Merge pull request #376 from relotnek/openshift

Added Openshift Support

Author: Ken Johnson

Dockerfile

@@ -6,4 +6,3 @@ ADD Gemfile /myapp/Gemfile
 ADD Gemfile.lock /myapp/Gemfile.lock
 RUN bundle install
 ADD . /myapp
-

Gemfile

@@ -56,6 +56,10 @@ group :development, :test, :mysql do
   gem "test-unit"
 end
 
+group :openshift do
+  gem "pg"
+end
+
 group :mysql do
   gem "mysql2"
 end

config/database.yml

@@ -3,6 +3,10 @@
 #
 #   Ensure the SQLite 3 gem is defined in your Gemfile
 #   gem 'sqlite3'
+<% user = ENV.key?("POSTGRESQL_ADMIN_PASSWORD") ? "root" : ENV["POSTGRESQL_USER"] %>
+<% password = ENV.key?("POSTGRESQL_ADMIN_PASSWORD") ? ENV["POSTGRESQL_ADMIN_PASSWORD"] : ENV["POSTGRESQL_PASSWORD"] %>
+<% db_service = ENV.fetch("DATABASE_SERVICE_NAME","").upcase %>
+
 development:
   adapter: sqlite3
   database: db/development.sqlite3
@@ -32,3 +36,15 @@ production:
   database: db/production.sqlite3
   pool: 5
   timeout: 5000
+
+openshift:
+  adapter: postgresql
+  encoding: unicode
+  # For details on connection pooling, see rails configuration guide
+  # http://guides.rubyonrails.org/configuring.html#database-pooling
+  pool: <%= ENV["POSTGRESQL_MAX_CONNECTIONS"] || 5 %>
+  username: <%= user %>
+  password: <%= password %>
+  host: <%= ENV["#{db_service}_SERVICE_HOST"] %>
+  port: <%= ENV["#{db_service}_SERVICE_PORT"] %>
+  database: <%= ENV["POSTGRESQL_DATABASE"] %>

config/environments/development.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 Railsgoat::Application.configure do
   # Settings specified here will take precedence over those in config/application.rb
-
+  config.hosts << '.svc.cluster.local'
   # In the development environment your application's code is reloaded on
   # every request. This slows down response time but is perfect for development
   # since you don't have to restart the web server when you make code changes.

config/environments/openshift.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+Railsgoat::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+  config.hosts << '.svc.cluster.local'
+  # In the development environment your application's code is reloaded on
+  # every request. This slows down response time but is perfect for development
+  # since you don't have to restart the web server when you make code changes.
+  config.cache_classes = false
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Don't care if the mailer can't send
+  config.action_mailer.raise_delivery_errors = false
+
+  # Print deprecation notices to the Rails logger
+  config.active_support.deprecation = :log
+
+  # Only use best-standards-support built into browsers
+  config.action_dispatch.best_standards_support = :builtin
+
+  # Tired of caching causing issues
+  config.middleware.delete Rack::ETag
+
+  # Do not compress assets
+  config.assets.compress = false
+
+  # Expands the lines which load the assets
+  config.assets.debug = true
+
+  # ActionMailer settings for email support
+  config.action_mailer.delivery_method = :smtp
+  config.action_mailer.smtp_settings = { address: "127.0.0.1", port: 1025 }
+  config.action_mailer.default_url_options = { host: "127.0.0.1:3000" }
+
+ # config.middleware.insert_before(
+ #      Rack::Lock, Rack::LiveReload,
+ #      :min_delay => 500,
+ #      :max_delay => 1000,
+ #      :port => 35727,
+ #      :host => 'railsgoat.dev',
+ #      :ignore => [ %r{dont/modify\.html$} ]
+ # )
+
+  # For Rails 4.0+
+  # Do not eager load code on boot. This avoids loading your whole application
+  # just for the purpose of running a single test. If you are using a tool that
+  # preloads Rails for running tests, you may have to set it to true.
+  config.eager_load = false
+end

config/secrets.yml

@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+63303430303835393535616235383138383365363438363234316163373866616539353065343530
+3138626232306637323534343936383734363439376437620a383165366162623936613764336363
+61393232626465306139333339643531396338363631653361363562346237366534306539373938
+3135343835633239660a353038623433353364636264636633356538646431303234326437366138
+63336262376136386463653033643064616432623763626132353062646431333032353137393833
+61303832323139633831333932616565313762356233646663316636363663323166633466373066
+36663631393339633163643364613261326530363238333761306163363463623736333363323937
+30363865623132653730396235383862303439613762313163376365373464383364366333663637
+3066

config/secrets2.yml

@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+35626437333463353464663839363636313435336332376561623031666263616263613638303031
+3064343638663837633934636537353736323335313663350a313338383464353231346661616563
+39353235353135323330653437333062653232366330316237656339383465653130636166346537
+6663373338366133610a383365303662306266303832326561646263363031666237303464663062
+3435

docs/openshift.md

@@ -0,0 +1,80 @@
+## Openshift Deployment
+To deploy Railsgoat with Openshift you must first have a working [Openshift Cluster](https://docs.okd.io/latest/welcome/index.html) installed. The Railsgoat Openshift deployment currently supports Postgres on the native Openshift Postgres imagestream.
+
+```bash
+$ oc new-project railsgoat --description="Railsgoat Openshift Deployment" --display-name="Railsgoat"
+```
+
+## Edit the Build Strategy
+Since Railsgoat supports both normal Docker deployment and openshift deployment, the Openshift deployment is located in the `openshift-configs` directory. Find the railsgoat build in your openshift deployment and edit the dockerStrategy so that it reads something like:
+
+```
+ strategy:
+    dockerStrategy:
+      dockerfilePath: openshift-configs/Dockerfile
+      from:
+        kind: ImageStreamTag
+        name: 'ruby:2.6.5'
+        namespace: railsgoat
+    type: Docker
+```
+
+### Creating a Database Service
+
+Although Railsgoat in Openshift can be used with the development SQL Lite database, it also takes advantage of the PostgreSQL database image in Openshift for more creative demonstrations and an expansion of SQL attacks. To create the database service you will use the `oc new-app` command and will need to pass some environment variables. You can change these to anything you want.
+
+```bash
+$ oc new-app postgresql -e POSTGRESQL_DATABASE=db_name -e POSTGRESQL_USER=username -e POSTGRESQL_PASSWORD=password
+```
+
+You can also set the password for the database admin by appending the previous command with:
+
+```bash
+-e POSTGRESQL_ADMIN_PASSWORD=admin_pw
+```
+
+To deploy Railsgoat alongside the postgres database, you will need to run:
+```bash
+$ oc new-app https://github.com/OWASP/railsgoat.git --name=railsgoat -e POSTGRESQL_USER=username -e POSTGRESQL_PASSWORD=password -e POSTGRESQL_DATABASE=db_name -e DATABASE_SERVICE_NAME=postgresql -e RAILS_ENV=openshift
+```
+
+If you changed the database environment variables, make sure they match up.
+
+Enter the deployments of your new Railsgoat project and locate the railsgoat deployment config. Add the following to the config under the container object.
+
+```
+          command:
+          - /bin/bash
+          - '-c'
+          args:
+          - rails server -p 3000 -b 0.0.0.0
+          ports:
+            - containerPort: 3000
+              protocol: TCP
+```
+
+From the openshift console run the following where `<RAILSGOAT POD ID>` is the active pod (for example, `railsgoat-2-dkalf`):
+
+```bash
+$ oc rsh <RAILSGOAT POD ID>
+```
+
+From the terminal:
+
+```bash
+$ rails db:migrate
+```
+
+Create the railsgoat service using the template in the openshift-configs folder by either creating it in the openshift terminal window or pulling it directly from git.
+
+```bash
+$ oc create -f https://raw.githubusercontent.com/relotnek/railsgoat/master/openshift-configs/railsgoatservice.yaml
+```
+
+Expose the service
+
+```bash
+$ oc expose service railsgoat
+```
+
+Once the railgoat deployment is running navigate to the indicated route

openshift-configs/Dockerfile

@@ -0,0 +1,10 @@
+FROM ruby:2.6.5
+RUN apt-get update -qq && apt-get install -y build-essential libpq-dev nodejs
+RUN mkdir /myapp
+WORKDIR /myapp
+ADD Gemfile /myapp/Gemfile
+ADD Gemfile.lock /myapp/Gemfile.lock
+RUN bundle install --with=openshift
+ADD . /myapp
+RUN chgrp -R 0 /myapp \
+  && chmod -R g+rwX /myapp

openshift-configs/railsgoatservice.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: railsgoat
+spec:
+  selector:
+    app: railsgoat
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 3000