RubyGems - kontena-cli - Versions diffs - 0.15.5 → 0.16.0.pre1 - Mend

kontena-cli 0.15.5 → 0.16.0.pre1

Files changed (207) hide show

checksums.yaml +4 -4
data/Dockerfile +0 -3
data/Gemfile +3 -0
data/LOGO +8 -0
data/VERSION +1 -1
data/kontena-cli.gemspec +2 -3
data/lib/kontena/callback.rb +57 -0
data/lib/kontena/callbacks/.gitkeep +0 -0
data/lib/kontena/callbacks/auth/01_list_and_select_grid_after_master_auth.rb +27 -0
data/lib/kontena/callbacks/master/01_clear_current_master_after_terminate.rb +20 -0
data/lib/kontena/callbacks/master/deploy/01_show_logo_before_deploy.rb +15 -0
data/lib/kontena/callbacks/master/deploy/05_before_deploy_configuration_wizard.rb +124 -0
data/lib/kontena/callbacks/master/deploy/50_authenticate_after_deploy.rb +53 -0
data/lib/kontena/callbacks/master/deploy/55_create_initial_grid_after_deploy.rb +32 -0
data/lib/kontena/callbacks/master/deploy/60_configure_auth_provider_after_deploy.rb +49 -0
data/lib/kontena/callbacks/master/deploy/90_suggest_inviting_yourself_after_deploy.rb +24 -0
data/lib/kontena/cli/app_command.rb +2 -1
data/lib/kontena/cli/apps/build_command.rb +1 -1
data/lib/kontena/cli/apps/common.rb +6 -1
data/lib/kontena/cli/apps/config_command.rb +1 -1
data/lib/kontena/cli/apps/deploy_command.rb +1 -1
data/lib/kontena/cli/apps/init_command.rb +3 -5
data/lib/kontena/cli/apps/list_command.rb +1 -1
data/lib/kontena/cli/apps/logs_command.rb +1 -1
data/lib/kontena/cli/apps/monitor_command.rb +1 -1
data/lib/kontena/cli/apps/remove_command.rb +2 -3
data/lib/kontena/cli/apps/restart_command.rb +1 -1
data/lib/kontena/cli/apps/scale_command.rb +1 -1
data/lib/kontena/cli/apps/show_command.rb +1 -1
data/lib/kontena/cli/apps/start_command.rb +1 -1
data/lib/kontena/cli/apps/stop_command.rb +1 -1
data/lib/kontena/cli/apps/yaml/reader.rb +3 -13
data/lib/kontena/cli/apps/yaml/validator.rb +0 -4
data/lib/kontena/cli/apps/yaml/validator_v2.rb +1 -5
data/lib/kontena/cli/certificate/authorize_command.rb +1 -1
data/lib/kontena/cli/certificate/get_command.rb +1 -1
data/lib/kontena/cli/certificate/register_command.rb +1 -1
data/lib/kontena/cli/certificate_command.rb +1 -1
data/lib/kontena/cli/cloud/login_command.rb +128 -0
data/lib/kontena/cli/cloud/master/add_command.rb +54 -0
data/lib/kontena/cli/cloud/master/delete_command.rb +20 -0
data/lib/kontena/cli/cloud/master/list_command.rb +29 -0
data/lib/kontena/cli/cloud/master/show_command.rb +23 -0
data/lib/kontena/cli/cloud/master/update_command.rb +58 -0
data/lib/kontena/cli/cloud/master_command.rb +21 -0
data/lib/kontena/cli/cloud_command.rb +10 -0
data/lib/kontena/cli/common.rb +230 -88
data/lib/kontena/cli/config.rb +537 -0
data/lib/kontena/cli/container_command.rb +1 -1
data/lib/kontena/cli/containers/exec_command.rb +1 -1
data/lib/kontena/cli/containers/inspect_command.rb +1 -1
data/lib/kontena/cli/etcd/get_command.rb +1 -1
data/lib/kontena/cli/etcd/list_command.rb +1 -1
data/lib/kontena/cli/etcd/mkdir_command.rb +1 -1
data/lib/kontena/cli/etcd/remove_command.rb +1 -1
data/lib/kontena/cli/etcd/set_command.rb +1 -1
data/lib/kontena/cli/etcd_command.rb +1 -1
data/lib/kontena/cli/external_registries/add_command.rb +1 -1
data/lib/kontena/cli/external_registries/delete_command.rb +1 -1
data/lib/kontena/cli/external_registries/list_command.rb +1 -1
data/lib/kontena/cli/external_registries/remove_command.rb +1 -1
data/lib/kontena/cli/external_registry_command.rb +1 -1
data/lib/kontena/cli/grid_command.rb +1 -1
data/lib/kontena/cli/grids/audit_log_command.rb +6 -5
data/lib/kontena/cli/grids/cloud_config_command.rb +1 -1
data/lib/kontena/cli/grids/common.rb +1 -1
data/lib/kontena/cli/grids/create_command.rb +8 -4
data/lib/kontena/cli/grids/current_command.rb +1 -1
data/lib/kontena/cli/grids/env_command.rb +1 -1
data/lib/kontena/cli/grids/list_command.rb +35 -10
data/lib/kontena/cli/grids/logs_command.rb +1 -1
data/lib/kontena/cli/grids/remove_command.rb +2 -2
data/lib/kontena/cli/grids/show_command.rb +1 -1
data/lib/kontena/cli/grids/trusted_subnet_command.rb +1 -1
data/lib/kontena/cli/grids/trusted_subnets/add_command.rb +1 -1
data/lib/kontena/cli/grids/trusted_subnets/list_command.rb +1 -1
data/lib/kontena/cli/grids/trusted_subnets/remove_command.rb +1 -1
data/lib/kontena/cli/grids/update_command.rb +1 -1
data/lib/kontena/cli/grids/use_command.rb +11 -6
data/lib/kontena/cli/grids/user_command.rb +1 -1
data/lib/kontena/cli/grids/users/add_command.rb +1 -1
data/lib/kontena/cli/grids/users/list_command.rb +1 -1
data/lib/kontena/cli/grids/users/remove_command.rb +1 -1
data/lib/kontena/cli/localhost_web_server.rb +93 -0
data/lib/kontena/cli/login_command.rb +5 -118
data/lib/kontena/cli/logout_command.rb +33 -2
data/lib/kontena/cli/master/audit_log_command.rb +19 -0
data/lib/kontena/cli/master/config/export_command.rb +47 -0
data/lib/kontena/cli/master/config/get_command.rb +24 -0
data/lib/kontena/cli/master/config/import_command.rb +69 -0
data/lib/kontena/cli/master/config/set_command.rb +19 -0
data/lib/kontena/cli/master/config/unset_command.rb +20 -0
data/lib/kontena/cli/master/config_command.rb +24 -0
data/lib/kontena/cli/master/create_command.rb +76 -0
data/lib/kontena/cli/master/current_command.rb +10 -2
data/lib/kontena/cli/master/join_command.rb +20 -0
data/lib/kontena/cli/master/list_command.rb +4 -4
data/lib/kontena/cli/master/login_command.rb +274 -0
data/lib/kontena/cli/master/use_command.rb +8 -19
data/lib/kontena/cli/master/users/invite_command.rb +33 -6
data/lib/kontena/cli/master/users/list_command.rb +2 -2
data/lib/kontena/cli/master/users/remove_command.rb +1 -1
data/lib/kontena/cli/master/users/role_command.rb +1 -1
data/lib/kontena/cli/master/users/roles/add_command.rb +18 -16
data/lib/kontena/cli/master/users/roles/remove_command.rb +1 -1
data/lib/kontena/cli/master/users_command.rb +1 -1
data/lib/kontena/cli/master_command.rb +21 -1
data/lib/kontena/cli/node_command.rb +1 -1
data/lib/kontena/cli/nodes/label_command.rb +1 -1
data/lib/kontena/cli/nodes/labels/add_command.rb +1 -1
data/lib/kontena/cli/nodes/labels/remove_command.rb +1 -1
data/lib/kontena/cli/nodes/list_command.rb +1 -1
data/lib/kontena/cli/nodes/remove_command.rb +1 -1
data/lib/kontena/cli/nodes/show_command.rb +1 -1
data/lib/kontena/cli/nodes/ssh_command.rb +1 -1
data/lib/kontena/cli/nodes/update_command.rb +1 -1
data/lib/kontena/cli/plugin_command.rb +1 -1
data/lib/kontena/cli/plugins/install_command.rb +2 -2
data/lib/kontena/cli/plugins/list_command.rb +2 -2
data/lib/kontena/cli/plugins/search_command.rb +1 -1
data/lib/kontena/cli/plugins/uninstall_command.rb +2 -2
data/lib/kontena/cli/registry/create_command.rb +2 -4
data/lib/kontena/cli/registry/delete_command.rb +1 -1
data/lib/kontena/cli/registry/remove_command.rb +1 -1
data/lib/kontena/cli/registry_command.rb +1 -1
data/lib/kontena/cli/service_command.rb +1 -1
data/lib/kontena/cli/services/container_command.rb +1 -1
data/lib/kontena/cli/services/containers_command.rb +1 -1
data/lib/kontena/cli/services/create_command.rb +1 -1
data/lib/kontena/cli/services/delete_command.rb +1 -1
data/lib/kontena/cli/services/deploy_command.rb +1 -1
data/lib/kontena/cli/services/env_command.rb +1 -1
data/lib/kontena/cli/services/envs/add_command.rb +1 -1
data/lib/kontena/cli/services/envs/list_command.rb +1 -1
data/lib/kontena/cli/services/envs/remove_command.rb +1 -1
data/lib/kontena/cli/services/link_command.rb +1 -1
data/lib/kontena/cli/services/list_command.rb +1 -1
data/lib/kontena/cli/services/logs_command.rb +1 -1
data/lib/kontena/cli/services/monitor_command.rb +1 -1
data/lib/kontena/cli/services/remove_command.rb +1 -1
data/lib/kontena/cli/services/restart_command.rb +1 -1
data/lib/kontena/cli/services/scale_command.rb +1 -1
data/lib/kontena/cli/services/secret_command.rb +1 -1
data/lib/kontena/cli/services/secrets/link_command.rb +1 -1
data/lib/kontena/cli/services/secrets/unlink_command.rb +1 -1
data/lib/kontena/cli/services/services_helper.rb +6 -3
data/lib/kontena/cli/services/show_command.rb +1 -1
data/lib/kontena/cli/services/start_command.rb +1 -1
data/lib/kontena/cli/services/stats_command.rb +1 -1
data/lib/kontena/cli/services/stop_command.rb +1 -1
data/lib/kontena/cli/services/unlink_command.rb +1 -1
data/lib/kontena/cli/services/update_command.rb +1 -1
data/lib/kontena/cli/spinner.rb +122 -0
data/lib/kontena/cli/stack_command.rb +1 -1
data/lib/kontena/cli/stacks/create_command.rb +1 -1
data/lib/kontena/cli/stacks/deploy_command.rb +1 -1
data/lib/kontena/cli/stacks/list_command.rb +1 -1
data/lib/kontena/cli/stacks/remove_command.rb +1 -1
data/lib/kontena/cli/stacks/show_command.rb +1 -1
data/lib/kontena/cli/stacks/update_command.rb +1 -1
data/lib/kontena/cli/vault/list_command.rb +1 -1
data/lib/kontena/cli/vault/read_command.rb +1 -1
data/lib/kontena/cli/vault/remove_command.rb +1 -1
data/lib/kontena/cli/vault/update_command.rb +1 -1
data/lib/kontena/cli/vault/write_command.rb +1 -1
data/lib/kontena/cli/vault_command.rb +1 -1
data/lib/kontena/cli/version.rb +1 -1
data/lib/kontena/cli/version_command.rb +1 -1
data/lib/kontena/cli/vpn/config_command.rb +1 -1
data/lib/kontena/cli/vpn/create_command.rb +2 -4
data/lib/kontena/cli/vpn/delete_command.rb +1 -1
data/lib/kontena/cli/vpn/remove_command.rb +1 -1
data/lib/kontena/cli/vpn_command.rb +1 -1
data/lib/kontena/cli/whoami_command.rb +16 -13
data/lib/kontena/client.rb +410 -90
data/lib/kontena/command.rb +172 -0
data/lib/kontena/main_command.rb +7 -8
data/lib/kontena/presets/github_auth_provider.yml +11 -0
data/lib/kontena/presets/kontena_auth_provider.yml +11 -0
data/lib/kontena_cli.rb +51 -1
data/spec/kontena/cli/app/deploy_command_spec.rb +14 -44
data/spec/kontena/cli/app/scale_spec.rb +1 -1
data/spec/kontena/cli/app/yaml/reader_spec.rb +0 -48
data/spec/kontena/cli/common_spec.rb +63 -59
data/spec/kontena/cli/grids/use_command_spec.rb +43 -0
data/spec/kontena/cli/master/current_command_spec.rb +3 -24
data/spec/kontena/cli/master/use_command_spec.rb +2 -27
data/spec/kontena/cli/master/users/invite_command_spec.rb +4 -18
data/spec/kontena/cli/master/users/roles/add_command_spec.rb +2 -16
data/spec/kontena/cli/master/users/roles/remove_command_spec.rb +2 -13
data/spec/kontena/cli/services/restart_command_spec.rb +1 -1
data/spec/kontena/cli/services/update_command_spec.rb +5 -5
data/spec/kontena/client_spec.rb +104 -35
data/spec/kontena/config_spec.rb +65 -0
data/spec/spec_helper.rb +25 -3
data/spec/support/client_helpers.rb +10 -3
data/spec/support/requirements_helper.rb +32 -0
metadata +61 -48
data/lib/kontena/cli/register_command.rb +0 -23
data/lib/kontena/cli/user/forgot_password_command.rb +0 -16
data/lib/kontena/cli/user/reset_password_command.rb +0 -23
data/lib/kontena/cli/user/verify_command.rb +0 -20
data/lib/kontena/cli/user_command.rb +0 -13
data/spec/fixtures/kontena-malformed-yaml.yml +0 -6
data/spec/fixtures/kontena-not-hash-service-config.yml +0 -3
data/spec/kontena/cli/login_command_spec.rb +0 -32
data/spec/kontena/cli/register_command_spec.rb +0 -57

data/lib/kontena/cli/vault/list_command.rb CHANGED

@@ -1,5 +1,5 @@
 module Kontena::Cli::Vault
-  class ListCommand < Clamp::Command
+  class ListCommand < Kontena::Command
     include Kontena::Cli::Common
     include Kontena::Cli::GridOptions

data/lib/kontena/cli/vault/read_command.rb CHANGED

@@ -1,5 +1,5 @@
 module Kontena::Cli::Vault
-  class ReadCommand < Clamp::Command
+  class ReadCommand < Kontena::Command
     include Kontena::Cli::Common
     include Kontena::Cli::GridOptions

data/lib/kontena/cli/vault/remove_command.rb CHANGED

@@ -1,5 +1,5 @@
 module Kontena::Cli::Vault
-  class RemoveCommand < Clamp::Command
+  class RemoveCommand < Kontena::Command
     include Kontena::Cli::Common
     include Kontena::Cli::GridOptions

data/lib/kontena/cli/vault/update_command.rb CHANGED

@@ -1,5 +1,5 @@
 module Kontena::Cli::Vault
-  class UpdateCommand < Clamp::Command
+  class UpdateCommand < Kontena::Command
     include Kontena::Cli::Common
     parameter 'NAME', 'Secret name'

data/lib/kontena/cli/vault/write_command.rb CHANGED

@@ -1,5 +1,5 @@
 module Kontena::Cli::Vault
-  class WriteCommand < Clamp::Command
+  class WriteCommand < Kontena::Command
     include Kontena::Cli::Common
     include Kontena::Cli::GridOptions

data/lib/kontena/cli/vault_command.rb CHANGED

@@ -4,7 +4,7 @@ require_relative 'vault/read_command'
 require_relative 'vault/remove_command'
 require_relative 'vault/update_command'
-class Kontena::Cli::VaultCommand < Clamp::Command
+class Kontena::Cli::VaultCommand < Kontena::Command
   subcommand ["list", "ls"], "List secrets", Kontena::Cli::Vault::ListCommand
   subcommand "write", "Write a secret", Kontena::Cli::Vault::WriteCommand

data/lib/kontena/cli/version.rb CHANGED

@@ -1,5 +1,5 @@
 module Kontena
   module Cli
-    VERSION = File.read(File.realpath(File.join(__dir__, '../../../VERSION'))).strip
+    VERSION = File.read(File.realpath(File.join(__dir__, '../../../VERSION'))).strip unless const_defined?(:VERSION)
   end
 end

data/lib/kontena/cli/version_command.rb CHANGED

@@ -1,6 +1,6 @@
 require_relative 'version'
-class Kontena::Cli::VersionCommand < Clamp::Command
+class Kontena::Cli::VersionCommand < Kontena::Command
   include Kontena::Cli::Common
   def execute

data/lib/kontena/cli/vpn/config_command.rb CHANGED

@@ -1,5 +1,5 @@
 module Kontena::Cli::Vpn
-  class ConfigCommand < Clamp::Command
+  class ConfigCommand < Kontena::Command
     include Kontena::Cli::Common
     include Kontena::Cli::GridOptions

data/lib/kontena/cli/vpn/create_command.rb CHANGED

@@ -1,7 +1,5 @@
-require 'shell-spinner'
 module Kontena::Cli::Vpn
-  class CreateCommand < Clamp::Command
+  class CreateCommand < Kontena::Command
     include Kontena::Cli::Common
     include Kontena::Cli::GridOptions
@@ -36,7 +34,7 @@ module Kontena::Cli::Vpn
       }
       client(token).post("grids/#{current_grid}/services", data)
       client(token).post("services/#{current_grid}/vpn/deploy", {})
-      ShellSpinner "Deploying vpn service " do
+      spinner "Deploying vpn service " do
         sleep 1 until client(token).get("services/#{current_grid}/vpn")['state'] != 'deploying'
       end
       puts "OpenVPN service is now started (udp://#{vpn_ip}:1194)."

data/lib/kontena/cli/vpn/delete_command.rb CHANGED

@@ -1,5 +1,5 @@
 module Kontena::Cli::Vpn
-  class DeleteCommand < Clamp::Command
+  class DeleteCommand < Kontena::Command
     include Kontena::Cli::Common
     include Kontena::Cli::GridOptions

data/lib/kontena/cli/vpn/remove_command.rb CHANGED

@@ -1,5 +1,5 @@
 module Kontena::Cli::Vpn
-  class RemoveCommand < Clamp::Command
+  class RemoveCommand < Kontena::Command
     include Kontena::Cli::Common
     option "--force", :flag, "Force remove", default: false, attribute_name: :forced

data/lib/kontena/cli/vpn_command.rb CHANGED

@@ -3,7 +3,7 @@ require_relative 'vpn/config_command'
 require_relative 'vpn/remove_command'
 require_relative 'vpn/delete_command'
-class Kontena::Cli::VpnCommand < Clamp::Command
+class Kontena::Cli::VpnCommand < Kontena::Command
   subcommand "create", "Create VPN service", Kontena::Cli::Vpn::CreateCommand
   subcommand "config", "Show/Export VPN config", Kontena::Cli::Vpn::ConfigCommand

data/lib/kontena/cli/whoami_command.rb CHANGED

@@ -1,7 +1,8 @@
-class Kontena::Cli::WhoamiCommand < Clamp::Command
+class Kontena::Cli::WhoamiCommand < Kontena::Command
   include Kontena::Cli::Common
   option '--bash-completion-path', :flag, 'Show bash completion path', hidden: true
+  option '--token', :flag, 'Show current master token', hidden: true
   def execute
     if bash_completion_path?
@@ -9,26 +10,28 @@ class Kontena::Cli::WhoamiCommand < Clamp::Command
       exit 0
     end
+    if self.token?
+      if config.current_master && config.current_master.token
+        puts config.current_master.token.access_token
+        exit 0
+      else
+        exit 1
+      end
+    end
     require_api_url
     puts "Master: #{ENV['KONTENA_URL'] || self.current_master['name']}"
     puts "URL: #{ENV['KONTENA_URL'] || api_url}"
     puts "Grid: #{ENV['KONTENA_GRID'] || current_grid}"
     unless ENV['KONTENA_URL']
-      if current_master['email']
-        puts "User: #{current_master['email']}"
+      if current_master['username']
+        puts "User: #{current_master['username']}"
       else # In case local storage doesn't have the user email yet
         token = require_token
-        user = client(token).get('user')
+        user = client.get('user')
         puts "User: #{user['email']}"
-        master = {
-            'name' => current_master['name'],
-            'url' => current_master['url'],
-            'token' => current_master['token'],
-            'email' => user['email'],
-            'grid' => current_master['grid']
-        }
-        self.add_master(current_master['name'], master)
+        current_master['username'] = user['email']
+        config.write
       end
     end
   end

data/lib/kontena/client.rb CHANGED

@@ -1,63 +1,216 @@
 require 'json'
 require 'excon'
+require 'uri'
+require 'base64'
+require 'socket'
+require 'openssl'
+require 'uri'
 require_relative 'errors'
 require_relative 'cli/version'
+begin
+  require_relative 'cli/config'
+rescue LoadError
+end
 module Kontena
   class Client
-    attr_accessor :default_headers, :path_prefix
+    CLIENT_ID     = ENV['KONTENA_CLIENT_ID']     || '15faec8a7a9b4f1e8b7daebb1307f1d8'.freeze
+    CLIENT_SECRET = ENV['KONTENA_CLIENT_SECRET'] || 'fb8942ae00da4c7b8d5a1898effc742f'.freeze
+    CONTENT_URLENCODED = 'application/x-www-form-urlencoded'.freeze
+    CONTENT_JSON       = 'application/json'.freeze
+    JSON_REGEX         = /application\/(.+?\+)?json/.freeze
+    CONTENT_TYPE       = 'Content-Type'.freeze
+    ACCEPT             = 'Accept'.freeze
+    AUTHORIZATION      = 'Authorization'.freeze
+    attr_accessor :default_headers
+    attr_accessor :path_prefix
     attr_reader :http_client
+    attr_reader :last_response
+    attr_reader :options
+    attr_reader :token
+    attr_reader :logger
+    attr_reader :api_url
+    attr_reader :host
     # Initialize api client
     #
     # @param [String] api_url
-    # @param [Hash] default_headers
-    def initialize(api_url, default_headers = {})
+    # @param [Kontena::Cli::Config::Token,Hash] access_token
+    # @param [Hash] options
+    def initialize(api_url, token = nil, options = {})
+      @api_url, @token, @options = api_url, token, options
+      uri = URI.parse(@api_url)
+      @host = uri.host
+      @logger = Logger.new(STDOUT)
+      @logger.level = ENV["DEBUG"].nil? ? Logger::INFO : Logger::DEBUG
+      @logger.progname = 'CLIENT'
+      @options[:default_headers] ||= {}
       Excon.defaults[:ssl_verify_peer] = false if ignore_ssl_errors?
-      @http_client = Excon.new(api_url)
+      @http_client = Excon.new(api_url, omit_default_port: true)
       @default_headers = {
-        'Accept' => 'application/json',
-        'Content-Type' => 'application/json',
+        ACCEPT => CONTENT_JSON,
+        CONTENT_TYPE => CONTENT_JSON,
         'User-Agent' => "kontena-cli/#{Kontena::Cli::VERSION}"
-      }.merge(default_headers)
+      }.merge(options[:default_headers])
+      if token
+        if token.kind_of?(String)
+          @token = { 'access_token' => token }
+        else
+          @token = token
+        end
+        @default_headers.merge!('Authorization' => "Bearer #{@token['access_token']}")
+      end
       @api_url = api_url
-      @path_prefix = '/v1/'
+      @path_prefix = options[:prefix] || '/v1/'
     end
-    # Get request
+    # Generates a header hash for HTTP basic authentication.
+    # Defaults to using client_id and client_secret as user/pass
     #
-    # @param [String] path
-    # @param [Hash,NilClass] params
-    # @param [Hash] headers
-    # @return [Hash]
-    def get(path, params = nil, headers = {})
-      response = http_client.get(
-        path: request_uri(path),
-        query: params,
-        headers: request_headers(headers)
-      )
-      if response.status == 200
-        parse_response(response)
+    # @param [String] username
+    # @param [String] password
+    # @return [Hash] auth_header_hash
+    def basic_auth_header(user = nil, pass = nil)
+      user ||= client_id
+      pass ||= client_secret
+      {
+        AUTHORIZATION =>
+          "Basic #{Base64.encode64([user, pass].join(':')).gsub(/[\r\n]/, '')}"
+      }
+    end
+    # Generates a bearer token authentication header hash if a token object is
+    # available. Otherwise returns an empty hash.
+    #
+    # @return [Hash] authentication_header
+    def bearer_authorization_header
+      if token && token['access_token']
+        {AUTHORIZATION => "Bearer #{token['access_token']}"}
       else
-        handle_error_response(response)
+        {}
       end
     end
+    # OAuth2 client_id from ENV KONTENA_CLIENT_ID or client CLIENT_ID constant
+    #
+    # @return [String]
+    def client_id
+      ENV['KONTENA_CLIENT_ID'] || CLIENT_ID
+    end
+    # OAuth2 client_secret from ENV KONTENA_CLIENT_SECRET or client CLIENT_SECRET constant
+    #
+    # @return [String]
+    def client_secret
+      ENV['KONTENA_CLIENT_SECRET'] || CLIENT_SECRET
+    end
+    # Requests path supplied as argument and returns true if the request was a success.
+    # For checking if the current authentication is valid.
+    #
+    # @param [String] token_verify_path a path that requires authentication
+    # @return [Boolean]
+    def authentication_ok?(token_verify_path)
+      return false unless token
+      return false unless token['access_token']
+      return false unless token_verify_path
+      uri = URI.parse(token_verify_path)
+      host_options = {}
+      host_options[:host] = uri.host if uri.host
+      host_options[:port] = uri.port if uri.port
+      if uri.host
+        client = Kontena::Client.new("#{uri.scheme}://#{uri.host}:#{uri.port}", token)
+      else
+        client = self
+      end
+      final_path = uri.path.gsub(/\:access\_token/, token['access_token'])
+      logger.debug "Requesting user info from #{final_path} - #{host_options}"
+      client.request(path: final_path)
+      true
+    rescue
+      false
+    end
+    # Calls the code exchange endpoint in token's config to exchange an authorization_code
+    # to a access_token
+    def exchange_code(code)
+      return nil unless token_account
+      return nil unless token_account['token_endpoint']
+      uri = URI.parse(token_account['token_endpoint'])
+      host_options = {}
+      host_options[:host] = uri.host if uri.host
+      host_options[:port] = uri.port if uri.port
+      if uri.host
+        client = Kontena::Client.new("#{uri.scheme}://#{uri.host}:#{uri.port}")
+      else
+        client = self
+      end
+      client.request(
+        {
+          http_method: token_account['token_method'].downcase.to_sym,
+          path: uri.path,
+          headers: { CONTENT_TYPE => token_account['token_post_content_type'] },
+          body: {
+            'grant_type' => 'authorization_code',
+            'code' => code,
+            'client_id' => Kontena::Client::CLIENT_ID,
+            'client_secret' => Kontena::Client::CLIENT_SECRET
+          },
+          expects: [200,201],
+          auth: false
+        }
+      )
+    rescue
+      logger.debug "Code exchange exception: #{$!} #{$!.message}\n#{$!.backtrace}"
+      nil
+    end
+    # Return server version from a Kontena master by requesting '/'
+    #
+    # @return [String] version_string
+    def server_version
+      request(auth: false, expects: 200)['version']
+    rescue
+      logger.debug "Server version exception: #{$!} #{$!.message}"
+      nil
+    end
+    # OAuth2 client_id from ENV KONTENA_CLIENT_ID or client CLIENT_ID constant
+    #
+    # @return [String]
+    def client_id
+      ENV['KONTENA_CLIENT_ID'] || CLIENT_ID
+    end
+    # OAuth2 client_secret from ENV KONTENA_CLIENT_SECRET or client CLIENT_SECRET constant
+    #
+    # @return [String]
+    def client_secret
+      ENV['KONTENA_CLIENT_SECRET'] || CLIENT_SECRET
+    end
     # Get request
     #
     # @param [String] path
-    # @param [Lambda] response_block
     # @param [Hash,NilClass] params
     # @param [Hash] headers
-    def get_stream(path, response_block, params = nil, headers = {})
-      http_client.get(
-        read_timeout: 360,
-        path: request_uri(path),
-        query: params,
-        headers: request_headers(headers),
-        response_block: response_block
-      )
+    # @return [Hash]
+    def get(path, params = nil, headers = {}, auth = true)
+      request(path: path, query: params, headers: headers, auth: auth)
     end
     # Post request
@@ -67,21 +220,8 @@ module Kontena
     # @param [Hash] params
     # @param [Hash] headers
     # @return [Hash]
-    def post(path, obj, params = {}, headers = {})
-      request_headers = request_headers(headers)
-      request_options = {
-          path: request_uri(path),
-          headers: request_headers,
-          body: encode_body(obj, request_headers['Content-Type']),
-          query: params
-      }
-      response = http_client.post(request_options)
-      if [200, 201].include?(response.status)
-        parse_response(response)
-      else
-        handle_error_response(response)
-      end
+    def post(path, obj, params = {}, headers = {}, auth = true)
+      request(http_method: :post, path: path, body: obj, query: params, headers: headers, auth: auth)
     end
     # Put request
@@ -91,21 +231,19 @@ module Kontena
     # @param [Hash] params
     # @param [Hash] headers
     # @return [Hash]
-    def put(path, obj, params = {}, headers = {})
-      request_headers = request_headers(headers)
-      request_options = {
-          path: request_uri(path),
-          headers: request_headers,
-          body: encode_body(obj, request_headers['Content-Type']),
-          query: params
-      }
+    def put(path, obj, params = {}, headers = {}, auth = true)
+      request(http_method: :put, path: path, body: obj, query: params, headers: headers, auth: auth)
+    end
-      response = http_client.put(request_options)
-      if [200, 201].include?(response.status)
-        parse_response(response)
-      else
-        handle_error_response(response)
-      end
+    # Patch request
+    #
+    # @param [String] path
+    # @param [Object] obj
+    # @param [Hash] params
+    # @param [Hash] headers
+    # @return [Hash]
+    def patch(path, obj, params = {}, headers = {}, auth = true)
+      request(http_method: :patch, path: path, body: obj, query: params, headers: headers, auth: auth)
     end
     # Delete request
@@ -115,25 +253,188 @@ module Kontena
     # @param [Hash] params
     # @param [Hash] headers
     # @return [Hash]
-    def delete(path, body = nil, params = {}, headers = {})
-      request_headers = request_headers(headers)
+    def delete(path, body = nil, params = {}, headers = {}, auth = true)
+      request(http_method: :delete, path: path, body: body, query: params, headers: headers, auth: auth)
+    end
+    # Get stream request
+    #
+    # @param [String] path
+    # @param [Lambda] response_block
+    # @param [Hash,NilClass] params
+    # @param [Hash] headers
+    def get_stream(path, response_block, params = nil, headers = {}, auth = true)
+      request(path: path, query: params, headers: headers, response_block: response_block, auth: auth)
+    end
+    def token_expired?
+      return false unless token
+      if token.respond_to?(:expired?)
+        token.expired?
+      elsif token['expires_at'].to_i > 0
+        token['expires_at'].to_i < Time.now.utc.to_i
+      else
+        false
+      end
+    end
+    # Perform a HTTP request. Will try to refresh the access token and retry if it's
+    # expired or if the server responds with HTTP 401.
+    #
+    # Automatically parses a JSON response into a hash.
+    #
+    # After the request has been performed, the response can be inspected using
+    # client.last_response.
+    #
+    # @param http_method [Symbol] :get, :post, etc
+    # @param path [String] if it starts with / then prefix won't be used.
+    # @param body [Hash, String] will be encoded using #encode_body
+    # @param query [Hash] url query parameters
+    # @param headers [Hash] extra headers for request.
+    # @param response_block [Proc] for streaming requests, must respond to #call
+    # @param expects [Array] raises unless response status code matches this list.
+    # @param auth [Boolean] use token authentication default = true
+    # @return [Hash, String] response parsed response object
+    def request(http_method: :get, path:'/', body: nil, query: {}, headers: {}, response_block: nil, expects: [200, 201], host: nil, port: nil, auth: true)
+      retried ||= false
+      if auth && token_expired?
+        raise Excon::Errors::Unauthorized, "Token expired or not valid, you need to login again, use: kontena #{token_is_for_master? ? "master auth" : "auth"}"
+      end
+      request_headers = request_headers(headers, auth)
+      body_content = body.nil? ? '' : encode_body(body, request_headers[CONTENT_TYPE])
+      request_headers.merge!('Content-Length' => body_content.bytesize)
+      host_options = {}
+      host_options[:host] = host if host
+      host_options[:port] = port if port
       request_options = {
-          path: request_uri(path),
+          method: http_method,
+          expects: Array(expects),
+          path: path.start_with?('/') ? path : request_uri(path),
           headers: request_headers,
-          body: encode_body(body, request_headers['Content-Type']),
-          query: params
+          body: body_content,
+          query: query
+      }.merge(host_options)
+      request_options.merge!(response_block: response_block) if response_block
+      # Store the response into client.last_response
+      @last_response = http_client.request(request_options)
+      parse_response
+    rescue Excon::Errors::Unauthorized
+      if token && token_is_for_master?
+        logger.debug 'Server reports access token expired'
+        if retried || !token || !token['refresh_token']
+          raise Kontena::Errors::StandardError.new(401, 'The access token has expired and needs to be refreshed')
+        end
+        retried = true
+        retry if refresh_token
+      end
+      raise Kontena::Errors::StandardError.new(401, 'Unauthorized')
+    rescue Excon::Errors::NotFound
+      raise Kontena::Errors::StandardError.new(404, 'Not found')
+    rescue Excon::Errors::Forbidden
+      raise Kontena::Errors::StandardError.new(403, 'Access denied')
+    rescue
+      logger.debug "Request exception: #{$!} - #{$!.message}\n#{$!.backtrace.join("\n")}"
+      handle_error_response
+    end
+    # Build a token refresh request param hash
+    #
+    # @return [Hash]
+    def refresh_request_params
+      {
+        refresh_token: token['refresh_token'],
+        grant_type: 'refresh_token',
+        client_id: client_id,
+        client_secret: client_secret
       }
-      response = http_client.delete(request_options)
-      if response.status == 200
-        parse_response(response)
+    end
+    # Accessor to token's account settings
+    def token_account
+      return {} unless token
+      if token.respond_to?(:account)
+        token.account
+      elsif token.kind_of?(Hash) && token['account'].kind_of?(String)
+        config.find_account(token['account'])
       else
-        handle_error_response(response)
+        {}
       end
+    rescue
+      logger.debug "Access token refresh exception: #{$!} - #{$!.message} #{$!.backtrace}"
+      false
+    end
+    # Perform refresh token request to auth provider.
+    # Updates the client's Token object and writes changes to
+    # configuration.
+    #
+    # @param [Boolean] use_basic_auth? When true, use basic auth authentication header
+    # @return [Boolean] success?
+    def refresh_token
+      logger.debug "Performing token refresh"
+      return false if token.nil?
+      return false if token['refresh_token'].nil?
+      uri = URI.parse(token_account['token_endpoint'])
+      endpoint_data = { path: uri.path }
+      endpoint_data[:host] = uri.host if uri.host
+      endpoint_data[:port] = uri.port if uri.port
+      logger.debug "Token refresh endpoint: #{endpoint_data.inspect}"
+      return false unless endpoint_data[:path]
+      response = request(
+        {
+          http_method: token_account['token_method'].downcase.to_sym,
+          body: refresh_request_params,
+          headers: {
+            CONTENT_TYPE => token_account['token_post_content_type']
+          }.merge(
+            token_account['code_requires_basic_auth'] ? basic_auth_header : {}
+          ),
+          expects: [200, 201, 400, 401, 403],
+          auth: false
+        }.merge(endpoint_data)
+      )
+      if response && response['access_token']
+        logger.debug "Got response to refresh request"
+        token['access_token']  = response['access_token']
+        token['refresh_token'] = response['refresh_token']
+        token['expires_at'] = in_to_at(response['expires_in'])
+        token.config.write if token.respond_to?(:config)
+        true
+      else
+        logger.debug "Got null or bad response to refresh request: #{last_response.inspect}"
+        false
+      end
+    rescue
+      logger.debug "Access token refresh exception: #{$!} - #{$!.message} #{$!.backtrace}"
+      false
     end
     private
-    ##
+    # Returns true if the token object belongs to a master
+    #
+    # @return [Boolean]
+    def token_is_for_master?
+      token_account['name'] == 'master'
+    end
     # Get full request uri
     #
     # @param [String] path
@@ -142,51 +443,61 @@ module Kontena
       "#{path_prefix}#{path}"
     end
     ##
-    # Get request headers
+    # Build request headers. Removes empty headers.
+    # @example
+    #   request_headers('Authorization' => nil)
     #
     # @param [Hash] headers
     # @return [Hash]
-    def request_headers(headers = {})
-      @default_headers.merge(headers)
+    def request_headers(headers = {}, auth = true)
+      headers = default_headers.merge(headers)
+      headers.merge!(bearer_authorization_header) if auth
+      headers.reject{|_,v| v.nil? || (v.respond_to?(:empty?) && v.empty?)}
     end
     ##
-    # Encode body based on content type
+    # Encode body based on content type.
     #
     # @param [Object] body
     # @param [String] content_type
+    # @return [String] encoded_content
     def encode_body(body, content_type)
-      if content_type == 'application/json'
+      if content_type =~ JSON_REGEX # vnd.api+json should pass as json
         dump_json(body)
+      elsif content_type == CONTENT_URLENCODED && body.kind_of?(Hash)
+        URI.encode_www_form(body)
       else
         body
       end
     end
     ##
-    # Parse response
+    # Parse response. If the respons is JSON, returns a Hash representation.
+    # Otherwise returns the raw body.
     #
     # @param [HTTP::Message]
-    # @return [Object]
-    def parse_response(response)
-      if response.headers['Content-Type'].include?('application/json')
-        parse_json(response.body)
+    # @return [Hash,String]
+    def parse_response
+      if last_response.headers[CONTENT_TYPE] =~ JSON_REGEX
+        parse_json(last_response.body)
       else
-        response.body
+        last_response.body
       end
     end
-    ##
     # Parse json
     #
     # @param [String] json
     # @return [Hash,Object,NilClass]
     def parse_json(json)
-      JSON.parse(json) rescue nil
+      JSON.parse(json)
+    rescue
+      logger.debug "JSON parse exception: #{$!} : #{$!.message}"
+      nil
     end
-    ##
     # Dump json
     #
     # @param [Object] obj
@@ -197,16 +508,25 @@ module Kontena
     # @return [Boolean]
     def ignore_ssl_errors?
-      ENV['SSL_IGNORE_ERRORS'] == 'true'
+      ENV['SSL_IGNORE_ERRORS'] == 'true' || options[:ignore_ssl_errors]
     end
     # @param [Excon::Response] response
-    def handle_error_response(response)
-      message = response.body
-      if response.status == 404 && message == ''
-        message = 'Not found'
+    def handle_error_response
+      raise $!, $!.message unless last_response
+      raise Kontena::Errors::StandardError.new(last_response.status, last_response.body)
+    end
+    # Convert expires_in into expires_at
+    #
+    # @param [Fixnum] seconds_till_expiration
+    # @return [Fixnum] expires_at_unix_timestamp
+    def in_to_at(expires_in)
+      if expires_in.to_i < 1
+        0
+      else
+        Time.now.utc.to_i + expires_in.to_i
       end
-      raise Kontena::Errors::StandardError.new(response.status, message)
     end
   end
 end