Merge pull request #4393 from freedomofpress/1824_PortSDUpgradeBoxSto…

…rage

Provide 0.12.2 upgrade boxes

molecule/shared/stable.ver

@@ -1 +1 @@
-0.12.1
+0.12.2

molecule/upgrade/ansible-override-vars.yml

@@ -11,6 +11,7 @@ monitor_hostname: "{{ hostvars['mon-staging'].ansible_hostname }}"
 app_ip: "{{ hostvars['app-staging']['ansible_'+primary_network_iface].ipv4.address }}"
 app_hostname: "{{ hostvars['app-staging'].ansible_hostname }}"
 tor_apt_repo_url: "https://tor-apt.freedom.press"
+securedrop_code: "/var/www/securedrop"
 
 etc_hosts:
   app-staging:

molecule/vagrant-packager/box_files/app_trusty_metadata.json

@@ -8,7 +8,7 @@
           "checksum": "468923f1e77068b8de96808ed8f52dbe93db3ff0aba8647c37c2d2e83b8367e9",
           "checksum_type": "sha256",
           "name": "libvirt",
-          "url": "https://s3.amazonaws.com/securedrop-vagrant/app-staging_0.7.box"
+          "url": "https://dev-bin.ops.securedrop.org/vagrant/app-staging_0.7.box"
         }
       ],
       "version": "0.7.0"
@@ -19,7 +19,7 @@
           "checksum": "524056caec12a170132ed02f3b8727056d1aeb3ce7050c074be34f259dc6beed",
           "checksum_type": "sha256",
           "name": "libvirt",
-          "url": "https://s3.amazonaws.com/securedrop-vagrant/app-staging_0.8.box"
+          "url": "https://dev-bin.ops.securedrop.org/vagrant/app-staging_0.8.box"
         }
       ],
       "version": "0.8.0"
@@ -30,7 +30,7 @@
           "checksum": "6fb8c12821b902b0905f967d7405c620443f4f4345b18d05b59005f798a08e50",
           "checksum_type": "sha256",
           "name": "libvirt",
-          "url": "https://s3.amazonaws.com/securedrop-vagrant/app-staging_0.9.1.box"
+          "url": "https://dev-bin.ops.securedrop.org/vagrant/app-staging_0.9.1.box"
         }
       ],
       "version": "0.9.1"
@@ -41,7 +41,7 @@
           "checksum": "cf2c4c8ac89bd132d3f75ee77e2d97b68c562e1ee36aa059bb1d4e6b37499f62",
           "checksum_type": "sha256",
           "name": "libvirt",
-          "url": "https://s3.amazonaws.com/securedrop-vagrant/app-staging_0.11.0.box"
+          "url": "https://dev-bin.ops.securedrop.org/vagrant/app-staging_0.11.0.box"
         }
       ],
       "version": "0.11.0"
@@ -52,7 +52,7 @@
           "checksum": "e832c4940ef10e8d999033271454f7220c85f4b0a89f378906895d4a82478eee",
           "checksum_type": "sha256",
           "name": "libvirt",
-          "url": "https://s3.amazonaws.com/securedrop-vagrant/app-staging_0.11.1.box"
+          "url": "https://dev-bin.ops.securedrop.org/vagrant/app-staging_0.11.1.box"
         }
       ],
       "version": "0.11.1"
@@ -63,7 +63,7 @@
           "checksum": "db9f077d0b9f960c5d36a8a804a791151271009c7490fe3a4c715b71998afcd8",
           "checksum_type": "sha256",
           "name": "libvirt",
-          "url": "https://s3.amazonaws.com/securedrop-vagrant/app-staging-trusty_0.12.0.box"
+          "url": "https://dev-bin.ops.securedrop.org/vagrant/app-staging-trusty_0.12.0.box"
         }
       ],
       "version": "0.12.0"
@@ -74,10 +74,21 @@
           "checksum": "4c668f06619a532293409d8bc64f69ee66697a2122f2a9a461a15ad57869a6b5",
           "checksum_type": "sha256",
           "name": "libvirt",
-          "url": "https://s3.amazonaws.com/securedrop-vagrant/app-staging-trusty_0.12.1.box"
+          "url": "https://dev-bin.ops.securedrop.org/vagrant/app-staging-trusty_0.12.1.box"
         }
       ],
       "version": "0.12.1"
+    },
+    {
+      "providers": [
+        {
+          "checksum": "17b9b65d795ff11df9f236740dd2a797c7a1b709cd319fe974ce0dc3c98c27a6",
+          "checksum_type": "sha256",
+          "name": "libvirt",
+          "url": "https://dev-bin.ops.securedrop.org/vagrant/app-staging-trusty_0.12.2.box"
+        }
+      ],
+      "version": "0.12.2"
     }
   ]
-}
+}

molecule/vagrant-packager/box_files/app_xenial_metadata.json

@@ -8,7 +8,7 @@
           "checksum": "79cfa415df0bc83891dab59832564a89815f144ff1248995add90bc84e167ca5",
           "checksum_type": "sha256",
           "name": "libvirt",
-          "url": "https://s3.amazonaws.com/securedrop-vagrant/app-staging-xenial_0.12.0.box"
+          "url": "https://dev-bin.ops.securedrop.org/vagrant/app-staging-xenial_0.12.0.box"
         }
       ],
       "version": "0.12.0"
@@ -19,10 +19,21 @@
           "checksum": "a59ffff93660460b0653d429031deb033819ccac30b8872d8efa9f7f5b57f6f3",
           "checksum_type": "sha256",
           "name": "libvirt",
-          "url": "https://s3.amazonaws.com/securedrop-vagrant/app-staging-xenial_0.12.1.box"
+          "url": "https://dev-bin.ops.securedrop.org/vagrant/app-staging-xenial_0.12.1.box"
         }
       ],
       "version": "0.12.1"
+    },
+    {
+      "providers": [
+        {
+          "checksum": "0ba57d1cf31e0ec49b107da46dce91b8a911653091f140ce019543349b6deb82",
+          "checksum_type": "sha256",
+          "name": "libvirt",
+          "url": "https://dev-bin.ops.securedrop.org/vagrant/app-staging-xenial_0.12.2.box"
+        }
+      ],
+      "version": "0.12.2"
     }
   ]
-}
+}

molecule/vagrant-packager/box_files/mon_trusty_metadata.json

@@ -8,7 +8,7 @@
           "checksum": "4358d2e31ee5dcfe4098fd2bedba3122967992de4c9b2dfb773805141d5ad633",
           "checksum_type": "sha256",
           "name": "libvirt",
-          "url": "https://s3.amazonaws.com/securedrop-vagrant/mon-staging_0.7.box"
+          "url": "https://dev-bin.ops.securedrop.org/vagrant/mon-staging_0.7.box"
         }
       ],
       "version": "0.7.0"
@@ -19,7 +19,7 @@
           "checksum": "c18fe9dddf28cc70b858b878550c5ae202e4a2c752119528ab7d2062dab15842",
           "checksum_type": "sha256",
           "name": "libvirt",
-          "url": "https://s3.amazonaws.com/securedrop-vagrant/mon-staging_0.8.box"
+          "url": "https://dev-bin.ops.securedrop.org/vagrant/mon-staging_0.8.box"
         }
       ],
       "version": "0.8.0"
@@ -30,7 +30,7 @@
           "checksum": "9891c88aa7148129f2f91638d7dfed1e7815eb980bba1de8a9c075f14ae0ddeb",
           "checksum_type": "sha256",
           "name": "libvirt",
-          "url": "https://s3.amazonaws.com/securedrop-vagrant/mon-staging_0.9.1.box"
+          "url": "https://dev-bin.ops.securedrop.org/vagrant/mon-staging_0.9.1.box"
         }
       ],
       "version": "0.9.1"
@@ -41,7 +41,7 @@
           "checksum": "baba21e8799fe2093d902b332b45d7a8342adf019fa195382011fbdfa54cd1d5",
           "checksum_type": "sha256",
           "name": "libvirt",
-          "url": "https://s3.amazonaws.com/securedrop-vagrant/mon-staging_0.11.0.box"
+          "url": "https://dev-bin.ops.securedrop.org/vagrant/mon-staging_0.11.0.box"
         }
       ],
       "version": "0.11.0"
@@ -52,7 +52,7 @@
           "checksum": "bbc8ed55fab20ed96c3b090126b69baabbd41e95faa60676dff72bc69af67376",
           "checksum_type": "sha256",
           "name": "libvirt",
-          "url": "https://s3.amazonaws.com/securedrop-vagrant/mon-staging_0.11.1.box"
+          "url": "https://dev-bin.ops.securedrop.org/vagrant/mon-staging_0.11.1.box"
         }
       ],
       "version": "0.11.1"
@@ -63,7 +63,7 @@
           "checksum": "0ac7538f52b3450a1791a06b8a02fe81b65637da92bb00a61b669beccef87f8d",
           "checksum_type": "sha256",
           "name": "libvirt",
-          "url": "https://s3.amazonaws.com/securedrop-vagrant/mon-staging-trusty_0.12.0.box"
+          "url": "https://dev-bin.ops.securedrop.org/vagrant/mon-staging-trusty_0.12.0.box"
         }
       ],
       "version": "0.12.0"
@@ -74,10 +74,21 @@
           "checksum": "56d1fee8e1b5f27e69a6aa2159e38340dbb3b33326977428cf43af0fc74ae0ba",
           "checksum_type": "sha256",
           "name": "libvirt",
-          "url": "https://s3.amazonaws.com/securedrop-vagrant/mon-staging-trusty_0.12.1.box"
+          "url": "https://dev-bin.ops.securedrop.org/vagrant/mon-staging-trusty_0.12.1.box"
         }
       ],
       "version": "0.12.1"
+    },
+    {
+      "providers": [
+        {
+          "checksum": "c62d2b9f4e54c381dec0fd774cb40c7ab8d96506668961441338d8eb18b6d71c",
+          "checksum_type": "sha256",
+          "name": "libvirt",
+          "url": "https://dev-bin.ops.securedrop.org/vagrant/mon-staging-trusty_0.12.2.box"
+        }
+      ],
+      "version": "0.12.2"
     }
   ]
-}
+}

molecule/vagrant-packager/box_files/mon_xenial_metadata.json

@@ -8,7 +8,7 @@
           "checksum": "efa3c6aa38279c3c9caadea0480ac5d1e855ccbac7afe54aeb56d9075b0874e9",
           "checksum_type": "sha256",
           "name": "libvirt",
-          "url": "https://s3.amazonaws.com/securedrop-vagrant/mon-staging-xenial_0.12.0.box"
+          "url": "https://dev-bin.ops.securedrop.org/vagrant/mon-staging-xenial_0.12.0.box"
         }
       ],
       "version": "0.12.0"
@@ -19,10 +19,21 @@
           "checksum": "e38864cc63bf26c4423c45986ab06f16c5638615b5850f00c69153b456cbb3a9",
           "checksum_type": "sha256",
           "name": "libvirt",
-          "url": "https://s3.amazonaws.com/securedrop-vagrant/mon-staging-xenial_0.12.1.box"
+          "url": "https://dev-bin.ops.securedrop.org/vagrant/mon-staging-xenial_0.12.1.box"
         }
       ],
       "version": "0.12.1"
+    },
+    {
+      "providers": [
+        {
+          "checksum": "648233f3f727b648a0f79e9d5a81473e2ca39b0d24e9184c51f8603160ce3232",
+          "checksum_type": "sha256",
+          "name": "libvirt",
+          "url": "https://dev-bin.ops.securedrop.org/vagrant/mon-staging-xenial_0.12.2.box"
+        }
+      ],
+      "version": "0.12.2"
     }
   ]
-}
+}

molecule/vagrant-packager/package.py

@@ -233,7 +233,7 @@ def update_box_metadata(server_name, box_file, platform, version):
     with open(json_file, "r") as f:
         metadata_config = json.loads(f.read())
 
-    base_url = "https://s3.amazonaws.com/securedrop-vagrant"
+    base_url = "https://dev-bin.ops.securedrop.org/vagrant"
     box_name = os.path.basename(box_file)
     box_url = "{}/{}".format(base_url, box_name)
     box_checksum = sha256_checksum(box_file)

molecule/vagrant-packager/push.yml

@@ -5,11 +5,11 @@
   hosts: localhost
   become: no
   tasks:
-    - name: Create vagrant bucket
-      aws_s3:
-        bucket: "{{ bucket_name }}"
-        mode: create
-        region: us-east-1
+    - name: Assume role
+      sts_assume_role:
+        role_arn: "arn:aws:iam::601214233086:role/sdroppackager"
+        role_session_name: "vagrantupload-{{ ansible_hostname | to_uuid }}"
+      register: assumed_role
 
     - name: Find boxes to push up
       find:
@@ -19,11 +19,25 @@
 
     - name: Push boxes up
       aws_s3:
+        aws_access_key: "{{ assumed_role.sts_creds.access_key }}"
+        aws_secret_key: "{{ assumed_role.sts_creds.secret_key }}"
+        security_token: "{{ assumed_role.sts_creds.session_token }}"
         bucket: "{{ bucket_name }}"
-        object: "{{ item.path | basename }}"
+        object: "/{{ bucket_path }}/{{ item.path | basename }}"
         permission: "public-read"
         src: "{{ item.path }}"
         mode: put
       with_items: "{{ local_boxes.files }}"
+
+    - name: Generate index
+      script: ./scripts/list_bucket.py
+      environment:
+        AWS_ACCESS_KEY_ID: "{{ assumed_role.sts_creds.access_key }}"
+        AWS_SECRET_ACCESS_KEY: "{{ assumed_role.sts_creds.secret_key }}"
+        AWS_SESSION_TOKEN: "{{ assumed_role.sts_creds.session_token }}"
+        BUCKET: "{{ bucket_name }}"
+        BUCKET_PATH: "{{ bucket_path }}"
+
   vars:
-    bucket_name: securedrop-vagrant
+    bucket_name: dev-bin.ops.securedrop.org
+    bucket_path: vagrant

molecule/vagrant-packager/scripts/list_bucket.py

@@ -0,0 +1,61 @@
+#!/usr/bin/env python
+#
+#
+#
+#
+# Generate index.html of vagrant box files in our s3 bucket
+# and upload said file.
+
+import boto3
+import os
+
+
+class S3_Bucket_IndexCreator(object):
+    """ Class to initialize s3 bucket connection, grab contents, publish index """
+
+    def __init__(self, bucket, path):
+        self.s3 = boto3.resource('s3')
+        self.vagrant_bucket = self.s3.Bucket(name=bucket)
+        self.bucket = bucket
+        self.path = path
+
+    def bucket_get_list(self):
+        """ Get bucket file listings and return python list """
+
+        return [obj.key.split('/')[-1] for obj in
+                self.vagrant_bucket.objects.filter(Prefix=self.path) if
+                "index.html" not in obj.key]
+
+    def generate_html_index(self):
+        """Build a simple HTML index string from bucket listings"""
+
+        str_files = ["""<a href="{file}">{file}</a>""".format(file=f) for f in
+                     self.bucket_get_list()]
+
+        index_string = """
+            <html><head><title>Index of /{path}/</title></head><body bgcolor="white">
+            <h1>Index of /{path}/</h1><hr><pre>{files}</pre><hr></body></html>""".format(
+                path=self.path,
+                files="<br>".join(str_files)
+            )
+
+        return index_string
+
+    def upload_string_as_file(self,
+                              contents,
+                              filename="index.html",
+                              content_type="text/html"):
+
+        """ Take contents of a file as input and dump that to a file """
+        object = self.s3.Object(self.bucket, '{}/{}'.format(self.path, filename))
+        object.put(Body=contents,
+                   ContentType=content_type)
+
+
+if __name__ == "__main__":
+    BUCKET = os.environ.get('BUCKET', 'dev-bin.ops.securedrop.org')
+    BUCKET_PATH = os.environ.get('BUCKET_PATH', 'vagrant/')
+
+    bucket_index_creation = S3_Bucket_IndexCreator(BUCKET, BUCKET_PATH)
+    index = bucket_index_creation.generate_html_index()
+    bucket_index_creation.upload_string_as_file(index)