ConfigLMM 0.4.0 → 0.5.0

data/Plugins/Services/DNS/PowerDNS.lmm.rb

@@ -49,10 +49,10 @@ module ConfigLMM
             def actionPowerDNSDeploy(id, target, activeState, context, options)
                 #actionPowerDNSDiff(id, target, activeState, context, options)
 
-                deploySettings(target, activeState, options)
+                deploySettings(target, activeState, context, options)
                 connect(id, target, activeState, context, options) do |host, port, key|
                     if target['TSIG']
-                        updateTSIG(host, port, key, target['TSIG'])
+                        updateTSIG(host, port, key, target, context)
                     end
                     if target['DNS']
                         updateDNS(host, port, key, target['DNS'])
@@ -64,19 +64,23 @@ module ConfigLMM
             end
 
             def cleanup(configs, state, context, options)
-                cleanupType(:PowerDNS, configs, state, context, options) do |item, id, state, context, options, ssh|
-                    if item['Deploy']
-                        Framework::LinuxApp.stopService(SERVICE_NAME, ssh, options[:dry])
-                        Framework::LinuxApp.firewallRemoveService('dns', ssh, options[:dry])
-                        Framework::LinuxApp.removePackage(PACKAGE_NAME, ssh, options[:dry])
-
-                        state.item(id)['Status'] = State::STATUS_DELETED unless options[:dry]
-
-                        if options[:destroy]
-                            item['Database'] ||= {}
-                            PostgreSQL.dropUserAndDB(item['Database'], USER, ssh, options[:dry])
-                            rm('/etc/pdns', options[:dry], ssh)
-                            state.item(id)['Status'] = State::STATUS_DESTROYED unless options[:dry]
+                cleanupType(:PowerDNS, configs, state, context, options) do |item, id, state, context, options, connection|
+                    if item['Config']['Deploy']
+                        Linux.withConnection(connection) do |linuxConnection|
+                            linuxConnection.stopService(SERVICE_NAME, options)
+                            linuxConnection.firewallRemoveService('dns', options)
+                            linuxConnection.removePackage(PACKAGE_NAME, options)
+
+                            state.item(id)['Status'] = State::STATUS_DELETED unless options[:dry]
+
+                            if options[:destroy]
+                                item['Config']['Database'] ||= {}
+                                PostgreSQL.withConnection(item['Config']['Database'], linuxConnection) do |connectionDB|
+                                    connectionDB.dropUserAndDB(USER, options)
+                                end
+                                linuxConnection.rm('/etc/pdns', options[:dry])
+                                state.item(id)['Status'] = State::STATUS_DESTROYED unless options[:dry]
+                            end
                         end
                     else
                         # TODO
@@ -129,7 +133,6 @@ module ConfigLMM
                     if !dns.list_zones(server).map { |zone| zone['name'].downcase }.include?(canonicalDomain.downcase)
                         dns.create_zone(server, canonicalDomain, [], { kind: 'Native' }.update(info['!'].to_h))
                     elsif !info['!'].to_h.empty?
-                        puts ({ kind: 'Native' }.update(info['!'].to_h).inspect)
                         dns.update_zone(server, canonicalDomain, { kind: 'Native' }.update(info['!'].to_h))
                     end
 
@@ -141,7 +144,7 @@ module ConfigLMM
                         next if name == '!'
                         fullName = Addressable::IDNA.to_ascii(name) + '.' + Addressable::IDNA.to_ascii(domain) + '.'
                         fullName = Addressable::IDNA.to_ascii(domain) + '.' if name == '@'
-                        self.processDNS(domain, data).each do |type, records|
+                        self.processDNS(domain, data, context).each do |type, records|
                             #remove += removeConflicting(zone, fullName, type)
                             rrset = {
                                 name: fullName,
@@ -151,7 +154,7 @@ module ConfigLMM
                                 records: []
                             }
                             records.each do |record|
-                                record[:content] = Addressable::IDNA.to_ascii(record[:content]) + '.' if type == 'CNAME' || type == 'ALIAS'
+                                record[:content] = Addressable::IDNA.to_ascii(record[:content]) + '.' if type == 'CNAME' || type == 'ALIAS' || type == 'NS'
                                 if type == 'MX'
                                     priority, name = record[:content].split(' ')
                                     name = Addressable::IDNA.to_ascii(name) + '.'
@@ -180,16 +183,18 @@ module ConfigLMM
 
             end
 
-            def updateTSIG(host, port, key, targetTSIG)
+            def updateTSIG(host, port, key, target, context)
                 server = 'localhost'
                 url = "http://#{host}:#{port}/api/v1/servers/#{server}/tsigkeys"
                 headers = { 'X-Api-Key' => key }
-                targetTSIG.each do |name, info|
+                target['TSIG'].each do |name, info|
                     data = { name: name, algorithm: info['Algorithm'] }
                     response = HTTP.headers(headers).post(url, json: data)
                     if response.status == 201
                         result = response.parse(:json)
-                        prompt.say("TSIG #{result['name']} key: #{result['key']}", :color => :magenta)
+                        key = result['key']
+                        context.secrets.store(target['SecretId'], "TSIG_#{result['name'].upcase}_KEY", key)
+                        context.secrets.print("TSIG #{result['name']} Key", key)
                     elsif response.status != 409
                         prompt.say(response.body.to_s, :color => :red)
                         raise 'Failed to create TSIG key!'
@@ -229,74 +234,71 @@ module ConfigLMM
                 end
             end
 
-            def deploySettings(target, activeState, options)
-                if target['Location']
-                    uri = Addressable::URI.parse(target['Location'])
-                    params = {}
-                    params = CGI.parse(uri.query) if uri.query
-                    if uri.scheme == 'ssh' && !params.key?('host')
-                        self.class.sshStart(uri) do |ssh|
-                            target['Deploy'] = !!target['Settings'] unless target.key?('Deploy')
-                            activeState['Deploy'] = target['Deploy']
-                            if target['Deploy']
-                                Framework::LinuxApp.ensurePackages([PACKAGE_NAME], ssh)
-                                Framework::LinuxApp.ensureServiceAutoStartOverSSH(SERVICE_NAME, ssh)
-                            end
+            def deploySettings(target, activeState, context, options)
+                target['Deploy'] = !!target['Settings'] unless target.key?('Deploy')
+                if target['Deploy']
+                    self.withConnection(target['Location'], target) do |connection|
+                        Linux.withConnection(connection) do |linuxConnection|
+                            linuxConnection.ensurePackages([PACKAGE_NAME], options)
+                            linuxConnection.ensureServiceAutoStart(SERVICE_NAME, options)
                             if target['Settings']
                                 prepareSettings(target)
-                                self.class.sshExec!(ssh, "mkdir -p #{CONFIG_DIR}")
-                                self.class.sshExec!(ssh, "sed -i 's|# include-dir=|include-dir=#{CONFIG_DIR}|' /etc/pdns/pdns.conf")
-                                ssh.scp.upload!(options['output'] + CONFIG_DIR + '/configlmm.conf', CONFIG_DIR + '/configlmm.conf')
+                                linuxConnection.createDirs(options, CONFIG_DIR)
+                                linuxConnection.fileReplace('/etc/pdns/pdns.conf', '# include-dir=', "include-dir=#{CONFIG_DIR}", options)
+                                linuxConnection.upload(options['output'] + CONFIG_DIR + '/configlmm.conf', CONFIG_DIR + '/configlmm.conf', options)
                                 apiKeyFile = CONFIG_DIR + '/apiKey.conf'
-                                if !self.class.remoteFilePresent?(apiKeyFile, ssh)
-                                    apiKey = ENV['POWERDNS_API_KEY']
-                                    apiKey = SecureRandom.urlsafe_base64(60) unless apiKey
-                                    self.class.sshExec!(ssh, " echo 'api-key=#{apiKey}' > #{apiKeyFile}")
-                                    self.class.sshExec!(ssh, " chown #{USER}:#{USER} #{apiKeyFile}")
-                                    self.class.sshExec!(ssh, " chmod 400 #{apiKeyFile}")
-                                    prompt.say("PowerDNS API Key: #{apiKey}", )
+                                apiKey = context.secrets.load(target['SecretId'], 'POWERDNS_API_KEY')
+                                if linuxConnection.filePresent?(apiKeyFile, options)
+                                    if !apiKey
+                                        if options['dry']
+                                            linuxConnection.exec("cat #{apiKeyFile} | grep api-key | cut -d '=' -f 2", false, options)
+                                        end
+                                        apiKey = linuxConnection.exec("cat #{apiKeyFile} | grep api-key | cut -d '=' -f 2", false, { **options, 'dry' => false }).strip
+                                        context.secrets.store(target['SecretId'], 'POWERDNS_API_KEY', apiKey)
+                                    end
+                                else
+                                    if !apiKey
+                                        apiKey = SecureRandom.urlsafe_base64(60)
+                                        context.secrets.store(target['SecretId'], 'POWERDNS_API_KEY', apiKey)
+                                        context.secrets.print('PowerDNS API Key', apiKey)
+                                    end
+                                    linuxConnection.fileWrite(apiKeyFile, "api-key=#{apiKey}", options)
+                                    linuxConnection.setUserGroup(apiKeyFile, USER, USER, options)
+                                    linuxConnection.setPrivate(apiKeyFile, options)
+                                end
+                                if !target.key?('Database') || target['Database']
+                                    self.configurePostgreSQL(target['Settings'], linuxConnection, options)
                                 end
-                                self.configurePostgreSQL(target['Settings'], ssh)
-                            end
-                            if target['Deploy']
-                                Framework::LinuxApp.firewallAddServiceOverSSH('dns', ssh)
-                                Framework::LinuxApp.startServiceOverSSH(SERVICE_NAME, ssh)
-                                activeState['Status'] = State::STATUS_DEPLOYED
                             end
+                            linuxConnection.firewallAddService('dns', options)
+                            linuxConnection.restartService(SERVICE_NAME, options)
                         end
                     end
-                else
-                    # TODO
                 end
             end
 
-            def configurePostgreSQL(settings, ssh)
-                password = SecureRandom.alphanumeric(20)
-                if settings['gpgsql-host'] == 'localhost' || settings['gpgsql-host'].start_with?('/')
-                    PostgreSQL.createUserAndDBOverSSH(USER, password, ssh)
-                    PostgreSQL.importSQL(USER, USER, '/usr/share/doc/packages/pdns/schema.pgsql.sql', ssh)
-                    PostgreSQL.updateOwner(USER, USER, ssh)
-                else
-                    self.class.sshStart("ssh://#{settings['gpgsql-host']}/") do |ssh|
-                        PostgreSQL.createUserAndDBOverSSH(USER, password, ssh)
-                        PostgreSQL.importSQL(USER, USER, '/usr/share/doc/packages/pdns/schema.pgsql.sql', ssh)
-                        PostgreSQL.updateOwner(USER, USER, ssh)
-                    end
+            def configurePostgreSQL(settings, linuxConnection, options)
+                dbSettings = {}
+                dbSettings['HostName'] = settings['gpgsql-host']
+                dbSettings['HostName'] = 'localhost' if dbSettings['HostName'].start_with?('/')
+                PostgreSQL.withConnection(dbSettings, linuxConnection) do |postgresConnection|
+                    password = SecureRandom.alphanumeric(20)
+                    postgresConnection.createUserAndDB(USER, password, options)
+                    postgresConnection.importSQL(USER, USER, '/usr/share/doc/packages/pdns/schema.pgsql.sql', options)
+                    postgresConnection.updateOwner(USER, USER, options)
                 end
-                password
             end
 
             def connect(id, target, activeState, context, options)
                 host = DEFAULT_HOST
                 port = DEFAULT_PORT
-                key = ENV['POWERDNS_API_KEY']
-                key = target['Key'] if target['Key']
+                key = context.secrets.load(target['SecretId'], 'POWERDNS_API_KEY')
                 raise Framework::PluginProcessError.new('PowerDNS missing API key!') unless key
 
                 sshServer = nil
                 sshUser = nil
                 sshPort = nil
-                sshPassword = ENV['POWERDNS_SSH_PASSWORD']
+                sshPassword = context.secrets.load(target['SecretId'], 'POWERDNS_SSH_PASSWORD')
 
                 if target['Location']
                     uri = Addressable::URI.parse(target['Location'])

data/Plugins/Services/DNS/tonic.lmm.rb

@@ -21,17 +21,26 @@ module ConfigLMM
                 errors
             end
 
+            def getPassword(target, context)
+                tonicPassword = context.secrets.load(target['SecretId'], 'PASSWORD')
+                tonicPassword = context.secrets.load('TONIC', 'PASSWORD') if tonicPassword.nil?
+                raise Framework::PluginProcessError.new('Missing Tonic DNS password!') unless tonicPassword
+                tonicPassword
+            end
+
             def actionTonicDNSRefresh(id, target, activeState, context, options)
                 domain = target['Domain'].split('.').first
                 if domain.empty?
                     raise Framework::PluginProcessError.new('Invalid Domain for ' + id)
                 end
-                activeState['Domain'] = target['Domain']
+
+                tonicPassword = getPassword(target, context)
+
                 response = HTTP.post(EDIT_URL, :form => {
                                             command: 'editdns',
                                             error: 'badpass.htm',
                                             sld: domain,
-                                            password: ENV['TONIC_PASSWORD'],
+                                            password: tonicPassword,
                                             'B1.x' => "40",
                                             'B1.y' => "20"
                                     })
@@ -50,15 +59,15 @@ module ConfigLMM
                         raise Framework::PluginProcessError.new('Unexpected value in response for  ' + id)
                     end
                 else
-                    raise Framework::PluginProcessError.new("Couldn't refresh " + id + "! Invalid TONIC_PASSWORD ?")
+                    raise Framework::PluginProcessError.new("Couldn't refresh " + id + "! Invalid Tonic password?")
                 end
             end
 
             def actionTonicDNSDiff(id, target, activeState, context, options)
-                shouldMatch(id, 'Domain', 'Domain', target, activeState)
+                shouldMatch(id, activeState['Config'], 'Domain', target, 'Domain')
                 nameservers = activeState['Nameservers']&.transform_keys { |ns| Addressable::IDNA.to_unicode(ns) }
                 if target['Nameservers'] != nameservers
-                    @Diff.update({'Nameservers' => [target['Nameservers'], nameservers]})
+                    @Diff.update({'Nameservers' => [nameservers, target['Nameservers']]})
                 end
             end
 
@@ -73,11 +82,13 @@ module ConfigLMM
                 hosts = target['Nameservers'].keys.map { |ns| Addressable::IDNA.to_ascii(ns) }
                 addrs = target['Nameservers'].values
 
+                tonicPassword = getPassword(target, context)
+
                 response = HTTP.post(EDIT_URL, :form => {
                                             command: 'editdns',
                                             error: 'badpass.htm',
                                             sld: domain,
-                                            password: ENV['TONIC_PASSWORD'],
+                                            password: tonicPassword,
                                             'B1.x' => "40",
                                             'B1.y' => "20"
                                     })
@@ -105,18 +116,17 @@ module ConfigLMM
                                            'B1.y': 30
                                         })
 
-                    activeState['Domain'] = target['Domain']
-                    activeState['Nameservers'] = target['Nameservers']
-
                     prompt.say(Nokogiri::HTML(response.to_s).at('//title/text()'))
+                    activeState['Nameservers'] = target['Nameservers']
                 end
             end
 
             def authenticate(actionMethod, target, activeState, context, options)
-                authSecret = ENV['TONIC_PASSWORD']
+                authSecret = context.secrets.load(target['SecretId'], 'PASSWORD')
+                authSecret = context.secrets.load('TONIC', 'PASSWORD') if authSecret.nil?
                 if authSecret.to_s.empty?
-                    prompt.say('Set your Tonic DNS password to TONIC_PASSWORD as Environment Variable')
-                    raise Framework::PluginPrerequisite.new('Need TONIC_PASSWORD')
+                    prompt.say("Set your Tonic DNS password in #{target['SecretId']}_PASSWORD")
+                    raise Framework::PluginPrerequisite.new('Need Tonic DNS password!')
                 end
                 true
             end

data/lib/ConfigLMM/Framework/plugins/dns.rb

@@ -8,7 +8,7 @@ module ConfigLMM
         class DNS < Framework::Plugin
             DEFAULT_TTL = 600
 
-            def processDNS(domain, items)
+            def processDNS(domain, items, context)
                 records = {}
 
                 if items.is_a?(Hash)
@@ -25,6 +25,7 @@ module ConfigLMM
                     type, content = item.strip.split('=')
                     content = domain if content == '@'
                     content = self.class.externalIp if content == '@me'
+                    content = Variables.stringEval(content, context)
                     records[type] ||= []
                     records[type] << { type: type, content: content, ttl: DEFAULT_TTL }
                 end
@@ -32,13 +33,13 @@ module ConfigLMM
                 records
             end
 
-            def showManualDNSSteps(target, message)
+            def showManualDNSSteps(target, message, context)
                 if !target['DNS'].to_h.empty?
                     target['DNS'].each do |domain, data|
                         yield(domain)
                         prompt.say(message, :color => :magenta) if message
                         data.each do |name, data|
-                            self.processDNS(domain, data).each do |type, records|
+                            self.processDNS(domain, data, context).each do |type, records|
                                 records.each do |record|
                                     prompt.say("  * Type: #{record[:type]}\n    Name: #{name}\n    Content: #{record[:content]}", :color => :bold)
                                 end