acquia-inc-examples-file.inc¶
Examples for IP address restriction
Sample code for settings.php includes and $conf settings that help you quickly
lock down an Acquia Cloud environment using basic auth and / or IP whitelisting.
- All site lockdown logic in located in acquia.inc
- All settings are in $conf variables.
- ``$conf['ah_basic_auth_credentials']`` An array of basic auth username /
password combinations
- ``$conf['ah_whitelist']`` An array of IP addresses to allow on to the site.
- ``$conf['ah_blacklist']`` An array of IP addresses that will be denied access to the site.
- ``$conf['ah_paths_no_cache']`` Paths we should explicitly never cache.
- ``$conf['ah_paths_skip_auth']`` Skip basic authentication for these paths.
- ``$conf['ah_restricted_paths']`` Paths which may not be accessed unless the user is on the IP whitelist.
- The site lockdown process happens by calling ``ac_protect_this_site();`` with defined $conf elements.
- Whitelist / blacklist IPs may use any of the following syntax:
- CIDR (100.0.0.3/4)
- Range (100.0.0.3-100.0.5.10)
- Wildcard (100.0.0.*)
- Single (100.0.0.1)
- With no $conf values set, ``ac_protect_this_site();`` will do nothing.
- If the path is marked as restricted, all users not on the whitelist will receive access denied.
- If a user's IP is on the blacklist and **not** on the whitelist they will receive access denied.
- Filling ``$conf['ah_basic_auth_credentials']`` will result in all requests being requring an .htaccess log in.
- Securing the site requires entries in both ``$conf['ah_whitelist']`` **and** ``$conf['ah_restricted_paths']``
## Examples
#### Block access to non-whitelisted users on all pages of non-production environments.
```
$conf['ah_restricted_paths'] = array(
'*',
);
$conf['ah_whitelist'] = array(
'100.0.0.*',
'100.0.0.1/5',
);
if (file_exists('/var/www/site-php')) {
require('/var/www/site-php/{site}/{site}-settings.inc');
if(!defined('DRUPAL_ROOT')) {
define('DRUPAL_ROOT', getcwd());
}
if (file_exists(DRUPAL_ROOT . '/sites/acquia.inc')) {
if (isset($_ENV['AH_NON_PRODUCTION']) && $_ENV['AH_NON_PRODUCTION']) {
require DRUPAL_ROOT . '/sites/acquia.inc';
ac_protect_this_site();
}
}
}
```
#### Block access to user and admin pages on the production environment. Enforce .htaccess authentication on non-production. Allow access to an API path without authentication
```
if (file_exists('/var/www/site-php')) {
require('/var/www/site-php/{site}/{site}-settings.inc');
if(!defined('DRUPAL_ROOT')) {
define('DRUPAL_ROOT', getcwd());
}
if (file_exists(DRUPAL_ROOT . '/sites/acquia.inc')) {
if (isset($_ENV['AH_SITE_ENVIRONMENT'])) {
if ($_ENV['AH_SITE_ENVIRONMENT'] != 'prod') {
$conf['ah_basic_auth_credentials'] = array(
'Editor' => 'Password',
'Admin' => 'P455w0rd',
);
$conf['ah_paths_no_cache'] = array(
'api'
);
}
else {
$conf['ah_restricted_paths'] = array(
'user',
'user/*',
'admin',
'admin/*',
);
$conf['ah_whitelist'] = array(
'100.0.0.9',
'100.0.0.1/5',
);
}
require DRUPAL_ROOT . '/sites/acquia.inc';
ac_protect_this_site();
}
}
}
```
#### Blacklist known bad IPs on all environments
```
$conf['ah_blacklist'] = array(
'12.13.14.15',
);
if (file_exists('/var/www/site-php')) {
require('/var/www/site-php/{site}/{site}-settings.inc');
if(!defined('DRUPAL_ROOT')) {
define('DRUPAL_ROOT', getcwd());
}
if (file_exists(DRUPAL_ROOT . '/sites/acquia.inc')) {
require DRUPAL_ROOT . '/sites/acquia.inc';
ac_protect_this_site();
}
}
```
acquia-inc-sample.inc¶
<?php
/**
* @file
* Utilities for use in protecting an environment via basic auth or IP whitelist.
*/
function ac_protect_this_site() {
global $conf;
$client_ip = ip_address();
// Test if we are using drush (command-line interface)
$cli = drupal_is_cli();
// Default to not skipping the auth check
$skip_auth_check = FALSE;
// Is the user on the VPN? Default to FALSE.
$on_vpn = $cli ? TRUE : FALSE;
if (!empty($client_ip) && !empty($conf['ah_whitelist'])) {
$on_vpn = ah_ip_in_list($client_ip, $conf['ah_whitelist']);
$skip_auth_check = $skip_auth_check || $on_vpn;
}
// If the IP is not explicitly whitelisted check to see if the IP is blacklisted.
if (!$on_vpn && !empty($client_ip) && !empty($conf['ah_blacklist'])) {
if (ah_ip_in_list($client_ip, $conf['ah_blacklist'])) {
ah_page_403($client_ip);
}
}
// Check if we should skip auth check for this page.
if (ah_path_skip_auth()) {
$skip_auth_check = TRUE;
}
// Check if we should disable cache for this page.
if (ah_path_no_cache()) {
$conf['page_cache_maximum_age'] = 0;
}
// Is the page restricted to whitelist only? Default to FALSE.
$restricted_page = FALSE;
// Check to see whether this page is restricted.
if (!empty($conf['ah_restricted_paths']) && ah_paths_restrict()) {
$restricted_page = TRUE;
}
$protect_ip = !empty($conf['ah_whitelist']);
$protect_password = !empty($conf['ah_basic_auth_credentials']);
// Do not protect command line requests, e.g. Drush.
if ($cli) {
$protect_ip = FALSE;
$protect_password = FALSE;
}
// Un-comment to disable protection, e.g. for load tests.
// $skip_auth_check = TRUE;
// $on_vpn = TRUE;
// If not on whitelisted IP prevent access to protected pages.
if ($protect_ip && !$on_vpn && $restricted_page) {
ah_page_403($client_ip);
}
// If not skipping auth, check basic auth.
if ($protect_password && !$skip_auth_check) {
ah_check_basic_auth();
}
}
/**
* Output a 403 (forbidden access) response.
*/
function ah_page_403($client_ip) {
header('HTTP/1.0 403 Forbidden');
print "403 Forbidden: Access denied ($client_ip)";
exit;
}
/**
* Output a 401 (unauthorized) response.
*/
function ah_page_401($client_ip) {
header('WWW-Authenticate: Basic realm="This site is protected"');
header('HTTP/1.0 401 Unauthorized');
print "401 Unauthorized: Access denied ($client_ip)";
exit;
}
/**
* Check basic auth against allowed values.
*/
function ah_check_basic_auth() {
global $conf;
$authorized = FALSE;
$php_auth_user = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : NULL;
$php_auth_pw = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : NULL;
$credentials = isset($conf['ah_basic_auth_credentials']) ? $conf['ah_basic_auth_credentials'] : NULL;
if ($php_auth_user && $php_auth_pw && !empty($credentials)) {
if (isset($credentials[$php_auth_user]) && $credentials[$php_auth_user] == $php_auth_pw) {
$authorized = TRUE;
}
}
if ($authorized) {
return;
}
// Always fall back to 401.
ah_page_401(ip_address());
}
/**
* Determine if the current path is in the list of paths to not cache.
*/
function ah_path_no_cache() {
global $conf;
$q = isset($_GET['q']) ? $_GET['q'] : NULL;
$paths = isset($conf['ah_paths_no_cache']) ? $conf['ah_paths_no_cache'] : NULL;
if (!empty($q) && !empty($paths)) {
foreach ($paths as $path) {
if ($q == $path || strpos($q, $path) === 0) {
return TRUE;
}
}
}
}
/**
* Determine if the current path is in the list of paths on which to not check
* auth.
*/
function ah_path_skip_auth() {
global $conf;
$q = isset($_GET['q']) ? $_GET['q'] : NULL;
$paths = isset($conf['ah_paths_skip_auth']) ? $conf['ah_paths_skip_auth'] : NULL;
if (!empty($q) && !empty($paths)) {
foreach ($paths as $path) {
if ($q == $path || strpos($q, $path) === 0) {
return TRUE;
}
}
}
}
/**
* Check whether a path has been restricted.
*
*/
function ah_paths_restrict() {
global $conf;
if (isset($_GET['q'])) {
// Borrow some code from drupal_match_path()
foreach ($conf['ah_restricted_paths'] as &$path) {
$path = preg_quote($path, '/');
}
$paths = preg_replace('/\\\\\*/', '.*', $conf['ah_restricted_paths']);
$paths = '/^(' . join('|', $paths) . ')$/';
// If this is a restricted path, return TRUE.
if (preg_match($paths, $_GET['q'])) {
// Do not cache restricted paths
$conf['page_cache_maximum_age'] = 0;
return TRUE;
}
}
return FALSE;
}
/**
* Determine if the IP is within the ranges defined in the white/black list.
*/
function ah_ip_in_list($ip, $list) {
foreach ($list as $item) {
// Match IPs in CIDR format.
if (strpos($item, '/') !== false) {
list($range, $mask) = explode('/', $item);
// Take the binary form of the IP and range.
$ip_dec = ip2long($ip);
$range_dec = ip2long($range);
// Verify the given IPs are valid IPv4 addresses
if (!$ip_dec || !$range_dec) {
continue;
}
// Create the binary form of netmask.
$mask_dec = ~ (pow(2, (32 - $mask)) - 1);
// Run a bitwise AND to determine whether the IP and range exist
// within the same netmask.
if (($mask_dec & $ip_dec) == ($mask_dec & $range_dec)) {
return TRUE;
}
}
// Match against wildcard IPs or IP ranges.
elseif (strpos($item, '*') !== false || strpos($item, '-') !== false) {
// Construct a range from wildcard IPs
if (strpos($item, '*') !== false) {
$item = str_replace('*', 0, $item) . '-' . str_replace('*', 255, $item);
}
// Match against ranges by converting to long IPs.
list($start, $end) = explode('-', $item);
$start_dec = ip2long($start);
$end_dec = ip2long($end);
$ip_dec = ip2long($ip);
// Verify the given IPs are valid IPv4 addresses
if (!$start_dec || !$end_dec || !$ip_dec) {
continue;
}
if ($start_dec <= $ip_dec && $ip_dec <= $end_dec) {
return TRUE;
}
}
// Match against single IPs
elseif ($ip === $item) {
return TRUE;
}
}
return FALSE;
}
acquia_config.php¶
<?php
$config['technicalcontact_name'] = "Test Name";
$config['technicalcontact_email'] = "[email protected]";
$config['secretsalt'] = 'AddYourSaltStringHere';
$config['auth.adminpassword'] = 'ChangeThisPlease';
$config['admin.protectindexpage'] = TRUE;
$protocol = 'http://';
$port = ':80';
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
$_SERVER['SERVER_PORT'] = 443;
$_SERVER['HTTPS'] = 'true';
$protocol = 'https://';
$port = ':' . $_SERVER['SERVER_PORT'];
}
$config['baseurlpath'] = $protocol . $port . '/simplesaml/';
$ah_options = array(
'database_name' => 'test',
'session_store' => array(
'prod' => 'database',
'test' => 'database',
'dev' => 'database',
),
);
if (!getenv('AH_SITE_ENVIRONMENT')) {
$config['store.type'] = 'sql';
$config['store.sql.dsn'] = sprintf('mysql:host=%s;port=%s;dbname=%s', '127.0.0.1', '', 'drupal');
$config['store.sql.username'] = 'drupal';
$config['store.sql.password'] = 'drupal';
$config['store.sql.prefix'] = 'simplesaml';
$config['certdir'] = "/var/www/{$_ENV['AH_SITE_GROUP']}.{$_ENV['AH_SITE_ENVIRONMENT']}/simplesamlphp/cert/";
$config['metadatadir'] = "/var/www/{$_ENV['AH_SITE_GROUP']}.{$_ENV['AH_SITE_ENVIRONMENT']}/simplesamlphp/metadata";
$config['baseurlpath'] = 'simplesaml/';
$config['loggingdir'] = '/var/www/simplesamlphp/log/';
if (in_array($_SERVER['SERVER_NAME'], ['local.example.com', 'employee.example.com'])) {
$config['enable.saml20-idp'] = TRUE;
}
}
elseif (getenv('AH_SITE_ENVIRONMENT')) {
$config['certdir'] = "/mnt/www/html/{$_ENV['AH_SITE_GROUP']}.{$_ENV['AH_SITE_ENVIRONMENT']}/simplesamlphp/cert/";
$config['metadatadir'] = "/mnt/www/html/{$_ENV['AH_SITE_GROUP']}.{$_ENV['AH_SITE_ENVIRONMENT']}/simplesamlphp/metadata";
$config['baseurlpath'] = 'simplesaml/';
$config['logging.handler'] = 'file';
$config['loggingdir'] = dirname(getenv('ACQUIA_HOSTING_DRUPAL_LOG'));
$config['logging.logfile'] = 'simplesamlphp-' . date('Ymd') . '.log';
$creds_json = file_get_contents('/var/www/site-php/' . $_ENV['AH_SITE_GROUP'] . '.' . $_ENV['AH_SITE_ENVIRONMENT'] . '/creds.json');
$databases = json_decode($creds_json, TRUE);
$creds = $databases['databases'][$_ENV['AH_SITE_GROUP']];
if (substr($_ENV['AH_SITE_ENVIRONMENT'], 0, 3) === 'ode') {
$creds['host'] = key($creds['db_url_ha']);
}
else {
require_once "/usr/share/php/Net/DNS2_wrapper.php";
try {
$resolver = new Net_DNS2_Resolver([
'nameservers' => [
'127.0.0.1',
'dns-master',
],
]);
$response = $resolver->query("cluster-{$creds['db_cluster_id']}.mysql", 'CNAME');
$creds['host'] = $response->answer[0]->cname;
}
catch (Net_DNS2_Exception $e) {
$creds['host'] = "";
}
}
$config['store.type'] = 'sql';
$config['store.sql.dsn'] = sprintf('mysql:host=%s;port=%s;dbname=%s', $creds['host'], $creds['port'], $creds['name']);
$config['store.sql.username'] = $creds['user'];
$config['store.sql.password'] = $creds['pass'];
$config['store.sql.prefix'] = 'simplesaml';
}
api-notification-example.php¶
<?php
// This example requires `league/oauth2-client` package.
// Run `composer require league/oauth2-client` before running.
require __DIR__ . '/vendor/autoload.php';
use League\OAuth2\Client\Provider\GenericProvider;
use GuzzleHttp\Client;
// The UUID of an application you want to create the database for.
$applicationUuid = 'APP-UUID';
$dbName = 'test_database_1';
// See https://docs.acquia.com/cloud-platform/develop/api/auth/
// for how to generate a client ID and Secret.
$clientId = 'API-KEY';
$clientSecret = 'API-SECRET';
$provider = new GenericProvider([
'clientId' => $clientId,
'clientSecret' => $clientSecret,
'urlAuthorize' => '',
'urlAccessToken' => 'https://accounts.acquia.com/api/auth/oauth/token',
'urlResourceOwnerDetails' => '',
]);
$client = new Client();
$provider->setHttpClient($client);
echo 'retrieving access token', PHP_EOL;
$accessToken = $provider->getAccessToken('client_credentials');
echo 'access token retrieved', PHP_EOL;
// Generate a request object using the access token.
$request = $provider->getAuthenticatedRequest(
'POST',
"https://cloud.acquia.com/api/applications/{$applicationUuid}/databases",
$accessToken,
[
'headers' => ['Content-Type' => 'application/json'],
'body' => json_encode(['name' => $dbName])
]
);
// Send the request.
echo 'requesting db create api', PHP_EOL;
$response = $client->send($request);
echo 'response parsing', PHP_EOL;
$responseBody = json_decode($response->getBody()->getContents(), true);
$notificationLink = $responseBody['_links']['notification']['href'];
$retryCount = 10;
echo 'start watching for notification status at ', $notificationLink, PHP_EOL;
do {
sleep(5);
// create notification request.
$request = $provider->getAuthenticatedRequest(
'GET',
$notificationLink,
$accessToken
);
echo 'requesting notification status', PHP_EOL;
$response = $client->send($request);
$responseBody = json_decode($response->getBody()->getContents(), true);
echo 'notification status: ', $responseBody['status'], PHP_EOL;
if ($responseBody['status'] === 'succeeded') {
echo 'Successfully created database.';
exit(0);
} elseif ($responseBody['status'] === 'failed') {
echo 'Failed to create database.';
exit(1);
} else {
echo 'retrying notification in 5 sec', PHP_EOL;
$retryCount--;
$retry = $retryCount > 0;
}
} while ($retry);
api-v2-auth.php¶
<?php
require __DIR__ . '/vendor/autoload.php';
use League\OAuth2\Client\Provider\GenericProvider;
use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
use GuzzleHttp\Client;
$clientId = 'API Key';
$clientSecret = 'Api Secret';
$provider = new GenericProvider([
'clientId' => $clientId,
'clientSecret' => $clientSecret,
'urlAuthorize' => '',
'urlAccessToken' => 'https://accounts.acquia.com/api/auth/oauth/token',
'urlResourceOwnerDetails' => '',
]);
try {
$accessToken = $provider->getAccessToken('client_credentials');
$request = $provider->getAuthenticatedRequest(
'GET',
'https://cloud.acquia.com/api/account',
$accessToken
);
$client = new Client();
$response = $client->send($request);
$responseBody = $response->getBody();
} catch (IdentityProviderException $e) {
exit($e->getMessage());
}
myisam_to_innodb.sh.inc¶
#!/bin/sh
dbfilename='db-backup.sql.gz'
dbuser='root'
dbpassword='rootpassword'
dbname='mydatabase'
innodb_to_myisam=0
innodb_to_myisam_exclude_tables_regexp='^(locales_source|locales_target|menu_links|workbench_scheduler_types)$'
myisam_to_innodb=0
myisam_to_innodb_exclude_tables_regexp='^XXX$'
no_data_import_tables_regexp='^(__ACQUIA_MONITORING|accesslog|batch|boost_cache|cache|cache_.*|history|queue|search_index|search_dataset|search_total|sessions|watchdog|panels_hash_database_cache|migrate_.*)$'
pv -p $dbfilename |gzip -d -c | awk -F'`' '
NR==1 {
# http://superuser.com/questions/246784/how-to-tune-mysql-for-restoration-from-mysql-dump
# TODO? http://www.palominodb.com/blog/2011/08/02/mydumper-myloader-fast-backup-and-restore ?
print "SET SQL_LOG_BIN=0;"
print "SET unique_checks=0;"
print "SET autocommit=0;"
print "SET foreign_key_checks=0;"
output=1;
}
{
start_of_line=substr($0,1,200);
# Detect beginning of table structure definition.
if (index(start_of_line, "-- Table structure for table")==1) {
output=1
print "COMMIT;"
print "SET autocommit=0;"
current_db=$2
}
# Switch the engine from InnoDB to MyISAM : MUCHO FAST.
if (substr(start_of_line,1,8)==") ENGINE") {
if ('${innodb_to_myisam:-0}' == 1) {
if (current_db ~ /'"$innodb_to_myisam_exclude_tables_regexp"'/) {
print "Skipping InnoDB -> MyISAM for " current_db >"/dev/stderr"
} else {
gsub(/=InnoDB/, "=MyISAM", $0);
#gsub(/CHARSET=utf8/, "CHARSET=latin1", $0);
}
}
if ('${myisam_to_innodb:-0}' == 1) {
if (current_db ~ /'"$myisam_to_innodb_exclude_tables_regexp"'/) {
print "Skipping MyISAM -> InnoDB for " current_db >"/dev/stderr"
} else {
gsub(/=MyISAM/, "=InnoDB", $0);
}
}
}
# Detect beginning of table data dump.
if (index(start_of_line, "-- Dumping data for table")==1) {
if (current_db != $2) {
print "Internal problem: unexpected data, seems to come from table " $2 " whereas expected table " current_db;
current_db=$2
}
printf "\r Processing table " current_db > "/dev/stderr"
output=1
# Skip data in some tables
if (current_db ~ /'"$no_data_import_tables_regexp"'/) {
output=0
print "Skipping Data import (imported structure only) for " current_db >"/dev/stderr"
}
}
if (output==1) {
print
}
}
END {
print "COMMIT;"
}' |mysql -u$dbuser --password=$dbpassword $dbname
example.sitename.conf¶
[ req ]
default_bits = 4096
default_keyfile = private.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Massachusetts
localityName = Locality Name (eg, city)
localityName_default = Boston
organizationName = Organization Name (eg, company)
organizationName_default = Acquia
organizationalUnitName = Organizational Unit Name (department, division)
organizationalUnitName_default =
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
commonName_default = localhost
emailAddress = Email Address (such as [email protected])
emailAddress_default =
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = www.example.com
DNS.2 = edit.example.com
memcache.yml¶
services:
lock:
class: Drupal\Core\Lock\LockBackendInterface
factory: memcache.lock.factory:get
acsfd7.memcache.settings.php¶
<?php
if (getenv('AH_SITE_ENVIRONMENT') &&
isset($conf['memcache_servers'])
) {
$conf['memcache_extension'] = 'Memcached';
$conf['cache_backends'][] = 'sites/all/modules/contrib/memcache/memcache.inc';
$conf['cache_default_class'] = 'MemCacheDrupal';
$conf['cache_class_cache_form'] = 'DrupalDatabaseCache';
$conf['memcache_options'][Memcached::OPT_COMPRESSION] = TRUE;
$conf['memcache_stampede_protection_ignore'] = array(
'cache_bootstrap' => array(
'module_implements',
'variables',
'lookup_cache',
'schema:runtime:*',
'theme_registry:runtime:*',
'_drupal_file_scan_cache',
),
'cache' => array(
'i18n:string:*',
),
'cache_path',
'cache_rules',
);
$conf['lock_inc'] = 'sites/all/modules/contrib/memcache/memcache-lock.inc';
}
authsources.php¶
<?php
$config = array(
'admin' => array(
'core:AdminPassword',
),
'default-sp' => array(
'saml:SP',
'entityID' => 'SP EntityID',
'certificate' => "../cert/saml.crt",
'privatekey' => "../cert/saml.pem",
'redirect.sign' => TRUE,
'redirect.validate' => TRUE,
'idp' => 'IdP EntityID',
'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
'authproc' => array(
20 => array(
'class' => 'saml:NameIDAttribute',
'format' => '%V',
),
),
'RelayState' => 'https://' . $_SERVER['HTTP_HOST'] . '/saml_login',
),
);
clam_av_script.sh.inc¶
#!/bin/bash
SCAN_OUTPUT=/mnt/tmp/clamscan.log
EMAIL_RECIPIENTS=$1
SITE_ENV=$2
DATE=$(date)
CRON_OUTPUT=/var/log/sites/${SITE_ENV}/logs/$(hostname -s)/clamscan.log
if [ -d /mnt/gfs/${SITE_ENV} ]
then
{
echo -e "=============================\nStarting scan ${DATE}\n"
/usr/bin/clamscan -ri /mnt/gfs/${SITE_ENV}/sites/default/files > ${SCAN_OUTPUT}
echo -e "Checking output...\n"
cat ${SCAN_OUTPUT} | grep "FOUND"
if [ $? -eq 0 ] ; then
echo -e "FOUND VIRUS, SENDING EMAILS TO ${EMAIL_RECIPIENTS}.\n"
cat ${SCAN_OUTPUT} | mail -s "${DATE} ClamAV has detected a virus on your website files directory" "${EMAIL_RECIPIENTS}"
else
echo -e "CLEAN, NO VIRUSES FOUND.\n"
fi
echo -e "Done\n=============================\n"
} >> ${CRON_OUTPUT} 2>&1
else
echo "ERROR: directory /mnt/gfs/${SITE_ENV} is not a valid path. Please update your scheduled task with the correct [site].[env] as the second parameter"
fi
if (getenv('AH_SITE_ENVIRONMENT') &&
isset($conf['memcache_servers'])
) {
$conf['memcache_extension'] = 'Memcached';
$conf['cache_backends'][] = 'sites/all/modules/contrib/memcache/memcache.inc';
$conf['cache_default_class'] = 'MemCacheDrupal';
$conf['cache_class_cache_form'] = 'DrupalDatabaseCache';
$conf['memcache_options'][Memcached::OPT_COMPRESSION] = TRUE;
$conf['memcache_stampede_protection_ignore'] = array(
'cache_bootstrap' => array(
'module_implements',
'variables',
'lookup_cache',
'schema:runtime:*',
'theme_registry:runtime:*',
'_drupal_file_scan_cache',
),
'cache' => array(
'i18n:string:*',
),
'cache_path',
'cache_rules',
);
$conf['lock_inc'] = 'sites/all/modules/contrib/memcache/memcache-lock.inc';
}
Default Memcached configuration¶
<?php
use Composer\Autoload\ClassLoader;
$is_acquia_cloud_next = (getenv("HOME") == "/home/clouduser");
if (getenv('AH_SITE_ENVIRONMENT') &&
array_key_exists('memcache', $settings) &&
array_key_exists('servers', $settings['memcache']) &&
!empty($settings['memcache']['servers']) &&
!$is_acquia_cloud_next
) {
$memcache_exists = class_exists('Memcache', FALSE);
$memcached_exists = class_exists('Memcached', FALSE);
$memcache_services_yml = DRUPAL_ROOT . '/modules/contrib/memcache/memcache.services.yml';
$memcache_module_is_present = file_exists($memcache_services_yml);
if ($memcache_module_is_present && ($memcache_exists || $memcached_exists)) {
if ($memcached_exists) {
$settings['memcache']['extension'] = 'Memcached';
}
if (class_exists(ClassLoader::class)) {
$class_loader = new ClassLoader();
$class_loader->addPsr4('Drupal\\memcache\\', DRUPAL_ROOT . '/modules/contrib/memcache/src');
$class_loader->register();
$settings['container_yamls'][] = $memcache_services_yml;
$settings['memcache']['options'][Memcached::OPT_COMPRESSION] = TRUE;
$settings['memcache']['key_prefix'] = $conf['acquia_hosting_site_info']['db']['name'] . '_';
$settings['memcache']['options'][Memcached::OPT_TCP_NODELAY] = TRUE;
$settings['bootstrap_container_definition'] = [
'parameters' => [],
'services' => [
'database' => [
'class' => 'Drupal\Core\Database\Connection',
'factory' => 'Drupal\Core\Database\Database::getConnection',
'arguments' => ['default'],
],
'settings' => [
'class' => 'Drupal\Core\Site\Settings',
'factory' => 'Drupal\Core\Site\Settings::getInstance',
],
'memcache.settings' => [
'class' => 'Drupal\memcache\MemcacheSettings',
'arguments' => ['@settings'],
],
'memcache.factory' => [
'class' => 'Drupal\memcache\Driver\MemcacheDriverFactory',
'arguments' => ['@memcache.settings'],
],
'memcache.timestamp.invalidator.bin' => [
'class' => 'Drupal\memcache\Invalidator\MemcacheTimestampInvalidator',
'arguments' => ['@memcache.factory', 'memcache_bin_timestamps', 0.001],
],
'memcache.backend.cache.container' => [
'class' => 'Drupal\memcache\DrupalMemcacheInterface',
'factory' => ['@memcache.factory', 'get'],
'arguments' => ['container'],
],
'cache_tags_provider.container' => [
'class' => 'Drupal\Core\Cache\DatabaseCacheTagsChecksum',
'arguments' => ['@database'],
],
'cache.container' => [
'class' => 'Drupal\memcache\MemcacheBackend',
'arguments' => [
'container',
'@memcache.backend.cache.container',
'@cache_tags_provider.container',
'@memcache.timestamp.invalidator.bin',
'@memcache.settings',
],
],
],
];
$settings['cache']['bins']['depcalc'] = 'cache.backend.database';
$settings['cache']['bins']['bootstrap'] = 'cache.backend.memcache';
$settings['cache']['bins']['discovery'] = 'cache.backend.memcache';
$settings['cache']['bins']['config'] = 'cache.backend.memcache';
$settings['cache']['default'] = 'cache.backend.memcache';
}
}
}
Content Hub¶
ach-bulk-import-batch-functions.php¶
<?php
function export_enqueue_entities($entity_type, $bundle, $entity_ids, &$context) {
$entities_per_iteration = 5;
if (empty($context['sandbox'])) {
$context['sandbox']['progress'] = 0;
$context['sandbox']['max'] = count($entity_ids);
$context['results']['total'] = 0;
}
$entity_manager = \Drupal::service('acquia_contenthub.entity_manager');
$export_controller = \Drupal::service('acquia_contenthub.acquia_contenthub_export_entities');
$slice_entity_ids = array_slice($entity_ids, $context['sandbox']['progress'], $entities_per_iteration);
$ids = array_values($slice_entity_ids);
if (!empty($ids)) {
$entities = \Drupal::entityTypeManager()
->getStorage($entity_type)
->loadMultiple($ids);
foreach ($entities as $entity) {
if ($entity_manager->isEligibleEntity($entity)) {
$export_controller->exportEntities([$entity]);
}
}
}
$context['sandbox']['progress'] += count($ids);
$enqueued = implode(',', $ids);
$message = empty($enqueued) ? "Enqueuing '$entity_type' ($bundle) entities: No entities to queue." : "Enqueuing '$entity_type' ($bundle) entities with IDs: " . $enqueued . "\n";
$context['results']['total'] += count($ids);
$context['message'] = $message;
if ($context['sandbox']['progress'] != $context['sandbox']['max']) {
$context['finished'] = $context['sandbox']['progress'] / $context['sandbox']['max'];
}
}
function export_enqueue_finished($success, $results, $operations) {
if ($success) {
$message = 'Total number of enqueued entities: ' . $results['total'];
}
else {
$message = t('Finished with an error.');
}
drush_print($message);
}
content-hub-enqueue-entity-eligibility.php¶
<?php
namespace Drupal\acquia_contenthub_publisher\EventSubscriber\EnqueueEligibility;
use Drupal\acquia_contenthub_publisher\AcquiaContentHubPublisherEvents;
use Drupal\acquia_contenthub_publisher\Event\ContentHubEntityEligibilityEvent;
use Drupal\file\FileInterface;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
class FileIsTemporary implements EventSubscriberInterface {
public static function getSubscribedEvents() {
$events[AcquiaContentHubPublisherEvents::ENQUEUE_CANDIDATE_ENTITY][] = ['onEnqueueCandidateEntity', 50];
return $events;
}
public function onEnqueueCandidateEntity(ContentHubEntityEligibilityEvent $event) {
$entity = $event->getEntity();
if ($entity instanceof FileInterface && $entity->isTemporary()) {
$event->setEligibility(FALSE);
$event->stopPropagation();
}
}
}
ach-bulk-import.php¶
<?php
use Drupal\acquia_contenthub\ContentHubEntityDependency;
use Drupal\Component\Serialization\Json;
$global_excluded_types = [
];
$include_dependencies = TRUE;
$publishing_status = 1;
$fifo = TRUE;
$uid = 1;
$user = \Drupal\user\Entity\User::load($uid);
$author = $user->uuid();
$entities_tracking = \Drupal::service('acquia_contenthub.acquia_contenthub_entities_tracking');
$client_manager = \Drupal::service('acquia_contenthub.client_manager');
$client = $client_manager->getConnection();
$import_manager = \Drupal::service("acquia_contenthub.import_entity_manager");
$dependent_entity_type_ids = ContentHubEntityDependency::getPostDependencyEntityTypes();
$excluded_types = array_merge($global_excluded_types, $dependent_entity_type_ids);
$import_with_queue = \Drupal::config('acquia_contenthub.entity_config')->get('import_with_queue');
if (!$import_with_queue) {
drush_user_abort('Please enable the Import Queue.');
}
if (!$client_manager->isConnected()) {
return;
}
$list = $client_manager->createRequest('listEntities', [[]]);
$total = floor($list['total'] / 1000) * 1000;
$start = $fifo ? $total : 0;
$step = $fifo ? -1000 : 1000;
$i = 0;
do {
$options = [
'start' => $start,
];
$list = $client_manager->createRequest('listEntities', [$options]);
foreach ($list['data'] as $entity) {
$i++;
if (in_array($entity['type'], $excluded_types)) {
drush_print("{$i}) Skipped entity type = {$entity['type']} , UUID = {$entity['uuid']} (Dependent or excluded entity type)");
continue;
}
if ($imported_entity = $entities_tracking->loadImportedByUuid($entity['uuid'])) {
if ($imported_entity->getModified() === $entity['modified']) {
drush_print("{$i}) Skipped entity type = {$entity['type']} , UUID = {$entity['uuid']} (Entity already imported)");
continue;
}
}
try {
$response = $import_manager->addEntityToImportQueue($entity['uuid'], $include_dependencies, $author, $publishing_status);
$status = Json::decode($response->getContent());
if (!empty($status['status']) && $status['status'] == 200) {
drush_print("{$i}) Entity added to import queue: type = {$entity['type']} , UUID = {$entity['uuid']}");
}
else {
drush_print("{$i}) ERROR: Cannot add entity to import queue: type = {$entity['type']} , UUID = {$entity['uuid']}");
}
} catch (\Drupal\Core\Entity\EntityStorageException $ex) {
drush_print("{$i}) ERROR: Failed to add entity to import queue: type = {$entity['type']} , UUID = {$entity['uuid']} [{$ex->getMessage()}]");
}
}
$start = $start + $step;
$exit_condition = $fifo ? $start >= 0 : $start <= $total;
} while ($exit_condition);
content-hub-publish-entities.php¶
<?php
namespace Drupal\acquia_contenthub_publisher\EventSubscriber\PublishEntities;
use Drupal\acquia_contenthub_publisher\AcquiaContentHubPublisherEvents;
use Drupal\acquia_contenthub_publisher\Event\ContentHubPublishEntitiesEvent;
use Drupal\acquia_contenthub_publisher\PublisherTracker;
use Drupal\Core\Database\Connection;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
class RemoveUnmodifiedEntities implements EventSubscriberInterface {
protected $database;
public function __construct(Connection $database) {
$this->database = $database;
}
public static function getSubscribedEvents() {
$events[AcquiaContentHubPublisherEvents::PUBLISH_ENTITIES][] = ['onPublishEntities', 1000];
return $events;
}
public function onPublishEntities(ContentHubPublishEntitiesEvent $event) {
$dependencies = $event->getDependencies();
$uuids = array_keys($dependencies);
$query = $this->database->select('acquia_contenthub_publisher_export_tracking', 't')
->fields('t', ['entity_uuid', 'hash']);
$query->condition('t.entity_uuid', $uuids, 'IN');
$query->condition('t.status', [PublisherTracker::CONFIRMED, PublisherTracker::EXPORTED], 'IN');
$results = $query->execute();
foreach ($results as $result) {
if (!$result->hash) {
continue;
}
$wrapper = $dependencies[$result->entity_uuid];
if ($wrapper->getHash() == $result->hash) {
$event->removeDependency($result->entity_uuid);
}
}
}
}
Personalization¶
ACSF-D8-settings-sample-factory-hook.php¶
<?php
$ah_env = isset($_ENV['AH_SITE_ENVIRONMENT']) ? $_ENV['AH_SITE_ENVIRONMENT'] : NULL;
$ah_group = isset($_ENV['AH_SITE_GROUP']) ? $_ENV['AH_SITE_GROUP'] : NULL;
$is_ah_env = (bool) $ah_env;
$is_ah_prod_env = ($ah_env == 'prod' || $ah_env == '01live');
$is_ah_stage_env = ($ah_env == 'test' || $ah_env == '01test');
$is_ah_preview_env = ($ah_env == 'preview' || $ah_env == '01preview');
$is_ah_dev_cloud = (!empty($_SERVER['HTTP_HOST']) && strstr($_SERVER['HTTP_HOST'], 'devcloud'));
$is_ah_dev_env = (preg_match('/^dev[0-9]*$/', $ah_env) || $ah_env == '01dev');
$is_acsf = (!empty($ah_group) && file_exists("/mnt/files/$ah_group.$ah_env/files-private/sites.json"));
$acsf_db_name = $is_acsf ? $GLOBALS['gardens_site_settings']['conf']['acsf_db_name'] : NULL;
$is_local_env = !$is_ah_env;
$is_domain_a= (!empty($_SERVER['HTTP_HOST']) && strstr($_SERVER['HTTP_HOST'], 'domaina'));
$is_domain_b= (!empty($_SERVER['HTTP_HOST']) && strstr($_SERVER['HTTP_HOST'], 'domainb'));
if ($is_ah_env && $is_domain_a) {
switch ($ah_env) {
case '01live':
$config['acquia_lift.settings']['credential']['account_id'] = 'LIFTACCOUNT';
$config['acquia_lift.settings']['credential']['site_id'] = 'site_id_domain_a_prod';
$config['acquia_lift.settings']['credential']['content_origin'] = '12312312312312312312312';
$config['acquia_contenthub.admin_settings']['api_key'] = '121231231231';
$config['acquia_contenthub.admin_settings']['secret_key'] = '123123123123123123123123123';
$config['acquia_contenthub.admin_settings']['client_name'] = 'site_id_domain_a_prod';
$config['acquia_contenthub.admin_settings']['origin'] = '12312312312312312312312';
$config['acquia_contenthub.admin_settings']['webhook'] = [
'uuid' => 'will be generated on /admin/config/services/acquia-contenthub',
'url' => 'create at /admin/config/services/acquia-contenthub',
'settings_url' => 'will be generated on /admin/config/services/acquia-contenthub',
];
break;
case '01test':
$config['acquia_lift.settings']['credential']['account_id'] = 'LIFTACCOUNT';
$config['acquia_lift.settings']['credential']['site_id'] = 'site_id_domain_a_test';
$config['acquia_lift.settings']['credential']['content_origin'] = '12312312312312312312312';
$config['acquia_contenthub.admin_settings']['api_key'] = '121231231231';
$config['acquia_contenthub.admin_settings']['secret_key'] = '123123123123123123123123123';
$config['acquia_contenthub.admin_settings']['client_name'] = 'site_id_domain_a_test';
$config['acquia_contenthub.admin_settings']['origin'] = '12312312312312312312312';
$config['acquia_contenthub.admin_settings']['webhook'] = [
'uuid' => 'will be generated on /admin/config/services/acquia-contenthub',
'url' => 'create at /admin/config/services/acquia-contenthub',
'settings_url' => 'will be generated on /admin/config/services/acquia-contenthub',
];
break;
case '01dev':
$config['acquia_lift.settings']['credential']['account_id'] = 'LIFTACCOUNT';
$config['acquia_lift.settings']['credential']['site_id'] = 'site_id_domain_a_dev';
$config['acquia_lift.settings']['credential']['content_origin'] = '12312312312312312312312';
$config['acquia_contenthub.admin_settings']['api_key'] = '121231231231';
$config['acquia_contenthub.admin_settings']['secret_key'] = '123123123123123123123123123';
$config['acquia_contenthub.admin_settings']['client_name'] = 'site_id_domain_a_dev';
$config['acquia_contenthub.admin_settings']['origin'] = '12312312312312312312312';
$config['acquia_contenthub.admin_settings']['webhook'] = [
'uuid' => 'will be generated on /admin/config/services/acquia-contenthub',
'url' => 'create at /admin/config/services/acquia-contenthub',
'settings_url' => 'will be generated on /admin/config/services/acquia-contenthub',
];
break;
}
}
if ($is_ah_env && $is_domain_b) {
switch ($ah_env) {
case '01live':
$config['acquia_lift.settings']['credential']['account_id'] = 'LIFTACCOUNT';
$config['acquia_lift.settings']['credential']['site_id'] = 'site_id_domain_b_prod';
$config['acquia_lift.settings']['credential']['content_origin'] = '12312312312312312312312';
$config['acquia_contenthub.admin_settings']['api_key'] = '121231231231';
$config['acquia_contenthub.admin_settings']['secret_key'] = '123123123123123123123123123';
$config['acquia_contenthub.admin_settings']['client_name'] = 'site_id_domain_b_prod';
$config['acquia_contenthub.admin_settings']['origin'] = '12312312312312312312312';
$config['acquia_contenthub.admin_settings']['webhook'] = [
'uuid' => 'will be generated on /admin/config/services/acquia-contenthub',
'url' => 'create at /admin/config/services/acquia-contenthub',
'settings_url' => 'will be generated on /admin/config/services/acquia-contenthub',
];
break;
case '01test':
$config['acquia_lift.settings']['credential']['account_id'] = 'LIFTACCOUNT';
$config['acquia_lift.settings']['credential']['site_id'] = 'site_id_domain_b_test';
$config['acquia_lift.settings']['credential']['content_origin'] = '12312312312312312312312';
$config['acquia_contenthub.admin_settings']['api_key'] = '121231231231';
$config['acquia_contenthub.admin_settings']['secret_key'] = '123123123123123123123123123';
$config['acquia_contenthub.admin_settings']['client_name'] = 'site_id_domain_b_test';
$config['acquia_contenthub.admin_settings']['origin'] = '12312312312312312312312';
$config['acquia_contenthub.admin_settings']['webhook'] = [
'uuid' => 'will be generated on /admin/config/services/acquia-contenthub',
'url' => 'create at /admin/config/services/acquia-contenthub',
'settings_url' => 'will be generated on /admin/config/services/acquia-contenthub',
];
break;
case '01dev':
$config['acquia_lift.settings']['credential']['account_id'] = 'LIFTACCOUNT';
$config['acquia_lift.settings']['credential']['site_id'] = 'site_id_domain_b_dev';
$config['acquia_lift.settings']['credential']['content_origin'] = '12312312312312312312312';
$config['acquia_contenthub.admin_settings']['api_key'] = '121231231231';
$config['acquia_contenthub.admin_settings']['secret_key'] = '123123123123123123123123123';
$config['acquia_contenthub.admin_settings']['client_name'] = 'site_id_domain_b_dev';
$config['acquia_contenthub.admin_settings']['origin'] = '12312312312312312312312';
$config['acquia_contenthub.admin_settings']['webhook'] = [
'uuid' => 'will be generated on /admin/config/services/acquia-contenthub',
'url' => 'create at /admin/config/services/acquia-contenthub',
'settings_url' => 'will be generated on /admin/config/services/acquia-contenthub',
];
break;
}
}
if ($is_local_env) {
$config['acquia_lift.settings']['credential']['customer_site'] = 'local';
$config['acquia_contenthub.admin_settings']['origin'] = 'Not connected';
}
D7-example-settings.php¶
<?php
if (isset($_ENV['AH_SITE_ENVIRONMENT'])) {
switch ($_ENV['AH_SITE_ENVIRONMENT']) {
case 'prod':
$conf['acquia_lift_site_id'] = 'domain_prod';
$conf['content_hub_connector_client_name'] = 'domain_prod';
$conf['content_hub_connector_origin'] = '';
break;
case 'test':
$conf['acquia_lift_site_id'] = 'domain_test';
$conf['content_hub_connector_client_name'] = 'domain_test';
$conf['content_hub_connector_origin'] = '';
break;
case 'dev':
$conf['acquia_lift_site_id'] = 'domain_dev';
$conf['content_hub_connector_client_name'] = 'domain_dev';
$conf['content_hub_connector_origin'] = '';
}
}
D8-example-settings.php¶
<?php
if (isset($_ENV['AH_SITE_ENVIRONMENT'])) {
switch ($_ENV['AH_SITE_ENVIRONMENT']) {
case 'prod':
$config['acquia_lift.settings']['credential']['site_id'] = 'mysite_prod';
$config['acquia_contenthub.admin_settings']['client_name'] = 'create at /admin/config/services/acquia-contenthub';
$config['acquia_contenthub.admin_settings']['origin'] = 'will be generated on /admin/config/services/acquia-contenthub';
$config['acquia_contenthub.admin_settings']['webhook'] = [
'uuid' => 'will be generated on /admin/config/services/acquia-contenthub',
'url' => 'create at /admin/config/services/acquia-contenthub',
'settings_url' => 'will be generated on /admin/config/services/acquia-contenthub',
];
break;
case 'test':
$config['acquia_lift.settings']['credential']['site_id'] = 'mysite_test';
$config['acquia_contenthub.admin_settings']['client_name'] = 'create at /admin/config/services/acquia-contenthub';
$config['acquia_contenthub.admin_settings']['origin'] = 'will be generated on /admin/config/services/acquia-contenthub';
$config['acquia_contenthub.admin_settings']['webhook'] = [
'uuid' => 'will be generated on /admin/config/services/acquia-contenthub',
'url' => 'create at /admin/config/services/acquia-contenthub',
'settings_url' => 'will be generated on /admin/config/services/acquia-contenthub',
];
break;
case 'dev':
$config['acquia_lift.settings']['credential']['site_id'] = 'mysite_dev';
$config['acquia_contenthub.admin_settings']['client_name'] = 'create at /admin/config/services/acquia-contenthub';
$config['acquia_contenthub.admin_settings']['origin'] = 'will be generated on /admin/config/services/acquia-contenthub';
$config['acquia_contenthub.admin_settings']['webhook'] = [
'uuid' => 'will be generated on /admin/config/services/acquia-contenthub',
'url' => 'create at /admin/config/services/acquia-contenthub',
'settings_url' => 'will be generated on /admin/config/services/acquia-contenthub',
];
break;
}
}
LiftWebJavaClient-HMACv1.java¶
package com.acquia.lift.examples;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URI;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.HttpException;
import org.apache.http.HttpRequest;
import org.apache.http.HttpRequestInterceptor;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.protocol.HttpContext;
public class LiftWebJavaClient {
private String apiUrl;
private String accountId;
private String accessKey;
private String secretKey;
private static final String[] HEADER_WHITE_LIST = { "Accept", "Host", "User-Agent" };
private static final String HMAC_SHA1_ALGORITHM = "HmacSHA1";
private static final String UTF8 = "UTF-8";
private LiftWebJavaClient(String accountId, String apiUrl, String accessKey, String secretKey) {
this.accountId = accountId;
this.apiUrl = apiUrl;
this.accessKey = accessKey;
this.secretKey = secretKey;
}
protected String generateEndpoint(String path) {
return this.apiUrl + "/dashboard/rest/" + this.accountId + "/" + path;
}
private String canonicalizeRequest(HttpRequest httpRequest) throws Exception {
StringBuilder sb = new StringBuilder();
sb.append(httpRequest.getRequestLine().getMethod().toUpperCase()).append("\n");
for (String headerName : LiftWebJavaClient.HEADER_WHITE_LIST) {
Header header = httpRequest.getFirstHeader(headerName);
if (header != null) {
String lowercaseHeaderName = headerName.toLowerCase();
String trimmedHeaderValue = header.getValue().trim();
sb.append(lowercaseHeaderName).append(":").append(trimmedHeaderValue).append("\n");
}
}
URI uri = new URI(httpRequest.getRequestLine().getUri());
sb.append(uri.getPath());
String query = uri.getQuery();
if (query != null && query.trim().length() > 0) {
List<String> parameterNameValuePairs = Arrays.<String> asList(query.split("&"));
if (parameterNameValuePairs.size() > 0) {
Collections.sort(parameterNameValuePairs);
sb.append("?").append(parameterNameValuePairs.get(0));
for (int i = 1; i < parameterNameValuePairs.size(); i++) {
sb.append("&").append(parameterNameValuePairs.get(i));
}
}
}
return sb.toString();
}
private String hashHMAC(String algorithm, String data, String key) throws Exception {
String result;
SecretKeySpec signingKey = new SecretKeySpec(key.getBytes(LiftWebJavaClient.UTF8),
algorithm);
Mac mac = Mac.getInstance(algorithm);
mac.init(signingKey);
byte[] rawHmac = mac.doFinal(data.getBytes());
result = Base64.encodeBase64String(rawHmac);
return result;
}
private void addAuthenticationCredentials(HttpRequest httpRequest) throws Exception {
if (accessKey == null) {
return;
}
String canonical = canonicalizeRequest(httpRequest);
String hmac = hashHMAC(LiftWebJavaClient.HMAC_SHA1_ALGORITHM, canonical, this.secretKey);
String authorizationHeader = "HMAC " + this.accessKey + ":" + hmac;
System.out.println(authorizationHeader);
httpRequest.addHeader("Authorization", authorizationHeader);
}
private CloseableHttpClient createHttpClient() {
return HttpClientBuilder.create().addInterceptorLast(new HttpRequestInterceptor() {
@Override
public void process(HttpRequest request, HttpContext context) throws HttpException,
IOException {
try {
addAuthenticationCredentials(request);
} catch(Exception e) {
throw new IOException(e.getMessage(), e);
}
}
}).build();
}
protected String readResponse(HttpResponse httpResponse) throws Exception {
HttpEntity entity = httpResponse.getEntity();
BufferedReader br = new BufferedReader(new InputStreamReader(entity.getContent(),
LiftWebJavaClient.UTF8));
StringBuilder body = new StringBuilder("");
String line = null;
while ((line = br.readLine()) != null) {
if (body.length() > 0) {
body.append("\n");
}
body.append(line);
}
br.close();
return body.toString().trim();
}
public static void main(String[] args) throws Exception {
String accountId = "your_account_id";
String accessKey = "your_access_key";
String secretKey = "your_secret_key";
String apiUrl = "your_apiUrl";
LiftWebJavaClient client = new LiftWebJavaClient(accountId, apiUrl, accessKey, secretKey);
{
String segmentsPath = "segments";
String url = client.generateEndpoint(segmentsPath);
HttpGet httpGet = new HttpGet(url);
try (CloseableHttpClient httpClient = client.createHttpClient()) {
HttpResponse httpResponse = httpClient.execute(httpGet);
int statusCode = httpResponse.getStatusLine().getStatusCode();
System.out.println(statusCode);
if (statusCode == 200) {
System.out.println(client.readResponse(httpResponse));
} else {
throw new Exception("status not HTTP OK"
+ httpResponse.getStatusLine().toString());
}
}
}
{
String eventName = "LiftWebRESTEEventExample";
String eventType = "OTHER";
String eventsPath = "events/" + eventName + "?type=" + eventType;
String url = client.generateEndpoint(eventsPath);
HttpPut request = new HttpPut(url);
try (CloseableHttpClient httpClient = client.createHttpClient()) {
HttpResponse httpResponse = httpClient.execute(request);
int statusCode = httpResponse.getStatusLine().getStatusCode();
System.out.println(statusCode);
if (statusCode != 200) {
if (httpResponse.getStatusLine().getStatusCode() != 200) {
throw new Exception("status not HTTP OK"
+ httpResponse.getStatusLine().toString());
}
}
}
}
{
String eventName = "LiftWebRESTEEventExample";
String eventsPath = "events/" + eventName;
String url = client.generateEndpoint(eventsPath);
HttpDelete request = new HttpDelete(url);
try (CloseableHttpClient httpClient = client.createHttpClient()) {
HttpResponse httpResponse = httpClient.execute(request);
int statusCode = httpResponse.getStatusLine().getStatusCode();
System.out.println(statusCode);
if (statusCode != 200) {
if (httpResponse.getStatusLine().getStatusCode() != 200) {
throw new Exception("status not HTTP OK"
+ httpResponse.getStatusLine().toString());
}
}
}
}
}
}
LiftWebJavaClient-HMACv2.java¶
package com.acquia.lift.examples;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import org.apache.http.HttpEntity;
import org.apache.http.HttpException;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.protocol.HttpContext;
import com.acquia.http.HMACHttpRequestInterceptor;
import com.acquia.http.HMACHttpResponseInterceptor;
public class LiftWebJavaClient {
private String apiUrl;
private String accountId;
private String accessKey;
private String secretKey;
private static final String UTF8 = "UTF-8";
private LiftWebJavaClient(String accountId, String apiUrl, String accessKey, String secretKey) {
this.accountId = accountId;
this.apiUrl = apiUrl;
this.accessKey = accessKey;
this.secretKey = secretKey;
}
protected String generateEndpoint(String path) {
return this.apiUrl + "/" + this.accountId + "/" + path;
}
private CloseableHttpClient createHttpClient() {
HttpClientBuilder clientBuilder = HttpClientBuilder.create();
HMACHttpRequestInterceptor requestInterceptor = new HMACHttpRequestInterceptor("Acquia",
this.accessKey, this.secretKey, "SHA256") {
@Override
public void process(HttpRequest request, HttpContext context)
throws HttpException, IOException {
super.process(request, context);
}
};
clientBuilder.addInterceptorLast(requestInterceptor);
HMACHttpResponseInterceptor responseInterceptor = new HMACHttpResponseInterceptor(
this.secretKey, "SHA256");
clientBuilder.addInterceptorLast(responseInterceptor);
return clientBuilder.build();
}
protected String readResponse(HttpResponse httpResponse) throws Exception {
HttpEntity entity = httpResponse.getEntity();
BufferedReader br = new BufferedReader(
new InputStreamReader(entity.getContent(), LiftWebJavaClient.UTF8));
StringBuilder body = new StringBuilder("");
String line = null;
while ((line = br.readLine()) != null) {
if (body.length() > 0) {
body.append("\n");
}
body.append(line);
}
br.close();
return body.toString().trim();
}
public static void main(String[] args) throws Exception {
String accountId = "your_account_id";
String accessKey = "your_access_key";
String secretKey = "your_secret_key";
String apiUrl = "your_apiUrl";
LiftWebJavaClient client = new LiftWebJavaClient(accountId, apiUrl, accessKey, secretKey);
{
String segmentsPath = "segments";
String url = client.generateEndpoint(segmentsPath);
HttpGet httpGet = new HttpGet(url);
try (CloseableHttpClient httpClient = client.createHttpClient()) {
HttpResponse httpResponse = httpClient.execute(httpGet);
int statusCode = httpResponse.getStatusLine().getStatusCode();
System.out.println(statusCode);
if (statusCode == 200) {
System.out.println(client.readResponse(httpResponse));
} else {
throw new Exception(
"status not HTTP OK" + httpResponse.getStatusLine().toString());
}
}
}
{
String eventName = "LiftWebRESTEEventExample";
String eventType = "OTHER";
String eventsPath = "events/" + eventName + "?type=" + eventType;
String url = client.generateEndpoint(eventsPath);
HttpPut request = new HttpPut(url);
try (CloseableHttpClient httpClient = client.createHttpClient()) {
HttpResponse httpResponse = httpClient.execute(request);
int statusCode = httpResponse.getStatusLine().getStatusCode();
System.out.println(statusCode);
if (statusCode != 200) {
throw new Exception(
"status not HTTP OK" + httpResponse.getStatusLine().toString());
}
}
}
{
String eventName = "LiftWebRESTEEventExample";
String eventsPath = "events/" + eventName;
String url = client.generateEndpoint(eventsPath);
HttpDelete request = new HttpDelete(url);
try (CloseableHttpClient httpClient = client.createHttpClient()) {
HttpResponse httpResponse = httpClient.execute(request);
int statusCode = httpResponse.getStatusLine().getStatusCode();
System.out.println(statusCode);
if (statusCode != 200) {
throw new Exception(
"status not HTTP OK" + httpResponse.getStatusLine().toString());
}
}
}
}
}
LiftWebPHPClient.php¶
<?php
class LiftWebPHPClient {
protected $httpClient;
protected $apiUrl;
protected $accountId;
protected $accessKey;
protected $secretKey;
protected $headerWhitelist = array(
'Accept',
'Host',
'User-Agent'
);
private static $instance;
public static function getInstance($account_id, $customer_site, $api_url, $access_key, $secret_key) {
if (empty(self::$instance)) {
self::$instance = new self($account_id, $customer_site, $api_url, $access_key, $secret_key);
}
return self::$instance;
}
private function __construct($account_id, $site, $api_url, $access_key, $secret_key) {
$this->accountId = $account_id;
$this->customerSite = $site;
$this->apiUrl = $api_url;
$this->accessKey = $access_key;
$this->secretKey = $secret_key;
}
protected function httpClient() {
if (!isset($this->httpClient)) {
$this->httpClient = new AcquiaLiftDrupalHttpClient();
}
return $this->httpClient;
}
protected function generateEndpoint($path) {
return $this->apiUrl . '/dashboard/rest/' . $this->accountId . '/' . $path;
}
public function canonicalizeRequest($method, $url, $parameters = array(), $headers = array(), $add_extra_headers = TRUE) {
$parsed_url = parse_url($url);
$str = strtoupper($method) . "\n";
if ($add_extra_headers && !isset($headers['User-Agent'])) {
$headers['User-Agent'] = 'Drupal (+http://drupal.org/)';
}
if ($add_extra_headers && !isset($headers['Host'])) {
$headers['Host'] = $parsed_url['host'] . (!empty($parsed_url['port']) ? ':' . $parsed_url['port'] : '');
}
$header_names = array_keys($headers);
uasort($header_names, create_function('$a, $b', 'return strtolower($a) < strtolower($b) ? -1 : 1;'));
foreach ($header_names as $header) {
if (!in_array($header, $this->headerWhitelist)) {
continue;
}
$str .= trim(strtolower($header)) . ':' . trim($headers[$header]) . "\n";
}
$str .= $parsed_url['path'];
if (!empty($parameters)) {
ksort($parameters);
$first_param = key($parameters);
$str .= '?' . $first_param . '=' . array_shift($parameters);
foreach ($parameters as $key => $value) {
$str .= '&' . $key . '=' . $value;
}
}
return $str;
}
public function getAuthHeader($method, $path, $parameters = array(), $headers = array()) {
$canonical = $this->canonicalizeRequest($method, $path, $parameters, $headers, is_a($this->httpClient(), 'AcquiaLiftDrupalHttpClient'));
$binary = hash_hmac('sha1', (string) $canonical, $this->secretKey, TRUE);
$hex = hash_hmac('sha1', (string) $canonical, $this->secretKey, FALSE);
$hmac = base64_encode($binary);
return 'HMAC ' . $this->accessKey . ':' . $hmac;
}
public function getMakeAPICall() {
$headers = array('Accept' => 'application/json');
$url = $this->generateEndpoint('example');
$params = array();
if (!empty($this->customerSite)) {
$params['customerSite'] = $this->customerSite;
}
$auth_header = $this->getAuthHeader('GET', $url, $params, $headers);
$headers += array('Authorization' => $auth_header);
$querystring = empty($this->customerSite) ? '' : '?customerSite=' . rawurlencode($this->customerSite);
$response = $this->httpClient()->get($url . $querystring, $headers);
}
}
Site Factory¶
acsf-backups.php¶
<?php
use GuzzleHttp\Client;
use GuzzleHttp\Exception\RequestException;
require 'vendor/autoload.php';
$config = [
'url' => 'https://www.[CLIENT].acsitefactory.com/api/v1/sites/',
'api_user' => '',
'api_key' => '',
'sites' => [],
'backup_retention' => 30,
'limit' => 100,
'components' => ['database', 'public files', 'private files', 'themes'],
];
if ($argc < 2 || $argc > 4 || !in_array($argv[1], array('backup-add', 'backup-del'), TRUE)) {
$help = <<<EOT
Usage: php application.php parameter [sites] [backup_retention=30].
Where:
- parameter is one of {backup-add, backup-del}
- [sites] is be either a comma separated list (e.g. 111,222,333) or 'all'
- [backup_retention] the number of days for which the backups should be retained. If passed this threshold they will be deleted when using backup-del command (defaults to 30 days)
EOT;
echo $help;
exit(1);
}
if ($config['limit'] > 100) {
$config['limit'] = 100;
}
if ($argc >= 3) {
if ($argv[2] == 'all') {
$config['sites'] = get_all_sites($config);
}
else {
$no_spaces = str_replace(' ', '', $argv[2]);
$config['sites'] = array_filter(explode(',', $no_spaces), "id_check");
$config['sites'] = array_unique($config['sites']);
}
}
if ($argc >= 4 && id_check($argv[3])) {
$config['backup_retention'] = $argv[3];
}
function id_check($id) {
return is_numeric($id) && $id > 0;
}
function get_all_sites($config) {
$page = 1;
$sites = array();
printf("Getting all sites - Limit / request: %d\n", $config['limit']);
do {
printf("Getting sites page: %d\n", $page);
$method = 'GET';
$url = $config['url'] . "?limit=" . $config['limit'] . "&page=" . $page;
$has_another_page = FALSE;
$res = request($url, $method, $config);
if ($res->getStatusCode() != 200) {
echo "Error whilst fetching site list!\n";
exit(1);
}
$next_page_header = $res->getHeader('link');
$response = json_decode($res->getBody()->getContents());
if (!empty($next_page_header) && strpos($next_page_header[0], 'rel="next"') !== FALSE) {
$has_another_page = TRUE;
$page++;
}
foreach ($response->sites as $site) {
$sites[] = $site->id;
}
} while ($has_another_page);
return $sites;
}
function get_request_auth($config) {
return [
'auth' => [$config['api_user'], $config['api_key']],
];
}
function request($url, $method, $config, $form_params = []) {
$client = new Client(['http_errors' => FALSE]);
$parameters = get_request_auth($config);
if ($form_params) {
$parameters['form_params'] = $form_params;
}
try {
$res = $client->request($method, $url, $parameters);
return $res;
}
catch (RequestException $e) {
printf("Request exception!\nError message %s\n", $e->getMessage());
}
return NULL;
}
function backup_del($backups, $site_id, $config) {
$time = $config['backup_retention'] . ' days ago';
foreach ($backups as $backup) {
$timestamp = $backup->timestamp;
if ($timestamp < strtotime($time)) {
printf("Deleting %s with backup (ID: %d).\n", $backup->label, $backup->id);
$method = 'DELETE';
$url = $config['url'] . $site_id . '/backups/' . $backup->id;
$res = request($url, $method, $config);
if (!$res || $res->getStatusCode() != 200) {
printf("Error! Whilst deleting backup ID %d. Please check the above messages for the full error.\n", $backup->id);
continue;
}
$task = json_decode($res->getBody()->getContents())->task_id;
printf("Deleting backup (ID: %d) with task ID %d.\n", $backup->id, $task);
}
else {
printf("Keeping %s since it was created sooner than %s (ID: %d).\n", $backup->label, $time, $backup->id);
}
}
}
function backup($operation, $config) {
if ($operation === 'backup-add') {
$endpoint = '/backup';
$message = "Creating backup for site ID %d.\n";
$method = 'POST';
$form_params = [
'components' => $config['components'],
];
}
else {
$endpoint = '/backups?limit=100';
$message = "Retrieving old backups for site ID %d.\n";
$method = 'GET';
$form_params = [];
}
for ($i = 0; $i < count($config['sites']); $i++) {
$url = $config['url'] . $config['sites'][$i] . $endpoint;
$res = request($url, $method, $config, $form_params);
$message_site = sprintf($message, $config['sites'][$i]);
if (!$res) {
printf('Error whilst %s', $message_site);
printf("Please check the above messages for the full error.\n");
continue;
}
elseif ($res->getStatusCode() != 200) {
if ($res->getStatusCode() == 404 && $operation == 'backup-del') {
printf("Site ID %d has no backups.\n", $config['sites'][$i]);
}
else {
printf('Error whilst %s', $message_site);
printf("HTTP code %d\n", $res->getStatusCode());
$body = json_decode($res->getBody()->getContents());
printf("Error message: %s\n", $body ? $body->message : '<empty>');
}
continue;
}
echo $message_site;
if ($operation == 'backup-del') {
backup_del(json_decode($res->getBody()->getContents())->backups, $config['sites'][$i], $config);
}
}
}
backup($argv[1], $config);
acsfd8+.memcache.settings.php¶
<?php
use Composer\Autoload\ClassLoader;
if (!function_exists('get_deployment_id')) {
function get_deployment_id() {
static $id = NULL;
if ($id == NULL) {
$site_settings = $GLOBALS['gardens_site_settings'];
$deployment_id_file = "/mnt/www/site-php/{$site_settings['site']}.{$site_settings['env']}/.vcs_head_ref";
if (is_readable($deployment_id_file)) {
$id = file_get_contents($deployment_id_file);
if ($id === FALSE) {
$id = NULL;
}
}
else {
$id = NULL;
}
}
return $id;
}
}
if (getenv('AH_SITE_ENVIRONMENT') &&
array_key_exists('memcache', $settings) &&
array_key_exists('servers', $settings['memcache']) &&
!empty($settings['memcache']['servers'])
) {
$memcache_exists = class_exists('Memcache', FALSE);
$memcached_exists = class_exists('Memcached', FALSE);
$memcache_services_yml = DRUPAL_ROOT . '/modules/contrib/memcache/memcache.services.yml';
$memcache_module_is_present = file_exists($memcache_services_yml);
if ($memcache_module_is_present && ($memcache_exists || $memcached_exists)) {
if ($memcached_exists) {
$settings['memcache']['extension'] = 'Memcached';
}
if (class_exists(ClassLoader::class)) {
$class_loader = new ClassLoader();
$class_loader->addPsr4('Drupal\\memcache\\', DRUPAL_ROOT . '/modules/contrib/memcache/src');
$class_loader->register();
$settings['container_yamls'][] = $memcache_services_yml;
$settings['memcache']['options'][Memcached::OPT_COMPRESSION] = TRUE;
$settings['memcache']['key_prefix'] = sprintf('%s%s_', $conf['acquia_hosting_site_info']['db']['name'], get_deployment_id());
$settings['memcache']['options'][Memcached::OPT_TCP_NODELAY] = TRUE;
$settings['bootstrap_container_definition'] = [
'parameters' => [],
'services' => [
'database' => [
'class' => 'Drupal\Core\Database\Connection',
'factory' => 'Drupal\Core\Database\Database::getConnection',
'arguments' => ['default'],
],
'settings' => [
'class' => 'Drupal\Core\Site\Settings',
'factory' => 'Drupal\Core\Site\Settings::getInstance',
],
'memcache.settings' => [
'class' => 'Drupal\memcache\MemcacheSettings',
'arguments' => ['@settings'],
],
'memcache.factory' => [
'class' => 'Drupal\memcache\Driver\MemcacheDriverFactory',
'arguments' => ['@memcache.settings'],
],
'memcache.timestamp.invalidator.bin' => [
'class' => 'Drupal\memcache\Invalidator\MemcacheTimestampInvalidator',
'arguments' => ['@memcache.factory', 'memcache_bin_timestamps', 0.001],
],
'memcache.backend.cache.container' => [
'class' => 'Drupal\memcache\DrupalMemcacheInterface',
'factory' => ['@memcache.factory', 'get'],
'arguments' => ['container'],
],
'cache_tags_provider.container' => [
'class' => 'Drupal\Core\Cache\DatabaseCacheTagsChecksum',
'arguments' => ['@database'],
],
'cache.container' => [
'class' => 'Drupal\memcache\MemcacheBackend',
'arguments' => [
'container',
'@memcache.backend.cache.container',
'@cache_tags_provider.container',
'@memcache.timestamp.invalidator.bin',
'@memcache.settings',
],
],
],
];
$settings['cache']['bins']['depcalc'] = 'cache.backend.database';
$settings['cache']['bins']['bootstrap'] = 'cache.backend.memcache';
$settings['cache']['bins']['discovery'] = 'cache.backend.memcache';
$settings['cache']['bins']['config'] = 'cache.backend.memcache';
$settings['cache']['default'] = 'cache.backend.memcache';
}
}
}
api-dbupdate.txt¶
#!/bin/sh
source $(dirname "$0")/includes/global-api-settings.inc.sh
env="$1"
branch="$2"
update_type="$3"
if [ "$update_type" == "code,db" ]
then
update_type="code, db"
fi
curl "https://www.${env}-[domain].acsitefactory.com/api/v1/update" \
-v -u ${user}:${api_key} -k -X POST \
-H 'Content-Type: application/json' \
-d "{\"sites_ref\": \"${branch}\", \"sites_type\": \"${update_type}\"}"
acsf-cache-lifetime.php¶
<?php
/**
* @file
*
* This post-settings-php hook is created to conditionally set the cache
* lifetime of Drupal to be a value that is greater than 300 (5 minutes).
* It also does not let you set it to be lower than 5 minutes.
*
* This does not fire on Drush requests, as it interferes with site creation.
* It also means that drush will report back incorrect values for the
* cache lifetime, so using a real browser is the easiest way to validate
* what the current settings are.
*
* How to enable this for a site:
* - drush vset acsf_allow_override_page_cache 1
* - drush vset page_cache_maximum_age 3600
*/
if (!drupal_is_cli()) {
$result = db_query("SELECT value FROM {variable} WHERE name = 'acsf_allow_override_page_cache';")->fetchField();
if ($result) {
$acsf_allow_override_page_cache = unserialize($result);
if ($acsf_allow_override_page_cache) {
$result = db_query("SELECT value FROM {variable} WHERE name = 'page_cache_maximum_age';")->fetchField();
// An empty array indicates no value was set in the database, so we ignore
// the site.
if ($result) {
$page_cache_maximum_age = (int) unserialize($result);
if ($page_cache_maximum_age > 300) {
$conf['page_cache_maximum_age'] = $page_cache_maximum_age;
}
}
}
}
}
acsf-hook-tx-isolation.php¶
<?php
/**
* @file
* Example implementation of ACSF post-settings-php hook.
*
* @see https://docs.acquia.com/site-factory/extend/hooks
*/
// Changing the database transaction isolation level from `REPEATABLE-READ`
// to `READ-COMMITTED` to avoid/minimize the deadlocks.
// @see https://support-acquia.force.com/s/article/360005253954-Fixing-database-deadlocks
// for reference.
$databases['default']['default']['init_commands'] = [
'isolation' => "SET SESSION tx_isolation='READ-COMMITTED'",
];
if (file_exists('/var/www/site-php')) {
acquia_hosting_db_choose_active($conf['acquia_hosting_site_info']['db'], 'default', $databases, $conf);
}