Merge pull request #612 from adorton-adobe/fix/encrypt-cli

CLI Updates

Author: adorton-adobe

.gitignore

@@ -105,6 +105,7 @@ user_sync/resources/*
 !user_sync/resources/__init__.py
 !user_sync/resources/README.md
 !user_sync/resources/manual_url
+!user_sync/resources/shell_scripts
 .DS_Store
 !user_sync/resources/default_flags.cfg
 test_config/

user-sync.spec

@@ -4,10 +4,14 @@ block_cipher = None
 
 a = Analysis(['user_sync/app.py'],
              binaries=[],
-             datas=[('user_sync/resources/*.cfg', 'resources'),
+             datas=[
+                    ('user_sync/resources/*.cfg', 'resources'),
                     ('user_sync/resources/manual_url', 'resources'),
                     ('user_sync/resources/README.md', 'resources'),
-                    ('user_sync/resources/examples/*', 'resources/examples')],
+                    ('user_sync/resources/examples/*', 'resources/examples'),
+                    ('user_sync/resources/shell_scripts/win', 'resources/shell_scripts/win'),
+                    ('user_sync/resources/shell_scripts/linux', 'resources/shell_scripts/linux'),
+              ],
              hiddenimports=['win32timezone', 'pkg_resources.py2_warn', 'keyring'],
              hookspath=['.build'],
              runtime_hooks=[],

user_sync/app.py

@@ -23,6 +23,7 @@
 import shutil
 import sys
 from datetime import datetime
+from pathlib import Path
 
 import click
 import six
@@ -211,28 +212,43 @@ def sync(**kwargs):
             run_stats.log_end(logger)
 
 
-@main.command(help='Generates configuration files, an X509 certificate/keypair, and the batch '
-                   'files for running the user-sync tool in test and live mode.')
+@main.command(short_help="Generate conf files, certificates and shell scripts")
+@click.help_option('-h', '--help')
 @click.pass_context
 def init(ctx):
+    """
+    Generates configuration files, an X509 certificate/keypair, and the batch files for running the user-sync tool
+    in test and live mode.
+    """
     ctx.forward(certgen, randomize=True)
-
-    with open('Run_UST_Test_Mode.bat', 'w') as OPATH:
-        OPATH.writelines(['mode 155,50', '\ncd /D "%~dp0"', '\nuser-sync.exe --process-groups --users mapped -t',
-                          '\npause'])
-    with open("Run_UST_Live.bat", 'w') as OPATH:
-        OPATH.writelines(
-            ['mode 155,50', '\ncd /D "%~dp0"', '\nuser-sync.exe --process-groups --users mapped'])
+    ctx.forward(shell_scripts, platform=None)
 
     sync = 'user-sync-config.yml'
     umapi = 'connector-umapi.yml'
     ldap = 'connector-ldap.yml'
-    existing = "\n".join({f for f in (sync, umapi, ldap) if os.path.exists(f)})
-    if existing and not click.confirm('\nWarning: files already exist: \n{}\nOverwrite?'.format(existing)):
-        return
     ctx.forward(example_config, root=sync, umapi=umapi, ldap=ldap)
 
 
+@main.command(short_help="Generate invocation scripts")
+@click.help_option('-h', '--help')
+@click.option('-p', '--platform', help="Platform for which to generate scripts [default: current system platform]",
+              type=click.Choice(['win', 'linux'], case_sensitive=False))
+def shell_scripts(platform):
+    """Generate invocation shell scripts for the given platform."""
+    if platform is None:
+        platform = 'win' if 'win' in sys.platform.lower() else 'linux'
+    shell_scripts = user_sync.resource.get_resource_dir('shell_scripts/{}'.format(platform))
+    for script in shell_scripts:
+        with open(script, 'r') as fh:
+            content = fh.read()
+        target = Path.cwd()/Path(script).parts[-1]
+        if target.exists() and not click.confirm('\nWarning - file already exists: \n{}\nOverwrite?'.format(target)):
+            continue
+        with open(target, 'w') as fh:
+            fh.write(content)
+        click.echo("Wrote shell script: {}".format(target))
+
+
 @main.command()
 @click.help_option('-h', '--help')
 @click.option('--root', help="Filename of root user sync config file",
@@ -250,13 +266,16 @@ def example_config(**kwargs):
     }
 
     for k, fname in kwargs.items():
+        target = Path.cwd() / fname
         assert k in res_files, "Invalid option specified"
         res_file = user_sync.resource.get_resource(res_files[k])
         assert res_file is not None, "Resource file '{}' not found".format(res_files[k])
+        if target.exists() and not click.confirm('\nWarning - file already exists: \n{}\nOverwrite?'.format(target)):
+            continue
         click.echo("Generating file '{}'".format(fname))
         with open(res_file, 'r') as file:
             content = file.read()
-        with open(fname, 'w') as file:
+        with open(target, 'w') as file:
             file.write(content)
 
 
@@ -422,39 +441,71 @@ def begin_work(config_loader):
         post_sync_manager.run(rule_processor.post_sync_data)
 
 
-@main.command(help='Encrypt an existing RSA private key file with a passphrase')
+@main.command(short_help="Encrypt RSA private key")
+@click.help_option('-h', '--help')
 @click.argument('key-path', default='private.key', type=click.Path(exists=True))
+@click.option('-o', '--output-file', help="Path of encrypted file [default: key specified by KEY_PATH will be overwritten]",
+              default=None)
 @click.option('--password', '-p', prompt='Create password', hide_input=True, confirmation_prompt=True)
-def encrypt(password, key_path):
+def encrypt(output_file, password, key_path):
+    """Encrypt RSA private key specified by KEY_PATH.
+
+       KEY_PATH default: private.key
+
+       A passphrase is required to encrypt the file"""
+    if output_file is None:
+        output_file = key_path
+    if output_file != key_path and Path(output_file).exists() \
+        and not click.confirm('\nWarning - file already exists: \n{}\nOverwrite?'.format(output_file)):
+        return
     try:
         data = user_sync.encryption.encrypt_file(password, key_path)
-        user_sync.encryption.write_key(data, key_path)
-        click.echo('Encryption was successful.\n{0}'.format(os.path.abspath(key_path)))
+        user_sync.encryption.write_key(data, output_file)
+        click.echo('Encryption was successful.')
+        click.echo('Wrote file: {}'.format(os.path.abspath(output_file)))
     except AssertionException as e:
         click.echo(str(e))
 
 
-@main.command(help='Decrypt an RSA private key file with a passphrase')
+@main.command(short_help="Decrypt RSA private key")
+@click.help_option('-h', '--help')
 @click.argument('key-path', default='private.key', type=click.Path(exists=True))
+@click.option('-o', '--output-file', help="Path of decrypted file [default: key specified by KEY_PATH will be overwritten]",
+              default=None)
 @click.option('--password', '-p', prompt='Enter password', hide_input=True)
-def decrypt(password, key_path):
+def decrypt(output_file, password, key_path):
+    """Decrypt RSA private key specified by KEY_PATH.
+
+       KEY_PATH default: private.key
+
+       A passphrase is required to decrypt the file"""
+    if output_file is None:
+        output_file = key_path
+    if output_file != key_path and Path(output_file).exists() \
+        and not click.confirm('\nWarning - file already exists: \n{}\nOverwrite?'.format(output_file)):
+        return
     try:
         data = user_sync.encryption.decrypt_file(password, key_path)
-        user_sync.encryption.write_key(data, key_path)
-        click.echo('Decryption was successful.\n{0}'.format(os.path.abspath(key_path)))
+        user_sync.encryption.write_key(data, output_file)
+        click.echo('Decryption was successful.')
+        click.echo('Wrote file: {}'.format(os.path.abspath(output_file)))
     except AssertionException as e:
         click.echo(str(e))
 
 
-@main.command(help='Generates an X509 certificate/keypair with random or user-specified subject. '
-                   'User Sync Tool can use these files to communicate with the admin console. '
-                   'Please visit https://console.adobe.io to complete the integration process. '
-                   'Use the --randomize argument to create a secure keypair with no user input.')
+@main.command(short_help="Generate service integration certificates")
+@click.help_option('-h', '--help')
 @click.option('--overwrite', '-o', '-y', help='Overwrite existing files without being asked to confirm', is_flag=True)
 @click.option('--randomize', '-r', help='Randomize the values rather than entering credentials', is_flag=True)
 @click.option('--key', '-k', help='Set a custom output path for private key', default='private.key')
 @click.option('--certificate', '-c', help='Set a custom output path for certificate', default='certificate_pub.crt')
 def certgen(randomize, key, certificate, overwrite):
+    """
+    Generates an X509 certificate/keypair with random or user-specified subject.
+    User Sync Tool can use these files to communicate with the admin console.
+    Please visit https://console.adobe.io to complete the integration process.
+    Use the --randomize argument to create a secure keypair with no user input.
+    """
     key = os.path.abspath(key)
     certificate = os.path.abspath(certificate)
     existing = "\n".join({f for f in (key, certificate) if os.path.exists(f)})

user_sync/resources/shell_scripts/linux/ust_live.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+./user-sync --process-groups --users mapped

user_sync/resources/shell_scripts/linux/ust_test.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+./user-sync --process-groups --users mapped -t

user_sync/resources/shell_scripts/win/Run_UST_Live.bat

@@ -0,0 +1,3 @@
+mode 155,50
+cd /D "%~dp0"
+user-sync.exe --process-groups --users mapped

user_sync/resources/shell_scripts/win/Run_UST_Test_Mode.bat

@@ -0,0 +1,4 @@
+mode 155,50
+cd /D "%~dp0"
+user-sync.exe --process-groups --users mapped -t
+pause