seira 0.7.4 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 57d3df41212e06d4182e97edc51ff948019596f2063696fee21327f6d79e7820
-  data.tar.gz: a1530d5bfd8142524600d9e73e6346668a32ab9aef4326366e0d173be4850f94
+  metadata.gz: 72e2d8ac0c72c8e4c7689f6997b7c460011cbceaf921a5935196c2c354e57ac7
+  data.tar.gz: de987469fe8decf1a4a8ac4206857c6dd5a871547a4ee8875717fa4167cdc7ec
 SHA512:
-  metadata.gz: c2c2e1d7e7f52832046653fcca340d1cb30addecbb2325979b02a822d0a38757344216dc8cbc363fc8f02ec01905d57fecbe713e467c2fa59c40184b0783e392
-  data.tar.gz: 7a6cd149ff5338938ece13e6ff2c157c2e0145bf08f4af1974150f259765fc8fd2c5243f4780223799d02f2326626c0547a7062f63560afd942195dec8565003
+  metadata.gz: 36b4e0d1dde0dad8b7d9ae57306726516739184f90aeb0cb85657fc8b2b5b7ea93c08937ea8e2679be6c9ebccf0500b81f7e83e2764d6f6cdba06881e9f2b931
+  data.tar.gz: 032fa962c1631a249bd1a1b6a9e113e16b4f4198de3957afe60a8777441c695eada40cbc910d7734ce8d53d0e229623a5914a05f46d8f5554bafa1f7976f63e3

data/.github/workflows/ruby.yml

@@ -0,0 +1,24 @@
+name: Ruby
+
+on: push
+
+jobs:
+  test:
+
+    runs-on: ubuntu-20.04
+
+    strategy:
+      matrix:
+        ruby-version: ['2.6.3', '2.7.2']
+
+    steps:
+      # Pin to this commit: v2
+      - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+      - name: Set up Ruby
+        # Pin to this commit, v1.82.0
+        uses: ruby/setup-ruby@5e4f0a10bfc39c97cd5358121291e27e5d97e09b
+        with:
+          ruby-version: ${{ matrix.ruby-version }}
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+      - name: Run tests
+        run: bundle exec rake

data/README.md

@@ -1,7 +1,7 @@
 # Seira
 
 [![Gem Version](https://badge.fury.io/rb/seira.svg)](https://badge.fury.io/rb/seira)
-[![Build Status](https://travis-ci.org/joinhandshake/seira.svg?branch=master)](https://travis-ci.org/joinhandshake/seira)
+[![Build Status](https://github.com/joinhandshake/seira/actions/workflows/ruby.yml/badge.svg)](https://github.com/joinhandshake/seira/actions)
 
 An opinionated library for building applications on Kubernetes.
 
@@ -165,7 +165,7 @@ Pods can be listed and also exec'd into.
 
 `seira staging app-name pods list`
 
-`seira staging app-name pods run`
+`seira staging app-name pods connect --pod=<POD-NAME>`
 
 ## Development
 

data/lib/seira/cluster.rb

@@ -41,8 +41,26 @@ module Seira
       cluster_metadata = settings.clusters[target_cluster]
 
       puts("Switching to gcloud config of '#{target_cluster}' and kubernetes cluster of '#{cluster_metadata['cluster']}'") if verbose
-      exit(1) unless system("gcloud config configurations activate #{target_cluster}")
-      exit(1) unless system("kubectl config use-context #{cluster_metadata['cluster']}")
+      unless system("gcloud config configurations activate #{target_cluster}")
+        puts("Try running `seira setup #{target_cluster}` if you have not yet configured this cluster.")
+        exit(1)
+      end
+
+      if settings.use_teleport?(target_cluster)
+        teleport_status = Seira::Teleport::Status.new
+
+        unless teleport_status.is_valid?
+          if teleport_status.active_cluster == settings.teleport_cluster(target_cluster)
+            exit(1) unless system("tsh login")
+          else
+            exit(1) unless system("tsh login --proxy=#{settings.teleport_cluster(target_cluster)}:443 --auth=#{settings.teleport_auth(target_cluster)}")
+          end
+        end
+
+        exit(1) unless system("tsh kube login #{settings.teleport_kubernetes_cluster(target_cluster)}")
+      else
+        exit(1) unless system("kubectl config use-context #{cluster_metadata['cluster']}")
+      end
 
       # If we haven't exited by now, it was successful
       true

data/lib/seira/commands/teleport.rb

@@ -0,0 +1,28 @@
+module Seira
+  module Commands
+    class Teleport
+      attr_reader :context, :command
+
+      def initialize(command, context: nil)
+        @command = command
+        @context = context
+      end
+
+      def invoke(clean_output: false, return_output: false)
+        puts "Calling: #{calculated_command.green}" unless clean_output
+
+        if return_output
+          `#{calculated_command}`
+        else
+          system(calculated_command)
+        end
+      end
+
+      private
+
+      def calculated_command
+        @calculated_command ||= "tsh #{command}"
+      end
+    end
+  end
+end

data/lib/seira/commands.rb

@@ -1,5 +1,6 @@
 require 'seira/commands/kubectl'
 require 'seira/commands/gcloud'
+require 'seira/commands/teleport'
 
 module Seira
   module Commands
@@ -18,5 +19,13 @@ module Seira
     def self.gcloud(command, context:, clean_output: false, format: :boolean)
       Gcloud.new(command, context: context, clean_output: clean_output, format: format).invoke
     end
+
+    def tsh(command, context:, clean_output: false, return_output: false)
+      Seira::Commands.tsh(command, context: context, clean_output: clean_output, return_output: return_output)
+    end
+
+    def self.tsh(command, context:, clean_output: false, return_output: false)
+      Teleport.new(command, context: context).invoke(clean_output: clean_output, return_output: return_output)
+    end
   end
 end

data/lib/seira/jobs.rb

@@ -57,7 +57,19 @@ module Seira
     def run_help
       puts SUMMARY
       puts "\n\n"
-      puts "TODO"
+      puts <<~HELPTEXT
+        help:      Display the help page.
+        list:      List the currently running jobs in the given application namespace.
+        delete:    Delete a stuck migration job via Kubernetes job 'seira cluster app delete job-name'.
+        run:       Execute a given command to issue a schema migration.
+
+        options:
+          --template-file: Provide a job template file to use. (--template-file=template.yaml.erb)
+          --async:         Wait for the job to finish before exiting.
+          --no_delete:     Do not delete the Kubernetes job after it is finished.
+          --size:          Use a predetermined resource sizing template for this job. (Default size: 1)
+
+      HELPTEXT
     end
 
     def run_list
@@ -75,6 +87,7 @@ module Seira
       async = false # Wait for job to finish before continuing.
       no_delete = false # Delete at end
       resource_hash = RESOURCE_SIZES['1']
+      template_file = "template.yaml"
 
       # Loop through args and process any that aren't just the command to run
       loop do
@@ -94,6 +107,8 @@ module Seira
         elsif arg.start_with?('--size=')
           size = arg.split('=')[1]
           resource_hash = RESOURCE_SIZES[size]
+        elsif arg.start_with?('--template-file=')
+          template_file = arg.split('=')[1]
         else
           puts "Warning: Unrecognized argument #{arg}"
         end
@@ -113,7 +128,7 @@ module Seira
 
       source = "kubernetes/#{context[:cluster]}/#{app}" # TODO: Move to method in app.rb
       Dir.mktmpdir do |destination|
-        file_name = discover_job_template_file_name(source)
+        file_name = discover_job_template_file_name(source, template_file)
 
         FileUtils.mkdir_p destination # Create the nested directory
         FileUtils.copy_file "#{source}/jobs/#{file_name}", "#{destination}/#{file_name}"
@@ -174,11 +189,11 @@ module Seira
       end
     end
 
-    def discover_job_template_file_name(source)
-      if File.exist?("#{source}/jobs/template.yaml.erb")
-        "template.yaml.erb"
+    def discover_job_template_file_name(source, template_file)
+      if File.exist?("#{source}/jobs/#{template_file}.erb")
+        "#{template_file}.erb"
       else
-        "template.yaml"
+        template_file
       end
     end
   end

data/lib/seira/pods.rb

@@ -31,8 +31,6 @@ module Seira
         run_top
       when 'connect'
         run_connect
-      when 'run'
-        run_run
       else
         fail "Unknown command encountered"
       end
@@ -43,7 +41,12 @@ module Seira
     def run_help
       puts SUMMARY
       puts "\n\n"
-      puts "TODO"
+      puts "Possible actions:\n\n"
+      puts "list: List all the pods (output mode wide)."
+      puts "delete: Delete the pod (positional arg)."
+      puts "logs: Log the output of the pod (provided via positional arg)."
+      puts "top: Print the current resource usage for the specified pod (optional positional arg) or all the pods (default) in the context's namespace."
+      puts "connect: Connect to, or run a command on (--command=), a running pod (positional arg or --pod=), or create a new dedicated pod (--dedicated). Can override tier (--tier=)"
     end
 
     def run_list
@@ -55,7 +58,7 @@ module Seira
     end
 
     def run_logs
-      kubectl("logs #{pod_name} -c #{app}")
+      kubectl("logs #{pod_name} -c #{app}", context: context)
     end
 
     def run_top
@@ -64,7 +67,7 @@ module Seira
 
     def run_connect
       tier = nil
-      pod_name = nil
+      pod_name = pod_name
       dedicated = false
       command = 'sh'
 

data/lib/seira/random.rb

@@ -70,7 +70,6 @@ module Seira
         bombay
         bongo
         bonobo
-        booby
         budgerigar
         buffalo
         bulldog
@@ -120,7 +119,6 @@ module Seira
         dachshund
         dalmatian
         deer
-        dhole
         dingo
         dinosaur
         discus
@@ -193,7 +191,6 @@ module Seira
         hippopotamus
         hornet
         horse
-        human
         hummingbird
         hyena
         ibis

data/lib/seira/settings.rb

@@ -68,6 +68,32 @@ module Seira
       settings['seira']['expected_environment_variable_during_deploys']
     end
 
+    def use_teleport?(cluster)
+      teleport_enabled = settings['seira']['clusters'][cluster].dig('teleport', 'enabled')
+
+      return false if teleport_enabled.nil?
+
+      teleport_enabled || ENV['SEIRA_TELEPORT_ENABLED'] == 'true'
+    end
+
+    def teleport_cluster(cluster)
+      settings['seira']['clusters'][cluster].dig('teleport', 'cluster')
+    end
+
+    def teleport_auth(cluster)
+      settings['seira']['clusters'][cluster].dig('teleport', 'auth')
+    end
+
+    def teleport_kubernetes_cluster(cluster)
+      settings['seira']['clusters'][cluster].dig('teleport', 'kubernetes_cluster') || cluster
+    end
+
+    def teleport_role_requirements(cluster)
+      requirements = settings['seira']['clusters'][cluster].dig('teleport', 'role_requirements') || []
+
+      requirements.map { |r| Seira::Teleport::RoleRequirement.new(r) }
+    end
+
     private
 
     def parse_settings

data/lib/seira/setup.rb

@@ -121,6 +121,11 @@ module Seira
         puts "Installing kubectl..."
         system('gcloud components install kubectl')
       end
+
+      puts "Making sure tsh is installed..."
+      unless system('tsh version &> /dev/null')
+        puts "Go to https://goteleport.com/docs/installation/ to install tsh.".yellow
+      end
     end
 
     def run_status

data/lib/seira/teleport/request.rb

@@ -0,0 +1,31 @@
+module Seira
+  module Teleport
+    class Request
+      def initialize(role, reviewer: nil, context: nil)
+        @role = role
+        @reviewer = reviewer
+        @context = context
+      end
+
+      def invoke
+        command.invoke
+      end
+      
+      def cmd
+        cmd = "request create --roles '#{@role}'"
+        cmd += " --reason '#{reason}'"
+        cmd += " --reviewers #{@reviewer}" unless @reviewer.nil?
+        
+        cmd
+      end
+
+      def reason
+        "Running: seira #{@context[:cluster]} #{@context[:app]} #{@context[:category]} #{@context[:action]}"
+      end
+
+      def command
+        @command ||= Seira::Commands::Teleport.new(cmd, context: @context)
+      end
+    end
+  end
+end

data/lib/seira/teleport/role_requirements.rb

@@ -0,0 +1,41 @@
+module Seira
+  module Teleport
+    class RoleRequirement
+      include Comparable
+
+      attr_reader :commands, :category, :role
+
+      def initialize(requirement)
+        @requirement = requirement
+        @category = requirement['category']
+        @commands = requirement['commands']
+        @role = requirement['role']
+      end
+
+      def matches?(category, command)
+        @category == category && command_matches?(command)
+      end
+
+      def <=>(other)
+        raise ArgumentError, 'Cannot compare different categories' if category != other.category
+        
+        if commands.nil?
+          return -1
+        elsif other.commands.nil?
+          return 1
+        end
+
+        commands.length <=> other.commands.length
+      end
+
+      private
+
+      def command_matches?(command)
+        return false if command == 'help'
+        return true if @requirement['commands'].nil?
+
+        @requirement['commands'].include?(command)
+      end
+    end
+  end
+end

data/lib/seira/teleport/status.rb

@@ -0,0 +1,58 @@
+require 'json'
+require 'date'
+require 'seira/commands/teleport'
+
+module Seira
+  module Teleport
+    class Status
+      attr_reader :data
+
+      def initialize(data: nil)
+        @data = data
+        @data ||= get_status_json
+      end
+
+      def [](key)
+        data[key]
+      end
+
+      def active_cluster
+        data.dig('active', 'cluster')
+      end
+
+      def kubernetes_cluster
+        data.dig('active','kubernetes_cluster')
+      end
+
+      def roles
+        @roles ||= data.dig('active', 'roles')
+      end
+
+      def has_role?(role)
+        return false if roles.nil?
+
+        roles.include?(role)
+      end
+
+      def is_valid?
+        valid_until = data.dig('active', 'valid_until')
+        return false if valid_until.nil?
+        
+        DateTime.parse(data.dig('active', 'valid_until')) > DateTime.now
+      end
+
+      private
+
+      def get_status_json
+        cmd = Seira::Commands::Teleport.new('status -f json', context: :none)
+        
+        out = cmd.invoke(clean_output: true, return_output: true)
+        if out == ''
+          {}
+        else  
+          JSON.parse(cmd.invoke(clean_output: true, return_output: true))
+        end
+      end
+    end
+  end
+end

data/lib/seira/teleport.rb

@@ -0,0 +1,3 @@
+require 'seira/teleport/status'
+require 'seira/teleport/role_requirements'
+require 'seira/teleport/request'

data/lib/seira/version.rb

@@ -1,3 +1,3 @@
 module Seira
-  VERSION = "0.7.4".freeze
+  VERSION = "0.8.0".freeze
 end

data/lib/seira.rb

@@ -20,6 +20,7 @@ require 'seira/settings'
 require 'seira/setup'
 require 'seira/node_pools'
 require 'seira/util/resource_renderer'
+require 'seira/teleport'
 
 # A base runner class that does base checks and then delegates the actual
 # work for the command to a class in lib/seira folder.
@@ -118,6 +119,14 @@ module Seira
         exit(1)
       end
 
+      role_requirements = settings.teleport_role_requirements(cluster)
+      required_role = role_requirements.filter { |rr| rr.matches?(category, action) }.sort.first&.role
+      status = Seira::Teleport::Status.new
+
+      unless required_role.nil? || status.has_role?(required_role)
+        Seira::Teleport::Request.new(required_role, reviewer: ENV['TELEPORT_REVIEWER'], context: passed_context).invoke
+      end
+
       if category == 'cluster'
         perform_action_validation(klass: command_class, action: action)
         command_class.new(action: action, args: args, context: passed_context, settings: settings).run
@@ -142,6 +151,7 @@ module Seira
         region: settings.region_for_cluster(cluster),
         zone: settings.zone_for_cluster(cluster),
         app: app,
+        category: category,
         action: action,
         args: args
       }
@@ -159,6 +169,11 @@ module Seira
         exit(1)
       end
 
+      unless system("tsh version > /dev/null 2>&1")
+        puts "Teleport CLI not installed properly. Please install `tsh` before using seira.".red
+        exit(1)
+      end
+
       # The first arg must always be the cluster. This ensures commands are not run by
       # accident on the wrong kubernetes cluster or gcloud project.
       exit(1) unless Seira::Cluster.new(action: nil, args: nil, context: nil, settings: settings).switch(target_cluster: cluster, verbose: false)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: seira
 version: !ruby/object:Gem::Version
-  version: 0.7.4
+  version: 0.8.0
 platform: ruby
 authors:
 - Scott Ringwelski
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-02-19 00:00:00.000000000 Z
+date: 2023-08-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: highline
@@ -103,12 +103,12 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".default-rubocop.yml"
+- ".github/workflows/ruby.yml"
 - ".gitignore"
 - ".hound.yml"
 - ".rspec"
 - ".rubocop.yml"
 - ".ruby-version"
-- ".travis.yml"
 - Gemfile
 - LICENSE
 - README.md
@@ -123,6 +123,7 @@ files:
 - lib/seira/commands.rb
 - lib/seira/commands/gcloud.rb
 - lib/seira/commands/kubectl.rb
+- lib/seira/commands/teleport.rb
 - lib/seira/config.rb
 - lib/seira/db.rb
 - lib/seira/db/create.rb
@@ -135,6 +136,10 @@ files:
 - lib/seira/secrets.rb
 - lib/seira/settings.rb
 - lib/seira/setup.rb
+- lib/seira/teleport.rb
+- lib/seira/teleport/request.rb
+- lib/seira/teleport/role_requirements.rb
+- lib/seira/teleport/status.rb
 - lib/seira/util/resource_renderer.rb
 - lib/seira/version.rb
 - resources/adjectives.txt
@@ -143,7 +148,7 @@ homepage: https://github.com/joinhandshake/seira
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -159,7 +164,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.0.3
-signing_key: 
+signing_key:
 specification_version: 4
 summary: An opinionated library for building applications on Kubernetes.
 test_files: []

data/.travis.yml

@@ -1,7 +0,0 @@
-sudo: false
-language: ruby
-notifications:
-  email: false
-rvm:
-  - 2.5.3
-before_install: gem install bundler