health: implemented check for LDAP

In order to implement this, I needed to move things a bit on the LDAP
support. So much, that I ended up refactoring quite some pieces that
needed it.

Fixes #1810

Signed-off-by: Miquel Sabaté Solà <[email protected]>

Author: mssola

app/controllers/auth/sessions_controller.rb

@@ -9,7 +9,7 @@ class Auth::SessionsController < Devise::SessionsController
   # or LDAP support is enabled, work as usual. Otherwise, redirect always to
   # the signup page.
   def new
-    signup_allowed = !Portus::LDAP.enabled? && APP_CONFIG.enabled?("signup")
+    signup_allowed = APP_CONFIG.disabled?("ldap") && APP_CONFIG.enabled?("signup")
 
     if User.not_portus.any? || !signup_allowed
       @errors_occurred = flash[:alert].present?
@@ -28,7 +28,7 @@ def new
   def create
     super
 
-    if ::Portus::LDAP.enabled? && session[:first_login]
+    if APP_CONFIG.enabled?("ldap") && session[:first_login]
       session[:first_login] = nil
       session_flash(current_user, nil)
     else

app/controllers/concerns/check_ldap.rb

@@ -14,6 +14,6 @@ module CheckLDAP
 
   # Redirect to the login page if LDAP is enabled.
   def check_ldap
-    redirect_to new_user_session_path if Portus::LDAP.enabled?
+    redirect_to new_user_session_path if APP_CONFIG.enabled?("ldap")
   end
 end

app/helpers/application_helper.rb

@@ -49,12 +49,12 @@ def activity_time_tag(ct)
 
   # Returns true of signup is enabled.
   def signup_enabled?
-    !Portus::LDAP.enabled? && APP_CONFIG.enabled?("signup")
+    APP_CONFIG.disabled?("ldap") && APP_CONFIG.enabled?("signup")
   end
 
   # Returns true if the login form should show the "first user admin" alert.
   def show_first_user_alert?
-    User.not_portus.none? && APP_CONFIG.enabled?("first_user_admin") && Portus::LDAP.enabled?
+    User.not_portus.none? && APP_CONFIG.enabled?("first_user_admin") && APP_CONFIG.enabled?("ldap")
   end
 
   # Returns pagination limit config

app/models/user.rb

@@ -52,7 +52,7 @@ class User < ActiveRecord::Base
                             ],
                             authentication_keys: [:username]]
 
-  enabled_devise_modules.delete(:validatable) if Portus::LDAP.enabled?
+  enabled_devise_modules.delete(:validatable) if APP_CONFIG.enabled?("ldap")
   devise(*enabled_devise_modules)
 
   APPLICATION_TOKENS_MAX = 5
@@ -80,7 +80,7 @@ class User < ActiveRecord::Base
   # Special method used by Devise to require an email on signup. This is always
   # true except for LDAP.
   def email_required?
-    !(Portus::LDAP.enabled? && email.blank?)
+    !(APP_CONFIG.enabled?("ldap") && email.blank?)
   end
 
   # It adds an error if the username clashes with either a namespace or a team.

app/views/devise/registrations/edit.html.slim

@@ -81,7 +81,7 @@
                       any affiliations with any team will be lost.
                   = submit_tag('Disable', class: 'btn btn-primary')
 
-  - unless ::Portus::LDAP.enabled?
+  - if APP_CONFIG.disabled?("ldap")
     - if current_user.email?
       .col-sm-6
         .panel.panel-default

app/views/devise/sessions/new.html.slim

@@ -5,11 +5,11 @@ section.row-0
       = render 'shared/notifications'
       = image_tag 'layout/portus-logo-login-page.png', class: 'login-picture'
       = form_for(resource, as: resource_name, url: session_path(resource_name)) do |f|
-        - if Portus::LDAP.enabled? || APP_CONFIG.enabled?("oauth.local_login")
+        - if APP_CONFIG.enabled?("ldap") || APP_CONFIG.enabled?("oauth.local_login")
           = f.text_field :username, class: 'input form-control input-lg first', placeholder: 'Username', autofocus: true, required: true
           = f.password_field :password, class: 'input form-control input-lg last', placeholder: 'Password', autocomplete: 'off', required: true
           = f.button id: "login-btn", class: 'classbutton btn btn-primary btn-block btn-lg' do
-            - if Portus::LDAP.enabled?
+            - if APP_CONFIG.enabled?("ldap")
               i.fa.fa-check
               ' LDAP Login
             - else
@@ -25,7 +25,7 @@ section.row-0
                 = link_to "Explore", explore_index_path, id: "explore", class: 'btn btn-link', title: "Explore existing images from this registry"
             .col-sm-4.forgot-password
               = link_to "I forgot my password", new_user_password_path, class: 'btn btn-link'
-          - elsif !Portus::LDAP.enabled?
+          - elsif APP_CONFIG.disabled?("ldap")
             - if APP_CONFIG.enabled?("anonymous_browsing")
               .col-sm-6.explore
                 = link_to "Explore", explore_index_path, id: "explore", class: 'btn btn-link', title: "Explore existing images from this registry"

bin/check_services.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+require "optparse"
+require "ostruct"
+require "json"
+
+require "portus/health"
+
+# Returns true if the given string value contains a truthy value.
+def truthy?(val)
+  v = val&.downcase
+  v == "t" || v == "y" || v == "1"
+end
+
+##
+# Parse options.
+
+options = OpenStruct.new(quiet: false, components: [])
+
+# It can come as flags.
+OptionParser.new do |opt|
+  opt.on("-q", "--quiet")                         { options.quiet = true }
+  opt.on("-c COMPONENT", "--component COMPONENT") { |o| options.components << o }
+end.parse!
+
+# It can also come as environment variables.
+options.quiet = true if truthy?(ENV["PORTUS_HEALTH_QUIET"])
+(1..5).each do |n|
+  v = ENV["PORTUS_HEALTH_COMPONENT_#{n}"]
+  break if v.nil?
+  options.components << v
+end
+
+##
+# Actual call.
+
+response, _success = ::Portus::Health.check
+hsh = if options.components.any?
+        response.select { |k, _v| options.components.include?(k) }
+      else
+        response
+      end
+
+puts JSON.pretty_generate(hsh) unless options.quiet
+
+success = hsh.all? { |_, v| v[:success] }
+exit success ? 0 : 1

bin/health.rb

@@ -124,6 +124,13 @@ def cn
 yml["services"]["portus"]["environment"] << "PORTUS_LOG_LEVEL=debug"
 yml["services"]["background"]["environment"] << "PORTUS_LOG_LEVEL=debug"
 
+# Variables for the health command.
+yml["services"]["portus"]["environment"] << "PORTUS_HEALTH_QUIET=1"
+yml["services"]["portus"]["environment"] << "PORTUS_HEALTH_COMPONENT_1=database"
+if ENV["PORTUS_INTEGRATION_PROFILE"] == "ldap"
+  yml["services"]["portus"]["environment"] << "PORTUS_HEALTH_COMPONENT_2=ldap"
+end
+
 # Add profiles.
 yml["services"]["portus"]["volumes"] << "./profiles:/srv/Portus/spec/integration/profiles:ro"
 yml["services"]["portus"]["volumes"] << "./helpers:/srv/Portus/spec/integration/helpers:ro"

bin/integration/integration.rb

@@ -50,30 +50,16 @@ start_containers() {
         LDAP=0
 
         while [ $RETRY -ne 0 ]; do
-            msg=$(SKIP_MIGRATION=1 docker exec $CNAME portusctl exec rails r /srv/Portus/bin/check_services.rb)
-            case $(echo "$msg" | grep DB) in
-                "DB_READY")
-                    DB=1
-                    ;;
-                *)
-                    echo "Database is not ready yet:"
-                    echo $msg
-                    ;;
-            esac
-
-            case $(echo "$msg" | grep LDAP) in
-                "LDAP_DISABLED"|"LDAP_OK")
-                    LDAP=1
-                    ;;
-                *)
-                    echo "LDAP is not ready yet"
-                    ;;
-            esac
-
-            if (( "$DB" == "1" )) && (( "$LDAP" == "1" )); then
-                echo "Let's go!"
+            set +e
+            docker exec $CNAME portusctl exec rails r /srv/Portus/bin/health.rb
+            if [ $? -eq "0" ]; then
+                set -e
+                echo "We are all set, let's go!"
                 break
+            else
+                echo "Waiting for services to be ready..."
             fi
+            set -e
 
             if [ "$COUNT" -ge "$TIMEOUT" ]; then
                 echo "[integration] Timeout  reached, exiting with error"