Rebase from master

Author: creativeprojects

commands.go

@@ -158,6 +158,22 @@ func getOwnCommands() []ownCommand {
 			needConfiguration: false,
 			hide:              true,
 		},
+		{
+			name:              "send",
+			description:       "send a configuration profile to a remote client",
+			action:            sendProfileCommand,
+			needConfiguration: true,
+			noProfile:         true,
+			hide:              true,
+		},
+		{
+			name:              "serve",
+			description:       "serve configuration profiles to remote clients",
+			action:            serveCommand,
+			needConfiguration: true,
+			noProfile:         true,
+			hide:              true,
+		},
 	}
 }
 

config/config.go

@@ -701,6 +701,22 @@ func (c *Config) getProfilePath(key string) string {
 	return c.flatKey(constants.SectionConfigurationProfiles, key)
 }
 
+// HasRemote returns true if the remote exists in the configuration
+func (c *Config) HasRemote(remoteName string) bool {
+	return c.IsSet(c.flatKey(constants.SectionConfigurationRemotes, remoteName))
+}
+
+func (c *Config) GetRemote(remoteName string) (*Remote, error) {
+	// we don't need to check the file version: the remotes can be in a separate configuration file
+
+	remote := NewRemote(c, remoteName)
+	err := c.unmarshalKey(c.flatKey(constants.SectionConfigurationRemotes, remoteName), remote)
+
+	rootPath := filepath.Dir(c.GetConfigFile())
+	remote.SetRootPath(rootPath)
+	return remote, err
+}
+
 // unmarshalConfig returns the decoder config options depending on the configuration version and format
 func (c *Config) unmarshalConfig() viper.DecoderConfigOption {
 	if c.GetVersion() == Version01 {

config/error.go

@@ -3,5 +3,6 @@ package config
 import "errors"
 
 var (
-	ErrNotFound = errors.New("not found")
+	ErrNotFound               = errors.New("not found")
+	ErrNotSupportedInVersion1 = errors.New("not supported in configuration version 1")
 )

config/remote .go

@@ -0,0 +1,30 @@
+package config
+
+type Remote struct {
+	name           string
+	config         *Config
+	Connection     string   `mapstructure:"connection" default:"ssh" description:"Connection type to use to connect to the remote client"`
+	Host           string   `mapstructure:"host" description:"Address of the remote client. Format: <host>:<port>"`
+	Username       string   `mapstructure:"username" description:"User to connect to the remote client"`
+	PrivateKeyPath string   `mapstructure:"private-key" description:"Path to the private key to use for authentication"`
+	KnownHostsPath string   `mapstructure:"known-hosts" description:"Path to the known hosts file"`
+	SendFiles      []string `mapstructure:"send-files" description:"Configuration files to transfer to the remote client"`
+}
+
+func NewRemote(config *Config, name string) *Remote {
+	remote := &Remote{
+		name:   name,
+		config: config,
+	}
+	return remote
+}
+
+// SetRootPath changes the path of all the relative paths and files in the configuration
+func (r *Remote) SetRootPath(rootPath string) {
+	r.PrivateKeyPath = fixPath(r.PrivateKeyPath, expandEnv, absolutePrefix(rootPath))
+	r.KnownHostsPath = fixPath(r.KnownHostsPath, expandEnv, absolutePrefix(rootPath))
+
+	for i := range r.SendFiles {
+		r.SendFiles[i] = fixPath(r.SendFiles[i], expandEnv, absolutePrefix(rootPath))
+	}
+}

constants/section.go

@@ -13,6 +13,7 @@ const (
 	SectionConfigurationMixins      = "mixins"
 	SectionConfigurationMixinUse    = "use"
 	SectionConfigurationSchedule    = "schedule"
+	SectionConfigurationRemotes     = "remotes"
 
 	SectionDefinitionCommon = "common"
 	SectionDefinitionForget = "forget"

send.go

@@ -0,0 +1,37 @@
+package main
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+
+	"github.com/creativeprojects/resticprofile/ssh"
+)
+
+func sendProfileCommand(w io.Writer, cmdCtx commandContext) error {
+	if len(cmdCtx.flags.resticArgs) < 2 {
+		return fmt.Errorf("missing argument: remote name")
+	}
+	remote, err := cmdCtx.config.GetRemote(cmdCtx.flags.resticArgs[1])
+	if err != nil {
+		return err
+	}
+	// send the files to the remote using tar
+	handler := http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
+		sendFiles(resp, remote.SendFiles)
+	})
+	cnx := ssh.NewSSH(ssh.Config{
+		Host:           remote.Host,
+		Username:       remote.Username,
+		PrivateKeyPath: remote.PrivateKeyPath,
+		KnownHostsPath: remote.KnownHostsPath,
+		Handler:        handler,
+	})
+	defer cnx.Close()
+
+	err = cnx.Connect()
+	if err != nil {
+		return err
+	}
+	return nil
+}

serve.go

@@ -0,0 +1,71 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"os/signal"
+	"time"
+
+	"github.com/creativeprojects/clog"
+)
+
+func serveCommand(w io.Writer, cmdCtx commandContext) error {
+	if len(cmdCtx.flags.resticArgs) < 2 {
+		return fmt.Errorf("missing argument: port")
+	}
+	handler := http.NewServeMux()
+	handler.HandleFunc("GET /configuration/{remote}", func(resp http.ResponseWriter, req *http.Request) {
+		remoteName := req.PathValue("remote")
+		if !cmdCtx.config.HasRemote(remoteName) {
+			resp.WriteHeader(http.StatusNotFound)
+			resp.Write([]byte("remote not found"))
+			return
+		}
+		remote, err := cmdCtx.config.GetRemote(remoteName)
+		if err != nil {
+			resp.WriteHeader(http.StatusBadRequest)
+			resp.Write([]byte(err.Error()))
+			return
+		}
+
+		clog.Infof("sending configuration for %q", remoteName)
+		resp.Header().Set("Content-Type", "application/x-tar")
+		resp.WriteHeader(http.StatusOK)
+		sendFiles(resp, remote.SendFiles)
+	})
+
+	quit := make(chan os.Signal, 1)
+	signal.Notify(quit, os.Interrupt)
+	defer signal.Stop(quit)
+
+	server := &http.Server{
+		Addr:    fmt.Sprintf("localhost:%s", cmdCtx.flags.resticArgs[1]),
+		Handler: handler,
+	}
+
+	// put the shutdown code in a goroutine
+	go func(server *http.Server, quit chan os.Signal) {
+		<-quit
+
+		clog.Info("shutting down the server")
+		ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+		defer cancel()
+
+		err := server.Shutdown(ctx)
+		if err != nil {
+			clog.Errorf("error while shutting down the server: %v", err)
+		}
+
+	}(server, quit)
+
+	// we want to return the server error if any so we need to keep it in the main thread.
+	clog.Infof("listening on %s", server.Addr)
+	err := server.ListenAndServe()
+	if err != nil && err != http.ErrServerClosed {
+		return err
+	}
+	return nil
+}

ssh/config.go

@@ -0,0 +1,44 @@
+package ssh
+
+import (
+	"fmt"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strings"
+)
+
+type Config struct {
+	Host           string
+	Username       string
+	PrivateKeyPath string
+	KnownHostsPath string
+	Handler        http.Handler
+}
+
+func (c *Config) Validate() error {
+	if c.Host == "" {
+		return fmt.Errorf("host is required")
+	}
+	if c.Username == "" {
+		return fmt.Errorf("username is required")
+	}
+	if c.PrivateKeyPath == "" {
+		home, err := os.UserHomeDir()
+		if err != nil {
+			return fmt.Errorf("unable to get current user home directory: %w", err)
+		}
+		c.PrivateKeyPath = filepath.Join(home, ".ssh/id_rsa") // we can go through all the default name for each key type
+	}
+	if c.KnownHostsPath == "" {
+		home, err := os.UserHomeDir()
+		if err != nil {
+			return fmt.Errorf("unable to get current user home directory: %w", err)
+		}
+		c.KnownHostsPath = filepath.Join(home, ".ssh/known_hosts")
+	}
+	if !strings.Contains(c.Host, ":") {
+		c.Host = c.Host + ":22"
+	}
+	return nil
+}

ssh/ssh.go

@@ -0,0 +1,127 @@
+package ssh
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"log"
+	"net"
+	"net/http"
+	"os"
+	"time"
+
+	"github.com/creativeprojects/clog"
+	"golang.org/x/crypto/ssh"
+	"golang.org/x/crypto/ssh/knownhosts"
+)
+
+const startPort = 10001
+
+type SSH struct {
+	config Config
+	port   int
+	client *ssh.Client
+	tunnel net.Listener
+	server *http.Server
+}
+
+func NewSSH(config Config) *SSH {
+	return &SSH{
+		config: config,
+		port:   startPort,
+	}
+}
+
+func (s *SSH) Connect() error {
+	err := s.config.Validate()
+	if err != nil {
+		return err
+	}
+	hostKeyCallback, err := knownhosts.New(s.config.KnownHostsPath)
+	if err != nil {
+		return fmt.Errorf("cannot load host keys from known_hosts: %w", err)
+	}
+	key, err := os.ReadFile(s.config.PrivateKeyPath)
+	if err != nil {
+		return fmt.Errorf("unable to read private key: %w", err)
+	}
+
+	// Create the Signer for this private key.
+	signer, err := ssh.ParsePrivateKey(key)
+	if err != nil {
+		return fmt.Errorf("unable to parse private key: %w", err)
+	}
+
+	config := &ssh.ClientConfig{
+		User: s.config.Username,
+		Auth: []ssh.AuthMethod{
+			// Use the PublicKeys method for remote authentication.
+			ssh.PublicKeys(signer),
+		},
+		HostKeyCallback: hostKeyCallback,
+	}
+
+	// Connect to the remote server and perform the SSH handshake.
+	s.client, err = ssh.Dial("tcp", s.config.Host, config)
+	if err != nil {
+		return fmt.Errorf("unable to connect: %w", err)
+	}
+
+	// Request the remote side to open a local port
+	s.tunnel, err = s.client.Listen("tcp", fmt.Sprintf("localhost:%d", s.port))
+	if err != nil {
+		log.Fatal("unable to register tcp forward: ", err)
+	}
+
+	go func() {
+		s.server = &http.Server{
+			Handler: s.config.Handler,
+		}
+		// Serve HTTP with your SSH server acting as a reverse proxy.
+		err := s.server.Serve(s.tunnel)
+		if err != nil && err != http.ErrServerClosed {
+			clog.Warningf("unable to serve http: %s", err)
+		}
+	}()
+
+	// Each ClientConn can support multiple interactive sessions,
+	// represented by a Session.
+	session, err := s.client.NewSession()
+	if err != nil {
+		log.Fatal("Failed to create session: ", err)
+	}
+	defer session.Close()
+
+	// Once a Session is created, we can execute a single command on
+	// the remote side using the Run method.
+	var b bytes.Buffer
+	session.Stdout = &b
+	if err := session.Run(fmt.Sprintf("curl http://localhost:%d", s.port)); err != nil {
+		log.Fatal("Failed to run: " + err.Error())
+	}
+	fmt.Println(b.String())
+	return nil
+}
+
+func (s *SSH) Close() {
+	if s.tunnel != nil {
+		err := s.tunnel.Close()
+		if err != nil {
+			clog.Warningf("unable to close tunnel: %s", err)
+		}
+	}
+	if s.server != nil {
+		ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+		defer cancel()
+		err := s.server.Shutdown(ctx)
+		if err != nil {
+			clog.Warningf("unable to close http server: %s", err)
+		}
+	}
+	if s.client != nil {
+		err := s.client.Close()
+		if err != nil {
+			clog.Warningf("unable to close ssh connection: %s", err)
+		}
+	}
+}