mrok 0.1.6__py3-none-any.whl → 0.1.7__py3-none-any.whl

mrok/cli/main.py

@@ -0,0 +1,97 @@
+import inspect
+import sys
+
+import typer
+from pyfiglet import Figlet
+from rich.text import Text
+from typer.core import TyperGroup
+
+from mrok.cli import commands
+from mrok.cli.rich import get_console
+from mrok.conf import get_settings
+from mrok.logging import setup_logging
+
+
+def gradient(start_hex, end_hex, num_samples=10):
+    start_rgb = tuple(int(start_hex[i : i + 2], 16) for i in range(1, 6, 2))
+    end_rgb = tuple(int(end_hex[i : i + 2], 16) for i in range(1, 6, 2))
+    gradient_colors = [start_hex]
+    for sample in range(1, num_samples):
+        red = int(start_rgb[0] + (float(sample) / (num_samples - 1)) * (end_rgb[0] - start_rgb[0]))
+        green = int(
+            start_rgb[1] + (float(sample) / (num_samples - 1)) * (end_rgb[1] - start_rgb[1])
+        )
+        blue = int(start_rgb[2] + (float(sample) / (num_samples - 1)) * (end_rgb[2] - start_rgb[2]))
+        gradient_colors.append(f"#{red:02X}{green:02X}{blue:02X}")
+
+    return gradient_colors
+
+
+def show_banner():
+    program_name = "mrok"
+    figlet = Figlet("georgia11")
+
+    banner_text = figlet.renderText(program_name)
+
+    banner_lines = [Text(line) for line in banner_text.splitlines()]
+    max_line_length = max(len(line) for line in banner_lines)
+    half_length = max_line_length // 2
+
+    colors = gradient("#00C9CD", "#472AFF", half_length) + gradient(
+        "#472AFF", "#392D9C", half_length + 1
+    )
+    console = get_console()
+
+    for line in banner_lines:
+        colored_line = Text()
+        for i in range(len(line)):
+            char = line[i : i + 1]
+            char.stylize(colors[i])
+            colored_line = Text.assemble(colored_line, char)
+        console.print(colored_line)
+
+
+class MrokGroup(TyperGroup):
+    def get_help(self, ctx):
+        show_banner()
+        return super().get_help(ctx)
+
+    def invoke(self, ctx):
+        show_banner()
+        return super().invoke(ctx)
+
+
+app = typer.Typer(
+    help="SoftwareOne Marketplace Extension Channel CLI",
+    add_completion=True,
+    rich_markup_mode="rich",
+    cls=MrokGroup,
+)
+
+err_console = get_console(stderr=True)
+
+for name, module in inspect.getmembers(commands):
+    if not inspect.ismodule(module):
+        continue
+
+    if hasattr(module, "command"):  # pragma: no branch
+        app.command(name=name.replace("_", "-"))(module.command)
+    elif hasattr(module, "app"):  # pragma: no branch
+        app.add_typer(module.app, name=name.replace("_", "-"))
+
+
+@app.callback()
+def main(
+    ctx: typer.Context,
+):
+    settings = get_settings()
+    setup_logging(settings, cli_mode=True)
+    ctx.obj = settings
+
+
+def run():
+    try:
+        app()
+    except Exception as e:
+        err_console.print(f"[bold red]Error:[/bold red] {e}")
+        sys.exit(-1)

mrok/cli/rich.py

@@ -0,0 +1,18 @@
+from rich.console import Console
+from rich.highlighter import ReprHighlighter
+from rich.theme import Theme
+
+
+class MrokHighlighter(ReprHighlighter):
+    prefixes = ("EXT", "ext", "INS", "ins")
+    highlights = ReprHighlighter.highlights + [
+        rf"(?P<mrok_id>(?:{'|'.join(prefixes)})(?:-\d{{4}})*)"
+    ]
+
+
+def get_console(stderr: bool = False) -> Console:
+    return Console(
+        stderr=stderr,
+        highlighter=MrokHighlighter(),
+        theme=Theme({"repr.mrok_id": "bold light_salmon3"}),
+    )

mrok/conf.py

@@ -0,0 +1,32 @@
+from dynaconf import Dynaconf, LazySettings
+
+type Settings = LazySettings
+
+DEFAULT_SETTINGS = {
+    "LOGGING": {
+        "debug": False,
+        "rich": False,
+    },
+    "PROXY": {
+        "identity": "public",
+        "mode": "zrok",
+    },
+    "ZITI": {
+        "ssl_verify": False,
+    },
+    "PAGINATION": {"limit": 50},
+}
+
+_settings = None
+
+
+def get_settings() -> Settings:
+    global _settings
+    if not _settings:
+        _settings = Dynaconf(
+            envvar_prefix="MROK",
+            settings_files=["settings.yaml", ".secrets.yaml"],
+            merge_enabled=True,
+        )
+        _settings.configure(**DEFAULT_SETTINGS)
+    return _settings

mrok/controller/app.py

@@ -0,0 +1,62 @@
+import logging
+from functools import partial
+
+import fastapi_pagination
+from fastapi import Depends, FastAPI
+from fastapi.routing import APIRoute, APIRouter
+
+from mrok.conf import get_settings
+from mrok.controller.auth import authenticate
+from mrok.controller.openapi import generate_openapi_spec
+from mrok.controller.routes import router as extensions_router
+
+logger = logging.getLogger(__name__)
+
+
+tags_metadata = [
+    {
+        "name": "Extensions",
+        "description": "Manage Extensions (services).",
+    },
+    {
+        "name": "Instances",
+        "description": "Manage Extension Instances (identities).",
+    },
+]
+
+
+def setup_custom_serialization(router: APIRouter):
+    for api_route in router.routes:
+        if (
+            isinstance(api_route, APIRoute)
+            and hasattr(api_route, "response_model")
+            and api_route.response_model
+        ):
+            api_route.response_model_exclude_none = True
+
+
+def setup_app():
+    app = FastAPI(
+        title="mrok Controller API",
+        description="API to orchestrate OpenZiti for Extensions.",
+        swagger_ui_parameters={"showExtensions": False, "showCommonExtensions": False},
+        openapi_tags=tags_metadata,
+        version="5.0.0",
+        root_path="/public/v1",
+    )
+    fastapi_pagination.add_pagination(app)
+
+    setup_custom_serialization(extensions_router)
+
+    # TODO: Add healthcheck
+    app.include_router(
+        extensions_router, prefix="/extensions", dependencies=[Depends(authenticate)]
+    )
+
+    settings = get_settings()
+
+    app.openapi = partial(generate_openapi_spec, app, settings)
+    return app
+
+
+app = setup_app()

mrok/controller/auth.py

@@ -0,0 +1,87 @@
+import logging
+from typing import Annotated
+
+import httpx
+import jwt
+from fastapi import Depends, HTTPException, Request, status
+from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
+
+from mrok.controller.dependencies.conf import AppSettings
+
+logger = logging.getLogger("mrok.controller")
+
+UNAUTHORIZED_EXCEPTION = HTTPException(
+    status_code=status.HTTP_401_UNAUTHORIZED, detail="Unauthorized."
+)
+
+
+class JWTCredentials(HTTPAuthorizationCredentials):
+    pass
+
+
+class JWTBearer(HTTPBearer):
+    def __init__(self):
+        super().__init__(auto_error=False)
+
+    async def __call__(self, request: Request) -> JWTCredentials:
+        credentials = await super().__call__(request)
+        if not credentials:
+            raise UNAUTHORIZED_EXCEPTION
+        try:
+            return JWTCredentials(
+                scheme=credentials.scheme,
+                credentials=credentials.credentials,
+            )
+        except jwt.InvalidTokenError:
+            raise UNAUTHORIZED_EXCEPTION
+
+
+async def authenticate(
+    settings: AppSettings,
+    credentials: Annotated[JWTCredentials, Depends(JWTBearer())],
+):
+    async with httpx.AsyncClient(
+        timeout=httpx.Timeout(
+            connect=0.25,
+            read=settings.auth.read_timeout,
+            write=2.0,
+            pool=5.0,
+        ),
+    ) as client:
+        try:
+            config_resp = await client.get(settings.auth.openid_config_url)
+            config_resp.raise_for_status()
+            config = config_resp.json()
+            issuer = config["issuer"]
+            jwks_uri = config["jwks_uri"]
+
+            jwks_resp = await client.get(jwks_uri)
+            jwks_resp.raise_for_status()
+            jwks = jwks_resp.json()
+
+            header = jwt.get_unverified_header(credentials.credentials)
+            kid = header["kid"]
+
+            key_data = next((k for k in jwks["keys"] if k["kid"] == kid), None)
+        except Exception:
+            logger.exception("Error fetching openid-config/jwks")
+            raise UNAUTHORIZED_EXCEPTION
+    if key_data is None:
+        logger.error("Key ID not found in JWKS")
+        raise UNAUTHORIZED_EXCEPTION
+
+    try:
+        payload = jwt.decode(
+            credentials.credentials,
+            jwt.PyJWK(key_data),
+            algorithms=[header["alg"]],
+            issuer=issuer,
+            audience=settings.auth.audience,
+        )
+        return payload
+    except jwt.InvalidKeyError as e:
+        logger.error(f"Invalid jwt token: {e}")
+        raise UNAUTHORIZED_EXCEPTION
+    except jwt.InvalidTokenError as e:
+        logger.error(f"Invalid jwt token: {e}")
+        raise UNAUTHORIZED_EXCEPTION

mrok/controller/dependencies/__init__.py

@@ -0,0 +1,4 @@
+from mrok.controller.dependencies.conf import AppSettings
+from mrok.controller.dependencies.ziti import ZitiClientAPI, ZitiManagementAPI
+
+__all__ = ["AppSettings", "ZitiClientAPI", "ZitiManagementAPI"]

mrok/controller/dependencies/conf.py

@@ -0,0 +1,7 @@
+from typing import Annotated
+
+from fastapi import Depends
+
+from mrok.conf import Settings, get_settings
+
+AppSettings = Annotated[Settings, Depends(get_settings)]

mrok/controller/dependencies/ziti.py

@@ -0,0 +1,27 @@
+from collections.abc import AsyncGenerator
+from typing import Annotated
+
+from fastapi import Depends
+
+from mrok.controller.dependencies.conf import AppSettings
+from mrok.ziti import api
+
+
+class APIClientFactory[T: api.BaseZitiAPI]:
+    def __init__(self, client_cls: type[T]):
+        self.client_cls = client_cls
+
+    async def __call__(self, settings: AppSettings) -> AsyncGenerator[T]:
+        client = self.client_cls(settings)
+        async with client:
+            yield client
+
+
+ZitiManagementAPI = Annotated[
+    api.ZitiManagementAPI,
+    Depends(APIClientFactory(api.ZitiManagementAPI)),
+]
+ZitiClientAPI = Annotated[
+    api.ZitiClientAPI,
+    Depends(APIClientFactory(api.ZitiClientAPI)),
+]

mrok/controller/openapi/__init__.py

@@ -0,0 +1,3 @@
+from mrok.controller.openapi.utils import generate_openapi_spec
+
+__all__ = ["generate_openapi_spec"]

mrok/controller/openapi/examples.py

@@ -0,0 +1,44 @@
+from mrok.ziti.constants import MROK_SERVICE_TAG_NAME, MROK_VERSION_TAG_NAME
+
+EXTENSION_RESPONSE = {
+    "id": "5Jm3PpLQ4mdzqXNRszhE0G",
+    "name": "ext-1234-5678",
+    "extension": {"id": "EXT-1234-5678"},
+    "tags": {"account": "ACC-5555-3333", MROK_VERSION_TAG_NAME: "1.0"},
+}
+
+
+INSTANCE_RESPONSE = {
+    "id": "h.KUkPOyZ4",
+    "name": "ins-1234-5678-0001.ext-1234-5678",
+    "extension": {"id": "EXT-1234-5678"},
+    "instance": {"id": "INS-1234-5678-0001"},
+    "tags": {
+        "account": "ACC-5555-3333",
+        MROK_VERSION_TAG_NAME: "1.0",
+        MROK_SERVICE_TAG_NAME: "ext-1234-5678",
+    },
+}
+
+INSTANCE_CREATE_RESPONSE = {
+    "id": "h.KUkPOyZ4",
+    "name": "ins-1234-5678-0001.ext-1234-5678",
+    "extension": {"id": "EXT-1234-5678"},
+    "instance": {"id": "INS-1234-5678-0001"},
+    "identity": {
+        "ztAPI": "https://ziti.exts.platform.softwareone.com/edge/client/v1",
+        "ztAPIs": None,
+        "configTypes": None,
+        "id": {
+            "key": "pem:-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n",
+            "cert": "pem:-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----\n",
+            "ca": "pem:-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----\n",
+        },
+        "enableHa": None,
+    },
+    "tags": {
+        "account": "ACC-5555-3333",
+        MROK_VERSION_TAG_NAME: "1.0",
+        MROK_SERVICE_TAG_NAME: "ext-1234-5678",
+    },
+}

mrok/controller/openapi/utils.py

@@ -0,0 +1,35 @@
+from fastapi import FastAPI
+from fastapi.openapi.utils import get_openapi
+
+from mrok.conf import Settings
+
+
+def generate_openapi_spec(app: FastAPI, settings: Settings):
+    if app.openapi_schema:  # pragma: no cover
+        return app.openapi_schema
+
+    # for api_route in app.routes:
+    #     if isinstance(api_route, APIRoute):
+    #         for dep in api_route.dependant.dependencies:
+    #             if dep.call and isinstance(dep.call, RQLQuery):
+    #                 api_route.description = (
+    #                     f"{api_route.description}\n\n"
+    #                     "## Available RQL filters\n\n"
+    #                     f"{dep.call.rules.get_documentation()}"
+    #                 )
+
+    spec = get_openapi(
+        title=app.title,
+        version=app.version,
+        openapi_version=app.openapi_version,
+        description=app.description,
+        tags=app.openapi_tags,
+        routes=app.routes,
+    )
+    # spec = inject_code_samples(
+    #     spec,
+    #     SnippetRenderer(),
+    #     settings.api_base_url,
+    # )
+    app.openapi_schema = spec
+    return app.openapi_schema

mrok/controller/pagination.py

@@ -0,0 +1,79 @@
+from __future__ import annotations
+
+from collections.abc import Sequence
+from typing import Any
+
+from fastapi import Query
+from fastapi_pagination import create_page, resolve_params
+from fastapi_pagination.bases import AbstractPage, AbstractParams, RawParams
+from pydantic import BaseModel, Field
+
+from mrok.controller.schemas import BaseSchema
+from mrok.ziti.api import BaseZitiAPI
+
+
+class MetaPagination(BaseModel):
+    limit: int
+    offset: int
+    total: int
+
+
+class Meta(BaseModel):
+    pagination: MetaPagination
+
+
+class LimitOffsetParams(BaseModel, AbstractParams):
+    limit: int = Query(50, ge=0, le=1000, description="Page size limit")
+    offset: int = Query(0, ge=0, description="Page offset")
+
+    def to_raw_params(self) -> RawParams:
+        return RawParams(  # pragma: no cover
+            limit=self.limit,
+            offset=self.offset,
+        )
+
+
+class LimitOffsetPage[S: BaseSchema](AbstractPage[S]):
+    data: list[S]
+    meta: Meta = Field(alias="$meta")
+
+    __params_type__ = LimitOffsetParams  # type: ignore
+
+    @classmethod
+    def create(
+        cls,
+        items: Sequence[S],
+        params: AbstractParams,
+        *,
+        total: int | None = None,
+        **kwargs: Any,
+    ) -> LimitOffsetPage[S]:
+        if not isinstance(params, LimitOffsetParams):  # pragma: no cover
+            raise TypeError("params must be of type LimitOffsetParams")
+        return cls(  # type: ignore
+            data=items,
+            meta=Meta(
+                pagination=MetaPagination(
+                    limit=params.limit,
+                    offset=params.offset,
+                    total=total,
+                )
+            ),
+        )
+
+
+async def paginate[S: BaseSchema](
+    api: BaseZitiAPI,
+    endpoint: str,
+    schema_cls: type[S],
+    extra_params: dict | None = None,
+) -> AbstractPage[S]:
+    params: LimitOffsetParams = resolve_params()
+    page = await api.get_page(endpoint, params.limit, params.offset, extra_params)
+    pagination_meta = page["meta"]["pagination"]
+    total = pagination_meta["totalCount"]
+    return create_page(
+        [schema_cls(**item) for item in page["data"]],
+        params=params,
+        total=total,
+    )