From aa8e455c9735d5a7ea4703dba3f22a69e07b9698 Mon Sep 17 00:00:00 2001 From: Dylan William Hardison Date: Mon, 27 Nov 2017 11:59:15 -0500 Subject: no bug - tweaks for conduit/phabricator dev environments * tweak * change around unsafe auth delegation to work in bmo container * fixes for critic errors --- .circleci/checksetup_answers.txt | 3 +- .circleci/config.yml | 6 +- .perlcriticrc | 7 ++ Bugzilla/Install/Filesystem.pm | 1 + README.rst | 3 + auth.cgi | 2 +- heartbeat.cgi | 1 - scripts/entrypoint.pl | 46 +++++++---- scripts/generate_conduit_data.pl | 162 +++++++++++++++++++++++++++++++++++++++ 9 files changed, 209 insertions(+), 22 deletions(-) create mode 100755 scripts/generate_conduit_data.pl diff --git a/.circleci/checksetup_answers.txt b/.circleci/checksetup_answers.txt index 8178854ac..d75fcc5dc 100644 --- a/.circleci/checksetup_answers.txt +++ b/.circleci/checksetup_answers.txt @@ -9,5 +9,6 @@ $answer{'cvsbin'} = '/usr/bin/cvs'; $answer{'password_complexity'} = 'bmo'; $answer{'diffpath'} = '/usr/bin'; $answer{'interdiffbin'} = '/usr/bin/interdiff'; -$answer{'urlbase'} = 'http://<>:8000/'; +$answer{'urlbase'} = 'http://bmo.test/'; $answer{'mail_delivery_method'} = 'Test'; +$answer{'auth_delegation'} = 1; diff --git a/.circleci/config.yml b/.circleci/config.yml index f13b10a58..0b2071a37 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -54,8 +54,8 @@ defaults: run: command: | mv /opt/bmo/local /app/local - perl -MSys::Hostname -i -pE 's/<>/hostname()/ges' $BZ_QA_CONF_FILE - perl -MSys::Hostname -i -pE 's/<>/hostname()/ges' $BZ_QA_ANSWERS_FILE + perl -MSys::Hostname -i -pE 's/bmo.test/hostname().":8000"/ges' $BZ_QA_CONF_FILE + perl -MSys::Hostname -i -pE 's/bmo.test/hostname().":8000"/ges' $BZ_QA_ANSWERS_FILE perl checksetup.pl --no-database --default-localconfig mkdir artifacts @@ -159,7 +159,7 @@ jobs: - run: | mv /opt/bmo/local /app/local perl checksetup.pl --no-database - perl -MSys::Hostname -i -pE 's/<>/hostname()/ges' $BZ_QA_ANSWERS_FILE + perl -MSys::Hostname -i -pE 's/bmo.test/hostname().":8000"/ges' $BZ_QA_ANSWERS_FILE /app/scripts/entrypoint.pl load_test_data mkdir artifacts - run: | diff --git a/.perlcriticrc b/.perlcriticrc index b61acbbc5..84eb0f8a5 100644 --- a/.perlcriticrc +++ b/.perlcriticrc @@ -1,6 +1,12 @@ theme = freenode || core || certrec || certrule || performance || security severity = 1 +[-CodeLayout::RequireTidyCode] +#perltidyrc = .perltidyrc +[InputOutput::RequireCheckedSyscalls] +functions = :builtins +exclude_functions = print + [-BuiltinFunctions::ProhibitUselessTopic] [-ControlStructures::ProhibitCascadingIfElse] [-ControlStructures::ProhibitPostfixControls] @@ -19,6 +25,7 @@ severity = 1 [-ValuesAndExpressions::ProhibitVersionStrings] [-Variables::ProhibitLocalVars] [-Variables::ProhibitPackageVars] +[-ValuesAndExpressions::ProhibitNoisyQuotes] # this policy is broken currently [-Freenode::PackageMatchesFilename] diff --git a/Bugzilla/Install/Filesystem.pm b/Bugzilla/Install/Filesystem.pm index 8532356a5..4e7ad2302 100644 --- a/Bugzilla/Install/Filesystem.pm +++ b/Bugzilla/Install/Filesystem.pm @@ -106,6 +106,7 @@ sub HTTPD_ENV_CONF { return join( "\n", "PerlPassEnv LOCALCONFIG_ENV", + "PerlPassEnv ALLOW_UNSAFE_AUTH_DELEGATION", map { "PerlPassEnv " . $_ } ENV_KEYS ) . "\n"; } diff --git a/README.rst b/README.rst index a3c731d16..ed800b758 100644 --- a/README.rst +++ b/README.rst @@ -173,6 +173,9 @@ PORT plain-text HTTP connections. Default: 8000 +ALLOW_UNSAFE_AUTH_DELEGATION + This should never be set in production. It allows auth delegation over http. + BMO_db_driver What SQL database to use. Default is mysql. List of supported databases can be obtained by listing Bugzilla/DB directory - every module corresponds to one diff --git a/auth.cgi b/auth.cgi index adf5d3475..6549ed62d 100755 --- a/auth.cgi +++ b/auth.cgi @@ -45,7 +45,7 @@ ThrowUserError("auth_delegation_invalid_description") my $callback_uri = URI->new($callback); my $legal_protocol - = $ENV{BUGZILLA_UNSAFE_AUTH_DELEGATION} + = $ENV{ALLOW_UNSAFE_AUTH_DELEGATION} ? qr/^https?$/i # http or https : qr/^https$/i; # https only diff --git a/heartbeat.cgi b/heartbeat.cgi index d84a4e8ea..40dc8e79b 100755 --- a/heartbeat.cgi +++ b/heartbeat.cgi @@ -29,7 +29,6 @@ my $ok = eval { die "database not available" unless $database_ok; die "memcached server(s) not available" unless $memcached_ok; die "mod_perl not configured?" unless $ENV{MOD_PERL}; - die "BUGZILLA_UNSAFE_AUTH_DELEGATION" if $ENV{BUGZILLA_UNSAFE_AUTH_DELEGATION}; die "missing bmo feature dependencies" unless Bugzilla->has_feature('bmo'); 1; }; diff --git a/scripts/entrypoint.pl b/scripts/entrypoint.pl index 04d442180..f5abf4966 100755 --- a/scripts/entrypoint.pl +++ b/scripts/entrypoint.pl @@ -23,19 +23,41 @@ use IO::Async::Signal; use constant CI => $ENV{CI}; -my $cmd = shift @ARGV; -my $func = __PACKAGE__->can("cmd_$cmd") - or die "unknown command: $cmd\n"; +my $cmd = shift @ARGV; my $opts = __PACKAGE__->can("opt_$cmd") // sub { @ARGV }; +my $func = __PACKAGE__->can("cmd_$cmd") // sub { + check_data_dir(); + wait_for_db(); + run(@_); +}; fix_path(); check_user(); -check_env() unless $cmd eq 'shell'; - -$func->(@ARGV); +check_env(qw( + LOCALCONFIG_ENV + BMO_db_host + BMO_db_name + BMO_db_user + BMO_db_pass + BMO_memcached_namespace + BMO_memcached_servers +)) unless $cmd eq 'shell'; + +$func->($opts->()); sub cmd_demo { - cmd_load_test_data() unless -f "/app/data/params"; + unless (-f '/app/data/params') { + cmd_load_test_data(); + check_env(qw( + PHABRICATOR_LOGIN + PHABRICATOR_PASSWORD + PHABRICATOR_API_KEY + CONDUIT_LOGIN + CONDUIT_PASSWORD + CONDUIT_API_KEY + )); + run( 'perl', 'scripts/generate_conduit_data.pl' ); + } cmd_httpd(); } @@ -300,15 +322,7 @@ sub check_data_dir { } sub check_env { - my @require_env = qw( - LOCALCONFIG_ENV - BMO_db_host - BMO_db_name - BMO_db_user - BMO_db_pass - BMO_memcached_namespace - BMO_memcached_servers - ); + my (@require_env) = @_; my @missing_env = grep { not exists $ENV{$_} } @require_env; if (@missing_env) { die "Missing required environmental variables: ", join(", ", @missing_env), "\n"; diff --git a/scripts/generate_conduit_data.pl b/scripts/generate_conduit_data.pl new file mode 100755 index 000000000..91c5d26ec --- /dev/null +++ b/scripts/generate_conduit_data.pl @@ -0,0 +1,162 @@ +#!/usr/bin/perl +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +use strict; +use warnings; +use lib qw(. lib local/lib/perl5); + +use Bugzilla; +use Bugzilla::Bug; +use Bugzilla::Config qw(:admin); +use Bugzilla::Constants; +use Bugzilla::User; +use Bugzilla::User::APIKey; + +BEGIN { + Bugzilla->extensions; +} + +my $dbh = Bugzilla->dbh; + +# set Bugzilla usage mode to USAGE_MODE_CMDLINE +Bugzilla->usage_mode(USAGE_MODE_CMDLINE); + +my $admin_email = shift || 'admin@mozilla.bugs'; +Bugzilla->set_user( Bugzilla::User->check( { name => $admin_email } ) ); + +########################################################################## +# Create Conduit Test User +########################################################################## + +my $conduit_login = $ENV{CONDUIT_LOGIN} || 'conduit@mozilla.bugs'; +my $conduit_password = $ENV{CONDUIT_PASSWORD} || 'password123456789!'; +my $conduit_api_key = $ENV{CONDUIT_API_KEY} || ''; + +print "creating conduit user account...\n"; +if ( !Bugzilla::User->new( { name => $conduit_login } ) ) { + my $new_user = Bugzilla::User->create( + { + login_name => $conduit_login, + realname => 'Conduit Test User', + cryptpassword => $conduit_password + }, + ); + + if ($conduit_api_key) { + Bugzilla::User::APIKey->create_special( + { + user_id => $new_user->id, + description => 'API key for Conduit User', + api_key => $conduit_api_key + } + ); + } +} +########################################################################## +# Create Phabricator Automation Bot +########################################################################## + +my $phab_login = $ENV{PHABRICATOR_LOGIN} || 'phab-bot@bmo.tld'; +my $phab_password = $ENV{PHABRICATOR_PASSWORD} || 'password123456789!'; +my $phab_api_key = $ENV{PHABRICATOR_API_KEY} || ''; + +print "creating phabricator automation account...\n"; +if ( !Bugzilla::User->new( { name => $phab_login } ) ) { + my $new_user = Bugzilla::User->create( + { + login_name => $phab_login, + realname => 'Phabricator Automation', + cryptpassword => $phab_password + }, + ); + + if ($phab_api_key) { + Bugzilla::User::APIKey->create_special( + { + user_id => $new_user->id, + description => 'API key for Phabricator Automation', + api_key => $phab_api_key + } + ); + } +} +########################################################################## +# Add Users to Groups +########################################################################## +my @users_groups = ( + { user => 'conduit@mozilla.bugs', group => 'editbugs' }, + { user => 'conduit@mozilla.bugs', group => 'core-security' }, + { user => 'phab-bot@bmo.tld', group => 'editbugs' }, + { user => 'phab-bot@bmo.tld', group => 'core-security' }, +); +print "adding users to groups...\n"; +foreach my $user_group (@users_groups) { + my $group = Bugzilla::Group->new( { name => $user_group->{group} } ); + my $user = Bugzilla::User->new( { name => $user_group->{user} } ); + my $sth_add_mapping = $dbh->prepare( + 'INSERT INTO user_group_map (user_id, group_id, isbless, grant_type)' + . ' VALUES (?, ?, ?, ?)' + ); + + # Don't crash if the entry already exists. + my $ok = eval { + $sth_add_mapping->execute( $user->id, $group->id, 0, GRANT_DIRECT ); + 1; + }; + warn $@ unless $ok; +} + +########################################################################## +# Create Conduit Test Bug +########################################################################## +print "creating conduit test bug...\n"; +Bugzilla->set_user( Bugzilla::User->check( { name => 'conduit@mozilla.bugs' } ) ); +Bugzilla::Bug->create( + { + product => 'Firefox', + component => 'General', + priority => '--', + bug_status => 'NEW', + version => 'unspecified', + comment => '-- Comment Created By Conduit User --', + rep_platform => 'Unspecified', + short_desc => 'Conduit Test Bug', + op_sys => 'Unspecified', + bug_severity => 'normal', + version => 'unspecified', + } +); + +########################################################################## +# Set Parameters +########################################################################## +print "setting custom parameters...\n"; +my %set_params = ( password_check_on_login => 0, ); + +my $params_modified; +foreach my $param ( keys %set_params ) { + my $value = $set_params{$param}; + next if !$value || Bugzilla->params->{$param} eq $value; + SetParam( $param, $value ); + $params_modified = 1; +} + +write_params() if $params_modified; + +########################################################################## +# Set Phabricator Push Connector Values +########################################################################## +print "setting push connector options...\n"; +my ($phab_is_configured) = $dbh->selectrow_array('SELECT COUNT(*) FROM push_options WHERE connector = 'Phabricator''); +unless ($phab_is_configured) { + $dbh->do('INSERT INTO push_options (connector, option_name, option_value) VALUES ('global','enabled','Enabled')'); + $dbh->do( + 'INSERT INTO push_options (connector, option_name, option_value) VALUES ('Phabricator','enabled','Enabled')'); + $dbh->do( + 'INSERT INTO push_options (connector, option_name, option_value) VALUES ('Phabricator','phabricator_url','http://phabricator.test')' + ); +} + +print "installation and configuration complete!\n"; -- cgit v1.2.3-24-g4f1b