bixby-common 0.3.8

data/lib/bixby_common/command_spec.rb

@@ -0,0 +1,138 @@
+
+require 'digest'
+require 'tempfile'
+
+module Bixby
+
+# Describes a Command execution request for the Agent
+class CommandSpec
+
+  include Jsonify
+  include Hashify
+
+  attr_accessor :repo, :digest, :bundle, :command, :args, :stdin, :env
+
+  # Create new CommandSpec
+  #
+  # @params [Hash] params  Hash of attributes to initialize with
+  def initialize(params = nil)
+    return if params.nil? or params.empty?
+    params.each{ |k,v| self.send("#{k}=", v) if self.respond_to? "#{k}=" }
+
+    digest = load_digest()
+    @digest = digest["digest"] if digest
+  end
+
+  # Validate the existence of this Command on the local system
+  # and compare digest to local version
+  #
+  # @param [String] expected_digest
+  # @return [Boolean] returns true if available, else raises error
+  # @raise [BundleNotFound] If bundle doesn't exist or digest does not match
+  # @raise [CommandNotFound] If command doesn't exist
+  def validate(expected_digest)
+    if not bundle_exists? then
+      raise BundleNotFound.new("repo = #{@repo}; bundle = #{@bundle}")
+    end
+
+    if not command_exists? then
+      raise CommandNotFound.new("repo = #{@repo}; bundle = #{@bundle}; command = #{@command}")
+    end
+    if self.digest != expected_digest then
+      raise BundleNotFound, "digest does not match ('#{self.digest}' != '#{expected_digest}'", caller
+    end
+    return true
+  end
+
+  # resolve the given bundle
+  def bundle_dir
+    File.join(Bixby.repo_path, self.relative_path)
+  end
+
+  # Return the relative path to the bundle (inside the repository)
+  #
+  # e.g., if Bixby.repo_path = /opt/bixby/repo then a relative path would
+  #       look like:
+  #
+  #         vendor/system/monitoring
+  #         or
+  #         megacorp/sysops/scripts
+  #
+  # @return [String]
+  def relative_path
+    File.join(@repo, @bundle)
+  end
+
+  def bundle_exists?
+    File.exists? self.bundle_dir
+  end
+
+  def command_file
+    File.join(self.bundle_dir, "bin", @command)
+  end
+
+  def command_exists?
+    File.exists? self.command_file
+  end
+
+  def config_file
+    command_file + ".json"
+  end
+
+  def load_config
+    if File.exists? config_file then
+      MultiJson.load(File.read(config_file))
+    else
+      {}
+    end
+  end
+
+  def digest_file
+    File.join(self.bundle_dir, "digest")
+  end
+
+  def load_digest
+    begin
+      return MultiJson.load(File.read(digest_file))
+    rescue => ex
+    end
+    nil
+  end
+
+  def update_digest
+
+    path = self.bundle_dir
+    sha = Digest::SHA2.new
+    bundle_sha = Digest::SHA2.new
+
+    digests = []
+    Dir.glob("#{path}/**/*").sort.each do |f|
+      next if File.directory? f or File.basename(f) == "digest"
+      bundle_sha.file(f)
+      sha.reset()
+      digests << { :file => f.gsub(/#{path}\//, ''), :digest => sha.file(f).hexdigest() }
+    end
+
+    @digest = { :digest => bundle_sha.hexdigest(), :files => digests }
+    File.open(path+"/digest", 'w'){ |f| f.write(MultiJson.dump(@digest, :pretty => true) + "\n") }
+
+  end
+
+  # Convert object to String, useful for debugging
+  #
+  # @return [String]
+  def to_s # :nocov:
+    s = []
+    s << "CommandSpec:#{self.object_id}"
+    s << "  digest:   #{self.digest}"
+    s << "  repo:     #{self.repo}"
+    s << "  bundle:   #{self.bundle}"
+    s << "  command:  #{self.command}"
+    s << "  args:     #{self.args}"
+    s << "  env:      " + MultiJson.dump(self.env)
+    s << "  stdin:    " + Debug.pretty_str(stdin)
+    s.join("\n")
+  end # :nocov:
+
+end # CommandSpec
+end # Bixby

data/lib/bixby_common/exception/bundle_not_found.rb

@@ -0,0 +1,5 @@
+
+module Bixby
+  class BundleNotFound < Exception
+  end
+end

data/lib/bixby_common/exception/command_exception.rb

@@ -0,0 +1,13 @@
+
+module Bixby
+  class CommandException < Exception
+
+    attr_accessor :response
+
+    def initialize(message, command_response)
+      super(message)
+      @response = command_response
+    end
+
+  end
+end

data/lib/bixby_common/exception/command_not_found.rb

@@ -0,0 +1,5 @@
+
+module Bixby
+  class CommandNotFound < Exception
+  end
+end

data/lib/bixby_common/exception/encryption_error.rb

@@ -0,0 +1,5 @@
+
+module Bixby
+  class EncryptionError < Exception
+  end
+end

data/lib/bixby_common/util/crypto_util.rb

@@ -0,0 +1,130 @@
+
+require 'base64'
+require 'openssl'
+require 'digest'
+
+module Bixby
+  module CryptoUtil
+
+    class << self
+
+      # Encrypt the given payload for over-the-wire transmission
+      #
+      # @param [Object] data                    payload, usually a JSON-encoded String
+      # @param [String] uuid                    UUID of the sender
+      # @param [OpenSSL::PKey::RSA] key_pem     Public key of the receiver
+      # @param [OpenSSL::PKey::RSA] iv_pem      Private key of the sender
+      def encrypt(data, uuid, key_pem, iv_pem)
+        c = new_cipher()
+        c.encrypt
+        key = c.random_key
+        iv = c.random_iv
+
+        data = Time.new.to_i.to_s + "\n" + data # prepend timestamp
+        encrypted = c.update(data) + c.final
+
+        out = []
+        out << uuid
+        out << create_hmac(key, iv, encrypted)
+        out << w( key_pem.public_encrypt(key) )
+        out << w( iv_pem.private_encrypt(iv) )
+        out << e64(encrypted)
+
+        return out.join("\n")
+      end
+
+      # Decrypt the given payload from over-the-wire transmission
+      #
+      # @param [Object] data                    encrypted payload, usually a JSON-encoded String
+      # @param [OpenSSL::PKey::RSA] key_pem     Private key of the receiver
+      # @param [OpenSSL::PKey::RSA] iv_pem      Public key of the sender
+      def decrypt(data, key_pem, iv_pem)
+        data = StringIO.new(data, 'rb') if not data.kind_of? StringIO
+        hmac = data.readline.strip
+        key = key_pem.private_decrypt(read_next(data))
+        iv  = iv_pem.public_decrypt(read_next(data))
+
+        c = new_cipher()
+        c.decrypt
+        c.key = key
+        c.iv = iv
+
+        payload = d64(data.read)
+
+        # very hmac of encrypted payload
+        if not verify_hmac(hmac, key, iv, payload) then
+          raise Bixby::EncryptionError, "hmac verification failed", caller
+        end
+
+        data = StringIO.new(c.update(payload) + c.final)
+
+        ts = data.readline.strip
+        if (Time.new.to_i - ts.to_i) > 60 then
+          raise Bixby::EncryptionError, "payload verification failed", caller
+        end
+
+        return data.read
+      end
+
+      def generate_access_key
+        Digest.hexencode(Digest::MD5.new.digest(OpenSSL::Random.random_bytes(512)))
+      end
+
+      def generate_secret_key
+        Digest.hexencode(Digest::SHA2.new(512).digest(OpenSSL::Random.random_bytes(512)))
+      end
+
+
+      private
+
+      # Compute an HMAC using SHA2-256
+      #
+      # @param [String] key
+      # @param [String] iv
+      # @param [String] payload     encrypted payload
+      #
+      # @return [String] digest in hexadecimal format
+      def create_hmac(key, iv, payload)
+        d = Digest::SHA2.new(256)
+        d << key << iv << payload
+        return d.hexdigest()
+      end
+
+      # Verify the given HMAC of the incoming message
+      #
+      # @param [String] hmac
+      # @param [String] key
+      # @param [String] iv
+      # @param [String] payload     encrypted payload
+      #
+      # @return [Boolean] true if hmac matches
+      def verify_hmac(hmac, key, iv, payload)
+        create_hmac(key, iv, payload) == hmac
+      end
+
+      def new_cipher
+        # TODO make this configurable? perhaps use CTR when available
+        # we can store a CTR support flag on the master
+        OpenSSL::Cipher.new("AES-256-CBC")
+      end
+
+      def w(s)
+        e64(s).gsub(/\n/, "\\n")
+      end
+
+      def read_next(data)
+        d64(data.readline.gsub(/\\n/, "\n"))
+      end
+
+      def e64(s)
+        Base64.encode64(s)
+      end
+
+      def d64(s)
+        Base64.decode64(s)
+      end
+
+    end
+
+  end # CryptoUtil
+end # Bixby

data/lib/bixby_common/util/debug.rb

@@ -0,0 +1,19 @@
+
+module Bixby
+  module Debug
+
+    # Simple helper for use in to_s methods
+    def self.pretty_str(str) # :nocov:
+      if str.nil? then
+        "nil"
+      elsif str.empty? then
+        '""'
+      elsif str.include? "\n" then
+        "<<-EOF\n" + str + "\nEOF"
+      else
+        '"' + str + '"'
+      end
+    end # :nocov:
+
+  end # Debug
+end # Bixby

data/lib/bixby_common/util/hashify.rb

@@ -0,0 +1,16 @@
+
+module Bixby
+
+# Adds to_hash method to an Object
+module Hashify
+
+  # Creates a Hash representation of self
+  #
+  # @return [Hash]
+  def to_hash
+    self.instance_variables.inject({}) { |m,v| m[v[1,v.length].to_sym] = instance_variable_get(v); m }
+  end
+
+end # Hashify
+
+end # Bixby

data/lib/bixby_common/util/http_client.rb

@@ -0,0 +1,64 @@
+
+require 'httpi'
+require 'multi_json'
+
+HTTPI.log = false
+
+module Bixby
+
+# Utilities for using HTTP Clients. Just a thin wrapper around httpi and JSON
+# for common cases.
+module HttpClient
+
+  # Execute an HTTP GET request to the given URL
+  #
+  # @param [String] url
+  # @return [String] Contents of the response's body
+  def http_get(url)
+    HTTPI.get(url).body
+  end
+
+  # Execute an HTTP GET request (see #http_get) and parse the JSON response
+  #
+  # @param [String] url
+  # @return [Object] Result of calling JSON.parse() on the response body
+  def http_get_json(url)
+    MultiJson.load(http_get(url))
+  end
+
+  # Execute an HTTP POST request to the given URL
+  #
+  # @param [String] url
+  # @param [Hash] data  Key/Value pairs to POST
+  # @return [String] Contents of the response's body
+  def http_post(url, data)
+    req = HTTPI::Request.new(:url => url, :body => data)
+    return HTTPI.post(req).body
+  end
+
+  # Execute an HTTP POST request (see #http_get) and parse the JSON response
+  #
+  # @param [String] url
+  # @param [Hash] data  Key/Value pairs to POST
+  # @return [Object] Result of calling JSON.parse() on the response body
+  def http_post_json(url, data)
+    MultiJson.load(http_post(url, data))
+  end
+
+  # Execute an HTTP post request and save the response body
+  #
+  # @param [String] url
+  # @param [Hash] data  Key/Value pairs to POST
+  # @return [void]
+  def http_post_download(url, data, dest)
+    File.open(dest, "w") do |io|
+      req = HTTPI::Request.new(:url => url, :body => data)
+      req.on_body { |d| io << d; d.length }
+      HTTPI.post(req)
+    end
+    true
+  end
+
+end # HttpClient
+
+end # Bixby

data/lib/bixby_common/util/jsonify.rb

@@ -0,0 +1,27 @@
+
+require 'multi_json'
+
+module Bixby
+module Jsonify
+
+  include Hashify
+
+  def to_json
+    MultiJson.dump(self.to_hash)
+  end
+
+  module ClassMethods
+    def from_json(json)
+      json = MultiJson.load(json) if json.kind_of? String
+      obj = self.allocate
+      json.each{ |k,v| obj.send("#{k}=".to_sym, v) }
+      obj
+    end
+  end
+
+  def self.included(receiver)
+    receiver.extend(ClassMethods)
+  end
+
+end # Jsonify
+end # Bixby

data/lib/bixby_common/util/log.rb

@@ -0,0 +1,50 @@
+
+require "logging"
+
+module Bixby
+
+  # A simple logging mixin
+  module Log
+
+    # Get a log instance for this class
+    #
+    # @return [Logger]
+    def log
+      @log ||= Logging.logger[self]
+    end
+
+    # Create a method for each log level. Allows receiver to simply call
+    #
+    #   warn "foo"
+    %w{debug warn info error fatal}.each do |level|
+      code = <<-EOF
+      def #{level}(data=nil, &block)
+        log.send(:#{level}, data, &block)
+      end
+      EOF
+      eval(code)
+    end
+
+    # Setup logging
+    #
+    # @param [Symbol] level       Log level to use (default = :warn)
+    # @param [String] pattern     Log pattern
+    def self.setup_logger(level=nil, pattern=nil)
+      # set level: ENV flag overrides; default to warn
+      level = :debug if ENV["BIXBY_DEBUG"]
+      level ||= :warn
+
+      pattern ||= '%.1l, [%d] %5l -- %c: %m\n'
+
+      # TODO always use stdout for now
+      Logging.appenders.stdout(
+        :level  => level,
+        :layout => Logging.layouts.pattern(:pattern => pattern)
+        )
+      Logging::Logger.root.add_appenders(Logging.appenders.stdout)
+      Logging::Logger.root.level = level
+    end
+
+  end # Log
+
+end

data/lib/bixby_common.rb

@@ -0,0 +1,24 @@
+
+require "bixby_common/bixby"
+
+module Bixby
+
+  autoload :CommandResponse, "bixby_common/command_response"
+  autoload :CommandSpec, "bixby_common/command_spec"
+
+  autoload :JsonRequest, "bixby_common/api/json_request"
+  autoload :JsonResponse, "bixby_common/api/json_response"
+
+  autoload :BundleNotFound, "bixby_common/exception/bundle_not_found"
+  autoload :CommandNotFound, "bixby_common/exception/command_not_found"
+  autoload :CommandException, "bixby_common/exception/command_exception"
+  autoload :EncryptionError, "bixby_common/exception/encryption_error"
+
+  autoload :CryptoUtil, "bixby_common/util/crypto_util"
+  autoload :HttpClient, "bixby_common/util/http_client"
+  autoload :Jsonify, "bixby_common/util/jsonify"
+  autoload :Hashify, "bixby_common/util/hashify"
+  autoload :Log, "bixby_common/util/log"
+  autoload :Debug, "bixby_common/util/debug"
+
+end

data/test/bixby_common_test.rb

@@ -0,0 +1,18 @@
+require 'helper'
+
+module Bixby
+module Test
+
+class TestBixbyCommon < MiniTest::Unit::TestCase
+
+  def test_autoloading
+    assert_equal(JsonRequest, JsonRequest.new(nil, nil).class)
+    assert_equal(BundleNotFound, BundleNotFound.new.class)
+    assert_equal(CommandNotFound, CommandNotFound.new.class)
+    assert_equal(CommandSpec, CommandSpec.new.class)
+  end
+
+end
+
+end # Test
+end # Bixby

data/test/command_response_test.rb

@@ -0,0 +1,48 @@
+
+require 'helper'
+
+module Bixby
+module Test
+
+class TestCommandResponse < MiniTest::Unit::TestCase
+
+  def test_from_json_response
+    res = JsonResponse.new("fail", "unknown")
+    assert res.fail?
+    refute res.success?
+    cr = CommandResponse.from_json_response(res)
+    assert_kind_of CommandResponse, cr
+    assert_equal 255, cr.status
+    assert_equal "unknown", cr.stderr
+    begin
+      cr.raise!
+    rescue CommandException => ex
+      assert_equal "unknown", ex.message
+    end
+
+    res = JsonResponse.new("success", nil, {:status => 0, :stdout => "foobar", :stderr => nil})
+    assert res.success?
+    refute res.fail?
+    cr = CommandResponse.from_json_response(res)
+    assert_kind_of CommandResponse, cr
+    assert_equal 0, cr.status
+    assert_equal "foobar", cr.stdout
+    assert_nil cr.stderr
+  end
+
+  def test_status
+    cr = CommandResponse.new
+    cr.status = 0
+    assert cr.success?
+    refute cr.fail?
+    refute cr.error?
+
+    cr.status = "255"
+    refute cr.success?
+    assert cr.fail?
+  end
+
+end # TestCommandResponse
+
+end # Test
+end # Bixby

data/test/command_spec_test.rb

@@ -0,0 +1,98 @@
+
+
+require 'helper'
+
+module Bixby
+module Test
+
+class TestCommandSpec < MiniTest::Unit::TestCase
+
+  def setup
+    ENV["BIXBY_HOME"] = File.join(File.expand_path(File.dirname(__FILE__)), "support")
+    h = { :repo => "vendor", :bundle => "test_bundle", 'command' => "echo", :foobar => "baz" }
+    @c = CommandSpec.new(h)
+  end
+
+  def teardown
+    super
+    system("rm -rf /tmp/_test_bixby_home")
+  end
+
+
+  def test_init_with_hash
+    assert(@c)
+    assert_equal("vendor", @c.repo)
+    assert_equal("test_bundle", @c.bundle)
+    assert_equal("echo", @c.command)
+  end
+
+  def test_to_hash
+    assert_equal("vendor", @c.to_hash[:repo])
+    assert_equal("test_bundle", @c.to_hash[:bundle])
+    assert_equal("echo", @c.to_hash[:command])
+  end
+
+  def test_load_config
+    config = @c.load_config
+    assert config
+    assert_kind_of Hash, config
+    assert_empty config
+
+    @c.command = "cat"
+    config = @c.load_config
+    assert config
+    assert_equal "cat", config["name"]
+  end
+
+  def test_validate_failures
+    assert_throws(BundleNotFound) do
+      CommandSpec.new(:repo => "vendor", :bundle => "foobar").validate(nil)
+    end
+    assert_throws(CommandNotFound) do
+      CommandSpec.new(:repo => "vendor", :bundle => "test_bundle", :command => "foobar").validate(nil)
+    end
+    assert_throws(BundleNotFound) do
+      @c.validate(nil)
+    end
+  end
+
+  def test_digest
+    expected_digest = "8980372485fc6bcd287e481ab1e15710e2b63c68db75085c2d24386ced272ca4"
+    assert_equal expected_digest, @c.digest
+    assert @c.validate(expected_digest)
+  end
+
+  def test_digest_no_err
+    c = CommandSpec.new({ :repo => "vendor", :bundle => "test_bundle", 'command' => "echofoo" })
+  end
+
+  def test_exec_digest_changed_throws_error
+    assert_throws(BundleNotFound) do
+      @c.validate("alkjasdfasd")
+    end
+  end
+
+  def test_update_digest
+    expected = MultiJson.load(File.read(Bixby.repo_path + "/vendor/test_bundle/digest"))
+
+    t = "/tmp/_test_bixby_home"
+    d = "#{t}/repo/vendor/test_bundle/digest"
+    `mkdir -p #{t}`
+    `cp -a #{Bixby.repo_path}/ #{t}/`
+    `rm #{d}`
+    ENV["BIXBY_HOME"] = t
+
+    refute File.exist? d
+    @c.update_digest
+    assert File.exist? d
+    assert_equal MultiJson.dump(expected), MultiJson.dump(MultiJson.load(File.read(d)))
+
+    @c.update_digest
+    assert File.exist? d
+    assert_equal MultiJson.dump(expected), MultiJson.dump(MultiJson.load(File.read(d)))
+  end
+
+end # TestCommandSpec
+
+end # Test
+end # Bixby