yosaid.go 8.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206
  1. package main
  2. import (
  3. "bufio"
  4. "flag"
  5. "fmt"
  6. "log"
  7. "net/http"
  8. "os"
  9. "path"
  10. "strings"
  11. "git.aetherial.dev/aeth/yosai/pkg/cloud/linode"
  12. "git.aetherial.dev/aeth/yosai/pkg/config"
  13. "git.aetherial.dev/aeth/yosai/pkg/daemon"
  14. daemonproto "git.aetherial.dev/aeth/yosai/pkg/daemon-proto"
  15. "git.aetherial.dev/aeth/yosai/pkg/keytags"
  16. "git.aetherial.dev/aeth/yosai/pkg/secrets/hashicorp"
  17. "git.aetherial.dev/aeth/yosai/pkg/secrets/keyring"
  18. "git.aetherial.dev/aeth/yosai/pkg/semaphore"
  19. "github.com/joho/godotenv"
  20. )
  21. const ConfigFileName = "yosai.json"
  22. func GetSshKeyPrompt(daemonKeyring keyring.DaemonKeyRing, conf config.Configuration) {
  23. fmt.Print("Enter the full path of the ssh key to use for your daemon: ")
  24. reader := bufio.NewReader(os.Stdin)
  25. line, err := reader.ReadString('\n')
  26. if err != nil {
  27. log.Fatal(err)
  28. }
  29. keypath := strings.Trim(line, "\n")
  30. pubkeyBytes, err := os.ReadFile(keypath + ".pub")
  31. if err != nil {
  32. log.Fatal("Error reading the public key: ", err)
  33. }
  34. privkeyBytes, err := os.ReadFile(keypath)
  35. if err != nil {
  36. log.Fatal("Error reading the private key: ", err)
  37. }
  38. err = daemonKeyring.AddKey(keytags.SYSTEM_SSH_KEYNAME, keyring.SshKey{
  39. PublicKey: strings.Trim(string(pubkeyBytes), "\n"),
  40. PrivateKey: strings.Trim(string(privkeyBytes), "\n"),
  41. Username: conf.Username,
  42. })
  43. if err != nil {
  44. log.Fatal(err.Error())
  45. }
  46. }
  47. func xdgUserHome() string {
  48. return path.Join("/home", os.Getenv("USER"), ".config", "yosai.json")
  49. }
  50. const UNIX_DOMAIN_SOCK_PATH = "/tmp/yosaid.sock"
  51. func main() {
  52. configMode := flag.String("config-mode", "", "Specify the configuration mode to run the daemon as, i.e. 'server' or 'host'")
  53. username := flag.String("username", "", "This is the username to run the daemon as. Usually only applicable if using a configuration server")
  54. secretsBackendKey := flag.String("secrets-backend-key", "", "This is the API key for the secret backend")
  55. envFile := flag.String("env", "./.env", "Pass an environment variable file to this flag. Default's to '.env' in the CWD")
  56. configInit := flag.Bool("config-init", false, "pass this to create a blank config at ./.config.tmpl")
  57. envInit := flag.Bool("env-init", false, "pass this to create a blank env file at ./.env.tmpl")
  58. configServerPort := flag.Int("config-server-port", 8080, "Specify the port to reach the config server at. defaults to 8080")
  59. configServerAddr := flag.String("config-server-addr", "localhost", "Specify the network address to reach the config server at. Defaults to localhost")
  60. configServerProto := flag.String("config-server-proto", "http", "Specify the protocol to contact the config server with, e.g. http,https,yosai. Defaults to http")
  61. configFileLoc := flag.String("config-file-loc", xdgUserHome(), "Pass a configuration file in a non-default location. Defaults to /home/$USER/.config/yosai.json")
  62. flag.Parse()
  63. if *configInit {
  64. err := config.BlankConfig("./.config.tmpl")
  65. if err != nil {
  66. log.Fatal("Couldnt create blank config: ", err)
  67. }
  68. fmt.Println("Blank config created at ./.config.tmpl")
  69. os.Exit(0)
  70. }
  71. if *envInit {
  72. err := config.BlankEnv("./.env.tmpl")
  73. if err != nil {
  74. log.Fatal("Couldnt create blank env file: ", err)
  75. }
  76. fmt.Println("Blank env file created at ./.env.tmpl")
  77. os.Exit(0)
  78. }
  79. err := godotenv.Load(*envFile)
  80. if err != nil {
  81. fmt.Println("Couldn't find an env file in the current directory. Relying on program startup sequence to provide initial configuration")
  82. }
  83. startupArgs := map[config.StartupArgKeyname]string{
  84. config.ConfigModeArg: *configMode,
  85. config.UsernameArg: *username,
  86. config.SecretsBackendKeyArg: *secretsBackendKey,
  87. config.ConfigServerAddr: *configServerAddr,
  88. config.ConfigServerProto: *configServerProto,
  89. config.ConfigFileLoc: *configFileLoc,
  90. }
  91. var configIO config.DaemonConfigIO
  92. startupData := config.Turnkey(startupArgs)
  93. switch startupData.ConfigurationMode {
  94. case "server":
  95. configIO = config.NewConfigServerImpl(startupData.ConfigServerAddr, *configServerPort, startupData.ConfigServerProto)
  96. case "host":
  97. configIO = config.NewConfigHostImpl(startupData.ConfigFileLoc)
  98. default:
  99. fmt.Println("unknown configuration mode: ", startupData.ConfigurationMode, " passed.")
  100. os.Exit(199)
  101. }
  102. conf := config.NewConfiguration(os.Stdout, config.ValidateUsername(startupData.Username))
  103. configIO.Propogate(conf)
  104. conf.SetConfigIO(configIO)
  105. conf.SetStreamIO(os.Stdout)
  106. apikeyring := keyring.NewKeyRing(conf, keytags.ConstKeytag{})
  107. // Here we are demonstrating how you add a key to a keyring, in this
  108. // case it is the top level keyring.
  109. apikeyring.AddKey(keytags.HASHICORP_VAULT_KEYNAME, keyring.BearerAuth{
  110. Secret: startupData.SecretsBackendKey,
  111. Username: config.ValidateUsername(startupData.Username),
  112. })
  113. hashiConn := hashicorp.VaultConnection{
  114. VaultUrl: conf.Service.SecretsBackendUrl,
  115. HttpProto: "https",
  116. KeyRing: apikeyring,
  117. Client: &http.Client{},
  118. }
  119. apikeyring.Rungs = append(apikeyring.Rungs, hashiConn)
  120. _, err = apikeyring.GetKey(keytags.SYSTEM_SSH_KEYNAME)
  121. if err != nil {
  122. GetSshKeyPrompt(hashiConn, *conf)
  123. }
  124. err = apikeyring.Bootstrap()
  125. if err != nil {
  126. log.Fatal(err)
  127. }
  128. // creating the connection client with Hashicorp vault, and using the keyring we created above
  129. // as this clients keyring. This allows the API key we added earlier to be used when calling the API
  130. lnConn := linode.LinodeConnection{Client: &http.Client{}, Keyring: apikeyring, Config: conf, KeyTagger: keytags.ConstKeytag{}}
  131. semaphoreConn := semaphore.NewSemaphoreClient(conf.Service.AnsibleBackendUrl, "https", apikeyring, conf, keytags.ConstKeytag{})
  132. apikeyring.Rungs = append(apikeyring.Rungs, semaphoreConn)
  133. ctx := daemon.NewContext(UNIX_DOMAIN_SOCK_PATH, os.Stdout, apikeyring, conf)
  134. lnRouter := linode.NewLinodeRouter()
  135. lnRouter.Register(daemonproto.ADD, lnConn.AddLinodeHandler)
  136. lnRouter.Register(daemonproto.SHOW, lnConn.ShowLinodeHandler)
  137. lnRouter.Register(daemonproto.DELETE, lnConn.DeleteLinodeHandler)
  138. lnRouter.Register(daemonproto.POLL, lnConn.PollLinodeHandler)
  139. semHostsRouter := semaphore.NewSemaphoreRouter()
  140. semHostsRouter.Register(daemonproto.ADD, semaphoreConn.AddHostHandler)
  141. semHostsRouter.Register(daemonproto.DELETE, semaphoreConn.DeleteHostHandler)
  142. semHostsRouter.Register(daemonproto.SHOW, semaphoreConn.ShowHostHandler)
  143. semProjRouter := semaphore.NewSemaphoreRouter()
  144. semProjRouter.Register(daemonproto.ADD, semaphoreConn.AddProjectHandler)
  145. semProjRouter.Register(daemonproto.SHOW, semaphoreConn.ShowProjectHandler)
  146. semTaskRouter := semaphore.NewSemaphoreRouter()
  147. semTaskRouter.Register(daemonproto.RUN, semaphoreConn.RunTaskHandler)
  148. semTaskRouter.Register(daemonproto.POLL, semaphoreConn.PollTaskHandler)
  149. semTaskRouter.Register(daemonproto.SHOW, semaphoreConn.ShowTaskHandler)
  150. semBootstrapRouter := semaphore.NewSemaphoreRouter()
  151. semBootstrapRouter.Register(daemonproto.BOOTSTRAP, semaphoreConn.BootstrapHandler)
  152. configPeerRouter := config.NewConfigRouter()
  153. configPeerRouter.Register(daemonproto.ADD, conf.AddPeerHandler)
  154. configPeerRouter.Register(daemonproto.DELETE, conf.DeletePeerHandler)
  155. configServerRouter := config.NewConfigRouter()
  156. configServerRouter.Register(daemonproto.ADD, conf.AddServerHandler)
  157. configServerRouter.Register(daemonproto.DELETE, conf.DeleteServerHandler)
  158. configRouter := config.NewConfigRouter()
  159. configRouter.Register(daemonproto.SHOW, conf.ShowConfigHandler)
  160. configRouter.Register(daemonproto.SAVE, conf.SaveConfigHandler)
  161. configRouter.Register(daemonproto.RELOAD, conf.ReloadConfigHandler)
  162. keyringRouter := keyring.NewKeyRingRouter()
  163. keyringRouter.Register(daemonproto.SHOW, apikeyring.ShowKeyringHandler)
  164. keyringRouter.Register(daemonproto.BOOTSTRAP, apikeyring.BootstrapKeyringHandler)
  165. keyringRouter.Register(daemonproto.RELOAD, apikeyring.ReloadKeyringHandler)
  166. vpnRouter := daemon.NewVpnRouter()
  167. vpnRouter.Register(daemonproto.SHOW, ctx.VpnShowHandler)
  168. vpnRouter.Register(daemonproto.SAVE, ctx.VpnSaveHandler)
  169. ctxRouter := daemon.NewContextRouter()
  170. ctxRouter.Register(daemonproto.SHOW, ctx.ShowRoutesHandler)
  171. ctx.Register("cloud", lnRouter)
  172. ctx.Register("keyring", keyringRouter)
  173. ctx.Register("config", configRouter)
  174. ctx.Register("config-peer", configPeerRouter)
  175. ctx.Register("config-server", configServerRouter)
  176. ctx.Register("ansible", semBootstrapRouter)
  177. ctx.Register("ansible-hosts", semHostsRouter)
  178. ctx.Register("ansible-projects", semProjRouter)
  179. ctx.Register("ansible-task", semTaskRouter)
  180. ctx.Register("vpn-config", vpnRouter)
  181. ctx.Register("routes", ctxRouter)
  182. ctx.ListenAndServe()
  183. }