no bug - tweaks for conduit/phabricator dev environments

* tweak

* change around unsafe auth delegation to work in bmo container

* fixes for critic errors

diff --git a/.circleci/checksetup_answers.txt b/.circleci/checksetup_answers.txt
index 8178854acc594024a7accff40cb9cc61948abc8d..d75fcc5dca48c2103ec290faf24c132890764211 100644 (file)
--- a/.circleci/checksetup_answers.txt
+++ b/.circleci/checksetup_answers.txt
@@ -9,5 +9,6 @@ $answer{'cvsbin'} = '/usr/bin/cvs';
 $answer{'password_complexity'} = 'bmo';
 $answer{'diffpath'} = '/usr/bin';
 $answer{'interdiffbin'} = '/usr/bin/interdiff';
-$answer{'urlbase'} = 'http://<<HOSTNAME>>:8000/';
+$answer{'urlbase'} = 'http://bmo.test/';
 $answer{'mail_delivery_method'} = 'Test';
+$answer{'auth_delegation'} = 1;

diff --git a/.circleci/config.yml b/.circleci/config.yml
index f13b10a58db45350d566acf0cb4db10584792781..0b2071a3787b4b2d8f14043c2154b424ffb25318 100644 (file)
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -54,8 +54,8 @@ defaults:
     run:
       command: |
         mv /opt/bmo/local /app/local
-        perl -MSys::Hostname -i -pE 's/<<HOSTNAME>>/hostname()/ges' $BZ_QA_CONF_FILE
-        perl -MSys::Hostname -i -pE 's/<<HOSTNAME>>/hostname()/ges' $BZ_QA_ANSWERS_FILE
+        perl -MSys::Hostname -i -pE 's/bmo.test/hostname().":8000"/ges' $BZ_QA_CONF_FILE
+        perl -MSys::Hostname -i -pE 's/bmo.test/hostname().":8000"/ges' $BZ_QA_ANSWERS_FILE
         perl checksetup.pl --no-database --default-localconfig
         mkdir artifacts
 
@@ -159,7 +159,7 @@ jobs:
       - run: |
           mv /opt/bmo/local /app/local
           perl checksetup.pl --no-database
-          perl -MSys::Hostname -i -pE 's/<<HOSTNAME>>/hostname()/ges' $BZ_QA_ANSWERS_FILE
+          perl -MSys::Hostname -i -pE 's/bmo.test/hostname().":8000"/ges' $BZ_QA_ANSWERS_FILE
           /app/scripts/entrypoint.pl load_test_data
           mkdir artifacts
       - run: |

diff --git a/.perlcriticrc b/.perlcriticrc
index b61acbbc53e1556f8da5b1e354ea37dc1a0dc016..84eb0f8a55fa833f6dd67fe21c884c0d06fa2451 100644 (file)
--- a/.perlcriticrc
+++ b/.perlcriticrc
@@ -1,6 +1,12 @@
 theme = freenode || core || certrec || certrule || performance || security
 severity = 1
 
+[-CodeLayout::RequireTidyCode]
+#perltidyrc = .perltidyrc
+[InputOutput::RequireCheckedSyscalls]
+functions = :builtins
+exclude_functions = print
+
 [-BuiltinFunctions::ProhibitUselessTopic]
 [-ControlStructures::ProhibitCascadingIfElse]
 [-ControlStructures::ProhibitPostfixControls]
@@ -19,6 +25,7 @@ severity = 1
 [-ValuesAndExpressions::ProhibitVersionStrings]
 [-Variables::ProhibitLocalVars]
 [-Variables::ProhibitPackageVars]
+[-ValuesAndExpressions::ProhibitNoisyQuotes]
 
 # this policy is broken currently
 [-Freenode::PackageMatchesFilename]

diff --git a/Bugzilla/Install/Filesystem.pm b/Bugzilla/Install/Filesystem.pm
index 8532356a5adf35c36b478240cfcc0a33959a5d02..4e7ad23023c0fdc3f6c1b60a1908faee99bdcdb9 100644 (file)
--- a/Bugzilla/Install/Filesystem.pm
+++ b/Bugzilla/Install/Filesystem.pm
@@ -106,6 +106,7 @@ sub HTTPD_ENV_CONF {
 
     return join( "\n",
       "PerlPassEnv LOCALCONFIG_ENV",
+      "PerlPassEnv ALLOW_UNSAFE_AUTH_DELEGATION",
       map { "PerlPassEnv " . $_ } ENV_KEYS
     ) . "\n";
 }

diff --git a/README.rst b/README.rst
index a3c731d163fc25a2f5992cab03d85138b7c58e3d..ed800b7584b2e263c315d70b6e4a6ac7a64ceee0 100644 (file)
--- a/README.rst
+++ b/README.rst
@@ -173,6 +173,9 @@ PORT
   plain-text HTTP connections.
   Default: 8000
 
+ALLOW_UNSAFE_AUTH_DELEGATION
+  This should never be set in production. It allows auth delegation over http.
+
 BMO_db_driver
   What SQL database to use. Default is mysql. List of supported databases can be
   obtained by listing Bugzilla/DB directory - every module corresponds to one

diff --git a/auth.cgi b/auth.cgi
index adf5d34751632de9fe83d716aed1cf4a6198d64d..6549ed62da458c0f3731286ccdec9dabe5603d89 100755 (executable)
--- a/auth.cgi
+++ b/auth.cgi
@@ -45,7 +45,7 @@ ThrowUserError("auth_delegation_invalid_description")
 my $callback_uri  = URI->new($callback);
 
 my $legal_protocol
-    = $ENV{BUGZILLA_UNSAFE_AUTH_DELEGATION}
+    = $ENV{ALLOW_UNSAFE_AUTH_DELEGATION}
     ? qr/^https?$/i # http or https
     : qr/^https$/i; # https only
 

diff --git a/heartbeat.cgi b/heartbeat.cgi
index d84a4e8ead24143c357ff3e9b9721479c857a800..40dc8e79b278e6113ffbf797001aa908f148b45a 100755 (executable)
--- a/heartbeat.cgi
+++ b/heartbeat.cgi
@@ -29,7 +29,6 @@ my $ok = eval {
     die "database not available"            unless $database_ok;
     die "memcached server(s) not available" unless $memcached_ok;
     die "mod_perl not configured?"          unless $ENV{MOD_PERL};
-    die "BUGZILLA_UNSAFE_AUTH_DELEGATION"   if $ENV{BUGZILLA_UNSAFE_AUTH_DELEGATION};
     die "missing bmo feature dependencies"  unless Bugzilla->has_feature('bmo');
     1;
 };

diff --git a/scripts/entrypoint.pl b/scripts/entrypoint.pl
index 04d4421803a49a8c12ae036a7cab0773aec3322a..f5abf4966995dbb3e9bf2aa4a9b5f94947777f44 100755 (executable)
--- a/scripts/entrypoint.pl
+++ b/scripts/entrypoint.pl
@@ -23,19 +23,41 @@ use IO::Async::Signal;
 
 use constant CI => $ENV{CI};
 
-my $cmd = shift @ARGV;
-my $func = __PACKAGE__->can("cmd_$cmd")
-    or die "unknown command: $cmd\n";
+my $cmd  = shift @ARGV;
 my $opts = __PACKAGE__->can("opt_$cmd") // sub { @ARGV };
+my $func = __PACKAGE__->can("cmd_$cmd") // sub {
+    check_data_dir();
+    wait_for_db();
+    run(@_);
+};
 
 fix_path();
 check_user();
-check_env() unless $cmd eq 'shell';
-
-$func->(@ARGV);
+check_env(qw(
+    LOCALCONFIG_ENV
+    BMO_db_host
+    BMO_db_name
+    BMO_db_user
+    BMO_db_pass
+    BMO_memcached_namespace
+    BMO_memcached_servers
+)) unless $cmd eq 'shell';
+
+$func->($opts->());
 
 sub cmd_demo {
-    cmd_load_test_data() unless -f "/app/data/params";
+    unless (-f '/app/data/params') {
+        cmd_load_test_data();
+        check_env(qw(
+            PHABRICATOR_LOGIN
+            PHABRICATOR_PASSWORD
+            PHABRICATOR_API_KEY
+            CONDUIT_LOGIN
+            CONDUIT_PASSWORD
+            CONDUIT_API_KEY
+        ));
+        run( 'perl', 'scripts/generate_conduit_data.pl' );
+    }
     cmd_httpd();
 }
 
@@ -300,15 +322,7 @@ sub check_data_dir {
 }
 
 sub check_env {
-    my @require_env = qw(
-        LOCALCONFIG_ENV
-        BMO_db_host
-        BMO_db_name
-        BMO_db_user
-        BMO_db_pass
-        BMO_memcached_namespace
-        BMO_memcached_servers
-    );
+    my (@require_env) = @_;
     my @missing_env = grep { not exists $ENV{$_} } @require_env;
     if (@missing_env) {
         die "Missing required environmental variables: ", join(", ", @missing_env), "\n";

diff --git a/scripts/generate_conduit_data.pl b/scripts/generate_conduit_data.pl
new file mode 100755 (executable)
index 0000000..91c5d26
--- /dev/null
+++ b/scripts/generate_conduit_data.pl
@@ -0,0 +1,162 @@
+#!/usr/bin/perl
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+use strict;
+use warnings;
+use lib qw(. lib local/lib/perl5);
+
+use Bugzilla;
+use Bugzilla::Bug;
+use Bugzilla::Config qw(:admin);
+use Bugzilla::Constants;
+use Bugzilla::User;
+use Bugzilla::User::APIKey;
+
+BEGIN {
+    Bugzilla->extensions;
+}
+
+my $dbh = Bugzilla->dbh;
+
+# set Bugzilla usage mode to USAGE_MODE_CMDLINE
+Bugzilla->usage_mode(USAGE_MODE_CMDLINE);
+
+my $admin_email = shift || 'admin@mozilla.bugs';
+Bugzilla->set_user( Bugzilla::User->check( { name => $admin_email } ) );
+
+##########################################################################
+# Create Conduit Test User
+##########################################################################
+
+my $conduit_login    = $ENV{CONDUIT_LOGIN}    || 'conduit@mozilla.bugs';
+my $conduit_password = $ENV{CONDUIT_PASSWORD} || 'password123456789!';
+my $conduit_api_key  = $ENV{CONDUIT_API_KEY}  || '';
+
+print "creating conduit user account...\n";
+if ( !Bugzilla::User->new( { name => $conduit_login } ) ) {
+    my $new_user = Bugzilla::User->create(
+        {
+            login_name    => $conduit_login,
+            realname      => 'Conduit Test User',
+            cryptpassword => $conduit_password
+        },
+    );
+
+    if ($conduit_api_key) {
+        Bugzilla::User::APIKey->create_special(
+            {
+                user_id     => $new_user->id,
+                description => 'API key for Conduit User',
+                api_key     => $conduit_api_key
+            }
+        );
+    }
+}
+##########################################################################
+# Create Phabricator Automation Bot
+##########################################################################
+
+my $phab_login    = $ENV{PHABRICATOR_LOGIN}    || 'phab-bot@bmo.tld';
+my $phab_password = $ENV{PHABRICATOR_PASSWORD} || 'password123456789!';
+my $phab_api_key  = $ENV{PHABRICATOR_API_KEY}  || '';
+
+print "creating phabricator automation account...\n";
+if ( !Bugzilla::User->new( { name => $phab_login } ) ) {
+    my $new_user = Bugzilla::User->create(
+        {
+            login_name    => $phab_login,
+            realname      => 'Phabricator Automation',
+            cryptpassword => $phab_password
+        },
+    );
+
+    if ($phab_api_key) {
+        Bugzilla::User::APIKey->create_special(
+            {
+                user_id     => $new_user->id,
+                description => 'API key for Phabricator Automation',
+                api_key     => $phab_api_key
+            }
+        );
+    }
+}
+##########################################################################
+# Add Users to Groups
+##########################################################################
+my @users_groups = (
+    { user => 'conduit@mozilla.bugs', group => 'editbugs' },
+    { user => 'conduit@mozilla.bugs', group => 'core-security' },
+    { user => 'phab-bot@bmo.tld',     group => 'editbugs' },
+    { user => 'phab-bot@bmo.tld',     group => 'core-security' },
+);
+print "adding users to groups...\n";
+foreach my $user_group (@users_groups) {
+    my $group = Bugzilla::Group->new( { name => $user_group->{group} } );
+    my $user = Bugzilla::User->new( { name => $user_group->{user} } );
+    my $sth_add_mapping = $dbh->prepare(
+        'INSERT INTO user_group_map (user_id, group_id, isbless, grant_type)'
+        . ' VALUES (?, ?, ?, ?)'
+    );
+
+    # Don't crash if the entry already exists.
+    my $ok = eval {
+        $sth_add_mapping->execute( $user->id, $group->id, 0, GRANT_DIRECT );
+        1;
+    };
+    warn $@ unless $ok;
+}
+
+##########################################################################
+# Create Conduit Test Bug
+##########################################################################
+print "creating conduit test bug...\n";
+Bugzilla->set_user( Bugzilla::User->check( { name => 'conduit@mozilla.bugs' } ) );
+Bugzilla::Bug->create(
+    {
+        product      => 'Firefox',
+        component    => 'General',
+        priority     => '--',
+        bug_status   => 'NEW',
+        version      => 'unspecified',
+        comment      => '-- Comment Created By Conduit User --',
+        rep_platform => 'Unspecified',
+        short_desc   => 'Conduit Test Bug',
+        op_sys       => 'Unspecified',
+        bug_severity => 'normal',
+        version      => 'unspecified',
+    }
+);
+
+##########################################################################
+# Set Parameters
+##########################################################################
+print "setting custom parameters...\n";
+my %set_params = ( password_check_on_login => 0, );
+
+my $params_modified;
+foreach my $param ( keys %set_params ) {
+    my $value = $set_params{$param};
+    next if !$value || Bugzilla->params->{$param} eq $value;
+    SetParam( $param, $value );
+    $params_modified = 1;
+}
+
+write_params() if $params_modified;
+
+##########################################################################
+# Set Phabricator Push Connector Values
+##########################################################################
+print "setting push connector options...\n";
+my ($phab_is_configured) = $dbh->selectrow_array('SELECT COUNT(*) FROM push_options WHERE connector = 'Phabricator'');
+unless ($phab_is_configured) {
+    $dbh->do('INSERT INTO push_options (connector, option_name, option_value) VALUES ('global','enabled','Enabled')');
+    $dbh->do(
+        'INSERT INTO push_options (connector, option_name, option_value) VALUES ('Phabricator','enabled','Enabled')');
+    $dbh->do(
+        'INSERT INTO push_options (connector, option_name, option_value) VALUES ('Phabricator','phabricator_url','http://phabricator.test')'
+    );
+}
+
+print "installation and configuration complete!\n";