nex_client 0.17.0 → 0.18.0.pre1

data/lib/nex_client/commands/cube_instances.rb

@@ -42,22 +42,6 @@ module NexClient
         self.display_cubes(e)
       end
 
-      # Retrieve application logs from all containers
-      def self.logs(args,opts)
-        name = args.first
-        e = NexClient::CubeInstance.find(uuid: name).first
-
-        # Display error
-        unless e
-          error("Error! Could not find cube: #{name}")
-          return false
-        end
-
-        # Retrieve logs and display them
-        logs = e.logs(tail: opts.tail).first
-        self.display_logs(logs.log_ret)
-      end
-
       def self.snapshots(args,opts)
         name = args.first
         e = NexClient::CubeInstance.find(uuid: name).first
@@ -232,11 +216,6 @@ module NexClient
         "#{o.type.singularize}:#{o.name}"
       end
 
-      def self.display_logs(logs)
-        puts logs
-        puts "\n"
-      end
-
       def self.display_snapshots(snapshots)
         table = Terminal::Table.new title: SNAPSHOTS_TITLE, headings: SNAPSHOTS_HEADERS do |t|
           [snapshots].flatten.compact.each do |e|

data/lib/nex_client/commands/events.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+module NexClient
+  module Commands
+    module Events
+      def self.configure(c, klass)
+        entity = klass.entity_name
+        entities = klass.entities_name
+
+        c.syntax = "nex-cli #{entities}:events APP_NAME [options]"
+        c.summary = "Gather system events for a given #{entity}"
+        c.description = "Gather system events for a given #{entity}"
+        c.example "display events for my#{entity}", "nex-cli #{entities}:events my#{entity}"
+        c.example "display 100 events for my#{entity}", "nex-cli #{entities}:events --tail 100 my#{entity}"
+        c.option '--tail NUMBER', String, 'number of events to retrieve (default: 50)'
+        c.option '--type TYPE', String, 'filter events on type (e.g. status, container)'
+        c.action do |args, options|
+          manage(args, options, klass)
+        end
+      end
+
+      # Retrieve resource events
+      def self.manage(args, opts, _klass)
+        filters = {}
+        filters[:'source.name'] = args.first
+        filters[:event] = opts.type if opts.type
+        tail_size = (opts.tail || 50).to_i
+
+        events = NexClient::Event.where(filters).order(id: :desc)
+        list = events.to_a
+        while list.count < tail_size
+          events = events.pages.next
+          break unless events
+          list |= events.to_a
+        end
+        list = list.first(tail_size)
+
+        display_events(list.to_a)
+      end
+
+      # Display a list of events
+      def self.display_events(events)
+        # Content
+        events.sort_by { |e| e.id.to_i }.each do |e|
+          username = e&.username || 'system'
+          session_id = e&.session_id || '-'
+          puts [
+            e.created_at,
+            e.event.ljust(12,' '),
+            username.ljust(15,' '),
+            session_id.ljust(6,' '),
+            e.level.ljust(6,' '),
+            e.message
+          ].join(" | ")
+        end
+        puts "\n"
+      end
+    end
+  end
+end

data/lib/nex_client/commands/helpers.rb

@@ -3,7 +3,6 @@
 module NexClient
   module Commands
     module Helpers
-      LOG_COLORS = [:cyan,:green,:red,:yellow,:magenta]
       VARS_TITLE = "Environment Variables".colorize(:blue)
       VARS_HEADERS = ['key','value'].map(&:upcase)
 
@@ -21,55 +20,6 @@ module NexClient
         puts msg.colorize(:red)
       end
 
-      def display_logs(logs)
-        color_index = 0
-        logs.each do |container_id,log_lines|
-          color_index = (color_index + 1) % LOG_COLORS.size
-          puts "\n"
-          puts "Node: #{container_id}".colorize(LOG_COLORS[color_index])
-          puts "-"*50
-          puts log_lines.join("\n")
-        end
-        puts "\n"
-      end
-
-      # Retrieve resource events
-      def events(args,opts)
-        filters = {}
-        filters[:'source.name'] = args.first
-        filters[:event] = opts.type if opts.type
-        tail_size = (opts.tail || 50).to_i
-
-        events = NexClient::Event.where(filters).order(id: :desc)
-        list = events.to_a
-        while list.count < tail_size
-          events = events.pages.next
-          break unless events
-          list |= events.to_a
-        end
-        list = list.first(tail_size)
-
-        self.display_events(list.to_a)
-      end
-
-      # Display a list of events
-      def display_events(events)
-        # Content
-        events.sort_by { |e| e.id.to_i }.each do |e|
-          username = e&.username || 'system'
-          session_id = e&.session_id || '-'
-          puts [
-            e.created_at,
-            e.event.ljust(12,' '),
-            username.ljust(15,' '),
-            session_id.ljust(6,' '),
-            e.level.ljust(6,' '),
-            e.message
-          ].join(" | ")
-        end
-        puts "\n"
-      end
-
       def with_cert_identity
         # Fetch user
         me = NexClient::Me.find.first

data/lib/nex_client/commands/ip_whitelisting.rb

@@ -0,0 +1,124 @@
+# frozen_string_literal: true
+
+module NexClient
+  module Commands
+    module IpWhitelisting
+      extend Helpers
+
+      IP_RULES_TITLE = "IP Rules".colorize(:cyan)
+      IP_RULES_HEADERS = ['Pattern', 'Action', 'CIDRS'].map(&:upcase)
+
+      def self.configure(c)
+        c.syntax = 'nex-cli apps:ip-rules APP_NAME [options]'
+        c.summary = 'Manage Application Endpoint IP whitelisting'
+        c.description = <<~HEREDOC
+          Manage Application Endpoint IP whitelisting
+
+          Specify a JSON (.json) or YAML (.yml) file describing the security rules to apply/ignore. If no files are specified you will be prompted to
+          paste rules in JSON format in the terminal.
+
+          Security rules are a list of regex patterns allowing or denying access to a specific endpoint based on an IP range (CIDR) in the following format:
+          { "pattern": "<regex_matching_a_path>", "cidrs": ["<ip_range_1>","<ip_range_2>"], "action": "<allow|deny>" }
+
+          Rules must be matched:
+          ----------------------
+          Rules must be matched (path + cidr) to be applied. Therefore you may want to have a "deny all" rule as a last rule if your application is private.
+
+          Rules order matter:
+          -------------------
+          Rules are matched in order. The first rule matched for a given [path, cidr] will be applied. A "deny all" rule should always be last.
+
+          Regex Patterns:
+          ---------------
+          Regex patterns must be Lua-compatible because these patterns ultimately get parsed by the routing infrastructure (nginx/lua). You can test your lua
+          pattern in the Lua online console to confirm it does what you want.
+          1) Go to: https://www.lua.org/cgi-bin/demo
+          2) Run the following in the console (example): return string.match("/api/v1/ping","^/api/v1")
+
+          Ruleset Example:
+          ----------------
+          Make your application only accessible from specific IP addresses but leave the /ping endpoint public
+          [
+            # Allow ALL IP addresses to access the ping endpoint
+            { "pattern": "^/ping", "cidrs": ["0.0.0.0/0"], "action": "allow" },
+
+            # Allow specific IP addresses and IP ranges to access your application
+            { "pattern": ".*", "cidrs": ["55.54.52.53/32", "80.70.60.0/24"], "action": "allow" },
+
+            # "Deny all" rule - All other IPs will be rejected on all endpoints
+            { "pattern": ".*", "cidrs": ["0.0.0.0/0"], "action": "deny" }
+          ]
+
+        HEREDOC
+        c.example 'update IP rules via command line prompt', 'nex-cli apps:ip-rules myapp --ruleset'
+        c.example 'update IP rules via file input', 'nex-cli apps:ip-rules myapp --ruleset /tmp/myruleset.json'
+        c.option '--ruleset [PATH]', String, 'specify web application IP rules using JSON or YAML file (prompt will appear otherwise). [restart required]'
+        c.option '--clear-ruleset', String, 'remove all IP rules'
+
+        c.action do |args, options|
+          manage(args, options)
+        end
+      end
+
+      def self.manage(args, opts)
+        name = args.first
+        app = NexClient::App.find(name: name).first
+
+        # Display error
+        unless app
+          error("Error! Could not find app: #{name}")
+          return false
+        end
+
+        a = update(app, opts)
+        show(a)
+      end
+
+      def self.update(app, opts)
+        # Deep duplicate
+        app_opts = Marshal.load(Marshal.dump((app.opts || {})))
+
+        # Clear all constraints
+        if opts.clear_ruleset
+          app_opts.delete('ip_whitelisting_rules')
+        end
+
+        # Add IP rules
+        if opts.ruleset.present?
+          ip_rules = begin
+            if opts.ruleset.is_a?(String)
+              hash_from_file(opts.ruleset)
+            else
+              val = ask("Copy/paste your IP rules below in JSON format:") { |q| q.gather = "" }
+              JSON.parse(val.join(""))
+            end
+          end
+
+          app_opts['ip_whitelisting_rules'] = ip_rules
+        end
+
+        # Update policies
+        if app.opts != app_opts
+          app.update_attributes({ opts: app_opts })
+          success("Successfully updated IP rules. Please restart your app to apply these changes...")
+        end
+
+        # Return updated app
+        app
+      end
+
+      def self.show(app)
+        ruleset = (app.opts['ip_whitelisting_rules'] || [])
+
+        table = Terminal::Table.new title: IP_RULES_TITLE, headings: IP_RULES_HEADERS do |t|
+          ruleset.each do |rule|
+            t.add_row([rule['pattern'], rule['action'], rule['cidrs']&.join(' , ')])
+          end
+        end
+        puts table
+        puts "\n"
+      end
+
+    end
+  end
+end

data/lib/nex_client/commands/logs.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+module NexClient
+  module Commands
+    module Logs
+      LOG_COLORS = [:cyan, :green, :red, :yellow, :magenta].freeze
+
+      def self.configure(c, klass)
+        entity = klass.entity_name
+        entities = klass.entities_name
+
+        c.syntax = "nex-cli #{entities}:logs APP_NAME [options]"
+        c.summary = "Gather #{entity} logs"
+        c.description = "Gather container logs for a given #{entity}"
+        c.example "gather logs for my#{entity}", "nex-cli #{entities}:logs my#{entity}"
+        c.example "gather logs for my#{entity} with a tail of 50", "nex-cli #{entities}:logs --tail 50 my#{entity}"
+        c.option '--tail NUMBER', String, 'number of lines to retrieve for each container'
+        c.action do |args, options|
+          manage(args, options, klass)
+        end
+      end
+
+      # Retrieve resource events
+      def self.manage(args, opts, klass)
+        name = args.first
+        cluster = klass.find(klass.main_key => name).first
+
+        # Display error
+        unless cluster
+          error("Error! Could not find #{klass.entity_name}: #{name}")
+          return false
+        end
+
+        # Retrieve logs and display them
+        logs = cluster.logs(tail: opts.tail).first
+        self.display_logs(logs.log_ret)
+      end
+
+      def display_logs(logs)
+        color_index = 0
+
+        if logs.is_a?(Hash)
+          logs.each do |container_id,log_lines|
+            color_index = (color_index + 1) % LOG_COLORS.size
+            puts "\n"
+            puts "Node: #{container_id}".colorize(LOG_COLORS[color_index])
+            puts "-"*50
+            puts log_lines.join("\n")
+          end
+        else
+          puts logs
+        end
+
+        puts "\n"
+      end
+    end
+  end
+end

data/lib/nex_client/commands/policies.rb

@@ -0,0 +1,184 @@
+# frozen_string_literal: true
+
+module NexClient
+  module Commands
+    module Policies
+      REGION_BALANCING_TITLE = "Region Balancing".colorize(:cyan)
+      REGION_BALANCING_HEADERS = ['Region','Rule'].map(&:upcase)
+
+      CONSTRAINTS_TITLE = "Constraints".colorize(:red)
+      CONSTRAINTS_HEADERS = ['Type','Attribute','Value'].map(&:upcase)
+
+      def self.configure(c, klass)
+        entity = klass.entity_name
+        entities = klass.entities_name
+
+        c.syntax = "nex-cli #{entities}:policies #{entity.upcase}_NAME [options]"
+        c.summary = "Display and manage #{entity} region-balancing policies and deployment constraints"
+        c.description = <<~HEREDOC
+          Constraints:
+          ------------
+            Use: --constraints CONSTRAINTS
+            Use: --clear-constraints
+            Specify compute or storage attributes to constrain the deployment of #{entity} containers to specific racks.
+
+            For example if you wish to restrict the deployment of #{entity} containers to servers using a specific security group,
+            you can run the following command:
+            E.g.:
+              nex-cli #{entities}:policies my#{entity} --constraints compute.network_security_group=my-security-group
+
+            You can define multiple constraints - in which case the rules will be additive (logical AND). If you wish to rebuild the constraints
+            from scratch you can clear the constraints (--clear-constraints) then re-add constraints (--rack-contraint)
+            E.g.:
+              nex-cli #{entities}:policies my#{entity} --clear-constraints
+              nex-cli #{entities}:policies my#{entity} --constraints compute.machine_type=m4.2xlarge,compute.network_security_group=my-security-group
+
+            If the orchestrator is unable to find a rack matching the defined constraints then the launch of new containers will fail. An error
+            will appear in the #{entities}:events logs telling you so.
+
+            NOTE for storage constraints:
+              - only applicable if your application has persistence enabled
+              - storage constraints are only applied when provisioning the first container as storage racks are permanently assigned.
+
+            The list of attributes that can be used is (examples are based on AWS):
+              - id - e.g. 653
+              - network_zone - e.g. ap-southeast-1
+              - machine_image - e.g. ami-123
+              - machine_type - e.g. m4.2xlarge
+              - network_security_group - e.g. my-compute-security-group
+              - private_ip_address - e.g. 10.1.1.1
+              - vpc_id - e.g. vpc-234
+              - network_subnet_id - e.g. subnet-123
+              - platform_provider - e.g. aws (provider name depends on orchestrator configuration)
+
+            Server regions are not available through rack constraints. If you wish to lock you application to a certain region,
+            use region-balancing policies.
+
+          Region-Balancing:
+          -----------------
+            Use: --region-balancing REGIONS
+            Use: --clear-region-balancing
+            Specify how your containers should be distributed across the available Nex!™ regions. This is only relevant when the Nex!™ platform has been deployed
+            in multiple regions.
+
+            Options are the following:
+              - evenly distribute across all regions: --region-balancing=all
+              - eventy distribute across specified regions: --region-balancing="ap-southeast-1,us-west-2"
+              - distribute with relative weights: --region-balancing="ap-southeast-1=1,us-west-2=2"
+              - Remove all region-balancing constraints: --clear-region-balancing
+        HEREDOC
+
+        c.example 'display all region policies and constraints', "nex-cli #{entities}:policies my#{entity}"
+        c.example 'balance containers equally between regions', "nex-cli #{entities}:policies my#{entity} --region-balancing=\"ap-southeast-1,us-west-2\""
+        c.example 'deploy more containers in one region', "nex-cli #{entities}:policies my#{entity} --region-balancing=\"ap-southeast-1=1,us-west-2=2\""
+        c.example 'scale containers across all regions', "nex-cli #{entities}:policies my#{entity} --region-balancing=all"
+
+        c.option '--region-balancing REGIONS', String, "specify how the #{entity} should be proportionally distributed geographically. E.g. \"all\" or \"ap-southeast-1,us-west-2\" or \"ap-southeast-1=1,us-west-2=2\". [restart required]"
+        c.option '--clear-region-balancing', String, 'remove region balancing policy and revert to default region'
+        c.option '--constraints CONSTRAINT1=value,CONSTRAINT1=value,...', Array, 'restrict deployment of containers to servers having specific attributes [restart required]'
+        c.option '--clear-constraints', String, 'remove all constraints'
+
+        c.action do |args, options|
+          manage(args, options, klass)
+        end
+      end
+
+      def self.manage(args, opts, klass)
+        name = args.first
+        cluster = klass.find(name: name).first
+
+        # Display error
+        unless cluster
+          error("Error! Could not find #{entity}: #{name}")
+          return false
+        end
+
+        c = update(cluster, opts)
+        show(c)
+      end
+
+      def self.show(cluster)
+        display_region_balancing(cluster)
+        display_constraints(cluster)
+      end
+
+      def self.update(cluster, opts)
+        # Deep duplicate
+        cluster_opts = Marshal.load(Marshal.dump((cluster.opts || {})))
+
+        # Clear all constraints
+        if opts.clear_constraints
+          cluster_opts.delete('constraints')
+        end
+
+        # Clear region balancing policies
+        if opts.clear_region_balancing
+          cluster_opts.delete('region_balancing')
+        end
+
+        # Add list of constraints
+        if opts.constraints.present?
+          cluster_opts['constraints'] ||= {}
+
+          # Transform compute.server_type=foo
+          # into
+          # { 'compute' => { 'server_type' => 'foo' } }
+          Array(opts.constraints).each do |constraint|
+            key,val = constraint.split('=')
+            server_type,rule = key.split('.')
+            cluster_opts['constraints'][server_type] ||= {}
+            cluster_opts['constraints'][server_type][rule] = val
+          end
+        end
+
+        # Add list of constraints
+        if opts.region_balancing.present?
+          cluster_opts['region_balancing'] = opts.region_balancing
+        end
+
+        # Update policies
+        cluster.update_attributes({ opts: cluster_opts }) if cluster.opts != cluster_opts
+        cluster
+      end
+
+      def self.display_region_balancing(cluster)
+        policies = cluster.opts.dig('region_balancing')
+        default_region = cluster.preferred_region
+
+        table = Terminal::Table.new title: REGION_BALANCING_TITLE, headings: REGION_BALANCING_HEADERS do |t|
+          if policies.blank?
+            t.add_row(["#{default_region} (default)", "All containers will be deployed in #{default_region} (preferred_region)"])
+          elsif policies == 'all'
+            t.add_row(['All regions', 'Containers will be spread evenly across all available regions'])
+          else
+            policies.split(',').each do |policy|
+              region,multiplier = policy.split('=')
+              t.add_row([region, "Containers will be deployed in #{region} with a ratio #{multiplier}:1"])
+            end
+          end
+        end
+        puts table
+        puts "\n"
+      end
+
+      def self.display_constraints(cluster)
+        constraints = cluster.opts&.dig('constraints')
+
+        table = Terminal::Table.new title: CONSTRAINTS_TITLE, headings: CONSTRAINTS_HEADERS do |t|
+          if constraints.blank?
+            t.add_row(["None (default)", "None", "Containers will use all available servers in selected regions"])
+          else
+            constraints.each do |server_type,rules|
+              rules.each do |rule,val|
+                t.add_row([server_type, rule, val])
+              end
+            end
+          end
+        end
+
+        puts table
+        puts "\n"
+      end
+    end
+  end
+end