Merge pull request #2 from sergiotocalini/develop

Promoting develop branch and create first tag
sergiotocalini · Feb 2, 2021 · e1cb4e1 · e1cb4e1
2 parents 23baa54 + f5e2e94
commit e1cb4e1
Show file tree

Hide file tree

Showing 8 changed files with 488 additions and 67 deletions.
diff --git a/.devops/docker/Dockerfile b/.devops/docker/Dockerfile
@@ -9,12 +9,12 @@ RUN apt-get update && apt-get install -y \
     build-essential \
     libldap2-dev \
     libsasl2-dev \
-    ldap-utils
+    ldap-utils \
+    && echo "${version}" > VERSION
 COPY ./.devops/docker/docker-entrypoint.sh  /
 COPY ./.devops/docker/docker-entrypoint.d/* /docker-entrypoint.d/
 COPY ./requirements.txt			    /app
-RUN echo "${version}" > VERSION \
-    && pip install -r requirements.txt
+RUN pip install -r requirements.txt
 COPY ./mavapa                               /app
 ENTRYPOINT ["/docker-entrypoint.sh"]
-CMD [ "gunicorn", "manage:run", "--workers=2", "--threads=4", "--worker-class=gthread", "--worker-tmp-dir", "/dev/shm", "-b", "0.0.0.0:5000", "--access-logfile=-", "--error-logfile=-" ]
+CMD [ "gunicorn", "run:main", "--workers=2", "--threads=4", "--worker-class=gthread", "--worker-tmp-dir", "/dev/shm", "-b", "0.0.0.0:5000", "--access-logfile=-", "--error-logfile=-" ]
diff --git a/.devops/pipelines/azure-devops/build-main.yml b/.devops/pipelines/azure-devops/build-main.yml
@@ -10,58 +10,76 @@ trigger:
       - develop
   paths:
     include:
-      - /src/mavapa
+      - /mavapa
+      - /requirements.txt
+
+pool:
+  name: 'Azure Pipelines'
+  vmimage: 'ubuntu-latest'
 
 variables:
-  vmImageName: 'ubuntu-latest'
-  buildConfiguration: 'Release'
+  project.id: 'mavapa'
+  artifact.docker.conn: '23a0ddbc-cb18-4dda-a06f-0bedcaa8e010'
+  artifact.docker.repo: 'sergiotocalini/mavapa'
+  artifact.helm.repo: ''
+  artifact.helm.name: 'mavapa'
+  artifact.helm.work: '$(Build.SourcesDirectory)/.devops/helm'
+  artifact.helm.dest: '$(Build.ArtifactStagingDirectory)/helm'
+
+steps:
+  - task: GitVersion@5
+    displayName: 'GitVersion'
+    inputs:
+      configFilePath: GitVersion.yml
+
+  - task: Docker@2
+    displayName: 'docker: Build'
+    inputs:
+      containerRegistry: '$(artifact.docker.conn)'
+      repository: '$(artifact.docker.repo)'
+      command: build
+      Dockerfile: .devops/docker/Dockerfile
+      buildContext: '$(Build.SourcesDirectory)'
+      tags: '$(Build.BuildNumber)'
+      arguments: '--build-arg "version=$(Build.BuildNumber)"'
 
-stages:
-- stage: 'Build'
-  condition: succeeded()
-  jobs:
-  - job: basics
-    displayName: 'Basics'
-    pool:
-      vmImage: $(vmImageName)
-    steps:
-    - task: GitVersion@5
-      displayName: 'GitVersion'
-      inputs:
-        updateAssemblyInfo: true
-        preferBundledVersion: false
-    - script: echo %Action%%BuildVersion%
-      displayName: 'Set build version'
-      env:
-        Action: '##vso[build.updatebuildnumber]'
-        BuildVersion: $(GitVersion.SemVer)
-  - job: 
-    displayName: 'Using'
-    dependsOn: basics
-    pool:
-      vmImage: $(vmImageName)
-    strategy:
-      matrix:
-        Python27:
-          python.version: '2.7'
-        Python37:
-          python.version: '3.7'
-    steps:
-    - task: UsePythonVersion@0
-      inputs:
-        versionSpec: '$(python.version)'
-      displayName: 'Use Python $(python.version)'
-    - script: |
-        sudo apt update
-        sudo apt install build-essential libsasl2-dev ldap-utils libldap2-dev libmysqlclient-dev python-pip python-virtualenv
-      displayName: 'Install OS dependencies'
-    - script: |
-        virtualenv -p python$(python.version) "~/.venvs/mavapa"
-        . "~/.venvs/mavapa/bin/activate"
-        pip install --upgrade pip
-        pip install pyflakes pylint nose nosexcover
-        pip install -r requirements.txt
-      displayName: 'Install Python dependencies'
+  - task: Docker@2
+    displayName: 'docker: Push'
+    inputs:
+      containerRegistry: '$(artifact.docker.conn)'
+      repository: '$(artifact.docker.repo)'
+      command: push
+      tags: '$(Build.BuildNumber)'
+    condition: |
+      and
+      (
+        succeeded(),
+        or
+        (
+          not(in(variables['Build.Reason'], 'PullRequest')),
+          eq(variables['artifact.docker.publish'], true)
+        )
+      )
 
+  - task: AzureCLI@1
+    displayName: "Helm: Package and Push"
+    inputs:
+      azureSubscription: '$(artifact.helm.sign)'
+      scriptLocation: inlineScript
+      inlineScript: |
+        az acr helm repo add -n $(artifact.helm.repo)
+        helm package $(artifact.helm.work) --app-version $(Build.BuildNumber) --version $(Build.BuildNumber) --destination $(artifact.helm.dest)
+        az acr helm push $(artifact.helm.dest)/$(artifact.helm.name)-$(Build.BuildNumber).tgz -n $(artifact.helm.repo) --force
+    condition: |
+      and
+      (
+        succeeded(),
+        or
+        (
+          not(in(variables['Build.Reason'], 'PullRequest')),
+          eq(variables['artifact.helm.publish'], true)
+        )
+      )
+    enabled: false
 
 
diff --git a/GitVersion.yml b/GitVersion.yml
@@ -0,0 +1,43 @@
+assembly-informational-format: '{NuGetVersion}'
+next-version: 1.0.0
+mode: ContinuousDeployment
+branches:
+  master:
+    mode: ContinuousDelivery
+  release:
+    tag: rc
+  hotfix:
+    tag: hf
+    increment: Patch
+  develop:
+    tag: dev
+    increment: Minor
+  feature:
+    tag: ft-{BranchName}
+    increment: Minor
+  devops:
+    regex: devops[/-]
+    tag: do-{BranchName}
+    source-branches: ['develop', 'feature']
+    increment: Minor
+  temp:
+    regex: temp[/-]
+    tag: tmp-{BranchName}
+    source-branches: ['develop', 'feature']
+    increment: Minor
+  test:
+    regex: tests?[/-]
+    tag: tst-{BranchName}
+    source-branches: ['develop', 'feature']
+    increment: Minor
+  sec:
+    regex: sec[/-]
+    tag: sec-{BranchName}
+    source-branches: ['develop', 'feature']
+    increment: Minor
+  bugfix:
+    regex: bugfix(es)?[/-]
+    tag: bug-{BranchName}
+    source-branches: ['develop', 'feature']
+    increment: Minor
+
diff --git a/mavapa/backends.py b/mavapa/backends.py
@@ -0,0 +1,175 @@
+#!/usr/bin/env python
+import os
+import hashlib
+import ldap
+from codecs import encode
+from base64 import b64encode
+from anytree import Node
+from anytree.exporter import DictExporter
+
+
+class LDAP():
+    def __init__(self, **kwargs):
+        # Loading defaults connection options
+        kwargs.setdefault('host', 'localhost')
+        kwargs.setdefault('port', 389)
+        kwargs.setdefault('binddn', '')
+        kwargs.setdefault('bindpw', '')
+        kwargs.setdefault('bytes_mode', False)
+        self.copt = kwargs.copy()
+        # Connect with the defaults options
+        self.connect()
+
+    def connect(self, **kwargs):
+        self.copt.update(kwargs)
+        try:
+            ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
+            self.cstr = ldap.initialize(
+                self.copt['host'],
+                bytes_mode=self.copt['bytes_mode']
+            )
+            self.cstr.set_option(
+                ldap.OPT_X_TLS_REQUIRE_CERT,
+                ldap.OPT_X_TLS_NEVER
+            )
+            self.cstr.set_option(ldap.OPT_REFERRALS, 0)
+            self.cstr.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
+            self.cstr.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND)
+            self.cstr.set_option(ldap.OPT_X_TLS_DEMAND, True)
+            self.cstr.set_option(ldap.OPT_DEBUG_LEVEL, 255)
+            if all(map(lambda x: self.copt[x] != '', ['binddn', 'bindpw'])):
+                self.cstr.simple_bind_s(
+                    self.copt['binddn'], self.copt['bindpw']
+                )
+        except ldap.INVALID_CREDENTIALS:
+            print(ldap.INVALID_CREDENTIALS)
+        except ldap.SERVER_DOWN:
+            print(ldap.SERVER_DOWN)
+        except ldap.LDAPError:
+            print(ldap.LDAPError)
+
+    def disconnect(self):
+        try:
+            self.cstr.unbind()
+        except ldap.LDAPError as e:
+            print(e)
+
+    def auth(self, username, password):
+        try:
+            conn = ldap.initialize(self.copt['host'])
+            conn.set_option(ldap.OPT_REFERRALS, 0)
+            conn.simple_bind_s(username, password)
+            return True
+        except ldap.LDAPError:
+            conn.unbind_s()
+            return False
+
+    def tree(self, **kwargs):
+        kwargs.setdefault('filter', '(objectClass=*)')
+        kwargs.setdefault('limit', -1)
+        query = self.query(**kwargs)
+        exporter = DictExporter()
+        root = Node(kwargs['basedn'], dn=kwargs['basedn'])
+        if query:
+            res = []
+            for x in query:
+                if not kwargs['basedn'] == x[0]:
+                    entries = (
+                        x[0].replace(',%s' % (kwargs['basedn']), '')
+                    ).split(',')
+                    entries.reverse()
+                    res.append(','.join(entries))
+            res.sort()
+            for dn in res:
+                entries = dn.split(',')
+                parent = root
+                for e in entries:
+                    node = None
+                    for c in parent.children:
+                        if c.name == e:
+                            node = c
+                    if not node:
+                        node = Node(
+                            e, parent=parent, dn=','.join([e, parent.dn])
+                        )
+                    parent = node
+        return exporter.export(root)
+
+    def query(self, **kwargs):
+        codec = 'utf-8'
+        kwargs.setdefault('basedn', u'')
+        kwargs.setdefault('filter', '(objectclass=person)')
+        kwargs.setdefault('attrs', ['*'])
+        kwargs.setdefault('scope', ldap.SCOPE_SUBTREE)
+        kwargs.setdefault('limit', 25)
+        kwargs.setdefault('exclude', [])
+        kwargs.setdefault('dn', False)
+        try:
+            rows = []
+            if not kwargs['dn']:
+                kwargs['attrs'] = [
+                    encode(a).decode(codec) for a in kwargs['attrs']
+                ]
+                data = self.cstr.search(
+                    encode(kwargs['basedn']).decode(codec), kwargs['scope'],
+                    encode(kwargs['filter']).decode(codec), kwargs['attrs']
+                )
+                res = []
+                while 1:
+                    rtype, rdata = self.cstr.result(data, 0)
+                    if (rdata == []):
+                        break
+                    else:
+                        if rtype == ldap.RES_SEARCH_ENTRY:
+                            for i in rdata:
+                                res.append(i)
+            else:
+                res = self.cstr.search_s(kwargs['filter'], kwargs['scope'])
+
+            for idx in res:
+                entry = {}
+                for attr in idx[1]:
+                    if attr not in kwargs['exclude']:
+                        entry[attr] = []
+                        for a in idx[1][attr]:
+                            try:
+                                e = a.decode(codec)
+                            except Exception:
+                                e = b64encode(a).decode(codec)
+                            entry[attr].append(e)
+                rows.append((idx[0], entry))
+        except ldap.LDAPError:
+            print(ldap.LDAPError)
+        except Exception as e:
+            print(str(e))
+        return rows
+
+    def modify(self, dn, dict_new, dict_old={}):
+        codec = 'utf-8'
+        tasks = []
+        for i in dict_new:
+            attr_new = [encode(dict_new[i], codec)]
+            if i in dict_old:
+                if dict_old[i] == '*':
+                    tasks.append((ldap.MOD_REPLACE, i, attr_new))
+                else:
+                    attr_old = [encode(dict_old[i], codec)]
+                    tasks.append((ldap.MOD_DELETE, i, attr_old))
+                    tasks.append((ldap.MOD_ADD, i, attr_new))
+            else:
+                tasks.append((ldap.MOD_ADD, i, dict_new[i]))
+
+        print(dn, tasks)
+        self.cstr.modify_s(dn, tasks)
+
+    def make_secret(self, passwd, enc='SSHA'):
+        salt = os.urandom(4)
+        sha = hashlib.sha1(passwd)
+        sha.update(salt)
+
+        digest_salt_b64 = '{0}{1}'.format(
+            sha.digest(), salt
+        ).encode('base64').strip()
+        tagged_digest_salt = '{{{0}}}{1}'.format(enc, digest_salt_b64)
+
+        return tagged_digest_salt