twc-cli 2.5.0__tar.gz → 2.7.0__tar.gz

{twc_cli-2.5.0 → twc_cli-2.7.0}/CHANGELOG.md

@@ -2,6 +2,45 @@
 
 В этом файле описаны все значимые изменения в Timeweb Cloud CLI. В выпусках мы придерживается правил [семантического версионирования](https://semver.org/lang/ru/).
 
+# Версия 2.7.0 (2024.11.02)
+
+## Добавлено
+
+- Добавлена новая команда `twc whoami`, которая показывает логин аккаунта, в котором в текущий момент авторизован CLI.
+
+## Изменено
+
+- Команда `twc account status` теперь также отображает логин аккаунта.
+
+## Исправлено
+
+- Устранено падение программы при листинге образов (`twc image list`) и при создании сервера из образа.
+- Исправлена ошибка при создании сервера с приватной сетью в зоне доступности SPB-3.
+- Исправлены ошибки в командах `twc storage subdomain gencert` и `twc storage subdomain remove`, возникшие из-за нарушения обратной совместимости эндпоинтов API.
+- Исправлена ошибка валидации приватного адреса при созаднии сервера — ошибочно запрещалось использовать 4-й по порядку адрес в подсети.
+- Исправлена ошибка разбора JSON при выводе списка ресурсов в проекте.
+- Исправлены ошибки добавления TXT записи для домена в команде `twc domain record add`.
+- Исправлена ошибка парсинка субдомена в команде `twc domain record add`.
+- Исправлены ошибки обновления DNS-записей на поддоменах.
+
+# Версия 2.6.0 (2024.08.14)
+
+## Добавлено
+
+- В команды и API-клиент для управления облачным файрволом добавлена поддержка протоколов TCP6, UDP6, ICMP6 и настройка стандартной политики (DROP или ACCEPT).
+- Добавлены новые команды: `twc firewall group get`, `twc firewall group dump` и `twc firewall group restore`.
+
+## Изменено
+
+- Улучшена валидация параметров и подстановка значений по умолчанию в командах `twc firewall`.
+- Команда `twc firewall rule remove` теперь может принимать список UUID правил через пробел.
+- В команде `twc firewall show` аргумент `all` стал необязательным.
+- Зависимость `typer` заменена на `typer-slim`.
+
+## Исправлено
+
+- Исправлено определение ендпоинта объектного хранилища при вызове команды `twc storage genconfig`.
+
 # Версия 2.5.0 (2024.07.24)
 
 ## Добавлено

{twc_cli-2.5.0 → twc_cli-2.7.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: twc-cli
-Version: 2.5.0
+Version: 2.7.0
 Summary: Timeweb Cloud Command Line Interface.
 Home-page: https://github.com/timeweb-cloud/twc
 License: MIT
@@ -19,23 +19,40 @@ Requires-Dist: pyyaml (>=6.0.1,<7.0.0)
 Requires-Dist: requests (>=2.32.3,<3.0.0)
 Requires-Dist: shellingham (>=1.5.4,<2.0.0)
 Requires-Dist: toml (>=0.10.2,<0.11.0)
-Requires-Dist: typer (>=0.12.3,<0.13.0)
+Requires-Dist: typer-slim (>=0.12.3,<0.13.0)
 Project-URL: Repository, https://github.com/timeweb-cloud/twc
 Description-Content-Type: text/markdown
 
-![TWC CLI](https://github.com/timeweb-cloud/twc/blob/master/artwork/light.svg)
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="https://ec650031-twc-cli.s3.timeweb.cloud/dark.svg" type="image/svg+xml">
+  <source media="(prefers-color-scheme: dark)" srcset="https://ec650031-twc-cli.s3.timeweb.cloud/dark.png" type="image/png">
+  <source media="(prefers-color-scheme: light)" srcset="https://ec650031-twc-cli.s3.timeweb.cloud/light.svg" type="image/svg+xml">
+  <source media="(prefers-color-scheme: light)" srcset="https://ec650031-twc-cli.s3.timeweb.cloud/light.png" type="image/png">
+  <img alt="TWC CLI" src="https://ec650031-twc-cli.s3.timeweb.cloud/light.png">
+</picture>
 
 Timeweb Cloud Command Line Interface and simple SDK 💫
 
-> [Руководство пользователя](https://github.com/timeweb-cloud/twc/blob/master/docs/ru/README.md) 🇷🇺  
-> [Command Line Interface (CLI) Reference](https://github.com/timeweb-cloud/twc/blob/master/docs/ru/CLI_REFERENCE.md) 📜
+* [Руководство пользователя](https://github.com/timeweb-cloud/twc/blob/master/docs/ru/README.md) 🇷🇺
+* [Command Line Interface (CLI) Reference](https://github.com/timeweb-cloud/twc/blob/master/docs/ru/CLI_REFERENCE.md)
 
 # Installation
 
+From PyPI registry via pip:
+
 ```
 pip install twc-cli
 ```
 
+Using [pipx](https://pipx.pypa.io/stable/):
+
+```
+pipx install twc-cli
+```
+
+Or install [zippap](https://docs.python.org/3/library/zipapp.html) in your PATH.
+Look for prebuilt `.pyz` archives on [releases page](https://github.com/timeweb-cloud/twc/releases/latest).
+
 # Getting started
 
 Get Timeweb Cloud [access token](https://timeweb.cloud/my/api-keys) and

twc_cli-2.7.0/README.md

@@ -0,0 +1,57 @@
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="https://ec650031-twc-cli.s3.timeweb.cloud/dark.svg" type="image/svg+xml">
+  <source media="(prefers-color-scheme: dark)" srcset="https://ec650031-twc-cli.s3.timeweb.cloud/dark.png" type="image/png">
+  <source media="(prefers-color-scheme: light)" srcset="https://ec650031-twc-cli.s3.timeweb.cloud/light.svg" type="image/svg+xml">
+  <source media="(prefers-color-scheme: light)" srcset="https://ec650031-twc-cli.s3.timeweb.cloud/light.png" type="image/png">
+  <img alt="TWC CLI" src="https://ec650031-twc-cli.s3.timeweb.cloud/light.png">
+</picture>
+
+Timeweb Cloud Command Line Interface and simple SDK 💫
+
+* [Руководство пользователя](https://github.com/timeweb-cloud/twc/blob/master/docs/ru/README.md) 🇷🇺
+* [Command Line Interface (CLI) Reference](https://github.com/timeweb-cloud/twc/blob/master/docs/ru/CLI_REFERENCE.md)
+
+# Installation
+
+From PyPI registry via pip:
+
+```
+pip install twc-cli
+```
+
+Using [pipx](https://pipx.pypa.io/stable/):
+
+```
+pipx install twc-cli
+```
+
+Or install [zippap](https://docs.python.org/3/library/zipapp.html) in your PATH.
+Look for prebuilt `.pyz` archives on [releases page](https://github.com/timeweb-cloud/twc/releases/latest).
+
+# Getting started
+
+Get Timeweb Cloud [access token](https://timeweb.cloud/my/api-keys) and
+configure **twc** with command:
+
+```
+twc config
+```
+
+Enter your access token and hit `Enter`.
+
+Configuration done! Let's use:
+
+```
+twc --help
+```
+
+# Shell completion
+
+To install completion script run:
+
+```
+twc --install-completion
+```
+
+**twc** automatically detect your shell. Supported: Bash, Zsh, Fish, PowerShell.
+

{twc_cli-2.5.0 → twc_cli-2.7.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "twc-cli"
-version = "2.5.0"
+version = "2.7.0"
 description = "Timeweb Cloud Command Line Interface."
 authors = ["ge <dev@timeweb.cloud>"]
 homepage = "https://github.com/timeweb-cloud/twc"
@@ -13,7 +13,7 @@ packages = [{ include = "twc", from = "." }]
 [tool.poetry.dependencies]
 python = "^3.8.19"
 requests = "^2.32.3"
-typer = "^0.12.3"
+typer-slim = "^0.12.3"
 shellingham = "^1.5.4"
 colorama = "^0.4.6"
 toml = "^0.10.2"

{twc_cli-2.5.0 → twc_cli-2.7.0}/twc/__main__.py

@@ -21,6 +21,7 @@ from .commands import (
     vpc,
     firewall,
     floating_ip,
+    whoami,
 )
 from .commands.common import version_callback, version_option, verbose_option
 
@@ -46,6 +47,7 @@ cli.add_typer(domain, name="domain", aliases=["domains", "d"])
 cli.add_typer(vpc, name="vpc", aliases=["vpcs", "network", "networks"])
 cli.add_typer(firewall, name="firewall", aliases=["fw"])
 cli.add_typer(floating_ip, name="ip", aliases=["ips"])
+cli.add_typer(whoami, name="whoami", aliases=[])
 
 
 @cli.command("version")

{twc_cli-2.5.0 → twc_cli-2.7.0}/twc/__version__.py

@@ -12,5 +12,5 @@
 import sys
 
 
-__version__ = "2.5.0"
+__version__ = "2.7.0"
 __pyversion__ = sys.version.replace("\n", "")

{twc_cli-2.5.0 → twc_cli-2.7.0}/twc/api/client.py

@@ -26,6 +26,7 @@ from .types import (
     LoadBalancerAlgo,
     FirewallProto,
     FirewallDirection,
+    FirewallPolicy,
 )
 
 
@@ -468,14 +469,11 @@ class TimewebCloud(TimewebCloudBase):
     # -----------------------------------------------------------------------
     # Images
 
-    def get_images(
-        self, limit: int = 100, offset: int = 0, with_deleted: bool = False
-    ):
+    def get_images(self, limit: int = 100, offset: int = 0):
         """Get list of images."""
         params = {
             "limit": limit,
             "offset": offset,
-            "with_deleted": with_deleted,
         }
         return self._request("GET", f"{self.api_url}/images", params=params)
 
@@ -1415,6 +1413,8 @@ class TimewebCloud(TimewebCloudBase):
         value: str,
         subdomain: Optional[str] = None,
         priority: Optional[int] = None,
+        *,
+        null_subdomain: bool = False,
     ):
         """Add DNS record to domain."""
         payload = {
@@ -1423,6 +1423,8 @@ class TimewebCloud(TimewebCloudBase):
             **({"subdomain": subdomain} if subdomain else {}),
             **({"priority": priority} if priority else {}),
         }
+        if null_subdomain:
+            payload["subdomain"] = None
         return self._request(
             "POST",
             f"{self.api_url}/domains/{fqdn}/dns-records",
@@ -1549,14 +1551,20 @@ class TimewebCloud(TimewebCloudBase):
         )
 
     def create_firewall_group(
-        self, name: str, description: Optional[str] = None
+        self,
+        name: str,
+        description: Optional[str] = None,
+        policy: Optional[FirewallPolicy] = FirewallPolicy.DROP,
     ):
         payload = {
             "name": name,
             **({"description": description} if description else {}),
         }
         return self._request(
-            "POST", f"{self.api_url}/firewall/groups", json=payload
+            "POST",
+            f"{self.api_url}/firewall/groups",
+            json=payload,
+            params={"policy": policy},
         )
 
     def get_firewall_group(self, group_id: UUID):
@@ -1636,16 +1644,16 @@ class TimewebCloud(TimewebCloudBase):
         self,
         group_id: UUID,
         direction: FirewallDirection,
-        proto: FirewallProto,
+        protocol: FirewallProto,
         cidr: Union[IPv4Network, IPv6Network],
         port: Optional[str] = None,
         description: Optional[str] = None,
     ):
         payload = {
             **({"description": description} if description else {}),
-            **({} if proto == FirewallProto.ICMP.value else {"port": port}),
+            **({} if protocol == FirewallProto.ICMP.value else {"port": port}),
             "direction": direction,
-            "protocol": proto,
+            "protocol": protocol,
             "cidr": cidr,
         }
         return self._request(
@@ -1670,16 +1678,16 @@ class TimewebCloud(TimewebCloudBase):
         group_id: UUID,
         rule_id: UUID,
         direction: FirewallDirection,
-        proto: FirewallProto,
+        protocol: FirewallProto,
         cidr: Union[IPv4Network, IPv6Network],
         port: Optional[str] = None,
         description: Optional[str] = None,
     ):
         payload = {
             **({"description": description} if description else {}),
-            **({} if proto == FirewallProto.ICMP.value else {"port": port}),
+            **({} if protocol == FirewallProto.ICMP.value else {"port": port}),
             "direction": direction,
-            "protocol": proto,
+            "protocol": protocol,
             "cidr": cidr,
         }
         return self._request(

{twc_cli-2.5.0 → twc_cli-2.7.0}/twc/api/types.py

@@ -228,6 +228,9 @@ class FirewallProto(str, Enum):
     TCP = "tcp"
     UDP = "udp"
     ICMP = "icmp"
+    TCP6 = "tcp6"
+    UDP6 = "udp6"
+    ICMP6 = "icmp6"
 
 
 class FirewallDirection(str, Enum):
@@ -235,3 +238,10 @@ class FirewallDirection(str, Enum):
 
     INGRESS = "ingress"
     EGRESS = "egress"
+
+
+class FirewallPolicy(str, Enum):
+    """Firewall default policy."""
+
+    DROP = "DROP"
+    ACCEPT = "ACCEPT"

{twc_cli-2.5.0 → twc_cli-2.7.0}/twc/apiwrap.py

@@ -4,7 +4,7 @@ import os
 import sys
 import textwrap
 from pathlib import Path
-from logging import debug
+from logging import debug, warning
 
 from .api import TimewebCloud
 from .api import exceptions as exc
@@ -70,6 +70,11 @@ def create_client(config: Path, profile: str, **kwargs) -> TimewebCloud:
     """
     token = os.getenv("TWC_TOKEN")
     log_settings = os.getenv("TWC_LOG")
+    api_endpoint = os.getenv("TWC_ENDPOINT")
+
+    if api_endpoint:
+        warning("Using API URL from environment: %s", api_endpoint)
+        kwargs["api_base_url"] = api_endpoint
 
     if log_settings:
         for param in log_settings.split(","):

{twc_cli-2.5.0 → twc_cli-2.7.0}/twc/commands/__init__.py

@@ -1,6 +1,6 @@
 """Commands."""
 
-from .account import account
+from .account import account, whoami
 from .config import config
 from .server import server
 from .ssh_key import ssh_key

{twc_cli-2.5.0 → twc_cli-2.7.0}/twc/commands/account.py

@@ -18,6 +18,35 @@ from .common import (
 )
 
 
+whoami = TyperAlias(help="Display current login.", no_args_is_help=False)
+
+
+# ------------------------------------------------------------- #
+# $ twc whoami                                                  #
+# ------------------------------------------------------------- #
+
+
+@whoami.callback(invoke_without_command=True)
+def whoami_callback(
+    verbose: Optional[bool] = verbose_option,
+    config: Optional[Path] = config_option,
+    profile: Optional[str] = profile_option,
+    output_format: Optional[str] = output_format_option,
+):
+    """Display current login."""
+    client = create_client(config, profile)
+    response = client.get_account_status()
+    login = response.json()["status"]["login"]
+    fmt.printer(
+        {"login": login, "profile": profile},
+        output_format=output_format,
+        func=lambda data: print(data["login"]),
+    )
+
+
+# ------------------------------------------------------------- #
+
+
 account = TyperAlias(help=__doc__)
 account_access = TyperAlias(help="Manage account access restrictions.")
 account.add_typer(account_access, name="access")
@@ -33,6 +62,7 @@ def print_account_status(response: Response):
     status = response.json()["status"]
     output = dedent(
         f"""
+        Login: {status["login"]}
         Provider: {status["company_info"]["name"]}
         Yandex.Metrika ID: {status["ym_client_id"]}
         Blocked: {status["is_blocked"]}

{twc_cli-2.5.0 → twc_cli-2.7.0}/twc/commands/domain.py

@@ -195,7 +195,7 @@ def domain_delete(
 # ------------------------------------------------------------- #
 
 
-@domain.command("add")
+@domain.command("add", "create")
 def domain_add(
     domain_name: str,
     verbose: Optional[bool] = verbose_option,
@@ -316,7 +316,7 @@ def domain_remove_dns_record(
 # ------------------------------------------------------------- #
 
 
-@domain_record.command("add")
+@domain_record.command("add", "create")
 def domain_add_dns_record(
     domain_name: str,
     verbose: Optional[bool] = verbose_option,
@@ -346,29 +346,39 @@ def domain_add_dns_record(
     """Add dns record for domain or subdomain."""
     client = create_client(config, profile)
 
+    null_subdomain = False
+
     if second_ld:
         offset = 3
     else:
         offset = 2
 
     subdomain = domain_name
+    original_domain_name = domain_name
     domain_name = ".".join(domain_name.split(".")[-offset:])
 
     if subdomain == domain_name:
         subdomain = None
 
-    # API issue: see text below
-    # API can add TXT record (only TXT, why?) with non-existent subdomain,
-    # but 'subdomain' option must not be passed as FQDN!
-    # API issue: You cannot create subdomains with underscore. Why?
-    # Use previous described bug for this! Pass your subdomain with
-    # underscores to this function.
     if record_type.lower() == "txt":
-        # 'ftp.example.org' --> 'ftp'
-        subdomain = ".".join(subdomain.split(".")[:-offset])
+        if subdomain is None:
+            null_subdomain = True
+        else:
+            # 'ftp.example.org' --> 'ftp'
+            subdomain = ".".join(subdomain.split(".")[:-offset])
+    else:
+        subdomain = ".".join(original_domain_name.split(".")[:-offset])
+        if subdomain != "":
+            domain_name = original_domain_name
+            subdomain = None
 
     response = client.add_domain_dns_record(
-        domain_name, record_type, value, subdomain, priority
+        domain_name,
+        record_type,
+        value,
+        subdomain,
+        priority,
+        null_subdomain=null_subdomain,
     )
     fmt.printer(
         response,
@@ -424,6 +434,12 @@ def domain_update_dns_records(
     if subdomain == domain_name:
         subdomain = None
 
+    if record_type.lower() == "txt" and subdomain is not None:
+        subdomain = ".".join(subdomain.split(".")[:-offset])
+    elif subdomain is not None:
+        domain_name = subdomain
+        subdomain = None
+
     response = client.update_domain_dns_record(
         domain_name, record_id, record_type, value, subdomain, priority
     )
@@ -439,7 +455,7 @@ def domain_update_dns_records(
 # ------------------------------------------------------------- #
 
 
-@domain_subdomain.command("add")
+@domain_subdomain.command("add", "create")
 def domain_add_subdomain(
     subdomain: str = typer.Argument(..., metavar="FQDN"),
     verbose: Optional[bool] = verbose_option,

{twc_cli-2.5.0 → twc_cli-2.7.0}/twc/commands/firewall.py

@@ -18,7 +18,7 @@ import yaml
 from requests import Response
 
 from twc import fmt
-from twc.api import TimewebCloud, FirewallProto
+from twc.api import TimewebCloud, FirewallProto, FirewallPolicy
 from twc.typerx import TyperAlias
 from twc.apiwrap import create_client
 from .common import (
@@ -73,7 +73,7 @@ def print_firewall_status(data: list):
         rules_total += len(group["rules"])
     print("Rules total:", rules_total)
     for group in data:
-        info = f"Group: {group['name']} ({group['id']})"
+        info = f"Group: {group['name']} ({group['id']}) {group['policy']}"
         for rule in group["rules"]:
             info += "\n" + textwrap.indent(
                 textwrap.dedent(
@@ -140,7 +140,7 @@ def print_rules_by_service(rules, filters):
 @firewall.command("show")
 def firewall_status(
     resource_type: _ResourceType2 = typer.Argument(
-        ...,
+        _ResourceType2.ALL,
         metavar="(server|database|balancer|all)",
     ),
     resource_id: str = typer.Argument(None),
@@ -184,6 +184,7 @@ def firewall_status(
                 {
                     "id": group["id"],
                     "name": group["name"],
+                    "policy": group["policy"],
                     "rules": rules,
                     "resources": resources,
                 }
@@ -212,18 +213,19 @@ def firewall_status(
 def print_firewall_groups(response: Response):
     groups = response.json()["groups"]
     table = fmt.Table()
-    table.header(["ID", "NAME"])
+    table.header(["ID", "POLICY", "NAME"])
     for group in groups:
         table.row(
             [
                 group["id"],
+                group["policy"],
                 group["name"],
             ]
         )
     table.print()
 
 
-@firewall_group.command("list")
+@firewall_group.command("list", "ls")
 def firewall_group_list(
     verbose: Optional[bool] = verbose_option,
     config: Optional[Path] = config_option,
@@ -240,6 +242,43 @@ def firewall_group_list(
     )
 
 
+# ------------------------------------------------------------- #
+# $ twc firewall group get                                      #
+# ------------------------------------------------------------- #
+
+
+def print_firewall_group(response: Response):
+    group = response.json()["group"]
+    table = fmt.Table()
+    table.header(["ID", "POLICY", "NAME"])
+    table.row(
+        [
+            group["id"],
+            group["policy"],
+            group["name"],
+        ]
+    )
+    table.print()
+
+
+@firewall_group.command("get")
+def firewall_group_get(
+    group_id: UUID,
+    verbose: Optional[bool] = verbose_option,
+    config: Optional[Path] = config_option,
+    profile: Optional[str] = profile_option,
+    output_format: Optional[str] = output_format_option,
+):
+    """Get firewall fules group."""
+    client = create_client(config, profile)
+    response = client.get_firewall_group(group_id)
+    fmt.printer(
+        response,
+        output_format=output_format,
+        func=print_firewall_group,
+    )
+
+
 # ------------------------------------------------------------- #
 # $ twc firewall group create                                   #
 # ------------------------------------------------------------- #
@@ -253,12 +292,18 @@ def firewall_group_create(
     output_format: Optional[str] = output_format_option,
     name: str = typer.Option(..., help="Group display name."),
     desc: Optional[str] = typer.Option(None, help="Description."),
+    policy: Optional[FirewallPolicy] = typer.Option(
+        FirewallPolicy.DROP,
+        case_sensitive=False,
+        help="Default firewall policy",
+    ),
 ):
     """Create new group of firewall rules."""
     client = create_client(config, profile)
     response = client.create_firewall_group(
         name=name,
         description=desc,
+        policy=policy,
     )
     fmt.printer(
         response,
@@ -324,6 +369,149 @@ def firewall_group_set(
     )
 
 
+# ------------------------------------------------------------- #
+# $ twc firewall group dump                                     #
+# ------------------------------------------------------------- #
+
+
+@firewall_group.command("dump")
+def firewall_group_dump(
+    group_id: UUID,
+    verbose: Optional[bool] = verbose_option,
+    config: Optional[Path] = config_option,
+    profile: Optional[str] = profile_option,
+):
+    """Dump firewall rules."""
+    client = create_client(config, profile)
+    group = client.get_firewall_group(group_id).json()["group"]
+    rules = client.get_firewall_rules(group_id, limit=1000).json()["rules"]
+    dump = {"group": group, "rules": rules}
+    fmt.print_colored(json.dumps(dump), lang="json")
+
+
+# ------------------------------------------------------------- #
+# $ twc firewall group restore                                  #
+# ------------------------------------------------------------- #
+
+
+def _get_rules_diff(
+    rules_local: List[dict], rules_remote: List[dict]
+) -> Tuple[List[dict], List[dict]]:
+    loc = [rule.copy() for rule in rules_local]
+    rem = [rule.copy() for rule in rules_remote]
+
+    for l in loc:
+        del l["id"]
+        del l["group_id"]
+    for r in rem:
+        del r["id"]
+        del r["group_id"]
+
+    # Rules from rules_local that not present in rules_remote
+    to_create = []
+    for idx, rule in enumerate(loc):
+        if rule not in rem:
+            to_create.append(rules_local[idx])
+
+    # Rules from rules_remote that not present in rules_local
+    to_delete = []
+    for idx, rule in enumerate(rem):
+        if rule not in loc:
+            to_delete.append(rules_remote[idx])
+
+    return to_create, to_delete
+
+
+@firewall_group.command("restore")
+def firewall_group_restore(
+    group_id: UUID,
+    verbose: Optional[bool] = verbose_option,
+    config: Optional[Path] = config_option,
+    profile: Optional[str] = profile_option,
+    output_format: Optional[str] = output_format_option,
+    dump_file: Optional[typer.FileText] = typer.Option(
+        None, "-f", "--file", help="Firewall rules dump in JSON format."
+    ),
+    rules_only: Optional[bool] = typer.Option(
+        False,
+        "--rules-only",
+        help="Do not restore group name and description.",
+    ),
+    dry_run: Optional[bool] = typer.Option(
+        False, "--dry-run", help="Does not make any changes."
+    ),
+):
+    """Restore firewall rules group from dump file."""
+    try:
+        dump = json.load(dump_file)
+    except json.JSONDecodeError as e:
+        sys.exit(f"Error: Cannot load dump file: {dump_file.name}: {e}")
+
+    client = create_client(config, profile)
+    group = client.get_firewall_group(group_id).json()["group"]
+    rules = client.get_firewall_rules(group_id, limit=1000).json()["rules"]
+    if group["policy"].lower() != dump["group"]["policy"].lower():
+        sys.exit(
+            f"Error: Cannot restore rules to group with {group['policy']} policy. "
+            "Create new rules group instead."
+        )
+
+    # Make list of rules to be created, updated or deleted
+    # fmt: off
+    rules_to_add, rules_to_del = _get_rules_diff(dump['rules'], rules)
+    rules_to_upd = [r for r in rules_to_add if r['id'] in [r['id'] for r in rules]]
+    rules_to_add = [r for r in rules_to_add if r not in rules_to_upd]
+    rules_to_del = [r for r in rules_to_del if r['id'] not in [r['id'] for r in rules_to_upd]]
+    # fmt: on
+
+    if rules_to_add == rules_to_upd == rules_to_del == []:
+        sys.exit("Nothing to do")
+
+    if dry_run:
+        fstring = "{sign} {id:<37} {direction:<8} {portproto:<18} {cidr}"
+        rules_lists = [
+            (rules_to_add, "Following new rules will be created:", "+"),
+            (rules_to_upd, "Following rules will be updated:", "+"),
+            (rules_to_del, "Following rules will be deleted:", "-"),
+        ]
+        for rules_list in rules_lists:
+            if rules_list[0]:
+                print(rules_list[1])
+                for rule in rules_list[0]:
+                    rule_id = rule["id"]
+                    if rules_list == rules_lists[0]:
+                        rule_id = "known-after-create"
+                    print(
+                        " "
+                        + fstring.format(
+                            sign=rules_list[2],
+                            id=rule_id,
+                            direction=rule["direction"],
+                            portproto=f"{rule['port']}/{rule['protocol']}",
+                            cidr=rule["cidr"],
+                        )
+                    )
+        return
+
+    if rules_only is False and dry_run is False:
+        client.update_firewall_group(
+            group_id,
+            name=dump["group"]["name"],
+            description=dump["group"]["description"],
+        )
+
+    for rule in rules_to_add:
+        del rule["id"]
+        del rule["group_id"]
+        client.create_firewall_rule(group_id, **rule)
+
+    for rule in rules_to_upd:
+        client.update_firewall_rule(**rule)
+
+    for rule in rules_to_del:
+        client.delete_firewall_rule(group_id, rule["id"])
+
+
 # ------------------------------------------------------------- #
 # $ twc firewall link                                           #
 # ------------------------------------------------------------- #
@@ -460,16 +648,17 @@ def filrewall_rule_list(
 def port_proto_callback(values) -> List[Tuple[Optional[str], str]]:
     new_values = []
     for value in values:
-        if not re.match(r"((^\d+(-\d+)?/)?(tcp|udp)$)|(^icmp$)", value, re.I):
+        if not re.match(r"((^\d+(-\d+)?\/)?((tcp|udp|icmp)6?)$)", value, re.I):
             sys.exit(
                 f"Error: Malformed argument: '{value}': "
                 "correct patterns: '22/TCP', '2000-3000/UDP', 'ICMP', etc."
             )
-        if re.match(r"^icmp$", value, re.I):
-            new_values.append((None, "icmp"))
+        pair = value.split("/")
+        if len(pair) == 1:
+            ports, proto = None, pair[0]
         else:
-            ports, proto = value.split("/")
-            new_values.append((ports, proto.lower()))
+            ports, proto = pair
+        new_values.append((ports, proto.lower()))
     return new_values
 
 
@@ -510,14 +699,19 @@ def firewall_rule_create(
         None,
         help="Rules group name, can be used with '--make-group'",
     ),
+    group_policy: Optional[FirewallPolicy] = typer.Option(
+        FirewallPolicy.DROP,
+        case_sensitive=False,
+        help="Default firewall policy, can be used with '--make-group'",
+    ),
     direction_: bool = typer.Option(
         True, "--ingress/--egress", help="Traffic direction."
     ),
     cidr: Optional[str] = typer.Option(
-        "0.0.0.0/0",
+        None,
         metavar="IP_NETWORK",
         callback=validate_cidr_callback,
-        help="IPv4 or IPv6 CIDR.",
+        help="IPv4 or IPv6 CIDR. [default: 0.0.0.0/0 or ::/0]",
     ),
 ):
     """Create new firewall rule."""
@@ -535,7 +729,9 @@ def firewall_rule_create(
             group_name = "Firewall Group " + datetime.now().strftime(
                 "%Y.%m.%d-%H:%M:%S"
             )
-        group_resp = client.create_firewall_group(group_name)
+        group_resp = client.create_firewall_group(
+            group_name, policy=group_policy
+        )
         group = group_resp.json()["group"]["id"]
         logging.debug("New firewall rules group: %s", group)
         fmt.printer(
@@ -543,7 +739,17 @@ def firewall_rule_create(
             output_format=output_format,
             func=lambda x: print("Created rules group:", group),
         )
-    for port in ports:
+    for rule in ports:
+        port, proto = rule
+        if not cidr:
+            if proto in [
+                FirewallProto.TCP6,
+                FirewallProto.UDP6,
+                FirewallProto.ICMP6,
+            ]:
+                cidr = "::/0"
+            else:
+                cidr = "0.0.0.0/0"
         if direction_ is True:
             direction = "ingress"
         else:
@@ -551,8 +757,8 @@ def firewall_rule_create(
         response = client.create_firewall_rule(
             group,
             direction=direction,
-            port=port[0],  # :str port or port range
-            proto=port[1],  # :str protocol name
+            port=port,
+            protocol=proto,
             cidr=cidr,
         )
         fmt.printer(
@@ -579,19 +785,20 @@ def get_group_id_by_rule(client: TimewebCloud, rule_id: UUID) -> str:
 
 @firewall_rule.command("remove", "rm")
 def firewall_rule_remove(
-    rule_id: UUID,
+    rules_ids: List[UUID] = typer.Argument(..., metavar="RULE_ID..."),
     verbose: Optional[bool] = verbose_option,
     config: Optional[Path] = config_option,
     profile: Optional[str] = profile_option,
 ):
     """Remove firewall rule."""
     client = create_client(config, profile)
-    group_id = get_group_id_by_rule(client, rule_id)
-    response = client.delete_firewall_rule(group_id, rule_id)
-    if response.status_code == 204:
-        print(rule_id)
-    else:
-        sys.exit(fmt.printer(response))
+    for rule_id in rules_ids:
+        group_id = get_group_id_by_rule(client, rule_id)
+        response = client.delete_firewall_rule(group_id, rule_id)
+        if response.status_code == 204:
+            print(rule_id)
+        else:
+            sys.exit(fmt.printer(response))
 
 
 # ------------------------------------------------------------- #
@@ -622,7 +829,9 @@ def filrewa_rule_update(
         metavar="PORT[-PORT]",
         help="Port or ports range e.g. 22, 2000-3000",
     ),
-    proto: Optional[FirewallProto] = typer.Option(None, help="Protocol."),
+    proto: Optional[FirewallProto] = typer.Option(
+        None, case_sensitive=False, help="Protocol."
+    ),
 ):
     """Change firewall rule."""
     client = create_client(config, profile)
@@ -643,7 +852,7 @@ def filrewa_rule_update(
         "rule_id": rule_id,
         "direction": direction,
         "port": port,
-        "proto": proto,
+        "protocol": proto,
         "cidr": cidr,
     }
     response = client.update_firewall_rule(**payload)

{twc_cli-2.5.0 → twc_cli-2.7.0}/twc/commands/project.py

@@ -188,17 +188,11 @@ def print_resources(response: Response):
     for key in resource_keys:
         if resources[key]:
             for resource in resources[key]:
-                try:
-                    location = resource["location"]
-                except KeyError:
-                    # Balancers, clusters, and databases has no 'location' field.
-                    # These services is available only in 'ru-1' location.
-                    location = "ru-1"
                 table.row(
                     [
                         resource["id"],
-                        resource["name"],
-                        location,
+                        resource.get("name", resource.get("fqdn")),
+                        resource.get("location", "ru-1"),
                         key[:-1],  # this is resource name e.g. 'server'
                     ]
                 )

{twc_cli-2.5.0 → twc_cli-2.7.0}/twc/commands/server.py

@@ -584,9 +584,7 @@ def server_create(
             net = IPv4Network(
                 client.get_vpc(network).json()["vpc"]["subnet_v4"]
             )
-            if IPv4Address(private_ip) > IPv4Address(
-                int(net.network_address) + 4
-            ):
+            if IPv4Address(private_ip) >= net.network_address + 4:
                 payload["network"]["ip"] = private_ip
             else:
                 # First 3 addresses is reserved for networks OVN based networks

{twc_cli-2.5.0 → twc_cli-2.7.0}/twc/commands/storage.py

@@ -18,7 +18,6 @@ from twc import fmt
 from twc.typerx import TyperAlias
 from twc.apiwrap import create_client
 from twc.api import TimewebCloud, ServiceRegion, BucketType
-from twc.vars import S3_ENDPOINT
 from .common import (
     verbose_option,
     config_option,
@@ -501,7 +500,6 @@ def storage_subdomain_remove(
     verbose: Optional[bool] = verbose_option,
     config: Optional[Path] = config_option,
     profile: Optional[str] = profile_option,
-    output_format: Optional[str] = output_format_option,
     yes: Optional[bool] = yes_option,
 ):
     """Remove subdomains."""
@@ -510,11 +508,11 @@ def storage_subdomain_remove(
     client = create_client(config, profile)
     bucket_id = resolve_bucket_id(client, bucket)
     response = client.delete_bucket_subdomains(bucket_id, subdomains)
-    fmt.printer(
-        response,
-        output_format=output_format,
-        func=print_subdomains_state,
-    )
+    if response.status_code == 204:
+        for subdomain in subdomains:
+            print(subdomain)
+    else:
+        sys.exit(fmt.printer(response))
 
 
 # ------------------------------------------------------------- #
@@ -533,7 +531,7 @@ def storage_subdomain_gencert(
     client = create_client(config, profile)
     for subdomain in subdomains:
         response = client.gen_cert_for_bucket_subdomain(subdomain)
-        if response.status_code == 201:
+        if response.status_code == 204:
             print(subdomain)
         else:
             sys.exit(fmt.printer(response))
@@ -613,10 +611,16 @@ def storage_genconfig(
         "rclone": RCLONE_CONFIG_TEMPLATE.strip(),
     }
 
+    endpoint = "s3.timeweb.cloud"
+    if not access_key.isupper():
+        # Legacy object storage service have lowercase usernames only.
+        # New storage, on the contrary, always has keys in uppercase.
+        endpoint = "s3.timeweb.com"
+
     file_content = templates[s3_client].format(
         access_key=access_key,
         secret_key=secret_key,
-        endpoint=S3_ENDPOINT,
+        endpoint=endpoint,
     )
 
     if save_to:

{twc_cli-2.5.0 → twc_cli-2.7.0}/twc/fmt.py

@@ -67,6 +67,9 @@ class Printer:
 
     def raw(self):
         """Print raw API response text (mostly raw JSON)."""
+        if isinstance(self._data, dict):
+            typer.echo(json.dumps(self._data))
+            return
         typer.echo(self._data.text)
 
     def colorize(self, data: str, lexer: object = JsonLexer()):
@@ -77,9 +80,12 @@ class Printer:
         """Print colorized JSON output. Fallback to non-color output if
         Pygments not installed and fallback to raw output on JSONDecodeError.
         """
+        data = self._data
+        if not isinstance(self._data, dict):
+            data = self._data.json()
         try:
             json_data = json.dumps(
-                self._data.json(), indent=4, sort_keys=True, ensure_ascii=False
+                data, indent=4, sort_keys=True, ensure_ascii=False
             )
             self.colorize(json_data, lexer=JsonLexer())
         except json.JSONDecodeError:
@@ -89,10 +95,11 @@ class Printer:
         """Print colorized YAML output. Fallback to non-color output if
         Pygments not installed and fallback to raw output on YAMLError.
         """
+        data = self._data
+        if not isinstance(self._data, dict):
+            data = self._data.json()
         try:
-            yaml_data = yaml.dump(
-                self._data.json(), sort_keys=True, allow_unicode=True
-            )
+            yaml_data = yaml.dump(data, sort_keys=True, allow_unicode=True)
             self.colorize(yaml_data, lexer=YamlLexer())
         except yaml.YAMLError:
             self.raw()

{twc_cli-2.5.0 → twc_cli-2.7.0}/twc/vars.py

@@ -6,11 +6,9 @@ expand or other infrastructure or product changes occur.
 
 # Service URLs
 CONTROL_PANEL_URL = "https://timeweb.cloud/my"
-S3_ENDPOINT_DEPRECATED = "s3.timeweb.com"
-S3_ENDPOINT = "s3.timeweb.cloud"
 
 # Location specific parameters. May change later.
 REGIONS_WITH_IPV6 = ["ru-1", "pl-1"]
 REGIONS_WITH_IMAGES = ["ru-1", "ru-3", "kz-1", "pl-1", "nl-1"]
 REGIONS_WITH_LAN = ["ru-1", "ru-3", "nl-1", "pl-1"]
-ZONES_WITH_LAN = ["spb-1", "spb-4", "msk-1", "ams-1", "gdn-1"]
+ZONES_WITH_LAN = ["spb-1", "spb-3", "spb-4", "msk-1", "ams-1", "gdn-1"]

twc_cli-2.5.0/README.md

@@ -1,40 +0,0 @@
-![TWC CLI](https://github.com/timeweb-cloud/twc/blob/master/artwork/light.svg)
-
-Timeweb Cloud Command Line Interface and simple SDK 💫
-
-> [Руководство пользователя](https://github.com/timeweb-cloud/twc/blob/master/docs/ru/README.md) 🇷🇺  
-> [Command Line Interface (CLI) Reference](https://github.com/timeweb-cloud/twc/blob/master/docs/ru/CLI_REFERENCE.md) 📜
-
-# Installation
-
-```
-pip install twc-cli
-```
-
-# Getting started
-
-Get Timeweb Cloud [access token](https://timeweb.cloud/my/api-keys) and
-configure **twc** with command:
-
-```
-twc config
-```
-
-Enter your access token and hit `Enter`.
-
-Configuration done! Let's use:
-
-```
-twc --help
-```
-
-# Shell completion
-
-To install completion script run:
-
-```
-twc --install-completion
-```
-
-**twc** automatically detect your shell. Supported: Bash, Zsh, Fish, PowerShell.
-