fastlyctl 1.0.15 → 1.0.16

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3d56f375e7f8e4c2105efabf9b224428666fe432702c0a259a6da21d816409a3
-  data.tar.gz: b509f52f29c1a5dbb5a5d5f39ad42aa3f0c8701835c368d810d119487b64a665
+  metadata.gz: c53f586abe251025a9bd645fcf0ebffc7054424d09d9db8b114e7392e9568477
+  data.tar.gz: bbe5746a703ce8c051e8cd98fa63405b6d33da3e77794ed5099d13b0acad5767
 SHA512:
-  metadata.gz: cf19cda3f417d5063fd29729ed80c10688cb9d9eb3e93ce16409c3a06d02dc641495710d38a085922d059ed5292e5713724a9769d2af75f773227eaece4c3c2c
-  data.tar.gz: 4192c6bec0a62011d77d7e0e25362a55563ac7ec8a65e4278a23715e2a75abd031a755091fb51749b127e6f2998a6a20c3255a925553f3981de803164aa77a8f
+  metadata.gz: 1fb81e003390783de19f713bc6443272d9d84d03ded47c6a4a4aef0cf381724633e2524aeac22c3dfd8578cf91db42185da20daa74fede3189f24f3ffeb50daa
+  data.tar.gz: 7d261f97f4ecd5f17958b1e6b5a323f6375561565771319a3ee35a9869e74b4d910ff4be01dacd721b31c73c7d4752651cdd61a40932ec1140085d1f6f99f329

data/README.md

@@ -321,6 +321,22 @@ Flags:
   * --d: When used with the create command, specifies that the snippet should be dynamic.
   * --y: Answer yes to all prompts
 
+### tls
+
+#### managed
+
+Usage:
+
+```
+fastlyctl tls managed [subcommand] [domain]
+```
+
+Available Subcommands:
+  * create: Create a Managed TLS Subscription for `[domain]`
+  * status: Print the status of all Managed TLS Subscriptions
+  * challenges: Print the challenges available for the verification of a certificate for `[domain]`
+  * delete: Delete a Managed TLS Subscription for `[domain]`
+
 ### token
 
 Manipulate tokens for an account.
@@ -371,10 +387,6 @@ Flags:
 
 The `--debug` flag is available on any command. Using it will cause fastlyctl to print the libcurl output for any requests it makes.
 
-## Contributing
-
-Submit a pull request. Don't break anything.
-
 ## License
 
 The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/fastlyctl.gemspec

@@ -34,4 +34,5 @@ Gem::Specification.new do |spec|
   spec.add_runtime_dependency "thor", "~> 0.19.4"
   spec.add_runtime_dependency 'diffy', '~> 3.2.1'
   spec.add_runtime_dependency 'launchy', '~> 2.4.3', '>= 2.4.3'
+  spec.add_runtime_dependency 'openssl', '~> 2.1.2', '>= 2.1.2'
 end

data/lib/fastlyctl.rb

@@ -6,11 +6,13 @@ require "uri"
 require "launchy"
 require "erb"
 require "pp"
+require "openssl"
 
 require "fastlyctl/version"
 require "fastlyctl/fetcher"
 require "fastlyctl/clone_utils"
 require "fastlyctl/utils"
+require "fastlyctl/subcommand_patch"
 require "fastlyctl/cli"
 
 include ERB::Util

data/lib/fastlyctl/cli.rb

@@ -17,6 +17,7 @@ require "fastlyctl/commands/acl"
 require "fastlyctl/commands/copy"
 require "fastlyctl/commands/logging"
 require "fastlyctl/commands/condition"
+require "fastlyctl/commands/tls"
 
 
 module FastlyCTL

data/lib/fastlyctl/clone_utils.rb

@@ -59,12 +59,12 @@ module FastlyCTL
 
       if main === true
         # the "main-ness" of the vcl does not get carried over during creation. must explicitly set main
-        FastlyCTL::Fetcher.api_request(:put, "/service/#{sid}/version/#{version}/vcl/#{URI.escape(obj["name"])}/main")
+        FastlyCTL::Fetcher.api_request(:put, "/service/#{sid}/version/#{version}/vcl/#{FastlyCTL::Utils.percent_encode(obj["name"])}/main")
       end
 
       if type == "director"
         backends.each do |b|
-          FastlyCTL::Fetcher.api_request(:post, "/service/#{sid}/version/#{version}/director/#{URI.escape(obj["name"])}/backend/#{b}", body: obj )
+          FastlyCTL::Fetcher.api_request(:post, "/service/#{sid}/version/#{version}/director/#{FastlyCTL::Utils.percent_encode(obj["name"])}/backend/#{b}", body: obj )
         end
       end
 

data/lib/fastlyctl/commands/acl.rb

@@ -20,7 +20,7 @@ module FastlyCTL
       version = FastlyCTL::Fetcher.get_writable_version(id) unless options[:version]
       version ||= options[:version]
 
-      encoded_name = URI.escape(name) if name
+      encoded_name = FastlyCTL::Utils.percent_encode(name) if name
 
       case action
       when "create"

data/lib/fastlyctl/commands/condition.rb

@@ -32,7 +32,7 @@ module FastlyCTL
         version = FastlyCTL::Fetcher.get_writable_version(id) unless options[:version]
         version ||= options[:version].to_i
 
-        encoded_name = URI.escape(name) if name
+        encoded_name = FastlyCTL::Utils.percent_encode(name) if name
 
         case action 
             when "list"

data/lib/fastlyctl/commands/copy.rb

@@ -19,7 +19,7 @@ module FastlyCTL
       path += "/#{obj_name}" unless obj_type == "settings"
       obj = FastlyCTL::Fetcher.api_request(:get, path)
 
-      encoded_name = URI.escape(obj_name)
+      encoded_name = FastlyCTL::Utils.percent_encode(obj_name)
 
       if (obj_type == "settings")
         puts "Copying settings from #{id} version #{source_version} to #{target_id} version #{target_version}..."

data/lib/fastlyctl/commands/dictionary.rb

@@ -20,7 +20,7 @@ module FastlyCTL
       version = FastlyCTL::Fetcher.get_writable_version(id) unless options[:version]
       version ||= options[:version]
 
-      encoded_name = URI.escape(name) if name
+      encoded_name = FastlyCTL::Utils.percent_encode(name) if name
 
       case action
       when "create"
@@ -49,14 +49,14 @@ module FastlyCTL
         abort "Must specify name for dictionary" unless name
         abort "Must specify key and value for dictionary item" unless (key && value)
         dict = FastlyCTL::Fetcher.api_request(:get, "/service/#{id}/version/#{version}/dictionary/#{encoded_name}")
-        FastlyCTL::Fetcher.api_request(:put, "/service/#{id}/dictionary/#{dict["id"]}/item/#{key}", params: { item_value: value })   
+        FastlyCTL::Fetcher.api_request(:put, "/service/#{id}/dictionary/#{dict["id"]}/item/#{FastlyCTL::Utils.percent_encode(key)}", params: { item_value: value })   
 
         say("Dictionary item #{key} set to #{value}.")   
       when "remove"
         abort "Must specify name for dictionary" unless name
         abort "Must specify key for dictionary item" unless key
         dict = FastlyCTL::Fetcher.api_request(:get, "/service/#{id}/version/#{version}/dictionary/#{encoded_name}")
-        FastlyCTL::Fetcher.api_request(:delete, "/service/#{id}/dictionary/#{dict["id"]}/item/#{key}")
+        FastlyCTL::Fetcher.api_request(:delete, "/service/#{id}/dictionary/#{dict["id"]}/item/#{FastlyCTL::Utils.percent_encode(key)}")
 
         say("Item #{key} removed from dictionary #{name}.")
       when "list_items"

data/lib/fastlyctl/commands/purge_all.rb

@@ -3,11 +3,10 @@ module FastlyCTL
     desc "purge_all", "Purge all content from a service."
     method_option :service, :aliases => ["--s"]
     def purge_all
-      parsed_id = FastlyCTL::Utils.parse_directory
+      id = FastlyCTL::Utils.parse_directory unless options[:service]
+      id ||= options[:service]
 
-      id = FastlyCTL::Utils.parse_directory
-
-      abort "Could not parse service id from directory. Use --s <service> to specify, vcl download, then try again." unless (id || options[:service])
+      abort "Could not parse service id from directory. Use --s <service> to specify, vcl download, then try again." unless id
 
       FastlyCTL::Fetcher.api_request(:post, "/service/#{id}/purge_all")
 

data/lib/fastlyctl/commands/snippet.rb

@@ -18,7 +18,7 @@ module FastlyCTL
       version = FastlyCTL::Fetcher.get_writable_version(id) unless options[:version]
       version ||= options[:version].to_i
 
-      encoded_name = URI.escape(name) if name
+      encoded_name = FastlyCTL::Utils.percent_encode(name) if name
 
       filename = options.key?(:filename) ? options[:filename] : "#{name}.snippet"
 

data/lib/fastlyctl/commands/tls.rb

@@ -0,0 +1,70 @@
+require "fastlyctl/commands/tls/managed"
+
+module FastlyCTL
+  class TLSSubCmd < SubCommandBase
+    SubcommandPrefix = "tls"
+
+    desc "managed SUBCOMMAND ...ARGS", "Interface with Fastly Managed TLS Subscriptions (lets-encrypt)"
+    subcommand "managed", TLSManagedSubCmd
+  end
+
+  class CLI < Thor
+    desc "tls SUBCOMMAND ...ARGS", "Interface with Fastly TLS"
+    subcommand "tls", TLSSubCmd
+  end
+
+  module TLSUtils
+    def self.get_tls_configs
+      data = FastlyCTL::Fetcher.api_request(:get,"/tls/configurations",{use_vnd:true})["data"]
+      if data.length == 0
+        thor = Thor::Shell::Basic.new
+        thor.say "No TLS Configurations found. You may need to upgrade to a paid account if you are using a free account."
+        thor.say "If you need assistance, please contact support@fastly.com."
+        if (thor.yes?("Would you like to open the TLS configuration page in the Fastly app?"))
+          FastlyCTL::Utils.open_app_path("/network/domains")
+        end
+        abort
+      end
+
+      return data
+    end
+
+    def self.select_tls_config(configs)
+      thor = Thor::Shell::Basic.new
+      if configs.length == 1
+        thor.say "Using TLS Configuration #{configs[0]["id"]} - #{configs[0]["name"]}"
+        return configs[0]
+      end
+
+      loop do
+        i = 1
+        configs.each do |c|
+          bulk = c["attributes"]["bulk"] ? " [Platform TLS]" : ""
+          thor.say("[#{i}]#{bulk} #{c["id"]} - #{c["name"]}\n")
+          i += 1
+        end
+
+        selected = thor.ask("Which TLS Configuration would you like to use? Please type the number next to the configuration(s) above.").to_i
+        if selected > 0 && selected <= (configs.length+1)
+          selected -= 1
+          thor.say "Using TLS Configuration #{configs[selected]["id"]} - #{configs[selected]["name"]}"
+          return configs[selected]
+        end
+
+        thor.say "#{selcted} is in invalid selection. Please try again."
+      end
+    end
+
+    def self.print_challenges(tls_authorization)
+      thor = Thor::Shell::Basic.new
+      thor.say "\nIn order to verify your ownership of the domain, the Certificate Authority provided the following challenges:"
+      tls_authorization["attributes"]["challenges"].each do |challenge|
+        thor.say("\n#{challenge["type"]}: Create #{challenge["record_type"]} record for #{challenge["record_name"]} with value(s) of:")
+        challenge["values"].each do |val|
+          thor.say("    #{val}")
+        end
+      end
+      thor.say("\nNote: If you don't want to move all traffic to Fastly right now, use the managed-dns option. The other options result in traffic for that hostname being directed to Fastly.")
+    end
+  end
+end

data/lib/fastlyctl/commands/tls/managed.rb

@@ -0,0 +1,119 @@
+module FastlyCTL
+  class TLSManagedSubCmd < SubCommandBase
+    SubcommandPrefix = "tls managed"
+    DomainRegex = /(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]/
+
+    desc "create <domain>", "Create a Fastly Managed TLS Subscription for [domain]. A Certificate will be requested from lets-encrypt once you satisfy one of the challenges. You can learn more about the challenge types here: https://letsencrypt.org/docs/challenge-types/ and Fastly's API documentation here: https://docs.fastly.com/api/tls-subscriptions."
+    def create(domain)
+      abort "Must specify valid domain name" unless domain =~ DomainRegex
+
+      tls_configs = FastlyCTL::TLSUtils.get_tls_configs
+      tls_config = FastlyCTL::TLSUtils.select_tls_config(tls_configs)
+
+      payload = {
+        data: {
+          type: "tls_subscription",
+          attributes: {
+            certificate_authority: "lets-encrypt"
+          },
+          relationships: {
+            tls_domains: {
+              data: [
+                {
+                  type: "tls_domain",
+                  id: domain
+                }
+              ]
+            },
+            tls_configuration: {
+              data: {
+                type: "tls_configuration",
+                id: tls_config["id"]
+              }
+            }
+          }
+        }
+      }
+
+      subscription = FastlyCTL::Fetcher.api_request(:post,"/tls/subscriptions", {
+        body: payload.to_json,
+        use_vnd: true
+      })
+
+      tls_authorization = FastlyCTL::Utils.filter_vnd(subscription["included"],"tls_authorization")
+      abort "Unable to fetch TLS Authorization for the domain." unless tls_authorization.length > 0
+      FastlyCTL::TLSUtils.print_challenges(tls_authorization[0])
+    end
+
+    desc "status", "Print status of Fastly Managed TLS Subscriptions"
+    def status
+      subscriptions = FastlyCTL::Fetcher.api_request(:get,"/tls/subscriptions", {
+        use_vnd: true
+      })
+
+      if subscriptions["data"].length == 0
+        say("No Fastly Managed TLS Subscriptions found.")
+        abort
+      end
+
+      subscriptions["data"].each do |subscription|
+        output = subscription["relationships"]["tls_domains"]["data"][0]["id"]
+        output += " - " + subscription["attributes"]["certificate_authority"]
+        output += " - " + subscription["attributes"]["state"]
+        say(output)
+      end
+    end
+
+    desc "challenges", "Print challenges available for a domain's verification."
+    def challenges(domain)
+      abort "Must specify valid domain name" unless domain =~ DomainRegex
+
+      domains = FastlyCTL::Fetcher.api_request(:get,"/tls/domains?include=tls_subscriptions.tls_authorizations", {
+        use_vnd: true
+      })
+
+      tls_authorizations = FastlyCTL::Utils.filter_vnd(domains["included"],"tls_authorization")
+
+      tls_authorizations.each do |tls_authorization|
+        tls_authorization["attributes"]["challenges"].each do |challenge|
+          if challenge["record_name"] == domain
+            FastlyCTL::TLSUtils.print_challenges(tls_authorization)
+            abort
+          end
+        end
+      end
+
+      say("#{domain} not found in domain list.")
+    end
+
+    desc "delete", "Delete a Fastly Managed TLS Subscription"
+    def delete(domain)
+      abort "Must specify valid domain name" unless domain =~ DomainRegex
+
+      activation = FastlyCTL::Fetcher.api_request(:get,"/tls/activations?filter[tls_domain.id]=#{domain}", {use_vnd: true})
+
+      if activation["data"].length >= 1
+        say("TLS is currently active for #{domain}. If you proceed, Fastly will no longer be able to serve TLS requests to clients for #{domain}.")
+        answer = ask("Please type the name of the domain to confirm deactivation and deletion of the Fastly Managed TLS subscription: ")
+        abort "Supplied domain does not match the domain requested for deletion--aborting." unless answer == domain
+
+        FastlyCTL::Fetcher.api_request(:delete,"/tls/activations/#{activation["data"][0]["id"]}",{use_vnd:true})
+      end
+
+      subscriptions = FastlyCTL::Fetcher.api_request(:get,"/tls/subscriptions", {
+        use_vnd: true
+      })
+
+      subscriptions["data"].each do |subscription|
+        next unless subscription["relationships"]["tls_domains"]["data"][0]["id"] == domain 
+        
+        FastlyCTL::Fetcher.api_request(:delete,"/tls/subscriptions/#{subscription["id"]}",{use_vnd:true})
+        
+        say("TLS Subscription for #{domain} has been deleted.")
+        abort
+      end
+
+      say("No TLS Subscription found for #{domain}...")
+    end
+  end
+end

data/lib/fastlyctl/commands/watch.rb

@@ -33,7 +33,8 @@ module FastlyCTL
         # gbps
         uncacheable = agg["pass"] + agg["synth"] + agg["errors"]
         bw = ((agg["resp_header_bytes"] + agg["resp_body_bytes"]).to_f * 8.0) / 1000000000.0
-        hit_rate = (1.0 - ((agg["miss"] - agg["shield"]).to_f / ((agg["requests"] - uncacheable).to_f))) * 100.0
+        shield = agg["shield"] || 0
+        hit_rate = (1.0 - ((agg["miss"] - shield).to_f / ((agg["requests"] - uncacheable).to_f))) * 100.0
         passes = agg["pass"]
         miss_time = agg["miss"] > 0 ? ((agg["miss_time"] / agg["miss"]) * 1000).round(0) : 0
         synth = agg["synth"]

data/lib/fastlyctl/fetcher.rb

@@ -7,6 +7,7 @@ module FastlyCTL
       options[:body] ||= nil
       options[:force_session] ||= false
       options[:expected_responses] ||= [200]
+      options[:use_vnd] ||= false
 
       headers = {"Accept" => "application/json", "Connection" => "close", "User-Agent" => "FastlyCTL: https://github.com/fastly/fastlyctl"}
 
@@ -27,6 +28,15 @@ module FastlyCTL
 
       headers["Content-Type"] = "application/x-www-form-urlencoded" if (method == :post || method == :put)
 
+      if options[:use_vnd]
+        headers["Accept"] = "application/vnd.api+json"
+
+        if (method == :post || method == :put)
+          headers["Content-Type"] = "application/vnd.api+json"
+        end
+        options[:expected_responses].push(*[201,202,203,204])
+      end
+
       headers.merge!(options[:headers]) if options[:headers].count > 0
 
       # dont allow header splitting on anything
@@ -54,25 +64,41 @@ module FastlyCTL
         end
       else
         case response.response_code
-          when 400
-            error = "400: Bad API request--got bad request response."
-          when 403
-            error = "403: Access Denied by API. Run login command to authenticate."
-          when 404
-            error = "404: Service does not exist or bad path requested."
-          when 503
-            error = "503: API is offline."
-          else
-            error = "API responded with status #{response.response_code}."
+        when 400
+          error = "400: Bad API request--something was wrong with the request made by FastlyCTL."
+        when 403
+          error = "403: Access Denied by API. Run login command to authenticate."
+        when 404
+          error = "404: Service does not exist or bad path requested."
+        when 503
+          error = "503: Error from Fastly API--see details below."
+        when 0
+          error = "0: Network connection error occurred."
+        else
+          error = "API responded with status #{response.response_code}."
         end
 
         error += " Method: #{method.to_s.upcase}, Path: #{path}\n"
-        error += "Message from API: #{response.response_body}"
+
+        if (options[:use_vnd]) 
+          begin
+            error_resp = JSON.parse(response.response_body)
+          rescue JSON::ParserError
+            error_resp = {"errors" => [{"title" => "Error parsing response JSON","details" => "No further information available. Please file a github issue at https://github.com/fastly/fastlyctl"}]}
+          end
+
+          error_resp["errors"].each do |e|
+            next unless e.key?("title") && e.key?("detail")
+            error += e["title"] + " --- " + e["detail"] + "\n"
+          end
+        else
+          error += "Message from API: #{response.response_body}"
+        end
 
         abort error
       end
 
-      return response.response_body if (response.headers["Content-Type"] != "application/json")
+      return response.response_body unless (response.headers["Content-Type"] =~ /json$/)
 
       if response.response_body.length > 1
         begin
@@ -161,7 +187,7 @@ module FastlyCTL
     end
 
     def self.upload_snippet(service,version,content,name)
-      return FastlyCTL::Fetcher.api_request(:put, "/service/#{service}/version/#{version}/snippet/#{name}", {:endpoint => :api, body: {
+      return FastlyCTL::Fetcher.api_request(:put, "/service/#{service}/version/#{version}/snippet/#{FastlyCTL::Utils.percent_encode(name)}", {:endpoint => :api, body: {
           content: content
         }
       })
@@ -178,7 +204,7 @@ module FastlyCTL
         end
       end
 
-      response = FastlyCTL::Fetcher.api_request(:put, "/service/#{service}/version/#{version}/vcl/#{name}", {:endpoint => :api, body: params, expected_responses: [200,404]})
+      response = FastlyCTL::Fetcher.api_request(:put, "/service/#{service}/version/#{version}/vcl/#{FastlyCTL::Utils.percent_encode(name)}", {:endpoint => :api, body: params, expected_responses: [200,404]})
 
       # The VCL got deleted so recreate it.
       if response["msg"] == "Record not found"

data/lib/fastlyctl/subcommand_patch.rb

@@ -0,0 +1,5 @@
+class SubCommandBase < Thor
+  def self.banner(command, namespace = nil, subcommand = false)
+  	basename + " " + self::SubcommandPrefix + " " + command.usage
+  end
+end

data/lib/fastlyctl/utils.rb

@@ -4,6 +4,10 @@ module FastlyCTL
       Launchy.open(FastlyCTL::FASTLY_APP + FastlyCTL::TANGO_PATH + id)
     end
 
+    def self.open_app_path(path)
+      Launchy.open(FastlyCTL::FASTLY_APP + path)
+    end
+
     def self.parse_directory(path=false)
       directory = Dir.pwd unless path
       directory = path if path
@@ -68,5 +72,21 @@ module FastlyCTL
 
       return diff
     end
+
+    def self.percent_encode(string)
+      # CGI.escape replace whitespace to "+" which is "%20" in a percent-encoding manner
+      CGI.escape(string).gsub('+', '%20')
+    end
+
+    def self.filter_vnd(haystack,needle)
+      results = []
+      haystack.each do |i|
+        next unless i["type"] == needle
+
+        results.push(i)
+      end
+
+      return results
+    end
   end
 end

data/lib/fastlyctl/version.rb

@@ -1,3 +1,3 @@
 module FastlyCTL
-  VERSION = "1.0.15"
+  VERSION = "1.0.16"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fastlyctl
 version: !ruby/object:Gem::Version
-  version: 1.0.15
+  version: 1.0.16
 platform: ruby
 authors:
 - Stephen Basile
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-11-06 00:00:00.000000000 Z
+date: 2020-01-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: typhoeus
@@ -72,6 +72,26 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 2.4.3
+- !ruby/object:Gem::Dependency
+  name: openssl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.1.2
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.1.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.1.2
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.1.2
 description: This gem provides a CLI for managing Fastly configurations
 email:
 - stephen@fastly.com
@@ -111,10 +131,13 @@ files:
 - lib/fastlyctl/commands/purge_all.rb
 - lib/fastlyctl/commands/skeleton.rb
 - lib/fastlyctl/commands/snippet.rb
+- lib/fastlyctl/commands/tls.rb
+- lib/fastlyctl/commands/tls/managed.rb
 - lib/fastlyctl/commands/token.rb
 - lib/fastlyctl/commands/upload.rb
 - lib/fastlyctl/commands/watch.rb
 - lib/fastlyctl/fetcher.rb
+- lib/fastlyctl/subcommand_patch.rb
 - lib/fastlyctl/utils.rb
 - lib/fastlyctl/version.rb
 homepage: http://www.github.com/fastly/fastlyctl