kontena-cli 1.4.0 → 1.4.1.pre1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: b07b1fcdc1957709dee6b0f6d99a4d4d7043c1bc
-  data.tar.gz: 914ea52f2f68ac31c30532f8c76892fee8e84ff4
+SHA256:
+  metadata.gz: b214db2a1e9aa6a1bcdc8987786facfac926a094bc617ae1ed2786c90e206c2e
+  data.tar.gz: bd38e299c9bad45f7d54990e761036a33a3608ca067166fa2991583c1cc0ef5e
 SHA512:
-  metadata.gz: '03778cee2db71334f25d7f46bb88058bc718d66468e36b94576de486092baf32fa077ccd238f2f4664474bf33a2cd47e7778b280760061fc764a647ec4e81233'
-  data.tar.gz: 82b5e132ce92dae422b2b97fc81c355f64c3951f20331d1fd6c6094bf1209b6b98bb8568ea68aa6a67e230fc29aec6c047239f43b88d480da6cc734d9ef1def7
+  metadata.gz: 13ee888f1151a74792b424fc796b89d5d2ff2319635bc4801bd11017227698f861cd16c2ba087330689a3ebc107fa2432364f08948f6cd55947f77a5977634f2
+  data.tar.gz: 70471db05d252ea9e9bc01be0a07513f83ae840342a619f4fe69cea5292f1cac5fc7bbc6df9465577a66700d0dc97ce8ef3dc101bdff42d951bafaac5b0e1fce

data/VERSION

@@ -1 +1 @@
-1.4.0
+1.4.1.pre1

data/bin/kontena

@@ -12,7 +12,8 @@ if ARGV[0] == 'complete'
   ARGV.delete_at(0)
   require 'kontena/scripts/completer'
 else
-  ENV['DEBUG'] ||= "true" if ARGV.any? { |arg| arg == '-D' || arg == '--debug'}
+  ENV['DEBUG'] = "true" if ARGV.any? { |arg| arg == '-D' || arg == '--debug'}
+  ENV['DEBUG'] = "false" if ARGV.any? { |arg| arg == '--no-debug' }
   require 'kontena_cli'
   Kontena::PluginManager.init unless ENV['NO_PLUGINS']
   Kontena::MainCommand.run

data/kontena-cli.gemspec

@@ -32,6 +32,6 @@ Gem::Specification.new do |spec|
   spec.add_runtime_dependency "opto", "1.8.7"
   spec.add_runtime_dependency "semantic", "~> 1.5"
   spec.add_runtime_dependency "liquid", "~> 4.0.0"
-  spec.add_runtime_dependency "tty-table", "~> 0.8.0"
+  spec.add_runtime_dependency "tty-table", "~> 0.9.0"
   spec.add_runtime_dependency "kontena-websocket-client", "~> 0.1.1"
 end

data/lib/kontena/cli/certificate/common.rb

@@ -0,0 +1,16 @@
+module Kontena::Cli::Certificate
+  module Common
+    def show_certificate(cert)
+      puts "#{cert['id']}:"
+      puts "  subject: #{cert['subject']}"
+      puts "  valid until: #{Time.parse(cert['valid_until']).utc.strftime("%FT%TZ")}"
+      if cert['alt_names'] && !cert['alt_names'].empty?
+        puts "  alt names:"
+        cert['alt_names'].each do |alt_name|
+          puts "    - #{alt_name}"
+        end
+      end
+      puts "  auto renewable: #{cert['auto_renewable']}"
+    end
+  end
+end

data/lib/kontena/cli/certificate/export_command.rb

@@ -0,0 +1,28 @@
+module Kontena::Cli::Certificate
+  class ExportCommand < Kontena::Command
+    include Kontena::Cli::Common
+    include Kontena::Cli::GridOptions
+
+    parameter "SUBJECT", "Certificate subject"
+
+    requires_current_master
+    requires_current_master_token
+    requires_current_grid
+
+    option ['--certificate', '--cert'], :flag, "Output certificate"
+    option ['--chain'], :flag, "Output chain"
+    option ['--private-key', '--key'], :flag, "Output private key"
+
+    def bundle?
+      ![certificate?, chain?, private_key?].any?
+    end
+
+    def execute
+      certificate = client.get("certificates/#{current_grid}/#{self.subject}/export")
+
+      puts certificate['certificate'] if certificate? || bundle?
+      puts certificate['chain'] if chain? || bundle?
+      puts certificate['private_key'] if private_key? || bundle?
+    end
+  end
+end

data/lib/kontena/cli/certificate/import_command.rb

@@ -0,0 +1,61 @@
+require 'openssl'
+require_relative './common'
+
+module Kontena::Cli::Certificate
+  class ImportCommand < Kontena::Command
+    include Kontena::Cli::Common
+    include Kontena::Cli::GridOptions
+    include Common
+
+    # @raise [ArgumentError]
+    def open_file(path)
+      File.open(path)
+    rescue Errno::ENOENT
+      raise ArgumentError, "File not found: #{path}"
+    end
+
+    parameter 'CERT_FILE', "Path to PEM-encoded X.509 certificate file" do |path|
+      open_file(path)
+    end
+    option '--subject', 'SUBJECT', "Import cert specific subject"
+    option ['--private-key', '--key'], 'KEY_FILE', "Path to private key file", :required => true, :attribute_name => :key_file do |path|
+      open_file(path)
+    end
+    option ['--chain'], 'CHAIN_FILE', "Path to CA cert chain file", :multivalued => true, :attribute_name => :chain_file_list do |path|
+      open_file(path)
+    end
+
+    requires_current_master
+    requires_current_master_token
+    requires_current_grid
+
+    def load_certificate
+      OpenSSL::X509::Certificate.new(self.cert_file)
+    rescue OpenSSL::OpenSSLError => exc
+      exit_with_error "Invalid certificate at #{self.cert_file.path}: #{exc.class}: #{exc.message}"
+    end
+
+    def certificate_subject(cert)
+      cert.subject.to_a.each do |name, data|
+        return data if name == 'CN'
+      end
+
+      exit_with_error "No CN in certificate subject: #{cert.subject}"
+    end
+
+    def execute
+      cert = load_certificate
+      subject = self.subject || self.certificate_subject(cert)
+
+      certificate = spinner "Importing certificate from #{cert_file.path}..." do
+        client.put("certificates/#{current_grid}/#{subject}",
+          certificate: cert.to_pem,
+          private_key: self.key_file.read(),
+          chain: chain_file_list.map{|chain_file| chain_file.read() },
+        )
+      end
+
+      show_certificate(certificate)
+    end
+  end
+end

data/lib/kontena/cli/certificate/show_command.rb

@@ -1,9 +1,11 @@
 require_relative '../services/services_helper'
+require_relative './common'
 
 module Kontena::Cli::Certificate
   class ShowCommand < Kontena::Command
     include Kontena::Cli::Common
     include Kontena::Cli::GridOptions
+    include Common
 
     parameter "SUBJECT", "Certificate subject"
 
@@ -12,8 +14,9 @@ module Kontena::Cli::Certificate
     requires_current_grid
 
     def execute
-      certificate = client.get("certificates/#{current_grid}/#{self.subject}")
-      puts YAML.dump(certificate)
+      cert = client.get("certificates/#{current_grid}/#{self.subject}")
+
+      show_certificate(cert)
     end
   end
 end

data/lib/kontena/cli/certificate_command.rb

@@ -3,13 +3,15 @@ class Kontena::Cli::CertificateCommand < Kontena::Command
 
   subcommand ["list", "ls"], "List certificates", load_subcommand('certificate/list_command')
   subcommand "show", "Show certificate details", load_subcommand('certificate/show_command')
+  subcommand "export", "Export certificate to file", load_subcommand('certificate/export_command')
   subcommand "register", "Register to LetsEncrypt", load_subcommand('certificate/register_command')
   subcommand "authorize", "Create DNS authorization for domain", load_subcommand('certificate/authorize_command')
   subcommand "request", "Request certificate for domain", load_subcommand('certificate/request_command')
   subcommand "get", "Get certificate for domain", load_subcommand('certificate/get_command')
+  subcommand "import", "Import certificate from file", load_subcommand('certificate/import_command')
   subcommand ["remove", "rm"], "Remove certificate for domain", load_subcommand('certificate/remove_command')
 
 
   def execute
   end
-end
+end

data/lib/kontena/cli/common.rb

@@ -40,6 +40,10 @@ module Kontena
         Kontena::Cli::Config.instance
       end
 
+      def debug?
+        Kontena.debug?
+      end
+
       # Read from STDIN. If stdin is a console, use prompt to ask.
       # @param [String] message
       # @param [Symbol] mode (prompt method: :ask, :multiline, etc)
@@ -100,7 +104,7 @@ module Kontena
       def vputs(msg = nil)
         if running_verbose?
           puts msg
-        elsif ENV["DEBUG"] && msg
+        elsif debug? && msg
           logger.debug msg
         end
       end

data/lib/kontena/cli/config.rb

@@ -53,21 +53,39 @@ module Kontena
 
       # Craft a regular looking configuration based on ENV variables
       def load_settings_from_env
+        load_cloud_settings_from_env
+        load_master_settings_from_env
+      end
+
+      def load_master_settings_from_env
         return nil unless ENV['KONTENA_URL']
-        debug { 'Loading configuration from ENV' }
+
+        debug { 'Loading master configuration from ENV' }
         servers << Server.new(
           url: ENV['KONTENA_URL'],
           name: 'default',
-          token: Token.new(access_token: ENV['KONTENA_TOKEN'], parent_type: :master, parent_name: 'default'),
+          token: Token.new(
+            access_token: ENV['KONTENA_TOKEN'],
+            parent_type: :master, parent_name: 'default'
+          ),
           grid: ENV['KONTENA_GRID'],
           parent_type: :master,
           parent_name: 'default'
         )
-        accounts << Account.new(kontena_account_data.merge(
-          token: Token.new(access_token: ENV['KONTENA_CLOUD_TOKEN'], parent_type: :account, parent_name: 'default')
-        ))
 
         self.current_master  = 'default'
+      end
+
+      def load_cloud_settings_from_env
+        return unless ENV['KONTENA_CLOUD_TOKEN']
+
+        debug { 'Loading cloud configuration from ENV' }
+        accounts << Account.new(kontena_account_data.merge(
+          token: Token.new(
+            access_token: ENV['KONTENA_CLOUD_TOKEN'],
+            parent_type: :account, parent_name: 'default'
+          )
+        ))
         self.current_account = 'kontena'
       end
 

data/lib/kontena/cli/external_registries/add_command.rb

@@ -14,6 +14,8 @@ module Kontena::Cli::ExternalRegistries
       require_current_grid
       token = require_token
 
+      self.url = "https://#{self.url}" unless self.url.start_with?('http')
+
       data = { username: username, password: password, email: email, url: url }
       spinner "Adding #{url.colorize(:cyan)} to external registries " do
         client(token).post("grids/#{current_grid}/external_registries", data)

data/lib/kontena/cli/external_registries/list_command.rb

@@ -9,7 +9,7 @@ module Kontena::Cli::ExternalRegistries
     requires_current_grid
 
     def fields
-      quiet? ? %(name) : %w(name username email)
+      quiet? ? %w(name) : %w(name username email)
     end
 
     def external_registries

data/lib/kontena/cli/helpers/exec_helper.rb

@@ -6,7 +6,7 @@ module Kontena::Cli::Helpers
 
     websocket_log_level = if ENV["DEBUG"] == 'websocket'
       Logger::DEBUG
-    elsif ENV["DEBUG"]
+    elsif Kontena.debug?
       Logger::INFO
     else
       Logger::WARN
@@ -27,7 +27,7 @@ module Kontena::Cli::Helpers
     # @param tty [Boolean] read stdin in raw mode, sending tty escapes for remote pty
     # @raise [ArgumentError] not a tty
     # @yield [data]
-    # @yieldparam data [String] data from stdin
+    # @yieldparam data [String] unicode data from stdin
     # @raise [ArgumentError] not a tty
     # @return EOF on stdin (!tty)
     def read_stdin(tty: nil)
@@ -38,11 +38,18 @@ module Kontena::Cli::Helpers
           # we do not expect EOF on a TTY, ^D sends a tty escape to close the pty instead
           loop do
             # raises EOFError, SyscallError or IOError
-            yield io.readpartial(1024)
+            chunk = io.readpartial(1024)
+
+            # STDIN.raw does not use the ruby external_encoding, it returns binary strings (ASCII-8BIT encoding)
+            # however, we use websocket text frames with JSON, which expects unicode strings encodable as UTF-8, and does not handle arbitrary binary data
+            # assume all stdin input is using ruby's external_encoding... the JSON.dump will fail if not.
+            chunk.force_encoding(Encoding.default_external)
+
+            yield chunk
           end
         }
       else
-        # line-buffered
+        # line-buffered, using the default external_encoding (probably UTF-8)
         while line = STDIN.gets
           yield line
         end
@@ -106,6 +113,7 @@ module Kontena::Cli::Helpers
             })
           end
           read_stdin(tty: tty) do |stdin|
+            logger.debug "websocket exec stdin with encoding=#{stdin.encoding}: #{stdin.inspect}"
             websocket_exec_write(ws, 'stdin' => stdin)
           end
           websocket_exec_write(ws, 'stdin' => nil) # EOF

data/lib/kontena/cli/master/config/import_command.rb

@@ -40,7 +40,7 @@ module Kontena::Cli::Master::Config
         require 'json'
         JSON.parse(data)
       when 'yaml', 'yml'
-        YAML.safe_load(data)
+        ::YAML.safe_load(data, [], [], true)
       else
         exit_with_error "Unknown input format '#{self.format}'"
       end

data/lib/kontena/cli/master/login_command.rb

@@ -159,7 +159,7 @@ module Kontena::Cli::Master
         elsif response.kind_of?(String) && response.length > 1
           exit_with_error response
         else
-          exit_with_error "Invalid response to authentication request : HTTP#{client.last_response.status} #{client.last_response.body if ENV["DEBUG"]}"
+          exit_with_error "Invalid response to authentication request : HTTP#{client.last_response.status} #{client.last_response.body if debug?}"
         end
       end
     end

data/lib/kontena/cli/stacks/common.rb

@@ -95,7 +95,7 @@ module Kontena::Cli::Stacks
         where.prepend InstanceMethods
 
         where.option '--values-from', '[FILE]', 'Read variable values from a YAML file', multivalued: true do |filename|
-          values_from_file.merge!(::YAML.safe_load(File.read(filename)))
+          values_from_file.merge!(::YAML.safe_load(File.read(filename), [], [], true, filename))
           filename
         end
 
@@ -110,6 +110,7 @@ module Kontena::Cli::Stacks
         where.option '-v', "VARIABLE=VALUE", "Set stack variable values, example: -v domain=example.com. Can be used multiple times.", multivalued: true, attribute_name: :var_option do |var_pair|
           var_name, var_value = var_pair.split('=', 2)
           values_from_value_options.merge!(::YAML.safe_load(::YAML.dump(var_name => var_value)))
+          var_pair
         end
       end
 

data/lib/kontena/cli/stacks/registry/show_command.rb

@@ -15,7 +15,7 @@ module Kontena::Cli::Stacks::Registry
     def execute
       require 'semantic'
       unless versions?
-        stack = ::YAML.safe_load(stacks_client.show(stack_name.stack_name, stack_name.version))
+        stack = ::YAML.safe_load(stacks_client.show(stack_name.stack_name, stack_name.version), [], [], true)
         puts "#{stack['stack']}:"
         puts "  #{"latest_" unless stack_name.version}version: #{stack['version']}"
         puts "  expose: #{stack['expose'] || '-'}"

data/lib/kontena/cli/stacks/service_generator.rb

@@ -69,6 +69,7 @@ module Kontena::Cli::Stacks
       data['stop_signal'] = options['stop_signal'] if options['stop_signal']
       data['stop_grace_period'] = options['stop_grace_period'] if options['stop_grace_period']
       data['read_only'] = options['read_only'] || false
+      data['entrypoint'] = options['entrypoint'] if options['entrypoint']
       data
     end
 

data/lib/kontena/cli/stacks/yaml/opto.rb

@@ -12,4 +12,5 @@ require_relative 'opto/vault_resolver'
 require_relative 'opto/prompt_resolver'
 require_relative 'opto/service_instances_resolver'
 require_relative 'opto/vault_cert_prompt_resolver'
+require_relative 'opto/certificates_resolver'
 require_relative 'opto/service_link_resolver'

data/lib/kontena/cli/stacks/yaml/opto/certificates_resolver.rb

@@ -0,0 +1,37 @@
+module Kontena::Cli::Stacks::YAML::Opto::Resolvers
+  class Certificates < ::Opto::Resolver
+    include Kontena::Cli::Common
+
+    def resolve
+      return nil unless current_master && current_grid
+      message = hint || 'Select SSL certificates'
+      certificates = get_certificates
+      if certificates.size > 0
+        prompt.multi_select(message) do |menu|
+          menu.default(*default_indexes(certificates)) if option.default
+          certificates.each do |s|
+            menu.choice s['subject']
+          end
+        end
+      end
+    end
+
+    # @return [Array<Hash>] certificates
+    def get_certificates
+      client.get("grids/#{current_grid}/certificates")['certificates']
+    rescue
+      []
+    end
+
+    # @param certificates [Array<Hash>]
+    # @return [Array<Integer>]
+    def default_indexes(certificates)
+      indexes = []
+      option.default.to_a.each do |subject|
+        index = certificates.index { |s| s['subject'] == subject }
+        indexes << index.to_i + 1 if index
+      end
+      indexes
+    end
+  end
+end

data/lib/kontena/cli/stacks/yaml/opto/vault_cert_prompt_resolver.rb

@@ -9,7 +9,7 @@ module Kontena::Cli::Stacks::YAML::Opto::Resolvers
         s['name'].match(/(ssl|cert)/i)
       }
       if secrets.size > 0
-        prompt.multi_select(hint) do |menu|
+        prompt.multi_select(message) do |menu|
           menu.default(*default_indexes(secrets)) if option.default
           secrets.each do |s|
             menu.choice s['name']

data/lib/kontena/cli/stacks/yaml/reader.rb

@@ -83,7 +83,7 @@ module Kontena::Cli::Stacks
               substitutions: default_envs,
               warnings: false
             )
-          )
+          ), [], [], true, file
         )
       rescue Psych::SyntaxError => ex
         raise ex, "Error while parsing #{file} : #{ex.message}"
@@ -104,7 +104,7 @@ module Kontena::Cli::Stacks
               use_opto: true,
               raise_on_unknown: true
             )
-          )
+          ), [], [], true, file
         )
       rescue Psych::SyntaxError => ex
         raise ex, "Error while parsing #{file} : #{ex.message}"
@@ -350,6 +350,9 @@ module Kontena::Cli::Stacks
 
       def from_external_file(filename, service_name)
         external_reader = FileLoader.new(filename, loader).reader
+        variables.to_a(with_value: true).each do |var|
+          external_reader.variables.build_option(var)
+        end
         outcome = external_reader.execute(service_name)
         errors.concat external_reader.errors unless external_reader.errors.empty? || errors.include?(external_reader.errors)
         notifications.concat external_reader.notifications unless external_reader.notifications.empty? || notifications.include?(external_reader.notifications)