RubyGems - hippo-cli - Versions diffs - 1.1.0 → 1.1.1 - Mend

hippo-cli 1.1.0 → 1.1.1

Files changed (56) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/bin/hippo +4 -4
data/cli/apply_config.rb +1 -0
data/cli/apply_services.rb +1 -0
data/cli/console.rb +2 -0
data/cli/create.rb +83 -0
data/cli/deploy.rb +2 -0
data/cli/init.rb +1 -1
data/cli/install.rb +3 -1
data/cli/key.rb +34 -0
data/cli/kubectl.rb +2 -0
data/cli/logs.rb +56 -0
data/cli/objects.rb +50 -0
data/cli/package_install.rb +30 -0
data/cli/package_list.rb +40 -0
data/cli/package_notes.rb +23 -0
data/cli/package_test.rb +21 -0
data/cli/package_uninstall.rb +27 -0
data/cli/package_upgrade.rb +30 -0
data/cli/package_values.rb +22 -0
data/cli/prepare.rb +18 -0
data/cli/run.rb +37 -0
data/cli/secrets.rb +24 -0
data/cli/stages.rb +26 -0
data/cli/status.rb +25 -0
data/cli/vars.rb +20 -0
data/cli/version.rb +8 -0
data/lib/hippo.rb +12 -0
data/lib/hippo/bootstrap_parser.rb +64 -0
data/lib/hippo/cli.rb +47 -14
data/lib/hippo/extensions.rb +9 -0
data/lib/hippo/image.rb +35 -31
data/lib/hippo/manifest.rb +17 -7
data/lib/hippo/object_definition.rb +18 -5
data/lib/hippo/package.rb +124 -0
data/lib/hippo/repository_tag.rb +38 -0
data/lib/hippo/secret_manager.rb +61 -14
data/lib/hippo/stage.rb +60 -26
data/lib/hippo/util.rb +34 -0
data/lib/hippo/version.rb +1 -1
data/template/Hippofile +10 -2
metadata +44 -13
metadata.gz.sig +0 -0
data/cli/secrets_edit.rb +0 -34
data/cli/secrets_key.rb +0 -20
data/lib/hippo/secret.rb +0 -112
data/template/config/env-vars.yaml +0 -7
data/template/deployments/web.yaml +0 -29
data/template/deployments/worker.yaml +0 -26
data/template/jobs/deploy/db-migration.yaml +0 -22
data/template/jobs/install/load-schema.yaml +0 -22
data/template/services/main.ingress.yaml +0 -13
data/template/services/web.svc.yaml +0 -11
data/template/stages/production.yaml +0 -7

data/lib/hippo/extensions.rb ADDED Viewed

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+class Hash
+  def deep_merge(second)
+    merger = proc { |_, v1, v2| Hash === v1 && Hash === v2 ? v1.merge(v2, &merger) : Array === v1 && Array === v2 ? v1 | v2 : [:undefined, nil, :nil].include?(v2) ? v1 : v2 }
+    merge(second.to_h, &merger)
+  end
+end
+# From https://stackoverflow.com/questions/9381553/ruby-merge-nested-hash

data/lib/hippo/image.rb CHANGED Viewed

@@ -2,6 +2,7 @@
 require 'git'
 require 'net/http'
+require 'hippo/repository_tag'
 module Hippo
   class Image
@@ -12,63 +13,66 @@ module Hippo
     attr_reader :name
-    def url
-      @options['url']
+    def host
+      @options['host']
     end
-    def repository
-      @options['repository']
+    def image_name
+      @options['name']
     end
-    def template_vars
-      {
-        'url' => url,
-        'repository' => repository
-      }
+    def tag
+      @tag ||= begin
+        if @options['tag'].is_a?(Hash) && repo = @options['tag']['fromRepository']
+          RepositoryTag.new(repo)
+        elsif @options['tag'].nil?
+          'latest'
+        else
+          @options['tag'].to_s
+        end
+      end
     end
-    def commit_ref_for_branch(branch)
-      remote_refs.dig('branches', branch, :sha)
+    def image_url
+      "#{host}/#{image_name}:#{tag}"
     end
-    def image_path_for_branch(branch)
-      "#{url}:#{commit_ref_for_branch(branch)}"
+    def template_vars
+      @template_vars ||= {
+        'host' => host,
+        'name' => image_name,
+        'tag' => tag.to_s,
+        'url' => image_url
+      }
     end
-    def remote_refs
-      @remote_refs ||= begin
-        Git.ls_remote(repository)
-      end
+    def can_check_for_existence?
+      @options['existenceCheck'].nil? ||
+        @options['existenceCheck'] == true
     end
-    def exists_for_commit?(commit)
-      credentials = Hippo.config.dig('docker', 'credentials', registry_host)
+    def exists?
+      return true unless can_check_for_existence?
-      http = Net::HTTP.new(registry_host, 443)
+      credentials = Hippo.config.dig('docker', 'credentials', host)
+      http = Net::HTTP.new(host, 443)
       http.use_ssl = true
-      request = Net::HTTP::Head.new("/v2/#{registry_image_name}/manifests/#{commit}")
+      request = Net::HTTP::Head.new("/v2/#{image_name}/manifests/#{tag}")
       if credentials
         request.basic_auth(credentials['username'], credentials['password'])
       end
       response = http.request(request)
       case response
       when Net::HTTPOK
         true
       when Net::HTTPUnauthorized
-        raise Error, "Could not authenticate to #{registry_host} to verify image existence"
+        raise Error, "Could not authenticate to #{host} to verify image existence"
       when Net::HTTPNotFound
         false
       else
-        raise Error, "Got #{response.code} status when verifying imag existence with #{registry_host}"
+        raise Error, "Got #{response.code} status when verifying imag existence with #{host}"
       end
     end
-    def registry_host
-      url.split('/').first
-    end
-    def registry_image_name
-      url.split('/', 2).last
-    end
   end
 end

data/lib/hippo/manifest.rb CHANGED Viewed

@@ -36,21 +36,31 @@ module Hippo
       @options['console']
     end
+    def config
+      @options['config'] || {}
+    end
+    def bootstrap
+      @bootstrap ||= begin
+        bootstrap_file = File.join(@root, 'bootstrap.yaml')
+        if File.file?(bootstrap_file)
+          YAML.load_file(bootstrap_file)
+        else
+          {}
+        end
+      end
+    end
     def template_vars
       {
-        'name' => name,
-        'images' => images.each_with_object({}) { |(name, image), hash| hash[name.to_s] = image.template_vars }
+        'name' => name
       }
     end
     def images
       return {} unless @options['images'].is_a?(Hash)
-      @images ||= begin
-        @options['images'].each_with_object({}) do |(key, value), hash|
-          hash[key] = Image.new(key, value)
-        end
-      end
+      @options['images']
     end
     # Load all stages that are available in the manifest

data/lib/hippo/object_definition.rb CHANGED Viewed

@@ -7,11 +7,6 @@ module Hippo
     def initialize(object, stage, clean: false)
       @object = object
       @stage = stage
-      unless clean
-        insert_namespace!
-        insert_default_labels!
-      end
     end
     def [](name)
@@ -38,6 +33,24 @@ module Hippo
       @object.to_yaml
     end
+    def yaml_to_apply
+      object = ObjectDefinition.new(@object.dup, @stage)
+      object.insert_namespace!
+      object.insert_default_labels!
+      object.base64_encode_data! if kind == 'Secret'
+      object.yaml
+    end
+    def base64_encode_data!(object = @object['data'])
+      object.each do |key, value|
+        object[key] = if value.is_a?(Hash)
+                        base64_encode_data!(value)
+                      else
+                        Base64.encode64(value.to_s).gsub(/\n/, '').strip
+                      end
+      end
+    end
     def insert_namespace!
       metadata['namespace'] = @stage.namespace
     end

data/lib/hippo/package.rb ADDED Viewed

@@ -0,0 +1,124 @@
+# frozen_string_literal: true
+require 'hippo/cli'
+require 'hippo/extensions'
+module Hippo
+  class Package
+    def initialize(options, stage)
+      @options = options
+      @stage = stage
+    end
+    # Return the name of the package (i.e. the release name)
+    # and how this package will be referred.
+    #
+    # @return [String]
+    def name
+      @options['name']
+    end
+    # Return the name of the package to be installed.
+    # Including the registry.
+    #
+    # @return [String]
+    def package
+      @options['package']
+    end
+    # return values defined in the package's manifest file
+    #
+    # @return [Hash]
+    def values
+      @options['values']
+    end
+    # Compile a set of final values which should be used when
+    # upgrading and installing this package.
+    #
+    # @return [Hash]
+    def final_values
+      overrides = @stage.overridden_package_values[name]
+      values.deep_merge(overrides)
+    end
+    # Install this package
+    #
+    # @return [void]
+    def install
+      run_install_command('install')
+    end
+    # Upgrade this package
+    #
+    # @return [void]
+    def upgrade
+      run_install_command('upgrade', '--history-max', @options['max-revisions'] ? @options['max-revisions'].to_i.to_s : '5')
+    end
+    # Uninstall this packgae
+    #
+    # @return [void]
+    def uninstall
+      run(helm('uninstall', name))
+    end
+    # Is this release currently installed for the stage?
+    #
+    # @return [Boolean]
+    def installed?
+      secrets = @stage.get('secrets').map(&:name)
+      secrets.any? { |s| s.match(/\Ash\.helm\.release\.v\d+\.#{Regexp.escape(name)}\./) }
+    end
+    # Return the notes for this package
+    #
+    # @return [String]
+    def notes
+      run(helm('get', 'notes', name))
+    end
+    def helm(*commands)
+      command = ['helm']
+      command += ['--kube-context', @stage.context] if @stage.context
+      command += ['-n', @stage.namespace]
+      command += commands
+      command
+    end
+    private
+    def install_command(verb, *additional)
+      helm(verb, name, package, '-f', '-', *additional)
+    end
+    def run_install_command(verb, *additional)
+      run(install_command(verb, *additional), stdin: final_values.to_yaml)
+      true
+    end
+    def run(command, stdin: nil)
+      stdout, stderr, status = Open3.capture3(*command, stdin_data: stdin)
+      raise Error, "[helm] #{stderr}" unless status.success?
+      stdout
+    end
+    class << self
+      def setup_from_cli_context(context)
+        cli = Hippo::CLI.setup(context)
+        package_name = context.options[:package]
+        if package_name.nil? || package_name.empty?
+          raise Error, 'A package name must be provided in -p or --package'
+        end
+        package = cli.stage.packages[package_name]
+        if package.nil?
+          raise Error, "No package named '#{package_name}' has been defined"
+        end
+        [package, cli]
+      end
+    end
+  end
+end

data/lib/hippo/repository_tag.rb ADDED Viewed

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+module Hippo
+  class RepositoryTag
+    def initialize(options)
+      @options = options
+    end
+    def branch
+      @options['branch'] || 'master'
+    end
+    def tag
+      @tag ||= commit_ref_for_branch(branch)
+    end
+    def to_s
+      tag
+    end
+    private
+    def commit_ref_for_branch(branch)
+      return nil if remote_refs.nil?
+      remote_refs.dig('branches', branch, :sha)
+    end
+    def remote_refs
+      return nil if @options['url'].nil?
+      @remote_refs ||= begin
+        puts "Getting remote refs from #{@options['url']}"
+        Git.ls_remote(@options['url'])
+      end
+    end
+  end
+end

data/lib/hippo/secret_manager.rb CHANGED Viewed

@@ -3,7 +3,6 @@
 require 'encryptor'
 require 'openssl'
 require 'base64'
-require 'hippo/secret'
 module Hippo
   class SecretManager
@@ -15,8 +14,8 @@ module Hippo
     CIPHER = OpenSSL::Cipher.new('aes-256-gcm')
-    def root
-      File.join(@stage.manifest.root, 'secrets', @stage.name)
+    def path
+      File.join(@stage.manifest.root, 'secrets', @stage.name + '.yaml')
     end
     def secret(name)
@@ -69,9 +68,9 @@ module Hippo
                                   'kind' => 'Secret',
                                   'type' => 'hippo.adam.ac/secret-encryption-key',
                                   'metadata' => { 'name' => 'hippo-secret-key' },
-                                  'data' => { 'key' => Base64.encode64(secret_key64).gsub("\n", '').strip }
+                                  'data' => { 'key' => secret_key64 }
                                 }, @stage)
-      @stage.apply(od)
+      @stage.apply([od])
       @key = secret_key
     end
@@ -85,11 +84,11 @@ module Hippo
       iv = CIPHER.random_iv
       salt = SecureRandom.random_bytes(16)
       encrypted_value = Encryptor.encrypt(value: value.to_s, key: @key, iv: iv, salt: salt)
-      'encrypted:' + Base64.encode64([
+      Base64.encode64([
         Base64.encode64(encrypted_value),
         Base64.encode64(salt),
         Base64.encode64(iv)
-      ].join('---')).gsub("\n", '')
+      ].join('---'))
     end
     # Decrypt the given value value and return it
@@ -97,14 +96,62 @@ module Hippo
     # @param value [String]
     # @return [String]
     def decrypt(value)
-      value = value.to_s
-      if value =~ /\Aencrypted:(.*)/
-        value = Base64.decode64(Regexp.last_match(1))
-        encrypted_value, salt, iv = value.split('---', 3).map { |s| Base64.decode64(s) }
-        Encryptor.decrypt(value: encrypted_value, key: @key, iv: iv, salt: salt).to_s
-      else
-        value
+      value = Base64.decode64(value.to_s)
+      encrypted_value, salt, iv = value.split('---', 3).map { |s| Base64.decode64(s) }
+      Encryptor.decrypt(value: encrypted_value, key: @key, iv: iv, salt: salt).to_s
+    end
+    # Does a secrets file exist for this application.
+    #
+    # @return [Boolean]
+    def exists?
+      File.file?(path)
+    end
+    # Create an empty encrypted example secret file
+    #
+    # @return [void]
+    def create
+      unless key_available?
+        raise Error, 'Cannot create secret file because no key is available for encryption'
+      end
+      return if exists?
+      yaml = { 'example' => 'This is an example secret!' }.to_yaml
+      FileUtils.mkdir_p(File.dirname(path))
+      File.open(path, 'w') { |f| f.write(encrypt(yaml)) }
+    end
+    def edit
+      create unless exists?
+      unless key_available?
+        raise Error, 'Cannot create edit file because no key is available for decryption'
+      end
+      contents = decrypt(File.read(path))
+      contents = Util.open_in_editor('secret', contents)
+      write_file(contents)
+    end
+    def write_file(contents)
+      FileUtils.mkdir_p(File.dirname(path))
+      File.open(path, 'w') { |f| f.write(encrypt(contents)) }
+    end
+    def all
+      @all ||= begin
+        return {} unless exists?
+        unless key_available?
+          raise Error, 'No encryption key is available to decrypt secrets'
+        end
+        YAML.safe_load(decrypt(File.read(path)))
       end
+    rescue Psych::SyntaxError => e
+      raise Error, "Could not parse secrets file: #{e.message}"
     end
   end
 end