fabric 0.2.0

data/lib/fabric/grant.rb

@@ -0,0 +1,8 @@
+class Grant
+  include DataMapper::Resource
+
+  property :id,   Serial
+  
+  belongs_to :user
+  belongs_to :role
+end

data/lib/fabric/group.rb

@@ -0,0 +1,8 @@
+class Group
+  include DataMapper::Resource
+
+  property :id,     Serial
+  property :name,   String
+  
+  belongs_to :user
+end

data/lib/fabric/key.rb

@@ -0,0 +1,8 @@
+class Key
+  include DataMapper::Resource
+
+  property :id,     Serial
+  property :public_key,    Text
+  
+  belongs_to :user
+end

data/lib/fabric/map.rb

@@ -0,0 +1,102 @@
+class Map
+  include DataMapper::Resource
+
+  property :id,     Serial
+  property :key_repository, String, :default => 'keys'
+  
+  has n, :roles
+  has n, :users
+  
+  belongs_to :parent, :model => Map, :required => false
+  
+  after :create do
+    self.users += self.parent.users if self.parent
+  end
+  
+  after :key_repository= do |*args|
+    unless File.exists?(self.expanded_key_repository_path)
+      raise LoadError, "Could not load key repository - #{self.expanded_key_repository_path}"
+    end
+  end
+    
+  def self.draw(opts = {})
+    map = Map.create(opts)
+    yield map if block_given?
+    map.read!
+
+    map
+  end
+    
+  def read!
+    self.roles.all.each do |role|
+      role.update_user_access!
+    end
+    true
+  end
+  
+  def key_repository(repo = nil)
+    if repo
+      self.key_repository = repo
+    end
+    
+    @key_repository
+  end
+  
+  def expanded_key_repository_path
+    File.join(Fabric.options(:map_root), self.key_repository)
+    # self.key_repository
+  end
+  
+  def role(name, *hosts)
+    role = self.roles.create(:name => name.to_s)
+    hosts.each do |host|
+      role.servers.create(:host => host)
+    end
+
+    role.save
+  end
+    
+  def user(*names)
+    names.each do |name|
+      user = self.users.create(:name => name.to_s)
+      self.load_keys_from_repository(user)
+    end
+  end
+  
+  def grant(user_opts, role_opts, opts = {})
+    users = load_by_attribute(:users, :name, user_opts)
+    roles = load_by_attribute(:roles, :name, role_opts)
+    
+    roles.each do |role|
+      role.users += users
+    end
+  end
+  
+  def namespace(&block)
+    self.class.draw(:parent => self, &block)
+  end
+  
+  protected
+  def load_keys_from_repository(user)
+    path = File.join(self.expanded_key_repository_path, "#{user.name}.pub")
+    narrate "Looking for key for #{user.name} in #{path}"
+    
+    if File.exists?(path)
+      user.keys.create(:public_key => File.read(path))
+    end
+  end
+
+  def load_association(klass, opts = {})
+    association = self.send(klass.to_sym).all(opts)
+    raise DataMapper::ObjectNotFoundError if association.empty?
+    association
+  end
+  
+  def load_by_attribute(klass, attribute, opts = {})
+    if opts == :all
+      load_association(klass)
+    else
+      load_association(klass, attribute.to_sym => opts)
+    end
+  end
+end

data/lib/fabric/role.rb

@@ -0,0 +1,24 @@
+class Role
+  include DataMapper::Resource
+
+  property :id,     Serial
+  property :name,   String
+  
+  has n, :servers
+  has n, :grants
+  has n, :users, :through => :grants
+  
+  belongs_to :map, :required => false
+  
+  def narrate_as
+    "role - #{self.name}"
+  end
+    
+  def update_user_access!
+    narrate "Updating role"
+    self.servers.each do |server|
+      server.install_accounts!
+      server.remove_dead_accounts
+    end
+  end
+end

data/lib/fabric/server.rb

@@ -0,0 +1,148 @@
+require 'net/ssh'
+
+class Server
+  include DataMapper::Resource
+
+  property :id,     Serial
+  property :host,   Text
+  property :runner, Text
+  
+  belongs_to :role, :required => false
+
+  has n, :captures
+
+  after :create do
+    self.add_captures :output, :errors
+  end
+  
+  def narrate_as
+    self.host
+  end
+
+  def execute_command(command)
+    self.clear_captures!
+    
+    narrate "executing: #{command}"
+  
+    self.connection.open_channel do |channel, success|
+      # Works without this with passwordless sudo locally - with it on, errors end up in on_data, not on_extended_data, annoyingly.
+      channel.request_pty
+
+      channel.exec command do |ch, success|
+
+        # "on_extended_data" is called when the process writes something to stderr
+        ch.on_extended_data do |c, type, data|
+          self.capture :errors, data
+        end
+
+        # "on_data" is called when the process writes something to stdout
+        ch.on_data do |c, data|
+          self.capture :output, data
+        end
+      end
+    end
+
+    self.connection.loop
+  end
+    
+  def output
+    self.captures.first(:name => 'output').contents
+  end
+  
+  def errors
+    self.captures.first(:name => 'errors').contents
+  end
+
+  def accounts
+    return [] unless self.role
+    @accounts ||= self.role.users.collect { |user| Account.create(:user => user, :server => self) }
+  end
+
+  def should_account_exist_for?(user)
+    self.accounts.include?(user)
+  end
+  
+  def account_exists_for?(user)
+    self.execute_command("id #{user.name}")
+
+    if self.output =~ /uid=/
+      true
+    else
+      false
+    end
+  end
+
+  def delete_account_for(user)
+    narrate "Deleting dead account for #{user.name}"
+    self.execute_command("sudo /usr/sbin/userdel --remove #{user.name}")
+  end
+  
+  def install_accounts!
+    narrate "Installing accounts"
+    self.accounts.each do |account|
+      account.add_user
+      account.add_ssh_directory
+      account.write_ssh_key
+      account.add_to_groups
+    end
+  end
+  
+  def remove_dead_accounts
+    accounts_to_remove.each do |user|
+      self.delete_account_for(user)
+    end
+    narrate "Dead accounts removed"
+  end
+  
+  def accounts_to_add
+    self.role.users.select do |user|
+      not self.account_exists_for?(user)
+    end
+  end
+  
+  def accounts_to_remove
+    narrate "Checking for dead accounts"
+    users = User.all
+
+    users.reject do |user|
+      self.should_account_exist_for?(user) and self.account_exists_for?(user)
+    end
+  end
+        
+  def create_group(group)
+    self.execute_command("sudo /usr/sbin/groupadd #{group.name}")
+  end
+  
+  def is_running_plesk?
+    self.execute_command("if [ -d /usr/local/psa ]; then echo 'plesk'; else echo 'not plesk'; fi")
+
+    case self.output.strip
+      when 'plesk' then true
+      when 'not plesk' then false
+      else raise "Couldn't detect if this server is running plesk."
+    end
+  end
+
+  protected
+  attr_writer :connection
+
+  def connection
+    @connection ||= Net::SSH.start(self.host, self.runner)
+  end
+  
+  def add_captures(*names)
+    names.each do |name|          
+      self.captures.create(:name => name)
+    end
+  end
+  
+  def capture(capture, data)
+    self.captures.first(:name => capture.to_s).append(data)
+  end
+  
+  def clear_captures!  
+    self.captures.each do |capture|
+      capture.clear!
+    end    
+  end
+end

data/lib/fabric/user.rb

@@ -0,0 +1,33 @@
+class User
+  include DataMapper::Resource
+
+  property :id,     Serial
+  property :name,   String
+  
+  has n, :keys
+  has n, :groups
+  has n, :grants
+  
+  belongs_to :map, :required => false
+  
+  def authorized_keys_file
+    authorized_keys = self.keys.inject('') do |authorized_keys, key|
+      authorized_keys << key.public_key
+    end
+    
+    raise "User #{self.name} has a blank SSH key - this is not permitted" if authorized_keys.blank?
+    authorized_keys  
+  end
+  
+  def authorized_keys_file_path
+    "/home/#{self.name}/.ssh/authorized_keys"
+  end
+  
+  def home_directory_path
+    "/home/#{self.name}/"
+  end
+  
+  def ssh_config_directory_path
+    "/home/#{self.name}/.ssh/"
+  end
+end

data/lib/initialisers/data_mapper.rb

@@ -0,0 +1,4 @@
+require 'dm-core'
+
+DataMapper.setup(:default, "sqlite3::memory:")
+DataMapper.auto_migrate!

data/spec/classes/account_spec.rb

@@ -0,0 +1,92 @@
+require File.dirname(__FILE__) + '/../spec_helper.rb'
+
+describe Account do
+  before(:each) do
+    @account = Account.create(
+      :server => Server.create(:host => TEST_SERVER),
+      :user => User.create(:name => TEST_USER)
+    )
+
+    @server = @account.server
+    @user = @account.user
+  end
+  
+  after(:each) do 
+    @server.execute_command("sudo /usr/sbin/userdel --remove #{TEST_USER}")
+  end
+  
+  describe "with a user" do  
+    it "should create a user on a server" do
+      @account.add_user
+      @server.execute_command("id #{@user.name}")
+      @server.output.should_not == ''
+    end
+  
+    it "should ensure that user's home directory has the correct permissions" do
+      @account.add_user
+      @server.execute_command("sudo ls -la /home | grep #{@user.name}")
+      @server.output.should =~ /^drwxr-xr-x/
+    end
+  end
+  
+  describe "with a user in a group" do
+    before(:each) do
+      @account.add_user
+      @user.groups.new(:name => TEST_GROUP)
+      @server.execute_command("sudo /usr/sbin/groupadd #{TEST_GROUP}")
+    end
+    
+    after(:each) do
+      @server.execute_command("sudo /usr/sbin/groupdel #{TEST_GROUP}")
+    end
+
+    it "should add the user to that group" do
+      @account.add_to_groups
+
+      @server.execute_command("groups #{@user.name}")
+      @server.output.should =~ / ?#{TEST_GROUP} ?/
+    end
+  end
+  
+  describe "with a user with an ssh key" do
+    before(:each) do
+      @account.add_user
+      @account.add_ssh_directory    
+      @key_text = 'this is a key'
+      @user.keys.create(:public_key => @key_text)
+    end
+    
+    describe "on a server" do
+      before(:each) do
+        @account.write_ssh_key
+      end
+
+      it "should have the correct permissions" do
+        @server.execute_command("sudo ls -la /home/#{@user.name}/.ssh/authorized_keys")
+        @server.output.should =~ /^-rw-------/        
+      end
+    end
+    
+    describe "to be added" do
+      it "should add that key" do
+        @account.write_ssh_key
+        @server.execute_command("sudo cat /home/#{@user.name}/.ssh/authorized_keys")
+        @server.output.strip.should == @key_text
+      end
+    end
+
+    describe "to be updated" do
+      before(:each) do
+        @account.write_ssh_key
+        @updated_key = 'this is also a key'
+        @user.keys.first.public_key = @updated_key
+      end
+
+      it "should update that key" do
+        @account.write_ssh_key
+        @server.execute_command("sudo cat /home/#{@user.name}/.ssh/authorized_keys")
+        @server.output.strip.should == @updated_key
+      end
+    end
+  end
+end

data/spec/classes/capture_spec.rb

@@ -0,0 +1,28 @@
+require File.dirname(__FILE__) + '/../spec_helper.rb'
+
+describe Capture do
+  it "should be blank when just created" do
+    Capture.create.contents.should == ''
+  end
+  
+  it "should append data to existing" do
+    capture = Capture.create
+    data1 = 'hello'
+    data2 = 'world'
+    
+    capture.append(data1)
+    capture.contents.should == data1
+    
+    capture.append(data2)
+    capture.contents.should == data1 + data2
+  end
+  
+  it "can clear its data" do
+    capture = Capture.create
+    capture.append('hello world')
+    
+    capture.clear!
+    
+    capture.contents.should == ''
+  end
+end