npm - @meshxdata/fops - Versions diffs - 0.1.44 → 0.1.46 - Mend

@meshxdata/fops 0.1.44 → 0.1.46

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (36) hide show

package/src/plugins/bundled/fops-plugin-azure/lib/azure-keyvault.js CHANGED Viewed

@@ -1253,6 +1253,192 @@ export async function keyvaultSetup(opts = {}) {
   console.log(chalk.bold.green(`\n  Setup complete! Run: fops azure keyvault sync\n`));
 }
+// ═══════════════════════════════════════════════════════════════════════════
+// Network configuration (VNet integration, service endpoints)
+// ═══════════════════════════════════════════════════════════════════════════
+export async function networkShow(opts = {}) {
+  const execa = await lazyExeca();
+  const sub = opts.profile;
+  await ensureAzCli(execa);
+  await ensureAzAuth(execa, { subscription: sub });
+  const vault = await resolveVault(execa, opts.vault, sub);
+  const { stdout } = await execa("az", [
+    "keyvault", "show", "--name", vault, "--output", "json", ...subArgs(sub),
+  ], { timeout: 30000 });
+  const v = JSON.parse(stdout);
+  const props = v.properties || {};
+  const networkRules = props.networkAcls || {};
+  banner(`Network Config — "${vault}"`);
+  kvLine("Public Access", props.publicNetworkAccess === "Disabled" ? OK("disabled") : WARN("enabled"));
+  kvLine("Default Action", networkRules.defaultAction === "Deny" ? OK("Deny") : WARN(networkRules.defaultAction || "Allow"));
+  kvLine("Bypass", DIM(networkRules.bypass || "AzureServices"));
+  const ipRules = networkRules.ipRules || [];
+  const vnetRules = networkRules.virtualNetworkRules || [];
+  console.log("");
+  if (ipRules.length > 0) {
+    console.log(ACCENT("  IP Rules"));
+    for (const r of ipRules) {
+      console.log(`    ${DIM("•")} ${r.value}`);
+    }
+  } else {
+    kvLine("IP Rules", DIM("none"));
+  }
+  if (vnetRules.length > 0) {
+    console.log(ACCENT("  VNet Rules"));
+    for (const r of vnetRules) {
+      const subnetId = r.id || "";
+      const parts = subnetId.split("/");
+      const vnet = parts[parts.indexOf("virtualNetworks") + 1] || "";
+      const subnet = parts[parts.indexOf("subnets") + 1] || "";
+      console.log(`    ${DIM("•")} ${vnet}/${subnet}`);
+    }
+  } else {
+    kvLine("VNet Rules", DIM("none"));
+  }
+  console.log("");
+  hint("Add VNet: fops azure keyvault network add-vnet --vault <name> --vnet <vnet> --subnet <subnet>");
+  hint("Private:  fops azure keyvault network private --vault <name>\n");
+}
+export async function networkAddVnet(opts = {}) {
+  const execa = await lazyExeca();
+  const sub = opts.profile;
+  await ensureAzCli(execa);
+  await ensureAzAuth(execa, { subscription: sub });
+  const vault = await resolveVault(execa, opts.vault, sub);
+  if (!opts.vnet || !opts.subnet) {
+    console.error(chalk.red("\n  --vnet and --subnet are required.\n"));
+    process.exit(1);
+  }
+  const rg = opts.resourceGroup || opts.vnetResourceGroup;
+  // 1. Add service endpoint to subnet if not present
+  hint(`Adding Microsoft.KeyVault service endpoint to ${opts.vnet}/${opts.subnet}...`);
+  const subnetArgs = [
+    "network", "vnet", "subnet", "update",
+    "--vnet-name", opts.vnet,
+    "-n", opts.subnet,
+    "--service-endpoints", "Microsoft.KeyVault",
+    "--output", "none",
+    ...subArgs(sub),
+  ];
+  if (rg) subnetArgs.push("-g", rg);
+  const { exitCode: seCode, stderr: seErr } = await execa("az", subnetArgs, { timeout: 120000, reject: false });
+  if (seCode !== 0) {
+    console.log(WARN(`  ⚠ Service endpoint: ${(seErr || "").split("\n")[0]}`));
+  } else {
+    console.log(OK("  ✓ Service endpoint added"));
+  }
+  // 2. Get subnet resource ID
+  const subnetShowArgs = [
+    "network", "vnet", "subnet", "show",
+    "--vnet-name", opts.vnet,
+    "-n", opts.subnet,
+    "--query", "id", "-o", "tsv",
+    ...subArgs(sub),
+  ];
+  if (rg) subnetShowArgs.push("-g", rg);
+  const { stdout: subnetId, exitCode: sidCode, stderr: sidErr } = await execa("az", subnetShowArgs, { timeout: 30000, reject: false });
+  if (sidCode !== 0 || !subnetId?.trim()) {
+    console.error(chalk.red(`\n  ✗ Could not find subnet: ${(sidErr || "").split("\n")[0]}\n`));
+    process.exit(1);
+  }
+  // 3. Add VNet rule to Key Vault
+  hint(`Adding VNet rule to Key Vault "${vault}"...`);
+  const { exitCode, stderr } = await execa("az", [
+    "keyvault", "network-rule", "add",
+    "--name", vault,
+    "--subnet", subnetId.trim(),
+    "--output", "none",
+    ...subArgs(sub),
+  ], { timeout: 60000, reject: false });
+  if (exitCode !== 0) {
+    console.error(chalk.red(`\n  ✗ ${(stderr || "").split("\n")[0]}\n`));
+    process.exit(1);
+  }
+  console.log(OK(`  ✓ VNet rule added: ${opts.vnet}/${opts.subnet}`));
+  hint(`\nSet to private: fops azure keyvault network private --vault ${vault}\n`);
+}
+export async function networkPrivate(opts = {}) {
+  const execa = await lazyExeca();
+  const sub = opts.profile;
+  await ensureAzCli(execa);
+  await ensureAzAuth(execa, { subscription: sub });
+  const vault = await resolveVault(execa, opts.vault, sub);
+  hint(`Setting "${vault}" to private (deny public access)...`);
+  const { exitCode, stderr } = await execa("az", [
+    "keyvault", "update",
+    "--name", vault,
+    "--default-action", "Deny",
+    "--bypass", "AzureServices",
+    "--output", "none",
+    ...subArgs(sub),
+  ], { timeout: 60000, reject: false });
+  if (exitCode !== 0) {
+    console.error(chalk.red(`\n  ✗ ${(stderr || "").split("\n")[0]}\n`));
+    process.exit(1);
+  }
+  console.log(OK(`  ✓ Key Vault "${vault}" is now private`));
+  console.log(DIM("    Default action: Deny"));
+  console.log(DIM("    Bypass: AzureServices"));
+  hint("\nAccess limited to allowed VNets/IPs and Azure services.\n");
+}
+export async function networkPublic(opts = {}) {
+  const execa = await lazyExeca();
+  const sub = opts.profile;
+  await ensureAzCli(execa);
+  await ensureAzAuth(execa, { subscription: sub });
+  const vault = await resolveVault(execa, opts.vault, sub);
+  const { resolveCliSrc } = await import("./azure-helpers.js");
+  const { confirm } = await import(resolveCliSrc("ui/confirm.js"));
+  const yes = await confirm(`  Make Key Vault "${vault}" publicly accessible?`);
+  if (!yes) { console.log(DIM("\n  Cancelled.\n")); return; }
+  const { exitCode, stderr } = await execa("az", [
+    "keyvault", "update",
+    "--name", vault,
+    "--default-action", "Allow",
+    "--output", "none",
+    ...subArgs(sub),
+  ], { timeout: 60000, reject: false });
+  if (exitCode !== 0) {
+    console.error(chalk.red(`\n  ✗ ${(stderr || "").split("\n")[0]}\n`));
+    process.exit(1);
+  }
+  console.log(WARN(`  ⚠ Key Vault "${vault}" is now public`));
+}
 // ── Config helpers ──────────────────────────────────────────────────────────
 function readFopsConfig() {

package/src/plugins/bundled/fops-plugin-azure/lib/azure-ops.js CHANGED Viewed

@@ -2136,6 +2136,35 @@ export async function azureLogs(service, opts = {}) {
   ], { stdio: "inherit", reject: false });
 }
+// ── restart ─────────────────────────────────────────────────────────────────
+export async function azureRestart(service, opts = {}) {
+  const state = requireVmState(opts.vmName);
+  const ip = state.publicIp;
+  if (!ip) { console.error(chalk.red("\n  No IP. Is the VM running?\n")); process.exit(1); }
+  await knockForVm(state);
+  const { execa } = await import("execa");
+  const adminUser = DEFAULTS.adminUser;
+  const svcArg = service ? (service.startsWith("foundation-") ? service : `foundation-${service}`) : "";
+  const label = svcArg || "all services";
+  console.log(chalk.cyan(`  Restarting ${label} on ${state.vmName || ip}...`));
+  const { exitCode } = await execa("ssh", [
+    "-o", "StrictHostKeyChecking=no",
+    `${adminUser}@${ip}`,
+    `cd /opt/foundation-compose && sudo docker compose restart ${svcArg}`,
+  ], { stdio: "inherit", reject: false });
+  if (exitCode === 0) {
+    console.log(chalk.green(`  ✓ ${label} restarted`));
+  } else {
+    console.error(chalk.red(`  ✗ restart failed (exit ${exitCode})`));
+  }
+}
 // ── grant-admin ─────────────────────────────────────────────────────────────
 export async function azureGrantAdmin(opts = {}) {

package/src/plugins/bundled/fops-plugin-azure/lib/azure-results.js CHANGED Viewed

@@ -235,6 +235,79 @@ export async function resultsPush(target, qaResult, opts = {}) {
   return { blob, account: store.account };
 }
+// ── Remove ──────────────────────────────────────────────────────────────────
+export async function resultsRemove(target, opts = {}) {
+  const execa = await lazyExeca();
+  await ensureAzCli(execa);
+  await ensureAzAuth(execa, { subscription: opts.subscription });
+  // 1. Clear local state
+  const state = readState();
+  const vm = state.azure?.vms?.[target];
+  if (vm?.qa) {
+    delete vm.qa;
+    saveState(state);
+    console.log(OK(`  ✓ Local QA state cleared for "${target}"`));
+  } else {
+    console.log(DIM(`  No local QA state found for "${target}"`));
+  }
+  // 2. Delete blobs from storage
+  const store = getResultsConfig();
+  if (!store?.account) {
+    console.log(DIM("  No results storage configured — skipping blob deletion."));
+    return;
+  }
+  const prefix = `${BLOB_PREFIX}/${target}/`;
+  let blobs;
+  try {
+    const { stdout } = await execa("az", [
+      "storage", "blob", "list",
+      "--account-name", store.account,
+      "--container-name", CONTAINER_NAME,
+      "--prefix", prefix,
+      "--query", "[].name",
+      "--output", "json",
+      ...AUTH,
+      ...subArgs(opts.subscription),
+    ], { timeout: 30000 });
+    blobs = JSON.parse(stdout || "[]");
+  } catch (err) {
+    console.log(WARN(`  ⚠ Could not list blobs: ${err.message}`));
+    return;
+  }
+  if (blobs.length === 0) {
+    console.log(DIM(`  No stored results found in blob storage for "${target}"`));
+    return;
+  }
+  console.log(chalk.cyan(`\n  Deleting ${blobs.length} result(s) from ${store.account}/${CONTAINER_NAME}/${prefix}…\n`));
+  let deleted = 0;
+  for (const blobName of blobs) {
+    try {
+      await execa("az", [
+        "storage", "blob", "delete",
+        "--account-name", store.account,
+        "--container-name", CONTAINER_NAME,
+        "--name", blobName,
+        ...AUTH,
+        "--output", "none",
+        ...subArgs(opts.subscription),
+      ], { timeout: 15000 });
+      console.log(`  ${DIM(`✗ ${blobName}`)}`);
+      deleted++;
+    } catch (err) {
+      console.log(WARN(`  ⚠ Failed to delete ${blobName}: ${err.message}`));
+    }
+  }
+  console.log(OK(`\n  ✓ Removed ${deleted}/${blobs.length} result(s) for "${target}"\n`));
+}
 // ── List ────────────────────────────────────────────────────────────────────
 export async function resultsList(opts = {}) {
@@ -348,6 +421,11 @@ export async function resultsShow(opts = {}) {
     process.exit(1);
   }
+  if (opts.json) {
+    console.log(JSON.stringify(result, null, 2));
+    return;
+  }
   banner(`Test Result: ${target}`);
   kvLine("Passed", result.passed ? OK("yes") : ERR("no"));
   kvLine("Exit code", String(result.exitCode ?? "–"));

package/src/plugins/bundled/fops-plugin-azure/lib/azure.js CHANGED Viewed

@@ -48,7 +48,7 @@ export {
 export {
   azureStatus, azureTrinoStatus, azureSsh, azureSshWhitelistMe, azurePortForward, azureSshAdminAdd, azureVmCheck, azureAgent, azureOpenAiDebugVm,
   azureDeploy, azurePull, azureDeployVersion, azureRunUp, azureConfig, azureConfigVersions, azureUpdate,
-  azureLogs, azureGrantAdmin, azureContext,
+  azureLogs, azureRestart, azureGrantAdmin, azureContext,
   azureList, azureApply,
   azureKnock, azureKnockClose, azureKnockDisable, azureKnockVerify, azureKnockFix,
 } from "./azure-ops.js";