sshkit 1.16.1 → 1.18.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: adf8778cdb780fc5190e6e29a913f97c9367073850ec4db02c30ee5fca61b15e
-  data.tar.gz: b9ad84e2f7cdc7cfd6d5773954b764182a828b3b02886085ce29a96a75f1672f
+  metadata.gz: bebf3a96075e905b11a3f52b5e75064e49f5d710c375ae2c39c7bbd93b7d76bd
+  data.tar.gz: e8d9ab9ec716df400ce730ebc82c74a32c23c83e0edc52b778e74a5cba8055ee
 SHA512:
-  metadata.gz: d7a6fc9a49bf60dc427426a988499d081d0666c1a2e3ac06b57952a6352c3ae93c09792d464ad844295cf3a6fb69cfb238213b6bd93fdf5e761b603df205c36c
-  data.tar.gz: d1e3a4f0eb0cf3e3baca205bffe236581fc260f5c7e70cbd9155d64f827bc3ce6732f2f74f9024171f192aa2e0061dcb9894b651ded2a916479164d98dfcd4fd
+  metadata.gz: e91cf1cbcff6c0dfaef0f2a05a6843f5312f8091b6b55fbc24022cc4e688c29fce690ac09d3b6cb33a9e8c42ba6bcb1441479f5fdf40d111f862ff55bb3b9122
+  data.tar.gz: 3e50dc789ef3dff1ecd3041f89c332bc5883157c9ab2f007148e0c025f47f3a2941bab046661f45dcaa5f4880493674d34ff142df660f19a7eaf82b0c9e5da41

data/CHANGELOG.md

@@ -7,6 +7,14 @@ appear at the top.
 
   * Your contribution here!
 
+## [1.18.0][] (2018-10-21)
+
+  * [#435](https://github.com/capistrano/sshkit/pull/435): Consistent verbosity configuration #capture and #test methods - [@NikolayRys](https://github.com/NikolayRys)
+
+## [1.17.0][] (2018-07-07)
+
+  * [#430](https://github.com/capistrano/sshkit/pull/430): [Feature] Command Argument STDOUT/capistrano.log Hiding - [@NorseGaud](https://github.com/NorseGaud)
+
 ## [1.16.1][] (2018-05-20)
 
   * [#425](https://github.com/capistrano/sshkit/pull/425): Command#group incorrectly escapes double quotes, resulting in a a syntax error when specifying the group execution using `as`. This issue manifested when user command quotes changed from double quotes to single quotes. This fix removes the double quote escaping - [@pblesi](https://github.com/pblesi).
@@ -742,7 +750,9 @@ version `0.0.5`.
 
 First release.
 
-[Unreleased]: https://github.com/capistrano/sshkit/compare/v1.16.1...HEAD
+[Unreleased]: https://github.com/capistrano/sshkit/compare/v1.18.0...HEAD
+[1.18.0]: https://github.com/capistrano/sshkit/compare/v1.17.0...v1.18.0
+[1.17.0]: https://github.com/capistrano/sshkit/compare/v1.16.1...v1.17.0
 [1.16.1]: https://github.com/capistrano/sshkit/compare/v1.16.0...v1.16.1
 [1.16.0]: https://github.com/capistrano/sshkit/compare/v1.15.1...v1.16.0
 [1.15.1]: https://github.com/capistrano/sshkit/compare/v1.15.0...v1.15.1

data/Gemfile

@@ -18,8 +18,3 @@ end
 if Gem::Requirement.new('< 2.1').satisfied_by?(Gem::Version.new(RUBY_VERSION))
   gem 'public_suffix', '< 3'
 end
-
-# rbnacl-libsodium > 1.0.15.1 requires Ruby 2.2.6+
-if Gem::Requirement.new('< 2.2.6').satisfied_by?(Gem::Version.new(RUBY_VERSION))
-  gem 'rbnacl-libsodium', '<= 1.0.15.1'
-end

data/README.md

@@ -5,7 +5,6 @@ more servers.
 
 [![Gem Version](https://badge.fury.io/rb/sshkit.svg)](https://rubygems.org/gems/sshkit)
 [![Build Status](https://travis-ci.org/capistrano/sshkit.svg?branch=master)](https://travis-ci.org/capistrano/sshkit)
-[![Dependency Status](https://gemnasium.com/capistrano/sshkit.svg)](https://gemnasium.com/capistrano/sshkit)
 
 ## How might it work?
 
@@ -444,6 +443,38 @@ SSHKit.config.output = SSHKit::Formatter::Pretty.new(output)
 SSHKit.config.output = SSHKit::Formatter::SimpleText.new(File.open('log/deploy.log', 'wb'))
 ```
 
+#### Output & Log Redaction
+
+If necessary, `redact` can be used on a section of your `execute` arguments to hide it from both STDOUT and the capistrano.log. It supports the majority of data types.
+
+```ruby
+# Example from capistrano-postgresql gem
+execute(:psql, fetch(:pg_system_db), '-c', %Q{"CREATE USER \\"#{fetch(:pg_username)}\\" PASSWORD}, redact("'#{fetch(:pg_password)}'"), %Q{;"})
+```
+Once wrapped, sshkit logging will replace the actual pg_password with a [REDACTED] value. The created database user will have the value from `fetch(:pg_password)`.
+
+```
+# STDOUT
+00:00 postgresql:create_database_user
+      01 sudo -i -u postgres psql -d postgres -c "CREATE USER \"db_admin_user\" PASSWORD [REDACTED] ;"
+      01 CREATE ROLE
+    ✔ 01 user@localhost 0.099s
+
+# capistrano.log
+INFO [59dbd2ba] Running /usr/bin/env sudo -i -u postgres psql -d postgres -c "CREATE USER \"db_admin_user\" PASSWORD [REDACTED] ;" as user@localhost
+DEBUG [59dbd2ba] Command: ( export PATH="$HOME/.gem/ruby/2.5.0/bin:$PATH" ; /usr/bin/env sudo -i -u postgres psql -d postgres -c "CREATE USER \"db_admin_user\" PASSWORD [REDACTED] ;" )
+DEBUG [529b623c] CREATE ROLE
+
+```
+
+Certain commands will require that no spaces exist between a string and what you want hidden. Because SSHKIT will include a whitespace between each argument of `execute`, this can be dealt with by wrapping both in redact:
+
+```ruby
+# lib/capistrano/tasks/systemd.rake
+execute :sudo, :echo, redact("CONTENT_WEB_TOOLS_PASS='#{ENV['CONTENT_WEB_TOOLS_PASS']}'"), ">> /etc/systemd/system/#{fetch(:application)}_sidekiq.service.d/EnvironmentFile", '"'
+
+```
+
 #### Output Colors
 
 By default, SSHKit will color the output using ANSI color escape sequences
@@ -489,6 +520,8 @@ produces a large amount of noise. They are tagged with a verbosity option on
 the `Command` instances of `Logger::DEBUG`. The default configuration for
 output verbosity is available to override with `SSHKit.config.output_verbosity=`,
 and defaults to `Logger::INFO`.
+Another way to is to provide a hash containing `{verbosity: Logger::INFO}` as
+a last parameter for the method call.
 
 At present the `Logger::WARN`, `ERROR` and `FATAL` are not used.
 

data/lib/sshkit.rb

@@ -21,6 +21,9 @@ module SSHKit
 
   end
 
+  # Used for redaction of a certain argument
+  module Redaction end
+
 end
 
 require_relative 'sshkit/all'

data/lib/sshkit/backends/abstract.rb

@@ -42,6 +42,10 @@ module SSHKit
         @group = nil
       end
 
+      def redact(arg) # Used in execute_command to hide redact() args a user passes in
+        arg.to_s.extend(Redaction) # to_s due to our inability to extend Integer, etc
+      end
+
       def make(commands=[])
         execute :make, commands
       end
@@ -51,7 +55,7 @@ module SSHKit
       end
 
       def test(*args)
-        options = args.extract_options!.merge(raise_on_non_zero_exit: false, verbosity: Logger::DEBUG)
+        options = { verbosity: Logger::DEBUG, raise_on_non_zero_exit: false }.merge(args.extract_options!)
         create_command_and_execute(args, options).success?
       end
 

data/lib/sshkit/backends/local.rb

@@ -39,10 +39,8 @@ module SSHKit
       private
 
       def execute_command(cmd)
-        output.log_command_start(cmd)
-
+        output.log_command_start(cmd.with_redaction)
         cmd.started = Time.now
-
         Open3.popen3(cmd.to_command) do |stdin, stdout, stderr, wait_thr|
           stdout_thread = Thread.new do
             while (line = stdout.gets) do
@@ -50,19 +48,15 @@ module SSHKit
               output.log_command_data(cmd, :stdout, line)
             end
           end
-
           stderr_thread = Thread.new do
             while (line = stderr.gets) do
               cmd.on_stderr(stdin, line)
               output.log_command_data(cmd, :stderr, line)
             end
           end
-
           stdout_thread.join
           stderr_thread.join
-
           cmd.exit_status = wait_thr.value.to_i
-
           output.log_command_exit(cmd)
         end
       end

data/lib/sshkit/backends/netssh.rb

@@ -123,7 +123,7 @@ module SSHKit
       end
 
       def execute_command(cmd)
-        output.log_command_start(cmd)
+        output.log_command_start(cmd.with_redaction)
         cmd.started = true
         exit_status = nil
         with_ssh do |ssh|

data/lib/sshkit/backends/printer.rb

@@ -5,7 +5,7 @@ module SSHKit
     class Printer < Abstract
 
       def execute_command(cmd)
-        output.log_command_start(cmd)
+        output.log_command_start(cmd.with_redaction)
       end
 
       alias :upload! :execute

data/lib/sshkit/command.rb

@@ -204,6 +204,13 @@ module SSHKit
       end
     end
 
+    def with_redaction
+      new_args = args.map{|arg| arg.is_a?(Redaction) ? '[REDACTED]' : arg }
+      redacted_cmd = dup
+      redacted_cmd.instance_variable_set(:@args, new_args)
+      redacted_cmd
+    end
+
     def to_s
       if should_map?
         [SSHKit.config.command_map[command.to_sym], *Array(args)].join(' ')

data/lib/sshkit/version.rb

@@ -1,3 +1,3 @@
 module SSHKit
-  VERSION = "1.16.1".freeze
+  VERSION = "1.18.0".freeze
 end

data/sshkit.gemspec

@@ -29,6 +29,5 @@ Gem::Specification.new do |gem|
   gem.add_development_dependency('mocha')
 
   gem.add_development_dependency('bcrypt_pbkdf')
-  gem.add_development_dependency('rbnacl', '~> 3.4')
-  gem.add_development_dependency('rbnacl-libsodium')
+  gem.add_development_dependency('ed25519', '>= 1.2', '< 2.0')
 end

data/test/functional/backends/test_netssh.rb

@@ -42,13 +42,43 @@ module SSHKit
         ], command_lines
       end
 
+      def test_redaction
+        # Be sure redaction in the logs is showing [REDACTED]
+        Netssh.new(a_host) do
+          execute :echo, 'password:', redact('PASSWORD')
+          execute :echo, 'password:', redact(10000)
+          execute :echo, 'password:', redact(['test1','test2'])
+          execute :echo, 'password:', redact({:test => 'test_value'})
+        end.run
+        command_lines = @output.lines.select { |line| line.start_with?('Command:') }
+        assert_equal [
+                         "Command: /usr/bin/env echo password: [REDACTED]\n",
+                         "Command: /usr/bin/env echo password: [REDACTED]\n",
+                         "Command: /usr/bin/env echo password: [REDACTED]\n",
+                         "Command: /usr/bin/env echo password: [REDACTED]\n"
+                     ], command_lines
+        # Be sure the actual command executed without *REDACTED*
+        Netssh.new(a_host) do
+          file_name = 'test.file'
+          execute :touch, redact("'#{file_name}'") # Test and be sure single quotes are included in actual command; expected /usr/bin/env touch 'test.file'
+          execute :ls, 'test.file'
+        end.run
+        ls_lines = @output.lines.select { |line| line.start_with?("\ttest.file") }
+        assert_equal [
+                         "\ttest.file\n"
+                     ], ls_lines
+        # Cleanup
+        Netssh.new(a_host) do
+          execute :rm, ' -f test.file'
+        end.run
+      end
+
       def test_group_netssh
         Netssh.new(a_host) do
           as user: :root, group: :admin do
            execute :touch, 'restart.txt'
           end
         end.run
-
         command_lines = @output.lines.select { |line| line.start_with?('Command:') }
         assert_equal [
           "Command: if ! sudo -u root whoami > /dev/null; then echo \"You cannot switch to user 'root' using sudo, please check the sudoers file\" 1>&2; false; fi\n",
@@ -66,16 +96,21 @@ module SSHKit
       end
 
       def test_ssh_option_merge
-        a_host.ssh_options = { paranoid: true }
+        verify_host_opt = if Net::SSH::Version::MAJOR >= 5
+                            { verify_host_key: :always }
+                          else
+                            { paranoid: true }
+                          end
+        a_host.ssh_options = verify_host_opt
         host_ssh_options = {}
         SSHKit::Backend::Netssh.config.ssh_options = { forward_agent: false }
         Netssh.new(a_host) do |host|
           capture(:uname)
           host_ssh_options = host.ssh_options
         end.run
-        assert_equal [:forward_agent, :paranoid, :known_hosts, :logger, :password_prompt].sort, host_ssh_options.keys.sort
+        assert_equal [:forward_agent, *verify_host_opt.keys, :known_hosts, :logger, :password_prompt].sort, host_ssh_options.keys.sort
         assert_equal false, host_ssh_options[:forward_agent]
-        assert_equal true, host_ssh_options[:paranoid]
+        assert_equal verify_host_opt.values.first, host_ssh_options[verify_host_opt.keys.first]
         assert_instance_of SSHKit::Backend::Netssh::KnownHosts, host_ssh_options[:known_hosts]
       end
 

data/test/unit/backends/test_abstract.rb

@@ -40,7 +40,7 @@ module SSHKit
         )
       end
 
-      def test_test_method_creates_and_executes_command_with_false_raise_on_non_zero_exit
+      def test_test_creates_and_executes_command_with_false_raise_on_non_zero_exit
         backend = ExampleBackend.new do
           test '[ -d /some/file ]'
         end
@@ -51,6 +51,14 @@ module SSHKit
         assert_equal false, backend.executed_command.options[:raise_on_non_zero_exit], 'raise_on_non_zero_exit option'
       end
 
+      def test_test_allows_to_override_verbosity
+        backend = ExampleBackend.new do
+          test 'echo output', {verbosity: Logger::INFO}
+        end
+        backend.run
+        assert_equal(backend.executed_command.options[:verbosity], Logger::INFO)
+      end
+
       def test_capture_creates_and_executes_command_and_returns_stripped_output
         output = nil
         backend = ExampleBackend.new do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sshkit
 version: !ruby/object:Gem::Version
-  version: 1.16.1
+  version: 1.18.0
 platform: ruby
 authors:
 - Lee Hambley
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-05-21 00:00:00.000000000 Z
+date: 2018-10-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: net-ssh
@@ -152,33 +152,25 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rbnacl
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.4'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.4'
-- !ruby/object:Gem::Dependency
-  name: rbnacl-libsodium
+  name: ed25519
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
 description: A comprehensive toolkit for remotely running commands in a structured
   manner on groups of servers.
 email: