outerbounds 0.3.58__py3-none-any.whl → 0.3.60__py3-none-any.whl

outerbounds/command_groups/cli.py

@@ -1,10 +1,12 @@
 import click
 from . import local_setup_cli
 from . import workstations_cli
+from . import perimeters_cli
 
 
 @click.command(
-    cls=click.CommandCollection, sources=[local_setup_cli.cli, workstations_cli.cli]
+    cls=click.CommandCollection,
+    sources=[local_setup_cli.cli, workstations_cli.cli, perimeters_cli.cli],
 )
 def cli(**kwargs):
     pass

outerbounds/command_groups/local_setup_cli.py

@@ -43,6 +43,8 @@ BAD_EXTENSION_MESSAGE = (
     "Mis-installation of the Outerbounds Platform extension package has been detected."
 )
 
+PERIMETER_CONFIG_URL_KEY = "OB_CURRENT_PERIMETER_MF_CONFIG_URL"
+
 
 class Narrator:
     def __init__(self, verbose):
@@ -235,20 +237,21 @@ class ConfigEntrySpec:
 def get_config_specs():
     return [
         ConfigEntrySpec(
-            "METAFLOW_DATASTORE_SYSROOT_S3", "s3://[a-z0-9\-]+/metaflow[/]?"
+            "METAFLOW_DATASTORE_SYSROOT_S3",
+            r"s3://[a-z0-9\-]+/metaflow(-[a-z0-9\-]+)?[/]?",
+        ),
+        ConfigEntrySpec(
+            "METAFLOW_DATATOOLS_S3ROOT", r"s3://[a-z0-9\-]+/data(-[a-z0-9\-]+)?[/]?"
         ),
-        ConfigEntrySpec("METAFLOW_DATATOOLS_S3ROOT", "s3://[a-z0-9\-]+/data[/]?"),
         ConfigEntrySpec("METAFLOW_DEFAULT_AWS_CLIENT_PROVIDER", "obp", expected="obp"),
         ConfigEntrySpec("METAFLOW_DEFAULT_DATASTORE", "s3", expected="s3"),
         ConfigEntrySpec("METAFLOW_DEFAULT_METADATA", "service", expected="service"),
-        ConfigEntrySpec(
-            "METAFLOW_KUBERNETES_NAMESPACE", "jobs\-default", expected="jobs-default"
-        ),
-        ConfigEntrySpec("METAFLOW_KUBERNETES_SANDBOX_INIT_SCRIPT", "eval \$\(.*"),
-        ConfigEntrySpec("METAFLOW_SERVICE_AUTH_KEY", "[a-zA-Z0-9!_\-\.]+"),
-        ConfigEntrySpec("METAFLOW_SERVICE_URL", "https://metadata\..*"),
-        ConfigEntrySpec("METAFLOW_UI_URL", "https://ui\..*"),
-        ConfigEntrySpec("OBP_AUTH_SERVER", "auth\..*"),
+        ConfigEntrySpec("METAFLOW_KUBERNETES_NAMESPACE", r"jobs-.*"),
+        ConfigEntrySpec("METAFLOW_KUBERNETES_SANDBOX_INIT_SCRIPT", r"eval \$\(.*"),
+        ConfigEntrySpec("METAFLOW_SERVICE_AUTH_KEY", r"[a-zA-Z0-9!_\-\.]+"),
+        ConfigEntrySpec("METAFLOW_SERVICE_URL", r"https://metadata\..*"),
+        ConfigEntrySpec("METAFLOW_UI_URL", r"https://ui\..*"),
+        ConfigEntrySpec("OBP_AUTH_SERVER", r"auth\..*"),
     ]
 
 
@@ -261,7 +264,12 @@ def check_metaflow_config(narrator: Narrator) -> CommandStatus:
         mitigation="",
     )
 
-    config = metaflowconfig.init_config()
+    profile = os.environ.get("METAFLOW_PROFILE")
+    config_dir = os.path.expanduser(
+        os.environ.get("METAFLOW_HOME", "~/.metaflowconfig")
+    )
+
+    config = metaflowconfig.init_config(config_dir, profile)
     for spec in get_config_specs():
         narrator.announce_check("config entry " + spec.name)
         if spec.name not in config:
@@ -304,7 +312,12 @@ def check_metaflow_token(narrator: Narrator) -> CommandStatus:
         mitigation="",
     )
 
-    config = metaflowconfig.init_config()
+    profile = os.environ.get("METAFLOW_PROFILE")
+    config_dir = os.path.expanduser(
+        os.environ.get("METAFLOW_HOME", "~/.metaflowconfig")
+    )
+
+    config = metaflowconfig.init_config(config_dir, profile)
     try:
         if "OBP_AUTH_SERVER" in config:
             k8s_response = requests.get(
@@ -363,7 +376,13 @@ def check_workstation_api_accessible(narrator: Narrator) -> CommandStatus:
     )
 
     try:
-        config = metaflowconfig.init_config()
+        profile = os.environ.get("METAFLOW_PROFILE")
+        config_dir = os.path.expanduser(
+            os.environ.get("METAFLOW_HOME", "~/.metaflowconfig")
+        )
+
+        config = metaflowconfig.init_config(config_dir, profile)
+
         missing_keys = []
         if "METAFLOW_SERVICE_AUTH_KEY" not in config:
             missing_keys.append("METAFLOW_SERVICE_AUTH_KEY")
@@ -422,7 +441,13 @@ def check_kubeconfig_valid_for_workstations(narrator: Narrator) -> CommandStatus
     )
 
     try:
-        config = metaflowconfig.init_config()
+        profile = os.environ.get("METAFLOW_PROFILE")
+        config_dir = os.path.expanduser(
+            os.environ.get("METAFLOW_HOME", "~/.metaflowconfig")
+        )
+
+        config = metaflowconfig.init_config(config_dir, profile)
+
         missing_keys = []
         if "METAFLOW_SERVICE_AUTH_KEY" not in config:
             missing_keys.append("METAFLOW_SERVICE_AUTH_KEY")
@@ -585,6 +610,13 @@ class ConfigurationWriter:
         self.decoded_config = None
         self.out_dir = out_dir
         self.profile = profile
+        self.selected_perimeter = None
+
+        ob_config_dir = path.expanduser(os.getenv("OBP_CONFIG_DIR", out_dir))
+        self.ob_config_path = path.join(
+            ob_config_dir,
+            "ob_config_{}.json".format(profile) if profile else "ob_config.json",
+        )
 
     def decode(self):
         self.decoded_config = deserialize(self.encoded_config)
@@ -592,6 +624,9 @@ class ConfigurationWriter:
     def process_decoded_config(self):
         config_type = self.decoded_config.get("OB_CONFIG_TYPE", "inline")
         if config_type == "inline":
+            if "OBP_PERIMETER" in self.decoded_config:
+                self.selected_perimeter = self.decoded_config["OBP_PERIMETER"]
+
             if "OBP_METAFLOW_CONFIG_URL" in self.decoded_config:
                 self.decoded_config = {
                     "OBP_METAFLOW_CONFIG_URL": self.decoded_config[
@@ -648,6 +683,18 @@ class ConfigurationWriter:
         with open(config_path, "w") as fd:
             json.dump(self.existing, fd, indent=4)
 
+        # Every time a config is initialized, we should also reset the corresponding ob_config[_profile].json
+        remote_config = metaflowconfig.init_config(self.out_dir, self.profile)
+        if self.selected_perimeter and "OBP_METAFLOW_CONFIG_URL" in self.decoded_config:
+            with open(self.ob_config_path, "w") as fd:
+                ob_config_dict = {
+                    "OB_CURRENT_PERIMETER": self.selected_perimeter,
+                    PERIMETER_CONFIG_URL_KEY: self.decoded_config[
+                        "OBP_METAFLOW_CONFIG_URL"
+                    ],
+                }
+                json.dump(ob_config_dict, fd, indent=4)
+
     def confirm_overwrite_config(self, config_path):
         if os.path.exists(config_path):
             if not click.confirm(
@@ -670,6 +717,64 @@ class ConfigurationWriter:
         return True
 
 
+def get_gha_jwt(audience: str):
+    # These are specific environment variables that are set by GitHub Actions.
+    if (
+        "ACTIONS_ID_TOKEN_REQUEST_TOKEN" in os.environ
+        and "ACTIONS_ID_TOKEN_REQUEST_URL" in os.environ
+    ):
+        try:
+            response = requests.get(
+                url=os.environ["ACTIONS_ID_TOKEN_REQUEST_URL"],
+                headers={
+                    "Authorization": f"Bearer {os.environ['ACTIONS_ID_TOKEN_REQUEST_TOKEN']}"
+                },
+                params={"audience": audience},
+            )
+            response.raise_for_status()
+            return response.json()["value"]
+        except Exception as e:
+            click.secho(
+                "Failed to fetch JWT token from GitHub Actions. Please make sure you are permission 'id-token: write' is set on the GHA jobs level.",
+                fg="red",
+            )
+            sys.exit(1)
+
+    click.secho(
+        "The --github-actions flag was set, but we didn't not find '$ACTIONS_ID_TOKEN_REQUEST_TOKEN' and '$ACTIONS_ID_TOKEN_REQUEST_URL' environment variables. Please make sure you are running this command in a GitHub Actions environment and with correct permissions as per https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers",
+        fg="red",
+    )
+    sys.exit(1)
+
+
+def get_origin_token(
+    service_principal_name: str,
+    deployment: str,
+    perimeter: str,
+    token: str,
+    auth_server: str,
+):
+    try:
+        response = requests.get(
+            f"{auth_server}/generate/service-principal",
+            headers={"x-api-key": token},
+            data=json.dumps(
+                {
+                    "servicePrincipalName": service_principal_name,
+                    "deploymentName": deployment,
+                    "perimeter": perimeter,
+                }
+            ),
+        )
+        response.raise_for_status()
+        return response.json()["token"]
+    except Exception as e:
+        click.secho(
+            f"Failed to get origin token from {auth_server}. Error: {str(e)}", fg="red"
+        )
+        sys.exit(1)
+
+
 @click.group(help="The Outerbounds Platform CLI", no_args_is_help=True)
 def cli(**kwargs):
     pass
@@ -778,3 +883,116 @@ def configure(
     except Exception as e:
         click.secho("Writing the configuration file '{}' failed.".format(writer.path()))
         click.secho("Error: {}".format(str(e)))
+
+
+@cli.command(
+    help="Authenticate service principals using JWT minted by their IDPs and configure Metaflow"
+)
+@click.option(
+    "-n",
+    "--name",
+    default="",
+    help="The name of service principals to authenticate",
+    required=True,
+)
+@click.option(
+    "--deployment-domain",
+    default="",
+    help="The full domain of the target Outerbounds Platform deployment (eg. 'foo.obp.outerbounds.com')",
+    required=True,
+)
+@click.option(
+    "-p",
+    "--perimeter",
+    default="default",
+    help="The name of the perimeter to authenticate the service principal in",
+)
+@click.option(
+    "-t",
+    "--jwt-token",
+    default="",
+    help="The JWT token that will be used to authenticate against the OBP Auth Server.",
+)
+@click.option(
+    "--github-actions",
+    is_flag=True,
+    help="Set if the command is being run in a GitHub Actions environment. If both --jwt-token and --github-actions are specified the --github-actions flag will be ignored.",
+)
+@click.option(
+    "-d",
+    "--config-dir",
+    default=path.expanduser(os.environ.get("METAFLOW_HOME", "~/.metaflowconfig")),
+    help="Path to Metaflow configuration directory",
+    show_default=True,
+)
+@click.option(
+    "--profile",
+    default="",
+    help="Configure a named profile. Activate the profile by setting "
+    "`METAFLOW_PROFILE` environment variable.",
+)
+@click.option(
+    "-e",
+    "--echo",
+    is_flag=True,
+    help="Print decoded configuration to stdout",
+)
+@click.option(
+    "-f",
+    "--force",
+    is_flag=True,
+    help="Force overwrite of existing configuration",
+)
+def service_principal_configure(
+    name: str,
+    deployment_domain: str,
+    perimeter: str,
+    jwt_token="",
+    github_actions=False,
+    config_dir=None,
+    profile=None,
+    echo=None,
+    force=False,
+):
+    audience = f"https://{deployment_domain}"
+    if jwt_token == "" and github_actions:
+        jwt_token = get_gha_jwt(audience)
+
+    if jwt_token == "":
+        click.secho(
+            "No JWT token provided. Please provider either a valid jwt token or set --github-actions",
+            fg="red",
+        )
+        sys.exit(1)
+
+    auth_server = f"https://auth.{deployment_domain}"
+    deployment_name = deployment_domain.split(".")[0]
+    origin_token = get_origin_token(
+        name, deployment_name, perimeter, jwt_token, auth_server
+    )
+
+    api_server = f"https://api.{deployment_domain}"
+    metaflow_config = metaflowconfig.get_remote_metaflow_config_for_perimeter(
+        origin_token, perimeter, api_server
+    )
+
+    writer = ConfigurationWriter(serialize(metaflow_config), config_dir, profile)
+    try:
+        writer.decode()
+    except:
+        click.secho("Decoding the configuration text failed.", fg="red")
+        sys.exit(1)
+    try:
+        writer.process_decoded_config()
+    except DecodedConfigProcessingError as e:
+        click.secho("Resolving the configuration remotely failed.", fg="red")
+        click.secho(str(e), fg="magenta")
+        sys.exit(1)
+    try:
+        if echo == True:
+            writer.display()
+        if force or writer.confirm_overwrite():
+            writer.write_config()
+    except Exception as e:
+        click.secho("Writing the configuration file '{}' failed.".format(writer.path()))
+        click.secho("Error: {}".format(str(e)))

outerbounds/command_groups/perimeters_cli.py

@@ -0,0 +1,400 @@
+import base64
+import hashlib
+import json
+import os
+import re
+import subprocess
+import sys
+import zlib
+from base64 import b64decode, b64encode
+from importlib.machinery import PathFinder
+from os import path
+from pathlib import Path
+from typing import Any, Callable, Dict, List
+
+import boto3
+import click
+import requests
+from requests.exceptions import HTTPError
+
+from ..utils import kubeconfig, metaflowconfig
+from ..utils.schema import (
+    CommandStatus,
+    OuterboundsCommandResponse,
+    OuterboundsCommandStatus,
+)
+
+from .local_setup_cli import PERIMETER_CONFIG_URL_KEY
+
+
+@click.group()
+def cli(**kwargs):
+    pass
+
+
+@click.group(help="Manage perimeters")
+def perimeter(**kwargs):
+    pass
+
+
+@perimeter.command(help="Switch current perimeter")
+@click.option(
+    "-d",
+    "--config-dir",
+    default=path.expanduser(os.environ.get("METAFLOW_HOME", "~/.metaflowconfig")),
+    help="Path to Metaflow configuration directory",
+    show_default=True,
+)
+@click.option(
+    "-p",
+    "--profile",
+    default=os.environ.get("METAFLOW_PROFILE", ""),
+    help="The named metaflow profile in which your workstation exists",
+)
+@click.option(
+    "-o",
+    "--output",
+    default="",
+    help="Show output in the specified format.",
+    type=click.Choice(["json", ""]),
+)
+@click.option("--id", default="", type=str, help="Perimeter name to switch to")
+@click.option(
+    "-f",
+    "--force",
+    is_flag=True,
+    help="Force change the existing perimeter",
+    default=False,
+)
+def switch(config_dir=None, profile=None, output="", id=None, force=False):
+    switch_perimeter_response = OuterboundsCommandResponse()
+
+    switch_perimeter_step = CommandStatus(
+        "SwitchPerimeter",
+        OuterboundsCommandStatus.OK,
+        "Perimeter was successfully switched!",
+    )
+
+    perimeters = get_perimeters_from_api_or_fail_command(
+        config_dir, profile, output, switch_perimeter_response, switch_perimeter_step
+    )
+    confirm_user_has_access_to_perimeter_or_fail(
+        id, perimeters, output, switch_perimeter_response, switch_perimeter_step
+    )
+
+    path_to_config = get_ob_config_file_path(config_dir, profile)
+
+    import fcntl
+
+    try:
+        if os.path.exists(path_to_config):
+            if not force:
+                fd = os.open(path_to_config, os.O_WRONLY)
+                # Try to acquire an exclusive lock
+                fcntl.flock(fd, fcntl.LOCK_EX | fcntl.LOCK_NB)
+            else:
+                click.secho(
+                    "Force flag is set. Perimeter will be switched, but can have unintended consequences on other running processes.",
+                    fg="yellow",
+                    err=True,
+                )
+
+        ob_config_dict = {
+            "OB_CURRENT_PERIMETER": str(id),
+            PERIMETER_CONFIG_URL_KEY: perimeters[id]["remote_config_url"],
+        }
+
+        # Now that we have the lock, we can safely write to the file
+        with open(path_to_config, "w") as file:
+            json.dump(ob_config_dict, file, indent=4)
+
+        click.secho("Perimeter switched to {}".format(id), fg="green", err=True)
+    except BlockingIOError:
+        # This exception is raised if the file is already locked (non-blocking mode)
+        # Note that its the metaflow package (the extension actually) that acquires a shared read lock
+        # on the file whenever a process imports metaflow.
+        # In the future we might want to get smarter about it and show which process is holding the lock.
+        click.secho(
+            "Can't switch perimeter while Metaflow is in use. Please make sure there are no running python processes or notebooks using metaflow.",
+            fg="red",
+            err=True,
+        )
+        switch_perimeter_step.update(
+            status=OuterboundsCommandStatus.FAIL,
+            reason="Can't switch perimeter while Metaflow is in use.",
+            mitigation="Please make sure there are no running python processes or notebooks using metaflow.",
+        )
+
+    switch_perimeter_response.add_step(switch_perimeter_step)
+    if output == "json":
+        click.echo(json.dumps(switch_perimeter_response.as_dict(), indent=4))
+        return
+
+
+@perimeter.command(help="Show current perimeter")
+@click.option(
+    "-d",
+    "--config-dir",
+    default=path.expanduser(os.environ.get("METAFLOW_HOME", "~/.metaflowconfig")),
+    help="Path to Metaflow configuration directory",
+    show_default=True,
+)
+@click.option(
+    "-p",
+    "--profile",
+    default=os.environ.get("METAFLOW_PROFILE", ""),
+    help="Configure a named profile. Activate the profile by setting "
+    "`METAFLOW_PROFILE` environment variable.",
+)
+@click.option(
+    "-o",
+    "--output",
+    default="",
+    help="Show output in the specified format.",
+    type=click.Choice(["json", ""]),
+)
+def show_current(config_dir=None, profile=None, output=""):
+    show_current_perimeter_response = OuterboundsCommandResponse()
+
+    show_current_perimeter_step = CommandStatus(
+        "ShowCurrentPerimeter",
+        OuterboundsCommandStatus.OK,
+        "Current Perimeter Fetch Successful.",
+    )
+
+    ob_config_dict = get_ob_config_or_fail_command(
+        config_dir,
+        profile,
+        output,
+        show_current_perimeter_response,
+        show_current_perimeter_step,
+    )
+
+    perimeters = get_perimeters_from_api_or_fail_command(
+        config_dir,
+        profile,
+        output,
+        show_current_perimeter_response,
+        show_current_perimeter_step,
+    )
+    confirm_user_has_access_to_perimeter_or_fail(
+        ob_config_dict["OB_CURRENT_PERIMETER"],
+        perimeters,
+        output,
+        show_current_perimeter_response,
+        show_current_perimeter_step,
+    )
+
+    click.secho(
+        "Current Perimeter: {}".format(ob_config_dict["OB_CURRENT_PERIMETER"]),
+        fg="green",
+        err=True,
+    )
+
+    show_current_perimeter_response.add_or_update_data(
+        "current_perimeter", ob_config_dict["OB_CURRENT_PERIMETER"]
+    )
+
+    if output == "json":
+        click.echo(json.dumps(show_current_perimeter_response.as_dict(), indent=4))
+
+
+@perimeter.command(help="List all available perimeters")
+@click.option(
+    "-d",
+    "--config-dir",
+    default=path.expanduser(os.environ.get("METAFLOW_HOME", "~/.metaflowconfig")),
+    help="Path to Metaflow configuration directory",
+    show_default=True,
+)
+@click.option(
+    "-p",
+    "--profile",
+    default=os.environ.get("METAFLOW_PROFILE", ""),
+    help="The named metaflow profile in which your workstation exists",
+)
+@click.option(
+    "-o",
+    "--output",
+    default="",
+    help="Show output in the specified format.",
+    type=click.Choice(["json", ""]),
+)
+def list(config_dir=None, profile=None, output=""):
+    list_perimeters_response = OuterboundsCommandResponse()
+
+    list_perimeters_step = CommandStatus(
+        "ListPerimeters", OuterboundsCommandStatus.OK, "Perimeter Fetch Successful."
+    )
+
+    if "WORKSTATION_ID" in os.environ and (
+        "OBP_DEFAULT_PERIMETER" not in os.environ
+        or "OBP_DEFAULT_PERIMETER_URL" not in os.environ
+    ):
+        list_perimeters_response.update(
+            OuterboundsCommandStatus.NOT_SUPPORTED,
+            500,
+            "Perimeters are not supported on old workstations.",
+        )
+        click.secho(
+            "Perimeters are not supported on old workstations.", err=True, fg="red"
+        )
+        if output == "json":
+            click.echo(json.dumps(list_perimeters_response.as_dict(), indent=4))
+        return
+
+    ob_config_dict = get_ob_config_or_fail_command(
+        config_dir, profile, output, list_perimeters_response, list_perimeters_step
+    )
+    active_perimeter = ob_config_dict["OB_CURRENT_PERIMETER"]
+
+    perimeters = get_perimeters_from_api_or_fail_command(
+        config_dir, profile, output, list_perimeters_response, list_perimeters_step
+    )
+
+    perimeter_list = []
+    for perimeter in perimeters.values():
+        status = "OK"
+        perimeter_list.append(
+            {
+                "id": perimeter["perimeter"],
+                "active": perimeter["perimeter"] == active_perimeter,
+                "status": status,
+            }
+        )
+        if perimeter["perimeter"] != active_perimeter:
+            click.secho("Perimeter: {}".format(perimeter["perimeter"]), err=True)
+        else:
+            click.secho(
+                "Perimeter: {} (active)".format(perimeter["perimeter"]),
+                fg="green",
+                err=True,
+            )
+
+    list_perimeters_response.add_or_update_data("perimeters", perimeter_list)
+
+    if output == "json":
+        click.echo(json.dumps(list_perimeters_response.as_dict(), indent=4))
+
+
+def get_list_perimeters_api_response(config_dir, profile):
+    metaflow_token = metaflowconfig.get_metaflow_token_from_config(config_dir, profile)
+    api_url = metaflowconfig.get_sanitized_url_from_config(
+        config_dir, profile, "OBP_API_SERVER"
+    )
+    perimeters_response = requests.get(
+        f"{api_url}/v1/me/perimeters?privilege=Execute",
+        headers={"x-api-key": metaflow_token},
+    )
+    perimeters_response.raise_for_status()
+    return perimeters_response.json()["perimeters"]
+
+
+def get_ob_config_file_path(config_dir: str, profile: str) -> str:
+    # If OBP_CONFIG_DIR is set, use that, otherwise use METAFLOW_HOME
+    # If neither are set, use ~/.metaflowconfig
+    obp_config_dir = path.expanduser(os.environ.get("OBP_CONFIG_DIR", config_dir))
+
+    ob_config_filename = f"ob_config_{profile}.json" if profile else "ob_config.json"
+    return os.path.expanduser(os.path.join(obp_config_dir, ob_config_filename))
+
+
+def get_perimeters_from_api_or_fail_command(
+    config_dir: str,
+    profile: str,
+    output: str,
+    command_response: OuterboundsCommandResponse,
+    command_step: CommandStatus,
+) -> Dict[str, Dict[str, str]]:
+    try:
+        perimeters = get_list_perimeters_api_response(config_dir, profile)
+    except:
+        click.secho(
+            "Failed to fetch perimeters from API.",
+            fg="red",
+            err=True,
+        )
+        command_step.update(
+            status=OuterboundsCommandStatus.FAIL,
+            reason="Failed to fetch perimeters from API",
+            mitigation="",
+        )
+        command_response.add_step(command_step)
+        if output == "json":
+            click.echo(json.dumps(command_response.as_dict(), indent=4))
+        sys.exit(1)
+    return {p["perimeter"]: p for p in perimeters}
+
+
+def get_ob_config_or_fail_command(
+    config_dir: str,
+    profile: str,
+    output: str,
+    command_response: OuterboundsCommandResponse,
+    command_step: CommandStatus,
+) -> Dict[str, str]:
+    path_to_config = get_ob_config_file_path(config_dir, profile)
+
+    if not os.path.exists(path_to_config):
+        click.secho(
+            "Config file not found at {}".format(path_to_config), fg="red", err=True
+        )
+        command_step.update(
+            status=OuterboundsCommandStatus.FAIL,
+            reason="Config file not found",
+            mitigation="Please make sure the config file exists at {}".format(
+                path_to_config
+            ),
+        )
+        command_response.add_step(command_step)
+        if output == "json":
+            click.echo(json.dumps(command_response.as_dict(), indent=4))
+        sys.exit(1)
+
+    with open(path_to_config, "r") as file:
+        ob_config_dict = json.load(file)
+
+    if "OB_CURRENT_PERIMETER" not in ob_config_dict:
+        click.secho(
+            "OB_CURRENT_PERIMETER not found in Config file: {}".format(path_to_config),
+            fg="red",
+            err=True,
+        )
+        command_step.update(
+            status=OuterboundsCommandStatus.FAIL,
+            reason="OB_CURRENT_PERIMETER not found in Config file: {}",
+            mitigation="",
+        )
+        command_response.add_step(command_step)
+        if output == "json":
+            click.echo(json.dumps(command_response.as_dict(), indent=4))
+        sys.exit(1)
+
+    return ob_config_dict
+
+
+def confirm_user_has_access_to_perimeter_or_fail(
+    perimeter_id: str,
+    perimeters: Dict[str, Any],
+    output: str,
+    command_response: OuterboundsCommandResponse,
+    command_step: CommandStatus,
+):
+    if perimeter_id not in perimeters:
+        click.secho(
+            f"You do not have access to perimeter {perimeter_id} or it does not exist.",
+            fg="red",
+            err=True,
+        )
+        command_step.update(
+            status=OuterboundsCommandStatus.FAIL,
+            reason=f"You do not have access to perimeter {perimeter_id} or it does not exist.",
+            mitigation="",
+        )
+        command_response.add_step(command_step)
+        if output == "json":
+            click.echo(json.dumps(command_response.as_dict(), indent=4))
+        sys.exit(1)
+
+
+cli.add_command(perimeter, name="perimeter")

outerbounds/command_groups/workstations_cli.py

@@ -19,6 +19,10 @@ from ..utils.schema import (
     OuterboundsCommandStatus,
 )
 from tempfile import NamedTemporaryFile
+from .perimeters_cli import (
+    get_perimeters_from_api_or_fail_command,
+    confirm_user_has_access_to_perimeter_or_fail,
+)
 
 KUBECTL_INSTALL_MITIGATION = "Please install kubectl manually from https://kubernetes.io/docs/tasks/tools/#kubectl"
 
@@ -89,7 +93,7 @@ def generate_workstation_token(config_dir=None, profile=None):
 @click.option(
     "-p",
     "--profile",
-    default="",
+    default=os.environ.get("METAFLOW_PROFILE", ""),
     help="The named metaflow profile in which your workstation exists",
 )
 @click.option(
@@ -110,7 +114,6 @@ def configure_cloud_workstation(config_dir=None, profile=None, binary=None, outp
     kubeconfig_configure_step = CommandStatus(
         "ConfigureKubeConfig", OuterboundsCommandStatus.OK, "Kubeconfig is configured"
     )
-
     try:
         metaflow_token = metaflowconfig.get_metaflow_token_from_config(
             config_dir, profile
@@ -191,10 +194,25 @@ def configure_cloud_workstation(config_dir=None, profile=None, binary=None, outp
 @click.option(
     "-p",
     "--profile",
-    default="",
+    default=os.environ.get("METAFLOW_PROFILE", ""),
     help="The named metaflow profile in which your workstation exists",
 )
-def list_workstations(config_dir=None, profile=None):
+@click.option(
+    "-o",
+    "--output",
+    default="json",
+    help="Show output in the specified format.",
+    type=click.Choice(["json"]),
+)
+def list_workstations(config_dir=None, profile=None, output="json"):
+    list_response = OuterboundsCommandResponse()
+    list_step = CommandStatus(
+        "listWorkstations",
+        OuterboundsCommandStatus.OK,
+        "Workstation list successfully fetched!",
+    )
+    list_response.add_or_update_data("workstations", [])
+
     try:
         metaflow_token = metaflowconfig.get_metaflow_token_from_config(
             config_dir, profile
@@ -205,17 +223,23 @@ def list_workstations(config_dir=None, profile=None):
         workstations_response = requests.get(
             f"{api_url}/v1/workstations", headers={"x-api-key": metaflow_token}
         )
-        try:
-            workstations_response.raise_for_status()
-            click.echo(json.dumps(workstations_response.json(), indent=4))
-        except HTTPError:
-            click.secho("Failed to generate workstation token.", fg="red")
-            click.secho(
-                "Error: {}".format(json.dumps(workstations_response.json(), indent=4))
-            )
+        workstations_response.raise_for_status()
+        list_response.add_or_update_data(
+            "workstations", workstations_response.json()["workstations"]
+        )
+        if output == "json":
+            click.echo(json.dumps(list_response.as_dict(), indent=4))
     except Exception as e:
-        click.secho("Failed to list workstations", fg="red")
-        click.secho("Error: {}".format(str(e)))
+        list_step.update(
+            OuterboundsCommandStatus.FAIL, "Failed to list workstations", ""
+        )
+        list_response.add_step(list_step)
+        if output == "json":
+            list_response.add_or_update_data("error", str(e))
+            click.echo(json.dumps(list_response.as_dict(), indent=4))
+        else:
+            click.secho("Failed to list workstations", fg="red", err=True)
+            click.secho("Error: {}".format(str(e)), fg="red", err=True)
 
 
 @cli.command(help="Hibernate workstation", hidden=True)
@@ -235,7 +259,7 @@ def list_workstations(config_dir=None, profile=None):
 @click.option(
     "-w",
     "--workstation",
-    default="",
+    default=os.environ.get("METAFLOW_PROFILE", ""),
     help="The ID of the workstation to hibernate",
 )
 def hibernate_workstation(config_dir=None, profile=None, workstation=None):
@@ -243,6 +267,8 @@ def hibernate_workstation(config_dir=None, profile=None, workstation=None):
         click.secho("Please specify a workstation ID", fg="red")
         return
     try:
+        if not profile:
+            profile = metaflowconfig.get_metaflow_profile()
         metaflow_token = metaflowconfig.get_metaflow_token_from_config(
             config_dir, profile
         )
@@ -267,7 +293,7 @@ def hibernate_workstation(config_dir=None, profile=None, workstation=None):
             )
     except Exception as e:
         click.secho("Failed to hibernate workstation", fg="red")
-        click.secho("Error: {}".format(str(e)))
+        click.secho("Error: {}".format(str(e)), fg="red")
 
 
 @cli.command(help="Restart workstation to the int", hidden=True)
@@ -281,7 +307,7 @@ def hibernate_workstation(config_dir=None, profile=None, workstation=None):
 @click.option(
     "-p",
     "--profile",
-    default="",
+    default=os.environ.get("METAFLOW_PROFILE", ""),
     help="The named metaflow profile in which your workstation exists",
 )
 @click.option(
@@ -319,7 +345,7 @@ def restart_workstation(config_dir=None, profile=None, workstation=None):
             )
     except Exception as e:
         click.secho("Failed to restart workstation", fg="red")
-        click.secho("Error: {}".format(str(e)))
+        click.secho("Error: {}".format(str(e)), fg="red")
 
 
 @cli.command(help="Install dependencies needed by workstations", hidden=True)
@@ -486,8 +512,85 @@ def add_to_path(program_path, platform):
         with open(path_to_rc_file, "a+") as f:  # Open bashrc file
             if program_path not in f.read():
                 f.write("\n# Added by Outerbounds\n")
-                f.write(program_path)
+                f.write(f"export PATH=$PATH:{program_path}")
 
 
 def to_windows_path(path):
     return os.path.normpath(path).replace(os.sep, "\\")
+
+
+@cli.command(help="Show relevant links for a deployment & perimeter", hidden=True)
+@click.option(
+    "-d",
+    "--config-dir",
+    default=path.expanduser(os.environ.get("METAFLOW_HOME", "~/.metaflowconfig")),
+    help="Path to Metaflow configuration directory",
+    show_default=True,
+)
+@click.option(
+    "-p",
+    "--profile",
+    default="",
+    help="The named metaflow profile in which your workstation exists",
+)
+@click.option(
+    "--perimeter-id",
+    default="",
+    help="The id of the perimeter to use",
+)
+@click.option(
+    "-o",
+    "--output",
+    default="",
+    help="Show output in the specified format.",
+    type=click.Choice(["json", ""]),
+)
+def show_relevant_links(config_dir=None, profile=None, perimeter_id="", output=""):
+    show_links_response = OuterboundsCommandResponse()
+    show_links_step = CommandStatus(
+        "showRelevantLinks",
+        OuterboundsCommandStatus.OK,
+        "Relevant links successfully fetched!",
+    )
+    show_links_response.add_or_update_data("links", [])
+    links = []
+    try:
+        if not perimeter_id:
+            metaflow_config = metaflowconfig.init_config(config_dir, profile)
+        else:
+            perimeters_dict = get_perimeters_from_api_or_fail_command(
+                config_dir, profile, output, show_links_response, show_links_step
+            )
+            confirm_user_has_access_to_perimeter_or_fail(
+                perimeter_id,
+                perimeters_dict,
+                output,
+                show_links_response,
+                show_links_step,
+            )
+
+            metaflow_config = metaflowconfig.init_config_from_url(
+                config_dir, profile, perimeters_dict[perimeter_id]["remote_config_url"]
+            )
+
+        links.append(
+            {
+                "id": "metaflow-ui-url",
+                "url": metaflow_config["METAFLOW_UI_URL"],
+                "label": "Metaflow UI URL",
+            }
+        )
+        show_links_response.add_or_update_data("links", links)
+        if output == "json":
+            click.echo(json.dumps(show_links_response.as_dict(), indent=4))
+    except Exception as e:
+        show_links_step.update(
+            OuterboundsCommandStatus.FAIL, "Failed to show relevant links", ""
+        )
+        show_links_response.add_step(show_links_step)
+        if output == "json":
+            show_links_response.add_or_update_data("error", str(e))
+            click.echo(json.dumps(show_links_response.as_dict(), indent=4))
+        else:
+            click.secho("Failed to show relevant links", fg="red", err=True)
+            click.secho("Error: {}".format(str(e)), fg="red", err=True)

outerbounds/utils/metaflowconfig.py

@@ -1,15 +1,45 @@
+import click
 import json
 import os
 import requests
+from os import path
+import requests
+from typing import Dict
+import sys
+
 
+def init_config(config_dir, profile) -> Dict[str, str]:
+    config = read_metaflow_config_from_filesystem(config_dir, profile)
 
-def init_config() -> dict:
-    profile = os.environ.get("METAFLOW_PROFILE")
-    config_dir = os.path.expanduser(
-        os.environ.get("METAFLOW_HOME", "~/.metaflowconfig")
+    # This is new remote-metaflow config; fetch it from the URL
+    if "OBP_METAFLOW_CONFIG_URL" in config:
+        remote_config = init_config_from_url(
+            config_dir, profile, config["OBP_METAFLOW_CONFIG_URL"]
+        )
+        remote_config["OBP_METAFLOW_CONFIG_URL"] = config["OBP_METAFLOW_CONFIG_URL"]
+        return remote_config
+    # Legacy config, use from filesystem
+    return config
+
+
+def init_config_from_url(config_dir, profile, url) -> Dict[str, str]:
+    config = read_metaflow_config_from_filesystem(config_dir, profile)
+
+    if config is None or "METAFLOW_SERVICE_AUTH_KEY" not in config:
+        raise Exception("METAFLOW_SERVICE_AUTH_KEY not found in config file")
+
+    config_response = requests.get(
+        url,
+        headers={"x-api-key": f'{config["METAFLOW_SERVICE_AUTH_KEY"]}'},
     )
+    config_response.raise_for_status()
+    remote_config = config_response.json()["config"]
+    return remote_config
 
+
+def read_metaflow_config_from_filesystem(config_dir, profile) -> Dict[str, str]:
     config_filename = f"config_{profile}.json" if profile else "config.json"
+
     path_to_config = os.path.join(config_dir, config_filename)
 
     if os.path.exists(path_to_config):
@@ -17,22 +47,6 @@ def init_config() -> dict:
             config = json.load(json_file)
     else:
         raise Exception("Unable to locate metaflow config at '%s')" % (path_to_config))
-
-    # This is new remote-metaflow config; fetch it from the URL
-    if "OBP_METAFLOW_CONFIG_URL" in config:
-        if config is None or "METAFLOW_SERVICE_AUTH_KEY" not in config:
-            raise Exception("METAFLOW_SERVICE_AUTH_KEY not found in config file")
-
-        config_response = requests.get(
-            config["OBP_METAFLOW_CONFIG_URL"],
-            headers={"x-api-key": f'{config["METAFLOW_SERVICE_AUTH_KEY"]}'},
-        )
-        config_response.raise_for_status()
-        remote_config = config_response.json()["config"]
-        remote_config["METAFLOW_SERVICE_AUTH_KEY"] = config["METAFLOW_SERVICE_AUTH_KEY"]
-        return remote_config
-
-    # Legacy config, use from filesystem
     return config
 
 
@@ -44,13 +58,10 @@ def get_metaflow_token_from_config(config_dir: str, profile: str) -> str:
         config_dir (str): Path to the config directory
         profile (str): The named metaflow profile
     """
-    config_filename = f"config_{profile}.json" if profile else "config.json"
-    config_path = os.path.join(config_dir, config_filename)
-    with open(config_path) as json_file:
-        config = json.load(json_file)
-        if config is None or "METAFLOW_SERVICE_AUTH_KEY" not in config:
-            raise Exception("METAFLOW_SERVICE_AUTH_KEY not found in config file")
-        return config["METAFLOW_SERVICE_AUTH_KEY"]
+    config = init_config(config_dir, profile)
+    if config is None or "METAFLOW_SERVICE_AUTH_KEY" not in config:
+        raise Exception("METAFLOW_SERVICE_AUTH_KEY not found in config file")
+    return config["METAFLOW_SERVICE_AUTH_KEY"]
 
 
 def get_sanitized_url_from_config(config_dir: str, profile: str, key: str) -> str:
@@ -62,16 +73,32 @@ def get_sanitized_url_from_config(config_dir: str, profile: str, key: str) -> st
         profile (str): The named metaflow profile
         key (str): The key to look up in the config file
     """
-    config_filename = f"config_{profile}.json" if profile else "config.json"
-    config_path = os.path.join(config_dir, config_filename)
-
-    with open(config_path) as json_file:
-        config = json.load(json_file)
-        if key not in config:
-            raise Exception(f"Key {key} not found in config file {config_path}")
-        url_in_config = config[key]
-        if not url_in_config.startswith("https://"):
-            url_in_config = f"https://{url_in_config}"
-
-        url_in_config = url_in_config.rstrip("/")
-        return url_in_config
+    config = init_config(config_dir, profile)
+    if key not in config:
+        raise Exception(f"Key {key} not found in config")
+    url_in_config = config[key]
+    if not url_in_config.startswith("https://"):
+        url_in_config = f"https://{url_in_config}"
+
+    url_in_config = url_in_config.rstrip("/")
+    return url_in_config
+
+
+def get_remote_metaflow_config_for_perimeter(
+    origin_token: str, perimeter: str, api_server: str
+):
+    try:
+        response = requests.get(
+            f"{api_server}/v1/perimeters/{perimeter}/metaflowconfigs/default",
+            headers={"x-api-key": origin_token},
+        )
+        response.raise_for_status()
+        config = response.json()["config"]
+        config["METAFLOW_SERVICE_AUTH_KEY"] = origin_token
+        return config
+    except Exception as e:
+        click.secho(
+            f"Failed to get metaflow config from {api_server}. Error: {str(e)}",
+            fg="red",
+        )
+        sys.exit(1)

outerbounds/utils/schema.py

@@ -5,6 +5,7 @@ class OuterboundsCommandStatus(Enum):
     OK = "OK"
     FAIL = "FAIL"
     WARN = "WARN"
+    NOT_SUPPORTED = "NOT_SUPPORTED"
 
 
 class CommandStatus:
@@ -37,10 +38,19 @@ class OuterboundsCommandResponse:
         self._message = ""
         self._steps = []
         self.metadata = {}
+        self._data = {}
+
+    def update(self, status, code, message):
+        self.status = status
+        self._code = code
+        self._message = message
 
     def add_or_update_metadata(self, key, value):
         self.metadata[key] = value
 
+    def add_or_update_data(self, key, value):
+        self._data[key] = value
+
     def add_step(self, step: CommandStatus):
         self._steps.append(step)
         self._process_step_status(step)
@@ -59,10 +69,11 @@ class OuterboundsCommandResponse:
             self._message = "We found one or more warnings with your installation."
 
     def as_dict(self):
+        self._data["steps"] = [step.as_dict() for step in self._steps]
         return {
             "status": self.status.value,
             "code": self._code,
             "message": self._message,
-            "steps": [step.as_dict() for step in self._steps],
             "metadata": self.metadata,
+            "data": self._data,
         }

{outerbounds-0.3.58.dist-info → outerbounds-0.3.60.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: outerbounds
-Version: 0.3.58
+Version: 0.3.60
 Summary: More Data Science, Less Administration
 License: Proprietary
 Keywords: data science,machine learning,MLOps
@@ -23,9 +23,9 @@ Requires-Dist: click (>=8.1.3,<9.0.0)
 Requires-Dist: google-api-core (>=2.16.1,<3.0.0) ; extra == "gcp"
 Requires-Dist: google-auth (>=2.27.0,<3.0.0) ; extra == "gcp"
 Requires-Dist: google-cloud-storage (>=2.14.0,<3.0.0) ; extra == "gcp"
-Requires-Dist: ob-metaflow (==2.11.4.9)
-Requires-Dist: ob-metaflow-extensions (==1.1.49)
-Requires-Dist: ob-metaflow-stubs (==2.11.4.9)
+Requires-Dist: ob-metaflow (==2.11.9.1)
+Requires-Dist: ob-metaflow-extensions (==1.1.51)
+Requires-Dist: ob-metaflow-stubs (==2.11.9.1)
 Requires-Dist: opentelemetry-distro (==0.41b0)
 Requires-Dist: opentelemetry-exporter-otlp-proto-http (==1.20.0)
 Requires-Dist: opentelemetry-instrumentation-requests (==0.41b0)

outerbounds-0.3.60.dist-info/RECORD

@@ -0,0 +1,15 @@
+outerbounds/__init__.py,sha256=GPdaubvAYF8pOFWJ3b-sPMKCpyfpteWVMZWkmaYhxRw,32
+outerbounds/cli_main.py,sha256=e9UMnPysmc7gbrimq2I4KfltggyU7pw59Cn9aEguVcU,74
+outerbounds/command_groups/__init__.py,sha256=QPWtj5wDRTINDxVUL7XPqG3HoxHNvYOg08EnuSZB2Hc,21
+outerbounds/command_groups/cli.py,sha256=H4LxcYTmsY9DQUrReSRLjvbg9s9Ro7s-eUrcMqEJ_9A,261
+outerbounds/command_groups/local_setup_cli.py,sha256=cqdZ_Jg6CFlaIFwI-LRb_13LQqN0MUQx8wBFi-okG28,35982
+outerbounds/command_groups/perimeters_cli.py,sha256=ICH-StHHYXVAAYvVT8NfMxCDDtKnULnP_vCXrqKOZ48,12770
+outerbounds/command_groups/workstations_cli.py,sha256=b5lt8_g2B0zCoUoNriTRv32IPB6E4mI2sUhubDT7Yjo,21966
+outerbounds/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+outerbounds/utils/kubeconfig.py,sha256=l1mUP1j9VIq3fsffi5bJ1Nk-hYlwd1dIqkpj7DvVS1E,7936
+outerbounds/utils/metaflowconfig.py,sha256=cQWD7zoVkOPXd6q2tqmqACjL0IN-0RgiQ45ojxXBYSM,3529
+outerbounds/utils/schema.py,sha256=cNlgjmteLPbDzSEUSQDsq8txdhMGyezSmM83jU3aa0w,2329
+outerbounds-0.3.60.dist-info/entry_points.txt,sha256=7ye0281PKlvqxu15rjw60zKg2pMsXI49_A8BmGqIqBw,47
+outerbounds-0.3.60.dist-info/METADATA,sha256=51YozDJl2MV1cLz5uR0oceAyqNdyom6oSPwVFWw56jA,1407
+outerbounds-0.3.60.dist-info/WHEEL,sha256=vVCvjcmxuUltf8cYhJ0sJMRDLr1XsPuxEId8YDzbyCY,88
+outerbounds-0.3.60.dist-info/RECORD,,

outerbounds-0.3.58.dist-info/RECORD

@@ -1,14 +0,0 @@
-outerbounds/__init__.py,sha256=GPdaubvAYF8pOFWJ3b-sPMKCpyfpteWVMZWkmaYhxRw,32
-outerbounds/cli_main.py,sha256=e9UMnPysmc7gbrimq2I4KfltggyU7pw59Cn9aEguVcU,74
-outerbounds/command_groups/__init__.py,sha256=QPWtj5wDRTINDxVUL7XPqG3HoxHNvYOg08EnuSZB2Hc,21
-outerbounds/command_groups/cli.py,sha256=61VsBlPG2ykP_786eCyllqeM8DMhPAOfj2FhktrSd7k,207
-outerbounds/command_groups/local_setup_cli.py,sha256=g_kkrlDGzYvZTm184pW6QwotpkcqBamB14kH_Kv8TbM,28685
-outerbounds/command_groups/workstations_cli.py,sha256=VgydQzCas3mlAFyzZuanjl1E8Zh7pBrbKbbP6t6N2WU,18237
-outerbounds/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-outerbounds/utils/kubeconfig.py,sha256=l1mUP1j9VIq3fsffi5bJ1Nk-hYlwd1dIqkpj7DvVS1E,7936
-outerbounds/utils/metaflowconfig.py,sha256=6u9D4x-pQVCPKnmGkTg9uSSHrq4mGnWQl7TurwyV2e8,2945
-outerbounds/utils/schema.py,sha256=nBuarFbdZu0LGhG0YkJ6pEIvdglfM_TO_W_Db2vksb0,2017
-outerbounds-0.3.58.dist-info/METADATA,sha256=ADmikJlmX_lGTzMKbqEBXBSi_X_pBFTE6iZiZYLCEUw,1407
-outerbounds-0.3.58.dist-info/WHEEL,sha256=vVCvjcmxuUltf8cYhJ0sJMRDLr1XsPuxEId8YDzbyCY,88
-outerbounds-0.3.58.dist-info/entry_points.txt,sha256=7ye0281PKlvqxu15rjw60zKg2pMsXI49_A8BmGqIqBw,47
-outerbounds-0.3.58.dist-info/RECORD,,