carioca 2.0.12 → 2.1.1

data/carioca.gemspec

@@ -41,6 +41,9 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'rubocop', '~> 1.32'
   spec.add_development_dependency 'yard', '~> 0.9.27'
   spec.add_development_dependency 'yard-rspec', '~> 0.1'
+  spec.add_development_dependency "bundle-audit", "~> 0.1.0"
   spec.metadata['rubygems_mfa_required'] = 'false'
   spec.add_dependency 'version', '~> 1.1'
+  spec.add_runtime_dependency 'ps-ruby','~> 0.0.4'
+  spec.add_development_dependency "cyclonedx-ruby", "~> 1.1"
 end

data/config/locales/en.yml

@@ -21,3 +21,37 @@ en:
   output: 
     load:
       context: "Output service initialized in mode : %{confset}"
+  finisher:
+    messages: 
+      not_root: "This operation need to be run as root (use sudo or rvmsudo)"
+      options_incompatibility: "Options incompatibility"
+      service_dependence_missing: "Appifier Service dependence missing"
+      config_required: "Specific configuration required"
+      setup_error: "Setup terminated unsuccessfully"
+      setup_success: "Setup terminated successfully"
+      sanitycheck_error: "Sanitycheck terminated unsuccessfully"
+      sanitycheck_success: "Sanitycheck terminated successfully"
+      configuration_error: "Configuration Error"
+      success_exit: "Operation sucessfull"
+      error_exit: "Operation failure" 
+      interrupt: "User operation interrupted"
+      not_found: "Object not found"
+      already_exist: "Object already exist"
+      status_ok: "Status OK"
+      status_ko: "Status KO"
+    bad_usage: "Case must be a return or an exit"
+  setup:
+    error: "Setup operation failed"
+    execute:
+      start: "Begining setup :"
+    install: "Installation of file %{file}"
+    mkdir: "Creation of folder %{path}"
+    ln: "Creation of symlink %{target} -> %{source}"
+  sanitycheck:
+    error: "Sanitycheck stop on Configuration error"
+    success: "Sanitycheck finish without errors"
+    failure: "Sanitycheck finish with errors"
+    run:
+      start: "Begining sanitycheck :"
+      ok: "Testcase %{testcase} on %{name} is ok"
+      ko: "Testcase %{testcase} on %{name} is ok, problem(s) : %{pbm}"

data/config/locales/fr.yml

@@ -20,4 +20,38 @@ fr:
       success: "Service de configuration initialisé avec succès depuis : %{from}"
   output: 
     load:
-      context: "Service output initialisé en mode : %{confset}"
+      context: "Service output initialisé en mode : %{confset}"
+  finisher:
+    messages: 
+      not_root: "L'opération doit être lancée en root (utiliser sudo ou rvmsudo)"
+      options_incompatibility: "Options incompatibles"
+      service_dependence_missing: "Service Carioca, dépendence manquante"
+      config_required: "Configuration spécifique requise"
+      setup_error: "Setup terminé avec succès"
+      setup_success: "Setup terminé en échec"
+      sanitycheck_error: "Sanitycheck terminé en echec"
+      sanitycheck_success: "Sanitycheck terminé avec succès"
+      configuration_error: "Erreur de configuration"
+      success_exit: "Opération terminée avec succès"
+      error_exit: "Opération terminée en échec" 
+      interrupt: "Opération interrompue par l'utilisateur"
+      not_found: "Objet non trouvé"
+      already_exist: "L'objet existé déjà"
+      status_ok: "Status OK"
+      status_ko: "Status KO"
+    bad_usage: "return_case et exit_case sont incompatibles"
+  setup:
+    error: "Opération en echec durant le setup"
+    execute:
+      start: "Début du setup :"
+    install: "Installation du fichier %{file}"
+    mkdir: "Creation du répertoire %{path}"
+    ln: "Creation du lien symbolique %{target} -> %{source}"
+  sanitycheck:
+    error: "Sanitycheck stoppé sur une erreur de configuration"
+    success: "Sanitycheck terminé sans erreurs"
+    failure: "Sanitycheck termoiné avec des erreurs"
+    run:
+      start: "Démarrage du sanitycheck :"
+      ok: "Testcase %{testcase} sur %{name}  ok"
+      ko: "Testcase %{testcase} sur %{name}  ko, problème(s) : %{pbm}"

data/lib/carioca/configuration.rb

@@ -5,7 +5,8 @@ module Carioca
     include Carioca::Constants
     include Carioca::Helpers
     attr_accessor :filename, :name, :builtins, :log_target, :default_locale, :locales_load_path, :debugger_tracer,
-                  :config_file, :config_root, :environment, :supported_environment, :output_mode, :log_level, :output_target
+                  :config_file, :config_root, :environment, :supported_environments, :output_mode, :log_level, :output_target, :user_config_path,
+                  :master_key_file, :secure_store_file
     attr_writer :init_from_file, :output_colors, :output_emoji
     attr_reader :log_file, :locales_availables, :debug
 
@@ -21,13 +22,16 @@ module Carioca
       @environment = DEFAULT_ENVIRONMENT.dup
       @config_root = DEFAULT_CONFIG_ROOT.dup
       @log_target = '::Logger::new(STDOUT)'
-      @supported_environment = DEFAULT_ENVIRONMENTS_LIST.dup
+      @supported_environments = DEFAULT_ENVIRONMENTS_LIST.dup
       @default_locale = DEFAULT_LOCALE
       @locales_availables = []
       @output_mode = DEFAULT_OUTPUT_MODE.dup
       @output_colors = DEFAULT_COLORS_STATUS.dup
       @output_emoji = DEFAULT_EMOJI_STATUS.dup
       @output_target = DEFAULT_OUTPUT_TARGET.dup
+      @user_config_path = DEFAULT_USER_CONFIG_PATH.dup
+      @master_key_file = DEFAULT_MASTER_KEY_FILE.dup
+      @secure_store_file = DEFAULT_SECURE_STORE_FILE.dup
       path = search_file_in_gem('carioca', 'config/locales')
       @locales_load_path = Dir["#{File.expand_path(path)}/*.yml"]
       Dir["#{path}/*.yml"].sort.each do |file|

data/lib/carioca/constants.rb

@@ -14,6 +14,11 @@ module Carioca
     DEFAULT_COLORS_STATUS = true
     DEFAULT_LOG_LEVEL = :info
 
+    DEFAULT_USER_CONFIG_PATH = "~/.carioca"
+
+    DEFAULT_MASTER_KEY_FILE = "#{DEFAULT_USER_CONFIG_PATH}/master.key"
+    DEFAULT_SECURE_STORE_FILE = "#{DEFAULT_USER_CONFIG_PATH}/secure.Store"
+
     DEFAULT_DEBUGGER_TRACER = :output
 
     # service definitions specs
@@ -24,6 +29,9 @@ module Carioca
 
     DEFAULT_ENVIRONMENTS_LIST = %i[production staging test development].freeze
 
+
+    
+
     BUILTINS = {
       configuration: {
         type: :internal,
@@ -50,7 +58,7 @@ module Carioca
       },
       output: {
         type: :internal,
-        description: 'The Output serice of Carioca',
+        description: 'The Output service of Carioca',
         service: "Carioca::Services::Output::Provider::new(
                                 mode: Carioca::Registry.config.output_mode,
                                 emoji: Carioca::Registry.config.output_emoji?,
@@ -59,6 +67,35 @@ module Carioca
                                 target: Carioca::Registry.config.output_target
             )"
       },
+      finisher: {
+        type: :internal,
+        service: 'Carioca::Services::Finisher::new',
+        description: 'The Finisher service of Carioca',
+        depends: [:i18n,:logger, :configuration]
+      },
+      toolbox: {
+        type: :internal,
+        service: 'Carioca::Services::Toolbox',
+        description: 'The Misceleanous Toolbox service of Carioca',
+      },
+      setup: {
+        type: :internal,
+        service: 'Carioca::Services::Setup::new',
+        description: 'The Setup service of Carioca',
+        depends: [:i18n,:logger, :configuration ]
+      },
+      sanitycheck: {
+        type: :internal,
+        service: 'Carioca::Services::Sanitycheck::new',
+        description: 'The Sanitycheck service of Carioca',
+        depends: [:i18n,:logger, :configuration ]
+      },
+      securestore: {
+        type: :internal,
+        service: 'Carioca::Services::SecureStore::new',
+        description: 'The SecureStore service of Carioca',
+        depends: [:i18n,:logger, :configuration ]
+      },
       debugger: {
         type: :internal,
         description: 'The Debugger Service of Carioca',

data/lib/carioca/dependencies.rb

@@ -4,11 +4,24 @@ require 'yaml'
 require 'forwardable'
 require 'singleton'
 
+require 'socket'
+require 'yaml'
+require 'thread'
+require 'fileutils'
+require 'etc'
+require 'json'
+require 'uri'
+require 'openssl'
+require 'base64'
+
+
+
 require 'rubygems'
 require 'i18n'
 require 'locale'
 require 'deep_merge'
 require 'pastel'
+require 'ps-ruby'
 
 require_relative 'helpers'
 require_relative 'constants'

data/lib/carioca/services/config.rb

@@ -67,7 +67,7 @@ module Carioca
           @data = {} unless @data.instance_of?(Hash)
           @data.delete_if { |key, _value| config.config_root != key }
           @data[config.config_root] = {} unless @data.include? config.config_root
-          config.supported_environment.each do |evt|
+          config.supported_environments.each do |evt|
             @data[config.config_root][evt] = {} unless @data[config.config_root].include? evt
           end
           @data[config.config_root][:default] = {} unless @data[config.config_root].include? :default

data/lib/carioca/services/finisher.rb

@@ -0,0 +1,121 @@
+# coding: utf-8
+
+# base Carioca namespace
+module Carioca
+
+    module Services
+
+        class SpecificError < Exception
+            attr_reader :error_case
+            def initialize(*arg, error_case: :status_ko)
+              super(*arg)
+              @error_case = error_case
+            end
+          end
+
+      # Exiter namespace
+      class Finisher
+       
+        DEFAULT_FINISHERS_SPECS = {
+            # global
+            not_root: { code: 40, key: 'finisher.messages.not_root' },
+            options_incompatibility: { code: 410, key: 'finisher.messages.options_incompatibility'},
+            service_dependence_missing: { code: 430, key: 'finisher.messages.service_dependence_missing'},
+            config_required: { code: 420, key: 'finisher.messages.config_required'},
+            setup_error: { code: 520, key: 'finisher.messages.setup_error'},
+            setup_success: { code: 0, key: 'finisher.messages.setup_success'},
+            sanitycheck_error: { code: 510, key: 'finisher.messages.sanitycheck_error'},
+            sanitycheck_success: { code: 0, key: 'finisher.messages.sanitycheck_success'},
+            configuration_error: { code: 501, key: 'finisher.messages.configuration_error'},
+            success_exit: { code: 0, key: 'finisher.messages.success_exit' },
+            quiet_exit: { code: 0 },
+            error_exit: { code: 50, key: 'finisher.messages.error_exit' },
+            # events
+            interrupt: { code: 330, key: 'finisher.messages.interrupt' },
+            # request
+            not_found: { code: 404, key: 'finisher.messages.not_found' },
+            already_exist: { code: 408, key: 'finisher.messages.already_exist' },
+            # daemon
+            status_ok: { code: 200, key: 'finisher.messages.status_ok' },
+            status_ko: { code: 500, key: 'finisher.messages.status_ko' }
+          }
+
+  
+          def initialize
+            registry = Carioca::Registry.get
+            @output = registry.get_service name: :output
+            @i18n = registry.get_service name: :i18n
+            @configuration = registry.get_service name: :configuration
+            @exit_map = DEFAULT_FINISHERS_SPECS
+            @exit_map.merge! @configuration.settings.exit_cases if @configuration.settings.exit_cases
+          end
+
+          def terminate(return_case: nil, exit_case: nil, more: nil )
+              raise "Case must be a return or an exit" if return_case and exit_case
+              do_exit!( exit_case: exit_case, more: more) if exit_case
+              do_return(return_case: return_case, more: more) if return_case
+          end
+  
+        # exiter 
+        # @option [Symbol] :case an exit case
+        # @option [String] :more a complementary string to display
+        def do_exit!(exit_case: :quiet_exit, more: nil )
+          mess = ""
+          mess = @i18n.t(@exit_map[exit_case][:key]) if @exit_map[exit_case].include? :key
+          mess << " : " unless mess.empty? or not more
+          mess << "#{more}" if more
+          if  @exit_map[exit_case][:code] == 0 then
+            @output.success mess unless mess.empty?
+            exit 0
+          else
+            @output.fatal mess unless mess.empty?
+            exit @exit_map[exit_case][:code]
+          end
+        end
+    
+        def do_return(return_case: :status_ok, more: nil )
+          data = @exit_map[return_case].clone
+          if data.include? :key then
+            data[:message] = @i18n.t(data[:key])
+            data.delete :key
+          end
+          data[:more] = more if more
+          return data
+        end
+
+        def secure_raise(message: "unknown error", error_case: :status_ko)
+            raise SpecificError::new message, error_case: error_case 
+        end
+
+
+        def secure_api_return(data: nil, return_case: nil, structured: false, json: true)
+            result = {}
+            begin
+              data = yield if block_given?
+              result = (structured)? do_return(return_case: return_case).merge({data: data }) : data
+            rescue Exception => e
+              key = (e.respond_to? :error_case)? e.error_case : :status_ko
+              more  = (e.respond_to? :error_case)? e.message : "#{e.class.to_s} : #{e.message}"
+              result = do_return return_case: key, more: more
+            end
+            result = JSON.pretty_generate(JSON.parse(result.to_json)) if json
+            return result
+          end
+
+
+          def secure_execute!( exit_case: :success_exit )
+            result = {}
+            begin
+              more = yield 
+              
+            rescue Exception => e
+              key = (e.respond_to? :error_case)? e.error_case : :error_exit
+              more  = (e.respond_to? :error_case)? e.message : "#{e.class.to_s} : #{e.message}"
+              exit_case = key
+            end
+            do_exit! exit_case: exit_case, more: more
+          end
+    
+      end
+    end
+  end

data/lib/carioca/services/sanitycheck.rb

@@ -0,0 +1,143 @@
+# coding: utf-8
+
+# base Carioca namespace
+module Carioca
+    
+    module Services
+        
+        # Exiter namespace
+        class Sanitycheck
+
+            def initialize
+                registry = Carioca::Registry.get
+                @output = registry.get_service name: :output
+                @i18n = registry.get_service name: :i18n
+                @toolbox = registry.get_service name: :toolbox
+                @configuration = registry.get_service name: :configuration
+                @finisher = registry.get_service name: :finisher
+                @schema = {}
+                if @configuration.settings.include? :sanitycheck then
+                    @schema = (@configuration.settings.sanitycheck.include? :rules)? @configuration.settings.sanitycheck.rules : {}
+                end
+            end
+
+            def run
+              begin
+                result = []
+                  @output.info @i18n.t('sanitycheck.run.start')
+                  error_number = 0
+                  @schema.each do |item|
+                    testcase = item[:test] ; item.delete(:test)
+                    res = self.send(testcase, **item) 
+                    if  res.empty? then
+                        @output.ok @i18n.t('sanitycheck.run.ok', testcase: testcase, name: item[:name].to_s)
+                      else
+                        pbm = res.map {|p| p.to_s}.join(',')
+                        @output.ko @i18n.t('sanitycheck.run.ko', testcase: testcase, name: item[:name].to_s, pbm: pbm)
+                        error_number =+ 1
+                      end
+                  end
+                 if error_number>0 then
+                    @output.error @i18n.t('sanitycheck.failure')
+                 else
+                    @output.success @i18n.t('sanitycheck.success') 
+                end
+              rescue Exception
+                  @finisher.secure_raise message: @i18n.t('sanitychek.error'), error_case: :status_ko
+              end unless @schema.empty?
+
+          end
+
+
+
+#@!group  Verifiers for application : FS and TCP/IP services
+
+    # check folder
+    # @return [Array] of Symbol with error type : [:inexistant,:mode,:owner,:group]
+    # @option [String] :name folder path (relative or absolute)
+    # @option [String] :mode String for OCTAL rights like "644", default 755
+    # @option [String] :owner file owner for folder, optionnal
+    # @option [String] :group  file group for folder, optionnal
+    def verify_folder(name:, mode: "755", owner: nil, group: nil)
+        full_name = File.expand_path(name)     
+        res = Array::new
+        return  [:inexistant] unless File.directory?(full_name)
+        stat = File.stat(full_name)
+        if mode then
+          tested_mode = "%o" % stat.mode
+          res << :mode if tested_mode[-3..-1] != mode
+        end
+        if owner then
+          res << :owner if Etc.getpwuid(stat.uid).name != owner
+        end
+        if group then
+          res << :group if Etc.getgrgid(stat.gid).name != group
+        end
+        return res
+      end
+  
+      # check symlink
+      # @return [Boolean]
+      # @option [String] :name path of the link
+      def verify_link(name: )
+        full_name = File.expand_path(name)  
+        res = Array::new
+        res.push :inexistant unless File.file?(full_name)
+        return res
+      end
+  
+      # check file
+      # @return [Array] of Symbol with error type : [:inexistant,:mode,:owner,:group]
+      # @option [String] :name path of file
+      # @option [String] :mode String for OCTAL rights like "644", optionnal
+      # @option [String] :owner file owner for file, optionnal
+      # @option [String] :group  file group for file, optionnal
+      def verify_file(name: , mode: '644', owner: nil, group: nil)
+        full_name = File.expand_path(name)
+        res = Array::new
+        return  [:inexistant] unless File.file?(full_name)
+        stat = File.stat(full_name)
+        if mode then
+          tested_mode = "%o" % stat.mode
+          res << :mode if tested_mode[-3..-1] != mode
+        end
+        if owner then
+          res << :owner if Etc.getpwuid(stat.uid).name != owner
+        end
+        if group then
+          res << :group if Etc.getgrgid(stat.gid).name != group
+        end
+        return res
+      end
+  
+      # TCP/IP service checker
+      # @return [Bool] status
+      # @option [String] :name display name
+      # @option [String] :host hostname
+      # @option [String] :port TCP port
+      # @option [String] :url full URL, priority on :host and :port
+      def verify_service(name: nil, url: nil, host: nil, port: nil)
+        begin
+          if url then
+            uri = URI.parse(url)
+            host = uri.host
+            port = uri.port
+          end
+          Timeout::timeout(1) do
+            begin
+              s = TCPSocket.new(host, port)
+              s.close
+              return true
+            rescue Errno::ECONNREFUSED, Errno::EHOSTUNREACH
+              return false
+            end
+          end
+        rescue Timeout::Error
+          return false
+        end
+      end
+      #!@endgroup
+
+        end
+    end
+end

data/lib/carioca/services/securestore.rb

@@ -0,0 +1,81 @@
+
+module Carioca
+    module Services
+        
+        class SecureStore
+            attr_accessor :data
+            
+            extend Carioca::Injector
+            inject service: :logger
+            inject service: :setup
+            inject service: :sanitycheck
+
+            def initialize(storefile: Carioca::Registry.config.secure_store_file, keyfile: Carioca::Registry.config.master_key_file)
+                [storefile, keyfile].map {|file| File.dirname(file) }.each do |path|
+                    setup.make_folder path:  File.expand_path(path), mode: "400" unless sanitycheck.verify_folder name: path
+                end
+                @storefile = File.expand_path(storefile)
+                @keyfile = File.expand_path(keyfile)
+                init! unless initialized?
+                @data = decrypt
+            end
+            
+            def initialized?
+                File.exist?(@storefile) && File.exist?(@keyfile)
+            end
+            
+            def save!
+                encrypt(@data)
+            end
+            
+            def init!
+                path = File.dirname(@storefile)
+                FileUtils.mkdir_p path
+                generate_key
+                init_data = {}
+                encrypt(init_data)
+                logger.warn(to_s) { 'Secure Store initialized' }
+            end
+            
+            private
+            
+            def generate_key
+                cipher = OpenSSL::Cipher.new('aes-256-cbc')
+                cipher.encrypt
+                key = cipher.random_key
+                iv = cipher.random_iv
+                encoded_key = Base64.encode64("#{key}|#{iv}")
+                unless File.exist? @keyfile
+                    File.write(@keyfile, encoded_key)
+                    FileUtils.chmod 0o400, @keyfile
+                end
+            end
+            
+            def decrypt
+                decipher = OpenSSL::Cipher.new('aes-256-cbc')
+                decipher.decrypt
+                encoded_key = File.read(@keyfile)
+                key, iv = Base64.decode64(encoded_key).split('|')
+                decipher.key = key
+                decipher.iv = iv
+                encoded = File.read(@storefile)
+                encrypted = Base64.decode64(encoded)
+                plain = decipher.update(encrypted) + decipher.final
+                YAML.load(plain)
+            end
+            
+            def encrypt(data)
+                encoded_key = File.read(@keyfile)
+                key, iv = Base64.decode64(encoded_key).split('|')
+                cipher = OpenSSL::Cipher.new('aes-256-cbc')
+                cipher.encrypt
+                cipher.key = key
+                cipher.iv = iv
+                encrypted = cipher.update(data.to_yaml) + cipher.final
+                encoded = Base64.encode64(encrypted)
+                File.write(@storefile, encoded)
+            end
+        end
+    end
+end
+

data/lib/carioca/services/setup.rb

@@ -0,0 +1,87 @@
+# coding: utf-8
+
+# base Carioca namespace
+module Carioca
+    
+    module Services
+        
+        # Exiter namespace
+        class Setup
+
+            def initialize
+                registry = Carioca::Registry.get
+                @output = registry.get_service name: :output
+                @i18n = registry.get_service name: :i18n
+                @toolbox = registry.get_service name: :toolbox
+                @configuration = registry.get_service name: :configuration
+                @finisher = registry.get_service name: :finisher
+                @schema = {}
+                if @configuration.settings.include? :setup then
+                    @schema = (@configuration.settings.setup.include? :rules)? @configuration.settings.setup.rules : {}
+                end
+            end
+
+
+            def execute!
+                begin
+                    @output.info @i18n.t('setup.execute.start')
+                    @schema.each do |item|
+                      action = item[:action] ; item.delete(:action)
+                      self.send action, **item
+                    end
+                rescue Exception
+                    @finisher.secure_raise message: @i18n.t('setup.error'), error_case: :status_ko
+                end unless @schema.empty?
+            end
+
+
+
+
+               # @!group facilities for file system commands
+
+    # facility for file installation
+    # @option [String] :source file source path
+    # @option [String] :target file target path
+    # @option [String] :mode String for OCTAL rights (default "644")
+    # @option [String] :owner file owner for target (optional)
+    # @option [String] :group  file group for target (optional)
+    # @option [Bool] :force to copy file in force (default true)
+    # @option [Bool] :gem resolve file in gem root (default true)
+    # @option [String] :gem_name name of the gem where to search (default "carioca")
+    def install_file(source:, target:, mode: "644", owner: nil, group: nil, force: true, gem: true, gem_name: "carioca" )
+      @output.item @i18n.t('setup.install', file: target)
+        full_target = File.expand_path(target)
+        source = (gem)? @toolbox.search_file_in_gem(gem_name,source) : source
+        FileUtils::copy source, full_target if force
+        FileUtils.chmod mode.to_i(8), full_target
+        FileUtils.chown owner, group, full_target if owner and group
+      end
+  
+      # facility for folder creation
+      # @option [String] :path folder path (relative or absolute)
+      # @option [String] :mode String for OCTAL rights like "644"
+      # @option [String] :owner file owner for folder
+      # @option [String] :group  file group for folder
+    def make_folder(path:, mode: "644", owner: nil, group: nil )
+        full_path = File.expand_path(path)
+        @output.item @i18n.t('setup.mkdir', path: full_path)
+        FileUtils::mkdir_p path unless File::exist? full_path
+        FileUtils.chmod mode.to_i(8), full_path
+        FileUtils.chown owner, group, full_path if owner and group
+      end
+  
+      # facility for Symbolic link
+      # @option [String] :source path of the file
+      # @option [String] :link path of the symlink
+      def make_link(source:, link:)
+        full_source = File.expand_path(source)
+        full_link = File.expand_path(link)
+        @output.item @i18n.t('setup.ln', target: link, source: source)
+        FileUtils::rm link if (File::symlink? link and not File::exist? link)
+        FileUtils::ln_s source, link unless File::exist? link
+      end
+      # @!endgroup
+
+        end
+    end
+end