remotus 0.2.3 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 150c4d88d234d85c6f8d0c82765b52a139235a8cadf14ba50a247369ebaf260d
-  data.tar.gz: 81199c5d7906ebba92197738ca31e1c7ff40c1cc6fc37eef0685fb38d1247446
+  metadata.gz: d07fd3936fbe26fea5629acc43238c698f735f3d6814f0733c3b5b81d638f340
+  data.tar.gz: fd028ed4fe407c5f4b9dc82ecdc7ec3371c4605cc19997227287df08badcaa9b
 SHA512:
-  metadata.gz: 5ec542e6af06160c5ce0e0457e8bb5b4db18b57de01c90fbf729988790d5b394da0f004ee8fb6c257ee65eb3074b234184a61a1188efb6223968f1b2defe39e4
-  data.tar.gz: de814cdd4ee721ce521112cc82fe6d0f53ba622289914793f335872ae4a9785acac076cc5ce1a928c07d52d95d2aac9641c62f654efcaf86d30a72d0df394010
+  metadata.gz: 143e87065eb71702504a6773c74e68bc4a6efff6f08cbc8b812ed0c84db7a994719b578e4eb6a345a0f2369a11c1f4b05e1a9531a015cee345f958186ee06860
+  data.tar.gz: 54ce478b43f70a989d8103f659da7ae61723794da6ef1918eee33ff73ee1d363dfb772da8297a4b8428712f639291d481c1df3112d5d09ba1bbbb3c2fd58883b

data/.rubocop.yml

@@ -42,3 +42,6 @@ Metrics/PerceivedComplexity:
 
 Metrics/ParameterLists:
   Max: 6
+
+Gemspec/RequireMFA:
+  Enabled: false

data/CHANGELOG.md

@@ -1,5 +1,8 @@
 ## [Unreleased]
 
+## [0.3.0] - 2022-02-18
+* Add retries to SSH SCP transactions
+
 ## [0.2.3] - 2021-05-01
 * Resolve rexml vulnerability CVE-2021-28965
 

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    remotus (0.2.3)
+    remotus (0.3.0)
       connection_pool (~> 2.2)
       net-scp (~> 3.0)
       net-ssh (~> 6.1)
@@ -14,9 +14,9 @@ GEM
     ast (2.4.2)
     builder (3.2.4)
     connection_pool (2.2.5)
-    diff-lcs (1.4.4)
+    diff-lcs (1.5.0)
     erubi (1.10.0)
-    ffi (1.15.0)
+    ffi (1.15.5)
     gssapi (1.3.1)
       ffi (>= 1.0.1)
     gyoku (1.3.1)
@@ -31,46 +31,46 @@ GEM
       net-ssh (>= 2.6.5, < 7.0.0)
     net-ssh (6.1.0)
     nori (2.6.0)
-    parallel (1.20.1)
-    parser (3.0.1.0)
+    parallel (1.21.0)
+    parser (3.1.0.0)
       ast (~> 2.4.1)
-    rainbow (3.0.0)
-    rake (13.0.3)
-    regexp_parser (2.1.1)
+    rainbow (3.1.1)
+    rake (13.0.6)
+    regexp_parser (2.2.1)
     rexml (3.2.5)
-    rspec (3.10.0)
-      rspec-core (~> 3.10.0)
-      rspec-expectations (~> 3.10.0)
-      rspec-mocks (~> 3.10.0)
-    rspec-core (3.10.1)
-      rspec-support (~> 3.10.0)
-    rspec-expectations (3.10.1)
+    rspec (3.11.0)
+      rspec-core (~> 3.11.0)
+      rspec-expectations (~> 3.11.0)
+      rspec-mocks (~> 3.11.0)
+    rspec-core (3.11.0)
+      rspec-support (~> 3.11.0)
+    rspec-expectations (3.11.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-mocks (3.10.2)
+      rspec-support (~> 3.11.0)
+    rspec-mocks (3.11.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-support (3.10.2)
-    rubocop (1.13.0)
+      rspec-support (~> 3.11.0)
+    rspec-support (3.11.0)
+    rubocop (1.25.1)
       parallel (~> 1.10)
-      parser (>= 3.0.0.0)
+      parser (>= 3.1.0.0)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml
-      rubocop-ast (>= 1.2.0, < 2.0)
+      rubocop-ast (>= 1.15.1, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.4.1)
-      parser (>= 2.7.1.5)
-    rubocop-rake (0.5.1)
-      rubocop
-    rubocop-rspec (2.3.0)
+    rubocop-ast (1.15.2)
+      parser (>= 3.0.1.1)
+    rubocop-rake (0.6.0)
       rubocop (~> 1.0)
-      rubocop-ast (>= 1.1.0)
+    rubocop-rspec (2.8.0)
+      rubocop (~> 1.19)
     ruby-progressbar (1.11.0)
     rubyntlm (0.6.3)
-    rubyzip (2.3.0)
-    unicode-display_width (2.0.0)
+    rubyzip (2.3.2)
+    unicode-display_width (2.1.0)
+    webrick (1.7.0)
     winrm (2.3.6)
       builder (>= 2.1.2)
       erubi (~> 1.8)
@@ -85,7 +85,8 @@ GEM
       logging (>= 1.6.1, < 3.0)
       rubyzip (~> 2.0)
       winrm (~> 2.0)
-    yard (0.9.26)
+    yard (0.9.27)
+      webrick (~> 1.7.0)
 
 PLATFORMS
   ruby
@@ -101,4 +102,4 @@ DEPENDENCIES
   yard (~> 0.9)
 
 BUNDLED WITH
-   2.2.14
+   2.2.22

data/README.md

@@ -87,7 +87,7 @@ require "remotus"
 
 class SimpleStore < Remotus::Auth::Store
   def credential(connection, **options)
-    "#{connection.host}_password"
+    Remotus::Auth::Credential.new('user', "#{connection.host}_password")
   end
 end
 

data/lib/remotus/result.rb

@@ -66,7 +66,7 @@ module Remotus
       return unless error?(accepted_exit_codes)
 
       raise Remotus::ResultError, "Error encountered executing #{@command}! Exit code #{@exit_code} was returned "\
-        "while a value in #{accepted_exit_codes} was expected.\n#{output}"
+                                  "while a value in #{accepted_exit_codes} was expected.\n#{output}"
     end
 
     #

data/lib/remotus/ssh_connection.rb

@@ -113,7 +113,7 @@ module Remotus
     # @param [Hash] options command options
     # @option options [Boolean] :sudo whether to run the command with sudo (defaults to false)
     # @option options [Boolean] :pty  whether to allocate a terminal (defaults to false)
-    # @option options [Integer] :retries number of times to retry a closed connection (defaults to 1)
+    # @option options [Integer] :retries number of times to retry a closed connection (defaults to 2)
     # @option options [String] :input stdin input to provide to the command
     # @option options [Array<Integer>] :accepted_exit_codes array of acceptable exit codes (defaults to [0])
     #                                                       only used if :on_error or :on_success are set
@@ -141,121 +141,88 @@ module Remotus
       # Refer to the command by object_id throughout the log to avoid logging sensitive data
       Remotus.logger.debug { "Preparing to run command #{command.object_id} on #{@host}" }
 
-      # Handle sudo
-      if options[:sudo]
-        Remotus.logger.debug { "Sudo is enabled for command #{command.object_id}" }
-        ssh_command = "sudo -p '' -S sh -c '#{command.gsub("'", "'\"'\"'")}'"
-        input = "#{Remotus::Auth.credential(self).password}\n#{input}"
-
-        # If password was nil, raise an exception
-        raise Remotus::MissingSudoPassword, "#{host} credential does not have a password specified" if input.start_with?("\n")
-      end
+      with_retries(command, retries) do
+        # Handle sudo
+        if options[:sudo]
+          Remotus.logger.debug { "Sudo is enabled for command #{command.object_id}" }
+          ssh_command = "sudo -p '' -S sh -c '#{command.gsub("'", "'\"'\"'")}'"
+          input = "#{Remotus::Auth.credential(self).password}\n#{input}"
 
-      # Allocate a terminal if specified
-      pty = options[:pty] || false
-      skip_first_output = pty && options[:sudo]
-
-      # Open an SSH channel to the host
-      channel_handle = connection.open_channel do |channel|
-        # Execute the command
-        if pty
-          Remotus.logger.debug { "Requesting pty for command #{command.object_id}" }
-          channel.request_pty do |ch, success|
-            raise Remotus::PtyError, "could not obtain pty" unless success
+          # If password was nil, raise an exception
+          raise Remotus::MissingSudoPassword, "#{host} credential does not have a password specified" if input.start_with?("\n")
+        end
 
-            ch.exec(ssh_command)
+        # Allocate a terminal if specified
+        pty = options[:pty] || false
+        skip_first_output = pty && options[:sudo]
+
+        # Open an SSH channel to the host
+        channel_handle = connection.open_channel do |channel|
+          # Execute the command
+          if pty
+            Remotus.logger.debug { "Requesting pty for command #{command.object_id}" }
+            channel.request_pty do |ch, success|
+              raise Remotus::PtyError, "could not obtain pty" unless success
+
+              ch.exec(ssh_command)
+            end
+          else
+            Remotus.logger.debug { "Executing command #{command.object_id}" }
+            channel.exec(ssh_command)
           end
-        else
-          Remotus.logger.debug { "Executing command #{command.object_id}" }
-          channel.exec(ssh_command)
-        end
 
-        # Provide input
-        unless input.empty?
-          Remotus.logger.debug { "Sending input for command #{command.object_id}" }
-          channel.send_data input
-          channel.eof!
-        end
+          # Provide input
+          unless input.empty?
+            Remotus.logger.debug { "Sending input for command #{command.object_id}" }
+            channel.send_data input
+            channel.eof!
+          end
 
-        # Process stdout
-        channel.on_data do |ch, data|
-          # Skip the first iteration if sudo and pty is enabled to avoid outputting the sudo password
-          if skip_first_output
-            skip_first_output = false
-            next
+          # Process stdout
+          channel.on_data do |ch, data|
+            # Skip the first iteration if sudo and pty is enabled to avoid outputting the sudo password
+            if skip_first_output
+              skip_first_output = false
+              next
+            end
+            stdout << data
+            output << data
+            options[:on_stdout].call(ch, data) if options[:on_stdout].respond_to?(:call)
+            options[:on_output].call(ch, data) if options[:on_output].respond_to?(:call)
           end
-          stdout << data
-          output << data
-          options[:on_stdout].call(ch, data) if options[:on_stdout].respond_to?(:call)
-          options[:on_output].call(ch, data) if options[:on_output].respond_to?(:call)
-        end
 
-        # Process stderr
-        channel.on_extended_data do |ch, _, data|
-          stderr << data
-          output << data
-          options[:on_stderr].call(ch, data) if options[:on_stderr].respond_to?(:call)
-          options[:on_output].call(ch, data) if options[:on_output].respond_to?(:call)
-        end
+          # Process stderr
+          channel.on_extended_data do |ch, _, data|
+            stderr << data
+            output << data
+            options[:on_stderr].call(ch, data) if options[:on_stderr].respond_to?(:call)
+            options[:on_output].call(ch, data) if options[:on_output].respond_to?(:call)
+          end
 
-        # Process exit status/code
-        channel.on_request("exit-status") do |_, data|
-          exit_code = data.read_long
+          # Process exit status/code
+          channel.on_request("exit-status") do |_, data|
+            exit_code = data.read_long
+          end
         end
-      end
-
-      # Block until the command has completed execution
-      channel_handle.wait
-
-      Remotus.logger.debug { "Generating result for command #{command.object_id}" }
-      result = Remotus::Result.new(command, stdout, stderr, output, exit_code)
 
-      # If we are using sudo and experience an authentication failure, raise an exception
-      if options[:sudo] && result.error? && !result.stderr.empty? && result.stderr.match?(/^sudo: \d+ incorrect password attempts?$/)
-        raise Remotus::AuthenticationError, "Could not authenticate to sudo as #{Remotus::Auth.credential(self).user}"
-      end
+        # Block until the command has completed execution
+        channel_handle.wait
 
-      # Perform success, error, and completion callbacks
-      options[:on_success].call(result) if options[:on_success].respond_to?(:call) && result.success?(accepted_exit_codes)
-      options[:on_error].call(result) if options[:on_error].respond_to?(:call) && result.error?(accepted_exit_codes)
-      options[:on_complete].call(result) if options[:on_complete].respond_to?(:call)
+        Remotus.logger.debug { "Generating result for command #{command.object_id}" }
+        result = Remotus::Result.new(command, stdout, stderr, output, exit_code)
 
-      result
-    rescue Remotus::AuthenticationError => e
-      # Re-raise exception if the retry count is exceeded
-      Remotus.logger.debug do
-        "Sudo authentication failed for command #{command.object_id}, retrying with #{retries} attempt#{retries.abs == 1 ? "" : "s"} remaining..."
-      end
-      retries -= 1
-      raise if retries.negative?
-
-      # Remove user password to force credential store update on next retry
-      Remotus.logger.debug { "Removing current credential for #{@host} to force credential retrieval." }
-      Remotus::Auth.cache.delete(@host)
-
-      retry
-    rescue Net::SSH::AuthenticationFailed => e
-      # Attempt to update the user password and retry
-      Remotus.logger.debug do
-        "SSH authentication failed for command #{command.object_id}, retrying with #{retries} attempt#{retries.abs == 1 ? "" : "s"} remaining..."
-      end
-      retries -= 1
-      raise Remotus::AuthenticationError, e.to_s if retries.negative?
+        # If we are using sudo and experience an authentication failure, raise an exception
+        if options[:sudo] && result.error? && !result.stderr.empty? && result.stderr.match?(/^sudo: \d+ incorrect password attempts?$/)
+          raise Remotus::AuthenticationError, "Could not authenticate to sudo as #{Remotus::Auth.credential(self).user}"
+        end
 
-      # Remove user password to force credential store update on next retry
-      Remotus.logger.debug { "Removing current credential for #{@host} to force credential retrieval." }
-      Remotus::Auth.cache.delete(@host)
+        # Perform success, error, and completion callbacks
+        options[:on_success].call(result) if options[:on_success].respond_to?(:call) && result.success?(accepted_exit_codes)
+        options[:on_error].call(result) if options[:on_error].respond_to?(:call) && result.error?(accepted_exit_codes)
+        options[:on_complete].call(result) if options[:on_complete].respond_to?(:call)
 
-      retry
-    rescue IOError => e
-      # Re-raise exception if it is not a closed stream error or if the retry count is exceeded
-      Remotus.logger.debug do
-        "IOError (#{e}) encountered for command #{command.object_id}, retrying with #{retries} attempt#{retries.abs == 1 ? "" : "s"} remaining..."
+        result
       end
-      retries -= 1
-      raise if e.to_s != "closed stream" || retries.negative?
-
-      retry
     end
 
     #
@@ -267,7 +234,7 @@ module Remotus
     # @param [Hash] options command options
     # @option options [Boolean] :sudo whether to run the script with sudo (defaults to false)
     # @option options [Boolean] :pty  whether to allocate a terminal (defaults to false)
-    # @option options [Integer] :retries number of times to retry a closed connection (defaults to 1)
+    # @option options [Integer] :retries number of times to retry a closed connection (defaults to 2)
     # @option options [String] :input stdin input to provide to the command
     # @option options [Array<Integer>] :accepted_exit_codes array of acceptable exit codes (defaults to [0])
     #                                                       only used if :on_error or :on_success are set
@@ -297,6 +264,7 @@ module Remotus
     # @option options [String] :owner file owner ("oracle")
     # @option options [String] :group file group ("dba")
     # @option options [String] :mode file mode ("0640")
+    # @option options [Integer] :retries number of times to retry a closed connection (defaults to 2)
     #
     # @return [String] remote path
     #
@@ -307,7 +275,11 @@ module Remotus
         sudo_upload(local_path, remote_path, options)
       else
         permission_cmd = permission_cmds(remote_path, options[:owner], options[:group], options[:mode])
-        connection.scp.upload!(local_path, remote_path, options)
+
+        with_retries("Upload #{local_path} to #{remote_path}", options[:retries] || DEFAULT_RETRIES) do
+          connection.scp.upload!(local_path, remote_path, options)
+        end
+
         run(permission_cmd).error! unless permission_cmd.empty?
       end
 
@@ -322,6 +294,7 @@ module Remotus
     #                            if local_path is nil, the file's content will be returned
     # @param [Hash] options download options
     # @option options [Boolean] :sudo whether to run the download with sudo (defaults to false)
+    # @option options [Integer] :retries number of times to retry a closed connection (defaults to 2)
     #
     # @return [String] local path or file content (if local_path is nil)
     #
@@ -343,7 +316,12 @@ module Remotus
       end
 
       Remotus.logger.debug { "Downloading file from #{@host}:#{remote_path}" }
-      result = connection.scp.download!(remote_path, local_path, options)
+
+      result = nil
+
+      with_retries("Download #{remote_path} to #{local_path}", options[:retries] || DEFAULT_RETRIES) do
+        result = connection.scp.download!(remote_path, local_path, options)
+      end
 
       # Return the file content if that is desired
       local_path.nil? ? result : local_path
@@ -372,6 +350,39 @@ module Remotus
 
     private
 
+    #
+    # Wraps one or many SSH commands to provide exception handling and retry support
+    # to a given block
+    #
+    # @param [String] command command to be run or command description
+    # @param [Integer] retries number of retries
+    #
+    def with_retries(command, retries)
+      yield if block_given?
+    rescue Remotus::AuthenticationError, Net::SSH::AuthenticationFailed => e
+      # Re-raise exception if the retry count is exceeded
+      Remotus.logger.debug do
+        "Sudo authentication failed for command #{command.object_id}, retrying with #{retries} attempt#{retries.abs == 1 ? "" : "s"} remaining..."
+      end
+      retries -= 1
+      raise Remotus::AuthenticationError, e.to_s if retries.negative?
+
+      # Remove user password to force credential store update on next retry
+      Remotus.logger.debug { "Removing current credential for #{@host} to force credential retrieval." }
+      Remotus::Auth.cache.delete(@host)
+
+      retry
+    rescue IOError => e
+      # Re-raise exception if it is not a closed stream error or if the retry count is exceeded
+      Remotus.logger.debug do
+        "IOError (#{e}) encountered for command #{command.object_id}, retrying with #{retries} attempt#{retries.abs == 1 ? "" : "s"} remaining..."
+      end
+      retries -= 1
+      raise if e.to_s != "closed stream" || retries.negative?
+
+      retry
+    end
+
     #
     # Whether to restart the current SSH connection
     #
@@ -413,13 +424,17 @@ module Remotus
     # @option options [String] :owner file owner ("oracle")
     # @option options [String] :group file group ("dba")
     # @option options [String] :mode file mode ("0640")
+    # @option options [Integer] :retries number of times to retry a closed connection (defaults to 2)
     #
     def sudo_upload(local_path, remote_path, options = {})
       # Must first upload the file to an accessible directory for the login user
       user_remote_path = sudo_remote_file_path(remote_path)
       Remotus.logger.debug { "Sudo enabled, uploading file to #{user_remote_path}" }
       permission_cmd = permission_cmds(user_remote_path, options[:owner], options[:group], options[:mode])
-      connection.scp.upload!(local_path, user_remote_path, options)
+
+      with_retries("Upload #{local_path} to #{user_remote_path}", options[:retries] || DEFAULT_RETRIES) do
+        connection.scp.upload!(local_path, user_remote_path, options)
+      end
 
       # Set permissions and move the file to the correct destination
       move_cmd = "/bin/mv -f '#{user_remote_path}' '#{remote_path}'"

data/lib/remotus/version.rb

@@ -2,5 +2,5 @@
 
 module Remotus
   # Remotus gem version
-  VERSION = "0.2.3"
+  VERSION = "0.3.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: remotus
 version: !ruby/object:Gem::Version
-  version: 0.2.3
+  version: 0.3.0
 platform: ruby
 authors:
 - Matthew Newell
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-05-01 00:00:00.000000000 Z
+date: 2022-02-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: connection_pool