sitefull-cloud

Sitefull::Cloud

This is a gem for automating cloud deployments using different cloud providers. The gem uses Auth 2.0 authorization code grant for authorization whenever it is supported.

Installation

Add this line to your application's Gemfile:

gem 'sitefull-cloud'

And then execute:

$ bundle

Or install it yourself as:

$ gem install sitefull-cloud

Usage

Authorization

Amazon

• Setup a new application for Login with Amazon https://sellercentral.amazon.com/gp/homepage.html
• Create am IAM role in the AWS Management Console to allow the users access to your resources:
  • Login to the AWS Management Console https://console.aws.amazon.com/iam/home#home
  • Go to the Roles section and click on "Create New Role"
  • Choose "Role for Identity Provider Access" on the "Select Role Type" page and select the "Grant access to web identity providers" option
  • Select "Login with Amazon" and entery your Application ID for the application you created
  • Follow the wizard and create the new role
  • Edit the new role and from the "Permissions" tab select policies that the authenticated users will be able to access

Once the Amazon application is configured and the role is setup you can use the Sitefull Oauth gem to generate credentials for the Amazon SDK for Ruby https://aws.amazon.com/sdk-for-ruby/

• Configure the provider class:

options = {
  client_id: "Amazon Application Client ID",
  client_secret: "Amazon Application Client Secret",
  role_arn: "IAM Role ARN",
  redirect_uri: "One of the Allowed Return URLs for the Amazon Application"
}
provider = Sitefull::Cloud::Auth.new('amazon', options) ;

• Generate the authorization URL and open it in a web browser

provider.authorization_url

• Get the authorization code from the URL and request an access token

provider.authorize!('The code from the URL parameters when you are redirected to the redirect_uri')

• Generate credentials for the AWS SDK for Ruby https://aws.amazon.com/sdk-for-ruby/

credentials = provider.credentials

• Add the credentials to the AWS API client:

client = Aws::EC2::Client.new(region: 'us-east-1', credentials: credentials)
client.describe_instances

Azure

• Setup a new application in Active Directory following the steps described here https://azure.microsoft.com/en-us/documentation/articles/active-directory-integrating-applications/

Once the application is configured you can use the Sitefull Oauth gem to generate credentials for the Microsoft Azure SDK for Ruby https://github.com/Azure/azure-sdk-for-ruby

• Configure the provider class:

options = {
  tenant_id: "Your Azure Application Tenant ID",
  client_id: "Azure Application Client ID",
  client_secret: "Azure Application Client Secret",
  redirect_uri: "One of the Reply URLs for the Azure Application"
}
provider = Sitefull::Cloud::Auth.new('azure', options) ;

• Generate the authorization URL and open it in a web browser

provider.authorization_url

• Get the authorization code from the URL and request an access token

provider.authorize!('The code from the URL parameters when you are redirected to the redirect_uri')

• Generate credentials for the Azure SDK for Ruby https://github.com/Azure/azure-sdk-for-ruby

credentials = provider.credentials

• Add the credentials to one of the the Azure API client libraries (Compute, Network, Storage or Resources):

client = Azure::ARM::Resources::ResourceManagementClient.new(credentials)

NOTE You will need to set the client subscription ID before you can query the Azure APIs:

client.subscription_id = 'The desired subscription ID'
client.resources.list.value!

Google

• Setup a new OAuth client ID in the Google developer console https://console.developers.google.com/apis/credentials

Once the OAuth application is configured you can use the Sitefull Oauth gem to generate credentials for the Google API Client https://github.com/google/google-api-ruby-client

• Configure the provider class:

options = {
  client_id: "Google OAuth Client ID",
  client_secret: "Google OAuth Client Secret",
  redirect_uri: "One of the Authorized redirect URIs"
}
provider = Sitefull::Cloud::Auth.new('google', options) ;

• Generate the authorization URL and open it in a web browser

provider.authorization_url

• Get the authorization code from the URL and request an access token

provider.authorize!('The code from the URL parameters when you are redirected to the redirect_uri')

• Generate credentials for the Google API Client https://github.com/google/google-api-ruby-client

credentials = provider.credentials

• Add the credentials to the Google API client you want to use

require 'google/apis/compute_v1'
client = Google::Apis::ComputeV1.new
client.authorization = credentials
client.list_images('A project the authenticated user can access')

Providers

If you already have obtained a token for one of the providers you can use Sitefull::Cloud::Provider to perform basic operations.

provider = Sitefull::Cloud::Provider.new(:amazon, token: token, region: 'us-east-1')
provider.regions # Returns a list of regions
provider.machine_types(region) # Returns a list of regions
....

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Testing

To mock the provider APIs just add the following to your rails_helper.rb or spec_helper.rb file:

Sitefull::Cloud.mock!

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/stanchino/sitefull-cloud. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.

License

The gem is available as open source under the terms of the MIT License.