dapp 0.12.8 → 0.13.0

data/lib/dapp/kube/cli/command/kube/secret_key_generate.rb

@@ -0,0 +1,13 @@
+module Dapp::Kube::CLI::Command
+  class Kube < ::Dapp::CLI
+    class SecretKeyGenerate < Base
+      banner <<BANNER.freeze
+Usage:
+
+  dapp kube secret key generate
+
+Options:
+BANNER
+    end
+  end
+end

data/lib/dapp/kube/dapp/command/common.rb

@@ -0,0 +1,29 @@
+module Dapp
+  module Kube
+    module Dapp
+      module Command
+        module Common
+          def kube_check_helm!
+            raise Error::Command, code: :helm_not_found if shellout('which helm').exitstatus == 1
+          end
+
+          def kube_release_name
+            "#{name}-#{kube_namespace}"
+          end
+
+          def kube_namespace
+            options[:namespace].tr('_', '-')
+          end
+
+          def secret
+            @secret ||= Secret.new(ENV['DAPP_SECRET_KEY']) if ENV.key?('DAPP_SECRET_KEY')
+          end
+
+          def kubernetes
+            @kubernetes ||= Kubernetes.new(namespace: kube_namespace)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/dapp/kube/dapp/command/deploy.rb

@@ -0,0 +1,192 @@
+module Dapp
+  module Kube
+    module Dapp
+      module Command
+        module Deploy
+          def kube_deploy
+            raise Error::Command, code: :helm_directory_not_exist unless kube_chart_path.exist?
+            kube_check_helm!
+            kube_check_helm_chart!
+
+            repo = option_repo
+            image_version = options[:image_version]
+            validate_repo_name!(repo)
+            validate_tag_name!(image_version)
+
+            begin
+              kube_copy_chart
+              kube_helm_decode_secrets
+              kube_generate_helm_chart_tpl
+
+              additional_values = [].tap do |options|
+                options << "--values #{kube_chart_path("values/#{kube_namespace}.yaml")}" if kube_chart_path("values/#{kube_namespace}.yaml").exist?
+                options << "--values #{kube_tmp_chart_secret_values_path.exist? ? kube_tmp_chart_secret_values_path : kube_chart_secret_values_path}" if kube_chart_secret_values_path.exist?
+              end
+
+              set_options = [].tap do |options|
+                options << "--set global.dapp.repo=#{repo}"
+                options << "--set global.dapp.image_version=#{image_version}"
+                options << "--set global.namespace=#{kube_namespace}"
+                options << "--set global.env=#{kube_namespace}"
+              end
+
+              kube_flush_hooks_jobs(additional_values, set_options)
+              kube_run_deploy(additional_values, set_options)
+            ensure
+              if dev_mode?
+                log_info "Temporary chart directory: #{kube_tmp_chart_path}"
+              else
+                FileUtils.rm_rf(kube_tmp_chart_path)
+              end
+            end
+          end
+
+          def kube_copy_chart
+            FileUtils.cp_r("#{kube_chart_path}/.", kube_tmp_chart_path)
+          end
+
+          def kube_helm_decode_secrets
+            if secret.nil?
+              log_warning(desc: { code: :dapp_secret_key_not_found }) if kube_chart_secret_values_path.file? || kube_chart_secret_path.directory?
+            else
+              kube_helm_decode_secret_values
+              kube_helm_decode_secret_files
+            end
+          end
+
+          def kube_helm_decode_secret_values
+            return unless kube_chart_secret_values_path.file?
+            decoded_data = kube_helm_decode_json(YAML::load(kube_chart_secret_values_path.read))
+            kube_tmp_chart_secret_values_path.write(decoded_data.to_yaml)
+          end
+
+          def kube_helm_decode_json(json)
+            decode_value = proc do |value|
+              case value
+              when Array then value.map { |v| decode_value.call(v) }
+              when Hash then kube_helm_decode_json(value)
+              else
+                secret.extract(value)
+              end
+            end
+            json.each { |k, v| json[k] = decode_value.call(v) }
+          end
+
+          def kube_helm_decode_secret_files
+            return unless kube_chart_secret_path.directory?
+            Dir.glob(kube_chart_secret_path.join('**/*')).each do |entry|
+              next unless File.file?(entry)
+              secret_relative_path = Pathname(entry).subpath_of(kube_chart_secret_path)
+              IO.binwrite(kube_tmp_chart_secret_path(secret_relative_path), secret.extract(IO.binread(entry)))
+            end
+          end
+
+          def kube_generate_helm_chart_tpl
+            secret_directory = secret.nil? ? 'secret' : kube_tmp_chart_secret_path.subpath_of(kube_tmp_chart_path)
+            cont = <<-EOF
+{{/* vim: set filetype=mustache: */}}
+
+{{- define "dapp_secret_file" -}}
+{{- $relative_file_path := index . 0 -}}
+{{- $context := index . 1 -}}
+{{- $context.Files.Get (print "#{secret_directory}/" $relative_file_path) -}}
+{{- end -}}
+            EOF
+            kube_tmp_chart_path('templates/dapp_secret_file.tpl').write(cont)
+          end
+
+          def kube_flush_hooks_jobs(additional_values, set_options)
+            return if (config_jobs_names = kube_helm_hooks_jobs_to_delete(additional_values, set_options).keys).empty?
+            kube_job_list.reject { |name| config_jobs_names.include? name }.each do
+              log_process("Delete hooks job `#{job_name}` for release #{kube_release_name} ", short: true) { kube_delete_job!(name) }
+            end
+          end
+
+          def kube_helm_hooks_jobs_to_delete(additional_values, set_options)
+            generator = proc do |text|
+              text.split(/# Source.*|---/).reject {|c| c.strip.empty? }.map {|c| YAML::load(c) }.reduce({}) do |objects, c|
+                objects[c['kind']] ||= {}
+                objects[c['kind']][(c['metadata'] || {})['name']] = c
+                objects
+              end
+            end
+
+            args = [kube_release_name, kube_tmp_chart_path, additional_values, set_options, kube_helm_extra_options(dry_run: true)].flatten
+            output = shellout!("helm upgrade #{args.join(' ')}", log_verbose: false).stdout
+
+            manifest_start_index = output.lines.index("MANIFEST:\n") + 1
+            hook_start_index     = output.lines.index("HOOKS:\n") + 1
+            configs = generator.call(output.lines[hook_start_index..manifest_start_index-1].join)
+
+            (configs['Job'] || []).reject do |_, c|
+              c['metadata'] ||= {}
+              c['metadata']['annotations'] ||= {}
+              c['metadata']['annotations']['helm.sh/resource-policy'] == 'keep'
+            end
+          end
+
+          def kube_job_list
+            kubernetes.job_list['items'].map { |i| i['metadata']['name'] }
+          end
+
+          def kube_delete_job!(name)
+            kubernetes.delete_job!(name)
+            loop do
+              break unless kubernetes.job?(name)
+              sleep 1
+            end
+          end
+
+          def kube_run_deploy(additional_values, set_options)
+            log_process("Deploy release #{kube_release_name} ", verbose: true) do
+              args = [kube_release_name, kube_tmp_chart_path, additional_values, set_options, kube_helm_extra_options].flatten
+              kubernetes.create_namespace!(kube_namespace) unless kubernetes.namespace?(kube_namespace)
+              shellout! "helm upgrade #{args.join(' ')}", force_log: true
+            end
+          end
+
+          def kube_check_helm_chart!
+            raise Error::Command, code: :project_helm_chart_not_found, data: { path: kube_chart_path } unless kube_chart_path.exist?
+          end
+
+          def kube_helm_extra_options(dry_run: dry_run?)
+            [].tap do |options|
+              options << "--namespace #{kube_namespace}"
+              options << '--install'
+              options << '--wait'
+              options << '--timeout 1800'
+
+              options << '--dry-run' if dry_run
+              options << '--debug'   if dry_run || log_verbose?
+            end
+          end
+
+          def kube_tmp_chart_secret_values_path
+            kube_tmp_chart_path('decoded-secret-values.yaml')
+          end
+
+          def kube_tmp_chart_secret_path(*path)
+            kube_tmp_chart_path('decoded-secret', *path).tap { |p| p.parent.mkpath }
+          end
+
+          def kube_tmp_chart_path(*path)
+            @kube_tmp_path ||= Dir.mktmpdir('dapp-secret-', options[:tmp_dir_prefix] || '/tmp')
+            make_path(@kube_tmp_path, *path).expand_path.tap { |p| p.parent.mkpath }
+          end
+
+          def kube_chart_secret_values_path
+            kube_chart_path('secret-values.yaml').expand_path
+          end
+
+          def kube_chart_secret_path(*path)
+            kube_chart_path('secret', *path).expand_path
+          end
+
+          def kube_chart_path(*path)
+            make_path(self.path, '.helm', *path).expand_path
+          end
+        end
+      end
+    end
+  end
+end

data/lib/dapp/kube/dapp/command/dismiss.rb

@@ -0,0 +1,25 @@
+module Dapp
+  module Kube
+    module Dapp
+      module Command
+        module Dismiss
+          def kube_dismiss
+            kube_check_helm!
+            kube_check_helm_release!
+            log_process("Delete release #{kube_release_name} ", verbose: true) do
+              with_log_indent do
+                shellout! "helm delete #{kube_release_name} --purge"
+                kubernetes.delete_namespace!(kube_namespace) if options[:with_namespace]
+              end
+            end
+          end
+
+          def kube_check_helm_release!
+            pr = shellout("helm list | grep #{kube_release_name}")
+            raise Error::Command, code: :helm_release_not_exist, data: { name: kube_release_name } if pr.status == 1 || pr.stdout.empty?
+          end
+        end
+      end
+    end
+  end
+end

data/lib/dapp/kube/dapp/command/secret_file_encrypt.rb

@@ -0,0 +1,22 @@
+module Dapp
+  module Kube
+    module Dapp
+      module Command
+        module SecretFileEncrypt
+          def kube_secret_file_encrypt(file_path)
+            raise Error::Command, code: :secret_key_not_found if secret.nil?
+            raise Error::Command, code: :file_not_exist, data: { path: File.expand_path(file_path) } unless File.exist?(file_path)
+
+            encrypted_data = secret.generate(IO.binread(file_path))
+            if (output_file_path = options[:output_file_path]).nil?
+              puts encrypted_data
+            else
+              FileUtils.mkpath File.dirname(output_file_path)
+              IO.binwrite(output_file_path, encrypted_data)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/dapp/{deployment → kube}/dapp/command/secret_generate.rb

@@ -1,11 +1,11 @@
 module Dapp
-  module Deployment
+  module Kube
     module Dapp
       module Command
         module SecretGenerate
-          def deployment_secret_generate
+          def kube_secret_generate
             raise Error::Command, code: :secret_key_not_found if secret.nil?
-            unless (data = $stdin.gets(nil)).nil?
+            unless (data = $stdin.noecho { |s| s.gets(nil) }).nil?
               puts unless data.end_with?("\n")
               puts secret.generate(data)
             end

data/lib/dapp/{deployment → kube}/dapp/command/secret_key_generate.rb

@@ -1,9 +1,9 @@
 module Dapp
-  module Deployment
+  module Kube
     module Dapp
       module Command
         module SecretKeyGenerate
-          def deployment_secret_key_generate
+          def kube_secret_key_generate
             puts Secret.generate_key
           end
         end

data/lib/dapp/kube/dapp/dapp.rb

@@ -0,0 +1,16 @@
+module Dapp
+  module Kube
+    module Dapp
+      module Dapp
+        include Command::Deploy
+        include Command::Dismiss
+        include Command::SecretGenerate
+        include Command::SecretKeyGenerate
+        include Command::SecretFileEncrypt
+        include Command::Common
+      end
+    end
+  end
+end
+
+::Dapp::Dapp.send(:include, ::Dapp::Kube::Dapp::Dapp)

data/lib/dapp/kube/error/base.rb

@@ -0,0 +1,7 @@
+module Dapp
+  module Kube
+    module Error
+      class Base < ::Dapp::Error::Base; end
+    end
+  end
+end

data/lib/dapp/kube/error/command.rb

@@ -0,0 +1,7 @@
+module Dapp
+  module Kube
+    module Error
+      class Command < Base; end
+    end
+  end
+end

data/lib/dapp/kube/kubernetes.rb

@@ -0,0 +1,191 @@
+module Dapp
+  module Kube
+    class Kubernetes
+      def initialize(namespace: nil)
+        @namespace = namespace
+        @query_parameters = {}
+      end
+
+      def namespace
+        @namespace || 'default'
+      end
+
+      # Чтобы не перегружать методы явной передачей namespace.
+      # Данный метод может пригодиться только в ситуации, когда надо указать другой namespace,
+      # в большинстве случаев используется namespace из конструктора.
+      def with_namespace(namespace, &blk)
+        old_namespace = @namespace
+        begin
+          @namespace = namespace
+          return yield
+        ensure
+          @namespace = old_namespace
+        end
+      end
+
+      def with_query(query, &blk)
+        old_query = @query_parameters
+        begin
+          @query_parameters = query
+          return yield
+        ensure
+          @query_parameters = old_query
+        end
+      end
+
+      # NOTICE: Название метода аналогично kind'у выдаваемого результата.
+      # NOTICE: В данном случае в результате kind=DeploymentList.
+      # NOTICE: Методы создания/обновления/удаления сущностей kubernetes заканчиваются на '!'. Например, create_deployment!.
+
+      {
+        '/api/v1' => [:service, :replicationcontroller, :pod],
+        '/apis/extensions/v1beta1' => [:deployment, :replicaset],
+        '/apis/batch/v1' => [:job]
+      }.each do |api, objects|
+        objects.each do |object|
+          define_method :"#{object}_list" do |**query_parameters|
+            request!(:get, "#{api}/namespaces/#{namespace}/#{object}s", **query_parameters)
+          end
+
+          define_method object do |name, **query_parameters|
+            request!(:get, "#{api}/namespaces/#{namespace}/#{object}s/#{name}", **query_parameters)
+          end
+
+          define_method "#{object}_status" do |name, **query_parameters|
+            request!(:get, "#{api}/namespaces/#{namespace}/#{object}s/#{name}/status", **query_parameters)
+          end
+
+          define_method :"create_#{object}!" do |spec, **query_parameters|
+            request!(:post, "#{api}/namespaces/#{namespace}/#{object}s", body: spec, **query_parameters)
+          end
+
+          define_method :"replace_#{object}!" do |name, spec, **query_parameters|
+            request!(:put, "#{api}/namespaces/#{namespace}/#{object}s/#{name}", body: spec, **query_parameters)
+          end
+
+          define_method :"delete_#{object}!" do |name, **query_parameters|
+            request!(:delete, "#{api}/namespaces/#{namespace}/#{object}s/#{name}", **query_parameters)
+          end
+
+          define_method :"delete_#{object}s!" do |**query_parameters|
+            request!(:delete, "#{api}/namespaces/#{namespace}/#{object}s", **query_parameters)
+          end
+
+          define_method :"#{object}?" do |name, **query_parameters|
+            public_send(:"#{object}_list", **query_parameters)['items'].map { |item| item['metadata']['name'] }.include?(name)
+          end
+        end
+      end
+
+      def namespace_list(**query_parameters)
+        request!(:get, '/api/v1/namespaces', **query_parameters)
+      end
+
+      def namespace?(name, **query_parameters)
+        namespace_list(**query_parameters)['items'].map { |item| item['metadata']['name'] }.include?(name)
+      end
+
+      def create_namespace!(name, **query_parameters)
+        request!(:post, '/api/v1/namespaces', body: { metadata: { name: name } }, **query_parameters)
+      end
+
+      def delete_namespace!(name, **query_parameters)
+        request!(:delete, "/api/v1/namespaces/#{name}", **query_parameters)
+      end
+
+      def pod_log(name, follow: false, **query_parameters, &blk)
+        excon_parameters = follow ? { response_block: blk } : {}
+        request!(:get,
+                 "/api/v1/namespaces/#{namespace}/pods/#{name}/log",
+                 excon_parameters: excon_parameters,
+                 **{ follow: follow }.merge(query_parameters))
+      rescue Excon::Error::Timeout
+        raise Error::Timeout
+      end
+
+      def event_list(**query_parameters)
+        request!(:get, "/api/v1/namespaces/#{namespace}/events", **query_parameters)
+      end
+
+      protected
+
+      # query_parameters — соответствует 'Query Parameters' в документации kubernetes
+      # excon_parameters — соответствует опциям Excon
+      # body — hash для http-body, соответствует 'Body Parameters' в документации kubernetes, опционален
+      def request!(method, path, body: nil, excon_parameters: {}, **query_parameters)
+        with_connection(excon_parameters: excon_parameters) do |conn|
+          request_parameters = {method: method, path: path, query: @query_parameters.merge(query_parameters)}
+          request_parameters[:body] = JSON.dump(body) if body
+          load_body! conn.request(request_parameters), request_parameters
+        end
+      end
+
+      def load_body!(response, request_parameters)
+        response_ok = response.status.to_s.start_with? '2'
+
+        if response_ok
+          JSON.parse(response.body)
+        else
+          err_data = {}
+          err_data[:response_http_status] = response.status
+          if response_body = (JSON.parse(response.body) rescue nil)
+            err_data[:response_body] = response_body
+          else
+            err_data[:response_raw_body] = response.body
+          end
+          err_data[:request_parameters] = request_parameters
+
+          if response.status.to_s.start_with? '5'
+            raise Error::Base, code: :server_error, data: err_data
+          elsif response.status.to_s == '404'
+            raise Error::NotFound, data: err_data
+          else not response.status.to_s.start_with? '2'
+            raise Error::Base, code: :bad_request, data: err_data
+          end
+        end
+      end
+
+      def with_connection(excon_parameters: {}, &blk)
+        old_ssl_ca_file = Excon.defaults[:ssl_ca_file]
+        old_middlewares = Excon.defaults[:middlewares].dup
+
+        begin
+          Excon.defaults[:ssl_ca_file] = kube_config.fetch('clusters', [{}]).first.fetch('cluster', {}).fetch('certificate-authority', nil)
+          Excon.defaults[:middlewares] << Excon::Middleware::RedirectFollower
+
+          return yield Excon.new(kube_server_url, **kube_server_options(excon_parameters))
+        ensure
+          Excon.defaults[:ssl_ca_file] = old_ssl_ca_file
+          Excon.defaults[:middlewares] = old_middlewares
+        end
+      end
+
+      def kube_server_url
+        @kube_server_url ||= begin
+          kube_config.fetch('clusters', [{}]).first.fetch('cluster', {}).fetch('server', nil).tap do |url|
+            begin
+              Excon.new(url, **kube_server_options).get
+            rescue Excon::Error::Socket
+              raise Error::ConnectionRefused, code: :kube_server_connection_refused, data: { url: url }
+            end
+          end
+        end
+      end
+
+      def kube_server_options(excon_parameters = {})
+        { client_cert: kube_config.fetch('users', [{}]).first.fetch('user', {}).fetch('client-certificate', nil),
+          client_key: kube_config.fetch('users', [{}]).first.fetch('user', {}).fetch('client-key', nil) }.merge(excon_parameters)
+      end
+
+      def kube_config
+        @kube_config ||= begin
+          if File.exist?((kube_config_path = File.join(ENV['HOME'], '.kube/config')))
+            YAML.load_file(kube_config_path)
+          else
+            raise Error::Base, code: :kube_config_not_found, data: { path: kube_config_path }
+          end
+        end
+      end
+    end
+  end
+end