autonomic/autonomic/command/coophost.py

"""CoopHost module."""

from os import chdir, mkdir
from os.path import basename, exists
from pathlib import Path
from socket import gethostname

import click

from autonomic.config import CONFIG_YAML, INFRA_DIR
from autonomic.logger import log
from autonomic.settings import add, get
from autonomic.utils import (
    ensure_config_dir,
    ensure_deploy_d_dir,
    exit,
    input_ask,
    pass_ask,
    question_ask,
    run,
    yaml_dump,
    yaml_load,
)

hostname = gethostname()


@click.command()
@click.pass_context
def coophost(ctx):
    """Manage CoopHost resources."""
    ensure_config_dir()
    ensure_deploy_d_dir()

    app_dir = Path(".").absolute()
    app = basename(app_dir)
    log.info("Auto-detected the {} application".format(app))

    choices = ["encrypt", "decrypt"]
    operation = question_ask("operation", "Which operation?", choices)

    if operation == "encrypt":
        encrypt(app, app_dir)
    elif operation == "decrypt":
        decrypt(app, app_dir)


def get_vault_pass(app):
    """Retrieve or set the app vault password."""
    app_settings = get(app)

    if app_settings is not None and "vault-password" in app_settings:
        log.info("Using app vault password stored in {}".format(CONFIG_YAML))
        return app_settings["vault-password"]

    log.info("No app vault password configured")
    vault_password = pass_ask("Vault password?")

    log.info("App vault password stored in {}".format(CONFIG_YAML))
    add({app: {"vault-password": vault_password}})

    return vault_password


def decrypt(app, app_dir):
    """Decrypt a secret."""
    vault_password = get_vault_pass(app)
    name = input_ask("Which variable do you want to decrypt?")

    vault_path = (Path(".") / "deploy.d" / "vault").absolute()
    var_path = (vault_path / "{}.yml".format(name)).absolute()

    if not exists(var_path):
        exit("{}.yml is missing?".format(name))

    cmd = [
        ".venv/bin/ansible",
        hostname,
        "--inventory",
        "{},".format(hostname),
        "-m",
        "debug",
        "-a",
        "var='{}'".format(name),
        "-e @{}".format(var_path),
        "--ask-vault-pass",
        "-e",
        "ansible_user={}".format(get("username")),
    ]

    decrypted = run(
        cmd,
        cwd=INFRA_DIR,
        output=True,
        pexpect=True,
        pexpected={"(?i)vault password:": vault_password},
    )

    log.info(decrypted)


def encrypt(app, app_dir):
    """Encrypt a secret for a CoopHost package."""
    vault_password = get_vault_pass(app)
    name = input_ask("Which variable do you want to encrypt?")
    value = pass_ask("Variable value to encrypt?")

    cmd = [".venv/bin/ansible-vault", "encrypt_string", "--name", name, value]
    encrypted = run(
        cmd,
        cwd=INFRA_DIR,
        pexpect=True,
        pexpected={
            "(?i)new vault password:": vault_password,
            "(?i)confirm new vault password:": vault_password,
        },
    )
    encrypted = (
        encrypted.strip()
        .replace("\r", "")
        .replace("\nEncryption successful", "")
    )

    chdir(app_dir)
    log.info("Changed directory back to {}".format(app_dir))

    vault_path = (Path(".") / "deploy.d" / "vault").absolute()
    if not exists(vault_path):
        log.info("Creating {}".format(vault_path))
        mkdir(vault_path)

    var_path = (vault_path / "{}.yml".format(name)).absolute()
    with open(var_path, "w"):
        loaded = yaml_load(encrypted, text=True)
        yaml_dump(var_path, loaded)
        log.success("Encrypted and saved {} in {}".format(name, var_path))
Add coophost and coopaas experimental commands 2020-04-12 13:41:30 +00:00			`"""CoopHost module."""`

			`from os import chdir, mkdir`
			`from os.path import basename, exists`
			`from pathlib import Path`
Add first stab at decrypt command 2020-04-13 15:40:07 +00:00			`from socket import gethostname`
Add coophost and coopaas experimental commands 2020-04-12 13:41:30 +00:00
			`import click`

			`from autonomic.config import CONFIG_YAML, INFRA_DIR`
			`from autonomic.logger import log`
			`from autonomic.settings import add, get`
			`from autonomic.utils import (`
			`ensure_config_dir,`
			`ensure_deploy_d_dir,`
Add first stab at decrypt command 2020-04-13 15:40:07 +00:00			`exit,`
Add coophost and coopaas experimental commands 2020-04-12 13:41:30 +00:00			`input_ask,`
			`pass_ask,`
			`question_ask,`
			`run,`
			`yaml_dump,`
			`yaml_load,`
			`)`

Add first stab at decrypt command 2020-04-13 15:40:07 +00:00			`hostname = gethostname()`

Add coophost and coopaas experimental commands 2020-04-12 13:41:30 +00:00
			`@click.command()`
			`@click.pass_context`
			`def coophost(ctx):`
			`"""Manage CoopHost resources."""`
			`ensure_config_dir()`
Add first stab at decrypt command 2020-04-13 15:40:07 +00:00			`ensure_deploy_d_dir()`

			`app_dir = Path(".").absolute()`
			`app = basename(app_dir)`
			`log.info("Auto-detected the {} application".format(app))`
Add coophost and coopaas experimental commands 2020-04-12 13:41:30 +00:00
Add first stab at decrypt command 2020-04-13 15:40:07 +00:00			`choices = ["encrypt", "decrypt"]`
Add coophost and coopaas experimental commands 2020-04-12 13:41:30 +00:00			`operation = question_ask("operation", "Which operation?", choices)`

			`if operation == "encrypt":`
Add first stab at decrypt command 2020-04-13 15:40:07 +00:00			`encrypt(app, app_dir)`
			`elif operation == "decrypt":`
			`decrypt(app, app_dir)`
Add coophost and coopaas experimental commands 2020-04-12 13:41:30 +00:00

Add first stab at decrypt command 2020-04-13 15:40:07 +00:00			`def get_vault_pass(app):`
			`"""Retrieve or set the app vault password."""`
Add coophost and coopaas experimental commands 2020-04-12 13:41:30 +00:00			`app_settings = get(app)`
Add first stab at decrypt command 2020-04-13 15:40:07 +00:00
Add coophost and coopaas experimental commands 2020-04-12 13:41:30 +00:00			`if app_settings is not None and "vault-password" in app_settings:`
			`log.info("Using app vault password stored in {}".format(CONFIG_YAML))`
Add first stab at decrypt command 2020-04-13 15:40:07 +00:00			`return app_settings["vault-password"]`

			`log.info("No app vault password configured")`
			`vault_password = pass_ask("Vault password?")`

			`log.info("App vault password stored in {}".format(CONFIG_YAML))`
			`add({app: {"vault-password": vault_password}})`

			`return vault_password`


			`def decrypt(app, app_dir):`
			`"""Decrypt a secret."""`
			`vault_password = get_vault_pass(app)`
			`name = input_ask("Which variable do you want to decrypt?")`
Add coophost and coopaas experimental commands 2020-04-12 13:41:30 +00:00
Add first stab at decrypt command 2020-04-13 15:40:07 +00:00			`vault_path = (Path(".") / "deploy.d" / "vault").absolute()`
			`var_path = (vault_path / "{}.yml".format(name)).absolute()`
Add coophost and coopaas experimental commands 2020-04-12 13:41:30 +00:00
Add first stab at decrypt command 2020-04-13 15:40:07 +00:00			`if not exists(var_path):`
			`exit("{}.yml is missing?".format(name))`

			`cmd = [`
			`".venv/bin/ansible",`
			`hostname,`
			`"--inventory",`
			`"{},".format(hostname),`
			`"-m",`
			`"debug",`
			`"-a",`
			`"var='{}'".format(name),`
			`"-e @{}".format(var_path),`
			`"--ask-vault-pass",`
			`"-e",`
			`"ansible_user={}".format(get("username")),`
			`]`

			`decrypted = run(`
			`cmd,`
			`cwd=INFRA_DIR,`
			`output=True,`
			`pexpect=True,`
			`pexpected={"(?i)vault password:": vault_password},`
			`)`

			`log.info(decrypted)`


			`def encrypt(app, app_dir):`
			`"""Encrypt a secret for a CoopHost package."""`
			`vault_password = get_vault_pass(app)`
Add coophost and coopaas experimental commands 2020-04-12 13:41:30 +00:00			`name = input_ask("Which variable do you want to encrypt?")`
			`value = pass_ask("Variable value to encrypt?")`

			`cmd = [".venv/bin/ansible-vault", "encrypt_string", "--name", name, value]`
			`encrypted = run(`
			`cmd,`
			`cwd=INFRA_DIR,`
			`pexpect=True,`
			`pexpected={`
			`"(?i)new vault password:": vault_password,`
			`"(?i)confirm new vault password:": vault_password,`
			`},`
			`)`
			`encrypted = (`
			`encrypted.strip()`
			`.replace("\r", "")`
			`.replace("\nEncryption successful", "")`
			`)`

			`chdir(app_dir)`
Fix typo 2020-04-12 13:52:05 +00:00			`log.info("Changed directory back to {}".format(app_dir))`
Add coophost and coopaas experimental commands 2020-04-12 13:41:30 +00:00
			`vault_path = (Path(".") / "deploy.d" / "vault").absolute()`
			`if not exists(vault_path):`
			`log.info("Creating {}".format(vault_path))`
			`mkdir(vault_path)`

			`var_path = (vault_path / "{}.yml".format(name)).absolute()`
			`with open(var_path, "w"):`
			`loaded = yaml_load(encrypted, text=True)`
			`yaml_dump(var_path, loaded)`
			`log.success("Encrypted and saved {} in {}".format(name, var_path))`