leap_cli 1.5.6 → 1.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (62) hide show
  1. data/bin/leap +29 -6
  2. data/lib/leap/platform.rb +36 -1
  3. data/lib/leap_cli/commands/ca.rb +97 -20
  4. data/lib/leap_cli/commands/compile.rb +49 -8
  5. data/lib/leap_cli/commands/db.rb +13 -4
  6. data/lib/leap_cli/commands/deploy.rb +138 -29
  7. data/lib/leap_cli/commands/env.rb +76 -0
  8. data/lib/leap_cli/commands/facts.rb +10 -3
  9. data/lib/leap_cli/commands/inspect.rb +2 -2
  10. data/lib/leap_cli/commands/list.rb +10 -10
  11. data/lib/leap_cli/commands/node.rb +7 -132
  12. data/lib/leap_cli/commands/node_init.rb +169 -0
  13. data/lib/leap_cli/commands/pre.rb +4 -27
  14. data/lib/leap_cli/commands/ssh.rb +152 -0
  15. data/lib/leap_cli/commands/test.rb +22 -13
  16. data/lib/leap_cli/commands/user.rb +12 -4
  17. data/lib/leap_cli/commands/vagrant.rb +4 -4
  18. data/lib/leap_cli/config/filter.rb +175 -0
  19. data/lib/leap_cli/config/manager.rb +130 -61
  20. data/lib/leap_cli/config/node.rb +32 -0
  21. data/lib/leap_cli/config/object.rb +69 -44
  22. data/lib/leap_cli/config/object_list.rb +44 -39
  23. data/lib/leap_cli/config/secrets.rb +24 -12
  24. data/lib/leap_cli/config/tag.rb +7 -0
  25. data/lib/{core_ext → leap_cli/core_ext}/boolean.rb +0 -0
  26. data/lib/{core_ext → leap_cli/core_ext}/hash.rb +0 -0
  27. data/lib/{core_ext → leap_cli/core_ext}/json.rb +0 -0
  28. data/lib/{core_ext → leap_cli/core_ext}/nil.rb +0 -0
  29. data/lib/{core_ext → leap_cli/core_ext}/string.rb +0 -0
  30. data/lib/leap_cli/core_ext/yaml.rb +29 -0
  31. data/lib/leap_cli/exceptions.rb +24 -0
  32. data/lib/leap_cli/leapfile.rb +60 -10
  33. data/lib/{lib_ext → leap_cli/lib_ext}/capistrano_connections.rb +0 -0
  34. data/lib/{lib_ext → leap_cli/lib_ext}/gli.rb +0 -0
  35. data/lib/leap_cli/log.rb +1 -1
  36. data/lib/leap_cli/logger.rb +18 -1
  37. data/lib/leap_cli/markdown_document_listener.rb +1 -1
  38. data/lib/leap_cli/override/json.rb +11 -0
  39. data/lib/leap_cli/path.rb +20 -6
  40. data/lib/leap_cli/remote/leap_plugin.rb +2 -2
  41. data/lib/leap_cli/remote/puppet_plugin.rb +1 -1
  42. data/lib/leap_cli/remote/rsync_plugin.rb +1 -1
  43. data/lib/leap_cli/remote/tasks.rb +1 -1
  44. data/lib/leap_cli/ssh_key.rb +63 -1
  45. data/lib/leap_cli/util/remote_command.rb +19 -2
  46. data/lib/leap_cli/util/secret.rb +1 -1
  47. data/lib/leap_cli/util/x509.rb +3 -2
  48. data/lib/leap_cli/util.rb +11 -3
  49. data/lib/leap_cli/version.rb +2 -2
  50. data/lib/leap_cli.rb +24 -14
  51. data/vendor/certificate_authority/lib/certificate_authority/certificate.rb +85 -29
  52. data/vendor/certificate_authority/lib/certificate_authority/distinguished_name.rb +5 -0
  53. data/vendor/certificate_authority/lib/certificate_authority/extensions.rb +406 -41
  54. data/vendor/certificate_authority/lib/certificate_authority/key_material.rb +0 -34
  55. data/vendor/certificate_authority/lib/certificate_authority/serial_number.rb +6 -0
  56. data/vendor/certificate_authority/lib/certificate_authority/signing_request.rb +36 -1
  57. metadata +25 -24
  58. data/lib/leap_cli/commands/shell.rb +0 -89
  59. data/lib/leap_cli/config/macros.rb +0 -430
  60. data/lib/leap_cli/constants.rb +0 -7
  61. data/lib/leap_cli/requirements.rb +0 -19
  62. data/lib/lib_ext/markdown_document_listener.rb +0 -122
@@ -5,6 +5,29 @@ module CertificateAuthority
5
5
  attr_accessor :raw_body
6
6
  attr_accessor :openssl_csr
7
7
  attr_accessor :digest
8
+ attr_accessor :attributes
9
+
10
+ def initialize()
11
+ @attributes = []
12
+ end
13
+
14
+ # Fake attribute for convenience because adding
15
+ # alternative names on a CSR is remarkably non-trivial.
16
+ def subject_alternative_names=(alt_names)
17
+ raise "alt_names must be an Array" unless alt_names.is_a?(Array)
18
+
19
+ factory = OpenSSL::X509::ExtensionFactory.new
20
+ name_list = alt_names.map{|m| "DNS:#{m}"}.join(",")
21
+ ext = factory.create_ext("subjectAltName",name_list,false)
22
+ ext_set = OpenSSL::ASN1::Set([OpenSSL::ASN1::Sequence([ext])])
23
+ attr = OpenSSL::X509::Attribute.new("extReq", ext_set)
24
+ @attributes << attr
25
+ end
26
+
27
+ def read_attributes_by_oid(*oids)
28
+ attributes.detect { |a| oids.include?(a.oid) }
29
+ end
30
+ protected :read_attributes_by_oid
8
31
 
9
32
  def to_cert
10
33
  cert = Certificate.new
@@ -12,6 +35,15 @@ module CertificateAuthority
12
35
  cert.distinguished_name = @distinguished_name
13
36
  end
14
37
  cert.key_material = @key_material
38
+ if attribute = read_attributes_by_oid('extReq', 'msExtReq')
39
+ set = OpenSSL::ASN1.decode(attribute.value)
40
+ seq = set.value.first
41
+ seq.value.collect { |asn1ext| OpenSSL::X509::Extension.new(asn1ext).to_a }.each do |o, v, c|
42
+ Certificate::EXTENSIONS.each do |klass|
43
+ cert.extensions[klass::OPENSSL_IDENTIFIER] = klass.parse(v, c) if v && klass::OPENSSL_IDENTIFIER == o
44
+ end
45
+ end
46
+ end
15
47
  cert
16
48
  end
17
49
 
@@ -24,10 +56,12 @@ module CertificateAuthority
24
56
  raise "Invalid DN in request" unless @distinguished_name.valid?
25
57
  raise "CSR must have key material" if @key_material.nil?
26
58
  raise "CSR must include a public key on key material" if @key_material.public_key.nil?
59
+ raise "Need a private key on key material for CSR generation" if @key_material.private_key.nil?
27
60
 
28
61
  opensslcsr = OpenSSL::X509::Request.new
29
62
  opensslcsr.subject = @distinguished_name.to_x509_name
30
63
  opensslcsr.public_key = @key_material.public_key
64
+ opensslcsr.attributes = @attributes unless @attributes.nil?
31
65
  opensslcsr.sign @key_material.private_key, OpenSSL::Digest::Digest.new(@digest || "SHA512")
32
66
  opensslcsr
33
67
  end
@@ -38,6 +72,7 @@ module CertificateAuthority
38
72
  csr.distinguished_name = DistinguishedName.from_openssl openssl_csr.subject
39
73
  csr.raw_body = raw_csr
40
74
  csr.openssl_csr = openssl_csr
75
+ csr.attributes = openssl_csr.attributes
41
76
  key_material = SigningRequestKeyMaterial.new
42
77
  key_material.public_key = openssl_csr.public_key
43
78
  csr.key_material = key_material
@@ -53,4 +88,4 @@ module CertificateAuthority
53
88
  csr
54
89
  end
55
90
  end
56
- end
91
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: leap_cli
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.6
4
+ version: 1.6.2
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2014-06-04 00:00:00.000000000 Z
12
+ date: 2014-12-11 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: minitest
@@ -34,7 +34,7 @@ dependencies:
34
34
  requirements:
35
35
  - - ~>
36
36
  - !ruby/object:Gem::Version
37
- version: 2.5.0
37
+ version: 2.12.0
38
38
  type: :runtime
39
39
  prerelease: false
40
40
  version_requirements: !ruby/object:Gem::Requirement
@@ -42,7 +42,7 @@ dependencies:
42
42
  requirements:
43
43
  - - ~>
44
44
  - !ruby/object:Gem::Version
45
- version: 2.5.0
45
+ version: 2.12.0
46
46
  - !ruby/object:Gem::Dependency
47
47
  name: command_line_reporter
48
48
  requirement: !ruby/object:Gem::Requirement
@@ -108,13 +108,13 @@ dependencies:
108
108
  - !ruby/object:Gem::Version
109
109
  version: '0'
110
110
  - !ruby/object:Gem::Dependency
111
- name: capistrano
111
+ name: net-ssh
112
112
  requirement: !ruby/object:Gem::Requirement
113
113
  none: false
114
114
  requirements:
115
115
  - - ~>
116
116
  - !ruby/object:Gem::Version
117
- version: 2.15.5
117
+ version: 2.7.0
118
118
  type: :runtime
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
@@ -122,23 +122,23 @@ dependencies:
122
122
  requirements:
123
123
  - - ~>
124
124
  - !ruby/object:Gem::Version
125
- version: 2.15.5
125
+ version: 2.7.0
126
126
  - !ruby/object:Gem::Dependency
127
- name: net-ssh
127
+ name: capistrano
128
128
  requirement: !ruby/object:Gem::Requirement
129
129
  none: false
130
130
  requirements:
131
- - - ! '>='
131
+ - - ~>
132
132
  - !ruby/object:Gem::Version
133
- version: '0'
133
+ version: 2.15.5
134
134
  type: :runtime
135
135
  prerelease: false
136
136
  version_requirements: !ruby/object:Gem::Requirement
137
137
  none: false
138
138
  requirements:
139
- - - ! '>='
139
+ - - ~>
140
140
  - !ruby/object:Gem::Version
141
- version: '0'
141
+ version: 2.15.5
142
142
  - !ruby/object:Gem::Dependency
143
143
  name: gpgme
144
144
  requirement: !ruby/object:Gem::Requirement
@@ -243,17 +243,8 @@ executables:
243
243
  extensions: []
244
244
  extra_rdoc_files: []
245
245
  files:
246
- - lib/lib_ext/markdown_document_listener.rb
247
- - lib/lib_ext/gli.rb
248
- - lib/lib_ext/capistrano_connections.rb
249
- - lib/core_ext/hash.rb
250
- - lib/core_ext/json.rb
251
- - lib/core_ext/nil.rb
252
- - lib/core_ext/boolean.rb
253
- - lib/core_ext/string.rb
254
246
  - lib/leap_cli.rb
255
247
  - lib/leap/platform.rb
256
- - lib/leap_cli/constants.rb
257
248
  - lib/leap_cli/markdown_document_listener.rb
258
249
  - lib/leap_cli/ssh_key.rb
259
250
  - lib/leap_cli/commands/facts.rb
@@ -262,16 +253,20 @@ files:
262
253
  - lib/leap_cli/commands/compile.rb
263
254
  - lib/leap_cli/commands/db.rb
264
255
  - lib/leap_cli/commands/user.rb
256
+ - lib/leap_cli/commands/ssh.rb
265
257
  - lib/leap_cli/commands/node.rb
266
258
  - lib/leap_cli/commands/clean.rb
267
259
  - lib/leap_cli/commands/test.rb
268
260
  - lib/leap_cli/commands/util.rb
261
+ - lib/leap_cli/commands/env.rb
269
262
  - lib/leap_cli/commands/list.rb
263
+ - lib/leap_cli/commands/node_init.rb
270
264
  - lib/leap_cli/commands/new.rb
271
265
  - lib/leap_cli/commands/deploy.rb
272
266
  - lib/leap_cli/commands/inspect.rb
273
- - lib/leap_cli/commands/shell.rb
274
267
  - lib/leap_cli/commands/vagrant.rb
268
+ - lib/leap_cli/lib_ext/gli.rb
269
+ - lib/leap_cli/lib_ext/capistrano_connections.rb
275
270
  - lib/leap_cli/util/remote_command.rb
276
271
  - lib/leap_cli/util/secret.rb
277
272
  - lib/leap_cli/util/x509.rb
@@ -279,7 +274,13 @@ files:
279
274
  - lib/leap_cli/remote/rsync_plugin.rb
280
275
  - lib/leap_cli/remote/puppet_plugin.rb
281
276
  - lib/leap_cli/remote/leap_plugin.rb
282
- - lib/leap_cli/requirements.rb
277
+ - lib/leap_cli/core_ext/yaml.rb
278
+ - lib/leap_cli/core_ext/hash.rb
279
+ - lib/leap_cli/core_ext/json.rb
280
+ - lib/leap_cli/core_ext/nil.rb
281
+ - lib/leap_cli/core_ext/boolean.rb
282
+ - lib/leap_cli/core_ext/string.rb
283
+ - lib/leap_cli/override/json.rb
283
284
  - lib/leap_cli/path.rb
284
285
  - lib/leap_cli/leapfile.rb
285
286
  - lib/leap_cli/exceptions.rb
@@ -288,11 +289,11 @@ files:
288
289
  - lib/leap_cli/config/manager.rb
289
290
  - lib/leap_cli/config/object.rb
290
291
  - lib/leap_cli/config/tag.rb
292
+ - lib/leap_cli/config/filter.rb
291
293
  - lib/leap_cli/config/object_list.rb
292
294
  - lib/leap_cli/config/provider.rb
293
295
  - lib/leap_cli/config/secrets.rb
294
296
  - lib/leap_cli/config/node.rb
295
- - lib/leap_cli/config/macros.rb
296
297
  - lib/leap_cli/logger.rb
297
298
  - lib/leap_cli/load_paths.rb
298
299
  - lib/leap_cli/version.rb
@@ -1,89 +0,0 @@
1
- module LeapCli; module Commands
2
-
3
- desc 'Log in to the specified node with an interactive shell.'
4
- arg_name 'NAME' #, :optional => false, :multiple => false
5
- command :ssh do |c|
6
- c.action do |global_options,options,args|
7
- exec_ssh(:ssh, args)
8
- end
9
- end
10
-
11
- desc 'Log in to the specified node with an interactive shell using mosh (requires node to have mosh.enabled set to true).'
12
- arg_name 'NAME'
13
- command :mosh do |c|
14
- c.action do |global_options,options,args|
15
- exec_ssh(:mosh, args)
16
- end
17
- end
18
-
19
- protected
20
-
21
- #
22
- # allow for ssh overrides of all commands that use ssh_connect
23
- #
24
- def connect_options(options)
25
- connect_options = {:ssh_options=>{}}
26
- if options[:port]
27
- connect_options[:ssh_options][:port] = options[:port]
28
- end
29
- if options[:ip]
30
- connect_options[:ssh_options][:host_name] = options[:ip]
31
- end
32
- return connect_options
33
- end
34
-
35
- def ssh_config_help_message
36
- puts ""
37
- puts "Are 'too many authentication failures' getting you down?"
38
- puts "Then we have the solution for you! Add something like this to your ~/.ssh/config file:"
39
- puts " Host *.#{manager.provider.domain}"
40
- puts " IdentityFile ~/.ssh/id_rsa"
41
- puts " IdentitiesOnly=yes"
42
- puts "(replace `id_rsa` with the actual private key filename that you use for this provider)"
43
- end
44
-
45
- private
46
-
47
- def exec_ssh(cmd, args)
48
- node = get_node_from_args(args, :include_disabled => true)
49
- options = [
50
- "-o 'HostName=#{node.ip_address}'",
51
- # "-o 'HostKeyAlias=#{node.name}'", << oddly incompatible with ports in known_hosts file, so we must not use this or non-standard ports break.
52
- "-o 'GlobalKnownHostsFile=#{path(:known_hosts)}'",
53
- "-o 'UserKnownHostsFile=/dev/null'"
54
- ]
55
- if node.vagrant?
56
- options << "-i #{vagrant_ssh_key_file}" # use the universal vagrant insecure key
57
- options << "-o IdentitiesOnly=yes" # force the use of the insecure vagrant key
58
- options << "-o 'StrictHostKeyChecking=no'" # blindly accept host key and don't save it (since userknownhostsfile is /dev/null)
59
- else
60
- options << "-o 'StrictHostKeyChecking=yes'"
61
- end
62
- username = 'root'
63
- if LeapCli.log_level >= 3
64
- options << "-vv"
65
- elsif LeapCli.log_level >= 2
66
- options << "-v"
67
- end
68
- ssh = "ssh -l #{username} -p #{node.ssh.port} #{options.join(' ')}"
69
- if cmd == :ssh
70
- command = "#{ssh} #{node.domain.full}"
71
- elsif cmd == :mosh
72
- command = "MOSH_TITLE_NOPREFIX=1 mosh --ssh \"#{ssh}\" #{node.domain.full}"
73
- end
74
- log 2, command
75
-
76
- # exec the shell command in a subprocess
77
- pid = fork { exec "#{command}" }
78
-
79
- # wait for shell to exit so we can grab the exit status
80
- _, status = Process.waitpid2(pid)
81
-
82
- if status.exitstatus == 255
83
- ssh_config_help_message
84
- elsif status.exitstatus != 0
85
- exit_now! status.exitstatus, status.exitstatus
86
- end
87
- end
88
-
89
- end; end