leap_cli 1.5.6 → 1.6.2
Sign up to get free protection for your applications and to get access to all the features.
- data/bin/leap +29 -6
- data/lib/leap/platform.rb +36 -1
- data/lib/leap_cli/commands/ca.rb +97 -20
- data/lib/leap_cli/commands/compile.rb +49 -8
- data/lib/leap_cli/commands/db.rb +13 -4
- data/lib/leap_cli/commands/deploy.rb +138 -29
- data/lib/leap_cli/commands/env.rb +76 -0
- data/lib/leap_cli/commands/facts.rb +10 -3
- data/lib/leap_cli/commands/inspect.rb +2 -2
- data/lib/leap_cli/commands/list.rb +10 -10
- data/lib/leap_cli/commands/node.rb +7 -132
- data/lib/leap_cli/commands/node_init.rb +169 -0
- data/lib/leap_cli/commands/pre.rb +4 -27
- data/lib/leap_cli/commands/ssh.rb +152 -0
- data/lib/leap_cli/commands/test.rb +22 -13
- data/lib/leap_cli/commands/user.rb +12 -4
- data/lib/leap_cli/commands/vagrant.rb +4 -4
- data/lib/leap_cli/config/filter.rb +175 -0
- data/lib/leap_cli/config/manager.rb +130 -61
- data/lib/leap_cli/config/node.rb +32 -0
- data/lib/leap_cli/config/object.rb +69 -44
- data/lib/leap_cli/config/object_list.rb +44 -39
- data/lib/leap_cli/config/secrets.rb +24 -12
- data/lib/leap_cli/config/tag.rb +7 -0
- data/lib/{core_ext → leap_cli/core_ext}/boolean.rb +0 -0
- data/lib/{core_ext → leap_cli/core_ext}/hash.rb +0 -0
- data/lib/{core_ext → leap_cli/core_ext}/json.rb +0 -0
- data/lib/{core_ext → leap_cli/core_ext}/nil.rb +0 -0
- data/lib/{core_ext → leap_cli/core_ext}/string.rb +0 -0
- data/lib/leap_cli/core_ext/yaml.rb +29 -0
- data/lib/leap_cli/exceptions.rb +24 -0
- data/lib/leap_cli/leapfile.rb +60 -10
- data/lib/{lib_ext → leap_cli/lib_ext}/capistrano_connections.rb +0 -0
- data/lib/{lib_ext → leap_cli/lib_ext}/gli.rb +0 -0
- data/lib/leap_cli/log.rb +1 -1
- data/lib/leap_cli/logger.rb +18 -1
- data/lib/leap_cli/markdown_document_listener.rb +1 -1
- data/lib/leap_cli/override/json.rb +11 -0
- data/lib/leap_cli/path.rb +20 -6
- data/lib/leap_cli/remote/leap_plugin.rb +2 -2
- data/lib/leap_cli/remote/puppet_plugin.rb +1 -1
- data/lib/leap_cli/remote/rsync_plugin.rb +1 -1
- data/lib/leap_cli/remote/tasks.rb +1 -1
- data/lib/leap_cli/ssh_key.rb +63 -1
- data/lib/leap_cli/util/remote_command.rb +19 -2
- data/lib/leap_cli/util/secret.rb +1 -1
- data/lib/leap_cli/util/x509.rb +3 -2
- data/lib/leap_cli/util.rb +11 -3
- data/lib/leap_cli/version.rb +2 -2
- data/lib/leap_cli.rb +24 -14
- data/vendor/certificate_authority/lib/certificate_authority/certificate.rb +85 -29
- data/vendor/certificate_authority/lib/certificate_authority/distinguished_name.rb +5 -0
- data/vendor/certificate_authority/lib/certificate_authority/extensions.rb +406 -41
- data/vendor/certificate_authority/lib/certificate_authority/key_material.rb +0 -34
- data/vendor/certificate_authority/lib/certificate_authority/serial_number.rb +6 -0
- data/vendor/certificate_authority/lib/certificate_authority/signing_request.rb +36 -1
- metadata +25 -24
- data/lib/leap_cli/commands/shell.rb +0 -89
- data/lib/leap_cli/config/macros.rb +0 -430
- data/lib/leap_cli/constants.rb +0 -7
- data/lib/leap_cli/requirements.rb +0 -19
- data/lib/lib_ext/markdown_document_listener.rb +0 -122
@@ -5,6 +5,29 @@ module CertificateAuthority
|
|
5
5
|
attr_accessor :raw_body
|
6
6
|
attr_accessor :openssl_csr
|
7
7
|
attr_accessor :digest
|
8
|
+
attr_accessor :attributes
|
9
|
+
|
10
|
+
def initialize()
|
11
|
+
@attributes = []
|
12
|
+
end
|
13
|
+
|
14
|
+
# Fake attribute for convenience because adding
|
15
|
+
# alternative names on a CSR is remarkably non-trivial.
|
16
|
+
def subject_alternative_names=(alt_names)
|
17
|
+
raise "alt_names must be an Array" unless alt_names.is_a?(Array)
|
18
|
+
|
19
|
+
factory = OpenSSL::X509::ExtensionFactory.new
|
20
|
+
name_list = alt_names.map{|m| "DNS:#{m}"}.join(",")
|
21
|
+
ext = factory.create_ext("subjectAltName",name_list,false)
|
22
|
+
ext_set = OpenSSL::ASN1::Set([OpenSSL::ASN1::Sequence([ext])])
|
23
|
+
attr = OpenSSL::X509::Attribute.new("extReq", ext_set)
|
24
|
+
@attributes << attr
|
25
|
+
end
|
26
|
+
|
27
|
+
def read_attributes_by_oid(*oids)
|
28
|
+
attributes.detect { |a| oids.include?(a.oid) }
|
29
|
+
end
|
30
|
+
protected :read_attributes_by_oid
|
8
31
|
|
9
32
|
def to_cert
|
10
33
|
cert = Certificate.new
|
@@ -12,6 +35,15 @@ module CertificateAuthority
|
|
12
35
|
cert.distinguished_name = @distinguished_name
|
13
36
|
end
|
14
37
|
cert.key_material = @key_material
|
38
|
+
if attribute = read_attributes_by_oid('extReq', 'msExtReq')
|
39
|
+
set = OpenSSL::ASN1.decode(attribute.value)
|
40
|
+
seq = set.value.first
|
41
|
+
seq.value.collect { |asn1ext| OpenSSL::X509::Extension.new(asn1ext).to_a }.each do |o, v, c|
|
42
|
+
Certificate::EXTENSIONS.each do |klass|
|
43
|
+
cert.extensions[klass::OPENSSL_IDENTIFIER] = klass.parse(v, c) if v && klass::OPENSSL_IDENTIFIER == o
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
15
47
|
cert
|
16
48
|
end
|
17
49
|
|
@@ -24,10 +56,12 @@ module CertificateAuthority
|
|
24
56
|
raise "Invalid DN in request" unless @distinguished_name.valid?
|
25
57
|
raise "CSR must have key material" if @key_material.nil?
|
26
58
|
raise "CSR must include a public key on key material" if @key_material.public_key.nil?
|
59
|
+
raise "Need a private key on key material for CSR generation" if @key_material.private_key.nil?
|
27
60
|
|
28
61
|
opensslcsr = OpenSSL::X509::Request.new
|
29
62
|
opensslcsr.subject = @distinguished_name.to_x509_name
|
30
63
|
opensslcsr.public_key = @key_material.public_key
|
64
|
+
opensslcsr.attributes = @attributes unless @attributes.nil?
|
31
65
|
opensslcsr.sign @key_material.private_key, OpenSSL::Digest::Digest.new(@digest || "SHA512")
|
32
66
|
opensslcsr
|
33
67
|
end
|
@@ -38,6 +72,7 @@ module CertificateAuthority
|
|
38
72
|
csr.distinguished_name = DistinguishedName.from_openssl openssl_csr.subject
|
39
73
|
csr.raw_body = raw_csr
|
40
74
|
csr.openssl_csr = openssl_csr
|
75
|
+
csr.attributes = openssl_csr.attributes
|
41
76
|
key_material = SigningRequestKeyMaterial.new
|
42
77
|
key_material.public_key = openssl_csr.public_key
|
43
78
|
csr.key_material = key_material
|
@@ -53,4 +88,4 @@ module CertificateAuthority
|
|
53
88
|
csr
|
54
89
|
end
|
55
90
|
end
|
56
|
-
end
|
91
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: leap_cli
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.6.2
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2014-
|
12
|
+
date: 2014-12-11 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: minitest
|
@@ -34,7 +34,7 @@ dependencies:
|
|
34
34
|
requirements:
|
35
35
|
- - ~>
|
36
36
|
- !ruby/object:Gem::Version
|
37
|
-
version: 2.
|
37
|
+
version: 2.12.0
|
38
38
|
type: :runtime
|
39
39
|
prerelease: false
|
40
40
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -42,7 +42,7 @@ dependencies:
|
|
42
42
|
requirements:
|
43
43
|
- - ~>
|
44
44
|
- !ruby/object:Gem::Version
|
45
|
-
version: 2.
|
45
|
+
version: 2.12.0
|
46
46
|
- !ruby/object:Gem::Dependency
|
47
47
|
name: command_line_reporter
|
48
48
|
requirement: !ruby/object:Gem::Requirement
|
@@ -108,13 +108,13 @@ dependencies:
|
|
108
108
|
- !ruby/object:Gem::Version
|
109
109
|
version: '0'
|
110
110
|
- !ruby/object:Gem::Dependency
|
111
|
-
name:
|
111
|
+
name: net-ssh
|
112
112
|
requirement: !ruby/object:Gem::Requirement
|
113
113
|
none: false
|
114
114
|
requirements:
|
115
115
|
- - ~>
|
116
116
|
- !ruby/object:Gem::Version
|
117
|
-
version: 2.
|
117
|
+
version: 2.7.0
|
118
118
|
type: :runtime
|
119
119
|
prerelease: false
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -122,23 +122,23 @@ dependencies:
|
|
122
122
|
requirements:
|
123
123
|
- - ~>
|
124
124
|
- !ruby/object:Gem::Version
|
125
|
-
version: 2.
|
125
|
+
version: 2.7.0
|
126
126
|
- !ruby/object:Gem::Dependency
|
127
|
-
name:
|
127
|
+
name: capistrano
|
128
128
|
requirement: !ruby/object:Gem::Requirement
|
129
129
|
none: false
|
130
130
|
requirements:
|
131
|
-
- -
|
131
|
+
- - ~>
|
132
132
|
- !ruby/object:Gem::Version
|
133
|
-
version:
|
133
|
+
version: 2.15.5
|
134
134
|
type: :runtime
|
135
135
|
prerelease: false
|
136
136
|
version_requirements: !ruby/object:Gem::Requirement
|
137
137
|
none: false
|
138
138
|
requirements:
|
139
|
-
- -
|
139
|
+
- - ~>
|
140
140
|
- !ruby/object:Gem::Version
|
141
|
-
version:
|
141
|
+
version: 2.15.5
|
142
142
|
- !ruby/object:Gem::Dependency
|
143
143
|
name: gpgme
|
144
144
|
requirement: !ruby/object:Gem::Requirement
|
@@ -243,17 +243,8 @@ executables:
|
|
243
243
|
extensions: []
|
244
244
|
extra_rdoc_files: []
|
245
245
|
files:
|
246
|
-
- lib/lib_ext/markdown_document_listener.rb
|
247
|
-
- lib/lib_ext/gli.rb
|
248
|
-
- lib/lib_ext/capistrano_connections.rb
|
249
|
-
- lib/core_ext/hash.rb
|
250
|
-
- lib/core_ext/json.rb
|
251
|
-
- lib/core_ext/nil.rb
|
252
|
-
- lib/core_ext/boolean.rb
|
253
|
-
- lib/core_ext/string.rb
|
254
246
|
- lib/leap_cli.rb
|
255
247
|
- lib/leap/platform.rb
|
256
|
-
- lib/leap_cli/constants.rb
|
257
248
|
- lib/leap_cli/markdown_document_listener.rb
|
258
249
|
- lib/leap_cli/ssh_key.rb
|
259
250
|
- lib/leap_cli/commands/facts.rb
|
@@ -262,16 +253,20 @@ files:
|
|
262
253
|
- lib/leap_cli/commands/compile.rb
|
263
254
|
- lib/leap_cli/commands/db.rb
|
264
255
|
- lib/leap_cli/commands/user.rb
|
256
|
+
- lib/leap_cli/commands/ssh.rb
|
265
257
|
- lib/leap_cli/commands/node.rb
|
266
258
|
- lib/leap_cli/commands/clean.rb
|
267
259
|
- lib/leap_cli/commands/test.rb
|
268
260
|
- lib/leap_cli/commands/util.rb
|
261
|
+
- lib/leap_cli/commands/env.rb
|
269
262
|
- lib/leap_cli/commands/list.rb
|
263
|
+
- lib/leap_cli/commands/node_init.rb
|
270
264
|
- lib/leap_cli/commands/new.rb
|
271
265
|
- lib/leap_cli/commands/deploy.rb
|
272
266
|
- lib/leap_cli/commands/inspect.rb
|
273
|
-
- lib/leap_cli/commands/shell.rb
|
274
267
|
- lib/leap_cli/commands/vagrant.rb
|
268
|
+
- lib/leap_cli/lib_ext/gli.rb
|
269
|
+
- lib/leap_cli/lib_ext/capistrano_connections.rb
|
275
270
|
- lib/leap_cli/util/remote_command.rb
|
276
271
|
- lib/leap_cli/util/secret.rb
|
277
272
|
- lib/leap_cli/util/x509.rb
|
@@ -279,7 +274,13 @@ files:
|
|
279
274
|
- lib/leap_cli/remote/rsync_plugin.rb
|
280
275
|
- lib/leap_cli/remote/puppet_plugin.rb
|
281
276
|
- lib/leap_cli/remote/leap_plugin.rb
|
282
|
-
- lib/leap_cli/
|
277
|
+
- lib/leap_cli/core_ext/yaml.rb
|
278
|
+
- lib/leap_cli/core_ext/hash.rb
|
279
|
+
- lib/leap_cli/core_ext/json.rb
|
280
|
+
- lib/leap_cli/core_ext/nil.rb
|
281
|
+
- lib/leap_cli/core_ext/boolean.rb
|
282
|
+
- lib/leap_cli/core_ext/string.rb
|
283
|
+
- lib/leap_cli/override/json.rb
|
283
284
|
- lib/leap_cli/path.rb
|
284
285
|
- lib/leap_cli/leapfile.rb
|
285
286
|
- lib/leap_cli/exceptions.rb
|
@@ -288,11 +289,11 @@ files:
|
|
288
289
|
- lib/leap_cli/config/manager.rb
|
289
290
|
- lib/leap_cli/config/object.rb
|
290
291
|
- lib/leap_cli/config/tag.rb
|
292
|
+
- lib/leap_cli/config/filter.rb
|
291
293
|
- lib/leap_cli/config/object_list.rb
|
292
294
|
- lib/leap_cli/config/provider.rb
|
293
295
|
- lib/leap_cli/config/secrets.rb
|
294
296
|
- lib/leap_cli/config/node.rb
|
295
|
-
- lib/leap_cli/config/macros.rb
|
296
297
|
- lib/leap_cli/logger.rb
|
297
298
|
- lib/leap_cli/load_paths.rb
|
298
299
|
- lib/leap_cli/version.rb
|
@@ -1,89 +0,0 @@
|
|
1
|
-
module LeapCli; module Commands
|
2
|
-
|
3
|
-
desc 'Log in to the specified node with an interactive shell.'
|
4
|
-
arg_name 'NAME' #, :optional => false, :multiple => false
|
5
|
-
command :ssh do |c|
|
6
|
-
c.action do |global_options,options,args|
|
7
|
-
exec_ssh(:ssh, args)
|
8
|
-
end
|
9
|
-
end
|
10
|
-
|
11
|
-
desc 'Log in to the specified node with an interactive shell using mosh (requires node to have mosh.enabled set to true).'
|
12
|
-
arg_name 'NAME'
|
13
|
-
command :mosh do |c|
|
14
|
-
c.action do |global_options,options,args|
|
15
|
-
exec_ssh(:mosh, args)
|
16
|
-
end
|
17
|
-
end
|
18
|
-
|
19
|
-
protected
|
20
|
-
|
21
|
-
#
|
22
|
-
# allow for ssh overrides of all commands that use ssh_connect
|
23
|
-
#
|
24
|
-
def connect_options(options)
|
25
|
-
connect_options = {:ssh_options=>{}}
|
26
|
-
if options[:port]
|
27
|
-
connect_options[:ssh_options][:port] = options[:port]
|
28
|
-
end
|
29
|
-
if options[:ip]
|
30
|
-
connect_options[:ssh_options][:host_name] = options[:ip]
|
31
|
-
end
|
32
|
-
return connect_options
|
33
|
-
end
|
34
|
-
|
35
|
-
def ssh_config_help_message
|
36
|
-
puts ""
|
37
|
-
puts "Are 'too many authentication failures' getting you down?"
|
38
|
-
puts "Then we have the solution for you! Add something like this to your ~/.ssh/config file:"
|
39
|
-
puts " Host *.#{manager.provider.domain}"
|
40
|
-
puts " IdentityFile ~/.ssh/id_rsa"
|
41
|
-
puts " IdentitiesOnly=yes"
|
42
|
-
puts "(replace `id_rsa` with the actual private key filename that you use for this provider)"
|
43
|
-
end
|
44
|
-
|
45
|
-
private
|
46
|
-
|
47
|
-
def exec_ssh(cmd, args)
|
48
|
-
node = get_node_from_args(args, :include_disabled => true)
|
49
|
-
options = [
|
50
|
-
"-o 'HostName=#{node.ip_address}'",
|
51
|
-
# "-o 'HostKeyAlias=#{node.name}'", << oddly incompatible with ports in known_hosts file, so we must not use this or non-standard ports break.
|
52
|
-
"-o 'GlobalKnownHostsFile=#{path(:known_hosts)}'",
|
53
|
-
"-o 'UserKnownHostsFile=/dev/null'"
|
54
|
-
]
|
55
|
-
if node.vagrant?
|
56
|
-
options << "-i #{vagrant_ssh_key_file}" # use the universal vagrant insecure key
|
57
|
-
options << "-o IdentitiesOnly=yes" # force the use of the insecure vagrant key
|
58
|
-
options << "-o 'StrictHostKeyChecking=no'" # blindly accept host key and don't save it (since userknownhostsfile is /dev/null)
|
59
|
-
else
|
60
|
-
options << "-o 'StrictHostKeyChecking=yes'"
|
61
|
-
end
|
62
|
-
username = 'root'
|
63
|
-
if LeapCli.log_level >= 3
|
64
|
-
options << "-vv"
|
65
|
-
elsif LeapCli.log_level >= 2
|
66
|
-
options << "-v"
|
67
|
-
end
|
68
|
-
ssh = "ssh -l #{username} -p #{node.ssh.port} #{options.join(' ')}"
|
69
|
-
if cmd == :ssh
|
70
|
-
command = "#{ssh} #{node.domain.full}"
|
71
|
-
elsif cmd == :mosh
|
72
|
-
command = "MOSH_TITLE_NOPREFIX=1 mosh --ssh \"#{ssh}\" #{node.domain.full}"
|
73
|
-
end
|
74
|
-
log 2, command
|
75
|
-
|
76
|
-
# exec the shell command in a subprocess
|
77
|
-
pid = fork { exec "#{command}" }
|
78
|
-
|
79
|
-
# wait for shell to exit so we can grab the exit status
|
80
|
-
_, status = Process.waitpid2(pid)
|
81
|
-
|
82
|
-
if status.exitstatus == 255
|
83
|
-
ssh_config_help_message
|
84
|
-
elsif status.exitstatus != 0
|
85
|
-
exit_now! status.exitstatus, status.exitstatus
|
86
|
-
end
|
87
|
-
end
|
88
|
-
|
89
|
-
end; end
|