localargo 0.1.0__py3-none-any.whl

localargo/cli/commands/port_forward.py

@@ -0,0 +1,311 @@
+# SPDX-FileCopyrightText: 2025-present William Born <william.born.git@gmail.com>
+#
+# SPDX-License-Identifier: MIT
+"""Port forwarding management for ArgoCD applications.
+
+This module provides commands for managing port forwarding to services
+in ArgoCD applications and Kubernetes clusters.
+"""
+
+from __future__ import annotations
+
+import shutil
+import subprocess
+
+import click
+
+from localargo.logging import logger
+from localargo.utils.cli import (
+    check_cli_availability,
+    log_subprocess_error,
+    run_subprocess,
+)
+
+
+@click.group()
+def port_forward() -> None:
+    """Manage port forwarding for ArgoCD applications."""
+
+
+@port_forward.command()
+@click.argument("service")
+@click.option("--namespace", "-n", help="Service namespace")
+@click.option(
+    "--local-port", "-l", type=int, help="Local port (auto-assigned if not specified)"
+)
+@click.option(
+    "--remote-port", "-r", type=int, help="Remote port (auto-detected if not specified)"
+)
+@click.option("--argocd-namespace", default="argocd", help="ArgoCD namespace")
+def start(
+    service: str,
+    namespace: str | None,
+    local_port: int | None,
+    remote_port: int | None,
+    argocd_namespace: str,
+) -> None:
+    """Start port forwarding for a service."""
+    try:
+        port_config = _resolve_port_forwarding_config(
+            service, namespace, local_port, remote_port, argocd_namespace
+        )
+
+        _execute_port_forwarding(port_config)
+
+    except subprocess.CalledProcessError as e:
+        logger.error("❌ Starting port forward failed with return code %s", e.returncode)
+        if e.stderr:
+            logger.error("Error details: %s", e.stderr.strip())
+        raise
+    except (OSError, ValueError) as e:
+        logger.error("❌ Error starting port forward: %s", e)
+        raise
+
+
+def _resolve_port_forwarding_config(
+    service: str,
+    namespace: str | None,
+    local_port: int | None,
+    remote_port: int | None,
+    argocd_namespace: str,
+) -> dict[str, str | int]:
+    """Resolve and validate port forwarding configuration."""
+    # Auto-detect namespace if not provided
+    resolved_namespace = namespace or _detect_app_namespace(service, argocd_namespace)
+
+    # Auto-detect remote port if not provided
+    resolved_remote_port = remote_port or _detect_service_port(service, resolved_namespace)
+
+    # Set local port to remote port if not provided
+    resolved_local_port = local_port or resolved_remote_port
+
+    logger.info(
+        "Starting port forward: %s:%s/%s:%s",
+        resolved_local_port,
+        resolved_namespace,
+        service,
+        resolved_remote_port,
+    )
+
+    return {
+        "service": service,
+        "namespace": resolved_namespace,
+        "local_port": resolved_local_port,
+        "remote_port": resolved_remote_port,
+    }
+
+
+def _execute_port_forwarding(config: dict[str, str | int]) -> None:
+    """Execute the port forwarding command."""
+    cmd = _build_port_forward_command(config)
+
+    logger.info("🔗 Port forward active: http://localhost:%s", config["local_port"])
+    logger.info("Press Ctrl+C to stop...")
+
+    try:
+        subprocess.run(cmd, check=True)
+    except KeyboardInterrupt:
+        logger.info("\n✅ Port forward stopped")
+
+
+def _build_port_forward_command(config: dict[str, str | int]) -> list[str]:
+    """Build the kubectl port-forward command."""
+    return [
+        "kubectl",
+        "port-forward",
+        "-n",
+        str(config["namespace"]),
+        f"svc/{config['service']}",
+        f"{config['local_port']}:{config['remote_port']}",
+    ]
+
+
+@port_forward.command()
+@click.argument("app_name")
+def app(app_name: str) -> None:
+    """Port forward all services in an ArgoCD application."""
+    try:
+        # Get application details
+        # Note: JSON parsing for service auto-detection is not yet implemented
+        logger.info("Port forwarding services for app '%s'...", app_name)
+        logger.info("⚠️  Auto-detection of app services not yet implemented")
+        logger.info("Use 'localargo port-forward start <service>' for individual services")
+
+    except FileNotFoundError:
+        logger.error("❌ argocd CLI not found")
+    except subprocess.CalledProcessError as e:
+        log_subprocess_error(e)
+
+
+@port_forward.command()
+def list_forwards() -> None:
+    """List active port forwards."""
+    try:
+        pids = _find_port_forward_processes()
+        if pids:
+            logger.info("Active port forwards (%s):", len(pids))
+            _display_port_forward_details(pids)
+        else:
+            logger.info("No active port forwards found")
+
+    except FileNotFoundError:
+        logger.error("❌ pgrep not available")
+
+
+def _find_port_forward_processes() -> list[str]:
+    """Find PIDs of kubectl port-forward processes."""
+    pgrep_path = shutil.which("pgrep")
+    if pgrep_path is None:
+        msg = "pgrep not found in PATH. Please ensure pgrep is installed and available."
+        raise RuntimeError(msg)
+
+    result = subprocess.run(
+        [pgrep_path, "-f", "kubectl port-forward"],
+        capture_output=True,
+        text=True,
+        check=False,
+    )
+
+    if result.returncode == 0 and result.stdout.strip():
+        return result.stdout.strip().split("\n")
+    return []
+
+
+def _display_port_forward_details(pids: list[str]) -> None:
+    """Display detailed information about port-forward processes."""
+    for pid in pids:
+        try:
+            process_details = _get_process_details(pid)
+            if process_details:
+                logger.info(process_details)
+        except subprocess.CalledProcessError:
+            pass
+
+
+def _get_process_details(pid: str) -> str | None:
+    """Get detailed information about a specific process."""
+    ps_path = shutil.which("ps")
+    if ps_path is None:
+        msg = "ps not found in PATH. Please ensure ps is installed and available."
+        raise RuntimeError(msg)
+
+    ps_result = subprocess.run(
+        [ps_path, "-p", pid, "-o", "pid,ppid,cmd"],
+        capture_output=True,
+        text=True,
+        check=True,
+    )
+    return ps_result.stdout.strip()
+
+
+@port_forward.command()
+@click.option("--all-forwards", "-a", is_flag=True, help="Stop all port forwards")
+def stop(*, all_forwards: bool) -> None:
+    """Stop port forwarding processes."""
+    try:
+        if all_forwards:
+            # Kill all kubectl port-forward processes
+            pkill_path = shutil.which("pkill")
+            if pkill_path is None:
+                msg = (
+                    "pkill not found in PATH. Please ensure pkill is installed and available."
+                )
+                raise RuntimeError(msg)
+            result = subprocess.run(
+                [pkill_path, "-f", "kubectl port-forward"],
+                capture_output=True,
+                text=True,
+                check=False,
+            )
+            if result.returncode == 0:
+                logger.info("✅ All port forwards stopped")
+            else:
+                logger.info("No active port forwards to stop")
+        else:
+            logger.info("Use --all-forwards to stop all port forwards")
+
+    except FileNotFoundError:
+        logger.error("❌ pkill not available")
+
+
+def _detect_app_namespace(service_name: str, _argocd_namespace: str) -> str:
+    """Try to detect the namespace for a service based on ArgoCD apps."""
+    try:
+        # Get all applications
+        result = run_subprocess(["argocd", "app", "list", "-o", "name"])
+    except FileNotFoundError:
+        return "default"
+
+    apps = result.stdout.strip().split("\n")
+
+    # For each app, check if it contains the service
+    for app_name in apps:
+        if not app_name.strip():
+            continue
+
+        app_namespace = _extract_namespace_from_app(app_name, service_name)
+        if app_namespace:
+            return app_namespace
+
+    # Default fallback
+    return "default"
+
+
+def _extract_namespace_from_app(app_name: str, service_name: str) -> str | None:
+    """Extract namespace from an ArgoCD app if it contains the service."""
+    try:
+        # Get app details
+        app_result = run_subprocess(["argocd", "app", "get", app_name, "--hard-refresh=false"])
+    except subprocess.CalledProcessError:
+        return None
+
+    # Look for the service in the output (simplified)
+    if service_name not in app_result.stdout:
+        return None
+
+    # Extract destination namespace from app
+    lines = app_result.stdout.split("\n")
+    for line in lines:
+        if "Destination:" in line and "namespace:" in line:
+            # Parse namespace from line like:
+            # "Destination:  https://kubernetes.default.svc (namespace: myapp)"
+            return line.split("namespace:")[-1].strip().split(")")[0].strip()
+
+    return None
+
+
+def _detect_service_port(service_name: str, namespace: str) -> int:
+    """Detect the port for a service."""
+    try:
+        # Get service details
+        kubectl_path = check_cli_availability("kubectl")
+        if kubectl_path is None:
+            msg = (
+                "kubectl not found in PATH. Please ensure kubectl is installed and available."
+            )
+            raise RuntimeError(msg)
+        result = subprocess.run(
+            [
+                kubectl_path,
+                "get",
+                "svc",
+                service_name,
+                "-n",
+                namespace,
+                "-o",
+                "jsonpath={.spec.ports[0].port}",
+            ],
+            capture_output=True,
+            text=True,
+            check=True,
+        )
+
+        port = result.stdout.strip()
+        if port:
+            return int(port)
+    except (subprocess.CalledProcessError, ValueError):
+        # Fallback to common ports
+        return 80
+
+    # Fallback to common ports
+    return 80

localargo/cli/commands/secrets.py

@@ -0,0 +1,300 @@
+# SPDX-FileCopyrightText: 2025-present William Born <william.born.git@gmail.com>
+#
+# SPDX-License-Identifier: MIT
+"""Secrets management for ArgoCD applications.
+
+This module provides commands for managing Kubernetes secrets used by ArgoCD applications.
+"""
+
+from __future__ import annotations
+
+import base64
+import json
+import os
+import subprocess
+import tempfile
+from pathlib import Path
+
+import click
+import yaml
+
+from localargo.logging import logger
+from localargo.utils.cli import run_subprocess
+
+# Constants
+MAX_SECRET_DISPLAY_LENGTH = 50
+
+
+@click.group()
+def secrets() -> None:
+    """Manage secrets for local ArgoCD development."""
+
+
+@secrets.command()
+@click.argument("name")
+@click.option("--namespace", "-n", default="default", help="Namespace")
+@click.option("--from-literal", "-l", multiple=True, help="Key=value pairs")
+@click.option("--from-file", "-f", multiple=True, help="Key=file pairs")
+@click.option("--dry-run", is_flag=True, help="Show what would be created")
+def create(
+    name: str,
+    namespace: str,
+    from_literal: tuple[str, ...],
+    from_file: tuple[str, ...],
+    *,
+    dry_run: bool,
+) -> None:
+    """Create a secret from literals or files."""
+    secret_data = _build_secret_data(from_literal, from_file)
+    if not secret_data:
+        return
+
+    secret_yaml = _generate_secret_yaml(name, namespace, secret_data)
+
+    if dry_run:
+        logger.info("--- DRY RUN ---")
+        logger.info(secret_yaml)
+        return
+
+    # Apply the secret
+    _apply_secret_yaml(secret_yaml, name, namespace)
+
+
+def _build_secret_data(
+    from_literal: tuple[str, ...], from_file: tuple[str, ...]
+) -> dict[str, str]:
+    """Build secret data from literals and files."""
+    data: dict[str, str] = {}
+
+    # Process literal values
+    if not _accumulate_literal_values(from_literal, data):
+        return {}
+
+    # Process file values
+    if not _accumulate_file_values(from_file, data):
+        return {}
+
+    if not data:
+        logger.error("❌ No data provided. Use --from-literal or --from-file")
+
+    return data
+
+
+def _accumulate_literal_values(literals: tuple[str, ...], data: dict[str, str]) -> bool:
+    """Parse and add literal key=value pairs into data. Return False on error."""
+    for literal in literals:
+        if "=" not in literal:
+            logger.error("❌ Invalid literal format: %s (expected key=value)", literal)
+            return False
+        key, val = literal.split("=", 1)
+        data[key] = base64.b64encode(val.encode()).decode()
+    return True
+
+
+def _accumulate_file_values(file_specs: tuple[str, ...], data: dict[str, str]) -> bool:
+    """Parse and add file-based key=file pairs into data. Return False on error."""
+    for file_spec in file_specs:
+        if "=" not in file_spec:
+            logger.error("❌ Invalid file format: %s (expected key=file)", file_spec)
+            return False
+        key, file_path = file_spec.split("=", 1)
+
+        file_path_obj = Path(file_path)
+        if not file_path_obj.exists():
+            logger.error("❌ File not found: %s", file_path)
+            return False
+
+        with open(file_path_obj, "rb") as file_handle:
+            data[key] = base64.b64encode(file_handle.read()).decode()
+    return True
+
+
+def _generate_secret_yaml(name: str, namespace: str, data: dict[str, str]) -> str:
+    """Generate YAML for the secret."""
+    yaml_lines = [
+        f"""apiVersion: v1
+kind: Secret
+metadata:
+  name: {name}
+  namespace: {namespace}
+type: Opaque
+data:
+"""
+    ]
+
+    for key, val in data.items():
+        yaml_lines.append(f"  {key}: {val}\n")
+
+    return "".join(yaml_lines)
+
+
+def _apply_secret_yaml(secret_yaml: str, name: str, namespace: str) -> None:
+    """Apply the secret YAML to the cluster."""
+    with tempfile.NamedTemporaryFile(mode="w", suffix=".yaml", delete=False) as tmp_file:
+        tmp_file.write(secret_yaml)
+        tmp_path = tmp_file.name
+
+    temp_file_path = Path(tmp_path)
+
+    try:
+        run_subprocess(["kubectl", "apply", "-f", str(temp_file_path)])
+        logger.info("✅ Secret '%s' created in namespace '%s'", name, namespace)
+    except subprocess.CalledProcessError as err:
+        logger.info("❌ Error creating secret: %s", err)
+    finally:
+        temp_file_path.unlink(missing_ok=True)
+
+
+@secrets.command()
+@click.argument("name")
+@click.option("--namespace", "-n", default="default", help="Namespace")
+def get(name: str, namespace: str) -> None:
+    """Get and decode secret values."""
+    try:
+        # Get secret data
+        result = run_subprocess(
+            ["kubectl", "get", "secret", name, "-n", namespace, "-o", "jsonpath={.data}"]
+        )
+
+        if not result.stdout.strip():
+            logger.info("❌ Secret '%s' not found or has no data", name)
+            return
+
+        # Parse and decode the data
+        data = json.loads(result.stdout)
+
+        logger.info("Secret: %s (namespace: %s)", name, namespace)
+        logger.info("-" * 40)
+
+        for key, encoded_value in data.items():
+            try:
+                decoded = base64.b64decode(encoded_value).decode("utf-8")
+                # Mask sensitive data
+                if len(decoded) > MAX_SECRET_DISPLAY_LENGTH:
+                    decoded = decoded[:MAX_SECRET_DISPLAY_LENGTH] + "..."
+                logger.info("%s: %s", key, decoded)
+            except (ValueError, UnicodeDecodeError):
+                logger.info("%s: <binary data or decode error>", key)
+
+    except subprocess.CalledProcessError as e:
+        logger.info(
+            "❌ Error getting secret: %s",
+            e,
+        )
+
+
+@secrets.command()
+@click.argument("name")
+@click.option("--namespace", "-n", default="default", help="Namespace")
+@click.option("--key", "-k", required=True, help="Secret key to update")
+@click.option("--value", "-v", help="New value")
+@click.option("--from-file", help="File containing new value")
+def update(
+    name: str, namespace: str, key: str, value: str | None, from_file: str | None
+) -> None:
+    """Update a secret key."""
+    if not _validate_update_inputs(value, from_file):
+        return
+
+    try:
+        secret = _read_current_secret(name, namespace)
+        encoded_value = _get_encoded_value(value, from_file)
+
+        _update_secret_data(secret, key, encoded_value)
+        _apply_updated_secret(secret, name, key)
+
+    except subprocess.CalledProcessError as e:
+        logger.error("❌ Updating secret failed with return code %s", e.returncode)
+        if e.stderr:
+            logger.error("Error details: %s", e.stderr.strip())
+        raise
+    except (OSError, ValueError) as e:
+        logger.error("❌ Error updating secret: %s", e)
+        raise
+
+
+def _validate_update_inputs(value: str | None, from_file: str | None) -> bool:
+    """Validate update command inputs."""
+    if not value and not from_file:
+        logger.error("❌ Must provide --value or --from-file")
+        return False
+
+    if value and from_file:
+        logger.error("❌ Cannot specify both --value and --from-file")
+        return False
+
+    return True
+
+
+def _read_current_secret(name: str, namespace: str) -> dict[str, str | dict[str, str]]:
+    """Read the current secret from the cluster."""
+    result = run_subprocess(["kubectl", "get", "secret", name, "-n", namespace, "-o", "yaml"])
+    secret_data = yaml.safe_load(result.stdout)
+    if not isinstance(secret_data, dict):
+        msg = f"Expected dict from kubectl output, got {type(secret_data)}"
+        raise TypeError(msg)
+    return secret_data
+
+
+def _get_encoded_value(value: str | None, from_file: str | None) -> str:
+    """Get the base64 encoded value from either direct value or file."""
+    if from_file:
+        if not Path(from_file).exists():
+            logger.error("❌ File not found: %s", from_file)
+            msg = f"File not found: {from_file}"
+            raise FileNotFoundError(msg)
+        with open(from_file, "rb") as f:
+            return base64.b64encode(f.read()).decode()
+    else:
+        if value is None:
+            msg = "Value cannot be None when not reading from file"
+            raise ValueError(msg)
+        return base64.b64encode(value.encode()).decode()
+
+
+def _update_secret_data(
+    secret: dict[str, str | dict[str, str]], key: str, encoded_value: str
+) -> None:
+    """Update the secret data with the new key-value pair."""
+    if "data" not in secret:
+        secret["data"] = {}
+    data_section = secret["data"]
+    if isinstance(data_section, dict):
+        data_section[key] = encoded_value
+
+
+def _apply_updated_secret(
+    secret: dict[str, str | dict[str, str]], name: str, key: str
+) -> None:
+    """Apply the updated secret to the cluster."""
+    temp_file = _write_secret_to_temp_file(secret)
+    try:
+        run_subprocess(["kubectl", "apply", "-f", str(temp_file)])
+        logger.info("✅ Secret '%s' updated (key: %s)", name, key)
+    finally:
+        temp_file.unlink(missing_ok=True)
+
+
+def _write_secret_to_temp_file(secret: dict[str, str | dict[str, str]]) -> Path:
+    """Write secret to a temporary file and return the path."""
+    temp_fd, temp_path = tempfile.mkstemp(suffix=".yaml")
+    os.close(temp_fd)  # Close the unused file descriptor
+    temp_file = Path(temp_path)
+    temp_file.write_text(yaml.dump(secret), encoding="utf-8")
+    return temp_file
+
+
+@secrets.command()
+@click.argument("name")
+@click.option("--namespace", "-n", default="default", help="Namespace")
+def delete(name: str, namespace: str) -> None:
+    """Delete a secret."""
+    if click.confirm(f"Delete secret '{name}' from namespace '{namespace}'?"):
+        try:
+            run_subprocess(["kubectl", "delete", "secret", name, "-n", namespace])
+            logger.info("✅ Secret '%s' deleted", name)
+        except subprocess.CalledProcessError as e:
+            logger.info(
+                "❌ Error deleting secret: %s",
+                e,
+            )