exchange-keyshare 0.1.0__py3-none-any.whl → 0.1.1__py3-none-any.whl

exchange_keyshare/cli.py

@@ -4,8 +4,10 @@ from pathlib import Path
 
 import click
 
+from exchange_keyshare.commands.config import config
 from exchange_keyshare.commands.keys import keys
 from exchange_keyshare.commands.setup import setup
+from exchange_keyshare.commands.teardown import teardown
 from exchange_keyshare.config import Config
 
 
@@ -30,6 +32,8 @@ def main(ctx: click.Context, config_path: str | None) -> None:
 
 
 main.add_command(setup)
+main.add_command(config)
+main.add_command(teardown)
 main.add_command(keys)
 
 

exchange_keyshare/commands/config.py

@@ -0,0 +1,34 @@
+"""Config command for displaying current configuration."""
+
+import click
+from rich.console import Console
+from rich.table import Table
+
+from exchange_keyshare.config import Config
+
+
+@click.command()
+@click.pass_context
+def config(ctx: click.Context) -> None:
+    """Display current configuration."""
+    cfg: Config = ctx.obj["config"]
+    console = Console()
+
+    if not cfg.stack_name:
+        console.print("Not configured. Run [cyan]exchange-keyshare setup[/cyan] first.")
+        return
+
+    table = Table(show_header=False, box=None)
+    table.add_column("Key", style="dim")
+    table.add_column("Value", style="cyan")
+
+    table.add_row("Bucket", cfg.bucket or "")
+    table.add_row("Region", cfg.region or "")
+    table.add_row("Stack Name", cfg.stack_name or "")
+    table.add_row("Stack ID", cfg.stack_id or "")
+    table.add_row("Role ARN", cfg.role_arn or "")
+    table.add_row("External ID", cfg.external_id or "")
+    table.add_row("KMS Key ARN", cfg.kms_key_arn or "")
+    table.add_row("Config Path", str(cfg.config_path))
+
+    console.print(table)

exchange_keyshare/commands/setup.py

@@ -155,6 +155,7 @@ def setup(ctx: click.Context) -> None:
     config.bucket = result.bucket
     config.region = result.region
     config.stack_name = result.stack_name
+    config.stack_id = result.stack_id
     config.role_arn = result.role_arn
     config.external_id = result.external_id
     config.kms_key_arn = result.kms_key_arn

exchange_keyshare/commands/teardown.py

@@ -0,0 +1,208 @@
+"""Teardown command for deleting AWS infrastructure."""
+
+import click
+from rich.console import Console, Group, RenderableType
+from rich.live import Live
+from rich.panel import Panel
+from rich.spinner import Spinner
+from rich.table import Table
+from rich.text import Text
+
+from exchange_keyshare.config import Config
+from exchange_keyshare.keys import CredentialInfo, list_credentials
+from exchange_keyshare.setup import (
+    ResourceStatus,
+    StackProgress,
+    get_friendly_type,
+    get_stack_console_url,
+    poll_stack_deletion,
+    start_stack_deletion,
+)
+
+
+def get_delete_status_style(status: str) -> str:
+    """Get rich style for a deletion status."""
+    if "DELETE_COMPLETE" in status or "DELETE_SKIPPED" in status:
+        return "green"
+    elif "IN_PROGRESS" in status:
+        return "yellow"
+    elif "FAILED" in status:
+        return "red"
+    return "white"
+
+
+def get_delete_status_icon(status: str) -> str:
+    """Get icon for a deletion status."""
+    if "DELETE_COMPLETE" in status or "DELETE_SKIPPED" in status:
+        return "[green]✓[/green]"
+    elif "IN_PROGRESS" in status:
+        return "[yellow]⋯[/yellow]"
+    elif "FAILED" in status:
+        return "[red]✗[/red]"
+    return " "
+
+
+def build_deletion_progress_display(progress: StackProgress) -> RenderableType:
+    """Build a rich display showing resource deletion progress with spinner."""
+    table = Table(show_header=True, header_style="bold", box=None)
+    table.add_column("", width=2)
+    table.add_column("Resource", style="cyan", min_width=25)
+    table.add_column("Type", style="dim")
+    table.add_column("Status")
+
+    # Sort resources: in_progress first, then by name
+    def sort_key(item: tuple[str, ResourceStatus]) -> tuple[int, str]:
+        _, r = item
+        if "IN_PROGRESS" in r.status:
+            return (0, r.logical_id)
+        elif "COMPLETE" in r.status or "SKIPPED" in r.status:
+            return (2, r.logical_id)
+        else:
+            return (1, r.logical_id)
+
+    sorted_resources = sorted(progress.resources.items(), key=sort_key)
+
+    for _logical_id, resource in sorted_resources:
+        icon = get_delete_status_icon(resource.status)
+        style = get_delete_status_style(resource.status)
+        friendly_type = get_friendly_type(resource.resource_type)
+
+        # Simplify status text
+        status_text = resource.status.replace("_", " ").title()
+
+        table.add_row(
+            icon,
+            resource.logical_id,
+            friendly_type,
+            f"[{style}]{status_text}[/{style}]",
+        )
+
+    # Add spinner header if still in progress
+    if not progress.is_complete and not progress.is_failed:
+        spinner = Spinner("dots", text=Text(" Deleting infrastructure...", style="bold"))
+        return Group(spinner, Text(""), table)
+
+    return table
+
+
+@click.command()
+@click.pass_context
+def teardown(ctx: click.Context) -> None:
+    """Delete AWS infrastructure and revoke access.
+
+    This permanently deletes all infrastructure created by setup.
+    The S3 bucket and KMS key are retained but access is revoked.
+    """
+    cfg: Config = ctx.obj["config"]
+    console = Console()
+
+    if not cfg.stack_name:
+        console.print("Nothing to teardown. Run [cyan]exchange-keyshare setup[/cyan] first.")
+        return
+
+    region = cfg.region or "us-east-1"
+
+    # Try to list existing credentials (gracefully handle failure)
+    credentials: list[CredentialInfo] = []
+    if cfg.bucket and cfg.region:
+        try:
+            credentials = list_credentials(cfg.bucket, cfg.region)
+        except Exception:
+            pass  # Gracefully ignore - permissions may already be revoked
+
+    # Build credential list for warning
+    cred_text = ""
+    if credentials:
+        cred_text = "\n[bold]Credentials that will become inaccessible:[/bold]\n"
+        for cred in credentials:
+            cred_text += f"  - [cyan]{cred.exchange}[/cyan]\n"
+            if cred.pairs:
+                cred_text += f"    Pairs: {', '.join(cred.pairs)}\n"
+            if cred.labels:
+                labels_str = ", ".join(f"{lbl['key']}={lbl['value']}" for lbl in cred.labels)
+                cred_text += f"    Labels: {labels_str}\n"
+        cred_text += "\n"
+
+    # Build console URL if we have a stack ID
+    console_url = ""
+    if cfg.stack_id:
+        console_url = get_stack_console_url(cfg.stack_id, region)
+
+    # Show scary warning with specific resources
+    manual_cmd = f"aws cloudformation delete-stack --stack-name {cfg.stack_name} --region {region}"
+
+    warning = Panel(
+        "[bold red]WARNING: This action cannot be undone![/bold red]\n\n"
+        "[bold]Resources that will be DELETED:[/bold]\n"
+        f"  - IAM Role: [cyan]{cfg.role_arn}[/cyan]\n"
+        f"  - KMS Key Alias: [cyan]alias/{cfg.bucket}[/cyan]\n"
+        "  - S3 Bucket Policies\n\n"
+        "[bold]Resources that will be RETAINED (but inaccessible):[/bold]\n"
+        f"  - S3 Bucket: [cyan]{cfg.bucket}[/cyan]\n"
+        f"  - KMS Key: [cyan]{cfg.kms_key_arn}[/cyan]\n"
+        f"{cred_text}\n"
+        f"Stack: [cyan]{cfg.stack_name}[/cyan]\n"
+        f"Region: [cyan]{region}[/cyan]\n\n"
+        f"[dim]Manual command: {manual_cmd}[/dim]",
+        title="[bold red]Teardown Infrastructure[/bold red]",
+        border_style="red",
+    )
+    console.print(warning)
+    console.print()
+
+    # Require typing the stack name to confirm
+    console.print(f"To confirm, type the stack name: [bold]{cfg.stack_name}[/bold]")
+    confirmation = click.prompt("", default="", show_default=False)
+
+    if confirmation != cfg.stack_name:
+        console.print("[yellow]Aborted.[/yellow] Stack name did not match.")
+        raise SystemExit(1)
+
+    console.print()
+
+    # Show console URL before starting deletion
+    if console_url:
+        console.print(f"[dim]Monitor progress in AWS Console:[/dim]")
+        console.print(f"[link={console_url}]{console_url}[/link]")
+        console.print()
+        console.print("[dim]You can safely cancel this command (Ctrl+C) - deletion will continue in AWS.[/dim]")
+        console.print()
+
+    # Start deletion and poll with live display
+    try:
+        cfn = start_stack_deletion(cfg.stack_name, region)
+    except Exception as e:
+        console.print(f"[red]Error starting deletion: {e}[/red]")
+        raise SystemExit(1)
+
+    final_progress: StackProgress | None = None
+
+    try:
+        with Live(console=console, refresh_per_second=10) as live:
+            for progress in poll_stack_deletion(cfg.stack_name, cfn):
+                display = build_deletion_progress_display(progress)
+                live.update(display)
+                final_progress = progress
+
+                if progress.is_complete or progress.is_failed:
+                    break
+    except KeyboardInterrupt:
+        console.print()
+        console.print("[yellow]Interrupted.[/yellow] Deletion continues in AWS.")
+        if console_url:
+            console.print(f"[dim]Monitor progress:[/dim] {console_url}")
+        raise SystemExit(0)
+
+    if final_progress is None or final_progress.is_failed:
+        console.print()
+        console.print(f"[red]Error: {final_progress.failure_reason if final_progress else 'Unknown error'}[/red]")
+        if console_url:
+            console.print(f"[dim]Check AWS Console:[/dim] {console_url}")
+        raise SystemExit(1)
+
+    # Delete config file
+    if cfg.config_path.exists():
+        cfg.config_path.unlink()
+
+    console.print()
+    console.print("[green]Teardown complete.[/green] All access has been revoked.")

exchange_keyshare/config.py

@@ -26,6 +26,7 @@ class Config:
     bucket: str | None = None
     region: str | None = None
     stack_name: str | None = None
+    stack_id: str | None = None
     role_arn: str | None = None
     external_id: str | None = None
     kms_key_arn: str | None = None
@@ -36,6 +37,7 @@ class Config:
         self.bucket = data.get("bucket")
         self.region = data.get("region")
         self.stack_name = data.get("stack_name")
+        self.stack_id = data.get("stack_id")
         self.role_arn = data.get("role_arn")
         self.external_id = data.get("external_id")
         self.kms_key_arn = data.get("kms_key_arn")
@@ -49,6 +51,8 @@ class Config:
             data["region"] = self.region
         if self.stack_name:
             data["stack_name"] = self.stack_name
+        if self.stack_id:
+            data["stack_id"] = self.stack_id
         if self.role_arn:
             data["role_arn"] = self.role_arn
         if self.external_id:

exchange_keyshare/setup.py

@@ -40,6 +40,7 @@ class SetupResult:
     role_arn: str
     external_id: str
     stack_name: str
+    stack_id: str
     kms_key_arn: str
 
 
@@ -216,12 +217,138 @@ def _is_newer_status(new_status: str, old_status: str) -> bool:
         return True
 
 
+def get_stack_console_url(stack_id: str, region: str) -> str:
+    """Get AWS Console URL for a CloudFormation stack."""
+    # URL-encode the stack ID (it contains special characters)
+    from urllib.parse import quote
+    encoded_stack_id = quote(stack_id, safe="")
+    return f"https://{region}.console.aws.amazon.com/cloudformation/home?region={region}#/stacks/stackinfo?stackId={encoded_stack_id}"
+
+
+def start_stack_deletion(stack_name: str, region: str) -> "CloudFormationClient":
+    """Start CloudFormation stack deletion. Returns cfn_client for polling."""
+    cfn = cast("CloudFormationClient", boto3.client("cloudformation", region_name=region))  # pyright: ignore[reportUnknownMemberType]
+
+    try:
+        cfn.delete_stack(StackName=stack_name)  # pyright: ignore[reportUnknownMemberType]
+    except ClientError as e:
+        raise Exception(f"Failed to delete stack: {e}") from e
+
+    return cfn
+
+
+def poll_stack_deletion(
+    stack_name: str,
+    cfn: "CloudFormationClient",
+    poll_interval: float = 2.0,
+    max_attempts: int = 300,
+) -> Generator[StackProgress, None, None]:
+    """Poll stack deletion progress and yield updates."""
+    resources: dict[str, ResourceStatus] = {}
+
+    for _ in range(max_attempts):
+        # Get current stack status
+        try:
+            stacks_response = cfn.describe_stacks(StackName=stack_name)
+        except ClientError as e:
+            # Stack not found means deletion complete
+            if "does not exist" in str(e):
+                yield StackProgress(
+                    resources=resources,
+                    stack_status="DELETE_COMPLETE",
+                    is_complete=True,
+                    is_failed=False,
+                )
+                return
+            raise
+
+        stack = stacks_response["Stacks"][0]
+        stack_status = stack.get("StackStatus", "UNKNOWN")
+
+        # Get resource events
+        try:
+            events_response = cfn.describe_stack_events(StackName=stack_name)
+            for event in events_response["StackEvents"]:
+                logical_id = event.get("LogicalResourceId", "")
+                resource_type = event.get("ResourceType", "")
+                status = event.get("ResourceStatus", "")
+                reason = event.get("ResourceStatusReason")
+
+                # Skip the stack itself
+                if resource_type == "AWS::CloudFormation::Stack":
+                    continue
+
+                # Update if this is a newer status for this resource
+                if logical_id not in resources or _is_newer_delete_status(status, resources[logical_id].status):
+                    resources[logical_id] = ResourceStatus(
+                        logical_id=logical_id,
+                        resource_type=resource_type,
+                        status=status,
+                        reason=reason,
+                    )
+        except ClientError:
+            pass  # Stack events may not be available
+
+        # Check for completion
+        is_complete = stack_status == "DELETE_COMPLETE"
+        is_failed = stack_status == "DELETE_FAILED"
+
+        failure_reason: str | None = None
+        if is_failed:
+            failed_resources = [r for r in resources.values() if "FAILED" in r.status]
+            if failed_resources:
+                reasons = [r.reason for r in failed_resources if r.reason]
+                failure_reason = "; ".join(reasons[:3]) if reasons else "Unknown error"
+
+        yield StackProgress(
+            resources=resources,
+            stack_status=stack_status,
+            is_complete=is_complete,
+            is_failed=is_failed,
+            failure_reason=failure_reason,
+        )
+
+        if is_complete or is_failed:
+            return
+
+        time.sleep(poll_interval)
+
+    # Timeout
+    yield StackProgress(
+        resources=resources,
+        stack_status="TIMEOUT",
+        is_complete=False,
+        is_failed=True,
+        failure_reason="Stack deletion timed out",
+    )
+
+
+def _is_newer_delete_status(new_status: str, old_status: str) -> bool:
+    """Check if new_status is more recent than old_status for deletion."""
+    status_order = [
+        "CREATE_COMPLETE",
+        "DELETE_IN_PROGRESS",
+        "DELETE_COMPLETE",
+        "DELETE_FAILED",
+        "DELETE_SKIPPED",
+    ]
+
+    try:
+        new_idx = status_order.index(new_status)
+        old_idx = status_order.index(old_status)
+        return new_idx > old_idx
+    except ValueError:
+        return True
+
+
 def get_stack_outputs(stack_name: str, region: str) -> SetupResult:
     """Get outputs from a completed stack."""
     cfn = cast("CloudFormationClient", boto3.client("cloudformation", region_name=region))  # pyright: ignore[reportUnknownMemberType]
 
     response = cfn.describe_stacks(StackName=stack_name)
-    stack_outputs = response["Stacks"][0].get("Outputs", [])
+    stack = response["Stacks"][0]
+    stack_id = stack.get("StackId", "")
+    stack_outputs = stack.get("Outputs", [])
     outputs: dict[str, str] = {
         o["OutputKey"]: o["OutputValue"]
         for o in stack_outputs
@@ -234,6 +361,7 @@ def get_stack_outputs(stack_name: str, region: str) -> SetupResult:
         role_arn=outputs["RoleArn"],
         external_id=outputs["ExternalId"],
         stack_name=stack_name,
+        stack_id=stack_id,
         kms_key_arn=outputs["KmsKeyArn"],
     )
 

{exchange_keyshare-0.1.0.dist-info → exchange_keyshare-0.1.1.dist-info}/METADATA

@@ -1,9 +1,10 @@
 Metadata-Version: 2.4
 Name: exchange-keyshare
-Version: 0.1.0
+Version: 0.1.1
 Summary: CLI for market makers to securely share exchange API credentials
 Requires-Python: >=3.12
 Requires-Dist: boto3>=1.34.0
+Requires-Dist: botocore[crt]>=1.34.0
 Requires-Dist: click>=8.1.0
 Requires-Dist: pyyaml>=6.0
 Requires-Dist: questionary>=2.0.0

exchange_keyshare-0.1.1.dist-info/RECORD

@@ -0,0 +1,17 @@
+exchange_keyshare/__init__.py,sha256=r2L4CpACTGPQTgruORVSNLxpD1vQD6zbcigQqDzzpt8,111
+exchange_keyshare/cfn.py,sha256=Jr8QjeRHS9AP44vx14N_023we0iWjIHAz5Np9dnATe4,364
+exchange_keyshare/cli.py,sha256=jYDKMvVtvm35Q5L1CNdNfuq_XF_6oq868nAK3Jg11no,987
+exchange_keyshare/config.py,sha256=Db0hKKfBHISC-tnHp9blTSE2_lIuC1QdDxMuL3rATxs,2816
+exchange_keyshare/keys.py,sha256=Lyl7vgJ4Bo0XA4iBKJyRWGd1ZpHPmrAuY7T0-sUWpOM,3278
+exchange_keyshare/schema.py,sha256=BRv22tV3TifkoADVlMPGPNbhc9DKHtPq56s1EDcy70w,3818
+exchange_keyshare/setup.py,sha256=Po_SgT_bEwE8LdCxR_kJQa44MP4ba76I_hzz7jYFFAQ,12781
+exchange_keyshare/commands/__init__.py,sha256=gQ6tnU0Rvm0-ESWFUBU-KDl5dpNOpUTG509hXOQQjwY,27
+exchange_keyshare/commands/config.py,sha256=1MXPIMWiSy1KerWdr9r8y6P7aA2YQRwk4wWeF7duSR0,1065
+exchange_keyshare/commands/keys.py,sha256=NX_BDl2-iWoLso5ep9kQNCjx5r7SszUg2MY62qJ-eHc,14610
+exchange_keyshare/commands/setup.py,sha256=VXvCXkTwlEIYOyflh8IGpBJrf8QiTeGIq2Mb1RghFic,5765
+exchange_keyshare/commands/teardown.py,sha256=hHS9k6FNpoF9Dk4zrIHlKJzTmDVLy89fg39ACs_jPU4,7514
+exchange_keyshare/templates/stack.yaml,sha256=KdNEeTFHm24pxQbSKzWxi2VyyjkKBYB9mYlBvSA6gfQ,6456
+exchange_keyshare-0.1.1.dist-info/METADATA,sha256=KZgCuuVxnzX8ikEaIcEMwicmj_ympXMZR4uRjUCmO2Q,342
+exchange_keyshare-0.1.1.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+exchange_keyshare-0.1.1.dist-info/entry_points.txt,sha256=4SeV5jhxW3C6plg8WefZdLhPBRqmYErdKfnGTUEWmmo,65
+exchange_keyshare-0.1.1.dist-info/RECORD,,

exchange_keyshare-0.1.0.dist-info/RECORD

@@ -1,15 +0,0 @@
-exchange_keyshare/__init__.py,sha256=r2L4CpACTGPQTgruORVSNLxpD1vQD6zbcigQqDzzpt8,111
-exchange_keyshare/cfn.py,sha256=Jr8QjeRHS9AP44vx14N_023we0iWjIHAz5Np9dnATe4,364
-exchange_keyshare/cli.py,sha256=ogQBvZmrbR18QPQ4RJW9nERac3JqO_DPnk4RgyVjORU,825
-exchange_keyshare/config.py,sha256=QD2apmjj99J9j5svOVS209726pS7uK5rcaxTAgYYBj4,2668
-exchange_keyshare/keys.py,sha256=Lyl7vgJ4Bo0XA4iBKJyRWGd1ZpHPmrAuY7T0-sUWpOM,3278
-exchange_keyshare/schema.py,sha256=BRv22tV3TifkoADVlMPGPNbhc9DKHtPq56s1EDcy70w,3818
-exchange_keyshare/setup.py,sha256=n0Rn-gl8tFautc34HnA5lm-R0iCx7SAQAc7LTL9Zyn8,8235
-exchange_keyshare/commands/__init__.py,sha256=gQ6tnU0Rvm0-ESWFUBU-KDl5dpNOpUTG509hXOQQjwY,27
-exchange_keyshare/commands/keys.py,sha256=NX_BDl2-iWoLso5ep9kQNCjx5r7SszUg2MY62qJ-eHc,14610
-exchange_keyshare/commands/setup.py,sha256=GTfFP4H6JJtIah47ruSlETLy9mJm6XvZbUpEN-OUMo0,5727
-exchange_keyshare/templates/stack.yaml,sha256=KdNEeTFHm24pxQbSKzWxi2VyyjkKBYB9mYlBvSA6gfQ,6456
-exchange_keyshare-0.1.0.dist-info/METADATA,sha256=B4dXgTPHXQgLBWuUJN-h7mzUedSK72-RlT4pKoNAL-c,305
-exchange_keyshare-0.1.0.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
-exchange_keyshare-0.1.0.dist-info/entry_points.txt,sha256=4SeV5jhxW3C6plg8WefZdLhPBRqmYErdKfnGTUEWmmo,65
-exchange_keyshare-0.1.0.dist-info/RECORD,,