initial commit

.gitignore

@@ -0,0 +1,16 @@
+*.swp
+*.pyc
+*Session.vim*
+*.o
+*.a
+*.so
+*.log
+cscope.*
+.*.swo
+tags
+var
+/iris-relay/docker/logs
+/iris-relay/docker/var
+/src/iris_relay.egg-info
+/env
+/venv

CONTRIBUTING.md

@@ -0,0 +1,27 @@
+Contribution Agreement
+======================
+
+As a contributor, you represent that the code you submit is your
+original work or that of your employer (in which case you represent you
+have the right to bind your employer).  By submitting code, you (and, if
+applicable, your employer) are licensing the submitted code to LinkedIn
+and the open source community subject to the BSD 2-Clause license.
+
+Responsible Disclosure of Security Vulnerabilities
+==================================================
+
+Please do not file reports on Github for security issues.
+Please review the guidelines on at (link to more info).
+Reports should be encrypted using PGP (link to PGP key) and sent to
+[email protected] preferably with the title "Github linkedin/<project> - <short summary>".
+
+Tips for Getting Your Pull Request Accepted
+===========================================
+
+*Note: These are suggestions. Customize as needed.*
+
+1. Make sure all new features are tested and the tests pass.
+2. Bug fixes must include a test case demonstrating the error that it fixes.
+3. Open an issue first and seek advice for your change before submitting
+   a pull request. Large features which have never been discussed are
+   unlikely to be accepted. **You have been warned.**

Dockerfile

@@ -0,0 +1,22 @@
+FROM ubuntu:16.04
+
+RUN apt-get update && apt-get -y dist-upgrade \
+    && apt-get -y install python-pip uwsgi virtualenv sudo python-dev libyaml-dev \
+       libsasl2-dev libldap2-dev nginx uwsgi-plugin-python libssl-dev libffi-dev  \
+    && rm -rf /var/cache/apt/archives/*
+
+RUN useradd -m -s /bin/bash iris
+
+ADD docker/daemons /home/iris/daemons
+ADD src /home/iris/src
+ADD setup.py /home/iris/setup.py
+
+RUN chown -R iris:iris /home/iris /var/log/nginx /var/lib/nginx \
+    && sudo -Hu iris mkdir -p /home/iris/var/log/uwsgi /home/iris/var/log/nginx /home/iris/var/run /home/iris/var/relay \
+    && sudo -Hu iris virtualenv /home/iris/env \
+    && sudo -Hu iris /bin/bash -c 'source /home/iris/env/bin/activate && python /home/iris/setup.py install'
+
+EXPOSE 16648
+
+# uwsgi runs nginx. see uwsgi.yaml for details
+CMD ["/usr/bin/uwsgi", "--yaml", "/home/iris/daemons/uwsgi.yaml:prod"]

LICENSE

@@ -0,0 +1,25 @@
+BSD 2-CLAUSE LICENSE
+
+Copyright 2017 LinkedIn Corporation.
+All Rights Reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Makefile

@@ -0,0 +1,14 @@
+serve:
+	gunicorn --reload --access-logfile=- -b '0.0.0.0:16648' --worker-class gevent \
+	        -e CONFIG=./configs/config.dev.yaml \
+			iris_relay.wrappers.gunicorn:application
+
+e2e:
+	python ./tests/e2e.py
+
+unit:
+	python ./tests/unit.py
+
+test:
+	make unit
+	make e2e

NOTICE

@@ -0,0 +1,3 @@
+Copyright 2017 LinkedIn Corporation
+All Rights Reserved.
+Licensed under the BSD 2-Clause License (the "License").  See License in the project root for license information.

README-Docker.md

@@ -0,0 +1,42 @@
+Iris-relay under Docker
+=========================
+
+### Get started
+
+Build container. This installs all dependencies as well as copies all iris-relay source code.
+
+    docker build -t iris-relay .
+
+Edit iris-relay's config file to reflect where you have iris-api running as well as third party
+API settings:
+
+    vim docker/config/config.yaml
+
+Run it, with bind mounts to give access to iris relay config file:
+
+    docker run -p 16648:16648 -v `pwd`/docker/config:/home/iris/config -t iris-relay
+
+You can optionally bind mount log directories for uwsgi/nginx as well as keep the gmail metadata dir persistent:
+
+    mkdir -p docker/logs
+    docker run -p 16648:16648 -v `pwd`/docker/config:/home/iris/config \
+    -v `pwd`/docker/logs/nginx:/home/iris/var/log/nginx  \
+    -v `pwd`/docker/logs/uwsgi:/home/iris/var/log/uwsgi \
+    -v `pwd`/docker/var:/home/iris/var/relay \
+    -t iris-relay
+
+You can then hit `http://localhost:16648` to access iris-relay running within the docker.
+
+### Quick commands
+
+Check what containers are running:
+
+    docker ps
+
+Kill and remove a container:
+
+    docker rm -f $ID
+
+Execute a bash shell inside container while it's running:
+
+    docker exec -i -t $ID /bin/bash

README.md

@@ -0,0 +1,25 @@
+Iris relay
+==========
+
+Stateless reverse proxy for thirdparty service integration with Iris API.
+
+
+Setup dev environment
+---------------------
+
+1. create & source your virtualenv
+1. run `python setup.py develop`
+1. run `pip install -r dev_requirements.txt`
+1. edit ./configs/config.dev.yaml to setup API credential and other settings
+
+
+Tests
+-----
+
+Run tests:
+
+```bash
+make test  # all tests, e2e + unit
+make e2e  # e2e tests
+make unit  # unit tests
+```

configs/config.dev.yaml

@@ -0,0 +1,37 @@
+server:
+  host: 0.0.0.0
+  port: 16648
+  # debug: True
+  enable_basic_auth: False
+  basic_auth:
+    iris_twilio_user: 'barbaz'
+  lb_routing_path: '/iris-relay'
+twilio:
+  remote_host: 'localhost:11648'
+  auth_token: 'foobar'
+slack:
+  auth_token: '1X32RUIeMGe2XJEI9lYpBGeU'
+  response_text: 'Alert claimed.'
+iris:
+  host: 'localhost'
+  port: 16649
+  api_key: 'foo'
+  hook:
+    gmail: 'response/gmail'
+    gmail_one_click: 'response/gmail-oneclick'
+    twilio_calls: 'response/twilio/calls'
+    twilio_messages: 'response/twilio/messages'
+gmail:
+  project: iris-1234
+  push_endpoint: https://www.fooo.bar/iris-relay/api/v0/gmail/relay
+  scope:
+    - https://mail.google.com/
+    - https://www.googleapis.com/auth/pubsub
+  sub: [email protected]
+  topic: iris_gmail_push
+  subscription: gmail
+  creds: './configs/client_secret.apps.googleusercontent.com.json'
+  var_dir: './var'
+  verification_code: googleabcdefg.html
+  token: lbbc1797daaaaaaavaa6d3f0aad45e66
+gmail_one_click_url_key: 'foo'

dev_requirements.txt

@@ -0,0 +1,3 @@
+gunicorn
+pytest
+requests

docker/config/config.yaml

@@ -0,0 +1,35 @@
+# these values are mostly dummies to satisfy the end to end tests.
+# if you want to run this seriously you will need to change most/all of it
+server:
+  enable_basic_auth: False
+  #debug: True
+  basic_auth:
+    user1: 'pass1'
+  lb_routing_path: /iris-relay
+twilio:
+  remote_host: 'localhost:11648'
+  auth_token: 'foobar'
+
+# change this to where you have iris-api running
+iris:
+  host: jgillott-ld1.linkedin.biz
+  port: 16649
+  api_key: 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
+  hook:
+    gmail: 'response/gmail'
+    twilio_calls: 'response/twilio/calls'
+    twilio_messages: 'response/twilio/messages'
+
+gmail:
+  project: iris-1234
+  push_endpoint: https://www.fooo.bar/iris-relay/api/v0/gmail/relay
+  scope:
+    - https://mail.google.com/
+    - https://www.googleapis.com/auth/pubsub
+  sub: [email protected]
+  topic: iris_gmail_push
+  subscription: gmail
+  creds: './configs/client_secret.apps.googleusercontent.com.json'
+  verification_code: googleabcdefg.html
+  token: lbbc1797daaaaaaavaa6d3f0aad45e66
+  var_dir: '/home/iris/var/relay'

docker/daemons/nginx.conf

@@ -0,0 +1,66 @@
+error_log  /home/iris/var/log/nginx/error.log;
+pid /home/iris/var/run/nginx.pid;
+daemon off;
+
+events {
+    worker_connections  1024;
+    multi_accept on;
+}
+
+
+http {
+
+  include       /etc/nginx/mime.types;
+  default_type  application/octet-stream;
+
+log_format  main  '$remote_addr - $http_CLIENT_IP - $remote_user [$time_local] '
+  '"$request" $status $body_bytes_sent $request_time '
+  '"$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
+
+  access_log /home/iris/var/log/nginx/access.log  main;
+  error_log  /home/iris/var/log/nginx/error.log  warn;
+
+  server {
+
+      listen       16648;
+
+
+      sendfile       on;
+      tcp_nopush     on;
+      tcp_nodelay    on;
+      underscores_in_headers on;
+
+
+      keepalive_timeout  15;
+      reset_timedout_connection on;
+
+      merge_slashes off;
+
+      gzip on;
+      gzip_proxied any;
+      gzip_min_length 1024;
+      gzip_comp_level 6;
+      gzip_vary on;
+      gzip_http_version 1.0;
+
+      gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+      location / {
+        uwsgi_pass unix:///home/iris/var/run/uwsgi.sock;
+        uwsgi_read_timeout 600;
+        include /etc/nginx/uwsgi_params ;
+      }
+
+      location /healthcheck {
+        uwsgi_pass unix:///home/iris/var/run/uwsgi.sock;
+        uwsgi_read_timeout 600;
+        include /etc/nginx/uwsgi_params ;
+        access_log /home/iris/var/log/nginx/hc_access.log main;
+      }
+
+      error_page   500 502 503 504  /50x.html;
+      location = /50x.html {
+          root   /usr/share/nginx/html;
+      }
+  }
+}

docker/daemons/uwsgi.yaml

@@ -0,0 +1,41 @@
+prod:
+    plugins: python,logfile
+    chdir: /home/iris/src
+    socket: /home/iris/var/run/uwsgi.sock
+    chmod-socket: 666
+    master: True
+    uid: 1000
+    gid: 1000
+    workers: 12
+    master-fifo: /home/iris/var/run/uwsgi_master_fifo
+    touch-reload: /home/iris/var/run/uwsgi_touch_reload
+    stats: /home/iris/var/run/uwsgi_stats.sock
+    pidfile: /home/iris/var/run/uwsgi.pid
+    module: iris_relay.app:get_relay_app()
+    virtualenv: /home/iris/env
+    pyargv: /home/iris/config/config.yaml
+    buffer-size: 32768
+
+    # Enable memory reporting
+    memory-report: true
+
+    # Logging
+    logformat: '%(ltime) [%(status)] %(method) %(uri) %(addr) [%(uagent)] RT:%(msecs) REF:%(referer) SZ:%(size) %(proto)'
+    log-4xx: true
+    log-5xx: true
+    log-x-forwarded-for: true
+    log-slow: 1500
+
+    # access log
+    req-logger: file:/home/iris/var/log/uwsgi/access.log
+
+    # error log
+    logger: file:/home/iris/var/log/uwsgi/error.log
+
+    # put timestamp in the error log
+    logdate: true
+
+    # control nginx
+    attach-daemon2: cmd=/usr/sbin/nginx -c /home/iris/daemons/nginx.conf,pidfile=/home/iris/var/run/nginx.pid
+
+# vim:filetype=yaml

setup.py

@@ -0,0 +1,30 @@
+# Copyright (c) LinkedIn Corporation. All rights reserved. Licensed under the BSD-2 Clause license.
+# See LICENSE in the project root for license information.
+
+
+import setuptools
+
+setuptools.setup(
+    name='iris-relay',
+    version='0.2.0',
+    package_dir={'': 'src'},
+    packages=setuptools.find_packages('src'),
+    include_package_data=True,
+    install_requires=[
+        # TODO: update PyOpenSSL
+        'PyOpenSSL==0.15.1',
+        'PyYAML==3.11',
+        'gevent==1.0.2',
+        # TODO: update google client
+        'google-api-python-client==1.4.2',
+        'oauth2client==1.4.12',
+        'simplejson==3.8.1',
+        'slackclient',
+        'streql==3.0.2',
+        'twilio==4.5.0',
+        'urllib3==1.12',
+        'falcon==1.1.0',
+        'ujson==1.35',
+    ],
+    entry_points={}
+)