propellor/src/Propellor/PrivData.hs

{-# LANGUAGE PackageImports #-}

module Propellor.PrivData where

import Control.Applicative
import System.FilePath
import System.IO
import System.Directory
import Data.Maybe
import Data.Monoid
import Control.Monad
import Control.Monad.IfElse
import "mtl" Control.Monad.Reader
import qualified Data.Map as M
import qualified Data.Set as S

import Propellor.Types
import Propellor.Types.Info
import Propellor.Message
import Utility.Monad
import Utility.PartialPrelude
import Utility.Exception
import Utility.Process
import Utility.Tmp
import Utility.SafeCommand
import Utility.Misc
import Utility.FileMode
import Utility.Env

-- | Allows a Property to access the value of a specific PrivDataField,
-- for use in a specific Context.
--
-- Example use:
--
-- > withPrivData (PrivFile pemfile) (Context "joeyh.name") $ \getdata ->
-- >     property "joeyh.name ssl cert" $ getdata $ \privdata ->
-- >       liftIO $ writeFile pemfile privdata
-- >   where pemfile = "/etc/ssl/certs/web.pem"
-- 
-- Note that if the value is not available, the action is not run
-- and instead it prints a message to help the user make the necessary
-- private data available.
withPrivData
	:: PrivDataField
	-> Context
	-> (((PrivData -> Propellor Result) -> Propellor Result) -> Property)
	-> Property
withPrivData field context@(Context cname) mkprop = addinfo $ mkprop $ \a ->
	maybe missing a =<< liftIO (getLocalPrivData field context)
  where
	missing = liftIO $ do
		warningMessage $ "Missing privdata " ++ show field ++ " (for " ++ cname ++ ")"
		putStrLn $ "Fix this by running: propellor --set '" ++ show field ++ "' '" ++ cname ++ "'"
		return FailedChange
	addinfo p = p { propertyInfo = propertyInfo p <> mempty { _privDataFields = S.singleton (field, context) } }

{- Gets the requested field's value, in the specified context if it's
 - available, from the host's local privdata cache. -}
getLocalPrivData :: PrivDataField -> Context -> IO (Maybe PrivData)
getLocalPrivData field context =
	getPrivData field context . fromMaybe M.empty <$> localcache
  where
	localcache = catchDefaultIO Nothing $ readish <$> readFile privDataLocal

getPrivData :: PrivDataField -> Context -> (M.Map (PrivDataField, Context) PrivData) -> Maybe PrivData
getPrivData field context = M.lookup (field, context)

setPrivData :: PrivDataField -> Context -> IO ()
setPrivData field context = do
	putStrLn "Enter private data on stdin; ctrl-D when done:"
	setPrivDataTo field context =<< hGetContentsStrict stdin

dumpPrivData :: PrivDataField -> Context -> IO ()
dumpPrivData field context =
	maybe (error "Requested privdata is not set.") putStrLn
		=<< (getPrivData field context <$> decryptPrivData)

editPrivData :: PrivDataField -> Context -> IO ()
editPrivData field context = do
	v <- getPrivData field context <$> decryptPrivData
	v' <- withTmpFile "propellorXXXX" $ \f h -> do
		hClose h
		maybe noop (writeFileProtected f) v
		editor <- getEnvDefault "EDITOR" "vi"
		unlessM (boolSystem editor [File f]) $
			error "Editor failed; aborting."
		readFile f
	setPrivDataTo field context v'

listPrivDataFields :: IO ()
listPrivDataFields = do
	putStrLn ("All currently set privdata fields:")
	mapM_ list . M.keys =<< decryptPrivData
  where
	list = putStrLn . ("\t" ++) . shellEscape . show

setPrivDataTo :: PrivDataField -> Context -> PrivData -> IO ()
setPrivDataTo field context value = do
	makePrivDataDir
	m <- decryptPrivData
	let m' = M.insert (field, context) (chomp value) m
	gpgEncrypt privDataFile (show m')
	putStrLn "Private data set."
	void $ boolSystem "git" [Param "add", File privDataFile]
  where
	chomp s
		| end s == "\n" = chomp (beginning s)
		| otherwise = s

decryptPrivData :: IO (M.Map (PrivDataField, Context) PrivData)
decryptPrivData = fromMaybe M.empty . readish <$> gpgDecrypt privDataFile

makePrivDataDir :: IO ()
makePrivDataDir = createDirectoryIfMissing False privDataDir

privDataDir :: FilePath
privDataDir = "privdata"

privDataFile :: FilePath
privDataFile = privDataDir </> "privdata.gpg"

privDataLocal :: FilePath
privDataLocal = privDataDir </> "local"

gpgDecrypt :: FilePath -> IO String
gpgDecrypt f = ifM (doesFileExist f)
	( readProcess "gpg" ["--decrypt", f]
	, return ""
	)

gpgEncrypt :: FilePath -> String -> IO ()
gpgEncrypt f s = do
	encrypted <- writeReadProcessEnv "gpg"
		[ "--default-recipient-self"
		, "--armor"
		, "--encrypt"
		]
		Nothing
		(Just $ flip hPutStr s)
		Nothing
	viaTmp writeFile f encrypted
Propellor monad is a Reader for HostAttr So far, the hostname is only used to improve a message in withPrivData, but I anticipate using HostAttr for a lot more. 2014-04-10 21:22:32 +00:00			`{-# LANGUAGE PackageImports #-}`

prepare for hackage 2014-03-31 03:37:54 +00:00			`module Propellor.PrivData where`
propellor spin 2014-03-30 23:11:24 +00:00
			`import Control.Applicative`
			`import System.FilePath`
			`import System.IO`
			`import System.Directory`
			`import Data.Maybe`
propellor spin 2014-07-06 19:56:56 +00:00			`import Data.Monoid`
propellor spin 2014-03-30 23:11:24 +00:00			`import Control.Monad`
Add --edit to edit a privdata value in $EDITOR 2014-06-19 18:41:55 +00:00			`import Control.Monad.IfElse`
Propellor monad is a Reader for HostAttr So far, the hostname is only used to improve a message in withPrivData, but I anticipate using HostAttr for a lot more. 2014-04-10 21:22:32 +00:00			`import "mtl" Control.Monad.Reader`
propellor spin 2014-07-06 19:56:56 +00:00			`import qualified Data.Map as M`
			`import qualified Data.Set as S`
propellor spin 2014-03-30 23:11:24 +00:00
prepare for hackage 2014-03-31 03:37:54 +00:00			`import Propellor.Types`
propellor spin 2014-07-06 19:56:56 +00:00			`import Propellor.Types.Info`
propellor spin 2014-03-31 22:31:08 +00:00			`import Propellor.Message`
propellor spin 2014-03-30 23:11:24 +00:00			`import Utility.Monad`
			`import Utility.PartialPrelude`
			`import Utility.Exception`
			`import Utility.Process`
			`import Utility.Tmp`
			`import Utility.SafeCommand`
propellor spin 2014-03-31 01:01:18 +00:00			`import Utility.Misc`
Add --edit to edit a privdata value in $EDITOR 2014-06-19 18:41:55 +00:00			`import Utility.FileMode`
			`import Utility.Env`
propellor spin 2014-03-30 23:11:24 +00:00
propellor spin 2014-07-06 19:56:56 +00:00			`-- \| Allows a Property to access the value of a specific PrivDataField,`
			`-- for use in a specific Context.`
			`--`
			`-- Example use:`
			`--`
			`-- > withPrivData (PrivFile pemfile) (Context "joeyh.name") $ \getdata ->`
			`-- > property "joeyh.name ssl cert" $ getdata $ \privdata ->`
			`-- > liftIO $ writeFile pemfile privdata`
			`-- > where pemfile = "/etc/ssl/certs/web.pem"`
			`--`
			`-- Note that if the value is not available, the action is not run`
			`-- and instead it prints a message to help the user make the necessary`
			`-- private data available.`
			`withPrivData`
			`:: PrivDataField`
			`-> Context`
			`-> (((PrivData -> Propellor Result) -> Propellor Result) -> Property)`
			`-> Property`
			`withPrivData field context@(Context cname) mkprop = addinfo $ mkprop $ \a ->`
			`maybe missing a =<< liftIO (getLocalPrivData field context)`
			`where`
			`missing = liftIO $ do`
			`warningMessage $ "Missing privdata " ++ show field ++ " (for " ++ cname ++ ")"`
			`putStrLn $ "Fix this by running: propellor --set '" ++ show field ++ "' '" ++ cname ++ "'"`
			`return FailedChange`
			`addinfo p = p { propertyInfo = propertyInfo p <> mempty { _privDataFields = S.singleton (field, context) } }`

			`{- Gets the requested field's value, in the specified context if it's`
			`- available, from the host's local privdata cache. -}`
			`getLocalPrivData :: PrivDataField -> Context -> IO (Maybe PrivData)`
			`getLocalPrivData field context =`
			`getPrivData field context . fromMaybe M.empty <$> localcache`
propellor spin 2014-03-30 23:11:24 +00:00			`where`
propellor spin 2014-07-06 19:56:56 +00:00			`localcache = catchDefaultIO Nothing $ readish <$> readFile privDataLocal`

			`getPrivData :: PrivDataField -> Context -> (M.Map (PrivDataField, Context) PrivData) -> Maybe PrivData`
			`getPrivData field context = M.lookup (field, context)`

			`setPrivData :: PrivDataField -> Context -> IO ()`
			`setPrivData field context = do`
propellor spin 2014-03-31 01:01:18 +00:00			`putStrLn "Enter private data on stdin; ctrl-D when done:"`
propellor spin 2014-07-06 19:56:56 +00:00			`setPrivDataTo field context =<< hGetContentsStrict stdin`
Add --edit to edit a privdata value in $EDITOR 2014-06-19 18:41:55 +00:00
propellor spin 2014-07-06 19:56:56 +00:00			`dumpPrivData :: PrivDataField -> Context -> IO ()`
			`dumpPrivData field context =`
Add --edit to edit a privdata value in $EDITOR 2014-06-19 18:41:55 +00:00			`maybe (error "Requested privdata is not set.") putStrLn`
propellor spin 2014-07-06 19:56:56 +00:00			`=<< (getPrivData field context <$> decryptPrivData)`
Add --edit to edit a privdata value in $EDITOR 2014-06-19 18:41:55 +00:00
propellor spin 2014-07-06 19:56:56 +00:00			`editPrivData :: PrivDataField -> Context -> IO ()`
			`editPrivData field context = do`
			`v <- getPrivData field context <$> decryptPrivData`
Add --edit to edit a privdata value in $EDITOR 2014-06-19 18:41:55 +00:00			`v' <- withTmpFile "propellorXXXX" $ \f h -> do`
			`hClose h`
			`maybe noop (writeFileProtected f) v`
			`editor <- getEnvDefault "EDITOR" "vi"`
			`unlessM (boolSystem editor [File f]) $`
			`error "Editor failed; aborting."`
			`readFile f`
propellor spin 2014-07-06 19:56:56 +00:00			`setPrivDataTo field context v'`
Add --edit to edit a privdata value in $EDITOR 2014-06-19 18:41:55 +00:00
propellor spin 2014-07-06 19:56:56 +00:00			`listPrivDataFields :: IO ()`
			`listPrivDataFields = do`
			`putStrLn ("All currently set privdata fields:")`
			`mapM_ list . M.keys =<< decryptPrivData`
Add --list-fields to list a host's currently set privdata fields. 2014-06-19 18:56:50 +00:00			`where`
			`list = putStrLn . ("\t" ++) . shellEscape . show`

propellor spin 2014-07-06 19:56:56 +00:00			`setPrivDataTo :: PrivDataField -> Context -> PrivData -> IO ()`
			`setPrivDataTo field context value = do`
propellor spin 2014-03-30 23:19:29 +00:00			`makePrivDataDir`
propellor spin 2014-07-06 19:56:56 +00:00			`m <- decryptPrivData`
			`let m' = M.insert (field, context) (chomp value) m`
			`gpgEncrypt privDataFile (show m')`
propellor spin 2014-03-31 01:01:18 +00:00			`putStrLn "Private data set."`
propellor spin 2014-07-06 19:56:56 +00:00			`void $ boolSystem "git" [Param "add", File privDataFile]`
propellor spin 2014-04-01 22:42:32 +00:00			`where`
			`chomp s`
			`\| end s == "\n" = chomp (beginning s)`
			`\| otherwise = s`
propellor spin 2014-03-30 23:11:24 +00:00
propellor spin 2014-07-06 19:56:56 +00:00			`decryptPrivData :: IO (M.Map (PrivDataField, Context) PrivData)`
			`decryptPrivData = fromMaybe M.empty . readish <$> gpgDecrypt privDataFile`
Added --dump to dump out a field of a host's privdata. Useful for editing it. 2014-06-01 20:58:05 +00:00
propellor spin 2014-03-30 23:19:29 +00:00			`makePrivDataDir :: IO ()`
			`makePrivDataDir = createDirectoryIfMissing False privDataDir`

propellor spin 2014-03-30 23:11:24 +00:00			`privDataDir :: FilePath`
			`privDataDir = "privdata"`

propellor spin 2014-07-06 19:56:56 +00:00			`privDataFile :: FilePath`
			`privDataFile = privDataDir </> "privdata.gpg"`
propellor spin 2014-03-30 23:11:24 +00:00
			`privDataLocal :: FilePath`
			`privDataLocal = privDataDir </> "local"`

			`gpgDecrypt :: FilePath -> IO String`
			`gpgDecrypt f = ifM (doesFileExist f)`
			`( readProcess "gpg" ["--decrypt", f]`
			`, return ""`
			`)`

			`gpgEncrypt :: FilePath -> String -> IO ()`
			`gpgEncrypt f s = do`
			`encrypted <- writeReadProcessEnv "gpg"`
			`[ "--default-recipient-self"`
			`, "--armor"`
			`, "--encrypt"`
			`]`
			`Nothing`
			`(Just $ flip hPutStr s)`
			`Nothing`
			`viaTmp writeFile f encrypted`