cpl 2.0.2 → 2.1.0

data/lib/command/base.rb

@@ -8,6 +8,10 @@ module Command
 
     include Helpers
 
+    VALIDATIONS_WITHOUT_ADDITIONAL_OPTIONS = %w[config].freeze
+    VALIDATIONS_WITH_ADDITIONAL_OPTIONS = %w[templates].freeze
+    ALL_VALIDATIONS = VALIDATIONS_WITHOUT_ADDITIONAL_OPTIONS + VALIDATIONS_WITH_ADDITIONAL_OPTIONS
+
     # Used to call the command (`cpl NAME`)
     # NAME = ""
     # Displayed when running `cpl help` or `cpl help NAME` (defaults to `NAME`)
@@ -32,8 +36,8 @@ module Command
     HIDE = false
     # Whether or not to show key information like ORG and APP name in commands
     WITH_INFO_HEADER = true
-
-    NO_IMAGE_AVAILABLE = "NO_IMAGE_AVAILABLE"
+    # Which validations to run before the command
+    VALIDATIONS = %w[config].freeze
 
     def initialize(config)
       @config = config
@@ -269,6 +273,7 @@ module Command
     def self.skip_secret_access_binding_option(required: false)
       {
         name: :skip_secret_access_binding,
+        new_name: :skip_secrets_setup,
         params: {
           desc: "Skips secret access binding",
           type: :boolean,
@@ -277,6 +282,17 @@ module Command
       }
     end
 
+    def self.skip_secrets_setup_option(required: false)
+      {
+        name: :skip_secrets_setup,
+        params: {
+          desc: "Skips secrets setup",
+          type: :boolean,
+          required: required
+        }
+      }
+    end
+
     def self.run_release_phase_option(required: false)
       {
         name: :run_release_phase,
@@ -378,57 +394,65 @@ module Command
         }
       }
     end
-    # rubocop:enable Metrics/MethodLength
 
-    def self.all_options
-      methods.grep(/_option$/).map { |method| send(method.to_s) }
+    def self.validations_option(required: false)
+      {
+        name: :validations,
+        params: {
+          banner: "VALIDATION_1,VALIDATION_2,...",
+          desc: "Which validations to run " \
+                "(must be separated by a comma)",
+          type: :string,
+          required: required,
+          default: VALIDATIONS_WITHOUT_ADDITIONAL_OPTIONS.join(","),
+          valid_regex: /^(#{ALL_VALIDATIONS.join("|")})(,(#{ALL_VALIDATIONS.join("|")}))*$/
+        }
+      }
     end
 
-    def self.all_options_by_key_name
-      all_options.each_with_object({}) do |option, result|
-        option[:params][:aliases]&.each { |current_alias| result[current_alias.to_s] = option }
-        result["--#{option[:name]}"] = option
-      end
+    def self.skip_post_creation_hook_option(required: false)
+      {
+        name: :skip_post_creation_hook,
+        params: {
+          desc: "Skips post-creation hook",
+          type: :boolean,
+          required: required
+        }
+      }
     end
 
-    def latest_image_from(items, app_name: config.app, name_only: true)
-      matching_items = items.select { |item| item["name"].start_with?("#{app_name}:") }
-
-      # Or special string to indicate no image available
-      if matching_items.empty?
-        name_only ? "#{app_name}:#{NO_IMAGE_AVAILABLE}" : nil
-      else
-        latest_item = matching_items.max_by { |item| extract_image_number(item["name"]) }
-        name_only ? latest_item["name"] : latest_item
-      end
+    def self.skip_pre_deletion_hook_option(required: false)
+      {
+        name: :skip_pre_deletion_hook,
+        params: {
+          desc: "Skips pre-deletion hook",
+          type: :boolean,
+          required: required
+        }
+      }
     end
 
-    def latest_image(app = config.app, org = config.org, refresh: false)
-      @latest_image ||= {}
-      @latest_image[app] = nil if refresh
-      @latest_image[app] ||=
-        begin
-          items = cp.query_images(app, org)["items"]
-          latest_image_from(items, app_name: app)
-        end
+    def self.add_app_identity_option(required: false)
+      {
+        name: :add_app_identity,
+        params: {
+          desc: "Adds app identity template if it does not exist",
+          type: :boolean,
+          required: required
+        }
+      }
     end
+    # rubocop:enable Metrics/MethodLength
 
-    def latest_image_next(app = config.app, org = config.org, commit: nil)
-      # debugger
-      commit ||= config.options[:commit]
-
-      @latest_image_next ||= {}
-      @latest_image_next[app] ||= begin
-        latest_image_name = latest_image(app, org)
-        image = latest_image_name.split(":").first
-        image += ":#{extract_image_number(latest_image_name) + 1}"
-        image += "_#{commit}" if commit
-        image
-      end
+    def self.all_options
+      methods.grep(/_option$/).map { |method| send(method.to_s) }
     end
 
-    def extract_image_commit(image_name)
-      image_name.match(/_(\h+)$/)&.captures&.first
+    def self.all_options_by_key_name
+      all_options.each_with_object({}) do |option, result|
+        option[:params][:aliases]&.each { |current_alias| result[current_alias.to_s] = option }
+        result["--#{option[:name]}"] = option
+      end
     end
 
     # NOTE: use simplified variant atm, as shelljoin do different escaping
@@ -486,30 +510,6 @@ module Command
       @cp ||= Controlplane.new(config)
     end
 
-    def app_location_link
-      "/org/#{config.org}/location/#{config.location}"
-    end
-
-    def app_image_link
-      "/org/#{config.org}/image/#{latest_image}"
-    end
-
-    def app_identity
-      "#{config.app}-identity"
-    end
-
-    def app_identity_link
-      "/org/#{config.org}/gvc/#{config.app}/identity/#{app_identity}"
-    end
-
-    def app_secrets
-      config.current[:secrets_name] || "#{config.app_prefix}-secrets"
-    end
-
-    def app_secrets_policy
-      config.current[:secrets_policy_name] || "#{app_secrets}-policy"
-    end
-
     def ensure_docker_running!
       result = Shell.cmd("docker", "version", capture_stderr: true)
       return if result[:success]
@@ -517,13 +517,24 @@ module Command
       raise "Can't run Docker. Please make sure that it's installed and started, then try again."
     end
 
-    private
+    def run_command_in_latest_image(command, title:)
+      # Need to prefix the command with '.controlplane/'
+      # if it's a file in the '.controlplane' directory,
+      # for backwards compatibility
+      path = Pathname.new("#{config.app_cpln_dir}/#{command}").expand_path
+      command = ".controlplane/#{command}" if File.exist?(path)
+
+      progress.puts("Running #{title}...\n\n")
 
-    # returns 0 if no prior image
-    def extract_image_number(image_name)
-      return 0 if image_name.end_with?(NO_IMAGE_AVAILABLE)
+      begin
+        Cpl::Cli.start(["run", "-a", config.app, "--image", "latest", "--", command])
+      rescue SystemExit => e
+        progress.puts
 
-      image_name.match(/:(\d+)/)&.captures&.first.to_i
+        raise "Failed to run #{title}." if e.status.nonzero?
+
+        progress.puts("Finished running #{title}.\n\n")
+      end
     end
   end
 end

data/lib/command/build_image.rb

@@ -27,7 +27,7 @@ module Command
 
       progress.puts("Building image from Dockerfile '#{dockerfile}'...\n\n")
 
-      image_name = latest_image_next
+      image_name = cp.latest_image_next
       image_url = "#{config.org}.registry.cpln.io/#{image_name}"
 
       commit = config.options[:commit]
@@ -41,7 +41,7 @@ module Command
       progress.puts("\nPushed image to '/org/#{config.org}/image/#{image_name}'.\n\n")
 
       step("Waiting for image to be available", retry_on_failure: true) do
-        image_name == latest_image(refresh: true)
+        image_name == cp.latest_image(refresh: true)
       end
     end
   end

data/lib/command/cleanup_images.rb

@@ -56,7 +56,7 @@ module Command
       return images unless cp.fetch_gvc(app)
 
       # If app exists, remove latest image, because we don't want to delete the image that is currently deployed
-      latest_image_name = latest_image_from(images, app_name: app)
+      latest_image_name = cp.latest_image_from(images, app_name: app)
       images.reject { |image| image["name"] == latest_image_name }
     end
 

data/lib/command/cleanup_stale_apps.rb

@@ -49,7 +49,7 @@ module Command
             app_name = gvc["name"]
 
             images = cp.query_images(app_name)["items"].select { |item| item["name"].start_with?("#{app_name}:") }
-            image = latest_image_from(images, app_name: app_name, name_only: false)
+            image = cp.latest_image_from(images, app_name: app_name, name_only: false)
             next unless image
 
             created_date = DateTime.parse(image["created"])

data/lib/command/copy_image_from_upstream.rb

@@ -66,8 +66,8 @@ module Command
       step("Fetching upstream image URL") do
         cp.profile_switch(@upstream_profile)
         upstream_image = config.options[:image]
-        upstream_image = latest_image(@upstream, @upstream_org) if !upstream_image || upstream_image == "latest"
-        @commit = extract_image_commit(upstream_image)
+        upstream_image = cp.latest_image(@upstream, @upstream_org) if !upstream_image || upstream_image == "latest"
+        @commit = cp.extract_image_commit(upstream_image)
         @upstream_image_url = "#{@upstream_org}.registry.cpln.io/#{upstream_image}"
       end
     end
@@ -75,7 +75,7 @@ module Command
     def fetch_app_image_url
       step("Fetching app image URL") do
         cp.profile_switch("default")
-        app_image = latest_image_next(config.app, config.org, commit: @commit)
+        app_image = cp.latest_image_next(config.app, config.org, commit: @commit)
         @app_image_url = "#{config.org}.registry.cpln.io/#{app_image}"
       end
     end

data/lib/command/delete.rb

@@ -6,13 +6,17 @@ module Command
     OPTIONS = [
       app_option(required: true),
       workload_option,
-      skip_confirm_option
+      skip_confirm_option,
+      skip_pre_deletion_hook_option
     ].freeze
     DESCRIPTION = "Deletes the whole app (GVC with all workloads, all volumesets and all images) or a specific workload"
     LONG_DESCRIPTION = <<~DESC
       - Deletes the whole app (GVC with all workloads, all volumesets and all images) or a specific workload
       - Also unbinds the app from the secrets policy, as long as both the identity and the policy exist (and are bound)
       - Will ask for explicit user confirmation
+      - Runs a pre-deletion hook before the app is deleted if `hooks.pre_deletion` is specified in the `.controlplane/controlplane.yml` file
+      - If the hook exits with a non-zero code, the command will stop executing and also exit with a non-zero code
+      - Use `--skip-pre-deletion-hook` to skip the hook if specified in `controlplane.yml`
     DESC
     EXAMPLES = <<~EX
       ```sh
@@ -51,6 +55,7 @@ module Command
       check_images
       return unless confirm_delete(config.app)
 
+      run_pre_deletion_hook unless config.options[:skip_pre_deletion_hook]
       unbind_identity_from_policy
       delete_volumesets
       delete_gvc
@@ -119,19 +124,26 @@ module Command
     end
 
     def unbind_identity_from_policy
-      return if cp.fetch_identity(app_identity).nil?
+      return if cp.fetch_identity(config.identity).nil?
 
-      policy = cp.fetch_policy(app_secrets_policy)
+      policy = cp.fetch_policy(config.secrets_policy)
       return if policy.nil?
 
       is_bound = policy["bindings"].any? do |binding|
-        binding["principalLinks"].any? { |link| link == app_identity_link }
+        binding["principalLinks"].any? { |link| link == config.identity_link }
       end
       return unless is_bound
 
       step("Unbinding identity from policy for app '#{config.app}'") do
-        cp.unbind_identity_from_policy(app_identity_link, app_secrets_policy)
+        cp.unbind_identity_from_policy(config.identity_link, config.secrets_policy)
       end
     end
+
+    def run_pre_deletion_hook
+      pre_deletion_hook = config.current.dig(:hooks, :pre_deletion)
+      return unless pre_deletion_hook
+
+      run_command_in_latest_image(pre_deletion_hook, title: "pre-deletion hook")
+    end
   end
 end

data/lib/command/deploy_image.rb

@@ -10,9 +10,9 @@ module Command
     DESCRIPTION = "Deploys the latest image to app workloads, and runs a release script (optional)"
     LONG_DESCRIPTION = <<~DESC
       - Deploys the latest image to app workloads
-      - Optionally runs a release script before deploying if specified through `release_script` in the `.controlplane/controlplane.yml` file and `--run-release-phase` is provided
+      - Runs a release script before deploying if `release_script` is specified in the `.controlplane/controlplane.yml` file and `--run-release-phase` is provided
       - The release script is run in the context of `cpl run` with the latest image
-      - The deploy will fail if the release script exits with a non-zero code or doesn't exist
+      - If the release script exits with a non-zero code, the command will stop executing and also exit with a non-zero code
     DESC
 
     def call # rubocop:disable Metrics/MethodLength
@@ -20,7 +20,7 @@ module Command
 
       deployed_endpoints = {}
 
-      image = latest_image
+      image = cp.latest_image
       if cp.fetch_image_details(image).nil?
         raise "Image '#{image}' does not exist in the Docker repository on Control Plane " \
               "(see https://console.cpln.io/console/org/#{config.org}/repository/#{config.app}). " \
@@ -48,24 +48,9 @@ module Command
 
     private
 
-    def run_release_script # rubocop:disable Metrics/MethodLength
-      release_script_name = config[:release_script]
-      release_script_path = Pathname.new("#{config.app_cpln_dir}/#{release_script_name}").expand_path
-
-      raise "Can't find release script in '#{release_script_path}'." unless File.exist?(release_script_path)
-
-      progress.puts("Running release script...\n\n")
-
-      release_script = File.read(release_script_path)
-      begin
-        Cpl::Cli.start(["run", "-a", config.app, "--image", "latest", "--", release_script])
-      rescue SystemExit => e
-        progress.puts
-
-        raise "Failed to run release script." if e.status.nonzero?
-
-        progress.puts("Finished running release script.\n\n")
-      end
+    def run_release_script
+      release_script = config[:release_script]
+      run_command_in_latest_image(release_script, title: "release script")
     end
   end
 end

data/lib/command/doctor.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module Command
+  class Doctor < Base
+    NAME = "doctor"
+    OPTIONS = [
+      validations_option,
+      app_option
+    ].freeze
+    DESCRIPTION = "Runs validations"
+    LONG_DESCRIPTION = <<~DESC
+      - Runs validations
+    DESC
+    EXAMPLES = <<~EX
+      ```sh
+      # Runs all validations that don't require additional options by default.
+      cpl doctor
+
+      # Runs config validation.
+      cpl doctor --validations config
+
+      # Runs templates validation (requires app).
+      cpl doctor --validations templates -a $APP_NAME
+      ```
+    EX
+    VALIDATIONS = [].freeze
+
+    def call
+      validations = config.options[:validations].split(",")
+      ensure_required_options!(validations)
+
+      doctor_service = DoctorService.new(config)
+      doctor_service.run_validations(validations)
+    end
+
+    private
+
+    def ensure_required_options!(validations)
+      validations.each do |validation|
+        case validation
+        when "templates"
+          raise "App is required for templates validation." unless config.app
+        end
+      end
+    end
+  end
+end

data/lib/command/latest_image.rb

@@ -13,7 +13,7 @@ module Command
     WITH_INFO_HEADER = false
 
     def call
-      puts latest_image
+      puts cp.latest_image
     end
   end
 end

data/lib/command/no_command.rb

@@ -10,6 +10,7 @@ module Command
     DESC
     HIDE = true
     WITH_INFO_HEADER = false
+    VALIDATIONS = [].freeze
 
     def call
       if config.options[:version]

data/lib/command/promote_app_from_upstream.rb

@@ -14,7 +14,7 @@ module Command
         - Runs `cpl copy-image-from-upstream` to copy the latest image from upstream
         - Runs `cpl deploy-image` to deploy the image
         - If `.controlplane/controlplane.yml` includes the `release_script`, `cpl deploy-image` will use the `--run-release-phase` option
-        - The deploy will fail if the release script exits with a non-zero code
+        - If the release script exits with a non-zero code, the command will stop executing and also exit with a non-zero code
     DESC
 
     def call

data/lib/command/run.rb

@@ -183,7 +183,7 @@ module Command
         # Override image if specified
         image = config.options[:image]
         image_link = if image
-                       image = latest_image if image == "latest"
+                       image = cp.latest_image if image == "latest"
                        "/org/#{config.org}/image/#{image}"
                      else
                        original_container_spec["image"]

data/lib/command/setup_app.rb

@@ -5,18 +5,27 @@ module Command
     NAME = "setup-app"
     OPTIONS = [
       app_option(required: true),
-      skip_secret_access_binding_option
+      skip_secret_access_binding_option,
+      skip_secrets_setup_option,
+      skip_post_creation_hook_option
     ].freeze
     DESCRIPTION = "Creates an app and all its workloads"
     LONG_DESCRIPTION = <<~DESC
       - Creates an app and all its workloads
       - Specify the templates for the app and workloads through `setup_app_templates` in the `.controlplane/controlplane.yml` file
-      - This should only be used for temporary apps like review apps, never for persistent apps like production (to update workloads for those, use 'cpl apply-template' instead)
-      - Automatically binds the app to the secrets policy, as long as both the identity and the policy exist
-      - Use `--skip-secret-access-binding` to prevent the automatic bind
+      - This should only be used for temporary apps like review apps, never for persistent apps like production or staging (to update workloads for those, use 'cpl apply-template' instead)
+      - Configures app to have org-level secrets with default name "{APP_PREFIX}-secrets"
+        using org-level policy with default name "{APP_PREFIX}-secrets-policy" (names can be customized, see docs)
+      - Creates identity for secrets if it does not exist
+      - Use `--skip-secrets-setup` to prevent the automatic setup of secrets,
+        or set it through `skip_secrets_setup` in the `.controlplane/controlplane.yml` file
+      - Runs a post-creation hook after the app is created if `hooks.post_creation` is specified in the `.controlplane/controlplane.yml` file
+      - If the hook exits with a non-zero code, the command will stop executing and also exit with a non-zero code
+      - Use `--skip-post-creation-hook` to skip the hook if specified in `controlplane.yml`
     DESC
+    VALIDATIONS = %w[config templates].freeze
 
-    def call # rubocop:disable Metrics/MethodLength
+    def call # rubocop:disable Metrics/CyclomaticComplexity, Metrics/MethodLength
       templates = config[:setup_app_templates]
 
       app = cp.fetch_gvc
@@ -26,24 +35,79 @@ module Command
               "or run 'cpl apply-template #{templates.join(' ')} -a #{config.app}'."
       end
 
-      Cpl::Cli.start(["apply-template", *templates, "-a", config.app])
+      skip_secrets_setup = config.options[:skip_secret_access_binding] ||
+                           config.options[:skip_secrets_setup] || config.current[:skip_secrets_setup]
 
-      return if config.options[:skip_secret_access_binding]
+      create_secret_and_policy_if_not_exist unless skip_secrets_setup
+
+      args = []
+      args.push("--add-app-identity") unless skip_secrets_setup
+      Cpl::Cli.start(["apply-template", *templates, "-a", config.app, *args])
+
+      bind_identity_to_policy unless skip_secrets_setup
+      run_post_creation_hook unless config.options[:skip_post_creation_hook]
+    end
+
+    private
+
+    def create_secret_and_policy_if_not_exist
+      create_secret_if_not_exists
+      create_policy_if_not_exists
 
       progress.puts
+    end
 
-      if cp.fetch_identity(app_identity).nil? || cp.fetch_policy(app_secrets_policy).nil?
-        raise "Can't bind identity to policy: identity '#{app_identity}' or " \
-              "policy '#{app_secrets_policy}' doesn't exist. " \
-              "Please create them or use `--skip-secret-access-binding` to ignore this message." \
-              "You can also set a custom secrets name with `secrets_name` " \
-              "and a custom secrets policy name with `secrets_policy_name` " \
-              "in the `.controlplane/controlplane.yml` file."
+    def create_secret_if_not_exists
+      if cp.fetch_secret(config.secrets)
+        progress.puts("Secret '#{config.secrets}' already exists. Skipping creation...")
+      else
+        step("Creating secret '#{config.secrets}'") do
+          cp.apply_hash(build_secret_hash)
+        end
       end
+    end
 
-      step("Binding identity to policy") do
-        cp.bind_identity_to_policy(app_identity_link, app_secrets_policy)
+    def create_policy_if_not_exists
+      if cp.fetch_policy(config.secrets_policy)
+        progress.puts("Policy '#{config.secrets_policy}' already exists. Skipping creation...")
+      else
+        step("Creating policy '#{config.secrets_policy}'") do
+          cp.apply_hash(build_policy_hash)
+        end
       end
     end
+
+    def build_secret_hash
+      {
+        "kind" => "secret",
+        "name" => config.secrets,
+        "type" => "dictionary",
+        "data" => {}
+      }
+    end
+
+    def build_policy_hash
+      {
+        "kind" => "policy",
+        "name" => config.secrets_policy,
+        "targetKind" => "secret",
+        "targetLinks" => ["//secret/#{config.secrets}"]
+      }
+    end
+
+    def bind_identity_to_policy
+      progress.puts
+
+      step("Binding identity '#{config.identity}' to policy '#{config.secrets_policy}'") do
+        cp.bind_identity_to_policy(config.identity_link, config.secrets_policy)
+      end
+    end
+
+    def run_post_creation_hook
+      post_creation_hook = config.current.dig(:hooks, :post_creation)
+      return unless post_creation_hook
+
+      run_command_in_latest_image(post_creation_hook, title: "post-creation hook")
+    end
   end
 end

data/lib/command/test.rb

@@ -11,6 +11,7 @@ module Command
       - For debugging purposes
     DESC
     HIDE = true
+    VALIDATIONS = [].freeze
 
     def call
       # Modify this method to trigger the code you want to test.

data/lib/command/version.rb

@@ -9,6 +9,7 @@ module Command
       - Can also be done with `cpl --version` or `cpl -v`
     DESC
     WITH_INFO_HEADER = false
+    VALIDATIONS = [].freeze
 
     def call
       puts Cpl::VERSION