colmena/src/nix/key.rs

use std::{
    io::{self, Cursor},
    path::{Path, PathBuf},
    process::Stdio,
};

use regex::Regex;
use serde::{Deserialize, Serialize};
use tokio::{
    fs::File,
    io::AsyncRead,
    process::Command,
};
use validator::{Validate, ValidationError};

#[derive(Debug, Clone, Serialize, Deserialize)]
enum KeySource {
    #[serde(rename = "text")]
    Text(String),

    #[serde(rename = "keyCommand")]
    Command(Vec<String>),

    #[serde(rename = "keyFile")]
    File(PathBuf),
}

#[derive(Debug, Clone, Validate, Serialize, Deserialize)]
pub struct Key {
    #[serde(flatten)]
    source: KeySource,

    #[validate(custom = "validate_dest_dir")]
    #[serde(rename = "destDir")]
    dest_dir: PathBuf,

    #[validate(custom = "validate_unix_name")]
    user: String,

    #[validate(custom = "validate_unix_name")]
    group: String,

    permissions: String,
}

impl Key {
    pub async fn reader(&'_ self,) -> Result<Box<dyn AsyncRead + Send + Unpin + '_>, io::Error> {
        match &self.source {
            KeySource::Text(content) => {
                Ok(Box::new(Cursor::new(content)))
            }
            KeySource::Command(command) => {
                let pathname = &command[0];
                let argv = &command[1..];

                let stdout = Command::new(pathname)
                    .args(argv)
                    .stdin(Stdio::null())
                    .stdout(Stdio::piped())
                    .stderr(Stdio::null())
                    .spawn()?
                    .stdout.take().unwrap();

                Ok(Box::new(stdout))
            }
            KeySource::File(path) => {
                Ok(Box::new(File::open(path).await?))
            }
        }
    }

    pub fn dest_dir(&self) -> &Path { &self.dest_dir }
    pub fn user(&self) -> &str { &self.user }
    pub fn group(&self) -> &str { &self.user }
    pub fn permissions(&self) -> &str { &self.permissions }
}

fn validate_unix_name(name: &str) -> Result<(), ValidationError> {
    let re = Regex::new(r"^[a-z][-a-z0-9]*$").unwrap();
    if re.is_match(name) {
        Ok(())
    } else {
        Err(ValidationError::new("Invalid user/group name"))
    }
}

fn validate_dest_dir(dir: &PathBuf) -> Result<(), ValidationError> {
    if dir.has_root() {
        Ok(())
    } else {
        Err(ValidationError::new("Secret key destination directory must be absolute"))
    }
}
Implement key upload from local file 2021-02-10 20:22:31 +02:00			`use std::{`
			`io::{self, Cursor},`
key: Make the key source better typed 2021-02-10 17:34:52 -08:00			`path::{Path, PathBuf},`
Add 'deployment.keys.<key>.keyCommand' support Fixes #3. 2021-02-10 18:08:47 -08:00			`process::Stdio,`
Implement key upload from local file 2021-02-10 20:22:31 +02:00			`};`
Refactoring and deployment.keys implementation More refactoring of the deployment process, as well as an initial implementation of `deployment.keys`. Fixes #2. 2021-02-08 18:38:14 -08:00
			`use regex::Regex;`
Implement key upload from local file 2021-02-10 20:22:31 +02:00			`use serde::{Deserialize, Serialize};`
Add 'deployment.keys.<key>.keyCommand' support Fixes #3. 2021-02-10 18:08:47 -08:00			`use tokio::{`
			`fs::File,`
			`io::AsyncRead,`
			`process::Command,`
			`};`
Refactoring and deployment.keys implementation More refactoring of the deployment process, as well as an initial implementation of `deployment.keys`. Fixes #2. 2021-02-08 18:38:14 -08:00			`use validator::{Validate, ValidationError};`

key: Make the key source better typed 2021-02-10 17:34:52 -08:00			`#[derive(Debug, Clone, Serialize, Deserialize)]`
			`enum KeySource {`
			`#[serde(rename = "text")]`
			`Text(String),`

			`#[serde(rename = "keyCommand")]`
			`Command(Vec<String>),`

			`#[serde(rename = "keyFile")]`
			`File(PathBuf),`
			`}`

Refactoring and deployment.keys implementation More refactoring of the deployment process, as well as an initial implementation of `deployment.keys`. Fixes #2. 2021-02-08 18:38:14 -08:00			`#[derive(Debug, Clone, Validate, Serialize, Deserialize)]`
			`pub struct Key {`
key: Make the key source better typed 2021-02-10 17:34:52 -08:00			`#[serde(flatten)]`
			`source: KeySource,`

Refactoring and deployment.keys implementation More refactoring of the deployment process, as well as an initial implementation of `deployment.keys`. Fixes #2. 2021-02-08 18:38:14 -08:00			`#[validate(custom = "validate_dest_dir")]`
			`#[serde(rename = "destDir")]`
key: Make the key source better typed 2021-02-10 17:34:52 -08:00			`dest_dir: PathBuf,`

Refactoring and deployment.keys implementation More refactoring of the deployment process, as well as an initial implementation of `deployment.keys`. Fixes #2. 2021-02-08 18:38:14 -08:00			`#[validate(custom = "validate_unix_name")]`
key: Make the key source better typed 2021-02-10 17:34:52 -08:00			`user: String,`

Refactoring and deployment.keys implementation More refactoring of the deployment process, as well as an initial implementation of `deployment.keys`. Fixes #2. 2021-02-08 18:38:14 -08:00			`#[validate(custom = "validate_unix_name")]`
key: Make the key source better typed 2021-02-10 17:34:52 -08:00			`group: String,`

			`permissions: String,`
Refactoring and deployment.keys implementation More refactoring of the deployment process, as well as an initial implementation of `deployment.keys`. Fixes #2. 2021-02-08 18:38:14 -08:00			`}`

Implement key upload from local file 2021-02-10 20:22:31 +02:00			`impl Key {`
key: Make the key source better typed 2021-02-10 17:34:52 -08:00			`pub async fn reader(&'_ self,) -> Result<Box<dyn AsyncRead + Send + Unpin + '_>, io::Error> {`
			`match &self.source {`
			`KeySource::Text(content) => {`
			`Ok(Box::new(Cursor::new(content)))`
			`}`
Add 'deployment.keys.<key>.keyCommand' support Fixes #3. 2021-02-10 18:08:47 -08:00			`KeySource::Command(command) => {`
			`let pathname = &command[0];`
			`let argv = &command[1..];`

			`let stdout = Command::new(pathname)`
			`.args(argv)`
			`.stdin(Stdio::null())`
			`.stdout(Stdio::piped())`
			`.stderr(Stdio::null())`
			`.spawn()?`
			`.stdout.take().unwrap();`

			`Ok(Box::new(stdout))`
key: Make the key source better typed 2021-02-10 17:34:52 -08:00			`}`
			`KeySource::File(path) => {`
			`Ok(Box::new(File::open(path).await?))`
			`}`
Implement key upload from local file 2021-02-10 20:22:31 +02:00			`}`
			`}`
key: Make the key source better typed 2021-02-10 17:34:52 -08:00
			`pub fn dest_dir(&self) -> &Path { &self.dest_dir }`
			`pub fn user(&self) -> &str { &self.user }`
			`pub fn group(&self) -> &str { &self.user }`
			`pub fn permissions(&self) -> &str { &self.permissions }`
Implement key upload from local file 2021-02-10 20:22:31 +02:00			`}`

Refactoring and deployment.keys implementation More refactoring of the deployment process, as well as an initial implementation of `deployment.keys`. Fixes #2. 2021-02-08 18:38:14 -08:00			`fn validate_unix_name(name: &str) -> Result<(), ValidationError> {`
			`let re = Regex::new(r"^[a-z][-a-z0-9]*$").unwrap();`
			`if re.is_match(name) {`
			`Ok(())`
			`} else {`
			`Err(ValidationError::new("Invalid user/group name"))`
			`}`
			`}`

			`fn validate_dest_dir(dir: &PathBuf) -> Result<(), ValidationError> {`
			`if dir.has_root() {`
			`Ok(())`
			`} else {`
			`Err(ValidationError::new("Secret key destination directory must be absolute"))`
			`}`
			`}`