Group items tagged

view templates are written in a language called ERB (Embedded Ruby) which is converted by the request cycle in Rails before being sent to the user.

Each action's purpose is to collect information to provide it to a view.

A view's purpose is to display this information in a human readable format.

routing file which holds entries in a special DSL (domain-specific language) that tells Rails how to connect incoming requests to controllers and actions.

You can create, read, update and destroy items for a resource and these operations are referred to as CRUD operations

A controller is simply a class that is defined to inherit from ApplicationController.

If not found, then it will attempt to load a template called application/new. It looks for one here because the PostsController inherits from ApplicationController

:formats specifies the format of template to be served in response. The default format is :html, and so Rails is looking for an HTML template.

:handlers, is telling us what template handlers could be used to render our template.

When you call form_for, you pass it an identifying object for this form. In this case, it's the symbol :post. This tells the form_for helper what this form is for.

that the action attribute for the form is pointing at /posts/new

When a form is submitted, the fields of the form are sent to Rails as parameters.

parameters can then be referenced inside the controller actions, typically to perform a particular task

params method is the object which represents the parameters (or fields) coming in from the form.

Active Record is smart enough to automatically map column names to model attributes,

Rails uses rake commands to run migrations, and it's possible to undo a migration after it's been applied to your database

every Rails model can be initialized with its respective attributes, which are automatically mapped to the respective database columns.

migration creates a method named change which will be called when you run this migration.

The action defined in this method is also reversible, which means Rails knows how to reverse the change made by this migration, in case you want to reverse it later

Migration filenames include a timestamp to ensure that they're processed in the order that they were created.

@post.save returns a boolean indicating whether the model was saved or not.

prevents an attacker from setting the model's attributes by manipulating the hash passed to the model.

If you want to link to an action in the same controller, you don't need to specify the :controller option, as Rails will use the current controller by default.

inherits from ActiveRecord::Base

Rails includes methods to help you validate the data that you send to models

Rails can validate a variety of conditions in a model, including the presence or uniqueness of columns, their format, and the existence of associated objects.

redirect_to will tell the browser to issue another request.

rendering is done within the same request as the form submission

Each request for a comment has to keep track of the post to which the comment is attached, thus the initial call to the find method of the Post model to get the post in question.

pluralize is a rails helper that takes a number and a string as its arguments. If the number is greater than one, the string will be automatically pluralized.

The render method is used so that the @post object is passed back to the new template when it is rendered.

it accepts a hash containing the attributes that you want to update.

field_with_errors. You can define a css rule to make them standout

belongs_to :post, which sets up an Active Record association

creates comments as a nested resource within posts

call destroy on Active Record objects when you want to delete them from the database.

Rails allows you to use the dependent option of an association to achieve this.

store all external data as UTF-8

you're better off ensuring that all external data is UTF-8

use UTF-8 as the internal storage of your database

Rails defaults to converting data from your database into UTF-8 at the boundary.

:patch

By default forms built with the form_for helper are sent via POST

The :method and :'data-confirm' options are used as HTML5 attributes so that when the link is clicked, Rails will first show a confirm dialog to the user, and then submit the link with method delete. This is done via the JavaScript file jquery_ujs which is automatically included into your application's layout (app/views/layouts/application.html.erb) when you generated the application.

Without this file, the confirmation dialog box wouldn't appear.

just defines the partial template we want to render

As the render method iterates over the @post.comments collection, it assigns each comment to

use the authentication system

require and permit

the method is often made private to make sure it can't be called outside its intended context.

native database constraints

client-side validations

controller-level validations

Database constraints and/or stored procedures make the validation mechanisms database-dependent and can make testing and maintenance more difficult

Client-side validations can be useful, but are generally unreliable

combined with other techniques, client-side validation can be a convenient way to provide users with immediate feedback

it's a good idea to keep your controllers skinny

Active Record uses the new_record? instance method to determine whether an object is already in the database or not.

Creating and saving a new record will send an SQL INSERT operation to the database. Updating an existing record will send an SQL UPDATE operation instead. Validations are typically run before these commands are sent to the database

The bang versions (e.g. save!) raise an exception if the record is invalid.

save and update return false

create just returns the object

be used with caution

update_all

save also has the ability to skip validations if passed validate: false as argument.

valid? triggers your validations and returns true if no errors

After Active Record has performed validations, any errors found can be accessed through the errors.messages instance method

By definition, an object is valid if this collection is empty after running validations.

validations are not run when using new.

invalid? is simply the inverse of valid?.

To verify whether or not a particular attribute of an object is valid, you can use errors[:attribute]. I

Every time a validation fails, an error message is added to the object's errors collection,

All of them accept the :on and :message options, which define when the validation should be run and what message should be added to the errors collection if it fails, respectively.

validates that a checkbox on the user interface was checked when a form was submitted.

agree to your application's terms of service

use this helper when your model has associations with other models and they also need to be validated

valid? will be called upon each one of the associated objects.

work with all of the association types

Don't use validates_associated on both ends of your associations.

each associated object will contain its own errors collection

errors do not bubble up to the calling model

when you have two text fields that should receive exactly the same content

This validation creates a virtual attribute whose name is the name of the field that has to be confirmed with "_confirmation" appended.

To require confirmation, make sure to add a presence check for the confirmation attribute

this set can be any enumerable object.

The exclusion helper has an option :in that receives the set of values that will not be accepted for the validated attributes.

:in option has an alias called :within

validates the attributes' values by testing whether they match a given regular expression, which is specified using the :with option.

attribute does not match the regular expression by using the :without option.

validates that the attributes' values are included in a given set

:in option has an alias called :within

specify length constraints

:minimum

:maximum

:in (or :within)

:is - The attribute length must be equal to the given value.

:wrong_length, :too_long, and :too_short options and %{count} as a placeholder for the number corresponding to the length constraint being used.

split the value in a different way using the :tokenizer option:

validates that your attributes have only numeric values

By default, it will match an optional sign followed by an integral or floating point number.

set :only_integer to true.

allows a trailing newline character.

:greater_than

:greater_than_or_equal_to

:equal_to

:less_than

:less_than_or_equal_to

:odd - Specifies the value must be an odd number if set to true.

:even - Specifies the value must be an even number if set to true.

validates that the specified attributes are not empty

if the value is either nil or a blank string

validate associated records whose presence is required, you must specify the :inverse_of option for the association

an association is present, you'll need to test whether the associated object itself is present, and not the foreign key used to map the association

false.blank? is true

ensure the value will NOT be nil

validates that the specified attributes are absent

not either nil or a blank string

be sure that an association is absent

false.present? is false

validate the absence of a boolean field you should use validates :field_name, exclusion: { in: [true, false] }.

validates that the attribute's value is unique right before the object gets saved

a :scope option that you can use to specify other attributes that are used to limit the uniqueness check

a :case_sensitive option that you can use to define whether the uniqueness constraint will be case sensitive or not.

There is no default error message for validates_with.

To implement the validate method, you must have a record parameter defined, which is the record to be validated.

passes the record to a separate class for validation

validates attributes against a block

The block receives the record, the attribute's name and the attribute's value. You can do anything you like to check for valid data within the block

will let validation pass if the attribute's value is blank?, like nil or an empty string

the :message option lets you specify the message that will be added to the errors collection when validation fails

skips the validation when the value being validated is nil

specify when the validation should happen

raise ActiveModel::StrictValidationFailed when the object is invalid

You can do that by using the :if and :unless options, which can take a symbol, a string, a Proc or an Array.

use the :if option when you want to specify when the validation should happen

using eval and needs to contain valid Ruby code.

Using a Proc object gives you the ability to write an inline condition instead of a separate method

have multiple validations use one condition, it can be easily achieved using with_options.

implement a validate method which takes a record as an argument and performs the validation on it

validates_with method

implement a validate_each method which takes three arguments: record, attribute, and value

combine standard validations with your own custom validators.

:expiration_date_cannot_be_in_the_past,    :discount_cannot_be_greater_than_total_value

By default such validations will run every time you call valid?

errors[] is used when you want to check the error messages for a specific attribute.

Returns an instance of the class ActiveModel::Errors containing all errors.

lets you manually add messages that are related to particular attributes

using []= setter

errors[:base] is an array, you can simply add a string to it and it will be used as an error message.

use this method when you want to say that the object is invalid, no matter the values of its attributes.

clear all the messages in the errors collection

calling errors.clear upon an invalid object won't actually make it valid: the errors collection will now be empty, but the next time you call valid? or any method that tries to save this object to the database, the validations will run again.

the total number of error messages for the object.

.errors.full_messages.each

.field_with_errors

When braces are used, the matching ending brace is the first ‘}’ not escaped by a backslash or within a quoted string, and not within an embedded arithmetic expansion, command substitution, or parameter expansion.

${parameter}

braces are required

If the first character of parameter is an exclamation point (!), and parameter is not a nameref, it introduces a level of variable indirection.

${parameter:-word} If parameter is unset or null, the expansion of word is substituted. Otherwise, the value of parameter is substituted.

${parameter:?word} If parameter is null or unset, the expansion of word (or a message to that effect if word is not present) is written to the standard error and the shell, if it is not interactive, exits.

${parameter:offset} ${parameter:offset:length}

Substring expansion applied to an associative array produces undefined results.

${parameter/pattern/string} The pattern is expanded to produce a pattern just as in filename expansion.

If pattern begins with ‘/’, all matches of pattern are replaced with string.

Normally only the first match is replaced

The ‘^’ operator converts lowercase letters matching pattern to uppercase

the ‘,’ operator converts matching uppercase letters to lowercase.

If the variable is empty (as it is by default) that character is the standard tab character.

“else if” non-nested conditionals

.ONESHELL special target

target-specific and pattern-specific

“shortest stem” method of choosing which pattern

make searches for included makefiles (see Including Other Makefiles)

Commands are reusable sets of steps that you can invoke with specific parameters within an existing job.

you can pass my-executor as the value of a name key under executor. This method is primarily employed when passing parameters to executor invocations.

Development orbs are mutable and expire after 90 days.

Production Orbs are immutable and durable.

CircleCI allows development orbs that have versions that start with dev:

Production orbs are immutable

Each installation of CircleCI, including circleci.com, has only one registry where orbs can be kept.

Organization Admins publish production orbs.

Organization members publish development orbs

You must invoke jobs in the workflow stanza of config.yml file, making sure to pass any necessary parameters as subkeys to the job.

ED25519 is more vulnerable to quantum computation than is RSA

best practice to be using a hardware token

to use a yubikey via gpg: with this method you use your gpg subkey as an ssh key

sit down and spend an hour thinking about your backup and recovery strategy first

allows you to revoke a single credential if you lose (control over) that device

If a private key ever turns up on the wrong machine, you *know* the key and both source and destination machines have been compromised.

centralized management of authentication/authorization

I have setup a VPS, disabled passwords, and setup a key with a passphrase to gain access. At this point my greatest worry is losing this private key, as that means I can't access the server.What is a reasonable way to backup my private key?

a mountable disk image that's encrypted

a system that can update/rotate your keys across all of your servers on the fly in case one is compromised or assumed to be compromised.

different keys for different purposes per client device

fall back to password plus OTP

relying completely on the security of your disk, against either physical or cyber.

It is better to use a different passphrase for each key but it is also less convenient unless you're using a password manager (personally, I'm using KeePass)

- RSA is pretty standard, and generally speaking is fairly secure for key lengths >=2048. RSA-2048 is the default for ssh-keygen, and is compatible with just about everything.

public-key authentication has somewhat unexpected side effect of preventing MITM per this security consulting firm

Disable passwords and only allow keys even for root with PermitRootLogin without-password

You should definitely use a different passphrase for keys stored on separate computers,

In most cases, the eligible DOM elements are identified by HTML5 data attributes.

using JavaScript to progressively enhance the user experience for capable browsers without negatively impacting clients that do not support or do not enable JavaScript.

jquery-ujs attaches a handler to links with the data-method attribute

jquery-ujs attaches a handler to links or forms with the data-confirm attribute that displays a JavaScript confirmation dialog

Users double click links and buttons all the time.

Links and buttons that have a data-disable-with attribute get a click handler that disables the element and updates the text of the button to that which was provided in the data attribute and disables the button.

Thanks to jquery-ujs and Rails’ respond_with, setting remote: true is likely the quickest way to get your Rails application making AJAX requests.

Cross-Site Request Forgery (CSRF) is an attack wherein the attacker tricks the user into submitting a request to an application the user is likely already authenticated to.

a volume outlives any Containers that run within the Pod, and data is preserved across Container restarts.

Kubernetes supports many types of volumes, and a Pod can use any number of them simultaneously.

To use a volume, a Pod specifies what volumes to provide for the Pod (the .spec.volumes field) and where to mount those into Containers (the .spec.containers.volumeMounts field).

Each Container in the Pod must independently specify where to mount each volume

localnfs

cephfs

awsElasticBlockStore

glusterfs

vsphereVolume

An awsElasticBlockStore volume mounts an Amazon Web Services (AWS) EBS Volume into your Pod.

an EBS volume can be pre-populated with data, and that data can be “handed off” between Pods.

create an EBS volume using aws ec2 create-volume

the nodes on which Pods are running must be AWS EC2 instances

EBS only supports a single EC2 instance mounting a volume

check that the size and EBS volume type are suitable for your use!

A cephfs volume allows an existing CephFS volume to be mounted into your Pod.

the contents of a cephfs volume are preserved and the volume is merely unmounted.

have your own Ceph server running with the share exported

The configMap resource provides a way to inject configuration data into Pods

When referencing a configMap object, you can simply provide its name in the volume to reference it

volumeMounts: - name: config-vol mountPath: /etc/config volumes: - name: config-vol configMap: name: log-config items: - key: log_level path: log_level

create a ConfigMap before you can use it.

An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node.

By default, emptyDir volumes are stored on whatever medium is backing the node - that might be disk or SSD or network storage, depending on your environment.

you can set the emptyDir.medium field to "Memory" to tell Kubernetes to mount a tmpfs (RAM-backed filesystem)

volumeMounts: - mountPath: /cache name: cache-volume volumes: - name: cache-volume emptyDir: {}

An fc volume allows an existing fibre channel volume to be mounted in a Pod.

configure FC SAN Zoning to allocate and mask those LUNs (volumes) to the target WWNs beforehand so that Kubernetes hosts can access them.

Flocker is an open-source clustered Container data volume manager. It provides management and orchestration of data volumes backed by a variety of storage backends.

emptyDir

flocker

A flocker volume allows a Flocker dataset to be mounted into a Pod

have your own Flocker installation running

A gcePersistentDisk volume mounts a Google Compute Engine (GCE) Persistent Disk into your Pod.

Using a PD on a Pod controlled by a ReplicationController will fail unless the PD is read-only or the replica count is 0 or 1

A glusterfs volume allows a Glusterfs (an open source networked filesystem) volume to be mounted into your Pod.

have your own GlusterFS installation running

a powerful escape hatch for some applications

access to Docker internals; use a hostPath of /var/lib/docker

allowing a Pod to specify whether a given hostPath should exist prior to the Pod running, whether it should be created, and what it should exist as

specify a type for a hostPath volume

the files or directories created on the underlying hosts are only writable by root.

hostPath: # directory location on host path: /data # this field is optional type: Directory

An iscsi volume allows an existing iSCSI (SCSI over IP) volume to be mounted into your Pod.

have your own iSCSI server running

A feature of iSCSI is that it can be mounted as read-only by multiple consumers simultaneously.

A local volume represents a mounted local storage device such as a disk, partition or directory.

Compared to hostPath volumes, local volumes can be used in a durable and portable manner without manually scheduling Pods to nodes, as the system is aware of the volume’s node constraints by looking at the node affinity on the PersistentVolume.

PersistentVolume spec using a local volume and nodeAffinity

PersistentVolume volumeMode can now be set to “Block” (instead of the default value “Filesystem”) to expose the local volume as a raw block device.

When using local volumes, it is recommended to create a StorageClass with volumeBindingMode set to WaitForFirstConsumer

An nfs volume allows an existing NFS (Network File System) share to be mounted into your Pod.

have your own NFS server running with the share exported

A persistentVolumeClaim volume is used to mount a PersistentVolume into a Pod.

PersistentVolumes are a way for users to “claim” durable storage (such as a GCE PersistentDisk or an iSCSI volume) without knowing the details of the particular cloud environment.

A projected volume maps several existing volume sources into the same directory.

All sources are required to be in the same namespace as the Pod. For more details, see the all-in-one volume design document.

Each projected volume source is listed in the spec under sources

A Container using a projected volume source as a subPath volume mount will not receive updates for those volume sources.

RBD volumes can only be mounted by a single consumer in read-write mode - no simultaneous writers allowed

A secret volume is used to pass sensitive information, such as passwords, to Pods

create a secret in the Kubernetes API before you can use it

StorageOS runs as a Container within your Kubernetes environment, making local or attached storage accessible from any node within the Kubernetes cluster.

StorageOS provides block storage to Containers, accessible via a file system.

A vsphereVolume is used to mount a vSphere VMDK Volume into your Pod.

supports both VMFS and VSAN datastore.

create VMDK using one of the following methods before using with Pod.

share one volume for multiple uses in a single Pod.

volumeMounts: - name: workdir1 mountPath: /logs subPathExpr: $(POD_NAME)

env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name

Use the subPathExpr field to construct subPath directory names from Downward API environment variables

enable the VolumeSubpathEnvExpansion feature gate

emptyDir and hostPath volumes will be able to request a certain amount of space using a resource specification, and to select the type of media to use, for clusters that have several media types.

the Container Storage Interface (CSI) and Flexvolume. They enable storage vendors to create custom storage plugins without adding them to the Kubernetes repository.

Container Storage Interface (CSI) defines a standard interface for container orchestration systems (like Kubernetes) to expose arbitrary storage systems to their container workloads.

Once a CSI compatible volume driver is deployed on a Kubernetes cluster, users may use the csi volume type to attach, mount, etc. the volumes exposed by the CSI driver.

This feature requires CSIInlineVolume feature gate to be enabled:--feature-gates=CSIInlineVolume=true

In-tree plugins that support CSI Migration and have a corresponding CSI driver implemented are listed in the “Types of Volumes” section above.

Mount propagation of a volume is controlled by mountPropagation field in Container.volumeMounts.

HostToContainer - This volume mount will receive all subsequent mounts that are mounted to this volume or any of its subdirectories.

Bidirectional - This volume mount behaves the same the HostToContainer mount. In addition, all volume mounts created by the Container will be propagated back to the host and to all Containers of all Pods that use the same volume.

Edit your Docker’s systemd service file. Set MountFlags as follows:MountFlags=shared

most organizations practice continuous delivery, which means that your default branch can be deployed.

Merging everything into the master branch and frequently deploying means you minimize the amount of unreleased code, which is in line with lean and continuous delivery best practices.

you can deploy to production every time you merge a feature branch.

deploy a new version by merging master into the production branch.

you can have your deployment script create a tag on each deployment.

to have an environment that is automatically updated to the master branch

commits only flow downstream, ensures that everything is tested in all environments.

first merge these bug fixes into master, and then cherry-pick them into the release branch.

“merge request” since the final action is to merge the feature branch.

“pull request” since the first manual action is to pull the feature branch

it is common to protect the long-lived branches

After you merge a feature branch, you should remove it from the source control software

When you are ready to code, create a branch for the issue from the master branch. This branch is the place for any work related to this change.

A merge request is an online place to discuss the change and review the code.

To automatically close linked issues, mention them with the words “fixes” or “closes,” for example, “fixes #14” or “closes #67.” GitLab closes these issues when the code is merged into the default branch.

If you have an issue that spans across multiple repositories, create an issue for each repository and link all issues to a parent issue.

With Git, you can use an interactive rebase (rebase -i) to squash multiple commits into one or reorder them.

Rebasing creates new commits for all your changes, which can cause confusion because the same change would have multiple identifiers.

if someone has already reviewed your code, rebasing makes it hard to tell what changed since the last review.

always use the “no fast-forward” (--no-ff) strategy when you merge manually.

you should try to avoid merge commits in feature branches

you should never rebase commits you have pushed to a remote server

Sometimes you can reuse recorded resolutions (rerere), but merging is better since you only have to resolve conflicts once.

not frequently merge master into the feature branch.

utilizing new code,

resolving merge conflicts

updating long-running branches.

just cherry-picking a commit.

If your feature branch has a merge conflict, creating a merge commit is a standard way of solving this.

split your features into smaller units of work

you should try to prevent merge commits, but not eliminate them.

Your codebase should be clean, but your history should represent what actually happened.

Splitting up work into individual commits provides context for developers looking at your code later.

push your feature branch frequently, even when it is not yet ready for review.