RubyGems - 3scale_toolbox - Versions diffs - 0.7.0 → 0.8.0 - Mend

3scale_toolbox 0.7.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3f412bd1eba1df7d510acff344fc72fca45f7aa94c9317e10fe2425b611276f5
-  data.tar.gz: a2bd5e4bfc83e1be12abdecbb636a18a43de81ed86594d590109e8734a59f6db
+  metadata.gz: 15a0f5fc1496d1414d2e5a940b1d08d8834dfc23a226f7c3a6d17d3014f1042f
+  data.tar.gz: e09c49ae0c9023757c2cf22dd2c10a61d009337a67aca4d8080ae2fb7a65eb2d
 SHA512:
-  metadata.gz: 8a72ea781cf845c49aeb2a6b45f3576bcd76d534b086f377afcedcab0ed956bdb74cfb01a24b7697f39b6fbeaad12290b362b75796feb9cf259ac4d14cc9fee9
-  data.tar.gz: 55c946b9199edaea9dcb0583d8b06ac5769641ab25ba646ca79c3cbb138f744177c4d2d75239d2daa482aaadf735f1906f71056c56bef91916bcade642529109
+  metadata.gz: dd16657b1d83f114fdaf3d4b0ad1fd39fc08ab3a267e441b332333d22933e620cb7bd1cad48de66711594a9c10fcee8bed894e0b03170baaf6cfee53d7decfd5
+  data.tar.gz: 16838e3a0c469ed68f4064babce60fe207d77a06c8f869035115422a1d461360da3f2237fd45c6f31d0cd62602646254f4ed2b6a5b25546e318a2afa85e2732a

data/README.md CHANGED Viewed

@@ -1,5 +1,11 @@
 # 3scale toolbox
+[![Build Status](https://travis-ci.org/3scale/3scale_toolbox.svg?branch=master)](https://travis-ci.org/3scale/3scale_toolbox)
+This software is licensed under the [Apache 2.0 license](https://www.apache.org/licenses/LICENSE-2.0).
+See the LICENSE and NOTICE files that should have been provided along with this software for details.
+## Description
 3scale toolbox is a set of tools to help you manage your 3scale product. Using the [3scale API Ruby Client](https://github.com/3scale/3scale-api-ruby).
 ## Table of contents
@@ -76,7 +82,7 @@ OPTIONS
                                          remote name
     -s --source=<value>                  3scale source instance. Url or
                                          remote name
-    -t --target_system_name=<value>      Target system name. Default to
+    -t --target_system_name=<value>      Target system name. Default to
                                          source system name
 OPTIONS FOR COPY

data/lib/3scale_toolbox.rb CHANGED Viewed

@@ -1,6 +1,8 @@
 require '3scale_toolbox/version'
 require '3scale_toolbox/helper'
 require '3scale_toolbox/error'
+require '3scale_toolbox/proxy_logger'
+require '3scale_toolbox/swagger'
 require '3scale_toolbox/configuration'
 require '3scale_toolbox/remotes'
 require '3scale_toolbox/3scale_client_factory'

data/lib/3scale_toolbox/3scale_client_factory.rb CHANGED Viewed

@@ -1,17 +1,18 @@
 module ThreeScaleToolbox
   class ThreeScaleClientFactory
     class << self
-      def get(remotes, remote_str, verify_ssl)
-        new(remotes, remote_str, verify_ssl).call
+      def get(remotes, remote_str, verify_ssl, verbose = false)
+        new(remotes, remote_str, verify_ssl, verbose).call
       end
     end
-    attr_reader :remotes, :remote_str, :verify_ssl
+    attr_reader :remotes, :remote_str, :verify_ssl, :verbose
-    def initialize(remotes, remote_str, verify_ssl)
+    def initialize(remotes, remote_str, verify_ssl, verbose)
       @remotes = remotes
       @remote_str = remote_str
       @verify_ssl = verify_ssl
+      @verbose = verbose
     end
     def call
@@ -21,7 +22,10 @@ module ThreeScaleToolbox
         remote = remotes.fetch(remote_str)
       end
-      remote_client(remote.merge(verify_ssl: verify_ssl))
+      client = remote_client(remote.merge(verify_ssl: verify_ssl))
+      return ProxyLogger.new(client) if verbose
+      client
     end
     private

data/lib/3scale_toolbox/base_command.rb CHANGED Viewed

@@ -47,7 +47,7 @@ module ThreeScaleToolbox
     # Input param can be endpoint url or remote name
     #
     def threescale_client(str)
-      ThreeScaleClientFactory.get(remotes, str, verify_ssl)
+      ThreeScaleClientFactory.get(remotes, str, verify_ssl, verbose)
     end
     def verify_ssl
@@ -55,6 +55,10 @@ module ThreeScaleToolbox
       !options[:insecure]
     end
+    def verbose
+      options[:verbose]
+    end
     def exit_with_message(message)
       raise ThreeScaleToolbox::Error, message
     end

data/lib/3scale_toolbox/cli.rb CHANGED Viewed

@@ -15,7 +15,9 @@ module ThreeScaleToolbox::CLI
   def self.install_signal_handlers
     # Set exit handler
-    %w[INT TERM].each do |signal|
+    # Only OS supported signals
+    available_signals = %w[INT TERM].select { |signal_name| Signal.list.key? signal_name }
+    available_signals.each do |signal|
       Signal.trap(signal) do
         puts
         exit!(0)
@@ -24,9 +26,11 @@ module ThreeScaleToolbox::CLI
     # Set stack trace dump handler
     if !defined?(RUBY_ENGINE) || RUBY_ENGINE != 'jruby'
-      Signal.trap('USR1') do
-        puts 'Caught USR1; dumping a stack trace'
-        puts caller.map { |i| "  #{i}" }.join("\n")
+      if Signal.list.key? 'USR1'
+        Signal.trap('USR1') do
+          puts 'Caught USR1; dumping a stack trace'
+          puts caller.map { |i| "  #{i}" }.join("\n")
+        end
       end
     end
   end

data/lib/3scale_toolbox/commands/3scale_command.rb CHANGED Viewed

@@ -6,6 +6,7 @@ module ThreeScaleToolbox
   module Commands
     module ThreeScaleCommand
       include ThreeScaleToolbox::Command
       def self.command
         Cri::Command.define do
           name        '3scale'
@@ -19,10 +20,15 @@ module ThreeScaleToolbox
             exit 0
           end
           flag :k, :insecure, 'Proceed and operate even for server connections otherwise considered insecure'
+          flag nil, :verbose, 'Verbose mode'
           flag :h, :help, 'show help for this command' do |_, cmd|
             puts cmd.help
             exit 0
           end
+          run do |_opts, _args, cmd|
+            puts cmd.help
+          end
         end
       end
     end

data/lib/3scale_toolbox/commands/copy_command.rb CHANGED Viewed

@@ -12,6 +12,10 @@ module ThreeScaleToolbox
           usage       'copy <sub-command> [options]'
           summary     'copy super command'
           description 'Copy 3scale entities between tenants'
+          run do |_opts, _args, cmd|
+            puts cmd.help
+          end
         end
       end
       add_subcommand(CopyServiceSubcommand)

data/lib/3scale_toolbox/commands/import_command.rb CHANGED Viewed

@@ -13,6 +13,10 @@ module ThreeScaleToolbox
           usage       'import <sub-command> [options]'
           summary     'import super command'
           description 'Importing 3scale entities'
+          run do |_opts, _args, cmd|
+            puts cmd.help
+          end
         end
       end
       add_subcommand(ImportCsvSubcommand)

data/lib/3scale_toolbox/commands/import_command/openapi.rb CHANGED Viewed

@@ -1,4 +1,3 @@
-require 'swagger'
 require '3scale_toolbox/commands/import_command/openapi/method'
 require '3scale_toolbox/commands/import_command/openapi/mapping_rule'
 require '3scale_toolbox/commands/import_command/openapi/operation'
@@ -9,6 +8,9 @@ require '3scale_toolbox/commands/import_command/openapi/create_method_step'
 require '3scale_toolbox/commands/import_command/openapi/create_mapping_rule_step'
 require '3scale_toolbox/commands/import_command/openapi/create_service_step'
 require '3scale_toolbox/commands/import_command/openapi/create_activedocs_step'
+require '3scale_toolbox/commands/import_command/openapi/update_service_proxy_step'
+require '3scale_toolbox/commands/import_command/openapi/update_service_oidc_conf_step'
+require '3scale_toolbox/commands/import_command/openapi/update_policies_step'
 module ThreeScaleToolbox
   module Commands
@@ -27,6 +29,10 @@ module ThreeScaleToolbox
               option  :d, :destination, '3scale target instance. Format: "http[s]://<authentication>@3scale_domain"', argument: :required
               option  :t, 'target_system_name', 'Target system name', argument: :required
+              flag    nil, 'activedocs-hidden', 'Create ActiveDocs in hidden state'
+              flag    nil, 'skip-openapi-validation', 'Skip OpenAPI schema validation'
+              option  nil, 'oidc-issuer-endpoint', 'OIDC Issuer Endpoint', argument: :required
+              option  nil, 'default-credentials-userkey', 'Default credentials policy userkey', argument: :required
               param   :openapi_resource
               runner OpenAPISubcommand
@@ -34,15 +40,15 @@ module ThreeScaleToolbox
           end
           def run
-            openapi_resource = load_resource(arguments[:openapi_resource])
-            context = create_context(openapi_resource)
             tasks = []
             tasks << CreateServiceStep.new(context)
             tasks << CreateMethodsStep.new(context)
             tasks << ThreeScaleToolbox::Tasks::DestroyMappingRulesTask.new(context)
             tasks << CreateMappingRulesStep.new(context)
             tasks << CreateActiveDocsStep.new(context)
+            tasks << UpdateServiceProxyStep.new(context)
+            tasks << UpdateServiceOidcConfStep.new(context)
+            tasks << UpdatePoliciesStep.new(context)
             # run tasks
             tasks.each(&:call)
@@ -50,21 +56,27 @@ module ThreeScaleToolbox
           private
-          def create_context(openapi_resource)
+          def context
+            @context ||= create_context
+          end
+          def create_context
+            openapi_resource = load_resource(arguments[:openapi_resource])
             {
               api_spec_resource: openapi_resource,
               api_spec: ThreeScaleApiSpec.new(load_openapi(openapi_resource)),
               threescale_client: threescale_client(fetch_required_option(:destination)),
-              target_system_name: options[:target_system_name]
+              target_system_name: options[:target_system_name],
+              activedocs_published: !options[:'activedocs-hidden'],
+              oidc_issuer_endpoint: options[:'oidc-issuer-endpoint'],
+              default_credentials_userkey: options[:'default-credentials-userkey'],
+              skip_openapi_validation: options[:'skip-openapi-validation']
             }
           end
           def load_openapi(openapi_resource)
-            Swagger.build(openapi_resource)
-            # Disable validation step because https://petstore.swagger.io/v2/swagger.json
-            # does not pass validation. Maybe library's schema is outdated?
-            # openapi.tap(&:validate)
-          rescue Swagger::InvalidDefinition, Hashie::CoercionError, Psych::SyntaxError => e
+            Swagger.build(openapi_resource, validate: !options[:'skip-openapi-validation'])
+          rescue JSON::Schema::ValidationError => e
             raise ThreeScaleToolbox::Error, "OpenAPI schema validation failed: #{e.message}"
           end
         end

data/lib/3scale_toolbox/commands/import_command/openapi/create_activedocs_step.rb CHANGED Viewed

@@ -10,8 +10,10 @@ module ThreeScaleToolbox
               name: api_spec.title,
               system_name: activedocs_system_name,
               service_id: service.id,
-              body: resource.to_json,
-              description: api_spec.description
+              body: JSON.pretty_generate(resource),
+              description: api_spec.description,
+              published: context[:activedocs_published],
+              skip_swagger_validations: context[:skip_openapi_validation]
             }
             res = threescale_client.create_activedocs(active_doc)

data/lib/3scale_toolbox/commands/import_command/openapi/create_service_step.rb CHANGED Viewed

@@ -26,7 +26,7 @@ module ThreeScaleToolbox
           private
           def service_system_name
-            target_system_name || service_name.downcase.tr(' ', '_')
+            target_system_name || service_name.downcase.gsub(/[^\w]/, '_')
           end
           def service_id
@@ -48,6 +48,7 @@ module ThreeScaleToolbox
             default_service_settings.tap do |svc|
               svc['name'] = service_name
               svc['description'] = service_description
+              svc['backend_version'] = backend_version
             end
           end
@@ -62,6 +63,10 @@ module ThreeScaleToolbox
           def service_description
             api_spec.description
           end
+          def backend_version
+            api_spec.backend_version
+          end
         end
       end
     end

data/lib/3scale_toolbox/commands/import_command/openapi/method.rb CHANGED Viewed

@@ -16,7 +16,7 @@ module ThreeScaleToolbox
           end
           def system_name
-            friendly_name.downcase
+            friendly_name.downcase.gsub(/[^\w]/, '_')
           end
           def operation_id

data/lib/3scale_toolbox/commands/import_command/openapi/resource_reader.rb CHANGED Viewed

@@ -13,6 +13,8 @@ module ThreeScaleToolbox
           def load_resource(resource)
             # Json format is parsed as well
             YAML.safe_load(read_content(resource))
+          rescue Psych::SyntaxError => e
+            raise ThreeScaleToolbox::Error, "JSON/YAML validation failed: #{e.message}"
           end
           ##

data/lib/3scale_toolbox/commands/import_command/openapi/step.rb CHANGED Viewed

@@ -46,6 +46,18 @@ module ThreeScaleToolbox
           def system_name_already_taken_error?(error)
             Array(Hash(error)['system_name']).any? { |msg| msg.match(/has already been taken/) }
           end
+          def security
+            api_spec.security
+          end
+          def oidc_issuer_endpoint
+            context[:oidc_issuer_endpoint]
+          end
+          def default_credentials_userkey
+            context[:default_credentials_userkey]
+          end
         end
       end
     end

data/lib/3scale_toolbox/commands/import_command/openapi/threescale_api_spec.rb CHANGED Viewed

@@ -17,15 +17,50 @@ module ThreeScaleToolbox
             openapi.info.description
           end
+          def host
+            openapi.host
+          end
+          def schemes
+            Array(openapi.schemes)
+          end
+          def backend_version
+            # default authentication mode if no security requirement
+            return '1' if security.nil?
+            case security.type
+            when 'oauth2'
+              'oidc'
+            when 'apiKey'
+              '1'
+            else
+              raise ThreeScaleToolbox::Error, "Unexpected security scheme type #{security.type}"
+            end
+          end
+          def security
+            @security ||= parse_security
+          end
           def operations
             openapi.operations.map do |op|
               Operation.new(
                 path: "#{openapi.base_path}#{op.path}",
                 verb: op.verb,
-                operationId: op.operationId
+                operationId: op.operation_id
               )
             end
           end
+          private
+          def parse_security
+            raise ThreeScaleToolbox::Error, 'Invalid OAS: multiple security requirements' \
+              if openapi.global_security_requirements.size > 1
+            openapi.global_security_requirements.first
+          end
         end
       end
     end

data/lib/3scale_toolbox/commands/import_command/openapi/update_policies_step.rb ADDED Viewed

@@ -0,0 +1,89 @@
+module ThreeScaleToolbox
+  module Commands
+    module ImportCommand
+      module OpenAPI
+        class UpdatePoliciesStep
+          include Step
+          ##
+          # Updates Proxy Policies config
+          def call
+            # to be idempotent, we must read first
+            source_policies_settings = service.policies
+            # shallow copy
+            # to detect policies_settings changes, should only be updated setting objects
+            # do not update in-place, otherwise changes will not be detected
+            policies_settings = source_policies_settings.dup
+            add_anonymous_access_policy(policies_settings)
+            add_rh_sso_keycloak_role_check_policy(policies_settings)
+            return if source_policies_settings == policies_settings
+            res = service.update_policies('policies_config' => policies_settings)
+            if res.is_a?(Hash) && (errors = res['errors'])
+              raise ThreeScaleToolbox::Error, "Service policies have not been updated. #{errors}"
+            end
+            puts 'Service policies updated'
+          end
+          private
+          def add_anonymous_access_policy(policies)
+            # only on 'open api' security req
+            return unless security.nil?
+            return if policies.any? { |policy| policy['name'] == 'default_credentials' }
+            # Anonymous policy should be before apicast policy
+            # hence, adding as a first element
+            policies.insert(0, anonymous_policy)
+          end
+          def anonymous_policy
+            raise ThreeScaleToolbox::Error, 'User key must be provided by ' \
+              '--default-credentials-userkey optional param' \
+              if default_credentials_userkey.nil?
+            {
+              'name': 'default_credentials',
+              'version': 'builtin',
+              'configuration': {
+                'auth_type': 'user_key',
+                'user_key': default_credentials_userkey
+              },
+              'enabled': true
+            }
+          end
+          def add_rh_sso_keycloak_role_check_policy(policies)
+            # only applies to oauth2 sec type
+            return if security.nil? || security.type != 'oauth2'
+            return if policies.any? { |policy| policy['name'] == 'keycloak_role_check' }
+            policies << keycloak_policy
+          end
+          def keycloak_policy
+            {
+              'name': 'keycloak_role_check',
+              'version': 'builtin',
+              'configuration': {
+                'type': 'whitelist',
+                'scopes': [
+                  {
+                    'realm_roles': [],
+                    'client_roles': security.scopes.map { |scope| { 'name': scope } }
+                  }
+                ]
+              },
+              'enabled': true
+            }
+          end
+        end
+      end
+    end
+  end
+end