prof 0.29.3

data/lib/prof/product.rb

@@ -0,0 +1,59 @@
+# Copyright (c) 2014-2015 Pivotal Software, Inc.
+# All rights reserved.
+# THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+# PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+# USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+
+require 'yaml'
+require 'zip'
+
+module Prof
+  class Product
+    class InvalidProductPathError < StandardError; end
+
+    attr_reader :path
+
+    def initialize(path:)
+      raise InvalidProductPathError, "Invalid path given: '#{path}'" unless path && File.exist?(path)
+      @path = File.expand_path(path)
+    end
+
+    def name
+      metadata.fetch('name')
+    end
+
+    def version
+      metadata.fetch('product_version')
+    end
+
+    def to_s
+      "#{name} v#{version}"
+    end
+
+    def file
+      File.open(path)
+    end
+
+    def ==(other)
+      self.class == other.class &&
+      self.path == other.path
+    end
+    alias_method :eql?, :==
+
+    private
+
+    def metadata
+      @metadata ||= begin
+        yaml = Zip::File.open(path) do |zip_file|
+          entry = zip_file.glob('metadata/*').first
+          entry.get_input_stream.read
+        end
+        YAML.load(yaml)
+      end
+    end
+  end
+end

data/lib/prof/pushed_test_app.rb

@@ -0,0 +1,40 @@
+# Copyright (c) 2014-2015 Pivotal Software, Inc.
+# All rights reserved.
+# THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+# PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+# USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+
+require 'faraday'
+require 'faraday_middleware'
+
+module Prof
+  class PushedTestApp
+    def initialize(opts = {})
+      @name = opts.fetch(:name)
+      @url  = opts.fetch(:url)
+    end
+
+    attr_reader :name, :url
+
+    def write(key, value)
+      app_connection.put("/testdata/key/#{key}/value/#{value}")
+    end
+
+    def read(key)
+      app_connection.get("/testdata/key/#{key}").body
+    end
+
+    private
+
+    def app_connection
+      Faraday.new(url: url, ssl: { verify: false }) do |faraday|
+        faraday.response :json, content_type: /\bjson$/
+        faraday.adapter Faraday.default_adapter
+      end
+    end
+  end
+end

data/lib/prof/service_instance.rb

@@ -0,0 +1,21 @@
+# Copyright (c) 2014-2015 Pivotal Software, Inc.
+# All rights reserved.
+# THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+# PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+# USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+
+require 'securerandom'
+
+module Prof
+  class ServiceInstance
+    def initialize(name = "cf-service-#{SecureRandom.hex(4)}")
+      @name = name
+    end
+
+    attr_reader :name
+  end
+end

data/lib/prof/ssh_gateway.rb

@@ -0,0 +1,104 @@
+# Copyright (c) 2014-2015 Pivotal Software, Inc.
+# All rights reserved.
+# THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+# PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+# USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+
+require 'net/ssh'
+require 'net/ssh/gateway'
+require 'net/scp'
+require 'uri'
+
+module Prof
+  class SshGateway
+    def initialize(gateway_host:, gateway_username:, gateway_password: nil, ssh_key: nil)
+      @gateway_host     = gateway_host
+      @gateway_username = gateway_username
+      @gateway_password = gateway_password
+      @ssh_key          = ssh_key
+      @forwards         = {}
+    end
+
+    def execute_on(host, cmd, options = {})
+      user           = options.fetch(:user, 'vcap')
+      password       = options.fetch(:password, 'c1oudc0w')
+      run_as_root    = options.fetch(:root, false)
+      discard_stderr = options.fetch(:discard_stderr, false)
+
+      cmd = "echo -e \"#{password}\\n\" | sudo -S #{cmd}" if run_as_root
+      cmd << ' 2>/dev/null' if discard_stderr
+
+      ssh_gateway_options = {
+        password: password,
+        paranoid: false
+      }
+
+      ssh_gateway_options[:key_data] = [@ssh_key] unless @ssh_key.nil?
+
+      ssh_gateway.ssh(
+        host,
+        user,
+        ssh_gateway_options,
+      ) do |ssh|
+        ssh.exec!(cmd)
+      end
+    end
+
+    def scp_to(host, local_path, remote_path, options = {})
+      with_port_forwarded_to(host, 22) do |local_port|
+        options[:port] = local_port
+        options[:user] ||= 'vcap'
+        options[:password] ||= 'c1oudc0w'
+        Net::SCP.start('127.0.0.1', options.fetch(:user), options) do |scp|
+          scp.upload! local_path, remote_path
+        end
+      end
+    end
+
+    def scp_from(host, remote_path, local_path, options = {})
+      with_port_forwarded_to(host, 22) do |local_port|
+        options[:port] = local_port
+        options[:user] ||= 'vcap'
+        options[:password] ||= 'c1oudc0w'
+        Net::SCP.start('127.0.0.1', options.fetch(:user), options) do |scp|
+          scp.download! remote_path, local_path
+        end
+      end
+    end
+
+    def with_port_forwarded_to(remote_host, remote_port, &block)
+      ssh_gateway.open(remote_host, remote_port, &block)
+    end
+
+    private
+
+    attr_reader :gateway_username, :gateway_password, :forwards
+
+    def ssh_agent
+      @ssh_agent ||= Net::SSH::Authentication::Agent.connect
+    end
+
+    def gateway_host
+      URI(@gateway_host).host || @gateway_host
+    end
+
+    def ssh_gateway
+      @ssh_gateway ||= Net::SSH::Gateway.new(
+        gateway_host,
+        gateway_username,
+        password: gateway_password,
+        paranoid: false
+      )
+    rescue Net::SSH::AuthenticationFailed
+      message = [
+        "Failed to connect to #{gateway_host}, with #{gateway_username}:#{gateway_password}.",
+        "The ssh-agent has #{ssh_agent.identities.size} identities. Please either add a key, or correct password"
+      ].join(' ')
+      raise Net::SSH::AuthenticationFailed, message
+    end
+  end
+end

data/lib/prof/ssl/check.rb

@@ -0,0 +1,79 @@
+# Copyright (c) 2014-2015 Pivotal Software, Inc.
+# All rights reserved.
+# THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+# PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+# USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+
+require 'prof/ssl/result'
+require 'prof/ssl/results'
+
+require 'uri'
+require 'net/http'
+require 'openssl'
+require 'ostruct'
+
+module Prof
+  module SSL
+    class Check
+      def initialize(url, proxy=nil)
+        @url = URI.parse(url)
+        @proxy = proxy || OpenStruct.new(:http_host => nil, :http_address => nil)
+      end
+
+      def results
+        Results.new(protocols.map { |protocol| check_protocol(protocol) })
+      end
+
+      def protocols
+        @protocols ||= OpenSSL::SSL::SSLContext::METHODS.reject { |m|
+          /_(client|server)$/ =~ m.to_s
+        }.reject { |m|
+          m == :SSLv23
+        }
+      end
+
+      private
+
+      attr_reader :url, :proxy
+
+      def port
+        url.port
+      end
+
+      def host
+        url.host
+      end
+
+      def check_protocol(protocol)
+        cipher_names(protocol).map { |cipher_name| check_cipher(protocol, cipher_name) }
+      end
+
+      def cipher_names(protocol)
+        OpenSSL::SSL::SSLContext.new(protocol).ciphers.map(&:first)
+      end
+
+      def check_cipher(protocol, cipher_name)
+        request = http_request
+        request.ssl_version = protocol
+        request.ciphers = cipher_name
+        begin
+          request.get('/')
+          Result.new(protocol, cipher_name, true)
+        rescue OpenSSL::SSL::SSLError, Errno::ECONNRESET
+          Result.new(protocol, cipher_name, false)
+        end
+      end
+
+      def http_request
+        request = Net::HTTP.new(host, port, proxy.http_host, proxy.http_port)
+        request.use_ssl = true
+        request.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        request
+      end
+    end
+  end
+end

data/lib/prof/ssl/cipher_set.rb

@@ -0,0 +1,56 @@
+# Copyright (c) 2014-2015 Pivotal Software, Inc.
+# All rights reserved.
+# THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+# PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+# USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+
+module Prof
+  module SSL
+    class CipherSet
+      def initialize(supported_ciphers: [], supported_protocols: [])
+        @supported_ciphers   = supported_ciphers
+        @supported_protocols = supported_protocols
+      end
+
+      attr_reader :supported_ciphers, :supported_protocols
+
+      # This list is based on the Mozilla Modern cipher list https://wiki.mozilla.org/Security/Server_Side_TLS 2015-02-05
+      # we have removed some of the supported ciphers due to the version of openssl used on the stemcel:
+      ##'ECDHE-ECDSA-AES128-GCM-SHA256'
+      #'ECDHE-ECDSA-AES256-GCM-SHA384'
+      #'DHE-DSS-AES128-GCM-SHA256'
+      #'kEDH+AESGCM'
+      #'ECDHE-ECDSA-AES128-SHA256'
+      #'ECDHE-ECDSA-AES128-SHA'
+      #'ECDHE-ECDSA-AES256-SHA384'
+      #'ECDHE-ECDSA-AES256-SHA'
+      #'DHE-DSS-AES128-SHA256'
+      #'DHE-DSS-AES256-SHA'
+      #
+      # It appears the nginx will enable DHE-RSA-AES256-GCM-SHA384 when ECDHE-RSA-AES256-GCM-SHA384 is specified
+      # We believe DHE-RSA-AES256-GCM-SHA384 to be strong, but it is not part of the official mozilla modern lists.
+      # This has been added to the list of our supported ciphers
+      PIVOTAL_MODERN = new(
+        supported_ciphers: [
+          'ECDHE-RSA-AES128-GCM-SHA256',
+          'ECDHE-RSA-AES256-GCM-SHA384',
+          'DHE-RSA-AES128-GCM-SHA256',
+          'ECDHE-RSA-AES128-SHA256',
+          'ECDHE-RSA-AES128-SHA',
+          'ECDHE-RSA-AES256-SHA384',
+          'ECDHE-RSA-AES256-SHA',
+          'DHE-RSA-AES128-SHA256',
+          'DHE-RSA-AES128-SHA',
+          'DHE-RSA-AES256-SHA256',
+          'DHE-RSA-AES256-SHA',
+          'DHE-RSA-AES256-GCM-SHA384'
+        ],
+        supported_protocols: [:TLSv1_2, :TLSv1_1]
+      )
+    end
+  end
+end

data/lib/prof/ssl/result.rb

@@ -0,0 +1,27 @@
+# Copyright (c) 2014-2015 Pivotal Software, Inc.
+# All rights reserved.
+# THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+# PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+# USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+
+module Prof
+  module SSL
+    class Result
+      def initialize(protocol, cipher, supported)
+        @protocol  = protocol
+        @cipher    = String(cipher)
+        @supported = supported
+      end
+
+      attr_reader :protocol, :cipher
+
+      def supported?
+        @supported
+      end
+    end
+  end
+end

data/lib/prof/ssl/results.rb

@@ -0,0 +1,74 @@
+# Copyright (c) 2014-2015 Pivotal Software, Inc.
+# All rights reserved.
+# THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+# PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+# USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+
+module Prof
+  module SSL
+    class Results
+      def initialize(results)
+        @results = Array(results).flatten
+      end
+
+      def supports_protocol?(protocol)
+        results_for_protocol(protocol).any?(&:supported?)
+      end
+
+      def supports_cipher_set?(cipher_set)
+        expected_ciphers  = cipher_set.supported_ciphers
+        expected_protocols = cipher_set.supported_protocols
+
+        # 1. Every cipher in the set must exist in the results
+        valid = expected_ciphers.all? { |expected_cipher| supported_ciphers.include? expected_cipher }
+
+        # 2. No Ciphers exists in the results but not the cipher set
+        valid &= supported_ciphers.all? { |supported_cipher| expected_ciphers.include? supported_cipher }
+
+        # 3. No protocols in the cipher set that are not supported
+        valid &= expected_protocols.all? { |expected_protocol| supported_protocols.include? expected_protocol }
+
+        # 4. No protocols supported that are not in the cipher set
+        valid &= supported_protocols.all? { |supported_protocol| expected_protocols.include? supported_protocol }
+      end
+
+      def protocols
+        results.map(&:protocol).uniq
+      end
+
+      def supported_ciphers
+        @supported_ciphers ||= supported_results.map(&:cipher).uniq
+      end
+
+      def supported_protocols
+        @supported_protocols ||= supported_results.map(&:protocol).uniq
+      end
+
+      def unsupported_protocols
+        protocols - supported_protocols
+      end
+
+      private
+
+      attr_reader :results
+
+      def supported_results
+        results.select(&:supported?)
+      end
+
+      def unsupported_results
+        results - supported_results
+      end
+
+      def results_for_protocol(protocol)
+        results.select do |result|
+          result.protocol == protocol
+        end
+      end
+    end
+  end
+end

data/lib/prof/test_app.rb

@@ -0,0 +1,19 @@
+# Copyright (c) 2014-2015 Pivotal Software, Inc.
+# All rights reserved.
+# THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+# PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+# USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+
+module Prof
+  class TestApp
+    def initialize(opts = {})
+      @path = opts.fetch(:path)
+    end
+
+    attr_reader :path
+  end
+end

data/lib/prof/tile.rb

@@ -0,0 +1,25 @@
+# Copyright (c) 2014-2015 Pivotal Software, Inc.
+# All rights reserved.
+# THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+# PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+# USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+
+module Prof
+  class Tile
+    def initialize(name:, version: nil, guid: nil)
+      @name    = name
+      @version = version
+      @guid    = guid
+    end
+
+    def to_s
+      version ? "#{name} v#{version}" : name
+    end
+
+    attr_reader :name, :version, :guid
+  end
+end

data/lib/prof/uaa_client.rb

@@ -0,0 +1,66 @@
+# Copyright (c) 2014-2015 Pivotal Software, Inc.
+# All rights reserved.
+# THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+# PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+# USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+
+require 'uaa'
+
+module Prof
+  class UAAClient
+    def initialize(system_domain, cloud_controller_username, cloud_controller_password)
+      @system_domain             = system_domain
+      @cloud_controller_username = cloud_controller_username
+      @cloud_controller_password = cloud_controller_password
+    end
+
+    def register_user(user)
+      scim.add(:user, scim_info(user))
+    end
+
+    def unregister_user(user)
+      scim.delete(:user, scim.id(:user, user.username))
+    end
+
+    private
+
+    attr_reader :system_domain, :cloud_controller_username, :cloud_controller_password
+
+    def scim_info(user)
+      {
+        userName: user.username,
+        password: user.password,
+        emails: [{value: user.email}]
+      }
+    end
+
+    def scim
+      CF::UAA::Scim.new(
+        uaa_url,
+        auth_header,
+        skip_ssl_validation: true
+      )
+    end
+
+    def auth_header
+      token_issuer.client_credentials_grant.auth_header
+    end
+
+    def token_issuer
+      CF::UAA::TokenIssuer.new(
+        uaa_url,
+        cloud_controller_username,
+        cloud_controller_password,
+        skip_ssl_validation: true
+      )
+    end
+
+    def uaa_url
+      "https://uaa.#{system_domain}"
+    end
+  end
+end

data/lib/prof/version.rb

@@ -0,0 +1,13 @@
+# Copyright (c) 2014-2015 Pivotal Software, Inc.
+# All rights reserved.
+# THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+# PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+# USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+
+module Prof
+  VERSION = '0.29.3'
+end