krates 1.6.0

data/lib/kontena/cli/certificate/register_command.rb

@@ -0,0 +1,30 @@
+
+module Kontena::Cli::Certificate
+  class RegisterCommand < Kontena::Command
+    include Kontena::Cli::Common
+    include Kontena::Cli::GridOptions
+
+
+    parameter "EMAIL", "Email to register"
+
+    option '--agree-tos', :flag, "Automatically agree on Let's Encrypt Terms of Service"
+
+    def execute
+      require_api_url
+      token = require_token
+
+      data = {email: email}
+
+      if self.agree_tos? || ask_continue
+        response = client(token).post("certificates/#{current_grid}/register", data)
+        puts 'Email registered to LetsEncrypt'
+      end
+    end
+
+    def ask_continue
+      puts "By registering, you agree on Let's Encrypt Terms of Service: https://letsencrypt.org/documents/2017.11.15-LE-SA-v1.2.pdf"
+      exit_with_error "Registration canceled!" unless prompt.yes?("Continue?")
+      true
+    end
+  end
+end

data/lib/kontena/cli/certificate/remove_command.rb

@@ -0,0 +1,23 @@
+require_relative '../services/services_helper'
+
+module Kontena::Cli::Certificate
+  class RemoveCommand < Kontena::Command
+    include Kontena::Cli::Common
+    include Kontena::Cli::GridOptions
+
+    parameter "SUBJECT", "Certificate subject"
+    option "--force", :flag, "Force remove", default: false, attribute_name: :forced
+
+    requires_current_master
+    requires_current_master_token
+    requires_current_grid
+
+    def execute
+      confirm_command(self.subject) unless forced?
+
+      spinner "Removing certificate for #{self.subject.colorize(:cyan)} from #{current_grid.colorize(:cyan)} grid " do
+        client.delete("certificates/#{current_grid}/#{self.subject}")
+      end
+    end
+  end
+end

data/lib/kontena/cli/certificate/request_command.rb

@@ -0,0 +1,20 @@
+
+module Kontena::Cli::Certificate
+  class RequestCommand < Kontena::Command
+    include Kontena::Cli::Common
+    include Kontena::Cli::GridOptions
+
+    parameter "DOMAIN ...", "Domain(s) to get certificate for"
+
+    def execute
+      require_api_url
+      token = require_token
+      data = {domains: domain_list}
+
+      spinner "Requesting certificate for #{domain_list.join(',').colorize(:cyan)} " do
+        response = client(token).post("grids/#{current_grid}/certificates", data)
+      end
+
+    end
+  end
+end

data/lib/kontena/cli/certificate/show_command.rb

@@ -0,0 +1,22 @@
+require_relative '../services/services_helper'
+require_relative './common'
+
+module Kontena::Cli::Certificate
+  class ShowCommand < Kontena::Command
+    include Kontena::Cli::Common
+    include Kontena::Cli::GridOptions
+    include Common
+
+    parameter "SUBJECT", "Certificate subject"
+
+    requires_current_master
+    requires_current_master_token
+    requires_current_grid
+
+    def execute
+      cert = client.get("certificates/#{current_grid}/#{self.subject}")
+
+      show_certificate(cert)
+    end
+  end
+end

data/lib/kontena/cli/certificate_command.rb

@@ -0,0 +1,18 @@
+
+class Kontena::Cli::CertificateCommand < Kontena::Command
+
+  subcommand ["list", "ls"], "List certificates", load_subcommand('certificate/list_command')
+  subcommand "show", "Show certificate details", load_subcommand('certificate/show_command')
+  subcommand "export", "Export certificate to file", load_subcommand('certificate/export_command')
+  subcommand "register", "Register to LetsEncrypt", load_subcommand('certificate/register_command')
+  subcommand "authorize", "Create DNS authorization for domain", load_subcommand('certificate/authorize_command')
+  subcommand "request", "Request certificate for domain", load_subcommand('certificate/request_command')
+  subcommand "get", "Get certificate for domain [DEPRECATED]", load_subcommand('certificate/get_command')
+  subcommand "import", "Import certificate from file", load_subcommand('certificate/import_command')
+  subcommand ["remove", "rm"], "Remove certificate for domain", load_subcommand('certificate/remove_command')
+  subcommand "domain-authorization", "Domain authorization sub-commands", load_subcommand('certificate/domain_authorize_command')
+
+
+  def execute
+  end
+end

data/lib/kontena/cli/cloud/login_command.rb

@@ -0,0 +1,186 @@
+require 'uri'
+
+module Kontena::Cli::Cloud
+  class LoginCommand < Kontena::Command
+    include Kontena::Cli::Common
+
+    option ['-t', '--token'], '[TOKEN]', 'Use a pre-generated access token', environment_variable: 'KONTENA_CLOUD_TOKEN'
+    option ['-c', '--code'], '[CODE]', 'Use an authorization code'
+    option ['-v', '--verbose'], :flag, 'Increase output verbosity'
+    option ['-f', '--force'], :flag, 'Force reauthentication'
+    option ['-r', '--remote'], :flag, 'Remote login'
+
+    def execute
+      if self.code && self.force?
+        exit_with_error "Can't use --code and --force together"
+      end
+
+      if self.token
+        exit_with_error "Can't use --token and --force together" if self.force?
+        exit_with_error "Can't use --token and --code together"  if self.code
+      end
+
+      if !kontena_account.token || !kontena_account.token.access_token || self.token || self.force?
+        kontena_account.token = Kontena::Cli::Config::Token.new(access_token: self.token, parent_type: :account, parent_name: kontena_account.name)
+      end
+
+      use_authorization_code(self.code) if self.code
+
+      client = Kontena::Client.new(kontena_account.userinfo_endpoint, kontena_account.token, prefix: '')
+
+      if kontena_account.token.access_token
+        auth_ok = vspinner "Verifying current access token" do
+          client.authentication_ok?(kontena_account.userinfo_endpoint)
+        end
+        if auth_ok
+          finish and return
+        end
+      end
+      if remote?
+        remote_login
+      else
+        web_flow
+      end
+      finish
+    end
+
+    def finish
+      update_userinfo unless kontena_account.username
+      config.current_account = kontena_account.name
+      config.write
+      config.reset_instance
+      reset_cloud_client
+      display_logo
+      display_login_info(only: :account)
+      true
+    end
+
+    def remote_login
+      client_id = kontena_account.client_id || Kontena::Client::CLIENT_ID
+      params = {
+        client_id: client_id
+      }
+      cloud_url = kontena_account.url
+      client = Kontena::Client.new(cloud_url, nil)
+      auth_request_response = client.post('/auth_requests', params, {}, { 'Content-Type' => 'application/x-www-form-urlencoded' }) rescue nil
+      if !auth_request_response.kind_of?(Hash)
+        exit_with_error "Remote login request failed"
+      elsif auth_request_response['error']
+        exit_with_error "Remote login request failed: #{auth_request_response['error']}"
+      end
+      begin
+        verification_uri = URI.parse(auth_request_response['verification_uri'])
+      rescue => e
+        exit_with_error "Parsing remote login URL failed."
+      end
+
+      puts "Please visit #{pastel.cyan(verification_uri.to_s)} and enter the code"
+      puts
+      puts "#{auth_request_response['user_code']}"
+      puts
+      puts "Once the authentication is complete you can close the browser"
+      puts "window or tab and return to this window to continue."
+      puts
+
+      code_request_params = {
+        client_id: client_id,
+        device_code: auth_request_response['device_code']
+      }
+      code_response = nil
+      spinner "Waiting for authentication" do
+        until code_response do
+          code_response = client.post("/auth_requests/code",  code_request_params, {}, { 'Content-Type' => 'application/x-www-form-urlencoded' }) rescue nil
+          sleep 1
+        end
+      end
+      update_token(code_response)
+    end
+
+    def web_flow
+      if Kontena.browserless? && !force?
+        $stderr.puts "Your current environment does not seem to support opening a local graphical WWW browser. Using remote login instead."
+        $stderr.puts
+        remote_login
+        return
+      end
+
+      require_relative '../localhost_web_server'
+      require 'kontena/cli/browser_launcher'
+
+      uri = URI.parse(kontena_account.authorization_endpoint)
+      uri.host ||= kontena_account.url
+
+      web_server = Kontena::LocalhostWebServer.new
+
+      params = {
+        client_id: kontena_account.client_id || Kontena::Client::CLIENT_ID,
+        response_type: 'code',
+        redirect_uri: "http://localhost:#{web_server.port}/cb"
+      }
+
+      uri.query = URI.encode_www_form(params)
+
+      puts "Opening a browser to #{uri.scheme}://#{uri.host}"
+      #puts
+      #puts "If you are running this command over an ssh connection or it's"
+      #puts "otherwise not possible to open a browser from this terminal"
+      #puts "then you must use a pregenerated access token using the --token"
+      #puts "option : kontena cloud login --token <access_token>"
+      puts
+      puts "Once the authentication is complete you can close the browser"
+      puts "window or tab and return to this window to continue."
+      puts
+      any_key_to_continue(10)
+
+      puts "If the browser does not open, try visiting this URL manually:"
+      puts "#{uri.to_s}"
+      puts
+
+      server_thread  = Thread.new { Thread.main['response'] = web_server.serve_one }
+      Kontena::Cli::BrowserLauncher.open(uri.to_s)
+
+      spinner "Waiting for browser authorization response" do
+        server_thread.join
+      end
+
+      update_token(Thread.main['response'])
+    end
+
+    def update_userinfo
+      uri = URI.parse(kontena_account.userinfo_endpoint)
+      path = uri.path
+      uri.path = '/'
+
+      response = Kontena::Client.new(uri.to_s, kontena_account.token).get(path)
+      if response.kind_of?(Hash) && response['data'] && response['data']['attributes']
+        kontena_account.username = response['data']['attributes']['username']
+      elsif response && response['error']
+        exit_with_error response['error']
+      else
+        exit_with_error "Userinfo request failed"
+      end
+    end
+
+    def use_authorization_code(code)
+      response = vspinner "Exchanging authorization code to access token" do
+        Kontena::Client.new(kontena_account.token_endpoint, kontena_account.token).exchange_code(code)
+      end
+      update_token(response)
+    end
+
+    def update_token(response)
+      if !response.kind_of?(Hash)
+        raise TypeError, "Invalid authentication response, expected Hash, got #{response.class}"
+      elsif response['error']
+        exit_with_error "Authentication failed: #{response['error']}"
+      elsif response['code']
+        use_authorization_code(response['code'])
+      else
+        kontena_account.token.access_token  = response['access_token']
+        kontena_account.token.refresh_token = response['refresh_token']
+        kontena_account.token.expires_at    = response['expires_at']
+        true
+      end
+    end
+  end
+end

data/lib/kontena/cli/cloud/logout_command.rb

@@ -0,0 +1,14 @@
+module Kontena::Cli::Cloud
+  class LogoutCommand < Kontena::Command
+    include Kontena::Cli::Common
+
+    def execute
+      config.accounts.each do |account|        
+        use_refresh_token(account)
+        account.token = nil
+      end
+      config.write
+      puts pastel.green("You have been logged out of Kontena Cloud")
+    end
+  end
+end

data/lib/kontena/cli/cloud/master/add_command.rb

@@ -0,0 +1,156 @@
+module Kontena::Cli::Cloud::Master
+  class AddCommand < Kontena::Command
+
+    include Kontena::Cli::Common
+
+    callback_matcher 'cloud-master', 'create'
+
+    requires_current_account_token
+
+    parameter "[NAME]", "Master name"
+
+    option ['--redirect-uri'], '[URL]',      'Set master redirect URL'
+    option ['--url'],          '[URL]',      'Set master URL'
+    option ['--provider'],     '[NAME]',     'Set master provider'
+    option ['--name'],         '[NAME]',     'Set master name',        hidden: true
+    option ['--version'],      '[VERSION]',  'Set master version',     hidden: true
+    option ['--owner'],        '[NAME]',     'Set master owner',       hidden: true
+
+    option ['--id'],      :flag, 'Just output the ID'
+    option ['--return'],  :flag, 'Return the ID', hidden: true
+    option ['--force'],   :flag, "Don't ask questions"
+
+    option ['--cloud-master-id'], '[ID]', "Use existing cloud master ID", hidden: true
+    option ['--current'], :flag, 'Register and configure current master', hidden: true
+
+    def register(name, url = nil, provider = nil, redirect_uri = nil, version = nil, owner = nil)
+      attributes = {}
+      attributes['name']         = name
+      attributes['url']          = url if url
+      attributes['provider']     = provider if provider
+      attributes['redirect-uri'] = redirect_uri if redirect_uri
+      attributes['version']      = version if version
+      attributes['owner']        = owner if owner
+
+      response = cloud_client.post('user/masters', { data: { attributes: attributes } })
+      exit_with_error "Failed (invalid response)" unless response.kind_of?(Hash)
+      exit_with_error "Failed: #{response['error']}" if response['error']
+      exit_with_error "Failed (no data)" unless response['data']
+      response
+    end
+
+    def get_existing(id)
+      cloud_client.get("user/masters/#{id}")
+    end
+
+    def cloud_masters
+      masters = []
+      spinner "Retrieving a list of your registered Kontena Masters in Kontena Cloud" do |spin|
+        begin
+          masters = Kontena.run!(%w(cloud master list --return --quiet))
+        rescue SystemExit
+          spin.fail
+        end
+      end
+      masters
+    end
+
+    def new_cloud_master_name(master_name)
+      masters = cloud_masters
+      return master_name if masters.empty?
+
+      existing_master = masters.find { |m| m['attributes']['name'] == master_name }
+      return master_name unless existing_master
+
+      new_name = "#{master_name}-2"
+      new_name.succ! until masters.find { |m| m['attributes']['name'] == new_name }.nil?
+      new_name
+    end
+
+    def register_current
+      require_api_url
+      require_token
+
+      unless self.force?
+        puts "Proceeding will:"
+        puts " * Register the Kontena Master #{current_master.name} to Kontena Cloud"
+        puts " * Configure the Kontena Master to use Kontena Cloud as the"
+        puts "   authentication provider"
+        puts
+        puts "After this:"
+        puts " * Users will not be able to reauthenticate without authorizing the"
+        puts "   Master to access their Kontena Cloud user information"
+        puts " * Users that have registered a different email address to Kontena"
+        puts "   Cloud than the one they currently have as their username in the"
+        puts "   master will not be able to authenticate before an administrator"
+        puts "   of the Kontena Master creates an invitation code for them"
+        puts "   (kontena master user invite old@email.example.com)"
+        exit_with_error "Aborted" unless prompt.yes?("Proceed?")
+      end
+
+      new_name = new_cloud_master_name(current_master.name)
+
+      if self.cloud_master_id
+        response = spinner "Retrieving Master information from Kontena Cloud using id" do
+          get_existing(self.cloud_master_id)
+        end
+        if response && response.kind_of?(Hash) && response.has_key?('data') && response['data']['attributes']
+          if (self.provider && response['data']['attributes']['provider'] != self.provider) || (self.version && response['data']['attributes']['version'] != self.version)
+            spinner "Updating provider and version attributes to Kontena Cloud master" do |spin|
+              args = []
+              args += ['--provider', self.provider] if self.provider
+              args += ['--version', self.version] if self.version
+              args << self.cloud_master_id
+              spin.fail! unless Kontena.run(['cloud', 'master', 'update'] + args)
+            end
+          end
+        end
+      else
+        response = spinner "Registering current Kontena Master '#{current_master.name}' #{" as '#{new_name}' " unless new_name == current_master.name}to Kontena Cloud" do
+          register(new_name, current_master.url, self.provider, current_master.url.gsub(/\/$/, '') + "/cb", self.version)
+        end
+      end
+
+      spinner "Loading Kontena Cloud auth provider base configuration to Kontena Master" do |spin|
+        spin.fail! unless Kontena.run(%w(master config import --force --preset kontena_auth_provider))
+      end
+
+      spinner "Updating OAuth2 client-id and client-secret to Kontena Master" do |spin|
+        spin.fail! unless Kontena.run(
+          [
+            'master', 'config', 'set',
+            "oauth2.client_id=#{response['data']['attributes']['client-id'].shellescape}",
+            "oauth2.client_secret=#{response['data']['attributes']['client-secret'].shellescape}",
+            "server.root_url=#{current_master.url.shellescape}",
+            "server.name=#{current_master.name.shellescape}",
+            "cloud.provider_is_kontena=true"
+          ]
+        )
+      end
+    end
+
+    def execute
+      unless cloud_client.authentication_ok?(kontena_account.userinfo_endpoint)
+        Kontena.run!(%w(cloud login))
+        config.reset_instance
+        reset_cloud_client
+      end
+
+      return register_current if self.current?
+
+      exit_with_error 'Master name is required' unless self.name
+
+      response = register(self.name, self.url, self.provider, self.redirect_uri, self.version, self.owner)
+      if self.return?
+        return response['data']['id']
+      elsif self.id?
+        puts response['data']['id']
+      else
+        puts pastel.green("Registered master.")
+        puts "ID: #{response['data']['id']}"
+        puts "Client ID: #{response['data']['attributes']['client-id']}"
+        puts "Client Secret: #{response['data']['attributes']['client-secret']}"
+      end
+    end
+  end
+end

data/lib/kontena/cli/cloud/master/list_command.rb

@@ -0,0 +1,35 @@
+module Kontena::Cli::Cloud::Master
+  class ListCommand < Kontena::Command
+
+    include Kontena::Cli::Common
+    include Kontena::Cli::TableGenerator::Helper
+
+    callback_matcher 'cloud-master', 'list'
+
+    option '--return', :flag, 'Return the list', hidden: true
+
+    requires_current_account_token
+
+    def fields
+      quiet? ? ['id'] : %w(id name owner url connected)
+    end
+
+    def execute
+      response = spin_if(!quiet?, "Retrieving Master list from Kontena Cloud") do
+        cloud_client.get('user/masters')
+      end
+
+      unless response && response.kind_of?(Hash) && response['data'].kind_of?(Array)
+        abort pastel.red("Listing masters failed")
+      end
+
+      return Array(response['data']) if self.return?
+
+      print_table(response['data']) do |row|
+        row.merge!(row['attributes'])
+        row['connected'] = !!row['connected'] ? pastel.green('yes') : pastel.red('no')
+      end
+    end
+  end
+end
+

data/lib/kontena/cli/cloud/master/remove_command.rb

@@ -0,0 +1,68 @@
+module Kontena::Cli::Cloud::Master
+  class RemoveCommand < Kontena::Command
+
+    include Kontena::Cli::Common
+
+    callback_matcher 'cloud-master', 'delete'
+
+    requires_current_account_token
+
+    parameter "[MASTER_ID]", "Master ID"
+
+    option ['-f', '--force'], :flag, "Don't ask for confirmation"
+
+    def delete_server(id)
+      spinner "Deleting server #{id} from Kontena Cloud" do |spin|
+        begin
+          cloud_client.delete("user/masters/#{id}")
+        rescue
+          spin.fail
+        end
+      end
+    end
+
+    def run_interactive
+      response = nil
+      spinner "Retrieving a list of registered masters on Kontena Cloud" do
+        response = cloud_client.get('user/masters')
+        unless response && response.kind_of?(Hash) && response['data'].kind_of?(Array)
+          abort pastel.red('Listing masters failed')
+        end
+      end
+
+      if response['data'].empty?
+        puts "No registered masters"
+        return
+      end
+
+      servers_to_delete = prompt.multi_select("Select registered master(s) to delete:") do |menu|
+        response['data'].each do |server|
+          menu.choice "#{server['attributes']['name']} (#{server['attributes']['url'] || "?"})", server['id']
+        end
+      end
+
+      if servers_to_delete.empty?
+        puts "No masters selected"
+      else
+        puts "About to delete servers from Kontena Cloud:"
+        servers_to_delete.each do |id|
+          puts " * #{id}"
+        end
+        confirm unless self.force?
+        servers_to_delete.each do |id|
+          delete_server(id)
+        end
+      end
+    end
+
+    def execute
+      if self.master_id.nil?
+        run_interactive
+      else
+        confirm unless self.force?
+        delete_server(self.master_id)
+      end
+      exit 0
+    end
+  end
+end

data/lib/kontena/cli/cloud/master/show_command.rb

@@ -0,0 +1,21 @@
+module Kontena::Cli::Cloud::Master
+  class ShowCommand < Kontena::Command
+
+    include Kontena::Cli::Common
+
+    callback_matcher 'cloud-master', 'show'
+
+    requires_current_account_token
+
+    parameter "MASTER_ID", "Master ID"
+
+    def execute
+      response = cloud_client.get("user/masters/#{master_id}")
+      response['data']['attributes']['id'] = response['data']['id']
+      response['data']['attributes'].each do |key, value|
+        puts "%20.20s : %s" % [key, value]
+      end
+    end
+  end
+end
+

data/lib/kontena/cli/cloud/master/update_command.rb

@@ -0,0 +1,52 @@
+module Kontena::Cli::Cloud::Master
+  class UpdateCommand < Kontena::Command
+
+    include Kontena::Cli::Common
+
+    callback_matcher 'cloud-master', 'update'
+
+    requires_current_account_token
+
+    parameter "MASTER_ID", "Master ID"
+
+    option ['--redirect-uri'], '[URL]',      'Set master redirect URL'
+    option ['--url'],          '[URL]',      'Set master URL'
+    option ['--provider'],     '[NAME]',     'Set master provider'
+    option ['--name'],         '[NAME]',     'Set master name',        hidden: true
+    option ['--version'],      '[VERSION]',  'Set master version',     hidden: true
+    option ['--owner'],        '[NAME]',     'Set master owner',       hidden: true
+
+    def get_attributes
+      cloud_client.get("user/masters/#{self.master_id}")["data"]["attributes"]
+    rescue
+      nil
+    end
+
+    def execute
+      attrs = get_attributes
+      unless attrs
+        puts pastel.red("Failed to obtain master credentials")
+        exit 1
+      end
+
+      attrs["name"]         = self.name         if self.name
+      attrs["redirect-uri"] = self.redirect_uri if self.redirect_uri
+      attrs["url"]          = self.url          if self.url
+      attrs["provider"]     = self.provider     if self.provider
+      attrs["version"]      = self.version      if self.version
+      attrs["owner"]        = self.owner        if self.owner
+
+      response = cloud_client.put(
+        "user/masters/#{master_id}",
+        { data: { attributes: attrs.reject{ |k, _| ['client-id', 'client-secret'].include?(k) } } }
+      )
+
+      if response
+        puts "Master settings updated"
+      else
+        puts "Request failed"
+        exit 1
+      end
+    end
+  end
+end

data/lib/kontena/cli/cloud/master_command.rb

@@ -0,0 +1,14 @@
+module Kontena::Cli::Cloud
+  class MasterCommand < Kontena::Command
+    include Kontena::Cli::Common
+
+    subcommand ['list', 'ls'], "List masters in Kontena Cloud", load_subcommand('cloud/master/list_command')
+    subcommand "add", "Register a master in Kontena Cloud", load_subcommand('cloud/master/add_command')
+    subcommand ['remove', 'rm'], "Remove a master registration from Kontena Cloud", load_subcommand('cloud/master/remove_command')
+    subcommand "show", "Show master settings in Kontena Cloud", load_subcommand('cloud/master/show_command')
+    subcommand "update", "Update master settings in Kontena Cloud", load_subcommand('cloud/master/update_command')
+
+    def execute
+    end
+  end
+end