mrok 0.1.6__py3-none-any.whl → 0.1.8__py3-none-any.whl

mrok/cli/commands/admin/unregister/instances.py

@@ -0,0 +1,34 @@
+import asyncio
+import re
+
+import typer
+
+from mrok.conf import Settings
+from mrok.ziti.api import ZitiManagementAPI
+from mrok.ziti.identities import unregister_instance
+
+RE_EXTENSION_ID = re.compile(r"(?i)EXT-\d{4}-\d{4}")
+
+
+async def do_unregister(settings: Settings, extension_id: str, instance_id: str):
+    async with ZitiManagementAPI(settings) as api:
+        await unregister_instance(api, extension_id, instance_id)
+
+
+def validate_extension_id(extension_id: str):
+    if not RE_EXTENSION_ID.fullmatch(extension_id):
+        raise typer.BadParameter("ext_id must match EXT-xxxx-yyyy (case-insensitive)")
+    return extension_id
+
+
+def register(app: typer.Typer) -> None:
+    @app.command("instance")
+    def unregister_instance(
+        ctx: typer.Context,
+        extension_id: str = typer.Argument(
+            ..., callback=validate_extension_id, help="Extension ID in format EXT-xxxx-yyyy"
+        ),
+        instance_id: str = typer.Argument(..., help="Instance ID"),
+    ):
+        """Register a new Extension Instance in OpenZiti (identity)."""
+        asyncio.run(do_unregister(ctx.obj, extension_id, instance_id))

mrok/cli/commands/admin/utils.py

@@ -0,0 +1,49 @@
+from datetime import datetime
+
+import typer
+
+from mrok.ziti.api import TagsType
+
+
+def parse_tags(pairs: list[str] | None) -> TagsType | None:
+    if not pairs:
+        return None
+
+    result: dict[str, str | bool | None] = {}
+    for item in pairs:
+        if "=" not in item:
+            raise typer.BadParameter(f"Invalid format {item!r}, expected key=value")
+        key, raw = item.split("=", 1)
+        raw_lower = raw.strip().lower()
+        if raw_lower in ("true", "false"):
+            val: str | bool | None = raw_lower == "true"
+        elif raw == "":
+            val = None
+        else:
+            val = raw
+        result[key.strip()] = val
+    return result
+
+
+def tags_to_filter(tags: list[str]) -> str:
+    parsed_tags = parse_tags(tags)
+    return " and ".join([f'tags.{key}="{value}"' for key, value in parsed_tags.items()])
+
+
+def format_timestamp(iso_timestamp: str) -> str:
+    dt = datetime.strptime(iso_timestamp, "%Y-%m-%dT%H:%M:%S.%fZ")
+    return dt.strftime("%Y-%m-%d %H:%M:%S")
+
+
+def format_tags(tags: dict, delimiter: str = "\n") -> str:
+    if not tags:
+        return "-"
+
+    return f"{delimiter}".join(f"{k}: {v}" for k, v in tags.items())
+
+
+def extract_names(data: list[dict], delimiter: str = "\n") -> str:
+    if not data:
+        return "-"
+
+    return f"{delimiter}".join(item["name"] for item in data if item.get("name"))

mrok/cli/commands/agent/__init__.py

@@ -0,0 +1,6 @@
+import typer
+
+from mrok.cli.commands.agent.run import app as run_app
+
+app = typer.Typer(help="mrok agent commands.")
+app.add_typer(run_app)

mrok/cli/commands/agent/run/__init__.py

@@ -0,0 +1,7 @@
+import typer
+
+from mrok.cli.commands.agent.run import asgi, sidecar
+
+app = typer.Typer(name="run", help="Run mrok agent.")
+asgi.register(app)
+sidecar.register(app)

mrok/cli/commands/agent/run/asgi.py

@@ -0,0 +1,49 @@
+import multiprocessing
+from pathlib import Path
+from typing import Annotated
+
+import typer
+
+# from app.logging import get_logging_config
+from mrok.agent import ziticorn
+
+
+def number_of_workers():
+    return (multiprocessing.cpu_count() * 2) + 1
+
+
+default_workers = number_of_workers()
+
+
+def register(app: typer.Typer) -> None:
+    @app.command("asgi")
+    def run_asgi(
+        app: str = typer.Argument(
+            ...,
+            help="ASGI application",
+        ),
+        identity_file: Path = typer.Argument(
+            ...,
+            help="Identity json file",
+        ),
+        workers: Annotated[
+            int,
+            typer.Option(
+                "--workers",
+                "-w",
+                help=f"Number of workers. Default: {default_workers}",
+                show_default=True,
+            ),
+        ] = default_workers,
+        reload: Annotated[
+            bool,
+            typer.Option(
+                "--reload",
+                "-r",
+                help="Enable auto-reload. Default: False",
+                show_default=True,
+            ),
+        ] = False,
+    ):
+        """Run an ASGI application exposing it through OpenZiti network."""
+        ziticorn.run(app, str(identity_file), workers=workers, reload=reload)

mrok/cli/commands/agent/run/sidecar.py

@@ -0,0 +1,54 @@
+import multiprocessing
+from pathlib import Path
+from typing import Annotated
+
+import typer
+
+from mrok.agent import sidecar
+
+
+def number_of_workers():
+    return (multiprocessing.cpu_count() * 2) + 1
+
+
+default_workers = number_of_workers()
+
+
+def register(app: typer.Typer) -> None:
+    @app.command("sidecar")
+    def run_sidecar(
+        identity_file: Path = typer.Argument(
+            ...,
+            help="Identity json file",
+        ),
+        target: Path = typer.Argument(
+            ...,
+            help="Target service (host:port or path to unix domain socket)",
+        ),
+        workers: Annotated[
+            int,
+            typer.Option(
+                "--workers",
+                "-w",
+                help=f"Number of workers. Default: {default_workers}",
+                show_default=True,
+            ),
+        ] = default_workers,
+        reload: Annotated[
+            bool,
+            typer.Option(
+                "--reload",
+                "-r",
+                help="Enable auto-reload. Default: False",
+                show_default=True,
+            ),
+        ] = False,
+    ):
+        """Run a Sidecar Proxy to expose a web application through OpenZiti."""
+        if ":" in str(target):
+            host, port = str(target).split(":", 1)
+            target_addr = (host or "127.0.0.1", int(port))
+        else:
+            target_addr = str(target)  # type: ignore
+
+        sidecar.run(str(identity_file), target_addr, workers=workers, reload=reload)

mrok/cli/commands/controller/__init__.py

@@ -0,0 +1,7 @@
+import typer
+
+from mrok.cli.commands.controller import openapi, run
+
+app = typer.Typer(help="mrok controller commands.")
+run.register(app)
+openapi.register(app)

mrok/cli/commands/controller/openapi.py

@@ -0,0 +1,47 @@
+import json
+from enum import Enum
+from pathlib import Path
+from typing import Annotated
+
+import typer
+import yaml
+
+from mrok.controller.openapi import generate_openapi_spec
+
+
+class OutputFormat(str, Enum):
+    json = "json"
+    yaml = "yaml"
+
+
+def register(app: typer.Typer) -> None:
+    @app.command("openapi")
+    def generate_spec(
+        ctx: typer.Context,
+        output: Annotated[
+            Path | None,
+            typer.Option(
+                "--output",
+                "-o",
+                help="Output file",
+            ),
+        ] = Path("mrok_openapi_spec.yml"),
+        output_format: Annotated[
+            OutputFormat,
+            typer.Option(
+                "--output-format",
+                "-f",
+                help="Output file format",
+            ),
+        ] = OutputFormat.yaml,
+    ):
+        """
+        Generates the mrok controller OpenAPI spec file.
+        """
+        from mrok.controller.app import app
+
+        dump_fn = json.dump if output_format == OutputFormat.json else yaml.dump
+        spec = generate_openapi_spec(app, ctx.obj)
+
+        with open(output, "w") as f:  # type: ignore
+            dump_fn(spec, f, indent=2)

mrok/cli/commands/controller/run.py

@@ -0,0 +1,87 @@
+import multiprocessing
+from collections.abc import Callable
+from typing import Annotated, Any
+
+import typer
+from gunicorn.app.base import BaseApplication
+
+from mrok.controller.app import app as asgi_app
+from mrok.logging import get_logging_config
+
+
+def number_of_workers():
+    return (multiprocessing.cpu_count() * 2) + 1
+
+
+class StandaloneApplication(BaseApplication):  # pragma: no cover
+    def __init__(self, application: Callable, options: dict[str, Any] | None = None):
+        self.options = options or {}
+        self.application = application
+        super().__init__()
+
+    def load_config(self):
+        config = {
+            key: value
+            for key, value in self.options.items()
+            if key in self.cfg.settings and value is not None
+        }
+        for key, value in config.items():
+            self.cfg.set(key.lower(), value)
+
+    def load(self):
+        return self.application
+
+
+default_workers = number_of_workers()
+
+
+def register(app: typer.Typer) -> None:
+    @app.command("run")
+    def run_controller(
+        ctx: typer.Context,
+        host: Annotated[
+            str,
+            typer.Option(
+                "--host",
+                "-h",
+                help="Host to bind to. Default: 127.0.0.1",
+                show_default=True,
+            ),
+        ] = "127.0.0.1",
+        port: Annotated[
+            int,
+            typer.Option(
+                "--port",
+                "-p",
+                help="Port to bind to. Default: 8000",
+                show_default=True,
+            ),
+        ] = 8000,
+        workers: Annotated[
+            int,
+            typer.Option(
+                "--workers",
+                "-w",
+                help=f"Number of workers. Default: {default_workers}",
+                show_default=True,
+            ),
+        ] = default_workers,
+        dev: Annotated[
+            bool,
+            typer.Option(
+                "--reload",
+                "-r",
+                help="Enable auto-reload. Default: False",
+                show_default=True,
+            ),
+        ] = False,
+    ):
+        """Run the mrok controller with Gunicorn and Uvicorn workers."""
+        options = {
+            "bind": f"{host}:{port}",
+            "workers": workers,
+            "worker_class": "uvicorn_worker.UvicornWorker",
+            "logconfig_dict": get_logging_config(ctx.obj),
+            "reload": dev,
+        }
+        StandaloneApplication(asgi_app, options).run()

mrok/cli/main.py

@@ -0,0 +1,97 @@
+import inspect
+import sys
+
+import typer
+from pyfiglet import Figlet
+from rich.text import Text
+from typer.core import TyperGroup
+
+from mrok.cli import commands
+from mrok.cli.rich import get_console
+from mrok.conf import get_settings
+from mrok.logging import setup_logging
+
+
+def gradient(start_hex, end_hex, num_samples=10):
+    start_rgb = tuple(int(start_hex[i : i + 2], 16) for i in range(1, 6, 2))
+    end_rgb = tuple(int(end_hex[i : i + 2], 16) for i in range(1, 6, 2))
+    gradient_colors = [start_hex]
+    for sample in range(1, num_samples):
+        red = int(start_rgb[0] + (float(sample) / (num_samples - 1)) * (end_rgb[0] - start_rgb[0]))
+        green = int(
+            start_rgb[1] + (float(sample) / (num_samples - 1)) * (end_rgb[1] - start_rgb[1])
+        )
+        blue = int(start_rgb[2] + (float(sample) / (num_samples - 1)) * (end_rgb[2] - start_rgb[2]))
+        gradient_colors.append(f"#{red:02X}{green:02X}{blue:02X}")
+
+    return gradient_colors
+
+
+def show_banner():
+    program_name = "mrok"
+    figlet = Figlet("georgia11")
+
+    banner_text = figlet.renderText(program_name)
+
+    banner_lines = [Text(line) for line in banner_text.splitlines()]
+    max_line_length = max(len(line) for line in banner_lines)
+    half_length = max_line_length // 2
+
+    colors = gradient("#00C9CD", "#472AFF", half_length) + gradient(
+        "#472AFF", "#392D9C", half_length + 1
+    )
+    console = get_console()
+
+    for line in banner_lines:
+        colored_line = Text()
+        for i in range(len(line)):
+            char = line[i : i + 1]
+            char.stylize(colors[i])
+            colored_line = Text.assemble(colored_line, char)
+        console.print(colored_line)
+
+
+class MrokGroup(TyperGroup):
+    def get_help(self, ctx):
+        show_banner()
+        return super().get_help(ctx)
+
+    def invoke(self, ctx):
+        show_banner()
+        return super().invoke(ctx)
+
+
+app = typer.Typer(
+    help="SoftwareOne Marketplace Extension Channel CLI",
+    add_completion=True,
+    rich_markup_mode="rich",
+    cls=MrokGroup,
+)
+
+err_console = get_console(stderr=True)
+
+for name, module in inspect.getmembers(commands):
+    if not inspect.ismodule(module):
+        continue
+
+    if hasattr(module, "command"):  # pragma: no branch
+        app.command(name=name.replace("_", "-"))(module.command)
+    elif hasattr(module, "app"):  # pragma: no branch
+        app.add_typer(module.app, name=name.replace("_", "-"))
+
+
+@app.callback()
+def main(
+    ctx: typer.Context,
+):
+    settings = get_settings()
+    setup_logging(settings, cli_mode=True)
+    ctx.obj = settings
+
+
+def run():
+    try:
+        app()
+    except Exception as e:
+        err_console.print(f"[bold red]Error:[/bold red] {e}")
+        sys.exit(-1)

mrok/cli/rich.py

@@ -0,0 +1,18 @@
+from rich.console import Console
+from rich.highlighter import ReprHighlighter
+from rich.theme import Theme
+
+
+class MrokHighlighter(ReprHighlighter):
+    prefixes = ("EXT", "ext", "INS", "ins")
+    highlights = ReprHighlighter.highlights + [
+        rf"(?P<mrok_id>(?:{'|'.join(prefixes)})(?:-\d{{4}})*)"
+    ]
+
+
+def get_console(stderr: bool = False) -> Console:
+    return Console(
+        stderr=stderr,
+        highlighter=MrokHighlighter(),
+        theme=Theme({"repr.mrok_id": "bold light_salmon3"}),
+    )

mrok/conf.py

@@ -0,0 +1,32 @@
+from dynaconf import Dynaconf, LazySettings
+
+type Settings = LazySettings
+
+DEFAULT_SETTINGS = {
+    "LOGGING": {
+        "debug": False,
+        "rich": False,
+    },
+    "PROXY": {
+        "identity": "public",
+        "mode": "zrok",
+    },
+    "ZITI": {
+        "ssl_verify": False,
+    },
+    "PAGINATION": {"limit": 50},
+}
+
+_settings = None
+
+
+def get_settings() -> Settings:
+    global _settings
+    if not _settings:
+        _settings = Dynaconf(
+            envvar_prefix="MROK",
+            settings_files=["settings.yaml", ".secrets.yaml"],
+            merge_enabled=True,
+        )
+        _settings.configure(**DEFAULT_SETTINGS)
+    return _settings

mrok/controller/app.py

@@ -0,0 +1,62 @@
+import logging
+from functools import partial
+
+import fastapi_pagination
+from fastapi import Depends, FastAPI
+from fastapi.routing import APIRoute, APIRouter
+
+from mrok.conf import get_settings
+from mrok.controller.auth import authenticate
+from mrok.controller.openapi import generate_openapi_spec
+from mrok.controller.routes import router as extensions_router
+
+logger = logging.getLogger(__name__)
+
+
+tags_metadata = [
+    {
+        "name": "Extensions",
+        "description": "Manage Extensions (services).",
+    },
+    {
+        "name": "Instances",
+        "description": "Manage Extension Instances (identities).",
+    },
+]
+
+
+def setup_custom_serialization(router: APIRouter):
+    for api_route in router.routes:
+        if (
+            isinstance(api_route, APIRoute)
+            and hasattr(api_route, "response_model")
+            and api_route.response_model
+        ):
+            api_route.response_model_exclude_none = True
+
+
+def setup_app():
+    app = FastAPI(
+        title="mrok Controller API",
+        description="API to orchestrate OpenZiti for Extensions.",
+        swagger_ui_parameters={"showExtensions": False, "showCommonExtensions": False},
+        openapi_tags=tags_metadata,
+        version="5.0.0",
+        root_path="/public/v1",
+    )
+    fastapi_pagination.add_pagination(app)
+
+    setup_custom_serialization(extensions_router)
+
+    # TODO: Add healthcheck
+    app.include_router(
+        extensions_router, prefix="/extensions", dependencies=[Depends(authenticate)]
+    )
+
+    settings = get_settings()
+
+    app.openapi = partial(generate_openapi_spec, app, settings)
+    return app
+
+
+app = setup_app()

mrok/controller/auth.py

@@ -0,0 +1,87 @@
+import logging
+from typing import Annotated
+
+import httpx
+import jwt
+from fastapi import Depends, HTTPException, Request, status
+from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
+
+from mrok.controller.dependencies.conf import AppSettings
+
+logger = logging.getLogger("mrok.controller")
+
+UNAUTHORIZED_EXCEPTION = HTTPException(
+    status_code=status.HTTP_401_UNAUTHORIZED, detail="Unauthorized."
+)
+
+
+class JWTCredentials(HTTPAuthorizationCredentials):
+    pass
+
+
+class JWTBearer(HTTPBearer):
+    def __init__(self):
+        super().__init__(auto_error=False)
+
+    async def __call__(self, request: Request) -> JWTCredentials:
+        credentials = await super().__call__(request)
+        if not credentials:
+            raise UNAUTHORIZED_EXCEPTION
+        try:
+            return JWTCredentials(
+                scheme=credentials.scheme,
+                credentials=credentials.credentials,
+            )
+        except jwt.InvalidTokenError:
+            raise UNAUTHORIZED_EXCEPTION
+
+
+async def authenticate(
+    settings: AppSettings,
+    credentials: Annotated[JWTCredentials, Depends(JWTBearer())],
+):
+    async with httpx.AsyncClient(
+        timeout=httpx.Timeout(
+            connect=0.25,
+            read=settings.auth.read_timeout,
+            write=2.0,
+            pool=5.0,
+        ),
+    ) as client:
+        try:
+            config_resp = await client.get(settings.auth.openid_config_url)
+            config_resp.raise_for_status()
+            config = config_resp.json()
+            issuer = config["issuer"]
+            jwks_uri = config["jwks_uri"]
+
+            jwks_resp = await client.get(jwks_uri)
+            jwks_resp.raise_for_status()
+            jwks = jwks_resp.json()
+
+            header = jwt.get_unverified_header(credentials.credentials)
+            kid = header["kid"]
+
+            key_data = next((k for k in jwks["keys"] if k["kid"] == kid), None)
+        except Exception:
+            logger.exception("Error fetching openid-config/jwks")
+            raise UNAUTHORIZED_EXCEPTION
+    if key_data is None:
+        logger.error("Key ID not found in JWKS")
+        raise UNAUTHORIZED_EXCEPTION
+
+    try:
+        payload = jwt.decode(
+            credentials.credentials,
+            jwt.PyJWK(key_data),
+            algorithms=[header["alg"]],
+            issuer=issuer,
+            audience=settings.auth.audience,
+        )
+        return payload
+    except jwt.InvalidKeyError as e:
+        logger.error(f"Invalid jwt token: {e}")
+        raise UNAUTHORIZED_EXCEPTION
+    except jwt.InvalidTokenError as e:
+        logger.error(f"Invalid jwt token: {e}")
+        raise UNAUTHORIZED_EXCEPTION

mrok/controller/dependencies/__init__.py

@@ -0,0 +1,4 @@
+from mrok.controller.dependencies.conf import AppSettings
+from mrok.controller.dependencies.ziti import ZitiClientAPI, ZitiManagementAPI
+
+__all__ = ["AppSettings", "ZitiClientAPI", "ZitiManagementAPI"]

mrok/controller/dependencies/conf.py

@@ -0,0 +1,7 @@
+from typing import Annotated
+
+from fastapi import Depends
+
+from mrok.conf import Settings, get_settings
+
+AppSettings = Annotated[Settings, Depends(get_settings)]

mrok/controller/dependencies/ziti.py

@@ -0,0 +1,27 @@
+from collections.abc import AsyncGenerator
+from typing import Annotated
+
+from fastapi import Depends
+
+from mrok.controller.dependencies.conf import AppSettings
+from mrok.ziti import api
+
+
+class APIClientFactory[T: api.BaseZitiAPI]:
+    def __init__(self, client_cls: type[T]):
+        self.client_cls = client_cls
+
+    async def __call__(self, settings: AppSettings) -> AsyncGenerator[T]:
+        client = self.client_cls(settings)
+        async with client:
+            yield client
+
+
+ZitiManagementAPI = Annotated[
+    api.ZitiManagementAPI,
+    Depends(APIClientFactory(api.ZitiManagementAPI)),
+]
+ZitiClientAPI = Annotated[
+    api.ZitiClientAPI,
+    Depends(APIClientFactory(api.ZitiClientAPI)),
+]