Hide pass

.gitlab-ci.yaml

@@ -0,0 +1,216 @@
+# The file used for the GitLab-CI for automation in webssh project.
+stages:
+   - pre
+   - test
+   - build
+   - release
+   - deploy
+   - post
+
+# Default Variables here
+variables:
+   GIT_STRATEGY: "fetch"
+   GIT_SUBMODULE_STRATEGY: "recursive"
+   REGISTRY_REPO: "kensonman/webssh"
+   REGISTRY_TEMP_TAG: "CICD"
+   DOCKER_HOST: tcp://docker:2376
+   DOCKER_TLS_CERTDIR: "/certs"
+   DOCKER_TLS_VERIFY: 1
+   DOCKER_CERT_PATH: "$DOCKER_TLS_CERTDIR/client"
+
+services:
+  - docker:19.03.13-dind
+
+# Default Job Specification
+default:
+   image: "python:3-alpine"
+
+.default-rules:
+   rules:
+      # Ignorethe releasing
+      - if: $CI_COMMIT_TAG =~ /^release(s)?\//
+        when: never
+
+.on-versioning-branch:
+   rules:
+      - !reference [.default-rules, rules]
+
+      # If this is protected ref
+      - if: '$CI_COMMIT_REF_PROTECTED == "true" && $CI_COMMIT_MESSAGE =~ /\{\s*version:\s*\d+(\.\d){2}(\-\w*\.\d+)?(\+\w*\.\d)?\s*\}/'
+        when: always
+
+# Prepare the versioning
+prepare:
+   stage: pre
+   image: "kensonman/versioning:2.0.1"
+   rules:
+      - !reference [.default-rules, rules]
+      - when: always
+   variables:
+      #To override the last version when detecting the versioning
+      #VERSION: 1.0.0
+#   before_script:
+#      -> git config --global --add safe.directory `pwd`
+      #For testing
+      BRANCH: 0.0.0-dev.0-test.x
+      LOGGER_LEVEL: "10"
+   script:
+      - |
+         echo "Preparing the CI/CD environment: `pwd`..."
+         echo "   > CI_COMMIT_TITLE:"
+         echo ${CI_COMMIT_TITLE}
+         echo "   > CI_COMMIT_DESCRIPTION:"
+         echo ${CI_COMMIT_DESCRIPTION}
+         echo "   > CI_COMMIT_MESSAGE:"
+         echo ${CI_COMMIT_MESSAGE}
+         echo "   > CI_COMMIT_REF_NAME:CI_COMMIT_REF_PROTECTED"
+         echo "${CI_COMMIT_REF_NAME}:${CI_COMMIT_REF_PROTECTED}"
+         echo "   > Detecting the versioning pattern: `version.py getVersionPattern`"
+         echo "   > Getting the next version..."
+         export VERSION=`versioning.py getVersion`
+         echo "   > Next version: ${VERSION}"
+         export DOCKERIZED_VERSION=`versioning.py toDockerized --option ${VERSION}`
+         echo "   > Dockerized next version: ${DOCKERIZED_VERSION}"
+         echo "   > Exporting..."
+         echo "VERSION=${VERSION}" > VERSION.txt
+         echo "DOCKERIZED_VERSION=${DOCKERIZED_VERSION}" > VERSION.txt
+         echo "${VERSION}" > VERSION
+   artifacts:
+      reports:
+         # Put the version into env for sharing the variable between job
+         dotenv: VERSION.txt
+      paths:
+         # Put the VERSION as an artifact for futer development
+         - VERSION
+
+# Teting the binary/output which builded by "building" job.
+testing:
+   stage: test
+   rules:
+      - !reference [.default-rules, rules]
+      - if: $CI_COMMIT_DESCRIPTION =~ /CI:NoTesting/
+        when: never
+      - when: always
+   dependencies:
+      - prepare
+   before_script:
+      - apk --no-cache add libc-dev libffi-dev gcc
+      - pip install pytest pytest-cov codecov flake8 mock
+      - pip install -r requirements.txt
+   script:
+      - >
+         if [ $VERSION == "value-from-prepare" || $VERSION == 'None' || -z $VERSION ]; then
+            echo "Skip the job due to the VERSION did not specified: JobName: ${CI_JOB_NAME}, Version: ${VERSION}"
+            exit 1;
+         fi
+      - pytest --junitxml=test-results.xml tests
+   artifacts:
+      reports:
+         junit: test-results.xml
+
+# Building the binary/output according to the string. It may be the docker image
+building:
+   stage: build
+   image: "docker:19.03.13"
+   dependencies:
+      - prepare
+      - testing
+   rules:
+      - !reference [.on-versioning-branch, rules]
+      - if: $CI_COMMIT_DESCRIPTION =~ /CI:NoBuilding/
+        when: never
+   variables:
+      VERSION: value-from-prepare
+      DOCKERIZED_VERSION: value-from-prepare
+   script:
+      - >
+         if [ "$VERSION" == "value-from-prepare" || "$VERSION" == "None" || -z "$VERSION" ]; then
+            echo "Skip the job due to the VERSION did not specified: JobName: ${CI_JOB_NAME}, Version: ${VERSION}"
+            exit 1;
+         fi
+      - | 
+         echo "Building the repo..."
+         export TEMP_IMAGE="${REGISTRY_SERVER}${REGISTRY_REPO}:${REGISTRY_TEMP_TAG}"
+         export TARGET_IMAGE="${REGISTRY_SERVER}${REGISTRY_REPO}:${DOCKERIZED_VERSION}"
+         echo "   > the docker image: ${TEMP_IMAGE}"
+         sed 's/<author>/${CI_COMMIT_AUTHOR}/g' Dockerfile
+         sed 's/[0-9]\+\.[0-9]\+\.[0-9]\+\(\-\(\w*\.\)[0-9]\+\)\{0,2\}/${DOCKERIZED_VERSION}/g' Dockerfile
+         docker build -t ${TEMP_IMAGE} .
+         echo "   > Tagging ${TEMP_IMAGE} => ${TARGET_IMAGE}"
+         docker tag ${TEMP_IMAGE} ${TARGET_IMAGE}
+         echo "   > Sign-In to registry server: ${REGISTRY_SERVER} with username:password ${REGISTRY_USERNAME}:${REGISTRY_PASSWORD}"
+         echo -n ${REGISTRY_PASSWORD} | base64 -d | docker login --username `echo -n ${REGISTRY_USERNAME} | base64 -d` --password-stdin ${REGISTRY_SERVER}
+         docker push ${TARGET_IMAGE}
+
+# Releasing the binary/output. Usually push the docker image into the registry
+releasing:
+   image: registry.gitlab.com/gitlab-org/release-cli:latest
+   stage: release
+   dependencies:
+      - prepare
+      - testing
+      - building
+   rules:
+      - !reference [.on-versioning-branch, rules]
+      - if: $CI_COMMIT_DESCRIPTION =~ /CI:NoReleasing/
+        when: never
+   variables:
+      VERSION: value-from-prepare 
+      DOCKERIZED_VERSION: value-from-prepare
+      #Don't pull the source code
+      GIT_STRATEGY: none
+   before_script:
+      - >
+         if [ "$VERSION" == "value-from-prepare" || "$VERSION" == "None" || -z "$VERSION" ]; then
+            echo "Skip the job due to the VERSION did not specified: JobName: ${CI_JOB_NAME}, Version: ${VERSION}";
+            exit 1;
+         fi
+   script: 
+      - > 
+         echo "Creating release: $VERSION..."
+   release:
+      name: "Release - $CI_COMMIT_REF_NAME"
+      description: "$CI_COMMIT_REF_NAME - $CI_COMMIT_MESSAGE"
+      tag_name: "releases/$CI_COMMIT_REF_NAME"
+      ref: '$CI_COMMIT_REF_NAME'
+
+# Deploy the binary/output into production. Usually askying the k8s to update the image
+deploying:
+   stage: deploy
+   dependencies:
+      - prepare
+      - testing
+      - building
+      - releasing
+   rules:
+      - !reference [.on-versioning-branch, rules]
+      - if: $CI_COMMIT_TITLE =~ /CI:NoDeploying/
+        when: never
+   variables:
+      VERSION: value-from-prepare 
+      DOCKERIZED_VERSION: value-from-prepare
+      #Don't pull the source code
+      GIT_STRATEGY: none
+   script:
+      - >
+         if [ $VERSION == "value-from-prepare" || $VERSION == 'None' || -z $VERSION ]; then
+            echo "Skip the job due to the VERSION did not specified: JobName: ${CI_JOB_NAME}, Version: ${VERSION}"
+            exit 1;
+         fi
+      - > 
+         echo "Deploying ${VERSION} ..."
+         && echo "No implemented yet!"
+
+# Cleaning the CI/CD
+clean:
+   stage: post
+   rules:
+      - !reference [.default-rules, rules]
+      - if: $CI_COMMIT_TITLE =~ /CI:NoCleaning/
+        when: never
+   variables:
+      #Don't pull the source code
+      GIT_STRATEGY: none
+   script:
+      - >
+         echo "Cleaning up..."

.travis.yml

@@ -3,7 +3,6 @@ language: python
 
 python:
   - "2.7"
-  - "3.4"
   - "3.5"
   - "3.6"
   - "3.7"

Dockerfile

@@ -6,9 +6,9 @@ LABEL version='0.0.0-dev.0-build.0'
 ADD . /code
 WORKDIR /code
 RUN \
-  apk add --no-cache libc-dev libffi-dev gcc && \
+  apk add --no-cache libc-dev libffi-dev gcc make openssl-dev && \
   pip install -r requirements.txt --no-cache-dir && \
-  apk del gcc libc-dev libffi-dev && \
+  apk del gcc libc-dev libffi-dev make openssl-dev && \
   addgroup webssh && \
   adduser -Ss /bin/false -g webssh webssh && \
   chown -R webssh:webssh /code

README.md

@@ -204,6 +204,37 @@ Running as a standalone server
 wssh --port=8080 --sslport=4433 --certfile='cert.crt' --keyfile='cert.key' --xheaders=False --policy=reject
 ```
 
+### Profiling
+
+Due to security, we should not disclose our private keys to anybody. Especially transfer 
+the private key and the passphrase in the same transaction, although the HTTPS protocol 
+can protect the transaction data. 
+
+That is the reason I implement the profiling feature. 
+
+This feature can provide the selectable profiles (just like ~/.ssh/config), it provides 
+the features just like the SSH Client config file (normally located at ~/.ssh/config) like this:
+```yaml
+required: False #If true, the profile is required to be selected before connect
+profiles:
+   - name: The label will be shown on the profiles dropdown box   
+     description: "It will be shown on the tooltip"
+     host: my-server.com 
+     port: 22
+     username: user
+     private-key: | 
+         -----BEGIN OPENSSH PRIVATE KEY-----
+         ABCD........
+         ......
+         ......
+         -----END OPENSSH PRIVATE KEY-----
+   - name: Profile 2
+     description: "It will shown on the tooltip"
+     host: my-server.com 
+     port: 22
+     username: user2
+```
+
 
 ### Tips
 

requirements.txt

@@ -1,3 +1,12 @@
 paramiko==2.10.4
 tornado==5.1.1; python_version < '3.5'
 tornado==6.1.0; python_version >= '3.5'
+PyYAML>=5.3.1;  python_version == '2.7'
+PyYAML>=5.3.1;  python_version >= '3.5'
+
+#The following package used for testing
+#pytest 
+#pytest-cov 
+#codecov 
+#flake8 
+#mock

tests/data/profiles-sample.yaml

@@ -0,0 +1,33 @@
+required: true #If true, user have to select one of the profiles
+profiles:
+   - name: sample1
+     description: "Long description"
+     host: localhost
+     port: 22
+     #optional, if specified, the username field should not be shown on the template
+     username: robey 
+
+   - name: sample2
+     description: "Long description"
+     host: localhost
+     port: 22
+     #optional, if specified, the username field should not be shown on the template
+     username: robey 
+     #optional, if specified.
+     #The below private key is clone from ./tests/data/user_rsa_key
+     private-key: |
+         -----BEGIN RSA PRIVATE KEY-----
+         MIICXQIBAAKBgQDI7iK3d8eWYZlYloat94c5VjtFY7c/0zuGl8C7uMnZ3t6i2G99
+         66hEW0nCFSZkOW5F0XKEVj+EUCHvo8koYC6wiohAqWQnEwIoOoh7GSAcB8gP/qaq
+         +adIl/Rvlby/mHakj+y05LBND6nFWHAn1y1gOFFKUXSJNRZPXSFy47gqzwIBIwKB
+         gQCbANjz7q/pCXZLp1Hz6tYHqOvlEmjK1iabB1oqafrMpJ0eibUX/u+FMHq6StR5
+         M5413BaDWHokPdEJUnabfWXXR3SMlBUKrck0eAer1O8m78yxu3OEdpRk+znVo4DL
+         guMeCdJB/qcF0kEsx+Q8HP42MZU1oCmk3PbfXNFwaHbWuwJBAOQ/ry/hLD7AqB8x
+         DmCM82A9E59ICNNlHOhxpJoh6nrNTPCsBAEu/SmqrL8mS6gmbRKUaya5Lx1pkxj2
+         s/kWOokCQQDhXCcYXjjWiIfxhl6Rlgkk1vmI0l6785XSJNv4P7pXjGmShXfIzroh
+         S8uWK3tL0GELY7+UAKDTUEVjjQdGxYSXAkEA3bo1JzKCwJ3lJZ1ebGuqmADRO6UP
+         40xH977aadfN1mEI6cusHmgpISl0nG5YH7BMsvaT+bs1FUH8m+hXDzoqOwJBAK3Z
+         X/za+KV/REya2z0b+GzgWhkXUGUa/owrEBdHGriQ47osclkUgPUdNqcLmaDilAF4
+         1Z4PHPrI5RJIONAx+JECQQC/fChqjBgFpk6iJ+BOdSexQpgfxH/u/457W10Y43HR
+         soS+8btbHqjQkowQ/2NTlUfWvqIlfxs6ZbFsIp/HrhZL
+         -----END RSA PRIVATE KEY-----

tests/test_app.py

@@ -76,6 +76,13 @@ def sync_post(self, url, body, headers={}):
     def async_post(self, url, body, headers={}):
         return self.fetch_request(url, 'POST', body, headers, sync=False)
 
+    def sync_get(self, url, body, headers={}):
+      assert body == None
+      return self.fetch_request(url, 'GET', body, headers)
+
+    def async_get(self, url, body, headers={}):
+      assert body==None
+      return self.fetch_request(url, 'GET', body, headers, sync=False)
 
 class TestAppBasic(TestAppBase):