RubyGems - seira - Versions diffs - 0.7.5 → 0.8.1 - Mend

seira 0.7.5 → 0.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

checksums.yaml +4 -4
data/lib/seira/cluster.rb +20 -2
data/lib/seira/commands/teleport.rb +28 -0
data/lib/seira/commands.rb +9 -0
data/lib/seira/pods.rb +8 -3
data/lib/seira/settings.rb +26 -0
data/lib/seira/setup.rb +5 -0
data/lib/seira/teleport/request.rb +31 -0
data/lib/seira/teleport/role_requirements.rb +41 -0
data/lib/seira/teleport/status.rb +58 -0
data/lib/seira/teleport.rb +3 -0
data/lib/seira/version.rb +1 -1
data/lib/seira.rb +17 -0
metadata +7 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 06e2e516ae84d1bcdc4f3320eeb13c83dc6cd162bfbe5e249b53e2b3af74885c
-  data.tar.gz: 027a214ded3ab47b25fe29b9e8943bd268fe908ff9aa87993ffa07e9c395e350
+  metadata.gz: eb319292b2073d2caa5a7d526f70b7f6a707dfa8a7e8b7eba014d488c1ce50ee
+  data.tar.gz: b6dfc7dd336518acc1d510177d8eff2f02252351cece68e57c68d9019272d674
 SHA512:
-  metadata.gz: f6cc9ea8137d0ae4578a5fbdbeac88f8e8d01916dd8e64f8dc83d4ac30517fda718ae06d0d02b5c354e9d80e3ee3ab3f75df433dda45ac85b60e512cc878b058
-  data.tar.gz: 828524836a6abc488bc29a3333733887e57b39351f9d54b8ecb9986c49520abd6e8564b97425f702fed90b2256f68c558303c76ee6be49fc58362a3898fc4f32
+  metadata.gz: 137620c27df4b7fb22580bb33249d8c6ea6b087f2203205b73f844eef456b20342af2f9c753264439e390ec9c82ad1e47dcda719885cd57ba2a980dbe9803ad9
+  data.tar.gz: f40b95e33ab48142deb3673b804507f7f9bf91e37b7a66827e92feb5afbdfaadf59032d6ea3d1848be956037037cd2f4e5d9910a8b442e0b86d34ff2a7b58cfe

data/lib/seira/cluster.rb CHANGED Viewed

@@ -41,8 +41,26 @@ module Seira
       cluster_metadata = settings.clusters[target_cluster]
       puts("Switching to gcloud config of '#{target_cluster}' and kubernetes cluster of '#{cluster_metadata['cluster']}'") if verbose
-      exit(1) unless system("gcloud config configurations activate #{target_cluster}")
-      exit(1) unless system("kubectl config use-context #{cluster_metadata['cluster']}")
+      unless system("gcloud config configurations activate #{target_cluster}")
+        puts("Try running `seira setup #{target_cluster}` if you have not yet configured this cluster.")
+        exit(1)
+      end
+      if settings.use_teleport?(target_cluster)
+        teleport_status = Seira::Teleport::Status.new
+        unless teleport_status.is_valid?
+          if teleport_status.active_cluster == settings.teleport_cluster(target_cluster)
+            exit(1) unless system("tsh login")
+          else
+            exit(1) unless system("tsh login --proxy=#{settings.teleport_cluster(target_cluster)}:443 --auth=#{settings.teleport_auth(target_cluster)}")
+          end
+        end
+        exit(1) unless system("tsh kube login #{settings.teleport_kubernetes_cluster(target_cluster)}")
+      else
+        exit(1) unless system("kubectl config use-context #{cluster_metadata['cluster']}")
+      end
       # If we haven't exited by now, it was successful
       true

data/lib/seira/commands/teleport.rb ADDED Viewed

@@ -0,0 +1,28 @@
+module Seira
+  module Commands
+    class Teleport
+      attr_reader :context, :command
+      def initialize(command, context: nil)
+        @command = command
+        @context = context
+      end
+      def invoke(clean_output: false, return_output: false)
+        puts "Calling: #{calculated_command.green}" unless clean_output
+        if return_output
+          `#{calculated_command}`
+        else
+          system(calculated_command)
+        end
+      end
+      private
+      def calculated_command
+        @calculated_command ||= "tsh #{command}"
+      end
+    end
+  end
+end

data/lib/seira/commands.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 require 'seira/commands/kubectl'
 require 'seira/commands/gcloud'
+require 'seira/commands/teleport'
 module Seira
   module Commands
@@ -18,5 +19,13 @@ module Seira
     def self.gcloud(command, context:, clean_output: false, format: :boolean)
       Gcloud.new(command, context: context, clean_output: clean_output, format: format).invoke
     end
+    def tsh(command, context:, clean_output: false, return_output: false)
+      Seira::Commands.tsh(command, context: context, clean_output: clean_output, return_output: return_output)
+    end
+    def self.tsh(command, context:, clean_output: false, return_output: false)
+      Teleport.new(command, context: context).invoke(clean_output: clean_output, return_output: return_output)
+    end
   end
 end

data/lib/seira/pods.rb CHANGED Viewed

@@ -41,7 +41,12 @@ module Seira
     def run_help
       puts SUMMARY
       puts "\n\n"
-      puts "TODO"
+      puts "Possible actions:\n\n"
+      puts "list: List all the pods (output mode wide)."
+      puts "delete: Delete the pod (positional arg)."
+      puts "logs: Log the output of the pod (provided via positional arg)."
+      puts "top: Print the current resource usage for the specified pod (optional positional arg) or all the pods (default) in the context's namespace."
+      puts "connect: Connect to, or run a command on (--command=), a running pod (positional arg or --pod=), or create a new dedicated pod (--dedicated). Can override tier (--tier=)"
     end
     def run_list
@@ -53,7 +58,7 @@ module Seira
     end
     def run_logs
-      kubectl("logs #{pod_name} -c #{app}")
+      kubectl("logs #{pod_name} -c #{app}", context: context)
     end
     def run_top
@@ -62,7 +67,7 @@ module Seira
     def run_connect
       tier = nil
-      pod_name = nil
+      pod_name = pod_name
       dedicated = false
       command = 'sh'

data/lib/seira/settings.rb CHANGED Viewed

@@ -68,6 +68,32 @@ module Seira
       settings['seira']['expected_environment_variable_during_deploys']
     end
+    def use_teleport?(cluster)
+      teleport_enabled = settings['seira']['clusters'][cluster].dig('teleport', 'enabled')
+      return false if teleport_enabled.nil?
+      teleport_enabled || ENV['SEIRA_TELEPORT_ENABLED'] == 'true'
+    end
+    def teleport_cluster(cluster)
+      settings['seira']['clusters'][cluster].dig('teleport', 'cluster')
+    end
+    def teleport_auth(cluster)
+      settings['seira']['clusters'][cluster].dig('teleport', 'auth')
+    end
+    def teleport_kubernetes_cluster(cluster)
+      settings['seira']['clusters'][cluster].dig('teleport', 'kubernetes_cluster') || cluster
+    end
+    def teleport_role_requirements(cluster)
+      requirements = settings['seira']['clusters'][cluster].dig('teleport', 'role_requirements') || []
+      requirements.map { |r| Seira::Teleport::RoleRequirement.new(r) }
+    end
     private
     def parse_settings

data/lib/seira/setup.rb CHANGED Viewed

@@ -121,6 +121,11 @@ module Seira
         puts "Installing kubectl..."
         system('gcloud components install kubectl')
       end
+      puts "Making sure tsh is installed..."
+      unless system('tsh version &> /dev/null')
+        puts "Go to https://goteleport.com/docs/installation/ to install tsh.".yellow
+      end
     end
     def run_status

data/lib/seira/teleport/request.rb ADDED Viewed

@@ -0,0 +1,31 @@
+module Seira
+  module Teleport
+    class Request
+      def initialize(role, reviewer: nil, context: nil)
+        @role = role
+        @reviewer = reviewer
+        @context = context
+      end
+      def invoke
+        command.invoke
+      end
+      def cmd
+        cmd = "request create --roles '#{@role}'"
+        cmd += " --reason '#{reason}'"
+        cmd += " --reviewers #{@reviewer}" unless @reviewer.nil?
+        cmd
+      end
+      def reason
+        "Running: seira #{@context[:cluster]} #{@context[:app]} #{@context[:category]} #{@context[:action]}"
+      end
+      def command
+        @command ||= Seira::Commands::Teleport.new(cmd, context: @context)
+      end
+    end
+  end
+end

data/lib/seira/teleport/role_requirements.rb ADDED Viewed

@@ -0,0 +1,41 @@
+module Seira
+  module Teleport
+    class RoleRequirement
+      include Comparable
+      attr_reader :commands, :category, :role
+      def initialize(requirement)
+        @requirement = requirement
+        @category = requirement['category']
+        @commands = requirement['commands']
+        @role = requirement['role']
+      end
+      def matches?(category, command)
+        @category == category && command_matches?(command)
+      end
+      def <=>(other)
+        raise ArgumentError, 'Cannot compare different categories' if category != other.category
+        if commands.nil?
+          return -1
+        elsif other.commands.nil?
+          return 1
+        end
+        commands.length <=> other.commands.length
+      end
+      private
+      def command_matches?(command)
+        return false if command == 'help'
+        return true if @requirement['commands'].nil?
+        @requirement['commands'].include?(command)
+      end
+    end
+  end
+end

data/lib/seira/teleport/status.rb ADDED Viewed

@@ -0,0 +1,58 @@
+require 'json'
+require 'date'
+require 'seira/commands/teleport'
+module Seira
+  module Teleport
+    class Status
+      attr_reader :data
+      def initialize(data: nil)
+        @data = data
+        @data ||= get_status_json
+      end
+      def [](key)
+        data[key]
+      end
+      def active_cluster
+        data.dig('active', 'cluster')
+      end
+      def kubernetes_cluster
+        data.dig('active','kubernetes_cluster')
+      end
+      def roles
+        @roles ||= data.dig('active', 'roles')
+      end
+      def has_role?(role)
+        return false if roles.nil?
+        roles.include?(role)
+      end
+      def is_valid?
+        valid_until = data.dig('active', 'valid_until')
+        return false if valid_until.nil?
+        DateTime.parse(data.dig('active', 'valid_until')) > DateTime.now
+      end
+      private
+      def get_status_json
+        cmd = Seira::Commands::Teleport.new('status -f json', context: :none)
+        out = cmd.invoke(clean_output: true, return_output: true)
+        if out == ''
+          {}
+        else
+          JSON.parse(cmd.invoke(clean_output: true, return_output: true))
+        end
+      end
+    end
+  end
+end

data/lib/seira/teleport.rb ADDED Viewed

@@ -0,0 +1,3 @@
+require 'seira/teleport/status'
+require 'seira/teleport/role_requirements'
+require 'seira/teleport/request'

data/lib/seira/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Seira
-  VERSION = "0.7.5".freeze
+  VERSION = "0.8.1".freeze
 end

data/lib/seira.rb CHANGED Viewed

@@ -20,6 +20,7 @@ require 'seira/settings'
 require 'seira/setup'
 require 'seira/node_pools'
 require 'seira/util/resource_renderer'
+require 'seira/teleport'
 # A base runner class that does base checks and then delegates the actual
 # work for the command to a class in lib/seira folder.
@@ -118,6 +119,16 @@ module Seira
         exit(1)
       end
+      if settings.use_teleport?(cluster)
+        role_requirements = settings.teleport_role_requirements(cluster)
+        required_role = role_requirements.filter { |rr| rr.matches?(category, action) }.sort.first&.role
+        status = Seira::Teleport::Status.new
+        unless required_role.nil? || status.has_role?(required_role)
+          Seira::Teleport::Request.new(required_role, reviewer: ENV['TELEPORT_REVIEWER'], context: passed_context).invoke
+        end
+      end
       if category == 'cluster'
         perform_action_validation(klass: command_class, action: action)
         command_class.new(action: action, args: args, context: passed_context, settings: settings).run
@@ -142,6 +153,7 @@ module Seira
         region: settings.region_for_cluster(cluster),
         zone: settings.zone_for_cluster(cluster),
         app: app,
+        category: category,
         action: action,
         args: args
       }
@@ -159,6 +171,11 @@ module Seira
         exit(1)
       end
+      unless system("tsh version > /dev/null 2>&1")
+        puts "Teleport CLI not installed properly. Please install `tsh` before using seira.".red
+        exit(1)
+      end
       # The first arg must always be the cluster. This ensures commands are not run by
       # accident on the wrong kubernetes cluster or gcloud project.
       exit(1) unless Seira::Cluster.new(action: nil, args: nil, context: nil, settings: settings).switch(target_cluster: cluster, verbose: false)

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: seira
 version: !ruby/object:Gem::Version
-  version: 0.7.5
+  version: 0.8.1
 platform: ruby
 authors:
 - Scott Ringwelski
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-03-28 00:00:00.000000000 Z
+date: 2023-08-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: highline
@@ -123,6 +123,7 @@ files:
 - lib/seira/commands.rb
 - lib/seira/commands/gcloud.rb
 - lib/seira/commands/kubectl.rb
+- lib/seira/commands/teleport.rb
 - lib/seira/config.rb
 - lib/seira/db.rb
 - lib/seira/db/create.rb
@@ -135,6 +136,10 @@ files:
 - lib/seira/secrets.rb
 - lib/seira/settings.rb
 - lib/seira/setup.rb
+- lib/seira/teleport.rb
+- lib/seira/teleport/request.rb
+- lib/seira/teleport/role_requirements.rb
+- lib/seira/teleport/status.rb
 - lib/seira/util/resource_renderer.rb
 - lib/seira/version.rb
 - resources/adjectives.txt