open-vault/command/ssh.go

package command

import (
	"fmt"
	"io/ioutil"
	"net"
	"os"
	"os/exec"
	"strings"
	"syscall"
)

type SSHCommand struct {
	Meta
}

func (c *SSHCommand) Run(args []string) int {
	var role string
	flags := c.Meta.FlagSet("ssh", FlagSetDefault)
	flags.StringVar(&role, "role", "", "")
	flags.Usage = func() { c.Ui.Error(c.Help()) }
	if err := flags.Parse(args); err != nil {
		return 1
	}
	args = flags.Args()
	if len(args) < 1 {
		c.Ui.Error("ssh expects at least one argument")
		return 2
	}

	client, err := c.Client()
	if err != nil {
		c.Ui.Error(fmt.Sprintf("Error initializing client: %s", err))
		return 2
	}
	input := strings.Split(args[0], "@")
	username := input[0]
	ip, err := net.ResolveIPAddr("ip4", input[1])
	if err != nil {
		c.Ui.Error(fmt.Sprintf("Error resolving IP Address: %s", err))
		return 2
	}

	if role == "" {
		data := map[string]interface{}{
			"ip": ip.String(),
		}
		secret, err := client.Logical().Write("ssh/lookup", data)
		if err != nil {
			c.Ui.Error(fmt.Sprintf("Error finding roles for IP:%s Error:%s", ip.String(), err))
			return 1
		}

		if secret.Data["roles"] == nil {
			c.Ui.Error(fmt.Sprintf("IP '%s' not registered under any role", ip.String()))
			return 1
		}

		if len(secret.Data["roles"].([]interface{})) == 1 {
			role = secret.Data["roles"].([]interface{})[0].(string)
			c.Ui.Output(fmt.Sprintf("Using role[%s]\n", role))
		} else {
			c.Ui.Error(fmt.Sprintf("Multiple roles for IP '%s'. Select one of '%s' using '-role' option", ip, secret.Data["roles"]))
			return 1
		}
	}

	data := map[string]interface{}{
		"username": username,
		"ip":       ip.String(),
	}
	keySecret, err := client.SSH().KeyCreate(role, data)
	if err != nil {
		c.Ui.Error(fmt.Sprintf("Error getting key for SSH session:%s", err))
		return 2
	}

	sshDynamicKey := string(keySecret.Data["key"].(string))
	if len(sshDynamicKey) == 0 {
		c.Ui.Error(fmt.Sprintf("Invalid key"))
		return 2
	}
	sshDynamicKeyFileName := fmt.Sprintf("vault_ssh_key_%s_%s.pem", username, ip.String())
	err = ioutil.WriteFile(sshDynamicKeyFileName, []byte(sshDynamicKey), 0600)
	sshBinary, err := exec.LookPath("ssh")
	if err != nil {
		c.Ui.Error("ssh binary not found in PATH\n")
		return 2
	}

	sshEnv := os.Environ()

	sshCmdArgs := []string{"ssh", "-i", sshDynamicKeyFileName, args[0]}

	if err := syscall.Exec(sshBinary, sshCmdArgs, sshEnv); err != nil {
		c.Ui.Error(fmt.Sprintf("Could not launch 'ssh' binary:'%s", err))
		return 2
	}
	return 0
}

type OneTimeKey struct {
	Key string
}

func (c *SSHCommand) Synopsis() string {
	return "Initiate a SSH session"
}

func (c *SSHCommand) Help() string {
	helpText := `
	SSHCommand Help String
	`
	return strings.TrimSpace(helpText)
}
Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect 2015-06-17 16:39:49 +00:00			`package command`

			`import (`
			`"fmt"`
Received OTK in SSH client. Forked SSH process from CLI. Added utility file for SSH. 2015-06-18 00:33:03 +00:00			`"io/ioutil"`
POC: Rework. Doing away with policy file. 2015-06-24 22:13:12 +00:00			`"net"`
Received OTK in SSH client. Forked SSH process from CLI. Added utility file for SSH. 2015-06-18 00:33:03 +00:00			`"os"`
			`"os/exec"`
Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect 2015-06-17 16:39:49 +00:00			`"strings"`
Received OTK in SSH client. Forked SSH process from CLI. Added utility file for SSH. 2015-06-18 00:33:03 +00:00			`"syscall"`
Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect 2015-06-17 16:39:49 +00:00			`)`

Vault SSH: PR review rework - 1 2015-07-01 15:58:49 +00:00			`type SSHCommand struct {`
Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect 2015-06-17 16:39:49 +00:00			`Meta`
			`}`

Vault SSH: PR review rework - 1 2015-07-01 15:58:49 +00:00			`func (c *SSHCommand) Run(args []string) int {`
Creating SSH keys and removal of files in pure 'go' 2015-06-26 18:08:03 +00:00			`var role string`
Refactoring changes 2015-06-30 02:00:08 +00:00			`flags := c.Meta.FlagSet("ssh", FlagSetDefault)`
Creating SSH keys and removal of files in pure 'go' 2015-06-26 18:08:03 +00:00			`flags.StringVar(&role, "role", "", "")`
Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect 2015-06-17 16:39:49 +00:00			`flags.Usage = func() { c.Ui.Error(c.Help()) }`
			`if err := flags.Parse(args); err != nil {`
			`return 1`
			`}`
Creating SSH keys and removal of files in pure 'go' 2015-06-26 18:08:03 +00:00			`args = flags.Args()`
			`if len(args) < 1 {`
			`c.Ui.Error("ssh expects at least one argument")`
			`return 2`
			`}`
Refactoring changes 2015-06-30 02:00:08 +00:00
Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect 2015-06-17 16:39:49 +00:00			`client, err := c.Client()`
			`if err != nil {`
			`c.Ui.Error(fmt.Sprintf("Error initializing client: %s", err))`
			`return 2`
			`}`
POC: Rework. Doing away with policy file. 2015-06-24 22:13:12 +00:00			`input := strings.Split(args[0], "@")`
			`username := input[0]`
Refactoring changes 2015-06-30 02:00:08 +00:00			`ip, err := net.ResolveIPAddr("ip4", input[1])`
			`if err != nil {`
			`c.Ui.Error(fmt.Sprintf("Error resolving IP Address: %s", err))`
			`return 2`
			`}`

			`if role == "" {`
			`data := map[string]interface{}{`
			`"ip": ip.String(),`
			`}`
			`secret, err := client.Logical().Write("ssh/lookup", data)`
			`if err != nil {`
			`c.Ui.Error(fmt.Sprintf("Error finding roles for IP:%s Error:%s", ip.String(), err))`
			`return 1`
			`}`

			`if secret.Data["roles"] == nil {`
			`c.Ui.Error(fmt.Sprintf("IP '%s' not registered under any role", ip.String()))`
			`return 1`
			`}`

			`if len(secret.Data["roles"].([]interface{})) == 1 {`
			`role = secret.Data["roles"].([]interface{})[0].(string)`
			`c.Ui.Output(fmt.Sprintf("Using role[%s]\n", role))`
			`} else {`
			`c.Ui.Error(fmt.Sprintf("Multiple roles for IP '%s'. Select one of '%s' using '-role' option", ip, secret.Data["roles"]))`
			`return 1`
			`}`
			`}`

POC: Rework. Doing away with policy file. 2015-06-24 22:13:12 +00:00			`data := map[string]interface{}{`
			`"username": username,`
Refactoring changes 2015-06-30 02:00:08 +00:00			`"ip": ip.String(),`
POC: Rework. Doing away with policy file. 2015-06-24 22:13:12 +00:00			`}`
Vault SSH: PR review rework - 1 2015-07-01 15:58:49 +00:00			`keySecret, err := client.SSH().KeyCreate(role, data)`
Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect 2015-06-17 16:39:49 +00:00			`if err != nil {`
Refactoring changes 2015-06-30 02:00:08 +00:00			`c.Ui.Error(fmt.Sprintf("Error getting key for SSH session:%s", err))`
Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect 2015-06-17 16:39:49 +00:00			`return 2`
			`}`
Refactoring changes 2015-06-30 02:00:08 +00:00
			`sshDynamicKey := string(keySecret.Data["key"].(string))`
			`if len(sshDynamicKey) == 0 {`
			`c.Ui.Error(fmt.Sprintf("Invalid key"))`
			`return 2`
			`}`
Vault SSH: replaced concatenated strings by fmt.Sprintf 2015-07-02 00:35:11 +00:00			`sshDynamicKeyFileName := fmt.Sprintf("vault_ssh_key_%s_%s.pem", username, ip.String())`
Refactoring changes 2015-06-30 02:00:08 +00:00			`err = ioutil.WriteFile(sshDynamicKeyFileName, []byte(sshDynamicKey), 0600)`
Received OTK in SSH client. Forked SSH process from CLI. Added utility file for SSH. 2015-06-18 00:33:03 +00:00			`sshBinary, err := exec.LookPath("ssh")`
			`if err != nil {`
Refactoring changes 2015-06-30 02:00:08 +00:00			`c.Ui.Error("ssh binary not found in PATH\n")`
			`return 2`
Received OTK in SSH client. Forked SSH process from CLI. Added utility file for SSH. 2015-06-18 00:33:03 +00:00			`}`

			`sshEnv := os.Environ()`

Refactoring changes 2015-06-30 02:00:08 +00:00			`sshCmdArgs := []string{"ssh", "-i", sshDynamicKeyFileName, args[0]}`
Received OTK in SSH client. Forked SSH process from CLI. Added utility file for SSH. 2015-06-18 00:33:03 +00:00
			`if err := syscall.Exec(sshBinary, sshCmdArgs, sshEnv); err != nil {`
Vault SSH: replaced concatenated strings by fmt.Sprintf 2015-07-02 00:35:11 +00:00			`c.Ui.Error(fmt.Sprintf("Could not launch 'ssh' binary:'%s", err))`
			`return 2`
Received OTK in SSH client. Forked SSH process from CLI. Added utility file for SSH. 2015-06-18 00:33:03 +00:00			`}`
Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect 2015-06-17 16:39:49 +00:00			`return 0`
			`}`

POC: Rework. Doing away with policy file. 2015-06-24 22:13:12 +00:00			`type OneTimeKey struct {`
			`Key string`
			`}`

Vault SSH: PR review rework - 1 2015-07-01 15:58:49 +00:00			`func (c *SSHCommand) Synopsis() string {`
Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect 2015-06-17 16:39:49 +00:00			`return "Initiate a SSH session"`
			`}`

Vault SSH: PR review rework - 1 2015-07-01 15:58:49 +00:00			`func (c *SSHCommand) Help() string {`
Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect 2015-06-17 16:39:49 +00:00			helpText := `
Vault SSH: PR review rework - 1 2015-07-01 15:58:49 +00:00			`SSHCommand Help String`
Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect 2015-06-17 16:39:49 +00:00			`
			`return strings.TrimSpace(helpText)`
			`}`