raijin-server 0.3.8__py3-none-any.whl → 0.3.9__py3-none-any.whl

raijin_server/__init__.py

@@ -1,5 +1,5 @@
 """Pacote principal do CLI Raijin Server."""
 
-__version__ = "0.3.8"
+__version__ = "0.3.9"
 
 __all__ = ["__version__"]

raijin_server/cli.py

@@ -47,7 +47,7 @@ from raijin_server.modules import (
 )
 from raijin_server.utils import ExecutionContext, logger, active_log_file, available_log_files, page_text, ensure_tool
 from raijin_server.validators import validate_system_requirements, check_module_dependencies, MODULE_DEPENDENCIES
-from raijin_server.healthchecks import run_health_check
+from raijin_server.healthchecks import run_health_check, validate_module_status, get_all_module_statuses
 from raijin_server.config import ConfigManager
 from raijin_server import module_manager
 
@@ -212,7 +212,7 @@ def _run_module(ctx: typer.Context, name: str, skip_validation: bool = False) ->
 
 def _print_banner() -> None:
     console.print(Panel.fit(BANNER, style="bold blue"))
-    console.print("[bright_white]Automacao de setup e hardening para Ubuntu Server[/bright_white]\n")
+    console.print(f"[bright_white]Automacao de setup e hardening para Ubuntu Server[/bright_white]  [dim]v{__version__}[/dim]\n")
 
 
 def _select_state_dir() -> Path:
@@ -337,7 +337,7 @@ def _rollback_module(
     typer.secho(f"Rollback finalizado (best-effort) para {name}\n", fg=typer.colors.GREEN)
 
 
-def _render_menu(dry_run: bool) -> int:
+def _render_menu(dry_run: bool, live_status: bool = True) -> int:
     table = Table(
         title="Selecione um modulo para executar",
         header_style="bold white",
@@ -348,9 +348,29 @@ def _render_menu(dry_run: bool) -> int:
     table.add_column("Status", style="green", no_wrap=True)
     table.add_column("Modulo", style="bold green")
     table.add_column("Descricao", style="white")
+    
+    # Obtém status em tempo real se solicitado
+    if live_status:
+        console.print("[dim]Validando status dos módulos...[/dim]")
+        statuses = get_all_module_statuses()
+    else:
+        statuses = {}
+    
     for idx, name in enumerate(MODULES.keys(), start=1):
         desc = MODULE_DESCRIPTIONS.get(name, "")
-        status = "[green]✔[/green]" if _is_completed(name) else "[dim]-[/dim]"
+        
+        if live_status:
+            status_val = statuses.get(name, "not_installed")
+            if status_val == "ok":
+                status = "[green]✔[/green]"
+            elif status_val == "error":
+                status = "[red]✗[/red]"
+            else:
+                status = "[dim]-[/dim]"
+        else:
+            # Fallback para arquivo .done
+            status = "[green]✔[/green]" if _is_completed(name) else "[dim]-[/dim]"
+        
         table.add_row(f"{idx}", status, name, desc)
 
     exit_idx = len(MODULES) + 1

raijin_server/healthchecks.py

@@ -375,10 +375,372 @@ HEALTH_CHECKS = {
     "kafka": lambda ctx: verify_helm_chart("kafka", "kafka", ctx),
     "cert_manager": verify_cert_manager,
     "secrets": verify_secrets,
-
 }
 
 
+# =============================================================================
+# STATUS VALIDATION - Validação em tempo real para o menu interativo
+# =============================================================================
+
+def _quick_cmd(cmd: list[str], timeout: int = 5) -> tuple[bool, str]:
+    """Executa comando rápido e retorna (sucesso, output)."""
+    try:
+        result = subprocess.run(cmd, capture_output=True, text=True, timeout=timeout)
+        return result.returncode == 0, result.stdout.strip()
+    except Exception as e:
+        return False, str(e)
+
+
+def _check_namespace_exists(ns: str) -> bool:
+    """Verifica se namespace existe."""
+    ok, _ = _quick_cmd(["kubectl", "get", "ns", ns])
+    return ok
+
+
+def _check_pods_running(ns: str) -> tuple[bool, bool]:
+    """Retorna (existe, todos_running)."""
+    if not _check_namespace_exists(ns):
+        return False, False
+    ok, out = _quick_cmd(["kubectl", "get", "pods", "-n", ns, "-o", "jsonpath={.items[*].status.phase}"])
+    if not ok or not out:
+        return True, False  # ns existe mas sem pods ou erro
+    phases = out.split()
+    all_ok = all(p in ("Running", "Succeeded") for p in phases)
+    return True, all_ok
+
+
+def _check_helm_deployed(release: str, ns: str) -> tuple[bool, bool]:
+    """Retorna (existe, deployed)."""
+    ok, out = _quick_cmd(["helm", "status", release, "-n", ns, "--output", "json"], timeout=10)
+    if not ok:
+        return False, False
+    try:
+        import json
+        data = json.loads(out)
+        status = data.get("info", {}).get("status", "")
+        return True, status == "deployed"
+    except Exception:
+        return False, False
+
+
+def _check_systemd_active(service: str) -> bool:
+    """Verifica se serviço systemd está ativo."""
+    ok, out = _quick_cmd(["systemctl", "is-active", service])
+    return ok and out == "active"
+
+
+def _check_crd_exists(crd: str) -> bool:
+    """Verifica se CRD existe."""
+    ok, _ = _quick_cmd(["kubectl", "get", "crd", crd])
+    return ok
+
+
+def _check_cluster_secret_store() -> tuple[bool, bool]:
+    """Verifica ClusterSecretStore. Retorna (existe, ready)."""
+    ok, out = _quick_cmd(["kubectl", "get", "clustersecretstore", "-o", "jsonpath={.items[*].status.conditions[?(@.type=='Ready')].status}"])
+    if not ok:
+        return False, False
+    return True, "True" in out
+
+
+# Status: "ok" = ✓, "error" = ✗, "not_installed" = -
+ModuleStatus = str  # "ok" | "error" | "not_installed"
+
+
+def validate_module_status(module: str) -> ModuleStatus:
+    """Valida status de um módulo em tempo real."""
+    validators = {
+        "sanitize": _validate_sanitize,
+        "bootstrap": _validate_bootstrap,
+        "ssh_hardening": _validate_ssh_hardening,
+        "hardening": _validate_hardening,
+        "network": _validate_network,
+        "essentials": _validate_essentials,
+        "firewall": _validate_firewall,
+        "vpn": _validate_vpn,
+        "vpn_client": _validate_vpn_client,
+        "internal_dns": _validate_internal_dns,
+        "kubernetes": _validate_kubernetes,
+        "calico": _validate_calico,
+        "metallb": _validate_metallb,
+        "traefik": _validate_traefik,
+        "cert_manager": _validate_cert_manager,
+        "istio": _validate_istio,
+        "kong": _validate_kong,
+        "minio": _validate_minio,
+        "prometheus": _validate_prometheus,
+        "grafana": _validate_grafana,
+        "secrets": _validate_secrets,
+        "loki": _validate_loki,
+        "harbor": _validate_harbor,
+        "harness": _validate_harness,
+        "velero": _validate_velero,
+        "kafka": _validate_kafka,
+        "full_install": _validate_full_install,
+    }
+    
+    validator = validators.get(module)
+    if validator:
+        try:
+            return validator()
+        except Exception:
+            return "error"
+    return "not_installed"
+
+
+def _validate_sanitize() -> ModuleStatus:
+    # Sanitize é idempotente, consideramos OK se bootstrap/k8s estiver funcionando
+    return "ok"
+
+
+def _validate_bootstrap() -> ModuleStatus:
+    # Verifica se ferramentas estão instaladas
+    tools = ["helm", "kubectl", "containerd"]
+    for tool in tools:
+        ok, _ = _quick_cmd(["which", tool])
+        if not ok:
+            return "not_installed"
+    return "ok"
+
+
+def _validate_ssh_hardening() -> ModuleStatus:
+    # Verifica se SSH está rodando
+    if _check_systemd_active("ssh") or _check_systemd_active("sshd"):
+        return "ok"
+    return "not_installed"
+
+
+def _validate_hardening() -> ModuleStatus:
+    if _check_systemd_active("fail2ban"):
+        return "ok"
+    return "not_installed"
+
+
+def _validate_network() -> ModuleStatus:
+    # Verifica se hostname está configurado
+    ok, hostname = _quick_cmd(["hostname"])
+    if ok and hostname:
+        return "ok"
+    return "not_installed"
+
+
+def _validate_essentials() -> ModuleStatus:
+    # Verifica NTP
+    ok, out = _quick_cmd(["timedatectl", "show", "-p", "NTP", "--value"])
+    if ok and out == "yes":
+        return "ok"
+    return "not_installed"
+
+
+def _validate_firewall() -> ModuleStatus:
+    if _check_systemd_active("ufw"):
+        return "ok"
+    return "not_installed"
+
+
+def _validate_vpn() -> ModuleStatus:
+    if _check_systemd_active("wg-quick@wg0"):
+        return "ok"
+    return "not_installed"
+
+
+def _validate_vpn_client() -> ModuleStatus:
+    # VPN client é gerenciado pelo VPN module
+    if _check_systemd_active("wg-quick@wg0"):
+        return "ok"
+    return "not_installed"
+
+
+def _validate_internal_dns() -> ModuleStatus:
+    # Verifica se CoreDNS custom config existe
+    ok, _ = _quick_cmd(["kubectl", "get", "configmap", "coredns-custom", "-n", "kube-system"])
+    if ok:
+        return "ok"
+    return "not_installed"
+
+
+def _validate_kubernetes() -> ModuleStatus:
+    if not _check_systemd_active("kubelet"):
+        return "not_installed"
+    if not _check_systemd_active("containerd"):
+        return "error"
+    # Verifica se node está ready
+    ok, out = _quick_cmd(["kubectl", "get", "nodes", "-o", "jsonpath={.items[0].status.conditions[?(@.type=='Ready')].status}"])
+    if ok and "True" in out:
+        return "ok"
+    return "error"
+
+
+def _validate_calico() -> ModuleStatus:
+    exists, running = _check_pods_running("kube-system")
+    if not exists:
+        return "not_installed"
+    # Verifica se calico-node está rodando
+    ok, out = _quick_cmd(["kubectl", "get", "pods", "-n", "kube-system", "-l", "k8s-app=calico-node", "-o", "jsonpath={.items[*].status.phase}"])
+    if ok and out and "Running" in out:
+        return "ok"
+    return "not_installed"
+
+
+def _validate_metallb() -> ModuleStatus:
+    exists, running = _check_pods_running("metallb-system")
+    if not exists:
+        return "not_installed"
+    if running:
+        return "ok"
+    return "error"
+
+
+def _validate_traefik() -> ModuleStatus:
+    exists, deployed = _check_helm_deployed("traefik", "traefik")
+    if not exists:
+        return "not_installed"
+    _, running = _check_pods_running("traefik")
+    if deployed and running:
+        return "ok"
+    return "error"
+
+
+def _validate_cert_manager() -> ModuleStatus:
+    exists, deployed = _check_helm_deployed("cert-manager", "cert-manager")
+    if not exists:
+        return "not_installed"
+    _, running = _check_pods_running("cert-manager")
+    if deployed and running:
+        return "ok"
+    return "error"
+
+
+def _validate_istio() -> ModuleStatus:
+    exists, running = _check_pods_running("istio-system")
+    if not exists:
+        return "not_installed"
+    if running:
+        return "ok"
+    return "error"
+
+
+def _validate_kong() -> ModuleStatus:
+    exists, deployed = _check_helm_deployed("kong", "kong")
+    if not exists:
+        return "not_installed"
+    _, running = _check_pods_running("kong")
+    if deployed and running:
+        return "ok"
+    return "error"
+
+
+def _validate_minio() -> ModuleStatus:
+    exists, deployed = _check_helm_deployed("minio", "minio")
+    if not exists:
+        return "not_installed"
+    _, running = _check_pods_running("minio")
+    if deployed and running:
+        return "ok"
+    return "error"
+
+
+def _validate_prometheus() -> ModuleStatus:
+    exists, deployed = _check_helm_deployed("kube-prometheus-stack", "observability")
+    if not exists:
+        return "not_installed"
+    ok, out = _quick_cmd(["kubectl", "get", "pods", "-n", "observability", "-l", "app.kubernetes.io/name=prometheus", "-o", "jsonpath={.items[*].status.phase}"])
+    if ok and out and "Running" in out:
+        return "ok"
+    if exists:
+        return "error"
+    return "not_installed"
+
+
+def _validate_grafana() -> ModuleStatus:
+    ok, out = _quick_cmd(["kubectl", "get", "pods", "-n", "observability", "-l", "app.kubernetes.io/name=grafana", "-o", "jsonpath={.items[*].status.phase}"])
+    if ok and out and "Running" in out:
+        return "ok"
+    return "not_installed"
+
+
+def _validate_secrets() -> ModuleStatus:
+    # Verifica Vault
+    exists_vault, running_vault = _check_pods_running("vault")
+    # Verifica External Secrets
+    exists_eso, running_eso = _check_pods_running("external-secrets")
+    # Verifica ClusterSecretStore
+    css_exists, css_ready = _check_cluster_secret_store()
+    
+    if not exists_vault and not exists_eso:
+        return "not_installed"
+    
+    if exists_vault and exists_eso and css_exists:
+        if running_vault and running_eso and css_ready:
+            return "ok"
+        return "error"
+    
+    return "not_installed"
+
+
+def _validate_loki() -> ModuleStatus:
+    exists, deployed = _check_helm_deployed("loki", "observability")
+    if not exists:
+        return "not_installed"
+    ok, out = _quick_cmd(["kubectl", "get", "pods", "-n", "observability", "-l", "app.kubernetes.io/name=loki", "-o", "jsonpath={.items[*].status.phase}"])
+    if ok and out and "Running" in out:
+        return "ok"
+    return "error"
+
+
+def _validate_harbor() -> ModuleStatus:
+    exists, deployed = _check_helm_deployed("harbor", "harbor")
+    if not exists:
+        return "not_installed"
+    _, running = _check_pods_running("harbor")
+    if deployed and running:
+        return "ok"
+    return "error"
+
+
+def _validate_harness() -> ModuleStatus:
+    exists, running = _check_pods_running("harness")
+    if not exists:
+        return "not_installed"
+    if running:
+        return "ok"
+    return "error"
+
+
+def _validate_velero() -> ModuleStatus:
+    exists, deployed = _check_helm_deployed("velero", "velero")
+    if not exists:
+        return "not_installed"
+    _, running = _check_pods_running("velero")
+    if deployed and running:
+        return "ok"
+    return "error"
+
+
+def _validate_kafka() -> ModuleStatus:
+    exists, deployed = _check_helm_deployed("kafka", "kafka")
+    if not exists:
+        return "not_installed"
+    _, running = _check_pods_running("kafka")
+    if deployed and running:
+        return "ok"
+    return "error"
+
+
+def _validate_full_install() -> ModuleStatus:
+    # Full install é um meta-módulo
+    return "ok"
+
+
+def get_all_module_statuses() -> dict[str, ModuleStatus]:
+    """Retorna o status de todos os módulos."""
+    from raijin_server.cli import MODULES
+    statuses = {}
+    for module in MODULES.keys():
+        statuses[module] = validate_module_status(module)
+    return statuses
+
+
 def run_health_check(module: str, ctx: ExecutionContext) -> bool:
     """Executa health check para um modulo especifico."""
     if module not in HEALTH_CHECKS:

{raijin_server-0.3.8.dist-info → raijin_server-0.3.9.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: raijin-server
-Version: 0.3.8
+Version: 0.3.9
 Summary: CLI para automacao de setup e hardening de servidores Ubuntu Server.
 Home-page: https://example.com/raijin-server
 Author: Equipe Raijin

{raijin_server-0.3.8.dist-info → raijin_server-0.3.9.dist-info}/RECORD

@@ -1,7 +1,7 @@
-raijin_server/__init__.py,sha256=IWpKGUd_KknUfa2XJ_Xu7M_xVWCdNyixW7AMO96xWkY,94
-raijin_server/cli.py,sha256=WvZaPJ5AVjhzzs_jLLe2QGvVEH_VphRwnUkTMEgycbI,37320
+raijin_server/__init__.py,sha256=fs3Gv4GHIXMcXgGtp4XuiBBUAmcJ5tMKl9xefHaKW1k,94
+raijin_server/cli.py,sha256=IKakZrKe9dYdxWVqboK6f5Zu_ZcpiAZd8UJ4r8HWVlM,38031
 raijin_server/config.py,sha256=QNiEVvrbW56XgvNn5-h3bkJm46Xc8mjNqPbvixXD8N0,4829
-raijin_server/healthchecks.py,sha256=UHSRyeKTsCGeL_4dxDSGZ1t8164Q7wYTi1c3ZiU0cro,13536
+raijin_server/healthchecks.py,sha256=46s260-Of0GbPqaZFkPrkx93vJ0dYvzAf8wJ2bJI0J8,24753
 raijin_server/minio_utils.py,sha256=NQxIGoVf4-eM8rNwEHdd4QFnEIh2OxY3DyOiFkznsYs,18299
 raijin_server/module_manager.py,sha256=Wmhj603CN0XGUVr7_Fo8CHzKd9yIbS9x5BJLqDj78kw,10259
 raijin_server/utils.py,sha256=9RnGnPoUTYOpMVRLNa4P4lIQrJNQLkSkPUxycZRGv78,20827
@@ -39,9 +39,9 @@ raijin_server/scripts/checklist.sh,sha256=j6E0Kmk1EfjLvKK1VpCqzXJAXI_7Bm67LK4ndy
 raijin_server/scripts/install.sh,sha256=Y1ickbQ4siQ0NIPs6UgrqUr8WWy7U0LHmaTQbEgavoI,3949
 raijin_server/scripts/log_size_metric.sh,sha256=Iv4SsX8AuCYRou-klYn32mX41xB6j0xJGLBO6riw4rU,1208
 raijin_server/scripts/pre-deploy-check.sh,sha256=XqMo7IMIpwUHF17YEmU0-cVmTDMoCGMBFnmS39FidI4,4912
-raijin_server-0.3.8.dist-info/licenses/LICENSE,sha256=kJsMCjOiRZE0AQNtxWqBa32z9kMAaF4EUxyHj3hKaJo,1105
-raijin_server-0.3.8.dist-info/METADATA,sha256=5QdtvUtfp7Qq_OaevRKA2WoU7i6NViAOG58h3wI5vmw,8829
-raijin_server-0.3.8.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-raijin_server-0.3.8.dist-info/entry_points.txt,sha256=3ZvxDX4pvcjkIRsXAJ69wIfVmKa78LKo-C3QhqN2KVM,56
-raijin_server-0.3.8.dist-info/top_level.txt,sha256=Yz1xneCRtsZOzbPIcTAcrSxd-1p80pohMXYAZ74dpok,14
-raijin_server-0.3.8.dist-info/RECORD,,
+raijin_server-0.3.9.dist-info/licenses/LICENSE,sha256=kJsMCjOiRZE0AQNtxWqBa32z9kMAaF4EUxyHj3hKaJo,1105
+raijin_server-0.3.9.dist-info/METADATA,sha256=dHrI-6NR6o_J1xfn84-92o7ZfeeH6bZYrt9b6wIiTQ0,8829
+raijin_server-0.3.9.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+raijin_server-0.3.9.dist-info/entry_points.txt,sha256=3ZvxDX4pvcjkIRsXAJ69wIfVmKa78LKo-C3QhqN2KVM,56
+raijin_server-0.3.9.dist-info/top_level.txt,sha256=Yz1xneCRtsZOzbPIcTAcrSxd-1p80pohMXYAZ74dpok,14
+raijin_server-0.3.9.dist-info/RECORD,,