fix: secrets from config, --offline/chaos handling, typos
See coop-cloud/organising#464
This commit is contained in:
parent
f3ded88ed8
commit
d02f659bf8
|
@ -166,7 +166,7 @@ recipes.
|
||||||
app.Env[k] = v
|
app.Env[k] = v
|
||||||
}
|
}
|
||||||
|
|
||||||
composeFiles, err := config.GetAppComposeFiles(app.Recipe, app.Env)
|
composeFiles, err := config.GetComposeFiles(app.Recipe, app.Env)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logrus.Fatal(err)
|
logrus.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,10 +2,8 @@ package app
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"path"
|
|
||||||
|
|
||||||
"coopcloud.tech/abra/cli/internal"
|
"coopcloud.tech/abra/cli/internal"
|
||||||
"coopcloud.tech/abra/pkg/app"
|
|
||||||
"coopcloud.tech/abra/pkg/autocomplete"
|
"coopcloud.tech/abra/pkg/autocomplete"
|
||||||
"coopcloud.tech/abra/pkg/client"
|
"coopcloud.tech/abra/pkg/client"
|
||||||
"coopcloud.tech/abra/pkg/config"
|
"coopcloud.tech/abra/pkg/config"
|
||||||
|
@ -53,6 +51,7 @@ var appNewCommand = cli.Command{
|
||||||
internal.PassFlag,
|
internal.PassFlag,
|
||||||
internal.SecretsFlag,
|
internal.SecretsFlag,
|
||||||
internal.OfflineFlag,
|
internal.OfflineFlag,
|
||||||
|
internal.ChaosFlag,
|
||||||
},
|
},
|
||||||
Before: internal.SubCommandBefore,
|
Before: internal.SubCommandBefore,
|
||||||
ArgsUsage: "[<recipe>]",
|
ArgsUsage: "[<recipe>]",
|
||||||
|
@ -60,14 +59,18 @@ var appNewCommand = cli.Command{
|
||||||
Action: func(c *cli.Context) error {
|
Action: func(c *cli.Context) error {
|
||||||
recipe := internal.ValidateRecipe(c)
|
recipe := internal.ValidateRecipe(c)
|
||||||
|
|
||||||
if !internal.Offline {
|
if !internal.Chaos {
|
||||||
if err := recipePkg.EnsureUpToDate(recipe.Name); err != nil {
|
if err := recipePkg.EnsureIsClean(recipe.Name); err != nil {
|
||||||
|
logrus.Fatal(err)
|
||||||
|
}
|
||||||
|
if !internal.Offline {
|
||||||
|
if err := recipePkg.EnsureUpToDate(recipe.Name); err != nil {
|
||||||
|
logrus.Fatal(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if err := recipePkg.EnsureLatest(recipe.Name); err != nil {
|
||||||
logrus.Fatal(err)
|
logrus.Fatal(err)
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
if err := recipePkg.EnsureLatest(recipe.Name); err != nil {
|
|
||||||
logrus.Fatal(err)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := ensureServerFlag(); err != nil {
|
if err := ensureServerFlag(); err != nil {
|
||||||
|
@ -90,29 +93,43 @@ var appNewCommand = cli.Command{
|
||||||
logrus.Fatal(err)
|
logrus.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := promptForSecrets(internal.Domain); err != nil {
|
|
||||||
logrus.Fatal(err)
|
|
||||||
}
|
|
||||||
|
|
||||||
var secrets AppSecrets
|
var secrets AppSecrets
|
||||||
var secretTable *jsontable.JSONTable
|
var secretTable *jsontable.JSONTable
|
||||||
if internal.Secrets {
|
if internal.Secrets {
|
||||||
|
sampleEnv, err := recipe.SampleEnv()
|
||||||
|
if err != nil {
|
||||||
|
logrus.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
composeFiles, err := config.GetComposeFiles(recipe.Name, sampleEnv)
|
||||||
|
if err != nil {
|
||||||
|
logrus.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
secretsConfig, err := secret.ReadSecretsConfig(sampleEnv, composeFiles, recipe.Name)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := promptForSecrets(recipe.Name, secretsConfig); err != nil {
|
||||||
|
logrus.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
cl, err := client.New(internal.NewAppServer)
|
cl, err := client.New(internal.NewAppServer)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logrus.Fatal(err)
|
logrus.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
secrets, err := createSecrets(cl, sanitisedAppName)
|
secrets, err = createSecrets(cl, secretsConfig, sanitisedAppName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logrus.Fatal(err)
|
logrus.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
secretCols := []string{"Name", "Value"}
|
secretCols := []string{"Name", "Value"}
|
||||||
secretTable = formatter.CreateTable(secretCols)
|
secretTable = formatter.CreateTable(secretCols)
|
||||||
for secret := range secrets {
|
for name, val := range secrets {
|
||||||
secretTable.Append([]string{secret, secrets[secret]})
|
secretTable.Append([]string{name, val})
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if internal.NewAppServer == "default" {
|
if internal.NewAppServer == "default" {
|
||||||
|
@ -123,7 +140,6 @@ var appNewCommand = cli.Command{
|
||||||
table := formatter.CreateTable(tableCol)
|
table := formatter.CreateTable(tableCol)
|
||||||
table.Append([]string{internal.NewAppServer, recipe.Name, internal.Domain})
|
table.Append([]string{internal.NewAppServer, recipe.Name, internal.Domain})
|
||||||
|
|
||||||
fmt.Println("")
|
|
||||||
fmt.Println(fmt.Sprintf("A new %s app has been created! Here is an overview:", recipe.Name))
|
fmt.Println(fmt.Sprintf("A new %s app has been created! Here is an overview:", recipe.Name))
|
||||||
fmt.Println("")
|
fmt.Println("")
|
||||||
table.Render()
|
table.Render()
|
||||||
|
@ -133,14 +149,13 @@ var appNewCommand = cli.Command{
|
||||||
fmt.Println("")
|
fmt.Println("")
|
||||||
fmt.Println("You can deploy this app by running the following:")
|
fmt.Println("You can deploy this app by running the following:")
|
||||||
fmt.Println(fmt.Sprintf("\n abra app deploy %s", internal.Domain))
|
fmt.Println(fmt.Sprintf("\n abra app deploy %s", internal.Domain))
|
||||||
fmt.Println("")
|
|
||||||
|
|
||||||
if len(secrets) > 0 {
|
if len(secrets) > 0 {
|
||||||
|
fmt.Println("")
|
||||||
fmt.Println("Here are your generated secrets:")
|
fmt.Println("Here are your generated secrets:")
|
||||||
fmt.Println("")
|
fmt.Println("")
|
||||||
secretTable.Render()
|
secretTable.Render()
|
||||||
fmt.Println("")
|
logrus.Warn("generated secrets are not shown again, please take note of them NOW")
|
||||||
logrus.Warn("generated secrets are not shown again, please take note of them *now*")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
@ -151,21 +166,14 @@ var appNewCommand = cli.Command{
|
||||||
type AppSecrets map[string]string
|
type AppSecrets map[string]string
|
||||||
|
|
||||||
// createSecrets creates all secrets for a new app.
|
// createSecrets creates all secrets for a new app.
|
||||||
func createSecrets(cl *dockerClient.Client, sanitisedAppName string) (AppSecrets, error) {
|
func createSecrets(cl *dockerClient.Client, secretsConfig map[string]string, sanitisedAppName string) (AppSecrets, error) {
|
||||||
appEnvPath := path.Join(
|
// NOTE(d1): trim to match app.StackName() implementation
|
||||||
config.ABRA_DIR,
|
if len(sanitisedAppName) > 45 {
|
||||||
"servers",
|
logrus.Debugf("trimming %s to %s to avoid runtime limits", sanitisedAppName, sanitisedAppName[:45])
|
||||||
internal.NewAppServer,
|
sanitisedAppName = sanitisedAppName[:45]
|
||||||
fmt.Sprintf("%s.env", internal.Domain),
|
|
||||||
)
|
|
||||||
|
|
||||||
appEnv, err := config.ReadEnv(appEnvPath)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
}
|
||||||
|
|
||||||
secretEnvVars := secret.ReadSecretEnvVars(appEnv)
|
secrets, err := secret.GenerateSecrets(cl, secretsConfig, sanitisedAppName, internal.NewAppServer)
|
||||||
secrets, err := secret.GenerateSecrets(cl, secretEnvVars, sanitisedAppName, internal.NewAppServer)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -183,6 +191,7 @@ func createSecrets(cl *dockerClient.Client, sanitisedAppName string) (AppSecrets
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return secrets, nil
|
return secrets, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -206,15 +215,9 @@ func ensureDomainFlag(recipe recipe.Recipe, server string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// promptForSecrets asks if we should generate secrets for a new app.
|
// promptForSecrets asks if we should generate secrets for a new app.
|
||||||
func promptForSecrets(appName string) error {
|
func promptForSecrets(recipeName string, secretsConfig map[string]string) error {
|
||||||
app, err := app.Get(appName)
|
if len(secretsConfig) == 0 {
|
||||||
if err != nil {
|
logrus.Debugf("%s has no secrets to generate, skipping...", recipeName)
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
secretEnvVars := secret.ReadSecretEnvVars(app.Env)
|
|
||||||
if len(secretEnvVars) == 0 {
|
|
||||||
logrus.Debugf("%s has no secrets to generate, skipping...", app.Recipe)
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -42,7 +42,7 @@ useful if the container runtime has gotten into a weird state.
|
||||||
This action could be destructive, please ensure you have a copy of your app
|
This action could be destructive, please ensure you have a copy of your app
|
||||||
data beforehand.
|
data beforehand.
|
||||||
|
|
||||||
Chas mode ("--chaos") will deploy your local checkout of a recipe as-is,
|
Chaos mode ("--chaos") will deploy your local checkout of a recipe as-is,
|
||||||
including unstaged changes and can be useful for live hacking and testing new
|
including unstaged changes and can be useful for live hacking and testing new
|
||||||
recipes.
|
recipes.
|
||||||
`,
|
`,
|
||||||
|
@ -202,7 +202,7 @@ recipes.
|
||||||
app.Env[k] = v
|
app.Env[k] = v
|
||||||
}
|
}
|
||||||
|
|
||||||
composeFiles, err := config.GetAppComposeFiles(app.Recipe, app.Env)
|
composeFiles, err := config.GetComposeFiles(app.Recipe, app.Env)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logrus.Fatal(err)
|
logrus.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,6 +12,7 @@ import (
|
||||||
"coopcloud.tech/abra/pkg/client"
|
"coopcloud.tech/abra/pkg/client"
|
||||||
"coopcloud.tech/abra/pkg/config"
|
"coopcloud.tech/abra/pkg/config"
|
||||||
"coopcloud.tech/abra/pkg/formatter"
|
"coopcloud.tech/abra/pkg/formatter"
|
||||||
|
"coopcloud.tech/abra/pkg/recipe"
|
||||||
"coopcloud.tech/abra/pkg/secret"
|
"coopcloud.tech/abra/pkg/secret"
|
||||||
"github.com/docker/docker/api/types"
|
"github.com/docker/docker/api/types"
|
||||||
dockerClient "github.com/docker/docker/client"
|
dockerClient "github.com/docker/docker/client"
|
||||||
|
@ -42,12 +43,35 @@ var appSecretGenerateCommand = cli.Command{
|
||||||
internal.DebugFlag,
|
internal.DebugFlag,
|
||||||
allSecretsFlag,
|
allSecretsFlag,
|
||||||
internal.PassFlag,
|
internal.PassFlag,
|
||||||
|
internal.MachineReadableFlag,
|
||||||
|
internal.OfflineFlag,
|
||||||
|
internal.ChaosFlag,
|
||||||
},
|
},
|
||||||
Before: internal.SubCommandBefore,
|
Before: internal.SubCommandBefore,
|
||||||
BashComplete: autocomplete.AppNameComplete,
|
BashComplete: autocomplete.AppNameComplete,
|
||||||
Action: func(c *cli.Context) error {
|
Action: func(c *cli.Context) error {
|
||||||
app := internal.ValidateApp(c)
|
app := internal.ValidateApp(c)
|
||||||
|
|
||||||
|
if err := recipe.EnsureExists(app.Recipe); err != nil {
|
||||||
|
logrus.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if !internal.Chaos {
|
||||||
|
if err := recipe.EnsureIsClean(app.Recipe); err != nil {
|
||||||
|
logrus.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if !internal.Offline {
|
||||||
|
if err := recipe.EnsureUpToDate(app.Recipe); err != nil {
|
||||||
|
logrus.Fatal(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := recipe.EnsureLatest(app.Recipe); err != nil {
|
||||||
|
logrus.Fatal(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if len(c.Args()) == 1 && !allSecrets {
|
if len(c.Args()) == 1 && !allSecrets {
|
||||||
err := errors.New("missing arguments <secret>/<version> or '--all'")
|
err := errors.New("missing arguments <secret>/<version> or '--all'")
|
||||||
internal.ShowSubcommandHelpAndError(c, err)
|
internal.ShowSubcommandHelpAndError(c, err)
|
||||||
|
@ -58,18 +82,26 @@ var appSecretGenerateCommand = cli.Command{
|
||||||
internal.ShowSubcommandHelpAndError(c, err)
|
internal.ShowSubcommandHelpAndError(c, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
composeFiles, err := config.GetComposeFiles(app.Recipe, app.Env)
|
||||||
|
if err != nil {
|
||||||
|
logrus.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
secretsConfig, err := secret.ReadSecretsConfig(app.Env, composeFiles, app.Recipe)
|
||||||
|
if err != nil {
|
||||||
|
logrus.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
secretsToCreate := make(map[string]string)
|
secretsToCreate := make(map[string]string)
|
||||||
secretEnvVars := secret.ReadSecretEnvVars(app.Env)
|
|
||||||
if allSecrets {
|
if allSecrets {
|
||||||
secretsToCreate = secretEnvVars
|
secretsToCreate = secretsConfig
|
||||||
} else {
|
} else {
|
||||||
secretName := c.Args().Get(1)
|
secretName := c.Args().Get(1)
|
||||||
secretVersion := c.Args().Get(2)
|
secretVersion := c.Args().Get(2)
|
||||||
matches := false
|
matches := false
|
||||||
for sec := range secretEnvVars {
|
for name := range secretsConfig {
|
||||||
parsed := secret.ParseSecretEnvVarName(sec)
|
if secretName == name {
|
||||||
if secretName == parsed {
|
secretsToCreate[name] = secretVersion
|
||||||
secretsToCreate[sec] = secretVersion
|
|
||||||
matches = true
|
matches = true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -107,8 +139,13 @@ var appSecretGenerateCommand = cli.Command{
|
||||||
for name, val := range secretVals {
|
for name, val := range secretVals {
|
||||||
table.Append([]string{name, val})
|
table.Append([]string{name, val})
|
||||||
}
|
}
|
||||||
table.Render()
|
|
||||||
logrus.Warn("generated secrets are not shown again, please take note of them *now*")
|
if internal.MachineReadable {
|
||||||
|
table.JSONRender()
|
||||||
|
} else {
|
||||||
|
table.Render()
|
||||||
|
}
|
||||||
|
logrus.Warn("generated secrets are not shown again, please take note of them NOW")
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
},
|
},
|
||||||
|
@ -198,6 +235,8 @@ var appSecretRmCommand = cli.Command{
|
||||||
internal.NoInputFlag,
|
internal.NoInputFlag,
|
||||||
rmAllSecretsFlag,
|
rmAllSecretsFlag,
|
||||||
internal.PassRemoveFlag,
|
internal.PassRemoveFlag,
|
||||||
|
internal.OfflineFlag,
|
||||||
|
internal.ChaosFlag,
|
||||||
},
|
},
|
||||||
Before: internal.SubCommandBefore,
|
Before: internal.SubCommandBefore,
|
||||||
ArgsUsage: "<domain> [<secret-name>]",
|
ArgsUsage: "<domain> [<secret-name>]",
|
||||||
|
@ -211,7 +250,36 @@ Example:
|
||||||
`,
|
`,
|
||||||
Action: func(c *cli.Context) error {
|
Action: func(c *cli.Context) error {
|
||||||
app := internal.ValidateApp(c)
|
app := internal.ValidateApp(c)
|
||||||
secrets := secret.ReadSecretEnvVars(app.Env)
|
|
||||||
|
if err := recipe.EnsureExists(app.Recipe); err != nil {
|
||||||
|
logrus.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if !internal.Chaos {
|
||||||
|
if err := recipe.EnsureIsClean(app.Recipe); err != nil {
|
||||||
|
logrus.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if !internal.Offline {
|
||||||
|
if err := recipe.EnsureUpToDate(app.Recipe); err != nil {
|
||||||
|
logrus.Fatal(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := recipe.EnsureLatest(app.Recipe); err != nil {
|
||||||
|
logrus.Fatal(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
composeFiles, err := config.GetComposeFiles(app.Recipe, app.Env)
|
||||||
|
if err != nil {
|
||||||
|
logrus.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
secretsConfig, err := secret.ReadSecretsConfig(app.Env, composeFiles, app.Recipe)
|
||||||
|
if err != nil {
|
||||||
|
logrus.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
if c.Args().Get(1) != "" && rmAllSecrets {
|
if c.Args().Get(1) != "" && rmAllSecrets {
|
||||||
internal.ShowSubcommandHelpAndError(c, errors.New("cannot use '<secret-name>' and '--all' together"))
|
internal.ShowSubcommandHelpAndError(c, errors.New("cannot use '<secret-name>' and '--all' together"))
|
||||||
|
@ -243,15 +311,13 @@ Example:
|
||||||
|
|
||||||
match := false
|
match := false
|
||||||
secretToRm := c.Args().Get(1)
|
secretToRm := c.Args().Get(1)
|
||||||
for sec := range secrets {
|
for secretName, secretValue := range secretsConfig {
|
||||||
secretName := secret.ParseSecretEnvVarName(sec)
|
val, err := secret.ParseSecretValue(secretValue)
|
||||||
|
|
||||||
secVal, err := secret.ParseSecretEnvVarValue(secrets[sec])
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logrus.Fatal(err)
|
logrus.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
secretRemoteName := fmt.Sprintf("%s_%s_%s", app.StackName(), secretName, secVal.Version)
|
secretRemoteName := fmt.Sprintf("%s_%s_%s", app.StackName(), secretName, val.Version)
|
||||||
if _, ok := remoteSecretNames[secretRemoteName]; ok {
|
if _, ok := remoteSecretNames[secretRemoteName]; ok {
|
||||||
if secretToRm != "" {
|
if secretToRm != "" {
|
||||||
if secretName == secretToRm {
|
if secretName == secretToRm {
|
||||||
|
@ -288,13 +354,44 @@ var appSecretLsCommand = cli.Command{
|
||||||
Aliases: []string{"ls"},
|
Aliases: []string{"ls"},
|
||||||
Flags: []cli.Flag{
|
Flags: []cli.Flag{
|
||||||
internal.DebugFlag,
|
internal.DebugFlag,
|
||||||
|
internal.OfflineFlag,
|
||||||
|
internal.ChaosFlag,
|
||||||
},
|
},
|
||||||
Before: internal.SubCommandBefore,
|
Before: internal.SubCommandBefore,
|
||||||
Usage: "List all secrets",
|
Usage: "List all secrets",
|
||||||
BashComplete: autocomplete.AppNameComplete,
|
BashComplete: autocomplete.AppNameComplete,
|
||||||
Action: func(c *cli.Context) error {
|
Action: func(c *cli.Context) error {
|
||||||
app := internal.ValidateApp(c)
|
app := internal.ValidateApp(c)
|
||||||
secrets := secret.ReadSecretEnvVars(app.Env)
|
|
||||||
|
if err := recipe.EnsureExists(app.Recipe); err != nil {
|
||||||
|
logrus.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if !internal.Chaos {
|
||||||
|
if err := recipe.EnsureIsClean(app.Recipe); err != nil {
|
||||||
|
logrus.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if !internal.Offline {
|
||||||
|
if err := recipe.EnsureUpToDate(app.Recipe); err != nil {
|
||||||
|
logrus.Fatal(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := recipe.EnsureLatest(app.Recipe); err != nil {
|
||||||
|
logrus.Fatal(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
composeFiles, err := config.GetComposeFiles(app.Recipe, app.Env)
|
||||||
|
if err != nil {
|
||||||
|
logrus.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
secretsConfig, err := secret.ReadSecretsConfig(app.Env, composeFiles, app.Recipe)
|
||||||
|
if err != nil {
|
||||||
|
logrus.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
tableCol := []string{"Name", "Version", "Generated Name", "Created On Server"}
|
tableCol := []string{"Name", "Version", "Generated Name", "Created On Server"}
|
||||||
table := formatter.CreateTable(tableCol)
|
table := formatter.CreateTable(tableCol)
|
||||||
|
@ -319,18 +416,17 @@ var appSecretLsCommand = cli.Command{
|
||||||
remoteSecretNames[cont.Spec.Annotations.Name] = true
|
remoteSecretNames[cont.Spec.Annotations.Name] = true
|
||||||
}
|
}
|
||||||
|
|
||||||
for sec := range secrets {
|
for secretName, secretValue := range secretsConfig {
|
||||||
createdRemote := false
|
createdRemote := false
|
||||||
secretName := secret.ParseSecretEnvVarName(sec)
|
val, err := secret.ParseSecretValue(secretValue)
|
||||||
secVal, err := secret.ParseSecretEnvVarValue(secrets[sec])
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logrus.Fatal(err)
|
logrus.Fatal(err)
|
||||||
}
|
}
|
||||||
secretRemoteName := fmt.Sprintf("%s_%s_%s", app.StackName(), secretName, secVal.Version)
|
secretRemoteName := fmt.Sprintf("%s_%s_%s", app.StackName(), secretName, val.Version)
|
||||||
if _, ok := remoteSecretNames[secretRemoteName]; ok {
|
if _, ok := remoteSecretNames[secretRemoteName]; ok {
|
||||||
createdRemote = true
|
createdRemote = true
|
||||||
}
|
}
|
||||||
tableRow := []string{secretName, secVal.Version, secretRemoteName, strconv.FormatBool(createdRemote)}
|
tableRow := []string{secretName, val.Version, secretRemoteName, strconv.FormatBool(createdRemote)}
|
||||||
table.Append(tableRow)
|
table.Append(tableRow)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -47,7 +47,7 @@ useful if the container runtime has gotten into a weird state.
|
||||||
This action could be destructive, please ensure you have a copy of your app
|
This action could be destructive, please ensure you have a copy of your app
|
||||||
data beforehand.
|
data beforehand.
|
||||||
|
|
||||||
Chas mode ("--chaos") will deploy your local checkout of a recipe as-is,
|
Chaos mode ("--chaos") will deploy your local checkout of a recipe as-is,
|
||||||
including unstaged changes and can be useful for live hacking and testing new
|
including unstaged changes and can be useful for live hacking and testing new
|
||||||
recipes.
|
recipes.
|
||||||
`,
|
`,
|
||||||
|
@ -234,7 +234,7 @@ recipes.
|
||||||
app.Env[k] = v
|
app.Env[k] = v
|
||||||
}
|
}
|
||||||
|
|
||||||
composeFiles, err := config.GetAppComposeFiles(app.Recipe, app.Env)
|
composeFiles, err := config.GetComposeFiles(app.Recipe, app.Env)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logrus.Fatal(err)
|
logrus.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -76,7 +76,7 @@ func (a App) StackName() string {
|
||||||
func (a App) Filters(appendServiceNames, exactMatch bool) (filters.Args, error) {
|
func (a App) Filters(appendServiceNames, exactMatch bool) (filters.Args, error) {
|
||||||
filters := filters.NewArgs()
|
filters := filters.NewArgs()
|
||||||
|
|
||||||
composeFiles, err := GetAppComposeFiles(a.Recipe, a.Env)
|
composeFiles, err := GetComposeFiles(a.Recipe, a.Env)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return filters, err
|
return filters, err
|
||||||
}
|
}
|
||||||
|
@ -277,7 +277,7 @@ func GetAppServiceNames(appName string) ([]string, error) {
|
||||||
return serviceNames, err
|
return serviceNames, err
|
||||||
}
|
}
|
||||||
|
|
||||||
composeFiles, err := GetAppComposeFiles(app.Recipe, app.Env)
|
composeFiles, err := GetComposeFiles(app.Recipe, app.Env)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return serviceNames, err
|
return serviceNames, err
|
||||||
}
|
}
|
||||||
|
@ -437,9 +437,10 @@ func GetAppStatuses(apps []App, MachineReadable bool) (map[string]map[string]str
|
||||||
return statuses, nil
|
return statuses, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetAppComposeFiles gets the list of compose files for an app which should be
|
// GetComposeFiles gets the list of compose files for an app (or recipe if you
|
||||||
// merged into a composetypes.Config while respecting the COMPOSE_FILE env var.
|
// don't already have an app) which should be merged into a composetypes.Config
|
||||||
func GetAppComposeFiles(recipe string, appEnv AppEnv) ([]string, error) {
|
// while respecting the COMPOSE_FILE env var.
|
||||||
|
func GetComposeFiles(recipe string, appEnv AppEnv) ([]string, error) {
|
||||||
var composeFiles []string
|
var composeFiles []string
|
||||||
|
|
||||||
if _, ok := appEnv["COMPOSE_FILE"]; !ok {
|
if _, ok := appEnv["COMPOSE_FILE"]; !ok {
|
||||||
|
|
|
@ -249,6 +249,15 @@ func Get(recipeName string, offline bool) (Recipe, error) {
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (r Recipe) SampleEnv() (map[string]string, error) {
|
||||||
|
envSamplePath := path.Join(config.RECIPES_DIR, r.Name, ".env.sample")
|
||||||
|
sampleEnv, err := config.ReadEnv(envSamplePath)
|
||||||
|
if err != nil {
|
||||||
|
return sampleEnv, fmt.Errorf("unable to discover .env.sample for %s", r.Name)
|
||||||
|
}
|
||||||
|
return sampleEnv, nil
|
||||||
|
}
|
||||||
|
|
||||||
// EnsureExists ensures that a recipe is locally cloned
|
// EnsureExists ensures that a recipe is locally cloned
|
||||||
func EnsureExists(recipeName string) error {
|
func EnsureExists(recipeName string) error {
|
||||||
recipeDir := path.Join(config.RECIPES_DIR, recipeName)
|
recipeDir := path.Join(config.RECIPES_DIR, recipeName)
|
||||||
|
|
|
@ -5,13 +5,14 @@ package secret
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"regexp"
|
"slices"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
|
|
||||||
"coopcloud.tech/abra/pkg/client"
|
"coopcloud.tech/abra/pkg/client"
|
||||||
"coopcloud.tech/abra/pkg/config"
|
"coopcloud.tech/abra/pkg/upstream/stack"
|
||||||
|
loader "coopcloud.tech/abra/pkg/upstream/stack"
|
||||||
"github.com/decentral1se/passgen"
|
"github.com/decentral1se/passgen"
|
||||||
dockerClient "github.com/docker/docker/client"
|
dockerClient "github.com/docker/docker/client"
|
||||||
"github.com/sirupsen/logrus"
|
"github.com/sirupsen/logrus"
|
||||||
|
@ -60,40 +61,54 @@ func GeneratePassphrases(count uint) ([]string, error) {
|
||||||
return passphrases, nil
|
return passphrases, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// ReadSecretEnvVars reads secret env vars from an app env var config.
|
// ReadSecretsConfig reads secret names/versions from the recipe config. The
|
||||||
func ReadSecretEnvVars(appEnv config.AppEnv) map[string]string {
|
// function generalises appEnv/composeFiles because some times you have an app
|
||||||
secretEnvVars := make(map[string]string)
|
// and some times you don't (as the caller). We need to be able to handle the
|
||||||
|
// "app new" case where we pass in the .env.sample and the "secret generate"
|
||||||
|
// case where the app is created.
|
||||||
|
func ReadSecretsConfig(appEnv map[string]string, composeFiles []string, recipeName string) (map[string]string, error) {
|
||||||
|
secretConfigs := make(map[string]string)
|
||||||
|
|
||||||
for envVar := range appEnv {
|
opts := stack.Deploy{Composefiles: composeFiles}
|
||||||
regex := regexp.MustCompile(`^SECRET.*VERSION.*`)
|
config, err := loader.LoadComposefile(opts, appEnv)
|
||||||
if string(regex.Find([]byte(envVar))) != "" {
|
if err != nil {
|
||||||
secretEnvVars[envVar] = appEnv[envVar]
|
return secretConfigs, err
|
||||||
|
}
|
||||||
|
|
||||||
|
var enabledSecrets []string
|
||||||
|
for _, service := range config.Services {
|
||||||
|
for _, secret := range service.Secrets {
|
||||||
|
enabledSecrets = append(enabledSecrets, secret.Source)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
logrus.Debugf("read %s as secrets from %s", secretEnvVars, appEnv)
|
if len(enabledSecrets) == 0 {
|
||||||
|
logrus.Debugf("not generating app secrets, none enabled in recipe config")
|
||||||
|
return secretConfigs, nil
|
||||||
|
}
|
||||||
|
|
||||||
return secretEnvVars
|
for _, secret := range config.Secrets {
|
||||||
|
firstIdx := strings.Index(secret.Name, "_")
|
||||||
|
lastIdx := strings.LastIndex(secret.Name, "_")
|
||||||
|
secretName := secret.Name[firstIdx+1 : lastIdx]
|
||||||
|
|
||||||
|
if secret.Name != "" && string(secret.Name[len(secret.Name)-1]) == "_" {
|
||||||
|
return secretConfigs, fmt.Errorf("missing version for secret? (%s)", secretName)
|
||||||
|
}
|
||||||
|
|
||||||
|
if !(slices.Contains(enabledSecrets, secretName)) {
|
||||||
|
logrus.Debugf("%s not enabled in recipe config, not generating", secretName)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
secretVersion := secret.Name[lastIdx+1:]
|
||||||
|
secretConfigs[secretName] = secretVersion
|
||||||
|
}
|
||||||
|
|
||||||
|
return secretConfigs, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func ParseSecretEnvVarName(secretEnvVar string) string {
|
func ParseSecretValue(secret string) (secretValue, error) {
|
||||||
withoutPrefix := strings.TrimPrefix(secretEnvVar, "SECRET_")
|
|
||||||
withoutSuffix := strings.TrimSuffix(withoutPrefix, "_VERSION")
|
|
||||||
name := strings.ToLower(withoutSuffix)
|
|
||||||
logrus.Debugf("parsed %s as name from %s", name, secretEnvVar)
|
|
||||||
return name
|
|
||||||
}
|
|
||||||
|
|
||||||
func ParseGeneratedSecretName(secret string, appEnv config.App) string {
|
|
||||||
name := fmt.Sprintf("%s_", appEnv.StackName())
|
|
||||||
withoutAppName := strings.TrimPrefix(secret, name)
|
|
||||||
idx := strings.LastIndex(withoutAppName, "_")
|
|
||||||
parsed := withoutAppName[:idx]
|
|
||||||
logrus.Debugf("parsed %s as name from %s", parsed, secret)
|
|
||||||
return parsed
|
|
||||||
}
|
|
||||||
|
|
||||||
func ParseSecretEnvVarValue(secret string) (secretValue, error) {
|
|
||||||
values := strings.Split(secret, "#")
|
values := strings.Split(secret, "#")
|
||||||
if len(values) == 0 {
|
if len(values) == 0 {
|
||||||
return secretValue{}, fmt.Errorf("unable to parse %s", secret)
|
return secretValue{}, fmt.Errorf("unable to parse %s", secret)
|
||||||
|
@ -118,30 +133,29 @@ func ParseSecretEnvVarValue(secret string) (secretValue, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// GenerateSecrets generates secrets locally and sends them to a remote server for storage.
|
// GenerateSecrets generates secrets locally and sends them to a remote server for storage.
|
||||||
func GenerateSecrets(cl *dockerClient.Client, secretEnvVars map[string]string, appName, server string) (map[string]string, error) {
|
func GenerateSecrets(cl *dockerClient.Client, secretsFromConfig map[string]string, appName, server string) (map[string]string, error) {
|
||||||
secrets := make(map[string]string)
|
secrets := make(map[string]string)
|
||||||
|
|
||||||
var mutex sync.Mutex
|
var mutex sync.Mutex
|
||||||
var wg sync.WaitGroup
|
var wg sync.WaitGroup
|
||||||
ch := make(chan error, len(secretEnvVars))
|
ch := make(chan error, len(secretsFromConfig))
|
||||||
for secretEnvVar := range secretEnvVars {
|
for n, v := range secretsFromConfig {
|
||||||
wg.Add(1)
|
wg.Add(1)
|
||||||
|
|
||||||
go func(s string) {
|
go func(secretName, secretValue string) {
|
||||||
defer wg.Done()
|
defer wg.Done()
|
||||||
|
|
||||||
secretName := ParseSecretEnvVarName(s)
|
parsedSecretValue, err := ParseSecretValue(secretValue)
|
||||||
secretValue, err := ParseSecretEnvVarValue(secretEnvVars[s])
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ch <- err
|
ch <- err
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
secretRemoteName := fmt.Sprintf("%s_%s_%s", appName, secretName, secretValue.Version)
|
secretRemoteName := fmt.Sprintf("%s_%s_%s", appName, secretName, parsedSecretValue.Version)
|
||||||
logrus.Debugf("attempting to generate and store %s on %s", secretRemoteName, server)
|
logrus.Debugf("attempting to generate and store %s on %s", secretRemoteName, server)
|
||||||
|
|
||||||
if secretValue.Length > 0 {
|
if parsedSecretValue.Length > 0 {
|
||||||
passwords, err := GeneratePasswords(1, uint(secretValue.Length))
|
passwords, err := GeneratePasswords(1, uint(parsedSecretValue.Length))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ch <- err
|
ch <- err
|
||||||
return
|
return
|
||||||
|
@ -182,12 +196,12 @@ func GenerateSecrets(cl *dockerClient.Client, secretEnvVars map[string]string, a
|
||||||
secrets[secretName] = passphrases[0]
|
secrets[secretName] = passphrases[0]
|
||||||
}
|
}
|
||||||
ch <- nil
|
ch <- nil
|
||||||
}(secretEnvVar)
|
}(n, v)
|
||||||
}
|
}
|
||||||
|
|
||||||
wg.Wait()
|
wg.Wait()
|
||||||
|
|
||||||
for range secretEnvVars {
|
for range secretsFromConfig {
|
||||||
err := <-ch
|
err := <-ch
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
Loading…
Reference in New Issue