easyengine/ee/cli/plugins/secure.py

from cement.core.controller import CementBaseController, expose
from cement.core import handler, hook
from ee.core.shellexec import EEShellExec
from ee.core.variables import EEVariables
import string
import random
import sys
import hashlib
import getpass
from ee.core.logging import Log


def secure_plugin_hook(app):
    # do something with the ``app`` object here.
    pass


class EEsecureController(CementBaseController):
    class Meta:
        label = 'secure'
        stacked_on = 'base'
        stacked_type = 'nested'
        description = ('clean command cleans different cache with following '
                       'options')
        arguments = [
            (['--auth'],
                dict(help='secure auth', action='store_true')),
            (['--port'],
                dict(help='secure port', action='store_true')),
            (['--ip'],
                dict(help='secure ip', action='store_true'))
            ]

    @expose(hide=True)
    def default(self):
            if self.app.pargs.auth:
                self.secure_auth()
            if self.app.pargs.port:
                self.secure_port()
            if self.app.pargs.ip:
                self.secure_ip()

    @expose(hide=True)
    def secure_auth(self):
        passwd = ''.join([random.choice
                 (string.ascii_letters + string.digits)
                 for n in range(6)])
        username = input("Provide HTTP authentication user "
                         "name [{0}] :".format(EEVariables.ee_user))
        password = input("Provide HTTP authentication "
                         "password [{0}]".format(passwd))
        if username == "":
            username = EEVariables.ee_user
            Log.info(self, "HTTP authentication username:{username}"
                     .format(username=username))
        if password == "":
            password = passwd
            Log.info(self, "HTTP authentication password:{password}"
                     .format(password=password))
        EEShellExec.cmd_exec(self, "printf \"{username}:"
                             "$(openssl passwd -crypt "
                             "{password} 2> /dev/null)\n\""
                             "> /etc/nginx/htpasswd-ee 2>/dev/null"
                             .format(username=username,
                                     password=password))

    @expose(hide=True)
    def secure_port(self):
        port = input("EasyEngine admin port [22222]:")
        if port == "":
            port = 22222
        if EEVariables.ee_platform_distro == 'Ubuntu':
            EEShellExec.cmd_exec(self, "sed -i \"s/listen.*/listen "
                                 "{port} default_server ssl spdy;/\" "
                                 "/etc/nginx/sites-available/22222"
                                 .format(port=port))
        else:
            Log.info(self, "Unable to change EasyEngine admin port{0}"
                     .format("[FAIL]"))
        if EEVariables.ee_platform_distro == 'Debian':
            EEShellExec.cmd_exec(self, "sed -i \"s/listen.*/listen "
                                 "{port} default_server ssl;/\" "
                                 "/etc/nginx/sites-available/22222"
                                 .format(port=port))
        else:
            Log.info(self, "Unable to change EasyEngine admin port{0}"
                     .format("[FAIL]"))

    @expose(hide=True)
    def secure_ip(self):
        #TODO:remaining with ee.conf updation in file
        newlist = []
        ip = input("Enter the comma separated IP addresses "
                   "to white list [127.0.0.1]:")
        try:
            user_list_ip = ip.split(',')
        except Exception as e:
            ip = ['127.0.0.1']
        self.app.config.set('mysql', 'grant-host', "hello")
        exist_ip_list = self.app.config.get('stack', 'ip-address').split()
        print(exist_ip_list)
        for check_ip in user_list_ip:
            if check_ip not in exist_ip_list:
                newlist.extend(exist_ip_list)
        # changes in acl.conf file
            if len(newlist) != 0:
                EEShellExec.cmd_exec(self, "sed -i \"/allow.*/d\" /etc/nginx"
                                     "/common/acl.conf")
            for whitelist_adre in newlist:
                EEShellExec.cmd_exec(self, "sed -i \"/deny/i "
                                     "echo allow {whitelist_adre}\\;\" "
                                     "/etc/nginx/common/acl.conf"
                                     .format(whitelist_adre=whitelist_adre))


def load(app):
    # register the plugin class.. this only happens if the plugin is enabled
    handler.register(EEsecureController)
    # register a hook (function) to run after arguments are parsed.
    hook.register('post_argument_parsing', secure_plugin_hook)
ee secure command 10 years ago			`from cement.core.controller import CementBaseController, expose`
			`from cement.core import handler, hook`
			`from ee.core.shellexec import EEShellExec`
			`from ee.core.variables import EEVariables`
			`import string`
			`import random`
			`import sys`
			`import hashlib`
			`import getpass`
added log messages 10 years ago			`from ee.core.logging import Log`
ee secure command 10 years ago

			`def secure_plugin_hook(app):`
			# do something with the ``app`` object here.
			`pass`


			`class EEsecureController(CementBaseController):`
			`class Meta:`
			`label = 'secure'`
			`stacked_on = 'base'`
			`stacked_type = 'nested'`
updated log message 10 years ago			`description = ('clean command cleans different cache with following '`
			`'options')`
ee secure command 10 years ago			`arguments = [`
			`(['--auth'],`
			`dict(help='secure auth', action='store_true')),`
			`(['--port'],`
			`dict(help='secure port', action='store_true')),`
			`(['--ip'],`
			`dict(help='secure ip', action='store_true'))`
			`]`

			`@expose(hide=True)`
			`def default(self):`
			`if self.app.pargs.auth:`
			`self.secure_auth()`
			`if self.app.pargs.port:`
			`self.secure_port()`
			`if self.app.pargs.ip:`
			`self.secure_ip()`

			`@expose(hide=True)`
			`def secure_auth(self):`
			`passwd = ''.join([random.choice`
			`(string.ascii_letters + string.digits)`
			`for n in range(6)])`
			`username = input("Provide HTTP authentication user "`
			`"name [{0}] :".format(EEVariables.ee_user))`
			`password = input("Provide HTTP authentication "`
			`"password [{0}]".format(passwd))`
			`if username == "":`
			`username = EEVariables.ee_user`
added log messages 10 years ago			`Log.info(self, "HTTP authentication username:{username}"`
			`.format(username=username))`
added log message in secure.py 10 years ago			`if password == "":`
			`password = passwd`
added log messages 10 years ago			`Log.info(self, "HTTP authentication password:{password}"`
			`.format(password=password))`
ee secure command 10 years ago			`EEShellExec.cmd_exec(self, "printf \"{username}:"`
			`"$(openssl passwd -crypt "`
			`"{password} 2> /dev/null)\n\""`
			`"> /etc/nginx/htpasswd-ee 2>/dev/null"`
			`.format(username=username,`
			`password=password))`

			`@expose(hide=True)`
			`def secure_port(self):`
			`port = input("EasyEngine admin port [22222]:")`
			`if port == "":`
			`port = 22222`
			`if EEVariables.ee_platform_distro == 'Ubuntu':`
			`EEShellExec.cmd_exec(self, "sed -i \"s/listen.*/listen "`
			`"{port} default_server ssl spdy;/\" "`
			`"/etc/nginx/sites-available/22222"`
			`.format(port=port))`
added log messages 10 years ago			`else:`
update 10 years ago			`Log.info(self, "Unable to change EasyEngine admin port{0}"`
			`.format("[FAIL]"))`
added log messages 10 years ago			`if EEVariables.ee_platform_distro == 'Debian':`
ee secure command 10 years ago			`EEShellExec.cmd_exec(self, "sed -i \"s/listen.*/listen "`
			`"{port} default_server ssl;/\" "`
			`"/etc/nginx/sites-available/22222"`
			`.format(port=port))`
added log messages 10 years ago			`else:`
update 10 years ago			`Log.info(self, "Unable to change EasyEngine admin port{0}"`
			`.format("[FAIL]"))`
ee secure command 10 years ago
			`@expose(hide=True)`
			`def secure_ip(self):`
added log message in secure.py 10 years ago			`#TODO:remaining with ee.conf updation in file`
ee secure command 10 years ago			`newlist = []`
			`ip = input("Enter the comma separated IP addresses "`
			`"to white list [127.0.0.1]:")`
			`try:`
			`user_list_ip = ip.split(',')`
			`except Exception as e:`
			`ip = ['127.0.0.1']`
			`self.app.config.set('mysql', 'grant-host', "hello")`
			`exist_ip_list = self.app.config.get('stack', 'ip-address').split()`
			`print(exist_ip_list)`
			`for check_ip in user_list_ip:`
			`if check_ip not in exist_ip_list:`
			`newlist.extend(exist_ip_list)`
			`# changes in acl.conf file`
			`if len(newlist) != 0:`
			`EEShellExec.cmd_exec(self, "sed -i \"/allow.*/d\" /etc/nginx"`
			`"/common/acl.conf")`
			`for whitelist_adre in newlist:`
			`EEShellExec.cmd_exec(self, "sed -i \"/deny/i "`
			`"echo allow {whitelist_adre}\\;\" "`
			`"/etc/nginx/common/acl.conf"`
			`.format(whitelist_adre=whitelist_adre))`


			`def load(app):`
			`# register the plugin class.. this only happens if the plugin is enabled`
			`handler.register(EEsecureController)`
			`# register a hook (function) to run after arguments are parsed.`
			`hook.register('post_argument_parsing', secure_plugin_hook)`