@govuk-pay/cli 0.0.55 → 0.0.57

package/resources/legacy-ruby-cli/config/service_secrets.yml

@@ -1,203 +0,0 @@
----
-adminusers:
-  - DB_USER
-  - DB_PASSWORD
-  - DB_SUPPORT_USER_READONLY
-  - DB_SUPPORT_PASSWORD_READONLY
-  - DB_SUPPORT_USER_READWRITE
-  - DB_SUPPORT_PASSWORD_READWRITE
-  - NOTIFY_API_KEY
-  - NOTIFY_SECRET
-  - SENTRY_DSN
-alb_and_s3_logging_pipeline:
-  - firehose_hec_token
-amazon-managed-prometheus:
-  - pager_duty_cloudwatch_integration_url_in_hours_only
-  - pager_duty_cloudwatch_integration_url_24_7_p1
-cardid:
-  - SENTRY_DSN
-connector:
-  - DB_USER
-  - DB_PASSWORD
-  - DB_SUPPORT_USER_READONLY
-  - DB_SUPPORT_PASSWORD_READONLY
-  - DB_SUPPORT_USER_READWRITE
-  - DB_SUPPORT_PASSWORD_READWRITE
-  - NOTIFY_SECRET
-  - NOTIFY_API_KEY
-  - GDS_CONNECTOR_STRIPE_AUTH_TOKEN
-  - GDS_CONNECTOR_STRIPE_AUTH_LIVE_TOKEN
-  - GDS_CONNECTOR_STRIPE_WEBHOOK_SIGN_SECRET
-  - GDS_CONNECTOR_STRIPE_WEBHOOK_LIVE_SIGN_SECRET
-  - GDS_CONNECTOR_STRIPE_CONNECT_APPLICATION_WEBHOOK_LIVE_SIGN_SECRET
-  - GDS_CONNECTOR_STRIPE_CONNECT_APPLICATION_WEBHOOK_TEST_SIGN_SECRET
-  - WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_CERTIFICATE
-  - WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_PRIVATE_KEY
-  - WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_CERTIFICATE_SECONDARY
-  - WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_PRIVATE_KEY_SECONDARY
-  - SENTRY_DSN
-  - SANDBOX_AUTH_TOKEN
-deploy:
-  - PAGER_DUTY_CLOUDWATCH_INTEGRATION_URL
-  - PAGER_DUTY_CLOUDWATCH_INTEGRATION_URL_STAGING
-pact-broker:
-  - master_db_user
-  - master_db_password
-  - DB_USER
-  - DB_PASSWORD
-  - DB_SUPPORT_USER_READONLY
-  - DB_SUPPORT_PASSWORD_READONLY
-  - DB_SUPPORT_USER_READWRITE
-  - DB_SUPPORT_PASSWORD_READWRITE
-pact-broker-auth:
-  - pact-broker-basic-auth-password
-  - pact-broker-basic-auth-username
-frontend:
-  - GOOGLE_PAY_MERCHANT_ID
-  - GOOGLE_PAY_MERCHANT_ID_2
-  - SESSION_ENCRYPTION_KEY
-  - SESSION_ENCRYPTION_KEY_2
-  - AB_TEST_THRESHOLD
-  - WORLDPAY_APPLE_PAY_MERCHANT_ID
-  - WORLDPAY_APPLE_PAY_MERCHANT_ID_CERTIFICATE
-  - WORLDPAY_APPLE_PAY_MERCHANT_ID_CERTIFICATE_KEY
-  - STRIPE_APPLE_PAY_MERCHANT_ID
-  - STRIPE_APPLE_PAY_MERCHANT_ID_CERTIFICATE
-  - STRIPE_APPLE_PAY_MERCHANT_ID_CERTIFICATE_KEY
-  - STRIPE_TEST_PUBLISHABLE_API_KEY
-  - STRIPE_LIVE_PUBLISHABLE_API_KEY
-  - SENTRY_DSN
-  - SENTRY_CSP_REPORT_URI
-network:
-  - PAGER_DUTY_CLOUDWATCH_ALB_INTEGRATION_URL
-publicapi:
-  # These secrets are used by the app, but having them set to an empty string tries to overwrite working secrets with
-  # the words 'Password Store'. They are not in pay-low-pass, so for now to stop them being overwritten I'm commenting them out
-  # - TOKEN_API_HMAC_SECRET
-  - SENTRY_DSN
-publicauth:
-  - DB_USER
-  - DB_PASSWORD
-  - DB_SUPPORT_USER_READONLY
-  - DB_SUPPORT_PASSWORD_READONLY
-  - DB_SUPPORT_USER_READWRITE
-  - DB_SUPPORT_PASSWORD_READWRITE
-  # These secrets are used by the app, but having them set to an empty string tries to overwrite working secrets with
-  # the words 'Password Store'. They are not in pay-low-pass, so for now to stop them being overwritten I'm commenting them out
-  # - TOKEN_DB_BCRYPT_SALT
-  # - TOKEN_API_HMAC_SECRET
-  - SENTRY_DSN
-product-page:
-  - pager_duty_cloudwatch_integration_url
-products:
-  - DB_USER
-  - DB_PASSWORD
-  - DB_SUPPORT_USER_READONLY
-  - DB_SUPPORT_PASSWORD_READONLY
-  - DB_SUPPORT_USER_READWRITE
-  - DB_SUPPORT_PASSWORD_READWRITE
-  - SENTRY_DSN
-products-ui:
-  - SESSION_ENCRYPTION_KEY
-  - SENTRY_DSN
-  - GOOGLE_RECAPTCHA_SECRET_KEY
-  - GOOGLE_RECAPTCHA_SITE_KEY
-  - GOOGLE_RECAPTCHA_ENTERPRISE_PROJECT_ID
-selfservice:
-  - SESSION_ENCRYPTION_KEY
-  - ZENDESK_API_KEY
-  - ZENDESK_USER
-  - STRIPE_ACCOUNT_API_KEY
-  - SENTRY_DSN
-ledger:
-  - DB_PASSWORD
-  - DB_USER
-  - DB_SUPPORT_USER_READONLY
-  - DB_SUPPORT_PASSWORD_READONLY
-  - DB_SUPPORT_USER_READWRITE
-  - DB_SUPPORT_PASSWORD_READWRITE
-  - SENTRY_DSN
-webhooks:
-  - DB_PASSWORD
-  - DB_USER
-  - DB_SUPPORT_USER_READONLY
-  - DB_SUPPORT_PASSWORD_READONLY
-  - DB_SUPPORT_USER_READWRITE
-  - DB_SUPPORT_PASSWORD_READWRITE
-  - SENTRY_DSN
-toolbox:
-  - AUTH_GITHUB_CLIENT_ID
-  - AUTH_GITHUB_CLIENT_SECRET
-  - AUTH_GITHUB_VIEW_ONLY_TEAM_ID
-  - AUTH_GITHUB_USER_SUPPORT_TEAM_ID
-  - AUTH_GITHUB_ADMIN_TEAM_ID
-  - STRIPE_ACCOUNT_API_KEY
-  - STRIPE_ACCOUNT_TEST_API_KEY
-  - SENTRY_DSN
-  - ZENDESK_API_KEY
-  - ZENDESK_USER
-cd-pay-deploy:
-  - docker-password
-  - docker-username
-  - docker-email
-  - docker-access-token
-  - end-to-end/docker-password
-  - end-to-end/docker-username
-  - end-to-end/docker-email
-  - end-to-end/docker-access-token
-  - github-access-token
-  - grafana-annotations-password
-  - internal-vulnerability-scan/jira-api-username
-  - internal-vulnerability-scan/jira-api-token
-  - internal-vulnerability-scan/jira-base-url
-  - pact-broker-username
-  - pact-broker-password
-  - pact-broker/pact-broker-password
-  - pact-broker/pact-broker-username
-  - pay_aws_deploy_account_id
-  - pay_aws_prod_account_id
-  - pay_aws_production_account_id
-  - pay_aws_staging_account_id
-  - pay_aws_test_account_id
-  - slack-notification-secret
-cd-pay-dev:
-  - docker-email
-  - docker-username
-  - docker-password
-  - docker-access-token
-  - github-access-token
-  - grafana-annotations-password
-  - pact-broker-username
-  - pact-broker-password
-  - pay_aws_deploy_account_id
-  - pay_aws_staging_account_id
-  - pay_aws_test_account_id
-  - pay_aws_dev_account_id
-  - pay-js-commons/github-access-token
-  - pr-ci/github-access-token
-  - slack-notification-secret
-  - smartpay-expected-password
-  - smartpay-expected-user
-  - worldpay-expected-password
-  - worldpay-expected-user
-cd-main:
-  - docker-email
-  - docker-username
-  - docker-password
-  - docker-access-token
-  - slack-notification-secret
-webhooks_intrusion_monitoring:
-  - pager_duty_cloudwatch_integration_url
-stubs:
-  - smartpay-expected-password
-  - smartpay-expected-user
-  - worldpay-expected-password
-  - worldpay-expected-user
-codebuild:
-  - docker-username
-  - docker-access-token
-  - github-access-token
-worldpay_secure_file_gateway:
-  - private-key
-  - public-key
-  - passphrase

package/resources/legacy-ruby-cli/lib/pay_cli/aws/services.rb

@@ -1,47 +0,0 @@
-module PayCLI::Aws::Services
-  def self.wait_for(env, service_name, desired_count)
-    STDERR.puts "🔵  Waiting until >= #{desired_count} of #{service_name}"
-
-    service = ::Aws::ECS::Client.new
-      .describe_services(services: ["#{service_name}"], cluster: env)
-      .services.first
-    lb = service.load_balancers.first
-    tg_arn = lb.target_group_arn
-
-    lb_client = ::Aws::ElasticLoadBalancingV2::Client.new
-
-    (1..).each do |attempt|
-      STDERR.print "\r💤  Waiting (attempt #{attempt})"
-
-      healths = lb_client
-	      .describe_target_health(target_group_arn: tg_arn)
-	      .target_health_descriptions
-
-      healthy_services = healths.select { |h| h.target_health.state == 'healthy' }
-
-      STDERR.print " | Found #{healthy_services.count} healthy #{service_name}"
-
-      break if healthy_services.count >= desired_count
-      sleep 5
-    end
-  end
-
-  def self.scale(env, service_name, desired_count, wait=false)
-    ecs_client = Aws::ECS::Client.new
-
-    STDERR.puts "Scaling desired tasks of #{service_name} in #{env} to #{desired_count}"
-    begin
-        ecs_client
-          .update_service(
-           cluster: env,
-           service: service_name,
-           desired_count: desired_count
-        )
-        STDERR.puts "✅ Scaled #{service_name} in #{env} to #{desired_count}"
-    rescue ::Aws::ECS::Errors::ClientException
-        STDERR.puts "❌ Scaled failed for #{service_name} in #{env} to #{desired_count}"
-    end
-
-    wait_for(env, service_name, desired_count) if wait
-  end
-end

package/resources/legacy-ruby-cli/lib/pay_cli/commands/aws.rb

@@ -1,29 +0,0 @@
-require 'English'
-require 'aws-sdk-route53'
-
-class PayCLI::Commands::Aws < Thor
-  desc 'token <account>', 'fetches a token for <account>'
-  def token(account)
-    PayCLI::Aws::Tokens.setup!(account)
-    STDERR.puts "Found token for #{account}, printing to STDOUT"
-    STDERR.puts "If you aren't already, run this inside $() to set env vars"
-    %w{AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN}.each do |varname|
-      puts "export #{varname}=#{ENV[varname]}"
-    end
-    STDERR.puts "Outputted token for #{account} successfully"
-    exit 0
-  end
-
-  desc 'cmd <account> <*args>',
-       'runs args in aws with credentials for <account>'
-  def cmd(account, *args)
-    PayCLI::Environment.setup! account
-
-    pid = spawn(
-      "aws #{args.join(' ')}",
-      in: STDIN, out: STDOUT, err: STDERR
-    )
-    Process.wait pid
-    exit $CHILD_STATUS.exitstatus
-  end
-end

package/resources/legacy-ruby-cli/lib/pay_cli/commands/browse.rb

@@ -1,31 +0,0 @@
-require 'English'
-
-class PayCLI::Commands::Browse < Thor
-  desc 'manual', 'browses the pay team manual'
-  def manual
-    STDERR.puts 'Opening the team manual'
-    `open https://manual.payments.service.gov.uk`
-    exit $CHILD_STATUS.exitstatus
-  end
-
-  desc 'repo', 'browses the pay-infra github repo'
-  def repo
-    STDERR.puts 'Opening the pay-infra github repository'
-    `open https://github.com/alphagov/pay-infra`
-    exit $CHILD_STATUS.exitstatus
-  end
-
-  desc 'status', 'browses the pay status page'
-  def status
-    STDERR.puts 'Opening the status page'
-    `open http://payments.statuspage.io`
-    exit $CHILD_STATUS.exitstatus
-  end
-
-  desc 'concourse', 'browses the concourse page'
-  def concourse
-    STDERR.puts 'Opening the concourse page'
-    `open https://pay-cd.deploy.payments.service.gov.uk/`
-    exit $CHILD_STATUS.exitstatus
-  end
-end

package/resources/legacy-ruby-cli/lib/pay_cli/commands/local/app_client.rb

@@ -1,216 +0,0 @@
-module PayCLI::Commands::Local::AppClient
-  Config = PayCLI::Commands::Local::Config
-
-  def self.create_account(service_id = nil, email_settings = { email_collection_mode: 'MANDATORY' })
-    gateway_account_data = {
-        payment_provider: 'sandbox',
-        service_name: 'My service',
-        type: 'test',
-        service_id: service_id
-    }
-
-
-    patch_email_collection_mode_data = {
-        op: 'replace',
-        path: 'email_collection_mode',
-        value: email_settings[:email_collection_mode]
-    }
-
-    account = post("#{base_url 'connector'}/v1/api/accounts", gateway_account_data)
-
-    patch("#{base_url 'connector'}/v1/api/accounts/#{account["gateway_account_id"]}", patch_email_collection_mode_data)
-    patch("#{base_url 'adminusers'}/v1/api/services/#{service_id}", {
-      op: 'add',
-      path: 'gateway_account_ids',
-      value: [ account.fetch('gateway_account_id') ]
-    })
-
-    return account
-
-  end
-
-  def self.create_token(gateway_account_id)
-    token_data = {
-        account_id: gateway_account_id,
-        description: 'my token',
-        created_by: 'system generated',
-        token_type: 'CARD'
-    }
-
-    post("#{base_url 'publicauth'}/v1/frontend/auth", token_data)
-        .fetch('token')
-  end
-
-  def self.create_payment(api_token)
-    payment_data = {
-        amount: 1000,
-        description: 'my payment',
-        reference: 'my payment reference',
-        return_url: 'https://www.payments.service.gov.uk'
-    }
-
-    post_with_token("#{base_url('publicapi')}/v1/payments", payment_data, api_token)
-  end
-
-  def self.create_user(gateway_account_ids: [], role_name: 'admin')
-    username = SecureRandom.hex
-    user_data = {
-        gateway_account_ids: gateway_account_ids,
-        email: "#{username}@example.com",
-        password: 'aaaaaaaaaa',
-        telephone_number: '01134960000',
-        role_name: role_name
-    }
-
-    post("#{base_url 'adminusers'}/v1/api/users", user_data)
-        .merge(user_data)
-  end
-
-  def self.create_payment_link(api_token)
-    product_data = {
-        pay_api_token: api_token,
-        name: 'exampleName',
-        price: 100,
-        gateway_account_id: 1,
-        return_url: 'https://test.test/some_reference',
-        service_name: 'aServiceName',
-        type: 'ADHOC',
-        service_name_path: 'aServiceNamePath',
-        product_name_path: SecureRandom.hex,
-        reference_enabled: false
-    }
-
-    post("#{base_url 'products'}/v1/api/products/", product_data)
-  end
-
-  def self.create_service()
-    service_data = {
-        service_name: {en: 'My service', cy: 'Welsh name for My service'}
-    }
-
-    post("#{base_url 'adminusers'}/v1/api/services", service_data)
-  end
-
-  def self.post(url, data, custom_headers={}, exit_on_error = true)
-    headers = {content_type: :json, accept: :json}.merge(custom_headers)
-    begin
-      [url]
-          .map {|url| RestClient.post(url, data.to_json, headers).body}
-          .map {|response| JSON.parse(response)}
-          .first
-    rescue => e
-      begin
-        STDERR.puts "😬  Calling #{url} got error #{e.response}... sssorry about that"
-      rescue
-        STDERR.puts "🤔  Hmm, seems we cannot connect to #{url}. Here is what's up at the moment:"
-        report_state Config::all, false
-      end
-      exit 1 if exit_on_error
-    end
-  end
-
-    def self.patch(url, data, custom_headers={}, exit_on_error = true)
-      headers = {content_type: :json, accept: :json}.merge(custom_headers)
-      begin
-        RestClient.patch(url, data.to_json, headers)
-      rescue => e
-        begin
-          STDERR.puts "😬  Calling #{url} got error #{e.response}... sssorry about that"
-        rescue
-          STDERR.puts "🤔  Hmm, seems we cannot connect to #{url}. Here is what's up at the moment:"
-          report_state Config::all, false
-        end
-        exit 1 if exit_on_error
-      end
-    end
-
-  def self.wait_for_apps(apps)
-    timeout = 0
-    app_states = list_app_states apps
-
-    until all_up_states?(app_states) || timeout > 60 do
-      STDERR.print [
-         '🙄  Waiting for',
-         app_states
-             .reject {|app_state| app_state[:healthy]}
-             .map {|app_state| ' ' + app_state[:app_name]}.join(','),
-         + "                              \r"
-      ].join('')
-
-      $stdout.flush
-      timeout += 1
-      app_states = list_app_states apps
-      sleep 1
-    end
-    STDERR.puts "\n\n"
-  end
-
-  def self.report_state(apps, summarise = true)
-    app_states = list_app_states apps
-    STDERR.puts app_states.map {|app_state| "#{app_state[:healthy] ? '✅' : '🔴'}      #{app_state[:app_name]}"}
-    if all_up_states?(app_states)
-      STDERR.puts "\n🎉  Ready to roll\n\n"
-    else
-      STDERR.puts "\n💥  Hmmm, something not quite right"
-      STDERR.puts "ℹ️   It may have just timed out waiting so you could just try again"
-      STDERR.puts "ℹ️   Make sure you have the latest pay-infra"
-      STDERR.puts "ℹ️   docker logs <app> should tell you if an app failed to launch"
-      STDERR.puts "ℹ️   docker inspect <app> may give some clues under State"
-      STDERR.puts "ℹ️   pay local nuke is drastic but may help"
-      STDERR.puts "ℹ️   docker system prune --all is also drastic but may get things working"
-      STDERR.puts "ℹ️   You may need to increase the memory in Docker Desktop settings\n\n"
-
-
-    end if summarise
-  end
-
-  def self.get(url)
-    RestClient::Request.execute(
-        :url => url,
-        :method => :get,
-        :headers => {accept: :json},
-        :verify_ssl => false
-    )
-  end
-
-  def self.post_with_token(url, data, token, exit_on_error = true)
-    post(url, data, {authorization: "Bearer #{token}"}, exit_on_error)
-  end
-
-  def self.is_app_up?(app_name)
-    return true unless Config::has_healthcheck(app_name)
-    begin
-      get("#{base_url app_name}/healthcheck").code.equal? 200
-    rescue
-      false
-    end
-  end
-
-  def self.is_proxy_up?(app_name)
-    begin
-      get("#{base_proxy_url app_name}/healthcheck").code.equal? 200
-    rescue
-      false
-    end
-  end
-
-  def self.all_up?(apps)
-    all_up_states? list_app_states apps
-  end
-
-  def self.all_up_states?(app_states)
-    app_states.reject {|app| app[:healthy]}.length.equal? 0
-  end
-
-  def self.list_app_states(apps)
-    apps.map {|app| {app_name: app[:name], healthy: is_app_up?(app[:name])}}
-  end
-
-  def self.base_url(app_name)
-    "http://localhost:#{Config::port app_name}"
-    end
-
-  def self.base_proxy_url(app_name)
-    "https://localhost:#{Config::proxy_port app_name}"
-  end
-end

package/resources/legacy-ruby-cli/lib/pay_cli/commands/local/config.rb

@@ -1,142 +0,0 @@
-module PayCLI::Commands::Local::Config
-  @apps = ActiveSupport::HashWithIndifferentAccess.new(YAML.load_file("#{File.dirname(__FILE__)}/config.yaml")).values
-
-  def self.all
-    @apps
-  end
-
-  def self.boring
-    @apps.select {|app| app[:experimental] != true }
-  end
-
-  def self.port(app_name)
-    self.get_config app_name, :port
-  end
-
-  def self.admin_port(app_name)
-    self.get_config app_name, :admin_port
-  end
-
-  def self.get_config(app_name, field)
-    @apps.select {|app| app[:name] == app_name}.map {|app| app[field]}.first
-  end
-
-  def self.has_healthcheck(app_name)
-    @apps.select {|app| app[:name] == app_name}.map {|app| app[:healthcheck]}.first
-  end
-
-  def self.uses_redis(app_name)
-    @apps.select {|app| app[:name] == app_name}.any? {|app| app.fetch(:uses_redis, false)}
-  end
-
-  def self.proxy_port(app_name)
-    @apps.select {|app| app[:name] == app_name}.map {|app| app[:proxy_port]}.first
-  end
-
-  def self.can_use_egress_proxy(app_name)
-    @apps.select {|app| app[:name] == app_name}.first.fetch(:can_use_egress_proxy, false)
-  end
-
-  def self.cluster( cluster, apps)
-    apps.select {|app| app[:clusters].include?(cluster)}
-  end
-
-  def self.local(local_app_names, apps)
-    apps.select {|app| local_app_names.include? app[:name]}
-  end
-
-  def self.remote(local_app_names, apps)
-    apps.select {|app| !local_app_names.include? app[:name]}
-  end
-
-  def self.filter(app_names, apps)
-    apps.select {|app| app_names.include? app[:name]}
-  end
-
-  def self.node(apps)
-    apps.select { |app| app[:type] == 'node'}
-  end
-
-  def self.java(apps)
-    apps.select { |app| app[:type] == 'java'}
-  end
-
-  def self.has_db(apps)
-    apps.select {|app| app[:db]}
-  end
-
-  def self.has_proxy(apps)
-    apps.select {|app| app[:proxy]}
-  end
-
-  def self.has_queue(apps) 
-    apps.select {|app| app[:queues]}
-  end
-
-  def self.has_sns_topics(apps)
-    apps.select { |app| app[:sns_topics] }
-  end
-
-  def self.uses_localstack(apps)
-    has_queue(apps).any? || has_sns_topics(apps).any?
-  end
-
-  def self.db_configs(apps)
-    apps.map {|app| {
-        name: app[:name] + '_db',
-        port: app[:db_port]
-    }}
-  end
-
-  def self.app_by_name(name)
-    @apps.select do |app|
-      app[:name] == name
-    end
-  end
-
-  def self.proxy_configs(apps)
-    apps.map {|app|
-      if app[:naxsi]
-        md5 = copy_naxsi_rules(app).hexdigest
-      end
-      {
-          name: app[:name] + '-proxy',
-          port: app[:proxy_port],
-          proxy_port: app[:port],
-          proxy_host: app[:name],
-          naxsi_md5: md5
-      }
-    }
-  end
-  
-  def self.copy_naxsi_rules(app)
-    naxsi_rule_dest = File.join(
-    File.dirname(__FILE__),
-    "files/naxsi/#{app[:name]}.rules")
-
-    naxsi_rule_source = File.join(
-    File.dirname(__FILE__),
-    '..', '..', '..', '..', '..',
-    'provisioning',
-    'terraform',
-    'modules',
-    'pay_microservices_v2',
-    app[:name],
-    'files',
-    "#{app[:name]}.naxsi")
-
-    FileUtils.copy(naxsi_rule_source, naxsi_rule_dest)
-
-    Digest::MD5.file naxsi_rule_dest
-  end
-
-  def self.write_end_to_end_config(binding)
-    erb = ERB.new(File.read(File.join(
-        File.dirname(__FILE__),
-        'files',
-        'end-to-end.erb')), trim_mode: '-')
-
-    erb.result(binding)
-  end
-
-end