Polishing

[resolves #741]

Signed-off-by: Ben Hale <[email protected]>

Author: nebhale

.idea/dictionaries/bhale.xml

@@ -103,7 +103,7 @@ The buildpack supports extension through the use of Git repository forking. The
   * [Metric Writer](docs/framework-metric_writer.md) ([Configuration](docs/framework-metric_writer.md#configuration))
   * [New Relic Agent](docs/framework-new_relic_agent.md) ([Configuration](docs/framework-new_relic_agent.md#configuration))
   * [PostgreSQL JDBC](docs/framework-postgresql_jdbc.md) ([Configuration](docs/framework-postgresql_jdbc.md#configuration))
-  * [ProtectApp Security Provider](docs/framework-protect_app_security_provider.md) ([Configuration](docs/framework-protect_app_security_provider.md#configuration))  
+  * [ProtectApp Security Provider](docs/framework-protect_app_security_provider.md) ([Configuration](docs/framework-protect_app_security_provider.md#configuration))
   * [Riverbed AppInternals Agent](docs/framework-riverbed_appinternals_agent.md) ([Configuration](docs/framework-riverbed_appinternals_agent.md#configuration))
   * [Seeker Security Provider](docs/framework-seeker_security_provider.md) ([Configuration](docs/framework-seeker_security_provider.md#configuration))
   * [Spring Auto Reconfiguration](docs/framework-spring_auto_reconfiguration.md) ([Configuration](docs/framework-spring_auto_reconfiguration.md#configuration))

README.md

@@ -0,0 +1,24 @@
+# Seeker Security Provider Framework
+The Seeker Security Provider Framework causes an application to be bound with a [Seeker Security Provider][s] service instance.
+
+<table>
+  <tr>
+    <td><strong>Detection Criterion</strong></td><td>Existence of a single bound Seeker Security Provider service. The existence of a provider service is defined by the <a href="http://docs.cloudfoundry.org/devguide/deploy-apps/environment-variable.html#VCAP-SERVICES"><code>VCAP_SERVICES</code></a> payload containing a service name, label or tag with <code>seeker</code> as a substring.
+    </td>
+  </tr>
+  <tr>
+    <td><strong>Tags</strong></td>
+    <td><tt>seeker-service-provider</tt></td>
+  </tr>
+</table>
+Tags are printed to standard output by the buildpack detect script
+
+## User-Provided Service
+When binding Appinternals using a user-provided service, it must have <code>seeker</code> as substring. The credential payload must contain the following entries:
+
+| Name | Description
+| ---- | -----------
+| `seeker_server_url` | The fully qualified URL of a Synopsys Seeker Server (e.g. `https://seeker.example.com`)
+
+**NOTE**
+In order to use this integration, the Seeker Server version must be at least `2019.08` or later.

config/seeker_agent.yml

@@ -15,163 +15,78 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require 'java_buildpack/logging/logger_factory'
 require 'java_buildpack/component/base_component'
 require 'java_buildpack/framework'
-require 'fileutils'
-require 'net/http'
-require 'json'
-require 'date'
-require 'cgi'
+require 'java_buildpack/util/dash_case'
 
 module JavaBuildpack
   module Framework
 
     # Encapsulates the functionality for enabling zero-touch Seeker support.
     class SeekerSecurityProvider < JavaBuildpack::Component::BaseComponent
+
       # Creates an instance
       #
       # @param [Hash] context a collection of utilities used the component
       def initialize(context)
         super(context)
-        @logger = JavaBuildpack::Logging::LoggerFactory.instance.get_logger SeekerSecurityProvider
+
+        @uri = download_url(credentials) if supports?
       end
 
       # (see JavaBuildpack::Component::BaseComponent#detect)
       def detect
-        @application.services.one_service? FILTER
+        @uri ? self.class.to_s.dash_case : nil
       end
 
       # (see JavaBuildpack::Component::BaseComponent#compile)
-
       def compile
-        @logger.info { 'Seeker buildpack compile stage start' }
-        credentials = fetch_credentials
-        @logger.info { "Credentials #{credentials}" }
-        assert_configuration_valid(credentials)
-        if should_download_sensor(credentials[ENTERPRISE_SERVER_URL_SERVICE_CONFIG_KEY])
-          fetch_agent_within_sensor(credentials)
-        else
-          fetch_agent_direct(credentials)
+        JavaBuildpack::Util::Cache::InternetAvailability.instance.available(
+          true, 'Downloading from Synopsys Seeker Server'
+        ) do
+          download_zip('', @uri, false, @droplet.sandbox, @component_name)
         end
         @droplet.copy_resources
-      end
-
-      # extract seeker relevant configuration as map
-      def fetch_credentials
-        service = @application.services.find_service FILTER
-        service['credentials']
-      end
-
-      # verify required agent configuration is present
-      def assert_configuration_valid(credentials)
-        mandatory_config_keys =
-          [ENTERPRISE_SERVER_URL_SERVICE_CONFIG_KEY, SENSOR_HOST_SERVICE_CONFIG_KEY,
-           SENSOR_PORT_SERVICE_CONFIG_KEY, SEEKER_SERVER_URL_CONFIG_KEY]
-        mandatory_config_keys.each do |config_key|
-          raise "'#{config_key}' credential must be set" unless credentials[config_key]
-        end
+      rescue StandardError => e
+        raise "Synopsys Seeker download failed: #{e}"
       end
 
       # (see JavaBuildpack::Component::BaseComponent#release)
       def release
-        @logger.info { 'Seeker buildpack release stage start' }
-        credentials = fetch_credentials
+        c = credentials
+
         @droplet.java_opts.add_javaagent(@droplet.sandbox + 'seeker-agent.jar')
         @droplet.environment_variables
-                .add_environment_variable('SEEKER_SENSOR_HOST', credentials[SENSOR_HOST_SERVICE_CONFIG_KEY])
-                .add_environment_variable('SEEKER_SENSOR_HTTP_PORT', credentials[SENSOR_PORT_SERVICE_CONFIG_KEY])
-                .add_environment_variable('SEEKER_SERVER_URL', credentials[SEEKER_SERVER_URL_CONFIG_KEY])
+                .add_environment_variable('SEEKER_SERVER_URL', c[SEEKER_SERVER_URL_CONFIG_KEY])
       end
 
-      # JSON key for the host of the seeker sensor
-      SENSOR_HOST_SERVICE_CONFIG_KEY = 'sensor_host'
-
-      # JSON key for the port of the seeker sensor
-      SENSOR_PORT_SERVICE_CONFIG_KEY = 'sensor_port'
-      # JSON key for the address of seeker sensor
-      SEEKER_SERVER_URL_CONFIG_KEY = 'seeker_server_url'
-
-      # Enterprise server url, for example: `https://seeker-server.com:8082`
-      ENTERPRISE_SERVER_URL_SERVICE_CONFIG_KEY = 'enterprise_server_url'
-
-      # Relative path of the sensor zip
-      SENSOR_ZIP_RELATIVE_PATH_AT_ENTERPRISE_SERVER = 'rest/ui/installers/binaries/LINUX'
-
-      # Relative path of the Java agent jars after Sensor extraction
-      AGENT_JARS_PATH = 'inline/agents/java/*'
+      private
 
       # Relative path of the agent zip
       AGENT_PATH = '/rest/api/latest/installers/agents/binaries/JAVA'
 
-      # Version details of Seekers server REST API path
-      SEEKER_VERSION_API = '/rest/api/version'
-
       # seeker service name identifier
-      FILTER = /seeker/.freeze
-
-      private_constant :SENSOR_HOST_SERVICE_CONFIG_KEY, :SENSOR_PORT_SERVICE_CONFIG_KEY,
-                       :ENTERPRISE_SERVER_URL_SERVICE_CONFIG_KEY, :SENSOR_ZIP_RELATIVE_PATH_AT_ENTERPRISE_SERVER,
-                       :AGENT_JARS_PATH, :AGENT_PATH, :SEEKER_VERSION_API
-
-      private
-
-      def should_download_sensor(server_base_url)
-        json_response = get_seeker_version_details(server_base_url)
-        @logger.debug { "Seeker server response for version WS: #{json_response}" }
-        seeker_version_response = JSON.parse(json_response)
-        seeker_version = seeker_version_response['version']
-        version_prefix = seeker_version[0, 7]
-        last_seeker_version_without_agent_direct_download_date = Date.parse('2018.05.01')
-        @logger.info { "Current Seeker version #{version_prefix}" }
-        current_seeker_version = Date.parse(version_prefix + '.01')
-        current_seeker_version <= last_seeker_version_without_agent_direct_download_date
-      end
+      FILTER = /seeker/i.freeze
 
-      def get_seeker_version_details(server_base_url)
-        uri = URI.parse(server_base_url)
-        http = Net::HTTP.new(uri.host, uri.port)
-        if uri.scheme == 'https'
-          http.verify_mode = OpenSSL::SSL::VERIFY_NONE
-          http.use_ssl = true
-        end
-        http_response = http.request_get(SEEKER_VERSION_API)
-        http_response.body
-      end
+      # JSON key for the address of seeker sensor
+      SEEKER_SERVER_URL_CONFIG_KEY = 'seeker_server_url'
 
-      def agent_direct_link(credentials)
-        URI.join(credentials[ENTERPRISE_SERVER_URL_SERVICE_CONFIG_KEY], AGENT_PATH).to_s
-      end
+      private_constant :AGENT_PATH, :FILTER, :SEEKER_SERVER_URL_CONFIG_KEY
 
-      def fetch_agent_direct(credentials)
-        @logger.info { 'Trying to download agent directly...' }
-        java_agent_zip_uri = agent_direct_link(credentials)
-        download_agent(java_agent_zip_uri)
+      def credentials
+        @application.services.find_service(FILTER, SEEKER_SERVER_URL_CONFIG_KEY)['credentials']
       end
 
-      def download_agent(java_agent_zip_uri)
-        @logger.debug { "Before downloading Agent from: #{java_agent_zip_uri}" }
-        download_zip('', java_agent_zip_uri, false, @droplet.sandbox)
+      def download_url(credentials)
+        "#{credentials[SEEKER_SERVER_URL_CONFIG_KEY]}#{AGENT_PATH}"
       end
 
-      def fetch_agent_within_sensor(credentials)
-        @logger.info { 'Trying to download sensor...' }
-        seeker_tmp_dir = @droplet.sandbox + 'seeker_tmp_sensor'
-        shell "rm -rf #{seeker_tmp_dir}"
-        sensor_direct_link = sensor_direct_link(credentials)
-        @logger.debug { "Before downloading Sensor from: #{sensor_direct_link}" }
-        download_zip('', sensor_direct_link,
-                     false, seeker_tmp_dir, 'SensorInstaller.zip')
-        inner_jar_file = seeker_tmp_dir + 'SeekerInstaller.jar'
-        # Unzip only the java agent - to save time
-        shell "unzip -j #{inner_jar_file} #{AGENT_JARS_PATH} -d #{@droplet.sandbox} 2>&1"
-        shell "rm -rf #{seeker_tmp_dir}"
+      def supports?
+        @application.services.one_service?(FILTER, SEEKER_SERVER_URL_CONFIG_KEY)
       end
 
-      def sensor_direct_link(credentials)
-        enterprise_server_uri = URI.parse(credentials[ENTERPRISE_SERVER_URL_SERVICE_CONFIG_KEY].strip)
-        URI.join(enterprise_server_uri, SENSOR_ZIP_RELATIVE_PATH_AT_ENTERPRISE_SERVER).to_s
-      end
     end
+
   end
+
 end