razorrisk-cassini-utilities-cassis 0.7.6

data/bin/razorrisk-cassini-configure

@@ -0,0 +1,743 @@
+#!/usr/bin/env ruby
+# encoding: UTF-8
+
+# ######################################################################## #
+#
+#  The Cassini Installation driver Script
+#
+#  Copyright (c) 2018, Razor Risk Technologies Pty Ltd All rights reserved.
+#
+# ######################################################################## #
+
+
+# ##########################################################
+# requires
+
+require 'razor_risk/cassini/utilities/cassis/configuration_generator'
+require 'razor_risk/cassini/utilities/cassis/program_utils'
+require 'razor_risk/cassini/utilities/cassis/version'
+require 'razor_risk/cassini/utilities/configuration'
+require 'razor_risk/cassini/utilities/extensions/hash'
+
+require 'highline/import'
+require 'nokogiri'
+require 'recls'
+
+require 'pathname'
+require 'securerandom'
+require 'yaml'
+
+
+# ##########################################################################
+# constants
+
+PROGRAM_VERSION       = ::RazorRisk::Cassini::Utilities::CassIS::VERSION
+DIAGNOSTIC_SEVERITIES = %w{ trace debug informational notice warning failure }
+
+module Constants
+    CassiniSpecYml = 'cassini.spec.yml'
+    ConfigDir      = 'config'
+    CassidYamlFile = 'cassid.yml'
+    SecretsFile    = 'secrets.yml'
+end
+
+
+# ##########################################################
+# includes
+
+include ::RazorRisk::Cassini::Utilities
+include ::RazorRisk::Cassini::Utilities::CassIS::ProgramUtils
+
+
+# ##########################################################
+# classes
+
+Microservice    =   CassIS::ConfigurationGenerator::Microservice
+Route           =   CassIS::ConfigurationGenerator::Microservice::Route
+
+class RESTfulMicroservice < Microservice
+
+    def initialize name, external_route, service_path, routes, **options
+
+        super name, external_route, service_path, routes, options.merge({ restful: true })
+    end
+end # class RESTfulMicroservice
+
+
+# ##########################################################################
+# traps
+
+trap 'SIGINT' do
+    if $writing_init_config
+        $stderr.puts "\n#{basename}: processing cancelled without writing initial configuration file ..."
+    elsif $writing_secrets
+        $stderr.puts "\n#{basename}: processing cancelled without generating secrets ..."
+    elsif $configuring
+        $stderr.puts "\n#{basename}: processing cancelled without writing changes ..."
+    end
+    exit!
+end
+
+
+# ##########################################################
+# functions
+
+def parse_cassini_spec cassini_spec
+
+    microservices_stock   = []
+    microservices_restful = []
+
+    cassini_spec['zips'].each do |microservice, zip|
+
+        if zip['is_cassini_microservice'] and zip['routes']
+            routes = zip['routes'].map do |h|
+                Route.new(
+                    h['route'],
+                    h['secure'] ? true : false,
+                    h['verb'].to_sym
+                ) if h['include']
+            end.compact
+
+            if zip['is_restful']
+                microservices_restful << RESTfulMicroservice.new(
+                    zip['name'],
+                    zip['ex_route'],
+                    zip['rel_path'],
+                    routes,
+                )
+            else
+                microservices_stock << Microservice.new(
+                    zip['name'],
+                    zip['ex_route'],
+                    zip['rel_path'],
+                    routes,
+                )
+            end
+        end
+    end
+
+    CassIS::ConfigurationGenerator
+        .new(stock: microservices_stock, restful: microservices_restful)
+        .generate
+        .to_yaml(line_width: -1)
+end
+
+def generate_secrets
+
+    sf                                  = {}
+    sf['secrets']                       = {}
+    sf['secrets']['all']                = {}
+    sf['secrets']['all']['SHA256']      = SecureRandom.hex(16)
+    sf['secrets']['all']['HS256']       = SecureRandom.hex(16)
+    sf['secrets']['all']['AES-256-CBC'] = SecureRandom.hex(16)
+
+    sf.to_yaml(line_width: -1)
+end
+
+def current_or_nil h, *keys
+    keys.each do |key|
+        return nil unless h.has_key?(key)
+        h = h[key]
+    end
+    return nil if h.to_s =~ /^\*\*\*/
+    h
+end
+
+def read_environment_from_clarite_config(clar_conf)
+
+    begin
+        if xml_doc = ::Nokogiri.XML(File.read(clar_conf)) { |c| c.strict }
+            if xml_root = xml_doc.children.first
+                if rzr_svr = xml_root.at_xpath('razor_server')
+                    env = rzr_svr['environment'] and return env
+                end
+            end
+        end
+        $stderr.puts "WARNING: The ClarITe configuration file '#{clar_conf}' does not have the element/attribute '/clarite_config/razor_server@environment'"
+    rescue ::Nokogiri::XML::SyntaxError => x
+        $stderr.puts "WARNING: The ClarITe configuration file '#{clar_conf}' does not contain a valid XML document : #{x.message}"
+    end
+
+    nil
+end
+
+def make_target_relative target_dir, rel_path
+    abs_path = Recls.combine_paths target_dir, rel_path
+    abs_path = Recls.canonicalise_path abs_path
+    abs_path
+end
+
+def update_edit_history properties
+    properties['edit-history'] ||= []
+    properties['edit-history'].unshift "This file reconfigured by '#{basename}' on #{Time.now.strftime('%Y/%m/%d %H:%M:%S.%L')}"
+end
+
+def configure_web_services conf, aborter, **options
+
+    begin
+
+
+        aborter.abort("configuration file - '#{cassid_yaml_path}' - does not contain a valid Cassini configuration") unless ::Hash === conf && conf.keys.size >= 4
+
+        properties  =   conf['properties']
+        cassini     =   conf['cassini']
+        control     =   conf['control']
+        diagnostics =   conf['diagnostics']
+        razor       =   conf['razor']
+
+        unless properties && cassini && control && diagnostics && razor
+
+            aborter.abort("configuration file - '#{cassid_yaml_path}' - does not contain a valid Cassini configuration : it does not contain the required top-level elements")
+        end
+
+        # properties
+        update_edit_history properties
+
+        # general
+
+        say('General settings:')
+
+        abs_paths   =   options[:absolute_paths] || agree("\tDo you want to make all given paths absolute? ") { |q| q.default = false }
+
+        # cassini
+
+        say('Cassini settings:')
+
+        # root directory
+        #
+        current = current_or_nil(cassini, 'root_dir')
+        target_dir = current ? current : Dir.pwd
+        cassini['root_dir'] = target_dir
+
+        # - auth_mode
+
+        choices     =   %w{ authorisation_only basic jwt }
+        current     =   current_or_nil(cassini, 'auth_mode')
+        auth_mode   =   ask("\tAuthorisation mode (one of '#{choices.join('\', \'')}'): ", choices) { |q| q.default = current }
+
+        cassini['auth_mode'] = auth_mode
+
+        # - first_port
+
+        port_range  =   1024..65000
+        current     =   current_or_nil(cassini, 'first_port')
+        current     &&= current.to_s
+        first_port  =   ask("\tSpecify the first port in the range, which is used for the Cassini end-point (in the range #{port_range}) ", Integer) { |q| q.in = port_range; q.default = current }
+
+        cassini['first_port'] = first_port
+
+        # - host
+
+        current     =   current_or_nil(cassini, 'host') || 'localhost'
+        host        =   ask("\tSpecify the host name ") { |q| q.default = current }
+
+        cassini['host'] = host
+
+        # - web_server
+
+        choices     =   %w{ thin webrick }
+        current     =   current_or_nil(cassini, 'web_server') || 'thin'
+        web_server  =   ask("\tSpecify the web-server (one of '#{choices.join('\', \'')}'): ", choices) { |q| q.default = current }
+
+        cassini['web_server'] = web_server
+
+        # - web_ui_server
+
+        current         =   current_or_nil(cassini, 'web_ui_server')
+        web_ui_server   =   ask("\tSpecify the web-ui-server: ") { |q| q.default = current }
+
+        cassini['web_ui_server'] = web_ui_server
+
+        # - us_multiplier
+
+        usm_range   =   1..50
+        current     =   current_or_nil(cassini, 'us_multiplier') || 5
+        current     &&= current.to_s
+        us_multiplier = ask("\tSpecify how many instances of each internal microservice to be started ", Integer) { |q| q.in = usm_range; q.default = current }
+
+        cassini['us_multiplier'] = us_multiplier
+
+        # - JWT
+        #
+        #
+
+        want_jwt    =   cassini['auth_mode'] == 'jwt'
+
+        unless want_jwt
+
+            cassini['secret_server'] = nil
+        else
+
+            say("\tJWT/Secret Server settings:")
+
+            jwt_host    =   nil
+            jwt_port    =   nil
+            jwt_service =   nil
+            jwt_secret  =   nil
+
+            cur_jwt_host    =   nil
+            cur_jwt_port    =   nil
+            cur_jwt_service =   nil
+            cur_jwt_secret  =   nil
+
+            # Get the current settings if any
+            case ss = cassini['secret_server']
+            when nil
+
+                ;
+            when ::Hash
+
+                cur_jwt_host    =   current_or_nil(cassini, 'secret_server', 'host')
+                cur_jwt_port    =   current_or_nil(cassini, 'secret_server', 'port')
+                cur_jwt_secret  =   current_or_nil(cassini, 'secret_server', 'secrets_path')
+            else
+
+                fail("configuration file - '#{cassid_yaml_path}' - does not contain a valid Cassini configuration : the 'cassini/secret_server' element is not a hash")
+            end
+
+            # Use top level host if not already defined
+            if cur_jwt_host.nil?
+                cur_jwt_host = cassini['host']
+            end
+
+            jwt_host        =   ask("\t\tSpecify the jwt/secret server host name ") { |q| q.default = cur_jwt_host }
+
+            if cur_jwt_port.nil?
+
+                change_jwt_port =   true
+            else
+
+                change_jwt_port =   agree("\t\tWould you like to change the jwt/secret port from '#{cur_jwt_port}' (Yes|No) ") { |q| q.default = 'no' }
+            end
+
+            if change_jwt_port
+
+                jwt_port        =   ask("\t\tSpecify the jwt/secret server port (leave blank to be assigned automatically) ")
+            else
+
+                jwt_port        =   cur_jwt_port
+            end
+
+            # secret/seed file (for test/uat jwt config)
+            if cur_jwt_secret.nil?
+                cur_jwt_secret = 'config/secrets.yml'
+            end
+
+            ask("\t\tSpecify the jwt/secret server secret(s) configuration path (either absolute, or relative to '#{target_dir}'): ") do |q|
+
+                q.default = cur_jwt_secret
+                q.validate = lambda do |v|
+
+                    result  =   nil
+
+                    unless v.strip.empty?
+
+                        result  ||= Recls.stat(v)
+                        result  ||= Recls.stat(Recls.combine_paths(target_dir, v))
+
+                        result  =   nil if result && !result.file?
+                    end
+
+                    jwt_secret = result.to_s
+
+                    result
+                end
+                q.responses[:not_valid] = "The given secret configuration path does not specify an existing file or is not relative to '#{target_dir}'"
+            end
+
+            # Cant think of a way around this one yet - maybe should actually check it exists under these conditions
+            jwt_service = 'bin/razorrisk-microservice-secretserver'
+
+            cassini['secret_server']                    =   {}
+            cassini['secret_server']['host']            =   jwt_host
+            cassini['secret_server']['port']            =   jwt_port.to_i unless jwt_port.nil? || jwt_port.empty?
+            cassini['secret_server']['service_path']    =   jwt_service
+            cassini['secret_server']['secrets_path']    =   jwt_secret
+        end
+
+        # - TLS
+        #
+        # This one is a little more complex, because we want to look whether
+        # there's currently any TLS
+
+        has_tls     =   !cassini['tls'].nil?
+        want_tls    =   agree("\tDo you wish to use TLS (https://)? (Yes|No) ") { |q| q.default = 'yes' if has_tls }
+
+        unless want_tls
+
+            cassini['tls'] = nil
+        else
+
+            tls_cert    =   nil
+            tls_pkey    =   nil
+
+            cur_cert    =   nil
+            cur_pkey    =   nil
+
+            case tls = cassini['tls']
+            when nil
+
+                ;
+            when ::String
+
+                cur_cert    =   current_or_nil(cassini, 'tls')
+            when ::Hash
+
+                cur_cert    =   current_or_nil(cassini, 'tls', 'cert')
+                cur_pkey    =   current_or_nil(cassini, 'tls', 'key')
+            else
+
+                aborter.abort("configuration file - '#{cassid_yaml_path}' - does not contain a valid Cassini configuration : the 'cassini/tls' element is neither a hash nor a string")
+            end
+
+
+            tls_cert    =   nil
+            ask("\tSpecify the TLS certificate path: ") do |q|
+
+                q.default = cur_cert
+                q.validate = lambda do |v|
+
+                    result  =   nil
+
+                    unless v.strip.empty?
+
+                        result  ||= Recls.stat(v)
+                        result  ||= Recls.stat(Recls.combine_paths(target_dir, v))
+
+                        result  =   nil if result && !result.file?
+                    end
+
+                    tls_cert = result.to_s
+
+                    result
+                end
+                q.responses[:not_valid] = "The given certificate file path does not specify an existing file or is not relative to '#{target_dir}'"
+            end
+
+            unless cur_pkey
+
+                fe_cert     =   Recls.stat(tls_cert)
+
+                %w{ .key .pkey }.each do |ext|
+
+                    path_pkey = "#{fe_cert.directory_path}#{fe_cert.stem}#{ext}"
+
+                    if cur_pkey = Recls.stat(path_pkey)
+
+                        cur_pkey = cur_pkey.to_s
+
+                        break
+                    end
+                end
+            end
+
+            tls_pkey    =   ask("\tSpecify the TLS certificate public key path: ") do |q|
+
+                q.default = cur_pkey
+                q.validate = lambda do |v|
+
+                    result  =   nil
+
+                    unless v.strip.empty?
+
+                        result  ||= Recls.stat(v)
+                        result  ||= Recls.stat(Recls.combine_paths(target_dir, v))
+
+                        result  =   nil if result && !result.file?
+                    end
+
+                    result
+                end
+                q.responses[:not_valid] = "The given certificate public key file path does not specify an existing file or is not relative to '#{target_dir}'"
+            end
+
+            cassini['tls'] = {}
+
+            if abs_paths
+
+                tls_cert = make_target_relative(target_dir, tls_cert)
+                tls_pkey = make_target_relative(target_dir, tls_pkey)
+            end
+
+            cassini['tls']['cert'] = tls_cert
+            cassini['tls']['key'] = tls_pkey
+        end
+
+
+        # control
+
+        say('Control settings:')
+
+        # - detach
+
+        current     =   current_or_nil(control, 'detach')
+        current     =   current ? 'yes' : 'no' unless current.nil?
+        detach      =   agree("\tDo you wish to run in detached mode? (Yes|No) ") { |q| q.default = current }
+
+        control['detach'] = detach
+
+
+        # diagnostics
+
+        say('Diagnostic settings:')
+
+        # - benchmark
+
+        current     =   current_or_nil(diagnostics, 'benchmark')
+        current     =   current ? 'yes' : 'no' unless current.nil?
+        benchmark   =   agree("\tDo you wish to conduct benchmark logging? (Yes|No) ") { |q| q.default = current }
+
+        diagnostics['benchmark'] = benchmark
+
+        # - console/threshold
+
+        choices     =   DIAGNOSTIC_SEVERITIES
+        current     =   current_or_nil(diagnostics, 'console', 'threshold')
+        thr_console =   ask("\tDiagnostic logging threshold for console logging (one of '#{choices.join('\', \'')}'): ", choices) { |q| q.default = current }
+
+        diagnostics['console'] ||= {}
+        diagnostics['console']['threshold'] = thr_console
+
+        # - main/threshold
+
+        choices     =   DIAGNOSTIC_SEVERITIES
+        current     =   current_or_nil(diagnostics, 'main', 'threshold')
+        thr_main    =   ask("\tDiagnostic logging threshold for file logging (one of '#{choices.join('\', \'')}'): ", choices) { |q| q.default = current }
+
+        diagnostics['main'] ||= {}
+        diagnostics['main']['threshold'] = thr_main
+
+        # - directory
+
+        current  = current_or_nil(diagnostics, 'directory')
+        diag_dir = nil
+        ask("\tDiagnostic logging directory (either absolute, or relative to '#{target_dir}'): ") do |d|
+
+            d.default = current || 'logs'
+            d.validate = lambda do |v|
+
+                result = nil
+                v      = v.strip
+
+                unless v.empty?
+
+                    result ||= Recls.stat(v)
+                    result ||= Recls.stat(Recls.combine_paths(target_dir, v))
+
+                    if result.nil?
+                        result = v
+                    elsif result.file?
+                        result = nil
+                    end
+                end
+
+                diag_dir = result.to_s
+                result
+            end
+            d.responses[:not_valid] = "The given logging directory does not specify a valid directory path"
+        end
+        diag_dir                 = make_target_relative(target_dir, diag_dir) if abs_paths
+        diagnostics['directory'] = diag_dir
+
+        # razor
+
+        say('Razor settings:')
+
+        # - clarite_config
+
+        current     =   current_or_nil(razor, 'clarite_config')
+        clar_conf   =   nil
+        ask("\tClarITe configuration path (either absolute, or relative to '#{target_dir}'): ") do |q|
+
+            q.default = current
+            q.validate = lambda do |v|
+
+                result  =   nil
+
+                unless v.strip.empty?
+
+                    begin
+                        result ||= Recls.stat(v)
+                        result ||= Recls.stat(Recls.combine_paths(target_dir, v))
+
+                        if !result.nil? and result.directory?
+                            result = Recls.stat(
+                                Recls.combine_paths(
+                                    result.path,
+                                    'clarite_config.xml'
+                                )
+                            )
+                        end
+
+                        result  =   nil if result && !result.file?
+                    rescue Errno::EINVAL
+                        result = nil
+                    end
+                end
+
+                clar_conf = result.to_s
+
+                result
+            end
+            q.responses[:not_valid] = "The given ClarITe configuration path does not specify an existing file or is not relative to '#{target_dir}'"
+        end
+
+        clar_conf   =   make_target_relative(target_dir, clar_conf) if abs_paths
+
+        razor['clarite_config'] = clar_conf
+
+        # - environment
+
+        current     =   current_or_nil(razor, 'environment')
+        current     ||= read_environment_from_clarite_config(Recls.stat(clar_conf).to_s)
+        environment =   ask("\tRazor environment name: ") { |q| q.default = current; q.validate = /^[A-Z][-A-Z0-9_$#.]*$/i; q.responses[:not_valid] = "Must supply a valid name" }
+
+        razor['environment'] = environment
+
+        # - executable
+
+        current    = current_or_nil(razor, 'executable')
+        executable = nil
+        ask("\tRazor Connectivity Adaptor Executable path (either absolute, or relative to '#{target_dir}'): ") do |q|
+
+            q.default = current
+            q.validate = lambda do |v|
+
+                result  =   nil
+
+                unless v.strip.empty?
+
+                    begin
+                        result  ||= Recls.stat(v)
+                        result  ||= Recls.stat(Recls.combine_paths(target_dir, v))
+
+                        if !result.nil? and !result.file?
+                            dir = result.path
+                            result = Recls.stat(
+                                Recls.combine_paths(
+                                    dir,
+                                    'RazorRequest.exe'
+                                )
+                            )
+                            result ||= Recls.stat(
+                                Recls.combine_paths(
+                                    dir,
+                                    'RazorRisk.Cassini.ConnectivityAdapter.exe'
+                                )
+                            )
+                        end
+
+                        result = nil if result && !result.file?
+                    rescue Errno::EINVAL
+                        result = nil
+                    end
+                end
+
+                executable = result.to_s
+
+                result
+            end
+            q.responses[:not_valid] = "The given Razor Connectivity Adaptor Executable path does not specify an existing file or is not relative to '#{target_dir}'"
+        end
+
+        executable          = make_target_relative(target_dir, executable) if abs_paths
+        razor['executable'] = executable
+
+        conf.to_yaml(line_width: -1)
+    rescue ::ArgumentError, ::NameError, ::NoMethodError, ::TypeError => x
+
+        $stderr.puts "unexpected exception (#{x.class}): '#{x.message}': #{x.backtrace}"
+
+        raise
+    rescue ::StandardError => x
+
+        $stderr.puts "#{basename}: failed with exception of type #{x.class}: #{x.message}"
+
+        exit 1
+    end
+end
+
+
+# ##########################################################
+# main
+
+options = Configuration::CLI.parse_args ARGV.dup
+
+# Generate initial config file
+if options[:gen_init_conf]
+
+    $writing_init_config = true
+
+    # Cassini Spec is required for initial generation
+    unless File.file? Constants::CassiniSpecYml
+        options[:aborter].abort "Cassini Spec file is required to generate initial cassini config"
+    end
+
+    # Do not overwrite existing file
+    path = File.join(Constants::ConfigDir, Constants::CassidYamlFile)
+    options[:aborter].abort "Cassini Config file already exists" if File.file? path
+
+    Dir.mkdir Constants::ConfigDir unless File.directory? Constants::ConfigDir
+    cassini_spec   = YAML.load_file(Constants::CassiniSpecYml)
+    initial_config = parse_cassini_spec cassini_spec
+    File.open(path, 'w') { |f| f.write initial_config }
+
+    $writing_init_config = false
+end
+
+# Generate Secrets File
+if options[:gen_secrets]
+
+    $writing_secrets = true
+
+    path = File.join(Constants::ConfigDir, Constants::SecretsFile)
+
+    # Do not overwrite existing file
+    options[:aborter].abort "Secrets file already exists" if File.file? path
+
+    Dir.mkdir Constants::ConfigDir unless File.directory? Constants::ConfigDir
+    secrets = generate_secrets
+    File.open(path, 'w') { |f| f.write secrets }
+
+    $writing_secrets = false
+end
+
+# Configure cassini
+unless options[:no_configuration]
+
+    $configuring = true
+
+    cassid_yaml_path = File.join(Constants::ConfigDir, Constants::CassidYamlFile)
+    cassid_yaml      = YAML.load_file(cassid_yaml_path)
+    cassid_yaml      = configure_web_services cassid_yaml, options[:aborter], options
+    if agree("\nYou have completed (re)configuration of '#{cassid_yaml_path}'. Do you wish to save your changes (which will overwrite the existing configuration)? (Yes|No) ")
+        File.open(cassid_yaml_path, 'w') { |f| f.write cassid_yaml }
+    end
+
+    $configuring = false
+end
+
+if options[:input_config]
+
+    $configuring = true
+
+    cassid_yaml_path = File.join(Constants::ConfigDir, Constants::CassidYamlFile)
+    cassid_yaml      = YAML.load_file(cassid_yaml_path)
+
+    input_yaml_path = File.expand_path(options[:input_config])
+    input_yaml      = YAML.load_file(input_yaml_path)
+
+    cassid_yaml = cassid_yaml.deep_merge(input_yaml)
+
+    cassid_yaml['properties'] ||= {}
+    update_edit_history cassid_yaml['properties']
+
+    cassid_yaml = cassid_yaml.to_yaml(line_width: -1)
+    File.open(cassid_yaml_path, 'w') { |f| f.write cassid_yaml }
+
+    $configuring = false
+end
+
+# ############################## end of file ############################# #
+
+