cpl 1.1.2 → 1.3.0

data/lib/core/controlplane.rb

@@ -23,9 +23,10 @@ class Controlplane # rubocop:disable Metrics/ClassLength
   end
 
   def profile_create(profile, token)
+    sensitive_data_pattern = /(?<=--token )(\S+)/
     cmd = "cpln profile create #{profile} --token #{token}"
     cmd += " > /dev/null" if Shell.should_hide_output?
-    perform!(cmd)
+    perform!(cmd, sensitive_data_pattern: sensitive_data_pattern)
   end
 
   def profile_delete(profile)
@@ -43,11 +44,13 @@ class Controlplane # rubocop:disable Metrics/ClassLength
     api.query_images(org: a_org, gvc: a_gvc, gvc_op_type: gvc_op)
   end
 
-  def image_build(image, dockerfile:, build_args: [], push: true)
+  def image_build(image, dockerfile:, docker_args: [], build_args: [], push: true)
     # https://docs.controlplane.com/guides/push-image#step-2
     # Might need to use `docker buildx build` if compatiblitity issues arise
     cmd = "docker build --platform=linux/amd64 -t #{image} -f #{dockerfile}"
+    cmd += " --progress=plain" if ControlplaneApiDirect.trace
 
+    cmd += " #{docker_args.join(' ')}" if docker_args.any?
     build_args.each { |build_arg| cmd += " --build-arg #{build_arg}" }
     cmd += " #{config.app_dir}"
     perform!(cmd)
@@ -234,6 +237,16 @@ class Controlplane # rubocop:disable Metrics/ClassLength
     perform!(cmd)
   end
 
+  # volumeset
+
+  def fetch_volumesets(a_gvc = gvc)
+    api.list_volumesets(org: org, gvc: a_gvc)
+  end
+
+  def delete_volumeset(volumeset, a_gvc = gvc)
+    api.delete_volumeset(org: org, gvc: a_gvc, volumeset: volumeset)
+  end
+
   # domain
 
   def find_domain_route(data)
@@ -252,13 +265,21 @@ class Controlplane # rubocop:disable Metrics/ClassLength
       route = find_domain_route(domain_data)
       next false if route.nil?
 
-      workloads.any? { |workload| route["workloadLink"].split("/").last == workload }
+      workloads.any? { |workload| route["workloadLink"].match?(%r{/org/#{org}/gvc/#{gvc}/workload/#{workload}}) }
     end
   end
 
-  def get_domain_workload(data)
+  def fetch_domain(domain)
+    domain_data = api.fetch_domain(org: org, domain: domain)
+    route = find_domain_route(domain_data)
+    return nil if route.nil?
+
+    domain_data
+  end
+
+  def domain_workload_matches?(data, workload)
     route = find_domain_route(data)
-    route["workloadLink"].split("/").last
+    route["workloadLink"].match?(%r{/org/#{org}/gvc/#{gvc}/workload/#{workload}})
   end
 
   def set_domain_workload(data, workload)
@@ -346,8 +367,8 @@ class Controlplane # rubocop:disable Metrics/ClassLength
     system(cmd)
   end
 
-  def perform!(cmd)
-    Shell.debug("CMD", cmd)
+  def perform!(cmd, sensitive_data_pattern: nil)
+    Shell.debug("CMD", cmd, sensitive_data_pattern: sensitive_data_pattern)
 
     system(cmd) || exit(false)
   end

data/lib/core/controlplane_api.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class ControlplaneApi
+class ControlplaneApi # rubocop:disable Metrics/ClassLength
   def gvc_list(org:)
     api_json("/org/#{org}/gvc", method: :get)
   end
@@ -86,6 +86,18 @@ class ControlplaneApi
     api_json("/org/#{org}/gvc/#{gvc}/workload/#{workload}", method: :delete)
   end
 
+  def list_volumesets(org:, gvc:)
+    api_json("/org/#{org}/gvc/#{gvc}/volumeset", method: :get)
+  end
+
+  def delete_volumeset(org:, gvc:, volumeset:)
+    api_json("/org/#{org}/gvc/#{gvc}/volumeset/#{volumeset}", method: :delete)
+  end
+
+  def fetch_domain(org:, domain:)
+    api_json("/org/#{org}/domain/#{domain}", method: :get)
+  end
+
   def list_domains(org:)
     api_json("/org/#{org}/domain", method: :get)
   end

data/lib/core/controlplane_api_direct.rb

@@ -17,7 +17,12 @@ class ControlplaneApiDirect
 
   API_TOKEN_REGEX = /^[\w\-._]+$/.freeze
 
-  def call(url, method:, host: :api, body: nil) # rubocop:disable Metrics/MethodLength
+  class << self
+    attr_accessor :trace
+  end
+
+  def call(url, method:, host: :api, body: nil) # rubocop:disable Metrics/MethodLength, Metrics/CyclomaticComplexity
+    trace = ControlplaneApiDirect.trace
     uri = URI("#{api_host(host)}#{url}")
     request = API_METHODS[method].new(uri)
     request["Content-Type"] = "application/json"
@@ -26,7 +31,11 @@ class ControlplaneApiDirect
 
     Shell.debug(method.upcase, "#{uri} #{body&.to_json}")
 
-    response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") { |http| http.request(request) }
+    http = Net::HTTP.new(uri.hostname, uri.port)
+    http.use_ssl = uri.scheme == "https"
+    http.set_debug_output($stdout) if trace
+
+    response = http.start { |ht| ht.request(request) }
 
     case response
     when Net::HTTPOK
@@ -35,6 +44,9 @@ class ControlplaneApiDirect
       true
     when Net::HTTPNotFound
       nil
+    when Net::HTTPForbidden
+      org = self.class.parse_org(url)
+      raise("Double check your org #{org}. #{response} #{response.body}")
     else
       raise("#{response} #{response.body}")
     end
@@ -65,4 +77,8 @@ class ControlplaneApiDirect
     remove_class_variable(:@@api_token) if defined?(@@api_token)
   end
   # rubocop:enable Style/ClassVars
+
+  def self.parse_org(url)
+    url.match(%r{^/org/([^/]+)})[1]
+  end
 end

data/lib/core/helpers.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require "securerandom"
+
+module Helpers
+  def strip_str_and_validate(str)
+    return str if str.nil?
+
+    str = str.strip
+    str.empty? ? nil : str
+  end
+
+  def random_four_digits
+    SecureRandom.random_number(1000..9999)
+  end
+end

data/lib/core/shell.rb

@@ -36,7 +36,7 @@ class Shell
   end
 
   def self.confirm(message)
-    shell.yes?("#{message} (y/n)")
+    shell.yes?("#{message} (y/N)")
   end
 
   def self.warn(message)
@@ -55,11 +55,33 @@ class Shell
     @verbose = verbose
   end
 
-  def self.debug(prefix, message)
-    stderr.puts("\n[#{color(prefix, :red)}] #{message}") if verbose
+  def self.debug(prefix, message, sensitive_data_pattern: nil)
+    return unless verbose
+
+    filtered_message = hide_sensitive_data(message, sensitive_data_pattern)
+    stderr.puts("\n[#{color(prefix, :red)}] #{filtered_message}")
   end
 
   def self.should_hide_output?
     tmp_stderr && !verbose
   end
+
+  #
+  # Hide sensitive data based on the passed pattern
+  #
+  # @param [String] message
+  #   The message to get processed.
+  # @param [Regexp, nil] pattern
+  #   The regular expression to be used. If not provided, no filter gets applied.
+  #
+  # @return [String]
+  #   Filtered message.
+  #
+  # @example
+  #   hide_sensitive_data("--token abcd", /(?<=--token )(\S+)/)
+  def self.hide_sensitive_data(message, pattern = nil)
+    return message unless pattern.is_a?(Regexp)
+
+    message.gsub(pattern, "XXXXXXX")
+  end
 end

data/lib/cpl/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
 module Cpl
-  VERSION = "1.1.2"
+  VERSION = "1.3.0"
   MIN_CPLN_VERSION = "0.0.71"
 end

data/lib/cpl.rb

@@ -141,11 +141,13 @@ module Cpl
       usage = command_class::USAGE.empty? ? name : command_class::USAGE
       requires_args = command_class::REQUIRES_ARGS
       default_args = command_class::DEFAULT_ARGS
-      command_options = command_class::OPTIONS + [::Command::Base.verbose_option]
+      command_options = command_class::OPTIONS + ::Command::Base.common_options
+      accepts_extra_options = command_class::ACCEPTS_EXTRA_OPTIONS
       description = command_class::DESCRIPTION
       long_description = command_class::LONG_DESCRIPTION
       examples = command_class::EXAMPLES
       hide = command_class::HIDE || deprecated
+      with_info_header = command_class::WITH_INFO_HEADER
 
       long_description += "\n#{examples}" if examples.length.positive?
 
@@ -160,6 +162,10 @@ module Cpl
         method_option(option[:name], **option[:params])
       end
 
+      # We'll handle required options manually in `Config`
+      required_options = command_options.select { |option| option[:params][:required] }.map { |option| option[:name] }
+      disable_required_check! name_for_method.to_sym if required_options.any?
+
       define_method(name_for_method) do |*provided_args| # rubocop:disable Metrics/MethodLength
         if deprecated
           ::Shell.warn_deprecated("Command '#{command_key}' is deprecated, " \
@@ -173,10 +179,14 @@ module Cpl
                  default_args
                end
 
-        raise_args_error.call(args, nil) if (args.empty? && requires_args) || (!args.empty? && !requires_args)
+        if (args.empty? && requires_args) || (!args.empty? && !requires_args && !accepts_extra_options)
+          raise_args_error.call(args, nil)
+        end
 
         begin
-          config = Config.new(args, options)
+          config = Config.new(args, options, required_options)
+
+          Cpl::Cli.show_info_header(config) if with_info_header
 
           command_class.new(config).call
         rescue RuntimeError => e
@@ -186,6 +196,25 @@ module Cpl
     rescue StandardError => e
       ::Shell.abort("Unable to load command: #{e.message}")
     end
+
+    def self.show_info_header(config) # rubocop:disable Metrics/MethodLength
+      return if @showed_info_header
+
+      rows = {}
+      rows["ORG"] = config.org || "NOT PROVIDED!"
+      rows["ORG"] += " (comes from CPLN_ORG env var)" if config.org_comes_from_env
+      rows["APP"] = config.app || "NOT PROVIDED!"
+      rows["APP"] += " (comes from CPLN_APP env var)" if config.app_comes_from_env
+
+      rows.each do |key, value|
+        puts "#{key}: #{value}"
+      end
+
+      @showed_info_header = true
+
+      # Add a newline after the info header
+      puts
+    end
   end
 end
 

data/lib/generator_templates/Dockerfile

@@ -0,0 +1,27 @@
+FROM ruby:3.1.2
+
+RUN apt-get update
+
+WORKDIR /app
+
+# install ruby gems
+COPY Gemfile* ./
+
+RUN bundle config set without 'development test' && \
+    bundle config set with 'staging production' && \
+    bundle install --jobs=3 --retry=3
+
+COPY . ./
+
+ENV RAILS_ENV=production
+
+# compiling assets requires any value for ENV of SECRET_KEY_BASE
+ENV SECRET_KEY_BASE=NOT_USED_NON_BLANK
+
+RUN rails assets:precompile
+
+# add entrypoint
+COPY .controlplane/entrypoint.sh ./
+ENTRYPOINT ["/app/entrypoint.sh"]
+
+CMD ["rails", "s"]

data/lib/generator_templates/controlplane.yml

@@ -0,0 +1,57 @@
+# Keys beginning with "cpln_" correspond to your settings in Control Plane.
+
+# You can opt out of allowing the use of CPLN_ORG and CPLN_APP env vars
+# to avoid any accidents with the wrong org / app.
+allow_org_override_by_env: true
+allow_app_override_by_env: true
+
+aliases:
+  common: &common
+    # Organization name for staging (customize to your needs).
+    # Production apps will use a different organization, specified below, for security.
+    cpln_org: my-org-staging
+
+    # Example apps use only one location. Control Plane offers the ability to use multiple locations.
+    # TODO: Allow specification of multiple locations.
+    default_location: aws-us-east-2
+
+    # Configure the workload name used as a template for one-off scripts, like a Heroku one-off dyno.
+    one_off_workload: rails
+
+    # Workloads that are for the application itself and are using application Docker images.
+    app_workloads:
+      - rails
+
+    # Additional "service type" workloads, using non-application Docker images.
+    additional_workloads:
+      - postgres
+
+    # Configure the workload name used when maintenance mode is on (defaults to "maintenance")
+    maintenance_workload: maintenance
+
+apps:
+  my-app-staging:
+    # Use the values from the common section above.
+    <<: *common
+  my-app-review:
+    <<: *common
+    # If `match_if_app_name_starts_with` is `true`, then use this config for app names starting with this name,
+    # e.g., "my-app-review-pr123", "my-app-review-anything-goes", etc.
+    match_if_app_name_starts_with: true
+  my-app-production:
+    <<: *common
+
+    # You can also opt out of allowing the use of CPLN_ORG and CPLN_APP env vars per app.
+    # It's recommended to leave this off for production, to avoid any accidents.
+    allow_org_override_by_env: false
+    allow_app_override_by_env: false
+
+    # Use a different organization for production.
+    cpln_org: my-org-production
+    # Allows running the command `cpl promote-app-from-upstream -a my-app-production`
+    # to promote the staging app to production.
+    upstream: my-app-staging
+  my-app-other:
+    <<: *common
+    # You can specify a different `Dockerfile` relative to the `.controlplane/` directory (defaults to "Dockerfile").
+    dockerfile: ../some_other/Dockerfile

data/lib/generator_templates/entrypoint.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+# Runs before the main command
+
+echo " -- Preparing database"
+rails db:prepare
+
+echo " -- Finishing entrypoint.sh, executing '$@'"
+exec "$@"

data/lib/generator_templates/templates/gvc.yml

@@ -0,0 +1,21 @@
+# Template setup of the GVC, roughly corresponding to a Heroku app
+kind: gvc
+name: APP_GVC
+spec:
+  # For using templates for test apps, put ENV values here, stored in git repo.
+  # Production apps will have values configured manually after app creation.
+  env:
+    - name: DATABASE_URL
+      # Password does not matter because host postgres.APP_GVC.cpln.local can only be accessed
+      # locally within CPLN GVC, and postgres running on a CPLN workload is something only for a
+      # test app that lacks persistence.
+      value: 'postgres://the_user:the_password@postgres.APP_GVC.cpln.local:5432/APP_GVC'
+    - name: RAILS_ENV
+      value: production
+    - name: RAILS_SERVE_STATIC_FILES
+      value: 'true'
+
+  # Part of standard configuration
+  staticPlacement:
+    locationLinks:
+      - /org/APP_ORG/location/APP_LOCATION

data/lib/generator_templates/templates/postgres.yml

@@ -0,0 +1,176 @@
+# Comes from example at
+# https://github.com/controlplane-com/examples/blob/main/examples/postgres/manifest.yaml
+
+kind: volumeset
+name: postgres-poc-vs
+description: postgres-poc-vs
+spec:
+  autoscaling:
+    maxCapacity: 1000
+    minFreePercentage: 1
+    scalingFactor: 1.1
+  fileSystemType: ext4
+  initialCapacity: 10
+  performanceClass: general-purpose-ssd
+  snapshots:
+    createFinalSnapshot: true
+    retentionDuration: 7d
+
+---
+kind: secret
+name: postgres-poc-credentials
+description: ''
+type: dictionary
+data:
+  password: the_password #Replace this with a real password
+  username: the_user     #Replace this with a real username
+
+---
+kind: secret
+name: postgres-poc-entrypoint-script
+type: opaque
+data:
+  encoding: base64
+  payload: >-
+    IyEvdXNyL2Jpbi9lbnYgYmFzaAoKc291cmNlIC91c3IvbG9jYWwvYmluL2RvY2tlci1lbnRyeXBvaW50LnNoCgppbnN0YWxsX2RlcHMoKSB7CiAgYXB0LWdldCB1cGRhdGUgLXkgPiAvZGV2L251bGwKICBhcHQtZ2V0IGluc3RhbGwgY3VybCAteSA+IC9kZXYvbnVsbAogIGFwdC1nZXQgaW5zdGFsbCB1bnppcCAteSA+IC9kZXYvbnVsbAogIGN1cmwgImh0dHBzOi8vYXdzY2xpLmFtYXpvbmF3cy5jb20vYXdzY2xpLWV4ZS1saW51eC14ODZfNjQuemlwIiAtbyAiYXdzY2xpdjIuemlwIiA+IC9kZXYvbnVsbAogIHVuemlwIGF3c2NsaXYyLnppcCA+IC9kZXYvbnVsbAogIC4vYXdzL2luc3RhbGwgPiAvZGV2L251bGwKfQoKZGJfaGFzX2JlZW5fcmVzdG9yZWQoKSB7CiAgaWYgWyAhIC1mICIkUEdEQVRBL0NQTE5fUkVTVE9SRUQiIF07IHRoZW4KICAgIHJldHVybiAxCiAgZmkKCiAgaWYgISBncmVwIC1xICJcLT4gJDEkIiAiJFBHREFUQS9DUExOX1JFU1RPUkVEIjsgdGhlbgogICAgcmV0dXJuIDEKICBlbHNlCiAgICByZXR1cm4gMAogIGZpCn0KCnJlc3RvcmVfZGIoKSB7Cgl3aGlsZSBbICEgLVMgL3Zhci9ydW4vcG9zdGdyZXNxbC8ucy5QR1NRTC41NDMyIF0KCWRvCiAgICBlY2hvICJXYWl0aW5nIDVzIGZvciBkYiBzb2NrZXQgdG8gYmUgYXZhaWxhYmxlIgogICAgc2xlZXAgNXMKICBkb25lCgoKCWlmICEgZGJfaGFzX2JlZW5fcmVzdG9yZWQgIiQxIjsgdGhlbgoJICBlY2hvICJJdCBhcHBlYXJzIGRiICckMScgaGFzIG5vdCB5ZXQgYmVlbiByZXN0b3JlZCBmcm9tIFMzLiBBdHRlbXB0aW5nIHRvIHJlc3RvcmUgJDEgZnJvbSAkMiIKCSAgaW5zdGFsbF9kZXBzCgkgIGRvY2tlcl9zZXR1cF9kYiAjRW5zdXJlcyAkUE9TVEdSRVNfREIgZXhpc3RzIChkZWZpbmVkIGluIHRoZSBlbnRyeXBvaW50IHNjcmlwdCBmcm9tIHRoZSBwb3N0Z3JlcyBkb2NrZXIgaW1hZ2UpCgkgIGF3cyBzMyBjcCAiJDIiIC0gfCBwZ19yZXN0b3JlIC0tY2xlYW4gLS1uby1hY2wgLS1uby1vd25lciAtZCAiJDEiIC1VICIkUE9TVEdSRVNfVVNFUiIKCSAgZWNobyAiJChkYXRlKTogJDIgLT4gJDEiIHwgY2F0ID4+ICIkUEdEQVRBL0NQTE5fUkVTVE9SRUQiCgllbHNlCgkgIGVjaG8gIkRiICckMScgYWxyZWFkeSBleGlzdHMuIFJlYWR5ISIKICBmaQp9CgpfbWFpbiAiJEAiICYKYmFja2dyb3VuZFByb2Nlc3M9JCEKCmlmIFsgLW4gIiRQT1NUR1JFU19BUkNISVZFX1VSSSIgXTsgdGhlbgogIHJlc3RvcmVfZGIgIiRQT1NUR1JFU19EQiIgIiRQT1NUR1JFU19BUkNISVZFX1VSSSIKZWxzZQogIGVjaG8gIkRlY2xpbmluZyB0byByZXN0b3JlIHRoZSBkYiBiZWNhdXNlIG5vIGFyY2hpdmUgdXJpIHdhcyBwcm92aWRlZCIKZmkKCndhaXQgJGJhY2tncm91bmRQcm9jZXNzCgoK
+
+#Here is the ASCII-encoded version of the script in the secret above
+#!/usr/bin/env bash
+#
+#source /usr/local/bin/docker-entrypoint.sh
+#
+#install_deps() {
+#  apt-get update -y > /dev/null
+#  apt-get install curl -y > /dev/null
+#  apt-get install unzip -y > /dev/null
+#  curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" > /dev/null
+#  unzip awscliv2.zip > /dev/null
+#  ./aws/install > /dev/null
+#}
+#
+#db_has_been_restored() {
+#  if [ ! -f "$PGDATA/CPLN_RESTORED" ]; then
+#    return 1
+#  fi
+#
+#  if ! grep -q "\-> $1$" "$PGDATA/CPLN_RESTORED"; then
+#    return 1
+#  else
+#    return 0
+#  fi
+#}
+#
+#restore_db() {
+#  while [ ! -S /var/run/postgresql/.s.PGSQL.5432 ]
+#  do
+#    echo "Waiting 5s for db socket to be available"
+#    sleep 5s
+#  done
+#
+#
+#  if ! db_has_been_restored "$1"; then
+#    echo "It appears db '$1' has not yet been restored from S3. Attempting to restore $1 from $2"
+#    install_deps
+#    docker_setup_db #Ensures $POSTGRES_DB exists (defined in the entrypoint script from the postgres docker image)
+#    aws s3 cp "$2" - | pg_restore --clean --no-acl --no-owner -d "$1" -U "$POSTGRES_USER"
+#    echo "$(date): $2 -> $1" | cat >> "$PGDATA/CPLN_RESTORED"
+#  else
+#    echo "Db '$1' already exists. Ready!"
+#  fi
+#}
+#
+#_main "$@" &
+#backgroundProcess=$!
+#
+#if [ -n "$POSTGRES_ARCHIVE_URI" ]; then
+#  restore_db "$POSTGRES_DB" "$POSTGRES_ARCHIVE_URI"
+#else
+#  echo "Declining to restore the db because no archive uri was provided"
+#fi
+#
+#wait $backgroundProcess
+
+---
+kind: identity
+name: postgres-poc-identity
+description: postgres-poc-identity
+
+---
+kind: policy
+name: postgres-poc-access
+description: postgres-poc-access
+bindings:
+  - permissions:
+      - reveal
+# Uncomment these two
+#      - use
+#      - view
+    principalLinks:
+      - //gvc/APP_GVC/identity/postgres-poc-identity
+targetKind: secret
+targetLinks:
+  - //secret/postgres-poc-credentials
+  - //secret/postgres-poc-entrypoint-script
+
+---
+kind: workload
+name: postgres
+description: postgres
+spec:
+  type: stateful
+  containers:
+    - cpu: 1000m
+      memory: 512Mi
+      env:
+        # Uncomment next two envs will cause the db to be restored from the archive uri
+        #        - name: POSTGRES_ARCHIVE_URI  #Use this var to control the automatic restore behavior. If you leave it out, the db will start empty.
+        #          value: s3://YOUR_BUCKET/PATH_TO_ARCHIVE_FILE
+        # - name: POSTGRES_DB #The name of the initial db in case of doing a restore
+        #  value: test
+        - name: PGDATA #The location postgres stores the db. This can be anything other than /var/lib/postgresql/data, but it must be inside the mount point for the volume set
+          value: "/var/lib/postgresql/data/pg_data"
+        - name: POSTGRES_PASSWORD #The password for the default user
+          value: cpln://secret/postgres-poc-credentials.password
+        - name: POSTGRES_USER #The name of the default user
+          value: cpln://secret/postgres-poc-credentials.username
+      name: stateful
+      image: postgres:15
+      command: /bin/bash
+      args:
+        - "-c"
+        - "cat /usr/local/bin/cpln-entrypoint.sh >> ./cpln-entrypoint.sh && chmod u+x ./cpln-entrypoint.sh && ./cpln-entrypoint.sh postgres"
+      #command:  "cpln-entrypoint.sh"
+      #args:
+      #  - "postgres"
+      ports:
+        - number: 5432
+          protocol: tcp
+      volumes:
+        - uri: cpln://volumeset/postgres-poc-vs
+          path: "/var/lib/postgresql/data"
+        # Make the ENV value for the entry script a file
+        - uri: cpln://secret/postgres-poc-entrypoint-script
+          path: "/usr/local/bin/cpln-entrypoint.sh"
+      inheritEnv: false
+      livenessProbe:
+        tcpSocket:
+          port: 5432
+        failureThreshold: 1
+      readinessProbe:
+        tcpSocket:
+          port: 5432
+        failureThreshold: 1
+  identityLink: //identity/postgres-poc-identity
+  defaultOptions:
+    capacityAI: false
+    autoscaling:
+      metric: cpu
+      target: 95
+      maxScale: 1
+  firewallConfig:
+    external:
+      inboundAllowCIDR: []
+      outboundAllowCIDR:
+        - 0.0.0.0/0
+    internal:
+      inboundAllowType: same-gvc

data/lib/generator_templates/templates/rails.yml

@@ -0,0 +1,36 @@
+# Template setup of Rails server workload, roughly corresponding to Heroku dyno
+# type within Procfile.
+kind: workload
+name: rails
+spec:
+  type: standard
+  containers:
+    - name: rails
+      # 300m is a good starting place for a test app. You can experiment with CPU configuration
+      # once your app is running.
+      cpu: 300m
+      env:
+        - name: LOG_LEVEL
+          value: debug
+      # Inherit other ENV values from GVC
+      inheritEnv: true
+      image: '/org/APP_ORG/image/APP_IMAGE'
+      # 512 corresponds to a standard 1x dyno type
+      memory: 512Mi
+      ports:
+        - number: 3000
+          protocol: http
+  defaultOptions:
+    # Start out like this for "test apps"
+    autoscaling:
+      # Max of 1 effectively disables autoscaling, so a like a Heroku dyno count of 1
+      maxScale: 1
+    capacityAI: false
+  firewallConfig:
+    external:
+      # Default to allow public access to Rails server
+      inboundAllowCIDR:
+        - 0.0.0.0/0
+      # Could configure outbound for more security
+      outboundAllowCIDR:
+        - 0.0.0.0/0

data/script/check_cpln_links

@@ -0,0 +1,45 @@
+#!/usr/bin/env bash
+
+bad_links=("controlplane.com/shakacode")
+proper_links=("shakacode.controlplane.com")
+
+bold=$(tput bold)
+normal=$(tput sgr0)
+
+exit_status=0
+accumulated_results=""
+seen_bad_links_indexes=()
+
+for ((idx = 0; idx < ${#bad_links[@]}; idx++)); do
+    results=$(git grep \
+        --recursive \
+        --line-number \
+        --fixed-strings \
+        --break \
+        --heading \
+        --color=always -- \
+        "${bad_links[idx]}" \
+        ':!script/check_cpln_links')
+
+    # Line would become really unwieldly if everything was mushed into the
+    # conditional, so let's ignore this check here.
+    # shellcheck disable=SC2181
+    if [ $? -eq 0 ]; then
+        accumulated_results+="$results"
+        seen_bad_links_indexes+=("$idx")
+        exit_status=1
+    fi
+done
+
+if [ "$exit_status" -eq 1 ]; then
+    echo "${bold}[!] Found the following bad links:${normal}"
+    echo ""
+    echo "$accumulated_results"
+    echo ""
+    echo "${bold}[*] Please update accordingly:${normal}"
+    for bad_link_index in "${seen_bad_links_indexes[@]}"; do
+        echo "  ${bad_links[bad_link_index]} -> ${proper_links[bad_link_index]}"
+    done
+fi
+
+exit "$exit_status"