@govuk-pay/cli 0.0.55 → 0.0.56

package/resources/legacy-ruby-cli/lib/pay_cli/commands/local.rb

@@ -1,451 +0,0 @@
-require 'English'
-require 'erb'
-require 'yaml'
-require 'rest-client'
-require 'rotp'
-require 'base32'
-require 'securerandom'
-require 'active_support'
-require 'active_support/core_ext'
-require 'digest'
-require 'mkmf'
-require 'pathname'
-
-REQUIRES_COMPILATION = %w[frontend products-ui selfservice toolbox].freeze
-
-class PayCLI::Commands::Local < Thor
-  CLUSTERS=['admin', 'card', 'paymentlinks', 'webhooks', 'endtoend', 'java', 'toolbox']
-
-  warn "🏠  Local Pay for local people\n\n"
-  map "up" => :launch
-  desc 'launch | up [--cluster <cluster>] [--local <app>] [--proxy] [--apps] [--rebuild] [--with-egress-proxy]',
-       'Launch a predefined cluster, or a user specified list of apps.' \
-       ' Specify a list of apps that should use your locally checked out code using --local'
-  option :local, :type => :array, :default => []
-  option :proxy, :type => :boolean, :default => false
-  option :cluster, :enum => CLUSTERS
-  option :apps, :type => :array
-  option :rebuild, :type => :boolean, :default => true
-  option :experimental, :type => :boolean, :default => false
-  option :with_egress_proxy, :type => :boolean, :default => false
-  option :mount_local_node_apps, :type => :boolean, :default => false, :desc => "Mount your apps directory in your \$WORKSPACE folder into the container, this makes local changes take effect immedaitely in the container via nodemon"
-  option :pull, :type => :boolean, :default => true, :desc => "Pull the latest versions of containers prior to launching, override with --no-pull"
-
-  def launch()
-    all = options[:experimental] ? Config::all : Config.boring
-    if options[:cluster]
-      cluster = options[:cluster]
-      warn "🚀  Launching #{cluster} cluster 🚀\n\n"
-      apps = Config::cluster cluster, all
-    elsif options[:apps]
-      cluster = 'custom'
-      warn "🚀  Launching #{options[:apps]} 🚀\n\n"
-      apps = Config::filter options[:apps], all
-    else
-      cluster = 'all'
-      apps = all
-    end
-
-    @egress_proxy_required = options[:with_egress_proxy]
-
-    @node_apps = Config::node apps
-    @java_apps = Config::java apps
-
-    local_app_names = options.fetch :local
-    @local_node_apps = Config.local local_app_names, @node_apps
-    @local_java_apps = Config.local local_app_names, @java_apps
-    @remote_node_apps = Config.remote local_app_names, @node_apps
-    @remote_java_apps = Config.remote local_app_names, @java_apps
-
-    @mount_local_node_apps = options[:mount_local_node_apps]
-
-    @dbs = Config.db_configs Config.has_db apps
-    @queue_apps = Config.has_queue apps
-    @sns_topic_apps = Config.has_sns_topics apps
-
-    # Force restart of localstack (which mocks aws services)
-    Docker.remove('localstack') if Config.uses_localstack(apps)
-
-    @proxies = if options[:proxy] then Config::proxy_configs Config::has_proxy apps else [] end
-
-    @no_proxy_env_var = [
-      "localhost",
-      "127.0.0.1",
-      "172.18.0.253",
-      "localstack",
-      "redis",
-      Config.all.map { |app| app[:name] },
-      @dbs.map { |app| app[:name] },
-      @proxies.map { |app| app[:name] },
-    ].flatten!.join(",")
-
-    @localstack_init_file = File.realpath(
-      File.join(__dir__, 'local', 'files', 'localstack', 'init-aws.sh')
-    )
-
-    if options[:rebuild]
-      check_for_workspace_env
-
-      threads = []
-      (@local_java_apps + @local_node_apps).each do |app|
-        check_for_local_repo("pay-#{app[:name]}")
-
-        threads << Thread.new do
-          ws_dir = Pathname.new(ENV['WORKSPACE']).join("pay-#{app[:name]}")
-
-          if RUBY_PLATFORM.include? 'arm64'
-            arm_dockerfile = ws_dir.join('m1', 'arm64.Dockerfile')
-            dockerfile = arm_dockerfile.exist? ? arm_dockerfile : ws_dir.join('Dockerfile')
-
-            warn "🐋  generating arm64 governmentdigitalservice/pay-#{app[:name]}:local from #{dockerfile}"
-            `(cd #{ws_dir} && docker build -q . -f #{dockerfile} --load -t governmentdigitalservice/pay-#{app[:name]}:local)`
-          else
-            warn "🐋  generating governmentdigitalservice/pay-#{app[:name]}:local"
-            `(cd #{ws_dir} && docker build -q -t governmentdigitalservice/pay-#{app[:name]}:local .)`
-          end
-
-          report_status! $CHILD_STATUS, app[:name], 'loading image for'
-        end
-      end
-
-      threads.each(&:join)
-    end
-
-    Docker::write_compose_file cluster, binding
-
-    if cluster.include? 'endtoend'
-      warn "💁  Here are the endtoend environment variables\n\n#{Config::write_end_to_end_config binding}\n\n"
-    end
-
-    puts Docker::pull cluster if options[:pull]
-    puts Docker::up cluster
-
-    AppClient::wait_for_apps apps
-    AppClient::report_state apps
-  end
-
-  desc 'down [--cluster <cluster>]',
-       'Bring down a cluster'
-  option :cluster, :enum => CLUSTERS
-  def down()
-    cluster = options.fetch(:cluster, 'all')
-    unless Docker::compose_file_exists_for_cluster?(cluster)
-      $stderr.puts "Error: cluster #{cluster} has not been launched, its docker-compose file was not found"
-      return
-    end
-
-    warn "🛬  bringing down #{cluster} cluster"
-    puts Docker::down cluster
-    puts Docker::cleanup_old_network
-  end
-
-  desc 'healthcheck <cluster>',
-       "Healthcheck"
-
-  def healthcheck(cluster)
-    AppClient::report_state Config::cluster cluster, Config::all
-  end
-
-  desc 'nuke',
-       "Kill and completely destroy all containers previously started by pay local"
-
-  def nuke
-    warn "💥  Nuking all containers previously started by pay local 💥"
-    warn "🚨  WARNING - this deletes the database files too, stop it now or accept your fate 🚨"
-
-    Config::all.each do |app|
-      Docker::remove("#{app[:name]}")
-      Docker::remove("#{app[:name]}-proxy") if app[:proxy]
-      Docker::remove("#{app[:name]}_db") if app[:db]
-    end
-    Docker::remove('localstack')
-    Docker::remove('localRedis')
-    Docker::remove('egress')
-    Docker::remove_network
-  end
-
-  desc 'restart [--cluster <cluster>] <app>',
-       'Restart a container and waits for it to be healthy.'
-  option :cluster, :enum => CLUSTERS
-  def restart(app_name)
-    cluster = options.fetch(:cluster, 'all')
-    unless Docker::compose_file_exists_for_cluster?(cluster)
-      $stderr.puts "error: cluster #{cluster} has not been launched, its docker-compose file was not found"
-      return
-    end
-
-    Docker::restart(cluster, app_name)
-    app = Config::app_by_name(app_name)
-    AppClient::wait_for_apps(app)
-    AppClient::report_state(app)
-  end
-
-  desc 'paymentlink',
-       'Create a new payment link, requires an api token.'
-  option :api_key, :required => true
-
-  def paymentlink
-    product = AppClient::create_payment_link options.fetch :api_key
-
-    links = {}
-    product["_links"].each {|link| links[link["rel"]] = link["href"]}
-
-    warn links
-    `open #{links["pay"]}`
-  end
-
-  map :populate => :user
-  desc 'user',
-       'create a local user'
-  option :create_payments, :type => :boolean, :default => true
-
-  def user
-    warn '🏗️🏗  Constructing useful things for you...'
-    gateway_account_ids = []
-  
-    service = AppClient::create_service()
-    service_id = service.fetch('external_id')
-
-    if AppClient::is_app_up?('connector')
-      warn '💳  Card connector is up, creating card gateway account and API Token'
-      card_account = AppClient::create_account(service_id)
-      card_gateway_account_id = extract_gateway_account_id(card_account)
-      card_token = AppClient::create_token(card_gateway_account_id)
-      gateway_account_ids.push(card_gateway_account_id)
-      if options[:create_payments] and AppClient::is_app_up? 'publicapi'
-        warn '💸  Creating payments in card sandbox gateway account'
-        (1..11).to_a.each  do
-          sleep 1
-          (1..5).to_a.each {AppClient::create_payment card_token}
-        end
-      end
-    end
- 
-    warn '🤓  Creating admin user for service'
-    user = AppClient::create_user(gateway_account_ids: gateway_account_ids)
-    warn '😎  Creating read only user for service'
-    AppClient::create_user(gateway_account_ids: gateway_account_ids, role_name: 'view-only')
-
-    otp_key = user['otp_key']
-
-    warn TTY::Table.new([
-       ['📧  Email', user[:email]],
-       ['🛂  Password', user[:password]],
-       ['🔑  OTP key', otp_key],
-       ['📱  OTP token', generate_otp_token(otp_key)],
-       ['💁  Service ID', service_id],
-       ['💳  Card gateway account ID', card_gateway_account_id],
-       ['🎫  Card API token', card_token],
-    ]).render(:unicode, padding: 1, multiline: true)
-
-    pbcopy user[:email]
-
-    if AppClient::is_proxy_up? 'selfservice'
-      browse 'selfservice', true
-    elsif AppClient::is_app_up? 'selfservice'
-      browse 'selfservice'
-    end
-  end
-
-  desc 'account',
-       'create a local gateway account'
-  option :service_id
-
-  def account
-    service_id = options.fetch(:service_id, AppClient::create_service().fetch('external_id'))
-    warn "#{AppClient::create_account(service_id).to_json}"
-  end
-
-
-  desc 'token',
-       'create a token'
-  option :gateway_account_id
-
-  def token
-    service = AppClient::create_service()
-    service_id = service.fetch('external_id')
-    gateway_account_id = options.fetch(
-        :gateway_account_id,
-        extract_gateway_account_id( AppClient::create_account service_id)
-    )
-    newToken = AppClient::create_token gateway_account_id
-    warn newToken
-    pbcopy newToken
-  end
-
-  desc 'payment',
-       'create a payment'
-  option :api_key
-  option :email_collection_mode, :default => 'MANDATORY', :enum => ['MANDATORY', 'OPTIONAL', 'OFF']
-
-  def payment
-    api_token = options.fetch(:api_key, false)
-
-    unless api_token
-      warn "👔  Creating gateway account and service"
-
-      email_settings = { email_collection_mode: "#{options.fetch(:email_collection_mode)}" }
-
-      service = AppClient::create_service()
-      service_id = service.fetch('external_id')
-
-      gateway_account_id = extract_gateway_account_id(AppClient::create_account(service_id, email_settings))
-
-      api_token = AppClient::create_token(gateway_account_id)
-
-      warn TTY::Table.new([
-           ['🆔  Gateway account ID', gateway_account_id],
-           ['💁  Service ID', service_id]
-     ]).render(:unicode, padding: 1, multiline: true)
-    end
-
-    warn "💸  Creating payment"
-
-    payment = AppClient::create_payment(api_token)
-    payment_id = payment.fetch('payment_id')
-
-    warn TTY::Table.new([
-       ['💷  Payment ID', payment_id],
-       ['🎫  API token', api_token]
-    ]).render(:unicode, padding: 1, multiline: true)
-
-    next_url = payment.dig('_links', 'next_url', 'href')
-    `open #{next_url}`
-  end
-
-  desc 'otp <key>',
-       'create otp code'
-
-  def otp(key)
-    otp = generate_otp_token(key)
-    warn otp
-    pbcopy otp
-  end
-
-  desc 'db <app_name>',
-       'Connect to <app_name> database, optionally using psql inside the apps database ' \
-       'container (note this means you wont get, or save, your psql history)'
-  option :docker, type: :boolean, default: false
-
-  def db(app_name)
-    if options[:docker]
-      _db_with_docker(app_name)
-    elsif find_executable('psql').nil?
-      warn 'PSQL installation not found locally'
-      _db_with_docker(app_name)
-    else
-      _db_with_local_psql(app_name)
-    end
-  end
-
-  desc 'browse <service>',
-       'browse to local service'
-
-  def browse(app_name, proxy = false)
-    url = base_url(app_name, proxy)
-    `open #{url}`
-  end
-
-  desc 'url <service>',
-       'copy base URL of local service to clipboard'
-
-  def url(app_name, proxy = false)
-    pbcopy base_url(app_name, proxy)
-  end
-
-  no_commands do
-    def generate_otp_token(otp_key)
-      /^[A-Z2-7]+$/.match(otp_key) ? ROTP::TOTP.new(otp_key).now : ROTP::TOTP.new(Base32.encode(otp_key)).now
-    end
-
-    def pbcopy(input)
-      str = input.to_s
-      IO.popen('pbcopy', 'w') { |f| f << str }
-      warn "📋 “#{str}” copied to clipboard"
-      str
-    end
-
-    def extract_gateway_account_id(account)
-      account.fetch('gateway_account_external_id', account.fetch('gateway_account_id'))
-    end
-
-    def base_url(app_name, proxy)
-      if proxy then
-        AppClient::base_proxy_url app_name
-      else
-        AppClient::base_url app_name
-      end
-    end
-
-    def report_status!(child_status, name, action='building')
-      emoji = child_status.success? ? '✅' : '🔴'
-      status = child_status.success? ? 'success' : 'failure'
-
-      warn "#{emoji}  #{action} #{name} was a #{status}"
-    end
-
-    def check_for_workspace_env
-      unless ENV.include? 'WORKSPACE'
-        abort '❌ Environment variable WORKSPACE must be set. ' \
-          'It should be the directory which contains all your other pay-* repos'
-      end
-
-      unless Dir.exist?(ENV['WORKSPACE'])
-        abort "❌ Environment variable WORKSPACE is set to #{ENV['WORKSPACE']} which does not exist." \
-          'It must point to the directory which contains all your other pay-* repos'
-      end
-    end
-
-    def check_for_local_repo(repo_name)
-      repo_path = File.join(ENV['WORKSPACE'], repo_name)
-
-      unless Dir.exist?(repo_path)
-        abort "❌ Repo #{repo_name} does not exist in #{ENV['WORKSPACE']}, "\
-          "you need to clone it with `git clone git@github.com:alphagov/#{repo_name}.git #{repo_path}"
-      end
-    end
-
-    def npm_install(repo_name)
-      repo_path = File.join(ENV['WORKSPACE'], repo_name)
-      `cd #{repo_path} && npm install >>/dev/null 2>&1`
-    end
-
-    def npm_run_compile(repo_name)
-      repo_path = File.join(ENV['WORKSPACE'], repo_name)
-      `cd #{repo_path} && npm run compile >>/dev/null 2>&1`
-    end
-
-    def get_image_from_dockerfile_in_repo(repo_name)
-      repo_path = File.join(ENV['WORKSPACE'], repo_name)
-      m1_dockerfile_path = File.join(repo_path, 'm1', 'arm64.Dockerfile')
-      default_dockerfile_path = File.join(repo_path, 'Dockerfile')
-
-      dockerfile_path =
-        if RUBY_PLATFORM.include?('arm64') && File.exist?(m1_dockerfile_path)
-          m1_dockerfile_path
-        else
-          default_dockerfile_path
-        end
-
-      PayCLI::Commands::Local::ImageExtractor.parse_image_without_sha(dockerfile_path)
-    end
-
-    def _db_with_docker(app_name)
-      normalised_app_name = app_name.tr('-', '_')
-
-      warn 'Running psql in running app db container.'
-      warn 'Note: This means you wont have a psql history, and one will not survive restarts of pay local'
-
-      exec "docker exec -ti -e PGPASSWORD=mysecretpassword #{normalised_app_name}_db \
-            psql --host localhost  --user #{normalised_app_name} --dbname #{normalised_app_name}"
-    end
-
-    def _db_with_local_psql(app_name)
-      normalised_app_name = app_name.tr('-', '_')
-
-      port = Config.all.select { |app| app[:name] == app_name }.map { |app| app[:db_port] }.first
-      exec "PGPASSWORD=mysecretpassword \
-        psql -h localhost -p #{port} -U #{normalised_app_name} -d #{normalised_app_name}"
-    end
-  end
-end

package/resources/legacy-ruby-cli/lib/pay_cli/commands/secrets.rb

@@ -1,114 +0,0 @@
-require 'tty-table'
-
-
-class PayCLI::Commands::Secrets < Thor
-  desc 'fetch <env> <service> <secret_name> --use-ssm ',
-       'Fetches a <named secret> for <service> for <env>, if use-ssm is set then get the secret from ssm'
-  method_option :use_ssm, :aliases => "-s", :desc => "Query ssm to get the value"
-  def fetch(env, service, secret_name)
-    PayCLI::StopYubicoAuthenticator.stop_yubico_authenticator!
-    secret_value = PayCLI::Secrets.fetch! env, service, secret_name, options[:use_ssm]
-
-    STDERR.puts "Found value for #{secret_name} in #{env} for #{service}"
-    print secret_value.chomp
-  end
-
-  desc 'audit <service> <env1> [<env2> ... <envn>]',
-       'Audits secrets for <service> for the given <envs*>'
-  def audit(service, *envs)
-    PayCLI::StopYubicoAuthenticator.stop_yubico_authenticator!
-    STDERR.puts "Auditing secrets for #{service} in #{envs.inspect}"
-
-    secrets_for_env = PayCLI::Secrets.secrets_for_service service
-    secrets_in_envs = PayCLI::Secrets.secrets_in_envs_for_service envs, service
-
-    header = [service].concat(envs)
-    rows = secrets_for_env.map do |secret|
-      [secret].concat(
-        envs.map { |e| secrets_in_envs[e].include?(secret) ? '✓' : '' }
-      )
-    end
-    footer = ["Other"].concat(
-      envs.map { |e| (secrets_in_envs[e] - secrets_for_env).join("\n") }
-    )
-
-    table = TTY::Table.new [header] + rows + [footer]
-    STDERR.puts table.render(
-      :unicode,
-      alignment: :center,
-      padding:   1,
-      multiline: true,
-    )
-  end
-
-  desc 'copy <service> <src_env> <dest_env>',
-       'Copies secrets for <service> from <src_env> to <dest_env>'
-  def copy(service, src_env, dest_env)
-    PayCLI::StopYubicoAuthenticator.stop_yubico_authenticator!
-    PayCLI::Secrets.secrets_in_envs_for_service(
-      [src_env],
-      service
-    )[src_env].each do |secret_name|
-      secret_value = PayCLI::Secrets::fetch_secret_for_service_from_env(
-        src_env, service, secret_name
-      )
-
-      old_value = PayCLI::Secrets::fetch_single_secret_from_env_for_service!(
-        dest_env,
-        service,
-        secret_name
-      )
-
-      if old_value == secret_value
-        STDERR.puts "✅   Copying #{secret_name} into #{dest_env} for #{service} would apply no change"
-        next
-      end
-
-      STDERR.puts PayCLI::Secrets.diff_table(
-        old_value,
-        secret_value
-      )
-
-      STDERR.puts "❓  Update value of #{secret_name} in #{dest_env} for #{service}?"
-      if (STDERR.print "   Type 'yes' exactly > "; STDIN.gets.chomp == 'yes')
-
-        STDERR.puts "✅   Updated #{secret_name} in #{dest_env}"
-        PayCLI::Secrets::write_secret_for_service_in_env!(
-          dest_env,
-          service,
-          secret_name,
-          secret_value
-        )
-      end
-    end
-  end
-
-  desc 'provision <service> <env>',
-       'Provisions secrets from config for <service> in <env>'
-  def provision(service, env)
-    PayCLI::StopYubicoAuthenticator.stop_yubico_authenticator!
-    PayCLI::Secrets.secrets_for_service(service).each do |secret_name|
-      old_value = PayCLI::Secrets::fetch_single_secret_from_env_for_service!(
-        env,
-        service,
-        secret_name
-      )
-      new_value = PayCLI::Secrets::fetch!(env, service, secret_name)
-
-      if old_value == new_value
-        STDERR.puts "✅   Provisioning #{secret_name} in #{env} for #{service} would apply no change"
-        next
-      end
-
-      STDERR.puts "❓  Update value of #{secret_name} in #{env} for #{service}?"
-      STDERR.puts PayCLI::Secrets.diff_table(
-        old_value,
-        new_value
-      )
-      if (STDERR.print "   Type 'yes' exactly > "; STDIN.gets.chomp == 'yes')
-        PayCLI::Secrets.write_secret_for_service_in_env!(env,service,secret_name, new_value)
-        STDERR.puts "✅   Updated #{secret_name} for #{service} in #{env}"
-      end
-    end
-  end
-end

package/resources/legacy-ruby-cli/lib/pay_cli/commands/tunnel/services.yml

@@ -1,49 +0,0 @@
----
-- service_name: adminusers
-  local_port:        9001
-  remote_port:       50603
-
-# There are no longer live servers for cardid so it's
-# not possible to tunnel to it
-# - service_name: cardid
-#   local_port:        9002
-#   remote_port:       50503
-
-- service_name: connector
-  local_port:        9003
-  remote_port:       50103
-
-- service_name: products
-  local_port:        9005
-  remote_port:       51003
-
-- service_name: publicauth
-  local_port:        9006
-  remote_port:       50303
-
-- service_name: ledger
-  local_port:        9007
-  remote_port:       50104
-
-- service_name: adminusers_db
-  local_port:        5432
-  remote_port:       5432
-
-- service_name: connector_db
-  local_port:        5432
-  remote_port:       5432
-
-- service_name: products_db
-  local_port:        5432
-  remote_port:       5432
-
-- service_name: publicauth_db
-  local_port:        5432
-  remote_port:       5432
-
-- service_name: ledger_db
-  local_port:        5432
-  remote_port:       5432
-  instance_version:
-    production-2: 1
-...

package/resources/legacy-ruby-cli/lib/pay_cli/naming.rb

@@ -1,6 +0,0 @@
-module PayCLI::Naming
-  def self.asg_name(env, microservice)
-    microservice = 'www' if microservice == 'frontend'
-    "#{env}-#{microservice}-ecs-appserver"
-  end
-end