diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml new file mode 100644 index 0000000..f4b017f --- /dev/null +++ b/.github/workflows/linter.yml @@ -0,0 +1,14 @@ +name: Lint +on: [push] +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Setup make + run: | + sudo apt-get install make + - name: Build docker container + run: make build + - name: Run linter + run: make lint diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml new file mode 100644 index 0000000..e57aae6 --- /dev/null +++ b/.github/workflows/unit-tests.yml @@ -0,0 +1,14 @@ +name: Unit Tests +on: [push] +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Setup make + run: | + sudo apt-get install make + - name: Build docker container + run: make build + - name: Run unit tests + run: make test diff --git a/Dockerfile b/Dockerfile index 652d066..73b1bfd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,30 +13,26 @@ RUN DEBIAN_FRONTEND=noninteractive \ && apt-get autoremove -y # Set env variables used in this Dockerfile (add a unique prefix, such as DEV) -RUN apt update && apt install -y netcat dnsutils - -RUN useradd -rm -d /home/app -s /bin/bash -g root -G sudo -u 1001 app +RUN apt update && apt install -y netcat dnsutils libmariadbclient-dev git + +RUN mkdir -p /ebs/logs && touch /ebs/logs/engima.log && chmod 777 /ebs/logs/engima.log + +ARG APPUID=1001 +RUN useradd -rm -d /home/app -s /bin/bash -g root -G sudo -u "$APPUID" app +WORKDIR /srv/code/dev +RUN git clone https://github.com/browserstack/enigma.git . +RUN mkdir -p Access/access_modules +COPY config.json.sample config.json +RUN cp requirements.txt /tmp/ +RUN mkdir -p logs +RUN mkdir -p db +RUN chown -R app /srv/code/dev /ebs USER app -# Directory in container for all project files -ENV DEV_SRVHOME=/srv - -# Local directory with project source -ENV DEV_SRC=code/dev - -# Directory in container for project source files -ENV DEV_SRVPROJ=$DEV_SRVHOME/$DEV_SRC - -# Create application subdirectories -WORKDIR $DEV_SRVPROJ - -# Copy just requirements.txt -COPY requirements.txt /tmp/requirements.txt - -# Install Python dependencies -RUN pip install -r /tmp/requirements.txt --no-cache-dir - -COPY . . +COPY requirements.txt /tmp/access-module-requirements.txt +RUN pip install -r /tmp/requirements.txt --no-cache-dir --ignore-installed +RUN pip install -r /tmp/access-module-requirements.txt --no-cache-dir --ignore-installed +COPY --chown=app:root . ./Access/access_modules # Starts Docker Container and keeps it running for Debugging FROM base as test diff --git a/Makefile b/Makefile index b112cf6..d40f04e 100644 --- a/Makefile +++ b/Makefile @@ -1,39 +1,50 @@ +APP_UID := $(shell id -u) + ## make all : Run service, test and linter .PHONY: all all: test lint .PHONY: build +build: export APPUID = $(APP_UID) build: - @docker-compose up -d + @docker-compose up --build -d .PHONY: down down: @docker-compose -f docker-compose.yml down -## Run tests with coverage -.PHONY: test -test: - @if [ $$(docker ps -f name=test | wc -l) -eq 2 ]; then \ - docker exec test python -m pytest --version; \ +ensure_container_for_test: + @if [ $$(docker ps -a -f name=test | wc -l) -eq 2 ]; then \ + docker exec test python -m pytest --version; \ else \ - echo "No containers running.. Starting runserver:"; \ + echo "No containers running.. "; \ make build; \ - echo "Running Tests"; \ fi - @docker exec test python -m pytest -v --cov --disable-warnings;\ - echo "Tests finished. Stopping runserver:" && make down +## Run tests with coverage +.PHONY: test +test: export APPUID = $(APP_UID) +test: ensure_container_for_test -## Create lint issues file -.PHONY: lint_issues -lint_issues: - @touch $@ + @docker exec test python -m pytest -v --cov --disable-warnings Access/access_modules + @if [ "$$?" -ne 0 ]; then \ + echo "Unit Tests failed"; \ + exit 1; \ + else \ + echo "Unit Tests passed"; \ + fi -## Lint code using pylama skipping files in env (if pyenv created) .PHONY: lint -lint: lint_issues - @python3 -m pylama --version - @pylama --skip "./env/*" -r lint_issues || echo "Linter run returned errors. Check lint_issues file for details." && false +lint: export APPUID = $(APP_UID) +lint: ensure_container_for_test + @docker exec test python -m pylama --version + @docker exec test python -m pylama Access/access_modules + @if [ "$$?" -ne 0 ]; then \ + echo "Linter checks failed"; \ + exit 1; \ + else \ + echo "Linter checks passed"; \ + fi run_semgrep: $(shell semgrep --error --config "p/cwe-top-25" --config "p/owasp-top-ten" --config "p/r2c-security-audit") diff --git a/config.json.sample b/config.json.sample new file mode 100644 index 0000000..e15444b --- /dev/null +++ b/config.json.sample @@ -0,0 +1,108 @@ +{ + "django_setup": { + "SECRET_KEY": "random_secret_that_you_should_change_on_production", + "DEBUG": false, + "ALLOWED_HOSTS": [ + "localhost" + ], + "CSRF_TRUSTED_ORIGINS": [ + "http://localhost" + ] + }, + "sso": { + "googleapi": { + "SOCIAL_AUTH_GOOGLE_OAUTH2_KEY": "", + "SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET": "" + } + }, + "database": { + "engine": "sqlite3", + "dbname": "", + "username": "", + "password": "", + "host": "", + "port": 3306 + }, + "access_modules": { + "git_urls": [ + "https://github.com/browserstack/enigma-access-modules.git" + ], + "confluence_module": { + "CONFLUENCE_BASE_URL": "https://test.atlassian.net", + "ADMIN_EMAIL": "test@browserstack.com", + "API_TOKEN": "xyz" + }, + "aws_access": { + "aws_accounts": [ + { + "account": "Dev", + "access_key_id": "id", + "secret_access_key": "key" + } + ] + }, + "github_access": { + "GITHUB_TOKEN": "test-token", + "GITHUB_BASE_URL": "https://api.github.com", + "GITHUB_ORG": "browserstack" + }, + "gcp_access": { + "domains": [ + { + "domain_id": "browserstack.com", + "admin_id": "test@browserstack.com", + "service_account_path": "./gcp.json" + } + ] + }, + "zoom_access": { + "ZOOM_BASE_URL": "https://api.zoom.us/v2/", + "ZOOM_CLIENT_SECRET": "test-secret", + "ZOOM_API_KEY": "test-api" + }, + "ssh": { + "engima_root_user": "enigma-user", + "app_user": "app", + "inventory_file_path": "Access/access_modules/ssh/inventory.csv", + "common_sudo_group": "sudoppl", + "private_key_path": "/Users/username/.ssh/id_rsa" + }, + "opsgenie_access": { + "OPSGENIE_TOKEN": "test-token", + "IGNORE_TEAMS": [ + "team_1", + "team_2" + ] + }, + "slack_access": { + "enigma-slack": { + "AUTH_TOKEN": "abc", + "DEFAULT_CHANNELS": [ + "general" + ] + } + } + }, + "enigmaGroup": { + "MAIL_APPROVER_GROUPS": [] + }, + "emails": { + "access-approve": "", + "EMAIL_HOST": "", + "EMAIL_PORT": "", + "EMAIL_HOST_USER": "", + "EMAIL_HOST_PASSWORD": "", + "EMAIL_USE_TLS": true, + "EMAIL_USE_SSL": false, + "DEFAULT_FROM_EMAIL": "" + }, + "background_task_manager": { + "type": "celery", + "config": { + "broker": "", + "backend": "", + "need_monitoring": true, + "monitoring_apps": "django_celery_results" + } + } +} diff --git a/docker-compose.yml b/docker-compose.yml index 97b1faa..20e91d2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,5 +10,5 @@ services: env_file: - ./secrets/ops_app_test.env volumes: - - .:/srv/code/dev - ./mounts/logs/:/ebs/logs/ + - ./:/srv/code/dev/Access/access_modules/