update

bin/bastion.py

@@ -5,6 +5,7 @@
 import pathlib
 import logging
 import traceback
+import socket
 
 from ruamel.yaml import YAML
 from ruamel.yaml.scalarstring import PreservedScalarString
@@ -108,6 +109,13 @@ def configured(self):
 				self.conf.load(folder / confile)
 		return self
 
+	@property
+	def hostname(self):
+		if 'host.name' in self.conf:
+			return self.conf['host.name']
+		else:
+			return socket.getfqdn()
+
 	def site(self, name):
 		return Site(name).configured(self.conf)
 
@@ -209,7 +217,7 @@ def do_update_asset(self, comargs, comdex):
 		site  = self.site(ark.site)
 		asset = site.asset(ark)
 		vault = self.vault(asset.policy.vault)
-		flag, stdout, stderr = vault.push(asset, detail = )
+		flag, stdout, stderr = vault.push(asset, detail = 'D', client = self.hostname)
 		if flag:
 			return SUCCESS(stdout, {'stdout': stdout})
 		else:
@@ -224,7 +232,7 @@ def do_backup_asset(self, comargs, comdex):
 		site  = self.site(ark.site)
 		asset = site.asset(ark)
 		vault = self.vault(asset.policy.vault)
-		flag, stdout, stderr = vault.push(asset)
+		flag, stdout, stderr = vault.push(asset, client = self.hostname)
 		if flag:
 			return SUCCESS(stdout, {'stdout': stdout})
 		else:
@@ -268,6 +276,21 @@ def do_list_zone_assets(self, comargs, comdex):
 		return self.do_export_zone_assets(comargs, comdex)
 
 
+	def do_refresh_keytab(self, comargs, comdex):
+		"""
+		refresh keytab {vault}
+		* uses ssh+scp to regenerate the private keytab for the named vault.
+		"""
+		vault = self.vault(comdex[2])
+		vault.refresh_keytab()
+		flag, stdout, stderr = vault.refresh_keytab()
+		if flag:
+			return SUCCESS(stdout, {'stdout': stdout, 'stderr': stderr})
+		else:
+			return FAILED(stdout, {'stdout': stdout, 'stderr': stderr})
+
+
+
 
 if __name__ == '__main__':
 	app = App().configured()

lib/Bastion/HPSS.py

@@ -333,6 +333,14 @@ def __init__(self, name, **kwargs):
 		self._hsi   = None
 		self.client = kwargs.get('client', socket.gethostname())
 
+		self.keytab               = Thing()
+		self.keytab.halo          = pathlib.Path( kwargs.get('keytab', "~/.private/hpss.unix.keytab") ).expanduser()
+		self.keytab.regen         = Thing()
+		self.keytab.regen.host    = None
+		self.keytab.regen.user    = getpass.getuser()
+		self.keytab.regen.key     = pathlib.Path("~/.ssh/id_rsa")
+		self.keytab.regen.command = 'keytab'
+
 	def configured(self, conf):
 		confkey = "vaults.{}".format(self.name)
 		if confkey in conf:
@@ -341,6 +349,12 @@ def configured(self, conf):
 			self.login  = section['login']
 			if 'root' in section:
 				self.root = pathlib.PurePosixPath( section['root'] )
+			if 'key' in section:
+				self.keytab.halo          = section.get('key.path',                self.keytab.halo)
+				self.keytab.regen.host    = section.get('key.refresh.ssh.host',    self.keytab.regen.host)
+				self.keytab.regen.user    = section.get('key.refresh.ssh.user',    self.keytab.regen.user)
+				self.keytab.regen.key     = section.get('key.refresh.ssh.key',     self.keytab.regen.key)
+				self.keytab.regen.command = section.get('key.refresh.ssh.command', self.keytab.regen.command)
 		return self
 
 	@property
@@ -466,5 +480,12 @@ def _provision_ark(self, ark):
 	def _provision_site_zone_asset(self, site, zone, asset_name):
 		return self._provision_ark( ARK(site, zone, asset_name) )
 
+	def refresh_keytab(self):
+		"""
+		Use ssh+scp to regenerate the authenticating keytab file.
+		"""
+		regencmd = "ssh {}@{} {}"
+		proc    = subprocess.run(comargs, stdout = subprocess.PIPE, stderr = subprocess.STDOUT, check = False, env = exports)
+
 
 #hsi = HSI("/opt/hsi/bin/hsi", login = "ndenny")

lib/Bastion/Model.py

@@ -29,6 +29,9 @@ def __new__(cls, *args):
 			elif isinstance(arg, str):
 				return ARK(CURIE(arg))
 
+			elif isinstance(arg, isAsset):
+				return ARK( RDN(arg.site), RDN(arg.zone), RDN(arg.asset) )
+
 		if len(args) == 3:
 			site, zone, asset = args
 			s  = RDN(site)