Fixed permissions, improved init-local

Author: grtjn

app/templates/deploy/app_specific.rb

@@ -0,0 +1,180 @@
+#
+# Put your custom functions in this class in order to keep the files under lib untainted
+#
+# This class has access to all of the private variables in deploy/lib/server_config.rb
+#
+# any public method you create here can be called from the command line. See
+# the examples below for more information.
+#
+class ServerConfig
+
+  #
+  # You can easily "override" existing methods with your own implementations.
+  # In ruby this is called monkey patching
+  #
+  # first you would rename the original method
+  # alias_method :original_deploy_modules, :deploy_modules
+
+  # then you would define your new method
+  # def deploy_modules
+  #   # do your stuff here
+  #   # ...
+
+  #   # you can optionally call the original
+  #   original_deploy_modules
+  # end
+
+  #
+  # you can define your own methods and call them from the command line
+  # just like other roxy commands
+  # ml local my_custom_method
+  #
+  # def my_custom_method()
+  #   # since we are monkey patching we have access to the private methods
+  #   # in ServerConfig
+  #   @logger.info(@properties["ml.content-db"])
+  # end
+
+  #
+  # to create a method that doesn't require an environment (local, prod, etc)
+  # you woudl define a class method
+  # ml my_static_method
+  #
+  # def self.my_static_method()
+  #   # This method is static and thus cannot access private variables
+  #   # but it can be called without an environment
+  # end
+
+  # Show-casing some useful overrides, as well as fixing some module doc permissions
+  alias_method :original_deploy_modules, :deploy_modules
+  alias_method :original_deploy_rest, :deploy_rest
+  alias_method :original_clean, :clean
+
+  def deploy_modules
+    # Uncomment deploy_packages if you would like to use MLPM to deploy MLPM packages.
+    # You can also move mlpm.json into src/ext/ and deploy plain modules (not REST extensions) that way.
+    #deploy_packages
+    original_deploy_modules
+  end
+  
+  def deploy_packages
+    password_prompt
+    system %Q!mlpm deploy -u #{ @ml_username } \
+                          -p #{ @ml_password } \
+                          -H #{ @properties['ml.server'] } \
+                          -P #{ @properties['ml.app-port'] }!
+    fix_permissions(@properties["ml.modules-db"])
+  end
+  
+  def deploy_rest
+    original_deploy_rest
+    fix_permissions(@properties["ml.modules-db"])
+  end
+
+  def fix_permissions(where)
+    logger.info "Fixing permissions in #{where} for documents:"
+    if where.include? "content"
+      # This is useful to make sure alert configuration is accessible 
+      r = execute_query(
+        %Q{
+          xquery version "1.0-ml";
+
+          for $uri in cts:uri-match("*alert*")
+          return (
+            $uri,
+            xdmp:document-set-permissions($uri, (
+              xdmp:permission("#{@properties["ml.app-name"]}-role", "read"),
+              xdmp:permission("#{@properties["ml.app-name"]}-role", "update"),
+              xdmp:permission("#{@properties["ml.app-name"]}-role", "execute")
+            ))
+         )
+        },
+        { :db_name => where }
+      )
+    else
+      r = execute_query(
+        %Q{
+          xquery version "1.0-ml";
+
+          for $uri in cts:uris()
+          where not(ends-with($uri, "/"))
+          return (
+            $uri,
+            xdmp:document-set-permissions($uri, (
+              xdmp:permission("#{@properties["ml.app-name"]}-role", "read"),
+              xdmp:permission("#{@properties["ml.app-name"]}-role", "update"),
+              xdmp:permission("#{@properties["ml.app-name"]}-role", "execute")
+            ))
+         )
+        },
+        { :db_name => where }
+      )
+    end
+
+    r.body = parse_json r.body
+    logger.info r.body
+    logger.info ""
+  end
+  
+  def clean
+    what = ARGV.shift
+
+    case what
+      when 'collections'
+        clean_collections
+      else
+        ARGV.unshift what
+        original_clean
+    end
+  end
+
+  def clean_collections()
+    what = ARGV.shift
+    r = execute_query(
+      %Q{
+        xquery version "1.0-ml";
+
+        for $collection in fn:tokenize("#{what}", ",")
+        where fn:exists(fn:collection($collection)[1])
+        return (
+          xdmp:collection-delete($collection),
+          "Cleaned collection " || $collection
+        )
+      },
+      { :db_name => @properties["ml.content-db"]}
+    )
+    r.body = parse_json r.body
+    logger.info r.body
+  end
+
+end
+
+#
+# Uncomment, and adjust below code to get help about your app_specific
+# commands included into Roxy help. (ml -h)
+#
+
+#class Help
+#  def self.app_specific
+#    <<-DOC.strip_heredoc
+#
+#      App-specific commands:
+#        example       Installs app-specific alerting
+#    DOC
+#  end
+#
+#  def self.example
+#    <<-DOC.strip_heredoc
+#      Usage: ml {env} example [args] [options]
+#      
+#      Runs a special example task against given environment.
+#      
+#      Arguments:
+#        this    Do this
+#        that    Do that
+#        
+#      Options:
+#        --whatever=value
+#    DOC
+#  end
+#end

app/templates/gulpfile.js

@@ -16,6 +16,8 @@ var _ = require('lodash');
 var $ = require('gulp-load-plugins')({lazy: true});
 /* jshint ignore:end */
 
+var _s = require('underscore.string');
+
 /**
  * yargs variables can be passed in to alter the behavior, when present.
  * Example: gulp serve-dev
@@ -203,31 +205,24 @@ gulp.task('inject', ['wiredep', 'styles', 'templatecache'], function() {
 });
 
 /**
- * Creates a sample local.json; can be used as model for dev.json and prod.json
+ * Initialize config files for local environment
  */
-gulp.task('init-local', function() {
-  //copy from slushfile - config gulp - with modifications to use config instead
-  log('Creating local.json sample document with values drawn from gulp.config.js');
-  try {
-    var configJSON = {};
-    configJSON['ml-version'] = config.marklogic.version;
-    configJSON['ml-host'] = config.marklogic.host;
-    configJSON['ml-admin-user'] = config.marklogic.username;
-    configJSON['ml-admin-pass'] = config.marklogic.password;
-    configJSON['ml-app-user'] = config.marklogic.username;
-    configJSON['ml-app-pass'] = config.marklogic.password;
-    configJSON['ml-http-port'] = config.marklogic.httpPort;
-    configJSON['node-port'] = config.defaultPort;
-
-    if (config.marklogic.version < 8) {
-      configJSON['ml-xcc-port'] = config.marklogic.xccPort;
-    }
+gulp.task('init-local', function(done) {
+  init('local', done);
+});
 
-    var configString = JSON.stringify(configJSON, null, 2) + '\n';
-    fs.writeFileSync('local.json', configString, { encoding: 'utf8' });
-  } catch (e) {
-    log('failed to write local.json: ' + e.message);
-  }
+/**
+ * Initialize config files for dev environment
+ */
+gulp.task('init-dev', function(done) {
+  init('dev', done);
+});
+
+/**
+ * Initialize config files for prod environment
+ */
+gulp.task('init-prod', function(done) {
+  init('prod', done);
 });
 
 /**
@@ -518,6 +513,129 @@ function clean(files) {
     });
 }
 
+/**
+ * Initialize config files for given env
+ * @param   {String} env   The environment name (local, dev, prod)
+ * @param  {Function} done - callback when complete
+ */
+function init(env, done) {
+  if (fs.existsSync(env + '.json')) {
+    log(env + '.json already exists!');
+    done();
+  } else {
+    //copy from slushfile - config gulp - with modifications to use config instead
+    var inquirer = require('inquirer');
+
+    var properties = fs.readFileSync('deploy/build.properties', { encoding: 'utf8' });
+
+    // capture app-name entered earlier
+    var appNameMatch = /^app\-name=(.*)$/m;
+    var matches = appNameMatch.exec(properties);
+    var appName = matches[1];
+
+    var prompts = [
+      {type: 'list', name: 'mlVersion', message: 'MarkLogic version?', choices: ['8','7', '6', '5'], default: 0},
+      {type: 'input', name: 'marklogicHost', message: 'MarkLogic Host?', default: 'localhost'},
+      {type: 'input', name: 'marklogicAdminUser', message: 'MarkLogic Admin User?', default: 'admin'},
+      {type: 'input', name: 'marklogicAdminPass', message: 'Note: consider keeping the following blank, ' +
+        'you will be asked to enter it at appropriate commands.\n? MarkLogic Admin Password?', default: ''},
+      {type: 'input', name: 'appPort', message: 'MarkLogic App/Rest port?', default: 8040},
+      {type: 'input', name: 'xccPort', message: 'XCC port?', default:8041, when: function(answers) {
+        return answers.mlVersion < 8;
+      }},
+      {type: 'input', name: 'nodePort', message: 'Node app port?', default: 9070},
+      {type: 'input', name: 'guestAccess', message: 'Allow anonymous users to search data?', default: 'false'},
+      {type: 'input', name: 'readOnlyAccess', message: 'Disallow proxying update requests?', default: 'false'},
+      {type: 'input', name: 'appUsersOnly', message: 'Only allow access to users created for this app? Disallows admin users.', default: 'false'}
+    ];
+
+    if (typeof appName === 'undefined') {
+      prompts.unshift(
+        {type: 'input', name: 'name', message: 'Name for the app?'});
+    }
+
+    inquirer.prompt(prompts, function (settings) {
+      if (typeof appName === 'undefined') {
+        settings.nameDashed = _s.slugify(settings.name);
+      } else {
+        settings.nameDashed = _s.slugify(appName);
+      }
+
+      try {
+        var configJSON = {};
+        configJSON['app-name'] = settings.nameDashed;
+        configJSON['ml-version'] = settings.mlVersion;
+        configJSON['ml-host'] = settings.marklogicHost;
+        configJSON['ml-admin-user'] = settings.marklogicAdminUser;
+        configJSON['ml-admin-pass'] = settings.marklogicAdminPass;
+        configJSON['ml-app-user'] = settings.nameDashed + '-user';
+        configJSON['ml-app-pass'] = settings.appuserPassword;
+        configJSON['ml-http-port'] = settings.appPort;
+
+        if (settings.mlVersion < 8) {
+          configJSON['ml-xcc-port'] = settings.xccPort;
+        }
+
+        configJSON['node-port'] = settings.nodePort;
+        configJSON['guest-access'] = settings.guestAccess;
+        configJSON['readonly-access'] = settings.readOnlyAccess;
+        configJSON['appusers-only'] = settings.appUsersOnly;
+
+        var configString = JSON.stringify(configJSON, null, 2) + '\n';
+        fs.writeFileSync(env + '.json', configString, { encoding: 'utf8' });
+        log('Created ' + env + '.json.');
+
+        if (fs.existsSync('deploy/' + env + '.properties')) {
+          log('deploy/' + env + '.properties already exists!');
+        } else {
+          var envProperties = '#################################################################\n' +
+            '# This file contains overrides to values in build.properties\n' +
+            '# These only affect your local environment and should not be checked in\n' +
+            '#################################################################\n' +
+            '\n' +
+            'server-version=' + settings.mlVersion + '\n' +
+            '\n' +
+            '#\n' +
+            '# The ports used by your application\n' +
+            '#\n' +
+            'app-port=' + settings.appPort + '\n';
+          if (settings.mlVersion < 8) {
+            envProperties += 'xcc-port=' + settings.xccPort + '\n';
+          }
+          else
+          {
+            envProperties += '# Taking advantage of not needing a XCC Port for ML8\n' +
+            'xcc-port=${app-port}\n' +
+            'install-xcc=false\n';
+          }
+
+          envProperties += '\n' +
+            '#\n' +
+            '# the uris or IP addresses of your servers\n' +
+            '# WARNING: if you are running these scripts on WINDOWS you may need to change localhost to 127.0.0.1\n' +
+            '# There have been reported issues with dns resolution when localhost wasn\'t in the hosts file.\n' +
+            '#\n' +
+            env + '-server=' + settings.marklogicHost + '\n' +
+            'content-forests-per-host=3\n' +
+            '\n' +
+            '#\n' +
+            '# Admin username/password that will exist on the local/dev/prod servers\n' +
+            '#\n' +
+            'user=' + settings.marklogicAdminUser + '\n' +
+            'password=' + settings.marklogicAdminPass + '\n';
+
+          fs.writeFileSync('deploy/' + env + '.properties', envProperties, {encoding: 'utf8'});
+          log('Created deploy/' + env + '.properties.');
+        }
+        done();
+      } catch (e) {
+        log('Failed to write ' + env + ' config files: ' + e.message);
+        done();
+      }
+    });
+  }
+}
+
 /**
  * Inject files in a sorted sequence at a specified inject label
  * @param   {Array} src   glob pattern for source files

app/templates/node-server/utils/options.js

@@ -17,8 +17,8 @@ module.exports = function(){
     defaultUser: process.env.ML_APP_USER || envJson['ml-app-user'] || config.marklogic.user,
     defaultPass: process.env.ML_APP_PASS || envJson['ml-app-pass'] || config.marklogic.password,
     guestAccess: bool(process.env.GUEST_ACCESS || envJson['guest-access'] || config.marklogic.guestAccess || false),
-    readOnlyAccess: bool(process.env.READ_ONLY_ACCESS || envJson['read-only-access'] || config.marklogic.readOnlyAccess || false),
-    appUsersOnly: bool(process.env.APP_USERS_ONLY || envJson['app-users-only'] || config.marklogic.appUsersOnly || false)
+    readOnlyAccess: bool(process.env.READ_ONLY_ACCESS || envJson['readonly-access'] || config.marklogic.readOnlyAccess || false),
+    appUsersOnly: bool(process.env.APP_USERS_ONLY || envJson['appusers-only'] || config.marklogic.appUsersOnly || false)
   };
 
   return options;