paramsync 0.1.0

data/lib/paramsync/cli/check_command.rb

@@ -0,0 +1,28 @@
+# This software is public domain. No rights are reserved. See LICENSE for more information.
+
+class Paramsync
+  class CLI
+    class CheckCommand
+      class << self
+        def run(args)
+          Paramsync::CLI.configure
+
+          mode = if args.include?("--pull")
+                   :pull
+                 else
+                   :push
+                 end
+
+          Paramsync.config.sync_targets.each do |target|
+            diff = target.diff(mode)
+            diff.print_report
+            if not diff.any_changes?
+              puts "No changes to make for this sync target."
+            end
+            puts
+          end
+        end
+      end
+    end
+  end
+end

data/lib/paramsync/cli/config_command.rb

@@ -0,0 +1,45 @@
+# This software is public domain. No rights are reserved. See LICENSE for more information.
+
+class Paramsync
+  class CLI
+    class ConfigCommand
+      class << self
+        def run
+          Paramsync::CLI.configure
+
+          puts " Config file: #{Paramsync.config.config_file}"
+          puts "     Verbose: #{Paramsync.config.verbose?.to_s.bold}"
+          puts
+          puts "Sync target defaults:"
+          puts "  Chomp trailing newlines from local files: #{Paramsync.config.chomp?.to_s.bold}"
+          puts "  Delete remote keys with no local file: #{Paramsync.config.delete?.to_s.bold}"
+          puts
+          puts "Sync targets:"
+
+          Paramsync.config.sync_targets.each do |target|
+            if target.name
+              puts "* #{target.name.bold}"
+              print ' '
+            else
+              print '*'
+            end
+            puts "   Region: #{target.region}"
+            puts "    Local type: #{target.type == :dir ? 'Directory' : 'Single file'}"
+            puts "     #{target.type == :dir ? " Dir" : "File"} path: #{target.path}"
+            puts "        Prefix: #{target.prefix}"
+            puts "       Account: #{target.account}"
+            puts "     Autochomp? #{target.chomp?}"
+            puts "        Delete? #{target.delete?}"
+            if not target.exclude.empty?
+              puts "    Exclusions:"
+              target.exclude.each do |exclusion|
+                puts "      - #{exclusion}"
+              end
+            end
+            puts
+          end
+        end
+      end
+    end
+  end
+end

data/lib/paramsync/cli/encrypt_command.rb

@@ -0,0 +1,22 @@
+# This software is public domain. No rights are reserved. See LICENSE for more information.
+
+class Paramsync
+  class CLI
+    class EncryptCommand
+      class << self
+        def run(args)
+          Paramsync::CLI.configure
+          STDOUT.sync = true
+
+          ciphertext = Paramsync.config.kms_client.encrypt(
+              key_id: Paramsync.config.kms_key,
+              plaintext: args[1]
+            ).ciphertext_blob
+
+          hash = { args[0] => ciphertext }
+          puts YAML.dump(hash).gsub("---\n", '')
+        end
+      end
+    end
+  end
+end

data/lib/paramsync/cli/pull_command.rb

@@ -0,0 +1,141 @@
+# This software is public domain. No rights are reserved. See LICENSE for more information.
+
+class Paramsync
+  class CLI
+    class PullCommand
+      class << self
+        def run(args)
+          Paramsync::CLI.configure
+          STDOUT.sync = true
+
+          Paramsync.config.sync_targets.each do |target|
+            diff = target.diff(:pull)
+
+            diff.print_report
+
+            if not diff.any_changes?
+              puts
+              puts "Everything is in sync. No changes need to be made to this sync target."
+              next
+            end
+
+            puts
+            puts "Do you want to pull these changes?"
+            print "  Enter '" + "yes".bold + "' to continue: "
+            answer = args.include?('--yes') ? 'yes' : gets.chomp
+
+            if answer.downcase != "yes"
+              puts
+              puts "Pull cancelled. No changes will be made to this sync target."
+              next
+            end
+
+            puts
+            case target.type
+            when :dir then self.pull_dir(diff)
+            when :file then self.pull_file(diff)
+            end
+          end
+        end
+
+        def pull_dir(diff)
+          diff.items_to_change.each do |item|
+            case item.op
+            when :create
+              print "CREATE".bold.green + " " + item.display_filename
+              begin
+                FileUtils.mkdir_p(File.dirname(item.filename))
+                # attempt to write atomically-ish
+                tmpfile = item.filename + ".paramsync-tmp"
+                File.open(tmpfile, "w") do |f|
+                  f.write(writable_content(item.remote_content))
+                end
+                FileUtils.move(tmpfile, item.filename)
+                puts "   OK".bold
+              rescue => e
+                puts "   ERROR".bold.red
+                puts "  #{e}"
+              end
+
+            when :update
+              print "UPDATE".bold.blue + " " + item.display_filename
+              begin
+                # attempt to write atomically-ish
+                tmpfile = item.filename + ".paramsync-tmp"
+                File.open(tmpfile, "w") do |f|
+                  f.write(writable_content(item.remote_content))
+                end
+                FileUtils.move(tmpfile, item.filename)
+                puts "   OK".bold
+              rescue => e
+                puts "   ERROR".bold.red
+                puts "  #{e}"
+              end
+
+            when :delete
+              print "DELETE".bold.red + " " + item.display_filename
+              begin
+                File.unlink(item.filename)
+                puts "   OK".bold
+              rescue => e
+                puts "   ERROR".bold.red
+                puts "  #{e}"
+              end
+
+            else
+              if Paramsync.config.verbose?
+                STDERR.puts "paramsync: WARNING: unexpected operation '#{item.op}' for #{item.display_filename}"
+                next
+              end
+
+            end
+          end
+        end
+
+        def pull_file(diff)
+          # build and write the file
+          filename_list = diff.items_to_change.collect(&:filename).uniq
+          if filename_list.length != 1
+            raise Paramsync::InternalError.new("Multiple filenames found for a 'file' type sync target. Something has gone wrong.")
+          end
+          filename = filename_list.first
+          display_filename = filename.trim_path
+
+          if File.exist?(filename)
+            print "UPDATE".bold.blue + " " + display_filename
+          else
+            print "CREATE".bold.green + " " + display_filename
+          end
+
+          begin
+            FileUtils.mkdir_p(File.dirname(filename))
+            # attempt to write atomically-ish
+            tmpfile = filename + ".paramsync-tmp"
+            File.open(tmpfile, "w") do |f|
+              f.write(diff.final_items.transform_values { |v| writable_content(v) }.to_yaml)
+            end
+            FileUtils.move(tmpfile, filename)
+            puts "   OK".bold
+          rescue => e
+            puts "   ERROR".bold.red
+            puts "  #{e}"
+          end
+        end
+
+        private
+
+        def writable_content(remote_content)
+          to_write = remote_content[0]
+          if(remote_content[1])
+            to_write = Paramsync.config.kms_client.encrypt(
+              key_id: Paramsync.config.kms_key,
+              plaintext: to_write
+            ).ciphertext_blob
+          end
+          to_write
+        end
+
+      end
+    end
+  end
+end

data/lib/paramsync/cli/push_command.rb

@@ -0,0 +1,85 @@
+# This software is public domain. No rights are reserved. See LICENSE for more information.
+
+class Paramsync
+  class CLI
+    class PushCommand
+      class << self
+        def run(args)
+          Paramsync::CLI.configure
+          STDOUT.sync = true
+
+          Paramsync.config.sync_targets.each do |target|
+            diff = target.diff(:push)
+
+            diff.print_report
+
+            if not diff.any_changes?
+              puts
+              puts "Everything is in sync. No changes need to be made to this sync target."
+              next
+            end
+
+            puts
+            puts "Do you want to push these changes?"
+            print "  Enter '" + "yes".bold + "' to continue: "
+            answer = args.include?('--yes') ? 'yes' : gets.chomp
+
+            if answer.downcase != "yes"
+              puts
+              puts "Push cancelled. No changes will be made to this sync target."
+              next
+            end
+
+            puts
+            diff.items_to_change.each do |item|
+              case item.op
+              when :create
+                print "CREATE".bold.green + " " + item.ssm_key
+                begin
+                  target.ssm.put_parameter(
+                    name: item.ssm_key,
+                    value: item.local_content[0],
+                    type: item.local_content[1] ? 'SecureString' : 'String'
+                  )
+                  puts "   OK".bold
+                rescue
+                  puts "   ERROR".bold.red
+                end
+
+              when :update
+                print "UPDATE".bold.blue + " " + item.ssm_key
+                begin
+                  target.ssm.put_parameter(
+                    name: item.ssm_key,
+                    value: item.local_content[0],
+                    type: item.local_content[1] ? 'SecureString' : 'String',
+                    overwrite: true
+                  )
+                  puts "   OK".bold
+                rescue
+                  puts "   ERROR".bold.red
+                end
+
+              when :delete
+                print "DELETE".bold.red + " " + item.ssm_key
+                begin
+                  target.ssm.delete_parameter(name: item.ssm_key)
+                  puts "   OK".bold
+                rescue
+                  puts "   ERROR".bold.red
+                end
+
+              else
+                if Paramsync.config.verbose?
+                  STDERR.puts "paramsync: WARNING: unexpected operation '#{item.op}' for #{item.ssm_key}"
+                  next
+                end
+
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/paramsync/cli/targets_command.rb

@@ -0,0 +1,21 @@
+# This software is public domain. No rights are reserved. See LICENSE for more information.
+
+class Paramsync
+  class CLI
+    class TargetsCommand
+      class << self
+        def run
+          Paramsync::CLI.configure
+
+          Paramsync.config.sync_targets.each do |target|
+            if target.name
+              puts target.name
+            else
+              puts "[unnamed target] #{target.region}:#{target.prefix}"
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/paramsync/config.rb

@@ -0,0 +1,172 @@
+# This software is public domain. No rights are reserved. See LICENSE for more information.
+
+require 'ostruct'
+
+class Paramsync
+  class ConfigFileNotFound < RuntimeError; end
+  class ConfigFileInvalid < RuntimeError; end
+
+  class Config
+    CONFIG_FILENAMES = %w( paramsync.yml )
+    VALID_CONFIG_KEYS = %w( sync ssm paramsync )
+    VALID_SSM_CONFIG_KEYS = %w( accounts kms )
+    VALID_PARAMSYNC_CONFIG_KEYS = %w( verbose chomp delete color )
+
+    attr_accessor :config_file, :base_dir, :sync_targets, :target_allowlist, :ssm_accounts, :kms_client, :kms_key
+
+    class << self
+      # discover the nearest config file
+      def discover(dir: nil)
+        dir ||= Dir.pwd
+
+        CONFIG_FILENAMES.each do |filename|
+          full_path = File.join(dir, filename)
+          if File.exist?(full_path)
+            return full_path
+          end
+        end
+
+        dir == "/" ? nil : self.discover(dir: File.dirname(dir))
+      end
+    end
+
+    def initialize(path: nil, targets: nil)
+      if path.nil? or File.directory?(path)
+        self.config_file = Paramsync::Config.discover(dir: path)
+      elsif File.exist?(path)
+        self.config_file = path
+      else
+        raise Paramsync::ConfigFileNotFound.new
+      end
+
+      if self.config_file.nil? or not File.exist?(self.config_file) or not File.readable?(self.config_file)
+        raise Paramsync::ConfigFileNotFound.new
+      end
+
+      self.config_file = File.expand_path(self.config_file)
+      self.base_dir = File.dirname(self.config_file)
+      self.target_allowlist = targets
+      parse!
+    end
+
+    def verbose?
+      @is_verbose
+    end
+
+    def chomp?
+      @do_chomp
+    end
+
+    def delete?
+      @do_delete
+    end
+
+    def color?
+      @use_color
+    end
+
+    def parse!
+      raw = {}
+      begin
+        raw = YAML.load(ERB.new(File.read(self.config_file)).result)
+      rescue
+        raise Paramsync::ConfigFileInvalid.new("Unable to parse config file as YAML")
+      end
+
+      if raw.is_a? FalseClass
+        # this generally means an empty config file
+        raw = {}
+      end
+
+      if not raw.is_a? Hash
+        raise Paramsync::ConfigFileInvalid.new("Config file must form a hash")
+      end
+
+      raw['ssm'] ||= {}
+      if not raw['ssm'].is_a? Hash
+        raise Paramsync::ConfigFileInvalid.new("'ssm' must be a hash")
+      end
+
+      if (raw['ssm'].keys - VALID_SSM_CONFIG_KEYS) != []
+        raise Paramsync::ConfigFileInvalid.new("Only the following keys are valid in the ssm config: #{VALID_SSM_CONFIG_KEYS.join(", ")}")
+      end
+
+      self.ssm_accounts = raw['ssm']['accounts']
+
+      raw['paramsync'] ||= {}
+      if not raw['paramsync'].is_a? Hash
+        raise Paramsync::ConfigFileInvalid.new("'paramsync' must be a hash")
+      end
+
+      if (raw['paramsync'].keys - VALID_PARAMSYNC_CONFIG_KEYS) != []
+        raise Paramsync::ConfigFileInvalid.new("Only the following keys are valid in the 'paramsync' config block: #{VALID_PARAMSYNC_CONFIG_KEYS.join(", ")}")
+      end
+
+      # verbose: default false
+      @is_verbose = raw['paramsync']['verbose'] ? true : false
+      if ENV['PARAMSYNC_VERBOSE']
+        @is_verbose = true
+      end
+
+      # chomp: default true
+      if raw['paramsync'].has_key?('chomp')
+        @do_chomp = raw['paramsync']['chomp'] ? true : false
+      else
+        @do_chomp = true
+      end
+
+      # delete: default false
+      @do_delete = raw['paramsync']['delete'] ? true : false
+
+      raw['sync'] ||= []
+      if not raw['sync'].is_a? Array
+        raise Paramsync::ConfigFileInvalid.new("'sync' must be an array")
+      end
+
+      # color: default true
+      if raw['paramsync'].has_key?('color')
+        @use_color = raw['paramsync']['color'] ? true : false
+      else
+        @use_color = true
+      end
+
+      if raw['ssm'].has_key?('kms')
+        self.kms_client = Aws::KMS::Client.new(
+          region: raw['ssm']['kms']['region'],
+          credentials: Aws::AssumeRoleCredentials.new(
+            client: Aws::STS::Client.new(region: raw['ssm']['kms']['region']),
+            role_arn: raw['ssm']['kms']['role'],
+            role_session_name: "paramsync"
+          ),
+        )
+        self.kms_key = raw['ssm']['kms']['arn']
+      end
+
+      self.sync_targets = []
+      raw['sync'].each do |target|
+        if target.is_a? Hash
+          if target['chomp'].nil?
+            target['chomp'] = self.chomp?
+          end
+          if target['delete'].nil?
+            target['delete'] = self.delete?
+          end
+          account = self.ssm_accounts[target['account']]
+          if account.nil?
+            raise Paramsync::ConfigFileInvalid.new("Account '#{target['account']}' is not defined")
+          end
+        end
+
+        if not self.target_allowlist.nil?
+          # unnamed targets cannot be allowlisted
+          next if target['name'].nil?
+
+          # named targets must be on the allowlist
+          next if not self.target_allowlist.include?(target['name'])
+        end
+
+        self.sync_targets << Paramsync::SyncTarget.new(config: target, account: account['role'], base_dir: self.base_dir)
+      end
+    end
+  end
+end