rhc 1.27.4 → 1.28.5

data/lib/rhc/rest/mock.rb

@@ -271,6 +271,10 @@ module RHC::Rest::Mock
       stub_api_request(:get, 'broker/rest/cartridges', with_auth).to_return(simple_carts)
     end
 
+    def stub_simple_regions(empty=false, with_auth=mock_user_auth)
+      stub_api_request(:get, 'broker/rest/regions', with_auth).to_return(simple_regions(empty))
+    end
+
     def define_exceptional_test_on_wizard
       RHC::Wizard.module_eval <<-EOM
       private
@@ -322,6 +326,19 @@ module RHC::Rest::Mock
         }.to_json
       }
     end
+
+    def simple_regions(empty=false)
+      {
+        :body => {
+          :type => 'regions',
+          :data => empty ? [] : [
+            {:id => 'region0001', :default => false, :name => 'north', :description => 'Servers in the north of US', :zones => [{:name => 'west', :created_at => '2014-01-01T01:00:00Z', :updated_at => '2014-01-01T01:00:00Z'}, {:name => 'east', :created_at => '2014-01-01T01:00:00Z', :updated_at => '2014-01-01T01:00:00Z'}]},
+            {:id => 'region0002', :default => true, :name => 'south', :zones => [{:name => 'east', :created_at => '2014-01-01T01:00:00Z', :updated_at => '2014-01-01T01:00:00Z'}]},
+          ],
+        }.to_json
+      }
+    end
+
     def simple_user(login)
       {
         :body => {
@@ -435,6 +452,7 @@ module RHC::Rest::Mock
        ['LIST_DOMAINS',           "broker/rest/domains",    'GET'],
        ['ADD_DOMAIN',             "broker/rest/domains",    'POST', ({'optional_params' => [{'name' => 'allowed_gear_sizes'}]} if example_allows_gear_sizes?)].compact,
        ['LIST_CARTRIDGES',        "broker/rest/cartridges", 'GET'],
+       ['LIST_REGIONS',           "broker/rest/regions",    'GET'],
       ])
     end
 
@@ -636,6 +654,14 @@ module RHC::Rest::Mock
       raise RHC::Rest::ApplicationNotFoundException.new("Application #{name} does not exist")
     end
 
+    def find_application_gear_groups_endpoints(domain, name, options = {})
+      find_domain(domain).applications.each do |app|
+        return app.gear_groups if app.name.downcase == name.downcase
+      end
+
+      raise RHC::Rest::ApplicationNotFoundException.new("Application #{name} does not exist")
+    end
+
     def find_application_gear_groups(domain, name, options = {})
       find_domain(domain).applications.each do |app|
         return app.gear_groups if app.name.downcase == name.downcase
@@ -844,6 +870,7 @@ module RHC::Rest::Mock
       if scale
         @scalable = true
       end
+      @region = nil
       self.attributes = {:links => mock_response_links(mock_app_links('mock_domain_0', 'mock_app_0')), :messages => []}
       self.gear_count = 5
       types = Array(type)
@@ -995,6 +1022,10 @@ module RHC::Rest::Mock
       @keep_deployments
     end
 
+    def region
+      @region
+    end
+
     def deployments
       base_time1 = Time.local(2000,1,1,1,0,0).strftime('%Y-%m-%dT%H:%M:%S%z')
       base_time2 = Time.local(2000,1,1,2,0,0).strftime('%Y-%m-%dT%H:%M:%S%z')

data/lib/rhc/rest/region.rb

@@ -0,0 +1,25 @@
+module RHC::Rest
+  class Region < Base
+    define_attr :id, :name, :description, :default
+
+    def default?
+      !!default
+    end
+
+    def uuid
+      client.api_version_negotiated >= 1.6 ? attributes['id'] : attributes['uuid']
+    end
+
+    def zones
+      @zones ||= attributes['zones'].map{|z| z['name']}.sort
+    end
+
+    def <=>(other)
+      return self.name <=> other.name
+    end
+
+    def to_s
+      self.name
+    end
+  end
+end

data/lib/rhc/servers.rb

@@ -8,7 +8,7 @@ module RHC
     include RHC::ServerHelpers
     attr_accessor :hostname, :nickname, :login 
     attr_accessor :use_authorization_tokens, :insecure, :timeout
-    attr_accessor :ssl_version, :ssl_client_cert_file, :ssl_ca_file
+    attr_accessor :ssl_version, :ssl_client_cert_file, :ssl_client_key_file, :ssl_ca_file
     attr_accessor :default
 
     def self.from_yaml_hash(hash)
@@ -23,8 +23,9 @@ module RHC
       @use_authorization_tokens = RHC::Helpers.to_boolean(args[:use_authorization_tokens], true)
       @insecure = RHC::Helpers.to_boolean(args[:insecure], true)
       @timeout = Integer(args[:timeout]) if args[:timeout].present?
-      @ssl_version = args[:ssl_version]
+      @ssl_version = RHC::Helpers.parse_ssl_version(args[:ssl_version])
       @ssl_client_cert_file = args[:ssl_client_cert_file]
+      @ssl_client_key_file = args[:ssl_client_key_file]
       @ssl_ca_file = args[:ssl_ca_file]
       @default = args[:default]
     end
@@ -42,7 +43,7 @@ module RHC
         instance_variables.each do |k| 
           h[k.to_s.delete('@')] = instance_variable_get(k)
         end
-      end.reject{|k, v| v.nil? || k == 'default'}.inject({}){|h, (k, v)| h[k] = v.is_a?(String) ? v.to_s : v; h }
+      end.reject{|k, v| v.nil? || k == 'default'}.inject({}){|h, (k, v)| h[k] = v.is_a?(String) || v.is_a?(Symbol) ? v.to_s : v; h }
     end
 
     def to_config
@@ -152,6 +153,7 @@ module RHC
           :timeout                  => o[:timeout],
           :ssl_version              => o[:ssl_version],
           :ssl_client_cert_file     => o[:ssl_client_cert_file],
+          :ssl_client_key_file      => o[:ssl_client_key_file],
           :ssl_ca_file              => o[:ssl_ca_file])
         list.each{|server| server.default = server.hostname == o[:server]}
       end
@@ -189,4 +191,4 @@ module RHC
         s.present? && s.hostname != hostname ? nil : suggestion
       end
   end
-end
+end

data/lib/rhc/wizard.rb

@@ -97,7 +97,13 @@ module RHC
     end
 
     def core_auth
-      @core_auth ||= RHC::Auth::Basic.new(options)
+      @core_auth ||= begin
+          if options.ssl_client_cert_file && options.ssl_client_key_file
+            RHC::Auth::X509.new(options)
+          else
+            RHC::Auth::Basic.new(options)
+          end
+        end
     end
 
     def token_auth
@@ -144,6 +150,10 @@ module RHC
       ssh_keys.present? && ssh_keys.any? { |k| k.fingerprint.present? && k.fingerprint == fingerprint_for_default_key }
     end
 
+    def non_ssh_key_uploaded?
+      ssh_keys.present? && !ssh_keys.all?(&:is_ssh?)
+    end
+
     def existing_keys_info
       return unless ssh_keys
       indent{ ssh_keys.each{ |key| paragraph{ display_key(key) } } }
@@ -221,10 +231,12 @@ module RHC
       self.user = rest_client.user
       options.rhlogin = self.user.login unless username
 
-      if rest_client.supports_sessions? && !options.token && options.create_token != false
+      if options.create_token == false
+        say "Skipping token generation..."
+      elsif rest_client.supports_sessions? && !options.token
         paragraph do
           info "OpenShift can create and store a token on disk which allows to you to access the server without using your password. The key is stored in your home directory and should be kept secret.  You can delete the key at any time by running 'rhc logout'."
-          if options.create_token or agree "Generate a token now? (yes|no) "
+          if agree "Generate a token now? (yes|no) "
             say "Generating an authorization token for this client ... "
             token = rest_client.new_session
             options.token = token.token
@@ -303,7 +315,7 @@ module RHC
     end
 
     def upload_ssh_key_stage
-      return true if ssh_key_uploaded?
+      return true if ssh_key_uploaded? || non_ssh_key_uploaded?
 
       upload = paragraph do
         agree "Your public SSH key must be uploaded to the OpenShift server to access code.  Upload now? (yes|no) "
@@ -530,7 +542,7 @@ module RHC
 
     # test connectivity an app
     def test_ssh_connectivity
-      return true unless ssh_key_uploaded?
+      return true unless ssh_key_uploaded? || non_ssh_key_uploaded?
 
       applications.take(1).each do |app|
         begin

data/spec/rhc/auth_spec.rb

@@ -16,6 +16,8 @@ describe RHC::Auth::Basic do
   its(:options){ should_not be_nil }
   its(:can_authenticate?){ should be_false }
   its(:openshift_server){ should == 'openshift.redhat.com' }
+  its( :expired_token_message) { should == "Your authorization token has expired. Please sign in now to continue on #{subject.openshift_server}." }
+  its( :get_token_message) { should == "Please sign in to start a new session to #{subject.openshift_server}." }
 
   def resolved(hash)
     hash.each_pair do |k,v|
@@ -221,6 +223,68 @@ describe RHC::Auth::Basic do
   end
 end
 
+describe RHC::Auth::X509 do
+  subject{ described_class.new(options) }
+
+  let(:default_options){ {} }
+  let(:options){ (o = Commander::Command::Options.new).default(default_options); o }
+  let(:a_cert){ OpenSSL::X509::Certificate.new }
+  let(:a_key){ OpenSSL::PKey::RSA.new }
+  its(:options){ should_not be_nil }
+  its(:can_authenticate?){ should be_true }
+  its(:openshift_server){ should == 'openshift.redhat.com' }
+  its(:expired_token_message) { should == "Your authorization token has expired.  Fetching a new token from #{subject.openshift_server}."}
+  its(:get_token_message) { should == "Fetching a new token from #{subject.openshift_server}." }
+
+  describe "#retry_auth?" do
+    context "should return true if the response was 401" do
+      let(:response){ double(:status => 401) }
+      let(:client){ double }
+      it { subject.retry_auth?(response, client).should == true }
+    end
+
+    context "should return false if the response was 403" do
+      let(:response){ double }
+      let(:client){ double }
+      let(:response){ double(:status => 403) }
+      it { subject.retry_auth?(response, client).should == false }
+    end
+  end
+
+  describe "#to_request" do
+    let(:request){ {} }
+    let(:auth_hash){ {:client_cert => a_cert, :client_key => a_key} }
+
+    context "when a certificate exists" do
+      it "should use x509 auth" do
+        OpenSSL::X509::Certificate.should_receive(:new).exactly(1).times.and_return(a_cert)
+        OpenSSL::PKey::RSA.should_receive(:new).exactly(1).times.and_return(a_key)
+        subject.to_request(request).should == auth_hash
+      end
+    end
+
+    context "when a certificate can't be loaded" do
+      it "should send a debug message and raise an error" do
+        options.should_receive(:ssl_client_cert_file).and_return("a bogus path")
+        subject.should_receive(:debug)
+        expect do
+          subject.to_request(request)
+        end.to raise_error
+      end
+    end
+
+    context "when a key can't be loaded" do
+      it "should send a debug message and raise an error" do
+        options.should_receive(:ssl_client_key_file).and_return("a bogus path")
+        subject.should_receive(:debug)
+        expect do
+          subject.to_request(request)
+        end.to raise_error
+      end
+    end
+  end
+end
+
 describe RHC::Auth::Token do
   subject{ described_class.new(options) }
 
@@ -317,7 +381,7 @@ describe RHC::Auth::Token do
     context "when token is not provided" do
       subject{ described_class.new(nil) }
 
-      it("should pass not bearer token to the server"){ subject.to_request(request).should == {} }
+      it("should submit an empty bearer token to the server to trigger the 401 retry flow for OpenShift Enterprise"){ subject.to_request(request).should == {:headers => {'authorization' => "Bearer "}} }
     end
 
     context "when a parent auth class is passed" do
@@ -383,23 +447,28 @@ describe RHC::Auth::Token do
             before{ client.should_receive(:new_session).with(:auth => auth).and_return(auth_token) }
 
             it("should print a message") do 
-              subject.should_receive(:info).with("Please sign in to start a new session to #{subject.openshift_server}.")
+              subject.should_receive(:info).with("get token message")
               auth.should_receive(:retry_auth?).with(response, client).and_return true
+              auth.should_receive(:get_token_message).and_return("get token message")
               subject.retry_auth?(response, client).should be_true
             end
 
             context "with a token" do
               let(:default_options){ {:use_authorization_tokens => true, :token => 'foo'} }
               it("should invoke raise an error on retry because sessions are not supported") do
-                subject.should_receive(:warn).with("Your authorization token has expired. Please sign in now to continue on #{subject.openshift_server}.")
+                subject.should_receive(:warn).with("expired token message")
                 auth.should_receive(:retry_auth?).with(response, client).and_return true
+                auth.should_receive(:expired_token_message).and_return("expired token message")
                 subject.retry_auth?(response, client).should be_true
                 #expect{ subject.retry_auth?(response, client) }.to raise_error RHC::Rest::AuthorizationsNotSupported
               end
             end
 
             context "when the token request fails" do
-              before{ subject.should_receive(:info).with("Please sign in to start a new session to #{subject.openshift_server}.") }
+              before do
+                subject.should_receive(:info).with("get token message")
+                auth.should_receive(:get_token_message).and_return("get token message")
+              end
               it("should invoke retry on the parent") do
                 auth.should_receive(:retry_auth?).with(response, client).and_return false
                 subject.retry_auth?(response, client).should be_false
@@ -408,7 +477,10 @@ describe RHC::Auth::Token do
 
             context "when the token request succeeds" do
               let(:auth_token){ double('auth_token', :token => 'bar') }
-              before{ subject.should_receive(:info).with("Please sign in to start a new session to #{subject.openshift_server}.") }
+              before do
+                subject.should_receive(:info).with("get token message")
+                auth.should_receive(:get_token_message).and_return("get token message")
+              end
               it("should save the token and return true") do
                 subject.should_receive(:save).with(auth_token.token).and_return true
                 subject.retry_auth?(response, client).should be_true

data/spec/rhc/command_spec.rb

@@ -325,12 +325,15 @@ describe RHC::Commands::Base do
 
   describe "rest_client" do
     let(:instance){ subject }
+    let(:options){ subject.send(:options) }
     before{ RHC::Rest::Client.any_instance.stub(:api_version_negotiated).and_return(1.4) }
 
     context "when initializing the object" do
       let(:auth){ double('auth') }
       let(:basic_auth){ double('basic_auth') }
-      before{ RHC::Auth::Basic.should_receive(:new).at_least(1).times.with{ |arg| arg.should == instance.send(:options) }.and_return(basic_auth) }
+      let(:x509_auth){ double('x509_auth') }
+      before{ RHC::Auth::Basic.stub(:new).with{ |arg| arg.should == instance.send(:options) }.and_return(basic_auth) }
+      before{ RHC::Auth::X509.stub(:new).with{ |arg| arg.should == instance.send(:options) }.and_return(x509_auth) }
       before{ RHC::Auth::Token.stub(:new).with{ |arg, arg2, arg3| [arg, arg2, arg3].should == [instance.send(:options), basic_auth, instance.send(:token_store)] }.and_return(auth) }
 
       context "with no options" do
@@ -338,6 +341,15 @@ describe RHC::Commands::Base do
         it("should create only a basic auth object"){ subject.send(:rest_client) }
       end
 
+      context "with x509" do
+        before do
+          options.should_receive(:ssl_client_cert_file).and_return("a cert")
+          options.should_receive(:ssl_client_key_file).and_return("a key")
+          subject.should_receive(:client_from_options).with(:auth => x509_auth)
+        end
+        it("should create an x509 auth object"){ subject.send(:rest_client) }
+      end
+
       context "with use_authorization_tokens" do
         before{ subject.send(:options).use_authorization_tokens = true }
         before{ subject.should_receive(:client_from_options).with(:auth => auth) }
@@ -413,7 +425,7 @@ describe RHC::Commands::Base do
         let(:auth_token){ double(:token => 'a_token') }
         let(:arguments){ ['test', '-l', username, '--server', mock_uri] }
         before{ instance.send(:token_store).should_receive(:get).with{ |user, server| user.should == username; server.should == instance.send(:openshift_server) }.and_return(nil) }
-        before{ stub_api(false, true); stub_api_request(:get, 'broker/rest/user', false).to_return{ |request| request.headers['Authorization'] =~ /Bearer/ ? simple_user(username) : {:status => 401} } }
+        before{ stub_api(false, true); stub_api_request(:get, 'broker/rest/user', false).to_return{ |request| request.headers['Authorization'] =~ /Bearer\s\w+/ ? simple_user(username) : {:status => 401} } }
         it("should attempt to create a new token") do
           rest_client.should_receive(:new_session).ordered.and_return(auth_token)
           rest_client.user

data/spec/rhc/commands/app_spec.rb

@@ -164,6 +164,7 @@ describe RHC::Commands::App do
       before{ RHC::Config.any_instance.stub(:has_local_config?).and_return(false) }
       before{ described_class.any_instance.stub(:interactive?).and_return(true) }
       before{ rest_client.domains.clear }
+      before{ rest_client.sshkeys.delete_if {|k| !k.is_ssh? } }
       let(:arguments) { ['app', 'create', 'app1', 'mock_standalone_cart-1'] }
       # skips login stage and insecure check because of mock rest client, doesn't check keys
       it { run_output(['mydomain', 'y', 'mykey']).should match(/This wizard.*Checking for a domain.*You will not be able to create an application without completing this step.*Your domain 'mydomain' has been successfully created.*Creating application.*Your public SSH key.*Uploading key 'mykey'.*Your application 'app1' is now available.*Cloned to/m) }
@@ -730,16 +731,28 @@ describe RHC::Commands::App do
   end
 
   describe 'app show --gears' do
-    let(:arguments) { ['app', 'show', 'app1', '--gears'] }
+    let(:arguments) { ['app', 'show', 'app1', '--gears', '--raw'] }
 
     context 'when run' do
       before do
         @domain = rest_client.add_domain("mockdomain")
         @domain.add_application("app1", "mock_type")
       end
+      it { run_output.should match(/ID\s+State\s+Cartridges\s+Size\s+SSH URL/) }
       it { run_output.should match("fakegearid0 started mock_type  small fakegearid0@fakesshurl.com") }
       it { expect{ run }.to exit_with_code(0) }
     end
+
+    context 'with regions and zones' do
+      before do
+        @domain = rest_client.add_domain("mockdomain")
+        @app = @domain.add_application("app1", "mock_type")
+        @app.gears.each{|g| g['region'] = 'south'; g['zone'] = 'west'}
+      end
+      it { run_output.should match(/ID\s+State\s+Cartridges\s+Size\s+Region\s+Zone\s+SSH URL/) }
+      it { run_output.should match(/fakegearid0\s+started\s+mock_type\s+small\s+south\s+west\s+fakegearid0@fakesshurl.com/) }
+      it { expect{ run }.to exit_with_code(0) }
+    end
   end
 
   describe 'app show --gears quota' do

data/spec/rhc/commands/env_spec.rb

@@ -246,7 +246,7 @@ describe RHC::Commands::Env do
         let(:arguments) { args }
         it { succeed_with_message /TEST_ENV_VAR/ }
         it { succeed_with_message /Removing environment variable\(s\) \.\.\./ }
-        it { succeed_with_message /removed/ }
+        it { succeed_with_message /done/ }
       end
     end
 
@@ -259,7 +259,7 @@ describe RHC::Commands::Env do
         it { succeed_with_message /TEST_ENV_VAR2/ }
         it { succeed_with_message /TEST_ENV_VAR3/ }
         it { succeed_with_message /Removing environment variable\(s\) \.\.\./ }
-        it { succeed_with_message /removed/ }
+        it { succeed_with_message /done/ }
       end
     end
 

data/spec/rhc/commands/member_spec.rb

@@ -71,6 +71,13 @@ describe RHC::Commands::Member do
       it("should include the login value") { run_output.should =~ /alice.*Bob.*carol.*doug@doug\.com/m }
     end
 
+    context 'without membership support' do
+      let(:arguments) { ['domain', 'show', 'mock-domain-0'] }
+      before{ with_mock_domain }
+      let(:supports_members){ false }
+      it { expect { run }.to exit_with_code(0) }
+      it { run_output.should_not =~ /owned by/ }
+    end
   end
 
   describe 'list-member' do

data/spec/rhc/commands/region_spec.rb

@@ -0,0 +1,50 @@
+require 'spec_helper'
+require 'rest_spec_helper'
+require 'rhc/commands/region'
+require 'rhc/config'
+
+describe RHC::Commands::Region do
+  before{ user_config }
+
+  describe 'region list' do
+    let(:arguments){ ['region', 'list'] }
+    let(:username){ nil }
+    let(:password){ nil }
+    let(:server){ mock_uri }
+    let(:user_auth){ false }
+
+    context 'with server regions' do
+      before do 
+        stub_api 
+        stub_simple_regions
+      end
+
+      it{ run_output.should match /Server test\.domain\.com$/ }
+      it{ run_output.should match /Region 'north' \(uuid: region0001\)$/ }
+      it{ run_output.should match /Description:\s+Servers in the north of US$/ }
+      it{ run_output.should match /Available Zones:\s+east, west$/ }
+      it{ run_output.should match /Region 'south' \(uuid: region0002\) \(default\)/ }
+      it{ run_output.should match /Available Zones: east$/ }
+      it{ expect{ run }.to exit_with_code(0) }
+    end
+
+    context 'without server regions' do
+      before do 
+        stub_api 
+        stub_simple_regions(true)
+      end
+
+      it{ run_output.should_not match /Available Zones$/ }
+      it{ run_output.should match /Server doesn't have any regions or zones configured/ }
+      it{ expect{ run }.to exit_with_code(169) }
+    end
+
+    context 'regions not supported on server' do
+      let!(:rest_client){ MockRestClient.new }
+      it{ run_output.should_not match /Available Zones$/ }
+      it{ run_output.should match /Server does not support regions and zones/ }
+      it{ expect{ run }.to exit_with_code(168) }
+    end
+  end
+
+end