hippo-cli 1.0.1 → 1.1.0

data/lib/hippo/secret_manager.rb

@@ -1,41 +1,32 @@
 # frozen_string_literal: true
 
+require 'encryptor'
+require 'openssl'
 require 'base64'
 require 'hippo/secret'
 
 module Hippo
   class SecretManager
-    attr_reader :recipe
     attr_reader :stage
-    attr_reader :key
+
+    def initialize(stage)
+      @stage = stage
+    end
 
     CIPHER = OpenSSL::Cipher.new('aes-256-gcm')
 
-    def initialize(recipe, stage)
-      @recipe = recipe
-      @stage = stage
+    def root
+      File.join(@stage.manifest.root, 'secrets', @stage.name)
     end
 
-    # Generate and publish a new secret key to the Kubernetes API.
-    #
-    # @return [void]
-    def create_key
-      if key_available?
-        raise Hippo::Error, 'A key already exists on Kubernetes. Remove this first.'
-      end
+    def secret(name)
+      Secret.new(self, name)
+    end
 
-      CIPHER.encrypt
-      secret_key = CIPHER.random_key
-      secret_key64 = Base64.encode64(secret_key).gsub("\n", '').strip
-      object = {
-        'apiVersion' => 'v1',
-        'kind' => 'Secret',
-        'type' => 'hippo.adam.ac/secret-encryption-key',
-        'metadata' => { 'name' => 'hippo-secret-key', 'namespace' => @stage.namespace },
-        'data' => { 'key' => Base64.encode64(secret_key64).gsub("\n", '').strip }
-      }
-      @recipe.kubernetes.apply_with_kubectl(@stage, object.to_yaml)
-      @key = secret_key
+    def secrets
+      Dir[File.join(root, '*.{yml,yaml}')].map do |path|
+        secret(path.split('/').last.sub(/\.ya?ml\z/, ''))
+      end
     end
 
     # Download the current key from the Kubernetes API and set it as the
@@ -45,7 +36,7 @@ module Hippo
     def download_key
       return if @key
 
-      value = @recipe.kubernetes.get_with_kubectl(@stage, 'secret', 'hippo-secret-key').first
+      value = @stage.get('secret', 'hippo-secret-key').first
       return if value.nil?
       return if value.dig('data', 'key').nil?
 
@@ -54,22 +45,42 @@ module Hippo
       raise unless e.message =~ /not found/
     end
 
+    # Is there a key availale in this manager?
+    #
+    # @return [Boolean]
     def key_available?
       download_key
       !@key.nil?
     end
 
-    def secret(name)
-      Secret.new(self, name)
-    end
-
-    def secrets
-      Dir[File.join('secrets', @stage.name, '**', '*.{yml,yaml}')].map do |path|
-        secret(path.split('/').last.sub(/\.ya?ml\z/, ''))
+    # Generate and publish a new secret key to the Kubernetes API.
+    #
+    # @return [void]
+    def create_key
+      if key_available?
+        raise Hippo::Error, 'A key already exists on Kubernetes. Remove this first.'
       end
+
+      CIPHER.encrypt
+      secret_key = CIPHER.random_key
+      secret_key64 = Base64.encode64(secret_key).gsub("\n", '').strip
+      od = ObjectDefinition.new({
+                                  'apiVersion' => 'v1',
+                                  'kind' => 'Secret',
+                                  'type' => 'hippo.adam.ac/secret-encryption-key',
+                                  'metadata' => { 'name' => 'hippo-secret-key' },
+                                  'data' => { 'key' => Base64.encode64(secret_key64).gsub("\n", '').strip }
+                                }, @stage)
+      @stage.apply(od)
+      @key = secret_key
     end
 
+    # Encrypt a given value?
     def encrypt(value)
+      unless key_available?
+        raise Error, 'Cannot encrypt values because there is no key'
+      end
+
       CIPHER.encrypt
       iv = CIPHER.random_iv
       salt = SecureRandom.random_bytes(16)

data/lib/hippo/stage.rb

@@ -1,8 +1,15 @@
 # frozen_string_literal: true
 
+require 'liquid'
+require 'open3'
+require 'hippo/secret_manager'
+
 module Hippo
   class Stage
-    def initialize(options)
+    attr_reader :manifest
+
+    def initialize(manifest, options)
+      @manifest = manifest
       @options = options
     end
 
@@ -22,24 +29,167 @@ module Hippo
       @options['context']
     end
 
+    def vars
+      @options['vars']
+    end
+
+    # These are the vars to represent this
     def template_vars
       {
         'name' => name,
         'branch' => branch,
         'namespace' => namespace,
-        'vars' => @options['vars'] || {}
+        'context' => context,
+        'images' => @manifest.images.values.each_with_object({}) { |image, hash| hash[image.name] = image.image_path_for_branch(branch) },
+        'vars' => vars
       }
     end
 
-    def kubectl(*command)
-      (kubectl_base_command + command).join(' ')
+    # Return a new decorator object that can be passed to objects that
+    # would like to decorator things.
+    def decorator
+      proc do |data|
+        template = Liquid::Template.parse(data)
+        template.render(
+          'stage' => template_vars,
+          'manifest' => @manifest.template_vars
+        )
+      end
+    end
+
+    def objects(path)
+      @manifest.objects(path, decorator: decorator)
+    end
+
+    def secret_manager
+      @secret_manager ||= SecretManager.new(self)
+    end
+
+    # Return an array of all deployments for this stage
+    #
+    # @return [Hash<String,Hippo::ObjectDefinition>]
+    def deployments
+      Util.create_object_definitions(objects('deployments'), self, required_kinds: ['Deployment'])
+    end
+
+    # Return an array of all services/ingresses for this stage
+    #
+    # @return [Hash<String,Hippo::ObjectDefinition>]
+    def services
+      Util.create_object_definitions(objects('services'), self, required_kinds: %w[Service Ingress NetworkPolicy])
+    end
+
+    # Return an array of all configuration objects
+    #
+    # @return [Hash<String,Hippo::ObjectDefinition>]
+    def configs
+      Util.create_object_definitions(objects('config'), self)
+    end
+
+    # Return an array of all job objects
+    #
+    # @return [Hash<String,Hippo::ObjectDefinition>]
+    def jobs(type)
+      Util.create_object_definitions(objects("jobs/#{type}"), self)
     end
 
-    def kubectl_base_command
+    # Return a kubectl command ready for use within this stage's
+    # namespace and context
+    #
+    # @return [Array<String>]
+    def kubectl(*commands)
+      prefix = ['kubectl']
+      prefix += ['--context', context] if context
+      prefix += ['-n', namespace]
+      prefix + commands
+    end
+
+    # Apply a series of objecst with
+    #
+    # @param objects [Array<Hippo::ObjectDefinition>]
+    # @return [Hash]
+    def apply(objects)
+      yaml_to_apply = objects.map(&:yaml).join("\n")
+
       command = ['kubectl']
       command += ['--context', context] if context
-      command += ['-n', namespace]
-      command
+      command += ['apply', '-f', '-']
+      Open3.popen3(command.join(' ')) do |stdin, stdout, stderr, wt|
+        stdin.puts yaml_to_apply
+        stdin.close
+
+        stdout = stdout.read.strip
+        stderr = stderr.read.strip
+
+        if wt.value.success?
+          stdout.split("\n").each_with_object({}) do |line, hash|
+            next unless line =~ %r{\A([\w\/\-\.]+) (\w+)\z}
+
+            object = Regexp.last_match(1)
+            status = Regexp.last_match(2)
+            hash[object] = status
+
+            status = "\e[32m#{status}\e[0m" unless status == 'unchanged'
+            puts "\e[37m====> #{object} #{status}\e[0m"
+          end
+        else
+          raise Error, "[kubectl] #{stderr}"
+        end
+      end
+    end
+
+    # Get some data from the kubernetes API
+    #
+    # @param names [Array<String>]
+    # @return [Array<Hippo::ObjectDefinition>]
+    def get(*names)
+      command = kubectl('get', '-o', 'yaml', *names)
+      Open3.popen3(*command) do |_, stdout, stderr, wt|
+        raise Error, "[kutectl] #{stderr.read}" unless wt.value.success?
+
+        yaml = YAML.safe_load(stdout.read, permitted_classes: [Time])
+        yaml = yaml['items'] || [yaml]
+        yaml.map { |y| ObjectDefinition.new(y, self, clean: true) }
+      end
+    end
+
+    # Delete an object from the kubernetes API
+    #
+    # @param names [Array<String>]
+    # @return [Boolean]
+    def delete(*names)
+      command = kubectl('delete', *names)
+      Open3.popen3(*command) do |_, stdout, stderr, wt|
+        if wt.value.success?
+          stdout.read.split("\n").each do |line|
+            puts "\e[37m====> #{line}\e[0m"
+          end
+          true
+        else
+          stderr = stderr.read
+          if stderr =~ /\" not found$/
+            false
+          else
+            raise Error, "[kutectl] #{stderr}"
+          end
+        end
+      end
+    end
+
+    # Wait for the named jobs to complete
+    def wait_for_jobs(names, times = 120)
+      jobs = nil
+      times.times do
+        jobs = get(*names)
+
+        if jobs.all? { |j| j['status']['active'].nil? }
+          return [false, jobs]
+        else
+          sleep 2
+        end
+      end
+
+      [true, jobs]
     end
   end
 end

data/lib/hippo/util.rb

@@ -1,49 +1,72 @@
 # frozen_string_literal: true
 
+require 'yaml'
 require 'hippo/error'
-require 'hippo/yaml_part'
+require 'hippo/object_definition'
 
 module Hippo
   module Util
-    def load_yaml_from_path(path)
-      return nil if path.nil?
-      return nil unless File.file?(path)
+    class << self
+      def load_yaml_from_file(path, decorator: nil)
+        raise Error, "No file found at #{path} to load" unless File.file?(path)
 
-      data = File.read(path)
-      load_yaml_from_data(data, path)
-    end
+        file = File.read(path)
+        load_yaml_from_data(file, path: path, decorator: decorator)
+      end
+
+      def load_yaml_from_data(data, path: nil, decorator: nil)
+        data = decorator.call(data) if decorator
 
-    def load_yaml_from_data(data, path = nil)
-      parts = data.split(/^\-\-\-$/)
-      parts.each_with_index.map do |part, index|
-        YAMLPart.new(part, path, index)
+        parts = data.split(/^\-\-\-\s*$/)
+        parts.each_with_index.each_with_object([]) do |(p, i), array|
+          begin
+            yaml = YAML.safe_load(p)
+            next unless yaml.is_a?(Hash)
+
+            array << yaml
+          rescue Psych::SyntaxError => e
+            raise Error, e.message.sub('(<unknown>): ', "(#{path}[#{i}]): ")
+          end
+        end
       end
-    end
 
-    def load_yaml_from_directory(path)
-      return [] if path.nil?
-      return [] unless File.directory?(path)
+      def create_object_definitions(hash, stage, required_kinds: nil, clean: false)
+        index = 0
+        hash.each_with_object([]) do |(path, objects), array|
+          objects.each_with_index do |object, inner_index|
+            od = ObjectDefinition.new(object, stage, clean: clean)
 
-      Dir[File.join(path, '*.{yaml,yml}')].sort.each_with_object([]) do |path, array|
-        yaml = load_yaml_from_path(path)
-        next if yaml.nil?
+            if od.name.nil?
+              raise Error, "All object defintions must have a name. Missing metadata.name for object in #{path} at index #{inner_index}"
+            end
 
-        array << yaml
-      end.flatten
-    end
+            if od.kind.nil?
+              raise Error, "All object definitions must have a kind defined. Check #{path} at index #{inner_index}"
+            end
+
+            if required_kinds && !required_kinds.include?(od.kind)
+              raise Error, "Kind '#{od.kind}' cannot be defined in #{path} at index #{inner_index}. Only kinds #{required_kinds} are permitted."
+            end
+
+            array << od
+            index += 1
+          end
+        end
+      end
 
-    def open_in_editor(name, contents)
-      tmp_root = File.join(ENV['HOME'], '.hippo')
-      FileUtils.mkdir_p(tmp_root)
-      begin
-        tmpfile = Tempfile.new([name, '.yaml'], tmp_root)
-        tmpfile.write(contents)
-        tmpfile.close
-        system("#{ENV['EDITOR']} #{tmpfile.path}")
-        tmpfile.open
-        tmpfile.read
-      ensure
-        tmpfile.unlink
+      def open_in_editor(name, contents)
+        tmp_root = File.join(ENV['HOME'], '.hippo')
+        FileUtils.mkdir_p(tmp_root)
+        begin
+          tmpfile = Tempfile.new([name, '.yaml'], tmp_root)
+          tmpfile.write(contents)
+          tmpfile.close
+          system("#{ENV['EDITOR']} #{tmpfile.path}")
+          tmpfile.open
+          tmpfile.read
+        ensure
+          tmpfile.unlink
+        end
       end
     end
   end

data/lib/hippo/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Hippo
-  VERSION = '1.0.1'
+  VERSION = '1.1.0'
 end

data/template/Hippofile

@@ -3,17 +3,16 @@
 # In here you configure how you wish to build, publish and
 # deploy your application using Docker & Kubernetes.
 
-# Where is the application that you wish to deploy hosted?
-repository:
-  url: git@github.com:username/repo
+name: myapp
 
-# You can request multiple builds from the same repository to be built if
-# required. In most cases you'll probably only need one. You can reference
-# these in your Kubernetes objects to specify image details in PodSpecs.
-builds:
-  app:
-    dockerfile: Dockerfile
-    # This is the name of the image where the built-image should be uploaded
-    # to when build. You should not include any tag after the name. The
-    # commit ref that you're building will be automatically added.
-    image-name: myorg/myapp
+images:
+  main:
+    repository: git@github.com:myorg/myapp
+    url: myorg/myapp
+
+# If you wish, you can define a console command that allows you to easil
+# open a console using `hippo [stage] console`
+#
+# console:
+#  deployment: worker
+#  command: bundle exec rails console