sambot 0.1.111 → 0.1.112
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0de72fb94d33394f6a22bc622e7bb25bc006fad5
|
|
4
|
+
data.tar.gz: 2b9c9c892cf49945ef7fe560c4b018df0a59ff45
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6752fc68229ee431c8c4d831d61ba300a2b35736f6c376457b344eb99c7f02b19fb8de1e7cc1d114c940148c77c0b212e3f0782077c2bd3e234e7f608cdea156
|
|
7
|
+
data.tar.gz: 745daed4cc978fe0c7eccf6c6623f7d8a1357965534efefa4d6d8dd09abab5e5fd92a5bd56a6e354e3d98deba0ab29e664ea2d58b0b052b7415e688218bbac15
|
|
@@ -4,6 +4,8 @@ module Sambot
|
|
|
4
4
|
module DeveloperWorkflow
|
|
5
5
|
class Proxy
|
|
6
6
|
|
|
7
|
+
CONFIG_PATH = '/tmp/haproxy.conf'
|
|
8
|
+
|
|
7
9
|
def self.start(forwards)
|
|
8
10
|
template_path = FileManagement::TemplateProvider.get_path('haproxy.conf.erb')
|
|
9
11
|
input = File.read(template_path)
|
|
@@ -20,13 +22,12 @@ module Sambot
|
|
|
20
22
|
UI.debug("Proxying #{service[:name]}.brighter.io:#{service[:local_port]} to #{service[:ip]}:#{service[:tunnel_port]}")
|
|
21
23
|
end
|
|
22
24
|
contents = eruby.evaluate({services: services})
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
Runtime.sudo("haproxy -f #{temp_config.path}")
|
|
25
|
+
File.write(CONFIG_PATH, contents)
|
|
26
|
+
Runtime.sudo("haproxy -f #{CONFIG_PATH}")
|
|
26
27
|
end
|
|
27
28
|
|
|
28
29
|
def self.stop
|
|
29
|
-
|
|
30
|
+
Runtime.sudo("killall haproxy")
|
|
30
31
|
end
|
|
31
32
|
|
|
32
33
|
end
|
|
@@ -23,7 +23,7 @@ module Sambot
|
|
|
23
23
|
'teamcity.brighter.io': { ip: '127.0.0.14', port: 443, local_port: 9014 },
|
|
24
24
|
'splunk.brighter.io': { ip: '127.0.0.15', port: 443, local_port: 9015 },
|
|
25
25
|
'jenkins.brighter.io': { ip: '127.0.0.16', port: 443, local_port: 9016 },
|
|
26
|
-
'vault.brighter.io': { ip: '127.0.0.
|
|
26
|
+
'vault.brighter.io': { ip: '127.0.0.1', port: 8200, local_port: 9017 }
|
|
27
27
|
}
|
|
28
28
|
|
|
29
29
|
def start(username, password, sudo_password)
|
|
@@ -36,13 +36,14 @@ module Sambot
|
|
|
36
36
|
Proxy.start(FORWARDS)
|
|
37
37
|
Networking.configure(FORWARDS)
|
|
38
38
|
Tunnels.start(username, password, BASTION_HOST_IP, FORWARDS)
|
|
39
|
-
|
|
39
|
+
setup_secrets_management(username, password)
|
|
40
40
|
UI.info("Your session has now started - run `sambot session stop` to close it")
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
def stop
|
|
44
44
|
Tunnels.stop
|
|
45
45
|
DNS.reset_hosts(FORWARDS)
|
|
46
|
+
Proxy.stop
|
|
46
47
|
end
|
|
47
48
|
|
|
48
49
|
private
|
|
@@ -65,11 +66,11 @@ module Sambot
|
|
|
65
66
|
end
|
|
66
67
|
|
|
67
68
|
def setup_secrets_management(username, password)
|
|
68
|
-
unless Vault.has_environment_variables?
|
|
69
|
+
unless Vault.has_environment_variables?
|
|
69
70
|
UI.info("You have either not configured your workstation or you have not opened up a new shell to pick up the changes applied during configuration")
|
|
70
71
|
end
|
|
71
72
|
UI.debug "Authenticating with Hashicorp Vault in Rackspace DEV/QE"
|
|
72
|
-
token = Vault.authenticate(username, password)
|
|
73
|
+
token = Vault.authenticate(username, password, FORWARDS)
|
|
73
74
|
UI.debug "Saving your Vault authentication token to ~/.vault-token"
|
|
74
75
|
Vault.save_token(token)
|
|
75
76
|
end
|
|
@@ -7,34 +7,46 @@ module Sambot
|
|
|
7
7
|
module DeveloperWorkflow
|
|
8
8
|
class Vault
|
|
9
9
|
|
|
10
|
-
|
|
10
|
+
def self.authenticate(username, password, forwards)
|
|
11
|
+
secret = get_user_token(username, password, forwards)
|
|
12
|
+
secret.auth.client_token
|
|
13
|
+
end
|
|
11
14
|
|
|
12
|
-
def self.
|
|
13
|
-
secret = nil
|
|
15
|
+
def self.get_user_token(username, password, forwards)
|
|
14
16
|
::Vault.configure do |config|
|
|
15
17
|
sleep(3)
|
|
16
|
-
config.address =
|
|
18
|
+
config.address = build_vault_address(forwards)
|
|
17
19
|
config.ssl_verify = false
|
|
18
|
-
|
|
20
|
+
return ::Vault.auth.ldap(username, password)
|
|
19
21
|
end
|
|
20
|
-
secret.auth.client_token
|
|
21
22
|
end
|
|
22
23
|
|
|
23
|
-
def self.setup_environment(
|
|
24
|
-
save_environment_variable('VAULT_SKIP_VERIFY', true)
|
|
25
|
-
save_environment_variable('VAULT_ADDR',
|
|
24
|
+
def self.setup_environment(forwards, target = '~/.bash_profile')
|
|
25
|
+
save_environment_variable('VAULT_SKIP_VERIFY', true, target)
|
|
26
|
+
save_environment_variable('VAULT_ADDR', build_vault_address(forwards), target)
|
|
26
27
|
end
|
|
27
28
|
|
|
28
|
-
def self.
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
29
|
+
def self.build_vault_address(forwards)
|
|
30
|
+
"https://vault.brighter.io:#{forwards[:'vault.brighter.io'][:local_port]}"
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def self.save_environment_variable(key, value, target = '~/.bash_profile')
|
|
34
|
+
contents = File.read(target)
|
|
35
|
+
contents = contents.gsub(/export #{key}=#{value}/, '') if has_environment_variable?(key, value, target)
|
|
36
|
+
contents << "export #{key}=#{value.to_s}\n"
|
|
37
|
+
File.write(target, contents)
|
|
33
38
|
ENV[key] = value.to_s
|
|
34
39
|
end
|
|
35
40
|
|
|
36
|
-
def self.has_environment_variables?(
|
|
37
|
-
|
|
41
|
+
def self.has_environment_variables?(forwards, target = '~/.bash_profile')
|
|
42
|
+
has_vault_skip_verify = has_environment_variable?('VAULT_SKIP_VERIFY', true, target)
|
|
43
|
+
has_vault_addr = has_environment_variable?('VAULT_ADDR', build_vault_address(forwards), target)
|
|
44
|
+
(has_vault_addr != nil) && (has_vault_skip_verify != nil)
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
def self.has_environment_variable?(key, value, target = '~/.bash_profile')
|
|
48
|
+
contents = File.read(target)
|
|
49
|
+
contents.match(/export #{key}=#{value}/)
|
|
38
50
|
end
|
|
39
51
|
|
|
40
52
|
def self.save_token(token, home_directory = '~')
|
data/lib/sambot/version.rb
CHANGED