bcome 1.1.4 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: cdf4b817e9c7afb1b0b5508a811e2e74a71a6b97
-  data.tar.gz: 881ae215c6873cc81b5214f2876cd13833ce1ae1
+  metadata.gz: 5175174eb843f0f210c02ca12ded004f75d77368
+  data.tar.gz: ffd09a8ba7edc0df044a17b55db02d3176e0feee
 SHA512:
-  metadata.gz: c67f27ca6e33d761311f9bf8c226e774b10516b9f14d2bade52e8d04e2e9df35b48e0e8ad53c1199b4fa18381e8e7a3fe51ddf9e52d05035aab15024be5c4472
-  data.tar.gz: c610e971283f6cc178d746a4eb1ceca8b619ac66d4a76bd1353eb2c999ab5da48c4075d7d02f7da4197ac253ab928a02c31a5e4f9cb6ce0a0032017fc73df5ec
+  metadata.gz: 855151285002aa2270d025f97ff85c8beead1f3b7aabcad797bcd8eb03885c38f296a2ad1f1e01c2b1be6631a3d9ba724f57fae6046e6132f8ec8e95ae3e9ee9
+  data.tar.gz: 09500dc2f2ac59b5a1c70252c07ca0bbc665f32eac78a52fc1ded53d3e9d79ba09d0367ac56921eab5d56d9ddd300665924640733d3e0d436150badbec7f55db

data/lib/objects/bcome/version.rb

@@ -1,3 +1,3 @@
 module Bcome
-  VERSION = '1.1.4'.freeze
+  VERSION = '1.3.0'.freeze
 end

data/lib/objects/command/local.rb

@@ -8,7 +8,7 @@ module Bcome::Command
       command
     end
 
-    attr_reader :stdout, :stderr
+    attr_reader :stdout, :stderr, :process_status
 
     def initialize(command, success_exit_codes = [0])
       @command = command

data/lib/objects/driver/ec2.rb

@@ -1,5 +1,8 @@
 module Bcome::Driver
   class Ec2 < Bcome::Driver::Base
+  
+    PATH_TO_FOG_CREDENTIALS = "#{ENV['HOME']}/.fog".freeze
+
     def initialize(*params)
       super
       raise Bcome::Exception::Ec2DriverMissingProvisioningRegion, params.inspect unless provisioning_region
@@ -22,6 +25,10 @@ module Bcome::Driver
       fog_client.servers.all({})
     end
 
+    def raw_fog_credentials
+      @raw_fog_credentials ||= YAML.load_file(PATH_TO_FOG_CREDENTIALS)[credentials_key]
+    end
+
     def credentials_key
       @params[:credentials_key]
     end

data/lib/objects/encryptor.rb

@@ -0,0 +1,99 @@
+module Bcome
+  class Encryptor
+
+    UNENC_SIGNIFIER = "".freeze  
+    ENC_SIGNIFIER = "enc".freeze
+
+    include Singleton
+
+    attr_reader :key
+
+    def pack
+      # Bcome currently works with a single encryption key - the same one - for all files
+      # When we attempt an encrypt we'll check first to see if any encrypted files already exists, and
+      # we'll try our key on it. If the fails to unpack the file, we abort the encryption attempt.
+      prompt_for_key
+      if has_files_to_encrypt?
+        verify_presented_key if has_encrypted_files?
+        toggle_packed_files(all_unencrypted_filenames, :encrypt)
+      else
+        puts "\nNo unencrypted files to encrypt.\n".warning
+      end
+      return
+    end
+
+    def prompt_for_key
+      message = "Please enter an encryption key (and if your data is already encrypted, you must provide the same key): ".informational
+      @key = ::Readline.readline("\n#{message}", true).squeeze('').to_s
+      puts "\n"
+    end
+
+    def has_encrypted_files?
+      all_encrypted_filenames.any?
+    end
+
+    def has_files_to_encrypt?
+      all_unencrypted_filenames.any?
+    end
+
+    def verify_presented_key
+      # We attempt a decrypt of any encrypted file in order to verify that a newly presented key
+      # matches the key used to previously encrypt. Bcome operates on a one-key-per-implementation basis.
+      test_file = all_encrypted_filenames.first
+      file_contents = File.read(test_file)
+      file_contents.decrypt(@key)
+    end
+
+    def unpack
+      prompt_for_key
+      toggle_packed_files(all_encrypted_filenames,:decrypt)
+      return
+    end
+
+    def toggle_packed_files(filenames, packer_method)
+      raise "Missing encryption key. Please set an encryption key" unless @key
+      filenames.each do |filename|
+        # Get raw
+        raw_contents = File.read(filename)
+ 
+        if packer_method == :decrypt
+          filename =~ /#{path_to_metadata}\/(.+)\.enc/
+          opposing_filename = $1
+          action = "Unpacking"
+        else
+          filename =~ /#{path_to_metadata}\/(.*)/
+          opposing_filename = "#{$1}.enc"
+          action = "Packing"
+        end       
+
+        # Write encrypted/decryption action
+        enc_decrypt_result = raw_contents.send(packer_method, @key)
+        puts "#{action}\s".informational + filename + "\sto\s".informational + "#{path_to_metadata}/" + opposing_filename
+        write_file(opposing_filename, enc_decrypt_result)
+      end
+      puts "\ndone".informational
+    end  
+ 
+    def path_to_metadata
+      "bcome/metadata"
+    end
+
+    def write_file(filename, contents)
+      filepath = "#{path_to_metadata}/#{filename}"
+      File.open("#{filepath}", 'w') { |f| f.write(contents) }
+    end
+ 
+    def all_unencrypted_filenames
+      Dir["#{metadata_path}/*"].reject {|f| f =~ /\.enc/}  
+    end
+
+    def all_encrypted_filenames
+      Dir["#{metadata_path}/*.enc"]
+    end
+
+    def metadata_path
+      "bcome/metadata"
+    end
+
+  end
+end

data/lib/objects/exception/invalid_metadata_encryption_key.rb

@@ -0,0 +1,7 @@
+module Bcome::Exception
+  class InvalidMetaDataEncryptionKey < ::Bcome::Exception::Base
+    def message_prefix
+      'Your metadata encryption key is invalid - your metadata files are encrypted with a different key.'
+    end
+  end
+end

data/lib/objects/modules/workspace_menu.rb

@@ -113,6 +113,12 @@ module Bcome::WorkspaceMenu
       meta: {
         description: 'Print out all metadata related to this node'
       },
+      pack_metadata: {
+        description: 'Encrypt your metadata files',
+      },
+      unpack_metadata: {
+        description: 'Decrypt and expose your encrypted metadata files',
+      },
       registry: {
         description: 'List all user defined commands present in your registry, and available to this namespace',
         console_only: false

data/lib/objects/node/attributes.rb

@@ -41,7 +41,7 @@ module Bcome::Node::Attributes
   def recurse_hash_data_for_instance_var(instance_var_name, parent_key)
     instance_data = instance_variable_defined?(instance_var_name) ? instance_variable_get(instance_var_name) : {}
     instance_data ||= {}
-    instance_data = parent.send(parent_key).merge(instance_data) if has_parent?
+    instance_data = parent.send(parent_key).deep_merge(instance_data) if has_parent?
     instance_data
   end
 end

data/lib/objects/node/base.rb

@@ -50,7 +50,7 @@ module Bcome::Node
     end
 
     def enabled_menu_items
-      [:ls, :lsa, :workon, :enable, :disable, :enable!, :disable!, :run, :tree, :ping, :put, :rsync, :cd, :meta, :registry, :interactive, :execute_script] 
+      [:ls, :lsa, :workon, :enable, :disable, :enable!, :disable!, :run, :tree, :ping, :put, :rsync, :cd, :meta, :pack_metadata, :unpack_metadata, :registry, :interactive, :execute_script] 
     end
 
     def has_proxy?
@@ -91,6 +91,14 @@ module Bcome::Node
       end
       results
     end
+
+    def pack_metadata
+      ::Bcome::Encryptor.instance.pack
+    end
+
+    def unpack_metadata
+      ::Bcome::Encryptor.instance.unpack
+    end 
  
     def validate_attributes
       validate_identifier 

data/lib/objects/node/factory.rb

@@ -6,6 +6,8 @@ module Bcome::Node
 
     CONFIG_PATH = 'bcome'.freeze
     DEFAULT_CONFIG_NAME = 'networks.yml'.freeze
+    SERVER_OVERRIDE_CONFIG_NAME = 'machines-data.yml'.freeze
+
     INVENTORY_KEY = 'inventory'.freeze
     COLLECTION_KEY = 'collection'.freeze
     SUBSELECT_KEY = 'inventory-subselect'.freeze
@@ -24,6 +26,10 @@ module Bcome::Node
       "#{CONFIG_PATH}/#{config_file_name}"
     end
 
+    def machines_data_path
+      "#{CONFIG_PATH}/#{SERVER_OVERRIDE_CONFIG_NAME}"
+    end
+
     def config_file_name
       @config_file_name ||= ENV['CONF'] ? ENV['CONF'] : DEFAULT_CONFIG_NAME
     end
@@ -46,7 +52,7 @@ module Bcome::Node
       raise Bcome::Exception::InvalidNetworkConfig, 'missing config type' unless config[:type]
 
       klass = klass_for_view_type[config[:type]]
-
+ 
       raise Bcome::Exception::InvalidNetworkConfig, "invalid config type #{config[:type]}" unless klass
 
       node = klass.new(views: config, parent: parent)
@@ -84,6 +90,14 @@ module Bcome::Node
       @estate_config ||= reformat_config(load_estate_config)
     end
 
+    def machines_data
+      @machines_data ||= load_machines_data
+    end
+
+    def machines_data_for_namespace(namespace)
+      machines_data[namespace] ? machines_data[namespace] : {}
+    end
+
     def rewrite_estate_config(data)
       File.open(config_path, 'w') do |file|
         file.write data.to_yaml
@@ -94,12 +108,20 @@ module Bcome::Node
       config = YAML.load_file(config_path).deep_symbolize_keys
       return config
     rescue ArgumentError, Psych::SyntaxError => e
-      raise Bcome::Exception::InvalidNetworkConfig, 'Invalid yaml in config' + e.message
+      raise Bcome::Exception::InvalidNetworkConfig, 'Invalid yaml in network config' + e.message
     rescue Errno::ENOENT
       raise Bcome::Exception::DeprecationWarning if is_running_deprecated_configs?
       raise Bcome::Exception::MissingNetworkConfig, config_path
     end
 
+    def load_machines_data
+      return {} unless File.exist?(machines_data_path)    
+      config = YAML.load_file(machines_data_path).deep_symbolize_keys
+      return config
+    rescue ArgumentError, Psych::SyntaxError => e
+      raise Bcome::Exception::InvalidNetworkConfig, 'Invalid yaml in machines data config' + e.message
+    end
+
     def is_running_deprecated_configs?
       File.exist?("bcome/config/platform.yml")
     end

data/lib/objects/node/meta/base.rb

@@ -25,9 +25,11 @@ module Bcome::Node::Meta
       @data
     end
 
-    def fetch(key)
+    def fetch(key, default = nil)
       if @data.key?(key)
         @data[key]
+      elsif default
+        return default
       else
         raise Bcome::Exception::CantFindKeyInMetadata, key unless @data.key?(key)
       end

data/lib/objects/node/meta_data_loader.rb

@@ -8,6 +8,10 @@ module Bcome::Node
       @all_metadata_filenames = Dir["#{META_DATA_FILE_PATH_PREFIX}/*"]
     end
 
+    def decryption_key
+      @decryption_key
+    end
+ 
     def data
       @data ||= do_load
     end
@@ -16,11 +20,29 @@ module Bcome::Node
       data[namespace.to_sym] ? data[namespace.to_sym] : {}
     end
 
+    def prompt_for_decryption_key
+      message = "Please enter your metadata encryption key: ".informational
+      @decryption_key = ::Readline.readline("\n#{message}", true).squeeze('').to_s
+    end
+
+    def load_file_data_for(filepath)
+     if filepath =~ /.enc/  # encrypted file contents 
+        prompt_for_decryption_key unless decryption_key
+        encrypted_contents = File.read(filepath)     
+        decrypted_contents = encrypted_contents.decrypt(decryption_key) 
+        return YAML.load(decrypted_contents)
+      else # unencrypted
+        return YAML.load_file(filepath)
+      end
+    end
+
     def do_load
       all_meta_data = {}
-      @all_metadata_filenames.each do |filename|
+      @all_metadata_filenames.each do |filepath|
+        next if filepath =~ /-unenc/  # we only read from the encrypted, packed files. 
+
         begin
-          filedata = YAML.load_file(filename)
+          filedata = load_file_data_for(filepath)
           all_meta_data.deep_merge!(filedata)
         rescue Psych::SyntaxError => e
           raise Bcome::Exception::InvalidMetaDataConfig, "Error: #{e.message}"

data/lib/objects/node/server/base.rb

@@ -10,6 +10,17 @@ module Bcome::Node::Server
       @bootstrap = false
     end
 
+    # override a server namespace's parameters. This enables features such as specific SSH parameters for a specific server, e.g. my use case was a 
+    # single debian box within an ubuntu network, where I needed to access the machine bootstrapping mode with the 'admin' rather 'ubuntu' username.
+    def set_view_attributes
+      super
+      overridden_attributes = ::Bcome::Node::Factory.instance.machines_data_for_namespace(namespace.to_sym)
+      overridden_attributes.each do |override_key, override_value|
+        instance_variable_name = "@#{override_key}"
+        instance_variable_set(instance_variable_name, override_value)   
+      end
+    end
+
     def bootstrap?
       @bootstrap ? true : false
     end  
@@ -98,6 +109,10 @@ module Bcome::Node::Server
       base_items
     end
 
+    def local_port_forward(start_port, end_port)
+      ssh_driver.local_port_forward(start_port, end_port)
+    end
+
     def open_ssh_connection
       ssh_driver.ssh_connection  
     end

data/lib/objects/ssh/driver.rb

@@ -79,6 +79,27 @@ module Bcome::Ssh
       end
     end
 
+    def local_port_forward(start_port, end_port)
+      if has_proxy?
+        
+        if bootstrap?
+          tunnel_command = "ssh -N -L #{start_port}:#{@context_node.internal_ip_address}:#{end_port} -i #{@bootstrap_settings.ssh_key_path} #{bastion_host_user}@#{@proxy_data.host}"
+        else
+          tunnel_command = "ssh -N -L #{start_port}:#{@context_node.internal_ip_address}:#{end_port} #{bastion_host_user}@#{@proxy_data.host}"
+        end
+      else
+        if bootstrap?
+          tunnel_command = "ssh -i #{@bootstrap_settings.ssh_key_path} -N -L #{start_port}:#{@context_node.public_ip_address}:#{end_port}"
+        else
+          tunnel_command = "ssh -N -L #{start_port}:#{@context_node.public_ip_address}:#{end_port}"
+        end
+      end
+
+      tunnel = ::Bcome::Ssh::Tunnel::LocalPortForward.new(tunnel_command)
+      tunnel.open!
+      return tunnel
+    end
+
     def bootstrap_ssh_command
       if has_proxy?
         "ssh -i #{@bootstrap_settings.ssh_key_path} -t #{bastion_host_user}@#{@proxy_data.host} ssh -t #{user}@#{@context_node.internal_ip_address}"

data/lib/objects/ssh/tunnel/local_port_forward.rb

@@ -0,0 +1,20 @@
+module Bcome::Ssh::Tunnel
+  class LocalPortForward
+ 
+    def initialize(tunnel_command)
+      @tunnel_command = tunnel_command
+      @process_pid = nil
+    end 
+
+    def open!
+      puts "Opening tunnel: #{@tunnel_command}".informational
+      @process_pid = spawn(@tunnel_command)
+    end
+
+    def close!
+      puts "Closing tunnel with process pid ##{@process_pid}: #{@tunnel_command}".informational
+      ::Process.kill("HUP", @process_pid)
+    end
+
+  end
+end

data/patches/string-encrypt.rb

@@ -0,0 +1,40 @@
+require 'openssl'
+
+# Adapted from https://stackoverflow.com/questions/39033577/opensslcipherciphererror-wrong-final-block-length
+
+class String
+
+  ALGORITHM = 'AES-256-ECB'
+
+  def encrypt(key)
+    begin
+      cipher = OpenSSL::Cipher.new(ALGORITHM)
+      cipher.encrypt()
+      cipher.key = key.as_256_bit_key
+      crypt = cipher.update(self) + cipher.final()
+      crypt_string = (Base64.encode64(crypt))
+      return crypt_string
+    rescue Exception => e
+      puts "Failed to encrypt: #{e.message}"
+    end
+  end
+
+  def decrypt(key)
+    begin
+      cipher = OpenSSL::Cipher.new(ALGORITHM)
+      cipher.decrypt()
+      cipher.key = key.as_256_bit_key
+      tempkey = Base64.decode64(self)
+      crypt = cipher.update(tempkey)
+      crypt << cipher.final()
+      return crypt
+    rescue Exception => e
+      raise ::Bcome::Exception::InvalidMetaDataEncryptionKey.new
+    end
+  end
+
+  def as_256_bit_key
+    ::Digest::SHA256.digest self
+  end
+
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bcome
 version: !ruby/object:Gem::Version
-  version: 1.1.4
+  version: 1.3.0
 platform: ruby
 authors:
 - Guillaume Roderick (Webzakimbo)
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-01-03 00:00:00.000000000 Z
+date: 2018-06-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -163,6 +163,7 @@ files:
 - lib/objects/driver/bucket.rb
 - lib/objects/driver/ec2.rb
 - lib/objects/driver/static.rb
+- lib/objects/encryptor.rb
 - lib/objects/exception/argument_error_invoking_method_from_command_line.rb
 - lib/objects/exception/base.rb
 - lib/objects/exception/can_only_subselect_on_inventory.rb
@@ -186,6 +187,7 @@ files:
 - lib/objects/exception/invalid_machines_cache_config.rb
 - lib/objects/exception/invalid_matcher_query.rb
 - lib/objects/exception/invalid_meta_data_config.rb
+- lib/objects/exception/invalid_metadata_encryption_key.rb
 - lib/objects/exception/invalid_network_config.rb
 - lib/objects/exception/invalid_network_driver_type.rb
 - lib/objects/exception/invalid_proxy_config.rb
@@ -264,9 +266,11 @@ files:
 - lib/objects/ssh/driver.rb
 - lib/objects/ssh/proxy_data.rb
 - lib/objects/ssh/script_exec.rb
+- lib/objects/ssh/tunnel/local_port_forward.rb
 - lib/objects/system/local.rb
 - lib/objects/workspace.rb
 - patches/irb.rb
+- patches/string-encrypt.rb
 - patches/string.rb
 - patches/string_stylesheet.rb
 homepage: https://github.com/webzakimbo/bcome-kontrol