safedb 0.7.1001 → 0.10.5

data/lib/controller/db/push.rb

@@ -2,326 +2,38 @@
 	
 module SafeDb
 
-  # After backing up local assets the <b>push use case</b> creates a remoe github
-  # repository if necessary and initializes the master crypts as a git repository
-  # if necessary and then adds, commits and pushes the crypts up to the github
-  # remote for safe keeping.
-  #
-  # We also remember the commit reference and we add this to the master indices
-  # file before finally backing up, and then updating the master indices file on
-  # the locally accessible removable drive.
-  #
-  # == The First Push
-  #
-  # The first push on a machine
-  #
-  # - writes and secures the private key
-  # - creates an entry within ~/.ssh/config
-  # - does a git init and sets the git remote
-  #
-  # Subsequent pushes will always
-  #
-  # - add and commit to the local repository
-  # - push crypts to the remote repository
-  # - record the commit reference in the safe database tracker file
-  # - copy the database tracker file to the removable drive
-  #
-  class Push < Controller
+    # A safe push will save the state of the local safe database in a
+    # backend location (currently only a Git repository).
+    #
+    # This class does not require the user to be logged into a book.
+    # Naturally it expects safe remote --provision to have been
+    # called which creates the remote backend and then sets the git
+    # remote origin urls for fetch and push.
+    class Push < Controller
+
+        # Execute the business of pushing to a remote safe
+        # backend repository.
+        def execute()
+
+            # Only required when git pulling on a machine for
+            # the very first time. This is used to grab the
+            # github access token and repository user and repository
+            # name for creating the push origin url.
+            # ----------------------------------------------------------
+            # open_remote_backend_location()
+            # ----------------------------------------------------------
+
+            puts ""
+            puts "Pushing safe commits to the backend repository."
+            puts ""
+
+            GitFlow.push( Indices::MASTER_CRYPTS_FOLDER_PATH )
+
+            puts ""
 
-    # After backing up local assets the <b>push use case</b> creates a remoe github
-    # repository if necessary and initializes the master crypts as a git repository
-    # if necessary and then adds, commits and pushes the crypts up to the github
-    # remote for safe keeping.
-    def execute()
-
-      open_remote_backend_location()
-
-###########
-########### =========================================
-########### Instead of Private Keys Use Tokens  =====
-########### =========================================
-########### 
-########### git remote add origin https://<<GITHUB_TOKEN>>@github.com/<<REPO_USERNAME>>/<<REPO_NAME>>.git
-########### git remote set-url origin https://<<GITHUB_TOKEN>>@github.com/<<REPO_USERNAME>>/<<REPO_NAME>>.git
-########### git push origin master
-########### 
-########### Note ==== Query repository with git remote -v to see if an origin has been set
-###########      ==== If no origin set use the set-url variant otherwise use the add variant
-########### 
-########### ==========================================
-########### For Pulling (Cloning the Repository  =====
-########### ==========================================
-########### 
-########### git clone https://github.com/<<REPO_USERNAME>>/<<REPO_NAME>>.git [[safedb-master-crypts]]
-########### 
-########### 
-########### 
-
-      # @todo ------------------------------------------------------------ >>
-      # @todo REFACTOR the below into lib/utils/keys/keypair.rb
-      # @todo REFACTOR And create a utiliy class for bulk of file Writer functionality
-      # @todo Methods in keypair should NOT know about the Indices constants
-      # @todo Refactor name from [Indices] to [Constants]
-      # @todo ------------------------------------------------------------ >>
-      # @todo Method Names
-      # @todo ------------------------------------------------------------ >>
-      # @todo   (1) - Constants.write_private_key()
-      # @todo ------------------------------------------------------------ >>
-
-      private_key_path = File.join( Indices::SSH_DIRECTORY_PATH, @verse[ Indices::REMOTE_PRIVATE_KEY_KEYNAME ] )
-      private_key_exists = File.file?( private_key_path )
-      puts "private key found at #{private_key_path}" if private_key_exists
-
-      unless private_key_exists
-
-        puts "private key will be created at #{private_key_path}"
-        file_writer = Write.new()
-        file_writer.file_key = Indices::PRIVATE_KEY_DEFAULT_KEY_NAME
-        file_writer.to_dir = Indices::SSH_DIRECTORY_PATH
-        file_writer.flow()
-
-        FileUtils.chmod( 0600, private_key_path, :verbose => true )
-
-      end
-
-      git_username = @verse[ Indices::GIT_REPOSITORY_USER_KEYNAME ]
-      git_reponame = @verse[ Indices::GIT_REPOSITORY_NAME_KEYNAME ]
-
-      ssh_host_name = @verse[ Indices::REMOTE_MIRROR_SSH_HOST_KEYNAME ] 
-      ssh_config_exists = File.file?( Indices::SSH_CONFIG_FILE_PATH )
-      config_file_contents = File.read( Indices::SSH_CONFIG_FILE_PATH ) if ssh_config_exists
-      ssh_config_written = ssh_config_exists && config_file_contents.include?( ssh_host_name )
-      puts "ssh config for host #{ssh_host_name} has already been written" if ssh_config_written
-
-      unless ssh_config_written
-
-        puts "ssh config for host #{ssh_host_name} will be written"
-        config_backup_path = File.join( Indices::SSH_DIRECTORY_PATH, "safe.clobbered.ssh.config-#{TimeStamp.yyjjj_hhmm_sst()}" )
-        File.write( config_backup_path, config_file_contents ) if ssh_config_exists
-        puts "original ssh config at #{config_backup_path}" if ssh_config_exists
-
-        File.open( Indices::SSH_CONFIG_FILE_PATH, "a" ) do |line|
-          line.puts( "\n" )
-          line.puts( "Host #{ ssh_host_name }" )
-          line.puts( "HostName github.com" )
-          line.puts( "User #{ git_username }" )
-          line.puts( "IdentityFile #{ private_key_path }" )
-          line.puts( "StrictHostKeyChecking no" )
         end
 
-        puts "ssh config has been successfully written"
-
-      end
-
-      puts ""
-
-      ssh_test_cmd_string = "ssh -i #{private_key_path} -vT git@github.com"
-      system( ssh_test_cmd_string )
-      ssh_cmd_exit_status = $?.exitstatus
-
-      unless ssh_cmd_exit_status == 1
-
-        puts ""
-        puts "The command exit status is #{ssh_test_exitstatus}"
-        puts ""
-        puts "### ##### : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
-        puts "### Error : SSH test result did not contain expected string."
-        puts "### Query : #{ ssh_test_cmd_string }"
-        puts "### ##### : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
-        puts ""
-
-        return
-
-      end
-
-      puts ""
-      puts "### ####### : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
-      puts "### Success : The SSH connection test was a roaring success."
-      puts "### Command : #{ ssh_test_cmd_string }"
-      puts "### ####### : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
-      puts ""
-
-## ==========>>> git rev-parse HEAD
-
-# git init    
-# git clone `URLTORepository`
-# cd `into your cloned folder`
-# git checkout commithash
-
-      puts ""
-      return
-
-=begin
-ssh -i ~/.ssh/safedb.code.private.key.pem -vT git@safedb.code
-git clone https://github.com/devops4me/safedb.net safedb.net
-git remote set-url --push origin git@safedb.code:devops4me/safedb.net.git
-=end
-
-      unless ssh_config_file contains git_reponame
-
-        #write out the SSH private key
-        # @todo change the write method to change the file permissions
-
-# SAFE_PRIVATE_KEY_KEYNAME
-
-      # @todo - Write the chunk of text into .ssh/config file (name is git_reponame)
-      # @todo - the User is git_username
-      # @todo - the IdentityFile is Dir.home() joined to .ssh and User is git_username
-
-      user_host_name = "#{Etc.getlogin()}@#{Socket.gethostname()}"
-      @verse.store( Indices::REMOTE_LAST_PUSH_ON, TimeStamp.readable() )
-      @verse.store( Indices::REMOTE_LAST_PUSH_BY, user_host_name )
-
-      end # end the unless block
-
-
-# --  SAFE_REMOTE_SSH_HOST = "safe.remote"
-# --  SAFE_REMOTE_HOST_NAME = "github.com"
-
-  # @todo - link this to the Keys class to use the same string constant
-# --  SAFE_PRIVATE_KEY_KEYNAME = "private.key"
-
-
-
-
-      # Do a git init if no .git folder found
-      # do git local config (for name and email) if necessary
-      # do git set remote url add
-      # do git add
-      # do git commit
-      # do git push origin master
-
-#      @verse.store( Indices::REMOTE_LAST_PUSH_ID,  )
-   # @todo set git remote url (for push) in the @verse
-   # @todo set git clone url in the @verse
-   # @todo set git commit id in the @verse
-      
-#   @todo now set the git clone url and commit ID in the master index file
-
-      # Make sure git pull --from=/path/to/dir LOGS in and writes the /path/to/dir with KEY as the User@hostname
-
-      ## Now the git push --to=/path/to/this/dir => IF no path read from @verse
-      ## If no verse with user@host path the WRITE to present working directory
-
-
-
 =begin
-
-Setting up passwordless git interactions (cloning, pulling, pushing) is the same as setting up passwordless ssh login.
-
-To interact with Git without passwords you need to
-
-- setup a public private SSH keypair
-- install and lock down the private key
-- create a SSH IdentityFile called config in `$HOME/.ssh/config`
-- install the public key into BitBucket, GitLab, GitHub or a SSH accessible repo
-
-### Setup Passwordless SSH
-
-Passwordless SSH is a prerequisite to passwordless git interaction.
-
-### The SSH Identity File
-
-The Identity File is telling the SSH subsystem that when you see this particular hostname (IP Address) - you submit this private key because that host will for sure have the corresponding public key in its authorized keys cache.
-
-When using Github, Gitlab or BitBucket - you go to a screen and enter in the public key portion.
-
-```
-Host bitbucket.server
-StrictHostKeyChecking no
-HostName bitbucket.org
-User joebloggs276
-IdentityFile /home/joebloggs/.ssh/bitbucket-repo-private-key.pem
-```
-
-### The Passwordless SSH Setup Commands
-
-Our local user `joebloggs` has an account with `bitbucket.org` with username `joebloggs276` and has submitted the public key to it. He has created a private key at `/home/joebloggs/.ssh/bitbucket-repo-private-key.pem` (locked with a 400) and an identity file at `/home/joebloggs/.ssh/config`.
-
-``` bash
-ssh-keygen -t rsa                                              # enter /home/joebloggs/.ssh/bitbucket-repo-private-key.pem
-chmod 400 /home/joebloggs/.ssh/bitbucket-repo-private-key.pem  # restrict to user read-only permissions
-GIT_HOST_IP=bitbucket.org                                      # set the hostname as bitbucket.org
-ssh-keyscan $GIT_HOST_IP >> /home/joebloggs/.ssh/known_hosts   # prevents a authenticity of host cant be established prompt
-ssh -i /home/joebloggs/.ssh/bitbucket-repo-private-key.pem -vT "joebloggs276@$GIT_HOST_IP" # test that all will be okay
-git clone git@bitbucket.org:joeltd/bigdata.git mirror.bigdata  # this clone against bigdata account and repo is bigdata
-```
-
-BITBUCKET_USER=joebloggs276;
-# curl --user ${BITBUCKET_USER} https://api.bitbucket.org/2.0/repositories/joeltd
-curl --user ${BITBUCKET_USER} git@api.bitbucket.org/2.0/repositories/joeltd
-
-
-Note that the clone command uses the bitbucket account called joeltd and the repository is called big_data_scripts.
-
-The response to the SSH test against a bitbucket repository for user
-
-`ssh -i /home/joebloggs/.ssh/bitbucket-repo-private-key.pem -vT "joebloggs276@$GIT_HOST_IP"`
-
-## Setup Git in Existing Directory
-
-To hook up with a new repository from a directory with files you first
-
-- create the remote repository (use safe's github and gitlab tooling)
-- safe will have created a public / private keypair and installed it in the remote repo
-- locally their should be a private key (with 0600 permissions) and an entry in ~/.ssh/config
-- go to the git directory (without a .git folder)
-
-The commands to run
-
-git init
-git add -A
-git status
-git commit -am "First checkin of project."
-git remote add origin git@<<Host>>:<<userOrGroup>>/<<repo-name>>.git
-git remote -v
-git push --set-upstream origin master
-
-=end
-
-
-# @todo -- also see temp-git-code.rb class in this directory
-# @todo -- also see temp-git-code.rb class in this directory
-# @todo -- also see temp-git-code.rb class in this directory
-# @todo -- also see temp-git-code.rb class in this directory
-# @todo -- also see temp-git-code.rb class in this directory
-# @todo -- also see temp-git-code.rb class in this directory
-# @todo -- also see temp-git-code.rb class in this directory
-# @todo -- also see temp-git-code.rb class in this directory
-# @todo -- also see temp-git-code.rb class in this directory
-# @todo -- also see temp-git-code.rb class in this directory
-
-
-puts ""
-the_384_key = OpenSSL::PKey::EC.new('secp384r1')
-the_384_key.generate_key!
-
-puts "#############################"
-puts "the 384 key"
-puts "#############################"
-puts the_384_key.private_key.to_pem()
-puts "#############################"
-puts the_384_key.private_key.export()
-puts "#############################"
-puts the_384_key.public_key.export()
-puts "#############################"
-puts the_384_key.public_key.to_pem()
-puts "#############################"
-puts the_384_key.to_pem()
-puts "#############################"
-puts the_384_key.to_text()
-puts ""
-
-ec_private_key_encoded = Base64.urlsafe_encode64( the_384_key.to_pem() )
-
-puts "Private Key Encoded"
-puts "ec_private_key_encoded"
-puts ""
-return 
-
-return
-      puts ""
-
       removable_drive_path = xxx # ~~~~ read this from the --to variable
       removable_drive_file = File.join( removable_drive_path, Indices::MASTER_INDICES_FILE_NAME )
       removable_drive_file_exists = File.exist?( removable_drive_file ) && File.file?( removable_drive_file )
@@ -338,15 +50,11 @@ return
 
       is_git = File.exist?( Indices::MASTER_CRYPTS_GIT_PATH ) && File.directory?( Indices::MASTER_CRYPTS_GIT_PATH )
 
+=end
 
 
-      return
-
 
     end
 
 
-  end
-
-
 end

data/lib/controller/db/{remote.rb → remote-github-keypair.rb}

@@ -2,7 +2,12 @@
 	
 module SafeDb
 
-  # We want to provision (create) the safe's remote (github) backend.
+  # This class gives a flavour of setting up a git repository to be accessed
+  # with PUBLIC / PRIVATE keys (using SSH) rather than via a GitHub access token
+  # that uses HTTPS (see remote.rb).
+  #
+  # THIS IMPLEMENTATION IS AS YET UNFINISHED BECAUSE IT DOES NOT WRITE INTO THE
+  # SSH CONFIG FILE IN ~/.ssh/config
   #
   # A number of setup tasks are executed when you ask that the backend repository be created.
   #
@@ -14,7 +19,7 @@ module SafeDb
   # - the private and public keys are placed within the chapter/verse
   # - the public (deploy) key is registered with the github repository
   #
-  class Remote < EditVerse
+  class RemoteGithubKeypair < EditVerse
 
     attr_writer :provision
 
@@ -27,7 +32,7 @@ module SafeDb
       github_access_token = @verse[ Indices::GITHUB_ACCESS_TOKEN ]
       return unless is_github_access_token_valid( github_access_token )
 
-      repository_name = "safedb-crypts-#{TimeStamp.yyjjj_hhmm_sst()}"
+      repository_name = "safe-#{TimeStamp.yyjjj_hhmm_sst()}"
       @verse.store( Indices::GIT_REPOSITORY_NAME_KEYNAME, repository_name )
       private_key_simple_filename = "safe.#{@book.get_open_chapter_name()}.#{@book.get_open_verse_name()}.#{TimeStamp.yyjjj_hhmm_sst()}"
       @verse.store( Indices::REMOTE_PRIVATE_KEY_KEYNAME, "#{private_key_simple_filename}.pem" )
@@ -56,7 +61,7 @@ module SafeDb
 
       github_client = Octokit::Client.new( :access_token => github_access_token )
       github_user = github_client.user
-      repo_creator = "#{Etc.getlogin()}@#{Socket.gethostname()}"
+      repo_creator = "#{ENV[ "USER" ]}@#{Socket.gethostname()}"
       repo_description = "This github repository was auto-created by safedb.net to be a remote database backend on behalf of #{repo_creator} on #{TimeStamp.readable()}."
       repo_homepage = "https://github.com/devops4me/safedb.net/"
       repository_id = "#{github_user[:login]}/#{repository_name}"
@@ -82,11 +87,11 @@ module SafeDb
         :has_issues => false,
         :has_wiki => false,
         :has_downloads => false,
-        :auto_init => true
+        :auto_init => false
       }
 
       github_client.create_repository( repository_name, options_hash  )
-      github_client.add_deploy_key( repository_id, "your safe crypts deployment key with ID #{TimeStamp.yyjjj_hhmm_sst()}", repo_public_key )
+      github_client.add_deploy_key( repository_id, "your safe crypt deployment key with ID #{TimeStamp.yyjjj_hhmm_sst()}", repo_public_key )
 
     end
 

data/lib/controller/db/remote-github-token.rb

@@ -0,0 +1,69 @@
+#!/usr/bin/ruby
+	
+module SafeDb
+
+  # This class uses Github (https) along with an access token (as opposed to ssh keypairs)
+  # to provision a remote backend for a safe database.
+  #
+  # == Github Access Token
+  #
+  # The safe book must be opened at a chapter/verse that contains a line named
+  # `@github.access.token` with a viable token value. This is the only pre-condition to
+  # the `safe remote --provision` command.
+  #
+  # == Flow of Events
+  #
+  # To provision a Github token-based remote backend for the safe database means
+  #
+  # - a repository is created in github
+  # - the repository name and user are stored in the verse
+  # - the fetch/pull/clone url is put into configuration visible before login
+  # - the push origin url is added using the `git remote add origin` command
+  #
+  # Finally prompt the user to issue a commit followed by a push.
+  class RemoteGithubToken < EditVerse
+
+    attr_writer :provision
+
+    # We want to provision (create) the safe's remote (github) backend.
+    # A number of setup tasks are executed when you ask that the backend repository be created.
+    def edit_verse()
+
+      return unless @provision
+
+      github_access_token = @verse[ Indices::GITHUB_ACCESS_TOKEN ]
+      return unless is_github_access_token_valid( github_access_token )
+
+      repository_name = "safe-#{TimeStamp.yyjjj_hhmm_sst()}"
+      @verse.store( Indices::GIT_REPOSITORY_NAME_KEYNAME, repository_name )
+
+      # We could hardcode this to genesis:remote/github which will be
+      # referenced only on the first ever safe pull --from=https://github.com/devops4me/safe-xxxx
+      # This is required for setting the push origin url.
+      remote_mirror_page = "#{@book.book_id()}/#{@book.get_open_chapter_name()}/#{@book.get_open_verse_name()}"
+      Master.new().set_backend_coordinates( remote_mirror_page )
+
+      repository_user = Github.create_repo( github_access_token, repository_name )
+      @verse.store( Indices::GIT_REPOSITORY_USER_KEYNAME, repository_user )
+
+      fetch_url = "https://github.com/#{repository_user}/#{repository_name}.git"
+      push_url = "https://#{repository_user}:#{github_access_token}@github.com/#{repository_user}/#{repository_name}.git"
+      GitFlow.add_origin_url( Indices::MASTER_CRYPTS_FOLDER_PATH, fetch_url )
+      GitFlow.set_push_origin_url( Indices::MASTER_CRYPTS_FOLDER_PATH, push_url )
+
+    end
+
+
+    def is_github_access_token_valid( github_access_token )
+
+      is_invalid = github_access_token.nil?() || github_access_token.strip().length() < 7
+      puts "No valid github access token found." if is_invalid
+      return !is_invalid
+
+    end
+
+
+  end
+
+
+end

data/lib/controller/db/state.rb

@@ -0,0 +1,63 @@
+#!/usr/bin/ruby
+	
+module SafeDb
+
+  # Querying the state of the safe on the current machine is what this command
+  # facilitates.
+  #
+  # == Strategy re Safe Events and Commits
+  #
+  # - 1. changes to the safe back-end repository should occur only when a book login occurs
+  #      for the first time since the machine booted up (already implemented) OR when a book
+  #      is created, destroyed or changes after edits are committed. Also after a password
+  #      reset "safe password" the indices will be changed and committed.
+  #      Things like last accessed time must come out of the master indices file.
+  #
+  # - 2. 7 key events must be recorded at the JSON path safedb-event-tracking/safedb-events-<<bootup-id>>.json
+  #      (above the repository) and these events should be presented in a table in
+  #      response to the **`safe state`** command.
+  #
+  # - 3. the 7 events are book create, book destroy, edit, login, logout, commit, refresh
+  #      and they must be stored at the bootup ID referenced path and in conjunction with
+  #      the branch ID, book name, book ID and the time the event occurred.
+  #
+  # == Touched Use Cases
+  #
+  # This event tracking strategy requires changes in roughly 10 use cases.
+  #
+  # 1. safe prune - as well as pruning branches with unrecognized bootup IDs we also prune old events files
+  # 2. safe state - prints the table of branch, book name, book ID, last state event and the event time
+  # 3. safe state - a column titled S has an asterix (*) if edits occur without being followed by a commit or logout
+  # 4. safe state - the branch column states "this one" if branch ID matches current branch ID
+  # 5. safe state - the table is ordered by the time the branch/books are written in SO THAT the rows do not jump about
+  # 6. safe logout - trashes branches and marks the event (branch/book) row so that it is displayed by safe state
+  # 6. safe login - changes to trashes branches and marks the event (branch/book) row so that it is displayed by safe state
+  # 7. safe destroy <<book>>: - only enact this if the book is not logged in (since boot time) or has been logged out
+  # 8. safe destroy <<book>>: - trash branches, master indices and crypts and referencing rows in the event tracker file
+  # 9. safe rename <<book>>: - only change section header in INI indices to rename the book
+  # 10. safe password - Only allow when no other branch is logged in (its fine if they subsequently logged out)
+  #
+  #
+  # == Limit Occurrences of Book ID
+  #
+  # Do not write book ID everywhere because renaming and destroying books change will cascade.
+  # Book IDs should not be used to name directories or files or crypt headers - (use a reference instead)
+  #
+  #
+  #
+  #
+  class State < Controller
+
+    def execute()
+
+
+      return
+
+
+    end
+
+
+  end
+
+
+end

data/lib/controller/query/publish.rb

@@ -0,0 +1,27 @@
+#!/usr/bin/ruby
+	
+module SafeDb
+
+  # The safe publish command knows how to talk to external credential consumers
+  # like Kubernetes Secrets, Jenkins Credentials, Git Secrets, Terraform Secrets,
+  # Docker Secrets, HashiCorp's Vault and more besides.
+  #
+  # Use publish to tell safe what to publish, what to publish it as and if
+  # necessary where to publish it to.
+  #
+  # - `safe publish --docker-registry-credentials --kubernetes-secret`
+  # - `safe publish --username-password --jenkins --at http://localhost:8080`
+  #
+  # Visit documentation at https://www.safedb.net/docs/copy-paste
+  class Publish < QueryVerse
+
+    def query_verse()
+
+
+    end
+
+
+  end
+
+
+end

data/lib/controller/requirer.rb

@@ -94,7 +94,6 @@ module SafeDb
       gem_basepath = File.expand_path "..", gem_filepath
       Dir["#{gem_basepath}/**/*.rb"].each do |gem_path|
 
-        log.debug(x) { "@@@@ => #{gem_path}" }
         require gem_path
 
       end