aws-codedeploy-agent 0.0.2 → 0.0.3

data/lib/instance_agent/codedeploy_plugin/deployment_specification.rb

@@ -1,150 +0,0 @@
-require 'openssl'
-require 'instance_metadata'
-
-module InstanceAgent
-  module CodeDeployPlugin
-    class DeploymentSpecification
-      attr_accessor :deployment_id, :deployment_group_id, :revision, :revision_source
-      attr_accessor :bucket, :key, :bundle_type, :version, :etag
-      attr_accessor :external_account, :repository, :commit_id, :anonymous, :external_auth_token
-      class << self
-        attr_accessor :cert_store
-      end
-
-      def self.init_cert_store(ca_chain_path)
-        @cert_store = OpenSSL::X509::Store.new
-        begin
-          @cert_store.add_file ca_chain_path
-        rescue OpenSSL::X509::StoreError => e
-          raise "Could not load certificate store '#{ca_chain_path}'.\nCaused by: #{e.inspect}"
-        end
-        return @cert_store
-      end
-
-      @cert_store = init_cert_store(File.expand_path('../../../certs/host-agent-deployment-signer-ca-chain.pem', File.dirname(__FILE__)))
-
-      def initialize(data)
-        raise 'Deployment Spec has no DeploymentId' unless property_set?(data, "DeploymentId")
-        raise 'Deployment Spec has no DeploymentGroupId' unless property_set?(data, "DeploymentGroupId")
-
-        if data["DeploymentId"].start_with?("arn:")
-          @deployment_id = getDeploymentIdFromArn(data["DeploymentId"])
-        else
-          @deployment_id = data["DeploymentId"]
-        end
-        @deployment_group_id = data["DeploymentGroupId"]
-
-        raise 'Must specify a revison' unless data["Revision"]
-        @revision_source = data["Revision"]["RevisionType"]
-        raise 'Must specify a revision source' unless @revision_source
-
-        case @revision_source
-        when 'S3'
-          @revision = data["Revision"]["S3Revision"]
-          raise 'S3Revision in Deployment Spec must specify Bucket, Key and BundleType' unless valid_s3_revision?(@revision)
-          raise 'BundleType in S3Revision must be tar, tgz or zip' unless valid_bundle_type?(@revision)
-
-          @bucket = @revision["Bucket"]
-          @key = @revision["Key"]
-          @bundle_type = @revision["BundleType"]
-          @version = @revision["Version"]
-          @etag = @revision["ETag"]
-        when 'GitHub'
-          @revision = data["Revision"]["GitHubRevision"]
-          raise 'GitHubRevision in Deployment Spec must specify Account, Repository and CommitId' unless valid_github_revision?(revision)
-          @external_account = revision["Account"]
-          @repository = revision["Repository"]
-          @commit_id = revision["CommitId"]
-          @external_auth_token = data["GitHubAccessToken"]
-          @anonymous = @external_auth_token.nil?
-        else
-          raise 'Exactly one of S3Revision or GitHubRevision must be specified'
-        end
-      end
-
-      def self.parse(envelope)
-        raise 'Provided deployment spec was nil' if envelope.nil?
-
-        case envelope.format
-        when "PKCS7/JSON"
-          pkcs7 = OpenSSL::PKCS7.new(envelope.payload)
-
-          # The PKCS7_NOCHAIN flag tells OpenSSL to ignore any PKCS7 CA chain that might be attached
-          # to the message directly and use the certificates from provided one only for validating the.
-          # signer's certificate.
-          #
-          # However, it will allow use the PKCS7 signer certificate provided to validate the signature.
-          #
-          # http://www.openssl.org/docs/crypto/PKCS7_verify.html#VERIFY_PROCESS
-          #
-          # The ruby wrapper returns true if OpenSSL returns 1
-          raise "Validation of PKCS7 signed message failed" unless pkcs7.verify([], @cert_store, nil, OpenSSL::PKCS7::NOCHAIN)
-
-          signer_certs = pkcs7.certificates
-          raise "Validation of PKCS7 signed message failed" unless signer_certs.size == 1
-          raise "Validation of PKCS7 signed message failed" unless verify_pkcs7_signer_cert(signer_certs[0])
-
-          deployment_spec = JSON.parse(pkcs7.data)
-
-          sanitized_spec = deployment_spec.clone
-          sanitized_spec["GitHubAccessToken"] &&= "REDACTED"
-          InstanceAgent::Log.debug("#{self.to_s}: Parse: #{sanitized_spec}")
-
-          return new(deployment_spec)
-        else
-          raise "Unsupported DeploymentSpecification format: #{envelope.format}"
-        end
-      end
-
-      private
-
-      def property_set?(propertyHash, property)
-        propertyHash.has_key?(property) && !propertyHash[property].nil? && !propertyHash[property].empty?
-      end
-
-      def valid_s3_revision?(revision)
-        revision.nil? || %w(Bucket Key BundleType).all? { |k| revision.has_key?(k) }
-      end
-
-      def valid_github_revision?(revision)
-        required_fields = %w(Account Repository CommitId)
-        if !(revision.nil? || revision['Anonymous'].nil? || revision['Anonymous'])
-          required_fields << 'OAuthToken'
-        end
-        revision.nil? || required_fields.all? { |k| revision.has_key?(k) }
-      end
-
-      private
-
-      def valid_bundle_type?(revision)
-        revision.nil? || %w(tar zip tgz).any? { |k| revision["BundleType"] == k }
-      end
-
-      def self.verify_pkcs7_signer_cert(cert)
-        @@region ||= ENV['AWS_REGION'] || InstanceMetadata.region
-
-        case InstanceAgent::Config.config()[:codedeploy_test_profile]
-        when 'prod'
-          case @@region
-          when 'us-east-1'
-            cert.subject.to_s == "/C=US/ST=Washington/L=Seattle/O=Amazon.com, Inc./CN=codedeploy-signer-us-east-1.amazonaws.com"
-          when 'us-west-2'
-            cert.subject.to_s == "/C=US/ST=Washington/L=Seattle/O=Amazon.com, Inc./CN=codedeploy-signer-us-west-2.amazonaws.com"
-          else
-            raise "Unknown region '#{@region}'"
-          end
-        else
-          raise "Unknown profile '#{Config.config()[:codedeploy_test_profile]}'"
-        end
-      end
-
-      private
-
-      def getDeploymentIdFromArn(arn)
-        # example arn format: "arn:aws:codedeploy:us-east-1:123412341234:deployment/12341234-1234-1234-1234-123412341234"
-        arn.split(":", 6)[5].split("/",2)[1]
-      end
-
-    end
-  end
-end

data/lib/instance_agent/codedeploy_plugin/hook_executor.rb

@@ -1,206 +0,0 @@
-require 'timeout'
-require 'open3'
-require 'json'
-require 'fileutils'
-
-module InstanceAgent
-  module CodeDeployPlugin
-    class ScriptLog
-      attr_reader :log
-
-      def append_to_log(log_entry)
-        log_entry ||= ""
-        @log ||= []
-        @log.push(log_entry)
-
-        index = @log.size
-        remaining_buffer = 2048
-
-        while (index > 0 && (remaining_buffer - @log[index-1].length) > 0)
-          index = index - 1
-          remaining_buffer = remaining_buffer - @log[index-1].length
-        end
-
-        if index > 0
-          @log = @log.drop(index)
-        end
-      end
-
-      def concat_log(log_entries)
-        log_entries ||= []
-        log_entries.each do |log_entry|
-           append_to_log(log_entry)
-        end
-      end
-    end
-
-    class ScriptError < StandardError
-      attr_reader :error_code, :script_name, :log
-
-      SUCCEEDED_CODE = 0
-      SCRIPT_MISSING_CODE = 1
-      SCRIPT_EXECUTABILITY_CODE = 2
-      SCRIPT_TIMED_OUT_CODE = 3
-      SCRIPT_FAILED_CODE = 4
-      UNKNOWN_ERROR_CODE = 5
-
-      def initialize(error_code, script_name, log)
-        @error_code = error_code
-        @script_name = script_name
-        @log = log
-      end
-
-      def to_json
-        log = @log.log || []
-        log = log.join("")
-        {'error_code' => @error_code, 'script_name' => @script_name, 'message' => message, 'log' => log}.to_json
-      end
-    end
-
-    class HookExecutor
-
-      LAST_SUCCESSFUL_DEPLOYMENT = "OldOrIgnore"
-      CURRENT = "New"
-
-      def initialize(arguments = {})
-        #check arguments
-        raise "Lifecycle Event Required " if arguments[:lifecycle_event].nil?
-        raise "Deployment Root Directory Required " if arguments[:deployment_root_dir].nil?
-        raise "App Spec Path Required " if arguments[:app_spec_path].nil?
-        @lifecycle_event = arguments[:lifecycle_event]
-        select_correct_deployment_root_dir(arguments[:deployment_root_dir], arguments[:last_successful_deployment_dir])
-        return if @deployment_root_dir.nil?
-        @deployment_archive_dir = File.join(@deployment_root_dir, 'deployment-archive')
-        @app_spec_path = arguments[:app_spec_path]
-        parse_app_spec
-        @hook_logging_mutex = Mutex.new
-        @script_log = ScriptLog.new
-      end
-
-      def execute
-        return if @app_spec.nil?
-        if (hooks = @app_spec.hooks[@lifecycle_event]) &&
-            !hooks.empty?
-          create_script_log_file_if_needed do |script_log_file|
-            log_script("LifecycleEvent - " + @lifecycle_event + "\n", script_log_file)
-            hooks.each do |script|
-              if(!File.exist?(script_absolute_path(script)))
-                raise ScriptError.new(ScriptError::SCRIPT_MISSING_CODE, script.location, @script_log), 'Script does not exist at specified location: ' + script.location
-              elsif(!InstanceAgent::Platform.util.script_executable?(script_absolute_path(script)))
-                log :warn, 'Script at specified location: ' + script.location + ' is not executable.  Trying to make it executable.'
-                begin
-                  FileUtils.chmod("+x", script_absolute_path(script))
-                rescue
-                  raise ScriptError.new(ScriptError::SCRIPT_EXECUTABILITY_CODE, script.location, @script_log), 'Unable to set script at specified location: ' + script.location + ' as executable'
-                end
-              end
-              begin
-                execute_script(script, script_log_file)
-              rescue Timeout::Error
-                raise ScriptError.new(ScriptError::SCRIPT_TIMED_OUT_CODE, script.location, @script_log), 'Script at specified location: ' +script.location + ' failed to complete in '+script.timeout.to_s+' seconds'
-              end
-            end
-          end
-        end
-        @script_log.log
-      end
-
-      private
-      def execute_script(script, script_log_file)
-        script_command = InstanceAgent::Platform.util.prepare_script_command(script, script_absolute_path(script))
-        log_script("Script - " + script.location + "\n", script_log_file)
-        exit_status = 1
-        Open3.popen3(script_command, :pgroup => true) do |stdin, stdout, stderr, wait_thr|
-          stdin.close
-          stdout_thread = Thread.new{stdout.each_line { |line| log_script("[stdout]" + line.to_s, script_log_file)}}
-          stderr_thread = Thread.new{stderr.each_line { |line| log_script("[stderr]" + line.to_s, script_log_file)}}
-          if !wait_thr.join(script.timeout)
-            Process.kill('-TERM', wait_thr.pid) #kill the process group instead of pid
-            raise Timeout::Error
-          end
-          stdout_thread.join
-          stderr_thread.join
-          exit_status = wait_thr.value.exitstatus
-        end
-        if(exit_status != 0)
-          script_error = 'Script at specified location: ' + script.location + ' failed with exit code ' + exit_status.to_s
-          if(!script.runas.nil?)
-            script_error = 'Script at specified location: ' + script.location + ' run as user ' + script.runas + ' failed with exit code ' + exit_status.to_s
-          end
-          raise ScriptError.new(ScriptError::SCRIPT_FAILED_CODE, script.location, @script_log), script_error
-        end
-      end
-
-
-      private
-      def create_script_log_file_if_needed
-        script_log_file_location = File.join(@deployment_root_dir, 'logs/scripts.log')
-        if(!File.exists?(script_log_file_location))
-          unless File.directory?(File.dirname(script_log_file_location))
-            FileUtils.mkdir_p(File.dirname(script_log_file_location))
-          end
-          script_log_file = File.open(script_log_file_location, 'w')
-        else
-          script_log_file = File.open(script_log_file_location, 'a')
-        end
-        yield(script_log_file)
-      ensure
-        script_log_file.close unless script_log_file.nil?
-      end
-
-      private
-      def script_absolute_path(script)
-        File.join(@deployment_archive_dir, script.location)
-      end
-
-      private
-      def parse_app_spec
-        app_spec_location = File.join(@deployment_archive_dir, @app_spec_path)
-        log(:debug, "Checking for app spec in #{app_spec_location}")
-        @app_spec =  ApplicationSpecification::ApplicationSpecification.parse(File.read(app_spec_location))
-      end
-
-      private
-      def select_correct_deployment_root_dir(current_deployment_root_dir, last_successful_deployment_root_dir)
-        @deployment_root_dir = current_deployment_root_dir
-        hook_deployment_mapping = mapping_between_hooks_and_deployments
-        if(hook_deployment_mapping[@lifecycle_event] == LAST_SUCCESSFUL_DEPLOYMENT && !File.exist?(File.join(@deployment_root_dir, 'deployment-archive')))
-          @deployment_root_dir = last_successful_deployment_root_dir
-        end
-      end
-
-      private
-      def mapping_between_hooks_and_deployments
-        {"BeforeELBRemove"=>LAST_SUCCESSFUL_DEPLOYMENT,
-         "AfterELBRemove"=>LAST_SUCCESSFUL_DEPLOYMENT,
-         "ApplicationStop"=>LAST_SUCCESSFUL_DEPLOYMENT,
-         "BeforeInstall"=>CURRENT,
-         "AfterInstall"=>CURRENT,
-         "ApplicationStart"=>CURRENT,
-         "BeforeELBAdd"=>CURRENT,
-         "AfterELBAdd"=>CURRENT,
-         "ValidateService"=>CURRENT}
-      end
-
-      private
-      def description
-        self.class.to_s
-      end
-
-      private
-      def log(severity, message)
-        raise ArgumentError, "Unknown severity #{severity.inspect}" unless InstanceAgent::Log::SEVERITIES.include?(severity.to_s)
-        InstanceAgent::Log.send(severity.to_sym, "#{description}: #{message}")
-      end
-
-      private
-      def log_script(message, script_log_file)
-        @hook_logging_mutex.synchronize do
-          @script_log.append_to_log(message)
-          script_log_file.write(Time.now.to_s[0..-7] + ' ' + message)
-          script_log_file.flush
-        end
-      end
-    end
-  end
-end

data/lib/instance_agent/codedeploy_plugin/install_instruction.rb

@@ -1,374 +0,0 @@
-require 'etc'
-require 'fileutils'
-require 'json'
-
-module InstanceAgent
-  module CodeDeployPlugin
-    class InstallInstruction
-      def self.generate_commands_from_file(file)
-        name = File.basename(file.path)
-        file = File.open(file.path, 'r')
-        contents = file.read
-        file.close
-        if name =~ /^*-install.json/
-          parse_install_commands(contents)
-        elsif name =~ /^*-cleanup/
-          parse_remove_commands(contents)
-        end
-      end
-
-      def self.parse_install_commands(contents)
-        instructions = JSON.parse(contents)['instructions']
-        commands = []
-        instructions.each do |mapping|
-          case mapping['type']
-            when "copy"
-              commands << CopyCommand.new(mapping["source"], mapping["destination"])
-            when "mkdir"
-              commands << MakeDirectoryCommand.new(mapping["directory"])
-            when "chmod"
-              commands << ChangeModeCommand.new(mapping['file'], mapping['mode'])
-            when "chown"
-              commands << ChangeOwnerCommand.new(mapping['file'], mapping['owner'], mapping['group'])
-            when "setfacl"
-              commands << ChangeAclCommand.new(mapping['file'], InstanceAgent::CodeDeployPlugin::ApplicationSpecification::AclInfo.new(mapping['acl']))
-            when "semanage"
-              if !mapping['context']['role'].nil?
-                raise "Attempt to set role on object, not supported"
-              end
-              commands << ChangeContextCommand.new(mapping['file'], InstanceAgent::CodeDeployPlugin::ApplicationSpecification::ContextInfo.new(mapping['context']))
-            else
-              raise "Unknown command: #{mapping}"
-          end
-        end
-        commands
-      end
-
-      def self.parse_remove_commands(contents)
-        return [] if contents.empty?
-        #remove the unfinished paths
-        lines = contents.lines.to_a
-        if lines.last[lines.last.length-1] != "\n"
-          lines.pop
-        end
-        commands = []
-        lines.each do |command|
-          if command.start_with?("semanage\0")
-            commands << RemoveContextCommand.new(command.split("\0",2)[1].strip)
-          else
-            commands << RemoveCommand.new(command.strip)
-          end
-        end
-        commands.reverse
-      end
-
-      def self.generate_instructions()
-        command_builder = CommandBuilder.new()
-        yield(command_builder)
-        command_builder
-      end
-    end
-
-    class CommandBuilder
-      attr_reader :command_array
-      def initialize()
-        @command_array = []
-        @copy_targets = Hash.new
-        @mkdir_targets = Set.new
-        @permission_targets = Set.new
-      end
-
-      def copy(source, destination)
-        destination = sanitize_dir_path(destination)
-        log(:debug, "Copying #{source} to #{destination}")
-        raise "Duplicate copy instruction to #{destination} from #{source} and #{@copy_targets[destination]}" if @copy_targets.has_key?(destination)
-        raise "Duplicate copy instruction to #{destination} from #{source} which is already being installed as a directory" if @mkdir_targets.include?(destination)
-        @command_array << CopyCommand.new(source, destination)
-        @copy_targets[destination] = source
-      end
-
-      def mkdir(destination)
-        destination = sanitize_dir_path(destination)
-        log(:debug, "Making directory #{destination}")
-        raise "Duplicate mkdir instruction for #{destination} which is already being copied from #{@copy_targets[destination]}" if @copy_targets.has_key?(destination)
-        @command_array << MakeDirectoryCommand.new(destination) unless @mkdir_targets.include?(destination)
-        @mkdir_targets.add(destination)
-      end
-
-      def set_permissions(object, permission)
-        object = sanitize_dir_path(object)
-        log(:debug, "Setting permissions on #{object}")
-        raise "Duplicate permission setting instructions for #{object}" if @permission_targets.include?(object)
-        @permission_targets.add(object)
-
-        if !permission.mode.nil?
-          log(:debug, "Setting mode on #{object}")
-          @command_array << ChangeModeCommand.new(object, permission.mode.mode)
-        end
-
-        if !permission.acls.nil?
-          log(:debug, "Setting acl on #{object}")
-          @command_array << ChangeAclCommand.new(object, permission.acls)
-        end
-
-        if !permission.context.nil?
-          log(:debug, "Setting context on #{object}")
-          @command_array << ChangeContextCommand.new(object, permission.context)
-        end
-
-        if !permission.owner.nil? || !permission.group.nil?
-          log(:debug, "Setting ownership of #{object}")
-          @command_array << ChangeOwnerCommand.new(object, permission.owner, permission.group)
-        end
-      end
-
-      def copying_file?(file)
-        file = sanitize_dir_path(file)
-        log(:debug, "Checking for #{file} in #{@copy_targets.keys.inspect}")
-        @copy_targets.has_key?(file)
-      end
-
-      def making_directory?(dir)
-        dir = sanitize_dir_path(dir)
-        log(:debug, "Checking for #{dir} in #{@mkdir_targets.inspect}")
-        @mkdir_targets.include?(dir)
-      end
-
-      def find_matches(permission)
-        log(:debug, "Finding matches for #{permission.object}")
-        matches = []
-        if permission.type.include?("file")
-          @copy_targets.keys.each do |object|
-            log(:debug, "Checking #{object}")
-            if (permission.matches_pattern?(object) && !permission.matches_except?(object))
-              log(:debug, "Found match #{object}")
-              permission.validate_file_acl(object)
-              matches << object
-            end
-          end
-        end
-        if permission.type.include?("directory")
-          @mkdir_targets.each do |object|
-            log(:debug, "Checking #{object}")
-            if (permission.matches_pattern?(object) && !permission.matches_except?(object))
-              log(:debug, "Found match #{object}")
-              matches << object
-            end
-          end
-        end
-        matches
-      end
-
-      def to_json
-        command_json = @command_array.map(&:to_h)
-        {"instructions" => command_json}.to_json
-      end
-
-      def each(&block)
-        @command_array.each(&block)
-      end
-
-      private
-      def sanitize_dir_path(path)
-        File.expand_path(path)
-      end
-
-      private
-      def description
-        self.class.to_s
-      end
-
-      private
-      def log(severity, message)
-        raise ArgumentError, "Unknown severity #{severity.inspect}" unless InstanceAgent::Log::SEVERITIES.include?(severity.to_s)
-        InstanceAgent::Log.send(severity.to_sym, "#{description}: #{message}")
-      end
-    end
-
-    class RemoveCommand
-      def initialize(location)
-        @file_path = location
-      end
-      def execute
-        #If the file doesn't exist the command is ignored
-        if File.exist?(@file_path)
-          if File.directory?(@file_path)
-            # TODO (AWSGLUE-713): handle the exception if the directory is non-empty;
-            # this might mean the customer has put files in this directory and we should
-            # probably ignore the error and move on
-            FileUtils.rmdir(@file_path)
-          else
-            FileUtils.rm(@file_path)
-          end
-        end
-      end
-    end
-
-    class CopyCommand
-      attr_reader :destination, :source
-      def initialize(source, destination)
-        @source = source
-        @destination = destination
-      end
-
-      def execute(cleanup_file)
-        raise "File already exists at #{@destination}"  if File.exists?(@destination)
-        cleanup_file.puts(@destination)
-        if File.symlink?(@source)
-          FileUtils.symlink(File.readlink(@source), @destination)
-        else
-          FileUtils.copy(@source, @destination, :preserve => true)
-        end
-      end
-
-      def to_h
-        {"type" => "copy", "source" => @source, "destination" => @destination}
-      end
-    end
-
-    class MakeDirectoryCommand
-      def initialize(destination)
-        @directory = destination
-      end
-
-      def execute(cleanup_file)
-        raise "File already exists at #{@directory}" if
-          File.exists?(@directory)
-        FileUtils.mkdir(@directory)
-        cleanup_file.puts(@directory)
-      end
-
-      def to_h
-        {"type" => "mkdir", "directory" => @directory}
-      end
-    end
-
-    class ChangeModeCommand
-      def initialize(object, mode)
-        @object = object
-        @mode = mode
-      end
-
-      def execute(cleanup_file)
-        File.chmod(@mode.to_i(8), @object)
-      end
-
-      def to_h
-        {"type" => "chmod", "mode" => @mode, "file" => @object}
-      end
-    end
-
-    class ChangeAclCommand
-      def initialize(object, acl)
-        @object = object
-        @acl = acl
-      end
-
-      def execute(cleanup_file)
-        begin
-          get_full_acl
-          acl = @acl.get_acl.join(",")
-          if !system("setfacl --set #{acl} #{@object}")
-            raise "Unable to set acl correctly: setfacl --set #{acl} #{@object}, exit code: #{$?}"
-          end
-        ensure
-          clear_full_acl
-        end
-      end
-
-      def clear_full_acl
-        @acl.clear_additional
-      end
-
-      def get_full_acl()
-        perm = "%o" % File.stat(@object).mode
-        perm = perm[-3,3]
-        @acl.add_ace(":#{perm[0]}")
-        @acl.add_ace("g::#{perm[1]}")
-        @acl.add_ace("o::#{perm[2]}")
-        if @acl.has_base_named? && !@acl.has_base_mask?
-          @acl.add_ace("m::#{perm[1]}")
-        end
-        if @acl.has_default?
-          if !@acl.has_default_user?
-            @acl.add_ace("d::#{perm[0]}")
-          end
-          if !@acl.has_default_group?
-            @acl.add_ace("d:g::#{perm[1]}")
-          end
-          if !@acl.has_default_other?
-            @acl.add_ace("d:o:#{perm[2]}")
-          end
-          if @acl.has_default_named? && !@acl.has_default_mask?
-            @acl.add_ace(@acl.get_default_group_ace.sub("group:","mask"))
-          end
-        end
-      end
-
-      def to_h
-        {"type" => "setfacl", "acl" => @acl.get_acl, "file" => @object}
-      end
-    end
-
-    class ChangeOwnerCommand
-      def initialize(object, owner, group)
-        @object = object
-        @owner = owner
-        @group = group
-      end
-
-      def execute(cleanup_file)
-        ownerid = Etc.getpwnam(@owner).uid if @owner
-        groupid = Etc.getgrnam(@group).gid if @group
-        File.chown(ownerid, groupid, @object)
-      end
-
-      def to_h
-        {"type" => "chown", "owner" => @owner, "group" => @group, "file" => @object}
-      end
-    end
-
-    class ChangeContextCommand
-      def initialize(object, context)
-        @object = object
-        @context = context
-      end
-
-      def execute(cleanup_file)
-        if !@context.role.nil?
-          raise "Attempt to set role on object, not supported"
-        end
-        args = "-t #{@context.type}"
-        if (!@context.user.nil?)
-          args = "-s #{@context.user} " + args
-        end
-        if (!@context.range.nil?)
-          args = args + " -r #{@context.range.get_range}"
-        end
-
-        object = File.realpath(@object)
-        if !system("semanage fcontext -a #{args} #{object}")
-          raise "Unable to set context: semanage fcontext -a #{args} #{object}, exit code: #{$?}"
-        end
-        if !system("restorecon -v #{object}")
-          raise "Unable to apply context: restorcecon -v #{object}, exit code: #{$?}"
-        end
-        cleanup_file.puts("semanage\0#{object}")
-      end
-
-      def to_h
-        {"type" => "semanage", "context" => {"user" => @context.user, "role" => @context.role, "type" => @context.type, "range" => @context.range.get_range}, "file" => @object}
-      end
-    end
-
-    class RemoveContextCommand
-      def initialize(object)
-        @object = object
-      end
-
-      def execute
-        system("semanage fcontext -d #{@object}")
-      end
-    end
-  end
-end