RubyGems - hippo-cli - Versions diffs - 1.1.0 → 1.1.1 - Mend

hippo-cli 1.1.0 → 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (56) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/bin/hippo +4 -4
data/cli/apply_config.rb +1 -0
data/cli/apply_services.rb +1 -0
data/cli/console.rb +2 -0
data/cli/create.rb +83 -0
data/cli/deploy.rb +2 -0
data/cli/init.rb +1 -1
data/cli/install.rb +3 -1
data/cli/key.rb +34 -0
data/cli/kubectl.rb +2 -0
data/cli/logs.rb +56 -0
data/cli/objects.rb +50 -0
data/cli/package_install.rb +30 -0
data/cli/package_list.rb +40 -0
data/cli/package_notes.rb +23 -0
data/cli/package_test.rb +21 -0
data/cli/package_uninstall.rb +27 -0
data/cli/package_upgrade.rb +30 -0
data/cli/package_values.rb +22 -0
data/cli/prepare.rb +18 -0
data/cli/run.rb +37 -0
data/cli/secrets.rb +24 -0
data/cli/stages.rb +26 -0
data/cli/status.rb +25 -0
data/cli/vars.rb +20 -0
data/cli/version.rb +8 -0
data/lib/hippo.rb +12 -0
data/lib/hippo/bootstrap_parser.rb +64 -0
data/lib/hippo/cli.rb +47 -14
data/lib/hippo/extensions.rb +9 -0
data/lib/hippo/image.rb +35 -31
data/lib/hippo/manifest.rb +17 -7
data/lib/hippo/object_definition.rb +18 -5
data/lib/hippo/package.rb +124 -0
data/lib/hippo/repository_tag.rb +38 -0
data/lib/hippo/secret_manager.rb +61 -14
data/lib/hippo/stage.rb +60 -26
data/lib/hippo/util.rb +34 -0
data/lib/hippo/version.rb +1 -1
data/template/Hippofile +10 -2
metadata +44 -13
metadata.gz.sig +0 -0
data/cli/secrets_edit.rb +0 -34
data/cli/secrets_key.rb +0 -20
data/lib/hippo/secret.rb +0 -112
data/template/config/env-vars.yaml +0 -7
data/template/deployments/web.yaml +0 -29
data/template/deployments/worker.yaml +0 -26
data/template/jobs/deploy/db-migration.yaml +0 -22
data/template/jobs/install/load-schema.yaml +0 -22
data/template/services/main.ingress.yaml +0 -13
data/template/services/web.svc.yaml +0 -11
data/template/stages/production.yaml +0 -7

data/lib/hippo/extensions.rb ADDED Viewed

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+class Hash
+  def deep_merge(second)
+    merger = proc { |_, v1, v2| Hash === v1 && Hash === v2 ? v1.merge(v2, &merger) : Array === v1 && Array === v2 ? v1 | v2 : [:undefined, nil, :nil].include?(v2) ? v1 : v2 }
+    merge(second.to_h, &merger)
+  end
+end
+# From https://stackoverflow.com/questions/9381553/ruby-merge-nested-hash

data/lib/hippo/image.rb CHANGED Viewed

@@ -2,6 +2,7 @@
 require 'git'
 require 'net/http'
+require 'hippo/repository_tag'
 module Hippo
   class Image
@@ -12,63 +13,66 @@ module Hippo
     attr_reader :name
-    def url
-      @options['url']
+    def host
+      @options['host']
     end
-    def repository
-      @options['repository']
+    def image_name
+      @options['name']
     end
-    def template_vars
-      {
-        'url' => url,
-        'repository' => repository
-      }
+    def tag
+      @tag ||= begin
+        if @options['tag'].is_a?(Hash) && repo = @options['tag']['fromRepository']
+          RepositoryTag.new(repo)
+        elsif @options['tag'].nil?
+          'latest'
+        else
+          @options['tag'].to_s
+        end
+      end
     end
-    def commit_ref_for_branch(branch)
-      remote_refs.dig('branches', branch, :sha)
+    def image_url
+      "#{host}/#{image_name}:#{tag}"
     end
-    def image_path_for_branch(branch)
-      "#{url}:#{commit_ref_for_branch(branch)}"
+    def template_vars
+      @template_vars ||= {
+        'host' => host,
+        'name' => image_name,
+        'tag' => tag.to_s,
+        'url' => image_url
+      }
     end
-    def remote_refs
-      @remote_refs ||= begin
-        Git.ls_remote(repository)
-      end
+    def can_check_for_existence?
+      @options['existenceCheck'].nil? ||
+        @options['existenceCheck'] == true
     end
-    def exists_for_commit?(commit)
-      credentials = Hippo.config.dig('docker', 'credentials', registry_host)
+    def exists?
+      return true unless can_check_for_existence?
-      http = Net::HTTP.new(registry_host, 443)
+      credentials = Hippo.config.dig('docker', 'credentials', host)
+      http = Net::HTTP.new(host, 443)
       http.use_ssl = true
-      request = Net::HTTP::Head.new("/v2/#{registry_image_name}/manifests/#{commit}")
+      request = Net::HTTP::Head.new("/v2/#{image_name}/manifests/#{tag}")
       if credentials
         request.basic_auth(credentials['username'], credentials['password'])
       end
       response = http.request(request)
       case response
       when Net::HTTPOK
         true
       when Net::HTTPUnauthorized
-        raise Error, "Could not authenticate to #{registry_host} to verify image existence"
+        raise Error, "Could not authenticate to #{host} to verify image existence"
       when Net::HTTPNotFound
         false
       else
-        raise Error, "Got #{response.code} status when verifying imag existence with #{registry_host}"
+        raise Error, "Got #{response.code} status when verifying imag existence with #{host}"
       end
     end
-    def registry_host
-      url.split('/').first
-    end
-    def registry_image_name
-      url.split('/', 2).last
-    end
   end
 end

data/lib/hippo/manifest.rb CHANGED Viewed

@@ -36,21 +36,31 @@ module Hippo
       @options['console']
     end
+    def config
+      @options['config'] || {}
+    end
+    def bootstrap
+      @bootstrap ||= begin
+        bootstrap_file = File.join(@root, 'bootstrap.yaml')
+        if File.file?(bootstrap_file)
+          YAML.load_file(bootstrap_file)
+        else
+          {}
+        end
+      end
+    end
     def template_vars
       {
-        'name' => name,
-        'images' => images.each_with_object({}) { |(name, image), hash| hash[name.to_s] = image.template_vars }
+        'name' => name
       }
     end
     def images
       return {} unless @options['images'].is_a?(Hash)
-      @images ||= begin
-        @options['images'].each_with_object({}) do |(key, value), hash|
-          hash[key] = Image.new(key, value)
-        end
-      end
+      @options['images']
     end
     # Load all stages that are available in the manifest

data/lib/hippo/object_definition.rb CHANGED Viewed

@@ -7,11 +7,6 @@ module Hippo
     def initialize(object, stage, clean: false)
       @object = object
       @stage = stage
-      unless clean
-        insert_namespace!
-        insert_default_labels!
-      end
     end
     def [](name)
@@ -38,6 +33,24 @@ module Hippo
       @object.to_yaml
     end
+    def yaml_to_apply
+      object = ObjectDefinition.new(@object.dup, @stage)
+      object.insert_namespace!
+      object.insert_default_labels!
+      object.base64_encode_data! if kind == 'Secret'
+      object.yaml
+    end
+    def base64_encode_data!(object = @object['data'])
+      object.each do |key, value|
+        object[key] = if value.is_a?(Hash)
+                        base64_encode_data!(value)
+                      else
+                        Base64.encode64(value.to_s).gsub(/\n/, '').strip
+                      end
+      end
+    end
     def insert_namespace!
       metadata['namespace'] = @stage.namespace
     end

data/lib/hippo/package.rb ADDED Viewed

@@ -0,0 +1,124 @@
+# frozen_string_literal: true
+require 'hippo/cli'
+require 'hippo/extensions'
+module Hippo
+  class Package
+    def initialize(options, stage)
+      @options = options
+      @stage = stage
+    end
+    # Return the name of the package (i.e. the release name)
+    # and how this package will be referred.
+    #
+    # @return [String]
+    def name
+      @options['name']
+    end
+    # Return the name of the package to be installed.
+    # Including the registry.
+    #
+    # @return [String]
+    def package
+      @options['package']
+    end
+    # return values defined in the package's manifest file
+    #
+    # @return [Hash]
+    def values
+      @options['values']
+    end
+    # Compile a set of final values which should be used when
+    # upgrading and installing this package.
+    #
+    # @return [Hash]
+    def final_values
+      overrides = @stage.overridden_package_values[name]
+      values.deep_merge(overrides)
+    end
+    # Install this package
+    #
+    # @return [void]
+    def install
+      run_install_command('install')
+    end
+    # Upgrade this package
+    #
+    # @return [void]
+    def upgrade
+      run_install_command('upgrade', '--history-max', @options['max-revisions'] ? @options['max-revisions'].to_i.to_s : '5')
+    end
+    # Uninstall this packgae
+    #
+    # @return [void]
+    def uninstall
+      run(helm('uninstall', name))
+    end
+    # Is this release currently installed for the stage?
+    #
+    # @return [Boolean]
+    def installed?
+      secrets = @stage.get('secrets').map(&:name)
+      secrets.any? { |s| s.match(/\Ash\.helm\.release\.v\d+\.#{Regexp.escape(name)}\./) }
+    end
+    # Return the notes for this package
+    #
+    # @return [String]
+    def notes
+      run(helm('get', 'notes', name))
+    end
+    def helm(*commands)
+      command = ['helm']
+      command += ['--kube-context', @stage.context] if @stage.context
+      command += ['-n', @stage.namespace]
+      command += commands
+      command
+    end
+    private
+    def install_command(verb, *additional)
+      helm(verb, name, package, '-f', '-', *additional)
+    end
+    def run_install_command(verb, *additional)
+      run(install_command(verb, *additional), stdin: final_values.to_yaml)
+      true
+    end
+    def run(command, stdin: nil)
+      stdout, stderr, status = Open3.capture3(*command, stdin_data: stdin)
+      raise Error, "[helm] #{stderr}" unless status.success?
+      stdout
+    end
+    class << self
+      def setup_from_cli_context(context)
+        cli = Hippo::CLI.setup(context)
+        package_name = context.options[:package]
+        if package_name.nil? || package_name.empty?
+          raise Error, 'A package name must be provided in -p or --package'
+        end
+        package = cli.stage.packages[package_name]
+        if package.nil?
+          raise Error, "No package named '#{package_name}' has been defined"
+        end
+        [package, cli]
+      end
+    end
+  end
+end

data/lib/hippo/repository_tag.rb ADDED Viewed

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+module Hippo
+  class RepositoryTag
+    def initialize(options)
+      @options = options
+    end
+    def branch
+      @options['branch'] || 'master'
+    end
+    def tag
+      @tag ||= commit_ref_for_branch(branch)
+    end
+    def to_s
+      tag
+    end
+    private
+    def commit_ref_for_branch(branch)
+      return nil if remote_refs.nil?
+      remote_refs.dig('branches', branch, :sha)
+    end
+    def remote_refs
+      return nil if @options['url'].nil?
+      @remote_refs ||= begin
+        puts "Getting remote refs from #{@options['url']}"
+        Git.ls_remote(@options['url'])
+      end
+    end
+  end
+end

data/lib/hippo/secret_manager.rb CHANGED Viewed

@@ -3,7 +3,6 @@
 require 'encryptor'
 require 'openssl'
 require 'base64'
-require 'hippo/secret'
 module Hippo
   class SecretManager
@@ -15,8 +14,8 @@ module Hippo
     CIPHER = OpenSSL::Cipher.new('aes-256-gcm')
-    def root
-      File.join(@stage.manifest.root, 'secrets', @stage.name)
+    def path
+      File.join(@stage.manifest.root, 'secrets', @stage.name + '.yaml')
     end
     def secret(name)
@@ -69,9 +68,9 @@ module Hippo
                                   'kind' => 'Secret',
                                   'type' => 'hippo.adam.ac/secret-encryption-key',
                                   'metadata' => { 'name' => 'hippo-secret-key' },
-                                  'data' => { 'key' => Base64.encode64(secret_key64).gsub("\n", '').strip }
+                                  'data' => { 'key' => secret_key64 }
                                 }, @stage)
-      @stage.apply(od)
+      @stage.apply([od])
       @key = secret_key
     end
@@ -85,11 +84,11 @@ module Hippo
       iv = CIPHER.random_iv
       salt = SecureRandom.random_bytes(16)
       encrypted_value = Encryptor.encrypt(value: value.to_s, key: @key, iv: iv, salt: salt)
-      'encrypted:' + Base64.encode64([
+      Base64.encode64([
         Base64.encode64(encrypted_value),
         Base64.encode64(salt),
         Base64.encode64(iv)
-      ].join('---')).gsub("\n", '')
+      ].join('---'))
     end
     # Decrypt the given value value and return it
@@ -97,14 +96,62 @@ module Hippo
     # @param value [String]
     # @return [String]
     def decrypt(value)
-      value = value.to_s
-      if value =~ /\Aencrypted:(.*)/
-        value = Base64.decode64(Regexp.last_match(1))
-        encrypted_value, salt, iv = value.split('---', 3).map { |s| Base64.decode64(s) }
-        Encryptor.decrypt(value: encrypted_value, key: @key, iv: iv, salt: salt).to_s
-      else
-        value
+      value = Base64.decode64(value.to_s)
+      encrypted_value, salt, iv = value.split('---', 3).map { |s| Base64.decode64(s) }
+      Encryptor.decrypt(value: encrypted_value, key: @key, iv: iv, salt: salt).to_s
+    end
+    # Does a secrets file exist for this application.
+    #
+    # @return [Boolean]
+    def exists?
+      File.file?(path)
+    end
+    # Create an empty encrypted example secret file
+    #
+    # @return [void]
+    def create
+      unless key_available?
+        raise Error, 'Cannot create secret file because no key is available for encryption'
+      end
+      return if exists?
+      yaml = { 'example' => 'This is an example secret!' }.to_yaml
+      FileUtils.mkdir_p(File.dirname(path))
+      File.open(path, 'w') { |f| f.write(encrypt(yaml)) }
+    end
+    def edit
+      create unless exists?
+      unless key_available?
+        raise Error, 'Cannot create edit file because no key is available for decryption'
+      end
+      contents = decrypt(File.read(path))
+      contents = Util.open_in_editor('secret', contents)
+      write_file(contents)
+    end
+    def write_file(contents)
+      FileUtils.mkdir_p(File.dirname(path))
+      File.open(path, 'w') { |f| f.write(encrypt(contents)) }
+    end
+    def all
+      @all ||= begin
+        return {} unless exists?
+        unless key_available?
+          raise Error, 'No encryption key is available to decrypt secrets'
+        end
+        YAML.safe_load(decrypt(File.read(path)))
       end
+    rescue Psych::SyntaxError => e
+      raise Error, "Could not parse secrets file: #{e.message}"
     end
   end
 end