enfcli 4.0.0 → 5.0.0.pre.alpha

data/lib/enfapi/dns.rb

@@ -0,0 +1,95 @@
+#
+# Copyright 2020 Xaptum,Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+module EnfApi
+  class Dns
+    include Singleton
+
+    def initialize
+      @version = "v1"
+      @xdns_base_url = "/api/xdns/#{@version}"
+    end
+
+    def list_zones(domain)
+      EnfApi::API.instance.get "#{@xdns_base_url}/zones?enf_domain=#{domain}"
+    end
+
+    def create_dns_zone(new_zone)
+      json = EnfApi::to_json(new_zone)
+      EnfApi::API.instance.post "#{@xdns_base_url}/zones", json
+    end
+
+    def update_dns_zone(zone_id, updated_zone)
+      json = EnfApi::to_json(updated_zone)
+      EnfApi::API.instance.put "#{@xdns_base_url}/zones/#{zone_id}", json
+    end
+
+    def delete_dns_zone(zone_id)
+      EnfApi::API.instance.delete "#{@xdns_base_url}/zones/#{zone_id}"
+    end
+
+    def add_networks_to_zone(zone_id, add_networks)
+      json = EnfApi::to_json(add_networks)
+      EnfApi::API.instance.post "#{@xdns_base_url}/zones/#{zone_id}/networks", json
+    end
+
+    def replace_networks_in_zone(zone_id, replace_networks)
+      json = EnfApi::to_json(replace_networks)
+      EnfApi::API.instance.put "#{@xdns_base_url}/zones/#{zone_id}/networks", json
+    end
+
+    def list_networks_in_zone(zone_id)
+      EnfApi::API.instance.get "#{@xdns_base_url}/zones/#{zone_id}/networks"
+    end
+
+    def delete_networks_from_zone(zone_id, delete_networks)
+      EnfApi::API.instance.delete "#{@xdns_base_url}/zones/#{zone_id}/networks?delete=#{delete_networks}"
+    end
+
+    def list_zones_in_network(network)
+      EnfApi::API.instance.get "#{@xdns_base_url}/networks/#{network}/zones"
+    end
+
+    def provision_server(network, new_server)
+      json = EnfApi::to_json(new_server)
+      EnfApi::API.instance.post "#{@xdns_base_url}/networks/#{network}/servers", json
+    end
+
+    def list_servers(network)
+      EnfApi::API.instance.get "#{@xdns_base_url}/networks/#{network}/servers"
+    end
+
+    def delete_server(network, server_ipv6)
+      EnfApi::API.instance.delete "#{@xdns_base_url}/networks/#{network}/servers/#{server_ipv6}"
+    end
+
+    def create_dns_record(zone_id, new_record)
+      json = EnfApi::to_json(new_record)
+      EnfApi::API.instance.post "#{@xdns_base_url}/zones/#{zone_id}/records", json
+    end
+
+    def list_dns_records(zone_id)
+      EnfApi::API.instance.get "#{@xdns_base_url}/zones/#{zone_id}/records"
+    end
+
+    def query(network, type, name)
+      EnfApi::API.instance.get "#{@xdns_base_url}/networks/#{network}/query/#{type}/#{name}"
+    end
+
+    def delete_dns_record(record_id)
+      EnfApi::API.instance.delete "#{@xdns_base_url}/records/#{record_id}"
+    end
+  end
+end

data/lib/enfapi/firewall.rb

@@ -0,0 +1,37 @@
+#
+# Copyright 2020 Xaptum,Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "singleton"
+
+module EnfApi
+  class Firewall
+    include Singleton
+
+    def list_firewall_rules(network)
+      EnfApi::API.instance.get "/api/xfw/v1/#{network}/rule"
+    end
+
+    def add_firewall_rule(network, rule)
+      rule_json = EnfApi::to_json(rule)
+      EnfApi::API.instance.post "/api/xfw/v1/#{network}/rule", rule_json
+    end
+
+    def delete_firewall_rules(network, id = nil)
+      # Same method to call to delete all firewall rules in a network. if id is nil
+      EnfApi::API.instance.delete "/api/xfw/v1/#{network}/rule/#{id}"
+    end
+  end
+end

data/lib/enfapi/user.rb

@@ -0,0 +1,75 @@
+#
+# Copyright 2020 Xaptum,Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+module EnfApi
+  class UserManager
+    include Singleton
+
+    def initialize
+      @version = "v3"
+      @xcr_base_url = "/api/xcr/#{@version}"
+    end
+
+    def list_users(query)
+      EnfApi::API.instance.get "#{@xcr_base_url}/users#{query}"
+    end
+
+    def get_user(email)
+      EnfApi::API.instance.get "#{@xcr_base_url}/users/#{email}"
+    end
+
+    def list_user_roles(user, network)
+      url = "#{@xcr_base_url}/users/#{user}/roles"
+      url += "?network=#{network}" if network
+      EnfApi::API.instance.get url
+    end
+
+    def delete_user_roles(user_id, roles, network)
+      url = "#{@xcr_base_url}/users/#{user_id}/roles?roles=#{roles}"
+      url += "&network=#{network}" if network
+      EnfApi::API.instance.delete url
+    end
+
+    def add_user_role(user_id, role_hash)
+      json = EnfApi::to_json(role_hash)
+      url = "#{@xcr_base_url}/users/#{user_id}/roles"
+      EnfApi::API.instance.post url, json
+    end
+
+    def list_invites(domain)
+      url = "#{@xcr_base_url}/invites"
+      url += "?domain=#{domain}" if domain
+      EnfApi::API.instance.get url
+    end
+
+    def invite(hash)
+      json = EnfApi::to_json(hash)
+      EnfApi::API.instance.post "#{@xcr_base_url}/invites", json
+    end
+
+    def delete_invite(invite_id)
+      EnfApi::API.instance.delete "#{@xcr_base_url}/invites/#{invite_id}"
+    end
+
+    def resend_invite(invite_id)
+      EnfApi::API.instance.put "#{@xcr_base_url}/invites/#{invite_id}", "{}"
+    end
+
+    def update_user_status(user_id, status)
+      json = EnfApi::to_json(status)
+      EnfApi::API.instance.put "#{@xcr_base_url}/users/#{user_id}/status", json
+    end
+  end
+end

data/lib/enfcli.rb

@@ -1,5 +1,5 @@
 #
-# Copyright 2018 Xaptum,Inc
+# Copyright 2018-2020 Xaptum,Inc
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -13,26 +13,30 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-require 'openssl'
-require 'enfapi'
-require 'enfthor'
-require 'readline'
-require 'singleton'
-require 'ipaddr'
-
-require 'rubygems/commands/update_command'
-require 'rubygems/commands/search_command'
-
-
-require 'enfcli/version'
-require 'enfcli/commands/xcr'
-require 'enfcli/commands/xiam'
-require 'enfcli/commands/xfw'
-require 'enfcli/commands/user'
-require 'enfcli/commands/captive'
-require 'enfcli/commands/xdns'
+require "openssl"
+require "enfapi"
+require "enfthor"
+require "readline"
+require "singleton"
+require "ipaddr"
+require "clipboard"
+require "json"
+require "securerandom"
+
+require "rubygems/commands/update_command"
+require "rubygems/commands/search_command"
+
+require "enfcli/version"
+require "enfcli/commands/xcr"
+require "enfcli/commands/xiam"
+require "enfcli/commands/xfw"
+require "enfcli/commands/user"
+require "enfcli/commands/captive"
+require "enfcli/commands/xdns"
 
 module EnfCli
+  CONFIG_FILE = "#{Dir.home() + "/.xaptum_config.json"}"
+
   FIREWALL_CMD = "firewall"
   IAM_CMD = "iam"
   NETWORK_CMD = "network"
@@ -63,13 +67,13 @@ module EnfCli
       @ip.hton
     end
 
-    def self.ntoh ipv6_bytes
-      ip = IPAddr::new_ntoh( ipv6_bytes )
+    def self.ntoh(ipv6_bytes)
+      ip = IPAddr::new_ntoh(ipv6_bytes)
       EnfCli::IPV6.new ip.to_s
     end
 
     private
-    
+
     attr_accessor :ip
   end
 
@@ -84,10 +88,9 @@ module EnfCli
       # store in prefix/len
       @prefix = EnfCli::IPV6.new tokens[0]
       @len = tokens[1].to_i
-      
+
       # raise if len is not 0
       raise EnfCli::ERROR, "#{ipv6cidr} is not a valid CIDR notation." unless len > 2
-      
     end
 
     def prefix_bytes
@@ -101,47 +104,47 @@ module EnfCli
     def to_s
       "#{@prefix.to_s}/#{@len}"
     end
-      
+
     private
+
     attr_accessor :prefix, :len
   end
-  
+
   def self.ask_password(prompt = nil)
     begin
-      prompt = 'Enter Password:' unless prompt
+      prompt ||= "Enter Password:"
       print prompt
       # We hide the entered characters before to ask for the password
-      system 'stty -echo'
+      system "stty -echo"
       password = $stdin.gets.chomp
-      system 'stty echo'
+      system "stty echo"
       puts ""
       return password
-      
     rescue NoMethodError, Interrupt
       # When the process is exited, we display the characters again
       # And we exit
-      system 'stty echo'
+      system "stty echo"
       exit
     end
   end
 
   def self.generate_ec_cert(key, ipv6)
-    # monkey patch 
+    # monkey patch
     OpenSSL::PKey::EC.send(:alias_method, :private?, :private_key?)
-    
+
     # Generate cert
     cert = OpenSSL::X509::Certificate.new
-    cert.subject = cert.issuer = OpenSSL::X509::Name.new([['CN', "#{ipv6}"]])
+    cert.subject = cert.issuer = OpenSSL::X509::Name.new([["CN", ipv6.to_s]])
     cert.not_before = Time.now
     cert.not_after = Time.now + 365 * 24 * 60 * 60
     cert.public_key = key
-    cert.serial = 0x0
+    cert.serial = SecureRandom.random_number(2 ** 159 - 2) + 1
     cert.version = 2
-    
-    cert.sign key, OpenSSL::Digest::SHA1.new
+
+    cert.sign key, OpenSSL::Digest::SHA256.new
     cert
-  end  
-  
+  end
+
   def self.expand_path(file)
     new_file = File.expand_path(EnfCli::expand_env(file))
   end
@@ -154,7 +157,7 @@ module EnfCli
     ip = EnfCli::IPV6.new ipv6
     ip.to_s
   end
-  
+
   ##
   # EnfCli error
   #
@@ -174,38 +177,67 @@ module EnfCli
 
     def initialize
       @prompt = "enfcli"
-      @host = ''
+      @host = ""
+      @user = ""
+      @session = nil
+    end
+
+    def init(host, user, session)
+      @host = host
+      @user = user
+      @session = session
+      @prompt = "enfcli-#{user}" if user
     end
 
     def xaptum_admin?
-      self.user_role == "XAPTUM_ADMIN"
+      has_role? "XAPTUM_ADMIN"
     end
 
-    def user_role
-      @session[:type]
+    def domain_admin?
+      has_role? "DOMAIN_ADMIN"
     end
 
-    def host
-      "#{@host}"
+    def domain_user?
+      has_role? "DOMAIN_USER"
     end
 
-    def host=(value)
-      @host = value
+    def network_admin?
+      has_role? "NETWORK_ADMIN"
     end
 
-    def prompt
-      "\001\033[1;32m\002#{@prompt}>\001\033[0m\002 "
+    def network_user?
+      has_role? "NETWORK_USER"
     end
 
-    def prompt=(value)
-      if value
-        @prompt = "enfcli-#{value}"
-      else
-        @prompt= "enfcli"
+    def edit_domain_role?
+      xaptum_admin? || domain_admin?
+    end
+
+    def has_role?(role)
+      all_roles = @session[:roles]
+      all_roles.each do |cur_role|
+        if cur_role[:role] == role
+          return true
+        end
       end
-      
+      false
+    end
+
+    def host
+      @host.to_s
+    end
+
+    def auth_token
+      @session[:token]
+    end
+
+    def user
+      @user
+    end
+
+    def prompt
+      "\001\033[1;32m\002#{@prompt}>\001\033[0m\002 "
     end
-    
   end
 
   ##
@@ -213,75 +245,112 @@ module EnfCli
   #
   class CLI < EnfThor
     no_commands {
-      def execute_gem_cmd cmd
-        begin 
+      def execute_gem_cmd(cmd)
+        begin
           cmd.execute
         rescue Gem::SystemExitException => e
           say "Unable to execute commnad. Please try again!", :red
         end
       end
     }
-    
+
     desc "connect", "Connect to ENF Controller"
-    method_option :host, :type => :string, :required => true
-    method_option :user, :type => :string, :required => true
-    method_option :password, :type => :string
+    method_option :host, type: :string
+    method_option :user, type: :string
+
     def connect(*names)
-      host = options[:host]
-      user = options[:user]
+      host = ""
+      user = ""
 
       try_with_rescue do
+        ## first check for command options
+        if options[:host] && options[:user]
+          host = options[:host]
+          user = options[:user]
+        elsif File.file?(CONFIG_FILE) # then check for config file
+          config_json = JSON.load(File.open(CONFIG_FILE))
+          host = config_json["host"]
+          user = config_json["user"]
+        else
+          raise EnfCli::ERROR, "You must either specify the --host and --user parameters or create a Xaptum config file to connect."
+        end
+
         # Make sure to use https as default
         host = "https://#{host}" unless host =~ /^(http|https):\/\//
-        
+
         # Ask for password
         say "Connecting to '#{host}'.....", :bold
         password = EnfCli::ask_password()
-        
+
         # Authenticate
         resp = EnfApi::API.instance.authenticate(host, user, password)
 
-        # set session
-        EnfCli::CTX.instance.session = resp[:data][0]
+        # initialize CTX
+        EnfCli::CTX.instance.init host, user, resp[:data][0]
 
         # launch shell/exec cmd
         if names.empty?
-          EnfCli::Shell::Console::start host, user
+          EnfCli::Shell::Console::start
         else
           EnfCli::Shell::CLI.start names
         end
       end
-    end    
+    end
 
     map %w[--version -v] => :__print_version
     desc "--version, -v", "print the version"
+
     def __print_version
       puts EnfCli::VERSION
     end
 
-    desc "update", "", :hide => true
+    desc "update", "", hide: true
+
     def update
       cmd = Gem::Commands::UpdateCommand.new
-      cmd.handle_options ['enfcli']
+      cmd.handle_options ["enfcli"]
       execute_gem_cmd cmd
     end
 
-    desc "search", "", :hide => true
+    desc "search", "", hide: true
+
     def search
       cmd = Gem::Commands::SearchCommand.new
       cmd.handle_options ["enfcli"]
       execute_gem_cmd cmd
     end
 
+    desc "create-config-file", "Create a Xaptum configuration file in your home directory"
+    method_option :host, type: :string, required: true
+    method_option :user, type: :string, required: true
+
+    def create_config_file
+      host = options[:host]
+      user = options[:user]
+      config_file = File.new(CONFIG_FILE, "w+")
+      config_file.puts({ host: host, user: user }.to_json)
+      config_file.close
+      say "Config file created successfully at #{CONFIG_FILE}!", :green
+    end
+
+    desc "display-config-file", "Displays your Xaptum configuraton file, if it exists"
+
+    def display_config_file
+      file = CONFIG_FILE
+
+      ## return if file not found
+      raise EnfCli::ERROR, "#{file} not found!" unless File.exists?(file)
+
+      say File.readlines(file).join
+    end
+
     default_task :connect
-    
   end
 
   ##
   # Shell Module
   #
   module Shell
-    
     class Console
       class << self
         def execute(input)
@@ -289,61 +358,57 @@ module EnfCli
           argv = input.split(/[\s=](?=(?:[^"]|"[^"]*")*$)/)
           # now remove quotes.
           argv.each do |arg|
-            arg.gsub!(/\A"|"\Z/, '')
+            arg.gsub!(/\A"|"\Z/, "")
           end
           EnfCli::Shell::CLI.start(argv)
         end
 
-        def start(host, user)
+        def start
           $stdout.sync = true
-          # Set prompt
-          EnfCli::CTX.instance.prompt = user
 
-          # Set host
-          EnfCli::CTX.instance.host = host
-          
           # Read each line
-          comp = proc { |s| Readline::HISTORY.grep(/^#{Regexp.escape(s)}/) }        
+          comp = proc { |s| Readline::HISTORY.grep(/^#{Regexp.escape(s)}/) }
           Readline.completion_append_character = " "
           Readline.completion_proc = comp
 
           stty_save = `stty -g`.chomp
-          trap('INT') { system('stty', stty_save); exit }
-          
+          trap("INT") { system("stty", stty_save); exit }
+
           while input = Readline.readline(EnfCli::CTX.instance.prompt, true)
-            break if input == "exit" or input == "\\q" or input == "quit"
-            
+            break if input == "exit" or input == '\q' or input == "quit"
+
             # Remove blank lines from history
             Readline::HISTORY.pop if input == ""
-            
+
             execute(input) unless input == ""
           end
-        end  
-      end    
+        end
+      end
     end
 
     # Shell CLI class
-    class CLI < EnfThor
+    class CLI < EnfCli::EnfThor
+      desc "ls [<dir>]", "List files in a directory", hide: true
+      method_option :dir, type: :string, required: false
 
-      desc "ls [<dir>]", "List files in a directory", :hide => true
-      method_option :dir, :type => :string, :required => false
       def ls(dir = nil)
         try_with_rescue do
-          dir = "." unless dir
-          dir = EnfCli::expand_path( dir )
-          
-          Dir.entries( dir ).each{ |f|
-            puts f unless f.start_with?('.')
+          dir ||= "."
+          dir = EnfCli::expand_path(dir)
+
+          Dir.entries(dir).each { |f|
+            puts f unless f.start_with?(".")
           }
         end
       end
 
-      desc "cat <file>", "Display contents of a file", :hide => true
+      desc "cat <file>", "Display contents of a file", hide: true
+
       def cat(file)
         try_with_rescue do
           # expand path
           file = EnfCli::expand_path(file)
-          
+
           ## return if keyfile not found
           raise EnfCli::ERROR, "#{file} not found!" unless File.exists?(file)
 
@@ -351,43 +416,79 @@ module EnfCli
         end
       end
 
-      desc "pwd", "Current Working Directory", :hide => true
+      desc "pwd", "Current Working Directory", hide: true
+
       def pwd
         try_with_rescue do
           say Dir.pwd
         end
       end
 
-      desc "cd [<dir>]", "Change working directory", :hide => true
+      desc "cd [<dir>]", "Change working directory", hide: true
+
       def cd(dir = "~")
         try_with_rescue do
-          dir = EnfCli::expand_path( dir )
+          dir = EnfCli::expand_path(dir)
           raise EnfCli::ERROR, "No such directory #{dir}" unless Dir.exist?(dir)
+
           Dir.chdir(dir)
         end
       end
 
-      desc "host", "Display ENF Controller host", :hide => true
+      desc "host", "Display ENF Controller host", hide: true
+
       def host
         try_with_rescue do
           say EnfCli::CTX.instance.host, :bold
         end
       end
-      
-      desc "clear", "Clear Terminal Screen", :hide => true
+
+      desc "clear", "Clear Terminal Screen", hide: true
+
       def clear
         try_with_rescue do
           clear_code = %x{clear}
           print clear_code or system("cls")
         end
       end
-      
+
+      desc "display-session-token", "Gets the current session token"
+
+      def display_session_token
+        try_with_rescue_in_session do
+          say EnfCli::CTX.instance.auth_token.to_s
+        end
+      end
+
+      desc "refresh-session-token", "Refreshes the current session token"
+
+      def refresh_session_token
+        try_with_rescue_in_session do
+          # Get user and host
+          host = EnfCli::CTX.instance.host
+          user = EnfCli::CTX.instance.user
+
+          # Ask for password
+          say "Refreshing session token.....", :bold
+          password = EnfCli::ask_password()
+
+          # Authenticate
+          resp = EnfApi::API.instance.authenticate(host, user, password)
+
+          # update session
+          EnfCli::CTX.instance.session = resp[:data][0]
+
+          # display success
+          say "Refreshed session token!", :green
+        end
+      end
+
       desc "#{EnfCli::NETWORK_CMD} COMMANDS", "#{EnfCli::NETWORK_CMD} commands"
       subcommand EnfCli::NETWORK_CMD, EnfCli::Cmd::Xcr
-      
+
       desc "#{EnfCli::IAM_CMD} COMMANDS", "#{EnfCli::IAM_CMD} commands"
       subcommand EnfCli::IAM_CMD, EnfCli::Cmd::Xiam
-      
+
       desc "#{EnfCli::FIREWALL_CMD} COMMANDS", "#{EnfCli::FIREWALL_CMD} commands"
       subcommand EnfCli::FIREWALL_CMD, EnfCli::Cmd::Xfw
 
@@ -401,5 +502,4 @@ module EnfCli
       subcommand EnfCli::DNS_CMD, EnfCli::Cmd::Xdns
     end
   end
-  
 end