From bff7e9cea0f93012bd91d7acdb9e068189ac0f6d Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Sat, 27 Apr 2019 09:47:33 +0100 Subject: [PATCH] [Project] More logic in vault command --- lualib/rspamadm/vault.lua | 115 +++++++++++++++++++++++++++----------- 1 file changed, 81 insertions(+), 34 deletions(-) diff --git a/lualib/rspamadm/vault.lua b/lualib/rspamadm/vault.lua index 3d875fb39..2ee3e837d 100644 --- a/lualib/rspamadm/vault.lua +++ b/lualib/rspamadm/vault.lua @@ -55,18 +55,25 @@ parser:command "list ls l" local show = parser:command "show get" :description "Extract element from the vault" -show:option "-d --domain" +show:argument "domain" :description "Domain to create key for" - :count "1" + :args "+" + +local delete = parser:command "delete del rm remove" + :description "Delete element from the vault" +delete:argument "domain" + :description "Domain to create delete key(s) for" + :args "+" + local newkey = parser:command "newkey new create" :description "Add new key to the vault" -newkey:option "-d --domain" +newkey:argument "domain" :description "Domain to create key for" - :count "1" + :args "+" newkey:option "-s --selector" :description "Selector to use" - :count "1" + :count "?" newkey:option "-A --algorithm" :argname("") :convert { @@ -106,37 +113,45 @@ local function vault_url(opts, path) return string.format('%s/v1/%s', opts.addr, opts.path) end -local function maybe_print_vault_data(opts, data, func) - local p = ucl.parser() - local res,parser_err = p:parse_string(data) +local function is_http_error(err, data) + return err or (math.floor(data.code / 100) ~= 2) +end - if not res then - printf('vault reply for cannot be parsed: %s', parser_err) - else - local obj = p:get_object() +local function maybe_print_vault_data(opts, data, func) + if data then + local p = ucl.parser() + local res,parser_err = p:parse_string(data) - if func then - printf(ucl.to_format(func(obj), opts.output)) + if not res then + printf('vault reply for cannot be parsed: %s', parser_err) else - printf(ucl.to_format(obj, opts.output)) + local obj = p:get_object() + + if func then + printf(ucl.to_format(func(obj), opts.output)) + else + printf(ucl.to_format(obj, opts.output)) + end end + else + printf('no data received') end end -local function show_handler(opts) - local uri = vault_url(opts, opts.domain) +local function show_handler(opts, domain) + local uri = vault_url(opts, domain) local err,data = rspamd_http.request{ config = rspamd_config, ev_base = rspamadm_ev_base, session = rspamadm_session, - resolver = rspamadm_resolver, + resolver = rspamadm_dns_resolver, url = uri, headers = { ['X-Vault-Token'] = opts.token } } - if err then + if is_http_error(err, data) then printf('cannot get request to the vault (%s), HTTP error code %s', uri, data.code) maybe_print_vault_data(opts, err) os.exit(1) @@ -147,20 +162,43 @@ local function show_handler(opts) end end +local function delete_handler(opts, domain) + local uri = vault_url(opts, domain) + local err,data = rspamd_http.request{ + config = rspamd_config, + ev_base = rspamadm_ev_base, + session = rspamadm_session, + resolver = rspamadm_dns_resolver, + url = uri, + method = 'delete', + headers = { + ['X-Vault-Token'] = opts.token + } + } + + if is_http_error(err, data) then + printf('cannot get request to the vault (%s), HTTP error code %s', uri, data.code) + maybe_print_vault_data(opts, err) + os.exit(1) + else + printf('deleted key(s) for %s', domain) + end +end + local function list_handler(opts) local uri = vault_url(opts) local err,data = rspamd_http.request{ config = rspamd_config, ev_base = rspamadm_ev_base, session = rspamadm_session, - resolver = rspamadm_resolver, + resolver = rspamadm_dns_resolver, url = uri .. '?list=true', headers = { ['X-Vault-Token'] = opts.token } } - if err then + if is_http_error(err, data) then printf('cannot get request to the vault (%s), HTTP error code %s', uri, data.code) maybe_print_vault_data(opts, err) os.exit(1) @@ -176,13 +214,18 @@ local function genkey(opts) return cr.gen_dkim_keypair(opts.algorithm, opts.bits) end -local function newkey_handler(opts) - local uri = vault_url(opts, opts.domain) +local function newkey_handler(opts, domain) + local uri = vault_url(opts, domain) + + if not opts.selector then + opts.selector = os.date("%Y%m%d") + end + local err,data = rspamd_http.request{ config = rspamd_config, ev_base = rspamadm_ev_base, session = rspamadm_session, - resolver = rspamadm_resolver, + resolver = rspamadm_dns_resolver, url = uri, method = 'get', headers = { @@ -190,24 +233,24 @@ local function newkey_handler(opts) } } - if err or not data.content.data then + if is_http_error(err, data) or not data.content.data then local sk,pk = genkey(opts) local res = { selectors = { [1] = { selector = opts.selector, - domain = opts.domain, - key = sk + domain = domain, + key = tostring(sk) } } } - ret,data = rspamd_http.request{ + err,data = rspamd_http.request{ config = rspamd_config, ev_base = rspamadm_ev_base, session = rspamadm_session, - resolver = rspamadm_resolver, + resolver = rspamadm_dns_resolver, url = uri, method = 'put', headers = { @@ -218,13 +261,15 @@ local function newkey_handler(opts) }, } - if not ret then + if is_http_error(err, data) then printf('cannot get request to the vault (%s), HTTP error code %s', uri, data.code) maybe_print_vault_data(opts, data.content) os.exit(1) + else + maybe_printf(opts,'stored key for: %s, selector: %s', domain, opts.selector) + maybe_printf(opts, 'please place the corresponding public key as following:') + printf('%s', pk) end - else - -- Existing data end end @@ -252,9 +297,11 @@ local function handler(args) if command == 'list' then list_handler(opts) elseif command == 'show' then - show_handler(opts) + fun.each(function(d) show_handler(opts, d) end, opts.domain) elseif command == 'newkey' then - newkey_handler(opts) + fun.each(function(d) newkey_handler(opts, d) end, opts.domain) + elseif command == 'delete' then + fun.each(function(d) delete_handler(opts, d) end, opts.domain) else parser:error(string.format('command %s is not implemented', command)) end -- 2.39.5