pyinfra 0.11.dev3__py3-none-any.whl → 3.6__py3-none-any.whl

pyinfra/modules/iptables.py

@@ -1,271 +0,0 @@
-'''
-The iptables modules handles iptables rules
-'''
-
-from pyinfra.api import operation
-from pyinfra.api.exceptions import OperationError
-
-
-@operation
-def chain(
-    state, host, name, present=True,
-    table='filter', policy=None, version=4,
-):
-    '''
-    Add/remove/update iptables chains.
-
-    + name: the name of the chain
-    + present: whether the chain should exist
-    + table: the iptables table this chain should belong to
-    + policy: the policy this table should have
-    + version: whether to target iptables or ip6tables
-
-    Policy:
-        These can only be applied to system chains (FORWARD, INPUT, OUTPUT, etc).
-    '''
-
-    chains = (
-        host.fact.iptables_chains(table)
-        if version == 4
-        else host.fact.ip6tables_chains(table)
-    )
-
-    command = 'iptables' if version == 4 else 'ip6tables'
-    command = '{0} -t {1}'.format(command, table)
-
-    # Doesn't exist but we want it?
-    if present and name not in chains:
-        yield '{0} -N {1}'.format(command, name)
-
-        if policy:
-            yield '{0} -P {1} {2}'.format(command, name, policy)
-
-    # Exists and we don't want it?
-    if not present and name in chains:
-        yield '{0} -X {1}'.format(command, name)
-
-    # Exists, we want it, but the policies don't match?
-    if present and name in chains and policy and chains[name] != policy:
-        yield '{0} -P {1} {2}'.format(command, name, policy)
-
-
-@operation
-def rule(
-    state, host, chain, jump, present=True,
-    table='filter', append=True, version=4,
-    # Core iptables filter arguments
-    protocol=None, not_protocol=None,
-    source=None, not_source=None,
-    destination=None, not_destination=None,
-    in_interface=None, not_in_interface=None,
-    out_interface=None, not_out_interface=None,
-    # After-rule arguments
-    to_destination=None, to_source=None, to_ports=None, log_prefix=None,
-    # Extras and extra shortcuts
-    destination_port=None, source_port=None, extras='',
-):
-    '''
-    Add/remove iptables rules.
-
-    + chain: the chain this rule should live in
-    + jump: the target of the rule
-    + table: the iptables table this rule should belong to
-    + append: whether to append or insert the rule (if not present)
-    + version: whether to target iptables or ip6tables
-
-    Iptables args:
-
-    + protocol/not_protocol: filter by protocol (tcp or udp)
-    + source/not_source: filter by source IPs
-    + destination/not_destination: filter by destination IPs
-    + in_interface/not_in_interface: filter by incoming interface
-    + out_interface/not_out_interface: filter by outgoing interface
-    + to_destination: where to route to when jump=DNAT
-    + to_source: where to route to when jump=SNAT
-    + to_ports: where to route to when jump=REDIRECT
-    + log_prefix: prefix for the log of this rule when jump=LOG
-
-    Extras:
-
-    + extras: a place to define iptables extension arguments (eg --limit, --physdev)
-    + destination_port: destination port (requires protocol)
-    + source_port: source port (requires protocol)
-
-    Examples:
-
-    .. code:: python
-
-        # Block SSH traffic
-
-        iptables.rule(
-            'INPUT', 'DROP',
-            destination_port=22
-        )
-
-
-        # NAT traffic on from 8.8.8.8:53 to 8.8.4.4:8080
-
-        iptables.rule(
-            'PREROUTING', 'DNAT', table='nat',
-            source='8.8.8.8', destination_port=53,
-            to_destination='8.8.4.4:8080'
-        )
-    '''
-
-    # These are only shortcuts for extras
-    if destination_port:
-        extras = '{0} --dport {1}'.format(extras, destination_port)
-
-    if source_port:
-        extras = '{0} --sport {1}'.format(extras, source_port)
-
-    # Convert the extras string into a set to enable comparison with the fact
-    extras_set = set(extras.split())
-
-    # When protocol is set, the extension is automagically added by iptables (which shows
-    # in iptables-save): http://ipset.netfilter.org/iptables-extensions.man.html
-    if protocol:
-        extras_set.add('-m')
-        extras_set.add(protocol)
-
-    # --dport and --sport do not work without a protocol (because they need -m [tcp|udp]
-    elif destination_port or source_port:
-        raise OperationError(
-            'iptables cannot filter by destination_port/source_port without a protocol',
-        )
-
-    # Verify NAT arguments, --to-destination only w/table=nat, jump=DNAT
-    if to_destination and (table != 'nat' or jump != 'DNAT'):
-        raise OperationError(
-            'iptables only supports to_destination on the nat table and the DNAT jump '
-            '(table={0}, jump={1})'.format(table, jump),
-        )
-
-    # As above, --to-source only w/table=nat, jump=SNAT
-    if to_source and (table != 'nat' or jump != 'SNAT'):
-        raise OperationError(
-            'iptables only supports to_source on the nat table and the SNAT jump '
-            '(table={0}, jump={1})'.format(table, jump),
-        )
-
-    # As above, --to-ports only w/table=nat, jump=REDIRECT
-    if to_ports and (table != 'nat' or jump != 'REDIRECT'):
-        raise OperationError(
-            'iptables only supports to_ports on the nat table and the REDIRECT jump '
-            '(table={0}, jump={1})'.format(table, jump),
-        )
-
-    # --log-prefix is only supported with jump=LOG
-    if log_prefix and jump != 'LOG':
-        raise OperationError(
-            'iptables only supports log_prefix with the LOG jump '
-            '(jump={0})'.format(jump),
-        )
-
-    definition = {
-        'chain': chain,
-        'jump': jump,
-
-        'protocol': protocol,
-        'source': source,
-        'destination': destination,
-        'in_interface': in_interface,
-        'out_interface': out_interface,
-
-        'not_protocol': not_protocol,
-        'not_source': not_source,
-        'not_destination': not_destination,
-        'not_in_interface': not_in_interface,
-        'not_out_interface': not_out_interface,
-
-        # These go *after* the jump argument
-        'log_prefix': log_prefix,
-        'to_destination': to_destination,
-        'to_source': to_source,
-        'to_ports': to_ports,
-        'extras': extras_set,
-    }
-
-    definition = {
-        key: (
-            '{0}/32'.format(value)
-            if (
-                '/' not in value
-                and key in ('source', 'not_source', 'destination', 'not_destination')
-            )
-            else value
-        )
-        for key, value in definition.items()
-        if value
-    }
-
-    rules = (
-        host.fact.iptables_rules(table)
-        if version == 4
-        else host.fact.ip6tables_rules(table)
-    )
-
-    action = None
-
-    # Definition doesn't exist and we want it
-    if present and definition not in rules:
-        action = '-A' if append else '-I'
-
-    # Definition exists and we don't want it
-    if not present and definition in rules:
-        action = '-D'
-
-    # Are we adding/removing a rule? Lets build it
-    if action:
-        args = [
-            'iptables' if version == 4 else 'ip6tables',
-            # Add the table
-            '-t', table,
-            # Add the action and target chain
-            action, chain,
-        ]
-
-        if protocol:
-            args.extend(('-p', protocol))
-
-        if source:
-            args.extend(('-s', source))
-
-        if in_interface:
-            args.extend(('-i', in_interface))
-
-        if out_interface:
-            args.extend(('-o', out_interface))
-
-        if not_protocol:
-            args.extend(('!', '-p', not_protocol))
-
-        if not_source:
-            args.extend(('!', '-s', not_source))
-
-        if not_in_interface:
-            args.extend(('!', '-i', not_in_interface))
-
-        if not_out_interface:
-            args.extend(('!', '-o', not_out_interface))
-
-        if extras:
-            args.append(extras.strip())
-
-        # Add the jump
-        args.extend(('-j', jump))
-
-        if log_prefix:
-            args.extend(('--log-prefix', log_prefix))
-
-        if to_destination:
-            args.extend(('--to-destination', to_destination))
-
-        if to_source:
-            args.extend(('--to-source', to_source))
-
-        if to_ports:
-            args.extend(('--to-ports', to_ports))
-
-        # Build the final iptables command
-        yield ' '.join(args)

pyinfra/modules/lxd.py

@@ -1,45 +0,0 @@
-'''
-The LXD modules manage LXD containers
-'''
-
-from pyinfra.api import operation
-
-
-def get_container_named(name, containers):
-    for container in containers:
-        if container['name'] == name:
-            return container
-    else:
-        return None
-
-
-@operation
-def container(
-    state, host, name,
-    present=True, image='ubuntu:16.04',
-):
-    '''
-    Add/remove LXD containers.
-
-    Note: does not check if an existing container is based on the specified
-    image.
-
-    + name: name of the container
-    + image: image to base the container on
-    + present: whether the container should be present or absent
-    '''
-
-    container = get_container_named(name, host.fact.lxd_containers)
-
-    # Container exists and we don't want it
-    if container and not present:
-        if container['status'] == 'Running':
-            yield 'lxc stop {0}'.format(name)
-
-        # Command to remove the container:
-        yield 'lxc delete {0}'.format(name)
-
-    # Container doesn't exist and we want it
-    if not container and present:
-        # Command to create the container:
-        yield 'lxc launch {image} {name}'.format(name=name, image=image)

pyinfra/modules/mysql.py

@@ -1,347 +0,0 @@
-'''
-Manage MySQL databases, users and privileges.
-
-Requires the ``mysql`` CLI executable on the target host(s).
-
-All operations in this module take four optional global arguments:
-    + ``mysql_user``: the username to connect to mysql to
-    + ``mysql_password``: the password for the connecting user
-    + ``mysql_host``: the hostname of the server to connect to
-    + ``mysql_port``: the port of the server to connect to
-'''
-
-from pyinfra.api import operation, OperationError
-from pyinfra.facts.mysql import make_execute_mysql_command, make_mysql_command
-
-
-@operation
-def sql(
-    state, host, sql,
-    database=None,
-    # Details for speaking to MySQL via `mysql` CLI
-    mysql_user=None, mysql_password=None,
-    mysql_host=None, mysql_port=None,
-):
-    '''
-    Execute arbitrary SQL against MySQL.
-
-    + sql: SQL command(s) to execute
-    + database: optional database to open the connection with
-    + mysql_*: global module arguments, see above
-    '''
-
-    yield make_execute_mysql_command(
-        sql,
-        database=database,
-        user=mysql_user,
-        password=mysql_password,
-        host=mysql_host,
-        port=mysql_port,
-    )
-
-
-@operation
-def user(
-    state, host, name,
-    # Desired user settings
-    present=True,
-    user_hostname='localhost', password=None, privileges=None,
-    # Details for speaking to MySQL via `mysql` CLI via `mysql` CLI
-    mysql_user=None, mysql_password=None,
-    mysql_host=None, mysql_port=None,
-):
-    '''
-    Add/remove/update MySQL users.
-
-    + name: the name of the user
-    + present: whether the user should exist or not
-    + user_hostname: the hostname of the user
-    + password: the password of the user (if created)
-    + privileges: the global privileges for this user
-    + mysql_*: global module arguments, see above
-
-    Hostname:
-        this + ``name`` makes the username - so changing this will create a new
-        user, rather than update users with the same ``name``.
-
-    Password:
-        will only be applied if the user does not exist - ie pyinfra cannot
-        detect if the current password doesn't match the one provided, so won't
-        attempt to change it.
-    '''
-
-    current_users = host.fact.mysql_users(
-        mysql_user, mysql_password, mysql_host, mysql_port,
-    )
-
-    user_host = '{0}@{1}'.format(name, user_hostname)
-    is_present = user_host in current_users
-
-    # User not wanted?
-    if not present:
-        if is_present:
-            yield make_execute_mysql_command(
-                'DROP USER "{0}"@"{1}"'.format(name, user_hostname),
-                user=mysql_user,
-                password=mysql_password,
-                host=mysql_host,
-                port=mysql_port,
-            )
-        return
-
-    # If we want the user and they don't exist
-    if present and not is_present:
-        sql_bits = ['CREATE USER "{0}"@"{1}"'.format(name, user_hostname)]
-        if password:
-            sql_bits.append('IDENTIFIED BY "{0}"'.format(password))
-
-        yield make_execute_mysql_command(
-            ' '.join(sql_bits),
-            user=mysql_user,
-            password=mysql_password,
-            host=mysql_host,
-            port=mysql_port,
-        )
-
-    # If we're here either the user exists or we just created them; either way
-    # now we can check any privileges are set.
-    if privileges:
-        yield _privileges(
-            state, host, name, privileges,
-            user_hostname=user_hostname,
-            mysql_user=mysql_user, mysql_password=mysql_password,
-            mysql_host=mysql_host, mysql_port=mysql_port,
-        )
-
-
-@operation
-def database(
-    state, host, name,
-    # Desired database settings
-    present=True,
-    collate=None, charset=None,
-    user=None, user_hostname='localhost', user_privileges='ALL',
-    # Details for speaking to MySQL via `mysql` CLI
-    mysql_user=None, mysql_password=None,
-    mysql_host=None, mysql_port=None,
-):
-    '''
-    Add/remove MySQL databases.
-
-    + name: the name of the database
-    + present: whether the database should exist or not
-    + collate: the collate to use when creating the database
-    + charset: the charset to use when creating the database
-    + user: MySQL user to grant privileges on this database to
-    + user_hostname: the hostname of the MySQL user to grant
-    + user_privileges: privileges to grant to any specified user
-    + mysql_*: global module arguments, see above
-
-    Collate/charset:
-        these will only be applied if the database does not exist - ie pyinfra
-        will not attempt to alter the existing databases collate/character sets.
-    '''
-
-    current_databases = host.fact.mysql_databases(
-        mysql_user, mysql_password,
-        mysql_host, mysql_port,
-    )
-
-    is_present = name in current_databases
-
-    if not present:
-        if is_present:
-            yield make_execute_mysql_command(
-                'DROP DATABASE {0}'.format(name),
-                user=mysql_user,
-                password=mysql_password,
-                host=mysql_host,
-                port=mysql_port,
-            )
-        return
-
-    # We want the database but it doesn't exist
-    if present and not is_present:
-        sql_bits = ['CREATE DATABASE {0}'.format(name)]
-
-        if collate:
-            sql_bits.append('COLLATE {0}'.format(collate))
-
-        if charset:
-            sql_bits.append('CHARSET {0}'.format(charset))
-
-        yield make_execute_mysql_command(
-            ' '.join(sql_bits),
-            user=mysql_user,
-            password=mysql_password,
-            host=mysql_host,
-            port=mysql_port,
-        )
-
-    # Ensure any user privileges for this database
-    if user and user_privileges:
-        yield privileges(
-            state, host, user,
-            user_hostname=user_hostname,
-            privileges=user_privileges,
-            database=name,
-        )
-
-
-@operation
-def privileges(
-    state, host,
-    user, privileges,
-    user_hostname='localhost',
-    database='*', table='*',
-    present=True,
-    flush=True,
-    # Details for speaking to MySQL via `mysql` CLI
-    mysql_user=None, mysql_password=None,
-    mysql_host=None, mysql_port=None,
-):
-    '''
-    Add/remove MySQL privileges for a user, either global, database or table specific.
-
-    + user: name of the user to manage privileges for
-    + privileges: list of privileges the user should have
-    + user_hostname: the hostname of the user
-    + database: name of the database to grant privileges to (defaults to all)
-    + table: name of the table to grant privileges to (defaults to all)
-    + present: whether these privileges should exist (False to ``REVOKE)
-    + flush: whether to flush (and update) the privileges table after any changes
-    + mysql_*: global module arguments, see above
-    '''
-
-    # Ensure we have a list
-    if isinstance(privileges, str):
-        privileges = [privileges]
-
-    if database != '*':
-        database = '`{0}`'.format(database)
-
-    if table != '*':
-        table = '`{0}`'.format(table)
-
-        # We can't set privileges on *.tablename as MySQL won't allow it
-        if database == '*':
-            raise OperationError((
-                'Cannot apply MySQL privileges on {0}.{1}, no database provided'
-            ).format(database, table))
-
-    database_table = '{0}.{1}'.format(database, table)
-    user_grants = host.fact.mysql_user_grants(
-        user, user_hostname,
-        mysql_user, mysql_password,
-        mysql_host, mysql_port,
-    )
-
-    has_privileges = False
-
-    if database_table in user_grants:
-        existing_privileges = [
-            'ALL' if privilege == 'ALL PRIVILEGES' else privilege
-            for privilege in user_grants[database_table]['privileges']
-        ]
-
-        has_privileges = (
-            database_table in user_grants
-            and all(
-                privilege in existing_privileges
-                for privilege in privileges
-            )
-        )
-
-    target = action = None
-
-    # No privilege and we want it
-    if not has_privileges and present:
-        action = 'GRANT'
-        target = 'TO'
-
-    # Permission we don't want
-    elif has_privileges and not present:
-        action = 'REVOKE'
-        target = 'FROM'
-
-    if target and action:
-        command = (
-            '{action} {privileges} '
-            'ON {database}.{table} '
-            '{target} "{user}"@"{user_hostname}"'
-        ).format(
-            privileges=', '.join(privileges),
-            action=action, target=target,
-            database=database, table=table,
-            user=user, user_hostname=user_hostname,
-        ).replace('`', r'\`')
-
-        yield make_execute_mysql_command(
-            command,
-            user=mysql_user,
-            password=mysql_password,
-            host=mysql_host,
-            port=mysql_port,
-        )
-
-        if flush:
-            yield make_execute_mysql_command(
-                'FLUSH PRIVILEGES',
-                user=mysql_user,
-                password=mysql_password,
-                host=mysql_host,
-                port=mysql_port,
-            )
-
-_privileges = privileges  # noqa: E305 (for use where kwarg is the same)
-
-
-@operation
-def dump(
-    state, host,
-    remote_filename, database=None,
-    # Details for speaking to MySQL via `mysql` CLI
-    mysql_user=None, mysql_password=None,
-    mysql_host=None, mysql_port=None,
-):
-    '''
-    Dump a MySQL database into a ``.sql`` file. Requires ``mysqldump``.
-
-    + database: name of the database to dump
-    + remote_filename: name of the file to dump the SQL to
-    + mysql_*: global module arguments, see above
-    '''
-
-    yield '{0} > {1}'.format(make_mysql_command(
-        executable='mysqldump',
-        database=database,
-        user=mysql_user,
-        password=mysql_password,
-        host=mysql_host,
-        port=mysql_port,
-    ), remote_filename)
-
-
-@operation
-def load(
-    state, host,
-    remote_filename, database=None,
-    # Details for speaking to MySQL via `mysql` CLI
-    mysql_user=None, mysql_password=None,
-    mysql_host=None, mysql_port=None,
-):
-    '''
-    Load ``.sql`` file into a database.
-
-    + database: name of the database to import into
-    + remote_filename: the filename to read from
-    + mysql_*: global module arguments, see above
-    '''
-
-    yield '{0} < {1}'.format(make_mysql_command(
-        database=database,
-        user=mysql_user,
-        password=mysql_password,
-        host=mysql_host,
-        port=mysql_port,
-    ), remote_filename)

pyinfra/modules/npm.py

@@ -1,47 +0,0 @@
-from pyinfra.api import operation
-
-from .util.packaging import ensure_packages
-
-
-@operation
-def packages(state, host, packages=None, present=True, latest=False, directory=None):
-    '''
-    Install/remove/update npm packages.
-
-    + packages: list of packages to ensure
-    + present: whether the packages should be present
-    + latest: whether to upgrade packages without a specified version
-    + directory: directory to manage packages for, defaults to global
-
-    Versions:
-        Package versions can be pinned like npm: ``<pkg>@<version>``.
-    '''
-
-    current_packages = host.fact.npm_packages(directory)
-
-    install_command = (
-        'npm install -g'
-        if directory is None
-        else 'cd {0} && npm install'.format(directory)
-    )
-
-    uninstall_command = (
-        'npm uninstall -g'
-        if directory is None
-        else 'cd {0} && npm uninstall'.format(directory)
-    )
-
-    upgrade_command = (
-        'npm update -g'
-        if directory is None
-        else 'cd {0} && npm update'.format(directory)
-    )
-
-    yield ensure_packages(
-        packages, current_packages, present,
-        install_command=install_command,
-        uninstall_command=uninstall_command,
-        upgrade_command=upgrade_command,
-        version_join='@',
-        latest=latest,
-    )