mas-cli 10.3.2__py3-none-any.whl → 10.4.1__py3-none-any.whl

mas/cli/__init__.py

@@ -8,4 +8,4 @@
 #
 # *****************************************************************************
 
-__version__ = "10.3.2"
+__version__ = "10.4.1"

mas/cli/cli.py

@@ -20,6 +20,7 @@ from sys import exit
 from openshift import dynamic
 from kubernetes import config
 from kubernetes.client import api_client
+from openshift.dynamic.exceptions import NotFoundError
 
 from prompt_toolkit import prompt, print_formatted_text, HTML
 
@@ -198,8 +199,10 @@ class BaseApp(PrintMixin, PromptMixin):
                     # We are already connected to a cluster, but prompt the user if they want to use this connection
                     continueWithExistingCluster = prompt(HTML('<Yellow>Proceed with this cluster?</Yellow> '), validator=YesNoValidator(), validate_while_typing=False)
                     promptForNewServer = continueWithExistingCluster in ["n", "no"]
-            except Exception:
+            except Exception as e:
                 # We are already connected to a cluster, but the connection is not valid so prompt for connection details
+                logger.debug("Failed looking up OpenShift Console route to verify connection")
+                logger.exception(e, stack_info=True)
                 promptForNewServer = True
         else:
             # We are not already connected to any cluster, so prompt for connection details
@@ -214,3 +217,35 @@ class BaseApp(PrintMixin, PromptMixin):
             if self._dynClient is None:
                 print_formatted_text(HTML("<Red>Unable to connect to cluster.  See log file for details</Red>"))
                 exit(1)
+
+    def initializeApprovalConfigMap(self, namespace: str, id: str, key: str=None, maxRetries: int=100, delay: int=300, ignoreFailure: bool=True) -> None:
+        """
+        Set key = None if you don't want approval workflow enabled
+        """
+        cmAPI = self.dynamicClient.resources.get(api_version="v1", kind="ConfigMap")
+        configMap = {
+            "apiVersion": "v1",
+            "kind": "ConfigMap",
+            "metadata": {
+                "name": f"approval-{id}",
+                "namespace": namespace
+            },
+            "data": {
+                "MAX_RETRIES": str(maxRetries),
+                "DELAY": str(delay),
+                "IGNORE_FAILURE": str(ignoreFailure),
+                "CONFIGMAP_KEY": key,
+                key: ""
+            }
+        }
+
+        # Delete any existing configmap and create a new one
+        try:
+            logger.debug(f"Deleting any existing approval workflow configmap for {id}")
+            cmAPI.delete(name=f"approval-{id}", namespace=namespace)
+        except NotFoundError:
+            pass
+
+        if key is not None:
+            logger.debug(f"Enabling approval workflow for {id} using {key} with {maxRetries} max retries on a {delay}s delay ({'ignoring failures' if ignoreFailure else 'abort on failure'})")
+            cmAPI.create(body=configMap, namespace=namespace)

mas/cli/install/app.py

@@ -33,12 +33,20 @@ from mas.cli.validators import (
   InstanceIDFormatValidator,
   WorkspaceIDFormatValidator,
   WorkspaceNameFormatValidator,
+  TimeoutFormatValidator,
   StorageClassValidator,
   OptimizerInstallPlanValidator
 )
 
 from mas.devops.ocp import createNamespace, getStorageClass, getStorageClasses
-from mas.devops.tekton import installOpenShiftPipelines, updateTektonDefinitions, preparePipelinesNamespace, prepareInstallSecrets, testCLI, launchInstallPipeline
+from mas.devops.tekton import (
+    installOpenShiftPipelines,
+    updateTektonDefinitions,
+    preparePipelinesNamespace,
+    prepareInstallSecrets,
+    testCLI,
+    launchInstallPipeline
+)
 
 logger = logging.getLogger(__name__)
 
@@ -51,6 +59,7 @@ class InstallApp(BaseApp, InstallSettingsMixin, InstallSummarizerMixin, ConfigGe
             catalogDisplayName = catalog.spec.displayName
 
             m = re.match(r".+(?P<catalogId>v[89]-(?P<catalogVersion>[0-9]+)-amd64)", catalogDisplayName)
+            print(f"m: {m}")
             if m:
                 # catalogId = v8-yymmdd-amd64
                 # catalogVersion = yymmdd
@@ -187,6 +196,23 @@ class InstallApp(BaseApp, InstallSettingsMixin, InstallSummarizerMixin, ConfigGe
 
         self.deployCP4D = True
 
+    def configSSOProperties(self):
+        self.printH1("Single Sign-On (SSO)")
+        self.printDescription([
+            "Many aspects of Maximo Application Suite's Single Sign-On (SSO) can be customized:",
+            " - Idle session automatic logout timer",
+            " - Session, access token, and refresh token timeouts",
+            " - Default identity provider (IDP), and seamless login"
+        ])
+        sso_response = self.yesOrNo("Configure SSO properties")
+        if sso_response:
+            self.promptForInt("Enter the idle timeout (in seconds)", "idle_timeout", default=1800)
+            self.promptForString("Enter the IDP session timeout (e.g., '12h' for 12 hours)", "idp_session_timeout", validator=TimeoutFormatValidator(), default="12h")
+            self.promptForString("Enter the access token timeout (e.g., '30m' for 30 minutes)", "access_token_timeout", validator=TimeoutFormatValidator(), default="30m")
+            self.promptForString("Enter the refresh token timeout (e.g., '12h' for 12 hours)", "refresh_token_timeout", validator=TimeoutFormatValidator(), default="12h")
+            self.promptForString("Enter the default Identity Provider (IDP)", "default_idp", default="local")
+            self.yesOrNo("Enable seamless login?", param="seamless_login")
+
     def configMAS(self):
         self.printH1("Configure MAS Instance")
         self.printDescription([
@@ -215,6 +241,7 @@ class InstallApp(BaseApp, InstallSettingsMixin, InstallSummarizerMixin, ConfigGe
         self.configOperationMode()
         self.configCATrust()
         self.configDNSAndCerts()
+        self.configSSOProperties()
 
     def configCATrust(self) -> None:
         self.printH1("Certificate Authority Trust")
@@ -568,22 +595,38 @@ class InstallApp(BaseApp, InstallSettingsMixin, InstallSummarizerMixin, ConfigGe
         self.db2SetAffinity = False
         self.db2SetTolerations = False
 
+        self.approvals = {
+            "approval_core": {"id": "suite-verify"},  # After Core Platform verification has completed
+            "approval_assist": {"id": "app-cfg-assist"},  # After Assist workspace has been configured
+            "approval_iot": {"id": "app-cfg-iot"},  # After IoT workspace has been configured
+            "approval_manage": {"id": "app-cfg-manage"},  # After Manage workspace has been configured
+            "approval_monitor": {"id": "app-cfg-monitor"},  # After Monitor workspace has been configured
+            "approval_optimizer": {"id": "app-cfg-optimizer"},  # After Optimizer workspace has been configured
+            "approval_predict": {"id": "app-cfg-predict"},  # After Predict workspace has been configured
+            "approval_visualinspection": {"id": "app-cfg-visualinspection"}  # After Visual Inspection workspace has been configured
+        }
+
         self.configGrafana()
 
         requiredParams = [
+            # MAS
             "mas_catalog_version",
             "mas_channel",
             "mas_instance_id",
             "mas_workspace_id",
             "mas_workspace_name",
+            # Storage classes
             "storage_class_rwo",
             "storage_class_rwx",
+            # Entitlement
             "ibm_entitlement_key",
+            # DRO
             "uds_contact_email",
             "uds_contact_firstname",
             "uds_contact_lastname"
         ]
         optionalParams = [
+            # MAS
             "mas_superuser_username",
             "mas_superuser_password",
             "mas_trust_default_cas",
@@ -609,9 +652,11 @@ class InstallApp(BaseApp, InstallSettingsMixin, InstallSummarizerMixin, ConfigGe
             "mas_app_settings_secondary_langs",
             "mas_app_settings_server_timezone",
             "ocp_ingress_tls_secret_name",
+            # DRO
             "dro_namespace",
+            # MongoDb
             "mongodb_namespace",
-            "cpd_product_version",
+            # Db2
             "db2_action_system",
             "db2_action_manage",
             "db2_type",
@@ -632,9 +677,12 @@ class InstallApp(BaseApp, InstallSettingsMixin, InstallSummarizerMixin, ConfigGe
             "db2_logs_storage_size",
             "db2_meta_storage_size",
             "db2_temp_storage_size",
+            # CP4D
+            "cpd_product_version",
             "cpd_install_cognos",
             "cpd_install_openscale",
             "cpd_install_spss",
+            # Kafka
             "kafka_namespace",
             "kafka_version",
             "aws_msk_instance_type",
@@ -648,21 +696,27 @@ class InstallApp(BaseApp, InstallSettingsMixin, InstallSummarizerMixin, ConfigGe
             "eventstreams_resource_group",
             "eventstreams_instance_name",
             "eventstreams_instance_location",
+            # ECK
             "eck_action",
             "eck_enable_logstash",
             "eck_remote_es_hosts",
             "eck_remote_es_username",
             "eck_remote_es_password",
+            # Turbonomic
             "turbonomic_target_name",
             "turbonomic_server_url",
             "turbonomic_server_version",
             "turbonomic_username",
             "turbonomic_password",
+            # Cloud Providers
             "ibmcloud_apikey",
             "aws_region",
             "aws_access_key_id",
             "secret_access_key",
             "aws_vpc_id",
+            # Dev Mode
+            "artifactory_username",
+            "artifactory_token",
             # TODO: The way arcgis has been implemented needs to be fixed
             "install_arcgis",
             "mas_arcgis_channel"
@@ -765,6 +819,23 @@ class InstallApp(BaseApp, InstallSettingsMixin, InstallSummarizerMixin, ConfigGe
                         self.fatalError(f"{key} must be set")
                     self.slsLicenseFileLocal = value
 
+            elif key.startswith("approval_"):
+                if key not in self.approvals:
+                    raise KeyError(f"{key} is not a supported approval workflow ID: {self.approvals.keys()}")
+
+                if value != "":
+                    valueParts = value.split(":")
+                    if len(valueParts) != 4:
+                        self.fatalError(f"Unsupported format for {key} ({value}).  Expected APPROVAL_KEY:MAX_RETRIES:RETRY_DELAY:IGNORE_FAILURE")
+                    else:
+                        try:
+                            self.approvals[key]["approvalKey"] = valueParts[0]
+                            self.approvals[key]["maxRetries"] = int(valueParts[1])
+                            self.approvals[key]["retryDelay"] = int(valueParts[2])
+                            self.approvals[key]["ignoreFailure"] = bool(valueParts[3])
+                        except:
+                            self.fatalError(f"Unsupported format for {key} ({value}).  Expected string:int:int:boolean")
+
             # Arguments that we don't need to do anything with
             elif key in ["accept_license", "dev_mode", "skip_pre_check", "no_confirm", "no_wait_for_pvc", "help"]:
                 pass
@@ -958,6 +1029,9 @@ class InstallApp(BaseApp, InstallSettingsMixin, InstallSummarizerMixin, ConfigGe
                     podTemplates=self.podTemplatesSecret,
                     certs=self.certsSecret
                 )
+
+                self.setupApprovals(pipelinesNamespace)
+
                 h.stop_and_persist(symbol=self.successIcon, text=f"Namespace is ready ({pipelinesNamespace})")
 
             with Halo(text=f'Testing availability of MAS CLI image in cluster', spinner=self.spinner) as h:
@@ -976,3 +1050,19 @@ class InstallApp(BaseApp, InstallSettingsMixin, InstallSummarizerMixin, ConfigGe
                 else:
                     h.stop_and_persist(symbol=self.failureIcon, text=f"Failed to submit PipelineRun for {self.getParam('mas_instance_id')} install, see log file for details")
                     print()
+
+    def setupApprovals(self, namespace: str) -> None:
+        """
+        Ensure the supported approval configmaps are in the expected state for the start of the run:
+         - not present (if approval is not required)
+         - present with the chosen state field initialized to ""
+        """
+        for approval in self.approvals.values():
+            if "approvalKey" in approval:
+                # Enable this approval workload
+                logger.debug(f"Approval workflow for {approval['id']} will be enabled during install ({approval['maxRetries']} / {approval['retryDelay']}s / {approval['approvalKey']} / {approval['ignoreFailure']})")
+                self.initializeApprovalConfigMap(namespace, approval['id'], approval['approvalKey'], approval['maxRetries'], approval['retryDelay'], approval['ignoreFailure'])
+            else:
+                # Disable this approval workload
+                logger.debug(f"Approval workflow for {approval['id']} will be disabled during install")
+                self.initializeApprovalConfigMap(namespace, approval['id'])

mas/cli/install/argParser.py

@@ -146,7 +146,7 @@ masAdvancedArgGroup.add_argument(
 masAdvancedArgGroup.add_argument(
     "--manual-certificates",
     required=False,
-    help="Please enter the path containing the manual certificates for core and the apps to be installed"
+    help="Path to directory containing the certificates to be applied"
 )
 
 # Storage
@@ -756,12 +756,73 @@ cloudArgGroup.add_argument(
     help="Set target Virtual Private Cloud ID for the MSK instance"
 )
 
+# Development Mode
+# -----------------------------------------------------------------------------
+devArgGroup = installArgParser.add_argument_group("Development Mode")
+devArgGroup.add_argument(
+    "--artifactory-username",
+    required=False,
+    help="Username for access to development builds on Artifactory"
+)
+devArgGroup.add_argument(
+    "--artifactory-token",
+    required=False,
+    help="API Token for access to development builds on Artifactory"
+)
+
+# Approvals
+# -----------------------------------------------------------------------------
+approvalsGroup = installArgParser.add_argument_group("Integrated Approval Workflow (APPROVAL_KEY:MAX_RETRIES:RETRY_DELAY:IGNORE_FAILURE)")
+approvalsGroup.add_argument(
+    "--approval-core",
+    default="",
+    help="Require approval after the Core Platform has been configured"
+)
+approvalsGroup.add_argument(
+    "--approval-assist",
+    default="",
+    help="Require approval after the Maximo Assist workspace has been configured"
+)
+approvalsGroup.add_argument(
+    "--approval-iot",
+    default="",
+    help="Require approval after the Maximo IoT workspace has been configured"
+)
+approvalsGroup.add_argument(
+    "--approval-manage",
+    default="",
+    help="Require approval after the Maximo Manage workspace has been configured"
+)
+approvalsGroup.add_argument(
+    "--approval-monitor",
+    default="",
+    help="Require approval after the Maximo Monitor workspace has been configured"
+)
+approvalsGroup.add_argument(
+    "--approval-optimizer",
+    default="",
+    help="Require approval after the Maximo Optimizer workspace has been configured"
+)
+approvalsGroup.add_argument(
+    "--approval-predict",
+    default="",
+    help="Require approval after the Maximo Predict workspace has been configured"
+)
+approvalsGroup.add_argument(
+    "--approval-visualinspection",
+    default="",
+    help="Require approval after the Maximo Visual Inspection workspace has been configured"
+)
+
+
+# More Options
+# -----------------------------------------------------------------------------
 otherArgGroup = installArgParser.add_argument_group("More")
 otherArgGroup.add_argument(
     "--accept-license",
     action="store_true",
     default=False,
-    help=""
+    help="Accept all license terms without prompting"
 )
 otherArgGroup.add_argument(
     "--dev-mode",