nvoi 0.1.5 → 0.1.7

data/lib/nvoi/external/database/mysql.rb

@@ -0,0 +1,84 @@
+# frozen_string_literal: true
+
+module Nvoi
+  module External
+    module Database
+      # MySQL provider using mysqldump/mysql via kubectl exec
+      class Mysql < Provider
+        def default_port
+          "3306"
+        end
+
+        def parse_url(url)
+          parse_standard_url(url, default_port)
+        end
+
+        def build_url(creds, host: nil)
+          h = host || creds.host
+          "mysql://#{creds.user}:#{creds.password}@#{h}:#{creds.port}/#{creds.database}"
+        end
+
+        def container_env(creds)
+          {
+            "MYSQL_USER" => creds.user,
+            "MYSQL_PASSWORD" => creds.password,
+            "MYSQL_DATABASE" => creds.database,
+            "MYSQL_ROOT_PASSWORD" => creds.password
+          }
+        end
+
+        def app_env(creds, host:)
+          {
+            "DATABASE_URL" => build_url(creds, host:),
+            "MYSQL_HOST" => host,
+            "MYSQL_PORT" => creds.port,
+            "MYSQL_USER" => creds.user,
+            "MYSQL_PASSWORD" => creds.password,
+            "MYSQL_DATABASE" => creds.database
+          }
+        end
+
+        def dump(ssh, opts)
+          cmd = "kubectl exec -n default #{opts.pod_name} -- " \
+                "mysqldump -u #{opts.user} -p#{opts.password} #{opts.database} " \
+                "--single-transaction --routines --triggers"
+          ssh.execute(cmd)
+        rescue Errors::SshCommandError => e
+          raise Errors::DatabaseError.new("dump", "mysqldump failed: #{e.message}")
+        end
+
+        def restore(ssh, data, opts)
+          create_database(ssh, Objects::Database::CreateOptions.new(
+            pod_name: opts.pod_name,
+            database: opts.database,
+            user: opts.user,
+            password: opts.password
+          ))
+
+          temp_file = "/tmp/restore_#{opts.database}.sql"
+          write_cmd = "cat > #{temp_file} << 'SQLDUMP'\n#{data}\nSQLDUMP"
+          ssh.execute(write_cmd)
+
+          ssh.execute("kubectl cp #{temp_file} default/#{opts.pod_name}:#{temp_file}")
+
+          restore_cmd = "kubectl exec -n default #{opts.pod_name} -- " \
+                        "sh -c 'mysql -u #{opts.user} -p#{opts.password} #{opts.database} < #{temp_file}'"
+          ssh.execute(restore_cmd)
+
+          ssh.execute_ignore_errors("rm -f #{temp_file}")
+          ssh.execute_ignore_errors("kubectl exec -n default #{opts.pod_name} -- rm -f #{temp_file}")
+        rescue Errors::SshCommandError => e
+          raise Errors::DatabaseError.new("restore", "mysql restore failed: #{e.message}")
+        end
+
+        def create_database(ssh, opts)
+          cmd = "kubectl exec -n default #{opts.pod_name} -- " \
+                "mysql -u #{opts.user} -p#{opts.password} -e \"CREATE DATABASE #{opts.database}\""
+          ssh.execute(cmd)
+        rescue Errors::SshCommandError => e
+          raise Errors::DatabaseError.new("create_database", "failed to create database: #{e.message}")
+        end
+      end
+    end
+  end
+end

data/lib/nvoi/external/database/postgres.rb

@@ -0,0 +1,82 @@
+# frozen_string_literal: true
+
+module Nvoi
+  module External
+    module Database
+      # PostgreSQL provider using pg_dump/psql via kubectl exec
+      class Postgres < Provider
+        def default_port
+          "5432"
+        end
+
+        def parse_url(url)
+          parse_standard_url(url, default_port)
+        end
+
+        def build_url(creds, host: nil)
+          h = host || creds.host
+          "postgresql://#{creds.user}:#{creds.password}@#{h}:#{creds.port}/#{creds.database}"
+        end
+
+        def container_env(creds)
+          {
+            "POSTGRES_USER" => creds.user,
+            "POSTGRES_PASSWORD" => creds.password,
+            "POSTGRES_DB" => creds.database
+          }
+        end
+
+        def app_env(creds, host:)
+          {
+            "DATABASE_URL" => build_url(creds, host:),
+            "POSTGRES_HOST" => host,
+            "POSTGRES_PORT" => creds.port,
+            "POSTGRES_USER" => creds.user,
+            "POSTGRES_PASSWORD" => creds.password,
+            "POSTGRES_DB" => creds.database
+          }
+        end
+
+        def dump(ssh, opts)
+          cmd = "kubectl exec -n default #{opts.pod_name} -- " \
+                "pg_dump -U #{opts.user} -d #{opts.database} --no-owner --no-acl"
+          ssh.execute(cmd)
+        rescue Errors::SshCommandError => e
+          raise Errors::DatabaseError.new("dump", "pg_dump failed: #{e.message}")
+        end
+
+        def restore(ssh, data, opts)
+          create_database(ssh, Objects::Database::CreateOptions.new(
+            pod_name: opts.pod_name,
+            database: opts.database,
+            user: opts.user,
+            password: opts.password
+          ))
+
+          temp_file = "/tmp/restore_#{opts.database}.sql"
+          write_cmd = "cat > #{temp_file} << 'SQLDUMP'\n#{data}\nSQLDUMP"
+          ssh.execute(write_cmd)
+
+          ssh.execute("kubectl cp #{temp_file} default/#{opts.pod_name}:#{temp_file}")
+
+          restore_cmd = "kubectl exec -n default #{opts.pod_name} -- " \
+                        "psql -U #{opts.user} -d #{opts.database} -f #{temp_file}"
+          ssh.execute(restore_cmd)
+
+          ssh.execute_ignore_errors("rm -f #{temp_file}")
+          ssh.execute_ignore_errors("kubectl exec -n default #{opts.pod_name} -- rm -f #{temp_file}")
+        rescue Errors::SshCommandError => e
+          raise Errors::DatabaseError.new("restore", "psql restore failed: #{e.message}")
+        end
+
+        def create_database(ssh, opts)
+          cmd = "kubectl exec -n default #{opts.pod_name} -- " \
+                "psql -U #{opts.user} -c \"CREATE DATABASE #{opts.database}\""
+          ssh.execute(cmd)
+        rescue Errors::SshCommandError => e
+          raise Errors::DatabaseError.new("create_database", "failed to create database: #{e.message}")
+        end
+      end
+    end
+  end
+end

data/lib/nvoi/external/database/provider.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+module Nvoi
+  module External
+    module Database
+      # Base provider interface for database backup/restore operations
+      class Provider
+        def parse_url(url)
+          raise NotImplementedError
+        end
+
+        def build_url(creds, host: nil)
+          raise NotImplementedError
+        end
+
+        def container_env(creds)
+          raise NotImplementedError
+        end
+
+        def app_env(creds, host:)
+          raise NotImplementedError
+        end
+
+        def dump(ssh, opts)
+          raise NotImplementedError
+        end
+
+        def restore(ssh, data, opts)
+          raise NotImplementedError
+        end
+
+        def create_database(ssh, opts)
+          raise NotImplementedError
+        end
+
+        def extension
+          "sql"
+        end
+
+        def needs_container?
+          true
+        end
+
+        def default_port
+          raise NotImplementedError
+        end
+
+        protected
+
+          def parse_standard_url(url, default_port)
+            uri = URI.parse(url)
+            Objects::Database::Credentials.new(
+              user: uri.user,
+              password: uri.password,
+              host: uri.host,
+              port: (uri.port || default_port).to_s,
+              database: uri.path&.sub(%r{^/}, "")
+            )
+          rescue URI::InvalidURIError => e
+            raise Errors::DatabaseError.new("parse_url", "invalid URL format: #{e.message}")
+          end
+      end
+    end
+  end
+end

data/lib/nvoi/external/database/sqlite.rb

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+module Nvoi
+  module External
+    module Database
+      # SQLite provider using direct SSH file access on hostPath volume
+      class Sqlite < Provider
+        def default_port
+          nil
+        end
+
+        def needs_container?
+          false
+        end
+
+        def parse_url(url)
+          path = url.sub(%r{^sqlite3?:///?}, "")
+          Objects::Database::Credentials.new(
+            path:,
+            database: File.basename(path)
+          )
+        end
+
+        def build_url(creds, host: nil)
+          "sqlite://#{creds.path}"
+        end
+
+        def container_env(_creds)
+          {}
+        end
+
+        def app_env(creds, host: nil)
+          {
+            "DATABASE_URL" => build_url(creds)
+          }
+        end
+
+        def dump(ssh, opts)
+          db_path = opts.host_path
+          raise Errors::DatabaseError.new("dump", "host_path required for SQLite dump") unless db_path
+
+          ssh.execute("sqlite3 #{db_path} .dump")
+        rescue Errors::SshCommandError => e
+          raise Errors::DatabaseError.new("dump", "sqlite3 dump failed: #{e.message}")
+        end
+
+        def restore(ssh, data, opts)
+          db_path = opts.host_path
+          raise Errors::DatabaseError.new("restore", "host_path required for SQLite restore") unless db_path
+
+          dir = File.dirname(db_path)
+          new_db_path = "#{dir}/#{opts.database}.sqlite3"
+
+          temp_file = "/tmp/restore_#{opts.database}.sql"
+          write_cmd = "cat > #{temp_file} << 'SQLDUMP'\n#{data}\nSQLDUMP"
+          ssh.execute(write_cmd)
+
+          ssh.execute("sqlite3 #{new_db_path} < #{temp_file}")
+          ssh.execute_ignore_errors("rm -f #{temp_file}")
+
+          new_db_path
+        rescue Errors::SshCommandError => e
+          raise Errors::DatabaseError.new("restore", "sqlite3 restore failed: #{e.message}")
+        end
+
+        def create_database(_ssh, _opts)
+          # No-op for SQLite
+        end
+      end
+    end
+  end
+end

data/lib/nvoi/external/database.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Nvoi
+  module External
+    # Database module provides database backup/restore operations
+    module Database
+      # Factory method to create provider by adapter name
+      def self.provider_for(adapter)
+        case adapter&.downcase
+        when "postgres", "postgresql"
+          Postgres.new
+        when "mysql", "mysql2"
+          Mysql.new
+        when "sqlite", "sqlite3"
+          Sqlite.new
+        else
+          raise ArgumentError, "Unsupported database adapter: #{adapter}"
+        end
+      end
+    end
+  end
+end

data/lib/nvoi/external/dns/cloudflare.rb

@@ -0,0 +1,310 @@
+# frozen_string_literal: true
+
+require "faraday"
+require "base64"
+require "securerandom"
+
+module Nvoi
+  module External
+    module Dns
+      # Cloudflare handles Cloudflare API operations for DNS and tunnels
+      class Cloudflare
+        BASE_URL = "https://api.cloudflare.com/client/v4"
+
+        attr_reader :account_id
+
+        def initialize(token, account_id)
+          @token = token
+          @account_id = account_id
+          @conn = Faraday.new(url: BASE_URL) do |f|
+            f.request :json
+            f.response :json
+            f.adapter Faraday.default_adapter
+          end
+        end
+
+        # Tunnel operations
+
+        def create_tunnel(name)
+          url = "accounts/#{@account_id}/cfd_tunnel"
+          tunnel_secret = generate_tunnel_secret
+
+          response = post(url, {
+            name:,
+            tunnel_secret:,
+            config_src: "cloudflare"
+          })
+
+          result = response["result"]
+          Objects::Tunnel::Record.new(
+            id: result["id"],
+            name: result["name"],
+            token: result["token"]
+          )
+        end
+
+        def find_tunnel(name)
+          url = "accounts/#{@account_id}/cfd_tunnel"
+          response = get(url, { name:, is_deleted: false })
+
+          results = response["result"]
+          return nil if results.nil? || results.empty?
+
+          result = results[0]
+          Objects::Tunnel::Record.new(
+            id: result["id"],
+            name: result["name"],
+            token: result["token"]
+          )
+        end
+
+        def get_tunnel_token(tunnel_id)
+          url = "accounts/#{@account_id}/cfd_tunnel/#{tunnel_id}/token"
+          response = get(url)
+          response["result"]
+        end
+
+        def update_tunnel_configuration(tunnel_id, hostnames, service_url)
+          hostnames = Array(hostnames)
+          url = "accounts/#{@account_id}/cfd_tunnel/#{tunnel_id}/configurations"
+
+          ingress_rules = hostnames.map do |hostname|
+            {
+              hostname:,
+              service: service_url,
+              originRequest: { httpHostHeader: hostname.sub(/^\*\./, "") } # Use apex for wildcard
+            }
+          end
+          ingress_rules << { service: "http_status:404" }
+
+          config = { ingress: ingress_rules }
+          put(url, { config: })
+        end
+
+        def verify_tunnel_configuration(tunnel_id, expected_hostnames, expected_service, max_attempts)
+          expected_hostnames = Array(expected_hostnames)
+          url = "accounts/#{@account_id}/cfd_tunnel/#{tunnel_id}/configurations"
+
+          max_attempts.times do
+            begin
+              response = get(url)
+
+              if response["success"]
+                config = response.dig("result", "config")
+                ingress = config&.dig("ingress") || []
+                configured_hostnames = ingress.map { |r| r["hostname"] }.compact
+
+                if expected_hostnames.all? { |h| configured_hostnames.include?(h) }
+                  return true
+                end
+              end
+            rescue StandardError
+              # Continue retrying
+            end
+
+            sleep(2)
+          end
+
+          raise Errors::TunnelError, "tunnel configuration not propagated after #{max_attempts} attempts"
+        end
+
+        def delete_tunnel(tunnel_id)
+          # Clean up all connections first
+          connections_url = "accounts/#{@account_id}/cfd_tunnel/#{tunnel_id}/connections"
+          begin
+            delete(connections_url)
+          rescue StandardError
+            # Ignore connection cleanup errors
+          end
+
+          # Now delete the tunnel
+          url = "accounts/#{@account_id}/cfd_tunnel/#{tunnel_id}"
+          delete(url)
+        end
+
+        # DNS operations
+
+        def list_zones
+          url = "zones"
+          response = get(url)
+
+          results = response["result"] || []
+          results.map do |z|
+            { id: z["id"], name: z["name"], status: z["status"] }
+          end
+        end
+
+        def find_zone(domain)
+          url = "zones"
+          response = get(url)
+
+          results = response["result"]
+          return nil unless results
+
+          zone_data = results.find { |z| z["name"] == domain }
+          return nil unless zone_data
+
+          Objects::Dns::Zone.new(id: zone_data["id"], name: zone_data["name"])
+        end
+
+        def subdomain_available?(zone_id, subdomain, domain)
+          fqdn = subdomain.empty? ? domain : "#{subdomain}.#{domain}"
+          # Check for CNAME or A record
+          !find_dns_record(zone_id, fqdn, "CNAME") && !find_dns_record(zone_id, fqdn, "A")
+        end
+
+        def find_dns_record(zone_id, name, record_type)
+          url = "zones/#{zone_id}/dns_records"
+          response = get(url)
+
+          results = response["result"]
+          return nil unless results
+
+          record_data = results.find { |r| r["name"] == name && r["type"] == record_type }
+          return nil unless record_data
+
+          Objects::Dns::Record.new(
+            id: record_data["id"],
+            type: record_data["type"],
+            name: record_data["name"],
+            content: record_data["content"],
+            proxied: record_data["proxied"],
+            ttl: record_data["ttl"]
+          )
+        end
+
+        def create_dns_record(zone_id, name, record_type, content, proxied: true)
+          url = "zones/#{zone_id}/dns_records"
+
+          response = post(url, {
+            type: record_type,
+            name:,
+            content:,
+            proxied:,
+            ttl: 1
+          })
+
+          result = response["result"]
+          Objects::Dns::Record.new(
+            id: result["id"],
+            type: result["type"],
+            name: result["name"],
+            content: result["content"],
+            proxied: result["proxied"],
+            ttl: result["ttl"]
+          )
+        end
+
+        def update_dns_record(zone_id, record_id, name, record_type, content, proxied: true)
+          url = "zones/#{zone_id}/dns_records/#{record_id}"
+
+          response = patch(url, {
+            type: record_type,
+            name:,
+            content:,
+            proxied:,
+            ttl: 1
+          })
+
+          result = response["result"]
+          Objects::Dns::Record.new(
+            id: result["id"],
+            type: result["type"],
+            name: result["name"],
+            content: result["content"],
+            proxied: result["proxied"],
+            ttl: result["ttl"]
+          )
+        end
+
+        def create_or_update_dns_record(zone_id, name, record_type, content, proxied: true)
+          existing = find_dns_record(zone_id, name, record_type)
+
+          if existing
+            update_dns_record(zone_id, existing.id, name, record_type, content, proxied:)
+          else
+            create_dns_record(zone_id, name, record_type, content, proxied:)
+          end
+        end
+
+        def delete_dns_record(zone_id, record_id)
+          url = "zones/#{zone_id}/dns_records/#{record_id}"
+          delete(url)
+        end
+
+        # Validation
+
+        def validate_credentials
+          get("user/tokens/verify")
+          true
+        rescue Errors::CloudflareError => e
+          raise Errors::ValidationError, "cloudflare credentials invalid: #{e.message}"
+        end
+
+        private
+
+          def get(url, params = {})
+            response = @conn.get(url) do |req|
+              req.headers["Authorization"] = "Bearer #{@token}"
+              req.params = params unless params.empty?
+            end
+            handle_response(response)
+          end
+
+          def post(url, body)
+            response = @conn.post(url) do |req|
+              req.headers["Authorization"] = "Bearer #{@token}"
+              req.body = body
+            end
+            handle_response(response)
+          end
+
+          def put(url, body)
+            response = @conn.put(url) do |req|
+              req.headers["Authorization"] = "Bearer #{@token}"
+              req.body = body
+            end
+            handle_response(response)
+          end
+
+          def patch(url, body)
+            response = @conn.patch(url) do |req|
+              req.headers["Authorization"] = "Bearer #{@token}"
+              req.body = body
+            end
+            handle_response(response)
+          end
+
+          def delete(url)
+            response = @conn.delete(url) do |req|
+              req.headers["Authorization"] = "Bearer #{@token}"
+            end
+
+            # 404 is ok for idempotent delete
+            return { "success" => true } if response.status == 404
+
+            handle_response(response)
+          end
+
+          def handle_response(response)
+            body = response.body
+
+            unless body.is_a?(Hash)
+              raise Errors::CloudflareError, "unexpected response format"
+            end
+
+            unless body["success"]
+              errors = body["errors"]&.map { |e| e["message"] }&.join(", ") || "unknown error"
+              raise Errors::CloudflareError, "API error: #{errors}"
+            end
+
+            body
+          end
+
+          def generate_tunnel_secret
+            Base64.strict_encode64(SecureRandom.random_bytes(32))
+          end
+      end
+    end
+  end
+end

data/lib/nvoi/external/kubectl.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+module Nvoi
+  module External
+    # Kubectl handles kubernetes operations via kubectl on remote servers
+    class Kubectl
+      attr_reader :ssh
+
+      def initialize(ssh)
+        @ssh = ssh
+      end
+
+      def apply(manifest)
+        cmd = "cat <<'EOF' | kubectl apply -f -\n#{manifest}\nEOF"
+        @ssh.execute(cmd)
+      end
+
+      def delete(resource_type, name, namespace: "default")
+        @ssh.execute("kubectl delete #{resource_type} #{name} -n #{namespace} --ignore-not-found")
+      end
+
+      def get(resource_type, name, namespace: "default", jsonpath: nil)
+        cmd = "kubectl get #{resource_type} #{name} -n #{namespace}"
+        cmd += " -o jsonpath='#{jsonpath}'" if jsonpath
+        @ssh.execute(cmd)
+      end
+
+      def exec(pod_name, command, namespace: "default")
+        @ssh.execute("kubectl exec -n #{namespace} #{pod_name} -- #{command}")
+      end
+
+      def logs(pod_name, namespace: "default", tail: nil)
+        cmd = "kubectl logs #{pod_name} -n #{namespace}"
+        cmd += " --tail=#{tail}" if tail
+        @ssh.execute(cmd)
+      end
+
+      def rollout_status(resource_type, name, namespace: "default", timeout: 300)
+        @ssh.execute("kubectl rollout status #{resource_type}/#{name} -n #{namespace} --timeout=#{timeout}s")
+      end
+
+      def wait_for_deployment(name, namespace: "default", timeout: 300)
+        rollout_status("deployment", name, namespace:, timeout:)
+      end
+
+      def wait_for_statefulset(name, namespace: "default", timeout: 300)
+        rollout_status("statefulset", name, namespace:, timeout:)
+      end
+
+      def label_node(node_name, labels)
+        labels.each do |key, value|
+          @ssh.execute("kubectl label node #{node_name} #{key}=#{value} --overwrite")
+        end
+      end
+
+      def get_nodes
+        @ssh.execute("kubectl get nodes -o name")
+      end
+
+      def cp(local_path, pod_path, namespace: "default")
+        @ssh.execute("kubectl cp #{local_path} #{namespace}/#{pod_path}")
+      end
+    end
+  end
+end