sty 0.0.1

data/lib/sty/config.rb

@@ -0,0 +1,9 @@
+require 'psych'
+
+class Config
+
+  def self.yaml(file)
+    Psych.load_file("#{file}.yaml")
+  end
+
+end

data/lib/sty/console.rb

@@ -0,0 +1,106 @@
+require_relative 'functions'
+
+require 'cgi'
+require 'json'
+require 'net/http'
+require 'open3'
+
+class Console
+
+  CONSOLE_URL = 'https://ap-southeast-2.console.aws.amazon.com/'
+  SIGN_IN_URL = 'https://signin.aws.amazon.com/federation'
+  SIGN_OUT_URL = 'https://ap-southeast-2.console.aws.amazon.com/console/logout!doLogout'
+
+  SESSION_DURATION_SECONDS = 43200
+
+  BROWSERS = %w(chrome firefox vivaldi safari)
+
+  def go(url, browser = '', incognito = false)
+    url = "'#{url}'"
+    run = %w(open)
+    run << '-n' if incognito
+    case browser.downcase
+    when 'safari'
+      run << "-a 'Safari'"
+      run << url
+    when 'chrome'
+      run << "-a 'Google Chrome'"
+      incognito ? run << "--args --incognito #{url}" : run << url
+    when 'firefox'
+      run << '-a Firefox'
+      incognito ? run << "--args -private-window #{url}" : run << url
+    when 'vivaldi'
+      run << '-a Vivaldi'
+      incognito ? run << "--args --incognito #{url}" : run << url
+    else
+      run << url
+    end
+
+    puts run.join(' ')
+    system(run.join(' '))
+  end
+
+  def signin_params
+    return @signin_params if @signin_params
+
+    creds_string = {'sessionId' => ENV['AWS_ACCESS_KEY_ID'],
+                    'sessionKey' => ENV['AWS_SECRET_ACCESS_KEY'],
+                    'sessionToken' => ENV['AWS_SESSION_TOKEN']}.to_json
+
+    uri = URI(SIGN_IN_URL)
+    params = {'Action' => 'getSigninToken',
+              'Session' => creds_string}
+    uri.query = URI.encode_www_form(params)
+
+    begin
+      res = Net::HTTP.get_response(uri)
+    rescue Exception => e
+      puts red("ERROR! Unable to obtain signin token.")
+      puts white(e.message)
+      exit 1
+    end
+
+    unless res.is_a?(Net::HTTPSuccess)
+      puts red("ERROR! Unable to obtain signin token.")
+      puts white("#{SIGN_IN_URL} returns #{res.code}")
+      puts res.body
+      exit 1
+    end
+
+    @signin_params = JSON.parse(res.body)
+  end
+
+  def action(browser, incognito, logout)
+    if logout
+      logout(browser, incognito)
+    else
+      login(browser, incognito)
+    end
+  end
+
+  def logout(browser, incognito)
+    go(SIGN_OUT_URL, browser || '', incognito)
+  end
+
+  def login(browser, incognito)
+    act_acc
+
+    if remained_minutes <= 0
+      puts red("Session expired")
+      exit 1
+    end
+
+    signin_params['Action'] = 'login'
+    signin_params['Destination'] = CONSOLE_URL
+
+    params_str = signin_params.map do |k, v|
+      "#{k}=#{CGI.escape(v.to_s)}"
+    end.join('&')
+
+    console_url = "#{SIGN_IN_URL}?#{params_str}"
+
+    go(console_url, browser || '', incognito)
+  end
+
+
+end

data/lib/sty/dig.rb

@@ -0,0 +1,22 @@
+module RubyDig
+  def dig(key, *rest)
+    value = self[key]
+    if value.nil? || rest.empty?
+      value
+    elsif value.respond_to?(:dig)
+      value.dig(*rest)
+    else
+      fail TypeError, "#{value.class} does not have #dig method"
+    end
+  end
+end
+
+if RUBY_VERSION < '2.3'
+  class Array
+    include RubyDig
+  end
+
+  class Hash
+    include RubyDig
+  end
+end

data/lib/sty/functions.rb

@@ -0,0 +1,94 @@
+require 'psych'
+require 'time'
+
+def sty_home
+  home = File.expand_path('~')
+  "#{home}/.sty"
+end
+
+def colorize(string, color_code)
+  "\e[#{color_code}m#{string}\e[0m"
+end
+
+def red(string)
+  colorize(string, 31)
+end
+
+def green(string)
+  colorize(string, 32)
+end
+
+def yellow(string)
+  colorize(string, 33)
+end
+
+def magenta(string)
+  colorize(string, 35)
+end
+
+def white(string)
+  colorize(string, 97)
+end
+
+def to_path(fqn)
+  [fqn].flatten.map { |a| a.split("/") }.flatten
+end
+
+def to_fqn(path)
+  path.join('/')
+end
+
+def dir
+  @dir = @dir || sty_home
+end
+
+def cache_file(path, identity)
+  "#{dir}/auth-cache/#{path.join('-')}-#{identity}.yaml"
+end
+
+def yaml(file)
+  Psych.load_file("#{dir}/#{file}.yaml")
+end
+
+def dump(hash, file)
+  File.open("#{dir}/#{file}.yaml", 'w') do |f|
+    f.write(Psych.dump(hash))
+  end
+end
+
+def remained_minutes
+  ((Time.parse(ENV['AWS_SESSION_EXPIRY']) - Time.now) / 60).to_i
+end
+
+def region
+  ENV['AWS_REGION'] || DEFAULT_REGION
+end
+
+def act_acc
+  act_acc = ENV['AWS_ACTIVE_ACCOUNT']
+  unless act_acc
+    puts red('ERROR! AWS_ACTIVE_ACCOUNT variable is not set. Is your session authenticated ?')
+    exit 1
+  end
+  act_acc
+end
+
+def matches(container, value)
+  container = container.to_s
+  if /#{value}/i =~ container.to_s
+    match = $&
+    container.split(match).insert(1,white(match)).join
+  end
+end
+
+def deep_find(obj, value, result = {}, path = [])
+  if obj.is_a?(Hash)
+    obj.each do |k,v|
+      deep_find(v, value, result, path + [k])
+    end
+    return result
+  else
+    m = matches(obj, value)
+    result[to_fqn(path)] = m if m
+  end
+end

data/lib/sty/info.rb

@@ -0,0 +1,42 @@
+require_relative 'functions'
+
+class Info
+
+  def session_info
+    if ENV['AWS_ACTIVE_ACCOUNT']
+      puts "Active account: #{white(ENV['AWS_ACTIVE_ACCOUNT'])}"
+    else
+      puts red("You are not authenticated with sty")
+    end
+
+    if ENV['AWS_ACTIVE_IDENTITY']
+      puts "Active identity: #{white(ENV['AWS_ACTIVE_IDENTITY'])}"
+    end
+
+    if ENV['AWS_SESSION_EXPIRY']
+      if remained_minutes > 0
+        puts "Session active, expires in #{white(remained_minutes)} min."
+      else
+        puts red("Session expired")
+      end
+    end
+
+  end
+
+  def account_info(partial)
+
+    config = yaml('auth')
+
+    puts "Searching config for '#{partial}':"
+    result = deep_find(config, partial)
+
+    if result.any?
+      result.each do |k, v|
+        puts "#{k}: #{v}"
+      end
+    else
+      puts 'Nothing found'
+    end
+  end
+
+end

data/lib/sty/keychain.rb

@@ -0,0 +1,3 @@
+class Keychain > Store
+
+end

data/lib/sty/proxy.rb

@@ -0,0 +1,55 @@
+require_relative 'functions'
+
+class Proxy
+
+  def config
+    @config = @config || yaml('proxy')
+  end
+
+  def proxy_vars
+    ENV.select { |e| e =~ /(https?|no)_proxy/i }
+  end
+
+  def unset
+    proxy_vars.keys.map do |e|
+      "unset #{e}"
+    end
+  end
+
+  def set(px)
+    proxy = config[px]
+
+    unless proxy
+      STDERR.puts red("ERROR! Proxy #{px} was not found in the config file.")
+      exit 1
+    end
+
+    STDERR.puts "Proxy is set to #{proxy['proxy']}"
+    ["export http_proxy=#{proxy['proxy']}",
+     "export https_proxy=#{proxy['proxy']}",
+     "export no_proxy=#{proxy['no-proxy']}"]
+  end
+
+  def output(strings)
+    puts "#EVAL#"
+    strings.each do |s|
+      puts "#{s};"
+    end
+  end
+
+  def action(px)
+    case
+    when px.nil?
+      STDERR.puts "Current proxy vars:"
+      proxy_vars.each do |k,v|
+        STDERR.puts "#{k}=#{v}"
+      end
+    when px =~ /off/i
+      STDERR.puts "Proxy vars unset"
+      output(unset)
+    else
+      output(unset + set(px))
+    end
+  end
+
+end

data/lib/sty/ssh.rb

@@ -0,0 +1,270 @@
+require_relative 'functions'
+require 'uri'
+
+class Ssh
+
+  def initialize
+    require 'aws-sdk-ec2'
+    Aws.config.update(:http_proxy => ENV['https_proxy'])
+  end
+
+  def all_instances
+    instances = []
+    options = {}
+
+    loop do
+      resp = ec2.describe_instances(options)
+      instances += resp.reservations.map { |r| r.instances }.flatten
+      break unless resp.next_token
+      options[:next_token] = resp.next_token
+    end
+
+    instances
+  end
+
+  def valid_key_file?(key_name, key_file)
+    aws_fp = ec2.describe_key_pairs(key_names: [key_name]).key_pairs[0].key_fingerprint
+    calculated_fp = `openssl pkcs8 -in #{key_file} -nocrypt -topk8 -outform DER | openssl sha1 -c`.chomp
+    aws_fp == calculated_fp
+  end
+
+  def instance_id(instance)
+    instance.instance_id
+  end
+
+  def instance_name(instance)
+    name_tag = instance.tags.select { |t| t.key == 'Name' }.first
+    name_tag ? name_tag.value : "None"
+  end
+
+  def instance_ips(instance)
+    instance.network_interfaces.map { |n| n.private_ip_address }
+  end
+
+  def extract_fields(inst)
+    [instance_name(inst), instance_id(inst)] + instance_ips(inst)
+  end
+
+  def prepare_regex(names)
+    names = ['.'] if names.empty?
+    names.map { |n| Regexp.new(Regexp.quote(n), Regexp::IGNORECASE) }
+  end
+
+  def find(instances, names)
+    re = prepare_regex(names)
+    instances.select do |i|
+      i.state.name == 'running' &&
+          extract_fields(i).any? { |f| re.all? { |r| f =~ r } }
+    end.sort{|a,b| instance_name(a) <=> instance_name(b)}
+  end
+
+  def win?(instance)
+    instance.platform =~ /windows/i
+  end
+
+  def platform(instance)
+    win?(instance) ? " [Win] " : ""
+  end
+
+  def print_refine_instances(instances, type)
+    puts "Please refine #{type} instance:"
+    instances.each_with_index do |inst, idx|
+      puts "#{idx}: #{instance_id(inst)} [#{instance_name(inst)}] #{platform(inst)}(#{instance_ips(inst).join(', ')}) "
+    end
+  end
+
+  def print_refine_ips(ips)
+    puts 'Please refine IP address:'
+    ips.each_with_index do |ip, idx|
+      puts "#{idx}: #{ip}"
+    end
+  end
+
+  #Not used anymore
+  def print_refine_keys(keys)
+    puts 'Please refine key:'
+    keys.each_with_index do |key, idx|
+      puts "#{idx}: #{key}"
+    end
+  end
+
+  def find_path(hash, path)
+    path.split('/').reduce(hash) { |memo, path| memo[path] if memo}
+  end
+
+  def path?(str)
+    str =~ /\//
+  end
+
+  def path_error(path)
+    puts red("ERROR ! No jumphost found for #{path}")
+    exit 1
+  end
+
+  def config
+    @config = @config || yaml('ec2')
+  end
+
+  def ec2
+    @ec2 = @ec2 || Aws::EC2::Client.new
+  end
+
+  def auth_config
+    @auth_config = @auth_config || yaml('auth-keys')
+  end
+
+  def username
+    auth_config['ec2-username'] || auth_config['username']
+  end
+
+  def key_dir
+    ssh_keys = auth_config['ssh-keys']
+    ssh_keys = "#{dir}/#{ssh_keys}" unless ssh_keys =~ /^\/|^~/
+    ssh_keys
+  end
+
+  def refine(found)
+    if found.size > 1
+      refine = nil
+      loop do
+        yield(found)
+        refine = Integer(STDIN.gets.chomp) rescue false
+        break if refine && refine < found.size
+      end
+      target = found[refine]
+    else
+      target = found.first
+    end
+    target
+  end
+
+  def find_jumphost_from_config(act_acc, platform)
+    jumphosts = find_path(config, act_acc)
+
+    unless jumphosts
+      puts red("No jumphost configured for #{act_acc}")
+      exit 1
+    end
+
+    path_error(act_acc) unless jumphosts
+
+    if path?(jumphosts)
+      jumphost_path = jumphosts
+      jumphosts = find_path(config, jumphost_path)
+    end
+
+    path_error(jumphost_path) unless jumphosts
+
+    jumphosts[platform]
+  end
+
+  def find_instance(args, type)
+    found = find(all_instances, args)
+    if found.empty?
+      puts "No instances found for search terms: #{args.join(', ')}"
+      exit 1
+    end
+    target = refine(found) {|found| print_refine_instances(found, type)}
+    ip = refine(instance_ips(target)) {|found| print_refine_ips(found)}
+    OpenStruct.new(ip: ip,
+                   platform: win?(target) ? 'windows' : 'linux',
+                   key_name: target.key_name)
+  end
+
+  def find_key(key_name)
+
+    keys_glob =  Dir.glob("#{key_dir}/**/#{key_name}.pem")
+
+    if keys_glob.size < 1
+      puts red("ERROR! Unable to find key #{key_name}.pem within #{key_dir}")
+      exit 1
+    end
+
+    key = keys_glob.detect do |key_file|
+      valid_key_file?(key_name,key_file)
+    end
+
+    unless key
+      puts red("ERROR! There is no key file with matching fingerprint")
+      exit 1
+    end
+
+    key
+  end
+
+  def print_command(cmd)
+    puts "Generated command:\n------------------------\n#{cmd}"
+    puts '------------------------'
+  end
+
+  def connect(search, no_jumphost, jumphost_override, target_key)
+
+    no_strict = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
+    server_alive = "-o ServerAliveInterval=25"
+    ec2_user = 'ec2-user'
+
+    opts = []
+    opts << 'no_jumphost' if no_jumphost
+    opts << 'select_jumphost' if jumphost_override
+    opts << 'use_key' if target_key
+    puts "Enabled options: #{opts.join(', ')}"
+    puts "Requested search terms: #{search.join(', ')}"
+
+    puts "Active account: #{act_acc}"
+
+    instance = find_instance(search, 'target')
+
+    if instance.platform == 'windows'
+
+#      username=s:#{username}
+#
+      jumphost = find_jumphost_from_config(act_acc, instance.platform)
+      cmd = %W(
+      rdp://gatewayusagemethod:i:1
+      gatewaycredentialssource:i:4
+      gatewayprofileusagemethod:i:1
+      promptcredentialonce:i:0
+      gatewaybrokeringtype:i:0
+
+      gatewayhostname=s:#{jumphost}
+      full\ address=s:#{instance.ip}
+      )
+      cmd = URI.escape(cmd.join('&'))
+      cmd = "open \"#{cmd}\""
+
+    else
+
+      proxy = ''
+      unless no_jumphost
+
+        if jumphost_override
+          puts 'Type jumphost search terms:'
+          jumphost_query = STDIN.gets.chomp
+          jh_instance = find_instance([jumphost_query], 'jumphost')
+          jh_key = find_key(jh_instance.key_name)
+          jh_string = "-i #{jh_key} #{ec2_user}@#{jh_instance.ip}"
+        else
+          jumphost = find_jumphost_from_config(act_acc, instance.platform)
+          jh_string = "#{username}@#{jumphost}"
+        end
+
+        proxy = "-o ProxyCommand='ssh #{server_alive} #{no_strict} #{jh_string} nc #{instance.ip} 22'"
+      end
+
+
+      if target_key
+        key = find_key(instance.key_name)
+        target_string = "-i #{key} #{ec2_user}@#{instance.ip}"
+      else
+        target_string = "#{username}@#{instance.ip}"
+      end
+
+      cmd = "ssh #{proxy} #{no_strict} #{server_alive} #{target_string}"
+
+    end
+    print_command(cmd)
+    exec cmd
+
+  end
+end
+