aptible-cli 0.25.0 → 0.26.2

data/lib/aptible/cli/helpers/aws_account.rb

@@ -0,0 +1,158 @@
+# frozen_string_literal: true
+
+require 'aptible/api'
+
+module Aptible
+  module CLI
+    module Helpers
+      module AwsAccount
+        include Helpers::Token
+
+        def aws_accounts_href
+          if Renderer.format == 'json'
+            '/external_aws_accounts'
+          else
+            '/external_aws_accounts?per_page=5000&no_embed=true'
+          end
+        end
+
+        def aws_accounts_all
+          Aptible::Api::ExternalAwsAccount.all(
+            token: fetch_token,
+            href: aws_accounts_href
+          )
+        end
+
+        def aws_account_from_id(id)
+          Aptible::Api::ExternalAwsAccount.find(id.to_s, token: fetch_token)
+        end
+
+        def ensure_external_aws_account(id)
+          acct = aws_account_from_id(id)
+          if acct.nil?
+            raise Thor::Error, "External AWS account not found: #{id}"
+          end
+
+          acct
+        end
+
+        def fetch_organization_id
+          orgs = Aptible::Auth::Organization.all(token: fetch_token)
+          raise Thor::Error, 'No organizations found, specify one with ' \
+                             '--organization-id=ORG_ID' if orgs.empty?
+          raise Thor::Error, 'Multiple organizations found, indicate which ' \
+                             'one to use with --organization-id=ORG_ID ' \
+                             "\n\tFound organization ids:" \
+                             "\n\t\t#{orgs.map do |o|
+                               "#{o.id} (#{o.name})"
+                             end.join("\n\t\t")}" \
+                             if orgs.count > 1
+
+          orgs.first.id
+        end
+
+        def organization_id_from_opts_or_auth(options)
+          return options[:organization_id] if options.key? :organization_id
+
+          fetch_organization_id
+        end
+
+        def build_external_aws_account_attrs(options)
+          discovery_role_arn = if options[:remove_discovery_role_arn]
+                                 ''
+                               else
+                                 options[:discovery_role_arn]
+                               end
+          discovery_enabled = if options.key?(:discovery_enabled)
+                                options[:discovery_enabled]
+                              end
+          attrs = {
+            account_name: options[:account_name] || options[:name],
+            aws_account_id: options[:aws_account_id],
+            aws_region_primary: options[:aws_region_primary],
+            status: options[:status],
+            discovery_enabled: discovery_enabled,
+            discovery_role_arn: discovery_role_arn,
+            discovery_frequency: options[:discovery_frequency]
+          }
+          attrs.reject { |_, v| v.nil? }
+        end
+
+        def create_external_aws_account!(options)
+          attrs = build_external_aws_account_attrs(options)
+          attrs[:organization_id] = organization_id_from_opts_or_auth(options)
+          begin
+            resource = Aptible::Api::ExternalAwsAccount.create(
+              token: fetch_token,
+              **attrs
+            )
+            if resource.errors.any?
+              raise Thor::Error, resource.errors.full_messages.first
+            end
+            resource
+          rescue HyperResource::ClientError => e
+            raise Thor::Error, e.message
+          end
+        end
+
+        def update_external_aws_account!(id, options)
+          ext = ensure_external_aws_account(id)
+          attrs = build_external_aws_account_attrs(options)
+          begin
+            unless attrs.empty?
+              ext.update!(**attrs)
+              if ext.errors.any?
+                raise Thor::Error, ext.errors.full_messages.first
+              end
+            end
+            ext
+          rescue HyperResource::ClientError => e
+            raise Thor::Error, e.message
+          end
+        end
+
+        def delete_external_aws_account!(id)
+          ext = ensure_external_aws_account(id)
+          begin
+            if ext.respond_to?(:destroy!)
+              ext.destroy!
+            elsif ext.respond_to?(:destroy)
+              ext.destroy
+            elsif ext.respond_to?(:delete!)
+              ext.delete!
+            elsif ext.respond_to?(:delete)
+              ext.delete
+            else
+              raise Thor::Error, 'Delete is not supported for this resource'
+            end
+          rescue HyperResource::ClientError => e
+            raise Thor::Error, e.message
+          end
+          true
+        end
+
+        def check_external_aws_account!(id)
+          ext = ensure_external_aws_account(id)
+          begin
+            ext.check!
+          rescue HyperResource::ClientError => e
+            raise Thor::Error, e.message
+          end
+        end
+
+        def format_check_state(state)
+          case state
+          when 'success'
+            '✅ success'
+          when 'failed'
+            '❌ failed'
+          when 'not_run'
+            '⏭️  not_run'
+          else
+            state
+          end
+        end
+      end
+    end
+  end
+end

data/lib/aptible/cli/helpers/database.rb

@@ -8,6 +8,23 @@ module Aptible
         include Helpers::Environment
         include Helpers::Ssh
 
+        # RdsDatabase is a translation struct so the same renderer can be
+        # used for external_aws_resource as those for databases
+        RdsDatabase = Struct.new(:handle, :id, :created_at, :raw)
+        # MockRdsDatabaseAccountShell - there is no direct 1:1 mapping
+        # between accounts and external_aws_resources. Since this is
+        # coerced via app_external_aws_rds_connections, we use this
+        # struct to stub out those that are not found to be attached to
+        # any apps.
+        MockRdsDatabaseAccountShell = Struct.new(
+          :handle,
+          :id,
+          :created_at
+        )
+        # using an ID that cannot be hit for visual segregation of
+        # unattached databases
+        UNATTACHED_RDS_ACCOUNT_ID = -9999
+
         def ensure_database(options = {})
           db_handle = options[:db]
           environment_handle = options[:environment]
@@ -46,6 +63,83 @@ module Aptible
           )
         end
 
+        def aws_rds_db?(handle)
+          handle.start_with? 'aws:rds::'
+        end
+
+        def external_rds_databases_map
+          external_rds_databases_all.map { |rds| [rds[:id], rds] }.to_h
+        end
+
+        def fetch_rds_databases_with_accounts
+          rds_map = external_rds_databases_map
+          accts_rds_map = accounts_external_rds_databases_map(rds_map)
+          [rds_map, accts_rds_map]
+        end
+
+        def accounts_external_rds_databases_map(rds_map)
+          return {} if rds_map.empty?
+
+          map_of_accounts_to_rds(rds_map)
+        end
+
+        def map_of_accounts_to_rds(rds_map)
+          # one rds db can be on multiple accounts
+          accts_rds_map = {}
+          rds_map.each_value do |db|
+            account = derive_account_from_conns(db)
+            next if account.nil?
+
+            accts_rds_map[account.id] = [] if accts_rds_map[account.id].nil?
+            accts_rds_map[account.id] << db
+          end
+          accts_rds_map
+        end
+
+        def rds_shell_account
+          MockRdsDatabaseAccountShell.new(
+            'unattached rds databases',
+            UNATTACHED_RDS_ACCOUNT_ID
+          )
+        end
+
+        def external_rds_databases_all
+          Aptible::Api::ExternalAwsResource
+            .all(
+              token: fetch_token
+            )
+            .select { |db| db.resource_type == 'aws_rds_db_instance' }
+            .map do |db|
+              RdsDatabase.new(
+                "aws:rds::#{db.resource_name}",
+                db.id,
+                db.created_at,
+                db
+              )
+            end
+        end
+
+        def derive_account_from_conns(db, preferred_acct = nil)
+          conns = db.raw.app_external_aws_rds_connections
+          return nil if conns.empty?
+
+          if preferred_acct.present?
+            valid_conns = conns.find do |conn|
+              conn.present? && conn.app.account.id == preferred_acct.id
+            end
+            return nil if valid_conns.nil?
+            return valid_conns.app.account
+          end
+
+          first_present_conn = conns.find(&:present?)
+          return nil if first_present_conn.nil?
+          first_present_conn.app.account
+        end
+
+        def external_rds_database_from_handle(handle)
+          external_rds_databases_all.find { |a| a.handle == handle }
+        end
+
         def databases_from_handle(handle, environment)
           databases = if environment
                         environment.databases
@@ -90,8 +184,19 @@ module Aptible
 
         # Creates a local tunnel and yields the helper
 
-        def with_local_tunnel(credential, port = 0)
-          op = credential.create_operation!(type: 'tunnel', status: 'succeeded')
+        def with_local_tunnel(credential, port = 0, target_account = nil)
+          op = if target_account.nil?
+                 credential.create_operation!(
+                   type: 'tunnel',
+                   status: 'succeeded'
+                 )
+               else
+                 credential.create_operation!(
+                   type: 'tunnel',
+                   status: 'succeeded',
+                   destination_account: target_account.id
+                 )
+               end
 
           with_ssh_cmd(op) do |base_ssh_cmd, ssh_credential|
             ssh_cmd = base_ssh_cmd + ['-o', 'SendEnv=ACCESS_TOKEN']
@@ -106,6 +211,72 @@ module Aptible
           end
         end
 
+        def with_rds_tunnel(handle, port = 0)
+          external_rds = external_rds_database_from_handle(handle)
+          if external_rds.nil?
+            raise Thor::Error, "No rds db found with handle #{handle}"
+          end
+
+          credential = external_rds.raw.external_aws_database_credentials.first
+          if credential.nil?
+            raise Thor::Error, 'No rds credential found with handle ' \
+                               "#{handle}. Check to see if you have run " \
+                               'db:attach or a scan has properly completed.'
+          end
+
+          target_account = derive_account_from_conns(external_rds)
+          if target_account.nil?
+            raise Thor::Error,
+                  "No env for rds found with handle #{handle}. Check to see " \
+                  'if you have run db:attach or a scan has properly completed.'
+          end
+
+          with_local_tunnel(credential, port, target_account) do |tunnel_helper|
+            url = local_rds_url(credential, tunnel_helper.port, target_account)
+            yield url, tunnel_helper
+          end
+        end
+
+        def use_rds_tunnel(handle, port)
+          with_rds_tunnel(handle, port) do |url, tunnel_helper|
+            CLI.logger.info "Connect at #{url}"
+
+            uri = URI(url)
+            db = uri.path.gsub(%r{^/}, '')
+            CLI.logger.info 'Or, use the following arguments:'
+            CLI.logger.info "* Host: #{uri.host}"
+            CLI.logger.info "* Port: #{uri.port}"
+            CLI.logger.info "* Username: #{uri.user}" unless uri.user.empty?
+            CLI.logger.info "* Password: #{uri.password}"
+            CLI.logger.info "* Database: #{db}" unless db.empty?
+
+            CLI.logger.info 'Connected. Ctrl-C to close connection.'
+
+            begin
+              tunnel_helper.wait
+            rescue Interrupt
+              CLI.logger.warn 'Closing tunnel'
+            end
+          end
+        end
+
+        def use_rds_dump(handle, filename, dump_options)
+          with_rds_tunnel(handle) do |url|
+            CLI.logger.info "Dumping to #{filename}"
+            `pg_dump #{url} #{dump_options.shelljoin} > #{filename}`
+            exit $CHILD_STATUS.exitstatus unless $CHILD_STATUS.success?
+          end
+        end
+
+        def use_rds_execute(handle, sql_path, options)
+          with_rds_tunnel(handle) do |url|
+            CLI.logger.info "Executing #{sql_path} against #{handle}"
+            args = options[:on_error_stop] ? '-v ON_ERROR_STOP=true ' : ''
+            `psql #{args}#{url} < #{sql_path}`
+            exit $CHILD_STATUS.exitstatus unless $CHILD_STATUS.success?
+          end
+        end
+
         # Creates a local PG tunnel and yields the url to it
 
         def with_postgres_tunnel(database)
@@ -120,6 +291,15 @@ module Aptible
           end
         end
 
+        def local_rds_url(credential, local_port, forced_account)
+          remote_url = credential.connection_url
+
+          uri = URI.parse(remote_url)
+          domain = forced_account.stack.internal_domain
+          "#{uri.scheme}://#{uri.user}:#{uri.password}@" \
+          "localhost.#{domain}:#{local_port}#{uri.path}"
+        end
+
         def local_url(credential, local_port)
           remote_url = credential.connection_url
 

data/lib/aptible/cli/helpers/token.rb

@@ -52,6 +52,20 @@ module Aptible
           tok = fetch_token
           JWT.decode(tok, nil, false)
         end
+
+        # Instance of Aptible::Auth::Token from current token
+        def current_token
+          Aptible::Auth::Token.current_token(token: fetch_token)
+        rescue HyperResource::ClientError => e
+          raise Thor::Error, e.message
+        end
+
+        # Instance of Aptible::Auth::User associated with current token
+        def whoami
+          current_token.user
+        rescue HyperResource::ClientError => e
+          raise Thor::Error, e.message
+        end
       end
     end
   end

data/lib/aptible/cli/renderer/text.rb

@@ -32,8 +32,14 @@ module Aptible
             # children are KeyedObject instances so they can render properly,
             # but we need to warn in tests that this is required.
             node.children.each_pair do |k, c|
-              io.print "#{format_key(k)}: "
-              visit(c, io)
+              io.print "#{format_key(k)}:"
+              if c.is_a?(Formatter::List)
+                io.puts
+                visit_indented(c, io, '  ')
+              else
+                io.print ' '
+                visit(c, io)
+              end
             end
           when Formatter::GroupedKeyedList
             enum = spacer_enumerator
@@ -65,6 +71,31 @@ module Aptible
 
         private
 
+        def visit_indented(node, io, indent)
+          return unless node.is_a?(Formatter::List)
+
+          node.children.each do |child|
+            case child
+            when Formatter::Object
+              child.children.each_pair do |k, c|
+                io.print "#{indent}#{format_key(k)}:"
+                if c.is_a?(Formatter::List)
+                  io.puts
+                  visit_indented(c, io, indent + '  ')
+                else
+                  io.print ' '
+                  visit(c, io)
+                end
+              end
+              io.puts unless child == node.children.last
+            when Formatter::Value
+              io.puts "#{indent}#{child.value}"
+            else
+              visit(child, io)
+            end
+          end
+        end
+
         def output_list(nodes, io)
           if nodes.all? { |v| v.is_a?(Formatter::Value) }
             # All nodes are single values, so we render one per line.

data/lib/aptible/cli/resource_formatter.rb

@@ -203,8 +203,8 @@ module Aptible
             node.value('type', 'https')
             node.value('port', port)
             node.value('load_balancing_algorithm_type', vhost
-                        .load_balancing_algorithm_type)
-            node.value('shared', vhost.shared)
+                        .load_balancing_algorithm_type || 'round_robin')
+            node.value('shared', vhost.shared || 'false')
           end
 
           node.value('internal', vhost.internal)

data/lib/aptible/cli/subcommands/apps.rb

@@ -65,7 +65,7 @@ module Aptible
               end
             end
 
-            desc 'apps:scale SERVICE ' \
+            desc 'apps:scale [--app APP] SERVICE ' \
                  '[--container-count COUNT] [--container-size SIZE_MB] ' \
                  '[--container-profile PROFILE]',
                  'Scale a service'
@@ -107,7 +107,7 @@ module Aptible
               attach_to_operation_logs(op)
             end
 
-            desc 'apps:deprovision', 'Deprovision an app'
+            desc 'apps:deprovision [--app APP]', 'Deprovision an app'
             app_options
             define_method 'apps:deprovision' do
               telemetry(__method__, options)