krates 1.6.0

data/lib/kontena/cli/vault/import_command.rb

@@ -0,0 +1,75 @@
+module Kontena::Cli::Vault
+  class ImportCommand < Kontena::Command
+    include Kontena::Cli::Common
+    include Kontena::Cli::GridOptions
+
+    banner "Imports secrets to Vault from a YAML file. Secrets with a null value will be deleted from Vault."
+
+    option "--force", :flag, "Force import", default: false, attribute_name: :forced
+    option '--json', :flag, "Input JSON instead of YAML"
+    option '--skip-null', :flag, "Do not remove keys with null values"
+    option '--empty-is-null', :flag, "Treat empty values as null"
+
+    parameter '[PATH]', "Input from file in PATH (default: STDIN)"
+
+    requires_current_master
+
+    def parsed_input
+      require "json"
+      json? ? JSON.load(input) : YAML.safe_load(input, [], [], true, path)
+    end
+
+    def input
+      path ? File.read(path) : stdin_input("Enter secrets YAML", :multiline)
+    end
+
+    def execute
+      require_current_grid
+
+      updates = []
+      deletes = []
+
+      parsed_input.map do |k,v|
+        case v
+        when String, Numeric, TrueClass, FalseClass
+          if empty_is_null? && v.to_s.empty?
+            deletes << k.to_s
+          else
+            updates << [k.to_s, v.to_s]
+          end
+        when NilClass
+          deletes << k.to_s
+        else
+          exit_with_error "Invalid value type #{v.class} for #{k}."
+        end
+      end
+
+      if updates.empty? && deletes.empty?
+        exit_with_error "No secrets loaded"
+      end
+
+      unless forced?
+        puts "About to.."
+        puts "  * #{Kontena.pastel.yellow("IMPORT")} #{updates.size} secret#{"s" if updates.size > 1}" unless updates.empty?
+        puts "  * #{Kontena.pastel.red("DELETE")} #{deletes.size} secret#{"s" if deletes.size > 1}" unless deletes.empty?
+        confirm
+      end
+
+      unless updates.empty?
+        spinner "Updating #{updates.size} secrets" do |spin|
+          updates.each do |key_value_pair|
+            spin.fail! unless Kontena.run(['vault', 'update', '--upsert', '--silent'] + key_value_pair)
+          end
+        end
+      end
+
+      unless deletes.empty? || skip_null?
+        spinner "Deleting #{deletes.size} secrets" do |spin|
+          deletes.map(&:shellescape).each do |key_to_delete|
+            spin.fail! unless Kontena.run(['vault', 'rm', '--silent', '--force', key_to_delete])
+          end
+        end
+      end
+    end
+  end
+end

data/lib/kontena/cli/vault/list_command.rb

@@ -0,0 +1,37 @@
+module Kontena::Cli::Vault
+  class ListCommand < Kontena::Command
+    include Kontena::Util
+    include Kontena::Cli::Common
+    include Kontena::Cli::GridOptions
+    include Kontena::Cli::TableGenerator::Helper
+
+    option '--return', :flag, "Return the keys", hidden: true
+    option ['--[no-]long', '-l'], :flag, "Show full dates", default: !$stdout.tty?
+
+    requires_current_master
+    requires_current_master_token
+    requires_current_grid
+
+    def secrets
+      client.get("grids/#{current_grid}/secrets")['secrets'].sort_by { |s| s['name'] }
+    end
+
+    def fields
+      return['name'] if quiet?
+      %w(name created_at updated_at)
+    end
+
+    def execute
+      return secrets.map { |s| s['name'] } if return?
+      print_table(secrets) do |row|
+        next if quiet? || long?
+        row['updated_at'] = updated?(row) ? pastel.blue('never') : time_ago(row['updated_at'])
+        row['created_at'] = time_ago(row['created_at'])
+      end
+    end
+
+    def updated?(row)
+      row['created_at'] == row['updated_at']
+    end
+  end
+end

data/lib/kontena/cli/vault/read_command.rb

@@ -0,0 +1,27 @@
+module Kontena::Cli::Vault
+  class ReadCommand < Kontena::Command
+    include Kontena::Cli::Common
+    include Kontena::Cli::GridOptions
+
+    parameter "NAME", "Secret name"
+
+    option '--value', :flag, 'Just output the value'
+    option '--return', :flag, 'Return the value', hidden: true
+
+    def execute
+      require_api_url
+      require_current_grid
+
+      token = require_token
+      result = client(token).get("secrets/#{current_grid}/#{name}")
+      return result['value'] if self.return?
+      if self.value?
+        puts result['value']
+      else
+        puts "#{result['name']}:"
+        puts "  created_at: #{result['created_at']}"
+        puts "  value: #{result['value']}"
+      end
+    end
+  end
+end

data/lib/kontena/cli/vault/remove_command.rb

@@ -0,0 +1,23 @@
+module Kontena::Cli::Vault
+  class RemoveCommand < Kontena::Command
+    include Kontena::Cli::Common
+    include Kontena::Cli::GridOptions
+
+    parameter "NAME ...", "Secret name", attribute_name: :names
+    option "--force", :flag, "Force remove", default: false, attribute_name: :forced
+    option "--silent", :flag, "Reduce output verbosity"
+
+    def execute
+      require_api_url
+      require_current_grid
+      names.each do |name|
+        confirm_command(name) unless forced?
+
+        token = require_token
+        vspinner "Removing #{pastel.cyan(name)} from the vault " do
+          client(token).delete("secrets/#{current_grid}/#{name}")
+        end
+      end
+    end
+  end
+end

data/lib/kontena/cli/vault/update_command.rb

@@ -0,0 +1,24 @@
+module Kontena::Cli::Vault
+  class UpdateCommand < Kontena::Command
+    include Kontena::Cli::Common
+    include Kontena::Cli::GridOptions
+
+    parameter 'NAME', 'Secret name'
+    parameter '[VALUE]', 'Secret value (default: STDIN)'
+
+    option ['-u', '--upsert'], :flag, 'Create secret unless already exists', default: false
+    option '--silent', :flag, "Reduce output verbosity"
+
+    requires_current_master
+
+    def default_value
+      stdin_input("Enter value for secret '#{name}'", :mask)
+    end
+
+    def execute
+      vspinner "Updating #{pastel.cyan(name)} value in the vault " do
+        client.put("secrets/#{current_grid}/#{name}", {name: name, value: value, upsert: upsert? })
+      end
+    end
+  end
+end

data/lib/kontena/cli/vault/write_command.rb

@@ -0,0 +1,23 @@
+module Kontena::Cli::Vault
+  class WriteCommand < Kontena::Command
+    include Kontena::Cli::Common
+    include Kontena::Cli::GridOptions
+
+    parameter 'NAME', 'Secret name'
+    parameter '[VALUE]', 'Secret value (default: STDIN)'
+
+    option '--silent', :flag, "Reduce output verbosity"
+
+    requires_current_master
+
+    def default_value
+      stdin_input("Enter value for secret '#{name}'", :mask)
+    end
+
+    def execute
+      vspinner "Writing #{pastel.cyan(name)} to the vault " do
+        client.post("grids/#{current_grid}/secrets", { name: name, value: value })
+      end
+    end
+  end
+end

data/lib/kontena/cli/vault_command.rb

@@ -0,0 +1,13 @@
+class Kontena::Cli::VaultCommand < Kontena::Command
+
+  subcommand ["list", "ls"], "List secrets", load_subcommand('vault/list_command')
+  subcommand "write", "Write a secret", load_subcommand('vault/write_command')
+  subcommand "read", "Read secret", load_subcommand('vault/read_command')
+  subcommand "update", "Update secret", load_subcommand('vault/update_command')
+  subcommand ["remove", "rm"], "Remove secret", load_subcommand('vault/remove_command')
+  subcommand "export", "Export secrets to STDOUT", load_subcommand('vault/export_command')
+  subcommand "import", "Import secrets from a file or STDIN", load_subcommand('vault/import_command')
+
+  def execute
+  end
+end

data/lib/kontena/cli/version.rb

@@ -0,0 +1,10 @@
+module Kontena
+  module Cli
+    unless const_defined?(:VERSION)
+      require 'pathname'
+      version_file = Pathname.new(__FILE__).dirname.join('../../../VERSION').realpath
+      is_head = ENV["KONTENA_EXTRA_BUILDTAGS"].to_s.include?('head')
+      VERSION = "#{version_file.read.strip}#{"-head" if is_head}"
+    end
+  end
+end

data/lib/kontena/cli/version_command.rb

@@ -0,0 +1,20 @@
+require 'kontena/cli/version'
+
+class Kontena::Cli::VersionCommand < Kontena::Command
+  include Kontena::Cli::Common
+
+  option "--cli", :flag, "Only CLI version"
+
+  def execute
+    puts "cli: #{Kontena::Cli::VERSION}"
+    return if cli?
+
+    url = api_url rescue nil
+    if url
+      resp = JSON.parse(client.http_client.get(path: '/').body) rescue nil
+      if resp
+        puts "master: #{resp['version']} (#{url})"
+      end
+    end
+  end
+end

data/lib/kontena/cli/volume_command.rb

@@ -0,0 +1,9 @@
+
+class Kontena::Cli::VolumeCommand < Kontena::Command
+
+  subcommand "create", "Create a managed volume", load_subcommand('volumes/create_command')
+  subcommand "show", "Show details of a volume", load_subcommand('volumes/show_command')
+  subcommand ["remove", "rm"], "Remove a managed volume", load_subcommand('volumes/remove_command')
+  subcommand ["list", "ls"], "List managed volumes", load_subcommand('volumes/list_command')
+
+end

data/lib/kontena/cli/volumes/create_command.rb

@@ -0,0 +1,42 @@
+
+module Kontena::Cli::Volumes
+  class CreateCommand < Kontena::Command
+    include Kontena::Cli::Common
+    include Kontena::Cli::GridOptions
+
+    banner "Creates a volume"
+    parameter 'NAME', 'Volume name'
+
+    SCOPES = %w(grid stack instance)
+
+    option '--driver', 'DRIVER', 'Volume driver to be used', required: true
+    option '--driver-opt', 'DRIVER_OPT', 'Volume driver options', multivalued: true
+    option '--scope', 'SCOPE', "Volume scope (#{SCOPES.join(',')})", required: true do |scope|
+      exit_with_error "Unknown scope '#{scope}, must be one of #{SCOPES.join(',')}" unless SCOPES.include?(scope)
+      scope
+    end
+
+    requires_current_master
+    requires_current_master_token
+
+    def execute
+      volume = {
+        name: name,
+        scope: scope,
+        driver: driver,
+        driver_opts: parse_driver_opts
+      }
+      spinner "Creating volume #{pastel.cyan(name)} " do
+        create_volume(volume)
+      end
+    end
+
+    def parse_driver_opts
+      driver_opt_list.map{ |opt| opt.split('=', 2) }.to_h
+    end
+
+    def create_volume(volume)
+      client.post("volumes/#{current_grid}", volume)
+    end
+  end
+end

data/lib/kontena/cli/volumes/list_command.rb

@@ -0,0 +1,29 @@
+
+module Kontena::Cli::Volumes
+  class ListCommand < Kontena::Command
+    include Kontena::Util
+    include Kontena::Cli::Common
+    include Kontena::Cli::GridOptions
+    include Kontena::Cli::TableGenerator::Helper
+
+    option ['--[no-]long', '-l'], :flag, "Show full dates", default: !$stdout.tty?
+
+    requires_current_master
+    requires_current_master_token
+
+    def volumes
+      client.get("volumes/#{current_grid}")['volumes']
+    end
+
+    def fields
+      quiet? ? ['name'] : %w(name scope driver created_at)
+    end
+
+    def execute
+      print_table(volumes) do |row|
+        next if long? || quiet?
+        row['created_at'] = time_ago(row['created_at'])
+      end
+    end
+  end
+end

data/lib/kontena/cli/volumes/remove_command.rb

@@ -0,0 +1,29 @@
+
+module Kontena::Cli::Volumes
+  class RemoveCommand < Kontena::Command
+    include Kontena::Cli::Common
+    include Kontena::Cli::GridOptions
+
+
+    banner "Removes a volume"
+    parameter 'VOLUME ...', 'Volume name', attribute_name: :volumes
+    option "--force", :flag, "Force remove", default: false, attribute_name: :forced
+
+    requires_current_master
+    requires_current_master_token
+
+    def execute
+      volumes.each do |volume|
+        confirm_command(volume) unless forced?
+
+        spinner "Removing volume #{pastel.cyan(volume)} " do
+          remove_volume(volume)
+        end
+      end
+    end
+
+    def remove_volume(volume)
+      client.delete("volumes/#{current_grid}/#{volume}")
+    end
+  end
+end

data/lib/kontena/cli/volumes/show_command.rb

@@ -0,0 +1,38 @@
+
+module Kontena::Cli::Volumes
+  class ShowCommand < Kontena::Command
+    include Kontena::Cli::Common
+    include Kontena::Cli::GridOptions
+
+    banner "Show details of a volume"
+
+    parameter 'VOLUME', 'Volume'
+
+    requires_current_master
+    requires_current_master_token
+
+    def execute
+      vol = client.get("volumes/#{current_grid}/#{volume}")
+      puts "#{vol['name']}:"
+      puts "  id: #{vol['id']}"
+      puts "  created: #{vol['created_at']}"
+      puts "  scope: #{vol['scope']}"
+      puts "  driver: #{vol['driver']}"
+      puts "  driver_opts:"
+      vol['driver_opts'].each do |k,v|
+        puts "    #{k}: #{v}"
+      end
+      puts "  instances:"
+      vol['instances'].each do |instance|
+        puts "    - name: #{instance['name']}"
+        puts "      node: #{instance['node']}"
+      end
+      puts "  services:"
+      vol['services'].each do |service|
+        puts "    - #{service['id']}"
+      end
+
+    end
+
+  end
+end

data/lib/kontena/cli/vpn/config_command.rb

@@ -0,0 +1,27 @@
+module Kontena::Cli::Vpn
+  class ConfigCommand < Kontena::Command
+    include Kontena::Cli::Common
+    include Kontena::Cli::GridOptions
+
+    def execute
+      require 'rbconfig'
+      require_api_url
+      payload = {cmd: ['/usr/local/bin/ovpn_getclient', 'KONTENA_VPN_CLIENT']}
+      service = client(require_token).get("services/#{current_grid}/vpn/server/containers")['containers'][0]
+      stdout, stderr = client(require_token).post("containers/#{service['id']}/exec", payload)
+      if linux?
+        stdout << "\n"
+        stdout << "script-security 2 system\n"
+        stdout << "up /etc/openvpn/update-resolv-conf\n"
+        stdout << "down /etc/openvpn/update-resolv-conf\n"
+      end
+      puts stdout
+    end
+
+    # @return [Boolean]
+    def linux?
+      host_os = RbConfig::CONFIG['host_os']
+      host_os.include?('linux')
+    end
+  end
+end

data/lib/kontena/cli/vpn/create_command.rb

@@ -0,0 +1,99 @@
+require_relative '../stacks/stacks_helper'
+
+module Kontena::Cli::Vpn
+  class CreateCommand < Kontena::Command
+    include Kontena::Cli::Common
+    include Kontena::Cli::GridOptions
+    include Kontena::Cli::Stacks::StacksHelper
+
+    option '--node', 'NODE', 'Node name where VPN is deployed'
+    option '--ip', 'IP', 'Node ip-address to use in VPN service configuration'
+
+    def execute
+      require_api_url
+      token = require_token
+      preferred_node = node
+
+      name = 'vpn'
+      vpn = client(token).get("stacks/#{current_grid}/#{name}") rescue nil
+      exit_with_error('Vpn stack already exists') if vpn
+
+      node = find_node(token, preferred_node)
+
+      vpn_ip = node_vpn_ip(node)
+      data = {
+        name: name,
+        stack: 'kontena/vpn',
+        version: Kontena::Cli::VERSION,
+        registry: 'file://',
+        source: '---',
+        expose: 'server',
+        services: [
+          name: 'server',
+          stateful: true,
+          image: 'kontena/openvpn:ethwe',
+          ports: [
+            {
+              container_port: '1194',
+              node_port: '1194',
+              protocol: 'udp'
+            }
+          ],
+          cap_add: ['NET_ADMIN'],
+          env: ["OVPN_SERVER_URL=udp://#{vpn_ip}:1194"],
+          affinity: ["node==#{node['name']}"]
+        ]
+      }
+
+      client(token).post("grids/#{current_grid}/stacks", data)
+      deployment = client(token).post("stacks/#{current_grid}/#{name}/deploy", {})
+      spinner "Deploying #{pastel.cyan(name)} service " do
+        wait_for_deploy_to_finish(deployment)
+      end
+      spinner "Generating #{pastel.cyan(name)} keys (this will take a while) " do
+        wait_for_configuration_to_finish(token)
+      end
+      puts "#{pastel.cyan(name)} service is now started (udp://#{vpn_ip}:1194)."
+      puts "use 'kontena vpn config' to fetch OpenVPN client config to your machine."
+    end
+
+    def wait_for_configuration_to_finish(token)
+      finished = false
+      payload = {cmd: ['/usr/local/bin/ovpn_getclient', 'KONTENA_VPN_CLIENT']}
+      service = client(require_token).get("services/#{current_grid}/vpn/server/containers", payload)['containers'][0]
+      until finished
+        sleep 3
+        stdout, stderr = client(require_token).post("containers/#{service['id']}/exec", payload)
+        finished = true if stdout.join('').include?('BEGIN PRIVATE KEY'.freeze)
+      end
+
+      finished
+    end
+
+    def find_node(token, preferred_node = nil)
+      nodes = client(token).get("grids/#{current_grid}/nodes")
+
+      if preferred_node.nil?
+        node = nodes['nodes'].find{|n| n['connected'] && !n['public_ip'].to_s.empty?}
+        exit_with_error('Cannot find any online nodes with public ip. If you want to connect with private address, please use --node and/or --ip options.') if node.nil?
+      else
+        node = nodes['nodes'].find{|n| n['connected'] && n['name'] == preferred_node }
+        exit_with_error('Node not found') if node.nil?
+      end
+      node
+    end
+
+    # @param [Hash] node
+    # @return [String]
+    def node_vpn_ip(node)
+      return ip unless ip.nil?
+
+      # vagrant
+      if node['labels'] && node['labels'].include?('provider=vagrant')
+        node['private_ip'].to_s
+      else
+        node['public_ip'].to_s.empty? ? node['private_ip'].to_s : node['public_ip'].to_s
+      end
+    end
+  end
+end

data/lib/kontena/cli/vpn/remove_command.rb

@@ -0,0 +1,22 @@
+module Kontena::Cli::Vpn
+  class RemoveCommand < Kontena::Command
+    include Kontena::Cli::Common
+    include Kontena::Cli::GridOptions
+
+    option "--force", :flag, "Force remove", default: false, attribute_name: :forced
+
+    def execute
+      require_api_url
+      token = require_token
+      confirm unless forced?
+      name = 'vpn'
+
+      vpn = client(token).get("stacks/#{current_grid}/#{name}") rescue nil
+      exit_with_error("VPN stack does not exist") if vpn.nil?
+
+      spinner "Removing #{pastel.cyan(name)} service " do
+        client(token).delete("stacks/#{current_grid}/#{name}")
+      end
+    end
+  end
+end

data/lib/kontena/cli/vpn_command.rb

@@ -0,0 +1,9 @@
+class Kontena::Cli::VpnCommand < Kontena::Command
+
+  subcommand "create", "Create VPN service", load_subcommand('vpn/create_command')
+  subcommand "config", "Show/Export VPN config", load_subcommand('vpn/config_command')
+  subcommand ["remove", "rm"], "Remove VPN service", load_subcommand('vpn/remove_command')
+
+  def execute
+  end
+end

data/lib/kontena/cli/whoami_command.rb

@@ -0,0 +1,38 @@
+class Kontena::Cli::WhoamiCommand < Kontena::Command
+  include Kontena::Cli::Common
+
+  option '--bash-completion-path', :flag, 'Show bash completion path', hidden: true
+  option '--token', :flag, 'Show current master token', hidden: true
+
+  def execute
+    if bash_completion_path?
+      puts File.realpath(File.join(__dir__, '../scripts/init'))
+      exit 0
+    end
+
+    if self.token?
+      if config.current_master && config.current_master.token
+        puts config.current_master.token.access_token
+        exit 0
+      else
+        exit 1
+      end
+    end
+
+    require_api_url
+    puts "Master: #{ENV['KONTENA_URL'] || self.current_master['name']}"
+    puts "URL: #{ENV['KONTENA_URL'] || api_url}"
+    puts "Grid: #{ENV['KONTENA_GRID'] || current_grid}"
+    unless ENV['KONTENA_URL']
+      if current_master['username']
+        puts "User: #{current_master['username']}"
+      else # In case local storage doesn't have the user email yet
+        token = require_token
+        user = client.get('user')
+        puts "User: #{user['email']}"
+        current_master['username'] = user['email']
+        config.write
+      end
+    end
+  end
+end