octopize.deploy_tool 0.1.0__py3-none-any.whl

octopize_avatar_deploy/steps/base.py

@@ -0,0 +1,199 @@
+"""
+Base class for deployment configuration steps.
+
+Each step is a modular component that handles configuration and secrets
+for a specific part of the deployment (email, telemetry, storage, etc.).
+"""
+
+import base64
+import secrets
+from abc import ABC, abstractmethod
+from collections.abc import Callable
+from pathlib import Path
+from typing import TYPE_CHECKING, Any
+
+if TYPE_CHECKING:
+    from octopize_avatar_deploy.input_gatherer import InputGatherer
+    from octopize_avatar_deploy.printer import Printer
+from octopize_avatar_deploy.input_gatherer import ConsoleInputGatherer
+from octopize_avatar_deploy.printer import ConsolePrinter
+
+
+class DeploymentStep(ABC):
+    """
+    Base class for all deployment configuration steps.
+
+    Each step handles a specific aspect of the deployment configuration.
+    Subclasses should implement collect_config() and generate_secrets().
+    """
+
+    # Step metadata
+    name: str = "base_step"
+    description: str = "Base configuration step"
+    required: bool = True  # Whether this step is required
+
+    def __init__(
+        self,
+        output_dir: Path,
+        defaults: dict[str, Any],
+        config: dict[str, Any] | None = None,
+        interactive: bool = True,
+        printer: "Printer | None" = None,
+        input_gatherer: "InputGatherer | None" = None,
+    ):
+        """
+        Initialize the step.
+
+        Args:
+            output_dir: Directory where files will be generated
+            defaults: Default configuration from defaults.yaml
+            config: Pre-loaded configuration (for non-interactive mode)
+            interactive: Whether to prompt user interactively
+            printer: Optional printer for output
+        """
+        self.output_dir = Path(output_dir)
+        self.defaults = defaults
+        # Use the provided config dict directly (by reference) so all steps share the same dict
+        # This allows steps to access config values set by previous steps
+        if config is None:
+            config = {}
+        self.config: dict[str, Any] = config
+        self.secrets: dict[str, str] = {}
+        self.interactive = interactive
+
+        # Import here to avoid circular dependency
+        if printer is None:
+            printer = ConsolePrinter()
+
+        self.printer: Printer = printer
+
+        if input_gatherer is None:
+            input_gatherer = ConsoleInputGatherer()
+
+        self.input_gatherer: InputGatherer = input_gatherer
+
+    @abstractmethod
+    def collect_config(self) -> dict[str, Any]:
+        """
+        Collect configuration for this step.
+
+        Returns:
+            dictionary of configuration values
+        """
+        pass
+
+    @abstractmethod
+    def generate_secrets(self) -> dict[str, str]:
+        """
+        Generate secrets for this step.
+
+        Returns:
+            dictionary of {filename: secret_value} for .secrets/ directory
+        """
+        pass
+
+    def can_skip(self) -> bool:
+        """
+        Determine if this step can be skipped.
+
+        Returns:
+            True if step can be skipped (optional and user chooses to skip)
+        """
+        return False
+
+    def validate(self) -> bool:
+        """
+        Validate configuration before proceeding.
+
+        Returns:
+            True if validation passes
+
+        Raises:
+            ValueError: If validation fails
+        """
+        return True
+
+    def get_summary(self) -> str:
+        """
+        Get a summary of the configuration for review.
+
+        Returns:
+            Human-readable summary string
+        """
+        return f"{self.name}: Configured"
+
+    # Helper methods for prompting user input
+
+    def prompt(
+        self,
+        message: str,
+        default: str | None = None,
+        validate: "Callable[[str], tuple[bool, str]] | None" = None,
+    ) -> str:
+        """
+        Prompt user for input with optional default value and validation.
+
+        Args:
+            message: The prompt message
+            default: Default value to use if user presses Enter (None = required field)
+            validate: Optional validation function that returns (is_valid, error_message)
+
+        Returns:
+            User's input or default value
+        """
+        return self.input_gatherer.prompt(message, default, validate)
+
+    def prompt_yes_no(self, message: str, default: bool = True) -> bool:
+        """
+        Prompt user for yes/no input.
+
+        Args:
+            message: The prompt message
+            default: Default value if user presses Enter
+
+        Returns:
+            True for yes, False for no
+        """
+        return self.input_gatherer.prompt_yes_no(message, default)
+
+    def prompt_choice(self, message: str, choices: list, default: str | None = None) -> str:
+        """
+        Prompt user to choose from list of options.
+
+        Args:
+            message: The prompt message
+            choices: List of valid choices
+            default: Default choice if user presses Enter
+
+        Returns:
+            Selected choice
+        """
+        return self.input_gatherer.prompt_choice(message, choices, default)
+
+    def get_config_value(self, key: str, default: Any = None) -> Any:
+        ret = self.config.get(key, default)
+        if ret is None:
+            raise ValueError(f"Configuration key '{key}' is required but not set.")
+        return ret
+
+    # Utility methods for generating secrets
+
+    @staticmethod
+    def generate_secret_token() -> str:
+        """Generate a secure random token (hex-encoded)."""
+        return secrets.token_hex()
+
+    @staticmethod
+    def generate_secret_urlsafe(nbytes: int = 32) -> str:
+        """Generate a URL-safe random token."""
+        return secrets.token_urlsafe(nbytes)
+
+    @staticmethod
+    def generate_encryption_key() -> str:
+        """Generate a URL-safe base64-encoded encryption key."""
+        return base64.urlsafe_b64encode(secrets.token_bytes(32)).decode("utf-8")
+
+    @staticmethod
+    def generate_base64_key(nbytes: int = 32) -> str:
+        """Generate a base64-encoded random key."""
+        return base64.b64encode(secrets.token_bytes(nbytes)).decode("utf-8")

octopize_avatar_deploy/steps/database.py

@@ -0,0 +1,37 @@
+"""Database configuration step."""
+
+import secrets
+from typing import Any
+
+from .base import DeploymentStep
+
+
+class DatabaseStep(DeploymentStep):
+    """Handles database configuration and credentials."""
+
+    name = "database"
+    description = "Configure PostgreSQL database credentials"
+    required = True
+
+    def collect_config(self) -> dict[str, Any]:
+        """Collect database configuration."""
+        config = {}
+
+        config["DB_NAME"] = self.get_config_value("DB_NAME", "avatar")
+        config["DB_USER"] = self.get_config_value("DB_USER", "avatar")
+        config["DB_ADMIN_USER"] = self.get_config_value("DB_ADMIN_USER", "avatar_dba")
+
+        # Update self.config so generate_secrets() can access these values
+        self.config.update(config)
+
+        return config
+
+    def generate_secrets(self) -> dict[str, str]:
+        """Generate database passwords and configuration."""
+        return {
+            "db_password": secrets.token_hex(),
+            "db_admin_password": secrets.token_hex(),
+            "db_admin_user": self.config["DB_ADMIN_USER"],
+            "db_user": self.config["DB_USER"],
+            "db_name": self.config["DB_NAME"],
+        }

octopize_avatar_deploy/steps/email.py

@@ -0,0 +1,88 @@
+"""Email configuration step."""
+
+from typing import Any
+
+from .base import DeploymentStep
+
+
+class EmailStep(DeploymentStep):
+    """Handles email configuration and credentials."""
+
+    name = "email"
+    description = "Configure email provider (AWS SES or SMTP) and credentials"
+    required = True
+
+    def collect_config(self) -> dict[str, Any]:
+        """Collect email configuration."""
+        config = {}
+
+        print("\n--- Email Configuration ---")
+
+        # Email provider
+        default_provider = self.defaults["email"]["provider"]
+        provider = self.config.get(
+            "MAIL_PROVIDER",
+            self.prompt("Mail provider (aws or smtp)", default_provider)
+            if self.interactive
+            else default_provider,
+        ).lower()
+
+        config["MAIL_PROVIDER"] = provider
+
+        # SMTP configuration
+        if provider == "smtp":
+            smtp_defaults = self.defaults["email"]["smtp"]
+
+            config["SMTP_HOST"] = self.config.get(
+                "SMTP_HOST",
+                self.prompt("SMTP host", smtp_defaults["host"])
+                if self.interactive
+                else smtp_defaults["host"],
+            )
+            config["SMTP_PORT"] = self.config.get(
+                "SMTP_PORT",
+                self.prompt("SMTP port", str(smtp_defaults["port"]))
+                if self.interactive
+                else str(smtp_defaults["port"]),
+            )
+            config["SMTP_USE_TLS"] = self.config.get("SMTP_USE_TLS", smtp_defaults["use_tls"])
+            config["SMTP_START_TLS"] = self.config.get("SMTP_START_TLS", smtp_defaults["start_tls"])
+            config["SMTP_VERIFY"] = self.config.get("SMTP_VERIFY", smtp_defaults["verify"])
+            config["SMTP_SENDER_EMAIL"] = self.config.get(
+                "SMTP_SENDER_EMAIL",
+                self.prompt("SMTP sender email", smtp_defaults["sender_email"])
+                if self.interactive
+                else smtp_defaults["sender_email"],
+            )
+
+        # Email authentication
+        config["USE_EMAIL_AUTHENTICATION"] = self.config.get(
+            "USE_EMAIL_AUTHENTICATION",
+            self.defaults["application"]["email_authentication"],
+        )
+
+        self.config.update(config)
+
+        return config
+
+    def generate_secrets(self) -> dict[str, str]:
+        """Generate email-related secrets."""
+        secrets_dict = {}
+
+        # SMTP password (if using SMTP)
+        if self.config["MAIL_PROVIDER"] == "smtp":
+            if self.interactive:
+                smtp_password = self.input_gatherer.prompt(
+                    "SMTP password (press Enter to skip)", default=""
+                )
+                if smtp_password:
+                    secrets_dict["smtp_password"] = smtp_password
+
+        # AWS SES credentials (if using AWS)
+        elif self.config["MAIL_PROVIDER"] == "aws":
+            # Generate empty placeholder files for AWS credentials
+            # These will be provided by Octopize to the user
+            secrets_dict["aws_mail_account_access_key_id"] = ""
+            secrets_dict["aws_mail_account_secret_access_key"] = ""
+
+        return secrets_dict

octopize_avatar_deploy/steps/logging.py

@@ -0,0 +1,32 @@
+"""Logging configuration step."""
+
+from typing import Any
+
+from .base import DeploymentStep
+
+
+class LoggingStep(DeploymentStep):
+    """Handles application logging configuration."""
+
+    name = "logging"
+    description = "Configure application logging settings"
+    required = False
+
+    def collect_config(self) -> dict[str, Any]:
+        """Collect logging configuration."""
+        config = {}
+
+        # Console logging
+        if "USE_CONSOLE_LOGGING" not in self.config:
+            config["USE_CONSOLE_LOGGING"] = self.defaults["application"]["use_console_logging"]
+
+        # Log level
+        config["LOG_LEVEL"] = self.config.get(
+            "LOG_LEVEL", self.defaults["application"]["log_level"]
+        )
+
+        return config
+
+    def generate_secrets(self) -> dict[str, str]:
+        """No secrets needed for logging."""
+        return {}

octopize_avatar_deploy/steps/required.py

@@ -0,0 +1,81 @@
+"""Required configuration step - collects mandatory deployment settings."""
+
+import secrets
+from typing import Any
+
+from .base import DeploymentStep
+
+
+class RequiredConfigStep(DeploymentStep):
+    """Collects required configuration that must be provided."""
+
+    name = "required_config"
+    description = "Collect required deployment settings (PUBLIC_URL, ENV_NAME, etc.)"
+    required = True
+
+    def collect_config(self) -> dict[str, Any]:
+        """Collect required configuration."""
+        config = {}
+
+        # Public URL - Required
+        if "PUBLIC_URL" in self.config:
+            config["PUBLIC_URL"] = self.config["PUBLIC_URL"]
+        elif self.interactive:
+            config["PUBLIC_URL"] = self.prompt("Public URL (domain name, e.g., avatar.example.com)")
+        else:
+            config["PUBLIC_URL"] = ""
+
+        # Environment name - Required
+        if "ENV_NAME" in self.config:
+            config["ENV_NAME"] = self.config["ENV_NAME"]
+        elif self.interactive:
+            config["ENV_NAME"] = self.prompt("Environment name (e.g., mycompany-prod)")
+        else:
+            config["ENV_NAME"] = ""
+
+        # Organization name - Required
+        if "ORGANIZATION_NAME" in self.config:
+            config["ORGANIZATION_NAME"] = self.config["ORGANIZATION_NAME"]
+        elif self.interactive:
+            while True:
+                org_name = self.prompt("Organization name (e.g., MyCompany)")
+                if org_name.strip():
+                    config["ORGANIZATION_NAME"] = org_name
+                    break
+                self.printer.print_error("Organization name is required and cannot be empty")
+        else:
+            raise ValueError(
+                "ORGANIZATION_NAME is required but not provided in configuration file. "
+                "Please add ORGANIZATION_NAME to your config or run in interactive mode."
+            )
+
+        # Service versions
+        config["AVATAR_API_VERSION"] = self.config.get(
+            "AVATAR_API_VERSION", self.defaults["images"]["api"]
+        )
+        config["AVATAR_WEB_VERSION"] = self.config.get(
+            "AVATAR_WEB_VERSION", self.defaults["images"]["web"]
+        )
+        config["AVATAR_PDFGENERATOR_VERSION"] = self.config.get(
+            "AVATAR_PDFGENERATOR_VERSION", self.defaults["images"]["pdfgenerator"]
+        )
+        config["AVATAR_SEAWEEDFS_VERSION"] = self.config.get(
+            "AVATAR_SEAWEEDFS_VERSION", self.defaults["images"]["seaweedfs"]
+        )
+        config["AVATAR_AUTHENTIK_VERSION"] = self.config.get(
+            "AVATAR_AUTHENTIK_VERSION", self.defaults["images"]["authentik"]
+        )
+
+        # Update self.config so generate_secrets() can access these values
+        self.config.update(config)
+
+        return config
+
+    def generate_secrets(self) -> dict[str, str]:
+        """Generate required API secrets."""
+        return {
+            "pepper": secrets.token_hex(),
+            "authjwt_secret_key": secrets.token_hex(),
+            "organization_name": self.config["ORGANIZATION_NAME"],
+            "clevercloud_sso_salt": secrets.token_hex(),
+        }

octopize_avatar_deploy/steps/storage.py

@@ -0,0 +1,32 @@
+"""Storage configuration step."""
+
+import secrets
+from typing import Any
+
+from .base import DeploymentStep
+
+
+class StorageStep(DeploymentStep):
+    """Handles storage configuration and credentials."""
+
+    name = "storage"
+    description = "Configure S3-compatible storage (SeaweedFS) credentials"
+    required = True
+
+    def collect_config(self) -> dict[str, Any]:
+        """Collect storage configuration."""
+        config: dict[str, Any] = {}
+
+        # Storage configuration is mostly handled via secrets
+        # No interactive prompts needed for basic setup
+
+        return config
+
+    def generate_secrets(self) -> dict[str, str]:
+        """Generate storage-related secrets."""
+        return {
+            "file_jwt_secret_key": secrets.token_hex(),
+            "file_encryption_key": self.generate_encryption_key(),
+            "storage_admin_access_key_id": secrets.token_hex(),
+            "storage_admin_secret_access_key": secrets.token_hex(),
+        }

octopize_avatar_deploy/steps/telemetry.py

@@ -0,0 +1,58 @@
+"""Telemetry and monitoring configuration step."""
+
+from typing import Any
+
+from .base import DeploymentStep
+
+
+class TelemetryStep(DeploymentStep):
+    """Handles telemetry and Sentry monitoring configuration."""
+
+    name = "telemetry"
+    description = "Configure telemetry and monitoring (Sentry, usage analytics)"
+    required = False
+
+    def collect_config(self) -> dict[str, Any]:
+        """Collect telemetry configuration."""
+        config = {}
+
+        sentry_enabled = (
+            self.prompt_yes_no(
+                "Enable Sentry error monitoring?",
+                default=self.defaults["application"]["sentry_enabled"] == "true",
+            )
+            if self.interactive
+            else self.defaults["application"]["sentry_enabled"] == "true"
+        )
+
+        config["IS_SENTRY_ENABLED"] = "true" if sentry_enabled else "false"
+
+        enable_telemetry = (
+            self.prompt_yes_no(
+                "Enable usage telemetry?",
+                default=self.defaults["telemetry"]["enabled"],
+            )
+            if self.interactive
+            else self.defaults["telemetry"]["enabled"]
+        )
+
+        if enable_telemetry:
+            config["TELEMETRY_S3_ENDPOINT_URL"] = self.defaults["telemetry"]["endpoint_url"]
+            config["TELEMETRY_S3_REGION"] = self.defaults["telemetry"]["region"]
+        else:
+            config["TELEMETRY_S3_ENDPOINT_URL"] = ""
+            config["TELEMETRY_S3_REGION"] = ""
+
+        self.config.update(config)
+
+        return config
+
+    def generate_secrets(self) -> dict[str, str]:
+        """Generate telemetry-related secrets."""
+        # Only generate secrets if telemetry is enabled
+        if self.config["TELEMETRY_S3_ENDPOINT_URL"]:
+            return {
+                "telemetry_s3_access_key_id": "",
+                "telemetry_s3_secret_access_key": "",
+            }
+        return {}

octopize_avatar_deploy/steps/user.py

@@ -0,0 +1,89 @@
+"""User authentication configuration step."""
+
+import re
+from typing import Any
+
+from .base import DeploymentStep
+
+
+def validate_comma_separated_emails(value: str) -> tuple[bool, str]:
+    """
+    Validate comma-separated email addresses.
+
+    Args:
+        value: String containing comma-separated email addresses
+
+    Returns:
+        Tuple of (is_valid, error_message)
+    """
+    if not value.strip():
+        # Empty is allowed (optional field)
+        return True, ""
+
+    # Simple email regex pattern
+    email_pattern = r"^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$"
+
+    emails = [email.strip() for email in value.split(",")]
+
+    for email in emails:
+        if not email:
+            return False, "Empty email address found in list"
+        if not re.match(email_pattern, email):
+            return False, f"Invalid email address: {email}"
+
+    return True, ""
+
+
+class UserStep(DeploymentStep):
+    """Handles user authentication configuration."""
+
+    name = "user"
+    description = "Configure user authentication settings"
+    required = True
+
+    def collect_config(self) -> dict[str, Any]:
+        """Collect user authentication configuration."""
+        config = {}
+
+        # Check if email authentication is enabled
+        # Get from config, or fallback to defaults
+        use_email_auth = self.config.get(
+            "USE_EMAIL_AUTHENTICATION",
+            self.defaults.get("application", {}).get("email_authentication", True),
+        )
+        # Convert to string for comparison (defaults might be bool)
+        use_email_auth_str = str(use_email_auth).lower()
+
+        if use_email_auth_str == "true":
+            if self.interactive:
+                admin_emails = self.prompt(
+                    "Admin email addresses (comma-separated)",
+                    default="",
+                    validate=validate_comma_separated_emails,
+                )
+                config["ADMIN_EMAILS"] = admin_emails
+            else:
+                config["ADMIN_EMAILS"] = self.config.get("ADMIN_EMAILS", "")
+
+        self.config.update(config)
+
+        return config
+
+    def generate_secrets(self) -> dict[str, str]:
+        """Generate user-related secrets."""
+        secrets_dict = {}
+
+        # Admin emails for email-based authentication
+        # USE_EMAIL_AUTHENTICATION comes from EmailStep, so use .get() with fallback
+        use_email_auth = self.config.get(
+            "USE_EMAIL_AUTHENTICATION",
+            self.defaults.get("application", {}).get("email_authentication", "true"),
+        )
+        # Convert to string for comparison
+        use_email_auth_str = str(use_email_auth).lower()
+
+        if use_email_auth_str == "true":
+            admin_emails = self.config.get("ADMIN_EMAILS", "")
+            secrets_dict["admin_emails"] = admin_emails
+
+        return secrets_dict