cpl 2.0.1 → 2.1.0

data/lib/command/deploy_image.rb

@@ -10,9 +10,9 @@ module Command
     DESCRIPTION = "Deploys the latest image to app workloads, and runs a release script (optional)"
     LONG_DESCRIPTION = <<~DESC
       - Deploys the latest image to app workloads
-      - Optionally runs a release script before deploying if specified through `release_script` in the `.controlplane/controlplane.yml` file and `--run-release-phase` is provided
+      - Runs a release script before deploying if `release_script` is specified in the `.controlplane/controlplane.yml` file and `--run-release-phase` is provided
       - The release script is run in the context of `cpl run` with the latest image
-      - The deploy will fail if the release script exits with a non-zero code or doesn't exist
+      - If the release script exits with a non-zero code, the command will stop executing and also exit with a non-zero code
     DESC
 
     def call # rubocop:disable Metrics/MethodLength
@@ -20,7 +20,7 @@ module Command
 
       deployed_endpoints = {}
 
-      image = latest_image
+      image = cp.latest_image
       if cp.fetch_image_details(image).nil?
         raise "Image '#{image}' does not exist in the Docker repository on Control Plane " \
               "(see https://console.cpln.io/console/org/#{config.org}/repository/#{config.app}). " \
@@ -48,24 +48,9 @@ module Command
 
     private
 
-    def run_release_script # rubocop:disable Metrics/MethodLength
-      release_script_name = config[:release_script]
-      release_script_path = Pathname.new("#{config.app_cpln_dir}/#{release_script_name}").expand_path
-
-      raise "Can't find release script in '#{release_script_path}'." unless File.exist?(release_script_path)
-
-      progress.puts("Running release script...\n\n")
-
-      release_script = File.read(release_script_path)
-      begin
-        Cpl::Cli.start(["run", "-a", config.app, "--image", "latest", "--", release_script])
-      rescue SystemExit => e
-        progress.puts
-
-        raise "Failed to run release script." if e.status.nonzero?
-
-        progress.puts("Finished running release script.\n\n")
-      end
+    def run_release_script
+      release_script = config[:release_script]
+      run_command_in_latest_image(release_script, title: "release script")
     end
   end
 end

data/lib/command/doctor.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module Command
+  class Doctor < Base
+    NAME = "doctor"
+    OPTIONS = [
+      validations_option,
+      app_option
+    ].freeze
+    DESCRIPTION = "Runs validations"
+    LONG_DESCRIPTION = <<~DESC
+      - Runs validations
+    DESC
+    EXAMPLES = <<~EX
+      ```sh
+      # Runs all validations that don't require additional options by default.
+      cpl doctor
+
+      # Runs config validation.
+      cpl doctor --validations config
+
+      # Runs templates validation (requires app).
+      cpl doctor --validations templates -a $APP_NAME
+      ```
+    EX
+    VALIDATIONS = [].freeze
+
+    def call
+      validations = config.options[:validations].split(",")
+      ensure_required_options!(validations)
+
+      doctor_service = DoctorService.new(config)
+      doctor_service.run_validations(validations)
+    end
+
+    private
+
+    def ensure_required_options!(validations)
+      validations.each do |validation|
+        case validation
+        when "templates"
+          raise "App is required for templates validation." unless config.app
+        end
+      end
+    end
+  end
+end

data/lib/command/latest_image.rb

@@ -13,7 +13,7 @@ module Command
     WITH_INFO_HEADER = false
 
     def call
-      puts latest_image
+      puts cp.latest_image
     end
   end
 end

data/lib/command/no_command.rb

@@ -10,6 +10,7 @@ module Command
     DESC
     HIDE = true
     WITH_INFO_HEADER = false
+    VALIDATIONS = [].freeze
 
     def call
       if config.options[:version]

data/lib/command/promote_app_from_upstream.rb

@@ -14,7 +14,7 @@ module Command
         - Runs `cpl copy-image-from-upstream` to copy the latest image from upstream
         - Runs `cpl deploy-image` to deploy the image
         - If `.controlplane/controlplane.yml` includes the `release_script`, `cpl deploy-image` will use the `--run-release-phase` option
-        - The deploy will fail if the release script exits with a non-zero code
+        - If the release script exits with a non-zero code, the command will stop executing and also exit with a non-zero code
     DESC
 
     def call

data/lib/command/run.rb

@@ -183,7 +183,7 @@ module Command
         # Override image if specified
         image = config.options[:image]
         image_link = if image
-                       image = latest_image if image == "latest"
+                       image = cp.latest_image if image == "latest"
                        "/org/#{config.org}/image/#{image}"
                      else
                        original_container_spec["image"]
@@ -395,7 +395,7 @@ module Command
       script += interactive_runner_script if interactive
 
       script +=
-        if @log_method == 1
+        if @log_method == 1 || @interactive
           args_join(config.args)
         else
           <<~SCRIPT
@@ -442,16 +442,22 @@ module Command
       )
     end
 
-    def resolve_job_status
-      result = cp.fetch_cron_workload(runner_workload, location: location)
-      job_details = result&.dig("items")&.find { |item| item["id"] == job }
-      status = job_details&.dig("status")
+    def resolve_job_status # rubocop:disable Metrics/MethodLength
+      loop do
+        result = cp.fetch_cron_workload(runner_workload, location: location)
+        job_details = result&.dig("items")&.find { |item| item["id"] == job }
+        status = job_details&.dig("status")
+
+        Shell.debug("JOB STATUS", status)
 
-      case status
-      when "failed"
-        ExitCode::ERROR_DEFAULT
-      when "successful"
-        ExitCode::SUCCESS
+        case status
+        when "active"
+          sleep 1
+        when "successful"
+          break ExitCode::SUCCESS
+        else
+          break ExitCode::ERROR_DEFAULT
+        end
       end
     end
 

data/lib/command/setup_app.rb

@@ -5,18 +5,27 @@ module Command
     NAME = "setup-app"
     OPTIONS = [
       app_option(required: true),
-      skip_secret_access_binding_option
+      skip_secret_access_binding_option,
+      skip_secrets_setup_option,
+      skip_post_creation_hook_option
     ].freeze
     DESCRIPTION = "Creates an app and all its workloads"
     LONG_DESCRIPTION = <<~DESC
       - Creates an app and all its workloads
       - Specify the templates for the app and workloads through `setup_app_templates` in the `.controlplane/controlplane.yml` file
-      - This should only be used for temporary apps like review apps, never for persistent apps like production (to update workloads for those, use 'cpl apply-template' instead)
-      - Automatically binds the app to the secrets policy, as long as both the identity and the policy exist
-      - Use `--skip-secret-access-binding` to prevent the automatic bind
+      - This should only be used for temporary apps like review apps, never for persistent apps like production or staging (to update workloads for those, use 'cpl apply-template' instead)
+      - Configures app to have org-level secrets with default name "{APP_PREFIX}-secrets"
+        using org-level policy with default name "{APP_PREFIX}-secrets-policy" (names can be customized, see docs)
+      - Creates identity for secrets if it does not exist
+      - Use `--skip-secrets-setup` to prevent the automatic setup of secrets,
+        or set it through `skip_secrets_setup` in the `.controlplane/controlplane.yml` file
+      - Runs a post-creation hook after the app is created if `hooks.post_creation` is specified in the `.controlplane/controlplane.yml` file
+      - If the hook exits with a non-zero code, the command will stop executing and also exit with a non-zero code
+      - Use `--skip-post-creation-hook` to skip the hook if specified in `controlplane.yml`
     DESC
+    VALIDATIONS = %w[config templates].freeze
 
-    def call # rubocop:disable Metrics/MethodLength
+    def call # rubocop:disable Metrics/CyclomaticComplexity, Metrics/MethodLength
       templates = config[:setup_app_templates]
 
       app = cp.fetch_gvc
@@ -26,24 +35,79 @@ module Command
               "or run 'cpl apply-template #{templates.join(' ')} -a #{config.app}'."
       end
 
-      Cpl::Cli.start(["apply-template", *templates, "-a", config.app])
+      skip_secrets_setup = config.options[:skip_secret_access_binding] ||
+                           config.options[:skip_secrets_setup] || config.current[:skip_secrets_setup]
 
-      return if config.options[:skip_secret_access_binding]
+      create_secret_and_policy_if_not_exist unless skip_secrets_setup
+
+      args = []
+      args.push("--add-app-identity") unless skip_secrets_setup
+      Cpl::Cli.start(["apply-template", *templates, "-a", config.app, *args])
+
+      bind_identity_to_policy unless skip_secrets_setup
+      run_post_creation_hook unless config.options[:skip_post_creation_hook]
+    end
+
+    private
+
+    def create_secret_and_policy_if_not_exist
+      create_secret_if_not_exists
+      create_policy_if_not_exists
 
       progress.puts
+    end
 
-      if cp.fetch_identity(app_identity).nil? || cp.fetch_policy(app_secrets_policy).nil?
-        raise "Can't bind identity to policy: identity '#{app_identity}' or " \
-              "policy '#{app_secrets_policy}' doesn't exist. " \
-              "Please create them or use `--skip-secret-access-binding` to ignore this message." \
-              "You can also set a custom secrets name with `secrets_name` " \
-              "and a custom secrets policy name with `secrets_policy_name` " \
-              "in the `.controlplane/controlplane.yml` file."
+    def create_secret_if_not_exists
+      if cp.fetch_secret(config.secrets)
+        progress.puts("Secret '#{config.secrets}' already exists. Skipping creation...")
+      else
+        step("Creating secret '#{config.secrets}'") do
+          cp.apply_hash(build_secret_hash)
+        end
       end
+    end
 
-      step("Binding identity to policy") do
-        cp.bind_identity_to_policy(app_identity_link, app_secrets_policy)
+    def create_policy_if_not_exists
+      if cp.fetch_policy(config.secrets_policy)
+        progress.puts("Policy '#{config.secrets_policy}' already exists. Skipping creation...")
+      else
+        step("Creating policy '#{config.secrets_policy}'") do
+          cp.apply_hash(build_policy_hash)
+        end
       end
     end
+
+    def build_secret_hash
+      {
+        "kind" => "secret",
+        "name" => config.secrets,
+        "type" => "dictionary",
+        "data" => {}
+      }
+    end
+
+    def build_policy_hash
+      {
+        "kind" => "policy",
+        "name" => config.secrets_policy,
+        "targetKind" => "secret",
+        "targetLinks" => ["//secret/#{config.secrets}"]
+      }
+    end
+
+    def bind_identity_to_policy
+      progress.puts
+
+      step("Binding identity '#{config.identity}' to policy '#{config.secrets_policy}'") do
+        cp.bind_identity_to_policy(config.identity_link, config.secrets_policy)
+      end
+    end
+
+    def run_post_creation_hook
+      post_creation_hook = config.current.dig(:hooks, :post_creation)
+      return unless post_creation_hook
+
+      run_command_in_latest_image(post_creation_hook, title: "post-creation hook")
+    end
   end
 end

data/lib/command/test.rb

@@ -11,6 +11,7 @@ module Command
       - For debugging purposes
     DESC
     HIDE = true
+    VALIDATIONS = [].freeze
 
     def call
       # Modify this method to trigger the code you want to test.

data/lib/command/version.rb

@@ -9,6 +9,7 @@ module Command
       - Can also be done with `cpl --version` or `cpl -v`
     DESC
     WITH_INFO_HEADER = false
+    VALIDATIONS = [].freeze
 
     def call
       puts Cpl::VERSION

data/lib/core/config.rb

@@ -18,6 +18,8 @@ class Config # rubocop:disable Metrics/ClassLength
 
     ensure_required_options!
 
+    warn_deprecated_options
+
     Shell.verbose_mode(options[:verbose])
     trace_mode = options[:trace]
     return unless trace_mode
@@ -38,10 +40,34 @@ class Config # rubocop:disable Metrics/ClassLength
     current&.fetch(:name)
   end
 
+  def identity
+    "#{app}-identity"
+  end
+
+  def identity_link
+    "/org/#{org}/gvc/#{app}/identity/#{identity}"
+  end
+
+  def secrets
+    current&.dig(:secrets_name) || "#{app_prefix}-secrets"
+  end
+
+  def secrets_policy
+    current&.dig(:secrets_policy_name) || "#{secrets}-policy"
+  end
+
   def location
     @location ||= load_location_from_options || load_location_from_env || load_location_from_file
   end
 
+  def location_link
+    "/org/#{org}/location/#{location}"
+  end
+
+  def image_link(image)
+    "/org/#{org}/image/#{image}"
+  end
+
   def domain
     @domain ||= load_domain_from_options || load_domain_from_file
   end
@@ -84,6 +110,8 @@ class Config # rubocop:disable Metrics/ClassLength
     @apps ||= config[:apps].to_h do |app_name, app_options|
       ensure_config_app!(app_name, app_options)
 
+      check_deprecated_options(app_options)
+
       app_options_with_new_keys = app_options.to_h do |key, value|
         new_key = new_option_keys[key]
         new_key ? [new_key, value] : [key, value]
@@ -96,14 +124,7 @@ class Config # rubocop:disable Metrics/ClassLength
   def current
     return unless app
 
-    @current ||= begin
-      app_config = find_app_config(app)
-      ensure_config_app!(app, app_config)
-
-      warn_deprecated_options(app_config)
-
-      app_config
-    end
+    @current ||= find_app_config(app)
   end
 
   def app_matches?(app_name1, app_name2, app_options)
@@ -275,11 +296,18 @@ class Config # rubocop:disable Metrics/ClassLength
     strip_str_and_validate(current.fetch(:default_domain))
   end
 
-  def warn_deprecated_options(app_options)
-    deprecated_option_keys = new_option_keys.select { |old_key| app_options.key?(old_key) }
-    return if deprecated_option_keys.empty?
+  def check_deprecated_options(app_options)
+    @deprecated_option_keys ||= {}
+
+    new_option_keys.each do |old_key, new_key|
+      @deprecated_option_keys[old_key] = new_key if app_options.key?(old_key)
+    end
+  end
+
+  def warn_deprecated_options
+    return if !@deprecated_option_keys || @deprecated_option_keys.empty?
 
-    deprecated_option_keys.each do |old_key, new_key|
+    @deprecated_option_keys.each do |old_key, new_key|
       Shell.warn_deprecated("Option '#{old_key}' is deprecated, " \
                             "please use '#{new_key}' instead (in 'controlplane.yml').")
     end

data/lib/core/controlplane.rb

@@ -3,6 +3,8 @@
 class Controlplane # rubocop:disable Metrics/ClassLength
   attr_reader :config, :api, :gvc, :org
 
+  NO_IMAGE_AVAILABLE = "NO_IMAGE_AVAILABLE"
+
   def initialize(config)
     @config = config
     @api = ControlplaneApi.new
@@ -37,6 +39,51 @@ class Controlplane # rubocop:disable Metrics/ClassLength
 
   # image
 
+  def latest_image(a_gvc = gvc, a_org = org, refresh: false)
+    @latest_image ||= {}
+    @latest_image[a_gvc] = nil if refresh
+    @latest_image[a_gvc] ||=
+      begin
+        items = query_images(a_gvc, a_org)["items"]
+        latest_image_from(items, app_name: a_gvc)
+      end
+  end
+
+  def latest_image_next(a_gvc = gvc, a_org = org, commit: nil)
+    commit ||= config.options[:commit]
+
+    @latest_image_next ||= {}
+    @latest_image_next[a_gvc] ||= begin
+      latest_image_name = latest_image(a_gvc, a_org)
+      image = latest_image_name.split(":").first
+      image += ":#{extract_image_number(latest_image_name) + 1}"
+      image += "_#{commit}" if commit
+      image
+    end
+  end
+
+  def latest_image_from(items, app_name: gvc, name_only: true)
+    matching_items = items.select { |item| item["name"].start_with?("#{app_name}:") }
+
+    # Or special string to indicate no image available
+    if matching_items.empty?
+      name_only ? "#{app_name}:#{NO_IMAGE_AVAILABLE}" : nil
+    else
+      latest_item = matching_items.max_by { |item| extract_image_number(item["name"]) }
+      name_only ? latest_item["name"] : latest_item
+    end
+  end
+
+  def extract_image_number(image_name)
+    return 0 if image_name.end_with?(NO_IMAGE_AVAILABLE)
+
+    image_name.match(/:(\d+)/)&.captures&.first.to_i
+  end
+
+  def extract_image_commit(image_name)
+    image_name.match(/_(\h+)$/)&.captures&.first
+  end
+
   def query_images(a_gvc = gvc, a_org = org, partial_gvc_match: nil)
     partial_gvc_match = config.should_app_start_with?(a_gvc) if partial_gvc_match.nil?
     gvc_op = partial_gvc_match ? "~" : "="
@@ -324,6 +371,12 @@ class Controlplane # rubocop:disable Metrics/ClassLength
     api.log_get(org: org, gvc: gvc, workload: workload, replica: replica, from: from, to: to)
   end
 
+  # secrets
+
+  def fetch_secret(secret)
+    api.fetch_secret(org: org, secret: secret)
+  end
+
   # identities
 
   def fetch_identity(identity, a_gvc = gvc)

data/lib/core/controlplane_api.rb

@@ -52,7 +52,7 @@ class ControlplaneApi # rubocop:disable Metrics/ClassLength
     # params << "direction=forward"
     params = params.map { |k, v| %(#{k}=#{CGI.escape(v)}) }.join("&")
 
-    api_json_direct("/logs/org/#{org}/loki/api/v1/query_range?#{params}", method: :get, host: :logs)
+    api_json("/logs/org/#{org}/loki/api/v1/query_range?#{params}", method: :get, host: :logs)
   end
 
   def query_workloads(org:, gvc:, workload:, gvc_op_type:, workload_op_type:) # rubocop:disable Metrics/MethodLength
@@ -116,6 +116,14 @@ class ControlplaneApi # rubocop:disable Metrics/ClassLength
     api_json("/org/#{org}/domain/#{domain}", method: :patch, body: data)
   end
 
+  def fetch_secret(org:, secret:)
+    api_json("/org/#{org}/secret/#{secret}", method: :get)
+  end
+
+  def delete_secret(org:, secret:)
+    api_json("/org/#{org}/secret/#{secret}", method: :delete)
+  end
+
   def fetch_identity(org:, gvc:, identity:)
     api_json("/org/#{org}/gvc/#{gvc}/identity/#{identity}", method: :get)
   end
@@ -124,6 +132,10 @@ class ControlplaneApi # rubocop:disable Metrics/ClassLength
     api_json("/org/#{org}/policy/#{policy}", method: :get)
   end
 
+  def delete_policy(org:, policy:)
+    api_json("/org/#{org}/policy/#{policy}", method: :delete)
+  end
+
   private
 
   def fetch_query_pages(result)
@@ -152,13 +164,7 @@ class ControlplaneApi # rubocop:disable Metrics/ClassLength
     result
   end
 
-  # switch between cpln rest and api
   def api_json(...)
     ControlplaneApiDirect.new.call(...)
   end
-
-  # only for api (where not impelemented in cpln rest)
-  def api_json_direct(...)
-    ControlplaneApiDirect.new.call(...)
-  end
 end

data/lib/core/controlplane_api_direct.rb

@@ -98,7 +98,7 @@ class ControlplaneApiDirect
   end
 
   def refresh_api_token
-    @@api_token[:token] = `cpln profile token`.chomp
+    @@api_token[:token] = Shell.cmd("cpln", "profile", "token")[:output].chomp
   end
 
   def self.reset_api_token

data/lib/core/doctor_service.rb

@@ -0,0 +1,104 @@
+# frozen_string_literal: true
+
+class ValidationError < StandardError; end
+
+class DoctorService
+  attr_reader :config
+
+  def initialize(config)
+    @config = config
+  end
+
+  def run_validations(validations, silent_if_passing: false) # rubocop:disable Metrics/MethodLength
+    @any_failed_validation = false
+
+    validations.each do |validation|
+      case validation
+      when "config"
+        validate_config
+      when "templates"
+        validate_templates
+      else
+        raise ValidationError, Shell.color("ERROR: Invalid validation '#{validation}'.", :red)
+      end
+
+      progress.puts("#{Shell.color('[PASS]', :green)} #{validation}") unless silent_if_passing
+    rescue ValidationError => e
+      @any_failed_validation = true
+
+      progress.puts("#{Shell.color('[FAIL]', :red)} #{validation}\n\n#{e.message}\n\n")
+    end
+
+    exit(ExitCode::ERROR_DEFAULT) if @any_failed_validation
+  end
+
+  def validate_config
+    check_for_app_names_contained_in_others
+  end
+
+  def validate_templates
+    @template_parser = TemplateParser.new(config)
+    filenames = Dir.glob("#{@template_parser.template_dir}/*.yml")
+    templates = @template_parser.parse(filenames)
+
+    check_for_duplicate_templates(templates)
+    warn_deprecated_template_variables
+  end
+
+  private
+
+  def check_for_app_names_contained_in_others
+    app_names_contained_in_others = find_app_names_contained_in_others
+    return if app_names_contained_in_others.empty?
+
+    message = "App names contained in others found below. Please ensure that app names are unique."
+    list = app_names_contained_in_others
+           .map { |app_prefix, app_name| "  - '#{app_prefix}' is a prefix of '#{app_name}'" }
+           .join("\n")
+    raise ValidationError, "#{Shell.color("ERROR: #{message}", :red)}\n#{list}"
+  end
+
+  def find_app_names_contained_in_others # rubocop:disable Metrics/CyclomaticComplexity, Metrics/MethodLength
+    app_names = config.apps.keys.map(&:to_s).sort
+    app_prefixes = config.apps
+                         .select { |_, app_options| app_options[:match_if_app_name_starts_with] }
+                         .keys
+                         .map(&:to_s)
+                         .sort
+    app_prefixes.each_with_object([]) do |app_prefix, app_names_contained_in_others|
+      app_names.each do |app_name|
+        if app_prefix != app_name && app_name.start_with?(app_prefix)
+          app_names_contained_in_others.push([app_prefix, app_name])
+        end
+      end
+    end
+  end
+
+  def check_for_duplicate_templates(templates)
+    grouped_templates = templates.group_by { |template| [template["kind"], template["name"]] }
+    duplicate_templates = grouped_templates.select { |_, group| group.size > 1 }
+    return if duplicate_templates.empty?
+
+    message = "Duplicate templates found with the kind/names below. Please ensure that templates are unique."
+    list = duplicate_templates
+           .map { |(kind, name), _| "  - kind: #{kind}, name: #{name}" }
+           .join("\n")
+    raise ValidationError, "#{Shell.color("ERROR: #{message}", :red)}\n#{list}"
+  end
+
+  def warn_deprecated_template_variables
+    deprecated_variables = @template_parser.deprecated_variables
+    return if deprecated_variables.empty?
+
+    message = "Please replace these variables in the templates, " \
+              "as support for them will be removed in a future major version bump:"
+    list = deprecated_variables
+           .map { |old_key, new_key| "  - #{old_key} -> #{new_key}" }
+           .join("\n")
+    progress.puts("\n#{Shell.color("DEPRECATED: #{message}", :yellow)}\n#{list}\n\n")
+  end
+
+  def progress
+    $stderr
+  end
+end

data/lib/core/helpers.rb

@@ -3,6 +3,8 @@
 require "securerandom"
 
 module Helpers
+  module_function
+
   def strip_str_and_validate(str)
     return str if str.nil?
 
@@ -13,4 +15,12 @@ module Helpers
   def random_four_digits
     SecureRandom.random_number(1000..9999)
   end
+
+  def normalize_command_name(name)
+    name.to_s.tr("_", "-")
+  end
+
+  def normalize_option_name(name)
+    "--#{name.to_s.tr('_', '-')}"
+  end
 end

data/lib/core/shell.rb

@@ -90,4 +90,11 @@ class Shell
 
     message.gsub(pattern, "XXXXXXX")
   end
+
+  def self.trap_interrupt
+    trap("SIGINT") do
+      puts
+      exit(ExitCode::INTERRUPT)
+    end
+  end
 end