMBER}:phub-postgres-${DRONE_BUILD_NUMBER} - -e PORT - -e PHUB_DB_HOST=phub-postgres-${DRONE_BUILD_NUMBER} - -e PHUB_DB_NAME=phub_development - -e PHUB_DB_USERNAME=$${POSTGRES_USER} - -e PHUB_DB_PASSWORD=$${POSTGRES_PASSWORD} - -e PHUB_ELASTICSEARCH_URL=noop - -e RAILS_LOG_TO_STDOUT=true - -e SECRET_KEY_BASE=$(head -c30 < /dev/urandom | base64) - -e GITHUB_CLIENT_ID=NA - -e GITHUB_CLIENT_SECRET=NA - -e AGENT_GITHUB_TOKEN=noop - -e AGENT_GITHUB_ORG=noop - -e AGENT_GITHUB_ORG_MAIN_TEAM_ID=noop - -e AGENT_GITLAB_BASE_URL="http://noop" - -e AGENT_GITLAB_TOKEN=noop - -e AGENT_KEYCLOAK_CLIENT_ID=noop - -e AGENT_KEYCLOAK_CLIENT_SECRET=noop - -e AGENT_KEYCLOAK_USERNAME=noop - -e AGENT_KEYCLOAK_PASSWORD=noop - -e AGENT_KEYCLOAK_BASE_URL=noop - -e AGENT_KEYCLOAK_REALM=noop - -e APP_BASE_URL="http://localhost:$${PORT}" - -e EMAIL_FROM_ADDRESS="test@example.org" - -e EMAIL_MAX_TO_ADDRESSES=10 - -e SLACK_WEBHOOK=noop - -e FILESTORE_S3_REGION=eu-west-2 - -e FILESTORE_S3_BUCKET_NAME=noop - -e FILESTORE_S3_ACCESS_KEY_ID=noop - -e FILESTORE_S3_SECRET_ACCESS_KEY=noop - -e SQS_REGION=noop - -e SQS_ACCESS_KEY_ID=noop - -e SQS_SECRET_ACCESS_KEY=noop - -e SQS_ECR_AGENT_TASKS_QUEUE=noop - -e SQS_ECR_AGENT_RESULTS_QUEUE=noop + --name phub-api-${DRONE_BUILD_NUMBER} + -t --rm --env-file=platform-hub-api/.env.test + -e PHUB_DB_HOST=phub-api-postgres-${DRONE_BUILD_NUMBER} + --link phub-api-postgres-${DRONE_BUILD_NUMBER} platform-hub-api:${DRONE_COMMIT_SHA} - /bin/bash -c "cd /app; bin/setup && bin/rails server -d; sleep 5; curl -s -f http://127.0.0.1:$${PORT}/healthz" - - docker kill phub-api-postgres-${DRONE_BUILD_NUMBER} + /bin/bash -c "cd /app; bin/setup; bin/rails server -d; sleep 5; curl -s -f http://127.0.0.1:3000/healthz" + when: + event: [push, tag] + + cleanup_postgres: + image: docker:17.10.0 + environment: + - DOCKER_HOST=tcp://172.17.0.1:2375 + commands: - docker rm -f phub-api-postgres-${DRONE_BUILD_NUMBER} when: event: [push, tag] + status: [success, failure] + + api_scan_image: + image: quay.io/ukhomeofficedigital/anchore-submission:latest + image_name: platform-hub-api:${DRONE_COMMIT_SHA} + whitelist: CVE-2019-5419,CVE-2019-5420 + when: + event: [push, tag] api_latest_image_to_quay: image: docker:17.10.0 @@ -212,7 +161,6 @@ pipeline: event: tag services: - postgres: image: postgres:9.6.1 environment: diff --git a/platform-hub-api/.env.test b/platform-hub-api/.env.test index 4affbf22..ba377855 100644 --- a/platform-hub-api/.env.test +++ b/platform-hub-api/.env.test @@ -1,37 +1,43 @@ -#!/usr/bin/env bash +PHUB_DB_PORT=5432 +PHUB_DB_NAME=phub_test +PHUB_DB_USERNAME=phub +PHUB_DB_PASSWORD=phub_password +PHUB_ELASTICSEARCH_URL=noop -# For tests only +SECRET_KEY_BASE=689bfc57506426b2031607a154ddb79ef2681949de099d78a9f36ddd72f893be3e3553f266063ecff40d5182ac433fc839ed27d2abb78fcf174e76e9d91fa2dc -export PHUB_ELASTICSEARCH_URL=noop +GITHUB_CLIENT_ID=noop +GITHUB_CLIENT_SECRET=noop -export SECRET_KEY_BASE=$(head -c30 < /dev/urandom | base64) +AGENT_GITHUB_TOKEN=noop +AGENT_GITHUB_ORG=noop +AGENT_GITHUB_ORG_MAIN_TEAM_ID=10 -export GITHUB_CLIENT_ID=noop -export GITHUB_CLIENT_SECRET=noop +AGENT_GITLAB_BASE_URL="http://noop" +AGENT_GITLAB_TOKEN=noop -export AGENT_GITHUB_TOKEN=noop -export AGENT_GITHUB_ORG=noop -export AGENT_GITHUB_ORG_MAIN_TEAM_ID=10 +SLACK_WEBHOOK=noop -export AGENT_GITLAB_BASE_URL="http://noop" -export AGENT_GITLAB_TOKEN=noop +AGENT_KEYCLOAK_CLIENT_ID=noop +AGENT_KEYCLOAK_CLIENT_SECRET=noop +AGENT_KEYCLOAK_USERNAME=noop +AGENT_KEYCLOAK_PASSWORD=noop +AGENT_KEYCLOAK_BASE_URL=noop +AGENT_KEYCLOAK_REALM=noop -export SLACK_WEBHOOK=noop +FILESTORE_S3_REGION=eu-west-2 +FILESTORE_S3_BUCKET_NAME=noop +FILESTORE_S3_ACCESS_KEY_ID=noop +FILESTORE_S3_SECRET_ACCESS_KEY=noop -export AGENT_KEYCLOAK_CLIENT_ID=noop -export AGENT_KEYCLOAK_CLIENT_SECRET=noop -export AGENT_KEYCLOAK_USERNAME=noop -export AGENT_KEYCLOAK_PASSWORD=noop -export AGENT_KEYCLOAK_BASE_URL=noop -export AGENT_KEYCLOAK_REALM=noop +SQS_REGION=noop +SQS_ACCESS_KEY_ID=noop +SQS_SECRET_ACCESS_KEY=noop +SQS_ECR_AGENT_TASKS_QUEUE=noop +SQS_ECR_AGENT_RESULTS_QUEUE=noop -export FILESTORE_S3_REGION=eu-west-2 -export FILESTORE_S3_BUCKET_NAME=noop -export FILESTORE_S3_ACCESS_KEY_ID=noop -export FILESTORE_S3_SECRET_ACCESS_KEY=noop +APP_BASE_URL="http://localhost:3000" +EMAIL_FROM_ADDRESS="test@example.org" +EMAIL_MAX_TO_ADDRESSES=10 -export SQS_REGION=noop -export SQS_ACCESS_KEY_ID=noop -export SQS_SECRET_ACCESS_KEY=noop -export SQS_ECR_AGENT_TASKS_QUEUE=noop -export SQS_ECR_AGENT_RESULTS_QUEUE=noop +RAILS_ENV=test diff --git a/platform-hub-api/Dockerfile b/platform-hub-api/Dockerfile index ec13e43b..5e9fce27 100644 --- a/platform-hub-api/Dockerfile +++ b/platform-hub-api/Dockerfile @@ -7,7 +7,8 @@ RUN apk update && apk upgrade \ && update-ca-certificates \ && apk --update add \ bash curl ruby ruby-irb ruby-rake ruby-io-console ruby-json ruby-bigdecimal libstdc++ tzdata \ - postgresql-client \ + postgresql-client postgresql-dev \ + && apk --update add --virtual build_deps sudo build-base ruby-dev libc-dev libressl-dev zlib-dev \ && echo 'gem: --no-document' > /etc/gemrc \ && gem install bundler -v 1.16.2 @@ -19,12 +20,10 @@ RUN addgroup -S app \ && chown -R app:app /app # Install deps -RUN apk --update add --virtual build_deps sudo build-base ruby-dev libc-dev libressl-dev zlib-dev && \ - apk --update add postgresql-dev && \ - /bin/bash -c 'sudo -u app bundle install --jobs 20 --retry 5 --deployment --without development test --no-cache' && \ +RUN /bin/bash -c 'sudo -u app bundle install --jobs 20 --retry 5 --deployment --without development test --no-cache' && \ apk del build_deps ENV HOME /app USER 1000 -CMD bundle exec rails s +CMD ["bundle", "exec", "rails", "s"] diff --git a/platform-hub-api/Gemfile b/platform-hub-api/Gemfile index 56e56d56..fb88e30f 100644 --- a/platform-hub-api/Gemfile +++ b/platform-hub-api/Gemfile @@ -2,7 +2,7 @@ source 'https://rubygems.org' ruby '2.3.8' -gem 'rails', '~> 5.0.0', '>= 5.0.7.1' +gem 'rails', '~> 5.0.0', '>= 5.0.7.2' gem 'pg', '~> 0.21.0' gem 'puma', '~> 3.0' gem 'jwt', '1.5.4' @@ -33,13 +33,14 @@ gem 'commonmarker', '~> 0.18.1' gem 'gitlab', '~> 4.5' gem 'exception_notification', '~> 4.2', '>= 4.2.2' gem 'shoryuken', '~> 4.0', '>= 4.0.2' +gem 'tzinfo-data', '>= 1.2019.0' group :development, :test do gem 'byebug', platform: :mri gem 'rspec-rails', '~> 3.7', '>= 3.7.2' gem 'rails-controller-testing', '~> 1.0' gem 'dotenv-rails', '~> 2.2', '>= 2.2.0' - gem 'factory_girl_rails', '~> 4.8' + gem 'factory_bot_rails', '~> 4.8' gem 'shoulda-matchers', '~> 3.1', '>= 3.1.2' end @@ -52,6 +53,3 @@ group :test do gem 'timecop', '~> 0.9.1' gem 'with_model', '~> 2.0' end - -# Windows does not include zoneinfo files, so bundle the tzinfo-data gem -gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby] diff --git a/platform-hub-api/Gemfile.lock b/platform-hub-api/Gemfile.lock index 8767e577..cd16145c 100644 --- a/platform-hub-api/Gemfile.lock +++ b/platform-hub-api/Gemfile.lock @@ -1,25 +1,25 @@ GEM remote: https://rubygems.org/ specs: - actioncable (5.0.7.1) - actionpack (= 5.0.7.1) + actioncable (5.0.7.2) + actionpack (= 5.0.7.2) nio4r (>= 1.2, < 3.0) websocket-driver (~> 0.6.1) - actionmailer (5.0.7.1) - actionpack (= 5.0.7.1) - actionview (= 5.0.7.1) - activejob (= 5.0.7.1) + actionmailer (5.0.7.2) + actionpack (= 5.0.7.2) + actionview (= 5.0.7.2) + activejob (= 5.0.7.2) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.0.7.1) - actionview (= 5.0.7.1) - activesupport (= 5.0.7.1) + actionpack (5.0.7.2) + actionview (= 5.0.7.2) + activesupport (= 5.0.7.2) rack (~> 2.0) rack-test (~> 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.0.7.1) - activesupport (= 5.0.7.1) + actionview (5.0.7.2) + activesupport (= 5.0.7.2) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 2.0) @@ -29,20 +29,20 @@ GEM activemodel (>= 4.1, < 6) case_transform (>= 0.2) jsonapi-renderer (>= 0.1.1.beta1, < 0.3) - activejob (5.0.7.1) - activesupport (= 5.0.7.1) + activejob (5.0.7.2) + activesupport (= 5.0.7.2) globalid (>= 0.3.6) - activemodel (5.0.7.1) - activesupport (= 5.0.7.1) + activemodel (5.0.7.2) + activesupport (= 5.0.7.2) activemodel-associations (0.2.0) activemodel (>= 4.1, < 6) activerecord (>= 4.1, < 6) activesupport (>= 4.1, < 6) - activerecord (5.0.7.1) - activemodel (= 5.0.7.1) - activesupport (= 5.0.7.1) + activerecord (5.0.7.2) + activemodel (= 5.0.7.2) + activesupport (= 5.0.7.2) arel (~> 7.0) - activesupport (5.0.7.1) + activesupport (5.0.7.2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) @@ -77,7 +77,7 @@ GEM ruby-enum (~> 0.5) composite_primary_keys (9.0.10) activerecord (~> 5.0.0, >= 5.0.7) - concurrent-ruby (1.1.3) + concurrent-ruby (1.1.5) crass (1.0.4) delayed_job (4.1.4) activesupport (>= 3.0, < 5.2) @@ -115,10 +115,10 @@ GEM exception_notification (4.2.2) actionmailer (>= 4.0, < 6) activesupport (>= 4.0, < 6) - factory_girl (4.8.1) + factory_bot (4.11.1) activesupport (>= 3.0.0) - factory_girl_rails (4.8.0) - factory_girl (~> 4.8.0) + factory_bot_rails (4.11.1) + factory_bot (~> 4.11.1) railties (>= 3.0.0) faraday (0.15.2) multipart-post (>= 1.2, < 3) @@ -128,7 +128,7 @@ GEM gitlab (4.5.0) httparty (>= 0.14.0) terminal-table (>= 1.5.1) - globalid (0.4.1) + globalid (0.4.2) activesupport (>= 4.2.0) has_scope (0.7.2) actionpack (>= 4.1) @@ -137,7 +137,7 @@ GEM hashie (3.5.6) httparty (0.16.2) multi_xml (>= 0.5.2) - i18n (1.1.1) + i18n (1.6.0) concurrent-ruby (~> 1.0) ice_nine (0.11.2) jmespath (1.3.1) @@ -166,15 +166,15 @@ GEM mini_mime (>= 0.1.1) memoist (0.16.0) method_source (0.9.2) - mini_mime (1.0.1) - mini_portile2 (2.3.0) + mini_mime (1.0.2) + mini_portile2 (2.4.0) minitest (5.11.3) multi_json (1.13.1) multi_xml (0.6.0) multipart-post (2.0.0) - nio4r (2.3.1) - nokogiri (1.8.5) - mini_portile2 (~> 2.3.0) + nio4r (2.4.0) + nokogiri (1.10.4) + mini_portile2 (~> 2.4.0) octokit (4.10.0) sawyer (~> 0.8.0, >= 0.5.3) pg (0.21.0) @@ -184,20 +184,20 @@ GEM arel (>= 6) public_suffix (3.0.3) puma (3.10.0) - rack (2.0.6) + rack (2.0.7) rack-test (0.6.3) rack (>= 1.0) - rails (5.0.7.1) - actioncable (= 5.0.7.1) - actionmailer (= 5.0.7.1) - actionpack (= 5.0.7.1) - actionview (= 5.0.7.1) - activejob (= 5.0.7.1) - activemodel (= 5.0.7.1) - activerecord (= 5.0.7.1) - activesupport (= 5.0.7.1) + rails (5.0.7.2) + actioncable (= 5.0.7.2) + actionmailer (= 5.0.7.2) + actionpack (= 5.0.7.2) + actionview (= 5.0.7.2) + activejob (= 5.0.7.2) + activemodel (= 5.0.7.2) + activerecord (= 5.0.7.2) + activesupport (= 5.0.7.2) bundler (>= 1.3.0) - railties (= 5.0.7.1) + railties (= 5.0.7.2) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.2) actionpack (~> 5.x, >= 5.0.1) @@ -206,15 +206,15 @@ GEM rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.0.4) + rails-html-sanitizer (1.2.0) loofah (~> 2.2, >= 2.2.2) - railties (5.0.7.1) - actionpack (= 5.0.7.1) - activesupport (= 5.0.7.1) + railties (5.0.7.2) + actionpack (= 5.0.7.2) + activesupport (= 5.0.7.2) method_source rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (12.3.1) + rake (12.3.3) rb-fsevent (0.10.2) rb-inotify (0.9.10) ffi (>= 0.5.0, < 2) @@ -268,6 +268,8 @@ GEM timecop (0.9.1) tzinfo (1.2.5) thread_safe (~> 0.1) + tzinfo-data (1.2019.2) + tzinfo (>= 1.0.0) unicode-display_width (1.4.0) unread (0.10.0) activerecord (>= 3) @@ -278,7 +280,7 @@ GEM equalizer (~> 0.0, >= 0.0.9) websocket-driver (0.6.5) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.3) + websocket-extensions (0.1.4) with_model (2.0.0) activerecord (>= 4.2) @@ -301,7 +303,7 @@ DEPENDENCIES dotenv-rails (~> 2.2, >= 2.2.0) elasticsearch-persistence (~> 5.1) exception_notification (~> 4.2, >= 4.2.2) - factory_girl_rails (~> 4.8) + factory_bot_rails (~> 4.8) faraday (~> 0.15.2, >= 0.15.2) friendly_id (~> 5.2) gitlab (~> 4.5) @@ -316,7 +318,7 @@ DEPENDENCIES pg (~> 0.21.0) pg_search (~> 2.0, >= 2.0.1) puma (~> 3.0) - rails (~> 5.0.0, >= 5.0.7.1) + rails (~> 5.0.0, >= 5.0.7.2) rails-controller-testing (~> 1.0) rinku (~> 2.0, >= 2.0.3) rspec-rails (~> 3.7, >= 3.7.2) @@ -325,7 +327,7 @@ DEPENDENCIES slack-notifier (~> 2.2, >= 2.2.2) spring-watcher-listen (~> 2.0.1) timecop (~> 0.9.1) - tzinfo-data + tzinfo-data (>= 1.2019.0) unread (~> 0.10.0) with_model (~> 2.0) diff --git a/platform-hub-api/app/models/docs_source.rb b/platform-hub-api/app/models/docs_source.rb index f144f285..2181063a 100644 --- a/platform-hub-api/app/models/docs_source.rb +++ b/platform-hub-api/app/models/docs_source.rb @@ -5,7 +5,7 @@ class DocsSource < ApplicationRecord audited descriptor_field: :name has_many :entries, - class_name: DocsSourceEntry, + class_name: 'DocsSourceEntry', dependent: :destroy attr_readonly :kind diff --git a/platform-hub-api/app/models/identity.rb b/platform-hub-api/app/models/identity.rb index 1cd10030..2aa084b9 100644 --- a/platform-hub-api/app/models/identity.rb +++ b/platform-hub-api/app/models/identity.rb @@ -11,7 +11,7 @@ class Identity < ApplicationRecord ecr: 'ecr', } - has_many :tokens, -> { where kind: 'user' }, as: :tokenable, class_name: KubernetesToken + has_many :tokens, -> { where kind: 'user' }, as: :tokenable, class_name: 'KubernetesToken' belongs_to :user validates :user_id, presence: true diff --git a/platform-hub-api/app/models/kubernetes_cluster.rb b/platform-hub-api/app/models/kubernetes_cluster.rb index 82c3def7..d60d3c70 100644 --- a/platform-hub-api/app/models/kubernetes_cluster.rb +++ b/platform-hub-api/app/models/kubernetes_cluster.rb @@ -50,12 +50,12 @@ class KubernetesCluster < ApplicationRecord validate :ensure_unique_aliases_incl_names has_many :tokens, - class_name: KubernetesToken, + class_name: 'KubernetesToken', foreign_key: :cluster_id, dependent: :destroy has_many :namespaces, - class_name: KubernetesNamespace, + class_name: 'KubernetesNamespace', foreign_key: :cluster_id, dependent: :destroy diff --git a/platform-hub-api/app/models/kubernetes_namespace.rb b/platform-hub-api/app/models/kubernetes_namespace.rb index ed3da920..4915d434 100644 --- a/platform-hub-api/app/models/kubernetes_namespace.rb +++ b/platform-hub-api/app/models/kubernetes_namespace.rb @@ -7,7 +7,7 @@ class KubernetesNamespace < ApplicationRecord audited descriptor_field: :name, associated_field: :service belongs_to :service, -> { readonly } - belongs_to :cluster, -> { readonly }, class_name: KubernetesCluster + belongs_to :cluster, -> { readonly }, class_name: 'KubernetesCluster' scope :by_service, ->(s) { where(service: s) } scope :by_cluster, ->(c) { where(cluster: c) } diff --git a/platform-hub-api/app/models/kubernetes_token.rb b/platform-hub-api/app/models/kubernetes_token.rb index 71a8af59..95f59707 100644 --- a/platform-hub-api/app/models/kubernetes_token.rb +++ b/platform-hub-api/app/models/kubernetes_token.rb @@ -14,7 +14,7 @@ class KubernetesToken < ApplicationRecord belongs_to :tokenable, -> { readonly }, polymorphic: true belongs_to :project, -> { readonly } - belongs_to :cluster, -> { readonly }, class_name: KubernetesCluster + belongs_to :cluster, -> { readonly }, class_name: 'KubernetesCluster' scope :privileged, -> { where.not(expire_privileged_at: nil) } scope :by_tokenable, ->(tokenable) { where(tokenable: tokenable) } diff --git a/platform-hub-api/app/models/service.rb b/platform-hub-api/app/models/service.rb index f99d7843..0fe9330a 100644 --- a/platform-hub-api/app/models/service.rb +++ b/platform-hub-api/app/models/service.rb @@ -24,7 +24,7 @@ class Service < ApplicationRecord has_many :kubernetes_robot_tokens, -> { where kind: 'robot' }, as: :tokenable, - class_name: KubernetesToken, + class_name: 'KubernetesToken', dependent: :destroy has_many :kubernetes_namespaces, dependent: :destroy diff --git a/platform-hub-api/spec/factories/allocations.rb b/platform-hub-api/spec/factories/allocations.rb index af30a753..40fda0ff 100644 --- a/platform-hub-api/spec/factories/allocations.rb +++ b/platform-hub-api/spec/factories/allocations.rb @@ -1,4 +1,4 @@ -FactoryGirl.define do +FactoryBot.define do factory :allocation do end diff --git a/platform-hub-api/spec/factories/announcement_templates.rb b/platform-hub-api/spec/factories/announcement_templates.rb index c5635f6b..7d4bd21d 100644 --- a/platform-hub-api/spec/factories/announcement_templates.rb +++ b/platform-hub-api/spec/factories/announcement_templates.rb @@ -1,4 +1,4 @@ -FactoryGirl.define do +FactoryBot.define do factory :announcement_template do id { SecureRandom.uuid } @@ -6,10 +6,10 @@ "Announcement Type #{n}" end - description 'This is a template for an announcement' + description { 'This is a template for an announcement' } transient do - fields_count 1 + fields_count { 1 } templates do { 'title': 'Title {{field0}}', diff --git a/platform-hub-api/spec/factories/announcements.rb b/platform-hub-api/spec/factories/announcements.rb index 0c858b12..0d09ca0c 100644 --- a/platform-hub-api/spec/factories/announcements.rb +++ b/platform-hub-api/spec/factories/announcements.rb @@ -1,4 +1,4 @@ -FactoryGirl.define do +FactoryBot.define do factory :announcement do id { SecureRandom.uuid } sequence :title do |n| @@ -7,11 +7,11 @@ text do 'Lorem ipsum dolor sit amet, consectetur adipiscing elit. Mauris ullamcorper erat orci, a imperdiet neque viverra laoreet. Nulla consequat nisl id sem dictum, sit amet scelerisque mauris faucibus. Nulla laoreet ligula eu ex tristique ornare. Mauris viverra dui varius libero gravida, ut lobortis ante fringilla. Quisque volutpat sit amet leo at vehicula. Quisque iaculis iaculis nibh, nec convallis mauris viverra eu. Proin gravida enim ut elit blandit rhoncus. Praesent ac est varius, mollis urna in, hendrerit dui.' end - is_global false + is_global { false } publish_at { 1.hour.from_now } factory :readonly_announcement do - status :delivering + status { :delivering } end factory :published_announcement do @@ -19,8 +19,8 @@ end factory :announcement_from_template do - title nil - text nil + title { nil } + text { nil } association :original_template, factory: :announcement_template diff --git a/platform-hub-api/spec/factories/audits.rb b/platform-hub-api/spec/factories/audits.rb index c3db2c75..24080fb4 100644 --- a/platform-hub-api/spec/factories/audits.rb +++ b/platform-hub-api/spec/factories/audits.rb @@ -1,4 +1,4 @@ -FactoryGirl.define do +FactoryBot.define do factory :audit do action { 'some_action' } auditable { nil } @@ -14,24 +14,24 @@ # Set by Kubernetes Sync controller factory :sync_kubernetes_tokens_audit do - action :sync_kubernetes_tokens + action { :sync_kubernetes_tokens } end # KubernetesToken specific audits factory :create_kubernetes_token_audit do - action :create + action { :create } end factory :update_kubernetes_token_audit do - action :update + action { :update } end factory :destroy_kubernetes_token_audit do - action :destroy + action { :destroy } end factory :escalate_kubernetes_token_audit do - action :escalate + action { :escalate } end factory :deescalate_kubernetes_token_audit do - action :deescalate + action { :deescalate } end end diff --git a/platform-hub-api/spec/factories/contact_lists.rb b/platform-hub-api/spec/factories/contact_lists.rb index c349a46e..2343c426 100644 --- a/platform-hub-api/spec/factories/contact_lists.rb +++ b/platform-hub-api/spec/factories/contact_lists.rb @@ -1,4 +1,4 @@ -FactoryGirl.define do +FactoryBot.define do factory :contact_list do sequence(:id) { |n| "list_#{n}" } email_addresses do diff --git a/platform-hub-api/spec/factories/costs_reports.rb b/platform-hub-api/spec/factories/costs_reports.rb index b50b0c3e..57f9878b 100644 --- a/platform-hub-api/spec/factories/costs_reports.rb +++ b/platform-hub-api/spec/factories/costs_reports.rb @@ -1,11 +1,11 @@ -FactoryGirl.define do +FactoryBot.define do factory :costs_report do sequence(:year) { |n| 2000 + n } - month 'Dec' - billing_file 'billing.csv' - metrics_file 'metrics.csv' + month { 'Dec' } + billing_file { 'billing.csv' } + metrics_file { 'metrics.csv' } config { {} } results { {} } - published_at nil + published_at { nil } end end diff --git a/platform-hub-api/spec/factories/docker_repos.rb b/platform-hub-api/spec/factories/docker_repos.rb index e7515cd2..5e4f3600 100644 --- a/platform-hub-api/spec/factories/docker_repos.rb +++ b/platform-hub-api/spec/factories/docker_repos.rb @@ -1,11 +1,11 @@ -FactoryGirl.define do +FactoryBot.define do factory :docker_repo do id { SecureRandom.uuid } sequence :name do |n| "repo#{n}" end service - status :pending - provider :ECR + status { :pending } + provider { :ECR } end end diff --git a/platform-hub-api/spec/factories/docs_source_entries.rb b/platform-hub-api/spec/factories/docs_source_entries.rb index ddbd5ba5..df96e9bb 100644 --- a/platform-hub-api/spec/factories/docs_source_entries.rb +++ b/platform-hub-api/spec/factories/docs_source_entries.rb @@ -1,4 +1,4 @@ -FactoryGirl.define do +FactoryBot.define do factory :docs_source_entry do docs_source diff --git a/platform-hub-api/spec/factories/docs_sources.rb b/platform-hub-api/spec/factories/docs_sources.rb index 275e0edd..e4291241 100644 --- a/platform-hub-api/spec/factories/docs_sources.rb +++ b/platform-hub-api/spec/factories/docs_sources.rb @@ -1,8 +1,8 @@ -FactoryGirl.define do +FactoryBot.define do factory :docs_source do id { SecureRandom.uuid } - kind :github_repo + kind { :github_repo } sequence :name do |n| "Source #{n}" diff --git a/platform-hub-api/spec/factories/hash_records.rb b/platform-hub-api/spec/factories/hash_records.rb index 0415ac4a..2a3c5f01 100644 --- a/platform-hub-api/spec/factories/hash_records.rb +++ b/platform-hub-api/spec/factories/hash_records.rb @@ -1,14 +1,14 @@ -FactoryGirl.define do +FactoryBot.define do factory :hash_record do sequence(:id) { |n| "hash_record_#{n}" } - scope 'general' + scope { 'general' } data do { bar: 'baz' } end factory :kubernetes_static_tokens_hash_record do - scope 'kubernetes' - id 'development-static-user-tokens' + scope { 'kubernetes' } + id { 'development-static-user-tokens' } data do [ { @@ -22,11 +22,11 @@ end factory :kubernetes_robot_tokens_hash_record do - scope 'kubernetes' - data [] + scope { 'kubernetes' } + data { [] } transient do - cluster 'test' + cluster { 'test' } end after :build do |hr, evaluator| @@ -35,8 +35,8 @@ end factory :feature_flags_hash_record do - scope 'general' - id 'feature_flags' + scope { 'general' } + id { 'feature_flags' } transient do flags do diff --git a/platform-hub-api/spec/factories/identities.rb b/platform-hub-api/spec/factories/identities.rb index bf52bd20..05be9885 100644 --- a/platform-hub-api/spec/factories/identities.rb +++ b/platform-hub-api/spec/factories/identities.rb @@ -1,6 +1,6 @@ -FactoryGirl.define do +FactoryBot.define do factory :identity do - provider 'github' + provider { 'github' } user sequence :external_id do |n| "#{provider}_external_id_#{n}" @@ -10,11 +10,11 @@ end factory :kubernetes_identity do - provider 'kubernetes' + provider { 'kubernetes' } end factory :ecr_identity do - provider 'ecr' + provider { 'ecr' } data do { 'credentials' => { diff --git a/platform-hub-api/spec/factories/kubernetes_clusters.rb b/platform-hub-api/spec/factories/kubernetes_clusters.rb index 5fea4dd1..f8ae4c55 100644 --- a/platform-hub-api/spec/factories/kubernetes_clusters.rb +++ b/platform-hub-api/spec/factories/kubernetes_clusters.rb @@ -1,4 +1,4 @@ -FactoryGirl.define do +FactoryBot.define do factory :kubernetes_cluster do sequence :name do |n| @@ -13,7 +13,7 @@ s3_object_key { 's3/object/key.csv' } transient do - allocate_to nil + allocate_to { nil } end after(:create) do |cluster, evaluator| diff --git a/platform-hub-api/spec/factories/kubernetes_groups.rb b/platform-hub-api/spec/factories/kubernetes_groups.rb index e3b0240f..42800de3 100644 --- a/platform-hub-api/spec/factories/kubernetes_groups.rb +++ b/platform-hub-api/spec/factories/kubernetes_groups.rb @@ -1,40 +1,40 @@ -FactoryGirl.define do +FactoryBot.define do factory :kubernetes_group do id { SecureRandom.uuid } sequence :name do |n| "kube-group:#{n}" end - kind 'namespace' - target 'user' - description 'This is a kube group' - is_privileged false + kind { 'namespace' } + target { 'user' } + description { 'This is a kube group' } + is_privileged { false } trait :not_privileged do - is_privileged false + is_privileged { false } end trait :privileged do - is_privileged true + is_privileged { true } end trait :for_namespace do - kind 'namespace' + kind { 'namespace' } end trait :for_clusterwide do - kind 'clusterwide' + kind { 'clusterwide' } end trait :for_user do - target 'user' + target { 'user' } end trait :for_robot do - target 'robot' + target { 'robot' } end transient do - allocate_to nil + allocate_to { nil } end after(:create) do |group, evaluator| diff --git a/platform-hub-api/spec/factories/kubernetes_namespaces.rb b/platform-hub-api/spec/factories/kubernetes_namespaces.rb index 866c2b8b..edb9c90b 100644 --- a/platform-hub-api/spec/factories/kubernetes_namespaces.rb +++ b/platform-hub-api/spec/factories/kubernetes_namespaces.rb @@ -1,4 +1,4 @@ -FactoryGirl.define do +FactoryBot.define do factory :kubernetes_namespace do service sequence(:name) { |n| "#{service.name.parameterize}-namespace-#{n}" } diff --git a/platform-hub-api/spec/factories/kubernetes_tokens.rb b/platform-hub-api/spec/factories/kubernetes_tokens.rb index 5a5d173e..dce887b4 100644 --- a/platform-hub-api/spec/factories/kubernetes_tokens.rb +++ b/platform-hub-api/spec/factories/kubernetes_tokens.rb @@ -1,4 +1,4 @@ -FactoryGirl.define do +FactoryBot.define do factory :kubernetes_token do token { SecureRandom.uuid } @@ -12,7 +12,7 @@ name { "user_#{SecureRandom.uuid}@example.com" } transient do - groups_count 0 + groups_count { 0 } end after(:build) do |token, evaluator| @@ -57,7 +57,7 @@ description { "Mr Robot" } transient do - groups_count 0 + groups_count { 0 } end after(:build) do |token, evaluator| diff --git a/platform-hub-api/spec/factories/platform_themes.rb b/platform-hub-api/spec/factories/platform_themes.rb index d51840f4..2b086af0 100644 --- a/platform-hub-api/spec/factories/platform_themes.rb +++ b/platform-hub-api/spec/factories/platform_themes.rb @@ -1,4 +1,4 @@ -FactoryGirl.define do +FactoryBot.define do factory :platform_theme do id { SecureRandom.uuid } @@ -6,13 +6,13 @@ "Platform Theme #{n}" end - description 'Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.' + description { 'Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.' } - image_url 'http//example.org/image.png' + image_url { 'http//example.org/image.png' } - colour 'red' + colour { 'red' } - resources [] + resources { [] } end end diff --git a/platform-hub-api/spec/factories/project_memberships.rb b/platform-hub-api/spec/factories/project_memberships.rb index 939d54d4..015267c6 100644 --- a/platform-hub-api/spec/factories/project_memberships.rb +++ b/platform-hub-api/spec/factories/project_memberships.rb @@ -1,10 +1,10 @@ -FactoryGirl.define do +FactoryBot.define do factory :project_membership do project user factory :project_membership_as_admin do - role 'admin' + role { 'admin' } end end end diff --git a/platform-hub-api/spec/factories/projects.rb b/platform-hub-api/spec/factories/projects.rb index 13bb68bc..dc00d1f6 100644 --- a/platform-hub-api/spec/factories/projects.rb +++ b/platform-hub-api/spec/factories/projects.rb @@ -1,4 +1,4 @@ -FactoryGirl.define do +FactoryBot.define do factory :project do id { SecureRandom.uuid } sequence :shortname do |n| @@ -7,6 +7,6 @@ sequence :name do |n| "Project #{n}" end - cost_centre_code 'foo' + cost_centre_code { 'foo' } end end diff --git a/platform-hub-api/spec/factories/qa_entries.rb b/platform-hub-api/spec/factories/qa_entries.rb index 0a71fbda..b9d0dbd5 100644 --- a/platform-hub-api/spec/factories/qa_entries.rb +++ b/platform-hub-api/spec/factories/qa_entries.rb @@ -1,4 +1,4 @@ -FactoryGirl.define do +FactoryBot.define do factory :qa_entry do sequence :question do |n| "Q#{n}" diff --git a/platform-hub-api/spec/factories/services.rb b/platform-hub-api/spec/factories/services.rb index 4be92ba4..563d593c 100644 --- a/platform-hub-api/spec/factories/services.rb +++ b/platform-hub-api/spec/factories/services.rb @@ -1,4 +1,4 @@ -FactoryGirl.define do +FactoryBot.define do factory :service do id { SecureRandom.uuid } sequence :name do |n| diff --git a/platform-hub-api/spec/factories/support_request_templates.rb b/platform-hub-api/spec/factories/support_request_templates.rb index f4fcd2a3..358c8c10 100644 --- a/platform-hub-api/spec/factories/support_request_templates.rb +++ b/platform-hub-api/spec/factories/support_request_templates.rb @@ -1,4 +1,4 @@ -FactoryGirl.define do +FactoryBot.define do factory :support_request_template do id { SecureRandom.uuid } @@ -6,16 +6,16 @@ "Support Request Type #{n}" end - git_hub_repo 'https://github.com/ACMECorp/support-requests' + git_hub_repo { 'https://github.com/ACMECorp/support-requests' } sequence :title do |n| "Support request for getting #{n} sorted out" end - description 'This is a support request for getting something sorted out' + description { 'This is a support request for getting something sorted out' } transient do - fields_count 1 + fields_count { 1 } end after :build do |srt, evaluator| diff --git a/platform-hub-api/spec/factories/users.rb b/platform-hub-api/spec/factories/users.rb index 362ab605..a2b27f6e 100644 --- a/platform-hub-api/spec/factories/users.rb +++ b/platform-hub-api/spec/factories/users.rb @@ -1,4 +1,4 @@ -FactoryGirl.define do +FactoryBot.define do factory :user do id { SecureRandom.uuid } name { "Foo Bar #{id}" } @@ -8,11 +8,11 @@ factory :admin_user do - role 'admin' + role { 'admin' } end factory :limited_admin_user do - role 'limited_admin' + role { 'limited_admin' } end end end diff --git a/platform-hub-api/spec/rails_helper.rb b/platform-hub-api/spec/rails_helper.rb index 68d39794..90a92d09 100644 --- a/platform-hub-api/spec/rails_helper.rb +++ b/platform-hub-api/spec/rails_helper.rb @@ -61,8 +61,8 @@ # config.filter_gems_from_backtrace("gem name") - # factory_girl setup - config.include FactoryGirl::Syntax::Methods + # factory_bot setup + config.include FactoryBot::Syntax::Methods # Support and shared stuff diff --git a/platform-hub-api/spec/services/encryptor_service_spec.rb b/platform-hub-api/spec/services/encryptor_service_spec.rb index edf8d1f4..696324e8 100644 --- a/platform-hub-api/spec/services/encryptor_service_spec.rb +++ b/platform-hub-api/spec/services/encryptor_service_spec.rb @@ -16,7 +16,7 @@ it 'should be tied to that specific secret key' do other_secret_key_base = SecureRandom.hex(64) other_service = EncryptorService.new(other_secret_key_base) - + expect(other_service.decrypt(other_service.encrypt(string))).to eq string expect(@service.decrypt(other_service.encrypt(string))).to eq nil expect(other_service.decrypt(@service.encrypt(string))).to eq nil diff --git a/platform-hub-api/test.sh b/platform-hub-api/test.sh new file mode 100755 index 00000000..0dbeb977 --- /dev/null +++ b/platform-hub-api/test.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +# Source local env variables for test execution +source .env.test + +# Setup the environment +bin/setup + +# Execute tests +bundle exec rspec