suite-py 1.41.9__py3-none-any.whl → 1.42.0__py3-none-any.whl

suite_py/commands/generator.py

@@ -1,238 +0,0 @@
-# -*- coding: utf-8 -*-
-import os
-import stat
-import subprocess
-from datetime import datetime
-from os import listdir
-from os.path import isfile, join
-
-import yaml
-from jinja2 import DebugUndefined, Environment, FileSystemLoader
-
-from suite_py.lib import logger, metrics
-from suite_py.lib.handler import prompt_utils
-from suite_py.lib.handler.drone_handler import DroneHandler
-from suite_py.lib.handler.git_handler import GitHandler
-from suite_py.lib.handler.github_handler import GithubHandler
-
-NOW = datetime.now().strftime("%Y%m%d%H%M")
-
-
-class Generator:
-    def __init__(self, project, config, tokens):
-        self._project = project
-        self._config = config
-        self._tokens = tokens
-        self._umami_path = os.path.join(config.user["projects_home"], "umami")
-        self._drone_values_path = f"{self._umami_path}/templates/drone/values/"
-        self._deploy_scripts_values_path = (
-            f"{self._umami_path}/templates/scripts/values/"
-        )
-        self._github = GithubHandler(tokens)
-
-    @metrics.command("generator")
-    def run(self):
-
-        logger.warning(
-            "This command requires shellcheck and shfmt, please install these tools before continuing"
-        )
-        logger.warning(
-            "see https://github.com/koalaman/shellcheck#installing and https://github.com/mvdan/sh#shfmt for installation"
-        )
-        # move to umami root directory
-        os.chdir(self._umami_path)
-
-        env = Environment(
-            loader=FileSystemLoader(self._umami_path),
-            undefined=DebugUndefined,
-            trim_blocks=True,
-            lstrip_blocks=True,
-        )
-        env.filters["to_yaml"] = to_yaml
-        env.add_extension("jinja2.ext.do")
-
-        template_type = prompt_utils.ask_choices(
-            "What files do you want to generate?", ["drone", "deploy_scripts"]
-        )
-        commit_message = f"Autogenerated update {template_type} from suite-py {NOW}"
-
-        autobranch = prompt_utils.ask_confirm(
-            "Do you want to create branch and PR automatically?", default=False
-        )
-
-        if autobranch:
-            autopush = True
-        else:
-            autopush = prompt_utils.ask_confirm(
-                "Do you want to push automatically?", default=False
-            )
-
-        choice = prompt_utils.ask_questions_input(
-            "What project do you want to work on? Enter `all` to select them all: ",
-            self._project,
-        )
-
-        if choice == "all":
-            projects = self._get_all_templated_projects(template_type)
-        else:
-            projects = choice.split(" ")
-
-        skipped = []
-        for project in projects:
-            logger.info(f"{project}: Checking if there are no uncommitted files")
-            git = GitHandler(project, self._config)
-            git.check_repo_cloned()
-            if git.is_dirty():
-                if not prompt_utils.ask_confirm(
-                    f"{project}: There are changes already present, do you want to continue anyway?",
-                    default=False,
-                ):
-                    logger.error(f"{project}: skipping the project")
-                    skipped.append(project)
-                    continue
-
-            branch_name = _configure_branch(git, template_type, autobranch, autopush)
-
-            logger.info(f"{project}: Creation in progress")
-            # launch generate
-            if template_type == "drone":
-                self._generate_drone(
-                    project, f"{self._drone_values_path}{project}.yml", env
-                )
-            elif template_type == "deploy_scripts":
-                _generate_build_script(
-                    git.get_path(),
-                    f"{self._deploy_scripts_values_path}{project}.yml",
-                    env,
-                )
-                _generate_deploy_script(
-                    git.get_path(),
-                    f"{self._deploy_scripts_values_path}{project}.yml",
-                    env,
-                )
-            logger.info(f"{project}: Creation completed")
-
-            if autobranch or autopush:
-                # controllo che sia cambiato effettivamente qualcosa
-                if git.is_dirty(untracked=True):
-                    self._git_operations(
-                        git, autobranch, autopush, branch_name, commit_message
-                    )
-                else:
-                    logger.warning(
-                        f"{project}: no git operations to do. No files modified"
-                    )
-
-            logger.warning(f"Skipped projects: {skipped}")
-
-    def _get_all_templated_projects(self, template_type):
-        if template_type == "drone":
-            values_path = self._drone_values_path
-        elif template_type == "deploy_scripts":
-            values_path = self._deploy_scripts_values_path
-
-        return [
-            f.replace(".yml", "")
-            for f in listdir(values_path)
-            if isfile(join(values_path, f))
-        ]
-
-    def _git_operations(self, git, autobranch, autopush, branch_name, message):
-        if autobranch:
-            logger.info(f"{git.get_repo()}: creating branch {branch_name}")
-            git.checkout(branch_name, new=True)
-            git.add()
-            git.commit(message)
-            git.push(branch_name)
-            pr = self._github.create_pr(git.get_repo(), branch_name, message)
-            logger.info(f"Pull request with number {pr.number} created! {pr.html_url}")
-        elif autopush:
-            if git.current_branch_name() != "master":
-                git.add()
-                git.commit(message)
-                git.push(branch_name)
-            else:
-                logger.warning(
-                    f"{git.get_repo()} is on master, skipping automatic push"
-                )
-
-    def _generate_drone(self, project, values_file, env):
-        values = yaml.safe_load(open(values_file, encoding="utf-8"))
-        template = env.get_template(f"templates/drone/{values['template']}.j2")
-        rendered = template.render(values)
-
-        _write_on_repo(
-            os.path.join(self._config.user["projects_home"], project),
-            rendered,
-            ".drone.yml",
-        )
-        drone = DroneHandler(self._config, self._tokens, repo=project)
-        drone.fmt()
-        drone.validate()
-        drone.sign()
-
-
-def _configure_branch(git, template_type, autobranch, autopush):
-    logger.info(f"{git.get_repo()}: Synchronizing the repo with the remote")
-    if autobranch:
-        git.sync()  # fa anche checkout su master
-        return f"t/autogenerated_update_{template_type}_{NOW}"
-
-    current_branch = git.current_branch_name()
-    if autopush and git.remote_branch_exists(current_branch):
-        git.fetch()
-        git.pull()
-
-    return current_branch
-
-
-def _generate_build_script(project_path, values_file, env):
-    file_name = "build"
-    values = yaml.safe_load(open(values_file, encoding="utf-8"))
-
-    val = {**values["info"], **values["build"]}
-    template = env.get_template(f"templates/scripts/build/{val['template']}")
-    rendered = template.render(val)
-
-    _write_on_repo(os.path.join(project_path, "deploy"), rendered, file_name)
-    _format_script(f"{project_path}/deploy/{file_name}")
-    _validate_script(f"{project_path}/deploy/{file_name}")
-
-
-def _generate_deploy_script(project_path, values_file, env):
-    values = yaml.safe_load(open(values_file, encoding="utf-8"))
-
-    for country, country_props in values["deploy"].items():
-        val = {**values["info"], **country_props}
-        template = env.get_template("templates/scripts/deploy/base.j2")
-        rendered = template.render(val)
-        file_name = f"deploy-{country}"
-        _write_on_repo(os.path.join(project_path, "deploy"), rendered, file_name)
-        _format_script(f"{project_path}/deploy/{file_name}")
-        _validate_script(f"{project_path}/deploy/{file_name}")
-
-
-def _write_on_repo(path, rendered, file_name):
-    if not os.path.exists(path):
-        os.mkdir(path, mode=0o755)
-
-    with open(os.path.join(path, file_name), "w", encoding="utf-8") as fd:
-        fd.write(rendered)
-
-
-def _format_script(filepath):
-    subprocess.run(["shfmt", "-i", "2", "-l", "-w", filepath], check=True)
-
-
-def _validate_script(filepath):
-    _make_executable(filepath)
-    subprocess.run(["shellcheck", filepath], check=True)
-
-
-def _make_executable(filepath):
-    st = os.stat(filepath)
-    os.chmod(filepath, st.st_mode | stat.S_IEXEC)
-
-
-def to_yaml(d, indent=10):
-    return yaml.dump(d, indent=indent)

suite_py/commands/id.py

@@ -1,60 +0,0 @@
-# -*- coding: utf-8 -*-
-import re
-
-from pptree import Node, print_tree
-
-from suite_py.lib import logger, metrics
-from suite_py.lib.handler.aws_handler import Aws
-
-
-class ID:
-    def __init__(self, project, config, env):
-        self._project = project
-        self._env = env
-        self._aws = Aws(config)
-
-    @metrics.command("id")
-    def run(self):
-
-        clusters_names = self._aws.get_ecs_clusters(self._env)
-        n_services = Node("services")
-
-        projects = {"prima": ["web", "consumer-api"], "ab_normal": ["abnormal"]}
-        project_names = projects.get(self._project, [self._project])
-
-        for cluster_name in clusters_names:
-
-            services = []
-            all_services = self._aws.get_ecs_services(cluster_name)
-
-            for service in all_services:
-                if service["status"] == "ACTIVE":
-                    for prj in project_names:
-                        if prj in service["serviceName"]:
-                            services.append(service["serviceName"])
-
-            for service in services:
-                container_instances = []
-                container_instances = (
-                    self._aws.get_container_instances_arn_from_service(
-                        cluster_name, service
-                    )
-                )
-                if container_instances:
-                    ids = self._aws.get_ids_from_container_instances(
-                        cluster_name, container_instances
-                    )
-
-                    m = re.search(f"ecs-task-.*-{self._env}-ECSService(.*)-.*", service)
-                    if m:
-                        n_service = Node(m.group(1), n_services)
-                        for _id in ids:
-                            Node(_id, n_service)
-
-        if n_services.children:
-            print_tree(n_services, horizontal=True)
-        else:
-            logger.info(
-                f"No active tasks for {self._project} in environment {self._env}"
-            )
-        logger.info("Done!")

suite_py/commands/ip.py

@@ -1,68 +0,0 @@
-# -*- coding: utf-8 -*-
-import os
-import re
-
-from pptree import Node, print_tree
-
-from suite_py.lib import logger, metrics
-from suite_py.lib.handler.aws_handler import Aws
-
-
-class IP:
-    def __init__(self, project, config, env):
-        self._project = project
-        self._env = env
-        self._aws = Aws(config)
-
-    @metrics.command("ip")
-    def run(self):
-
-        clusters_names = self._aws.get_ecs_clusters(self._env)
-        n_services = Node("services")
-
-        projects = {"prima": ["web", "consumer-api"], "ab_normal": ["abnormal"]}
-        project_names = projects.get(self._project, [self._project])
-
-        for cluster_name in clusters_names:
-
-            services = []
-            all_services = self._aws.get_ecs_services(cluster_name)
-
-            for service in all_services:
-                if service["status"] == "ACTIVE":
-                    for prj in project_names:
-                        if prj in service["serviceName"]:
-                            services.append(service["serviceName"])
-
-            for service in services:
-                container_instances = []
-                container_instances = (
-                    self._aws.get_container_instances_arn_from_service(
-                        cluster_name, service
-                    )
-                )
-                if container_instances:
-                    ips = self._aws.get_ips_from_container_instances(
-                        cluster_name, container_instances
-                    )
-
-                    m = re.search(f"ecs-task-.*-{self._env}-ECSService(.*)-.*", service)
-                    if m:
-                        n_service = Node(m.group(1), n_services)
-                        for ip in ips:
-                            Node(ip, n_service)
-
-        if self._env == "staging" and os.path.isfile("./deploy/values/staging.yml"):
-            logger.info(
-                "This project has been migrated on k8s, command is no longer available."
-            )
-            logger.info(
-                "Please use k8s to open a shell to a staging pod, see: https://www.notion.so/K8s-tips-2f8b3fed72334362af0de0298845756d"
-            )
-        elif n_services.children:
-            print_tree(n_services, horizontal=True)
-        else:
-            logger.info(
-                f"No active tasks for {self._project} in environment {self._env}"
-            )
-        logger.info("Done!")

suite_py/commands/secret.py

@@ -1,204 +0,0 @@
-# -*- coding: utf-8 -*-
-import json
-import os
-import sys
-
-import yaml
-
-from suite_py.lib import logger, metrics
-from suite_py.lib.handler import prompt_utils
-from suite_py.lib.handler.vault_handler import VaultHandler
-
-profiles_mapping = {
-    "common": {
-        "stack_name_pattern": "{service}-platform-cluster-{env}-serviceaccount-iamrole",
-        "logical_id": "ServiceAccountIamRole",
-        "developer_role": "arn:aws:iam::595659439703:role/aws-reserved/sso.amazonaws.com/eu-west-1/AWSReservedSSO_ItalyDeveloperPlatform_cb5de4d001016cc4",
-    },
-    "it": {
-        "stack_name_pattern": "ecs-roles-{service}-{env}",
-        "logical_id": "ECSTaskRole",
-        "developer_role": "arn:aws:iam::001575623345:role/AllowNonProductionBiscuitDecryption",
-    },
-    "uk": {
-        "stack_name_pattern": "{service}-main-{env}-serviceaccount-iamrole",
-        "logical_id": "ServiceAccountIamRole",
-        "developer_role": "arn:aws:iam::815911007681:role/aws-reserved/sso.amazonaws.com/eu-west-1/AWSReservedSSO_UnitedKingdomDeveloper_f578b0b2b98ea593",
-    },
-    "es": {
-        "stack_name_pattern": "{service}-main-{env}-serviceaccount-iamrole",
-        "logical_id": "ServiceAccountIamRole",
-        "developer_role": "arn:aws:iam::199959896441:role/aws-reserved/sso.amazonaws.com/eu-west-1/AWSReservedSSO_SpainDeveloper_acf53aa98cfc0ac4",
-    },
-}
-
-
-class Secret:
-    def __init__(self, project, config, action, base_profile, secret_file):
-        self._project = project
-        self._config = config
-        self._path = os.path.join(config.user["projects_home"], project)
-        self._vault = VaultHandler(project, config)
-        self._action = action
-        self._base_profile = base_profile
-        self._secret_file = secret_file
-
-    @metrics.command("secret")
-    def run(self):
-        if self._base_profile is not None:
-            self._config.vault["base_secret_profile"] = self._base_profile
-
-        if not self._secret_file:
-            self._secret_file = "config/secrets.yml"
-
-        if self._action == "create":
-            self._create_new_secret()
-            return
-
-        if self._action == "grant":
-            secrets = self._get_available_secrets()
-            secret = prompt_utils.ask_choices("Select secret: ", secrets)
-            self._set_grant_on_secret(secret)
-            return
-
-        logger.error(
-            "You have to specify what to do! See available flags with suite-py secret --help"
-        )
-
-    def _create_new_secret(self):
-        secret = prompt_utils.ask_questions_input("Enter secret name: ")
-        value = prompt_utils.ask_questions_input("Enter secret value: ")
-        e = self._vault.exec(
-            self._config.vault["base_secret_profile"],
-            f"biscuit put -f {self._secret_file} -- {secret} {value}",
-        )
-        if e.returncode != 0:
-            logger.error("An error occurred.")
-            sys.exit(1)
-
-        if prompt_utils.ask_confirm(f"Do you want to grant permissions for {secret}?"):
-            self._set_grant_on_secret(secret)
-
-    def _set_grant_on_secret(self, secret_name):
-        environment = self._ask_environment()
-        profiles = self._ask_profile()
-        for profile in profiles:
-            mapping = profiles_mapping[profile]
-            stack_name = (
-                mapping["stack_name_pattern"]
-                .replace("{service}", self._project)
-                .replace("{env}", environment)
-            )
-            # Get stack resource info
-            logger.info(
-                f"Obtaining ARN for {mapping['logical_id']} from stack {stack_name}..."
-            )
-            stack_resource = self._get_stack_resource(
-                profile, stack_name, mapping["logical_id"]
-            )
-            if stack_resource is None:
-                iam_role_arn = self._manual_iam_arn()
-            else:
-                iam_role_name = stack_resource["StackResourceDetail"][
-                    "PhysicalResourceId"
-                ]
-                # Get IAM Role ARN
-                iam_role = self._get_iam_role(profile, iam_role_name)
-                iam_role_arn = iam_role["Role"]["Arn"]
-                if iam_role_arn is None:
-                    iam_role_arn = self._manual_iam_arn()
-                logger.info(f"ARN found for profile {profile}: {iam_role_arn}")
-
-            if iam_role_arn is None:
-                continue
-
-            logger.debug(
-                f"---\nGranting permissions on {self._project}/{secret_name}\nEnvironment: {environment}\nUsing vault profile: {profile}\nIAM Role ARN: {iam_role_arn}\n---"
-            )
-            if not prompt_utils.ask_confirm("Do you want to continue?", default=True):
-                continue
-
-            # Grant decrypt permissions to task
-            logger.info("Granting permissions to task...")
-            e = self._vault.exec(
-                self._config.vault["base_secret_profile"],
-                f"biscuit kms grants create --grantee-principal {iam_role_arn} -f {self._secret_file} {secret_name}",
-            )
-            if e.returncode != 0:
-                logger.error("An error occurred.")
-                continue
-
-            # Grant decrypt permissions to developers group
-            if environment in ["staging", "qa"]:
-                logger.info("Granting permissions to devs...")
-                e = self._vault.exec(
-                    self._config.vault["base_secret_profile"],
-                    f"biscuit kms grants create --grantee-principal {mapping['developer_role']} -f {self._secret_file} {secret_name}",
-                )
-                if e.returncode != 0:
-                    logger.error("An error occurred.")
-                    continue
-
-        logger.info("Ta-da! Permissions granted.")
-
-    def _get_available_secrets(self):
-        try:
-            secrets = []
-            with open(f"{self._path}/{self._secret_file}", encoding="utf-8") as s:
-                yaml_secrets = yaml.load(s, Loader=yaml.FullLoader)
-                secrets = [
-                    key for key, values in yaml_secrets.items() if key != "_keys"
-                ]
-
-            return secrets
-        except FileNotFoundError:
-            logger.error(f"Can't load secrets from {self._secret_file}.")
-            sys.exit(1)
-
-    def _get_stack_resource(self, profile, stack_name, logical_id):
-        e = self._vault.exec(
-            profile,
-            f"aws cloudformation describe-stack-resource --stack-name {stack_name} --logical-resource-id {logical_id}",
-        )
-        command_result = e.stdout.read()
-        if e.returncode != 0:
-            logger.warning("An error occurred trying to obtain stack. Skipping...")
-            return None
-        stack_info = command_result.decode("utf8").replace("'", '"')
-        data = json.loads(stack_info)
-        return data
-
-    def _get_iam_role(self, profile, iam_role_name):
-        e = self._vault.exec(
-            profile,
-            f"aws iam get-role --role-name {iam_role_name}",
-            additional_args="--no-session",
-        )
-        command_result = e.stdout.read()
-        if e.returncode != 0:
-            logger.warning(
-                "An error occurred trying to obtain IAM Role details. Skipping..."
-            )
-            return None
-        stack_info = command_result.decode("utf8").replace("'", '"')
-        data = json.loads(stack_info)
-        return data
-
-    def _manual_iam_arn(self):
-        arn = prompt_utils.ask_questions_input(
-            "No associated IAM Role ARN found. Insert it manually or leave blank to skip",
-            default_text="",
-        )
-        if arn == "":
-            return None
-        return arn
-
-    def _ask_environment(self):
-        return prompt_utils.ask_choices(
-            "Select an environment:", ["production", "staging", "qa"]
-        )
-
-    def _ask_profile(self):
-        return prompt_utils.ask_multiple_choices(
-            "Select vault profile(s):", self._config.vault["profiles"]
-        )