lorj 1.0.12 → 1.0.13

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 794f05ad532df448906a4c02b3a8037b3633ead3
-  data.tar.gz: b5f2c8e2dcd69cee39b5ed7931765878581b6e20
+  metadata.gz: 2b033bdd31601389a91bf2772c3960307fdb7e2b
+  data.tar.gz: 73451dacdb51d7c898d43f3f4752ed4dd340cfad
 SHA512:
-  metadata.gz: 0d9610ee767426066b0507f791c6fbc52764bb42cebdf9479bdd9923a7e7080107dcc0294db7d420e8b287104d1cd290eb316464287669845ec78b6cfaf684b4
-  data.tar.gz: 113d5adb2e583a57ca190a7c9b41c78328beb41f357974cb1db8d6bf0a20522030719978e332bb44c01f392c5d54c5968f4f17b2c523248b8e604cebb0bdfbf3
+  metadata.gz: c0807c1c536cf7bbccb7fc2fe224e7f136e29721bc3fe691339c3aad337f68ea6eeeef8728ce1b070cbe4483bf5e3d99f18361f6114ddd3e8831aa9db2a80c9a
+  data.tar.gz: bd5b1c98d312503272591359658e86b3a9a3fd280a0ca6623bfc86398273351afe50d332a269fb75f55bbd19371cd97772f0c9dd3549122aa881bcc430a1c23b

data/bin/lorj_account_import.rb

@@ -0,0 +1,128 @@
+#!/usr/bin/env ruby
+# encoding: UTF-8
+
+# (c) Copyright 2014 Hewlett-Packard Development Company, L.P.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+
+# This script works in ruby 1.8
+
+require 'lorj'
+
+#  require 'ruby-debug'
+#  Debugger.start
+
+if ARGV.length <= 3
+  puts "Syntax is 'ruby #{__FILE__}' <LorjRef> <key> <CloudDataFile> "\
+       "[<AccountName[@provider]>]\n"\
+       "where:\n"\
+       "LorjRef       : Lorj application struture to use. \n"\
+       "                Format: <datapath>=<process>[@<libToLoad]\n"\
+       "  datapath    : Path where Lorj store data.\n"\
+       "  process     : Lorj process name to load. It can be a path to a\n"\
+       '                process file.'\
+       "  libToLoad   : Optional. Ruby library containing The Lorj process.\n"\
+       "                If missing, it will try to load a lib named \n"\
+       '                lorj_<process>'\
+       'key           : Base64 encoded key. Used to decrypt the <CloudDataFi'\
+       "le>\n"\
+       "CloudDataFile : File containing the Lorj cloud data to import.\n"\
+       "AccountName   : Account name to import. Usually the CloudDataFile\n"\
+       "                have the name embedded and may use that one except\n"\
+       '                if you force it.'
+  exit
+end
+
+ref, key_encoded, data_file, account = ARGV
+
+ref_found = ref.match(/^(.*)=(.*?)(@(.*))?$/)
+
+unless ref_found
+  puts 'LorjRef must be formatted as : <datapath>=<process>[@<libToLoad]'
+  exit 1
+end
+
+datapath = ref_found[1]
+process = ref_found[2]
+
+if ref_found[3].nil?
+  lib_name = "lorj_#{process}"
+else
+  lib_name = ref_found[4]
+end
+
+unless File.exist?(data_file)
+  puts "#{data_file} doesn't exist. Please check and retry."
+  exit 1
+end
+
+if key_encoded == ''
+  puts 'The key provided is empty. Please check and retry.'
+  exit 1
+end
+
+begin
+  require lib_name
+rescue => e
+  puts "Warning! Unable to load RubyGem '#{lib_name}'.\n#{e}"
+end
+
+if key_encoded.length % 4 > 0
+  key_encoded += '=' * (4 - (key_encoded.length % 4))
+end
+
+begin
+  key_yaml = Base64.strict_decode64(key_encoded)
+rescue => e
+  puts "Reading Base64 Key: '#{key_encoded}' is not a valid encoded Base64"\
+       " data.\n#{e}\nPlease check and retry."
+  exit 1
+end
+
+begin
+  entr = YAML.load(key_yaml)
+rescue => e
+  puts "Reading Base64 Key: '#{key_yaml}' is not a valid YAML data.\n#{e}\n"\
+       'Please check and retry.'
+  exit 1
+else
+  unless entr.key?(:iv) && entr.key?(:key) && entr.key?(:salt)
+    puts 'Reading Base64 Key: Invalid key. Missing entropy data.'
+    exit 1
+  end
+end
+
+name, controller = account.split('@') unless account.nil?
+
+PrcLib.data_path = datapath
+
+keypath = Lorj::KeyPath.new(process)
+
+processes = [{ :process_module => keypath.key_tree }]
+
+core = Lorj::Core.new(Lorj::Account.new, processes)
+
+data = File.read(data_file).strip
+
+#  debugger # rubocop: disable Lint/Debugger
+
+core.account_import(entr, data, name, controller)
+
+puts 'Import done.'
+
+if core.config.ac_save
+  puts "Config imported and saved in #{core.config['account#name']}"
+  exit 0
+end
+puts 'Issue during configuration saved.'
+exit 1

data/build/build_with_proxy.sh

@@ -37,7 +37,7 @@ fi
 if [ "$http_proxy" = "" ]
 then
    echo "Currently, no proxy is set. Running docker without proxy"
-   docker build $TAG
+   docker build $TAG .
    exit
 fi
 

data/lib/core/core.rb

@@ -310,11 +310,46 @@ module Lorj
     #
     # * *Raises* :
     #   No exceptions
-    def register(oObject, sObjectType = nil) #:doc:
+    def register(oObject, sObjectType = nil)
       return nil if !oObject || !@core_object
       @core_object.register(oObject, sObjectType)
     end
 
+    # Function to import an encrypted Hash as a Lorj Account.
+    #
+    # For details about this functions, see #Lorj::BaseDefinition.account_import
+    #
+    # * *Args* :
+    #   - +key+      : key to use to decrypt the 'enc_hash'.
+    #   - +enc_hash+ : Encrypted Hash.
+    #
+    # * *Raises* :
+    #   No exceptions
+    def account_import(key, enc_hash, name = nil, controller = nil)
+      return nil if @core_object.nil?
+      @core_object.account_import(key, enc_hash, name, controller)
+    end
+
+    # Function to export a Lorj Account in an encrypted Hash.
+    #
+    # For details about this functions, see #Lorj::BaseDefinition.account_export
+    #
+    # * *Args* :
+    #   - +map+       : Hash map of fields to extract. if map is nil, the
+    #     export function will loop in the list of keys in the 'account' layer.
+    #   - +with_name+ : True to extract :name and :provider as well.
+    #     True by default.
+    #
+    # * *returns* :
+    #   - key: String. Key used to encrypt.
+    #   - env_hash: String. Base64 encrypted Hash.
+    #   OR
+    #   - nil if issues.
+    def account_export(map = nil, with_name = true)
+      return nil if @core_object.nil?
+      @core_object.account_export(map, with_name)
+    end
+
     # Core parameters are:
     # the_config : Optional. An instance of a configuration system which *HAVE*
     # to provide get/set/exist?/[]/[]=

data/lib/core/core_import_export.rb

@@ -0,0 +1,168 @@
+#!/usr/bin/env ruby
+# encoding: UTF-8
+
+# (c) Copyright 2014 Hewlett-Packard Development Company, L.P.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+
+#
+module Lorj
+  # Implements account_import and account_export
+  # exposed by core.
+  class BaseDefinition
+    # Function to import an encrypted Hash as a Lorj Account.
+    #
+    # The encrypted Hash will be decrypted by the key provided.
+    # The content of the hash will be stored in the 'account' layer
+    # of config.
+    #
+    # The 'account' layer is not cleaned before. If you need to
+    # clean it up, do:
+    #     config.ac_new(account_name, controller_name)
+    #
+    # or if the Hash data contains :name and :provider
+    #     config.ac_erase
+    #
+    # To save it in a file, you will need to call
+    #     config.ac_save(filename)
+    #
+    # If you pass 'name' and 'controller', ac_update will be used to update the
+    # account data
+    # If the imported data contains name and controller data, by default, it
+    # will call ac_update except if name is an empty string.
+    #
+    # The location used comes from PrcLib.data_path
+    # Passwords will be encrypted by the internal .key file stored in
+    # PrcLib.pdata_path
+    #
+    # The imported Hash will follow the process data model. But it won't
+    # verify if some data are missed for any object action (create/delete/...)
+    #
+    # * *Args* :
+    #   - +key+        : key to use to decrypt the 'enc_hash'.
+    #   - +enc_hash+   : Encrypted Hash.
+    #   - +name+       : Optional. Name of the account.
+    #   - +controller+ : Optional. Name of the controller.
+    #
+    # * *Raises* :
+    #   No exceptions
+    def account_import(key, enc_hash, name = nil, controller = nil)
+      hash = _get_encrypted_value(enc_hash, key, 'Encrypted account data')
+
+      data = YAML.load(hash)
+
+      _update_account_meta(data, name, controller)
+
+      entr = _get_encrypt_key
+
+      data.each do |s, sh|
+        sh.each do |k, v|
+          key = "#{s}##{k}"
+          data_def = Lorj.data.auto_section_data(key)
+          if data_def && data_def[:encrypted].is_a?(TrueClass)
+            v = _encrypt_value(v, entr)
+          end
+          config.set(key, v, :name => 'account')
+        end
+      end
+    end
+
+    # Function to export a Lorj Account in an encrypted Hash.
+    #
+    # The encrypted Hash will be encrypted by a new key returned.
+    # The content of the hash will built thanks to a Hash mapping
+    # or the list of data list in the config 'account' layer.
+    #
+    # * *Args* :
+    #   - +map+          : Hash map of fields to extract. if map is nil, the
+    #     export function will loop in the list of keys in the 'account' layer.
+    #     if map is provided, following data are expected:
+    #     - <key> : Data key to extract from config.
+    #       - :keys: Array. SubHash tree of keys to create. If :keys is missing,
+    #         the Data key will define the SubHash tree to use.
+    #
+    #         Ex:
+    #             map = {
+    #               # like :keys => [credentials, auth_uri]
+    #               'credentials#auth_uri' => {},
+    #               # extract from maestro but export under :server
+    #               'maestro#image_name' => {:keys => [:server, image_name]}
+    #               }
+    #   - +with_name+    : True to extract :name and :provider as well.
+    #     True by default.
+    #   - +account_only+ : True data extracted must come exclusively from the
+    #     config 'account' layer.
+    #
+    # * *returns* :
+    #   - key: String. Key used to encrypt.
+    #   - env_hash: String. Base64 encrypted Hash.
+    #   OR
+    #   - nil if issues.
+    def account_export(map = nil, with_name = true, account_only = true)
+      map = _account_map if map.nil?
+
+      map.merge!('account#name' => {}, 'account#provider' => {}) if with_name
+
+      entr = _get_encrypt_key
+      rhash = {}
+      map.each do |k, v|
+        data_def = Lorj.data.auto_section_data(k)
+
+        if account_only
+          data = config.get(k, nil, :name => 'account')
+        else
+          data = config[k]
+        end
+
+        rhash_tree = Lorj.data.first_section(k)
+        rhash_tree = v[:keys] if v.key?(:keys)
+        if !data_def.nil? && data_def[:encrypted].is_a?(TrueClass)
+          data = _get_encrypted_value(data, entr, data_def[:desc])
+        end
+        rhash.rh_set(data, *rhash_tree)
+      end
+
+      entr = _new_encrypt_key
+      [entr, _encrypt_value(rhash.to_yaml, entr)]
+    end
+
+    private
+
+    def _update_account_meta(data, name, controller)
+      if name.nil? && data.rh_exist?(:account, :name)
+        name = data.rh_get(:account, :name)
+      end
+      if controller.nil? && data.rh_exist?(:account, :provider)
+        controller = data.rh_get(:account, :provider)
+      end
+
+      name = nil if name == ''
+
+      config.ac_update(name, controller) unless name.nil? || controller.nil?
+    end
+
+    def _account_map
+      map = {}
+
+      config.each(:name => 'account') do |s, v|
+        next unless v.is_a?(Hash)
+        v.keys.each do |k|
+          unless s == :account && [:name, :provider].include?(k)
+            map["#{s}##{k}"] = {}
+          end
+        end
+      end
+      map
+    end
+  end
+end

data/lib/core/core_setup_encrypt.rb

@@ -14,6 +14,7 @@
 
 require 'highline/import'
 require 'encryptor'
+require 'base64'
 
 # Module Lorj which contains several classes.
 #
@@ -27,16 +28,37 @@ require 'encryptor'
 module Lorj
   # Adding encrypt core functions.
   class BaseDefinition
+    private
+
+    # internal runtime function to create a new key
+    # *parameters*:
+    #   - +new+       : true to create a new key.
+    #
+    # *return*:
+    #   - entropy: Hash. Entropy data used as key to encrypt values.
+    #     Details from encryptor's gem.
+    #     - :key: password
+    #     - :salt : String current time number
+    #     - :iv: Base64 random iv
+    def _new_encrypt_key(key = rand(36**10).to_s(36))
+      random_iv = OpenSSL::Cipher::Cipher.new('aes-256-cbc').random_iv
+      {
+        :key => key,
+        :salt => Time.now.to_i.to_s,
+        :iv => Base64.strict_encode64(random_iv)
+      }
+    end
+
     # internal runtime function for process call
     # Get encrypted value hidden by *
     #
+    # Use PrcLib.pdata_path to store/read a '.key' file
+    #
     # *parameters*:
-    #   - +sDesc+       : data description
-    #   - +default+     : encrypted default value
-    #   - +entropy+     : Entropy Hash
+    #   - +new+       : true to create a new key.
     #
     # *return*:
-    # - value : encrypted value.
+    # - value : encrypted key value.
     #
     # *raise*:
     #
@@ -45,17 +67,12 @@ module Lorj
       key_file = File.join(PrcLib.pdata_path, '.key')
       if !File.exist?(key_file)
         # Need to create a random key.
-        random_iv = OpenSSL::Cipher::Cipher.new('aes-256-cbc').random_iv
-        entr = {
-          :key => rand(36**10).to_s(36),
-          :salt => Time.now.to_i.to_s,
-          :iv => Base64.strict_encode64(random_iv)
-        }
+        entr = _new_encrypt_key
 
         Lorj.debug(2, "Writing '%s' key file", key_file)
-        PrcLib.ensure_dir_exists(
-          PrcLib.pdata_path
-        ) unless PrcLib.dir_exists?(PrcLib.pdata_path)
+        unless PrcLib.dir_exists?(PrcLib.pdata_path)
+          PrcLib.ensure_dir_exists(PrcLib.pdata_path)
+        end
         File.open(key_file, 'w+') do |out|
           out.write(Base64.encode64(entr.to_yaml))
         end
@@ -118,12 +135,29 @@ module Lorj
           :iv => Base64.strict_decode64(entr[:iv]),
           :salt => entr[:salt]
         )
-      rescue
-        PrcLib.error('Unable to decrypt your %s. You will need to re-enter it.',
-                     sDesc)
+      rescue => e
+        PrcLib.error("Unable to decrypt your %s.\n"\
+                     "%s\n"\
+                     ' You will need to re-enter it.',
+                     sDesc, e)
       end
     end
 
+    # Function to encrypt a data with a entr key.
+    #
+    # *return*:
+    # - value : encrypted value in Base64 encoded data.
+    def _encrypt_value(value, entr)
+      Base64.strict_encode64(
+        Encryptor.encrypt(
+          :value => value,
+          :key => entr[:key],
+          :iv => Base64.strict_decode64(entr[:iv]),
+          :salt => entr[:salt]
+        )
+      )
+    end
+
     # internal runtime function for process call
     # Ask encrypted function executed by _ask
     #
@@ -132,7 +166,7 @@ module Lorj
     #   - +default+     : encrypted default value
     #
     # *return*:
-    # - value : encrypted value.
+    # - value : encrypted value in Base64.
     #
     # *raise*:
     #
@@ -160,14 +194,7 @@ module Lorj
           PrcLib.message('%s cannot be empty.', sDesc) if value_free == ''
         end
       end
-      Base64.strict_encode64(
-        Encryptor.encrypt(
-          :value => value_free,
-          :key => entr[:key],
-          :iv => Base64.strict_decode64(entr[:iv]),
-          :salt => entr[:salt]
-        )
-      )
+      _encrypt_value(value_free, entr)
     end
   end
 end

data/lib/core/lorj_basecontroller.rb

@@ -104,5 +104,159 @@ module Lorj
       end
       controller_error '%s is not set.', key
     end
+
+    private
+
+    # controller helper function:
+    # This helper controller function helps to query and object list
+    # from a Lorj query Hash. See query Hash details in #ctrl_query_match.
+    #
+    # * *args*:
+    #   - +objects+ : Collection of object which respond to each
+    #   - +query+   : Hash. Containing a list of attributes to test
+    #     See #ctrl_do_query_match for details
+    #   - +&block+  : block to extract the object data from a key.
+    def ctrl_query_each(objects, query) # :doc:
+      results = []
+      Lorj.debug(4, "Filtering with '%s'", query)
+      unless objects.class.method_defined?(:each)
+        controller_error "'%s' do not have 'each' function.", objects.class
+      end
+      objects.each do |o|
+        if block_given?
+          selected = ctrl_do_query_match(o, query) { |d, k| yield d, k }
+        else
+          selected = ctrl_do_query_match(o, query)
+        end
+        results.push o if selected
+      end
+      Lorj.debug(4, '%d records selected', results.length)
+      results
+    end
+
+    # controller helper function:
+    # Function to return match status
+    # from a list of attributes regarding a query attribute list
+    #
+    # * *args*:
+    #   - +object+ : Object to query.
+    #   - +query+  : Hash containing a list of attributes to test
+    #     The query value support several cases:
+    #     - Regexp : must Regexp.match
+    #     - default equality : must match ==
+    #   - +&block+ : block to extract the object data from a key.
+    #
+    # * *returns*:
+    #   - true if this object is selected by the query.
+    # OR
+    #   - false otherwise
+    #
+    # * *exception*:
+    #   - No exception
+    #
+    #   by default, this function will extract data from the object
+    #   with followinf functions: If one fails, it will try the next one.
+    #   :[], or :key or &block.
+    #   The optional &block is a third way defined by the controller to extract
+    #   data.
+    #   The &block is defined as followed:
+    #   * *args*:
+    #     - +object+ : The object to get data from
+    #     - +key+    : The key used to extract data
+    #   * *returns*:
+    #     - value extracted.
+    #   * *exception*:
+    #     - Any object exception during data extraction.
+    #
+    def ctrl_do_query_match(object, query)
+      selected = true
+      query.each do |key, match_value|
+        if block_given?
+          found, v = _get_from(object, key) { |d, k| yield d, k }
+        else
+          found, v = _get_from(object, key)
+        end
+
+        Lorj.debug(4, "'%s.%s' = '%s'", object.class, key, v) if found
+
+        selected = lorj_filter_regexp(v, match_value)
+        selected |= lorj_filter_default(v, match_value)
+        break unless selected
+      end
+      Lorj.debug(4, 'object selected.') if selected
+      selected
+    end
+
+    def ctrl_query_select(query, *limit)
+      return {} if limit.length == 0
+      query.select { |_k, v| limit.include?(v.class) }
+    end
+
+    def _get_from(data, key)
+      ret = nil
+      found = nil
+
+      [:[], key].each do |f|
+        found, ret = _get_from_func(data, key, f)
+        break if found
+      end
+      return [found, ret] if found || !block_given?
+
+      begin
+        Lorj.debug(4, "yield extract '%s' from '%s'", key, object.class)
+        return [true, yield(data, key)]
+      rescue
+        PrcLib.error("yield extract '%s' from '%s' error  \n%s",
+                     key, object.class, e)
+      end
+      [false, nil]
+    end
+
+    def _get_from_func(data, key, func = nil)
+      func = key if func.nil?
+      v = nil
+      if data.class.method_defined?(func)
+        begin
+          found = true
+          if key == func
+            Lorj.debug(5, "extract try with '%s.%s'", data.class, func)
+            v = data.send(func)
+          else
+            Lorj.debug(5, "extract try with '%s.%s(%s)'",
+                       data.class, func, key)
+            v = data.send(func, key)
+          end
+        rescue => e
+          Lorj.debug(5, "'%s': error reported by '%s.%s(%s)'\n%s",
+                     __method__, data.class, func, key, e)
+          found = false
+        end
+      end
+      [found, v]
+    end
+    # Function to check if a value match a regexp
+    #
+    # * *returns*:
+    #   - true if the match is not a regexp, or if regexp match
+    # OR
+    #   - false otherwise
+    #
+    def lorj_filter_regexp(value, match_value)
+      return false unless match_value.is_a?(Regexp)
+
+      return true if match_value.match(value)
+      false
+    end
+
+    # Function to check if a value match a filter value.
+    #
+    # * *returns*:
+    #   - true if match
+    # OR
+    #   - false otherwise
+    #
+    def lorj_filter_default(value, match_value)
+      (value == match_value)
+    end
   end
 end

data/lib/core/lorj_baseprocess.rb

@@ -111,6 +111,16 @@ module Lorj
   class BaseProcess
     private
 
+    def account_export(map = nil, with_name = true, account_only = false) #:doc:
+      fail Lorj::PrcError.new, 'No Base object loaded.' unless @base_object
+      @base_object.account_export(map, with_name, account_only)
+    end
+
+    def account_import(key, enc_hash, name = nil, controller = nil) #:doc:
+      fail Lorj::PrcError.new, 'No Base object loaded.' unless @base_object
+      @base_object.account_export(key, enc_hash, name, controller)
+    end
+
     def query_cache_cleanup(sObjectType) #:doc:
       fail Lorj::PrcError.new, 'No Base object loaded.' unless @base_object
       @base_object.query_cleanup(sObjectType)
@@ -340,6 +350,8 @@ module Lorj
       end
     end
 
+    # rubocop: disable Metrics/CyclomaticComplexity
+    # rubocop: disable Metrics/PerceivedComplexity
     def _qs_check_query_valid?(elem, key, value)
       if value.is_a?(Array)
         path = value.clone
@@ -348,11 +360,15 @@ module Lorj
         where = elem[key].rh_get(path)
         return true if where.is_a?(Array) && where.flatten.include?(v)
         return true if where == v
+      elsif value.is_a?(Regexp)
+        return true if value.match(elem[key])
       else
         return true if elem[key] == value
       end
       false
     end
+    # rubocop : enable Metrics/CyclomaticComplexity
+    # rubocop : enable Metrics/PerceivedComplexity
 
     def _qs_info_init(sInfoMsg)
       info = {