pcp-client 0.2.0 → 0.5.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 404c05c867f92b146e2f9d046fe2d8741bf38402
-  data.tar.gz: 6dcb82793a413080b7230d34228d6aab9ae70845
+SHA256:
+  metadata.gz: 39843870440d8a0b5c982dd74c45e26964e20b8ed36f67da279237bf5cf65888
+  data.tar.gz: 8cedec2b6ea1a00825e85506508d5bdfcf9a2587fa9b8ce183fda54bd328eee7
 SHA512:
-  metadata.gz: d06217562d449a04f11c904d2cb0179a6bdbabe1458a48bc494f20fc38e7f29246bcfdb4d2173b99f1a1592d4a586d16b50cd638db7334523060f405110e646d
-  data.tar.gz: 7b4d892e27a3271e312b326a660d64a406127963b1f52356158ff17ca0f3e821f17dd22ef74351f4576354c86c8b059745b5150419d450c7b1175da004edd2b9
+  metadata.gz: 2b3848de010761d878558d11a0ff055fe986c603d42cf757062dca1c2bdc9fbe573098d424d15cd5087216944bf097d196aba3fa51eafed180df35a63f53e335
+  data.tar.gz: d24367a53c159cc98ea731a735a78bd1c380679888963c0a6b65ef8106bf5d012823c5ee106ae53889cce5a7b092f227bc2e9f8bc0144b0d637c77d5e4c8a827

data/bin/pcp-ping

@@ -0,0 +1,112 @@
+#!/usr/bin/env ruby
+require 'pcp/client'
+require 'optparse'
+
+ssl_key = '../pcp-broker/test-resources/ssl/private_keys/client01.example.com.pem'
+ssl_cert = '../pcp-broker/test-resources/ssl/certs/client01.example.com.pem'
+ssl_ca_cert = '../pcp-broker/test-resources/ssl/ca/ca_crt.pem'
+debug = false
+server = 'wss://localhost:8142/pcp'
+
+OptionParser.new do |opts|
+  opts.on("-d",  "--debug", "Run noisily") { |v| debug = v }
+  opts.on("--ssl_key FILE", "Use this ssl key") { |v| ssl_key = v }
+  opts.on("--ssl_cert FILE", "Use this ssl cert") { |v| ssl_cert = v }
+  opts.on("--ssl_ca_cert FILE", "Use this ssl ca cert") { |v| ssl_ca_cert = v }
+  opts.on("--server URL", "Server to connect to") { |v| server = v }
+end.parse!
+
+start_time = Time.now.to_f
+
+Thread.new { EM.run }
+Thread.pass until EM.reactor_running?
+
+client = PCP::Client.new({:ssl_key => ssl_key,
+                          :ssl_cert => ssl_cert,
+                          :ssl_ca_cert => ssl_ca_cert,
+                          :loglevel => debug ? Logger::DEBUG : Logger::WARN,
+                          :server => server,
+                         })
+
+# Record the expected set of destinations from the destination_report,
+# then all the responses from the rpc_blocking_response
+mutex = Mutex.new
+have_responses = ConditionVariable.new
+responses = {}
+expected = nil
+ping_time = nil
+
+client.on_message = proc do |message|
+  mutex.synchronize do
+    case message[:message_type]
+    when 'http://puppetlabs.com/destination_report'
+      expected = JSON.load(message.data)['targets']
+    when 'http://puppetlabs.com/rpc_blocking_response'
+      sender = message[:sender]
+      time = Time.now.to_f - ping_time
+      responses[sender] = time
+      puts '%-55s %0.2f seconds' % [sender, time]
+    else
+      p [:unexpected_message, message]
+    end
+
+    have_responses.signal
+  end
+end
+
+client.connect
+
+if !client.associated?
+  puts "Didn't connect to broker."
+  exit 1
+end
+
+connect_time = Time.now.to_f - start_time
+puts "Connected to broker in %0.2f seconds." % [connect_time]
+puts
+
+ping = ::PCP::Message.new(:message_type => 'http://puppetlabs.com/rpc_blocking_request',
+                          :targets => ['pcp://*/agent'],
+                          :destination_report => true)
+
+ping.data = {:transaction_id => ping[:id],
+             :module => 'echo',
+             :action => 'echo',
+             :params => {:argument => 'echo'}}.to_json
+
+ping.expires(3)
+
+ping_time = Time.now.to_f
+client.send(ping)
+
+begin
+  Timeout::timeout(3) do
+    done = false
+    loop do
+      mutex.synchronize do
+        have_responses.wait(mutex)
+        if expected && expected.all? { |from| responses.include?(from) }
+          # Have all responses we expect, bail
+          run_time = Time.now.to_f - start_time
+          puts
+          puts "Received all responses in %0.2f seconds." % [run_time]
+          done = true
+        end
+      end
+      break if done
+    end
+  end
+rescue Timeout::Error
+  puts
+  if expected
+    puts "Received %d/%d responses.  Following nodes were missing" % [responses.keys.size, expected.size]
+    puts
+    expected.select { |from| !responses.include?(from) }.each do |missing|
+      puts "    #{missing}"
+    end
+  else
+    puts "Didn't get destination report, not sure how many responses to expect.  We got %d." % [responses.keys.size]
+  end
+end
+
+EM.stop

data/lib/pcp-client/version.rb

@@ -0,0 +1,4 @@
+class PCPClient
+  VERSION = '0.5.2'.freeze
+end
+

data/lib/pcp/client.rb

@@ -1,7 +1,54 @@
-require 'eventmachine-le'
+require 'eventmachine'
 require 'faye/websocket'
 require 'pcp/message'
 require 'logger'
+require 'openssl'
+
+# So EventMachine when you specify :verify_peer => true in the TLS
+# options decides what that means is it should just fire off a
+# #ssl_verify_peer(cert) on the Connection object; which is expected
+# to be user-supplied.  In this case the user is
+# Faye::Websocket::Client::Connection, so we monkey-patch it to have a
+# #ssl_verify_peer method.
+
+module Faye
+  class WebSocket
+    class Client
+      module Connection
+        def ssl_verify_peer(cert)
+          # The :@socket_tls instance variable of
+          # Faye::Websocket::Client is passed to tls_start, so we can
+          # get parameters from there.
+          start_tls_options = parent.instance_variable_get(:@socket_tls)
+          logger = start_tls_options[:xxx_logger]
+          logger.debug { [:ssl_verify_peer] }
+
+          peer_cert = OpenSSL::X509::Certificate.new cert
+
+          hostname = start_tls_options[:xxx_hostname]
+          if !OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
+            logger.error { [:ssl_verify_peer, :fail,
+                           "Certificate presented does not match '#{hostname}'"] }
+            return false
+          end
+
+          ssl_ca_cert = start_tls_options[:xxx_ssl_ca_cert]
+          cert_store = OpenSSL::X509::Store.new
+          cert_store.add_file ssl_ca_cert
+
+          if !cert_store.verify(peer_cert)
+            logger.error { [:ssl_verify_peer, :ca_verify_failed,
+                            "Peer certificate not verified by ca"] }
+            return false
+          end
+
+          logger.debug { [:ssl_verify_peer, :success] }
+          return true
+        end
+      end
+    end
+  end
+end
 
 module PCP
   # Manages a client connection to a pcp broker
@@ -27,12 +74,14 @@ module PCP
       @server = params[:server] || 'wss://localhost:8142/pcp'
       @ssl_key = params[:ssl_key]
       @ssl_cert = params[:ssl_cert]
+      @ssl_ca_cert = params[:ssl_ca_cert]
       @logger = params[:logger] || Logger.new(STDOUT)
       @logger.level = params[:loglevel] || Logger::WARN
       @connection = nil
       type = params[:type] || "ruby-pcp-client-#{$$}"
       @identity = make_identity(@ssl_cert, type)
       @on_message = params[:on_message]
+      @max_message_size = params[:max_message_size] || 64*1024*1024
       @associated = false
     end
 
@@ -42,17 +91,6 @@ module PCP
     # @param seconds [Numeric]
     # @return [true,false,nil]
     def connect(seconds = 0)
-      unless EM.reactor_running?
-        raise "An Eventmachine reactor needs to be running"
-      end
-
-      if EM.reactor_thread?
-        # Because we use a condition variable to signal this thread
-        # from the reactor thread to provide an imperative interface,
-        # they cannot be the same thread
-        raise "Cannot be run on the same thread as the reactor"
-      end
-
       if @connection
         # We close over so much, we really just need to say no for now
         raise "Can only connect once per client"
@@ -61,53 +99,86 @@ module PCP
       mutex = Mutex.new
       associated_cv = ConditionVariable.new
 
-      @logger.debug { [:connect, @server] }
-      @connection = Faye::WebSocket::Client.new(@server, nil, {:tls => {:private_key_file => @ssl_key,
-                                                                        :cert_chain_file => @ssl_cert,
-                                                                        :ssl_version => :TLSv1}})
-
-      @connection.on :open do |event|
-        begin
-          @logger.info { [:open] }
-          send(associate_request)
-        rescue Exception => e
-          @logger.error { [:open_exception, e] }
+      @logger.debug { [:connect, :scheduling] }
+      EM.next_tick do
+        @logger.debug { [:connect, @server] }
+
+        start_tls_options = {
+          :ssl_version => ["TLSv1", "TLSv1_1", "TLSv1_2"],
+          :private_key_file => @ssl_key,
+          :cert_chain_file => @ssl_cert,
+          :verify_peer => true,
+          :fail_if_no_peer_cert => true,
+          # side-channeled properties we want around during ssl
+          # verification are prefixed with xxx_.
+          :xxx_logger => @logger,
+          :xxx_ssl_ca_cert => @ssl_ca_cert,
+          :xxx_hostname => URI.parse(@server).host,
+        }
+
+        @connection = Faye::WebSocket::Client.new(@server, nil, {:tls => start_tls_options,
+                                                                 :ping => 30,
+                                                                 :max_length => @max_message_size})
+
+        @connection.on :open do |event|
+          begin
+            @logger.info { [:open] }
+            send(associate_request)
+          rescue Exception => e
+            @logger.error { [:open_exception, e] }
+          end
         end
-      end
 
-      @connection.on :message do |event|
-        begin
-          message = ::PCP::Message.new(event.data)
-          @logger.debug { [:message, :decoded, message] }
+        @connection.on :message do |event|
+          begin
+            message = ::PCP::Message.new(event.data)
+            @logger.debug { [:message, :decoded, message] }
+
+            if message[:message_type] == 'http://puppetlabs.com/associate_response'
+              mutex.synchronize do
+                @associated = JSON.load(message.data)["success"]
+                associated_cv.signal
+              end
+            elsif @on_message
+              @on_message.call(message)
+            end
+          rescue Exception => e
+            @logger.error { [:message_exception, e] }
+          end
+        end
 
-          if message[:message_type] == 'http://puppetlabs.com/associate_response'
+        @connection.on :close do |event|
+          begin
+            @logger.info { [:close, event.code, event.reason] }
             mutex.synchronize do
-              @associated = JSON.load(message.data)["success"]
+              @associated = false
               associated_cv.signal
             end
-          elsif @on_message
-            @on_message.call(message)
+          rescue Exception => e
+            @logger.error { [:close_exception, e] }
           end
-        rescue Exception => e
-          @logger.error { [:message_exception, e] }
         end
-      end
 
-      @connection.on :close do |event|
-        begin
-          @logger.info { [:close, event.code, event.reason] }
-          mutex.synchronize do
-            @associated = false
-            associated_cv.signal
-          end
-        rescue Exception => e
-          @logger.error { [:close_exception, e] }
+        @connection.on :error do |event|
+          @logger.error { [:error, event] }
+          @associated = false
         end
       end
 
-      @connection.on :error do |event|
-        @logger.error { [:error, event] }
-        @associated = false
+      if !EM.reactor_running?
+        @logger.debug { [:no_eventmachine_reactor,
+                         "Eventmachine reactor is not running" ] }
+        return nil
+      end
+
+      if EM.reactor_thread?
+        # Because we use a condition variable to signal this thread
+        # from the reactor thread to provide an imperative interface,
+        # they cannot be the same thread.  We might associate later,
+        # we just can't wait on ourselves from here.
+        @logger.debug { [:connection_cannot_wait,
+                        "Cannot wait on a connection if we are in the same thread as the reactor" ] }
+        return nil
       end
 
       begin
@@ -136,9 +207,24 @@ module PCP
     # @param message [PCP::Message]
     # @return unused
     def send(message)
-      @logger.debug { [:send, message] }
-      message[:sender] = identity
-      @connection.send(message.encode)
+      EM.next_tick do
+        @logger.debug { [:send, message] }
+        if message[:expires].nil?
+          message.expires(3)
+        end
+        message[:sender] = identity
+        @connection.send(message.encode)
+      end
+    end
+
+    # Disconnect the client
+    # @api public
+    # @return unused
+    def close
+      EM.next_tick do
+        @logger.debug { [:close] }
+        @connection.close
+      end
     end
 
     private

data/lib/pcp/message.rb

@@ -111,11 +111,19 @@ module PCP
         chunks << frame_chunk(i + 2, @chunks[i])
       end
 
-      RSchema.validate!(PCP::Protocol::Envelope, envelope)
+      validate
 
       [1, frame_chunk(1, envelope.to_json), chunks].flatten
     end
 
+    # Validate the data in message against schema
+    #
+    # @api public
+    # @return ignore
+    def validate
+      RSchema.validate!(PCP::Protocol::Envelope, envelope)
+    end
+
     private
 
     # Decodes an array of bytes into the message
@@ -144,7 +152,7 @@ module PCP
           parsed.each do |k,v|
             @envelope[k.to_sym] = v
           end
-          RSchema.validate!(PCP::Protocol::Envelope, @envelope)
+          validate
         else
           @chunks[type - 2] = body
         end

metadata

@@ -1,43 +1,43 @@
 --- !ruby/object:Gem::Specification
 name: pcp-client
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.5.2
 platform: ruby
 authors:
 - Puppet Labs
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-02-18 00:00:00.000000000 Z
+date: 2020-08-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: eventmachine-le
+  name: eventmachine
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.2'
 - !ruby/object:Gem::Dependency
   name: faye-websocket
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: 0.10.9
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: 0.10.9
 - !ruby/object:Gem::Dependency
   name: rschema
   requirement: !ruby/object:Gem::Requirement
@@ -54,10 +54,13 @@ dependencies:
         version: '1.3'
 description: See https://github.com/puppetlabs/pcp-specifications
 email: puppet@puppetlabs.com
-executables: []
+executables:
+- pcp-ping
 extensions: []
 extra_rdoc_files: []
 files:
+- bin/pcp-ping
+- lib/pcp-client/version.rb
 - lib/pcp.rb
 - lib/pcp/client.rb
 - lib/pcp/message.rb
@@ -82,10 +85,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.2.5
+rubygems_version: 3.0.8
 signing_key: 
 specification_version: 4
 summary: Client library for PCP
 test_files: []
-has_rdoc: