heirloom 0.5.0rc2 → 0.5.0rc3

data/CHANGELOG

@@ -1,13 +1,21 @@
 ## v0.5.0:
 
-* Added check to verify domain exists for all cmds except build
+* Verify domain exists for all cmds except build & download
 * Removing requirement to check simpledb on download.
-* Adding requirement base_prefix on download.
+* Adding requirement for base_prefix on download.
 * Fix error when .heirloom.yml does not exist.
 * Refactor cli option validation
 * Refactor cli specs
 * Add -x to download to extract heirloom to given output path
 * Verify -o specified in download is a directory
+* Requiring -d for builds (will no longer default to .)
+* Remove new lines from values of git comments
+* Verify directory given at build is a directory
+* Support archiving directories outside the cwd.
+* Fixed bug in git repo verification on build.
+* Added support for encryption
+* Removed short name and changed long name for AWS CLI Creds
+* Adding encrypted attribute by default
 
 ## v0.4.0:
 

data/lib/heirloom.rb

@@ -1,10 +1,10 @@
-require "heirloom/misc"
 require "heirloom/config"
 require "heirloom/acl"
 require "heirloom/aws"
 require "heirloom/logger"
 require "heirloom/archive"
 require "heirloom/directory"
+require "heirloom/cipher"
 require "heirloom/uploader"
 require "heirloom/downloader"
 require "heirloom/destroyer"

data/lib/heirloom/archive.rb

@@ -4,7 +4,7 @@ require 'heirloom/archive/builder.rb'
 require 'heirloom/archive/updater.rb'
 require 'heirloom/archive/uploader.rb'
 require 'heirloom/archive/downloader.rb'
-require 'heirloom/archive/extracter.rb'
+require 'heirloom/archive/writer.rb'
 require 'heirloom/archive/authorizer.rb'
 require 'heirloom/archive/destroyer.rb'
 require 'heirloom/archive/verifier.rb'
@@ -68,10 +68,6 @@ module Heirloom
       lister.list(limit)
     end
 
-    def cleanup
-      builder.cleanup
-    end
-
     def regions
       reader.regions
     end

data/lib/heirloom/archive/builder.rb

@@ -18,12 +18,15 @@ module Heirloom
 
     def build(args)
       @source = args[:directory] ||= '.'
+      @secret = args[:secret]
 
       directory = Directory.new :path      => @source,
                                 :exclude   => args[:exclude],
                                 :config    => @config
 
-      return false unless directory.build_artifact_from_directory
+      unless directory.build_artifact_from_directory :secret => @secret
+        return false
+      end
 
       @local_build = directory.local_build
 
@@ -36,11 +39,6 @@ module Heirloom
       @local_build
     end
 
-    def cleanup
-      @logger.info "Cleaning up local build #{@local_build}."
-      File.delete @local_build
-    end
-
     private
 
     def add_git_commit
@@ -49,14 +47,14 @@ module Heirloom
       if commit
         add_git_commit_to_artifact_record commit
       else
-        @logger.warn "Could not find Git sha: #{@id}."
+        @logger.warn "Could not load Git sha '#{@id}' in '#{@source}'."
       end
     end
 
     def add_git_commit_to_artifact_record(commit)
       attributes = { 'sha'             => @id,
                      'abbreviated_sha' => commit.id_abbrev,
-                     'message'         => commit.message,
+                     'message'         => commit.message.gsub("\n"," "),
                      'author'          => commit.author.name }
 
       attributes.each_pair do |k, v|
@@ -67,15 +65,16 @@ module Heirloom
     end
 
     def create_artifact_record
-      attributes = { 'built_by' => "#{user}@#{hostname}",
-                     'built_at' => Time.now.utc.iso8601,
-                     'id'       => @id }
+      attributes = { 'built_by'  => "#{user}@#{hostname}",
+                     'built_at'  => Time.now.utc.iso8601,
+                     'encrypted' => encrypted?,
+                     'id'        => @id }
       @logger.info "Create artifact record #{@id}."
       sdb.put_attributes @domain, @id, attributes
     end
 
-    def sdb
-      @sdb ||= AWS::SimpleDB.new :config => @config
+    def encrypted?
+      @secret != nil
     end
 
     def user
@@ -86,5 +85,9 @@ module Heirloom
       Socket.gethostname
     end
 
+    def sdb
+      @sdb ||= AWS::SimpleDB.new :config => @config
+    end
+
   end
 end

data/lib/heirloom/archive/downloader.rb

@@ -2,8 +2,6 @@ module Heirloom
 
   class Downloader
 
-    include Heirloom::Misc::Tmp
-
     def initialize(args)
       @config = args[:config]
       @name = args[:name]
@@ -12,31 +10,34 @@ module Heirloom
     end
 
     def download(args)
-      region = args[:region]
-      base_prefix = args[:base_prefix]
+      @region = args[:region]
+      @base_prefix = args[:base_prefix]
       extract = args[:extract]
+      secret = args[:secret]
       output = args[:output] ||= './'
 
+      @logger.info "Downloading s3://#{bucket}/#{key} from #{@region}."
+
       s3_downloader = Downloader::S3.new :config => @config,
                                          :logger => @logger,
-                                         :region => region
+                                         :region => @region
 
-      bucket = get_bucket :region => region, :base_prefix => base_prefix
+      raw_archive = s3_downloader.download_file :bucket => bucket,
+                                                :key    => key
 
-      @logger.info "Downloading s3://#{bucket}/#{key} from #{region}."
-      archive = s3_downloader.download_file :bucket => bucket,
-                                            :key    => key
+      archive = cipher_data.decrypt_data :data   => raw_archive,
+                                         :secret => secret
 
-      if extract
-        extracter = Extracter.new :config => @config
-        extracter.extract :archive => archive, :output => output
-      else
-        output_file = File.join output, file
-        @logger.info "Writing archive to '#{output_file}'."
-        File.open(output_file, 'w') { |local_file| local_file.write archive }
-      end
+      return false unless archive
+
+      return false unless writer.save_archive :archive => archive, 
+                                              :output  => output,
+                                              :file    => file,
+                                              :extract => extract
 
       @logger.info "Download complete."
+
+      output
     end
 
     private
@@ -49,9 +50,16 @@ module Heirloom
       "#{@name}/#{file}"
     end
 
-    def get_bucket(args)
-      "#{args[:base_prefix]}-#{args[:region]}"
+    def bucket
+      "#{@base_prefix}-#{@region}"
     end
 
+    def writer
+      @writer ||= Writer.new :config => @config
+    end
+
+    def cipher_data
+      @cipher_data ||= Cipher::Data.new :config => @config
+    end
   end
 end

data/lib/heirloom/archive/writer.rb

@@ -0,0 +1,52 @@
+module Heirloom
+  class Writer
+
+    def initialize(args)
+      @config = args[:config]
+      @logger = @config.logger
+    end
+
+    def save_archive(args)
+      @output  = args[:output]
+      @file    = args[:file]
+      @archive = args[:archive]
+      @extract = args[:extract]
+
+      @extract ? extract_archive : write_archive
+    end
+
+    private
+
+    def extract_archive
+      @tmp_archive = Tempfile.new('archive.tar.gz').path
+
+      create_tmp_archive 
+      extract_tmp_archive
+    end
+
+    def write_archive
+      output_file = File.join @output, @file
+      @logger.info "Writing archive to '#{output_file}'."
+      File.open(output_file, 'w') { |local_file| local_file.write @archive }
+    end
+
+    def create_tmp_archive
+      File.open(@tmp_archive, 'w') { |local_file| local_file.write @archive }
+    end
+
+    def extract_tmp_archive
+      @logger.info "Extracting archive to '#{@output}'."
+      cmd = "tar xzf #{@tmp_archive} -C #{@output}"
+      @logger.debug "Executing '#{cmd}'."
+      `#{cmd}`
+      if $?.success?
+        @logger.debug "Archive succesfully extracted."
+        true
+      else
+        @logger.error "Error extracting archive."
+        false
+      end
+    end
+
+  end
+end

data/lib/heirloom/cipher.rb

@@ -0,0 +1,2 @@
+require 'heirloom/cipher/data'
+require 'heirloom/cipher/file'

data/lib/heirloom/cipher/data.rb

@@ -0,0 +1,33 @@
+require 'openssl'
+
+module Heirloom
+  module Cipher
+    class Data
+
+      def initialize(args)
+        @config = args[:config]
+        @logger = @config.logger
+      end
+
+      def decrypt_data(args)
+        data   = args[:data]
+        secret = args[:secret]
+
+        return data unless secret
+
+        @logger.info "Secret provided. Decrypting archive."
+
+        @aes = OpenSSL::Cipher::AES256.new(:CBC)
+        @aes.decrypt
+        @aes.key = secret
+        @aes.iv = data.slice!(0,16)
+        begin
+          @aes.update(data) + @aes.final
+        rescue OpenSSL::Cipher::CipherError => e
+          @logger.error "Unable to decrypt archive: '#{e.message}'"
+          false
+        end
+      end
+    end
+  end
+end

data/lib/heirloom/cipher/file.rb

@@ -0,0 +1,41 @@
+require 'openssl'
+require 'tempfile'
+
+module Heirloom
+  module Cipher
+    class File
+
+      def initialize(args)
+        @config = args[:config]
+        @aes = OpenSSL::Cipher::AES256.new(:CBC)
+      end
+
+      def encrypt_file(args)
+        file   = args[:file]
+        secret = args[:secret]
+        output = Tempfile.new('archive.tar.gz.enc')
+        iv     = @aes.random_iv
+
+        @aes.encrypt
+        @aes.iv = iv
+        @aes.key = secret
+
+        # Need to refactor to be less complex
+        # Additionally tests to do fully cover logic
+        ::File.open(output,'w') do |enc|
+          enc << iv
+          ::File.open(file) do |f|
+            loop do
+              r = f.read(4096)
+              break unless r
+              enc << @aes.update(r)
+            end
+          end
+          enc << @aes.final
+        end
+        output.path
+      end
+
+    end
+  end
+end

data/lib/heirloom/cli/authorize.rb

@@ -45,11 +45,13 @@ EOS
                                                                                                 :multi => true
           opt :help, "Display Help"
           opt :id, "ID of the archive to authorize.", :type => :string
-          opt :key, "AWS Access Key", :type => :string
           opt :level, "Log level [debug|info|warn|error].", :type    => :string,
                                                             :default => 'info'
-          opt :secret, "AWS Secret Access Key", :type => :string
           opt :name, "Name of archive.", :type => :string
+          opt :aws_access_key, "AWS Access Key ID", :type => :string, 
+                                                    :short => :none
+          opt :aws_secret_key, "AWS Secret Access Key", :type => :string, 
+                                                        :short => :none
         end
       end
 

data/lib/heirloom/cli/build.rb

@@ -27,19 +27,22 @@ module Heirloom
           exit 1
         end
 
+        ensure_directory :path => @opts[:directory], :config => @config
+        ensure_valid_secret :secret => @opts[:secret], :config => @config
+
         @archive.destroy if @archive.exists?
                           
         build = @archive.build :bucket_prefix => @opts[:base_prefix],
                                :directory     => @opts[:directory],
                                :exclude       => @opts[:exclude],
-                               :git           => @opts[:git]
+                               :git           => @opts[:git],
+                               :secret        => @opts[:secret]
 
         if build
           @archive.upload :bucket_prefix   => @opts[:base_prefix],
                           :regions         => @opts[:region],
                           :public_readable => @opts[:public],
                           :file            => build
-          @archive.cleanup
         else
           @logger.error "Build failed."
           exit 1
@@ -57,17 +60,15 @@ Build and upload a new archive.
 
 Usage:
 
-heirloom build -n NAME -i ID -b BASE_PREFIX -r REGION1 -r REGION2 [-d DIRECTORY_TO_BUILD] [-p] [-g] [-e DIRECTORY_TO_EXCLUDE] [-l LOG_LEVEL]
+heirloom build -n NAME -i ID -b BASE_PREFIX -r REGION1 -r REGION2 -d DIRECTORY_TO_BUILD
 
 EOS
           opt :base_prefix, "Base bucket prefix which will be combined with region. \
-For example: -b 'test' -r 'us-west-1'  will expect bucket 'test-us-west-1' to be present", :type => :string
-          opt :directory, "Source directory of build.", :type    => :string, 
-                                                        :default => '.'
+For example: -b 'test' -r 'us-west-1'  will expect bucket 'test-us-west-1' \
+to be present", :type => :string
+          opt :directory, "Source directory of build.", :type  => :string
           opt :exclude, "File(s) or directorie(s) to exclude. \
-Can be specified multiple times.", :type  => :string, 
-                                   :multi => true
-          opt :key, "AWS Access Key ID", :type => :string
+Can be specified multiple times.", :type  => :string, :multi => true
           opt :git, "Read git commit information from directory and set as archive attributes."
           opt :help, "Display Help"
           opt :id, "ID for archive (when -g specified, assumed to be GIT sha).", :type => :string
@@ -75,9 +76,13 @@ Can be specified multiple times.", :type  => :string,
                                                             :default => 'info'
           opt :name, "Name of archive.", :type => :string
           opt :public, "Set this archive as public readable?"
-          opt :region, "Region(s) to upload archive.  Can be specified multiple times.", :type  => :string,
-                                                                                   :multi => true
-          opt :secret, "AWS Secret Access Key", :type => :string
+          opt :region, "Region(s) to upload archive. \
+Can be specified multiple times.", :type  => :string, :multi => true
+          opt :secret, "Encrypt the archive with given secret.", :type => :string
+          opt :aws_access_key, "AWS Access Key ID", :type => :string, 
+                                                    :short => :none
+          opt :aws_secret_key, "AWS Secret Access Key", :type => :string, 
+                                                        :short => :none
         end
       end
 

data/lib/heirloom/cli/destroy.rb

@@ -38,16 +38,18 @@ Destroy an archive.
 
 Usage:
 
-heirloom destroy -n NAME -i ID [-l LOG_LEVEL]
+heirloom destroy -n NAME -i ID
 
 EOS
           opt :help, "Display Help"
           opt :id, "ID of the archive to display.", :type => :string
-          opt :key, "AWS Access Key ID", :type => :string
           opt :level, "Log level [debug|info|warn|error].", :type    => :string,
                                                             :default => 'info'
           opt :name, "Name of archive.", :type => :string
-          opt :secret, "AWS Secret Access Key", :type => :string
+          opt :aws_access_key, "AWS Access Key ID", :type => :string, 
+                                                    :short => :none
+          opt :aws_secret_key, "AWS Secret Access Key", :type => :string, 
+                                                        :short => :none
         end
       end
     end