raijin-server 0.2.3__py3-none-any.whl → 0.2.5__py3-none-any.whl

raijin_server/__init__.py

@@ -1,5 +1,5 @@
 """Pacote principal do CLI Raijin Server."""
 
-__version__ = "0.2.3"
+__version__ = "0.2.4"
 
 __all__ = ["__version__"]

raijin_server/cli.py

@@ -470,6 +470,83 @@ def sanitize(ctx: typer.Context) -> None:
     _run_module(ctx, "sanitize")
 
 
+# ============================================================================
+# Subcomandos Cert-Manager
+# ============================================================================
+cert_app = typer.Typer(help="Comandos para gerenciamento do cert-manager")
+app.add_typer(cert_app, name="cert")
+
+
+@cert_app.command(name="install")
+def cert_install(ctx: typer.Context) -> None:
+    """Instala cert-manager e configura ClusterIssuer interativamente."""
+    _run_module(ctx, "cert_manager")
+
+
+@cert_app.command(name="status")
+def cert_status(ctx: typer.Context) -> None:
+    """Exibe status detalhado do cert-manager, pods, webhook e certificados."""
+    exec_ctx = ctx.obj or ExecutionContext()
+    cert_manager.status(exec_ctx)
+
+
+@cert_app.command(name="diagnose")
+def cert_diagnose(ctx: typer.Context) -> None:
+    """Executa diagnóstico completo para troubleshooting do cert-manager."""
+    exec_ctx = ctx.obj or ExecutionContext()
+    cert_manager.diagnose(exec_ctx)
+
+
+@cert_app.command(name="list-certs")
+def cert_list(ctx: typer.Context) -> None:
+    """Lista todos os certificados no cluster."""
+    import subprocess
+    
+    typer.secho("\n📜 Certificados no Cluster", fg=typer.colors.CYAN, bold=True)
+    try:
+        result = subprocess.run(
+            [
+                "kubectl", "get", "certificates", "-A",
+                "-o", "wide"
+            ],
+            capture_output=False,
+            timeout=15,
+        )
+        if result.returncode != 0:
+            typer.secho("Nenhum certificado encontrado ou erro ao listar.", fg=typer.colors.YELLOW)
+    except Exception as e:
+        typer.secho(f"Erro: {e}", fg=typer.colors.RED)
+
+
+@cert_app.command(name="list-issuers")
+def cert_list_issuers(ctx: typer.Context) -> None:
+    """Lista todos os ClusterIssuers e Issuers."""
+    import subprocess
+    
+    typer.secho("\n🔐 ClusterIssuers", fg=typer.colors.CYAN, bold=True)
+    try:
+        subprocess.run(
+            ["kubectl", "get", "clusterissuers", "-o", "wide"],
+            timeout=15,
+        )
+    except Exception:
+        pass
+    
+    typer.secho("\n🔐 Issuers (por namespace)", fg=typer.colors.CYAN, bold=True)
+    try:
+        subprocess.run(
+            ["kubectl", "get", "issuers", "-A", "-o", "wide"],
+            timeout=15,
+        )
+    except Exception:
+        pass
+
+
+# ============================================================================
+# Comandos Existentes
+# ============================================================================
+
+
 @app.command(name="bootstrap")
 def bootstrap_cmd(ctx: typer.Context) -> None:
     """Instala todas as ferramentas necessarias: helm, kubectl, istioctl, velero, containerd."""

raijin_server/healthchecks.py

@@ -264,8 +264,67 @@ def verify_helm_chart(release: str, namespace: str, ctx: ExecutionContext) -> bo
 
 
 def verify_cert_manager(ctx: ExecutionContext) -> bool:
-    """Health check para cert-manager."""
-    return verify_helm_chart("cert-manager", CERT_NS, ctx)
+    """Health check completo para cert-manager."""
+    logger.info("Verificando health check: cert-manager")
+    typer.secho("\n=== Health Check: Cert-Manager ===", fg=typer.colors.CYAN)
+    
+    all_ok = True
+    
+    # Verifica release Helm
+    ok, status = check_helm_release("cert-manager", CERT_NS, ctx)
+    if ok:
+        typer.secho(f"  ✓ Release cert-manager: {status}", fg=typer.colors.GREEN)
+    else:
+        typer.secho(f"  ✗ Release cert-manager: {status}", fg=typer.colors.RED)
+        return False
+    
+    # Verifica pods
+    if not check_k8s_pods_in_namespace(CERT_NS, ctx, timeout=180):
+        all_ok = False
+    
+    # Verifica CRDs
+    if not ctx.dry_run:
+        try:
+            import subprocess
+            result = subprocess.run(
+                ["kubectl", "get", "crd", "certificates.cert-manager.io"],
+                capture_output=True,
+                timeout=10,
+            )
+            if result.returncode == 0:
+                typer.secho("  ✓ CRDs instalados", fg=typer.colors.GREEN)
+            else:
+                typer.secho("  ✗ CRDs não encontrados", fg=typer.colors.RED)
+                all_ok = False
+        except Exception as e:
+            typer.secho(f"  ✗ Erro ao verificar CRDs: {e}", fg=typer.colors.RED)
+            all_ok = False
+    
+    # Verifica webhook ready
+    if not ctx.dry_run:
+        try:
+            import subprocess
+            result = subprocess.run(
+                [
+                    "kubectl", "get", "deployment", "cert-manager-webhook",
+                    "-n", CERT_NS,
+                    "-o", "jsonpath={.status.readyReplicas}"
+                ],
+                capture_output=True,
+                text=True,
+                timeout=10,
+            )
+            ready = result.returncode == 0 and result.stdout.strip() and int(result.stdout.strip()) >= 1
+            if ready:
+                typer.secho("  ✓ Webhook pronto", fg=typer.colors.GREEN)
+            else:
+                typer.secho("  ✗ Webhook não está pronto", fg=typer.colors.RED)
+                all_ok = False
+        except Exception as e:
+            typer.secho(f"  ✗ Erro ao verificar webhook: {e}", fg=typer.colors.RED)
+            all_ok = False
+    
+    return all_ok
 
 
 def verify_secrets(ctx: ExecutionContext) -> bool:

raijin_server/modules/apokolips_demo.py

@@ -244,7 +244,15 @@ def _resolve_tls_secret() -> str | None:
     return secret.strip() or None
 
 
-def _build_manifest(host: str, tls_secret: str | None) -> str:
+def _resolve_ip_access() -> bool:
+    """Pergunta se deseja acesso via IP direto (para testes)."""
+    env_ip = os.environ.get("APOKOLIPS_IP_ACCESS")
+    if env_ip:
+        return env_ip.strip().lower() in ("1", "true", "yes")
+    return typer.confirm("Habilitar acesso via IP direto? (apenas para testes)", default=True)
+
+
+def _build_manifest(host: str, tls_secret: str | None, ip_access: bool = False) -> str:
         html_block = indent(HTML_TEMPLATE.strip("\n"), " " * 4)
         tls_block = ""
         if tls_secret:
@@ -254,6 +262,20 @@ def _build_manifest(host: str, tls_secret: str | None) -> str:
                         f"    - {host}\n"
                         f"    secretName: {tls_secret}\n"
                 )
+        
+        # Regra adicional para acesso via IP (sem host)
+        ip_rule = ""
+        if ip_access:
+                ip_rule = """
+    - http:
+        paths:
+        - path: /
+          pathType: Prefix
+          backend:
+            service:
+              name: apokolips-demo
+              port:
+                number: 80"""
 
         template = """\
 apiVersion: v1
@@ -340,12 +362,13 @@ spec:
                     service:
                         name: apokolips-demo
                         port:
-                            number: 80
+                            number: 80__IP_RULE__
 __TLS__
 """
 
         manifest = template.format(namespace=NAMESPACE, host=host)
         manifest = manifest.replace("__HTML__", html_block)
+        manifest = manifest.replace("__IP_RULE__", ip_rule)
         manifest = manifest.replace("__TLS__", tls_block.rstrip())
         return f"{manifest.strip()}\n"
 
@@ -354,7 +377,8 @@ def run(ctx: ExecutionContext) -> None:
     ensure_tool("kubectl", ctx, install_hint="Instale kubectl para aplicar o manifesto do site.")
     host = _resolve_host()
     tls_secret = _resolve_tls_secret()
-    manifest = _build_manifest(host, tls_secret)
+    ip_access = _resolve_ip_access()
+    manifest = _build_manifest(host, tls_secret, ip_access)
 
     typer.echo("Gerando manifesto Apokolips...")
     write_file(TMP_MANIFEST, manifest, ctx)
@@ -369,10 +393,22 @@ def run(ctx: ExecutionContext) -> None:
     typer.echo(f"  • Host: {host}")
     if tls_secret:
         typer.echo(f"  • Secret TLS: {tls_secret}")
+    if ip_access:
+        typer.secho("  • Acesso via IP: HABILITADO (apenas para testes)", fg=typer.colors.YELLOW)
+    
     typer.echo("\nTestes sugeridos:")
-    typer.echo(f"  curl -H 'Host: {host}' https://<IP_DO_LOAD_BALANCER>/ --insecure")
+    if ip_access:
+        typer.echo("  # Acesso direto via IP (teste):")
+        typer.echo("  curl http://<IP_DO_SERVIDOR>/")
+        typer.echo("")
+    typer.echo(f"  # Acesso via DNS (produção):")
+    typer.echo(f"  curl -H 'Host: {host}' http://<IP_DO_LOAD_BALANCER>/")
     typer.echo(f"  kubectl -n {NAMESPACE} get ingress {NAMESPACE}")
     typer.echo(f"  kubectl -n {NAMESPACE} get pods")
 
+    if ip_access:
+        typer.secho("\n⚠️  Lembre-se de desabilitar o acesso via IP após configurar o DNS!", fg=typer.colors.YELLOW)
+        typer.echo("   Rode novamente com APOKOLIPS_IP_ACCESS=false ou responda 'não' na pergunta.")
+
     typer.echo("\nPara remover:")
     typer.echo(f"  kubectl delete namespace {NAMESPACE}")