From 1747480beba098304fa0039fe23206da3a580277 Mon Sep 17 00:00:00 2001
From: Micah Lee <micah.lee@cyberark.com>
Date: Wed, 23 Jun 2021 17:24:26 -0400
Subject: [PATCH] Set the puma process tag

This allows us to reliably identify the Conjur API
server process to restart when reloading the
Conjur config.
---
 CHANGELOG.md                                  |  3 +++
 .../commands/configuration/apply.rb           | 21 ++++++++++++++++---
 config/puma.rb                                |  9 ++++++++
 3 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ea67b16fc6..ee653e2633 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Parsing a Conjur config with invalid YAML content now outputs a more user
   friendly error message without a stack trace.
   [cyberark/conjur#2256](https://github.com/cyberark/conjur/issues/2256)
+- Set the Puma process explicitly to reliably restart the correct process
+  when the Conjur configuration is reloaded.
+  [cyberark/conjur#2291](https://github.com/cyberark/conjur/pull/2291)
 
 ### Security
 - Upgrade bindata to 2.4.10 to resolve Unspecified Issue reported by JFrog Xray
diff --git a/bin/conjur-cli/commands/configuration/apply.rb b/bin/conjur-cli/commands/configuration/apply.rb
index a521251bbc..da06686e36 100644
--- a/bin/conjur-cli/commands/configuration/apply.rb
+++ b/bin/conjur-cli/commands/configuration/apply.rb
@@ -42,9 +42,24 @@ def call
       private
 
       def server_pid
-        cmd = "ps -ef | grep puma | grep -v grep | grep -v cluster | " \
-              "grep conjur | awk '{print $2}' | tr -d '\n'"
-        stdout, _ = @command_runner.capture2(cmd)
+        # We use string concatenation here to allow for comments on each
+        # part of the command.
+        # rubocop:disable Style/StringConcatenation
+        cmd = "ps -ef | " +
+          # Filter to only puma processes
+          "grep puma | " +
+          # Filter to only puma process for the Conjur API Server. This tag
+          # is defined in the `config/puma.rb`.
+          "grep '\\[Conjur API Server\\]' | " +
+          # Filter out the grep processes
+          "grep --invert-match grep | " +
+          # Filter out the cluster worker processes
+          "grep --invert-match cluster | " +
+          # Extract the process ID
+          "awk '{print $2}' | tr --delete '\n'"
+        # rubocop:enable Style/StringConcatenation
+
+        stdout, = @command_runner.capture2(cmd)
         stdout.to_i
       end
     end
diff --git a/config/puma.rb b/config/puma.rb
index 822775a2c3..1d422b75ae 100644
--- a/config/puma.rb
+++ b/config/puma.rb
@@ -4,6 +4,15 @@
 threads_count = Integer(ENV['RAILS_MAX_THREADS'] || 5)
 threads threads_count, threads_count
 
+# The tag is displayed in the Puma process description, for example:
+# ```
+# puma 4.3.8 (tcp://localhost:5000) [Conjur API Server]
+# ```
+# We use this to identify the puma process that should restarted
+# when the Conjur configuration is updated using
+# `conjurctl configuration apply`.
+tag "Conjur API Server"
+
 # [Added Aug 8, 2018]
 # With large policy files, the request can exceed the 1
 # minute default worker timeout. We've increased it to