enfcli 3.3.2.pre.alpha

data/enfcli.gemspec

@@ -0,0 +1,46 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'enfcli/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "enfcli"
+  spec.version       = EnfCli::VERSION
+  spec.authors       = ["Venkatakumar Srinivasan"]
+  spec.email         = ["venkat@xaptum.com"]
+
+  spec.summary       = %q{Xaptum ENF CLI.}
+  spec.homepage      = "https://www.xaptum.com"
+
+  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
+  # to allow pushing to a single host or delete this section to allow pushing to any host.
+  #if spec.respond_to?(:metadata)
+  #  spec.metadata['allowed_push_host'] = "https://gems.xaptum.xyz"
+  #else
+  #  raise "RubyGems 2.0 or newer is required to protect against " \
+  #    "public gem pushes."
+  #end
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = "bin"
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency 'thor', '~> 0.20.0'
+  spec.add_dependency "rest-client", "~> 2.0"
+  spec.add_dependency "terminal-table"
+  #spec.add_dependency "websocket-client-simple"
+  #spec.add_dependency "colorize"
+  
+  spec.add_development_dependency "bundler"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "bump"
+  spec.add_development_dependency "rspec"
+  spec.add_development_dependency "rspec_junit_formatter"
+  spec.add_development_dependency "fuubar"
+  spec.add_development_dependency "vcr"
+  spec.add_development_dependency "webmock"
+  
+end

data/lib/enfapi.rb

@@ -0,0 +1,398 @@
+#
+# Copyright 2018 Xaptum,Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require 'rest-client'
+require 'singleton'
+require 'json'
+require 'date'
+require 'base64'
+
+#
+# NOTE: When api's are refactored into individual classes
+# please be sure to override to_json method of the Singleton
+# class OR replace all calls to to_json() with EnfApi::to_json()
+#
+
+module EnfApi
+
+  def self.to_json(hash)
+    JSON.generate(hash)
+  end
+  
+  class ERROR < StandardError
+    def initialize(msg = "ENF Api Error")
+      super
+    end
+  end
+
+  class Firewall
+    include Singleton
+    
+    def list_firewall_rules(network)
+      EnfApi::API.instance.get "/api/xfw/v1/#{network}/rule"
+    end
+    
+    def add_firewall_rule(network, rule)      
+      rule_json = EnfApi::to_json(rule)
+      EnfApi::API.instance.post "/api/xfw/v1/#{network}/rule", rule_json
+    end
+    
+    def delete_firewall_rules(network, id = nil)
+      # Same method to call to delete all firewall rules in a network. if id is nil
+      EnfApi::API.instance.delete "/api/xfw/v1/#{network}/rule/#{id}"
+    end
+  end
+
+  class Iam
+    include Singleton
+
+    ## NO_TEST
+    def provision_group(new_group)      
+      json = EnfApi::to_json(new_group)
+      EnfApi::API.instance.post "/api/xiam/v1/groups", json
+    end
+
+    ## NO_TEST
+    def update_group(gid, modified_group)
+      json = EnfApi::to_json(modified_group)
+      EnfApi::API.instance.put "/api/xiam/v1/groups/#{gid}", json
+    end
+
+    ## NO_TEST
+    def add_group_to_network(gid, ipv6_network)      
+      json = EnfApi::to_json(ipv6_network)
+      EnfApi::API.instance.post "/api/xiam/v1/groups/#{gid}/networks", json
+    end
+
+    ## NO_TEST
+    def list_network_groups(network)
+      EnfApi::API.instance.get "/api/xiam/v1/networks/#{network}/groups"
+    end
+
+    ## NO_TEST
+    def list_group(gid)
+      EnfApi::API.instance.get "/api/xiam/v1/groups/#{gid}"
+    end
+
+    ## NO_TEST
+    def provision_endpoint(new_endpoint)      
+      json = EnfApi::to_json(new_endpoint)
+      EnfApi::API.instance.post "/api/xiam/v1/endpoints", json
+    end
+
+    ## NO_TEST
+    def update_endpoint_key(ipv6, credentials)         
+      json = EnfApi::to_json(credentials)
+      EnfApi::API.instance.post "/api/xiam/v1/endpoints/#{ipv6}/credentials", json
+    end
+        
+  end
+  
+  class NetworkManager
+    include Singleton
+  end
+  
+  class API
+    include Singleton
+
+    attr_accessor :headers, :api
+
+    def authenticate(host, user, password)
+      # format url
+      host = "https://#{host}" unless host =~ /^(http|https):\/\//
+
+      # chomp trailing '/'
+      host = host.chomp("/")
+
+      # Initalize rest client
+      @api = RestClient::Resource.new(host)
+
+      # Create request json
+      hash = { :username => user, :token => password }
+      json = to_json( hash )
+
+      # call api
+      @api["/api/xcr/v2/xauth"].post( json, {content_type: :json, accept: :json}) { |response, request, result|
+        case response.code
+        when 200
+          # get resp from json
+          resp = from_json(response.body)          
+
+          # set request headers for subsequent api calls
+          token = resp[:data][0][:token]
+          @headers = {content_type: :json, accept: :json, "Authorization" => "Bearer #{token}"}
+
+          # return resp
+          resp
+        else
+          raise EnfApi::ERROR, "Login Failed! Invalid user or password!"
+        end
+      }
+    end
+
+    def get(request_uri)
+      @api[request_uri].get(@headers) {|response, request, result|
+        process_api_response response, request, result       
+      }
+    end
+
+    def post(request_uri, request_body = '')
+      @api[request_uri].post(request_body, @headers) {|response, request, result|
+        process_api_response response, request, result       
+      }
+    end
+
+    def put(request_uri, request_body = '')
+      @api[request_uri].put(request_body, @headers) {|response, request, result|
+        process_api_response response, request, result       
+      }
+    end    
+
+    def delete(request_uri)
+      @api[request_uri].delete(@headers) {|response, request, result|
+        process_api_response response, request, result       
+      }
+    end    
+  
+############################################################################################################################
+# NOT READY API. MOVE ABOVE THIS LINE AFTER RSPEC OR INTO OWN CLASS
+############################################################################################################################
+    def list_domain_nws(domain_id)
+      @api["/api/xcr/v2/domains/#{domain_id}/nws"].get(@headers) {|response, request, result|
+        process_api_response response, request, result
+      }
+    end
+
+    def list_enfnws      
+      @api["/api/xcr/v2/enfnws"].get( @headers) {|response, request, result|
+        process_api_response response, request, result
+      }
+    end
+    
+    def list_domains  
+      @api["/api/xcr/v2/domains"].get( @headers) {|response, request, result|
+        process_api_response response, request, result
+      }
+    end
+    
+    def get_domain(domain_id)      
+      @api["/api/xcr/v2/domains/#{domain_id}"].get( @headers) {|response, request, result|
+        process_api_response response, request, result
+      }
+    end
+
+    def create_domain(domain_hash)
+      json = to_json( domain_hash )      
+      @api["/api/xcr/v2/domains"].post( json, @headers) {|response, request, result|
+        process_api_response response, request, result
+      }
+    end
+
+    def update_domain_rate_limits(domain_network, limit, limits_hash)
+      json = to_json( limits_hash )      
+      @api["/api/xcr/v2/domains/#{domain_network}/ep_rate_limits/#{limit}"].put( json, @headers) {|response, request, result|
+        process_api_response response, request, result
+      }
+    end
+
+    def update_network_rate_limits(network, limit, limits_hash)
+      json = to_json( limits_hash )      
+      @api["/api/xcr/v2/nws/#{network}/ep_rate_limits/#{limit}"].put( json, @headers) {|response, request, result|
+        process_api_response response, request, result
+      }
+    end
+
+    def update_ep_rate_limits(ipv6, limit, limits_hash)
+      json = to_json( limits_hash )      
+      @api["/api/xcr/v2/cxns/#{ipv6}/ep_rate_limits/#{limit}"].put( json, @headers) {|response, request, result|
+        process_api_response response, request, result
+      }
+    end
+
+    def get_domain_rate_limits(domain_network, filter = nil)
+      api_url = "/api/xcr/v2/domains/#{domain_network}/ep_rate_limits"
+      api_url = "#{api_url}/#{filter}" if filter
+      
+      @api[api_url].get( @headers) {|response, request, result|
+        process_api_response response, request, result
+      }
+    end
+
+    def get_network_rate_limits(network, filter = nil)
+      api_url = "/api/xcr/v2/nws/#{network}/ep_rate_limits"
+      api_url = "#{api_url}/#{filter}" if filter
+      
+      @api[api_url].get( @headers) {|response, request, result|
+        process_api_response response, request, result
+      }
+    end
+
+    def get_ep_rate_limits(ipv6, filter = nil)
+      api_url = "/api/xcr/v2/cxns/#{ipv6}/ep_rate_limits"
+      api_url = "#{api_url}/#{filter}" if filter
+      
+      @api[api_url].get( @headers) {|response, request, result|
+        process_api_response response, request, result
+      }
+    end
+
+    def activate_domain(domain_network)
+      @api["/api/xcr/v2/domains/#{domain_network}/status"].put( '', @headers) {|response, request, result|
+        process_api_response response, request, result
+      }
+    end
+
+    def deactivate_domain(domain_network)
+      @api["/api/xcr/v2/domains/#{domain_network}/status"].delete( @headers) {|response, request, result|
+        process_api_response response, request, result
+      }
+    end 
+
+    def create_nw(nw_hash)
+      json = to_json(nw_hash)
+      domain_id = nw_hash[:domain_id]      
+      @api["/api/xcr/v2/domains/#{domain_id}/nws"].post(json, @headers) {|response, request, result|
+        process_api_response response, request, result
+      }
+    end
+    
+    def list_nw_connections(domain_id, network_cidr, file = nil)      
+      @api["/api/xcr/v2/domains/#{domain_id}/nws/#{network_cidr}/cxns"].get(@headers) {|response, request, result|
+        process_api_response response, request, result
+      }
+    end
+
+    def list_endpoint_events(ipv6)            
+      @api["/api/xcr/v2/cxns/#{ipv6}/events"].get(@headers) {|response, request, result|
+        process_api_response response, request, result
+      }
+    end
+
+    def list_network_events(network_cidr)            
+      @api["/api/xcr/v2/nws/#{network_cidr}/events"].get(@headers) {|response, request, result|
+        process_api_response response, request, result
+      }
+    end
+
+    def get_endpoint(ipv6)            
+      @api["/api/xcr/v2/cxns/#{ipv6}"].get(@headers) {|response, request, result|
+        process_api_response response, request, result
+      }
+    end
+
+    def update_endpoint(ipv6, name)
+      hash = { :ipv6 => ipv6, :name => name }
+      json = to_json( hash )
+      
+      @api["/api/xcr/v2/cxns/#{ipv6}"].put( json, @headers) {|response, request, result|
+        process_api_response response, request, result                
+      }
+    end
+
+    def activate_enfnw(subnet)            
+      @api["/api/xcr/v2/enfnws/#{subnet}"].put( '', @headers) {|response, request, result|
+        process_api_response response, request, result                
+      }
+    end
+
+    def list_domain_users(domain_network)      
+      @api["/api/xcr/v2/domains/#{domain_network}/users"].get( @headers) {|response, request, result|
+        puts response.code
+        process_api_response response, request, result
+      }
+    end
+
+    def list_domain_invites(domain_network)
+      @api["/api/xcr/v2/domains/#{domain_network}/invites"].get(@headers) {|response, request, result|
+        process_api_response response, request, result
+      }
+    end
+
+    def invite(domain_network, hash)
+      json = to_json( hash )
+      @api["/api/xcr/v2/domains/#{domain_network}/invites"].post( json, @headers) { |response, request, result|
+        process_api_response response, request, result
+      }      
+    end
+
+    def cancel_invite(email)      
+      @api["/api/xcr/v2/invites/#{email}"].delete( @headers) {|response, request, result|
+        process_api_response response, request, result
+      }
+    end
+
+    def resend_invite(email)
+      @api["/api/xcr/v2/invites/#{email}"].put( "{}", @headers) {|response, request, result|
+        process_api_response response, request, result
+      }      
+    end
+
+############################################################################################################################
+# Private functions
+############################################################################################################################
+    def process_api_response(response, request, result)
+      case response.code
+        when 200
+          # return json
+          from_json(response.body)
+
+        when 201
+          # return response body
+          from_json(response.body)
+          
+        when 400
+          # api returns and error
+          raise EnfApi::ERROR, api_error_msg(from_json(response.body))
+
+        when 401
+          # api returns and error
+          raise EnfApi::ERROR, api_error_msg(from_json(response.body))
+
+        when 403
+          # api returns and error
+          raise EnfApi::ERROR, "AUTHORIZATION_ERROR: User is not authorized to perform this operation!"
+          
+        else
+          raise EnfApi::ERROR, "Unexpected error! Please try again!"
+        end
+    end
+    
+    def from_json(string)
+      begin
+        JSON.parse(string, {:symbolize_names => true})
+      rescue
+        raise EnfApi::ERROR, "Unable to parse api response json!"
+      end
+    end
+
+    def to_json(hash)
+      JSON.generate(hash)
+    end
+
+    def api_error_msg(err)
+      if err.key?(:xiam_error)
+        reason = err[:reason]
+        reason = Base64.decode64(reason)
+        "#{reason}"
+      else
+        code = err[:error][:code]
+        text = err[:error][:text]
+        "#{code.upcase}: #{text}"
+      end
+    end
+
+    private :from_json, :to_json, :api_error_msg, :process_api_response
+  end
+end

data/lib/enfcli/commands/user.rb

@@ -0,0 +1,185 @@
+#
+# Copyright 2018 Xaptum,Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require 'enfthor'
+require 'enfapi'
+
+module EnfCli
+  
+  module Cmd
+
+    class User < EnfThor
+      no_commands {
+        def display_invites invites
+          headings = ['Id', 'User Name', 'Full Name', 'Invited By', 'Invite Code']
+          rows = invites.map{ |hash|
+            [ hash[:id], hash[:email], hash[:name], hash[:invited_by], hash[:invite_token] ]
+          }
+
+          render_table(headings, rows)
+        end
+        
+        def display_users users
+          headings = ['User Name', 'Full Name', 'Last Login', 'Type', 'Reset Code', 'Reset Time']
+          rows = users.map{ |hash|
+            [ hash[:username], hash[:full_name], hash[:last_login], hash[:type], hash[:reset_code], format_date(hash[:reset_time])]
+          }
+          render_table(headings, rows)
+        end
+
+        def send_invite options, user_type          
+          # Get options
+          domain_network = options.domain
+        
+          # Get user role
+          user_role = EnfCli::CTX.instance.session[:type]
+
+          # check user roles
+          if user_role == "XAPTUM_ADMIN"
+            # make sure that a domain is specified in domain option for XAPTUM_ADMIN 
+            raise EnfCli::ERROR, "No domain specified. Please use --domain option!" unless domain_network
+          else
+            # use the domain network of the user
+            domain_network = EnfCli::CTX.instance.session[:domain_network]
+            raise EnfCli::ERROR, "User not in a valid domain!" unless domain_network          
+          end
+
+          # get params
+          case user_type
+          when "DOMAIN_USER"
+            name = options[:'name'].join(" ").gsub(/\A"+(.*?)"+\Z/m, '\1')
+            email = options[:'email']
+
+          when "DOMAIN_ADMIN"
+            name = options[:'admin-name'].join(" ").gsub(/\A"+(.*?)"+\Z/m, '\1')
+            email = options[:'admin-email']
+            
+          end
+
+          # call api
+          hash = { :email => email, :full_name => name, :welcome_text => "", :user_type => user_type }
+          data = EnfApi::API.instance.invite domain_network, hash
+          invite = data[:data]
+          display_invites invite
+        end
+      }
+
+      desc "invite-read-only-user", "Invite a domain user"
+      method_option :domain, :default => nil, :type => :string, :aliases => "-d"
+      method_option :'name', :type => :array, :required => true, :banner => "NAME"
+      method_option :'email', :type => :string, :required => true, :banner => "EMAIL"
+      def invite_read_only_user
+        try_with_rescue_in_session do
+          send_invite options, "DOMAIN_USER"                             
+        end
+      end
+
+      desc "invite-admin-user", "Invite a domain administrator"
+      method_option :domain, :default => nil, :type => :string, :aliases => "-d"
+      method_option :'admin-name', :type => :array, :required => true, :banner => "NAME"
+      method_option :'admin-email', :type => :string, :required => true, :banner => "EMAIL"
+      def invite_admin_user
+        try_with_rescue_in_session do
+          send_invite options, "DOMAIN_ADMIN"                             
+        end
+      end
+
+      
+      desc "cancel-user-invite", "Cancel an invite"
+      method_option :email, :type => :string, :required => true
+      def cancel_user_invite
+        try_with_rescue_in_session do
+          # call api
+          EnfApi::API.instance.cancel_invite options.email
+
+          # print success
+          say "Invite Canceled!", :green
+        end
+      end
+
+      desc "resend-user-invite", "Resend an invite"
+      method_option :email, :type => :string, :required => true
+      def resend_user_invite
+        try_with_rescue_in_session do
+          # call api
+          EnfApi::API.instance.resend_invite options.email
+
+          # print success
+          say "Resent invite email!", :green
+        end
+      end
+      
+      desc "list-domain-invites", "List domain invites"
+      method_option :domain, :default => nil, :type => :string, :aliases => "-d"
+      def list_domain_invites
+        try_with_rescue_in_session do
+          # Get options
+          domain_network = options.domain
+        
+          # Get user role
+          user_role = EnfCli::CTX.instance.session[:type]
+
+          # check user roles
+          if user_role == "XAPTUM_ADMIN"
+            # make sure that a domain is specified in domain option for XAPTUM_ADMIN 
+            raise EnfCli::ERROR, "No domain specified. Please use --domain option!" unless domain_network
+          else
+            # use the domain network of the user
+            domain_network = EnfCli::CTX.instance.session[:domain_network]
+            raise EnfCli::ERROR, "User not in a valid domain!" unless domain_network          
+          end
+
+          # call the api
+          data = EnfApi::API.instance.list_domain_invites domain_network
+          invites = data[:data]
+
+          display_invites invites
+        end
+      end      
+
+      desc "list-domain-users", "List domain users"
+      method_option :domain, :default => nil, :type => :string, :aliases => "-d"
+      def list_domain_users
+        try_with_rescue_in_session do
+          # Get options
+          domain_network = options.domain
+        
+          # Get user role
+          user_role = EnfCli::CTX.instance.session[:type]
+
+          # check user roles
+          if user_role == "XAPTUM_ADMIN"
+            # make sure that a domain is specified in domain option for XAPTUM_ADMIN 
+            raise EnfCli::ERROR, "No domain specified. Please use --domain option!" unless domain_network
+          else
+            # use the domain network of the user
+            domain_network = EnfCli::CTX.instance.session[:domain_network]
+            raise EnfCli::ERROR, "User not in a valid domain!" unless domain_network          
+          end
+
+          # call the api
+          data = EnfApi::API.instance.list_domain_users domain_network
+          users = data[:data]
+
+          display_users users
+        end
+      end
+
+      
+    end
+    
+  end
+
+end