leap_cli 1.2.5

data/lib/leap_cli/commands/user.rb

@@ -0,0 +1,140 @@
+require 'gpgme'
+
+#
+# perhaps we want to verify that the key files are actually the key files we expect.
+# we could use 'file' for this:
+#
+# > file ~/.gnupg/00440025.asc
+# ~/.gnupg/00440025.asc: PGP public key block
+#
+# > file ~/.ssh/id_rsa.pub
+# ~/.ssh/id_rsa.pub: OpenSSH RSA public key
+#
+
+module LeapCli
+  module Commands
+
+    desc 'Adds a new trusted sysadmin by adding public keys to the "users" directory.'
+    arg_name 'USERNAME' #, :optional => false, :multiple => false
+    command :'add-user' do |c|
+
+      c.switch 'self', :desc => 'Add yourself as a trusted sysadin by choosing among the public keys available for the current user.', :negatable => false
+      c.flag 'ssh-pub-key', :desc => 'SSH public key file for this new user'
+      c.flag 'pgp-pub-key', :desc => 'OpenPGP public key file for this new user'
+
+      c.action do |global_options,options,args|
+        username = args.first
+        if !username.any? && !options[:self]
+          help! "Either 'username' or --self is required."
+        end
+
+        ssh_pub_key = nil
+        pgp_pub_key = nil
+
+        if options['ssh-pub-key']
+          ssh_pub_key = read_file!(options['ssh-pub-key'])
+        end
+        if options['pgp-pub-key']
+          pgp_pub_key = read_file!(options['pgp-pub-key'])
+        end
+
+        if options[:self]
+          username ||= `whoami`.strip
+          ssh_pub_key ||= pick_ssh_key.to_s
+          pgp_pub_key ||= pick_pgp_key
+        end
+
+        assert!(ssh_pub_key, 'Sorry, could not find SSH public key.')
+
+        if ssh_pub_key
+          write_file!([:user_ssh, username], ssh_pub_key)
+        end
+        if pgp_pub_key
+          write_file!([:user_pgp, username], pgp_pub_key)
+        end
+
+        update_authorized_keys
+      end
+    end
+
+    #
+    # let the the user choose among the ssh public keys that we encounter, or just pick the key if there is only one.
+    #
+    def pick_ssh_key
+      ssh_keys = []
+      Dir.glob("#{ENV['HOME']}/.ssh/*.pub").each do |keyfile|
+        ssh_keys << SshKey.load(keyfile)
+      end
+
+      if `which ssh-add`.strip.any?
+        `ssh-add -L 2> /dev/null`.split("\n").compact.each do |line|
+          key = SshKey.load(line)
+          key.comment = 'ssh-agent'
+          ssh_keys << key unless ssh_keys.include?(key)
+        end
+      end
+      ssh_keys.compact!
+
+      assert! ssh_keys.any?, 'Sorry, could not find any SSH public key for you. Have you run ssh-keygen?'
+
+      if ssh_keys.length > 1
+        key_index = numbered_choice_menu('Choose your SSH public key', ssh_keys.collect(&:summary)) do |line, i|
+          say("#{i+1}. #{line}")
+        end
+      else
+        key_index = 0
+      end
+
+      return ssh_keys[key_index]
+    end
+
+    #
+    # let the the user choose among the gpg public keys that we encounter, or just pick the key if there is only one.
+    #
+    def pick_pgp_key
+      secret_keys = GPGME::Key.find(:secret)
+      if secret_keys.empty?
+        log "Skipping OpenPGP setup because I could not find any OpenPGP keys for you"
+        return nil
+      end
+
+      assert_bin! 'gpg'
+
+      if secret_keys.length > 1
+        key_index = numbered_choice_menu('Choose your OpenPGP public key', secret_keys) do |key, i|
+          key_info = key.to_s.split("\n")[0..1].map{|line| line.sub(/^\s*(sec|uid)\s*/,'')}.join(' -- ')
+          say("#{i+1}. #{key_info}")
+        end
+      else
+        key_index = 0
+      end
+
+      key_id = secret_keys[key_index].sha
+
+      # can't use this, it includes signatures:
+      #puts GPGME::Key.export(key_id, :armor => true, :export_options => :export_minimal)
+
+      # export with signatures removed:
+      return `gpg --armor --export-options export-minimal --export #{key_id}`.strip
+    end
+
+    def update_authorized_keys
+      buffer = StringIO.new
+      keys = Dir.glob(path([:user_ssh, '*']))
+      if keys.empty?
+        bail! "You must have at least one public SSH user key configured in order to proceed. See `leap help add-user`."
+      end
+      keys.sort.each do |keyfile|
+        ssh_type, ssh_key = File.read(keyfile).strip.split(" ")
+        buffer << ssh_type
+        buffer << " "
+        buffer << ssh_key
+        buffer << " "
+        buffer << Path.relative_path(keyfile)
+        buffer << "\n"
+      end
+      write_file!(:authorized_keys, buffer.string)
+    end
+
+  end
+end

data/lib/leap_cli/commands/util.rb

@@ -0,0 +1,50 @@
+module LeapCli; module Commands
+
+  extend self
+  extend LeapCli::Util
+  extend LeapCli::Util::RemoteCommand
+
+  def path(name)
+    Path.named_path(name)
+  end
+
+  #
+  # keeps prompting the user for a numbered choice, until they pick a good one or bail out.
+  #
+  # block is yielded and is responsible for rendering the choices.
+  #
+  def numbered_choice_menu(msg, items, &block)
+    while true
+      say("\n" + msg + ':')
+      items.each_with_index &block
+      say("q. quit")
+      index = ask("number 1-#{items.length}> ")
+      if index.empty?
+        next
+      elsif index =~ /q/
+        bail!
+      else
+        i = index.to_i - 1
+        if i < 0 || i >= items.length
+          bail!
+        else
+          return i
+        end
+      end
+    end
+  end
+
+
+  def parse_node_list(nodes)
+    if nodes.is_a? Config::Object
+      Config::ObjectList.new(nodes)
+    elsif nodes.is_a? Config::ObjectList
+      nodes
+    elsif nodes.is_a? String
+      manager.filter!(nodes)
+    else
+      bail! "argument error"
+    end
+  end
+
+end; end

data/lib/leap_cli/commands/vagrant.rb

@@ -0,0 +1,201 @@
+require 'ipaddr'
+require 'fileutils'
+
+module LeapCli; module Commands
+
+  desc "Manage local virtual machines."
+  long_desc "This command provides a convient way to manage Vagrant-based virtual machines. If FILTER argument is missing, the command runs on all local virtual machines. The Vagrantfile is automatically generated in 'test/Vagrantfile'. If you want to run vagrant commands manually, cd to 'test'."
+  command :local do |local|
+    local.desc 'Starts up the virtual machine(s)'
+    local.arg_name 'FILTER', :optional => true #, :multiple => false
+    local.command :start do |start|
+      start.action do |global_options,options,args|
+        vagrant_command(["up", "sandbox on"], args)
+      end
+    end
+
+    local.desc 'Shuts down the virtual machine(s)'
+    local.arg_name 'FILTER', :optional => true #, :multiple => false
+    local.command :stop do |stop|
+      stop.action do |global_options,options,args|
+        if global_options[:yes]
+          vagrant_command("halt --force", args)
+        else
+          vagrant_command("halt", args)
+        end
+      end
+    end
+
+    local.desc 'Destroys the virtual machine(s), reclaiming the disk space'
+    local.arg_name 'FILTER', :optional => true #, :multiple => false
+    local.command :destroy do |destroy|
+      destroy.action do |global_options,options,args|
+        if global_options[:yes]
+          vagrant_command("destroy --force", args)
+        else
+          vagrant_command("destroy", args)
+        end
+      end
+    end
+
+    local.desc 'Print the status of local virtual machine(s)'
+    local.arg_name 'FILTER', :optional => true #, :multiple => false
+    local.command :status do |status|
+      status.action do |global_options,options,args|
+        vagrant_command("status", args)
+      end
+    end
+
+    local.desc 'Saves the current state of the virtual machine as a new snapshot'
+    local.arg_name 'FILTER', :optional => true #, :multiple => false
+    local.command :save do |status|
+      status.action do |global_options,options,args|
+        vagrant_command("sandbox commit", args)
+      end
+    end
+
+    local.desc 'Resets virtual machine(s) to the last saved snapshot'
+    local.arg_name 'FILTER', :optional => true #, :multiple => false
+    local.command :reset do |reset|
+      reset.action do |global_options,options,args|
+        vagrant_command("sandbox rollback", args)
+      end
+    end
+  end
+
+  public
+
+  #
+  # returns the path to a vagrant ssh key file.
+  #
+  # if the vagrant.key file is owned by root or ourselves, then
+  # we need to make sure that it owned by us and not world readable.
+  #
+  def vagrant_ssh_key_file
+    file_path = File.expand_path('../../../vendor/vagrant_ssh_keys/vagrant.key', File.dirname(__FILE__))
+    Util.assert_files_exist! file_path
+    uid = File.new(file_path).stat.uid
+    if uid == 0 || uid == Process.euid
+      FileUtils.install file_path, '/tmp/vagrant.key', :mode => 0600
+      file_path = '/tmp/vagrant.key'
+    end
+    return file_path
+  end
+
+  protected
+
+  def vagrant_command(cmds, args)
+    vagrant_setup
+    cmds = cmds.to_a
+    if args.empty?
+      nodes = [""]
+    else
+      nodes = manager.filter(args)[:environment => "local"].field(:name)
+    end
+    if nodes.any?
+      vagrant_dir = File.dirname(Path.named_path(:vagrantfile))
+      exec = ["cd #{vagrant_dir}"]
+      cmds.each do |cmd|
+        nodes.each do |node|
+          exec << "vagrant #{cmd} #{node}"
+        end
+      end
+      execute exec.join('; ')
+    else
+      bail! "No nodes found. This command only works on nodes with ip_address in the network #{LeapCli.leapfile.vagrant_network}"
+    end
+  end
+
+  private
+
+  def vagrant_setup
+    assert_bin! 'vagrant', 'Vagrant is required for running local virtual machines. Run "sudo apt-get install vagrant".'
+
+    version = vagrant_version
+    case version
+      when 0..1
+        gem_path = assert_run!('vagrant gem which sahara')
+        if gem_path.nil? || gem_path.empty? || gem_path =~ /^ERROR/
+          log :installing, "vagrant plugin 'sahara'"
+          assert_run! 'vagrant gem install sahara -v 0.0.13'
+          # (sahara versions above 0.0.13 require vagrant > 1.0)
+        end
+      when 2
+        unless assert_run!('vagrant plugin list | grep sahara | cat').chars.any?
+          log :installing, "vagrant plugin 'sahara'"
+          assert_run! 'vagrant plugin install sahara'
+        end
+    end
+    create_vagrant_file
+  end
+
+  def vagrant_version
+    minor_version = `vagrant --version | rev | cut -d'.' -f 2`.to_i
+    version = case minor_version
+      when 1..9 then 2
+      when 0    then 1
+      else 0
+    end
+    return version
+  end
+
+  def execute(cmd)
+    log 2, :run, cmd
+    exec cmd
+  end
+
+  def create_vagrant_file
+    lines = []
+    netmask = IPAddr.new('255.255.255.255').mask(LeapCli.leapfile.vagrant_network.split('/').last).to_s
+
+    version = vagrant_version
+    case version
+      when 0..1
+        lines << %[Vagrant::Config.run do |config|]
+        manager.each_node do |node|
+          if node.vagrant?
+            lines << %[  config.vm.define :#{node.name} do |config|]
+            lines << %[    config.vm.box = "leap-wheezy"]
+            lines << %[    config.vm.box_url = "http://download.leap.se/leap-debian.box"]
+            lines << %[    config.vm.network :hostonly, "#{node.ip_address}", :netmask => "#{netmask}"]
+            lines << %[    config.vm.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]]
+            lines << %[    config.vm.customize ["modifyvm", :id, "--name", "#{node.name}"]]
+            lines << %[    #{leapfile.custom_vagrant_vm_line}] if leapfile.custom_vagrant_vm_line
+            lines << %[  end]
+          end
+        end
+      when 2
+        lines << %[Vagrant.configure("2") do |config|]
+        manager.each_node do |node|
+          if node.vagrant?
+            lines << %[  config.vm.define :#{node.name} do |config|]
+            lines << %[    config.vm.box = "leap-wheezy"]
+            lines << %[    config.vm.box_url = "http://download.leap.se/leap-debian.box"]
+            lines << %[    config.vm.network :private_network, ip: "#{node.ip_address}"]
+            lines << %[    config.vm.provider "virtualbox" do |v|]
+            lines << %[      v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]]
+            lines << %[      v.name = "#{node.name}"]
+            lines << %[    end]
+            lines << %[    #{leapfile.custom_vagrant_vm_line}] if leapfile.custom_vagrant_vm_line
+            lines << %[  end]
+          end
+        end
+    end
+
+    lines << %[end]
+    lines << ""
+    write_file! :vagrantfile, lines.join("\n")
+  end
+
+  def pick_next_vagrant_ip_address
+    taken_ips = manager.nodes[:environment => "local"].field(:ip_address)
+    if taken_ips.any?
+      highest_ip = taken_ips.map{|ip| IPAddr.new(ip)}.max
+      new_ip = highest_ip.succ
+    else
+      new_ip = IPAddr.new(LeapCli.leapfile.vagrant_network).succ.succ
+    end
+    return new_ip.to_s
+  end
+
+end; end