aptible-cli 0.26.2 → 0.26.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 800b50ac57828f37560b0a291a280fbf4e9bbf121b35fd812d662e45ef39bd45
-  data.tar.gz: e0c70006be582d93f6e5648fae3894a481bde9cc9b43042ee399e745790aac95
+  metadata.gz: 13c94bbbfe4b853700fec4e895ab0eebd02f0c5ffcddf6cfd0a597c42f665d37
+  data.tar.gz: c495f4582ca15271799caa1b71a3922c3e5bbaafa692eda9476862465971556e
 SHA512:
-  metadata.gz: 3653523bd6b9f944e5f88128a63c058aee80722288a44f5886393059f8b1ca2f7c506c45a7df06e0794ba75814574e36372ff02c73ee1efcd1c20ee803b1d0a1
-  data.tar.gz: a47e8d8f71c9ac07d5001ad65616ac123884ac97ed5ab151d6d8895564bffffa623e1ef055b32fc3d4d0c661a9e71b72859b84480bde108f645f7ce33252e81f
+  metadata.gz: eb5b9e8adc78ba955f5125ca6c673894fea37fb8dd9a61775b4f44f87b9afc2c7fd9dbf8c645cd380af6fca7f754f03654a139539d9180060c6475544320b864
+  data.tar.gz: d86d87bb3c7d8dd6c57692c63c0592b99f950cd96b8b6bce1038678678a0c983c6b734ef380852b6edb8bb1e4e205fa6938b5045c8d5337f82fd4c40fb5aac2e

data/.rubocop.yml

@@ -0,0 +1,5 @@
+inherit_gem:
+  aptible-tasks: .rubocop.yml
+
+Metrics/LineLength:
+  Max: 120

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    aptible-cli (0.26.2)
+    aptible-cli (0.26.5)
       activesupport (>= 4.0, < 6.0)
       aptible-api (~> 1.12)
       aptible-auth (~> 1.4)

data/lib/aptible/cli/agent.rb

@@ -92,10 +92,13 @@ module Aptible
           level = Logger::WARN
           debug_level = ENV['APTIBLE_DEBUG']
           level = debug_level if debug_level
-          require 'httplog' if ENV['BUNDLER_VERSION'] && \
-                               ENV['APTIBLE_LOG_HTTP_REQUEST_RESPONSE'] && \
-                               !ENV['APTIBLE_LOG_HTTP_REQUEST_RESPONSE'] \
-                               .downcase.start_with?('f')
+          if ENV['BUNDLER_VERSION'] && \
+             ENV['APTIBLE_LOG_HTTP_REQUEST_RESPONSE'] && \
+             !ENV['APTIBLE_LOG_HTTP_REQUEST_RESPONSE'] \
+             .downcase.start_with?('f')
+            require 'httplog'
+            HttpLog.configure { |c| c.log_headers = true }
+          end
           conf.logger.tap { |l| l.level = level }
         end
         warn_sso_enforcement

data/lib/aptible/cli/helpers/app.rb

@@ -110,12 +110,9 @@ module Aptible
             end
           end
 
-          apps = apps_from_handle(s.app_handle, environment)
+          app = app_from_handle(s.app_handle, environment)
 
-          case apps.count
-          when 1
-            return apps.first
-          when 0
+          if app.nil?
             err_bits = ['Could not find app', s.app_handle]
             if environment
               err_bits << 'in environment'
@@ -125,11 +122,9 @@ module Aptible
             end
             err_bits << s.explain
             raise Thor::Error, err_bits.join(' ')
-          else
-            err = "Multiple apps named #{s.app_handle} exist, please specify " \
-                  'with --environment'
-            raise Thor::Error, err
           end
+
+          app
         end
 
         def ensure_service(options, type)
@@ -166,13 +161,20 @@ module Aptible
           )
         end
 
-        def apps_from_handle(handle, environment)
-          # TODO: This should probably use each_app for more efficiency.
-          if environment
-            environment.apps
-          else
-            apps_all
-          end.select { |a| a.handle == handle }
+        def app_from_handle(handle, environment)
+          url = "/find/app?handle=#{handle}"
+          url += "&environment=#{environment.handle}" unless environment.nil?
+
+          Aptible::Api::App.find_by_url(
+            url,
+            token: fetch_token
+          )
+        rescue HyperResource::ClientError => e
+          raise unless e.body.is_a?(Hash) &&
+                       e.body['error'] == 'multiple_resources_found'
+          raise Thor::Error,
+                "Multiple apps named #{handle} exist, please specify " \
+                'with --environment'
         end
 
         def extract_env(args)
@@ -196,6 +198,17 @@ module Aptible
           raise Thor::Error, "Invalid argument: #{k}" if v.nil?
         end
 
+        def current_configuration(app)
+          conf_link = app.links['current_configuration']
+          return unless conf_link
+
+          Aptible::Api::Configuration.find_by_url(
+            conf_link.href,
+            token: fetch_token,
+            headers: { 'Prefer' => 'no_sensitive_extras=false' }
+          )
+        end
+
         private
 
         def handle_strategies

data/lib/aptible/cli/helpers/database.rb

@@ -36,16 +36,10 @@ module Aptible
             raise Thor::Error,
                   "Could not find environment #{environment_handle}"
           end
-          databases = databases_from_handle(db_handle, environment)
-          case databases.count
-          when 1
-            return databases.first
-          when 0
-            raise Thor::Error, "Could not find database #{db_handle}"
-          else
-            err = 'Multiple databases exist, please specify with --environment'
-            raise Thor::Error, err
-          end
+          db = database_from_handle(db_handle, environment)
+          raise Thor::Error, "Could not find database #{db_handle}" if db.nil?
+
+          db
         end
 
         def databases_href
@@ -140,20 +134,27 @@ module Aptible
           external_rds_databases_all.find { |a| a.handle == handle }
         end
 
-        def databases_from_handle(handle, environment)
-          databases = if environment
-                        environment.databases
-                      else
-                        databases_all
-                      end
-          databases.select { |a| a.handle == handle }
+        def database_from_handle(handle, environment)
+          url = "/find/database?handle=#{handle}"
+          url += "&environment=#{environment.handle}" unless environment.nil?
+
+          Aptible::Api::Database.find_by_url(
+            url,
+            token: fetch_token
+          )
+        rescue HyperResource::ClientError => e
+          raise unless e.body.is_a?(Hash) &&
+                       e.body['error'] == 'multiple_resources_found'
+          raise Thor::Error,
+                'Multiple databases exist, please specify ' \
+                'with --environment'
         end
 
         def clone_database(source, dest_handle)
           op = source.create_operation!(type: 'clone', handle: dest_handle)
           attach_to_operation_logs(op)
 
-          databases_from_handle(dest_handle, source.account).first
+          database_from_handle(dest_handle, source.account)
         end
 
         def replicate_database(source, dest_handle, options)
@@ -177,7 +178,7 @@ module Aptible
           op = source.create_operation!(replication_params)
           attach_to_operation_logs(op)
 
-          replica = databases_from_handle(dest_handle, source.account).first
+          replica = database_from_handle(dest_handle, source.account)
           attach_to_operation_logs(replica.operations.last)
           replica
         end
@@ -185,6 +186,14 @@ module Aptible
         # Creates a local tunnel and yields the helper
 
         def with_local_tunnel(credential, port = 0, target_account = nil)
+          # Credential has the senstive header set, and for some reason
+          # credential.create_operation! _lists all operations_. This would
+          # generate a show activity for every previous tunnel operation.
+          # So, we strip the sensitive header first to prevent that from happening
+          # This will also strip the connection_url, but we don't need it from
+          # this point on.
+          credential = without_sensitive(credential)
+          # Twice by here??
           op = if target_account.nil?
                  credential.create_operation!(
                    type: 'tunnel',
@@ -284,7 +293,7 @@ module Aptible
             raise Thor::Error, 'This command only works for PostgreSQL'
           end
 
-          credential = find_credential(database)
+          credential, _credentials = find_credential(database)
 
           with_local_tunnel(credential) do |tunnel_helper|
             yield local_url(credential, tunnel_helper.port)
@@ -304,7 +313,7 @@ module Aptible
           remote_url = credential.connection_url
 
           uri = URI.parse(remote_url)
-          domain = credential.database.account.stack.internal_domain
+          domain = without_sensitive(credential).database.account.stack.internal_domain
           "#{uri.scheme}://#{uri.user}:#{uri.password}@" \
           "localhost.#{domain}:#{local_port}#{uri.path}"
         end
@@ -314,21 +323,25 @@ module Aptible
             raise Thor::Error, "Database #{database.handle} is not provisioned"
           end
 
+          # Get the database credentials, without going using `with_senstive(database)`, as that
+          # would get the embedded last_operation, and generate an extra show activity
+          creds_link = database.links['database_credentials']
+          database_credentials = Aptible::Api::DatabaseCredential.all(
+            href: creds_link.href,
+            token: fetch_token,
+            headers: { 'Prefer' => 'no_sensitive_extras=false' }
+          )
+
           finder = proc { |c| c.default }
           finder = proc { |c| c.type == type } if type
-          credential = database.database_credentials.find(&finder)
+          credential = database_credentials.find(&finder)
 
-          return credential if credential
+          # It may be weird to return the credential and all the credentials, but the db:tunnel
+          # command lists all the credential types if you do not provide one, and we want to avoid
+          # generating more show activity than needed
+          return credential, database_credentials if credential
 
-          types = database.database_credentials.map(&:type)
-
-          # On v1, we fallback to the DB. We make sure to make --type work, to
-          # avoid a confusing experience for customers.
-          if database.account.stack.version == 'v1'
-            types << database.type
-            types.uniq!
-            return database if type.nil? || type == database.type
-          end
+          types = database_credentials.map(&:type)
 
           valid = types.join(', ')
 
@@ -365,6 +378,10 @@ module Aptible
         end
 
         def render_database(database, account)
+          # Maybe reload with senstive data
+          # Definately don't load the embedded last_operation
+          database.href = database.href + '?no_embed=true'
+          database = with_sensitive(database) if database.connection_url.nil?
           Formatter.render(Renderer.current) do |root|
             root.keyed_object('connection_url') do |node|
               ResourceFormatter.inject_database(node, database, account)

data/lib/aptible/cli/helpers/environment.rb

@@ -42,10 +42,11 @@ module Aptible
 
         def environment_from_handle(handle)
           return nil unless handle
-          href = environment_href
-          Aptible::Api::Account.all(token: fetch_token, href: href).find do |a|
-            a.handle == handle
-          end
+
+          Aptible::Api::Account.find_by_url(
+            "/find/account?handle=#{handle}",
+            token: fetch_token
+          )
         end
 
         def environment_map(accounts)

data/lib/aptible/cli/helpers/log_drain.rb

@@ -65,7 +65,9 @@ module Aptible
         end
 
         def ensure_log_drain(account, handle)
-          drains = account.log_drains.select { |d| d.handle == handle }
+          link = account.links['log_drains'].base_href
+          account_drains = Aptible::Api::LogDrain.all(href: link, token: fetch_token)
+          drains = account_drains.select { |d| d.handle == handle }
 
           if drains.empty?
             raise Thor::Error, "No drain found with handle #{handle}"

data/lib/aptible/cli/helpers/metric_drain.rb

@@ -19,7 +19,9 @@ module Aptible
         end
 
         def ensure_metric_drain(account, handle)
-          drains = account.metric_drains.select { |d| d.handle == handle }
+          link = account.links['metric_drains'].base_href
+          account_drains = Aptible::Api::MetricDrain.all(href: link, token: fetch_token)
+          drains = account_drains.select { |d| d.handle == handle }
 
           if drains.empty?
             raise Thor::Error, "No drain found with handle #{handle}"

data/lib/aptible/cli/resource_formatter.rb

@@ -128,6 +128,10 @@ module Aptible
         end
 
         def inject_database(node, database, account)
+          # Some callers pass a database object with sensitive attributes already, others do not.
+          # Avoid creating extra 'show' activity if we already have the needed info
+          database = with_sensitive(database) if database.objects[:database_credentials].nil?
+
           node.value('id', database.id)
           node.value('handle', database.handle)
           node.value('created_at', database.created_at)
@@ -243,6 +247,9 @@ module Aptible
                      log_drain.drain_ephemeral_sessions)
           node.value('drain_proxies', log_drain.drain_proxies)
 
+          # These can be either optional for the drain type,
+          # or sensitive attributes we don't need to worry about
+          # in text output
           optional_attrs = %w(drain_username drain_host drain_port url)
           optional_attrs.each do |attr|
             value = log_drain.attributes[attr]
@@ -257,7 +264,13 @@ module Aptible
           node.value('handle', metric_drain.handle)
           node.value('drain_type', metric_drain.drain_type)
           node.value('created_at', metric_drain.created_at)
-          node.value('drain_configuration', metric_drain.drain_configuration)
+
+          # Sensitive attributes we don't need to worry about being missing in text output
+          optional_attrs = %w(drain_configuration)
+          optional_attrs.each do |attr|
+            value = metric_drain.attributes[attr]
+            node.value(attr, value) unless value.nil?
+          end
 
           attach_account(node, account)
         end

data/lib/aptible/cli/subcommands/backup.rb

@@ -67,7 +67,7 @@ module Aptible
 
               account = destination_account || backup.account
 
-              database = databases_from_handle(handle, account).first
+              database = database_from_handle(handle, account)
               render_database(database, account)
             end
 

data/lib/aptible/cli/subcommands/config.rb

@@ -15,7 +15,7 @@ module Aptible
               telemetry(__method__, options)
 
               app = ensure_app(options)
-              config = app.current_configuration
+              config = current_configuration(app)
               env = config ? config.env : {}
 
               Formatter.render(Renderer.current) do |root|
@@ -38,7 +38,7 @@ module Aptible
               telemetry(__method__, options)
 
               app = ensure_app(options)
-              config = app.current_configuration
+              config = current_configuration(app)
               env = config ? config.env : {}
 
               Formatter.render(Renderer.current) do |root|

data/lib/aptible/cli/subcommands/db.rb

@@ -335,13 +335,13 @@ module Aptible
               return use_rds_tunnel(handle, desired_port) if aws_rds_db?(handle)
 
               database = ensure_database(options.merge(db: handle))
-              credential = find_credential(database, options[:type])
+              credential, credentials = find_credential(database, options[:type])
 
               m = "Creating #{credential.type} tunnel to #{database.handle}..."
               CLI.logger.info m
 
               if options[:type].nil?
-                types = database.database_credentials.map(&:type)
+                types = credentials.map(&:type)
                 unless types.empty?
                   valid = types.join(', ')
                   CLI.logger.info 'Use --type TYPE to specify a tunnel type'
@@ -481,7 +481,8 @@ module Aptible
               telemetry(__method__, options.merge(handle: handle))
 
               database = ensure_database(options.merge(db: handle))
-              credential = find_credential(database, options[:type])
+
+              credential, _credentials = find_credential(database, options[:type])
 
               Formatter.render(Renderer.current) do |root|
                 root.keyed_object('connection_url') do |node|

data/lib/aptible/cli/subcommands/log_drain.rb

@@ -44,6 +44,8 @@ module Aptible
                     account = acc_map[drain.links.account.href]
                     next if account.nil?
 
+                    # JSON output format we potentially show sensitive attributes
+                    drain = with_sensitive(drain) if Renderer.format == 'json'
                     node.object do |n|
                       ResourceFormatter.inject_log_drain(n, drain, account)
                     end

data/lib/aptible/cli/subcommands/logs.rb

@@ -134,11 +134,11 @@ module Aptible
                   options[:string_matches]
                 )
               elsif id_options.any?
-                if options[:container_id]
-                  search_attrs = { container_id: options[:container_id] }
-                else
-                  search_attrs = { type: r_type, id: id_options.compact.first }
-                end
+                search_attrs = if options[:container_id]
+                                 { container_id: options[:container_id] }
+                               else
+                                 { type: r_type, id: id_options.compact.first }
+                               end
                 files = find_s3_files_by_attrs(
                   options[:region],
                   options[:bucket],

data/lib/aptible/cli/subcommands/metric_drain.rb

@@ -38,6 +38,8 @@ module Aptible
                     account = acc_map[drain.links.account.href]
                     next if account.nil?
 
+                    # JSON output format we potentially show sensitive attributes
+                    drain = with_sensitive(drain) if Renderer.format == 'json'
                     node.object do |n|
                       ResourceFormatter.inject_metric_drain(n, drain, account)
                     end

data/lib/aptible/cli/version.rb

@@ -1,5 +1,5 @@
 module Aptible
   module CLI
-    VERSION = '0.26.2'.freeze
+    VERSION = '0.26.5'.freeze
   end
 end

data/lib/aptible/cli.rb

@@ -7,6 +7,20 @@ require 'aptible/cli/formatter'
 require 'aptible/cli/renderer'
 require 'aptible/cli/resource_formatter'
 
+# Set no_sensitive_extras=true as the default for all API resources.
+# This avoids returning sensitive embedded data unless explicitly requested.
+Aptible::Api::Resource.headers = { 'Prefer' => 'no_sensitive_extras=true' }
+
+def with_sensitive(resource)
+  resource.headers['Prefer'] = 'no_sensitive_extras=false'
+  resource.find_by_url(resource.href)
+end
+
+def without_sensitive(resource)
+  resource.headers['Prefer'] = 'no_sensitive_extras=true'
+  resource.find_by_url(resource.href)
+end
+
 module Aptible
   module CLI
     class TtyLogFormatter

data/spec/aptible/cli/subcommands/apps_spec.rb

@@ -20,13 +20,17 @@ describe Aptible::CLI::Agent do
   before do
     allow(subject).to receive(:save_token)
     allow(subject).to receive(:attach_to_operation_logs)
-    allow(subject).to receive(:fetch_token) { double 'token' }
+    allow(subject).to receive(:fetch_token) { token }
+    allow(Aptible::Api::Account).to receive(:find_by_url)
+      .with("/find/account?handle=#{account.handle}", token: token)
+      .and_return(account)
   end
 
   let!(:account) { Fabricate(:account) }
   let!(:app) { Fabricate(:app, handle: 'hello', account: account) }
   let!(:service) { Fabricate(:service, app: app, process_type: 'web') }
   let(:op) { Fabricate(:operation, status: 'succeeded', resource: app) }
+  let(:token) { double 'token' }
 
   describe '#apps' do
     it 'lists an app in an account' do
@@ -83,13 +87,14 @@ describe Aptible::CLI::Agent do
 
     it 'lists filters down to one account' do
       account2 = Fabricate(:account, handle: 'account2')
+      allow(Aptible::Api::Account).to receive(:find_by_url)
+        .with("/find/account?handle=#{account2.handle}", token: token)
+        .and_return(account2)
       app2 = Fabricate(:app, account: account2, handle: 'app2')
       allow(subject).to receive(:options)
         .and_return(environment: account2.handle)
       allow(Aptible::Api::App).to receive(:all).and_return([app2])
 
-      allow(Aptible::Api::Account).to receive(:all)
-        .and_return([account, account2])
       subject.send('apps')
 
       expect(captured_output_text)
@@ -215,8 +220,11 @@ describe Aptible::CLI::Agent do
 
   describe '#apps:rename' do
     before do
-      allow(Aptible::Api::App).to receive(:all) { [app] }
-      allow(Aptible::Api::Account).to receive(:all) { [account] }
+      allow(Aptible::Api::App).to receive(:find_by_url)
+        .and_return(nil)
+      allow(Aptible::Api::App).to receive(:find_by_url)
+        .with("/find/app?handle=#{app.handle}&environment=#{account.handle}", token: token)
+        .and_return(app)
     end
 
     before(:each) do
@@ -256,7 +264,6 @@ describe Aptible::CLI::Agent do
 
   describe '#apps:scale' do
     before do
-      allow(Aptible::Api::App).to receive(:all) { [app] }
       allow(Aptible::Api::Account).to receive(:all) { [account] }
     end
 
@@ -268,9 +275,9 @@ describe Aptible::CLI::Agent do
           .with('foobar')
           .and_return(account)
 
-        expect(subject).to receive(:apps_from_handle)
+        expect(subject).to receive(:app_from_handle)
           .with('hello', account)
-          .and_return([app])
+          .and_return(app)
       end
 
       def stub_options(**opts)
@@ -330,7 +337,7 @@ describe Aptible::CLI::Agent do
       allow(subject).to receive(:options) do
         { environment: 'foo', app: 'web', container_count: 2 }
       end
-      allow(Aptible::Api::Account).to receive(:all) { [] }
+      allow(Aptible::Api::Account).to receive(:find_by_url).and_return(nil)
       allow(service).to receive(:create_operation!) { op }
 
       expect do
@@ -394,7 +401,14 @@ describe Aptible::CLI::Agent do
 
       before do
         account.apps = apps
-        allow(Aptible::Api::App).to receive(:all).and_return(apps)
+        allow(Aptible::Api::App).to receive(:find_by_url)
+          .and_return(nil)
+        allow(Aptible::Api::App).to receive(:find_by_url)
+          .with("/find/app?handle=#{app.handle}&environment=#{account.handle}", token: token)
+          .and_return(app)
+        allow(Aptible::Api::App).to receive(:find_by_url)
+          .with("/find/app?handle=#{app.handle}", token: token)
+          .and_return(app)
       end
 
       it 'scopes the app search to an environment if provided' do
@@ -415,27 +429,21 @@ describe Aptible::CLI::Agent do
       end
 
       it 'fails if no app is found' do
-        apps.pop
-
-        strategies = [dummy_strategy_factory('hello', nil, true)]
+        strategies = [dummy_strategy_factory('goodbye', nil, true)]
         allow(subject).to receive(:handle_strategies) { strategies }
 
-        expect { subject.ensure_app }.to raise_error(/not find app hello/)
+        expect { subject.ensure_app }.to raise_error(/not find app goodbye/)
       end
 
       it 'explains the strategy when it fails' do
-        apps.pop
-
-        strategies = [dummy_strategy_factory('hello', nil, true)]
+        strategies = [dummy_strategy_factory('goodbye', nil, true)]
         allow(subject).to receive(:handle_strategies) { strategies }
 
         expect { subject.ensure_app }.to raise_error(/from dummy/)
       end
 
       it 'indicates the environment when the app search was scoped' do
-        apps.pop
-
-        strategies = [dummy_strategy_factory('hello', 'aptible', true)]
+        strategies = [dummy_strategy_factory('goodbye', 'aptible', true)]
         allow(subject).to receive(:handle_strategies) { strategies }
 
         expect(subject).to receive(:environment_from_handle).with('aptible')
@@ -445,7 +453,12 @@ describe Aptible::CLI::Agent do
       end
 
       it 'fails if multiple apps are found' do
-        apps << Fabricate(:app, handle: 'hello')
+        error = HyperResource::ClientError.new('multiple resources found')
+        allow(error).to receive(:body)
+          .and_return('error' => 'multiple_resources_found')
+        allow(Aptible::Api::App).to receive(:find_by_url)
+          .with('/find/app?handle=hello', token: token)
+          .and_raise(error)
 
         strategies = [dummy_strategy_factory('hello', nil, true)]
         allow(subject).to receive(:handle_strategies) { strategies }

data/spec/aptible/cli/subcommands/backup_retention_policy_spec.rb

@@ -13,7 +13,9 @@ describe Aptible::CLI::Agent do
 
   before do
     allow(subject).to receive(:fetch_token).and_return(token)
-    allow(Aptible::Api::Account).to receive(:all) { [account] }
+    allow(Aptible::Api::Account).to receive(:find_by_url)
+      .with("/find/account?handle=#{account.handle}", token: token)
+      .and_return(account)
   end
 
   describe '#backup_retention_policy' do