leap_cli 1.5.6 → 1.6.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/bin/leap +29 -6
- data/lib/leap/platform.rb +36 -1
- data/lib/leap_cli/commands/ca.rb +97 -20
- data/lib/leap_cli/commands/compile.rb +49 -8
- data/lib/leap_cli/commands/db.rb +13 -4
- data/lib/leap_cli/commands/deploy.rb +138 -29
- data/lib/leap_cli/commands/env.rb +76 -0
- data/lib/leap_cli/commands/facts.rb +10 -3
- data/lib/leap_cli/commands/inspect.rb +2 -2
- data/lib/leap_cli/commands/list.rb +10 -10
- data/lib/leap_cli/commands/node.rb +7 -132
- data/lib/leap_cli/commands/node_init.rb +169 -0
- data/lib/leap_cli/commands/pre.rb +4 -27
- data/lib/leap_cli/commands/ssh.rb +152 -0
- data/lib/leap_cli/commands/test.rb +22 -13
- data/lib/leap_cli/commands/user.rb +12 -4
- data/lib/leap_cli/commands/vagrant.rb +4 -4
- data/lib/leap_cli/config/filter.rb +175 -0
- data/lib/leap_cli/config/manager.rb +130 -61
- data/lib/leap_cli/config/node.rb +32 -0
- data/lib/leap_cli/config/object.rb +69 -44
- data/lib/leap_cli/config/object_list.rb +44 -39
- data/lib/leap_cli/config/secrets.rb +24 -12
- data/lib/leap_cli/config/tag.rb +7 -0
- data/lib/{core_ext → leap_cli/core_ext}/boolean.rb +0 -0
- data/lib/{core_ext → leap_cli/core_ext}/hash.rb +0 -0
- data/lib/{core_ext → leap_cli/core_ext}/json.rb +0 -0
- data/lib/{core_ext → leap_cli/core_ext}/nil.rb +0 -0
- data/lib/{core_ext → leap_cli/core_ext}/string.rb +0 -0
- data/lib/leap_cli/core_ext/yaml.rb +29 -0
- data/lib/leap_cli/exceptions.rb +24 -0
- data/lib/leap_cli/leapfile.rb +60 -10
- data/lib/{lib_ext → leap_cli/lib_ext}/capistrano_connections.rb +0 -0
- data/lib/{lib_ext → leap_cli/lib_ext}/gli.rb +0 -0
- data/lib/leap_cli/log.rb +1 -1
- data/lib/leap_cli/logger.rb +18 -1
- data/lib/leap_cli/markdown_document_listener.rb +1 -1
- data/lib/leap_cli/override/json.rb +11 -0
- data/lib/leap_cli/path.rb +20 -6
- data/lib/leap_cli/remote/leap_plugin.rb +2 -2
- data/lib/leap_cli/remote/puppet_plugin.rb +1 -1
- data/lib/leap_cli/remote/rsync_plugin.rb +1 -1
- data/lib/leap_cli/remote/tasks.rb +1 -1
- data/lib/leap_cli/ssh_key.rb +63 -1
- data/lib/leap_cli/util/remote_command.rb +19 -2
- data/lib/leap_cli/util/secret.rb +1 -1
- data/lib/leap_cli/util/x509.rb +3 -2
- data/lib/leap_cli/util.rb +11 -3
- data/lib/leap_cli/version.rb +2 -2
- data/lib/leap_cli.rb +24 -14
- data/vendor/certificate_authority/lib/certificate_authority/certificate.rb +85 -29
- data/vendor/certificate_authority/lib/certificate_authority/distinguished_name.rb +5 -0
- data/vendor/certificate_authority/lib/certificate_authority/extensions.rb +406 -41
- data/vendor/certificate_authority/lib/certificate_authority/key_material.rb +0 -34
- data/vendor/certificate_authority/lib/certificate_authority/serial_number.rb +6 -0
- data/vendor/certificate_authority/lib/certificate_authority/signing_request.rb +36 -1
- metadata +25 -24
- data/lib/leap_cli/commands/shell.rb +0 -89
- data/lib/leap_cli/config/macros.rb +0 -430
- data/lib/leap_cli/constants.rb +0 -7
- data/lib/leap_cli/requirements.rb +0 -19
- data/lib/lib_ext/markdown_document_listener.rb +0 -122
@@ -5,6 +5,29 @@ module CertificateAuthority
|
|
5
5
|
attr_accessor :raw_body
|
6
6
|
attr_accessor :openssl_csr
|
7
7
|
attr_accessor :digest
|
8
|
+
attr_accessor :attributes
|
9
|
+
|
10
|
+
def initialize()
|
11
|
+
@attributes = []
|
12
|
+
end
|
13
|
+
|
14
|
+
# Fake attribute for convenience because adding
|
15
|
+
# alternative names on a CSR is remarkably non-trivial.
|
16
|
+
def subject_alternative_names=(alt_names)
|
17
|
+
raise "alt_names must be an Array" unless alt_names.is_a?(Array)
|
18
|
+
|
19
|
+
factory = OpenSSL::X509::ExtensionFactory.new
|
20
|
+
name_list = alt_names.map{|m| "DNS:#{m}"}.join(",")
|
21
|
+
ext = factory.create_ext("subjectAltName",name_list,false)
|
22
|
+
ext_set = OpenSSL::ASN1::Set([OpenSSL::ASN1::Sequence([ext])])
|
23
|
+
attr = OpenSSL::X509::Attribute.new("extReq", ext_set)
|
24
|
+
@attributes << attr
|
25
|
+
end
|
26
|
+
|
27
|
+
def read_attributes_by_oid(*oids)
|
28
|
+
attributes.detect { |a| oids.include?(a.oid) }
|
29
|
+
end
|
30
|
+
protected :read_attributes_by_oid
|
8
31
|
|
9
32
|
def to_cert
|
10
33
|
cert = Certificate.new
|
@@ -12,6 +35,15 @@ module CertificateAuthority
|
|
12
35
|
cert.distinguished_name = @distinguished_name
|
13
36
|
end
|
14
37
|
cert.key_material = @key_material
|
38
|
+
if attribute = read_attributes_by_oid('extReq', 'msExtReq')
|
39
|
+
set = OpenSSL::ASN1.decode(attribute.value)
|
40
|
+
seq = set.value.first
|
41
|
+
seq.value.collect { |asn1ext| OpenSSL::X509::Extension.new(asn1ext).to_a }.each do |o, v, c|
|
42
|
+
Certificate::EXTENSIONS.each do |klass|
|
43
|
+
cert.extensions[klass::OPENSSL_IDENTIFIER] = klass.parse(v, c) if v && klass::OPENSSL_IDENTIFIER == o
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
15
47
|
cert
|
16
48
|
end
|
17
49
|
|
@@ -24,10 +56,12 @@ module CertificateAuthority
|
|
24
56
|
raise "Invalid DN in request" unless @distinguished_name.valid?
|
25
57
|
raise "CSR must have key material" if @key_material.nil?
|
26
58
|
raise "CSR must include a public key on key material" if @key_material.public_key.nil?
|
59
|
+
raise "Need a private key on key material for CSR generation" if @key_material.private_key.nil?
|
27
60
|
|
28
61
|
opensslcsr = OpenSSL::X509::Request.new
|
29
62
|
opensslcsr.subject = @distinguished_name.to_x509_name
|
30
63
|
opensslcsr.public_key = @key_material.public_key
|
64
|
+
opensslcsr.attributes = @attributes unless @attributes.nil?
|
31
65
|
opensslcsr.sign @key_material.private_key, OpenSSL::Digest::Digest.new(@digest || "SHA512")
|
32
66
|
opensslcsr
|
33
67
|
end
|
@@ -38,6 +72,7 @@ module CertificateAuthority
|
|
38
72
|
csr.distinguished_name = DistinguishedName.from_openssl openssl_csr.subject
|
39
73
|
csr.raw_body = raw_csr
|
40
74
|
csr.openssl_csr = openssl_csr
|
75
|
+
csr.attributes = openssl_csr.attributes
|
41
76
|
key_material = SigningRequestKeyMaterial.new
|
42
77
|
key_material.public_key = openssl_csr.public_key
|
43
78
|
csr.key_material = key_material
|
@@ -53,4 +88,4 @@ module CertificateAuthority
|
|
53
88
|
csr
|
54
89
|
end
|
55
90
|
end
|
56
|
-
end
|
91
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: leap_cli
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.6.2
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2014-
|
12
|
+
date: 2014-12-11 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: minitest
|
@@ -34,7 +34,7 @@ dependencies:
|
|
34
34
|
requirements:
|
35
35
|
- - ~>
|
36
36
|
- !ruby/object:Gem::Version
|
37
|
-
version: 2.
|
37
|
+
version: 2.12.0
|
38
38
|
type: :runtime
|
39
39
|
prerelease: false
|
40
40
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -42,7 +42,7 @@ dependencies:
|
|
42
42
|
requirements:
|
43
43
|
- - ~>
|
44
44
|
- !ruby/object:Gem::Version
|
45
|
-
version: 2.
|
45
|
+
version: 2.12.0
|
46
46
|
- !ruby/object:Gem::Dependency
|
47
47
|
name: command_line_reporter
|
48
48
|
requirement: !ruby/object:Gem::Requirement
|
@@ -108,13 +108,13 @@ dependencies:
|
|
108
108
|
- !ruby/object:Gem::Version
|
109
109
|
version: '0'
|
110
110
|
- !ruby/object:Gem::Dependency
|
111
|
-
name:
|
111
|
+
name: net-ssh
|
112
112
|
requirement: !ruby/object:Gem::Requirement
|
113
113
|
none: false
|
114
114
|
requirements:
|
115
115
|
- - ~>
|
116
116
|
- !ruby/object:Gem::Version
|
117
|
-
version: 2.
|
117
|
+
version: 2.7.0
|
118
118
|
type: :runtime
|
119
119
|
prerelease: false
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -122,23 +122,23 @@ dependencies:
|
|
122
122
|
requirements:
|
123
123
|
- - ~>
|
124
124
|
- !ruby/object:Gem::Version
|
125
|
-
version: 2.
|
125
|
+
version: 2.7.0
|
126
126
|
- !ruby/object:Gem::Dependency
|
127
|
-
name:
|
127
|
+
name: capistrano
|
128
128
|
requirement: !ruby/object:Gem::Requirement
|
129
129
|
none: false
|
130
130
|
requirements:
|
131
|
-
- -
|
131
|
+
- - ~>
|
132
132
|
- !ruby/object:Gem::Version
|
133
|
-
version:
|
133
|
+
version: 2.15.5
|
134
134
|
type: :runtime
|
135
135
|
prerelease: false
|
136
136
|
version_requirements: !ruby/object:Gem::Requirement
|
137
137
|
none: false
|
138
138
|
requirements:
|
139
|
-
- -
|
139
|
+
- - ~>
|
140
140
|
- !ruby/object:Gem::Version
|
141
|
-
version:
|
141
|
+
version: 2.15.5
|
142
142
|
- !ruby/object:Gem::Dependency
|
143
143
|
name: gpgme
|
144
144
|
requirement: !ruby/object:Gem::Requirement
|
@@ -243,17 +243,8 @@ executables:
|
|
243
243
|
extensions: []
|
244
244
|
extra_rdoc_files: []
|
245
245
|
files:
|
246
|
-
- lib/lib_ext/markdown_document_listener.rb
|
247
|
-
- lib/lib_ext/gli.rb
|
248
|
-
- lib/lib_ext/capistrano_connections.rb
|
249
|
-
- lib/core_ext/hash.rb
|
250
|
-
- lib/core_ext/json.rb
|
251
|
-
- lib/core_ext/nil.rb
|
252
|
-
- lib/core_ext/boolean.rb
|
253
|
-
- lib/core_ext/string.rb
|
254
246
|
- lib/leap_cli.rb
|
255
247
|
- lib/leap/platform.rb
|
256
|
-
- lib/leap_cli/constants.rb
|
257
248
|
- lib/leap_cli/markdown_document_listener.rb
|
258
249
|
- lib/leap_cli/ssh_key.rb
|
259
250
|
- lib/leap_cli/commands/facts.rb
|
@@ -262,16 +253,20 @@ files:
|
|
262
253
|
- lib/leap_cli/commands/compile.rb
|
263
254
|
- lib/leap_cli/commands/db.rb
|
264
255
|
- lib/leap_cli/commands/user.rb
|
256
|
+
- lib/leap_cli/commands/ssh.rb
|
265
257
|
- lib/leap_cli/commands/node.rb
|
266
258
|
- lib/leap_cli/commands/clean.rb
|
267
259
|
- lib/leap_cli/commands/test.rb
|
268
260
|
- lib/leap_cli/commands/util.rb
|
261
|
+
- lib/leap_cli/commands/env.rb
|
269
262
|
- lib/leap_cli/commands/list.rb
|
263
|
+
- lib/leap_cli/commands/node_init.rb
|
270
264
|
- lib/leap_cli/commands/new.rb
|
271
265
|
- lib/leap_cli/commands/deploy.rb
|
272
266
|
- lib/leap_cli/commands/inspect.rb
|
273
|
-
- lib/leap_cli/commands/shell.rb
|
274
267
|
- lib/leap_cli/commands/vagrant.rb
|
268
|
+
- lib/leap_cli/lib_ext/gli.rb
|
269
|
+
- lib/leap_cli/lib_ext/capistrano_connections.rb
|
275
270
|
- lib/leap_cli/util/remote_command.rb
|
276
271
|
- lib/leap_cli/util/secret.rb
|
277
272
|
- lib/leap_cli/util/x509.rb
|
@@ -279,7 +274,13 @@ files:
|
|
279
274
|
- lib/leap_cli/remote/rsync_plugin.rb
|
280
275
|
- lib/leap_cli/remote/puppet_plugin.rb
|
281
276
|
- lib/leap_cli/remote/leap_plugin.rb
|
282
|
-
- lib/leap_cli/
|
277
|
+
- lib/leap_cli/core_ext/yaml.rb
|
278
|
+
- lib/leap_cli/core_ext/hash.rb
|
279
|
+
- lib/leap_cli/core_ext/json.rb
|
280
|
+
- lib/leap_cli/core_ext/nil.rb
|
281
|
+
- lib/leap_cli/core_ext/boolean.rb
|
282
|
+
- lib/leap_cli/core_ext/string.rb
|
283
|
+
- lib/leap_cli/override/json.rb
|
283
284
|
- lib/leap_cli/path.rb
|
284
285
|
- lib/leap_cli/leapfile.rb
|
285
286
|
- lib/leap_cli/exceptions.rb
|
@@ -288,11 +289,11 @@ files:
|
|
288
289
|
- lib/leap_cli/config/manager.rb
|
289
290
|
- lib/leap_cli/config/object.rb
|
290
291
|
- lib/leap_cli/config/tag.rb
|
292
|
+
- lib/leap_cli/config/filter.rb
|
291
293
|
- lib/leap_cli/config/object_list.rb
|
292
294
|
- lib/leap_cli/config/provider.rb
|
293
295
|
- lib/leap_cli/config/secrets.rb
|
294
296
|
- lib/leap_cli/config/node.rb
|
295
|
-
- lib/leap_cli/config/macros.rb
|
296
297
|
- lib/leap_cli/logger.rb
|
297
298
|
- lib/leap_cli/load_paths.rb
|
298
299
|
- lib/leap_cli/version.rb
|
@@ -1,89 +0,0 @@
|
|
1
|
-
module LeapCli; module Commands
|
2
|
-
|
3
|
-
desc 'Log in to the specified node with an interactive shell.'
|
4
|
-
arg_name 'NAME' #, :optional => false, :multiple => false
|
5
|
-
command :ssh do |c|
|
6
|
-
c.action do |global_options,options,args|
|
7
|
-
exec_ssh(:ssh, args)
|
8
|
-
end
|
9
|
-
end
|
10
|
-
|
11
|
-
desc 'Log in to the specified node with an interactive shell using mosh (requires node to have mosh.enabled set to true).'
|
12
|
-
arg_name 'NAME'
|
13
|
-
command :mosh do |c|
|
14
|
-
c.action do |global_options,options,args|
|
15
|
-
exec_ssh(:mosh, args)
|
16
|
-
end
|
17
|
-
end
|
18
|
-
|
19
|
-
protected
|
20
|
-
|
21
|
-
#
|
22
|
-
# allow for ssh overrides of all commands that use ssh_connect
|
23
|
-
#
|
24
|
-
def connect_options(options)
|
25
|
-
connect_options = {:ssh_options=>{}}
|
26
|
-
if options[:port]
|
27
|
-
connect_options[:ssh_options][:port] = options[:port]
|
28
|
-
end
|
29
|
-
if options[:ip]
|
30
|
-
connect_options[:ssh_options][:host_name] = options[:ip]
|
31
|
-
end
|
32
|
-
return connect_options
|
33
|
-
end
|
34
|
-
|
35
|
-
def ssh_config_help_message
|
36
|
-
puts ""
|
37
|
-
puts "Are 'too many authentication failures' getting you down?"
|
38
|
-
puts "Then we have the solution for you! Add something like this to your ~/.ssh/config file:"
|
39
|
-
puts " Host *.#{manager.provider.domain}"
|
40
|
-
puts " IdentityFile ~/.ssh/id_rsa"
|
41
|
-
puts " IdentitiesOnly=yes"
|
42
|
-
puts "(replace `id_rsa` with the actual private key filename that you use for this provider)"
|
43
|
-
end
|
44
|
-
|
45
|
-
private
|
46
|
-
|
47
|
-
def exec_ssh(cmd, args)
|
48
|
-
node = get_node_from_args(args, :include_disabled => true)
|
49
|
-
options = [
|
50
|
-
"-o 'HostName=#{node.ip_address}'",
|
51
|
-
# "-o 'HostKeyAlias=#{node.name}'", << oddly incompatible with ports in known_hosts file, so we must not use this or non-standard ports break.
|
52
|
-
"-o 'GlobalKnownHostsFile=#{path(:known_hosts)}'",
|
53
|
-
"-o 'UserKnownHostsFile=/dev/null'"
|
54
|
-
]
|
55
|
-
if node.vagrant?
|
56
|
-
options << "-i #{vagrant_ssh_key_file}" # use the universal vagrant insecure key
|
57
|
-
options << "-o IdentitiesOnly=yes" # force the use of the insecure vagrant key
|
58
|
-
options << "-o 'StrictHostKeyChecking=no'" # blindly accept host key and don't save it (since userknownhostsfile is /dev/null)
|
59
|
-
else
|
60
|
-
options << "-o 'StrictHostKeyChecking=yes'"
|
61
|
-
end
|
62
|
-
username = 'root'
|
63
|
-
if LeapCli.log_level >= 3
|
64
|
-
options << "-vv"
|
65
|
-
elsif LeapCli.log_level >= 2
|
66
|
-
options << "-v"
|
67
|
-
end
|
68
|
-
ssh = "ssh -l #{username} -p #{node.ssh.port} #{options.join(' ')}"
|
69
|
-
if cmd == :ssh
|
70
|
-
command = "#{ssh} #{node.domain.full}"
|
71
|
-
elsif cmd == :mosh
|
72
|
-
command = "MOSH_TITLE_NOPREFIX=1 mosh --ssh \"#{ssh}\" #{node.domain.full}"
|
73
|
-
end
|
74
|
-
log 2, command
|
75
|
-
|
76
|
-
# exec the shell command in a subprocess
|
77
|
-
pid = fork { exec "#{command}" }
|
78
|
-
|
79
|
-
# wait for shell to exit so we can grab the exit status
|
80
|
-
_, status = Process.waitpid2(pid)
|
81
|
-
|
82
|
-
if status.exitstatus == 255
|
83
|
-
ssh_config_help_message
|
84
|
-
elsif status.exitstatus != 0
|
85
|
-
exit_now! status.exitstatus, status.exitstatus
|
86
|
-
end
|
87
|
-
end
|
88
|
-
|
89
|
-
end; end
|