always use project and account id since they can randomly change

viraptor · Nov 13, 2017 · d6e8300 · d6e8300
1 parent 33e383a
commit d6e8300
Show file tree

Hide file tree

Showing 9 changed files with 90 additions and 30 deletions.
diff --git a/.env.example b/.env.example
@@ -168,6 +168,7 @@ PERIODICAL=stop_expired_deploys:60,remove_expired_locks:60,report_system_stats:6
 # [email protected]
 
 ## Gcloud
-# GCLOUD_IMG_TAGGER=true # enable image tagging
-# GCLOUD_IMG_TAGGER_OPTS="--verbose" # image tagging options
-# GCLOUD_BUILDER_PROJECT_ID="foo-123"
+# GCLOUD_IMAGE_TAGGER=true    # optional, enable image tagging
+# GCLOUD_OPTIONS=--verbose    # optional, options
+# GCLOUD_PROJECT=foo-123
+# GCLOUD_ACCOUNT=my-account
diff --git a/plugins/gcloud/README.md b/plugins/gcloud/README.md
@@ -19,6 +19,7 @@ trigger a build. This only works if something is notifying samson about new GCR
 
 ## ENV Vars
 
-  - `GCLOUD_IMG_TAGGER` - set to `true` to enable tagging on deploy
-  - `GCLOUD_IMG_TAGGER_OPTS` - specify options that are passed to the `gcloud` command
-  - `GCLOUD_BUILDER_PROJECT_ID` - project id to use when building gcloud images via build_with_gcb
+  - `GCLOUD_PROJECT` - project to use
+  - `GCLOUD_ACCOUNT` - account to use
+  - `GCLOUD_OPTIONS` - additional commandline options
+  - `GCLOUD_IMAGE_TAGGER` - set to `true` to enable tagging on deploy
diff --git a/plugins/gcloud/lib/samson_gcloud/image_builder.rb b/plugins/gcloud/lib/samson_gcloud/image_builder.rb
@@ -6,11 +6,11 @@ def build_image(build, dir, output, dockerfile:)
         raise "Only supports building Dockerfile atm" if dockerfile != "Dockerfile"
 
         repo = build.project.repository_path.parameterize
-        base = "gcr.io/#{gcloud_project_id.shellescape}/samson/#{repo}"
+        base = "gcr.io/#{SamsonGcloud.project}/samson/#{repo}"
         tag = "#{base}:#{build.git_sha}"
         command = [
           "gcloud", *SamsonGcloud.container_in_beta, "container", "builds", "submit", ".",
-          "--tag", tag, "--project", gcloud_project_id
+          "--tag", tag, *SamsonGcloud.cli_options
         ]
 
         executor = TerminalExecutor.new(output)
@@ -21,12 +21,6 @@ def build_image(build, dir, output, dockerfile:)
         return unless digest = output.to_s[/digest: (\S+:\S+)/, 1]
         "#{base}@#{digest}"
       end
-
-      private
-
-      def gcloud_project_id
-        ENV.fetch("GCLOUD_BUILDER_PROJECT_ID")
-      end
     end
   end
 end
diff --git a/plugins/gcloud/lib/samson_gcloud/image_tagger.rb b/plugins/gcloud/lib/samson_gcloud/image_tagger.rb
@@ -10,16 +10,14 @@ def tag(deploy)
         return unless builds = deploy.project.builds.
           where(git_sha: deploy.job.commit).where.not(docker_repo_digest: nil).to_a.presence
 
-        gcloud_options = Shellwords.split(ENV.fetch('GCLOUD_IMG_TAGGER_OPTS', ''))
-
         builds.each do |build|
           digest = build.docker_repo_digest
           next unless digest =~ /(^|\/|\.)gcr.io\// # gcr.io or https://gcr.io or region like asia.gcr.io
           base = digest.split('@').first
           tag = deploy.stage.permalink
           command = [
             "gcloud", *SamsonGcloud.container_in_beta, "container", "images", "add-tag", digest, "#{base}:#{tag}",
-            "--quiet", *gcloud_options
+            "--quiet", *SamsonGcloud.cli_options
           ]
           success, output = Samson::CommandExecutor.execute(*command, timeout: 10)
           deploy.job.append_output!(

diff --git a/plugins/gcloud/lib/samson_gcloud/samson_plugin.rb b/plugins/gcloud/lib/samson_gcloud/samson_plugin.rb
@@ -15,13 +15,26 @@ def container_in_beta
         beta ? ["beta"] : []
       end
     end
+
+    def cli_options
+      Shellwords.split(ENV.fetch('GCLOUD_OPTIONS', '')) +
+        ["--account", account, "--project", project]
+    end
+
+    def project
+      ENV.fetch("GCLOUD_PROJECT").shellescape
+    end
+
+    def account
+      ENV.fetch("GCLOUD_ACCOUNT").shellescape
+    end
   end
 end
 
 Samson::Hooks.view :project_form_checkbox, "samson_gcloud/project_form_checkbox"
 
 Samson::Hooks.callback :after_deploy do |deploy, _|
-  SamsonGcloud::ImageTagger.tag(deploy) if ENV['GCLOUD_IMG_TAGGER'] == 'true'
+  SamsonGcloud::ImageTagger.tag(deploy) if ENV['GCLOUD_IMAGE_TAGGER'] == 'true'
 end
 
 Samson::Hooks.callback :project_permitted_params do

diff --git a/plugins/gcloud/test/samson_gcloud/image_builder_test.rb b/plugins/gcloud/test/samson_gcloud/image_builder_test.rb
@@ -15,7 +15,7 @@ def build_image
     let(:output) { OutputBuffer.new }
     let(:dockerfile) { "Dockerfile".dup }
 
-    with_env GCLOUD_BUILDER_PROJECT_ID: 'p-123'
+    with_env GCLOUD_PROJECT: 'p-123', GCLOUD_ACCOUNT: 'acc'
 
     before { SamsonGcloud.stubs(container_in_beta: []) }
 

diff --git a/plugins/gcloud/test/samson_gcloud/image_tagger_test.rb b/plugins/gcloud/test/samson_gcloud/image_tagger_test.rb
@@ -12,7 +12,9 @@ def tag
       SamsonGcloud::ImageTagger.tag(deploy)
     end
 
-    with_env DOCKER_FEATURE: 'true'
+    with_env DOCKER_FEATURE: 'true', GCLOUD_PROJECT: '123', GCLOUD_ACCOUNT: 'acc'
+
+    let(:auth_options) { ['--account', 'acc', '--project', '123'] }
 
     before do
       build.update_columns(
@@ -26,7 +28,7 @@ def tag
     it "tags" do
       Samson::CommandExecutor.expects(:execute).with(
         'gcloud', 'container', 'images', 'add-tag', 'gcr.io/sdfsfsdf@some-sha', 'gcr.io/sdfsfsdf:staging',
-        anything, anything
+        '--quiet', *auth_options, anything
       ).returns([true, "OUT"])
       tag
       deploy.job.output.must_include "\nOUT\nSUCCESS"
@@ -59,16 +61,16 @@ def tag
     it "tags with beta when containers are in beta" do
       SamsonGcloud.stubs(container_in_beta: ['beta'])
       Samson::CommandExecutor.expects(:execute).with(
-        'gcloud', 'beta', 'container', 'images', 'add-tag', anything, anything, anything, anything, anything
+        'gcloud', 'beta', 'container', 'images', 'add-tag', anything, anything, '--quiet', *auth_options, anything
       ).returns([true, "OUT"])
       tag
     end
 
     it "includes options from ENV var" do
-      with_env(GCLOUD_IMG_TAGGER_OPTS: '--foo "bar baz"') do
+      with_env(GCLOUD_OPTIONS: '--foo "bar baz"') do
         Samson::CommandExecutor.expects(:execute).with(
           'gcloud', 'container', 'images', 'add-tag', 'gcr.io/sdfsfsdf@some-sha', 'gcr.io/sdfsfsdf:staging',
-          '--quiet', '--foo', 'bar baz', anything
+          '--quiet', '--foo', 'bar baz', *auth_options, anything
         ).returns([true, "OUT"])
         tag
       end

diff --git a/plugins/gcloud/test/samson_gcloud/samson_plugin_test.rb b/plugins/gcloud/test/samson_gcloud/samson_plugin_test.rb
@@ -8,7 +8,7 @@
     let(:deploy) { deploys(:succeeded_test) }
 
     it "tags" do
-      with_env GCLOUD_IMG_TAGGER: 'true' do
+      with_env GCLOUD_IMAGE_TAGGER: 'true' do
         SamsonGcloud::ImageTagger.expects(:tag)
         Samson::Hooks.fire(:after_deploy, deploy, deploy.user)
       end
@@ -38,4 +38,54 @@ def expect_version_check(version)
       SamsonGcloud.container_in_beta.must_equal ["beta"]
     end
   end
+
+  describe ".cli_options" do
+    it "includes options from ENV var" do
+      with_env(GCLOUD_ACCOUNT: 'acc', GCLOUD_PROJECT: 'proj', GCLOUD_OPTIONS: '--foo "bar baz"') do
+        SamsonGcloud.cli_options.must_equal ['--foo', 'bar baz', '--account', 'acc', '--project', 'proj']
+      end
+    end
+
+    it "does not include options from ENV var when not set" do
+      with_env(GCLOUD_ACCOUNT: 'acc', GCLOUD_PROJECT: 'proj') do
+        SamsonGcloud.cli_options.must_equal ['--account', 'acc', '--project', 'proj']
+      end
+    end
+  end
+
+  describe ".project" do
+    it "fetches" do
+      with_env GCLOUD_PROJECT: '123' do
+        SamsonGcloud.project.must_equal "123"
+      end
+    end
+
+    it "cannot be used to hijack commands" do
+      with_env GCLOUD_PROJECT: '123; foo' do
+        SamsonGcloud.project.must_equal "123\\;\\ foo"
+      end
+    end
+
+    it "fails when not set since it would break commands" do
+      assert_raises(KeyError) { SamsonGcloud.project }
+    end
+  end
+
+  describe ".account" do
+    it "fetches" do
+      with_env GCLOUD_ACCOUNT: '123' do
+        SamsonGcloud.account.must_equal "123"
+      end
+    end
+
+    it "cannot be used to hijack commands" do
+      with_env GCLOUD_ACCOUNT: '123; foo' do
+        SamsonGcloud.account.must_equal "123\\;\\ foo"
+      end
+    end
+
+    it "fails when not set since it would break commands" do
+      assert_raises(KeyError) { SamsonGcloud.account }
+    end
+  end
 end
diff --git a/test/models/docker_builder_service_test.rb b/test/models/docker_builder_service_test.rb
@@ -236,11 +236,12 @@ def execute_job
       end
 
       it "stores docker_repo_digest directly" do
-        SamsonGcloud::ImageBuilder.expects(:gcloud_project_id).at_least_once.returns("p-123")
-        build.project.build_with_gcb = true
-        assert service.send(:build_image, tmp_dir)
-        refute build.docker_image_id
-        build.docker_repo_digest.sub(/samson\/[^@]+/, "X").must_equal "gcr.io/p-123/X@sha-123:abc"
+        with_env GCLOUD_PROJECT: 'p-123', GCLOUD_ACCOUNT: 'acc' do
+          build.project.build_with_gcb = true
+          assert service.send(:build_image, tmp_dir)
+          refute build.docker_image_id
+          build.docker_repo_digest.sub(/samson\/[^@]+/, "X").must_equal "gcr.io/p-123/X@sha-123:abc"
+        end
       end
     end
   end