@toa.io/cli 0.20.0-dev.9 → 0.20.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@toa.io/cli",
-  "version": "0.20.0-dev.9",
+  "version": "0.20.0",
   "description": "Toa CLI",
   "author": "temich <tema.gurtovoy@gmail.com>",
   "homepage": "https://github.com/toa-io/toa#readme",
@@ -22,14 +22,15 @@
     "@toa.io/runtime": "*"
   },
   "dependencies": {
-    "@toa.io/console": "0.20.0-dev.10",
-    "@toa.io/generic": "0.20.0-dev.10",
-    "@toa.io/kubernetes": "0.20.0-dev.10",
-    "@toa.io/norm": "0.20.0-dev.10",
-    "@toa.io/yaml": "0.20.0-dev.10",
+    "@toa.io/console": "0.20.0",
+    "@toa.io/generic": "0.20.0",
+    "@toa.io/kubernetes": "0.20.0",
+    "@toa.io/norm": "0.20.0",
+    "@toa.io/yaml": "0.20.0",
     "dotenv": "16.1.1",
     "find-up": "5.0.0",
+    "paseto": "3.1.4",
     "yargs": "17.6.2"
   },
-  "gitHead": "cd3ffb1ae1af014f13a62ef9fc8ada58d8688e4a"
+  "gitHead": "28fc4b45c224c3683acaaf0e4abd1eb04e07b408"
 }

package/readme.md

@@ -26,6 +26,22 @@ Run composition.
 
 > Note that your `localhost` it is accessible from a container as `host.docker.internal`.
 
+### call
+
+Call endpoint.
+
+<dl>
+<dt><code>toa call &lt;endpont&gt; [request]</code></dt>
+<dd>
+<code>endpoint</code> endpoint to call.<br/>
+<code>request</code> Request object.<br/>
+</dd>
+</dl>
+
+```shell
+$ toa call dummies.dummy.create "{ input: { name: 'foo' } }"
+```
+
 ### env
 
 Export environment to a `.env` file.
@@ -35,7 +51,8 @@ Export environment to a `.env` file.
 <dd>
 <code>environment</code> deployment environment name (default <code>local</code>).<br/>
 <code>--path</code> path to a Context (default <code>.</code>)<br/>
-<code>--as</code> output file path (default <code>.env</code>)
+<code>--as</code> output file path (default <code>.env</code>)<br/>
+<code>--interactive</code> prompt for secret values
 </dd>
 </dl>
 
@@ -72,7 +89,8 @@ $ toa replay ./path/to/context
 $ toa replay --title "should add numbers"
 ```
 
-If the path is a Context root (containing `context.toa.yaml` file), samples for components within the Context will be
+If the path is a Context root (containing `context.toa.yaml` file), samples for components within
+the Context will be
 found and replayed sequentially.
 
 ### export manifest
@@ -88,7 +106,7 @@ found and replayed sequentially.
 
 ## Operations
 
-> Some commands use current Kubernetes context.
+> Some commands use current `kubectl` and `docker` context.
 
 ### build
 
@@ -124,12 +142,28 @@ Pods [are ready](https://helm.sh/docs/intro/using_helm/#helpful-options-for-inst
 
 ### conceal
 
-Deploy a `key` with a `value` to a secret named `toa-{secret}`.
+Deploy a generic Kubernetes secret with the prefix `toa-`.
 
 <dl>
-<dt><code>toa conceal &lt;secret&gt; &lt;key&gt; &lt;value&gt;</code></dt>
+<dt><code>toa conceal &lt;secret&gt; &lt;key-values...&gt;</code></dt>
+<dd>
+<code>secret</code> Secret name.<br/>
+<code>key-values</code> List of keys and values of the secret as <code>key=value</code>.<br/>
+<code>--namespace</code> Kubernetes namespace where the secret should be deployed.<br/>
+<code>--interactive</code> prompt for secret values<br/>
+<code>--environment</code> environment name for interactive mode<br/>
+<code>--path</code> path to a context for interactive mode
+</dd>
 </dl>
 
+> If a secret already exists, then given `key-values` will be added to it.
+
+#### Example
+
+```shell
+$ toa conceal bindings-amqp-default username=developer password=secret
+```
+
 ### reveal
 
 Outputs keys and values of a secret.
@@ -149,12 +183,26 @@ Run interactive shell inside a disposable pod inside a Kubernetes cluster.
 <code>toa shell [image]</code>
 </dt>
 <dd>
-<code>image</code> Docker image<br/>
+<code>image</code> Docker image to Run (default <code>alpine</code>).<br/>
 </dd>
 </dl>
 
-Extra arguments can be passed:
+#### Examples
 
 ```shell
-$ toa shell -- ping 1.1
+$ toa shell mongo
+$ toa shell -- ping 1.1 # extra arguments can be passed
 ```
+
+### key
+
+Generate a secret PASETO key.
+
+<dl>
+<dt>
+<code>toa key</code>
+</dt>
+<dd>
+<code>--public</code> <code>boolean</code> generate a public/private key pair.<br/>
+</dd>
+</dl>

package/src/commands/call.js

@@ -0,0 +1,20 @@
+'use strict'
+
+const { call } = require('../handlers/call')
+
+const builder = (yargs) => {
+  yargs
+    .positional('endpoint', {
+      type: 'string',
+      desc: 'Operation endpoint'
+    })
+    .positional('request', {
+      type: 'string',
+      desc: 'Request object'
+    })
+}
+
+exports.command = 'call <endpoint> [request]'
+exports.desc = 'Call operation'
+exports.builder = builder
+exports.handler = call

package/src/commands/conceal.js

@@ -7,15 +7,46 @@ const builder = (yargs) => {
     .positional('secret', {
       type: 'string'
     })
-    .positional('key', {
-      type: 'string'
+    .positional('key-values', {
+      type: 'string',
+      array: true,
+      desc: 'Secret key-value pairs'
+    })
+    .option('namespace', {
+      alias: 'n',
+      group: 'Command options:',
+      type: 'string',
+      desc: 'Target Kubernetes namespace'
     })
-    .positional('value', {
+    .option('interactive', {
+      alias: 'i',
+      group: 'Command options:',
+      describe: 'Prompt for secrets',
+      type: 'boolean',
+      default: false
+    })
+    .option('environment', {
+      alias: 'e',
+      group: 'Command options:',
+      describe: 'Environment name for interactive mode',
       type: 'string'
     })
+    .option('path', {
+      alias: 'p',
+      group: 'Command options:',
+      describe: 'Path to a Context for interactive mode',
+      type: 'string',
+      default: '.'
+    })
+    .example([
+      ['$0 conceal -i'],
+      ['$0 conceal credentials username=developer'],
+      ['$0 conceal credentials username=developer password=secret'],
+      ['$0 conceal credentials username=developer --namespace app']
+    ])
 }
 
-exports.command = 'conceal <secret> <key> <value>'
-exports.desc = 'Deploy a key with a value to a secret'
+exports.command = 'conceal [secret] [key-values...]'
+exports.desc = 'Deploy a secret'
 exports.builder = builder
 exports.handler = conceal

package/src/commands/env.js

@@ -22,6 +22,13 @@ const builder = (yargs) => {
       type: 'string',
       default: '.env'
     })
+    .option('interactive', {
+      alias: 'i',
+      group: 'Command options:',
+      describe: 'Prompt for secrets',
+      type: 'boolean',
+      default: false
+    })
 }
 
 exports.command = 'env [environment]'

package/src/commands/invoke.js

@@ -10,7 +10,7 @@ const builder = (yargs) => {
     })
     .positional('request', {
       type: 'string',
-      desc: 'Request object (yaml)'
+      desc: 'Request object'
     })
     .option('path', {
       alias: 'p',

package/src/commands/key.js

@@ -0,0 +1,18 @@
+'use strict'
+
+const { key } = require('../handlers/key')
+
+const builder = (yargs) => {
+  yargs
+    .option('public', {
+      group: 'Command options:',
+      describe: 'Generate a public/private key pair',
+      type: 'boolean',
+      default: false
+    })
+}
+
+exports.command = 'key'
+exports.desc = 'Generate a secret PASETO key'
+exports.builder = builder
+exports.handler = key

package/src/commands/serve.js

@@ -5,15 +5,14 @@ const { serve } = require('../handlers/serve')
 const builder = (yargs) => {
   yargs
     .positional('path', {
-      alias: 'p',
       group: 'Command options:',
       type: 'string',
-      desc: 'Path to package',
+      desc: 'Path or a shortcut of an extension',
       default: '.'
     })
 }
 
 exports.command = 'serve [path]'
-exports.desc = 'Run service'
+exports.desc = 'Run an extension service'
 exports.builder = builder
 exports.handler = serve

package/src/handlers/call.js

@@ -0,0 +1,36 @@
+'use strict'
+
+const { Readable } = require('node:stream')
+const boot = require('@toa.io/boot')
+const yaml = require('@toa.io/yaml')
+const { Locator } = require('@toa.io/core')
+
+async function call (argv) {
+  const [operation, component, namespace = 'default'] = argv.endpoint.split('.').reverse()
+  const locator = new Locator(component, namespace)
+  const request = argv.request ? yaml.parse(argv.request) : {}
+
+  const remote = await boot.remote(locator)
+  await remote.connect()
+
+  let reply
+  let exception
+
+  try {
+    reply = await remote.invoke(operation, request)
+  } catch (e) {
+    exception = e
+  } finally {
+    if (exception === undefined) {
+      if (reply instanceof Readable) {
+        for await (const chunk of reply) console.log(chunk)
+      } else console.log(reply)
+    } else console.error(exception)
+
+    await remote.disconnect()
+
+    if (exception !== undefined) process.exit(1)
+  }
+}
+
+exports.call = call

package/src/handlers/compose.js

@@ -2,6 +2,7 @@
 
 const { pick } = require('@toa.io/generic')
 const boot = require('@toa.io/boot')
+const { version } = require('@toa.io/runtime')
 
 const docker = require('./docker')
 const { components: find } = require('../util/find')
@@ -11,6 +12,8 @@ const { components: find } = require('../util/find')
  * @return {Promise<void>}
  */
 async function compose (argv) {
+  console.log('Runtime', version)
+
   if (argv.dock === true) return dock(argv)
 
   const paths = find(argv.paths)

package/src/handlers/conceal.js

@@ -1,12 +1,58 @@
 'use strict'
 
 const { secrets } = require('@toa.io/kubernetes')
+const boot = require('@toa.io/boot')
+const { context: find } = require('../util/find')
+const { promptSecrets } = require('./env')
 
 const conceal = async (argv) => {
-  const { secret, key, value } = argv
-  const prefixed = PREFIX + secret
+  if (argv.interactive) await concealValues(argv)
+  else await concealValue(argv)
+}
+
+async function concealValue (argv) {
+  if (argv['key-values'].length === 0) throw new Error('Key-values must be passed')
+
+  const values = argv['key-values'].reduce((values, pair) => {
+    const [key, value] = pair.split('=')
+
+    values[key] = value
+
+    return values
+  }, {})
+
+  const secret = PREFIX + argv.secret
+
+  await secrets.upsert(secret, values, argv.namespace)
+}
+
+async function concealValues (argv) {
+  const path = find(argv.path)
+  const operator = await boot.deployment(path, argv.environment)
+  const variables = operator.variables()
+  const values = await promptSecrets(variables)
+  const groups = groupValues(values)
+
+  for (const [secret, values] of Object.entries(groups)) {
+    await secrets.upsert(secret, values, argv.namespace)
+  }
+}
+
+/**
+ * @return {Record<string, Record<string, string>>}
+ */
+function groupValues (values) {
+  const secrets = {}
+
+  for (const [key, value] of Object.entries(values)) {
+    const [secret, variable] = key.split('/')
+
+    if (!(secret in secrets)) secrets[secret] = {}
+
+    secrets[secret][variable] = value
+  }
 
-  await secrets.store(prefixed, { [key]: value })
+  return secrets
 }
 
 const PREFIX = 'toa-'

package/src/handlers/env.js

@@ -1,6 +1,9 @@
 'use strict'
 
 const { join } = require('node:path')
+const readline = require('node:readline/promises')
+const { stdin: input, stdout: output } = require('node:process')
+
 const dotenv = require('dotenv')
 const { file } = require('@toa.io/filesystem')
 const boot = require('@toa.io/boot')
@@ -12,13 +15,16 @@ async function env (argv) {
   const operator = await boot.deployment(path, argv.environment)
   const variables = operator.variables()
   const currentValues = await read(filepath)
-  const values = []
 
-  for (const scoped of Object.values(variables)) values.push(...scoped)
+  const result = merge(variables, currentValues)
+
+  if (argv.interactive) {
+    const secrets = await promptSecrets(result)
 
-  const nextValues = merge(values, currentValues)
+    mergeSecrets(result, secrets)
+  }
 
-  await write(filepath, nextValues)
+  await write(filepath, result)
 }
 
 /**
@@ -41,25 +47,71 @@ async function read (path) {
  * @return {Promise<void>}
  */
 async function write (path, values) {
-  const contents = values.reduce((lines, { name, value }) => lines + `${name}=${value}\n`, '')
+  const contents = values.reduce((lines, { name, value }) => lines + `${name}=${value ?? ''}\n`, '')
 
   await file.write(path, contents)
 }
 
 /**
- * @param {toa.deployment.dependency.Variable[] } variables
+ * @param {toa.deployment.dependency.Variable[]} variables
  * @param {Record<string, string>} current
  * @return {toa.deployment.dependency.Variable[]}
  */
 function merge (variables, current) {
   return variables.map((variable) => {
-    if (variable.secret === undefined) return variable
+    if (variable.secret === undefined || !current[variable.name]) return variable
 
     return {
       name: variable.name,
-      value: current[variable.name] ?? ''
+      value: current[variable.name]
     }
   })
 }
 
+async function promptSecrets (variables) {
+  const rl = readline.createInterface({ input, output })
+  const secrets = {}
+
+  for (const variable of variables) {
+    if (variable.secret === undefined) continue
+
+    const key = getKey(variable.secret)
+
+    secrets[key] = await promptSecret(key, rl)
+  }
+
+  rl.close()
+
+  return secrets
+}
+
+async function promptSecret (key, rl) {
+  if (SECRETS[key] === undefined) SECRETS[key] = await rl.question(`${key}: `)
+
+  return SECRETS[key]
+}
+
+/**
+ * @param {toa.deployment.dependency.Variable[]} variables
+ * @param {Record<string, string>} secrets
+ */
+function mergeSecrets (variables, secrets) {
+  for (const variable of variables) {
+    if (variable.secret === undefined) continue
+
+    const key = getKey(variable.secret)
+
+    variable.value = secrets[key]
+
+    delete variable.secret
+  }
+}
+
+function getKey (secret) {
+  return `${secret.name}/${secret.key}`
+}
+
+const SECRETS = {}
+
 exports.env = env
+exports.promptSecrets = promptSecrets

package/src/handlers/key.js

@@ -0,0 +1,16 @@
+'use strict'
+
+const { V3 } = require('paseto')
+
+async function key (argv) {
+  const purpose = argv.public ? 'public' : 'local'
+  const key = await V3.generateKey(purpose, { format: 'paserk' })
+
+  if (argv.public) {
+    console.log(key.secretKey)
+    console.log(key.publicKey)
+  } else
+    console.log(key)
+}
+
+exports.key = key

package/src/handlers/reveal.js

@@ -1,16 +1,16 @@
 'use strict'
 
 const { secrets } = require('@toa.io/kubernetes')
-const { remap, decode } = require('@toa.io/generic')
 
 const { PREFIX } = require('./conceal')
 
 const reveal = async (argv) => {
   const prefixed = PREFIX + argv.secret
-  const secret = await secrets.get(prefixed)
-  const values = remap(secret.data, decode)
+  const data = await secrets.get(prefixed)
 
-  for (const [key, value] of Object.entries(values)) {
+  if (data === null) return
+
+  for (const [key, value] of Object.entries(data)) {
     const line = `${key}: ${value}`
 
     console.log(line)

package/src/handlers/serve.js

@@ -3,21 +3,22 @@
 const boot = require('@toa.io/boot')
 const { shortcuts } = require('@toa.io/norm')
 const { directory: { find } } = require('@toa.io/filesystem')
+const { version } = require('@toa.io/runtime')
 
 const serve = async (argv) => {
+  console.log('Runtime', version)
+
   argv.path = shortcuts.resolve(argv.path)
 
   const module = find(argv.path, process.cwd())
 
   const { Factory } = require(module)
 
-  /** @type {toa.core.extensions.Factory} */
   const factory = new Factory(boot)
 
-  /** @type {toa.core.Connector} */
-  const service = factory.service()
+  if (factory.service === undefined) throw new Error(`Service is not implemented by ${argv.path}`)
 
-  if (service === undefined) throw new Error(`Cannot find service '${argv.name}' in ${argv.path}`)
+  const service = factory.service()
 
   await service.connect()