MuranoCLI 3.1.0 → 3.2.0.beta.1

data/lib/MrMurano/Passwords.rb

@@ -13,17 +13,17 @@ require 'yaml'
 require 'MrMurano/http'
 require 'MrMurano/verbosing'
 require 'MrMurano/Config'
-require 'MrMurano/Solution'
 
 module MrMurano
-  # The Passwords class manages an end user's Murano user name and password.
-  class Passwords
+  # The LocalStorage class manages an end user's Murano user name and secrets.
+  module LocalStorage
     include Verbose
 
-    def initialize(path=nil)
-      path = $cfg.file_at('passwords', :user) if path.nil?
+    def initialize(path=nil, val_type=nil)
+      path = $cfg.file_at(val_type, :user) if path.nil?
       path = Pathname.new(path) unless path.is_a?(Pathname)
       @path = path
+      @val_type = val_type
       @data = nil
     end
 
@@ -32,7 +32,13 @@ module MrMurano
       @path.chmod(0o600)
       @path.open('rb') do |io|
         @data = YAML.load(io)
+        # The @data is, e.g., false, if the file exists but is empty.
+        @data = {} unless @data.is_a?(Hash)
       end
+    rescue StandardError => err
+      warning %(Could not load #{fancy_ticks(@val_type)} file at: #{@path})
+      error err.message
+      exit 1
     end
 
     def save
@@ -47,59 +53,100 @@ module MrMurano
       @path.chmod(0o600)
     end
 
-    def set(host, user, pass)
+    def get(key1, key2)
+      lookup(key1, key2)
+    end
+
+    def set(key1, key2, val)
       unless @data.is_a?(Hash)
-        @data = { host => { user => pass } }
+        @data = { key1 => { key2 => val } }
         return
       end
-      hd = @data[host]
+      hd = @data[key1]
       if hd.nil? || !hd.is_a?(Hash)
-        @data[host] = { user => pass }
+        @data[key1] = { key2 => val }
         return
       end
-      @data[host][user] = pass
+      @data[key1][key2] = val
     end
 
-    def get(host, user)
-      return ENV['MURANO_PASSWORD'] unless ENV['MURANO_PASSWORD'].to_s.empty?
-      unless ENV['MR_PASSWORD'].nil?
-        warning %(
-          Using deprecated environment variable, "MR_PASSWORD". Please rename to "MURANO_PASSWORD"
-        ).strip
-        return ENV['MR_PASSWORD']
-      end
-      lookup(host, user)
-    end
-
-    def lookup(host, user)
+    def lookup(key1, key2)
       return nil unless @data.is_a?(Hash)
-      return nil unless @data.key?(host)
-      return nil unless @data[host].is_a?(Hash)
-      return nil unless @data[host].key?(user)
-      @data[host][user]
+      return nil unless @data.key?(key1)
+      return nil unless @data[key1].is_a?(Hash)
+      return nil unless @data[key1].key?(key2)
+      @data[key1][key2]
     end
 
-    ## Remove the password for a user.
-    def remove(host, user)
+    ## Remove the value (password or token) for a doubly-keyed item (host => user).
+    def remove(key1, key2)
       return unless @data.is_a?(Hash)
-      hd = @data[host]
+      hd = @data[key1]
       return unless !hd.nil? && hd.is_a?(Hash)
       if $cfg['tool.dry']
         MrMurano::Verbose.whirly_interject do
-          say(%(--dry: Not removing password for #{fancy_ticks("#{user}@#{host}")}))
+          say(%(--dry: Not removing #{@val_type} for #{fancy_ticks("#{key2}@#{host}")}))
         end
         return
       end
-      @data[host].delete(user) if hd.key?(user)
+      @data[key1].delete(key2) if hd.key?(key2)
+      @data.delete(key1) if @data[key1].empty?
     end
 
-    ## Get all hosts and usernames. Does not return passwords.
+    ## Get all first- and second-level keys. Does not return values.
+    ## E.g., get all hosts and usernames, but not passwords (or tokens).
     def list
       ret = {}
-      @data.each_pair { |key, value| ret[key] = value.keys } unless @data.nil?
+      unless @data.nil?
+        @data.each_pair do |key1, key2_lkup|
+          ret[key1] = key2_lkup.keys
+        end
+      end
       ret
-      # MAYBE/2017-08-17:
-      #   sort_by_name(ret)
+    end
+  end
+end
+
+module MrMurano
+  # The Passwords class manages an end user's Murano user name and password.
+  class Passwords
+    include LocalStorage
+
+    FILENAME = 'passwords'
+
+    def initialize(path=nil, val_type=nil)
+      val_type = FILENAME if path.nil?
+      super
+    end
+
+    def get(host, user)
+      return ENV['MURANO_PASSWORD'] unless ENV['MURANO_PASSWORD'].to_s.empty?
+      unless ENV['MR_PASSWORD'].nil?
+        warning %(
+          Using deprecated environment variable, "MR_PASSWORD". Please rename to "MURANO_PASSWORD"
+        ).strip
+        return ENV['MR_PASSWORD']
+      end
+      super
+    end
+  end
+end
+
+module MrMurano
+  # The Tokens class manages an end user's Murano user name and tokens.
+  class Tokens
+    include LocalStorage
+
+    FILENAME = 'tokens'
+
+    def initialize(path=nil, val_type=nil)
+      val_type = FILENAME if path.nil?
+      super
+    end
+
+    def get(host, user)
+      return ENV['MURANO_TOKEN'] unless ENV['MURANO_TOKEN'].to_s.empty?
+      super
     end
   end
 end

data/lib/MrMurano/ReCommander.rb

@@ -78,6 +78,8 @@ module Commander
     alias old_run_active_command run_active_command
     def run_active_command
       exit @command_exit if defined?(@command_exit) && @command_exit
+      $cfg.must_be_valid_values!
+
       section = active_command.name
       hooked = MrMurano::Hooked.new(section)
       hooked.check_run_pre_hook

data/lib/MrMurano/Solution.rb

@@ -7,19 +7,20 @@
 
 require 'rainbow'
 require 'uri'
-require 'MrMurano/http'
 require 'MrMurano/verbosing'
+require 'MrMurano/AccountBase'
 require 'MrMurano/Config'
 require 'MrMurano/SolutionId'
 require 'MrMurano/SyncUpDown'
 
 module MrMurano
   class SolutionBase
-    include Http
+    include AccountBase
     include Verbose
     include SolutionId
 
     def initialize(from=nil)
+      super()
       @uriparts_apidex = 1
       # Introspection. Feels hacky.
       if from.is_a? MrMurano::Solution

data/lib/MrMurano/SyncRoot.rb

@@ -5,6 +5,8 @@
 # vim:tw=0:ts=2:sw=2:et:ai
 # Unauthorized copying of this file is strictly prohibited.
 
+require 'singleton'
+
 module MrMurano
   ## Track what things are syncable.
   class SyncRoot

data/lib/MrMurano/Webservice.rb

@@ -7,8 +7,8 @@
 
 require 'uri'
 require 'MrMurano/Config'
-require 'MrMurano/http'
 require 'MrMurano/verbosing'
+require 'MrMurano/AccountBase'
 require 'MrMurano/SolutionId'
 require 'MrMurano/SyncUpDown'
 
@@ -16,11 +16,12 @@ module MrMurano
   ## The details of talking to the Webservice service.
   module Webservice
     class WebserviceBase
-      include Http
+      include AccountBase
       include Verbose
       include SolutionId
 
       def initialize
+        super
         @solntype = 'application.id'
         @uriparts_apidex = 1
         init_api_id!

data/lib/MrMurano/commands/business.rb

@@ -65,7 +65,7 @@ end
 
 def cmd_verify_args_and_id_or_name!(args, options)
   return unless args.none? && (options.id || options.name)
-  MrMurano::Verbose.warning(
+  MrMurano::Verbose.error(
     'The --id and --name options only apply when specifying a business name or ID.'
   )
   exit 1
@@ -229,7 +229,7 @@ end
 
 def cmd_business_find_and_output(args, options)
   cmd_verify_args_and_id_or_name!(args, options)
-  acc = MrMurano::Account.instance
+  acc = MrMurano::Account.new
   bizz = cmd_business_find_businesses(acc, args, options)
   if bizz.empty? && !options.idonly
     MrMurano::Verbose.error(MSG_BUSINESSES_NONE_FOUND)

data/lib/MrMurano/commands/globals.rb

@@ -5,6 +5,7 @@
 # vim:tw=0:ts=2:sw=2:et:ai
 # Unauthorized copying of this file is strictly prohibited.
 
+require 'MrMurano/verbosing'
 require 'MrMurano/Config'
 
 global_option('--[no-]color', %(Disable fancy output)) do |value|
@@ -93,3 +94,43 @@ global_option('--sid VALUE', %(Override application or product ID)) do |value|
   $cfg['product.id'] = value
 end
 
+global_option(
+  '--[no-]token', %(Use token authentication (using temporary session token)),
+) do |value|
+  $cfg['auth.scheme-token'] = value
+end
+
+global_option(
+  '--[no-]basic', %(Use basic authentication (using username and password)),
+) do |value|
+  $cfg['auth.scheme-basic'] = value
+end
+
+global_option(
+  '--[no-]login', %(Cache access token for repeated use (default: true)),
+) do |value|
+  $cfg['auth.persist-token'] = value
+end
+
+global_option(
+  '--[no-]cache', %(Cache password locally for repeated use)
+) do |value|
+  $cfg['auth.persist-basic'] = value
+end
+
+global_option(
+  '--ttl TTL', %(Set token time-to-live in seconds (default: 172800)),
+) do |value|
+  # (lb): What's the point of being able to tell rb-commander the arg type, e.g.,
+  #      global_option('--ttl TTL', Integer, %(Foo))
+  # if its response to bad input is to raise an exception and dump a stack trace?
+  # Because to produce a meaningful message for the user, we have to process
+  # it ourselves anyway, like so:
+  begin
+    $cfg['auth.ttl'] = Integer(value)
+  rescue ArgumentError => _err
+    MrMurano::Verbose.error(%(Token TTL not an integer: #{value}))
+    exit 1
+  end
+end
+

data/lib/MrMurano/commands/init.rb

@@ -134,7 +134,7 @@ command :init do |c|
     c.verify_arg_count!(args, 1)
     options.default(refresh: false, purge: false, sync: true, mkdirs: true)
 
-    acc = MrMurano::Account.instance
+    acc = MrMurano::Account.new
     validate_dir!(acc, args, options)
 
     puts('')

data/lib/MrMurano/commands/login.rb

@@ -25,7 +25,9 @@ If you are having trouble logging in, try deleting the saved password first:
 
   c.action do |args, options|
     c.verify_arg_count!(args)
-    tok = MrMurano::Account.instance.token
+    # By default, unless user specified --no-token or --basic,
+    # Account will save the token to the tokens file.
+    tok = MrMurano::Account.new.token
     say tok if options.show_token
   end
 end
@@ -41,17 +43,39 @@ it will remove that user's password from the password file.
 
 Essentially, this command is the same as:
 
-  murano password delete <username>
-  murano password delete <username>/twofactor
-  murano config --unset --user user.name
+  cur_user="$(murano config user.name)"
+  murano password delete "${cur_user}"
+  murano token delete
+  if [[ "${cur_user}" == "$(murano config user.name --user)" ]]; then
+    murano config --unset --user user.name
+    murano config --unset --user business.id
+    murano config --unset --user business.name
+  fi
   ).strip
   c.project_not_required = true
 
-  c.option '--token', 'Remove just the two-factor token'
+  c.option '--keep-user', 'Only delete the token and clear the password'
 
   c.action do |args, options|
     c.verify_arg_count!(args)
-    MrMurano::Account.instance.logout(options.token)
+
+    MrMurano::Account.new.logout(keep_user: options.keep_user)
+  end
+end
+
+command 'whoami' do |c|
+  c.syntax = %(murano whoami)
+  c.summary = %(Who are you?)
+  c.description = %(
+Show user.name of current working directory
+
+Essentially, this command is the same as:
+
+  murano config user.name
+  ).strip
+  c.project_not_required = true
+  c.action do |_args, _options|
+    puts $cfg['user.name']
   end
 end
 

data/lib/MrMurano/commands/logs.rb

@@ -138,11 +138,6 @@ Used to group logs together for one endpoint request.
     ).strip
   end
 
-  # NOTE (landonb): The Service & Script Debug Log RFC mentions 'subject',
-  #                 but I've never seen it in any debug log reply.
-  #    The Subject line can be used for a short summary.
-  #    It should be shorter than 80 characters.
-
   def cmd_add_examples(cmd)
     cmd.example %(
       View the last 100 product log entries
@@ -173,7 +168,7 @@ Used to group logs together for one endpoint request.
     ).strip, 'murano logs --follow -T :script'
 
     cmd.example %(
-      Show last 100 logs with any severity level expect DEBUG
+      Show last 100 logs with any severity level except DEBUG
     ).strip, 'murano logs --severity 0-6'
 
     cmd.example %(

data/lib/MrMurano/commands/password.rb

@@ -5,13 +5,14 @@
 # vim:tw=0:ts=2:sw=2:et:ai
 # Unauthorized copying of this file is strictly prohibited.
 
+require 'MrMurano/Passwords'
 require 'MrMurano/ReCommander'
 
 command :password do |c|
   c.syntax = %(murano password)
   c.summary = %(About password commands)
   c.description = %(
-Commands for working with usernames and passwords.
+    Commands for working with usernames and passwords.
   ).strip
   c.project_not_required = true
   c.subcmdgrouphelp = true
@@ -25,9 +26,9 @@ alias_command 'password current', :config, 'user.name'
 
 command 'password list' do |c|
   c.syntax = %(murano password list)
-  c.summary = %(List the usernames with saved passwords)
+  c.summary = %(List the usernames and hosts with saved passwords)
   c.description = %(
-List the usernames and hosts that have been saved.
+    List the usernames and hosts that have a password saved locally.
   ).strip
   c.project_not_required = true
 
@@ -43,6 +44,7 @@ List the usernames and hosts that have been saved.
       dd.each_pair do |key, value|
         value.each { |v| rows << [key, v] }
       end
+      rows.sort_by! { |kv| kv[0] }
       psd.tabularize(
         { rows: rows, headers: %i[Host Username] },
         ios
@@ -53,13 +55,13 @@ end
 alias_command 'passwords list', 'password list'
 
 command 'password set' do |c|
-  c.syntax = %(murano password set <username> [<host>])
-  c.summary = %(Set password for username)
+  c.syntax = %(murano password set [<username>] [<host>])
+  c.summary = %(Set password for username and host)
   c.description = %(
-Set password for username.
+    Set password for username and host.
   ).strip
   c.option '--password PASSWORD', String, %(The password to use)
-  c.option '--from_env', %(Use password in MURANO_PASSWORD)
+  c.option '--from-env', %(Use password in MURANO_PASSWORD)
   c.project_not_required = true
 
   c.action do |args, options|
@@ -76,7 +78,7 @@ Set password for username.
     elsif options.from_env
       pws = ENV['MURANO_PASSWORD']
     else
-      pws = ask('Password:  ') { |q| q.echo = '*' }
+      pws = ask('Password: ') { |q| q.echo = '*' }
     end
     psd.set(host, username, pws)
     psd.save
@@ -85,13 +87,15 @@ end
 
 command 'password delete' do |c|
   c.syntax = %(murano password delete <username> [<host>])
-  c.summary = %(Delete password for username)
+  c.summary = %(Delete password for username and host)
   c.description = %(
-Delete password for username.
+    Delete password for username and host.
   ).strip
   c.project_not_required = true
 
-  c.option('-y', '--[no-]yes', %(Answer "yes" to all prompts and run non-interactively))
+  c.option(
+    '-y', '--[no-]yes', %(Answer "yes" to all prompts and run non-interactively),
+  )
 
   c.action do |args, options|
     c.verify_arg_count!(args, 2, ['Missing username'])

data/lib/MrMurano/commands/show.rb

@@ -23,7 +23,7 @@ Show readable information about the current configuration.
   c.action do |args, options|
     c.verify_arg_count!(args)
 
-    acc = MrMurano::Account.instance
+    acc = MrMurano::Account.new
     biz = MrMurano::Business.new
 
     selected_business = nil

data/lib/MrMurano/commands/token.rb

@@ -0,0 +1,209 @@
+# Copyright © 2016-2017 Exosite LLC. All Rights Reserved
+# License: PROPRIETARY. See LICENSE.txt.
+# frozen_string_literal: true
+
+# vim:tw=0:ts=2:sw=2:et:ai
+# Unauthorized copying of this file is strictly prohibited.
+
+require 'MrMurano/verbosing'
+require 'MrMurano/Account'
+require 'MrMurano/Config'
+require 'MrMurano/HttpAuthed'
+require 'MrMurano/Passwords'
+require 'MrMurano/ReCommander'
+
+def args_parse_and_cfg_set(args, cfg_key)
+  value = args.shift
+  value = $cfg[cfg_key] if value.to_s.empty?
+  $cfg[cfg_key] = value
+end
+
+def args_parse_user_host_pair(args)
+  username = args_parse_and_cfg_set(args, 'user.name')
+  host = args_parse_and_cfg_set(args, 'net.host')
+  [username, host]
+end
+
+def args_opts_parse_token!(args, options)
+  n_specified = 0
+  token = args.shift
+  n_specified += 1 unless token.nil?
+  if options.value
+    token = options.value
+    n_specified += 1
+  end
+  if options.from_env
+    token = ENV['MURANO_TOKEN']
+    if token.to_s.empty?
+      MrMurano::Verbose.error(%(--from-env specified but MURANO_TOKEN is empty))
+      exit 1
+    end
+    n_specified += 1
+  end
+  if n_specified > 1
+    MrMurano::Verbose.error(%(Please specify only one token, --token, or --from-env))
+    exit 1
+  elsif n_specified == 0
+    token = ask('Token: ')
+  end
+  if token.to_s.empty?
+    MrMurano::Verbose.error(%(Please specify a token!))
+    unless ENV['MURANO_TOKEN'].to_s.empty?
+      MrMurano::Verbose.warning(
+        %(If you want to use MURANO_TOKEN, specify --from-env)
+      )
+    end
+    exit 1
+  end
+  token
+end
+
+command :token do |c|
+  c.syntax = %(murano token)
+  c.summary = %(About token commands)
+  c.description = %(
+    Commands for working with uesrnames and authentication tokens.
+  ).strip
+  c.project_not_required = true
+  c.subcmdgrouphelp = true
+
+  c.action do |_args, _options|
+    ::Commander::UI.enable_paging unless $cfg['tool.no-page']
+    say MrMurano::SubCmdGroupHelp.new(c).get_help
+  end
+end
+
+# DRY: This block is a lot like the 'password list' command.
+command 'token list' do |c|
+  c.syntax = %(murano token list)
+  c.summary = %(List the usernames and hosts with saved tokens)
+  c.description = %(
+    List the usernames and hosts that have a token saved locally.
+  ).strip
+  c.project_not_required = true
+
+  c.action do |args, _options|
+    c.verify_arg_count!(args)
+
+    token_file = MrMurano::Tokens.new
+    token_file.load
+
+    ret = token_file.list
+    token_file.outf(ret) do |dd, ios|
+      rows = []
+      dd.each_pair do |key, value|
+        value.each do |v|
+          rows << [key, v]
+        end
+      end
+      rows.sort_by! { |kv| kv[0] }
+      token_file.tabularize(
+        { rows: rows, headers: %i[Host Username] },
+        ios
+      )
+    end
+  end
+end
+alias_command 'tokens list', 'token list'
+
+command 'token get' do |c|
+  c.syntax = %(murano token get [<username>] [<host>])
+  c.summary = %(Get token from host for username)
+  ttls = MrMurano::Config::CFG_AUTH_DEFAULT_TTL
+  c.description = %(
+    Get token from host for username.
+
+    By default, murano will use token authentication,
+    and murano will cache the token for later use.
+
+    You can instead use password authentication on an
+    individual command basis using --basic, or permanently
+    by setting the config option auth.scheme-basic=true.
+
+    You can also choose to cache your password locally using
+    the --cache runtime option, or the auth.persist-basic
+    config value. If you would not like to cache the token,
+    specify --no-login, or set auth.persist-token=false.
+
+    When using cache token authentication, the TTL defaults
+    to 172800 seconds, or 2 days. If you choose not to persist
+    the token, the default is #{ttls} seconds. You can override the
+    TTL with the --ttl option. Note that the --ttl option only
+    pertains to token authentication, and does not affect basic
+    authentication.
+  ).strip.gsub(/^ {4}/, '')
+  c.option(
+    '--[no-]login', %(Cache access token for repeated use (default: true)),
+  )
+  c.option(
+    '--ttl TTL', Integer, %(Set token time-to-live in seconds (default: 172800)),
+  )
+  c.project_not_required = true
+  c.prompt_if_logged_off = true
+
+  c.action do |args, options|
+    c.verify_arg_count!(args, 2)
+    _username, _host = args_parse_user_host_pair(args)
+    $cfg['auth.ttl'] = options.ttl unless options.ttl.to_s.empty?
+    $cfg['auth.scheme-token'] = true
+    $cfg['auth.scheme-basic'] = false
+    # Make sure persist-token is not nil, else it'll be defaulted to true.
+    if options.login.nil?
+      $cfg['auth.persist-token'] = false
+    else
+      $cfg['auth.persist-token'] = options.login
+    end
+    $cfg['auth.persist-basic'] = false
+    # Create the Account *after* setting up $cfg.
+    acc = MrMurano::Account.new
+    # The HttpAuthed class will token_save or not, depending on persist-token.
+    token = acc.token
+    puts token
+  end
+end
+alias_command 'token fetch', 'token get'
+
+command 'token set' do |c|
+  c.syntax = %(murano token set [<username>] [<host>] [<token>])
+  c.summary = %(Set token for username and host)
+  c.description = %(
+    Set token for username and host.
+  ).strip
+  # We cannot use --token, because it's already a global_option.
+  c.option '--value TOKEN', String, %(The token to use)
+  c.option '--from-env', %(Use token in MURANO_TOKEN)
+  c.project_not_required = true
+
+  c.action do |args, options|
+    c.verify_arg_count!(args, 3)
+    username, host = args_parse_user_host_pair(args)
+    token = args_opts_parse_token!(args, options)
+    token_file = MrMurano::Tokens.new
+    token_file.load
+    token_file.set(host, username, token)
+    token_file.save
+  end
+end
+
+command 'token delete' do |c|
+  c.syntax = %(murano token delete [<username>] [<host>])
+  c.summary = %(Invalidate and delete token for username and host)
+  c.description = %(
+    Invalidate and delete token for username and host.
+  ).strip
+  c.option '--no-invalidate', %(Do not also invalidate token on server)
+  c.project_not_required = true
+
+  c.action do |args, options|
+    c.verify_arg_count!(args, 2)
+    # We confirm deleting passwords, but not throwaway tokens.
+    username, host = args_parse_user_host_pair(args)
+    # We can create an authless instance, which won't ask user for
+    # login creds, because the delete command does not need creds.
+    acc = MrMurano::Account.new(authless: true)
+    token = MrMurano::HttpAuthed.instance.token_from_file(host, username)
+    acc.invalidate_token(token) unless options.no_invalidate
+    MrMurano::HttpAuthed.instance.token_remove(host, username)
+  end
+end
+