httpd_configmap_generator 0.1.1 → 0.3.0

data/bin/httpd_configmap_generator

@@ -7,8 +7,8 @@
 # -o filename: for the generated auth-config map.
 #
 
-require "bundler/setup"
-require "trollop"
+Dir.chdir(__dir__) { require "bundler/setup" }
+require "optimist"
 require "httpd_configmap_generator"
 
 CMD = File.basename($PROGRAM_NAME)
@@ -20,62 +20,63 @@ end
 
 module HttpdConfigmapGenerator
   class Cli
-    def parse_arguments(auth_config)
-      opts = Trollop.options do
+    SUB_COMMANDS = [HttpdConfigmapGenerator.supported_auth_types] | %w(update export)
+
+    def run
+      Optimist.options do
         version("#{CMD} #{HttpdConfigmapGenerator::VERSION} - External Authentication Configuration script")
         banner <<-EOS
 #{version}
 
 Usage: #{CMD} auth_type | update | export [--help | options]
 
+supported auth_type: #{HttpdConfigmapGenerator.supported_auth_types.sort.join(', ')}
+
 #{CMD} options are:
       EOS
         opt :version, "Version of the #{CMD} command",
             :default => false, :short => "-V"
-        auth_config.required_options.each do |key, key_options|
-          opt key, key_options[:description], HttpdConfigmapGenerator::Cli.options_for(key_options, true)
-        end
-        auth_config.optional_options.each do |key, key_options|
-          opt key, key_options[:description], HttpdConfigmapGenerator::Cli.options_for(key_options)
-        end
-      end
-      opts
-    end
-
-    def run_configure(auth_type)
-      begin
-        auth_config = HttpdConfigmapGenerator.new_config(auth_type)
-      rescue => err
-        error_msg(err.to_s)
+        stop_on(SUB_COMMANDS)
       end
 
-      auth_config.run_configure(parse_arguments(auth_config))
-    end
+      auth_type = ARGV.shift
+      Optimist.die "Must specify an authentication type" if auth_type.nil?
 
-    def run_update
       begin
-        auth_config = HttpdConfigmapGenerator::Update.new
+        auth_config =
+          case auth_type
+          when "update" then HttpdConfigmapGenerator::Update.new
+          when "export" then HttpdConfigmapGenerator::Export.new
+          else HttpdConfigmapGenerator.new_config(auth_type)
+          end
       rescue => err
         error_msg(err.to_s)
       end
 
-      auth_config.update(parse_arguments(auth_config))
-    end
-
-    def run_export
-      begin
-        auth_config = HttpdConfigmapGenerator::Export.new
-      rescue => err
-        error_msg(err.to_s)
+      params = Optimist.options do
+        auth_config.required_options.each do |key, key_options|
+          opt key, key_options[:description], HttpdConfigmapGenerator::Cli.options_for(key_options, true)
+        end
+        auth_config.optional_options.each do |key, key_options|
+          opt key, key_options[:description], HttpdConfigmapGenerator::Cli.options_for(key_options)
+        end
       end
 
-      auth_config.export(parse_arguments(auth_config))
+      case auth_type
+      when "update" then auth_config.update(params)
+      when "export" then auth_config.export(params)
+      else auth_config.run_configure(params)
+      end
     end
 
     def self.options_for(key_options, required = false)
       options = {}
-      options[:default] = key_options.key?(:default) ? key_options[:default] : ""
-      options[:required] = true if required
+      if key_options[:default].nil?
+        options[:type] = key_options[:type] || :string
+      else
+        options[:default] = key_options[:default]
+      end
+      options[:required] = required
       options[:short]    = key_options[:short] if key_options[:short]
       options[:multi]    = key_options[:multi] if key_options[:multi]
       options
@@ -83,19 +84,4 @@ Usage: #{CMD} auth_type | update | export [--help | options]
   end
 end
 
-if ARGV.empty?
-  error_msg("
-Usage: #{CMD} auth_type | update | export [--help | options]
-Supported auth_type: #{HttpdConfigmapGenerator.supported_auth_types.join(', ')}
-")
-else
-  auth_type = ARGV.shift
-  case auth_type
-  when "update"
-    HttpdConfigmapGenerator::Cli.new.run_update
-  when "export"
-    HttpdConfigmapGenerator::Cli.new.run_export
-  else
-    HttpdConfigmapGenerator::Cli.new.run_configure(auth_type)
-  end
-end
+HttpdConfigmapGenerator::Cli.new.run

data/httpd_configmap_generator.gemspec

@@ -14,8 +14,10 @@ Gem::Specification.new do |s|
   s.description   = "The Httpd Configmap Generator"
   s.licenses      = ["Apache-2.0"]
 
-  s.files         = `git ls-files -z`.split("\x0").reject do |f|
-    f.match(%r{^(test|spec|features)/})
+  if Dir.exist?(File.join(__dir__, ".git"))
+    s.files = `git ls-files -z`.split("\x0").reject do |f|
+      f.match(%r{^(test|spec|features)/})
+    end
   end
   s.bindir        = "bin"
   s.executables   = s.files.grep(%r{^bin/}) { |f| File.basename(f) } - %w(console setup)
@@ -30,5 +32,5 @@ Gem::Specification.new do |s|
   s.add_dependency "awesome_spawn",        "~> 1.4"
   s.add_dependency "iniparse",             "~> 1.4"
   s.add_dependency "more_core_extensions", "~> 3.4"
-  s.add_dependency "trollop",              "~> 2.1"
+  s.add_dependency "optimist",             "~> 3.0"
 end

data/lib/httpd_configmap_generator.rb

@@ -2,7 +2,9 @@ require "httpd_configmap_generator/version"
 require "httpd_configmap_generator/base"
 require "httpd_configmap_generator/active_directory"
 require "httpd_configmap_generator/ipa"
+require "httpd_configmap_generator/ldap"
 require "httpd_configmap_generator/saml"
+require "httpd_configmap_generator/oidc"
 require "httpd_configmap_generator/update"
 require "httpd_configmap_generator/export"
 require "more_core_extensions/core_ext/hash"

data/lib/httpd_configmap_generator/active_directory.rb

@@ -9,6 +9,8 @@ module HttpdConfigmapGenerator
 
     def required_options
       super.merge(
+        :host        => { :description => "Application Domain",
+                          :short       => "-h" },
         :ad_domain   => { :description => "Active Directory Domain"   },
         :ad_user     => { :description => "Active Directory User"     },
         :ad_password => { :description => "Active Directory Password" }
@@ -34,10 +36,8 @@ module HttpdConfigmapGenerator
         /etc/pam.d/postlogin-ac
         /etc/pam.d/smartcard-auth-ac
         /etc/pam.d/system-auth-ac
-        /etc/resolv.conf
         /etc/sssd/sssd.conf
         /etc/sysconfig/authconfig
-        /etc/sysconfig/network
       )
     end
 

data/lib/httpd_configmap_generator/base.rb

@@ -1,8 +1,8 @@
 require "pathname"
 require "httpd_configmap_generator/base/command"
-require "httpd_configmap_generator/base/config"
+require "httpd_configmap_generator/base/config_helper"
 require "httpd_configmap_generator/base/config_map"
-require "httpd_configmap_generator/base/file"
+require "httpd_configmap_generator/base/file_helper"
 require "httpd_configmap_generator/base/kerberos"
 require "httpd_configmap_generator/base/network"
 require "httpd_configmap_generator/base/pam"
@@ -11,6 +11,13 @@ require "httpd_configmap_generator/base/sssd"
 
 module HttpdConfigmapGenerator
   class Base
+    include Command
+    include ConfigHelper
+    include FileHelper
+    include Kerberos
+    include Network
+    include Pam
+
     APACHE_USER          = "apache".freeze
     HTTP_KEYTAB          = "/etc/http.keytab".freeze
     IPA_COMMAND          = "/usr/bin/ipa".freeze
@@ -47,10 +54,7 @@ module HttpdConfigmapGenerator
 
     def required_options
       {
-        :host   => { :description => "Application Domain",
-                     :short       => "-h" },
-        :output => { :description => "Configuration map file to create",
-                     :short       => "-o" }
+        :output => { :description => "Configuration map file to create", :short => "-o" }
       }
     end
 

data/lib/httpd_configmap_generator/base/command.rb

@@ -2,27 +2,29 @@ require "awesome_spawn"
 
 module HttpdConfigmapGenerator
   class Base
-    def command_run(executable, options = {})
-      if opts && opts[:debug]
-        debug_msg("Running Command: #{AwesomeSpawn.build_command_line(executable, options)}")
+    module Command
+      def command_run(executable, options = {})
+        if opts && opts[:debug]
+          debug_msg("Running Command: #{AwesomeSpawn.build_command_line(executable, options)}")
+        end
+        AwesomeSpawn.run(executable, options)
       end
-      AwesomeSpawn.run(executable, options)
-    end
 
-    def command_run!(executable, options = {})
-      if opts && opts[:debug]
-        debug_msg("Running Command: #{AwesomeSpawn.build_command_line(executable, options)}")
+      def command_run!(executable, options = {})
+        if opts && opts[:debug]
+          debug_msg("Running Command: #{AwesomeSpawn.build_command_line(executable, options)}")
+        end
+        AwesomeSpawn.run!(executable, options)
       end
-      AwesomeSpawn.run!(executable, options)
-    end
 
-    def log_command_error(err)
-      err_msg("Command Error: #{err}")
-      if err.kind_of?(AwesomeSpawn::CommandResultError)
-        err_msg("stdout: #{err.result.output}")
-        err_msg("stderr: #{err.result.error}")
-      else
-        err_msg(err.backtrace)
+      def log_command_error(err)
+        err_msg("Command Error: #{err}")
+        if err.kind_of?(AwesomeSpawn::CommandResultError)
+          err_msg("stdout: #{err.result.output}")
+          err_msg("stderr: #{err.result.error}")
+        else
+          err_msg(err.backtrace)
+        end
       end
     end
   end

data/lib/httpd_configmap_generator/base/config_helper.rb

@@ -0,0 +1,15 @@
+require "active_support"
+require "active_support/core_ext" # for Time.current
+
+module HttpdConfigmapGenerator
+  class Base
+    module ConfigHelper
+      def config_file_backup(path)
+        if File.exist?(path)
+          timestamp = Time.current.strftime(TIMESTAMP_FORMAT)
+          FileUtils.copy(path, "#{path}.#{timestamp}")
+        end
+      end
+    end
+  end
+end

data/lib/httpd_configmap_generator/base/config_map.rb

@@ -16,11 +16,11 @@ module HttpdConfigmapGenerator
       @config_map = template
     end
 
-    def generate(auth_type, realm, file_list)
+    def generate(auth_type, realm = "undefined", file_list = nil, metadata = {})
       info_msg("Generating Auth Config-Map for #{auth_type}")
       @config_map = template(auth_type, realm)
       file_specs = gen_filespecs(file_list)
-      define_configuration(file_specs)
+      define_configuration(file_specs, metadata)
       include_files(file_specs)
     end
 
@@ -71,7 +71,7 @@ module HttpdConfigmapGenerator
       file_specs = []
       file_list.each do |file|
         file_specs << file_entry_spec(file.strip)
-      end
+      end unless file_list.nil?
       file_specs.sort_by { |file_spec| file_spec[:basename] }
     end
 
@@ -84,30 +84,42 @@ module HttpdConfigmapGenerator
       file_specs = []
       file_list.each do |file_to_add|
         file_spec = file_to_add.split(",").map(&:strip)
-        case file_spec.length
-        when 1
-          file = file_spec.first
-          file_entry = file_entry_spec(file)
-        when 2
-          source_file, target_file = file_spec
-          raise "Must specify a mode for URL file sources" if source_file =~ URI.regexp(%w(http https))
-          file_entry = file_entry_spec(source_file, target_file)
-        when 3
-          source_file, target_file, mode = file_spec
-          if source_file =~ URI.regexp(%w(http https))
-            fetch_network_file(source_file, target_file)
-            file_entry = file_entry_spec(target_file, target_file, mode)
+        file_entry =
+          case file_spec.length
+          when 1
+            file_entry_spec(file_spec.first)
+          when 2
+            source_file, target_file = file_spec
+            file_entry_for_source_target(source_file, target_file)
+          when 3
+            source_file, target_file, mode = file_spec
+            file_entry_for_source_target_mode(source_file, target_file, mode)
           else
-            file_entry = file_entry_spec(source_file, target_file, mode)
+            raise "Invalid file specification #{file_to_add}"
           end
-        else
-          raise "Invalid file specification #{file_to_add}"
-        end
         file_specs << file_entry
       end
       file_specs.sort_by { |file_spec| file_spec[:basename] }
     end
 
+    def file_entry_for_source_target(source_file, target_file)
+      raise "Must specify a mode for URL file sources" if source_file =~ URI.regexp(%w(http https))
+      file_entry = file_entry_spec(source_file, target_file)
+      file_entry[:source_file] = source_file
+      file_entry
+    end
+
+    def file_entry_for_source_target_mode(source_file, target_file, mode)
+      if source_file =~ URI.regexp(%w(http https))
+        fetch_network_file(source_file, target_file)
+        file_entry = file_entry_spec(target_file, target_file, mode)
+      else
+        file_entry = file_entry_spec(source_file, target_file, mode)
+        file_entry[:source_file] = source_file
+      end
+      file_entry
+    end
+
     def file_entry_spec(source_file, target_file = nil, mode = nil)
       target_file = source_file.dup unless target_file
       unless mode
@@ -123,7 +135,7 @@ module HttpdConfigmapGenerator
       }
     end
 
-    def update_configuration(file_specs)
+    def update_configuration(file_specs, metadata={})
       auth_configuration = fetch_auth_configuration
       return define_configuration(file_specs) unless auth_configuration
       # first, remove any file_specs references in the file list, we don't want duplication here.
@@ -134,7 +146,7 @@ module HttpdConfigmapGenerator
       end
       auth_configuration = auth_configuration.join("\n") + "\n"
       # now, append any of the new file_specs at the end of the list.
-      append_configuration(auth_configuration, file_specs)
+      append_configuration(auth_configuration, file_specs, metadata)
     end
 
     def search_file_entry(target_file)
@@ -145,14 +157,14 @@ module HttpdConfigmapGenerator
       entry ? entry.first.split('=')[1].strip.split(' ') : nil
     end
 
-    def define_configuration(file_specs)
+    def define_configuration(file_specs, metadata={})
       auth_configuration = "# External Authentication Configuration File\n#\n"
-      append_configuration(auth_configuration, file_specs)
+      append_configuration(auth_configuration, file_specs, metadata)
     end
 
     def include_files(file_specs)
       file_specs.each do |file_spec|
-        content = File.read(file_spec[:target])
+        content = File.read(file_spec[:source_file] || file_spec[:target])
         content = Base64.encode64(content) if file_spec[:binary]
         # encode(:universal_newline => true) will convert \r\n to \n, necessary for to_yaml to render properly.
         config_map[DATA_SECTION].merge!(file_basename(file_spec) => content.encode(:universal_newline => true))
@@ -163,12 +175,17 @@ module HttpdConfigmapGenerator
       file_spec[:binary] ? "#{file_spec[:basename]}.base64" : file_spec[:basename]
     end
 
-    def append_configuration(auth_configuration, file_specs)
+    def append_configuration(auth_configuration, file_specs, metadata)
       file_specs.each do |file_spec|
         debug_msg("Adding file #{file_spec[:target]} ...")
         auth_configuration += "file = #{file_basename(file_spec)} #{file_spec[:target]} #{file_spec[:mode]}\n"
       end
       config_map[DATA_SECTION] ||= {}
+
+      metadata.each do |key, value|
+        config_map[DATA_SECTION].merge!(key => value)
+      end
+
       config_map[DATA_SECTION].merge!(AUTH_CONFIGURATION => auth_configuration)
     end
 

data/lib/httpd_configmap_generator/base/file_helper.rb

@@ -0,0 +1,67 @@
+require "pathname"
+
+module HttpdConfigmapGenerator
+  class Base
+    module FileHelper
+      def template_directory
+        @template_directory ||=
+          Pathname.new(Gem::Specification.find_by_name("httpd_configmap_generator").full_gem_path).join("templates")
+      end
+
+      def cp_template(file, src_dir, dest_dir = "/")
+        src_path  = path_join(src_dir, file)
+        dest_path = path_join(dest_dir, file.gsub(".erb", ""))
+        if src_path.to_s.include?(".erb")
+          File.write(dest_path, ERB.new(File.read(src_path), nil, '-').result(binding))
+        else
+          FileUtils.cp(src_path, dest_path)
+        end
+      end
+
+      def delete_target_file(file_path)
+        if File.exist?(file_path)
+          if opts[:force]
+            info_msg("File #{file_path} exists, forcing a delete")
+            File.delete(file_path)
+          else
+            raise "File #{file_path} already exist"
+          end
+        end
+      end
+
+      def create_target_directory(file_path)
+        dirname = File.dirname(file_path)
+        return if File.exist?(dirname)
+        debug_msg("Creating directory #{dirname} ...")
+        FileUtils.mkdir_p(dirname)
+      end
+
+      def rm_file(file, dir = "/")
+        path = path_join(dir, file)
+        File.delete(path) if File.exist?(path)
+      end
+
+      def path_join(*args)
+        path = Pathname.new(args.shift)
+        args.each { |path_seg| path = path.join("./#{path_seg}") }
+        path
+      end
+
+      def file_binary?(file)
+        data = File.read(file)
+        ascii = control = binary = total = 0
+        data[0..512].each_byte do |c|
+          total += 1
+          if c < 32
+            control += 1
+          elsif c >= 32 && c <= 128
+            ascii += 1
+          else
+            binary += 1
+          end
+        end
+        control.to_f / ascii > 0.1 || binary.to_f / ascii > 0.05
+      end
+    end
+  end
+end