command name shuffle -- grouped more commands together as subcommands

4 files changed, 176 insertions, 164 deletions

diff --git a/lib/leap_cli/commands/ca.rb b/lib/leap_cli/commands/ca.rb
index 05bdb2b..f471b5a 100644
--- a/lib/leap_cli/commands/ca.rb
+++ b/lib/leap_cli/commands/ca.rb
@@ -5,150 +5,155 @@ require 'digest/md5'
 
 module LeapCli; module Commands
 
-  desc 'Creates the public and private key for your Certificate Authority.'
-  command :'init-ca' do |c|
-    c.action do |global_options,options,args|
-      assert_files_missing! :ca_cert, :ca_key
-      assert_config! 'provider.ca.name'
-      assert_config! 'provider.ca.bit_size'
-      assert_config! 'provider.ca.life_span'
-
-      provider = manager.provider
-      root = CertificateAuthority::Certificate.new
-
-      # set subject
-      root.subject.common_name = provider.ca.name
-      possible = ['country', 'state', 'locality', 'organization', 'organizational_unit', 'email_address']
-      provider.ca.keys.each do |key|
-        if possible.include?(key)
-          root.subject.send(key + '=', provider.ca[key])
+  desc "Manage X.509 certificates"
+  #long_desc ""
+  command :cert do |c|
+
+    c.desc 'Creates a Certificate Authority (private key and CA certificate)'
+    c.command :ca do |c|
+      c.action do |global_options,options,args|
+        assert_files_missing! :ca_cert, :ca_key
+        assert_config! 'provider.ca.name'
+        assert_config! 'provider.ca.bit_size'
+        assert_config! 'provider.ca.life_span'
+
+        provider = manager.provider
+        root = CertificateAuthority::Certificate.new
+
+        # set subject
+        root.subject.common_name = provider.ca.name
+        possible = ['country', 'state', 'locality', 'organization', 'organizational_unit', 'email_address']
+        provider.ca.keys.each do |key|
+          if possible.include?(key)
+            root.subject.send(key + '=', provider.ca[key])
+          end
         end
-      end
 
-      # set expiration
-      root.not_before = today
-      root.not_after = years_from_today(provider.ca.life_span.to_i)
+        # set expiration
+        root.not_before = today
+        root.not_after = years_from_today(provider.ca.life_span.to_i)
 
-      # generate private key
-      root.serial_number.number = 1
-      root.key_material.generate_key(provider.ca.bit_size)
+        # generate private key
+        root.serial_number.number = 1
+        root.key_material.generate_key(provider.ca.bit_size)
 
-      # sign self
-      root.signing_entity = true
-      root.parent = root
-      root.sign!(ca_root_signing_profile)
+        # sign self
+        root.signing_entity = true
+        root.parent = root
+        root.sign!(ca_root_signing_profile)
 
-      # save
-      write_file!(:ca_key, root.key_material.private_key.to_pem)
-      write_file!(:ca_cert, root.to_pem)
+        # save
+        write_file!(:ca_key, root.key_material.private_key.to_pem)
+        write_file!(:ca_cert, root.to_pem)
+      end
     end
-  end
 
-  desc 'Creates or renews a X.509 certificate/key pair for a single node or all nodes'
-  arg_name '<node-name | "all">', :optional => false, :multiple => false
-  command :'update-cert' do |c|
-    c.action do |global_options,options,args|
-      assert_files_exist! :ca_cert, :ca_key, :msg => 'Run init-ca to create them'
-      assert_config! 'provider.ca.server_certificates.bit_size'
-      assert_config! 'provider.ca.server_certificates.digest'
-      assert_config! 'provider.ca.server_certificates.life_span'
-      assert_config! 'common.x509.use'
-
-      if args.first == 'all' || args.empty?
-        manager.each_node do |node|
-          if cert_needs_updating?(node)
-            generate_cert_for_node(node)
+    c.desc 'Creates or renews a X.509 certificate/key pair for a single node or all nodes'
+    c.arg_name 'node-name', :optional => false
+    c.command :update do |c|
+      c.action do |global_options,options,args|
+        assert_files_exist! :ca_cert, :ca_key, :msg => 'Run `leap cert ca` to create them'
+        assert_config! 'provider.ca.server_certificates.bit_size'
+        assert_config! 'provider.ca.server_certificates.digest'
+        assert_config! 'provider.ca.server_certificates.life_span'
+        assert_config! 'common.x509.use'
+
+        if args.first == 'all' || args.empty?
+          manager.each_node do |node|
+            if cert_needs_updating?(node)
+              generate_cert_for_node(node)
+            end
           end
+        else
+          generate_cert_for_node(get_node_from_args(args))
         end
-      else
-        generate_cert_for_node(get_node_from_args(args))
       end
     end
-  end
 
-  desc 'Generates Diffie-Hellman parameter file (needed for server-side of TLS connections)'
-  command :'init-dh' do |c|
-    c.action do |global_options,options,args|
-      long_running do
-        if cmd_exists?('certtool')
-          log 0, 'Generating DH parameters (takes a long time)...'
-          output = assert_run!('certtool --generate-dh-params --sec-param high')
-          output.sub! /.*(-----BEGIN DH PARAMETERS-----.*-----END DH PARAMETERS-----).*/m, '\1'
-          output << "\n"
-          write_file!(:dh_params, output)
-        else
-          log 0, 'Generating DH parameters (takes a REALLY long time)...'
-          output = OpenSSL::PKey::DH.generate(3248).to_pem
-          write_file!(:dh_params, output)
+    c.desc 'Creates a Diffie-Hellman parameter file' # (needed for server-side of some TLS connections)
+    c.command :dh do |c|
+      c.action do |global_options,options,args|
+        long_running do
+          if cmd_exists?('certtool')
+            log 0, 'Generating DH parameters (takes a long time)...'
+            output = assert_run!('certtool --generate-dh-params --sec-param high')
+            output.sub! /.*(-----BEGIN DH PARAMETERS-----.*-----END DH PARAMETERS-----).*/m, '\1'
+            output << "\n"
+            write_file!(:dh_params, output)
+          else
+            log 0, 'Generating DH parameters (takes a REALLY long time)...'
+            output = OpenSSL::PKey::DH.generate(3248).to_pem
+            write_file!(:dh_params, output)
+          end
         end
       end
     end
-  end
-
-  #
-  # hints:
-  #
-  # inspect CSR:
-  #   openssl req -noout -text -in files/cert/x.csr
-  #
-  # generate CSR with openssl to see how it compares:
-  #   openssl req -sha256 -nodes -newkey rsa:2048 -keyout example.key -out example.csr
-  #
-  # validate a CSR:
-  #   http://certlogik.com/decoder/
-  #
-  # nice details about CSRs:
-  #   http://www.redkestrel.co.uk/Articles/CSR.html
-  #
-  desc 'Creates a Certificate Signing Request for use in purchasing a commercial x509 certificate'
-  command :'init-csr' do |c|
-    #c.switch 'sign', :desc => 'additionally creates a cert that is signed by your own CA (recommended only for testing)', :negatable => false
-    c.action do |global_options,options,args|
-      assert_config! 'provider.domain'
-      assert_config! 'provider.name'
-      assert_config! 'provider.default_language'
-      assert_config! 'provider.ca.server_certificates.bit_size'
-      assert_config! 'provider.ca.server_certificates.digest'
-      assert_files_missing! [:commercial_key, manager.provider.domain], [:commercial_csr, manager.provider.domain], :msg => 'If you really want to create a new key and CSR, remove these files first.'
-      if options[:sign]
-        assert_files_exist! :ca_cert, :ca_key, :msg => 'Run init-ca to create them'
-      end
 
-      # RSA key
-      keypair = CertificateAuthority::MemoryKeyMaterial.new
-      log :generating, "%s bit RSA key" % manager.provider.ca.server_certificates.bit_size do
-        keypair.generate_key(manager.provider.ca.server_certificates.bit_size)
-        write_file! [:commercial_key, manager.provider.domain], keypair.private_key.to_pem
-      end
+    #
+    # hints:
+    #
+    # inspect CSR:
+    #   openssl req -noout -text -in files/cert/x.csr
+    #
+    # generate CSR with openssl to see how it compares:
+    #   openssl req -sha256 -nodes -newkey rsa:2048 -keyout example.key -out example.csr
+    #
+    # validate a CSR:
+    #   http://certlogik.com/decoder/
+    #
+    # nice details about CSRs:
+    #   http://www.redkestrel.co.uk/Articles/CSR.html
+    #
+    c.desc 'Creates a CSR for use in buying a commercial X.509 certificate'
+    c.command :csr do |c|
+      #c.switch 'sign', :desc => 'additionally creates a cert that is signed by your own CA (recommended only for testing)', :negatable => false
+      c.action do |global_options,options,args|
+        assert_config! 'provider.domain'
+        assert_config! 'provider.name'
+        assert_config! 'provider.default_language'
+        assert_config! 'provider.ca.server_certificates.bit_size'
+        assert_config! 'provider.ca.server_certificates.digest'
+        assert_files_missing! [:commercial_key, manager.provider.domain], [:commercial_csr, manager.provider.domain], :msg => 'If you really want to create a new key and CSR, remove these files first.'
+        if options[:sign]
+          assert_files_exist! :ca_cert, :ca_key, :msg => 'Run `leap cert ca` to create them'
+        end
 
-      # CSR
-      dn  = CertificateAuthority::DistinguishedName.new
-      csr = CertificateAuthority::SigningRequest.new
-      dn.common_name = manager.provider.domain
-      dn.organization = manager.provider.name[manager.provider.default_language]
-      log :generating, "CSR with commonName => '%s', organization => '%s'" % [dn.common_name, dn.organization] do
-        csr.distinguished_name = dn
-        csr.key_material = keypair
-        csr.digest = manager.provider.ca.server_certificates.digest
-        request = csr.to_x509_csr
-        write_file! [:commercial_csr, manager.provider.domain], csr.to_pem
-      end
+        # RSA key
+        keypair = CertificateAuthority::MemoryKeyMaterial.new
+        log :generating, "%s bit RSA key" % manager.provider.ca.server_certificates.bit_size do
+          keypair.generate_key(manager.provider.ca.server_certificates.bit_size)
+          write_file! [:commercial_key, manager.provider.domain], keypair.private_key.to_pem
+        end
 
-      # Sign using our own CA, for use in testing but hopefully not production.
-      # It is not that commerical CAs are so secure, it is just that signing your own certs is
-      # a total drag for the user because they must click through dire warnings.
-      #if options[:sign]
-        log :generating, "self-signed x509 server certificate for testing purposes" do
-          cert = csr.to_cert
-          cert.serial_number.number = cert_serial_number(manager.provider.domain)
-          cert.not_before = today
-          cert.not_after  = years_from_today(1)
-          cert.parent = ca_root
-          cert.sign! domain_test_signing_profile
-          write_file! [:commercial_cert, manager.provider.domain], cert.to_pem
-          log "please replace this file with the real certificate you get from a CA using #{Path.relative_path([:commercial_csr, manager.provider.domain])}"
+        # CSR
+        dn  = CertificateAuthority::DistinguishedName.new
+        csr = CertificateAuthority::SigningRequest.new
+        dn.common_name = manager.provider.domain
+        dn.organization = manager.provider.name[manager.provider.default_language]
+        log :generating, "CSR with commonName => '%s', organization => '%s'" % [dn.common_name, dn.organization] do
+          csr.distinguished_name = dn
+          csr.key_material = keypair
+          csr.digest = manager.provider.ca.server_certificates.digest
+          request = csr.to_x509_csr
+          write_file! [:commercial_csr, manager.provider.domain], csr.to_pem
         end
-      #end
+
+        # Sign using our own CA, for use in testing but hopefully not production.
+        # It is not that commerical CAs are so secure, it is just that signing your own certs is
+        # a total drag for the user because they must click through dire warnings.
+        #if options[:sign]
+          log :generating, "self-signed x509 server certificate for testing purposes" do
+            cert = csr.to_cert
+            cert.serial_number.number = cert_serial_number(manager.provider.domain)
+            cert.not_before = today
+            cert.not_after  = years_from_today(1)
+            cert.parent = ca_root
+            cert.sign! domain_test_signing_profile
+            write_file! [:commercial_cert, manager.provider.domain], cert.to_pem
+            log "please replace this file with the real certificate you get from a CA using #{Path.relative_path([:commercial_csr, manager.provider.domain])}"
+          end
+        #end
+      end
     end
   end
 
diff --git a/lib/leap_cli/commands/compile.rb b/lib/leap_cli/commands/compile.rb
index 9882e6a..45e4f2b 100644
--- a/lib/leap_cli/commands/compile.rb
+++ b/lib/leap_cli/commands/compile.rb
@@ -2,7 +2,7 @@
 module LeapCli
   module Commands
 
-    desc 'Compile json files to hiera configs'
+    desc 'Compiles node configuration files into hiera files used for deployment'
     command :compile do |c|
       c.action do |global_options,options,args|
         # these must come first
diff --git a/lib/leap_cli/commands/node.rb b/lib/leap_cli/commands/node.rb
index 28e250a..678bebd 100644
--- a/lib/leap_cli/commands/node.rb
+++ b/lib/leap_cli/commands/node.rb
@@ -6,41 +6,43 @@ module LeapCli; module Commands
   ##
   ## COMMANDS
   ##
-
-  desc 'not yet implemented... Create a new configuration for a node'
-  command :'add-node' do |c|
-    c.action do |global_options,options,args|
+  desc 'Node management'
+  command :node do |c|
+    c.desc 'Create a new configuration file for a node'
+    c.command :add do |c|
+      c.action do |global_options,options,args|
+      end
     end
-  end
 
-  desc 'Bootstraps a node, setting up ssh keys and installing prerequisites'
-  arg_name '<node-name>', :optional => false, :multiple => false
-  command :'init-node' do |c|
-    c.switch 'echo', :desc => 'if set, passwords are visible as you type them (default is hidden)', :negatable => false
-    c.action do |global_options,options,args|
-      node = get_node_from_args(args)
-      ping_node(node)
-      save_public_host_key(node)
-      update_compiled_ssh_configs
-      ssh_connect(node, :bootstrap => true, :echo => options[:echo]) do |ssh|
-        ssh.install_authorized_keys
-        ssh.install_prerequisites
+    c.desc 'Bootstraps a node, setting up ssh keys and installing prerequisites'
+    c.arg_name 'node-name', :optional => false, :multiple => false
+    c.command :init do |c|
+      c.switch 'echo', :desc => 'if set, passwords are visible as you type them (default is hidden)', :negatable => false
+      c.action do |global_options,options,args|
+        node = get_node_from_args(args)
+        ping_node(node)
+        save_public_host_key(node)
+        update_compiled_ssh_configs
+        ssh_connect(node, :bootstrap => true, :echo => options[:echo]) do |ssh|
+          ssh.install_authorized_keys
+          ssh.install_prerequisites
+        end
+        log :completed, "node init #{node.name}"
       end
-      log :completed, "init-node #{node.name}"
     end
-  end
 
-  desc 'not yet implemented'
-  command :'rename-node' do |c|
-    c.action do |global_options,options,args|
+    c.desc 'Renames a node file, and all its related files'
+    c.command :mv do |c|
+      c.action do |global_options,options,args|
+      end
     end
-  end
 
-  desc 'not yet implemented'
-  arg_name '<node-name>', :optional => false, :multiple => false
-  command :'rm-node' do |c|
-    c.action do |global_options,options,args|
-      remove_file!()
+    c.desc 'Removes a node file, and all its related files'
+    c.arg_name '<node-name>', :optional => false, :multiple => false
+    c.command :rm do |c|
+      c.action do |global_options,options,args|
+        remove_file!()
+      end
     end
   end
 
diff --git a/lib/leap_cli/commands/test.rb b/lib/leap_cli/commands/test.rb
index dc08652..dd505b6 100644
--- a/lib/leap_cli/commands/test.rb
+++ b/lib/leap_cli/commands/test.rb
@@ -1,18 +1,23 @@
 module LeapCli; module Commands
 
-  desc 'Creates files needed to run tests'
-  command :'init-test' do |c|
-    c.action do |global_options,options,args|
-      generate_test_client_cert
-      generate_test_client_openvpn_config
-    end
-  end
-
   desc 'Run tests'
   command :test do |c|
-    c.action do |global_options,options,args|
-      log 'not yet implemented'
+    c.desc 'Creates files needed to run tests'
+    c.command :init do |c|
+      c.action do |global_options,options,args|
+        generate_test_client_cert
+        generate_test_client_openvpn_config
+      end
     end
+
+    c.desc 'Run tests'
+    c.command :run do |c|
+      c.action do |global_options,options,args|
+        log 'not yet implemented'
+      end
+    end
+
+    c.default_command :run
   end
 
   private