@govuk-pay/cli 0.0.36 → 0.0.38

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@govuk-pay/cli",
-  "version": "0.0.36",
+  "version": "0.0.38",
   "description": "GOV.UK Pay Command Line Interface",
   "bin": {
     "pay": "bin/cli.js",

package/src/commands/local/subcommands/account.js

@@ -7,12 +7,12 @@ exports.handler = exports.builder = exports.desc = exports.command = void 0;
 const app_client_js_1 = __importDefault(require("../app_client/app_client.js"));
 const standardContent_1 = require("../../../core/standardContent");
 exports.command = 'account';
-exports.desc = 'Create a local gateway account';
+exports.desc = 'Create a local gateway account, and optionally a new service';
 const builder = (yargs) => {
     return yargs.usage(`$0 local account [--service-id <SERVICE_ID>]\n\n${exports.desc}`)
         .option('service-id', {
         type: 'string',
-        description: 'ID of an existing service'
+        description: 'External ID of an existing service, if not provided a new service will be created'
     });
 };
 exports.builder = builder;

package/src/commands/local/subcommands/browse.js

@@ -9,18 +9,18 @@ const app_client_js_1 = __importDefault(require("../app_client/app_client.js"));
 const pay_local_cluster_js_1 = require("../config/pay_local_cluster.js");
 const standardContent_1 = require("../../../core/standardContent");
 exports.command = 'browse <service>';
-exports.desc = 'Browse to local service';
+exports.desc = 'Open a local service in your web browser';
 const builder = (yargs) => {
     return yargs
         .usage(`$0 local browse <service> [--proxy]\n\n${exports.desc}`)
         .positional('service', {
         type: 'string',
-        description: 'service'
+        description: 'Name of the service to open in your browser'
     })
         .option('proxy', {
         type: 'boolean',
         default: false,
-        description: 'Opens the service via the local proxy for the service'
+        description: 'Opens the service via the reverse proxy for the service'
     });
 };
 exports.builder = builder;

package/src/commands/local/subcommands/db.js

@@ -4,14 +4,16 @@ exports.handler = exports.builder = exports.desc = exports.command = void 0;
 const node_child_process_1 = require("node:child_process");
 const pay_local_cluster_js_1 = require("../config/pay_local_cluster.js");
 const standardContent_1 = require("../../../core/standardContent");
+const servicesConfig = (0, pay_local_cluster_js_1.loadServicesConfig)();
 exports.command = 'db <app_name>';
-exports.desc = 'Connect to <app_name> database';
+exports.desc = 'Open psql connected to <app_name> database';
 const builder = (yargs) => {
     return yargs
         .usage(`$0 local db <app_name> [--docker]\n\n${exports.desc}`)
         .positional('app_name', {
         type: 'string',
-        description: 'service'
+        choices: Object.values(servicesConfig).filter(service => service.db).map(service => service.name).sort(),
+        description: 'The name of the app whose database you wish to connect to'
     })
         .option('docker', {
         type: 'boolean',
@@ -25,7 +27,6 @@ async function dbHandler(argv) {
     await (0, standardContent_1.showHeader)();
     const service = argv.app_name;
     const docker = argv.docker;
-    const servicesConfig = (0, pay_local_cluster_js_1.loadServicesConfig)();
     if (!(service in servicesConfig)) {
         console.error(`The service specified (${service}) was not defined in the service_config.yaml file`);
         return;

package/src/commands/local/subcommands/down.js

@@ -15,13 +15,13 @@ exports.DOCKER_COMPOSE_RENDERED_TEMPALTES_PATH = node_path_1.default.join('local
 exports.DOCKER_COMPOSE_SERVICES_CONFIG_PATH = node_path_1.default.join('local', 'docker-compose', 'default-configs-DO-NOT-EDIT');
 exports.ENVIRONMENT_OVERRIDES_PATH = node_path_1.default.join('local', 'environment-overrides');
 exports.command = 'down';
-exports.desc = 'Bring down a cluster';
+exports.desc = 'Shut down the local cluster';
 const builder = (yargs) => {
     return yargs
         .usage(`$0 local down [--cluster <cluster>]\n\n${exports.desc}`)
         .option('cluster', {
         type: 'string',
-        description: 'Cluster to bring down',
+        description: 'Cluster to bring down, if not specified it will be the last cluster that was launched',
         choices: pay_local_cluster_js_1.CLUSTERS
     });
 };

package/src/commands/local/subcommands/nuke.js

@@ -12,7 +12,7 @@ exports.DOCKER_COMPOSE_RENDERED_TEMPALTES_PATH = node_path_1.default.join('local
 exports.DOCKER_COMPOSE_SERVICES_CONFIG_PATH = node_path_1.default.join('local', 'docker-compose', 'default-configs-DO-NOT-EDIT');
 exports.ENVIRONMENT_OVERRIDES_PATH = node_path_1.default.join('local', 'environment-overrides');
 exports.command = 'nuke';
-exports.desc = 'Kill and completely destroy all containers previously started by pay local';
+exports.desc = 'Kill and completely destroy all containers that can be launched by pay local';
 exports.handler = nukeHandler;
 async function nukeHandler(argv) {
     await (0, standardContent_1.showHeader)();

package/src/commands/local/subcommands/otp.js

@@ -5,11 +5,11 @@ const node_child_process_1 = require("node:child_process");
 const totp_generator_1 = require("totp-generator");
 const standardContent_1 = require("../../../core/standardContent");
 exports.command = 'otp <key>';
-exports.desc = 'Create otp code';
+exports.desc = 'Generate an otp code';
 const builder = (yargs) => {
     return yargs.positional('key', {
         type: 'string',
-        description: 'otp key'
+        description: 'TOTP secret key for which to generated a code'
     });
 };
 exports.builder = builder;

package/src/commands/local/subcommands/payment.js

@@ -14,7 +14,7 @@ const builder = (yargs) => {
         .usage(`$0 local payment [--api-key <api-key>] [--email-collection-mode <email-collection-mode>]\n\n${exports.desc}`)
         .option('api-key', {
         type: 'string',
-        description: 'API Key'
+        description: 'API Key to use to create the payment. If not set a new service and gateway account will also be created'
     }).option('email-collection-mode', {
         type: 'string',
         default: 'MANDATORY',

package/src/commands/local/subcommands/paymentlink.js

@@ -8,14 +8,14 @@ const node_child_process_1 = __importDefault(require("node:child_process"));
 const app_client_js_1 = __importDefault(require("../app_client/app_client.js"));
 const standardContent_1 = require("../../../core/standardContent");
 exports.command = 'paymentlink';
-exports.desc = 'Create a payment link';
+exports.desc = 'Create a payment link in gateway account id 1';
 const builder = (yargs) => {
     return yargs
         .usage(`$0 local paymentlink --api-key <api-key>\n\n${exports.desc}`)
         .option('api-key', {
         demandOption: true,
         type: 'string',
-        description: 'API Key'
+        description: 'API Key for the payment link to use to create payments'
     });
 };
 exports.builder = builder;

package/src/commands/local/subcommands/restart.js

@@ -11,13 +11,13 @@ const docker_compose_controller_js_1 = __importDefault(require("../docker_compos
 const standardContent_1 = require("../../../core/standardContent");
 exports.DOCKER_COMPOSE_RENDERED_TEMPLATES_PATH = node_path_1.default.join('local', 'docker-compose', 'rendered-templates');
 exports.command = 'restart <app>';
-exports.desc = 'Restart a container and waits for it to be healthy';
+exports.desc = 'Restart a container and wait for it to be healthy';
 const builder = (yargs) => {
     return yargs
         .usage(`$0 local restart <app>\n\n${exports.desc}`)
         .positional('app', {
         type: 'string',
-        description: 'App to restart'
+        description: 'Container to restart'
     });
 };
 exports.builder = builder;

package/src/commands/local/subcommands/token.js

@@ -8,13 +8,13 @@ const node_child_process_1 = require("node:child_process");
 const app_client_js_1 = __importDefault(require("../app_client/app_client.js"));
 const standardContent_1 = require("../../../core/standardContent");
 exports.command = 'token';
-exports.desc = 'Create a token';
+exports.desc = 'Create an API token';
 const builder = (yargs) => {
     return yargs
         .usage(`$0 local token [--gateway-account-id <gateway-account-id>]\n\n${exports.desc}`)
         .option('gateway-account-id', {
         type: 'string',
-        description: 'ID of the gateway account'
+        description: 'ID of the gateway account, if not specified a service and gateway account will also be created'
     });
 };
 exports.builder = builder;

package/src/commands/local/subcommands/up.js

@@ -24,42 +24,42 @@ const builder = (yargs) => {
         type: 'string',
         choices: pay_local_cluster_js_1.CLUSTERS,
         default: 'all',
-        description: 'cluster'
+        description: 'Cluster of services to launch'
     })
         .option('apps', {
         type: 'array',
         default: [],
-        description: ''
+        description: 'Launch only these listed apps within the specified cluster'
     })
         .option('local', {
         type: 'array',
         default: [],
-        description: ''
+        description: 'Use local versions of the docker images from the checkouts in your WORKSPACE'
     })
         .option('proxy', {
         type: 'boolean',
         default: false,
-        description: ''
+        description: 'Launch reverse proxies with naxsi configured in front of the public-facing apps'
     })
         .option('with-egress-proxy', {
         type: 'boolean',
         default: false,
-        description: ''
+        description: 'Launch the cluster with the egress proxy and configure connector and frontend to use it'
     })
         .option('rebuild', {
         type: 'boolean',
         default: true,
-        description: ''
+        description: 'When running with --local, force the local containers to be rebuilt from your WORKSPACE'
     })
         .option('pull', {
         type: 'boolean',
         default: true,
-        description: ''
+        description: 'Pull the latest versions of all containers prior to launching the cluster'
     })
         .option('mount-local-node-apps', {
         type: 'boolean',
         default: false,
-        description: ''
+        description: 'Mount your local project directory (in WORKSPACE/pay-<app>) into the running node container'
     })
         .option('mount-pay-js-commons', {
         type: 'boolean',

package/src/commands/local/subcommands/url.js

@@ -13,11 +13,11 @@ exports.desc = 'Copy base URL of local service to clipboard';
 const builder = (yargs) => {
     return yargs.positional('service', {
         type: 'string',
-        description: 'service'
+        description: 'The service you wish to generate the URL of'
     }).option('proxy', {
         type: 'boolean',
         default: false,
-        description: 'Something about proxy'
+        description: 'Generate the url for the reverse proxy of the <service> specified'
     });
 };
 exports.builder = builder;

package/src/commands/local/subcommands/user.js

@@ -9,14 +9,14 @@ const totp_generator_1 = require("totp-generator");
 const node_child_process_1 = require("node:child_process");
 const standardContent_1 = require("../../../core/standardContent");
 exports.command = 'user';
-exports.desc = 'Create a local user';
+exports.desc = 'Create a selfservice user with a new service and gateway account';
 const builder = (yargs) => {
     return yargs
         .usage(`$0 local user [--create-payments]\n\n${exports.desc}`)
         .option('create-payments', {
         type: 'boolean',
-        default: false,
-        description: 'Create payments'
+        default: true,
+        description: 'Create 10 payments in the gateway account'
     });
 };
 exports.builder = builder;
@@ -48,7 +48,7 @@ async function userHandler(argv) {
         console.error('Failed to create an API token');
         return;
     }
-    if (createPayments !== undefined && createPayments) {
+    if (createPayments) {
         console.warn('💸  Creating 10 payments in card sandbox gateway account (each . is a success, each ! is a failure)');
         let createPaymentResult;
         for (let i = 0; i < 10; i++) {
@@ -60,6 +60,7 @@ async function userHandler(argv) {
                 process.stderr.write('.');
             }
         }
+        console.warn('');
     }
     console.warn('🤓  Creating admin user for service');
     const user = await app_client_js_1.default.createUser([account.gateway_account_id], 'admin');
@@ -82,14 +83,18 @@ async function userHandler(argv) {
     console.log(`🎫  Card API token: ${apiToken}`);
     console.log();
     let selfserviceUrl;
+    copyToClipboard(user.email);
+    console.log(`📋 “${user.email}” copied to clipboard`);
     if (await app_client_js_1.default.isProxyHealthy('selfservice')) {
         selfserviceUrl = app_client_js_1.default.externalUrlFor('selfservice', '/', true);
     }
-    else {
+    else if (await app_client_js_1.default.isHealthy('selfservice')) {
         selfserviceUrl = app_client_js_1.default.externalUrlFor('selfservice', '/', false);
     }
-    copyToClipboard(user.email);
-    console.log(`📋 “${user.email}” copied to clipboard`);
+    else {
+        console.error('The selfservice service is unhealthy, so it is not being opened in a web browser');
+        return;
+    }
     console.log(`🌎 Opening selfservice (${selfserviceUrl}) browser`);
     console.log();
     (0, node_child_process_1.spawn)('open', [selfserviceUrl]);

package/src/commands/tunnel.js

@@ -16,13 +16,15 @@ const constants_js_1 = require("../core/constants.js");
 let ec2;
 let ecs;
 let ssm;
+let rds;
 const FORMAT = {
     red: '\x1b[31m',
     green: '\x1b[32m',
     yellow: '\x1b[33m',
     reset: '\x1b[0m',
     ul: '\x1b[4m',
-    ulstop: '\x1b[24m'
+    ulstop: '\x1b[24m',
+    bel: '\u0007'
 };
 exports.command = 'tunnel <environment> <application>';
 exports.desc = 'Open a tunnel to an app database in a given environment';
@@ -66,18 +68,37 @@ async function tunnelHandler(argv) {
     const environment = argv.environment;
     const application = argv.application;
     console.log(`Opening a database tunnel to ${environment} ${application}`);
-    ec2 = new client_ec2_1.EC2Client();
-    ecs = new client_ecs_1.ECSClient();
-    ssm = new client_ssm_1.SSMClient();
+    let maximumDuration = 90;
+    if (process.env.MAXIMUM_DURATION !== undefined) {
+        maximumDuration = parseInt(process.env.MAXIMUM_DURATION);
+        if (isNaN(maximumDuration)) {
+            maximumDuration = 90;
+            console.log(`${FORMAT.yellow}MAXIMUM_DURATION should be a whole number of minutes, e.g. MAXIMUM_DURATION=60. Defaulting to ${maximumDuration}.${FORMAT.reset}`);
+        }
+    }
+    const warnTime = maximumDuration * 0.75;
+    ec2 = new client_ec2_1.EC2Client({ region: 'eu-west-1' });
+    ecs = new client_ecs_1.ECSClient({ region: 'eu-west-1' });
+    ssm = new client_ssm_1.SSMClient({ region: 'eu-west-1' });
+    rds = new client_rds_1.RDSClient({ region: 'eu-west-1' });
     let bastionTask = null;
     try {
         printWarningToUser();
         const dbAccessType = await readInputForReadOrWriteDBAccess();
         const database = await getDatabaseDetails(environment, application);
-        bastionTask = await startBastion(environment);
+        bastionTask = await startBastion(environment, maximumDuration);
+        console.log(`${FORMAT.bel}${FORMAT.yellow}The bastion service will terminate in ${maximumDuration} minutes.${FORMAT.reset}`);
+        const warnTimeout = setTimeout(() => {
+            console.log(`${FORMAT.bel}${FORMAT.yellow}The bastion service will terminate in ${maximumDuration - warnTime} minutes.${FORMAT.reset}`);
+        }, warnTime * 60 * 1000);
+        const exitTimeout = setTimeout(() => {
+            console.log(`${FORMAT.bel}${FORMAT.yellow}The bastion service will now terminate, your tunnel may stop unexpectedly.${FORMAT.reset}`);
+        }, maximumDuration * 60 * 1000);
         openTunnel(bastionTask, database, environment);
         await printHowToTunnelText(application, environment, database.EngineVersion, dbAccessType);
         await waitForExit();
+        clearTimeout(warnTimeout);
+        clearTimeout(exitTimeout);
         await shutdown(environment, bastionTask);
     }
     catch (error) {
@@ -117,10 +138,10 @@ async function waitForExit() {
         });
     });
 }
-async function startBastion(environment) {
+async function startBastion(environment, maximumDuration) {
     const subnetIds = await getBastionSubNets(environment);
     const securityGroupIds = await getBastionSecurityGroups(environment);
-    let bastionTask = await launchBastionTask(environment, subnetIds, securityGroupIds);
+    let bastionTask = await launchBastionTask(environment, subnetIds, securityGroupIds, maximumDuration);
     bastionTask = await waitForBastionToBeReady(bastionTask, environment);
     return bastionTask;
 }
@@ -156,12 +177,29 @@ async function getBastionSecurityGroups(environment) {
         .filter(s => s.GroupId !== undefined)
         .map((securityGroup) => securityGroup.GroupId);
 }
-async function launchBastionTask(environment, subnetIds, securityGroupIds) {
+async function launchBastionTask(environment, subnetIds, securityGroupIds, maximumDuration) {
+    let taskDefinition = `${environment}-bastion`;
+    if (process.env.BASTION_TASK_DEF_NAME != null && process.env.BASTION_TASK_DEF_NAME.length > 0) {
+        taskDefinition = process.env.BASTION_TASK_DEF_NAME;
+    }
     const runTaskCommand = new client_ecs_1.RunTaskCommand({
         cluster: `${environment}-fargate`,
-        taskDefinition: `${environment}-bastion`,
+        taskDefinition,
         launchType: 'FARGATE',
         enableExecuteCommand: true,
+        overrides: {
+            containerOverrides: [
+                {
+                    name: `${environment}-bastion`,
+                    environment: [
+                        {
+                            name: 'MAXIMUM_DURATION',
+                            value: `${maximumDuration}m`
+                        }
+                    ]
+                }
+            ]
+        },
         networkConfiguration: {
             awsvpcConfiguration: {
                 subnets: subnetIds,
@@ -259,7 +297,6 @@ async function stopBastion(task, environment) {
 }
 async function getDatabaseDetails(environment, application) {
     const describeDbCommand = new client_rds_1.DescribeDBInstancesCommand({});
-    const rds = new client_rds_1.RDSClient();
     const describeDbCommandResponse = await rds.send(describeDbCommand);
     if (describeDbCommandResponse.DBInstances == null || describeDbCommandResponse.DBInstances.length < 1) {
         throw new Error(`Failed to find the database for ${application} in ${environment}`);
@@ -384,10 +421,9 @@ async function getDbUser(environment, application, dbAccessType) {
     else {
         paramName = `${environment}_${application}.db_support_user_readonly`;
     }
-    const ssmClient = new client_ssm_1.SSMClient();
     const input = { Names: [paramName], WithDecryption: true };
     const command = new client_ssm_1.GetParametersCommand(input);
-    const response = await ssmClient.send(command);
+    const response = await ssm.send(command);
     if (response?.Parameters?.length !== undefined && response?.Parameters?.length > 0 &&
         response?.Parameters[0]?.Value !== undefined) {
         return response.Parameters[0].Value;
@@ -430,5 +466,5 @@ function printError(error) {
     console.error(`${FORMAT.red}${error}${FORMAT.reset}`);
 }
 function printGreen(message) {
-    console.error(`${FORMAT.green}${message}${FORMAT.reset}`);
+    console.log(`${FORMAT.green}${message}${FORMAT.reset}`);
 }