cpflow 3.0.0

data/lib/core/controlplane_api.rb

@@ -0,0 +1,170 @@
+# frozen_string_literal: true
+
+class ControlplaneApi # rubocop:disable Metrics/ClassLength
+  def list_orgs
+    api_json("/org", method: :get)
+  end
+
+  def gvc_list(org:)
+    api_json("/org/#{org}/gvc", method: :get)
+  end
+
+  def gvc_get(org:, gvc:)
+    api_json("/org/#{org}/gvc/#{gvc}", method: :get)
+  end
+
+  def gvc_delete(org:, gvc:)
+    api_json("/org/#{org}/gvc/#{gvc}", method: :delete)
+  end
+
+  def query_images(org:, gvc:, gvc_op_type:)
+    terms = [
+      {
+        property: "repository",
+        op: gvc_op_type,
+        value: gvc
+      }
+    ]
+
+    query("/org/#{org}/image", terms)
+  end
+
+  def fetch_image_details(org:, image:)
+    api_json("/org/#{org}/image/#{image}", method: :get)
+  end
+
+  def image_delete(org:, image:)
+    api_json("/org/#{org}/image/#{image}", method: :delete)
+  end
+
+  def log_get(org:, gvc:, workload: nil, replica: nil, from: nil, to: nil) # rubocop:disable Metrics/ParameterLists
+    query = { gvc: gvc }
+    query[:workload] = workload if workload
+    query[:replica] = replica if replica
+    query = query.map { |k, v| %(#{k}="#{v}") }.join(",").then { "{#{_1}}" }
+
+    params = { query: query }
+    params[:from] = "#{from}000000000" if from
+    params[:to] = "#{to}000000000" if to
+    params[:limit] = "5000"
+    # params << "delay_for=0"
+    # params << "limit=30"
+    # params << "direction=forward"
+    params = params.map { |k, v| %(#{k}=#{CGI.escape(v)}) }.join("&")
+
+    api_json("/logs/org/#{org}/loki/api/v1/query_range?#{params}", method: :get, host: :logs)
+  end
+
+  def query_workloads(org:, gvc:, workload:, gvc_op_type:, workload_op_type:) # rubocop:disable Metrics/MethodLength
+    terms = [
+      {
+        rel: "gvc",
+        op: gvc_op_type,
+        value: gvc
+      },
+      {
+        property: "name",
+        op: workload_op_type,
+        value: workload
+      }
+    ]
+
+    query("/org/#{org}/workload", terms)
+  end
+
+  def workload_list(org:, gvc:)
+    api_json("/org/#{org}/gvc/#{gvc}/workload", method: :get)
+  end
+
+  def workload_list_by_org(org:)
+    api_json("/org/#{org}/workload", method: :get)
+  end
+
+  def workload_get(org:, gvc:, workload:)
+    api_json("/org/#{org}/gvc/#{gvc}/workload/#{workload}", method: :get)
+  end
+
+  def update_workload(org:, gvc:, workload:, data:)
+    api_json("/org/#{org}/gvc/#{gvc}/workload/#{workload}", method: :patch, body: data)
+  end
+
+  def workload_deployments(org:, gvc:, workload:)
+    api_json("/org/#{org}/gvc/#{gvc}/workload/#{workload}/deployment", method: :get)
+  end
+
+  def delete_workload(org:, gvc:, workload:)
+    api_json("/org/#{org}/gvc/#{gvc}/workload/#{workload}", method: :delete)
+  end
+
+  def list_volumesets(org:, gvc:)
+    api_json("/org/#{org}/gvc/#{gvc}/volumeset", method: :get)
+  end
+
+  def delete_volumeset(org:, gvc:, volumeset:)
+    api_json("/org/#{org}/gvc/#{gvc}/volumeset/#{volumeset}", method: :delete)
+  end
+
+  def fetch_domain(org:, domain:)
+    api_json("/org/#{org}/domain/#{domain}", method: :get)
+  end
+
+  def list_domains(org:)
+    api_json("/org/#{org}/domain", method: :get)
+  end
+
+  def update_domain(org:, domain:, data:)
+    api_json("/org/#{org}/domain/#{domain}", method: :patch, body: data)
+  end
+
+  def fetch_secret(org:, secret:)
+    api_json("/org/#{org}/secret/#{secret}", method: :get)
+  end
+
+  def delete_secret(org:, secret:)
+    api_json("/org/#{org}/secret/#{secret}", method: :delete)
+  end
+
+  def fetch_identity(org:, gvc:, identity:)
+    api_json("/org/#{org}/gvc/#{gvc}/identity/#{identity}", method: :get)
+  end
+
+  def fetch_policy(org:, policy:)
+    api_json("/org/#{org}/policy/#{policy}", method: :get)
+  end
+
+  def delete_policy(org:, policy:)
+    api_json("/org/#{org}/policy/#{policy}", method: :delete)
+  end
+
+  private
+
+  def fetch_query_pages(result)
+    loop do
+      next_page_url = result["links"].find { |link| link["rel"] == "next" }&.dig("href")
+      break unless next_page_url
+
+      next_page_result = api_json(next_page_url, method: :get)
+      result["items"] += next_page_result["items"]
+      result["links"] = next_page_result["links"]
+    end
+  end
+
+  def query(url, terms)
+    body = {
+      kind: "string",
+      spec: {
+        match: "all",
+        terms: terms
+      }
+    }
+
+    result = api_json("#{url}/-query", method: :post, body: body)
+    fetch_query_pages(result)
+
+    result
+  end
+
+  def api_json(...)
+    ControlplaneApiDirect.new.call(...)
+  end
+end

data/lib/core/controlplane_api_direct.rb

@@ -0,0 +1,112 @@
+# frozen_string_literal: true
+
+class ControlplaneApiDirect
+  API_METHODS = {
+    get: Net::HTTP::Get,
+    patch: Net::HTTP::Patch,
+    post: Net::HTTP::Post,
+    put: Net::HTTP::Put,
+    delete: Net::HTTP::Delete
+  }.freeze
+  API_HOSTS = { api: "https://api.cpln.io", logs: "https://logs.cpln.io" }.freeze
+
+  # API_TOKEN_REGEX = Regexp.union(
+  #  /^[\w.]{155}$/, # CPLN_TOKEN format
+  #  /^[\w\-._]{1134}$/ # 'cpln profile token' format
+  # ).freeze
+
+  API_TOKEN_REGEX = /^[\w\-._]+$/.freeze
+  API_TOKEN_EXPIRY_SECONDS = 300
+
+  class << self
+    attr_accessor :trace
+  end
+
+  def call(url, method:, host: :api, body: nil) # rubocop:disable Metrics/MethodLength, Metrics/CyclomaticComplexity
+    trace = ControlplaneApiDirect.trace
+    uri = URI("#{api_host(host)}#{url}")
+    request = API_METHODS[method].new(uri)
+    request["Content-Type"] = "application/json"
+
+    refresh_api_token if should_refresh_api_token?
+
+    request["Authorization"] = api_token[:token]
+    request.body = body.to_json if body
+
+    Shell.debug(method.upcase, "#{uri} #{body&.to_json}")
+
+    http = Net::HTTP.new(uri.hostname, uri.port)
+    http.use_ssl = uri.scheme == "https"
+    http.set_debug_output($stdout) if trace
+
+    response = http.start { |ht| ht.request(request) }
+
+    case response
+    when Net::HTTPOK
+      JSON.parse(response.body)
+    when Net::HTTPAccepted
+      true
+    when Net::HTTPNotFound
+      nil
+    when Net::HTTPForbidden
+      org = self.class.parse_org(url)
+      raise("Double check your org #{org}. #{response} #{response.body}")
+    else
+      raise("#{response} #{response.body}")
+    end
+  end
+
+  def api_host(host)
+    case host
+    when :api
+      ENV.fetch("CPLN_ENDPOINT", API_HOSTS[host])
+    else
+      API_HOSTS[host]
+    end
+  end
+
+  # rubocop:disable Style/ClassVars
+  def api_token # rubocop:disable Metrics/MethodLength
+    return @@api_token if defined?(@@api_token)
+
+    @@api_token = {
+      token: ENV.fetch("CPLN_TOKEN", nil),
+      comes_from_profile: false
+    }
+    if @@api_token[:token].nil?
+      @@api_token = {
+        token: Shell.cmd("cpln", "profile", "token")[:output].chomp,
+        comes_from_profile: true
+      }
+    end
+    return @@api_token if @@api_token[:token].match?(API_TOKEN_REGEX)
+
+    raise "Unknown API token format. " \
+          "Please re-run 'cpln profile login' or set the correct CPLN_TOKEN env variable."
+  end
+
+  # Returns `true` when the token is about to expire in 5 minutes
+  def should_refresh_api_token?
+    return false unless api_token[:comes_from_profile]
+
+    payload, = JWT.decode(api_token[:token], nil, false)
+    difference_in_seconds = payload["exp"] - Time.now.to_i
+
+    difference_in_seconds <= API_TOKEN_EXPIRY_SECONDS
+  rescue JWT::DecodeError
+    false
+  end
+
+  def refresh_api_token
+    @@api_token[:token] = Shell.cmd("cpln", "profile", "token")[:output].chomp
+  end
+
+  def self.reset_api_token
+    remove_class_variable(:@@api_token) if defined?(@@api_token)
+  end
+  # rubocop:enable Style/ClassVars
+
+  def self.parse_org(url)
+    url.match(%r{^/org/([^/]+)})[1]
+  end
+end

data/lib/core/doctor_service.rb

@@ -0,0 +1,104 @@
+# frozen_string_literal: true
+
+class ValidationError < StandardError; end
+
+class DoctorService
+  attr_reader :config
+
+  def initialize(config)
+    @config = config
+  end
+
+  def run_validations(validations, silent_if_passing: false) # rubocop:disable Metrics/MethodLength
+    @any_failed_validation = false
+
+    validations.each do |validation|
+      case validation
+      when "config"
+        validate_config
+      when "templates"
+        validate_templates
+      else
+        raise ValidationError, Shell.color("ERROR: Invalid validation '#{validation}'.", :red)
+      end
+
+      progress.puts("#{Shell.color('[PASS]', :green)} #{validation}") unless silent_if_passing
+    rescue ValidationError => e
+      @any_failed_validation = true
+
+      progress.puts("#{Shell.color('[FAIL]', :red)} #{validation}\n\n#{e.message}\n\n")
+    end
+
+    exit(ExitCode::ERROR_DEFAULT) if @any_failed_validation
+  end
+
+  def validate_config
+    check_for_app_names_contained_in_others
+  end
+
+  def validate_templates
+    @template_parser = TemplateParser.new(config)
+    filenames = Dir.glob("#{@template_parser.template_dir}/*.yml")
+    templates = @template_parser.parse(filenames)
+
+    check_for_duplicate_templates(templates)
+    warn_deprecated_template_variables
+  end
+
+  private
+
+  def check_for_app_names_contained_in_others
+    app_names_contained_in_others = find_app_names_contained_in_others
+    return if app_names_contained_in_others.empty?
+
+    message = "App names contained in others found below. Please ensure that app names are unique."
+    list = app_names_contained_in_others
+           .map { |app_prefix, app_name| "  - '#{app_prefix}' is a prefix of '#{app_name}'" }
+           .join("\n")
+    raise ValidationError, "#{Shell.color("ERROR: #{message}", :red)}\n#{list}"
+  end
+
+  def find_app_names_contained_in_others # rubocop:disable Metrics/CyclomaticComplexity, Metrics/MethodLength
+    app_names = config.apps.keys.map(&:to_s).sort
+    app_prefixes = config.apps
+                         .select { |_, app_options| app_options[:match_if_app_name_starts_with] }
+                         .keys
+                         .map(&:to_s)
+                         .sort
+    app_prefixes.each_with_object([]) do |app_prefix, app_names_contained_in_others|
+      app_names.each do |app_name|
+        if app_prefix != app_name && app_name.start_with?(app_prefix)
+          app_names_contained_in_others.push([app_prefix, app_name])
+        end
+      end
+    end
+  end
+
+  def check_for_duplicate_templates(templates)
+    grouped_templates = templates.group_by { |template| [template["kind"], template["name"]] }
+    duplicate_templates = grouped_templates.select { |_, group| group.size > 1 }
+    return if duplicate_templates.empty?
+
+    message = "Duplicate templates found with the kind/names below. Please ensure that templates are unique."
+    list = duplicate_templates
+           .map { |(kind, name), _| "  - kind: #{kind}, name: #{name}" }
+           .join("\n")
+    raise ValidationError, "#{Shell.color("ERROR: #{message}", :red)}\n#{list}"
+  end
+
+  def warn_deprecated_template_variables
+    deprecated_variables = @template_parser.deprecated_variables
+    return if deprecated_variables.empty?
+
+    message = "Please replace these variables in the templates, " \
+              "as support for them will be removed in a future major version bump:"
+    list = deprecated_variables
+           .map { |old_key, new_key| "  - #{old_key} -> #{new_key}" }
+           .join("\n")
+    progress.puts("\n#{Shell.color("DEPRECATED: #{message}", :yellow)}\n#{list}\n\n")
+  end
+
+  def progress
+    $stderr
+  end
+end

data/lib/core/helpers.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+require "securerandom"
+
+module Helpers
+  module_function
+
+  def strip_str_and_validate(str)
+    return str if str.nil?
+
+    str = str.strip
+    str.empty? ? nil : str
+  end
+
+  def random_four_digits
+    SecureRandom.random_number(1000..9999)
+  end
+
+  def normalize_command_name(name)
+    name.to_s.tr("_", "-")
+  end
+
+  def normalize_option_name(name)
+    "--#{name.to_s.tr('_', '-')}"
+  end
+end

data/lib/core/shell.rb

@@ -0,0 +1,100 @@
+# frozen_string_literal: true
+
+class Shell
+  class << self
+    attr_reader :tmp_stderr, :verbose
+  end
+
+  def self.shell
+    @shell ||= Thor::Shell::Color.new
+  end
+
+  def self.use_tmp_stderr
+    @tmp_stderr = Tempfile.create
+
+    yield
+
+    @tmp_stderr.close
+    @tmp_stderr = nil
+  end
+
+  def self.write_to_tmp_stderr(message)
+    tmp_stderr.write(message)
+  end
+
+  def self.read_from_tmp_stderr
+    tmp_stderr.rewind
+    tmp_stderr.read.strip
+  end
+
+  def self.color(message, color_key)
+    shell.set_color(message, color_key)
+  end
+
+  def self.confirm(message)
+    shell.yes?("#{message} (y/N)")
+  end
+
+  def self.warn(message)
+    Kernel.warn(color("WARNING: #{message}", :yellow))
+  end
+
+  def self.warn_deprecated(message)
+    Kernel.warn(color("DEPRECATED: #{message}", :yellow))
+  end
+
+  def self.abort(message, exit_status = ExitCode::ERROR_DEFAULT)
+    Kernel.warn(color("ERROR: #{message}", :red))
+    exit(exit_status)
+  end
+
+  def self.verbose_mode(verbose)
+    @verbose = verbose
+  end
+
+  def self.debug(prefix, message, sensitive_data_pattern: nil)
+    return unless verbose
+
+    filtered_message = hide_sensitive_data(message, sensitive_data_pattern)
+    Kernel.warn("\n[#{color(prefix, :red)}] #{filtered_message}")
+  end
+
+  def self.should_hide_output?
+    tmp_stderr && !verbose
+  end
+
+  def self.cmd(*cmd_to_run, capture_stderr: false)
+    output, status = capture_stderr ? Open3.capture2e(*cmd_to_run) : Open3.capture2(*cmd_to_run)
+
+    {
+      output: output,
+      success: status.success?
+    }
+  end
+
+  #
+  # Hide sensitive data based on the passed pattern
+  #
+  # @param [String] message
+  #   The message to get processed.
+  # @param [Regexp, nil] pattern
+  #   The regular expression to be used. If not provided, no filter gets applied.
+  #
+  # @return [String]
+  #   Filtered message.
+  #
+  # @example
+  #   hide_sensitive_data("--token abcd", /(?<=--token )(\S+)/)
+  def self.hide_sensitive_data(message, pattern = nil)
+    return message unless pattern.is_a?(Regexp)
+
+    message.gsub(pattern, "XXXXXXX")
+  end
+
+  def self.trap_interrupt
+    trap("SIGINT") do
+      puts
+      exit(ExitCode::INTERRUPT)
+    end
+  end
+end

data/lib/core/template_parser.rb

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+
+class TemplateParser
+  attr_reader :config, :deprecated_variables
+
+  def initialize(config)
+    @config = config
+  end
+
+  def template_dir
+    "#{config.app_cpln_dir}/templates"
+  end
+
+  def template_filename(name)
+    "#{template_dir}/#{name}.yml"
+  end
+
+  def parse(filenames)
+    @deprecated_variables = {}
+
+    filenames.each_with_object([]) do |filename, templates|
+      yaml_file = File.read(filename)
+      yaml_file = replace_variables(yaml_file)
+
+      template_yamls = yaml_file.split(/^---\s*$/)
+      template_yamls.each do |template_yaml|
+        template = YAML.safe_load(template_yaml)
+        templates.push(template)
+      end
+    end
+  end
+
+  private
+
+  def replace_variables(yaml_file) # rubocop:disable Metrics/MethodLength
+    yaml_file = yaml_file
+                .gsub("{{APP_ORG}}", config.org)
+                .gsub("{{APP_NAME}}", config.app)
+                .gsub("{{APP_LOCATION}}", config.location)
+                .gsub("{{APP_LOCATION_LINK}}", config.location_link)
+                .gsub("{{APP_IMAGE}}", cp.latest_image)
+                .gsub("{{APP_IMAGE_LINK}}", config.image_link(cp.latest_image))
+                .gsub("{{APP_IDENTITY}}", config.identity)
+                .gsub("{{APP_IDENTITY_LINK}}", config.identity_link)
+                .gsub("{{APP_SECRETS}}", config.secrets)
+                .gsub("{{APP_SECRETS_POLICY}}", config.secrets_policy)
+
+    find_deprecated_variables(yaml_file)
+
+    # Kept for backwards compatibility
+    yaml_file
+      .gsub("APP_ORG", config.org)
+      .gsub("APP_GVC", config.app)
+      .gsub("APP_LOCATION", config.location)
+      .gsub("APP_IMAGE", cp.latest_image)
+  end
+
+  def find_deprecated_variables(yaml_file)
+    new_variables.each do |old_key, new_key|
+      @deprecated_variables[old_key] = new_key if yaml_file.include?(old_key)
+    end
+  end
+
+  def new_variables
+    {
+      "APP_ORG" => "{{APP_ORG}}",
+      "APP_GVC" => "{{APP_NAME}}",
+      "APP_LOCATION" => "{{APP_LOCATION}}",
+      "APP_IMAGE" => "{{APP_IMAGE}}"
+    }
+  end
+
+  def cp
+    @cp ||= Controlplane.new(config)
+  end
+end

data/lib/cpflow/version.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module Cpflow
+  VERSION = "3.0.0"
+  MIN_CPLN_VERSION = "2.0.1"
+end