vm-tool 1.0.32__py3-none-any.whl

vm_tool/secrets.py

@@ -0,0 +1,285 @@
+"""Secrets management with support for multiple backends."""
+
+import logging
+import os
+from typing import Optional, Dict, Any
+from abc import ABC, abstractmethod
+
+logger = logging.getLogger(__name__)
+
+
+class SecretsBackend(ABC):
+    """Abstract base class for secrets backends."""
+
+    @abstractmethod
+    def get_secret(self, key: str) -> Optional[str]:
+        """Get secret value by key."""
+        pass
+
+    @abstractmethod
+    def set_secret(self, key: str, value: str) -> bool:
+        """Set secret value."""
+        pass
+
+    @abstractmethod
+    def delete_secret(self, key: str) -> bool:
+        """Delete secret."""
+        pass
+
+    @abstractmethod
+    def list_secrets(self) -> list:
+        """List all secret keys."""
+        pass
+
+
+class VaultBackend(SecretsBackend):
+    """HashiCorp Vault secrets backend."""
+
+    def __init__(
+        self,
+        vault_url: str,
+        vault_token: Optional[str] = None,
+        mount_point: str = "secret",
+    ):
+        self.vault_url = vault_url.rstrip("/")
+        self.vault_token = vault_token or os.getenv("VAULT_TOKEN")
+        self.mount_point = mount_point
+
+        if not self.vault_token:
+            raise ValueError("Vault token required (set VAULT_TOKEN env var)")
+
+    def get_secret(self, key: str) -> Optional[str]:
+        """Get secret from Vault."""
+        import requests
+
+        url = f"{self.vault_url}/v1/{self.mount_point}/data/{key}"
+        headers = {"X-Vault-Token": self.vault_token}
+
+        try:
+            response = requests.get(url, headers=headers)
+            response.raise_for_status()
+            data = response.json()
+            return data.get("data", {}).get("data", {}).get("value")
+        except Exception as e:
+            logger.error(f"Failed to get secret from Vault: {e}")
+            return None
+
+    def set_secret(self, key: str, value: str) -> bool:
+        """Set secret in Vault."""
+        import requests
+
+        url = f"{self.vault_url}/v1/{self.mount_point}/data/{key}"
+        headers = {"X-Vault-Token": self.vault_token}
+        payload = {"data": {"value": value}}
+
+        try:
+            response = requests.post(url, headers=headers, json=payload)
+            response.raise_for_status()
+            logger.info(f"Secret '{key}' stored in Vault")
+            return True
+        except Exception as e:
+            logger.error(f"Failed to set secret in Vault: {e}")
+            return False
+
+    def delete_secret(self, key: str) -> bool:
+        """Delete secret from Vault."""
+        import requests
+
+        url = f"{self.vault_url}/v1/{self.mount_point}/metadata/{key}"
+        headers = {"X-Vault-Token": self.vault_token}
+
+        try:
+            response = requests.delete(url, headers=headers)
+            response.raise_for_status()
+            logger.info(f"Secret '{key}' deleted from Vault")
+            return True
+        except Exception as e:
+            logger.error(f"Failed to delete secret from Vault: {e}")
+            return False
+
+    def list_secrets(self) -> list:
+        """List all secrets in Vault."""
+        import requests
+
+        url = f"{self.vault_url}/v1/{self.mount_point}/metadata"
+        headers = {"X-Vault-Token": self.vault_token}
+
+        try:
+            response = requests.get(url, headers=headers, params={"list": "true"})
+            response.raise_for_status()
+            data = response.json()
+            return data.get("data", {}).get("keys", [])
+        except Exception as e:
+            logger.error(f"Failed to list secrets from Vault: {e}")
+            return []
+
+
+class AWSSecretsBackend(SecretsBackend):
+    """AWS Secrets Manager backend."""
+
+    def __init__(self, region: str = "us-east-1"):
+        try:
+            import boto3
+
+            self.client = boto3.client("secretsmanager", region_name=region)
+        except ImportError:
+            raise ImportError(
+                "boto3 required for AWS Secrets Manager (pip install boto3)"
+            )
+
+    def get_secret(self, key: str) -> Optional[str]:
+        """Get secret from AWS Secrets Manager."""
+        try:
+            response = self.client.get_secret_value(SecretId=key)
+            return response.get("SecretString")
+        except Exception as e:
+            logger.error(f"Failed to get secret from AWS: {e}")
+            return None
+
+    def set_secret(self, key: str, value: str) -> bool:
+        """Set secret in AWS Secrets Manager."""
+        try:
+            # Try to update existing secret first
+            try:
+                self.client.update_secret(SecretId=key, SecretString=value)
+            except self.client.exceptions.ResourceNotFoundException:
+                # Create new secret if it doesn't exist
+                self.client.create_secret(Name=key, SecretString=value)
+
+            logger.info(f"Secret '{key}' stored in AWS Secrets Manager")
+            return True
+        except Exception as e:
+            logger.error(f"Failed to set secret in AWS: {e}")
+            return False
+
+    def delete_secret(self, key: str) -> bool:
+        """Delete secret from AWS Secrets Manager."""
+        try:
+            self.client.delete_secret(SecretId=key, ForceDeleteWithoutRecovery=True)
+            logger.info(f"Secret '{key}' deleted from AWS Secrets Manager")
+            return True
+        except Exception as e:
+            logger.error(f"Failed to delete secret from AWS: {e}")
+            return False
+
+    def list_secrets(self) -> list:
+        """List all secrets in AWS Secrets Manager."""
+        try:
+            response = self.client.list_secrets()
+            return [s["Name"] for s in response.get("SecretList", [])]
+        except Exception as e:
+            logger.error(f"Failed to list secrets from AWS: {e}")
+            return []
+
+
+class EncryptedFileBackend(SecretsBackend):
+    """Encrypted file-based secrets backend."""
+
+    def __init__(
+        self, secrets_file: str = ".secrets.enc", encryption_key: Optional[str] = None
+    ):
+        self.secrets_file = secrets_file
+        self.encryption_key = encryption_key or os.getenv("SECRETS_KEY")
+
+        if not self.encryption_key:
+            raise ValueError("Encryption key required (set SECRETS_KEY env var)")
+
+        self.secrets = self._load_secrets()
+
+    def get_secret(self, key: str) -> Optional[str]:
+        """Get secret from encrypted file."""
+        return self.secrets.get(key)
+
+    def set_secret(self, key: str, value: str) -> bool:
+        """Set secret in encrypted file."""
+        self.secrets[key] = value
+        return self._save_secrets()
+
+    def delete_secret(self, key: str) -> bool:
+        """Delete secret from encrypted file."""
+        if key in self.secrets:
+            del self.secrets[key]
+            return self._save_secrets()
+        return False
+
+    def list_secrets(self) -> list:
+        """List all secret keys."""
+        return list(self.secrets.keys())
+
+    def _load_secrets(self) -> Dict[str, str]:
+        """Load and decrypt secrets from file."""
+        if not os.path.exists(self.secrets_file):
+            return {}
+
+        try:
+            from cryptography.fernet import Fernet
+
+            with open(self.secrets_file, "rb") as f:
+                encrypted_data = f.read()
+
+            fernet = Fernet(self.encryption_key.encode())
+            decrypted_data = fernet.decrypt(encrypted_data)
+
+            import json
+
+            return json.loads(decrypted_data.decode())
+        except Exception as e:
+            logger.error(f"Failed to load secrets: {e}")
+            return {}
+
+    def _save_secrets(self) -> bool:
+        """Encrypt and save secrets to file."""
+        try:
+            from cryptography.fernet import Fernet
+            import json
+
+            fernet = Fernet(self.encryption_key.encode())
+            data = json.dumps(self.secrets).encode()
+            encrypted_data = fernet.encrypt(data)
+
+            with open(self.secrets_file, "wb") as f:
+                f.write(encrypted_data)
+
+            return True
+        except Exception as e:
+            logger.error(f"Failed to save secrets: {e}")
+            return False
+
+
+class SecretsManager:
+    """Unified secrets manager supporting multiple backends."""
+
+    def __init__(self, backend: SecretsBackend):
+        self.backend = backend
+
+    def get(self, key: str, default: Optional[str] = None) -> Optional[str]:
+        """Get secret value."""
+        value = self.backend.get_secret(key)
+        return value if value is not None else default
+
+    def set(self, key: str, value: str) -> bool:
+        """Set secret value."""
+        return self.backend.set_secret(key, value)
+
+    def delete(self, key: str) -> bool:
+        """Delete secret."""
+        return self.backend.delete_secret(key)
+
+    def list(self) -> list:
+        """List all secret keys."""
+        return self.backend.list_secrets()
+
+    @classmethod
+    def from_vault(cls, vault_url: str, **kwargs):
+        """Create secrets manager with Vault backend."""
+        return cls(VaultBackend(vault_url, **kwargs))
+
+    @classmethod
+    def from_aws(cls, region: str = "us-east-1"):
+        """Create secrets manager with AWS backend."""
+        return cls(AWSSecretsBackend(region))
+
+    @classmethod
+    def from_file(cls, secrets_file: str = ".secrets.enc", **kwargs):
+        """Create secrets manager with encrypted file backend."""
+        return cls(EncryptedFileBackend(secrets_file, **kwargs))

vm_tool/ssh.py

@@ -0,0 +1,150 @@
+import logging
+import os
+import subprocess
+
+import paramiko
+
+# Configure logging
+logger = logging.getLogger(__name__)
+
+
+class SSHSetup:
+    """
+    A class to set up SSH configuration and keys for a VM.
+
+    Attributes:
+        hostname (str): The hostname of the VM.
+        username (str): The username for SSH login.
+        password (str): The password for SSH login.
+        email (str): The email for SSH key generation.
+        private_key_path (str): The path to the private SSH key.
+        client (paramiko.SSHClient): The SSH client.
+    """
+
+    def __init__(self, hostname, username, password, email):
+        """
+        The constructor for SSHSetup class.
+
+        Parameters:
+            hostname (str): The hostname of the VM.
+            username (str): The username for SSH login.
+            password (str): The password for SSH login.
+            email (str): The email for SSH key generation.
+        """
+        self.hostname = hostname
+        self.username = username
+        self.password = password
+        self.email = email
+        self.private_key_path = os.path.expanduser("~/.ssh/id_rsa")
+        self.client = paramiko.SSHClient()
+        self.client.set_missing_host_key_policy(paramiko.AutoAddPolicy())  # nosec B507
+
+    def __generate_ssh_key(self, email):
+        """
+        Generates an SSH key pair.
+
+        Parameters:
+            email (str): The email for SSH key generation.
+        """
+
+        logger.info(f"Generating SSH key for email: {email}")
+        try:
+            subprocess.run(
+                [
+                    "ssh-keygen",
+                    "-t",
+                    "rsa",
+                    "-b",
+                    "4096",
+                    "-C",
+                    email,
+                    "-f",
+                    self.private_key_path,
+                    "-N",
+                    "",
+                ],
+                check=True,
+                capture_output=True,
+            )
+            logger.info("SSH key generated successfully.")
+        except subprocess.CalledProcessError as e:
+            logger.error(f"Failed to generate SSH key: {e.stderr.decode()}")
+            raise RuntimeError(f"Failed to generate SSH key: {e.stderr.decode()}")
+
+    def __read_or_generate_public_key(self, email) -> str:
+        """
+        Reads the public SSH key or generates a new one if it doesn't exist.
+
+        Parameters:
+            email (str): The email for SSH key generation.
+
+        Returns:
+            str: The public SSH key.
+        """
+        public_key_path = f"{self.private_key_path}.pub"
+        if not os.path.exists(public_key_path):
+            self.__generate_ssh_key(email)
+        with open(public_key_path, "r") as file:
+            logger.info(f"Reading public key from {public_key_path}")
+            return file.read()
+
+    def __configure_vm(self, vm_ip, vm_password, public_key):
+        """
+        Configures the VM by adding the public SSH key to the authorized keys.
+
+        Parameters:
+            vm_ip (str): The IP address of the VM.
+            vm_password (str): The password for the VM.
+            public_key (str): The public SSH key.
+        """
+        logger.info(f"Configuring VM at {vm_ip} with provided public key.")
+        self.client.connect(vm_ip, username=self.username, password=vm_password)
+        self.client.exec_command(
+            f'echo "{public_key}" >> ~/.ssh/authorized_keys'
+        )  # nosec B601
+        self.client.close()
+
+    def __update_ssh_config(self):
+        """
+        Updates the local SSH config file with the VM details.
+        """
+        config = f"""
+Host {self.hostname}
+  HostName {self.hostname}
+  User {self.username}
+  StrictHostKeyChecking no
+  IdentityFile {self.private_key_path}
+  ForwardAgent yes
+"""
+        logger.info(f"Updating SSH config for host {self.hostname}.")
+        with open(f'{os.path.expanduser("~")}/.ssh/config', "a") as file:
+            file.write(config)
+
+    def __establish_connection(self):
+        """
+        Establishes an SSH connection to the VM.
+        """
+        logger.info(f"Establishing SSH connection to {self.hostname}.")
+        self.client.connect(
+            self.hostname, username=self.username, key_filename=self.private_key_path
+        )
+
+    def __close_connection(self):
+        """
+        Closes the SSH connection.
+        """
+        if self.client:
+            logger.info("Closing SSH connection.")
+            self.client.close()
+
+    def setup(self):
+        """
+        Sets up the SSH configuration and keys for the VM.
+        """
+        logger.info("Starting SSH setup.")
+        public_key = self.__read_or_generate_public_key(self.email)
+        self.__configure_vm(self.hostname, self.password, public_key)
+        self.__update_ssh_config()
+        self.__establish_connection()
+        self.__close_connection()
+        logger.info("SSH setup completed.")

vm_tool/state.py

@@ -0,0 +1,122 @@
+"""State management for idempotent deployments."""
+
+import hashlib
+import json
+import logging
+from datetime import datetime
+from pathlib import Path
+from typing import Any, Dict, Optional
+
+logger = logging.getLogger(__name__)
+
+
+class DeploymentState:
+    """Manages deployment state for idempotency."""
+
+    def __init__(self, state_dir: Optional[Path] = None):
+        if state_dir is None:
+            state_dir = Path.home() / ".vm_tool"
+        self.state_dir = state_dir
+        self.state_file = self.state_dir / "deployment_state.json"
+        self._ensure_state_dir()
+
+    def _ensure_state_dir(self):
+        """Create state directory if it doesn't exist."""
+        self.state_dir.mkdir(parents=True, exist_ok=True)
+
+    def _load_state(self) -> Dict[str, Any]:
+        """Load deployment state from file."""
+        if not self.state_file.exists():
+            return {}
+        try:
+            with open(self.state_file, "r") as f:
+                return json.load(f)
+        except json.JSONDecodeError:
+            logger.warning("Invalid state file, returning empty state")
+            return {}
+
+    def _save_state(self, state: Dict[str, Any]):
+        """Save deployment state to file."""
+        with open(self.state_file, "w") as f:
+            json.dump(state, f, indent=2)
+
+    def compute_hash(self, compose_file: str) -> str:
+        """Compute hash of docker-compose file for change detection."""
+        try:
+            with open(compose_file, "rb") as f:
+                return hashlib.sha256(f.read()).hexdigest()
+        except FileNotFoundError:
+            logger.warning(f"Compose file not found: {compose_file}")
+            return ""
+
+    def record_deployment(
+        self,
+        host: str,
+        compose_file: str,
+        compose_hash: str,
+        service_name: str = "default",
+    ):
+        """Record a successful deployment."""
+        state = self._load_state()
+
+        if host not in state:
+            state[host] = {}
+
+        state[host][service_name] = {
+            "compose_file": compose_file,
+            "compose_hash": compose_hash,
+            "deployed_at": datetime.now().isoformat(),
+            "status": "deployed",
+        }
+
+        self._save_state(state)
+        logger.info(f"Recorded deployment: {host}/{service_name}")
+
+    def get_deployment(
+        self, host: str, service_name: str = "default"
+    ) -> Optional[Dict]:
+        """Get deployment info for a host/service."""
+        state = self._load_state()
+        return state.get(host, {}).get(service_name)
+
+    def needs_update(
+        self, host: str, compose_hash: str, service_name: str = "default"
+    ) -> bool:
+        """Check if deployment needs update based on compose file hash."""
+        deployment = self.get_deployment(host, service_name)
+
+        if not deployment:
+            logger.info(f"No previous deployment found for {host}/{service_name}")
+            return True
+
+        previous_hash = deployment.get("compose_hash")
+        if previous_hash != compose_hash:
+            logger.info(
+                f"Compose file changed for {host}/{service_name} "
+                f"(old: {previous_hash[:8]}, new: {compose_hash[:8]})"
+            )
+            return True
+
+        logger.info(f"No changes detected for {host}/{service_name}")
+        return False
+
+    def mark_failed(self, host: str, service_name: str = "default", error: str = ""):
+        """Mark a deployment as failed."""
+        state = self._load_state()
+
+        if host not in state:
+            state[host] = {}
+
+        if service_name in state[host]:
+            state[host][service_name]["status"] = "failed"
+            state[host][service_name]["error"] = error
+            state[host][service_name]["failed_at"] = datetime.now().isoformat()
+        else:
+            state[host][service_name] = {
+                "status": "failed",
+                "error": error,
+                "failed_at": datetime.now().isoformat(),
+            }
+
+        self._save_state(state)
+        logger.error(f"Marked deployment as failed: {host}/{service_name}")

vm_tool/strategies/__init__.py

@@ -0,0 +1,16 @@
+"""Deployment strategies package."""
+
+from vm_tool.strategies.blue_green import BlueGreenDeployment, BlueGreenConfig
+from vm_tool.strategies.canary import CanaryDeployment, CanaryConfig, ProgressiveRollout
+from vm_tool.strategies.ab_testing import ABTestDeployment, TrafficSplitter, Variant
+
+__all__ = [
+    "BlueGreenDeployment",
+    "BlueGreenConfig",
+    "CanaryDeployment",
+    "CanaryConfig",
+    "ProgressiveRollout",
+    "ABTestDeployment",
+    "TrafficSplitter",
+    "Variant",
+]