3scale_toolbox 0.8.0 → 0.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 15a0f5fc1496d1414d2e5a940b1d08d8834dfc23a226f7c3a6d17d3014f1042f
-  data.tar.gz: e09c49ae0c9023757c2cf22dd2c10a61d009337a67aca4d8080ae2fb7a65eb2d
+  metadata.gz: f2de44dc4f50140aaa326b714441c8590eb728f520835905091048911e2cd210
+  data.tar.gz: '008edc2978180ab0bda597b545b2c25f09712be036f1b372e6ae6f5c1c83df3e'
 SHA512:
-  metadata.gz: dd16657b1d83f114fdaf3d4b0ad1fd39fc08ab3a267e441b332333d22933e620cb7bd1cad48de66711594a9c10fcee8bed894e0b03170baaf6cfee53d7decfd5
-  data.tar.gz: 16838e3a0c469ed68f4064babce60fe207d77a06c8f869035115422a1d461360da3f2237fd45c6f31d0cd62602646254f4ed2b6a5b25546e318a2afa85e2732a
+  metadata.gz: 6db32b4a58ba23a8c0a1902ccf9002812effdefa6946e98883e748406e05c905a075ac13798fbed58461df834c419a4ad66b4c836edf02b510eb61cd8c7770fd
+  data.tar.gz: 3eba10df0a824a07d9edd63a88fa7896c1c5fcce7a43dc9e5aefcdb71d955053e858ef6f100319aea53c5a197b38ad0c047232e48c0e993b756ebca280894f08

data/README.md

@@ -15,6 +15,8 @@ See the LICENSE and NOTICE files that should have been provided along with this
    * [Update a service](#update-a-service)
    * [Import from CSV](#import-from-csv)
    * [Import from OpenAPI definition](#import-openapi)
+   * [Export/Import Application Plan](#export-import-application-plan)
+   * Create, Apply, List, Show, Delete [Application plan](docs/app-plan.md)
    * [Remotes](#remotes)
 * [Development](#development)
    * [Testing](#testing)
@@ -50,11 +52,12 @@ COMMANDS
 
 OPTIONS
     -c --config-file=<value>      3scale toolbox configuration file (default:
-                                  /home/eguzki/.3scalerc.yaml)
+                                  $HOME/.3scalerc.yaml)
     -h --help                     show help for this command
     -k --insecure                 Proceed and operate even for server
                                   connections otherwise considered insecure
     -v --version                  Prints the version of this command
+       --verbose                  Verbose mode
 ```
 
 ### Copy a service
@@ -91,6 +94,7 @@ OPTIONS FOR COPY
                                          connections otherwise considered
                                          insecure
     -v --version                         Prints the version of this command
+       --verbose                         Verbose mode
 ```
 
 ```shell
@@ -131,6 +135,7 @@ OPTIONS FOR UPDATE
     -k --insecure                 Proceed and operate even for server
                                   connections otherwise considered insecure
     -v --version                  Prints the version of this command
+       --verbose                  Verbose mode
 ```
 
 Example:
@@ -182,6 +187,7 @@ OPTIONS FOR IMPORT
     -k --insecure                 Proceed and operate even for server
                                   connections otherwise considered insecure
     -v --version                  Prints the version of this command
+       --verbose                  Verbose mode
 ```
 
 Example:
@@ -198,6 +204,12 @@ Currently, only OpenAPI __2.0__ specification (f.k.a. __swagger__) is supported.
 
 [Import from OpenAPI](docs/openapi.md)
 
+### Export Import Application Plan
+
+A single application plan can be exported/imported as `yaml` format.
+
+[Export/Import Application Plan](docs/export-import-app-plan.md)
+
 ### Remotes
 
 Manage set of 3scale instances.

data/lib/3scale_toolbox/cli/error_handler.rb

@@ -1,5 +1,3 @@
-require 'json'
-
 module ThreeScaleToolbox
   module CLI
     class ErrorHandler

data/lib/3scale_toolbox/commands/3scale_command.rb

@@ -1,7 +1,3 @@
-require 'cri'
-require '3scale_toolbox/version'
-require '3scale_toolbox/base_command'
-
 module ThreeScaleToolbox
   module Commands
     module ThreeScaleCommand

data/lib/3scale_toolbox/commands/copy_command/copy_service.rb

@@ -1,6 +1,3 @@
-require 'cri'
-require '3scale_toolbox/base_command'
-
 module ThreeScaleToolbox
   module Commands
     module CopyCommand
@@ -33,7 +30,6 @@ module ThreeScaleToolbox
           puts "new service id #{target_service.id}"
           context = create_context(source_service, target_service)
           tasks = [
-            Tasks::CopyServiceProxyTask.new(context),
             Tasks::CopyMethodsTask.new(context),
             Tasks::CopyMetricsTask.new(context),
             Tasks::CopyApplicationPlansTask.new(context),
@@ -43,6 +39,11 @@ module ThreeScaleToolbox
             Tasks::CopyPoliciesTask.new(context),
             Tasks::CopyPricingRulesTask.new(context),
             Tasks::CopyActiveDocsTask.new(context),
+            # Copy proxy must be the last task
+            # Proxy update is the mechanism to increase version of the proxy,
+            # Hence propagating (mapping rules, poicies, oidc, auth) update to
+            # latest proxy config, making available to gateway.
+            Tasks::CopyServiceProxyTask.new(context),
           ]
           tasks.each(&:call)
         end

data/lib/3scale_toolbox/commands/copy_command.rb

@@ -1,5 +1,3 @@
-require 'cri'
-require '3scale_toolbox/base_command'
 require '3scale_toolbox/commands/copy_command/copy_service'
 
 module ThreeScaleToolbox

data/lib/3scale_toolbox/commands/help_command.rb

@@ -1,6 +1,3 @@
-require 'cri'
-require '3scale_toolbox/base_command'
-
 module ThreeScaleToolbox
   module Commands
     module HelpCommand

data/lib/3scale_toolbox/commands/import_command/import_csv.rb

@@ -1,9 +1,3 @@
-require 'cri'
-require 'uri'
-require 'csv'
-require '3scale/api'
-require '3scale_toolbox/base_command'
-
 module ThreeScaleToolbox
   module Commands
     module ImportCommand

data/lib/3scale_toolbox/commands/import_command/openapi/create_activedocs_step.rb

@@ -10,7 +10,7 @@ module ThreeScaleToolbox
               name: api_spec.title,
               system_name: activedocs_system_name,
               service_id: service.id,
-              body: JSON.pretty_generate(resource),
+              body: JSON.pretty_generate(rewritten_openapi),
               description: api_spec.description,
               published: context[:activedocs_published],
               skip_swagger_validations: context[:skip_openapi_validation]
@@ -20,7 +20,7 @@ module ThreeScaleToolbox
             # Make operation indempotent
             if (errors = res['errors'])
               raise ThreeScaleToolbox::Error, "ActiveDocs has not been created. #{errors}" \
-                unless system_name_already_taken_error? errors
+                unless ThreeScaleToolbox::Helper.system_name_already_taken_error? errors
 
               # if activedocs system_name exists, ignore error, update activedocs
               puts 'Activedocs exists, update!'
@@ -47,6 +47,43 @@ module ThreeScaleToolbox
               activedoc['system_name'] == activedocs_system_name
             end
           end
+
+          def rewritten_openapi
+            # Updates on copy
+            # Other processing steps can work with original openapi spec
+            Helper.hash_deep_dup(resource).tap do |activedocs|
+              # public production base URL
+              URI(service.show_proxy.fetch('endpoint')).tap do |uri|
+                activedocs['host'] = "#{uri.host}:#{uri.port}"
+                activedocs['schemes'] = [uri.scheme]
+              end
+
+              # the basePath field is updated to a new value only when overriden by optional param
+              activedocs['basePath'] = api_spec.public_base_path
+
+              # security definitions
+              # just valid for oauth2 when oidc_issuer_endpoint is supplied
+              if !security.nil? && security.type == 'oauth2' && !oidc_issuer_endpoint.nil?
+                # authorizationURL
+                if %w[implicit accessCode].include?(security.flow)
+                  activedocs['securityDefinitions'][security.id]['authorizationUrl'] = authorization_url
+                end
+
+                # tokenUrl
+                if %w[password application accessCode].include?(security.flow)
+                  activedocs['securityDefinitions'][security.id]['tokenUrl'] = token_url
+                end
+              end
+            end
+          end
+
+          def authorization_url
+            "#{oidc_issuer_endpoint}/protocol/openid-connect/auth"
+          end
+
+          def token_url
+            "#{oidc_issuer_endpoint}/protocol/openid-connect/token"
+          end
         end
       end
     end

data/lib/3scale_toolbox/commands/import_command/openapi/create_method_step.rb

@@ -14,7 +14,7 @@ module ThreeScaleToolbox
               # Make operation indempotent
               if (errors = res['errors'])
                 raise ThreeScaleToolbox::Error, "Metohd has not been saved. #{errors}" \
-                  unless system_name_already_taken_error? errors
+                  unless ThreeScaleToolbox::Helper.system_name_already_taken_error? errors
 
                 metric_id = method_id_by_system_name[op.method['system_name']]
               end

data/lib/3scale_toolbox/commands/import_command/openapi/create_service_step.rb

@@ -18,7 +18,11 @@ module ThreeScaleToolbox
             raise unless e.message =~ /"system_name"=>\["has already been taken"\]/
 
             # Update service and update context
-            self.service = Entities::Service.new(id: service_id, remote: threescale_client)
+            self.service = Entities::Service.find_by_system_name(remote: threescale_client,
+                                                                 system_name: service_system_name)
+            # It should exist
+            raise ThreeScaleToolbox::Error, "Service with system_name: #{service_system_name}, should exist" if service.nil?
+
             service.update_service(service_settings)
             puts "Updated service id: #{service.id}, name: #{service_name}"
           end
@@ -29,21 +33,6 @@ module ThreeScaleToolbox
             target_system_name || service_name.downcase.gsub(/[^\w]/, '_')
           end
 
-          def service_id
-            @service_id ||= fetch_service_id
-          end
-
-          def fetch_service_id
-            # figure out service by system_name
-            service_found = threescale_client.list_services.find do |svc|
-              svc['system_name'] == service_system_name
-            end
-            # It should exist
-            raise ThreeScaleToolbox::Error, "Service with system_name: #{service_system_name}, should exist" if service_found.nil?
-
-            service_found['id']
-          end
-
           def service_settings
             default_service_settings.tap do |svc|
               svc['name'] = service_name

data/lib/3scale_toolbox/commands/import_command/openapi/mapping_rule.rb

@@ -18,7 +18,17 @@ module ThreeScaleToolbox
 
           def pattern
             # apply strict matching
-            operation[:path] + '$'
+            "#{raw_pattern}$"
+          end
+
+          def raw_pattern
+            # According OAS 2.0: path MUST begin with a slash
+            "#{public_base_path}#{operation[:path]}"
+          end
+
+          def public_base_path
+            # remove the last slash of the basePath
+            operation[:public_base_path].gsub(%r{/$}, '')
           end
 
           def delta

data/lib/3scale_toolbox/commands/import_command/openapi/step.rb

@@ -43,9 +43,6 @@ module ThreeScaleToolbox
             context[:api_spec_resource]
           end
 
-          def system_name_already_taken_error?(error)
-            Array(Hash(error)['system_name']).any? { |msg| msg.match(/has already been taken/) }
-          end
 
           def security
             api_spec.security
@@ -58,6 +55,10 @@ module ThreeScaleToolbox
           def default_credentials_userkey
             context[:default_credentials_userkey]
           end
+
+          def override_private_basepath
+            context[:override_private_basepath]
+          end
         end
       end
     end

data/lib/3scale_toolbox/commands/import_command/openapi/threescale_api_spec.rb

@@ -5,8 +5,9 @@ module ThreeScaleToolbox
         class ThreeScaleApiSpec
           attr_reader :openapi
 
-          def initialize(openapi)
+          def initialize(openapi, base_path = nil)
             @openapi = openapi
+            @base_path = base_path
           end
 
           def title
@@ -46,13 +47,23 @@ module ThreeScaleToolbox
           def operations
             openapi.operations.map do |op|
               Operation.new(
-                path: "#{openapi.base_path}#{op.path}",
+                base_path: base_path,
+                public_base_path: public_base_path,
+                path: op.path,
                 verb: op.verb,
                 operationId: op.operation_id
               )
             end
           end
 
+          def public_base_path
+            @base_path || base_path
+          end
+
+          def base_path
+            openapi.base_path || '/'
+          end
+
           private
 
           def parse_security

data/lib/3scale_toolbox/commands/import_command/openapi/update_policies_step.rb

@@ -17,6 +17,7 @@ module ThreeScaleToolbox
 
             add_anonymous_access_policy(policies_settings)
             add_rh_sso_keycloak_role_check_policy(policies_settings)
+            add_url_rewritting_policy(policies_settings)
 
             return if source_policies_settings == policies_settings
 
@@ -47,13 +48,13 @@ module ThreeScaleToolbox
               if default_credentials_userkey.nil?
 
             {
-              'name': 'default_credentials',
-              'version': 'builtin',
-              'configuration': {
-                'auth_type': 'user_key',
-                'user_key': default_credentials_userkey
+              name: 'default_credentials',
+              version: 'builtin',
+              configuration: {
+                auth_type: 'user_key',
+                user_key: default_credentials_userkey
               },
-              'enabled': true
+              enabled: true
             }
           end
 
@@ -68,20 +69,68 @@ module ThreeScaleToolbox
 
           def keycloak_policy
             {
-              'name': 'keycloak_role_check',
-              'version': 'builtin',
-              'configuration': {
-                'type': 'whitelist',
-                'scopes': [
+              name: 'keycloak_role_check',
+              version: 'builtin',
+              configuration: {
+                type: 'whitelist',
+                scopes: [
                   {
-                    'realm_roles': [],
-                    'client_roles': security.scopes.map { |scope| { 'name': scope } }
+                    realm_roles: [],
+                    client_roles: security.scopes.map { |scope| { 'name': scope } }
                   }
                 ]
               },
-              'enabled': true
+              enabled: true
             }
           end
+
+          def add_url_rewritting_policy(policies)
+            return if private_base_path == api_spec.public_base_path
+
+            url_rewritting_policy_idx = policies.find_index do |policy|
+              policy['name'] == 'url_rewriting'
+            end
+
+            if url_rewritting_policy_idx.nil?
+              policies << url_rewritting_policy
+            else
+              policies[url_rewritting_policy_idx] = url_rewritting_policy
+            end
+          end
+
+          def private_base_path
+            override_private_basepath || api_spec.base_path
+          end
+
+          def url_rewritting_policy
+            regex = url_rewritting_policy_regex
+            replace = url_rewritting_policy_replace
+            # If regex has a / at the end, replace must have a / at the end
+            replace.concat('/') if regex.end_with?('/') && !replace.end_with?('/')
+
+            {
+              name: 'url_rewriting',
+              version: 'builtin',
+              configuration: {
+                commands: [
+                  {
+                    op: 'sub',
+                    regex: regex,
+                    replace: replace
+                  }
+                ]
+              },
+              enabled: true
+            }
+          end
+
+          def url_rewritting_policy_regex
+            "^#{api_spec.public_base_path}"
+          end
+
+          def url_rewritting_policy_replace
+            "#{private_base_path}"
+          end
         end
       end
     end

data/lib/3scale_toolbox/commands/import_command/openapi/update_service_proxy_step.rb

@@ -9,13 +9,16 @@ module ThreeScaleToolbox
           # Updates Proxy config
           def call
             # setting required attrs, operation is idempotent
-            proxy_settings = {}
+            proxy_settings = {
+              # Adding harmless attribute to avoid empty body
+              # update_proxy cannot be done with empty body
+              # and must be done to increase proxy version
+              service_id: service.id
+            }
 
             add_api_backend_settings(proxy_settings)
             add_security_proxy_settings(proxy_settings)
 
-            return unless proxy_settings.size.positive?
-
             res = service.update_proxy proxy_settings
             if (errors = res['errors'])
               raise ThreeScaleToolbox::Error, "Service proxy has not been updated. #{errors}"

data/lib/3scale_toolbox/commands/import_command/openapi.rb

@@ -2,7 +2,6 @@ require '3scale_toolbox/commands/import_command/openapi/method'
 require '3scale_toolbox/commands/import_command/openapi/mapping_rule'
 require '3scale_toolbox/commands/import_command/openapi/operation'
 require '3scale_toolbox/commands/import_command/openapi/step'
-require '3scale_toolbox/commands/import_command/openapi/resource_reader'
 require '3scale_toolbox/commands/import_command/openapi/threescale_api_spec'
 require '3scale_toolbox/commands/import_command/openapi/create_method_step'
 require '3scale_toolbox/commands/import_command/openapi/create_mapping_rule_step'
@@ -18,7 +17,7 @@ module ThreeScaleToolbox
       module OpenAPI
         class OpenAPISubcommand < Cri::CommandRunner
           include ThreeScaleToolbox::Command
-          include ResourceReader
+          include ThreeScaleToolbox::ResourceReader
 
           def self.command
             Cri::Command.define do
@@ -33,6 +32,8 @@ module ThreeScaleToolbox
               flag    nil, 'skip-openapi-validation', 'Skip OpenAPI schema validation'
               option  nil, 'oidc-issuer-endpoint', 'OIDC Issuer Endpoint', argument: :required
               option  nil, 'default-credentials-userkey', 'Default credentials policy userkey', argument: :required
+              option  nil, 'override-private-basepath', 'Override the basepath for the public URLs', argument: :required
+              option  nil, 'override-public-basepath', 'Override the basepath for the private URLs', argument: :required
               param   :openapi_resource
 
               runner OpenAPISubcommand
@@ -46,9 +47,13 @@ module ThreeScaleToolbox
             tasks << ThreeScaleToolbox::Tasks::DestroyMappingRulesTask.new(context)
             tasks << CreateMappingRulesStep.new(context)
             tasks << CreateActiveDocsStep.new(context)
-            tasks << UpdateServiceProxyStep.new(context)
             tasks << UpdateServiceOidcConfStep.new(context)
             tasks << UpdatePoliciesStep.new(context)
+            # Update proxy must be the last step
+            # Proxy update is the mechanism to increase version of the proxy,
+            # Hence propagating (mapping rules, poicies, oidc, auth) update to
+            # latest proxy config, making available to gateway.
+            tasks << UpdateServiceProxyStep.new(context)
 
             # run tasks
             tasks.each(&:call)
@@ -64,13 +69,14 @@ module ThreeScaleToolbox
             openapi_resource = load_resource(arguments[:openapi_resource])
             {
               api_spec_resource: openapi_resource,
-              api_spec: ThreeScaleApiSpec.new(load_openapi(openapi_resource)),
+              api_spec: ThreeScaleApiSpec.new(load_openapi(openapi_resource), options[:'override-public-basepath']),
               threescale_client: threescale_client(fetch_required_option(:destination)),
               target_system_name: options[:target_system_name],
               activedocs_published: !options[:'activedocs-hidden'],
               oidc_issuer_endpoint: options[:'oidc-issuer-endpoint'],
               default_credentials_userkey: options[:'default-credentials-userkey'],
-              skip_openapi_validation: options[:'skip-openapi-validation']
+              skip_openapi_validation: options[:'skip-openapi-validation'],
+              override_private_basepath: options[:'override-private-basepath']
             }
           end
 

data/lib/3scale_toolbox/commands/import_command.rb

@@ -1,5 +1,3 @@
-require 'cri'
-require '3scale_toolbox/base_command'
 require '3scale_toolbox/commands/import_command/import_csv'
 require '3scale_toolbox/commands/import_command/openapi'
 

data/lib/3scale_toolbox/commands/plans_command/apply_command.rb

@@ -0,0 +1,136 @@
+module ThreeScaleToolbox
+  module Commands
+    module PlansCommand
+      module Apply
+        class ApplySubcommand < Cri::CommandRunner
+          include ThreeScaleToolbox::Command
+
+          def self.command
+            Cri::Command.define do
+              name        'apply'
+              usage       'apply [opts] <remote> <service> <plan>'
+              summary     'Update application plan'
+              description 'Update (create if it does not exist) application plan'
+
+              option      :n, :name, 'Plan name', argument: :required
+              flag        nil, :default, 'Make default application plan'
+              flag        nil, :disabled, 'Disables all methods and metrics in this application plan'
+              flag        nil, :enabled, 'Enable application plan'
+              flag        :p, :publish, 'Publish application plan'
+              flag        nil, :hide, 'Hide application plan'
+              option      nil, 'approval-required', 'Applications require approval. true or false', argument: :required, transform: ThreeScaleToolbox::Helper::BooleanTransformer.new
+              option      nil, 'cost-per-month', 'Cost per month', argument: :required, transform: method(:Integer)
+              option      nil, 'setup-fee', 'Setup fee', argument: :required, transform: method(:Integer)
+              option      nil, 'trial-period-days', 'Trial period days', argument: :required, transform: method(:Integer)
+              option      nil, 'end-user-required', 'End user required. true or false', argument: :required, transform: ThreeScaleToolbox::Helper::BooleanTransformer.new
+              param       :remote
+              param       :service_ref
+              param       :plan_ref
+
+              runner ApplySubcommand
+            end
+          end
+
+          def run
+            validate_option_params
+            plan = Entities::ApplicationPlan.find(service: service, ref: plan_ref)
+            if plan.nil?
+              plan = Entities::ApplicationPlan.create(service: service,
+                                                      plan_attrs: create_plan_attrs)
+            else
+              plan.update(plan_attrs) unless plan_attrs.empty?
+            end
+
+            plan.make_default if option_default
+            plan.disable if option_disabled
+            plan.enable if option_enabled
+
+            output_msg_array = ["Applied application plan id: #{plan.id}"]
+            output_msg_array << "Default: #{option_default}"
+            output_msg_array << 'Disabled' if option_disabled
+            output_msg_array << 'Enabled' if option_enabled
+            output_msg_array << 'Published' if option_publish
+            output_msg_array << 'Hidden' if option_hide
+            puts output_msg_array.join('; ')
+          end
+
+          private
+
+          def validate_option_params
+            raise ThreeScaleToolbox::Error, '--disabled and --enabled are mutually exclusive' \
+              if option_enabled && option_disabled
+
+            raise ThreeScaleToolbox::Error, '--publish and --hide are mutually exclusive' \
+              if option_publish && option_hide
+          end
+
+          def create_plan_attrs
+            plan_attrs.merge('system_name' => plan_ref,
+                             'name' => plan_ref) { |_key, oldval, _newval| oldval }
+          end
+
+          def plan_attrs
+            plan_basic_attrs.tap do |params|
+              params['state'] = 'published' if option_publish
+              params['state'] = 'hidden' if option_hide
+            end
+          end
+
+          def plan_basic_attrs
+            {
+              'name' => options[:name],
+              'approval_required' => options[:'approval-required'],
+              'end_user_required' => options[:'end-user-required'],
+              'cost_per_month' => options[:'cost-per-month'],
+              'setup_fee' => options[:'setup-fee'],
+              'trial_period_days' => options[:'trial-period-days']
+            }.compact
+          end
+
+          def option_default
+            !options[:default].nil?
+          end
+
+          def option_enabled
+            !options[:enabled].nil?
+          end
+
+          def option_disabled
+            !options[:disabled].nil?
+          end
+
+          def option_publish
+            !options[:publish].nil?
+          end
+
+          def option_hide
+            !options[:hide].nil?
+          end
+
+          def service
+            @service ||= find_service
+          end
+
+          def find_service
+            Entities::Service.find(remote: remote,
+                                   ref: service_ref).tap do |svc|
+              raise ThreeScaleToolbox::Error, "Service #{service_ref} does not exist" if svc.nil?
+            end
+          end
+
+          def remote
+            @remote ||= threescale_client(arguments[:remote])
+          end
+
+          def service_ref
+            arguments[:service_ref]
+          end
+
+          def plan_ref
+            arguments[:plan_ref]
+          end
+        end
+      end
+    end
+  end
+end