ksconnect 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: e7d84e395ec798ed06bbd384d903b8d792e40be4
+  data.tar.gz: 33129b381efe034aabbd70828f4327c7d81cd4ee
+SHA512:
+  metadata.gz: 035bfbbf2af3736d47754bbc370cb7ab2dbac83110c435b39909cdb81b37022b9d824b61f6623d3c028e5a94eccb9188381353e2af4c09222bf6d4d06c72f989
+  data.tar.gz: 669b9a916103bb0e6a2ee8e8756a8cb860c8acedfa733b3cf15a459592a8ab86a70ae7433ee2323e0e1b9f9fa044bcca0b474199fd82d014f7e2df77e05d55b8

data/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Kloudsec
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,70 @@
+# KSConnect
+
+KSConnect provides a Ruby connection interface for Kloudsec plugins by exposing a simple to use
+API for managing and synchronizing plugin data.
+
+# Usage
+
+Initialize the api:
+
+`api = KSConnect.new(:ssl).api`
+
+Use it:
+
+`api.domains['domain-1.com'].data['some_flag'] = true`
+
+## Options
+
+Initialize with additional (untested) helpers:
+
+```
+api = KSConnect.new(:ssl, use_helpers: true).api
+api.ip_address_for('example.com') => # 127.0.0.1
+```
+
+## Getting the full domain list
+
+All domain objects:
+
+`api.all_domains # => { 'domain-1.com' => <Domain>, ... }`
+
+Domain names only:
+
+`api.all_domains.keys # => ['domain-1.com',..]`
+
+## Getting data
+
+`api.domains['domain-1.com'].data['key'] # => 'value'`
+
+`api.domains['domain-1.com'].data.getall # => { 'key' => 'value', ... }`
+
+## Setting data
+
+`api.domains['domain-1.com'].data['key'] = new_value`
+
+`api.domains['domain-1.com'].data.setall = { 'key': new_value, ... }`
+
+## Event callbacks
+
+Available callbacks for `<plugin>:push`:
+
+- When plugin is enabled: `on_initialize`
+- When plugin's IP is updated: `on_update`
+- When plugin is removed: `on_teardown` 
+- Any other incoming message: `on_push`
+
+```
+api = KSConnect.new(:ssl).api
+api.configure do |config|
+    config.on_initialize = lambda { |msg| do_some_initialization(msg) }
+end
+```
+
+NOTE: there is no need to re-message proxy / core plugins to re-read configuration. This is done automatically.
+
+## Channels
+
+Safely acquire a redis channel in a separate thread by doing:
+
+`new_channel = KSConnect.channel('channel_name') { |msg| puts msg }`
+

data/lib/ksconnect.rb

@@ -0,0 +1,40 @@
+require 'logs'
+
+class KSConnect
+  include Logs
+  attr_reader :api
+  attr_reader :plugin
+
+  def initialize(*args)
+    plugins = args
+
+    additional_options = args.last.is_a?(Hash) ? args.last : nil
+    if additional_options
+      plugins.pop
+    else
+      additional_options = {}
+    end
+
+    @api = KSConnect::API.new(enabled_plugins: plugins, use_helpers: additional_options[:use_helpers])
+  end
+
+  def self.channel(name)
+    Thread.start do
+      begin
+        Redis.new.subscribe(name) do |on|
+          logger.info "Subscribing to redis channel: #{name}"
+          on.message do |channel, message|
+            yield message
+          end
+          $stdout.flush
+        end
+      rescue Exception => error
+        logger.error "#{error} on redis channel #{name}, restarting in 0.5s"
+        logger.error error.backtrace
+        $stdout.flush
+        sleep 0.5
+        retry
+      end
+    end
+  end
+end

data/lib/ksconnect/api.rb

@@ -0,0 +1,25 @@
+class KSConnect
+  class API
+    attr_reader :plugins
+    attr_reader :plugin # the current / default plugin
+
+    def initialize(opts)
+      enabled_plugins = *opts[:enabled_plugins] || []
+      plugins = enabled_plugins.unshift(:core).uniq # always load core first
+      @plugins = plugins.reduce({}) { |hash, plugin_name| hash.tap { |h| h[plugin_name] = KSConnect::API::Plugin.new(plugin_name.to_s) } }
+      @plugin = @plugins[*opts[:enabled_plugins].first || :core]
+
+      if opts[:use_helpers]
+        extend KSConnect::Helpers
+      end
+    end
+
+    def domains
+      @plugin.domains
+    end
+
+    def all_domains
+      @plugins[:core].domains
+    end
+  end
+end

data/lib/ksconnect/api/plugin.rb

@@ -0,0 +1,102 @@
+require 'redis'
+require 'json'
+
+class KSConnect
+  class API
+    class Plugin
+      attr_accessor :domains
+      attr_reader :name
+      attr_writer :config
+
+      def initialize(name)
+        @name = name
+        @domains = {}
+
+        load_domains
+        subscribe_to_events
+      end
+
+      def config
+        @config ||= Config.new
+      end
+
+      def configure
+        yield(config)
+      end
+
+      # This method loads the domain list from Redis, adding or removing domains as appropriate.
+      # Note that it does not update the ip address of existing domains.
+      def load_domains
+        # load domain list
+        domain_to_ip = redis.hgetall(domains_key)
+
+        # add new domains
+        new_domains = domain_to_ip.keys - @domains.values.map(&:name)
+        new_domains.each { |domain_name| @domains[domain_name] = Domain.new(domain_name, domain_to_ip[domain_name], @name) }
+
+        # remove old domains
+        @domains.select! { |k, _| domain_to_ip.keys.include?(k) }
+      end
+
+      def subscribe_to_events
+        KSConnect.channel("#{name}:push") do |message|
+          begin
+            msg = JSON.parse(message)
+          rescue Exception => e
+            puts "Error parsing message as JSON: #{msg}"
+            next
+          end
+
+          if %w(initialize update teardown).include? msg['request_type']
+            perform_request(msg)
+          else
+            config.on_push.call(message)
+          end
+        end
+      end
+
+      def perform_request(request)
+        request.stringify_keys!
+
+        domain_name = request['domain_name']
+        puts "Invalid push request with no domain: #{request}" and return unless domain_name
+
+        request_type = request['request_type']
+        case request_type
+          when 'initialize'
+            @domains[domain_name] = Domain.new(domain_name, get_ip_for(domain_name), @name)
+            config.on_initialize.call(request)
+          when 'update'
+            @domains[domain_name].ip_address = get_ip_for(domain_name)
+            config.on_update.call(request)
+          when 'teardown'
+            @domains.delete(domain_name)
+            config.on_teardown.call(request)
+          else
+            raise "Invalid request type"
+        end
+
+        redis.publish("core:push", { domain_name: domain_name, plugin_name: @name, request_type: request_type }.to_json) unless plugin_is_core?
+      end
+
+      def domains_key
+        @domain_list_uuid ||= redis.hget("#{@name}:data", "domain_names")
+        "kloudsec_data:#{@domain_list_uuid}"
+      end
+
+      private
+
+      def plugin_is_core?
+        @name == 'core'
+      end
+
+      def get_ip_for(domain_name)
+        redis.hget(domains_key, domain_name)
+      end
+
+      def redis
+        Redis.current
+      end
+    end
+  end
+end

data/lib/ksconnect/api/plugin/config.rb

@@ -0,0 +1,13 @@
+class KSConnect
+  class API
+    class Plugin
+      class Config
+        attr_accessor :on_initialize, :on_update, :on_teardown, :on_push
+
+        def initialize
+          @on_initialize = @on_update = @on_teardown = @on_push = lambda { |msg| "No callback set for msg: #{msg}" }
+        end
+      end
+    end
+  end
+end

data/lib/ksconnect/api/plugin/data.rb

@@ -0,0 +1,87 @@
+require 'redis'
+require 'active_support/hash_with_indifferent_access'
+
+class KSConnect
+  class API
+    class Plugin
+      class Data
+        attr_reader :type
+
+        def initialize(plugin_name, domain_name, type = :data, use_cache = true)
+          @plugin_name = plugin_name
+          @domain_name = domain_name
+          @type = type
+          @use_cache = use_cache
+
+          @data = ActiveSupport::HashWithIndifferentAccess.new if @use_cache
+          @data_uuid = nil
+        end
+
+        def []=(field, value)
+          @data[field] = value if @use_cache
+          redis.hset(key, field, value)
+          redis.publish("core:push", { plugin_name: @plugin_name, domain_name: @domain_name, request_type: 'update' })
+        end
+
+        def setall(hash)
+          @data = @data.merge(hash) if @use_cache
+          redis.mapped_hmset(key, hash)
+          redis.publish("core:push", { plugin_name: @plugin_name, domain_name: @domain_name, request_type: 'update' })
+        end
+
+        def [](field)
+          if @use_cache
+            @data ||= redis.hgetall(key)
+            @data[field]
+          else
+            redis.hget(key, field)
+          end
+        end
+
+        def getall
+          if @use_cache
+            @data ||= redis.hgetall(key)
+          else
+            redis.hgetall(key)
+          end
+        end
+
+        def reload
+          @data = redis.hgetall(key) if @use_cache
+        end
+
+        def delete(field)
+          @data.delete(field) if @use_cache
+          redis.hdel(key, field)
+        end
+
+        def key
+          set_data_uuid unless @data_uuid
+          "kloudsec_data:#{@data_uuid}"
+        end
+
+        private
+
+        def set_data_uuid
+          begin
+            tries ||= 3
+            id = redis.hget("#{@plugin_name}:#{@type}", @domain_name)
+            if id
+              @data_uuid = id
+            else
+              @data_uuid = SecureRandom.uuid
+              raise "Race on setting data key failed." unless redis.hsetnx("#{@plugin_name}:#{@type}", @domain_name, @data_uuid)
+            end
+          rescue Exception => e
+            puts e.message
+            retry unless (tries -= 1).zero?
+          end
+        end
+
+        def redis
+          Redis.current
+        end
+      end
+    end
+  end
+end

data/lib/ksconnect/api/plugin/domain.rb

@@ -0,0 +1,41 @@
+require 'redis'
+
+class KSConnect
+  class API
+    class Plugin
+      class Domain
+        attr_accessor :ip_address
+        attr_reader :data
+        attr_reader :private_data
+        attr_reader :name
+        attr_reader :plugin_name
+
+        def initialize(name, ip_address, plugin_name)
+          @name = name
+          @ip_address = ip_address
+          @plugin_name = plugin_name
+          @data = Data.new(plugin_name, name, :data)
+          @private_data = Data.new(plugin_name, name, :private_data)
+        end
+
+        def notify(data)
+          redis.lpush("kloudsec_notifications", data.merge({ domain_name: @name, plugin_name: @plugin_name }))
+        end
+
+        def add_issue(issue_type, data)
+          redis.lpush("kloudsec_issues", data.merge({ domain_name: @name, plugin_name: @plugin_name, issue_type: issue_type, request_type: 'add' }))
+        end
+
+        def clear_issue(issue_type)
+          redis.lpush("kloudsec_issues", { domain_name: @name, plugin_name: @plugin_name, issue_type: issue_type, request_type: 'remove' })
+        end
+
+        private
+
+        def redis
+          Redis.current
+        end
+      end
+    end
+  end
+end

data/lib/ksconnect/helpers.rb

@@ -0,0 +1,63 @@
+class KSConnect
+  module Helpers
+    def ip_address_for(domain)
+      if all_domains[domain].present?
+        all_domains[domain].ip_address
+      else
+        "kloudsec.com" # go to something safe if ip is invalid
+      end
+    end
+
+    def https_enabled?(domain)
+      k, c = ssl_key_and_cert_for(domain)
+      k && c
+    end
+
+    def https_redirect_enabled?(domain)
+      https_enabled?(domain) && plugins[:ssl].domains[domain].data['redirect'] == "true"
+    end
+
+    def https_rewriting_enabled?(domain)
+      https_enabled?(domain) && plugins[:ssl].domains[domain].data['rewriteHTTPS'] == "true"
+    end
+
+    def waf_enabled?(domain)
+      plugins[:web_shield].domains.include?(domain)
+    end
+
+    def waf_learning?(domain)
+      waf_enabled?(domain) && plugins[:web_shield].domains[domain].data['learning']
+    end
+
+    def pagespeed_enabled?(domain)
+      plugins[:mod_cache].domains.include?(domain)
+    end
+
+    def pending_autossl?(domain)
+      p, k = autossl_verification_path_and_key_for(domain)
+      plugins[:autossl].domains.include?(domain) && p && k
+    end
+
+    def autossl_verification_path_and_key_for(domain)
+      d = plugins[:autossl].domains[domain].private_data
+      if d
+        return d['verify_endpoint'], d['verify_content']
+      else
+        return nil, nil
+      end
+    end
+
+    def ssl_key_and_cert_for(domain)
+      ssl = plugins[:ssl].domains[domain].private_data
+      autossl = plugins[:autossl].domains[domain].private_data
+
+      if ssl && ssl['key'] && ssl['cert']
+        return ssl['key'], ssl['cert']
+      elsif autossl && autossl['key'] && autossl['cert']
+        return autossl['key'], autossl['cert']
+      else
+        return nil, nil
+      end
+    end
+  end
+end

data/lib/logs.rb

@@ -0,0 +1,25 @@
+require 'logger'
+require 'active_support/inflector'
+
+module Logs
+  def self.included base
+    base.send :include, InstanceMethods
+    base.extend ClassMethods
+  end
+
+  module InstanceMethods
+    def logger
+      self.class.logger
+    end
+  end
+
+  module ClassMethods
+    def logger
+      return @_logger if @_logger
+
+      @_logger = Logger.new(STDOUT)
+      @_logger.level = "Logger::#{ENV['LOG_LEVEL'] || INFO}".constantize
+      @_logger
+    end
+  end
+end

metadata

@@ -0,0 +1,56 @@
+--- !ruby/object:Gem::Specification
+name: ksconnect
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Ivan Poon
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-01-28 00:00:00.000000000 Z
+dependencies: []
+description: |-
+  KSConnect provides a connection interface for Kloudsec plugins by exposing a simple to use
+  API for managing and synchronizing plugin data.
+email: ivan@kloudsec.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- lib/ksconnect.rb
+- lib/ksconnect/api.rb
+- lib/ksconnect/api/plugin.rb
+- lib/ksconnect/api/plugin/config.rb
+- lib/ksconnect/api/plugin/data.rb
+- lib/ksconnect/api/plugin/domain.rb
+- lib/ksconnect/helpers.rb
+- lib/logs.rb
+homepage: https://kloudsec.com
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.8
+signing_key: 
+specification_version: 4
+summary: Connection API for Kloudsec
+test_files: []
+has_rdoc: