chook 1.0.0.b1

data/lib/chook/event_handling.rb

@@ -0,0 +1,40 @@
+### Copyright 2017 Pixar
+
+###
+###    Licensed under the Apache License, Version 2.0 (the "Apache License")
+###    with the following modification; you may not use this file except in
+###    compliance with the Apache License and the following modification to it:
+###    Section 6. Trademarks. is deleted and replaced with:
+###
+###    6. Trademarks. This License does not grant permission to use the trade
+###       names, trademarks, service marks, or product names of the Licensor
+###       and its affiliates, except as required to comply with Section 4(c) of
+###       the License and to reproduce the content of the NOTICE file.
+###
+###    You may obtain a copy of the Apache License at
+###
+###        http://www.apache.org/licenses/LICENSE-2.0
+###
+###    Unless required by applicable law or agreed to in writing, software
+###    distributed under the Apache License with the above modification is
+###    distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+###    KIND, either express or implied. See the Apache License for the specific
+###    language governing permissions and limitations under the Apache License.
+###
+###
+# foundation
+require 'chook/foundation'
+
+# namespace modules
+require 'chook/handled_subjects'
+require 'chook/handled_events'
+
+# subjects - must load before events.
+require 'chook/subject'
+require 'chook/subject/handled_subject'
+Chook::HandledSubject.generate_classes
+
+# events
+require 'chook/event'
+require 'chook/event/handled_event'
+Chook::HandledEvent.generate_classes

data/lib/chook/event_testing.rb

@@ -0,0 +1,43 @@
+### Copyright 2017 Pixar
+
+###
+###    Licensed under the Apache License, Version 2.0 (the "Apache License")
+###    with the following modification; you may not use this file except in
+###    compliance with the Apache License and the following modification to it:
+###    Section 6. Trademarks. is deleted and replaced with:
+###
+###    6. Trademarks. This License does not grant permission to use the trade
+###       names, trademarks, service marks, or product names of the Licensor
+###       and its affiliates, except as required to comply with Section 4(c) of
+###       the License and to reproduce the content of the NOTICE file.
+###
+###    You may obtain a copy of the Apache License at
+###
+###        http://www.apache.org/licenses/LICENSE-2.0
+###
+###    Unless required by applicable law or agreed to in writing, software
+###    distributed under the Apache License with the above modification is
+###    distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+###    KIND, either express or implied. See the Apache License for the specific
+###    language governing permissions and limitations under the Apache License.
+###
+###
+# foundation
+require 'chook/foundation'
+
+# subjects - must load before events.
+require 'chook/subject'
+require 'chook/subject/randomizers'
+require 'chook/subject/samplers'
+require 'chook/subject/validators'
+
+# testing data generation
+require 'chook/subject/test_subject'
+require 'chook/test_subjects'
+Chook::TestSubject.generate_classes
+
+# events
+require 'chook/event'
+require 'chook/event/test_event'
+require 'chook/test_events'
+Chook::TestEvent.generate_classes

data/lib/chook/foundation.rb

@@ -0,0 +1,33 @@
+### Copyright 2017 Pixar
+
+###
+###    Licensed under the Apache License, Version 2.0 (the "Apache License")
+###    with the following modification; you may not use this file except in
+###    compliance with the Apache License and the following modification to it:
+###    Section 6. Trademarks. is deleted and replaced with:
+###
+###    6. Trademarks. This License does not grant permission to use the trade
+###       names, trademarks, service marks, or product names of the Licensor
+###       and its affiliates, except as required to comply with Section 4(c) of
+###       the License and to reproduce the content of the NOTICE file.
+###
+###    You may obtain a copy of the Apache License at
+###
+###        http://www.apache.org/licenses/LICENSE-2.0
+###
+###    Unless required by applicable law or agreed to in writing, software
+###    distributed under the Apache License with the above modification is
+###    distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+###    KIND, either express or implied. See the Apache License for the specific
+###    language governing permissions and limitations under the Apache License.
+###
+###
+
+# require the foundational files of chook
+require 'json'
+require 'open-uri'
+require 'pathname'
+
+require 'chook/version'
+require 'chook/procs' # must load before configuration
+require 'chook/configuration'

data/lib/chook/handled_events.rb

@@ -0,0 +1,33 @@
+### Copyright 2017 Pixar
+
+###
+###    Licensed under the Apache License, Version 2.0 (the "Apache License")
+###    with the following modification; you may not use this file except in
+###    compliance with the Apache License and the following modification to it:
+###    Section 6. Trademarks. is deleted and replaced with:
+###
+###    6. Trademarks. This License does not grant permission to use the trade
+###       names, trademarks, service marks, or product names of the Licensor
+###       and its affiliates, except as required to comply with Section 4(c) of
+###       the License and to reproduce the content of the NOTICE file.
+###
+###    You may obtain a copy of the Apache License at
+###
+###        http://www.apache.org/licenses/LICENSE-2.0
+###
+###    Unless required by applicable law or agreed to in writing, software
+###    distributed under the Apache License with the above modification is
+###    distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+###    KIND, either express or implied. See the Apache License for the specific
+###    language governing permissions and limitations under the Apache License.
+###
+###
+
+module Chook
+
+  # This module is a namespace holding all of the classes that are
+  # subclasses of Chook::HandledEvent, q.v.
+  #
+  module HandledEvents; end
+
+end # module

data/lib/chook/handled_subjects.rb

@@ -0,0 +1,33 @@
+### Copyright 2017 Pixar
+
+###
+###    Licensed under the Apache License, Version 2.0 (the "Apache License")
+###    with the following modification; you may not use this file except in
+###    compliance with the Apache License and the following modification to it:
+###    Section 6. Trademarks. is deleted and replaced with:
+###
+###    6. Trademarks. This License does not grant permission to use the trade
+###       names, trademarks, service marks, or product names of the Licensor
+###       and its affiliates, except as required to comply with Section 4(c) of
+###       the License and to reproduce the content of the NOTICE file.
+###
+###    You may obtain a copy of the Apache License at
+###
+###        http://www.apache.org/licenses/LICENSE-2.0
+###
+###    Unless required by applicable law or agreed to in writing, software
+###    distributed under the Apache License with the above modification is
+###    distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+###    KIND, either express or implied. See the Apache License for the specific
+###    language governing permissions and limitations under the Apache License.
+###
+###
+
+module Chook
+
+  # This module is a namespace holding all of the classes that are
+  # subclasses of Chook::HandledSubject, q.v.
+  #
+  module HandledSubjects; end
+
+end # module

data/lib/chook/procs.rb

@@ -0,0 +1,46 @@
+### Copyright 2017 Pixar
+
+###
+###    Licensed under the Apache License, Version 2.0 (the "Apache License")
+###    with the following modification; you may not use this file except in
+###    compliance with the Apache License and the following modification to it:
+###    Section 6. Trademarks. is deleted and replaced with:
+###
+###    6. Trademarks. This License does not grant permission to use the trade
+###       names, trademarks, service marks, or product names of the Licensor
+###       and its affiliates, except as required to comply with Section 4(c) of
+###       the License and to reproduce the content of the NOTICE file.
+###
+###    You may obtain a copy of the Apache License at
+###
+###        http://www.apache.org/licenses/LICENSE-2.0
+###
+###    Unless required by applicable law or agreed to in writing, software
+###    distributed under the Apache License with the above modification is
+###    distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+###    KIND, either express or implied. See the Apache License for the specific
+###    language governing permissions and limitations under the Apache License.
+###
+###
+
+###
+module Chook
+
+  # A namespace to hold Proc objects in constants
+  module Procs
+
+    TRUE_RE = /^\s*(true|yes)\s*$/i
+    JSS_EPOCH_TO_TIME = proc { |val| Time.strptime val.to_s[0..-4], '%s' }
+    STRING_TO_BOOLEAN = proc { |val| val =~ TRUE_RE ? true : false }
+    STRING_TO_PATHNAME = proc { |val| Pathname.new val }
+    MOBILE_USERID = proc { |_device| '-1' }
+    PRODUCT = proc { |_device| nil }
+    ALWAYS_TRUE = proc { |_boolean| True }
+    COMPUTER_USERID = proc do |comp|
+      id = '-1' unless comp.groups_accounts[:local_accounts].find { |acct| acct[:name] == comp.username }
+      id.is_a?(Hash) ? id[:uid] : '-1'
+    end # end proc do |comp|
+
+  end # module Procs
+
+end # module Chook

data/lib/chook/server.rb

@@ -0,0 +1,121 @@
+### Copyright 2017 Pixar
+
+###
+###    Licensed under the Apache License, Version 2.0 (the "Apache License")
+###    with the following modification; you may not use this file except in
+###    compliance with the Apache License and the following modification to it:
+###    Section 6. Trademarks. is deleted and replaced with:
+###
+###    6. Trademarks. This License does not grant permission to use the trade
+###       names, trademarks, service marks, or product names of the Licensor
+###       and its affiliates, except as required to comply with Section 4(c) of
+###       the License and to reproduce the content of the NOTICE file.
+###
+###    You may obtain a copy of the Apache License at
+###
+###        http://www.apache.org/licenses/LICENSE-2.0
+###
+###    Unless required by applicable law or agreed to in writing, software
+###    distributed under the Apache License with the above modification is
+###    distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+###    KIND, either express or implied. See the Apache License for the specific
+###    language governing permissions and limitations under the Apache License.
+###
+###
+require 'chook/event_handling'
+require 'sinatra/base'
+require 'openssl'
+
+module Chook
+
+  # The chook server is a basic sinatra server running on
+  # the engine of your choice.
+  class Server < Sinatra::Base
+
+    DEFAULT_SERVER_ENGINE = :webrick
+    DEFAULT_PORT = 8000
+
+    @server_engine = Chook::CONFIG.server_engine || DEFAULT_SERVER_ENGINE
+    require @server_engine.to_s
+    @server_port = Chook::CONFIG.server_port || DEFAULT_PORT
+
+    def self.run!
+      # trap HUPs to reload handlers
+      Signal.trap('HUP') do
+        Chook::HandledEvent::Handlers.load_handlers reload: true
+      end
+      Chook::HandledEvent::Handlers.load_handlers
+      chook_configure
+      case @server_engine.to_sym
+      when :webrick
+        super
+      when :thin
+        if Chook::CONFIG.use_ssl
+          super do |server|
+            server.ssl = true
+            server.ssl_options = {
+              cert_chain_file: Chook::CONFIG.ssl_cert_path.to_s,
+              private_key_file: Chook::CONFIG.ssl_private_key_path.to_s,
+              verify_peer: false
+            }
+          end # super do
+        else
+          super
+        end # if use ssl
+      end # case
+    end # self.run
+
+    # Sinatra Settings
+    def self.chook_configure
+      configure do
+        set :environment, :production
+        enable :logging, :lock
+        set :bind, '0.0.0.0'
+        set :server, @server_engine
+        set :port, @server_port
+
+        if Chook::CONFIG.use_ssl
+          case @server_engine.to_sym
+          when :webrick
+            require 'webrick/https'
+            key = Chook::CONFIG.ssl_private_key_path.read
+            cert = Chook::CONFIG.ssl_cert_path.read
+            cert_name = Chook::CONFIG.ssl_cert_name
+            set :SSLEnable, true
+            set :SSLVerifyClient, OpenSSL::SSL::VERIFY_NONE
+            set :SSLPrivateKey, OpenSSL::PKey::RSA.new(key, ssl_key_password)
+            set :SSLCertificate, OpenSSL::X509::Certificate.new(cert)
+            set :SSLCertName, [['CN', cert_name]]
+          when :thin
+            true
+          end # case
+        end # if ssl
+      end # configure
+    end # chook_configure
+
+    def self.ssl_key_password
+      path = Chook::CONFIG.ssl_private_key_pw_path
+      raise 'No config setting for "ssl_private_key_pw_path"' unless path
+      file = Pathname.new path
+
+      # if the path ends with a pipe, its a command that will
+      # return the desired password, so remove the pipe,
+      # execute it, and return stdout from it.
+      if path.end_with? '|'
+        raise 'ssl_private_key_pw_path: #{path} is not an executable file.' unless file.executable?
+        return `#{path.chomp '|'}`.chomp
+      end
+
+      raise 'ssl_private_key_pw_path: #{path} is not a readable file.' unless file.readable?
+      stat = file.stat
+      raise "Password file for '#{pw}' has insecure permissions, must be 0600." unless ('%o' % stat.mode).end_with? '0600'
+
+      # chomping an empty string removes all trailing \n's and \r\n's
+      file.read.chomp('')
+    end # ssl_key_password
+
+  end # class server
+
+end # module
+
+require 'chook/server/routes'

data/lib/chook/server/routes.rb

@@ -0,0 +1,27 @@
+### Copyright 2017 Pixar
+
+###
+###    Licensed under the Apache License, Version 2.0 (the "Apache License")
+###    with the following modification; you may not use this file except in
+###    compliance with the Apache License and the following modification to it:
+###    Section 6. Trademarks. is deleted and replaced with:
+###
+###    6. Trademarks. This License does not grant permission to use the trade
+###       names, trademarks, service marks, or product names of the Licensor
+###       and its affiliates, except as required to comply with Section 4(c) of
+###       the License and to reproduce the content of the NOTICE file.
+###
+###    You may obtain a copy of the Apache License at
+###
+###        http://www.apache.org/licenses/LICENSE-2.0
+###
+###    Unless required by applicable law or agreed to in writing, software
+###    distributed under the Apache License with the above modification is
+###    distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+###    KIND, either express or implied. See the Apache License for the specific
+###    language governing permissions and limitations under the Apache License.
+###
+###
+
+require 'chook/server/routes/home'
+require 'chook/server/routes/handle_webhook_event'

data/lib/chook/server/routes/handle_webhook_event.rb

@@ -0,0 +1,39 @@
+### Copyright 2017 Pixar
+
+###
+###    Licensed under the Apache License, Version 2.0 (the "Apache License")
+###    with the following modification; you may not use this file except in
+###    compliance with the Apache License and the following modification to it:
+###    Section 6. Trademarks. is deleted and replaced with:
+###
+###    6. Trademarks. This License does not grant permission to use the trade
+###       names, trademarks, service marks, or product names of the Licensor
+###       and its affiliates, except as required to comply with Section 4(c) of
+###       the License and to reproduce the content of the NOTICE file.
+###
+###    You may obtain a copy of the Apache License at
+###
+###        http://www.apache.org/licenses/LICENSE-2.0
+###
+###    Unless required by applicable law or agreed to in writing, software
+###    distributed under the Apache License with the above modification is
+###    distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+###    KIND, either express or implied. See the Apache License for the specific
+###    language governing permissions and limitations under the Apache License.
+###
+###
+
+module Chook
+
+  # see server.rb
+  class Server < Sinatra::Base
+
+    post '/handle_webhook_event' do
+      request.body.rewind # in case someone already read it
+      event = Chook::HandledEvent.parse_event request.body.read
+      event.handle
+    end # post
+
+  end # class
+
+end # module

data/lib/chook/server/routes/home.rb

@@ -0,0 +1,37 @@
+### Copyright 2017 Pixar
+
+###
+###    Licensed under the Apache License, Version 2.0 (the "Apache License")
+###    with the following modification; you may not use this file except in
+###    compliance with the Apache License and the following modification to it:
+###    Section 6. Trademarks. is deleted and replaced with:
+###
+###    6. Trademarks. This License does not grant permission to use the trade
+###       names, trademarks, service marks, or product names of the Licensor
+###       and its affiliates, except as required to comply with Section 4(c) of
+###       the License and to reproduce the content of the NOTICE file.
+###
+###    You may obtain a copy of the Apache License at
+###
+###        http://www.apache.org/licenses/LICENSE-2.0
+###
+###    Unless required by applicable law or agreed to in writing, software
+###    distributed under the Apache License with the above modification is
+###    distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+###    KIND, either express or implied. See the Apache License for the specific
+###    language governing permissions and limitations under the Apache License.
+###
+###
+
+module Chook
+
+  # see server.rb
+  class Server < Sinatra::Base
+
+    get '/' do
+      body "Hello, this is Chook, a Jamf Pro WebHook handling service from Pixar Animation Studios!\n"
+    end # get /
+
+  end # class
+
+end # module