simp-cli 1.0.12

data/lib/simp/cli/config/questionnaire.rb

@@ -0,0 +1,86 @@
+module Simp; end
+class Simp::Cli; end
+module Simp::Cli::Config; end
+
+require File.expand_path( '../commands/config', File.dirname(__FILE__) )
+require File.expand_path( 'utils', File.dirname(__FILE__) )
+
+# Builds a SIMP configuration profile based on an Array of Config::Items
+#
+# The configuration profile is built on a Questionnaire, which is interactive
+# by default, but can be automated.
+#
+class Simp::Cli::Config::Questionnaire
+
+  INTERACTIVE           = 0
+  NONINTERACTIVE        = 1
+  REALLY_NONINTERACTIVE = 2
+
+  def initialize( options = {} )
+    @options = {
+     :noninteractive          => INTERACTIVE,
+     :verbose                 => 0
+    }.merge( options )
+  end
+
+
+  # processes an Array of Config::Items and returns a hash of Config::Item
+  # answers
+  def process( item_queue=[], answers={} )
+    if item = item_queue.shift
+      item.config_items = answers
+      process_item item
+
+      # add (or replace) this item's answer to the answers list
+      answers[ item.key ] = item
+
+      # add any next_items to the queue
+      item_queue = item.next_items + item_queue
+
+      process item_queue, answers
+    end
+
+    answers
+  end
+
+
+  # process a Config::Item
+  #
+  # simp config can run in the following modes:
+  #   - interactive (prompt each item)
+  #   - mostly non-interactive (-f/-A; prompt items that can't be inferred)
+  #   - never prompt (-a/-ff);
+  #   - never prompt (-ff; relies on cli args for non-inferrable items))
+  def process_item item
+    item.skip_query = true if @options[ :noninteractive ] >= NONINTERACTIVE
+    if @options.fetch( :fail_on_missing_answers, false )
+      item.fail_on_missing_answer = true
+    end
+
+    if @options[ :noninteractive ] == INTERACTIVE
+      item.query
+    else
+      value = item.default_value
+
+      if item.validate( value )
+        item.value = value
+        item.print_summary if @options.fetch( :verbose ) >= 0
+      else
+        # alert user that the value is wrong
+        print_invalid_item_error item
+
+        # present an interactive prompt for invalid answers unless '-ff'
+        exit 1 if @options.fetch( :noninteractive ) >= REALLY_NONINTERACTIVE
+        item.skip_query = false
+        value = item.query
+      end
+    end
+    item.safe_apply
+  end
+
+  def print_invalid_item_error item
+    error =  "ERROR: '#{item.value}' is not a valid value for #{item.key}"
+    error += "\n#{item.not_valid_message}" if item.not_valid_message
+    say "<%= color(%q{#{error}}, RED) %>\n"
+  end
+end

data/lib/simp/cli/config/utils.rb

@@ -0,0 +1,128 @@
+module Simp; end
+class Simp::Cli; end
+module Simp::Cli::Config
+  class PasswordError < StandardError; end
+end
+
+class Simp::Cli::Config::Utils
+  DEFAULT_PASSWORD_LENGTH = 32
+  class << self
+    def validate_fqdn fqdn
+      # snarfed from:
+      #   https://www.safaribooksonline.com/library/view/regular-expressions-cookbook/9781449327453/ch08s15.html
+      regex = %r{\A((?=[a-z0-9-]{1,63}\.)(xn--)?[a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,63}\Z}
+      ((fqdn =~ regex) ? true : false )
+    end
+
+
+    def validate_ip ip
+      # using the native 'resolv' class in order to minimize non-EL rubygems
+      # snarfed from:
+      # http://stackoverflow.com/questions/3634998/how-do-i-check-whether-a-value-in-a-string-is-an-ip-address
+      require 'resolv'
+      ((ip =~ Resolv::IPv4::Regex) || (ip =~ Resolv::IPv6::Regex)) ? true : false
+    end
+
+
+    def validate_hostname hostname
+      # based on:
+      #   http://stackoverflow.com/questions/2532053/validate-a-hostname-string
+      #
+      # nicer solution that only works on ruby1.9+:
+      #   ( hostname =~  %r{\A(?!-)[a-z0-9-]{1,63}(?<!-)\Z} ) ? true : false
+      #
+      # ruby1.8-safe version:
+      (( hostname =~  %r{\A[a-z0-9-]{1,63}\Z} ) ? true : false ) &&
+       (( hostname !~ %r{^-|-$} ) ? true : false )
+    end
+
+
+    def validate_netmask( x )
+      # a brute-force regexp that validates all possible valid netmasks
+      nums = '(128|192|224|240|248|252|254)'
+      znums = '(0|128|192|224|240|248|252|254)'
+      regex = /^((#{nums}\.0\.0\.0)|(255\.#{znums}\.0\.0)|(255\.255\.#{znums}\.0)|(255\.255\.255\.#{znums}))$/i
+      x =~ regex ? true: false
+    end
+
+
+    def validate_hiera_lookup( x )
+      x.to_s.strip =~ %r@\%\{.+\}@ ? true : false
+    end
+
+
+    # NOTE: requires shell-based cracklib
+    # TODO: should we find a better way of returning specific error messages than an exception?
+    def validate_password( password )
+      require 'shellwords'
+      if password.length < 8
+        raise Simp::Cli::Config::PasswordError, "Password must be at least 8 characters long"
+        false
+      else
+        pass_result = `echo #{Shellwords.escape(password)} | cracklib-check`.split(':').last.strip
+        if pass_result == "OK"
+          true
+        else
+          raise Simp::Cli::Config::PasswordError, "Invalid Password: #{pass_result}"
+          false
+        end
+      end
+    end
+
+
+    def generate_password( length = DEFAULT_PASSWORD_LENGTH )
+      password = ''
+      special_chars = ['#','%','&','*','+','-','.',':','@']
+      symbols = ('0'..'9').to_a + ('A'..'Z').to_a + ('a'..'z').to_a
+      Integer(length).times { |i| password += (symbols + special_chars)[rand((symbols.length-1 + special_chars.length-1))] }
+      # Ensure that the password does not start or end with a special
+      # character.
+      special_chars.include?(password[0].chr) and password[0] = symbols[rand(symbols.length-1)]
+      special_chars.include?(password[password.length-1].chr) and password[password.length-1] = symbols[rand(symbols.length-1)]
+      password
+    end
+
+
+    # pure-ruby openldap hash generator
+    def encrypt_openldap_hash( string, salt=nil )
+       require 'digest/sha1'
+       require 'base64'
+
+       # Ruby 1.8.7 hack to do Random.new.bytes(4):
+       salt   = salt || (x = ''; 4.times{ x += ((rand * 255).floor.chr ) }; x)
+       digest = Digest::SHA1.digest( string + salt )
+
+       # NOTE: Digest::SHA1.digest in Ruby 1.9+ returns a String encoding in
+       #       ASCII-8BIT, whereas all other Strings in play are UTF-8
+       if RUBY_VERSION.split('.')[0..1].join('.').to_f > 1.8
+         digest = digest.force_encoding( 'UTF-8' )
+         salt   = salt.force_encoding( 'UTF-8' )
+       end
+
+       "{SSHA}"+Base64.encode64( digest + salt ).chomp
+    end
+
+
+    def validate_openldap_hash( x )
+      (x =~ %r@\{SSHA\}[A-Za-z0-9=+/]+@ ) ? true : false
+    end
+
+
+    def generate_certificates(
+          hostnames,
+          ca_dir='/etc/puppet/environments/simp/FakeCA'
+        )
+      result = true
+      Dir.chdir( ca_dir ) do
+        File.open('togen', 'w'){|file| hostnames.each{ |host| file.puts host }}
+
+        # NOTE: script must exist in ca_dir
+        result = system('./gencerts_nopass.sh auto') && result
+
+        # blank file so subsequent runs don't re-key our hosts
+        File.open('togen', 'w'){ |file| file.truncate(0) }
+      end
+      result
+    end
+  end
+end

data/lib/simp/cli/lib/utils.rb

@@ -0,0 +1,114 @@
+module Utils
+  module_function
+
+  DEFAULT_PASSWORD_LENGTH = 32
+
+  def yes_or_no(prompt, default_yes)
+    print prompt + (default_yes ? ' [Y|n]: ' : ' [y|N]: ')
+    case STDIN.gets
+    when /^(y|Y)/
+      true
+    when /^(n|N)/
+      false
+    when /^\s*$/
+      default_yes
+    else
+      yes_or_no(prompt, default_yes)
+    end
+  end
+
+  def get_password
+    print 'Enter password: '
+
+    system('/bin/stty', '-echo')
+    password1 = STDIN.gets.strip
+    system('/bin/stty', 'echo')
+    puts
+
+    print 'Re-enter password: '
+    system('/bin/stty', '-echo')
+    password2 = STDIN.gets.strip
+    system('/bin/stty', 'echo')
+    puts
+
+    if password1 == password2
+      if validate_password(password1)
+        password1
+      else
+        get_password
+      end
+    else
+      puts "  Passwords do not match! Please try again."
+      get_password
+    end
+  end
+
+  def generate_password(length = DEFAULT_PASSWORD_LENGTH, default_is_autogenerate = true)
+    password = ''
+    if Utils.yes_or_no('Do you want to autogenerate the password?', default_is_autogenerate )
+      special_chars = ['#','%','&','*','+','-','.',':','@']
+      symbols = ('0'..'9').to_a + ('A'..'Z').to_a + ('a'..'z').to_a
+      Integer(length).times { |i| password += (symbols + special_chars)[rand((symbols.length-1 + special_chars.length-1))] }
+      # Ensure that the password does not start or end with a special
+      # character.
+      special_chars.include?(password[0].chr) and password[0] = symbols[rand(symbols.length-1)]
+      special_chars.include?(password[password.length-1].chr) and password[password.length-1] = symbols[rand(symbols.length-1)]
+      puts "Your password is:\n#{password}"
+      print 'Push [ENTER] to continue.'
+      $stdout.flush
+      $stdin.gets
+    else
+      password = Utils.get_password
+    end
+    password
+  end
+
+  def validate_password(password)
+    require 'shellwords'
+
+    if password.length < 8
+      puts "  Invalid Password: Password must be at least 8 characters long"
+      false
+    else
+      pass_result = `echo #{Shellwords.escape(password)} | cracklib-check`.split(':').last.strip
+      if pass_result == "OK"
+        true
+      else
+        puts "  Invalid Password: #{pass_result}"
+        false
+      end
+    end
+  end
+
+  def get_value(default_value = '')
+    case default_value
+    when /\d+\.\d+\.\d+\.\d+/
+      print "Enter a new IP: "
+      value = STDIN.gets.strip
+      while !valid_ip?(value)
+        puts "INVALID! Try again..."
+        print "Enter a new IP: "
+        value = STDIN.gets.strip
+      end
+    else
+      print "Enter a value: "
+      value = STDIN.gets.strip
+    end
+    value
+  end
+
+  def generate_certificates(hostname)
+    Dir.chdir('/etc/puppet/Config/FakeCA') do
+      file = File.open('togen', 'w')
+      file.puts hostname
+      file.close
+
+      passphrase = `cat cacertkey`.chomp
+      system('./gencerts_nopass.sh auto')
+    end
+  end
+
+  def valid_ip?(value)
+    value.to_s =~ /^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/
+  end
+end

data/lib/simp/simp.rb

@@ -0,0 +1,77 @@
+#!/usr/bin/env ruby
+class Simp
+  current_dir = File.dirname(File.expand_path(__FILE__)) + '/simp'
+
+  require 'optparse'
+  require current_dir + '/lib/utils'
+
+  protected
+  def self.menu
+    puts "Usage: simp [command]"
+    puts
+    puts "  Commands"
+    @commands.each do |command_name, command_class|
+      puts "    - " + command_name
+    end
+      puts "    - help [command]"
+    puts
+  end
+
+  def self.help
+    puts @opt_parser.to_s
+    puts
+  end
+
+  def self.run(args = [])
+    @opt_parser.parse!
+  end
+
+  private
+  def self.version
+    begin
+      %x{rpm -q simp}.split(/\n/).last.match(/([0-9]+\.[0-9]+\.?[0-9]*)/)[1]
+    rescue
+      #raise "Simp is not installed!"
+      '4.1'
+    end
+  end
+
+  # load the commands from commands/*.rb and grab the classes that are simp commands
+  Dir.glob(current_dir + '/commands/*.rb').sort_by(&:to_s).each do |command_file|
+    require command_file
+  end
+
+  @commands = Simp::Commands::constants.inject({}) do |commands, constant|
+    obj = Simp::Commands.const_get(constant)
+    if obj.respond_to?(:superclass) and obj.superclass == Simp
+      commands[constant.to_s.downcase] = obj
+    end
+    commands
+  end
+  @commands['version'] = self
+
+  if ARGV.length == 0 or (ARGV.length == 1 and ARGV[0] == 'help')
+    menu
+  elsif ARGV[0] == 'version'
+    puts version
+  elsif ARGV[0] == 'help'
+    if (command = @commands[ARGV[1]]).nil?
+      puts "\n\033[31m#{ARGV[1]} is not a recognized command\033[39m\n\n"
+      menu
+    elsif ARGV[1] == 'version'
+      puts "Display the current version of SIMP."
+    else
+      command.help
+    end
+  elsif (command = @commands[ARGV[0]]).nil?
+    puts "\n\033[31m#{ARGV[0]} is not a recognized command\033[39m\n\n"
+    menu
+  else
+    begin
+      command.run(ARGV.drop(1))
+    rescue => e
+      puts "\n\033[31m#{e.message}\033[39m\n\n"
+      e.backtrace.first(10).each{|l| puts l }
+    end
+  end
+end

data/spec/lib/simp/cli/commands/config_spec.rb

@@ -0,0 +1,42 @@
+require 'simp/cli/commands/config'
+require 'simp/cli/config/item'
+require_relative( '../spec_helper' )
+
+require 'yaml'
+
+describe Simp::Cli::Commands::Config do
+###  describe ".print_answers_yaml" do
+###    before :each do
+###      ci                = Simp::Cli::Config::Item.new
+###      ci.key            = 'item'
+###      ci.value          = 'foo'
+###      ci.description    = 'A simple item'
+###      list              = { foo: ci }
+###
+###      ci                = Simp::Cli::Config::ListItem.new
+###      ci.key            = 'list'
+###      ci.value          = ['one','two','three']
+###      ci.description    = 'A simple list'
+###      list[ci.key]      = ci
+###
+###      ci                = Simp::Cli::Config::YesNoItem.new
+###      ci.key            = 'yesno'
+###      ci.value          = true
+###      ci.description    = 'A simple yes/no item'
+###      list[ci.key]      = ci
+###
+###      @simple_item_list = list
+###    end
+###
+###    it "prints yaml" do
+###      io = StringIO.new
+###      Simp::Cli::Commands::Config.print_answers_yaml io, @simple_item_list
+###      y = YAML.load io.string
+###      expect( y ).to be_kind_of Hash
+###      expect( y ).not_to be_empty
+###      expect( y['item'] ).to  eq('foo')
+###      expect( y['list'] ).to  eq(['one','two','three'])
+###      expect( y['yesno'] ).to eq(true)
+###    end
+###  end
+end