azuki 0.0.1

data/lib/azuki/command/auth.rb

@@ -0,0 +1,86 @@
+require "azuki/command/base"
+
+# authentication (login, logout)
+#
+class Azuki::Command::Auth < Azuki::Command::Base
+
+  # auth
+  #
+  # Authenticate, display token and current user
+  def index
+    validate_arguments!
+
+    Azuki::Command::Help.new.send(:help_for_command, current_command)
+  end
+
+  # auth:login
+  #
+  # log in with your azuki credentials
+  #
+  #Example:
+  #
+  # $ azuki auth:login
+  # Enter your Azuki credentials:
+  # Email: email@example.com
+  # Password (typing will be hidden):
+  # Authentication successful.
+  #
+  def login
+    validate_arguments!
+
+    Azuki::Auth.login
+    display "Authentication successful."
+  end
+
+  alias_command "login", "auth:login"
+
+  # auth:logout
+  #
+  # clear local authentication credentials
+  #
+  #Example:
+  #
+  # $ azuki auth:logout
+  # Local credentials cleared.
+  #
+  def logout
+    validate_arguments!
+
+    Azuki::Auth.logout
+    display "Local credentials cleared."
+  end
+
+  alias_command "logout", "auth:logout"
+
+  # auth:token
+  #
+  # display your api token
+  #
+  #Example:
+  #
+  # $ azuki auth:token
+  # ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCD
+  #
+  def token
+    validate_arguments!
+
+    display Azuki::Auth.api_key
+  end
+
+  # auth:whoami
+  #
+  # display your azuki email address
+  #
+  #Example:
+  #
+  # $ azuki auth:whoami
+  # email@example.com
+  #
+  def whoami
+    validate_arguments!
+
+    display Azuki::Auth.user
+  end
+
+end
+

data/lib/azuki/command/base.rb

@@ -0,0 +1,230 @@
+require "fileutils"
+require "azuki/auth"
+require "azuki/client/rendezvous"
+require "azuki/command"
+
+class Azuki::Command::Base
+  include Azuki::Helpers
+
+  def self.namespace
+    self.to_s.split("::").last.downcase
+  end
+
+  attr_reader :args
+  attr_reader :options
+
+  def initialize(args=[], options={})
+    @args = args
+    @options = options
+  end
+
+  def app
+    @app ||= if options[:confirm].is_a?(String)
+      if options[:app] && (options[:app] != options[:confirm])
+        error("Mismatch between --app and --confirm")
+      end
+      options[:confirm]
+    elsif options[:app].is_a?(String)
+      options[:app]
+    elsif ENV.has_key?('AZUKI_APP')
+      ENV['AZUKI_APP']
+    elsif app_from_dir = extract_app_in_dir(Dir.pwd)
+      app_from_dir
+    else
+      # raise instead of using error command to enable rescuing when app is optional
+      raise Azuki::Command::CommandFailed.new("No app specified.\nRun this command from an app folder or specify which app to use with --app APP.")
+    end
+  end
+
+  def api
+    Azuki::Auth.api
+  end
+
+  def azuki
+    Azuki::Auth.client
+  end
+
+protected
+
+  def self.inherited(klass)
+    unless klass == Azuki::Command::Base
+      help = extract_help_from_caller(caller.first)
+
+      Azuki::Command.register_namespace(
+        :name => klass.namespace,
+        :description => help.first
+      )
+    end
+  end
+
+  def self.method_added(method)
+    return if self == Azuki::Command::Base
+    return if private_method_defined?(method)
+    return if protected_method_defined?(method)
+
+    help = extract_help_from_caller(caller.first)
+    resolved_method = (method.to_s == "index") ? nil : method.to_s
+    command = [ self.namespace, resolved_method ].compact.join(":")
+    banner = extract_banner(help) || command
+
+    Azuki::Command.register_command(
+      :klass       => self,
+      :method      => method,
+      :namespace   => self.namespace,
+      :command     => command,
+      :banner      => banner.strip,
+      :help        => help.join("\n"),
+      :summary     => extract_summary(help),
+      :description => extract_description(help),
+      :options     => extract_options(help)
+    )
+  end
+
+  def self.alias_command(new, old)
+    raise "no such command: #{old}" unless Azuki::Command.commands[old]
+    Azuki::Command.command_aliases[new] = old
+  end
+
+  def extract_app
+    output_with_bang "Command::Base#extract_app has been deprecated. Please use Command::Base#app instead.  #{caller.first}"
+    app
+  end
+
+  #
+  # Parse the caller format and identify the file and line number as identified
+  # in : http://www.ruby-doc.org/core/classes/Kernel.html#M001397.  This will
+  # look for a colon followed by a digit as the delimiter.  The biggest
+  # complication is windows paths, which have a color after the drive letter.
+  # This regex will match paths as anything from the beginning to a colon
+  # directly followed by a number (the line number).
+  #
+  # Examples of the caller format :
+  # * c:/Ruby192/lib/.../lib/azuki/command/addons.rb:8:in `<module:Command>'
+  # * c:/Ruby192/lib/.../azuki-2.0.1/lib/azuki/command/pg.rb:96:in `<class:Pg>'
+  # * /Users/ph7/...../xray-1.1/lib/xray/thread_dump_signal_handler.rb:9
+  #
+  def self.extract_help_from_caller(line)
+    # pull out of the caller the information for the file path and line number
+    if line =~ /^(.+?):(\d+)/
+      extract_help($1, $2)
+    else
+      raise("unable to extract help from caller: #{line}")
+    end
+  end
+
+  def self.extract_help(file, line_number)
+    buffer = []
+    lines = Azuki::Command.files[file]
+
+    (line_number.to_i-2).downto(0) do |i|
+      line = lines[i]
+      case line[0..0]
+        when ""
+        when "#"
+          buffer.unshift(line[1..-1])
+        else
+          break
+      end
+    end
+
+    buffer
+  end
+
+  def self.extract_banner(help)
+    help.first
+  end
+
+  def self.extract_summary(help)
+    extract_description(help).split("\n")[2].to_s.split("\n").first
+  end
+
+  def self.extract_description(help)
+    help.reject do |line|
+      line =~ /^\s+-(.+)#(.+)/
+    end.join("\n")
+  end
+
+  def self.extract_options(help)
+    help.select do |line|
+      line =~ /^\s+-(.+)#(.+)/
+    end.inject([]) do |options, line|
+      args = line.split('#', 2).first
+      args = args.split(/,\s*/).map {|arg| arg.strip}.sort.reverse
+      name = args.last.split(' ', 2).first[2..-1]
+      options << { :name => name, :args => args }
+    end
+  end
+
+  def current_command
+    Azuki::Command.current_command
+  end
+
+  def extract_option(key)
+    options[key.dup.gsub('-','_').to_sym]
+  end
+
+  def invalid_arguments
+    Azuki::Command.invalid_arguments
+  end
+
+  def shift_argument
+    Azuki::Command.shift_argument
+  end
+
+  def validate_arguments!
+    Azuki::Command.validate_arguments!
+  end
+
+  def extract_app_in_dir(dir)
+    return unless remotes = git_remotes(dir)
+
+    if remote = options[:remote]
+      remotes[remote]
+    elsif remote = extract_app_from_git_config
+      remotes[remote]
+    else
+      apps = remotes.values.uniq
+      if apps.size == 1
+        apps.first
+      else
+        raise(Azuki::Command::CommandFailed, "Multiple apps in folder and no app specified.\nSpecify app with --app APP.")
+      end
+    end
+  end
+
+  def extract_app_from_git_config
+    remote = git("config azuki.remote")
+    remote == "" ? nil : remote
+  end
+
+  def git_remotes(base_dir=Dir.pwd)
+    remotes = {}
+    original_dir = Dir.pwd
+    Dir.chdir(base_dir)
+
+    return unless File.exists?(".git")
+    git("remote -v").split("\n").each do |remote|
+      name, url, method = remote.split(/\s/)
+      if url =~ /^git@#{Azuki::Auth.git_host}(?:[\.\w]*):([\w\d-]+)\.git$/
+        remotes[name] = $1
+      end
+    end
+
+    Dir.chdir(original_dir)
+    if remotes.empty?
+      nil
+    else
+      remotes
+    end
+  end
+
+  def escape(value)
+    azuki.escape(value)
+  end
+end
+
+module Azuki::Command
+  unless const_defined?(:BaseWithApp)
+    BaseWithApp = Base
+  end
+end

data/lib/azuki/command/certs.rb

@@ -0,0 +1,209 @@
+require "azuki/command/base"
+require "excon"
+
+# manage ssl endpoints for an app
+#
+class Azuki::Command::Certs < Azuki::Command::Base
+  SSL_DOCTOR = Excon.new(ENV["SSL_DOCTOR_URL"] || "https://ssl-doctor.azukiapp.com/")
+
+  class UsageError < StandardError; end
+
+  # certs
+  #
+  # List ssl endpoints for an app.
+  #
+  def index
+    endpoints = azuki.ssl_endpoint_list(app)
+
+    if endpoints.empty?
+      display "#{app} has no SSL Endpoints."
+      display "Use `azuki certs:add CRT KEY` to add one."
+    else
+      endpoints.map! do |endpoint|
+        {
+          'cname'       => endpoint['cname'],
+          'domains'     => endpoint['ssl_cert']['cert_domains'].join(', '),
+          'expires_at'  => format_date(endpoint['ssl_cert']['expires_at']),
+          'ca_signed?'  => endpoint['ssl_cert']['ca_signed?'].to_s.capitalize
+        }
+      end
+      display_table(
+        endpoints,
+        %w( cname domains expires_at ca_signed? ),
+        [ "Endpoint", "Common Name(s)", "Expires", "Trusted" ]
+      )
+    end
+  end
+
+  # certs:chain CRT [CRT ...]
+  #
+  # Print the ordered and complete chain for the given certificate.
+  #
+  # Optional intermediate certificates may be given too, and will
+  # be used during chain resolution.
+  #
+  def chain
+    puts read_crt_through_ssl_doctor
+  rescue UsageError
+    fail("Usage: azuki certs:chain CRT [CRT ...]\nMust specify at least one certificate file.")
+  end
+
+  # certs:key CRT KEY [KEY ...]
+  #
+  # Print the correct key for the given certificate.
+  #
+  # You must pass one single certificate, and one or more keys.
+  # The first key that signs the certificate will be printed back.
+  #
+  def key
+    crt, key = read_crt_and_key_through_ssl_doctor("Testing for signing key")
+    puts key
+  rescue UsageError
+    fail("Usage: azuki certs:key CRT KEY [KEY ...]\nMust specify one certificate file and at least one key file.")
+  end
+
+  # certs:add CRT KEY
+  #
+  # Add an ssl endpoint to an app.
+  #
+  #   --bypass  # bypass the trust chain completion step
+  #
+  def add
+    crt, key = read_crt_and_key
+    endpoint = action("Adding SSL Endpoint to #{app}") { azuki.ssl_endpoint_add(app, crt, key) }
+    display_warnings(endpoint)
+    display "#{app} now served by #{endpoint['cname']}"
+    display "Certificate details:"
+    display_certificate_info(endpoint)
+  rescue UsageError
+    fail("Usage: azuki certs:add CRT KEY\nMust specify CRT and KEY to add cert.")
+  end
+
+  # certs:update CRT KEY
+  #
+  # Update an SSL Endpoint on an app.
+  #
+  #   --bypass  # bypass the trust chain completion step
+  #
+  def update
+    crt, key = read_crt_and_key
+    cname    = options[:endpoint] || current_endpoint
+    endpoint = action("Updating SSL Endpoint #{cname} for #{app}") { azuki.ssl_endpoint_update(app, cname, crt, key) }
+    display_warnings(endpoint)
+    display "Updated certificate details:"
+    display_certificate_info(endpoint)
+  rescue UsageError
+    fail("Usage: azuki certs:update CRT KEY\nMust specify CRT and KEY to update cert.")
+  end
+
+  # certs:info
+  #
+  # Show certificate information for an ssl endpoint.
+  #
+  def info
+    cname = options[:endpoint] || current_endpoint
+    endpoint = action("Fetching SSL Endpoint #{cname} info for #{app}") do
+      azuki.ssl_endpoint_info(app, cname)
+    end
+
+    display "Certificate details:"
+    display_certificate_info(endpoint)
+  end
+
+  # certs:remove
+  #
+  # Remove an SSL Endpoint from an app.
+  #
+  def remove
+    cname = options[:endpoint] || current_endpoint
+    action("Removing SSL Endpoint #{cname} from #{app}") do
+      azuki.ssl_endpoint_remove(app, cname)
+    end
+    display "NOTE: Billing is still active. Remove SSL Endpoint add-on to stop billing."
+  end
+
+  # certs:rollback
+  #
+  # Rollback an SSL Endpoint for an app.
+  #
+  def rollback
+    cname = options[:endpoint] || current_endpoint
+
+    endpoint = action("Rolling back SSL Endpoint #{cname} for #{app}") do
+      azuki.ssl_endpoint_rollback(app, cname)
+    end
+
+    display "New active certificate details:"
+    display_certificate_info(endpoint)
+  end
+
+  private
+
+  def current_endpoint
+    endpoint = azuki.ssl_endpoint_list(app).first || error("#{app} has no SSL Endpoints.")
+    endpoint["cname"]
+  end
+
+  def display_certificate_info(endpoint)
+    data = {
+      'Common Name(s)'  => endpoint['ssl_cert']['cert_domains'],
+      'Expires At'      => format_date(endpoint['ssl_cert']['expires_at']),
+      'Issuer'          => endpoint['ssl_cert']['issuer'],
+      'Starts At'       => format_date(endpoint['ssl_cert']['starts_at']),
+      'Subject'         => endpoint['ssl_cert']['subject']
+    }
+    styled_hash(data)
+
+    if endpoint["ssl_cert"]["ca_signed?"]
+      display "SSL certificate is verified by a root authority."
+    elsif endpoint["issuer"] == endpoint["subject"]
+      display "SSL certificate is self signed."
+    else
+      display "SSL certificate is not trusted."
+    end
+  end
+
+  def display_warnings(endpoint)
+    if endpoint["warnings"]
+      endpoint["warnings"].each do |field, warning|
+        display "WARNING: #{field} #{warning}"
+      end
+    end
+  end
+
+  def display(msg = "", new_line = true)
+    super if $stdout.tty?
+  end
+
+  def post_to_ssl_doctor(path, action_text = nil)
+    raise UsageError if args.size < 1
+    action_text ||= "Resolving trust chain"
+    action(action_text) do
+      input = args.map { |arg| File.read(arg) rescue error("Unable to read #{args[0]} file") }.join("\n")
+      SSL_DOCTOR.post(:path => path, :body => input, :headers => {'Content-Type' => 'application/octet-stream'}, :expects => 200).body
+    end
+  rescue Excon::Errors::BadRequest, Excon::Errors::UnprocessableEntity => e
+    error(e.response.body)
+  end
+
+  def read_crt_and_key_through_ssl_doctor(action_text = nil)
+    crt_and_key = post_to_ssl_doctor("resolve-chain-and-key", action_text)
+    Azuki::OkJson.decode(crt_and_key).values_at("pem", "key")
+  end
+
+  def read_crt_through_ssl_doctor(action_text = nil)
+    post_to_ssl_doctor("resolve-chain", action_text)
+  end
+
+  def read_crt_and_key_bypassing_ssl_doctor
+    raise UsageError if args.size != 2
+    crt = File.read(args[0]) rescue error("Unable to read #{args[0]} CRT")
+    key = File.read(args[1]) rescue error("Unable to read #{args[1]} KEY")
+    [crt, key]
+  end
+
+  def read_crt_and_key
+    options[:bypass] ? read_crt_and_key_bypassing_ssl_doctor : read_crt_and_key_through_ssl_doctor
+  end
+
+end