diff options
author | azul <azul@riseup.net> | 2013-03-14 07:36:54 -0700 |
---|---|---|
committer | azul <azul@riseup.net> | 2013-03-14 07:36:54 -0700 |
commit | 869ba2f363a48d0f76321efc08a228f54aeb6758 (patch) | |
tree | 00944b79cd5abb5058ac2ea432c32ea433b1aebd | |
parent | 886585a0f673e0ea70abb99504ff9c70180361d5 (diff) | |
parent | 1f874dc62e0d0add285f6ab5ff1b6d8fccaa1912 (diff) |
Merge pull request #37 from azul/feature/migration-flow
Migration flow for couch db
-rw-r--r-- | .travis.yml | 6 | ||||
-rw-r--r-- | DEPLOY.md | 19 | ||||
-rw-r--r-- | core/lib/extensions/couchrest.rb | 52 | ||||
-rw-r--r-- | test/config/couchdb.yml.admin | 6 | ||||
-rw-r--r-- | test/config/couchdb.yml.user | 5 | ||||
-rwxr-xr-x | test/setup_couch.sh | 15 |
6 files changed, 86 insertions, 17 deletions
diff --git a/.travis.yml b/.travis.yml index 6b9a119..232467c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,3 +2,9 @@ services: - couchdb notifications: email: false +before_script: + - "test/setup_couch.sh" + - "mv test/config/couchdb.yml.admin config/couchdb.yml" + - "bundle exec rake couchrest:migrate_with_proxies" + - "bundle exec rake couchrest:migrate_with_proxies" # looks like this needs to run twice + - "mv test/config/couchdb.yml.user config/couchdb.yml" @@ -9,8 +9,8 @@ These instructions are targeting a Debian GNU/Linux system. You might need to ch The following packages need to be installed: * git -* ruby1.8 -* rubygems1.8 +* ruby1.9 +* rubygems1.9 * couchdb (if you want to use a local couch) ### Setup Capistrano ### @@ -25,5 +25,18 @@ run `cap deploy` to deploy to the server. Please make sure your deploy includes the following files: -* config/cert * public/config/provider.json +* config/couchdb.yml + +## Couch Security ## + +We recommend against using an admin user for running the webapp. To avoid this couch design documents need to be created ahead of time and the auto update mechanism needs to be disabled. +Take a look at test/setup_couch.sh for an example of securing the couch. After securing the couch migrations need to be run with admin permissions. The before_script block in .travis.yml illustrates how to do this: + +``` +mv test/config/couchdb.yml.admin config/couchdb.yml # use admin privileges +bundle exec rake couchrest:migrate_with_proxies # run the migrations +bundle exec rake couchrest:migrate_with_proxies # looks like this needs to run twice +mv test/config/couchdb.yml.user config/couchdb.yml # drop admin privileges +``` + diff --git a/core/lib/extensions/couchrest.rb b/core/lib/extensions/couchrest.rb index ca4b608..57bb837 100644 --- a/core/lib/extensions/couchrest.rb +++ b/core/lib/extensions/couchrest.rb @@ -1,26 +1,50 @@ module CouchRest - module Model::Designs + module Model + module Designs - class View + class View - # so we can called Ticket.method.descending or Ticket.method.ascending - def ascending - self + # so we can called Ticket.method.descending or Ticket.method.ascending + def ascending + self + end end - end - class DesignMapper - def load_views(dir) - Dir.glob("#{dir}/*.js") do |js| - name = File.basename(js, '.js') - file = File.open(js, 'r') - view name.to_sym, - :map => file.read, - :reduce => "function(key, values, rereduce) { return sum(values); }" + class DesignMapper + def load_views(dir) + Dir.glob("#{dir}/*.js") do |js| + name = File.basename(js, '.js') + file = File.open(js, 'r') + view name.to_sym, + :map => file.read, + :reduce => "function(key, values, rereduce) { return sum(values); }" + end end end end + class Migrate + def self.load_all_models_with_engines + self.load_all_models_without_engines + return unless defined?(Rails) + Dir[Rails.root + '**/models/**/*.rb'].each do |path| + require path + end + end + + def self.all_models_and_proxies + callbacks = migrate_each_model(find_models) + callbacks += migrate_each_proxying_model(find_proxying_models) + cleanup(callbacks) + end + + + + class << self + alias_method_chain :load_all_models, :engines + end + + end end class ModelRailtie diff --git a/test/config/couchdb.yml.admin b/test/config/couchdb.yml.admin new file mode 100644 index 0000000..0988bc1 --- /dev/null +++ b/test/config/couchdb.yml.admin @@ -0,0 +1,6 @@ +test: + auto_update_design_doc: false + username: "anna" + password: "secret" + prefix: "" + diff --git a/test/config/couchdb.yml.user b/test/config/couchdb.yml.user new file mode 100644 index 0000000..9c8b67b --- /dev/null +++ b/test/config/couchdb.yml.user @@ -0,0 +1,5 @@ +test: + auto_update_design_doc: false + username: "me" + password: "pwd" + prefix: "" diff --git a/test/setup_couch.sh b/test/setup_couch.sh new file mode 100755 index 0000000..39e264f --- /dev/null +++ b/test/setup_couch.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +HOST="http://localhost:5984" +echo "creating user :" +curl -HContent-Type:application/json -XPUT $HOST/_users/org.couchdb.user:me --data-binary '{"_id": "org.couchdb.user:me","name": "me","roles": [],"type": "user","password": "pwd"}' +echo "creating databases :" +curl -X PUT $HOST/sessions +curl -X PUT $HOST/users +curl -X PUT $HOST/tickets +echo "restricting database access :" +curl -X PUT $HOST/sessions/_security -Hcontent-type:application/json --data-binary '{"admins":{"names":[],"roles":[]},"members":{"names":["me"],"roles":[]}}' +curl -X PUT $HOST/users/_security -Hcontent-type:application/json --data-binary '{"admins":{"names":[],"roles":[]},"members":{"names":["me"],"roles":[]}}' +curl -X PUT $HOST/tickets/_security -Hcontent-type:application/json --data-binary '{"admins":{"names":[],"roles":[]},"members":{"names":["me"],"roles":[]}}' +echo "adding admin :" +curl -X PUT $HOST/_config/admins/anna -d '"secret"' |