def __init__(self):
usage = _("usage: %prog profile edit [options]")
shortdesc = _("edits a given profile")
desc = _("edit a given profile")
CliCommand.__init__(self, "profile edit", usage, shortdesc, desc)
self.parser.add_option("--name", dest="name", metavar="NAME",
help=_("NAME of the profile - REQUIRED"))
self.parser.add_option("--hosts", dest="hosts", action="callback",
callback=multi_arg,
metavar="RANGE", default=[],
help=_("IP range to scan. See "
"'man rho' for supported formats."))
self.parser.add_option("--sshport", dest="sshport", metavar="SSHPORT",
help=_("SSHPORT for connection; default=22"))
# can only replace auth
self.parser.add_option("--auth", dest="auth", metavar="AUTH",
action="callback", callback=multi_arg,
default=[], help=_("auth"
" class"
" to associate"
" with profile"))
self.parser.add_option("--vault", dest="vaultfile", metavar="VAULT",
help=_("file containing vault password for"
" scripting"))
def _validate_options(self):
CliCommand._validate_options(self)
if not self.options.report_path:
print(_("No report location specified."))
self.parser.print_help()
sys.exit(1)
normalized_path = os.path.normpath(self.options.report_path)
if not os.path.isfile(normalized_path):
print(_('Report location is invalid.'))
sys.exit(1)
# perform fact validation
input_facts = self.options.facts
if input_facts == [] or input_facts == ['default']:
self.facts_to_hash = facts.SENSITIVE_FACTS
elif os.path.isfile(input_facts[0]):
self.facts_to_hash = set(_read_in_file(input_facts[0]))
else:
assert isinstance(input_facts, list)
self.facts_to_hash = set(input_facts)
# check facts_to_hash is subset of facts.ALL_FACTS
if not self.facts_to_hash.issubset(facts.ALL_FACTS):
invalid_facts = self.facts_to_hash.difference(facts.ALL_FACTS)
print(
_("Invalid facts were supplied to the command: " +
",".join(invalid_facts)))
self.parser.print_help()
sys.exit(1)
def _validate_options(self):
CliCommand._validate_options(self)
if not self.options.name:
self.parser.print_help()
sys.exit(1)
if not (self.options.filename or
self.options.username or
self.options.password or
self.options.sudo_password):
print(_("Should specify an option to update: "
"--username, --password, --sshkeyfile "
"or --sudo-password"))
sys.exit(1)
if self.options.filename and self.options.password:
print(_('You must provide either "--password" or a value for '
'"--sshkeyfile". You cannot supply both.'))
self.parser.print_help()
sys.exit(1)
if self.options.filename:
keyfile_path = os.path.abspath(os.path.normpath(
os.path.expanduser(os.path.expandvars(self.options.filename))))
if os.path.isfile(keyfile_path) is False:
print(_('You must provide a valid file path for'
' "--sshkeyfile", "%s" could not be found.'
% keyfile_path))
self.parser.print_help()
sys.exit(1)
else:
self.options.filename = keyfile_path
def __init__(self):
usage = _("usage: %prog auth edit [options]")
shortdesc = _("edits a given auth")
desc = _("edit a given auth")
CliCommand.__init__(self, "auth edit", usage, shortdesc, desc)
self.parser.add_option("--name", dest="name", metavar="NAME",
help=_("NAME of the auth - REQUIRED"))
self.parser.add_option("--username", dest="username",
metavar="USERNAME",
help=_("user name for authenticating "
"against target machine"
" - REQUIRED"))
self.parser.add_option("--password", dest="password",
action="store_true",
help=_("password for authenticating"
" against target machine"))
self.parser.add_option("--sudo-password", dest="sudo_password",
action="store_true",
help=_("password for running sudo"))
self.parser.add_option("--sshkeyfile", dest="filename",
metavar="FILENAME",
help=_("file containing SSH key"))
self.parser.add_option("--vault", dest="vaultfile", metavar="VAULT",
help=_("file containing vault password for"
" scripting"))
self.parser.set_defaults(password=False)
self.parser.set_defaults(sudo_password=False)
def __init__(self):
usage = _('usage: %prog fact hash')
shortdesc = _('hash facts within a report created by rho')
desc = _('hash sensitive facts within a report created by rho.')
CliCommand.__init__(self, 'fact hash', usage, shortdesc, desc)
self.parser.add_option("--reportfile",
dest="report_path",
metavar="REPORTFILE",
help=_("Report file path - REQUIRED"))
self.parser.add_option("--facts",
dest="facts",
metavar="FACTS",
action="callback",
callback=multi_arg,
default=[],
help=SUPPRESS_HELP)
self.parser.add_option("--outputfile",
dest="hashed_path",
metavar="HASHEDPATH",
help=_("Location for the hashed file"),
default=None)
self.facts_to_hash = None
def _validate_options(self):
CliCommand._validate_options(self)
if not self.options.hosts:
self.parser.print_help()
sys.exit(1)
if not self.options.auth:
self.parser.print_help()
sys.exit(1)
if not self.options.name:
self.parser.print_help()
sys.exit(1)
if hasattr(self.options, 'sshport') \
and self.options.sshport is not None:
ssh_port = self.options.sshport
try:
ssh_port = utilities.validate_port(ssh_port)
self.options.sshport = ssh_port
except ValueError as port_error:
print(str(port_error))
self.parser.print_help()
sys.exit(1)
else:
self.options.sshport = 22
def _validate_options(self):
CliCommand._validate_options(self)
if not self.options.report_path:
print(_("No report location specified."))
self.parser.print_help()
sys.exit(1)
normalized_path = os.path.normpath(self.options.report_path)
if not os.path.isfile(normalized_path):
print(_('Report location is invalid.'))
sys.exit(1)
# perform fact validation
facts = self.options.facts
if facts == [] or facts == ['default']:
self.facts_to_hash = list(utilities.SENSITIVE_FACTS_TUPLE)
elif os.path.isfile(facts[0]):
self.facts_to_hash = _read_in_file(facts[0])
else:
assert isinstance(facts, list)
self.facts_to_hash = facts
# check facts_to_hash is subset of utilities.DEFAULT_FACTS
all_facts = utilities.DEFAULT_FACTS
facts_to_hash_set = set(self.facts_to_hash)
if not facts_to_hash_set.issubset(all_facts):
invalid_facts = facts_to_hash_set.difference(all_facts)
print(
_("Invalid facts were supplied to the command: " +
",".join(invalid_facts)))
self.parser.print_help()
sys.exit(1)
def __init__(self):
usage = _("usage: %prog auth add [options]")
shortdesc = _("add auth credentials to config")
desc = _("adds the authorization credentials to the config")
CliCommand.__init__(self, "auth add", usage, shortdesc, desc)
self.parser.add_option("--name",
dest="name",
metavar="NAME",
help=_("auth credential name - REQUIRED"))
self.parser.add_option("--sshkeyfile",
dest="filename",
metavar="FILENAME",
help=_("file containing SSH key"))
self.parser.add_option("--username",
dest="username",
metavar="USERNAME",
help=_("user name for authenticating"
" against target machine - REQUIRED"))
self.parser.add_option("--password",
dest="password",
action="store_true",
help=_("password for authenticating against"
" target machine"))
self.parser.add_option("--vault",
dest="vaultfile",
metavar="VAULT",
help=_("file containing vault password for"
" scripting"))
def _validate_options(self):
CliCommand._validate_options(self)
if not self.options.profile:
print(_("No profile specified."))
self.parser.print_help()
sys.exit(1)
if not self.options.facts:
print(_("No facts specified."))
self.parser.print_help()
sys.exit(1)
if not self.options.report_path:
print(_("No report location specified."))
self.parser.print_help()
sys.exit(1)
if self.options.ansible_forks:
try:
if int(self.options.ansible_forks) <= 0:
print(_("ansible_forks can only be a positive integer."))
self.parser.print_help()
sys.exit(1)
except ValueError:
print(_("ansible_forks can only be a positive integer."))
self.parser.print_help()
sys.exit(1)
def __init__(self):
usage = _("usage: %prog scan [options] PROFILE")
shortdesc = _("scan given host profile")
desc = _("scans the host profile")
CliCommand.__init__(self, "scan", usage, shortdesc, desc)
self.parser.add_option("--cache",
dest="cache",
action="store_true",
metavar="RESET",
default=False,
help=_("Use if profiles/auths previously "
"discovered should be reused"))
self.parser.add_option("--profile",
dest="profile",
metavar="PROFILE",
help=_("NAME of the profile - REQUIRED"))
self.parser.add_option("--reportfile",
dest="report_path",
metavar="REPORTFILE",
help=_("Report file path - REQUIRED"))
self.parser.add_option("--facts",
dest="facts",
metavar="FACTS",
action="callback",
callback=multi_arg,
default=[],
help=_("'default', list or file"))
self.parser.add_option("--scan-dirs",
dest="scan_dirs",
metavar="SCANDIRS",
action="callback",
callback=multi_arg,
default=[],
help=_("list of remote directories to scan"))
self.parser.add_option("--ansible-forks",
dest="ansible_forks",
metavar="FORKS",
help=_("number of ansible forks"))
self.parser.add_option("--vault",
dest="vaultfile",
metavar="VAULT",
help=_("file containing vault password for"
" scripting"))
self.parser.add_option("--logfile",
dest="logfile",
metavar="LOGFILE",
help=_("file to log scan output to"))
self.facts_to_collect = None
def _validate_options(self):
CliCommand._validate_options(self)
if not self.options.name and not self.options.all:
self.parser.print_help()
sys.exit(1)
if self.options.name and self.options.all:
self.parser.print_help()
sys.exit(1)
def __init__(self):
usage = _("usage: %prog auth list [options]")
shortdesc = _("list auth credentials")
desc = _("list authentication credentials")
CliCommand.__init__(self, "auth list", usage, shortdesc, desc)
self.parser.add_option("--vault",
dest="vaultfile",
metavar="VAULT",
help=_("file containing vault password for"
" scripting"))
def test_verbosity(self):
"""Test that -vv sets verbosity and log level correctly."""
command = CliCommand()
sys.argv = ['/bin/rho', '-vv']
# CliCommand.main() will set up the command's environment but
# not actually do anything.
command.main()
self.assertEqual(command.verbosity, 3)
def __init__(self):
usage = _("usage: %prog profile list [options]")
shortdesc = _("list the network profiles")
desc = _("list the network profiles")
CliCommand.__init__(self, "profile list", usage, shortdesc, desc)
self.parser.add_option("--vault",
dest="vaultfile",
metavar="VAULT",
help=_("file containing vault password for"
" scripting"))
def __init__(self):
usage = _('usage: %prog fact list')
shortdesc = _('list facts that rho can detect')
desc = _('list facts that rho can detect. Filter fact names with '
'--filter <regex>')
CliCommand.__init__(self, 'fact list', usage, shortdesc, desc)
self.parser.add_option('--filter',
dest='filter',
metavar='filter',
help=_('regexp to filter facts - optional'))
def _validate_options(self):
CliCommand._validate_options(self)
if not self.options.name:
self.parser.print_help()
sys.exit(1)
if not self.options.hosts and not self.options.auth \
and not self.options.sshport:
print(_("Specify either hosts, sshport, or auths to update."))
self.parser.print_help()
sys.exit(1)
def __init__(self):
usage = _("usage: %prog auth show [options]")
shortdesc = _("show auth credential")
desc = _("show authentication credential")
CliCommand.__init__(self, "auth show", usage, shortdesc, desc)
self.parser.add_option("--name", dest="name", metavar="NAME",
help=_("auth credential name - REQUIRED"))
self.parser.add_option("--vault", dest="vaultfile", metavar="VAULT",
help=_("file containing vault password for"
" scripting"))
def _validate_options(self):
CliCommand._validate_options(self)
if not self.options.name:
self.parser.print_help()
sys.exit(1)
# need to pass in file or username:
if not self.options.filename \
and not (self.options.username and
self.options.password):
self.parser.print_help()
sys.exit(1)
def _validate_options(self):
CliCommand._validate_options(self)
if not self.options.name:
self.parser.print_help()
sys.exit(1)
if not (self.options.filename or self.options.username
or self.options.password):
print(
_("Should specify an option to update:"
" --username, --password or --sshkeyfile"))
sys.exit(1)
def _validate_options(self):
CliCommand._validate_options(self)
if not self.options.hosts:
self.parser.print_help()
sys.exit(1)
if not self.options.auth:
self.parser.print_help()
sys.exit(1)
if not self.options.name:
self.parser.print_help()
sys.exit(1)
def _validate_options(self):
CliCommand._validate_options(self)
if not self.options.profile:
print(_("No profile specified."))
self.parser.print_help()
sys.exit(1)
if not self.options.report_path:
print(_("No report location specified."))
self.parser.print_help()
sys.exit(1)
if self.options.ansible_forks:
try:
if int(self.options.ansible_forks) <= 0:
print(_("--ansible-forks can only be a positive integer."))
self.parser.print_help()
sys.exit(1)
except ValueError:
print(_("--ansible-forks can only be a positive integer."))
self.parser.print_help()
sys.exit(1)
# perform fact validation
input_facts = self.options.facts
assert isinstance(input_facts, list)
if input_facts and os.path.isfile(input_facts[0]):
input_facts = _read_in_file(input_facts[0])
self.facts_to_collect = facts.expand_facts(input_facts)
if self.options.scan_dirs == []:
self.options.scan_dirs = ['/', '/opt', '/app', '/home', '/usr']
elif os.path.isfile(self.options.scan_dirs[0]):
self.options.scan_dirs = \
_read_in_file(self.options.scan_dirs[0])
else:
assert isinstance(self.options.scan_dirs, list)
# check that all values in scan_dirs are valid abs paths
invalid_paths = utilities.check_path_validity(self.options.scan_dirs)
if invalid_paths != []:
print(
_("Invalid paths were supplied to the --scan-dirs option: " +
",".join(invalid_paths)))
self.parser.print_help()
sys.exit(1)
def _validate_options(self):
CliCommand._validate_options(self)
if not self.options.name and not self.options.all:
print(
_('You must provide either "--all" or a value for '
'"--name".'))
self.parser.print_help()
sys.exit(1)
if self.options.name and self.options.all:
print(
_('You must provide either "--all" or a value for '
'"--name". You cannot supply both.'))
self.parser.print_help()
sys.exit(1)
def __init__(self):
usage = _("usage: %prog scan [options] PROFILE")
shortdesc = _("scan given host profile")
desc = _("scans the host profile")
CliCommand.__init__(self, "scan", usage, shortdesc, desc)
self.parser.add_option("--reset",
dest="reset",
action="store_true",
metavar="RESET",
default=False,
help=_("Use if profiles/auths have been "
"changed"))
self.parser.add_option("--profile",
dest="profile",
metavar="PROFILE",
help=_("NAME of the profile - REQUIRED"))
self.parser.add_option("--reportfile",
dest="report_path",
metavar="REPORTFILE",
help=_("Report file path - REQUIRED"))
self.parser.add_option("--facts",
dest="facts",
metavar="FACTS",
action="callback",
callback=multi_arg,
default=[],
help=_("'default' or list " + " - REQUIRED"))
self.parser.add_option("--ansible_forks",
dest="ansible_forks",
metavar="FORKS",
help=_("number of ansible forks"))
self.parser.add_option("--vault",
dest="vaultfile",
metavar="VAULT",
help=_("file containing vault password for"
" scripting"))
def _validate_options(self):
CliCommand._validate_options(self)
if not self.options.name:
self.parser.print_help()
sys.exit(1)
if not (self.options.filename or
self.options.username or
self.options.password or
self.options.sudo_password):
print(_("Should specify an option to update: "
"--username, --password, --sshkeyfile "
"or --sudo-password"))
sys.exit(1)
if self.options.filename and self.options.password:
print(_('You must provide either "--password" or a value for '
'"--sshkeyfile". You cannot supply both.'))
self.parser.print_help()
sys.exit(1)
def __init__(self):
usage = _("usage: %prog auth clear")
shortdesc = _("clears out the credentials")
desc = _("clears out the crendentials")
CliCommand.__init__(self, "auth clear", usage, shortdesc, desc)
self.parser.add_option("--name",
dest="name",
metavar="NAME",
help=_("NAME of the auth "
"credential to be removed"))
self.parser.add_option("--all",
dest="all",
action="store_true",
help=_("remove ALL auth credentials"))
self.parser.add_option("--vault",
dest="vaultfile",
metavar="VAULT",
help=_("file containing vault password for"
" scripting"))
def _validate_options(self):
CliCommand._validate_options(self)
if not (self.options.name and self.options.username):
print(_('You must provide a value for "--name" and "--username".'))
self.parser.print_help()
sys.exit(1)
if not self.options.username:
self.parser.print_help()
sys.exit(1)
# need to pass in file or password:
if not (self.options.filename or self.options.password):
print(
_('You must provide either "--password" or a value for '
'"--sshkeyfile".'))
self.parser.print_help()
sys.exit(1)
if self.options.filename and self.options.password:
print(
_('You must provide either "--password" or a value for '
'"--sshkeyfile". You cannot supply both.'))
self.parser.print_help()
sys.exit(1)
if self.options.filename:
keyfile_path = os.path.abspath(
os.path.normpath(
os.path.expanduser(
os.path.expandvars(self.options.filename))))
if os.path.isfile(keyfile_path) is False:
print(
_('You must provide a valid file path for'
' "--sshkeyfile", "%s" could not be found.' %
keyfile_path))
self.parser.print_help()
sys.exit(1)
else:
self.options.filename = keyfile_path
def __init__(self):
usage = _("usage: %prog profile clear [--name | --all] [options]")
shortdesc = _("removes 1 or all profiles from list")
desc = _("removes profiles")
CliCommand.__init__(self, "profile clear", usage, shortdesc, desc)
self.parser.add_option("--name",
dest="name",
metavar="NAME",
help=_("NAME of the profile to be removed"))
self.parser.add_option("--all",
dest="all",
action="store_true",
help=_("remove ALL profiles"))
self.parser.set_defaults(all=False)
self.parser.add_option("--vault",
dest="vaultfile",
metavar="VAULT",
help=_("file containing vault password for"
" scripting"))
def _validate_options(self):
CliCommand._validate_options(self)
if not (self.options.name and self.options.username):
print(_('You must provide a value for "--name" and "--username".'))
self.parser.print_help()
sys.exit(1)
if not self.options.username:
self.parser.print_help()
sys.exit(1)
# need to pass in file or password:
if not (self.options.filename or
self.options.password):
print(_('You must provide either "--password" or a value for '
'"--sshkeyfile".'))
self.parser.print_help()
sys.exit(1)
if self.options.filename and self.options.password:
print(_('You must provide either "--password" or a value for '
'"--sshkeyfile". You cannot supply both.'))
self.parser.print_help()
sys.exit(1)
def _validate_options(self):
CliCommand._validate_options(self)
if not self.options.name:
self.parser.print_help()
sys.exit(1)
if not self.options.hosts and not self.options.auth \
and not self.options.sshport:
print(_("Specify either hosts, sshport, or auths to update."))
self.parser.print_help()
sys.exit(1)
if hasattr(self.options, 'sshport') \
and self.options.sshport is not None:
ssh_port = self.options.sshport
try:
ssh_port = utilities.validate_port(ssh_port)
self.options.sshport = ssh_port
except ValueError as port_error:
print(str(port_error))
self.parser.print_help()
sys.exit(1)
def __init__(self):
usage = _("usage: %prog profile add [options]")
shortdesc = _("add a network profile")
desc = _("add a network profile")
CliCommand.__init__(self, "profile add", usage, shortdesc, desc)
self.parser.add_option("--name", dest="name", metavar="NAME",
help=_("NAME of the profile - REQUIRED"))
self.parser.add_option("--hosts", dest="hosts", action="callback",
callback=multi_arg,
metavar="HOSTS", default=[],
help=_("IP range to scan."
" See 'man rho' for supported formats."))
self.parser.add_option("--sshport", dest="sshport", metavar="SSHPORT",
help=_("SSHPORT for connection; default=22"))
self.parser.add_option("--auth", dest="auth", metavar="AUTH",
action="callback", callback=multi_arg,
default=[], help=_("auth class to "
"associate with profile"))
self.parser.add_option("--vault", dest="vaultfile", metavar="VAULT",
help=_("file containing vault password for"
" scripting"))
