ResourceSync: pending view toggle between "Execute" vs "Commit" sync direction

* feature: improve tables quick actions on mobile

* review: fix gap4

* review: use flex-wrap

.devcontainer/dev.compose.yaml

@@ -23,7 +23,7 @@ services:
 
   db:
     extends:
-      file: ../dev.compose.yaml
+      file: ../test.compose.yaml
       service: ferretdb
 
 volumes:

.gitignore

@@ -1,9 +1,13 @@
 target
 node_modules
 dist
-deno.lock
 .env
 .env.development
 .DS_Store
 .idea
+
+/frontend/build
+/lib/ts_client/build
+
+creds.toml
 .dev

.kminclude

@@ -1 +0,0 @@
-.dev

.vscode/resolver.code-snippets

@@ -3,8 +3,8 @@
 		"scope": "rust",
 		"prefix": "resolve",
 		"body": [
-			"impl Resolve<${0}> for ${1} {",
-			"\tasync fn resolve(self, _: &${0}) -> Result<Self::Response, Self::Error> {",
+			"impl Resolve<${1}, User> for State {",
+			"\tasync fn resolve(&self, ${1} { ${0} }: ${1}, _: User) -> anyhow::Result<${2}> {",
 			"\t\ttodo!()",
 			"\t}",
 			"}"
@@ -15,9 +15,9 @@
 		"prefix": "static",
 		"body": [
 			"fn ${1}() -> &'static ${2} {",
-			"\tstatic ${0}: OnceLock<${2}> = OnceLock::new();",
-			"\t${0}.get_or_init(|| {",
-			"\t\ttodo!()",
+			"\tstatic ${3}: OnceLock<${2}> = OnceLock::new();",
+			"\t${3}.get_or_init(|| {",
+			"\t\t${0}",
 			"\t})",
 			"}"
 		]

.vscode/tasks.json

@@ -106,62 +106,62 @@
             "problemMatcher": []
         },
         {
-            "label": "Init UI Client",
+            "label": "Init Frontend Client",
             "type": "shell",
             "command": "yarn link komodo_client && yarn install",
             "options": {
-                "cwd": "${workspaceFolder}/ui",
+                "cwd": "${workspaceFolder}/frontend",
             },
             "problemMatcher": []
         },
         {
-            "label": "Init UI",
+            "label": "Init Frontend",
             "dependsOn": [
                 "Build TS Client Types",
                 "Init TS Client",
-                "Init UI Client"
+                "Init Frontend Client"
             ],
             "dependsOrder": "sequence",
             "problemMatcher": []
         },
         {
-            "label": "Build UI",
+            "label": "Build Frontend",
             "type": "shell",
             "command": "yarn build",
             "options": {
-                "cwd": "${workspaceFolder}/ui",
+                "cwd": "${workspaceFolder}/frontend",
             },
             "problemMatcher": []
         },
         {
-            "label": "Prepare UI For Run",
+            "label": "Prepare Frontend For Run",
             "type": "shell",
-            "command": "cp -r ./client/core/ts/dist/. ui/public/client/.",
+            "command": "cp -r ./client/core/ts/dist/. frontend/public/client/.",
             "options": {
                 "cwd": "${workspaceFolder}",
             },
             "dependsOn": [
                 "Build TS Client Types",
-                "Build UI"
+                "Build Frontend"
             ],
             "dependsOrder": "sequence",
             "problemMatcher": []
         },
         {
-            "label": "Run UI",
+            "label": "Run Frontend",
             "type": "shell",
             "command": "yarn dev",
             "options": {
-                "cwd": "${workspaceFolder}/ui",
+                "cwd": "${workspaceFolder}/frontend",
             },
-            "dependsOn": ["Prepare UI For Run"],
+            "dependsOn": ["Prepare Frontend For Run"],
             "problemMatcher": []
         },
         {
             "label": "Init",
             "dependsOn": [
                 "Build Backend",
-                "Init UI"
+                "Init Frontend"
             ],
             "dependsOrder": "sequence",
             "problemMatcher": []
@@ -171,7 +171,7 @@
             "dependsOn": [
                 "Run Core",
                 "Run Periphery",
-                "Run UI"
+                "Run Frontend"
             ],
             "problemMatcher": []
         },

Cargo.toml

@@ -8,131 +8,109 @@ members = [
 ]
 
 [workspace.package]
-version = "2.0.0-dev-118"
-edition = "2024"
+version = "1.17.0-dev-3"
+edition = "2021"
 authors = ["mbecker20 <becker.maxh@gmail.com>"]
 license = "GPL-3.0-or-later"
 repository = "https://github.com/moghtech/komodo"
 homepage = "https://komo.do"
 
-[profile.release]
-strip = "debuginfo"
-
 [workspace.dependencies]
 # LOCAL
 komodo_client = { path = "client/core/rs" }
 periphery_client = { path = "client/periphery/rs" }
-environment = { path = "lib/environment" }
-interpolate = { path = "lib/interpolate" }
+environment_file = { path = "lib/environment_file" }
 formatting = { path = "lib/formatting" }
-transport = { path = "lib/transport" }
-database = { path = "lib/database" }
-encoding = { path = "lib/encoding" }
+response = { path = "lib/response" }
 command = { path = "lib/command" }
+logger = { path = "lib/logger" }
+cache = { path = "lib/cache" }
 git = { path = "lib/git" }
 
 # MOGH
-slack = { version = "2.0.0", package = "slack_client_rs", default-features = false, features = ["rustls"] }
-mogh_error = { version = "1.0.3", default-features = false }
+run_command = { version = "0.0.6", features = ["async_tokio"] }
+serror = { version = "0.5.0", default-features = false }
+slack = { version = "0.3.0", package = "slack_client_rs", default-features = false, features = ["rustls"] }
 derive_default_builder = "0.1.8"
-async_timing_util = "1.1.0"
-mogh_auth_client = "1.2.2"
-mogh_auth_server = "1.2.6"
-mogh_secret_file = "1.0.1"
-mogh_validations = "1.0.1"
-mogh_rate_limit = "1.0.1"
-partial_derive2 = "0.4.5"
-mongo_indexed = "2.0.2"
-mogh_resolver = "1.0.0"
-mogh_config = "1.0.2"
-mogh_logger = "1.3.1"
-mogh_server = "1.4.4"
-toml_pretty = "2.0.0"
-mogh_cache = "1.1.1"
-mogh_pki = "1.1.0"
-mungos = "3.2.2"
-svi = "1.2.0"
+derive_empty_traits = "0.1.0"
+merge_config_files = "0.1.5"
+async_timing_util = "1.0.0"
+partial_derive2 = "0.4.3"
+derive_variants = "1.0.0"
+mongo_indexed = "2.0.1"
+resolver_api = "3.0.0"
+toml_pretty = "1.1.2"
+mungos = "1.1.0"
+svi = "1.0.1"
 
 # ASYNC
-reqwest = { version = "0.13.2", default-features = false, features = ["json", "stream", "form", "query", "rustls"] }
-tokio = { version = "1.49.0", features = ["full"] }
-tokio-util = { version = "0.7.18", features = ["io", "codec"] }
-tokio-stream = { version = "0.1.18", features = ["sync"] }
-pin-project-lite = "0.2.16"
-futures-util = "0.3.32"
-arc-swap = "1.8.2"
+reqwest = { version = "0.12.12", default-features = false, features = ["json", "rustls-tls"] }
+tokio = { version = "1.43.0", features = ["full"] }
+tokio-util = "0.7.13"
+futures = "0.3.31"
+futures-util = "0.3.31"
 
 # SERVER
-tokio-tungstenite = { version = "0.28.0", features = ["rustls-tls-native-roots"] }
-axum = { version = "0.8.8", features = ["ws", "json", "macros"] }
-axum-extra = { version = "0.12.5", features = ["typed-header"] }
-
-# OPENAPI
-utoipa-scalar = { version = "0.3.0", features = ["axum"] }
-utoipa = "5.4.0"
+axum-extra = { version = "0.10.0", features = ["typed-header"] }
+tower-http = { version = "0.6.2", features = ["fs", "cors"] }
+axum-server = { version = "0.7.1", features = ["tls-rustls"] }
+axum = { version = "0.8.1", features = ["ws", "json", "macros"] }
+tokio-tungstenite = "0.26.1"
 
 # SER/DE
-ipnetwork = { version = "0.21.1", features = ["serde"] }
-indexmap = { version = "2.13.0", features = ["serde"] }
-serde = { version = "1.0.227", features = ["derive"] }
-strum = { version = "0.28.0", features = ["derive"] }
-bson = { version = "2.15.0" } # must keep in sync with mongodb version
-toml = "0.9.11+spec-1.1.0"
-serde_yaml_ng = "0.10.0"
-serde_json = "1.0.149"
-serde_qs = "1.0.0"
-url = "2.5.8"
+ordered_hash_map = { version = "0.4.0", features = ["serde"] }
+serde = { version = "1.0.217", features = ["derive"] }
+strum = { version = "0.26.3", features = ["derive"] }
+serde_json = "1.0.135"
+serde_yaml = "0.9.34"
+toml = "0.8.19"
 
 # ERROR
-anyhow = "1.0.102"
-thiserror = "2.0.18"
+anyhow = "1.0.95"
+thiserror = "2.0.11"
 
 # LOGGING
-tracing = "0.1.44"
+opentelemetry-otlp = { version = "0.27.0", features = ["tls-roots", "reqwest-rustls"] }
+opentelemetry_sdk = { version = "0.27.1", features = ["rt-tokio"] }
+tracing-subscriber = { version = "0.3.19", features = ["json"] }
+opentelemetry-semantic-conventions = "0.27.0"
+tracing-opentelemetry = "0.28.0"
+opentelemetry = "0.27.1"
+tracing = "0.1.41"
 
 # CONFIG
-clap = { version = "4.5.60", features = ["derive"] }
+clap = { version = "4.5.26", features = ["derive"] }
 dotenvy = "0.15.7"
 envy = "0.4.2"
 
 # CRYPTO / AUTH
-uuid = { version = "1.21.0", features = ["v4", "fast-rng", "serde"] }
-rustls = { version = "0.23.37", features = ["aws-lc-rs"] }
-data-encoding = "2.10.0"
+uuid = { version = "1.12.0", features = ["v4", "fast-rng", "serde"] }
+openidconnect = "3.5.0"
 urlencoding = "2.1.3"
-bcrypt = "0.18.0"
+nom_pem = "4.0.0"
+bcrypt = "0.16.0"
+base64 = "0.22.1"
+rustls = "0.23.21"
 hmac = "0.12.1"
-sha1 = "0.10.6"
-sha2 = "0.10.9"
-rand = "0.10.0"
+sha2 = "0.10.8"
+rand = "0.8.5"
+jwt = "0.16.0"
 hex = "0.4.3"
 
 # SYSTEM
-hickory-resolver = "0.25.2"
-portable-pty = "0.9.0"
-shell-escape = "0.1.5"
-crossterm = "0.29.0"
-bollard = "0.20.1"
-sysinfo = "0.38.2"
-shlex = "1.3.0"
+bollard = "0.18.1"
+sysinfo = "0.33.1"
 
 # CLOUD
-aws-config = "1.8.14"
-aws-sdk-ec2 = "1.214.0"
-aws-credential-types = "1.2.13"
-
-## CRON
-english-to-cron = "0.1.7"
-chrono-tz = "0.10.4"
-chrono = "0.4.44"
-croner = "3.0.1"
+aws-config = "1.5.13"
+aws-sdk-ec2 = "1.101.0"
 
 # MISC
-async-compression = { version = "0.4.41", features = ["tokio", "gzip"] }
 derive_builder = "0.20.2"
-comfy-table = "7.2.2"
-typeshare = "1.0.5"
+typeshare = "1.0.4"
+octorust = "0.9.0"
+dashmap = "6.1.0"
 wildcard = "0.3.0"
-colored = "3.1.1"
-bytes = "1.11.1"
-regex = "1.12.3"
+colored = "3.0.0"
+regex = "1.11.1"
+bson = "2.13.0"

action/build.ts

@@ -1,2 +0,0 @@
-import { run } from "./run.ts";
-await run("build-komodo");

action/deno.json

@@ -1,5 +0,0 @@
-{
-  "imports": {
-    "@std/toml": "jsr:@std/toml"
-  }
-}

action/deploy-fe.ts

@@ -1,4 +0,0 @@
-const cmd = "km run -y action deploy-komodo-fe-change";
-new Deno.Command("bash", {
-  args: ["-c", cmd],
-}).spawn();

action/deploy.ts

@@ -1,2 +0,0 @@
-import { run } from "./run.ts";
-await run("deploy-komodo");

action/run.ts

@@ -1,52 +0,0 @@
-import * as TOML from "@std/toml";
-
-export const run = async (action: string) => {
-  const branch = await new Deno.Command("bash", {
-    args: ["-c", "git rev-parse --abbrev-ref HEAD"],
-  })
-    .output()
-    .then((r) => new TextDecoder("utf-8").decode(r.stdout).trim());
-
-  const cargo_toml_str = await Deno.readTextFile("Cargo.toml");
-  const prev_version = (
-    TOML.parse(cargo_toml_str) as {
-      workspace: { package: { version: string } };
-    }
-  ).workspace.package.version;
-
-  const [version, tag, count] = prev_version.split("-");
-  const next_count = Number(count) + 1;
-
-  const next_version = `${version}-${tag}-${next_count}`;
-
-  await Deno.writeTextFile(
-    "Cargo.toml",
-    cargo_toml_str.replace(
-      `version = "${prev_version}"`,
-      `version = "${next_version}"`
-    )
-  );
-
-  // Cargo check first here to make sure lock file is updated before commit.
-  const cmd = `
-cargo check
-echo ""
-
-git add --all
-git commit --all --message "deploy ${version}-${tag}-${next_count}"
-
-echo ""
-git push
-echo ""
-
-km run -y action ${action} "KOMODO_BRANCH=${branch}&KOMODO_VERSION=${version}&KOMODO_TAG=${tag}-${next_count}"
-`
-    .split("\n")
-    .map((line) => line.trim())
-    .filter((line) => line.length > 0 && !line.startsWith("//"))
-    .join(" && ");
-
-  new Deno.Command("bash", {
-    args: ["-c", cmd],
-  }).spawn();
-};

bin/binaries.Dockerfile

@@ -1,8 +1,7 @@
-## Builds the Komodo Core, Periphery, and Util binaries
-## for a specific architecture. Requires OpenSSL 3 or later.
+## Builds the Komodo Core and Periphery binaries
+## for a specific architecture.
 
-FROM rust:1.93.1-bookworm AS builder
-RUN cargo install cargo-strip
+FROM rust:1.84.1-bullseye AS builder
 
 WORKDIR /builder
 COPY Cargo.toml Cargo.lock ./
@@ -11,22 +10,18 @@ COPY ./client/core/rs ./client/core/rs
 COPY ./client/periphery ./client/periphery
 COPY ./bin/core ./bin/core
 COPY ./bin/periphery ./bin/periphery
-COPY ./bin/cli ./bin/cli
 
 # Compile bin
 RUN \
   cargo build -p komodo_core --release && \
-  cargo build -p komodo_periphery --release && \
-  cargo build -p komodo_cli --release && \
-  cargo strip
+  cargo build -p komodo_periphery --release
 
 # Copy just the binaries to scratch image
 FROM scratch
 
 COPY --from=builder /builder/target/release/core /core
 COPY --from=builder /builder/target/release/periphery /periphery
-COPY --from=builder /builder/target/release/km /km
 
-LABEL org.opencontainers.image.source="https://github.com/moghtech/komodo"
-LABEL org.opencontainers.image.description="Komodo Binaries"
-LABEL org.opencontainers.image.licenses="GPL-3.0"
+LABEL org.opencontainers.image.source=https://github.com/moghtech/komodo
+LABEL org.opencontainers.image.description="Komodo Periphery"
+LABEL org.opencontainers.image.licenses=GPL-3.0

bin/chef.binaries.Dockerfile

@@ -1,36 +0,0 @@
-## Builds the Komodo Core, Periphery, and Util binaries
-## for a specific architecture. Requires OpenSSL 3 or later.
-
-## Uses chef for dependency caching to help speed up back-to-back builds.
-
-FROM lukemathwalker/cargo-chef:latest-rust-1.93.1-bookworm AS chef
-WORKDIR /builder
-
-# Plan just the RECIPE to see if things have changed
-FROM chef AS planner
-COPY . .
-RUN cargo chef prepare --recipe-path recipe.json
-
-FROM chef AS builder
-RUN cargo install cargo-strip
-COPY --from=planner /builder/recipe.json recipe.json
-# Build JUST dependencies - cached layer
-RUN cargo chef cook --release --recipe-path recipe.json
-# NOW copy again (this time into builder) and build app
-COPY . .
-RUN \
-  cargo build --release --bin core && \
-  cargo build --release --bin periphery && \
-  cargo build --release --bin km && \
-  cargo strip
-
-# Copy just the binaries to scratch image
-FROM scratch
-
-COPY --from=builder /builder/target/release/core /core
-COPY --from=builder /builder/target/release/periphery /periphery
-COPY --from=builder /builder/target/release/km /km
-
-LABEL org.opencontainers.image.source="https://github.com/moghtech/komodo"
-LABEL org.opencontainers.image.description="Komodo Binaries"
-LABEL org.opencontainers.image.licenses="GPL-3.0"

bin/cli/Cargo.toml

@@ -1,39 +1,30 @@
 [package]
 name = "komodo_cli"
-description = "Command line tool for Komodo"
+description = "Command line tool to execute Komodo actions"
 version.workspace = true
 edition.workspace = true
 authors.workspace = true
 license.workspace = true
-repository.workspace = true
 homepage.workspace = true
+repository.workspace = true
 
 [[bin]]
-name = "km"
+name = "komodo"
 path = "src/main.rs"
 
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
 [dependencies]
 # local
-komodo_client = { workspace = true, features = ["cli"] }
-mogh_secret_file.workspace = true
-mogh_pki.workspace = true
-database.workspace = true
-mogh_config.workspace = true
-mogh_logger.workspace = true
+# komodo_client = "1.16.12"
+komodo_client.workspace = true
 # external
-futures-util.workspace = true
-comfy-table.workspace = true
-tokio-util.workspace = true
-serde_json.workspace = true
-crossterm.workspace = true
-serde_qs.workspace = true
-wildcard.workspace = true
+tracing-subscriber.workspace = true
+merge_config_files.workspace = true
+futures.workspace = true
 tracing.workspace = true
 colored.workspace = true
-dotenvy.workspace = true
 anyhow.workspace = true
-chrono.workspace = true
 tokio.workspace = true
 serde.workspace = true
 clap.workspace = true
-envy.workspace = true

bin/cli/aio.Dockerfile

@@ -1,25 +0,0 @@
-FROM rust:1.93.1-bullseye AS builder
-RUN cargo install cargo-strip
-
-WORKDIR /builder
-COPY Cargo.toml Cargo.lock ./
-COPY ./lib ./lib
-COPY ./client/core/rs ./client/core/rs
-COPY ./client/periphery ./client/periphery
-COPY ./bin/cli ./bin/cli
-
-# Compile bin
-RUN cargo build -p komodo_cli --release && cargo strip
-
-# Copy binaries to distroless base
-FROM gcr.io/distroless/cc
-
-COPY --from=builder /builder/target/release/km /usr/local/bin/km
-
-ENV KOMODO_CLI_CONFIG_PATHS="/config"
-
-CMD [ "km" ]
-
-LABEL org.opencontainers.image.source="https://github.com/moghtech/komodo"
-LABEL org.opencontainers.image.description="Komodo CLI"
-LABEL org.opencontainers.image.licenses="GPL-3.0"

bin/cli/docs/copy-database.md

@@ -1,135 +0,0 @@
-# Copy Database Utility
-
-Copy the Komodo database contents between running, mongo-compatible databases.
-Can be used to move between MongoDB / FerretDB, or upgrade from FerretDB v1 to v2.
-
-```yaml
-services:
-
-  copy_database:
-    image: ghcr.io/moghtech/komodo-cli
-    command: km database copy -y
-    environment:
-      KOMODO_DATABASE_URI: mongodb://${KOMODO_DB_USERNAME}:${KOMODO_DB_PASSWORD}@source:27017
-      KOMODO_DATABASE_DB_NAME: ${KOMODO_DATABASE_DB_NAME:-komodo}
-      KOMODO_CLI_DATABASE_TARGET_URI: mongodb://${KOMODO_DB_USERNAME}:${KOMODO_DB_PASSWORD}@target:27017
-      KOMODO_CLI_DATABASE_TARGET_DB_NAME: ${KOMODO_DATABASE_DB_NAME:-komodo}
-
-```
-
-## FerretDB v2 Update Guide
-
-Up to Komodo 1.17.5, users who wanted to use Postgres / Sqlite were instructed to deploy FerretDB v1.
-Now that v2 is out however, v1 will go largely unsupported. Users are recommended to migrate to v2 for
-the best performance and ongoing support / updates, however the internal data structures
-have changed and this cannot be done in-place. 
-
-Also note that FerretDB v2 no longer supports Sqlite, and only supports 
-a [customized Postgres distribution](https://docs.ferretdb.io/installation/documentdb/docker/).
-Nonetheless, it remains a solid option for hosts which [do not support mongo](https://github.com/moghtech/komodo/issues/59).
-
-Also note, the same basic process outlined below can also be used to move between MongoDB and FerretDB, just replace FerretDB v2
-with the database you wish to move to.
-
-### **Step 1**: *Add* the new database to the top of your existing Komodo compose file.
-
-**Don't forget to also add the new volumes.**
-
-```yaml
-## In Komodo compose.yaml
-services:
-  postgres2:
-    # Recommended: Pin to a specific version
-    # https://github.com/FerretDB/documentdb/pkgs/container/postgres-documentdb
-    image: ghcr.io/ferretdb/postgres-documentdb
-    labels:
-      komodo.skip: # Prevent Komodo from stopping with StopAllContainers
-    restart: unless-stopped
-    # ports:
-    #   - 5432:5432
-    volumes:
-      - postgres-data:/var/lib/postgresql/data
-    environment:
-      POSTGRES_USER: ${KOMODO_DB_USERNAME}
-      POSTGRES_PASSWORD: ${KOMODO_DB_PASSWORD}
-      POSTGRES_DB: postgres # Do not change
-
-  ferretdb2:
-    # Recommended: Pin to a specific version
-    # https://github.com/FerretDB/FerretDB/pkgs/container/ferretdb
-    image: ghcr.io/ferretdb/ferretdb
-    labels:
-      komodo.skip: # Prevent Komodo from stopping with StopAllContainers
-    restart: unless-stopped
-    depends_on:
-      - postgres2
-    # ports:
-    #   - 27017:27017
-    volumes:
-      - ferretdb-state:/state
-    environment:
-      FERRETDB_POSTGRESQL_URL: postgres://${KOMODO_DB_USERNAME}:${KOMODO_DB_PASSWORD}@postgres2:5432/postgres
-
-  ...(unchanged)
-
-volumes:
-  ...(unchanged)
-  postgres-data:
-  ferretdb-state:
-```
-
-### **Step 2**: *Add* the database copy utility to Komodo compose file.
-
-The SOURCE_URI points to the existing database, ie the old FerretDB v1, and it depends
-on whether it was deployed using Postgres or Sqlite. The example below uses the Postgres one,
-but if you use Sqlite it should just be something like `mongodb://ferretdb:27017`.
-
-```yaml
-## In Komodo compose.yaml
-services:
-  ...(new database)
-
-  copy_database:
-    image: ghcr.io/moghtech/komodo-cli
-    command: km database copy -y
-    environment:
-      KOMODO_DATABASE_URI: mongodb://${KOMODO_DB_USERNAME}:${KOMODO_DB_PASSWORD}@ferretdb:27017/${KOMODO_DATABASE_DB_NAME:-komodo}?authMechanism=PLAIN
-      KOMODO_DATABASE_DB_NAME: ${KOMODO_DATABASE_DB_NAME:-komodo}
-      KOMODO_CLI_DATABASE_TARGET_URI: mongodb://${KOMODO_DB_USERNAME}:${KOMODO_DB_PASSWORD}@ferretdb2:27017
-      KOMODO_CLI_DATABASE_TARGET_DB_NAME: ${KOMODO_DATABASE_DB_NAME:-komodo}
-
-  ...(unchanged)
-```
-
-### **Step 3**: *Compose Up* the new additions
-
-Run `docker compose -p komodo --env-file compose.env -f xxxxx.compose.yaml up -d`, filling in the name of your compose.yaml.
-This will start up both the old and new database, and copy the data to the new one.
-
-Wait a few moments for the `copy_database` service to finish. When it exits,
-confirm the logs show the data was moved successfully, and move on to the next step.
-
-### **Step 4**: Point Komodo Core to the new database
-
-In your Komodo compose.yaml, first *comment out* the `copy_database` service and old ferretdb v1 service/s.
-Then update the `core` service environment to point to `ferretdb2`.
-
-```yaml
-services:
-  ...
-
-  core:
-    ...(unchanged)
-    environment:
-      KOMODO_DATABASE_ADDRESS: ferretdb2:27017
-      KOMODO_DATABASE_USERNAME: ${KOMODO_DB_USERNAME}
-      KOMODO_DATABASE_PASSWORD: ${KOMODO_DB_PASSWORD}
-```
-
-### **Step 5**: Final *Compose Up*
-
-Repeat the same `docker compose` command as before to apply the changes, and then try navigating to your Komodo web page.
-If it works, congrats, **you are done**. You can clean up the compose file if you would like, removing the old volumes etc.
-
-If it does not work, check the logs for any obvious issues, and if necessary you can undo the previous steps
-to go back to using the previous database.

bin/cli/multi-arch.Dockerfile

@@ -1,29 +0,0 @@
-## Assumes the latest binaries for x86_64 and aarch64 are already built (by binaries.Dockerfile).
-## Since theres no heavy build here, QEMU multi-arch builds are fine for this image.
-
-ARG BINARIES_IMAGE=ghcr.io/moghtech/komodo-binaries:latest
-ARG X86_64_BINARIES=${BINARIES_IMAGE}-x86_64
-ARG AARCH64_BINARIES=${BINARIES_IMAGE}-aarch64
-
-# This is required to work with COPY --from
-FROM ${X86_64_BINARIES} AS x86_64
-FROM ${AARCH64_BINARIES} AS aarch64
-
-FROM debian:bullseye-slim
-
-WORKDIR /app
-
-## Copy both binaries initially, but only keep appropriate one for the TARGETPLATFORM.
-COPY --from=x86_64 /km /app/arch/linux/amd64
-COPY --from=aarch64 /km /app/arch/linux/arm64
-
-ARG TARGETPLATFORM
-RUN mv /app/arch/${TARGETPLATFORM} /usr/local/bin/km && rm -r /app/arch
-
-ENV KOMODO_CLI_CONFIG_PATHS="/config"
-
-CMD [ "km" ]
-
-LABEL org.opencontainers.image.source="https://github.com/moghtech/komodo"
-LABEL org.opencontainers.image.description="Komodo CLI"
-LABEL org.opencontainers.image.licenses="GPL-3.0"

bin/cli/runfile.toml

@@ -1,4 +0,0 @@
-[install-cli]
-alias = "ic"
-description = "installs the komodo-cli, available on the command line as 'km'"
-cmd = "cargo install --path ."

bin/cli/single-arch.Dockerfile

@@ -1,18 +0,0 @@
-## Assumes the latest binaries for the required arch are already built (by binaries.Dockerfile).
-
-ARG BINARIES_IMAGE=ghcr.io/moghtech/komodo-binaries:latest
-
-# This is required to work with COPY --from
-FROM ${BINARIES_IMAGE} AS binaries
-
-FROM gcr.io/distroless/cc
-
-COPY --from=binaries /km /usr/local/bin/km
-
-ENV KOMODO_CLI_CONFIG_PATHS="/config"
-
-CMD [ "km" ]
-
-LABEL org.opencontainers.image.source="https://github.com/moghtech/komodo"
-LABEL org.opencontainers.image.description="Komodo CLI"
-LABEL org.opencontainers.image.licenses="GPL-3.0"

bin/cli/src/args.rs

@@ -0,0 +1,55 @@
+use clap::{Parser, Subcommand};
+use komodo_client::api::execute::Execution;
+use serde::Deserialize;
+
+#[derive(Parser, Debug)]
+#[command(version, about, long_about = None)]
+pub struct CliArgs {
+  /// Sync or Exec
+  #[command(subcommand)]
+  pub command: Command,
+
+  /// The path to a creds file.
+  ///
+  /// Note: If each of `url`, `key` and `secret` are passed,
+  /// no file is required at this path.
+  #[arg(long, default_value_t = default_creds())]
+  pub creds: String,
+
+  /// Pass url in args instead of creds file
+  #[arg(long)]
+  pub url: Option<String>,
+  /// Pass api key in args instead of creds file
+  #[arg(long)]
+  pub key: Option<String>,
+  /// Pass api secret in args instead of creds file
+  #[arg(long)]
+  pub secret: Option<String>,
+
+  /// Always continue on user confirmation prompts.
+  #[arg(long, short, default_value_t = false)]
+  pub yes: bool,
+}
+
+fn default_creds() -> String {
+  let home =
+    std::env::var("HOME").unwrap_or_else(|_| String::from("/root"));
+  format!("{home}/.config/komodo/creds.toml")
+}
+
+#[derive(Debug, Clone, Subcommand)]
+pub enum Command {
+  /// Runs an execution
+  Execute {
+    #[command(subcommand)]
+    execution: Execution,
+  },
+  // Room for more
+}
+
+#[derive(Debug, Deserialize)]
+pub struct CredsFile {
+  pub url: String,
+  pub key: String,
+  pub secret: String,
+}

bin/cli/src/command/container.rs

@@ -1,314 +0,0 @@
-use std::collections::{HashMap, HashSet};
-
-use anyhow::Context;
-use colored::Colorize;
-use comfy_table::{Attribute, Cell, Color};
-use futures_util::{
-  FutureExt, TryStreamExt, stream::FuturesUnordered,
-};
-use komodo_client::{
-  api::read::{
-    InspectDockerContainer, ListAllDockerContainers, ListServers,
-  },
-  entities::{
-    config::cli::args::container::{
-      Container, ContainerCommand, InspectContainer,
-    },
-    docker::{
-      self,
-      container::{ContainerListItem, ContainerStateStatusEnum},
-    },
-  },
-};
-
-use crate::{
-  command::{
-    PrintTable, clamp_sha, matches_wildcards, parse_wildcards,
-    print_items,
-  },
-  config::cli_config,
-};
-
-pub async fn handle(container: &Container) -> anyhow::Result<()> {
-  match &container.command {
-    None => list_containers(container).await,
-    Some(ContainerCommand::Inspect(inspect)) => {
-      inspect_container(inspect).await
-    }
-  }
-}
-
-async fn list_containers(
-  Container {
-    all,
-    down,
-    links,
-    reverse,
-    containers: names,
-    images,
-    networks,
-    servers,
-    format,
-    command: _,
-  }: &Container,
-) -> anyhow::Result<()> {
-  let client = super::komodo_client().await?;
-  let (server_map, containers) = tokio::try_join!(
-    client
-      .read(ListServers::default())
-      .map(|res| res.map(|res| res
-        .into_iter()
-        .map(|s| (s.id.clone(), s))
-        .collect::<HashMap<_, _>>())),
-    client.read(ListAllDockerContainers {
-      servers: Default::default(),
-      containers: Default::default(),
-    }),
-  )?;
-
-  // (Option<Server Name>, Container)
-  let containers = containers.into_iter().map(|c| {
-    let server = if let Some(server_id) = c.server_id.as_ref()
-      && let Some(server) = server_map.get(server_id)
-    {
-      server
-    } else {
-      return (None, c);
-    };
-    (Some(server.name.as_str()), c)
-  });
-
-  let names = parse_wildcards(names);
-  let servers = parse_wildcards(servers);
-  let images = parse_wildcards(images);
-  let networks = parse_wildcards(networks);
-
-  let mut containers = containers
-    .into_iter()
-    .filter(|(server_name, c)| {
-      let state_check = if *all {
-        true
-      } else if *down {
-        !matches!(c.state, ContainerStateStatusEnum::Running)
-      } else {
-        matches!(c.state, ContainerStateStatusEnum::Running)
-      };
-      let network_check = matches_wildcards(
-        &networks,
-        &c.network_mode
-          .as_deref()
-          .map(|n| vec![n])
-          .unwrap_or_default(),
-      ) || matches_wildcards(
-        &networks,
-        &c.networks.iter().map(String::as_str).collect::<Vec<_>>(),
-      );
-      state_check
-        && network_check
-        && matches_wildcards(&names, &[c.name.as_str()])
-        && matches_wildcards(
-          &servers,
-          &server_name
-            .as_deref()
-            .map(|i| vec![i])
-            .unwrap_or_default(),
-        )
-        && matches_wildcards(
-          &images,
-          &c.image.as_deref().map(|i| vec![i]).unwrap_or_default(),
-        )
-    })
-    .collect::<Vec<_>>();
-  containers.sort_by(|(a_s, a), (b_s, b)| {
-    a.state
-      .cmp(&b.state)
-      .then(a.name.cmp(&b.name))
-      .then(a_s.cmp(b_s))
-      .then(a.network_mode.cmp(&b.network_mode))
-      .then(a.image.cmp(&b.image))
-  });
-  if *reverse {
-    containers.reverse();
-  }
-  print_items(containers, *format, *links)?;
-  Ok(())
-}
-
-pub async fn inspect_container(
-  inspect: &InspectContainer,
-) -> anyhow::Result<()> {
-  let client = super::komodo_client().await?;
-  let (server_map, mut containers) = tokio::try_join!(
-    client
-      .read(ListServers::default())
-      .map(|res| res.map(|res| res
-        .into_iter()
-        .map(|s| (s.id.clone(), s))
-        .collect::<HashMap<_, _>>())),
-    client.read(ListAllDockerContainers {
-      servers: Default::default(),
-      containers: Default::default()
-    }),
-  )?;
-
-  containers.iter_mut().for_each(|c| {
-    let Some(server_id) = c.server_id.as_ref() else {
-      return;
-    };
-    let Some(server) = server_map.get(server_id) else {
-      c.server_id = Some(String::from("Unknown"));
-      return;
-    };
-    c.server_id = Some(server.name.clone());
-  });
-
-  let names = [inspect.container.to_string()];
-  let names = parse_wildcards(&names);
-  let servers = parse_wildcards(&inspect.servers);
-
-  let mut containers = containers
-    .into_iter()
-    .filter(|c| {
-      matches_wildcards(&names, &[c.name.as_str()])
-        && matches_wildcards(
-          &servers,
-          &c.server_id
-            .as_deref()
-            .map(|i| vec![i])
-            .unwrap_or_default(),
-        )
-    })
-    .map(|c| async move {
-      client
-        .read(InspectDockerContainer {
-          container: c.name,
-          server: c.server_id.context("No server...")?,
-        })
-        .await
-    })
-    .collect::<FuturesUnordered<_>>()
-    .try_collect::<Vec<_>>()
-    .await?;
-
-  containers.sort_by(|a, b| a.name.cmp(&b.name));
-
-  match containers.len() {
-    0 => {
-      println!(
-        "{}: Did not find any containers matching '{}'",
-        "INFO".green(),
-        inspect.container.bold()
-      );
-    }
-    1 => {
-      println!("{}", serialize_container(inspect, &containers[0])?);
-    }
-    _ => {
-      let containers = containers
-        .iter()
-        .map(|c| serialize_container(inspect, c))
-        .collect::<anyhow::Result<Vec<_>>>()?
-        .join("\n");
-      println!("{containers}");
-    }
-  }
-
-  Ok(())
-}
-
-fn serialize_container(
-  inspect: &InspectContainer,
-  container: &docker::container::Container,
-) -> anyhow::Result<String> {
-  let res = if inspect.state {
-    serde_json::to_string_pretty(&container.state)
-  } else if inspect.mounts {
-    serde_json::to_string_pretty(&container.mounts)
-  } else if inspect.host_config {
-    serde_json::to_string_pretty(&container.host_config)
-  } else if inspect.config {
-    serde_json::to_string_pretty(&container.config)
-  } else if inspect.network_settings {
-    serde_json::to_string_pretty(&container.network_settings)
-  } else {
-    serde_json::to_string_pretty(container)
-  }
-  .context("Failed to serialize items to JSON")?;
-  Ok(res)
-}
-
-// (Option<Server Name>, Container)
-impl PrintTable for (Option<&'_ str>, ContainerListItem) {
-  fn header(links: bool) -> &'static [&'static str] {
-    if links {
-      &[
-        "Container",
-        "State",
-        "Server",
-        "Ports",
-        "Networks",
-        "Image",
-        "Link",
-      ]
-    } else {
-      &["Container", "State", "Server", "Ports", "Networks", "Image"]
-    }
-  }
-  fn row(self, links: bool) -> Vec<Cell> {
-    let color = match self.1.state {
-      ContainerStateStatusEnum::Running => Color::Green,
-      ContainerStateStatusEnum::Paused => Color::DarkYellow,
-      ContainerStateStatusEnum::Empty => Color::Grey,
-      _ => Color::Red,
-    };
-    let mut networks = HashSet::new();
-    if let Some(network) = self.1.network_mode {
-      networks.insert(network);
-    }
-    for network in self.1.networks {
-      networks.insert(network);
-    }
-    let mut networks = networks.into_iter().collect::<Vec<_>>();
-    networks.sort();
-    let mut ports = self
-      .1
-      .ports
-      .into_iter()
-      .flat_map(|p| p.public_port.map(|p| p.to_string()))
-      .collect::<HashSet<_>>()
-      .into_iter()
-      .collect::<Vec<_>>();
-    ports.sort();
-    let ports = if ports.is_empty() {
-      Cell::new("")
-    } else {
-      Cell::new(format!(":{}", ports.join(", :")))
-    };
-
-    let image = self.1.image.as_deref().unwrap_or("Unknown");
-    let mut res = vec![
-      Cell::new(self.1.name.clone()).add_attribute(Attribute::Bold),
-      Cell::new(self.1.state.to_string())
-        .fg(color)
-        .add_attribute(Attribute::Bold),
-      Cell::new(self.0.unwrap_or("Unknown")),
-      ports,
-      Cell::new(networks.join(", ")),
-      Cell::new(clamp_sha(image)),
-    ];
-    if !links {
-      return res;
-    }
-    let link = if let Some(server_id) = self.1.server_id {
-      format!(
-        "{}/servers/{server_id}/container/{}",
-        cli_config().host,
-        self.1.name
-      )
-    } else {
-      String::new()
-    };
-    res.push(Cell::new(link));
-    res
-  }
-}

bin/cli/src/command/database.rs

@@ -1,371 +0,0 @@
-use std::path::Path;
-
-use anyhow::Context;
-use colored::Colorize;
-use database::mungos::mongodb::bson::{Document, doc};
-use komodo_client::entities::{
-  config::cli::args::database::DatabaseCommand, optional_string,
-};
-
-use crate::{command::sanitize_uri, config::cli_config};
-
-pub async fn handle(command: &DatabaseCommand) -> anyhow::Result<()> {
-  match command {
-    DatabaseCommand::Backup { yes, .. } => backup(*yes).await,
-    DatabaseCommand::Restore {
-      restore_folder,
-      index,
-      yes,
-      ..
-    } => restore(restore_folder.as_deref(), *index, *yes).await,
-    DatabaseCommand::Prune { yes, .. } => prune(*yes).await,
-    DatabaseCommand::Copy { yes, index, .. } => {
-      copy(*index, *yes).await
-    }
-    DatabaseCommand::V1Downgrade { yes } => v1_downgrade(*yes).await,
-  }
-}
-
-async fn backup(yes: bool) -> anyhow::Result<()> {
-  let config = cli_config();
-
-  println!(
-    "\n🦎  {} Database {} Utility  🦎",
-    "Komodo".bold(),
-    "Backup".green().bold()
-  );
-  println!(
-    "\n{}\n",
-    " - Backup all database contents to gzip compressed files."
-      .dimmed()
-  );
-  if let Some(uri) = optional_string(&config.database.uri) {
-    println!("{}: {}", " - Source URI".dimmed(), sanitize_uri(&uri));
-  }
-  if let Some(address) = optional_string(&config.database.address) {
-    println!("{}: {address}", " - Source Address".dimmed());
-  }
-  if let Some(username) = optional_string(&config.database.username) {
-    println!("{}: {username}", " - Source Username".dimmed());
-  }
-  println!(
-    "{}: {}\n",
-    " - Source Db Name".dimmed(),
-    config.database.db_name,
-  );
-  println!(
-    "{}: {:?}",
-    " - Backups Folder".dimmed(),
-    config.backups_folder
-  );
-  if config.max_backups == 0 {
-    println!(
-      "{}{}",
-      " - Backup pruning".dimmed(),
-      "disabled".red().dimmed()
-    );
-  } else {
-    println!("{}: {}", " - Max Backups".dimmed(), config.max_backups);
-  }
-
-  crate::command::wait_for_enter("start backup", yes)?;
-
-  let db = database::init(&config.database).await?;
-
-  database::utils::backup(&db, &config.backups_folder).await?;
-
-  // Early return if backup pruning disabled
-  if config.max_backups == 0 {
-    return Ok(());
-  }
-
-  // Know that new backup was taken successfully at this point,
-  // safe to prune old backup folders
-
-  prune_inner().await
-}
-
-async fn restore(
-  restore_folder: Option<&Path>,
-  index: bool,
-  yes: bool,
-) -> anyhow::Result<()> {
-  let config = cli_config();
-
-  println!(
-    "\n🦎  {} Database {} Utility  🦎",
-    "Komodo".bold(),
-    "Restore".purple().bold()
-  );
-  println!(
-    "\n{}\n",
-    " - Restores database contents from gzip compressed files."
-      .dimmed()
-  );
-  if let Some(uri) = optional_string(&config.database_target.uri) {
-    println!("{}: {}", " - Target URI".dimmed(), sanitize_uri(&uri));
-  }
-  if let Some(address) =
-    optional_string(&config.database_target.address)
-  {
-    println!("{}: {address}", " - Target Address".dimmed());
-  }
-  if let Some(username) =
-    optional_string(&config.database_target.username)
-  {
-    println!("{}: {username}", " - Target Username".dimmed());
-  }
-  println!(
-    "{}: {}",
-    " - Target Db Name".dimmed(),
-    config.database_target.db_name,
-  );
-  if !index {
-    println!(
-      "{}: {}",
-      " - Target Db Indexing".dimmed(),
-      "DISABLED".red(),
-    );
-  }
-  println!(
-    "\n{}: {:?}",
-    " - Backups Folder".dimmed(),
-    config.backups_folder
-  );
-  if let Some(restore_folder) = restore_folder {
-    println!("{}: {restore_folder:?}", " - Restore Folder".dimmed());
-  }
-
-  crate::command::wait_for_enter("start restore", yes)?;
-
-  let db = if index {
-    database::Client::new(&config.database_target).await?.db
-  } else {
-    database::init(&config.database_target).await?
-  };
-
-  database::utils::restore(
-    &db,
-    &config.backups_folder,
-    restore_folder,
-  )
-  .await
-}
-
-async fn prune(yes: bool) -> anyhow::Result<()> {
-  let config = cli_config();
-
-  println!(
-    "\n🦎  {} Database {} Utility  🦎",
-    "Komodo".bold(),
-    "Backup Prune".cyan().bold()
-  );
-  println!(
-    "\n{}\n",
-    " - Prunes database backup folders when greater than the configured amount."
-      .dimmed()
-  );
-  println!(
-    "{}: {:?}",
-    " - Backups Folder".dimmed(),
-    config.backups_folder
-  );
-  if config.max_backups == 0 {
-    println!(
-      "{}{}",
-      " - Backup pruning".dimmed(),
-      "disabled".red().dimmed()
-    );
-  } else {
-    println!("{}: {}", " - Max Backups".dimmed(), config.max_backups);
-  }
-
-  // Early return if backup pruning disabled
-  if config.max_backups == 0 {
-    info!(
-      "Backup pruning is disabled, enabled using 'max_backups' (KOMODO_CLI_MAX_BACKUPS)"
-    );
-    return Ok(());
-  }
-
-  crate::command::wait_for_enter("start backup prune", yes)?;
-
-  prune_inner().await
-}
-
-async fn prune_inner() -> anyhow::Result<()> {
-  let config = cli_config();
-
-  let mut backups_dir =
-    match tokio::fs::read_dir(&config.backups_folder)
-      .await
-      .context("Failed to read backups folder for prune")
-    {
-      Ok(backups_dir) => backups_dir,
-      Err(e) => {
-        warn!("{e:#}");
-        return Ok(());
-      }
-    };
-
-  let mut backup_folders = Vec::new();
-  loop {
-    match backups_dir.next_entry().await {
-      Ok(Some(entry)) => {
-        let Ok(metadata) = entry.metadata().await else {
-          continue;
-        };
-        if metadata.is_dir() {
-          backup_folders.push(entry.path());
-        }
-      }
-      Ok(None) => break,
-      Err(_) => {
-        continue;
-      }
-    }
-  }
-  // Ordered from oldest -> newest
-  backup_folders.sort();
-
-  let max_backups = config.max_backups as usize;
-  let backup_folders_len = backup_folders.len();
-
-  // Early return if under the backup count threshold
-  if backup_folders_len <= max_backups {
-    info!("No backups to prune");
-    return Ok(());
-  }
-
-  let to_delete =
-    &backup_folders[..(backup_folders_len - max_backups)];
-
-  info!("Pruning old backups: {to_delete:?}");
-
-  for path in to_delete {
-    if let Err(e) =
-      tokio::fs::remove_dir_all(path).await.with_context(|| {
-        format!("Failed to delete backup folder at {path:?}")
-      })
-    {
-      warn!("{e:#}");
-    }
-  }
-
-  Ok(())
-}
-
-async fn copy(index: bool, yes: bool) -> anyhow::Result<()> {
-  let config = cli_config();
-
-  println!(
-    "\n🦎  {} Database {} Utility  🦎",
-    "Komodo".bold(),
-    "Copy".blue().bold()
-  );
-  println!(
-    "\n{}\n",
-    " - Copies database contents to another database.".dimmed()
-  );
-
-  if let Some(uri) = optional_string(&config.database.uri) {
-    println!("{}: {}", " - Source URI".dimmed(), sanitize_uri(&uri));
-  }
-  if let Some(address) = optional_string(&config.database.address) {
-    println!("{}: {address}", " - Source Address".dimmed());
-  }
-  if let Some(username) = optional_string(&config.database.username) {
-    println!("{}: {username}", " - Source Username".dimmed());
-  }
-  println!(
-    "{}: {}\n",
-    " - Source Db Name".dimmed(),
-    config.database.db_name,
-  );
-
-  if let Some(uri) = optional_string(&config.database_target.uri) {
-    println!("{}: {}", " - Target URI".dimmed(), sanitize_uri(&uri));
-  }
-  if let Some(address) =
-    optional_string(&config.database_target.address)
-  {
-    println!("{}: {address}", " - Target Address".dimmed());
-  }
-  if let Some(username) =
-    optional_string(&config.database_target.username)
-  {
-    println!("{}: {username}", " - Target Username".dimmed());
-  }
-  println!(
-    "{}: {}",
-    " - Target Db Name".dimmed(),
-    config.database_target.db_name,
-  );
-  if !index {
-    println!(
-      "{}: {}",
-      " - Target Db Indexing".dimmed(),
-      "DISABLED".red(),
-    );
-  }
-
-  crate::command::wait_for_enter("start copy", yes)?;
-
-  let source_db = database::init(&config.database).await?;
-  let target_db = if index {
-    database::Client::new(&config.database_target).await?.db
-  } else {
-    database::init(&config.database_target).await?
-  };
-
-  database::utils::copy(&source_db, &target_db).await
-}
-
-async fn v1_downgrade(yes: bool) -> anyhow::Result<()> {
-  let config = cli_config();
-
-  println!(
-    "\n🦎  {} Database {}  🦎",
-    "Komodo".bold(),
-    "V1 Downgrade".purple().bold()
-  );
-  println!(
-    "\n{}\n",
-    " - Downgrade the database to V1 compatible data structures."
-      .dimmed()
-  );
-  if let Some(uri) = optional_string(&config.database.uri) {
-    println!("{}: {}", " - URI".dimmed(), sanitize_uri(&uri));
-  }
-  if let Some(address) = optional_string(&config.database.address) {
-    println!("{}: {address}", " - Address".dimmed());
-  }
-  if let Some(username) = optional_string(&config.database.username) {
-    println!("{}: {username}", " - Username".dimmed());
-  }
-  println!(
-    "{}: {}\n",
-    " - Db Name".dimmed(),
-    config.database.db_name,
-  );
-
-  crate::command::wait_for_enter("run downgrade", yes)?;
-
-  let db = database::init(&config.database).await?;
-
-  db.collection::<Document>("Server")
-    .update_many(doc! {}, doc! { "$set": { "info": null } })
-    .await
-    .context("Failed to downgrade Server schema")?;
-
-  db.collection::<Document>("Deployment")
-    .update_many(doc! {}, doc! { "$set": { "info": null } })
-    .await
-    .context("Failed to downgrade Deployment schema")?;
-
-  info!(
-    "V1 Downgrade complete. Ready to downgrade to komodo-core:1 ✅"
-  );
-
-  Ok(())
-}

bin/cli/src/command/execute.rs

@@ -1,649 +0,0 @@
-use std::time::Duration;
-
-use colored::Colorize;
-use futures_util::{StreamExt, stream::FuturesUnordered};
-use komodo_client::{
-  api::execute::{
-    BatchExecutionResponse, BatchExecutionResponseItem, Execution,
-  },
-  entities::{resource_link, update::Update},
-};
-
-use crate::config::cli_config;
-
-enum ExecutionResult {
-  Single(Box<Update>),
-  Batch(BatchExecutionResponse),
-}
-
-pub async fn handle(
-  execution: &Execution,
-  yes: bool,
-) -> anyhow::Result<()> {
-  if matches!(execution, Execution::None(_)) {
-    println!("Got 'none' execution. Doing nothing...");
-    tokio::time::sleep(Duration::from_secs(3)).await;
-    println!("Finished doing nothing. Exiting...");
-    std::process::exit(0);
-  }
-
-  println!("\n{}: Execution", "Mode".dimmed());
-  match execution {
-    Execution::None(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::RunAction(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::BatchRunAction(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::RunProcedure(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::BatchRunProcedure(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::RunBuild(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::BatchRunBuild(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::CancelBuild(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::Deploy(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::BatchDeploy(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::PullDeployment(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::StartDeployment(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::RestartDeployment(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::PauseDeployment(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::UnpauseDeployment(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::StopDeployment(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::DestroyDeployment(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::BatchDestroyDeployment(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::CloneRepo(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::BatchCloneRepo(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::PullRepo(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::BatchPullRepo(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::BuildRepo(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::BatchBuildRepo(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::CancelRepoBuild(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::StartContainer(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::RestartContainer(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::PauseContainer(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::UnpauseContainer(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::StopContainer(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::DestroyContainer(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::StartAllContainers(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::RestartAllContainers(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::PauseAllContainers(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::UnpauseAllContainers(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::StopAllContainers(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::PruneContainers(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::DeleteNetwork(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::PruneNetworks(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::DeleteImage(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::PruneImages(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::DeleteVolume(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::PruneVolumes(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::PruneDockerBuilders(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::PruneBuildx(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::PruneSystem(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::RunSync(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::CommitSync(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::DeployStack(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::BatchDeployStack(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::DeployStackIfChanged(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::BatchDeployStackIfChanged(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::PullStack(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::BatchPullStack(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::StartStack(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::RestartStack(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::PauseStack(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::UnpauseStack(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::StopStack(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::DestroyStack(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::BatchDestroyStack(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::RunStackService(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::TestAlerter(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::SendAlert(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::RemoveSwarmNodes(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::RemoveSwarmStacks(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::RemoveSwarmServices(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::CreateSwarmConfig(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::RotateSwarmConfig(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::RemoveSwarmConfigs(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::CreateSwarmSecret(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::RotateSwarmSecret(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::RemoveSwarmSecrets(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::ClearRepoCache(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::BackupCoreDatabase(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::GlobalAutoUpdate(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::RotateAllServerKeys(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::RotateCoreKeys(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-    Execution::Sleep(data) => {
-      println!("{}: {data:?}", "Data".dimmed())
-    }
-  }
-
-  super::wait_for_enter("run execution", yes)?;
-
-  info!("Running Execution...");
-
-  let client = super::komodo_client().await?;
-
-  let res = match execution.clone() {
-    Execution::RunAction(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::BatchRunAction(request) => {
-      client.execute(request).await.map(ExecutionResult::Batch)
-    }
-    Execution::RunProcedure(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::BatchRunProcedure(request) => {
-      client.execute(request).await.map(ExecutionResult::Batch)
-    }
-    Execution::RunBuild(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::BatchRunBuild(request) => {
-      client.execute(request).await.map(ExecutionResult::Batch)
-    }
-    Execution::CancelBuild(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::Deploy(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::BatchDeploy(request) => {
-      client.execute(request).await.map(ExecutionResult::Batch)
-    }
-    Execution::PullDeployment(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::StartDeployment(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::RestartDeployment(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::PauseDeployment(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::UnpauseDeployment(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::StopDeployment(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::DestroyDeployment(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::BatchDestroyDeployment(request) => {
-      client.execute(request).await.map(ExecutionResult::Batch)
-    }
-    Execution::CloneRepo(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::BatchCloneRepo(request) => {
-      client.execute(request).await.map(ExecutionResult::Batch)
-    }
-    Execution::PullRepo(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::BatchPullRepo(request) => {
-      client.execute(request).await.map(ExecutionResult::Batch)
-    }
-    Execution::BuildRepo(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::BatchBuildRepo(request) => {
-      client.execute(request).await.map(ExecutionResult::Batch)
-    }
-    Execution::CancelRepoBuild(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::StartContainer(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::RestartContainer(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::PauseContainer(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::UnpauseContainer(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::StopContainer(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::DestroyContainer(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::StartAllContainers(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::RestartAllContainers(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::PauseAllContainers(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::UnpauseAllContainers(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::StopAllContainers(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::PruneContainers(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::DeleteNetwork(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::PruneNetworks(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::DeleteImage(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::PruneImages(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::DeleteVolume(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::PruneVolumes(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::PruneDockerBuilders(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::PruneBuildx(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::PruneSystem(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::RunSync(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::CommitSync(request) => client
-      .write(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::DeployStack(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::BatchDeployStack(request) => {
-      client.execute(request).await.map(ExecutionResult::Batch)
-    }
-    Execution::DeployStackIfChanged(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::BatchDeployStackIfChanged(request) => {
-      client.execute(request).await.map(ExecutionResult::Batch)
-    }
-    Execution::PullStack(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::BatchPullStack(request) => {
-      client.execute(request).await.map(ExecutionResult::Batch)
-    }
-    Execution::StartStack(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::RestartStack(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::PauseStack(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::UnpauseStack(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::StopStack(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::DestroyStack(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::BatchDestroyStack(request) => {
-      client.execute(request).await.map(ExecutionResult::Batch)
-    }
-    Execution::RunStackService(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::TestAlerter(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::SendAlert(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::RemoveSwarmNodes(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::RemoveSwarmStacks(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::RemoveSwarmServices(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::CreateSwarmConfig(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::RotateSwarmConfig(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::RemoveSwarmConfigs(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::CreateSwarmSecret(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::RotateSwarmSecret(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::RemoveSwarmSecrets(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::ClearRepoCache(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::BackupCoreDatabase(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::GlobalAutoUpdate(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::RotateAllServerKeys(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::RotateCoreKeys(request) => client
-      .execute(request)
-      .await
-      .map(|u| ExecutionResult::Single(u.into())),
-    Execution::Sleep(request) => {
-      let duration =
-        Duration::from_millis(request.duration_ms as u64);
-      tokio::time::sleep(duration).await;
-      println!("Finished sleeping!");
-      std::process::exit(0)
-    }
-    Execution::None(_) => unreachable!(),
-  };
-
-  match res {
-    Ok(ExecutionResult::Single(update)) => {
-      poll_update_until_complete(&update).await
-    }
-    Ok(ExecutionResult::Batch(updates)) => {
-      let mut handles = updates
-        .iter()
-        .map(|update| async move {
-          match update {
-            BatchExecutionResponseItem::Ok(update) => {
-              poll_update_until_complete(update).await
-            }
-            BatchExecutionResponseItem::Err(e) => {
-              error!("{e:#?}");
-              Ok(())
-            }
-          }
-        })
-        .collect::<FuturesUnordered<_>>();
-      while let Some(res) = handles.next().await {
-        match res {
-          Ok(()) => {}
-          Err(e) => {
-            error!("{e:#?}");
-          }
-        }
-      }
-      Ok(())
-    }
-    Err(e) => {
-      error!("{e:#?}");
-      Ok(())
-    }
-  }
-}
-
-async fn poll_update_until_complete(
-  update: &Update,
-) -> anyhow::Result<()> {
-  let link = if update.id.is_empty() {
-    let (resource_type, id) = update.target.extract_variant_id();
-    resource_link(&cli_config().host, resource_type, id)
-  } else {
-    format!("{}/updates/{}", cli_config().host, update.id)
-  };
-  println!("Link: '{}'", link.bold());
-
-  let client = super::komodo_client().await?;
-
-  let timer = tokio::time::Instant::now();
-  let update = client.poll_update_until_complete(&update.id).await?;
-  if update.success {
-    println!(
-      "FINISHED in {}: {}",
-      format!("{:.1?}", timer.elapsed()).bold(),
-      "EXECUTION SUCCESSFUL".green(),
-    );
-  } else {
-    eprintln!(
-      "FINISHED in {}: {}",
-      format!("{:.1?}", timer.elapsed()).bold(),
-      "EXECUTION FAILED".red(),
-    );
-  }
-  Ok(())
-}

bin/cli/src/command/mod.rs

@@ -1,182 +0,0 @@
-use std::io::Read;
-
-use anyhow::{Context, anyhow};
-use chrono::TimeZone;
-use colored::Colorize;
-use comfy_table::{Attribute, Cell, Table};
-use komodo_client::{
-  KomodoClient,
-  entities::config::cli::{CliTableBorders, args::CliFormat},
-};
-use serde::Serialize;
-use tokio::sync::OnceCell;
-use wildcard::Wildcard;
-
-use crate::config::cli_config;
-
-pub mod container;
-pub mod database;
-pub mod execute;
-pub mod list;
-pub mod terminal;
-pub mod update;
-
-async fn komodo_client() -> anyhow::Result<&'static KomodoClient> {
-  static KOMODO_CLIENT: OnceCell<KomodoClient> =
-    OnceCell::const_new();
-  KOMODO_CLIENT
-    .get_or_try_init(|| async {
-      let config = cli_config();
-      let (Some(key), Some(secret)) =
-        (&config.cli_key, &config.cli_secret)
-      else {
-        return Err(anyhow!(
-          "Must provide both cli_key and cli_secret"
-        ));
-      };
-      KomodoClient::new(&config.host, key, secret)
-        .with_healthcheck()
-        .await
-    })
-    .await
-}
-
-fn wait_for_enter(
-  press_enter_to: &str,
-  skip: bool,
-) -> anyhow::Result<()> {
-  if skip {
-    println!();
-    return Ok(());
-  }
-  println!(
-    "\nPress {} to {}\n",
-    "ENTER".green(),
-    press_enter_to.bold()
-  );
-  let buffer = &mut [0u8];
-  std::io::stdin()
-    .read_exact(buffer)
-    .context("failed to read ENTER")?;
-  Ok(())
-}
-
-/// Sanitizes uris of the form:
-/// `protocol://username:password@address`
-fn sanitize_uri(uri: &str) -> String {
-  // protocol: `mongodb`
-  // credentials_address: `username:password@address`
-  let Some((protocol, credentials_address)) = uri.split_once("://")
-  else {
-    // If no protocol, return as-is
-    return uri.to_string();
-  };
-
-  // credentials: `username:password`
-  let Some((credentials, address)) =
-    credentials_address.split_once('@')
-  else {
-    // If no credentials, return as-is
-    return uri.to_string();
-  };
-
-  match credentials.split_once(':') {
-    Some((username, _)) => {
-      format!("{protocol}://{username}:*****@{address}")
-    }
-    None => {
-      format!("{protocol}://*****@{address}")
-    }
-  }
-}
-
-fn print_items<T: PrintTable + Serialize>(
-  items: Vec<T>,
-  format: CliFormat,
-  links: bool,
-) -> anyhow::Result<()> {
-  match format {
-    CliFormat::Table => {
-      let mut table = Table::new();
-      let preset = {
-        use comfy_table::presets::*;
-        match cli_config().table_borders {
-          None | Some(CliTableBorders::Horizontal) => {
-            UTF8_HORIZONTAL_ONLY
-          }
-          Some(CliTableBorders::Vertical) => UTF8_FULL_CONDENSED,
-          Some(CliTableBorders::Inside) => UTF8_NO_BORDERS,
-          Some(CliTableBorders::Outside) => UTF8_BORDERS_ONLY,
-          Some(CliTableBorders::All) => UTF8_FULL,
-        }
-      };
-      table.load_preset(preset).set_header(
-        T::header(links)
-          .iter()
-          .map(|h| Cell::new(h).add_attribute(Attribute::Bold)),
-      );
-      for item in items {
-        table.add_row(item.row(links));
-      }
-      println!("{table}");
-    }
-    CliFormat::Json => {
-      println!(
-        "{}",
-        serde_json::to_string_pretty(&items)
-          .context("Failed to serialize items to JSON")?
-      );
-    }
-  }
-  Ok(())
-}
-
-trait PrintTable {
-  fn header(links: bool) -> &'static [&'static str];
-  fn row(self, links: bool) -> Vec<Cell>;
-}
-
-fn parse_wildcards(items: &[String]) -> Vec<Wildcard<'_>> {
-  items
-    .iter()
-    .flat_map(|i| {
-      Wildcard::new(i.as_bytes()).inspect_err(|e| {
-        warn!("Failed to parse wildcard: {i} | {e:?}")
-      })
-    })
-    .collect::<Vec<_>>()
-}
-
-fn matches_wildcards(
-  wildcards: &[Wildcard<'_>],
-  items: &[&str],
-) -> bool {
-  if wildcards.is_empty() {
-    return true;
-  }
-  items.iter().any(|item| {
-    wildcards.iter().any(|wc| wc.is_match(item.as_bytes()))
-  })
-}
-
-fn format_timetamp(ts: i64) -> anyhow::Result<String> {
-  let ts = chrono::Local
-    .timestamp_millis_opt(ts)
-    .single()
-    .context("Invalid ts")?
-    .format("%m/%d %H:%M:%S")
-    .to_string();
-  Ok(ts)
-}
-
-fn clamp_sha(maybe_sha: &str) -> String {
-  if maybe_sha.starts_with("sha256:") {
-    maybe_sha[0..20].to_string() + "..."
-  } else {
-    maybe_sha.to_string()
-  }
-}
-
-// fn text_link(link: &str, text: &str) -> String {
-//   format!("\x1b]8;;{link}\x07{text}\x1b]8;;\x07")
-// }

bin/cli/src/command/terminal.rs

@@ -1,334 +0,0 @@
-use anyhow::{Context, anyhow};
-use colored::Colorize;
-use komodo_client::{
-  api::{
-    read::{ListAllDockerContainers, ListServers},
-    terminal::InitTerminal,
-  },
-  entities::{
-    config::cli::args::terminal::{Attach, Connect, Exec},
-    server::ServerQuery,
-    terminal::{
-      ContainerTerminalMode, TerminalRecreateMode,
-      TerminalResizeMessage, TerminalStdinMessage,
-    },
-  },
-  ws::terminal::TerminalWebsocket,
-};
-use tokio::io::{AsyncReadExt as _, AsyncWriteExt as _};
-use tokio_util::sync::CancellationToken;
-
-pub async fn handle_connect(
-  Connect {
-    server,
-    name,
-    command,
-    recreate,
-  }: &Connect,
-) -> anyhow::Result<()> {
-  handle_terminal_forwarding(async {
-    super::komodo_client()
-      .await?
-      .connect_server_terminal(
-        server.to_string(),
-        Some(name.to_string()),
-        Some(InitTerminal {
-          command: command.clone(),
-          recreate: if *recreate {
-            TerminalRecreateMode::Always
-          } else {
-            TerminalRecreateMode::DifferentCommand
-          },
-          mode: None,
-        }),
-      )
-      .await
-  })
-  .await
-}
-
-pub async fn handle_exec(
-  Exec {
-    server,
-    container,
-    shell,
-    recreate,
-  }: &Exec,
-) -> anyhow::Result<()> {
-  let server = get_server(server.clone(), container).await?;
-  handle_terminal_forwarding(async {
-    super::komodo_client()
-      .await?
-      .connect_container_terminal(
-        server,
-        container.to_string(),
-        None,
-        Some(InitTerminal {
-          command: Some(shell.to_string()),
-          recreate: if *recreate {
-            TerminalRecreateMode::Always
-          } else {
-            TerminalRecreateMode::DifferentCommand
-          },
-          mode: Some(ContainerTerminalMode::Exec),
-        }),
-      )
-      .await
-  })
-  .await
-}
-
-pub async fn handle_attach(
-  Attach {
-    server,
-    container,
-    recreate,
-  }: &Attach,
-) -> anyhow::Result<()> {
-  let server = get_server(server.clone(), container).await?;
-  handle_terminal_forwarding(async {
-    super::komodo_client()
-      .await?
-      .connect_container_terminal(
-        server,
-        container.to_string(),
-        None,
-        Some(InitTerminal {
-          command: None,
-          recreate: if *recreate {
-            TerminalRecreateMode::Always
-          } else {
-            TerminalRecreateMode::DifferentCommand
-          },
-          mode: Some(ContainerTerminalMode::Attach),
-        }),
-      )
-      .await
-  })
-  .await
-}
-
-async fn get_server(
-  server: Option<String>,
-  container: &str,
-) -> anyhow::Result<String> {
-  if let Some(server) = server {
-    return Ok(server);
-  }
-
-  let client = super::komodo_client().await?;
-
-  let mut containers = client
-    .read(ListAllDockerContainers {
-      servers: Default::default(),
-      containers: vec![container.to_string()],
-    })
-    .await?;
-
-  if containers.is_empty() {
-    return Err(anyhow!(
-      "Did not find any container matching {container}"
-    ));
-  }
-
-  if containers.len() == 1 {
-    return containers
-      .pop()
-      .context("Shouldn't happen")?
-      .server_id
-      .context("Container doesn't have server_id");
-  }
-
-  let servers = containers
-    .into_iter()
-    .flat_map(|container| container.server_id)
-    .collect::<Vec<_>>();
-
-  let servers = client
-    .read(ListServers {
-      query: ServerQuery::builder().names(servers).build(),
-    })
-    .await?
-    .into_iter()
-    .map(|server| format!("\t- {}", server.name.bold()))
-    .collect::<Vec<_>>()
-    .join("\n");
-
-  Err(anyhow!(
-    "Multiple containers matching '{}' on Servers:\n{servers}",
-    container.bold(),
-  ))
-}
-
-async fn handle_terminal_forwarding<
-  C: Future<Output = anyhow::Result<TerminalWebsocket>>,
->(
-  connect: C,
-) -> anyhow::Result<()> {
-  // Need to forward multiple sources into ws write
-  let (write_tx, mut write_rx) =
-    tokio::sync::mpsc::channel::<TerminalStdinMessage>(1024);
-
-  // ================
-  //  SETUP RESIZING
-  // ================
-
-  // Subscribe to SIGWINCH for resize messages
-  let mut sigwinch = tokio::signal::unix::signal(
-    tokio::signal::unix::SignalKind::window_change(),
-  )
-  .context("failed to register SIGWINCH handler")?;
-
-  // Send first resize messsage, bailing if it fails to get the size.
-  write_tx.send(resize_message()?).await?;
-
-  let cancel = CancellationToken::new();
-
-  let forward_resize = async {
-    while future_or_cancel(sigwinch.recv(), &cancel)
-      .await
-      .flatten()
-      .is_some()
-    {
-      if let Ok(resize_message) = resize_message()
-        && write_tx.send(resize_message).await.is_err()
-      {
-        break;
-      }
-    }
-    cancel.cancel();
-  };
-
-  let forward_stdin = async {
-    let mut stdin = tokio::io::stdin();
-    let mut buf = [0u8; 8192];
-    while let Some(Ok(n)) =
-      future_or_cancel(stdin.read(&mut buf), &cancel).await
-    {
-      // EOF
-      if n == 0 {
-        break;
-      }
-      let bytes = &buf[..n];
-      // Check for disconnect sequence (alt + q)
-      if bytes == [197, 147] {
-        break;
-      }
-      // Forward bytes
-      if write_tx
-        .send(TerminalStdinMessage::Forward(bytes.to_vec()))
-        .await
-        .is_err()
-      {
-        break;
-      };
-    }
-    cancel.cancel();
-  };
-
-  // =====================
-  //  CONNECT AND FORWARD
-  // =====================
-
-  let (mut ws_write, mut ws_read) = connect.await?.split();
-
-  let forward_write = async {
-    while let Some(message) =
-      future_or_cancel(write_rx.recv(), &cancel).await.flatten()
-    {
-      if let Err(e) = ws_write.send_stdin_message(message).await {
-        cancel.cancel();
-        return Some(e);
-      };
-    }
-    cancel.cancel();
-    None
-  };
-
-  let forward_read = async {
-    let mut stdout = tokio::io::stdout();
-    while let Some(msg) =
-      future_or_cancel(ws_read.receive_stdout(), &cancel).await
-    {
-      let bytes = match msg {
-        Ok(Some(bytes)) => bytes,
-        Ok(None) => break,
-        Err(e) => {
-          cancel.cancel();
-          return Some(e.context("Websocket read error"));
-        }
-      };
-      if let Err(e) = stdout
-        .write_all(&bytes)
-        .await
-        .context("Failed to write text to stdout")
-      {
-        cancel.cancel();
-        return Some(e);
-      }
-      let _ = stdout.flush().await;
-    }
-    cancel.cancel();
-    None
-  };
-
-  let guard = RawModeGuard::enable_raw_mode()?;
-
-  let (_, _, write_error, read_error) = tokio::join!(
-    forward_resize,
-    forward_stdin,
-    forward_write,
-    forward_read
-  );
-
-  drop(guard);
-
-  if let Some(e) = write_error {
-    eprintln!("\nFailed to forward stdin | {e:#}");
-  }
-
-  if let Some(e) = read_error {
-    eprintln!("\nFailed to forward stdout | {e:#}");
-  }
-
-  println!("\n\n{} {}", "connection".bold(), "closed".red().bold());
-
-  // It doesn't seem to exit by itself after the raw mode stuff.
-  std::process::exit(0)
-}
-
-fn resize_message() -> anyhow::Result<TerminalStdinMessage> {
-  let (cols, rows) = crossterm::terminal::size()
-    .context("Failed to get terminal size")?;
-  Ok(TerminalStdinMessage::Resize(TerminalResizeMessage {
-    rows,
-    cols,
-  }))
-}
-
-struct RawModeGuard;
-
-impl RawModeGuard {
-  fn enable_raw_mode() -> anyhow::Result<Self> {
-    crossterm::terminal::enable_raw_mode()
-      .context("Failed to enable terminal raw mode")?;
-    Ok(Self)
-  }
-}
-impl Drop for RawModeGuard {
-  fn drop(&mut self) {
-    if let Err(e) = crossterm::terminal::disable_raw_mode() {
-      eprintln!("Failed to disable terminal raw mode | {e:?}");
-    }
-  }
-}
-
-async fn future_or_cancel<T, F: Future<Output = T>>(
-  fut: F,
-  cancel: &CancellationToken,
-) -> Option<T> {
-  tokio::select! {
-    res = fut => Some(res),
-    _ = cancel.cancelled() => None
-  }
-}

bin/cli/src/command/update/mod.rs

@@ -1,43 +0,0 @@
-use komodo_client::entities::{
-  build::PartialBuildConfig,
-  config::cli::args::update::UpdateCommand,
-  deployment::PartialDeploymentConfig, repo::PartialRepoConfig,
-  server::PartialServerConfig, stack::PartialStackConfig,
-  sync::PartialResourceSyncConfig,
-};
-
-mod resource;
-mod user;
-mod variable;
-
-pub async fn handle(command: &UpdateCommand) -> anyhow::Result<()> {
-  match command {
-    UpdateCommand::Build(update) => {
-      resource::update::<PartialBuildConfig>(update).await
-    }
-    UpdateCommand::Deployment(update) => {
-      resource::update::<PartialDeploymentConfig>(update).await
-    }
-    UpdateCommand::Repo(update) => {
-      resource::update::<PartialRepoConfig>(update).await
-    }
-    UpdateCommand::Server(update) => {
-      resource::update::<PartialServerConfig>(update).await
-    }
-    UpdateCommand::Stack(update) => {
-      resource::update::<PartialStackConfig>(update).await
-    }
-    UpdateCommand::Sync(update) => {
-      resource::update::<PartialResourceSyncConfig>(update).await
-    }
-    UpdateCommand::Variable {
-      name,
-      value,
-      secret,
-      yes,
-    } => variable::update(name, value, *secret, *yes).await,
-    UpdateCommand::User { username, command } => {
-      user::update(username, command).await
-    }
-  }
-}

bin/cli/src/command/update/resource.rs

@@ -1,152 +0,0 @@
-use anyhow::Context;
-use colored::Colorize;
-use komodo_client::{
-  api::write::{
-    UpdateBuild, UpdateDeployment, UpdateRepo, UpdateResourceSync,
-    UpdateServer, UpdateStack,
-  },
-  entities::{
-    build::PartialBuildConfig,
-    config::cli::args::update::UpdateResource,
-    deployment::PartialDeploymentConfig, repo::PartialRepoConfig,
-    server::PartialServerConfig, stack::PartialStackConfig,
-    sync::PartialResourceSyncConfig,
-  },
-};
-use serde::{Serialize, de::DeserializeOwned};
-
-pub async fn update<
-  T: std::fmt::Debug + Serialize + DeserializeOwned + ResourceUpdate,
->(
-  UpdateResource {
-    resource,
-    update,
-    yes,
-  }: &UpdateResource,
-) -> anyhow::Result<()> {
-  println!("\n{}: Update {}\n", "Mode".dimmed(), T::resource_type());
-  println!(" - {}: {resource}", "Name".dimmed());
-
-  let config = serde_qs::from_str::<T>(update)
-    .context("Failed to deserialize config")?;
-
-  match serde_json::to_string_pretty(&config) {
-    Ok(config) => {
-      println!(" - {}: {config}", "Update".dimmed());
-    }
-    Err(_) => {
-      println!(" - {}: {config:#?}", "Update".dimmed());
-    }
-  }
-
-  crate::command::wait_for_enter("update resource", *yes)?;
-
-  config.apply(resource).await
-}
-
-pub trait ResourceUpdate {
-  fn resource_type() -> &'static str;
-  async fn apply(self, resource: &str) -> anyhow::Result<()>;
-}
-
-impl ResourceUpdate for PartialBuildConfig {
-  fn resource_type() -> &'static str {
-    "Build"
-  }
-  async fn apply(self, resource: &str) -> anyhow::Result<()> {
-    let client = crate::command::komodo_client().await?;
-    client
-      .write(UpdateBuild {
-        id: resource.to_string(),
-        config: self,
-      })
-      .await
-      .context("Failed to update build config")?;
-    Ok(())
-  }
-}
-
-impl ResourceUpdate for PartialDeploymentConfig {
-  fn resource_type() -> &'static str {
-    "Deployment"
-  }
-  async fn apply(self, resource: &str) -> anyhow::Result<()> {
-    let client = crate::command::komodo_client().await?;
-    client
-      .write(UpdateDeployment {
-        id: resource.to_string(),
-        config: self,
-      })
-      .await
-      .context("Failed to update deployment config")?;
-    Ok(())
-  }
-}
-
-impl ResourceUpdate for PartialRepoConfig {
-  fn resource_type() -> &'static str {
-    "Repo"
-  }
-  async fn apply(self, resource: &str) -> anyhow::Result<()> {
-    let client = crate::command::komodo_client().await?;
-    client
-      .write(UpdateRepo {
-        id: resource.to_string(),
-        config: self,
-      })
-      .await
-      .context("Failed to update repo config")?;
-    Ok(())
-  }
-}
-
-impl ResourceUpdate for PartialServerConfig {
-  fn resource_type() -> &'static str {
-    "Server"
-  }
-  async fn apply(self, resource: &str) -> anyhow::Result<()> {
-    let client = crate::command::komodo_client().await?;
-    client
-      .write(UpdateServer {
-        id: resource.to_string(),
-        config: self,
-      })
-      .await
-      .context("Failed to update server config")?;
-    Ok(())
-  }
-}
-
-impl ResourceUpdate for PartialStackConfig {
-  fn resource_type() -> &'static str {
-    "Stack"
-  }
-  async fn apply(self, resource: &str) -> anyhow::Result<()> {
-    let client = crate::command::komodo_client().await?;
-    client
-      .write(UpdateStack {
-        id: resource.to_string(),
-        config: self,
-      })
-      .await
-      .context("Failed to update stack config")?;
-    Ok(())
-  }
-}
-
-impl ResourceUpdate for PartialResourceSyncConfig {
-  fn resource_type() -> &'static str {
-    "Sync"
-  }
-  async fn apply(self, resource: &str) -> anyhow::Result<()> {
-    let client = crate::command::komodo_client().await?;
-    client
-      .write(UpdateResourceSync {
-        id: resource.to_string(),
-        config: self,
-      })
-      .await
-      .context("Failed to update sync config")?;
-    Ok(())
-  }
-}

bin/cli/src/command/update/user.rs

@@ -1,142 +0,0 @@
-use anyhow::Context;
-use colored::Colorize;
-use database::mungos::mongodb::bson::doc;
-use komodo_client::entities::{
-  config::{
-    cli::args::{CliEnabled, update::UpdateUserCommand},
-    empty_or_redacted,
-  },
-  optional_string,
-};
-
-use crate::{command::sanitize_uri, config::cli_config};
-
-pub async fn update(
-  username: &str,
-  command: &UpdateUserCommand,
-) -> anyhow::Result<()> {
-  match command {
-    UpdateUserCommand::Password {
-      password,
-      unsanitized,
-      yes,
-    } => {
-      update_password(username, password, *unsanitized, *yes).await
-    }
-    UpdateUserCommand::SuperAdmin { enabled, yes } => {
-      update_super_admin(username, *enabled, *yes).await
-    }
-    UpdateUserCommand::Clear2fa { yes } => {
-      clear_2fa(username, *yes).await
-    }
-  }
-}
-
-async fn update_password(
-  username: &str,
-  password: &str,
-  unsanitized: bool,
-  yes: bool,
-) -> anyhow::Result<()> {
-  println!("\n{}: Update Password\n", "Mode".dimmed());
-  println!(" - {}: {username}", "Username".dimmed());
-  if unsanitized {
-    println!(" - {}: {password}", "Password".dimmed());
-  } else {
-    println!(
-      " - {}: {}",
-      "Password".dimmed(),
-      empty_or_redacted(password)
-    );
-  }
-
-  crate::command::wait_for_enter("update password", yes)?;
-
-  info!("Updating password...");
-
-  let db = database::Client::new(&cli_config().database).await?;
-
-  let user = db
-    .users
-    .find_one(doc! { "username": username })
-    .await
-    .context("Failed to query database for user")?
-    .context("No user found with given username")?;
-
-  db.set_user_password(&user, password).await?;
-
-  info!("Password updated ✅");
-
-  Ok(())
-}
-
-async fn update_super_admin(
-  username: &str,
-  super_admin: CliEnabled,
-  yes: bool,
-) -> anyhow::Result<()> {
-  let config = cli_config();
-
-  println!("\n{}: Update Super Admin\n", "Mode".dimmed());
-  println!(" - {}: {username}", "Username".dimmed());
-  println!(" - {}: {super_admin}\n", "Super Admin".dimmed());
-
-  if let Some(uri) = optional_string(&config.database.uri) {
-    println!("{}: {}", " - Source URI".dimmed(), sanitize_uri(&uri));
-  }
-  if let Some(address) = optional_string(&config.database.address) {
-    println!("{}: {address}", " - Source Address".dimmed());
-  }
-  if let Some(username) = optional_string(&config.database.username) {
-    println!("{}: {username}", " - Source Username".dimmed());
-  }
-  println!(
-    "{}: {}",
-    " - Source Db Name".dimmed(),
-    config.database.db_name,
-  );
-
-  crate::command::wait_for_enter("update super admin", yes)?;
-
-  info!("Updating super admin...");
-
-  let db = database::Client::new(&config.database).await?;
-
-  // Make sure the user exists first before saying it is successful.
-  let user = db
-    .users
-    .find_one(doc! { "username": username })
-    .await
-    .context("Failed to query database for user")?
-    .context("No user found with given username")?;
-
-  let super_admin: bool = super_admin.into();
-  db.users
-    .update_one(
-      doc! { "username": user.username },
-      doc! { "$set": { "super_admin": super_admin } },
-    )
-    .await
-    .context("Failed to update user super admin on db")?;
-
-  info!("Super admin updated ✅");
-
-  Ok(())
-}
-
-async fn clear_2fa(username: &str, yes: bool) -> anyhow::Result<()> {
-  println!("\n{}: Clear 2FA Methods\n", "Mode".dimmed());
-  println!(" - {}: {username}", "Username".dimmed());
-
-  crate::command::wait_for_enter("clear user 2FA methods", yes)?;
-
-  info!("Clearing 2FA methods...");
-
-  let db = database::Client::new(&cli_config().database).await?;
-
-  db.clear_user_2fa_methods(username).await?;
-
-  info!("2FA methods cleared ✅");
-
-  Ok(())
-}

bin/cli/src/command/update/variable.rs

@@ -1,70 +0,0 @@
-use anyhow::Context;
-use colored::Colorize;
-use komodo_client::api::{
-  read::GetVariable,
-  write::{
-    CreateVariable, UpdateVariableIsSecret, UpdateVariableValue,
-  },
-};
-
-pub async fn update(
-  name: &str,
-  value: &str,
-  secret: Option<bool>,
-  yes: bool,
-) -> anyhow::Result<()> {
-  println!("\n{}: Update Variable\n", "Mode".dimmed());
-  println!(" - {}:  {name}", "Name".dimmed());
-  println!(" - {}: {value}", "Value".dimmed());
-  if let Some(secret) = secret {
-    println!(" - {}: {secret}", "Is Secret".dimmed());
-  }
-
-  crate::command::wait_for_enter("update variable", yes)?;
-
-  let client = crate::command::komodo_client().await?;
-
-  let Ok(existing) = client
-    .read(GetVariable {
-      name: name.to_string(),
-    })
-    .await
-  else {
-    // Create the variable
-    client
-      .write(CreateVariable {
-        name: name.to_string(),
-        value: value.to_string(),
-        is_secret: secret.unwrap_or_default(),
-        description: Default::default(),
-      })
-      .await
-      .context("Failed to create variable")?;
-    info!("Variable created ✅");
-    return Ok(());
-  };
-
-  client
-    .write(UpdateVariableValue {
-      name: name.to_string(),
-      value: value.to_string(),
-    })
-    .await
-    .context("Failed to update variable 'value'")?;
-  info!("Variable 'value' updated ✅");
-
-  let Some(secret) = secret else { return Ok(()) };
-
-  if secret != existing.is_secret {
-    client
-      .write(UpdateVariableIsSecret {
-        name: name.to_string(),
-        is_secret: secret,
-      })
-      .await
-      .context("Failed to update variable 'is_secret'")?;
-    info!("Variable 'is_secret' updated to {secret} ✅");
-  }
-
-  Ok(())
-}

bin/cli/src/config.rs

@@ -1,280 +0,0 @@
-use std::{path::PathBuf, sync::OnceLock};
-
-use anyhow::Context;
-use clap::Parser;
-use colored::Colorize;
-use komodo_client::entities::{
-  config::{
-    DatabaseConfig,
-    cli::{
-      CliConfig, Env,
-      args::{CliArgs, Command, Execute, database::DatabaseCommand},
-    },
-  },
-  logger::LogConfig,
-};
-use mogh_secret_file::maybe_read_item_from_file;
-
-pub fn cli_args() -> &'static CliArgs {
-  static CLI_ARGS: OnceLock<CliArgs> = OnceLock::new();
-  CLI_ARGS.get_or_init(CliArgs::parse)
-}
-
-pub fn cli_env() -> &'static Env {
-  static CLI_ARGS: OnceLock<Env> = OnceLock::new();
-  CLI_ARGS.get_or_init(|| {
-    match envy::from_env()
-      .context("Failed to parse Komodo CLI environment")
-    {
-      Ok(env) => env,
-      Err(e) => {
-        panic!("{e:?}")
-      }
-    }
-  })
-}
-
-pub fn cli_config() -> &'static CliConfig {
-  static CLI_CONFIG: OnceLock<CliConfig> = OnceLock::new();
-  CLI_CONFIG.get_or_init(|| {
-    let args = cli_args();
-    let env = cli_env().clone();
-    let config_paths = args
-      .config_path
-      .clone()
-      .unwrap_or(env.komodo_cli_config_paths);
-    let debug_startup =
-      args.debug_startup.unwrap_or(env.komodo_cli_debug_startup);
-
-    if debug_startup {
-      println!(
-        "{}: Komodo CLI version: {}",
-        "DEBUG".cyan(),
-        env!("CARGO_PKG_VERSION").blue().bold()
-      );
-      println!(
-        "{}: {}: {config_paths:?}",
-        "DEBUG".cyan(),
-        "Config Paths".dimmed(),
-      );
-    }
-
-    let config_keywords = args
-      .config_keyword
-      .clone()
-      .unwrap_or(env.komodo_cli_config_keywords);
-    let config_keywords = config_keywords
-      .iter()
-      .map(String::as_str)
-      .collect::<Vec<_>>();
-    if debug_startup {
-      println!(
-        "{}: {}: {config_keywords:?}",
-        "DEBUG".cyan(),
-        "Config File Keywords".dimmed(),
-      );
-    }
-    let mut unparsed_config = (mogh_config::ConfigLoader {
-      paths: &config_paths
-        .iter()
-        .map(PathBuf::as_path)
-        .collect::<Vec<_>>(),
-      match_wildcards: &config_keywords,
-      include_file_name: ".kminclude",
-      merge_nested: env.komodo_cli_merge_nested_config,
-      extend_array: env.komodo_cli_extend_config_arrays,
-      debug_print: debug_startup,
-    })
-    .load::<serde_json::Map<String, serde_json::Value>>()
-    .expect("failed at parsing config from paths");
-    let init_parsed_config = serde_json::from_value::<CliConfig>(
-      serde_json::Value::Object(unparsed_config.clone()),
-    )
-    .context("Failed to parse config")
-    .unwrap();
-
-    let (host, key, secret) = match &args.command {
-      Command::Execute(Execute {
-        host, key, secret, ..
-      }) => (host.clone(), key.clone(), secret.clone()),
-      _ => (None, None, None),
-    };
-
-    let backups_folder = match &args.command {
-      Command::Database {
-        command: DatabaseCommand::Backup { backups_folder, .. },
-      } => backups_folder.clone(),
-      Command::Database {
-        command: DatabaseCommand::Restore { backups_folder, .. },
-      } => backups_folder.clone(),
-      _ => None,
-    };
-    let (uri, address, username, password, db_name) =
-      match &args.command {
-        Command::Database {
-          command:
-            DatabaseCommand::Copy {
-              uri,
-              address,
-              username,
-              password,
-              db_name,
-              ..
-            },
-        } => (
-          uri.clone(),
-          address.clone(),
-          username.clone(),
-          password.clone(),
-          db_name.clone(),
-        ),
-        _ => (None, None, None, None, None),
-      };
-
-    let profile = args
-      .profile
-      .as_ref()
-      .or(init_parsed_config.default_profile.as_ref());
-
-    let unparsed_config = if let Some(profile) = profile
-      && !profile.is_empty()
-    {
-      // Find the profile config,
-      // then merge it with the Default config.
-      let serde_json::Value::Array(profiles) = unparsed_config
-        .remove("profile")
-        .context("Config has no profiles, but a profile is required")
-        .unwrap()
-      else {
-        panic!("`config.profile` is not array");
-      };
-      let Some(profile_config) = profiles.into_iter().find(|p| {
-        let Ok(parsed) =
-          serde_json::from_value::<CliConfig>(p.clone())
-        else {
-          return false;
-        };
-        &parsed.config_profile == profile
-          || parsed
-            .config_aliases
-            .iter()
-            .any(|alias| alias == profile)
-      }) else {
-        panic!("No profile matching '{profile}' was found.");
-      };
-      let serde_json::Value::Object(profile_config) = profile_config
-      else {
-        panic!("Profile config is not Object type.");
-      };
-      mogh_config::merge_config(
-        unparsed_config,
-        profile_config.clone(),
-        env.komodo_cli_merge_nested_config,
-        env.komodo_cli_extend_config_arrays,
-      )
-      .unwrap_or(profile_config)
-    } else {
-      unparsed_config
-    };
-    let config = serde_json::from_value::<CliConfig>(
-      serde_json::Value::Object(unparsed_config),
-    )
-    .context("Failed to parse final config")
-    .unwrap();
-    let config_profile = if config.config_profile.is_empty() {
-      String::from("None")
-    } else {
-      config.config_profile
-    };
-
-    CliConfig {
-      config_profile,
-      config_aliases: config.config_aliases,
-      default_profile: config.default_profile,
-      table_borders: env
-        .komodo_cli_table_borders
-        .or(config.table_borders),
-      host: host
-        .or(env.komodo_cli_host)
-        .or(env.komodo_host)
-        .unwrap_or(config.host),
-      cli_key: key.or(env.komodo_cli_key).or(config.cli_key),
-      cli_secret: secret
-        .or(env.komodo_cli_secret)
-        .or(config.cli_secret),
-      backups_folder: backups_folder
-        .or(env.komodo_cli_backups_folder)
-        .unwrap_or(config.backups_folder),
-      max_backups: env
-        .komodo_cli_max_backups
-        .unwrap_or(config.max_backups),
-      database_target: DatabaseConfig {
-        uri: uri
-          .or(env.komodo_cli_database_target_uri)
-          .unwrap_or(config.database_target.uri),
-        address: address
-          .or(env.komodo_cli_database_target_address)
-          .unwrap_or(config.database_target.address),
-        username: username
-          .or(env.komodo_cli_database_target_username)
-          .unwrap_or(config.database_target.username),
-        password: password
-          .or(env.komodo_cli_database_target_password)
-          .unwrap_or(config.database_target.password),
-        db_name: db_name
-          .or(env.komodo_cli_database_target_db_name)
-          .unwrap_or(config.database_target.db_name),
-        app_name: config.database_target.app_name,
-      },
-      database: DatabaseConfig {
-        uri: maybe_read_item_from_file(
-          env.komodo_database_uri_file,
-          env.komodo_database_uri,
-        )
-        .unwrap_or(config.database.uri),
-        address: env
-          .komodo_database_address
-          .unwrap_or(config.database.address),
-        username: maybe_read_item_from_file(
-          env.komodo_database_username_file,
-          env.komodo_database_username,
-        )
-        .unwrap_or(config.database.username),
-        password: maybe_read_item_from_file(
-          env.komodo_database_password_file,
-          env.komodo_database_password,
-        )
-        .unwrap_or(config.database.password),
-        db_name: env
-          .komodo_database_db_name
-          .unwrap_or(config.database.db_name),
-        app_name: config.database.app_name,
-      },
-      cli_logging: LogConfig {
-        level: env
-          .komodo_cli_logging_level
-          .unwrap_or(config.cli_logging.level),
-        stdio: env
-          .komodo_cli_logging_stdio
-          .unwrap_or(config.cli_logging.stdio),
-        pretty: env
-          .komodo_cli_logging_pretty
-          .unwrap_or(config.cli_logging.pretty),
-        location: false,
-        ansi: env
-          .komodo_cli_logging_ansi
-          .unwrap_or(config.cli_logging.ansi),
-        otlp_endpoint: env
-          .komodo_cli_logging_otlp_endpoint
-          .unwrap_or(config.cli_logging.otlp_endpoint),
-        opentelemetry_service_name: env
-          .komodo_cli_logging_opentelemetry_service_name
-          .unwrap_or(config.cli_logging.opentelemetry_service_name),
-        opentelemetry_scope_name: env
-          .komodo_cli_logging_opentelemetry_scope_name
-          .unwrap_or(config.cli_logging.opentelemetry_scope_name),
-      },
-      profile: config.profile,
-    }
-  })
-}

bin/cli/src/exec.rs

@@ -0,0 +1,485 @@
+use std::time::Duration;
+
+use colored::Colorize;
+use komodo_client::{
+  api::execute::{BatchExecutionResponse, Execution},
+  entities::update::Update,
+};
+
+use crate::{
+  helpers::wait_for_enter,
+  state::{cli_args, komodo_client},
+};
+
+pub enum ExecutionResult {
+  Single(Update),
+  Batch(BatchExecutionResponse),
+}
+
+pub async fn run(execution: Execution) -> anyhow::Result<()> {
+  if matches!(execution, Execution::None(_)) {
+    println!("Got 'none' execution. Doing nothing...");
+    tokio::time::sleep(Duration::from_secs(3)).await;
+    println!("Finished doing nothing. Exiting...");
+    std::process::exit(0);
+  }
+
+  println!("\n{}: Execution", "Mode".dimmed());
+  match &execution {
+    Execution::None(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::RunAction(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::BatchRunAction(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::RunProcedure(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::BatchRunProcedure(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::RunBuild(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::BatchRunBuild(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::CancelBuild(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::Deploy(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::BatchDeploy(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::PullDeployment(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::StartDeployment(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::RestartDeployment(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::PauseDeployment(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::UnpauseDeployment(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::StopDeployment(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::DestroyDeployment(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::BatchDestroyDeployment(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::CloneRepo(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::BatchCloneRepo(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::PullRepo(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::BatchPullRepo(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::BuildRepo(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::BatchBuildRepo(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::CancelRepoBuild(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::StartContainer(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::RestartContainer(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::PauseContainer(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::UnpauseContainer(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::StopContainer(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::DestroyContainer(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::StartAllContainers(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::RestartAllContainers(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::PauseAllContainers(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::UnpauseAllContainers(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::StopAllContainers(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::PruneContainers(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::DeleteNetwork(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::PruneNetworks(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::DeleteImage(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::PruneImages(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::DeleteVolume(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::PruneVolumes(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::PruneDockerBuilders(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::PruneBuildx(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::PruneSystem(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::RunSync(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::CommitSync(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::DeployStack(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::BatchDeployStack(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::DeployStackIfChanged(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::BatchDeployStackIfChanged(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::PullStack(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::StartStack(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::RestartStack(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::PauseStack(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::UnpauseStack(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::StopStack(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::DestroyStack(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::BatchDestroyStack(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::TestAlerter(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+    Execution::Sleep(data) => {
+      println!("{}: {data:?}", "Data".dimmed())
+    }
+  }
+
+  if !cli_args().yes {
+    wait_for_enter("run execution")?;
+  }
+
+  info!("Running Execution...");
+
+  let res = match execution {
+    Execution::RunAction(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::BatchRunAction(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Batch),
+    Execution::RunProcedure(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::BatchRunProcedure(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Batch),
+    Execution::RunBuild(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::BatchRunBuild(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Batch),
+    Execution::CancelBuild(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::Deploy(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::BatchDeploy(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Batch),
+    Execution::PullDeployment(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::StartDeployment(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::RestartDeployment(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::PauseDeployment(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::UnpauseDeployment(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::StopDeployment(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::DestroyDeployment(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::BatchDestroyDeployment(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Batch),
+    Execution::CloneRepo(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::BatchCloneRepo(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Batch),
+    Execution::PullRepo(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::BatchPullRepo(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Batch),
+    Execution::BuildRepo(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::BatchBuildRepo(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Batch),
+    Execution::CancelRepoBuild(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::StartContainer(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::RestartContainer(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::PauseContainer(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::UnpauseContainer(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::StopContainer(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::DestroyContainer(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::StartAllContainers(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::RestartAllContainers(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::PauseAllContainers(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::UnpauseAllContainers(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::StopAllContainers(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::PruneContainers(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::DeleteNetwork(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::PruneNetworks(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::DeleteImage(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::PruneImages(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::DeleteVolume(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::PruneVolumes(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::PruneDockerBuilders(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::PruneBuildx(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::PruneSystem(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::RunSync(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::CommitSync(request) => komodo_client()
+      .write(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::DeployStack(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::BatchDeployStack(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Batch),
+    Execution::DeployStackIfChanged(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::BatchDeployStackIfChanged(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Batch),
+    Execution::PullStack(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::StartStack(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::RestartStack(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::PauseStack(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::UnpauseStack(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::StopStack(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::DestroyStack(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::BatchDestroyStack(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Batch),
+    Execution::TestAlerter(request) => komodo_client()
+      .execute(request)
+      .await
+      .map(ExecutionResult::Single),
+    Execution::Sleep(request) => {
+      let duration =
+        Duration::from_millis(request.duration_ms as u64);
+      tokio::time::sleep(duration).await;
+      println!("Finished sleeping!");
+      std::process::exit(0)
+    }
+    Execution::None(_) => unreachable!(),
+  };
+
+  match res {
+    Ok(ExecutionResult::Single(update)) => {
+      println!("\n{}: {update:#?}", "SUCCESS".green())
+    }
+    Ok(ExecutionResult::Batch(update)) => {
+      println!("\n{}: {update:#?}", "SUCCESS".green())
+    }
+    Err(e) => println!("{}\n\n{e:#?}", "ERROR".red()),
+  }
+
+  Ok(())
+}

bin/cli/src/helpers.rs

@@ -0,0 +1,17 @@
+use std::io::Read;
+
+use anyhow::Context;
+use colored::Colorize;
+
+pub fn wait_for_enter(press_enter_to: &str) -> anyhow::Result<()> {
+  println!(
+    "\nPress {} to {}\n",
+    "ENTER".green(),
+    press_enter_to.bold()
+  );
+  let buffer = &mut [0u8];
+  std::io::stdin()
+    .read_exact(buffer)
+    .context("failed to read ENTER")?;
+  Ok(())
+}

bin/cli/src/main.rs

@@ -1,96 +1,32 @@
 #[macro_use]
 extern crate tracing;
 
-use anyhow::Context;
 use colored::Colorize;
-use komodo_client::entities::config::cli::args;
+use komodo_client::api::read::GetVersion;
 
-use crate::config::cli_config;
-
-mod command;
-mod config;
-
-async fn app() -> anyhow::Result<()> {
-  dotenvy::dotenv().ok();
-  mogh_logger::init(&config::cli_config().cli_logging)?;
-  let args = config::cli_args();
-  let env = config::cli_env();
-  let debug_load =
-    args.debug_startup.unwrap_or(env.komodo_cli_debug_startup);
-
-  match &args.command {
-    args::Command::Config {
-      all_profiles,
-      unsanitized,
-    } => {
-      let mut config = if *unsanitized {
-        cli_config().clone()
-      } else {
-        cli_config().sanitized()
-      };
-      if !*all_profiles {
-        config.profile = Default::default();
-      }
-      if debug_load {
-        println!("\n{config:#?}");
-      } else {
-        println!(
-          "\nCLI Config {}",
-          serde_json::to_string_pretty(&config)
-            .context("Failed to serialize config for pretty print")?
-        );
-      }
-      Ok(())
-    }
-    args::Command::Container(container) => {
-      command::container::handle(container).await
-    }
-    args::Command::Inspect(inspect) => {
-      command::container::inspect_container(inspect).await
-    }
-    args::Command::List(list) => command::list::handle(list).await,
-    args::Command::Execute(args) => {
-      command::execute::handle(&args.execution, args.yes).await
-    }
-    args::Command::Update { command } => {
-      command::update::handle(command).await
-    }
-    args::Command::Connect(connect) => {
-      command::terminal::handle_connect(connect).await
-    }
-    args::Command::Exec(exec) => {
-      command::terminal::handle_exec(exec).await
-    }
-    args::Command::Attach(attach) => {
-      command::terminal::handle_attach(attach).await
-    }
-    args::Command::Key { command } => {
-      mogh_pki::cli::handle(command, mogh_pki::PkiKind::Mutual).await
-    }
-    args::Command::Database { command } => {
-      command::database::handle(command).await
-    }
-  }
-}
+mod args;
+mod exec;
+mod helpers;
+mod state;
 
 #[tokio::main]
 async fn main() -> anyhow::Result<()> {
-  let mut term_signal = tokio::signal::unix::signal(
-    tokio::signal::unix::SignalKind::terminate(),
-  )?;
-  tokio::select! {
-    res = tokio::spawn(app()) => match res {
-      Ok(Err(e)) => {
-        eprintln!("{}: {e}", "ERROR".red());
-        std::process::exit(1)
-      }
-      Err(e) => {
-        eprintln!("{}: {e}", "ERROR".red());
-        std::process::exit(1)
-      },
-      Ok(_) => {}
-    },
-    _ = term_signal.recv() => {},
+  tracing_subscriber::fmt().with_target(false).init();
+
+  info!(
+    "Komodo CLI version: {}",
+    env!("CARGO_PKG_VERSION").blue().bold()
+  );
+
+  let version =
+    state::komodo_client().read(GetVersion {}).await?.version;
+  info!("Komodo Core version: {}", version.blue().bold());
+
+  match &state::cli_args().command {
+    args::Command::Execute { execution } => {
+      exec::run(execution.to_owned()).await?
+    }
   }
+
   Ok(())
 }

bin/cli/src/state.rs

@@ -0,0 +1,48 @@
+use std::sync::OnceLock;
+
+use clap::Parser;
+use komodo_client::KomodoClient;
+use merge_config_files::parse_config_file;
+
+pub fn cli_args() -> &'static crate::args::CliArgs {
+  static CLI_ARGS: OnceLock<crate::args::CliArgs> = OnceLock::new();
+  CLI_ARGS.get_or_init(crate::args::CliArgs::parse)
+}
+
+pub fn komodo_client() -> &'static KomodoClient {
+  static KOMODO_CLIENT: OnceLock<KomodoClient> = OnceLock::new();
+  KOMODO_CLIENT.get_or_init(|| {
+    let args = cli_args();
+    let crate::args::CredsFile { url, key, secret } =
+      match (&args.url, &args.key, &args.secret) {
+        (Some(url), Some(key), Some(secret)) => {
+          crate::args::CredsFile {
+            url: url.clone(),
+            key: key.clone(),
+            secret: secret.clone(),
+          }
+        }
+        (url, key, secret) => {
+          let mut creds: crate::args::CredsFile =
+            parse_config_file(cli_args().creds.as_str())
+              .expect("failed to parse Komodo credentials");
+
+          if let Some(url) = url {
+            creds.url.clone_from(url);
+          }
+          if let Some(key) = key {
+            creds.key.clone_from(key);
+          }
+          if let Some(secret) = secret {
+            creds.secret.clone_from(secret);
+          }
+
+          creds
+        }
+      };
+    futures::executor::block_on(
+      KomodoClient::new(url, key, secret).with_healthcheck(),
+    )
+    .expect("failed to initialize Komodo client")
+  })
+}

bin/core/Cargo.toml

@@ -15,72 +15,61 @@ path = "src/main.rs"
 
 [dependencies]
 # local
-komodo_client = { workspace = true, features = ["core"] }
+komodo_client = { workspace = true, features = ["mongo"] }
 periphery_client.workspace = true
-mogh_validations.workspace = true
-interpolate.workspace = true
-mogh_secret_file.workspace = true
+environment_file.workspace = true
 formatting.workspace = true
-mogh_rate_limit.workspace = true
-transport.workspace = true
-database.workspace = true
-encoding.workspace = true
+response.workspace = true
 command.workspace = true
-mogh_config.workspace = true
-mogh_logger.workspace = true
-mogh_cache.workspace = true
-mogh_pki.workspace = true
+logger.workspace = true
+cache.workspace = true
 git.workspace = true
 # mogh
-mogh_error = { workspace = true, features = ["axum"] }
-mogh_auth_client = { workspace = true, features = ["utoipa"] }
-mogh_auth_server.workspace = true
+serror = { workspace = true, features = ["axum"] }
+merge_config_files.workspace = true
 async_timing_util.workspace = true
 partial_derive2.workspace = true
-mogh_resolver.workspace = true
-mogh_server.workspace = true
+derive_variants.workspace = true
+mongo_indexed.workspace = true
+resolver_api.workspace = true
 toml_pretty.workspace = true
+mungos.workspace = true
 slack.workspace = true
 svi.workspace = true
 # external
-aws-credential-types.workspace = true
-english-to-cron.workspace = true
-data-encoding.workspace = true
-serde_yaml_ng.workspace = true
-utoipa-scalar.workspace = true
-futures-util.workspace = true
-aws-sdk-ec2.workspace = true
+axum-server.workspace = true
+ordered_hash_map.workspace = true
+openidconnect.workspace = true
 urlencoding.workspace = true
+aws-sdk-ec2.workspace = true
 aws-config.workspace = true
 tokio-util.workspace = true
 axum-extra.workspace = true
+tower-http.workspace = true
 serde_json.workspace = true
+serde_yaml.workspace = true
 typeshare.workspace = true
-chrono-tz.workspace = true
-indexmap.workspace = true
+octorust.workspace = true
 wildcard.workspace = true
-arc-swap.workspace = true
-serde_qs.workspace = true
-colored.workspace = true
+dashmap.workspace = true
 tracing.workspace = true
 reqwest.workspace = true
+futures.workspace = true
+nom_pem.workspace = true
 dotenvy.workspace = true
 anyhow.workspace = true
 bcrypt.workspace = true
-croner.workspace = true
-chrono.workspace = true
+base64.workspace = true
 rustls.workspace = true
-utoipa.workspace = true
-bytes.workspace = true
 tokio.workspace = true
 serde.workspace = true
-strum.workspace = true
 regex.workspace = true
 axum.workspace = true
 toml.workspace = true
 uuid.workspace = true
 envy.workspace = true
+rand.workspace = true
 hmac.workspace = true
 sha2.workspace = true
+jwt.workspace = true
 hex.workspace = true
-url.workspace = true

bin/core/aio.Dockerfile

@@ -1,8 +1,7 @@
 ## All in one, multi stage compile + runtime Docker build for your architecture.
 
 # Build Core
-FROM rust:1.93.1-trixie AS core-builder
-RUN cargo install cargo-strip
+FROM rust:1.84.1-bullseye AS core-builder
 
 WORKDIR /builder
 COPY Cargo.toml Cargo.lock ./
@@ -10,36 +9,33 @@ COPY ./lib ./lib
 COPY ./client/core/rs ./client/core/rs
 COPY ./client/periphery ./client/periphery
 COPY ./bin/core ./bin/core
-COPY ./bin/cli ./bin/cli
 
 # Compile app
-RUN cargo build -p komodo_core --release && \
-  cargo build -p komodo_cli --release && \
-  cargo strip
+RUN cargo build -p komodo_core --release
 
-# Build UI
-FROM node:22.12-alpine AS ui-builder
+# Build Frontend
+FROM node:20.12-alpine AS frontend-builder
 WORKDIR /builder
-COPY ./ui ./ui
+COPY ./frontend ./frontend
 COPY ./client/core/ts ./client
 RUN cd client && yarn && yarn build && yarn link
-RUN cd ui && yarn link komodo_client && yarn && yarn build
+RUN cd frontend && yarn link komodo_client && yarn && yarn build
 
 # Final Image
-FROM debian:trixie-slim
+FROM debian:bullseye-slim
 
-COPY ./bin/core/starship.toml /starship.toml
-COPY ./bin/core/debian-deps.sh .
-RUN sh ./debian-deps.sh && rm ./debian-deps.sh
+# Install Deps
+RUN apt update && \
+  apt install -y git ca-certificates && \
+  rm -rf /var/lib/apt/lists/*
 
 # Setup an application directory
 WORKDIR /app
 
 # Copy
-COPY ./config/core.config.toml /config/.default.config.toml
-COPY --from=ui-builder /builder/ui/dist /app/ui
+COPY ./config/core.config.toml /config/config.toml
+COPY --from=frontend-builder /builder/frontend/dist /app/frontend
 COPY --from=core-builder /builder/target/release/core /usr/local/bin/core
-COPY --from=core-builder /builder/target/release/km /usr/local/bin/km
 COPY --from=denoland/deno:bin /deno /usr/local/bin/deno
 
 # Set $DENO_DIR and preload external Deno deps
@@ -48,21 +44,12 @@ RUN mkdir /action-cache && \
   cd /action-cache && \
   deno install jsr:@std/yaml jsr:@std/toml
 
-COPY ./bin/entrypoint.sh /usr/local/bin/entrypoint.sh
-RUN chmod +x /usr/local/bin/entrypoint.sh
-
 # Hint at the port
 EXPOSE 9120
 
-ENV KOMODO_CLI_CONFIG_PATHS="/config"
-# This ensures any `komodo.cli.*` takes precedence over the Core `/config/*config.*`
-ENV KOMODO_CLI_CONFIG_KEYWORDS="*config.*,*komodo.cli*.*"
-
-CMD [ "/bin/bash", "-c", "update-ca-certificates && core" ]
-
-# Label to prevent Komodo from stopping with StopAllContainers
-LABEL komodo.skip="true"
 # Label for Ghcr
-LABEL org.opencontainers.image.source="https://github.com/moghtech/komodo"
+LABEL org.opencontainers.image.source=https://github.com/moghtech/komodo
 LABEL org.opencontainers.image.description="Komodo Core"
-LABEL org.opencontainers.image.licenses="GPL-3.0"
+LABEL org.opencontainers.image.licenses=GPL-3.0
+
+ENTRYPOINT [ "core" ]

bin/core/debian-deps.sh

@@ -1,14 +0,0 @@
-#!/bin/bash
-
-## Core deps installer
-
-apt-get update
-apt-get install -y git curl ca-certificates iproute2
-
-rm -rf /var/lib/apt/lists/*
-
-# Starship prompt
-curl -sS https://starship.rs/install.sh | sh -s -- --yes --bin-dir /usr/local/bin
-echo 'export STARSHIP_CONFIG=/starship.toml' >> /root/.bashrc
-echo 'eval "$(starship init bash)"' >> /root/.bashrc
-

bin/core/multi-arch.Dockerfile

@@ -3,39 +3,34 @@
 ## Since theres no heavy build here, QEMU multi-arch builds are fine for this image.
 
 ARG BINARIES_IMAGE=ghcr.io/moghtech/komodo-binaries:latest
-ARG UI_IMAGE=ghcr.io/moghtech/komodo-ui:latest
+ARG FRONTEND_IMAGE=ghcr.io/moghtech/komodo-frontend:latest
 ARG X86_64_BINARIES=${BINARIES_IMAGE}-x86_64
 ARG AARCH64_BINARIES=${BINARIES_IMAGE}-aarch64
 
 # This is required to work with COPY --from
 FROM ${X86_64_BINARIES} AS x86_64
 FROM ${AARCH64_BINARIES} AS aarch64
-FROM ${UI_IMAGE} AS ui
+FROM ${FRONTEND_IMAGE} AS frontend
 
 # Final Image
-FROM debian:trixie-slim
+FROM debian:bullseye-slim
 
-COPY ./bin/core/starship.toml /starship.toml
-COPY ./bin/core/debian-deps.sh .
-RUN sh ./debian-deps.sh && rm ./debian-deps.sh
+# Install Deps
+RUN apt update && \
+  apt install -y git ca-certificates && \
+  rm -rf /var/lib/apt/lists/*
 
 WORKDIR /app
 
-ARG TARGETPLATFORM
-
 # Copy both binaries initially, but only keep appropriate one for the TARGETPLATFORM.
-COPY --from=x86_64 /core /app/core/linux/amd64
-COPY --from=aarch64 /core /app/core/linux/arm64
-RUN mv /app/core/${TARGETPLATFORM} /usr/local/bin/core && rm -r /app/core
+COPY --from=x86_64 /core /app/arch/linux/amd64
+COPY --from=aarch64 /core /app/arch/linux/arm64
+ARG TARGETPLATFORM
+RUN mv /app/arch/${TARGETPLATFORM} /usr/local/bin/core && rm -r /app/arch
 
-# Same for km
-COPY --from=x86_64 /km /app/km/linux/amd64
-COPY --from=aarch64 /km /app/km/linux/arm64
-RUN mv /app/km/${TARGETPLATFORM} /usr/local/bin/km && rm -r /app/km
-
-# Copy default config / static ui / deno binary
-COPY ./config/core.config.toml /config/.default.config.toml
-COPY --from=ui /ui /app/ui
+# Copy default config / static frontend / deno binary
+COPY ./config/core.config.toml /config/config.toml
+COPY --from=frontend /frontend /app/frontend
 COPY --from=denoland/deno:bin /deno /usr/local/bin/deno
 
 # Set $DENO_DIR and preload external Deno deps
@@ -44,22 +39,12 @@ RUN mkdir /action-cache && \
   cd /action-cache && \
   deno install jsr:@std/yaml jsr:@std/toml
 
-COPY ./bin/entrypoint.sh /usr/local/bin/entrypoint.sh
-RUN chmod +x /usr/local/bin/entrypoint.sh
-
 # Hint at the port
 EXPOSE 9120
 
-ENV KOMODO_CLI_CONFIG_PATHS="/config"
-# This ensures any `komodo.cli.*` takes precedence over the Core `/config/*config.*`
-ENV KOMODO_CLI_CONFIG_KEYWORDS="*config.*,*komodo.cli*.*"
-
-ENTRYPOINT [ "entrypoint.sh" ]
-CMD [ "core" ]
-
-# Label to prevent Komodo from stopping with StopAllContainers
-LABEL komodo.skip="true"
 # Label for Ghcr
-LABEL org.opencontainers.image.source="https://github.com/moghtech/komodo"
+LABEL org.opencontainers.image.source=https://github.com/moghtech/komodo
 LABEL org.opencontainers.image.description="Komodo Core"
-LABEL org.opencontainers.image.licenses="GPL-3.0"
+LABEL org.opencontainers.image.licenses=GPL-3.0
+
+CMD [ "core" ]

bin/core/single-arch.Dockerfile

@@ -6,25 +6,25 @@ ARG BINARIES_IMAGE=ghcr.io/moghtech/komodo-binaries:latest
 # This is required to work with COPY --from
 FROM ${BINARIES_IMAGE} AS binaries
 
-# Build UI
-FROM node:22.12-alpine AS ui-builder
+# Build Frontend
+FROM node:20.12-alpine AS frontend-builder
 WORKDIR /builder
-COPY ./ui ./ui
+COPY ./frontend ./frontend
 COPY ./client/core/ts ./client
 RUN cd client && yarn && yarn build && yarn link
-RUN cd ui && yarn link komodo_client && yarn && yarn build
+RUN cd frontend && yarn link komodo_client && yarn && yarn build
 
-FROM debian:trixie-slim
+FROM debian:bullseye-slim
 
-COPY ./bin/core/starship.toml /starship.toml
-COPY ./bin/core/debian-deps.sh .
-RUN sh ./debian-deps.sh && rm ./debian-deps.sh
+# Install Deps
+RUN apt update && \
+	apt install -y git ca-certificates && \
+	rm -rf /var/lib/apt/lists/*
 	
 # Copy
-COPY ./config/core.config.toml /config/.default.config.toml
-COPY --from=ui-builder /builder/ui/dist /app/ui
+COPY ./config/core.config.toml /config/config.toml
+COPY --from=frontend-builder /builder/frontend/dist /app/frontend
 COPY --from=binaries /core /usr/local/bin/core
-COPY --from=binaries /km /usr/local/bin/km
 COPY --from=denoland/deno:bin /deno /usr/local/bin/deno
 
 # Set $DENO_DIR and preload external Deno deps
@@ -33,22 +33,12 @@ RUN mkdir /action-cache && \
 	cd /action-cache && \
 	deno install jsr:@std/yaml jsr:@std/toml
 
-COPY ./bin/entrypoint.sh /usr/local/bin/entrypoint.sh
-RUN chmod +x /usr/local/bin/entrypoint.sh
-
 # Hint at the port
 EXPOSE 9120
 
-ENV KOMODO_CLI_CONFIG_PATHS="/config"
-# This ensures any `komodo.cli.*` takes precedence over the Core `/config/*config.*`
-ENV KOMODO_CLI_CONFIG_KEYWORDS="*config.*,*komodo.cli*.*"
-
-ENTRYPOINT [ "entrypoint.sh" ]
-CMD [ "core" ]
-
-# Label to prevent Komodo from stopping with StopAllContainers
-LABEL komodo.skip="true"
 # Label for Ghcr
-LABEL org.opencontainers.image.source="https://github.com/moghtech/komodo"
+LABEL org.opencontainers.image.source=https://github.com/moghtech/komodo
 LABEL org.opencontainers.image.description="Komodo Core"
-LABEL org.opencontainers.image.licenses="GPL-3.0"
+LABEL org.opencontainers.image.licenses=GPL-3.0
+
+CMD [ "core" ]

bin/core/src/alert/discord.rs

@@ -4,6 +4,7 @@ use serde::Serialize;
 
 use super::*;
 
+#[instrument(level = "debug")]
 pub async fn send_alert(
   url: &str,
   alert: &Alert,
@@ -16,46 +17,6 @@ pub async fn send_alert(
         "{level} | If you see this message, then Alerter **{name}** is **working**\n{link}"
       )
     }
-    AlertData::SwarmUnhealthy { id, name, err } => {
-      let link = resource_link(ResourceTargetVariant::Swarm, id);
-      match alert.level {
-        SeverityLevel::Ok => {
-          format!("{level} | Swarm **{name}** is now **healthy**\n{link}")
-        }
-        SeverityLevel::Critical => {
-          let err = err
-            .as_ref()
-            .map(|e| format!("\n**error**: {e}"))
-            .unwrap_or_default();
-          format!(
-            "{level} | Swarm **{name}** is **unhealthy** ❌\n{link}{err}"
-          )
-        }
-        _ => unreachable!(),
-      }
-    }
-    AlertData::ServerVersionMismatch {
-      id,
-      name,
-      region,
-      server_version,
-      core_version,
-    } => {
-      let region = fmt_region(region);
-      let link = resource_link(ResourceTargetVariant::Server, id);
-      match alert.level {
-        SeverityLevel::Ok => {
-          format!(
-            "{level} | **{name}**{region} | Periphery version now matches Core version ✅\n{link}"
-          )
-        }
-        _ => {
-          format!(
-            "{level} | **{name}**{region} | Version mismatch detected ⚠️\nPeriphery: **{server_version}** | Core: **{core_version}**\n{link}"
-          )
-        }
-      }
-    }
     AlertData::ServerUnreachable {
       id,
       name,
@@ -67,7 +28,7 @@ pub async fn send_alert(
       match alert.level {
         SeverityLevel::Ok => {
           format!(
-            "{level} | **{name}**{region} is now **connected**\n{link}"
+            "{level} | **{name}**{region} is now **reachable**\n{link}"
           )
         }
         SeverityLevel::Critical => {
@@ -126,8 +87,6 @@ pub async fn send_alert(
     AlertData::ContainerStateChange {
       id,
       name,
-      swarm_id: _swarm_id,
-      swarm_name,
       server_id: _server_id,
       server_name,
       from,
@@ -135,64 +94,31 @@ pub async fn send_alert(
     } => {
       let link = resource_link(ResourceTargetVariant::Deployment, id);
       let to = fmt_docker_container_state(to);
-      let target = if let Some(swarm) = swarm_name {
-        format!("\nswarm: **{swarm}**")
-      } else if let Some(server) = server_name {
-        format!("\nserver: **{server}**")
-      } else {
-        format!("")
-      };
-      format!(
-        "📦 Deployment **{name}** is now **{to}**{target}\nprevious: **{from}**\n{link}"
-      )
+      format!("📦 Deployment **{name}** is now **{to}**\nserver: **{server_name}**\nprevious: **{from}**\n{link}")
     }
     AlertData::DeploymentImageUpdateAvailable {
       id,
       name,
-      swarm_id: _swarm_id,
-      swarm_name,
       server_id: _server_id,
       server_name,
       image,
     } => {
       let link = resource_link(ResourceTargetVariant::Deployment, id);
-      let target = if let Some(swarm) = swarm_name {
-        format!("\nswarm: **{swarm}**")
-      } else if let Some(server) = server_name {
-        format!("\nserver: **{server}**")
-      } else {
-        format!("")
-      };
-      format!(
-        "⬆ Deployment **{name}** has an update available{target}\nimage: **{image}**\n{link}"
-      )
+      format!("⬆ Deployment **{name}** has an update available\nserver: **{server_name}**\nimage: **{image}**\n{link}")
     }
     AlertData::DeploymentAutoUpdated {
       id,
       name,
-      swarm_id: _swarm_id,
-      swarm_name,
       server_id: _server_id,
       server_name,
       image,
     } => {
       let link = resource_link(ResourceTargetVariant::Deployment, id);
-      let target = if let Some(swarm) = swarm_name {
-        format!("\nswarm: **{swarm}**")
-      } else if let Some(server) = server_name {
-        format!("\nserver: **{server}**")
-      } else {
-        format!("")
-      };
-      format!(
-        "⬆ Deployment **{name}** was updated automatically ⏫{target}\nimage: **{image}**\n{link}"
-      )
+      format!("⬆ Deployment **{name}** was updated automatically ⏫\nserver: **{server_name}**\nimage: **{image}**\n{link}")
     }
     AlertData::StackStateChange {
       id,
       name,
-      swarm_id: _swarm_id,
-      swarm_name,
       server_id: _server_id,
       server_name,
       from,
@@ -200,44 +126,22 @@ pub async fn send_alert(
     } => {
       let link = resource_link(ResourceTargetVariant::Stack, id);
       let to = fmt_stack_state(to);
-      let target = if let Some(swarm) = swarm_name {
-        format!("\nswarm: **{swarm}**")
-      } else if let Some(server) = server_name {
-        format!("\nserver: **{server}**")
-      } else {
-        format!("")
-      };
-      format!(
-        "🥞 Stack **{name}** is now {to}{target}\nprevious: **{from}**\n{link}"
-      )
+      format!("🥞 Stack **{name}** is now {to}\nserver: **{server_name}**\nprevious: **{from}**\n{link}")
     }
     AlertData::StackImageUpdateAvailable {
       id,
       name,
-      swarm_id: _swarm_id,
-      swarm_name,
       server_id: _server_id,
       server_name,
       service,
       image,
     } => {
       let link = resource_link(ResourceTargetVariant::Stack, id);
-      let target = if let Some(swarm) = swarm_name {
-        format!("\nswarm: **{swarm}**")
-      } else if let Some(server) = server_name {
-        format!("\nserver: **{server}**")
-      } else {
-        format!("")
-      };
-      format!(
-        "⬆ Stack **{name}** has an update available{target}\nservice: **{service}**\nimage: **{image}**\n{link}"
-      )
+      format!("⬆ Stack **{name}** has an update available\nserver: **{server_name}**\nservice: **{service}**\nimage: **{image}**\n{link}")
     }
     AlertData::StackAutoUpdated {
       id,
       name,
-      swarm_id: _swarm_id,
-      swarm_name,
       server_id: _server_id,
       server_name,
       images,
@@ -246,24 +150,13 @@ pub async fn send_alert(
       let images_label =
         if images.len() > 1 { "images" } else { "image" };
       let images = images.join(", ");
-      let target = if let Some(swarm) = swarm_name {
-        format!("\nswarm: **{swarm}**")
-      } else if let Some(server) = server_name {
-        format!("\nserver: **{server}**")
-      } else {
-        format!("")
-      };
-      format!(
-        "⬆ Stack **{name}** was updated automatically ⏫{target}\n{images_label}: **{images}**\n{link}"
-      )
+      format!("⬆ Stack **{name}** was updated automatically ⏫\nserver: **{server_name}**\n{images_label}: **{images}**\n{link}")
     }
     AlertData::AwsBuilderTerminationFailed {
       instance_id,
       message,
     } => {
-      format!(
-        "{level} | Failed to terminated AWS builder instance\ninstance id: **{instance_id}**\n{message}"
-      )
+      format!("{level} | Failed to terminated AWS builder instance\ninstance id: **{instance_id}**\n{message}")
     }
     AlertData::ResourceSyncPendingUpdates { id, name } => {
       let link =
@@ -274,71 +167,18 @@ pub async fn send_alert(
     }
     AlertData::BuildFailed { id, name, version } => {
       let link = resource_link(ResourceTargetVariant::Build, id);
-      format!(
-        "{level} | Build **{name}** failed\nversion: **v{version}**\n{link}"
-      )
+      format!("{level} | Build **{name}** failed\nversion: **v{version}**\n{link}")
     }
     AlertData::RepoBuildFailed { id, name } => {
       let link = resource_link(ResourceTargetVariant::Repo, id);
       format!("{level} | Repo build for **{name}** failed\n{link}")
     }
-    AlertData::ProcedureFailed { id, name } => {
-      let link = resource_link(ResourceTargetVariant::Procedure, id);
-      format!("{level} | Procedure **{name}** failed\n{link}")
-    }
-    AlertData::ActionFailed { id, name } => {
-      let link = resource_link(ResourceTargetVariant::Action, id);
-      format!("{level} | Action **{name}** failed\n{link}")
-    }
-    AlertData::ScheduleRun {
-      resource_type,
-      id,
-      name,
-    } => {
-      let link = resource_link(*resource_type, id);
-      format!(
-        "{level} | **{name}** ({resource_type}) | Scheduled run started 🕝\n{link}"
-      )
-    }
-    AlertData::Custom { message, details } => {
-      format!(
-        "{level} | {message}{}",
-        if details.is_empty() {
-          String::new()
-        } else {
-          format!("\n{details}")
-        }
-      )
-    }
     AlertData::None {} => Default::default(),
   };
-
-  if content.is_empty() {
-    return Ok(());
+  if !content.is_empty() {
+    send_message(url, &content).await?;
   }
-
-  let VariablesAndSecrets { variables, secrets } =
-    get_variables_and_secrets().await?;
-  let mut url_interpolated = url.to_string();
-
-  let mut interpolator =
-    Interpolator::new(Some(&variables), &secrets);
-
-  interpolator.interpolate_string(&mut url_interpolated)?;
-
-  send_message(&url_interpolated, &content)
-    .await
-    .map_err(|e| {
-      let replacers = interpolator
-        .secret_replacers
-        .into_iter()
-        .collect::<Vec<_>>();
-      let sanitized_error =
-        svi::replace_in_string(&format!("{e:?}"), &replacers);
-      anyhow::Error::msg(format!(
-        "Error with request to Discord: {sanitized_error}"
-      ))
-    })
+  Ok(())
 }
 
 async fn send_message(

bin/core/src/alert/mod.rs

@@ -1,54 +1,59 @@
-use anyhow::{Context, anyhow};
-use database::mungos::{find::find_collect, mongodb::bson::doc};
-use futures_util::future::join_all;
-use interpolate::Interpolator;
+use std::collections::HashSet;
+use ::slack::types::Block;
+use anyhow::{anyhow, Context};
+use derive_variants::ExtractVariant;
+use futures::future::join_all;
 use komodo_client::entities::{
-  ResourceTargetVariant,
   alert::{Alert, AlertData, AlertDataVariant, SeverityLevel},
   alerter::*,
   deployment::DeploymentState,
-  komodo_timestamp,
   stack::StackState,
+  ResourceTargetVariant,
 };
+use mungos::{find::find_collect, mongodb::bson::doc};
+use tracing::Instrument;
 
-use crate::helpers::query::get_variables_and_secrets;
-use crate::helpers::{
-  maintenance::is_in_maintenance, query::VariablesAndSecrets,
-};
 use crate::{config::core_config, state::db_client};
+use crate::helpers::interpolate::interpolate_variables_secrets_into_string;
+use crate::helpers::query::get_variables_and_secrets;
 
 mod discord;
-mod ntfy;
-mod pushover;
 mod slack;
 
+#[instrument(level = "debug")]
 pub async fn send_alerts(alerts: &[Alert]) {
   if alerts.is_empty() {
     return;
   }
 
-  let Ok(alerters) = find_collect(
-    &db_client().alerters,
-    doc! { "config.enabled": true },
-    None,
-  )
-  .await
-  .inspect_err(|e| {
-    error!(
+  let span =
+    info_span!("send_alerts", alerts = format!("{alerts:?}"));
+  async {
+    let Ok(alerters) = find_collect(
+      &db_client().alerters,
+      doc! { "config.enabled": true },
+      None,
+    )
+    .await
+    .inspect_err(|e| {
+      error!(
       "ERROR sending alerts | failed to get alerters from db | {e:#}"
     )
-  }) else {
-    return;
-  };
+    }) else {
+      return;
+    };
 
-  let handles = alerts
-    .iter()
-    .map(|alert| send_alert_to_alerters(&alerters, alert));
+    let handles =
+      alerts.iter().map(|alert| send_alert(&alerters, alert));
 
-  join_all(handles).await;
+    join_all(handles).await;
+  }
+  .instrument(span)
+  .await
 }
 
-async fn send_alert_to_alerters(alerters: &[Alerter], alert: &Alert) {
+#[instrument(level = "debug")]
+async fn send_alert(alerters: &[Alerter], alert: &Alert) {
   if alerters.is_empty() {
     return;
   }
@@ -73,21 +78,14 @@ pub async fn send_alert_to_alerter(
     return Ok(());
   }
 
-  if is_in_maintenance(
-    &alerter.config.maintenance_windows,
-    komodo_timestamp(),
-  ) {
-    return Ok(());
-  }
-
-  let alert_variant: AlertDataVariant = (&alert.data).into();
+  let alert_type = alert.data.extract_variant();
 
   // In the test case, we don't want the filters inside this
   // block to stop the test from being sent to the alerting endpoint.
-  if alert_variant != AlertDataVariant::Test {
+  if alert_type != AlertDataVariant::Test {
     // Don't send if alert type not configured on the alerter
     if !alerter.config.alert_types.is_empty()
-      && !alerter.config.alert_types.contains(&alert_variant)
+      && !alerter.config.alert_types.contains(&alert_type)
     {
       return Ok(());
     }
@@ -130,39 +128,27 @@ pub async fn send_alert_to_alerter(
         )
       })
     }
-    AlerterEndpoint::Ntfy(NtfyAlerterEndpoint { url, email }) => {
-      ntfy::send_alert(url, email.as_deref(), alert)
-        .await
-        .with_context(|| {
-          format!(
-            "Failed to send alert to ntfy Alerter {}",
-            alerter.name
-          )
-        })
-    }
-    AlerterEndpoint::Pushover(PushoverAlerterEndpoint { url }) => {
-      pushover::send_alert(url, alert).await.with_context(|| {
-        format!(
-          "Failed to send alert to Pushover Alerter {}",
-          alerter.name
-        )
-      })
-    }
   }
 }
 
+#[instrument(level = "debug")]
 async fn send_custom_alert(
   url: &str,
   alert: &Alert,
 ) -> anyhow::Result<()> {
-  let VariablesAndSecrets { variables, secrets } =
-    get_variables_and_secrets().await?;
+
+  let vars_and_secrets = get_variables_and_secrets().await?;
+  let mut global_replacers = HashSet::new();
+  let mut secret_replacers = HashSet::new();
   let mut url_interpolated = url.to_string();
 
-  let mut interpolator =
-    Interpolator::new(Some(&variables), &secrets);
-
-  interpolator.interpolate_string(&mut url_interpolated)?;
+  // interpolate variables and secrets into the url
+  interpolate_variables_secrets_into_string(
+    &vars_and_secrets,
+    &mut url_interpolated,
+    &mut global_replacers,
+    &mut secret_replacers,
+  )?;
 
   let res = reqwest::Client::new()
     .post(url_interpolated)
@@ -170,15 +156,9 @@ async fn send_custom_alert(
     .send()
     .await
     .map_err(|e| {
-      let replacers = interpolator
-        .secret_replacers
-        .into_iter()
-        .collect::<Vec<_>>();
-      let sanitized_error =
-        svi::replace_in_string(&format!("{e:?}"), &replacers);
-      anyhow::Error::msg(format!(
-        "Error with request: {sanitized_error}"
-      ))
+      let replacers = secret_replacers.into_iter().collect::<Vec<_>>();
+      let sanitized_error = svi::replace_in_string(&format!("{e:?}"), &replacers);
+      anyhow::Error::msg(format!("Error with request: {}", sanitized_error))
     })
     .context("failed at post request to alerter")?;
   let status = res.status();
@@ -233,314 +213,38 @@ fn resource_link(
   resource_type: ResourceTargetVariant,
   id: &str,
 ) -> String {
-  komodo_client::entities::resource_link(
-    &core_config().host,
-    resource_type,
-    id,
-  )
-}
+  let path = match resource_type {
+    ResourceTargetVariant::System => unreachable!(),
+    ResourceTargetVariant::Build => format!("/builds/{id}"),
+    ResourceTargetVariant::Builder => {
+      format!("/builders/{id}")
+    }
+    ResourceTargetVariant::Deployment => {
+      format!("/deployments/{id}")
+    }
+    ResourceTargetVariant::Stack => {
+      format!("/stacks/{id}")
+    }
+    ResourceTargetVariant::Server => {
+      format!("/servers/{id}")
+    }
+    ResourceTargetVariant::Repo => format!("/repos/{id}"),
+    ResourceTargetVariant::Alerter => {
+      format!("/alerters/{id}")
+    }
+    ResourceTargetVariant::Procedure => {
+      format!("/procedures/{id}")
+    }
+    ResourceTargetVariant::Action => {
+      format!("/actions/{id}")
+    }
+    ResourceTargetVariant::ServerTemplate => {
+      format!("/server-templates/{id}")
+    }
+    ResourceTargetVariant::ResourceSync => {
+      format!("/resource-syncs/{id}")
+    }
+  };
 
-/// Standard message content format
-/// used by Ntfy, Pushover.
-fn standard_alert_content(alert: &Alert) -> String {
-  let level = fmt_level(alert.level);
-  match &alert.data {
-    AlertData::Test { id, name } => {
-      let link = resource_link(ResourceTargetVariant::Alerter, id);
-      format!(
-        "{level} | If you see this message, then Alerter {name} is working\n{link}",
-      )
-    }
-    AlertData::SwarmUnhealthy { id, name, err } => {
-      let link = resource_link(ResourceTargetVariant::Swarm, id);
-      match alert.level {
-        SeverityLevel::Ok => {
-          format!("{level} | Swarm {name} is now healthy\n{link}")
-        }
-        SeverityLevel::Critical => {
-          let err = err
-            .as_ref()
-            .map(|e| format!("\nerror: {e}"))
-            .unwrap_or_default();
-          format!("{level} | Swarm {name} is unhealthy ❌\n{link}{err}")
-        }
-        _ => unreachable!(),
-      }
-    }
-    AlertData::ServerVersionMismatch {
-      id,
-      name,
-      region,
-      server_version,
-      core_version,
-    } => {
-      let region = fmt_region(region);
-      let link = resource_link(ResourceTargetVariant::Server, id);
-      match alert.level {
-        SeverityLevel::Ok => {
-          format!(
-            "{level} | {name}{region} | Periphery version now matches Core version ✅\n{link}"
-          )
-        }
-        _ => {
-          format!(
-            "{level} | {name}{region} | Version mismatch detected ⚠️\nPeriphery: {server_version} | Core: {core_version}\n{link}"
-          )
-        }
-      }
-    }
-    AlertData::ServerUnreachable {
-      id,
-      name,
-      region,
-      err,
-    } => {
-      let region = fmt_region(region);
-      let link = resource_link(ResourceTargetVariant::Server, id);
-      match alert.level {
-        SeverityLevel::Ok => {
-          format!("{level} | {name}{region} is now connected\n{link}")
-        }
-        SeverityLevel::Critical => {
-          let err = err
-            .as_ref()
-            .map(|e| format!("\nerror: {e:#?}"))
-            .unwrap_or_default();
-          format!(
-            "{level} | {name}{region} is unreachable ❌\n{link}{err}"
-          )
-        }
-        _ => unreachable!(),
-      }
-    }
-    AlertData::ServerCpu {
-      id,
-      name,
-      region,
-      percentage,
-    } => {
-      let region = fmt_region(region);
-      let link = resource_link(ResourceTargetVariant::Server, id);
-      format!(
-        "{level} | {name}{region} cpu usage at {percentage:.1}%\n{link}",
-      )
-    }
-    AlertData::ServerMem {
-      id,
-      name,
-      region,
-      used_gb,
-      total_gb,
-    } => {
-      let region = fmt_region(region);
-      let link = resource_link(ResourceTargetVariant::Server, id);
-      let percentage = 100.0 * used_gb / total_gb;
-      format!(
-        "{level} | {name}{region} memory usage at {percentage:.1}%💾\n\nUsing {used_gb:.1} GiB / {total_gb:.1} GiB\n{link}",
-      )
-    }
-    AlertData::ServerDisk {
-      id,
-      name,
-      region,
-      path,
-      used_gb,
-      total_gb,
-    } => {
-      let region = fmt_region(region);
-      let link = resource_link(ResourceTargetVariant::Server, id);
-      let percentage = 100.0 * used_gb / total_gb;
-      format!(
-        "{level} | {name}{region} disk usage at {percentage:.1}%💿\nmount point: {path:?}\nusing {used_gb:.1} GiB / {total_gb:.1} GiB\n{link}",
-      )
-    }
-    AlertData::ContainerStateChange {
-      id,
-      name,
-      swarm_id: _swarm_id,
-      swarm_name,
-      server_id: _server_id,
-      server_name,
-      from,
-      to,
-    } => {
-      let link = resource_link(ResourceTargetVariant::Deployment, id);
-      let to_state = fmt_docker_container_state(to);
-      let target = if let Some(swarm) = swarm_name {
-        format!("\nswarm: {swarm}")
-      } else if let Some(server) = server_name {
-        format!("\nserver: {server}")
-      } else {
-        format!("")
-      };
-      format!(
-        "📦Deployment {name} is now {to_state}{target}\nprevious: {from}\n{link}",
-      )
-    }
-    AlertData::DeploymentImageUpdateAvailable {
-      id,
-      name,
-      swarm_id: _swarm_id,
-      swarm_name,
-      server_id: _server_id,
-      server_name,
-      image,
-    } => {
-      let link = resource_link(ResourceTargetVariant::Deployment, id);
-      let target = if let Some(swarm) = swarm_name {
-        format!("\nswarm: {swarm}")
-      } else if let Some(server) = server_name {
-        format!("\nserver: {server}")
-      } else {
-        format!("")
-      };
-      format!(
-        "⬆ Deployment {name} has an update available{target}\nimage: {image}\n{link}",
-      )
-    }
-    AlertData::DeploymentAutoUpdated {
-      id,
-      name,
-      swarm_id: _swarm_id,
-      swarm_name,
-      server_id: _server_id,
-      server_name,
-      image,
-    } => {
-      let link = resource_link(ResourceTargetVariant::Deployment, id);
-      let target = if let Some(swarm) = swarm_name {
-        format!("\nswarm: {swarm}")
-      } else if let Some(server) = server_name {
-        format!("\nserver: {server}")
-      } else {
-        format!("")
-      };
-      format!(
-        "⬆ Deployment {name} was updated automatically{target}\nimage: {image}\n{link}",
-      )
-    }
-    AlertData::StackStateChange {
-      id,
-      name,
-      swarm_id: _swarm_id,
-      swarm_name,
-      server_id: _server_id,
-      server_name,
-      from,
-      to,
-    } => {
-      let link = resource_link(ResourceTargetVariant::Stack, id);
-      let to_state = fmt_stack_state(to);
-      let target = if let Some(swarm) = swarm_name {
-        format!("\nswarm: {swarm}")
-      } else if let Some(server) = server_name {
-        format!("\nserver: {server}")
-      } else {
-        format!("")
-      };
-      format!(
-        "🥞 Stack {name} is now {to_state}{target}\nprevious: {from}\n{link}",
-      )
-    }
-    AlertData::StackImageUpdateAvailable {
-      id,
-      name,
-      swarm_id: _swarm_id,
-      swarm_name,
-      server_id: _server_id,
-      server_name,
-      service,
-      image,
-    } => {
-      let link = resource_link(ResourceTargetVariant::Stack, id);
-      let target = if let Some(swarm) = swarm_name {
-        format!("\nswarm: {swarm}")
-      } else if let Some(server) = server_name {
-        format!("\nserver: {server}")
-      } else {
-        format!("")
-      };
-      format!(
-        "⬆ Stack {name} has an update available{target}\nservice: {service}\nimage: {image}\n{link}",
-      )
-    }
-    AlertData::StackAutoUpdated {
-      id,
-      name,
-      swarm_id: _swarm_id,
-      swarm_name,
-      server_id: _server_id,
-      server_name,
-      images,
-    } => {
-      let link = resource_link(ResourceTargetVariant::Stack, id);
-      let images_label =
-        if images.len() > 1 { "images" } else { "image" };
-      let images_str = images.join(", ");
-      let target = if let Some(swarm) = swarm_name {
-        format!("\nswarm: {swarm}")
-      } else if let Some(server) = server_name {
-        format!("\nserver: {server}")
-      } else {
-        format!("")
-      };
-      format!(
-        "⬆ Stack {name} was updated automatically ⏫{target}\n{images_label}: {images_str}\n{link}",
-      )
-    }
-    AlertData::AwsBuilderTerminationFailed {
-      instance_id,
-      message,
-    } => {
-      format!(
-        "{level} | Failed to terminate AWS builder instance\ninstance id: {instance_id}\n{message}",
-      )
-    }
-    AlertData::ResourceSyncPendingUpdates { id, name } => {
-      let link =
-        resource_link(ResourceTargetVariant::ResourceSync, id);
-      format!(
-        "{level} | Pending resource sync updates on {name}\n{link}",
-      )
-    }
-    AlertData::BuildFailed { id, name, version } => {
-      let link = resource_link(ResourceTargetVariant::Build, id);
-      format!(
-        "{level} | Build {name} failed\nversion: v{version}\n{link}",
-      )
-    }
-    AlertData::RepoBuildFailed { id, name } => {
-      let link = resource_link(ResourceTargetVariant::Repo, id);
-      format!("{level} | Repo build for {name} failed\n{link}",)
-    }
-    AlertData::ProcedureFailed { id, name } => {
-      let link = resource_link(ResourceTargetVariant::Procedure, id);
-      format!("{level} | Procedure {name} failed\n{link}")
-    }
-    AlertData::ActionFailed { id, name } => {
-      let link = resource_link(ResourceTargetVariant::Action, id);
-      format!("{level} | Action {name} failed\n{link}")
-    }
-    AlertData::ScheduleRun {
-      resource_type,
-      id,
-      name,
-    } => {
-      let link = resource_link(*resource_type, id);
-      format!(
-        "{level} | {name} ({resource_type}) | Scheduled run started 🕝\n{link}"
-      )
-    }
-    AlertData::Custom { message, details } => {
-      format!(
-        "{level} | {message}{}",
-        if details.is_empty() {
-          String::new()
-        } else {
-          format!("\n{details}")
-        }
-      )
-    }
-    AlertData::None {} => Default::default(),
-  }
+  format!("{}{path}", core_config().host)
 }

bin/core/src/alert/ntfy.rs

@@ -1,75 +0,0 @@
-use std::sync::OnceLock;
-
-use super::*;
-
-pub async fn send_alert(
-  url: &str,
-  email: Option<&str>,
-  alert: &Alert,
-) -> anyhow::Result<()> {
-  let content = standard_alert_content(alert);
-  if content.is_empty() {
-    return Ok(());
-  }
-
-  let VariablesAndSecrets { variables, secrets } =
-    get_variables_and_secrets().await?;
-  let mut url_interpolated = url.to_string();
-
-  let mut interpolator =
-    Interpolator::new(Some(&variables), &secrets);
-
-  interpolator.interpolate_string(&mut url_interpolated)?;
-
-  send_message(&url_interpolated, email, content)
-    .await
-    .map_err(|e| {
-      let replacers = interpolator
-        .secret_replacers
-        .into_iter()
-        .collect::<Vec<_>>();
-      let sanitized_error =
-        svi::replace_in_string(&format!("{e:?}"), &replacers);
-      anyhow::Error::msg(format!(
-        "Error with request to Ntfy: {sanitized_error}"
-      ))
-    })
-}
-
-async fn send_message(
-  url: &str,
-  email: Option<&str>,
-  content: String,
-) -> anyhow::Result<()> {
-  let mut request = http_client()
-    .post(url)
-    .header("Title", "Komodo Alert")
-    .body(content);
-
-  if let Some(email) = email {
-    request = request.header("X-Email", email);
-  }
-
-  let response =
-    request.send().await.context("Failed to send message")?;
-
-  let status = response.status();
-  if status.is_success() {
-    debug!("ntfy alert sent successfully: {}", status);
-    Ok(())
-  } else {
-    let text = response.text().await.with_context(|| {
-      format!(
-        "Failed to send message to ntfy | {status} | failed to get response text"
-      )
-    })?;
-    Err(anyhow!(
-      "Failed to send message to ntfy | {status} | {text}",
-    ))
-  }
-}
-
-fn http_client() -> &'static reqwest::Client {
-  static CLIENT: OnceLock<reqwest::Client> = OnceLock::new();
-  CLIENT.get_or_init(reqwest::Client::new)
-}

bin/core/src/alert/pushover.rs

@@ -1,74 +0,0 @@
-use std::sync::OnceLock;
-
-use super::*;
-
-pub async fn send_alert(
-  url: &str,
-  alert: &Alert,
-) -> anyhow::Result<()> {
-  let content = standard_alert_content(alert);
-  if content.is_empty() {
-    return Ok(());
-  }
-
-  let VariablesAndSecrets { variables, secrets } =
-    get_variables_and_secrets().await?;
-  let mut url_interpolated = url.to_string();
-
-  let mut interpolator =
-    Interpolator::new(Some(&variables), &secrets);
-
-  interpolator.interpolate_string(&mut url_interpolated)?;
-
-  send_message(&url_interpolated, content).await.map_err(|e| {
-    let replacers = interpolator
-      .secret_replacers
-      .into_iter()
-      .collect::<Vec<_>>();
-    let sanitized_error =
-      svi::replace_in_string(&format!("{e:?}"), &replacers);
-    anyhow::Error::msg(format!(
-      "Error with request to Pushover: {sanitized_error}"
-    ))
-  })
-}
-
-async fn send_message(
-  url: &str,
-  content: String,
-) -> anyhow::Result<()> {
-  // pushover needs all information to be encoded in the URL. At minimum they need
-  // the user key, the application token, and the message (url encoded).
-  // other optional params here: https://pushover.net/api (just add them to the
-  // webhook url along with the application token and the user key).
-  let content = [("message", content)];
-
-  let response = http_client()
-    .post(url)
-    .form(&content)
-    .send()
-    .await
-    .context("Failed to send message")?;
-
-  let status = response.status();
-  if status.is_success() {
-    debug!("pushover alert sent successfully: {}", status);
-    Ok(())
-  } else {
-    let text = response.text().await.with_context(|| {
-      format!(
-        "Failed to send message to pushover | {status} | failed to get response text"
-      )
-    })?;
-    Err(anyhow!(
-      "Failed to send message to pushover | {} | {}",
-      status,
-      text
-    ))
-  }
-}
-
-fn http_client() -> &'static reqwest::Client {
-  static CLIENT: OnceLock<reqwest::Client> = OnceLock::new();
-  CLIENT.get_or_init(reqwest::Client::new)
-}

bin/core/src/alert/slack.rs

@@ -1,7 +1,6 @@
-use ::slack::types::OwnedBlock as Block;
-
 use super::*;
 
+#[instrument(level = "debug")]
 pub async fn send_alert(
   url: &str,
   alert: &Alert,
@@ -24,70 +23,6 @@ pub async fn send_alert(
       ];
       (text, blocks.into())
     }
-    AlertData::SwarmUnhealthy { id, name, err } => {
-      match alert.level {
-        SeverityLevel::Ok => {
-          let text =
-            format!("{level} | Swarm *{name}* is now *healthy*");
-          let blocks = vec![
-            Block::header(level),
-            Block::section(format!(
-              "Swarm *{name}* is now *healthy*"
-            )),
-          ];
-          (text, blocks.into())
-        }
-        SeverityLevel::Critical => {
-          let text =
-            format!("{level} | Swarm *{name}* is *unhealthy* ❌");
-          let err = err
-            .as_ref()
-            .map(|e| format!("\nerror: {e}"))
-            .unwrap_or_default();
-          let blocks = vec![
-            Block::header(level),
-            Block::section(format!(
-              "Swarm *{name}* is *unhealthy* ❌{err}"
-            )),
-            Block::section(resource_link(
-              ResourceTargetVariant::Server,
-              id,
-            )),
-          ];
-          (text, blocks.into())
-        }
-        _ => unreachable!(),
-      }
-    }
-    AlertData::ServerVersionMismatch {
-      id,
-      name,
-      region,
-      server_version,
-      core_version,
-    } => {
-      let region = fmt_region(region);
-      let text = match alert.level {
-        SeverityLevel::Ok => {
-          format!(
-            "{level} | *{name}*{region} | Periphery version now matches Core version ✅"
-          )
-        }
-        _ => {
-          format!(
-            "{level} | *{name}*{region} | Version mismatch detected ⚠️\nPeriphery: {server_version} | Core: {core_version}"
-          )
-        }
-      };
-      let blocks = vec![
-        Block::header(text.clone()),
-        Block::section(resource_link(
-          ResourceTargetVariant::Server,
-          id,
-        )),
-      ];
-      (text, blocks.into())
-    }
     AlertData::ServerUnreachable {
       id,
       name,
@@ -98,11 +33,11 @@ pub async fn send_alert(
       match alert.level {
         SeverityLevel::Ok => {
           let text =
-            format!("{level} | *{name}*{region} is now *connected*");
+            format!("{level} | *{name}*{region} is now *reachable*");
           let blocks = vec![
             Block::header(level),
             Block::section(format!(
-              "*{name}*{region} is now *connected*"
+              "*{name}*{region} is now *reachable*"
             )),
           ];
           (text, blocks.into())
@@ -138,9 +73,7 @@ pub async fn send_alert(
       let region = fmt_region(region);
       match alert.level {
         SeverityLevel::Ok => {
-          let text = format!(
-            "{level} | *{name}*{region} cpu usage at *{percentage:.1}%*"
-          );
+          let text = format!("{level} | *{name}*{region} cpu usage at *{percentage:.1}%*");
           let blocks = vec![
             Block::header(level),
             Block::section(format!(
@@ -154,9 +87,7 @@ pub async fn send_alert(
           (text, blocks.into())
         }
         _ => {
-          let text = format!(
-            "{level} | *{name}*{region} cpu usage at *{percentage:.1}%* 📈"
-          );
+          let text = format!("{level} | *{name}*{region} cpu usage at *{percentage:.1}%* 📈");
           let blocks = vec![
             Block::header(level),
             Block::section(format!(
@@ -182,9 +113,7 @@ pub async fn send_alert(
       let percentage = 100.0 * used_gb / total_gb;
       match alert.level {
         SeverityLevel::Ok => {
-          let text = format!(
-            "{level} | *{name}*{region} memory usage at *{percentage:.1}%* 💾"
-          );
+          let text = format!("{level} | *{name}*{region} memory usage at *{percentage:.1}%* 💾");
           let blocks = vec![
             Block::header(level),
             Block::section(format!(
@@ -201,9 +130,7 @@ pub async fn send_alert(
           (text, blocks.into())
         }
         _ => {
-          let text = format!(
-            "{level} | *{name}*{region} memory usage at *{percentage:.1}%* 💾"
-          );
+          let text = format!("{level} | *{name}*{region} memory usage at *{percentage:.1}%* 💾");
           let blocks = vec![
             Block::header(level),
             Block::section(format!(
@@ -233,9 +160,7 @@ pub async fn send_alert(
       let percentage = 100.0 * used_gb / total_gb;
       match alert.level {
         SeverityLevel::Ok => {
-          let text = format!(
-            "{level} | *{name}*{region} disk usage at *{percentage:.1}%* | mount point: *{path:?}* 💿"
-          );
+          let text = format!("{level} | *{name}*{region} disk usage at *{percentage:.1}%* | mount point: *{path:?}* 💿");
           let blocks = vec![
             Block::header(level),
             Block::section(format!(
@@ -244,17 +169,12 @@ pub async fn send_alert(
             Block::section(format!(
               "mount point: {path:?} | using *{used_gb:.1} GiB* / *{total_gb:.1} GiB*"
             )),
-            Block::section(resource_link(
-              ResourceTargetVariant::Server,
-              id,
-            )),
+            Block::section(resource_link(ResourceTargetVariant::Server, id)),
           ];
           (text, blocks.into())
         }
         _ => {
-          let text = format!(
-            "{level} | *{name}*{region} disk usage at *{percentage:.1}%* | mount point: *{path:?}* 💿"
-          );
+          let text = format!("{level} | *{name}*{region} disk usage at *{percentage:.1}%* | mount point: *{path:?}* 💿");
           let blocks = vec![
             Block::header(level),
             Block::section(format!(
@@ -263,10 +183,7 @@ pub async fn send_alert(
             Block::section(format!(
               "mount point: {path:?} | using *{used_gb:.1} GiB* / *{total_gb:.1} GiB*"
             )),
-            Block::section(resource_link(
-              ResourceTargetVariant::Server,
-              id,
-            )),
+            Block::section(resource_link(ResourceTargetVariant::Server, id)),
           ];
           (text, blocks.into())
         }
@@ -274,26 +191,19 @@ pub async fn send_alert(
     }
     AlertData::ContainerStateChange {
       name,
-      swarm_id: _swarm_id,
-      swarm_name,
-      server_id: _server_id,
       server_name,
       from,
       to,
       id,
+      ..
     } => {
       let to = fmt_docker_container_state(to);
       let text = format!("📦 Container *{name}* is now *{to}*");
-      let target = if let Some(swarm) = swarm_name {
-        format!("swarm: *{swarm}*\n")
-      } else if let Some(server) = server_name {
-        format!("server: *{server}*\n")
-      } else {
-        format!("")
-      };
       let blocks = vec![
         Block::header(text.clone()),
-        Block::section(format!("{target}previous: {from}",)),
+        Block::section(format!(
+          "server: {server_name}\nprevious: {from}",
+        )),
         Block::section(resource_link(
           ResourceTargetVariant::Deployment,
           id,
@@ -304,24 +214,17 @@ pub async fn send_alert(
     AlertData::DeploymentImageUpdateAvailable {
       id,
       name,
-      swarm_id: _swarm_id,
-      swarm_name,
-      server_id: _server_id,
       server_name,
+      server_id: _server_id,
       image,
     } => {
       let text =
         format!("⬆ Deployment *{name}* has an update available");
-      let target = if let Some(swarm) = swarm_name {
-        format!("swarm: *{swarm}*\n")
-      } else if let Some(server) = server_name {
-        format!("server: *{server}*\n")
-      } else {
-        format!("")
-      };
       let blocks = vec![
         Block::header(text.clone()),
-        Block::section(format!("{target}image: *{image}*",)),
+        Block::section(format!(
+          "server: *{server_name}*\nimage: *{image}*",
+        )),
         Block::section(resource_link(
           ResourceTargetVariant::Deployment,
           id,
@@ -332,24 +235,17 @@ pub async fn send_alert(
     AlertData::DeploymentAutoUpdated {
       id,
       name,
-      swarm_id: _swarm_id,
-      swarm_name,
-      server_id: _server_id,
       server_name,
+      server_id: _server_id,
       image,
     } => {
       let text =
         format!("⬆ Deployment *{name}* was updated automatically ⏫");
-      let target = if let Some(swarm) = swarm_name {
-        format!("swarm: *{swarm}*\n")
-      } else if let Some(server) = server_name {
-        format!("server: *{server}*\n")
-      } else {
-        format!("")
-      };
       let blocks = vec![
         Block::header(text.clone()),
-        Block::section(format!("{target}image: *{image}*",)),
+        Block::section(format!(
+          "server: *{server_name}*\nimage: *{image}*",
+        )),
         Block::section(resource_link(
           ResourceTargetVariant::Deployment,
           id,
@@ -359,26 +255,19 @@ pub async fn send_alert(
     }
     AlertData::StackStateChange {
       name,
-      swarm_id: _swarm_id,
-      swarm_name,
-      server_id: _server_id,
       server_name,
       from,
       to,
       id,
+      ..
     } => {
       let to = fmt_stack_state(to);
       let text = format!("🥞 Stack *{name}* is now *{to}*");
-      let target = if let Some(swarm) = swarm_name {
-        format!("swarm: *{swarm}*\n")
-      } else if let Some(server) = server_name {
-        format!("server: *{server}*\n")
-      } else {
-        format!("")
-      };
       let blocks = vec![
         Block::header(text.clone()),
-        Block::section(format!("{target}previous: *{from}*",)),
+        Block::section(format!(
+          "server: *{server_name}*\nprevious: *{from}*",
+        )),
         Block::section(resource_link(
           ResourceTargetVariant::Stack,
           id,
@@ -389,25 +278,16 @@ pub async fn send_alert(
     AlertData::StackImageUpdateAvailable {
       id,
       name,
-      swarm_id: _swarm_id,
-      swarm_name,
-      server_id: _server_id,
       server_name,
+      server_id: _server_id,
       service,
       image,
     } => {
       let text = format!("⬆ Stack *{name}* has an update available");
-      let target = if let Some(swarm) = swarm_name {
-        format!("swarm: *{swarm}*\n")
-      } else if let Some(server) = server_name {
-        format!("server: *{server}*\n")
-      } else {
-        format!("")
-      };
       let blocks = vec![
         Block::header(text.clone()),
         Block::section(format!(
-          "{target}service: *{service}*\nimage: *{image}*",
+          "server: *{server_name}*\nservice: *{service}*\nimage: *{image}*",
         )),
         Block::section(resource_link(
           ResourceTargetVariant::Stack,
@@ -419,10 +299,8 @@ pub async fn send_alert(
     AlertData::StackAutoUpdated {
       id,
       name,
-      swarm_id: _swarm_id,
-      swarm_name,
-      server_id: _server_id,
       server_name,
+      server_id: _server_id,
       images,
     } => {
       let text =
@@ -430,18 +308,11 @@ pub async fn send_alert(
       let images_label =
         if images.len() > 1 { "images" } else { "image" };
       let images = images.join(", ");
-      let target = if let Some(swarm) = swarm_name {
-        format!("swarm: *{swarm}*\n")
-      } else if let Some(server) = server_name {
-        format!("server: *{server}*\n")
-      } else {
-        format!("")
-      };
       let blocks = vec![
         Block::header(text.clone()),
-        Block::section(
-          format!("{target}{images_label}: *{images}*",),
-        ),
+        Block::section(format!(
+          "server: *{server_name}*\n{images_label}: *{images}*",
+        )),
         Block::section(resource_link(
           ResourceTargetVariant::Stack,
           id,
@@ -484,7 +355,9 @@ pub async fn send_alert(
       let text = format!("{level} | Build {name} has failed");
       let blocks = vec![
         Block::header(text.clone()),
-        Block::section(format!("version: *v{version}*",)),
+        Block::section(format!(
+          "build name: *{name}*\nversion: *v{version}*",
+        )),
         Block::section(resource_link(
           ResourceTargetVariant::Build,
           id,
@@ -497,6 +370,7 @@ pub async fn send_alert(
         format!("{level} | Repo build for *{name}* has *failed*");
       let blocks = vec![
         Block::header(text.clone()),
+        Block::section(format!("repo name: *{name}*",)),
         Block::section(resource_link(
           ResourceTargetVariant::Repo,
           id,
@@ -504,76 +378,11 @@ pub async fn send_alert(
       ];
       (text, blocks.into())
     }
-    AlertData::ProcedureFailed { id, name } => {
-      let text = format!("{level} | Procedure *{name}* has *failed*");
-      let blocks = vec![
-        Block::header(text.clone()),
-        Block::section(resource_link(
-          ResourceTargetVariant::Procedure,
-          id,
-        )),
-      ];
-      (text, blocks.into())
-    }
-    AlertData::ActionFailed { id, name } => {
-      let text = format!("{level} | Action *{name}* has *failed*");
-      let blocks = vec![
-        Block::header(text.clone()),
-        Block::section(resource_link(
-          ResourceTargetVariant::Action,
-          id,
-        )),
-      ];
-      (text, blocks.into())
-    }
-    AlertData::ScheduleRun {
-      resource_type,
-      id,
-      name,
-    } => {
-      let text = format!(
-        "{level} | *{name}* ({resource_type}) | Scheduled run started 🕝"
-      );
-      let blocks = vec![
-        Block::header(text.clone()),
-        Block::section(resource_link(*resource_type, id)),
-      ];
-      (text, blocks.into())
-    }
-    AlertData::Custom { message, details } => {
-      let text = format!("{level} | {message}");
-      let blocks =
-        vec![Block::header(text.clone()), Block::section(details)];
-      (text, blocks.into())
-    }
     AlertData::None {} => Default::default(),
   };
-  if text.is_empty() {
-    return Ok(());
+  if !text.is_empty() {
+    let slack = ::slack::Client::new(url);
+    slack.send_message(text, blocks).await?;
   }
-  let VariablesAndSecrets { variables, secrets } =
-    get_variables_and_secrets().await?;
-  let mut url_interpolated = url.to_string();
-
-  let mut interpolator =
-    Interpolator::new(Some(&variables), &secrets);
-
-  interpolator.interpolate_string(&mut url_interpolated)?;
-
-  let slack = ::slack::Client::new(url_interpolated);
-  slack
-    .send_owned_message_single(&text, None, blocks.as_deref())
-    .await
-    .map_err(|e| {
-      let replacers = interpolator
-        .secret_replacers
-        .into_iter()
-        .collect::<Vec<_>>();
-      let sanitized_error =
-        svi::replace_in_string(&format!("{e:?}"), &replacers);
-      anyhow::Error::msg(format!(
-        "Error with request to Slack: {sanitized_error}"
-      ))
-    })?;
   Ok(())
 }

bin/core/src/api/auth.rs

@@ -0,0 +1,145 @@
+use std::{sync::OnceLock, time::Instant};
+
+use axum::{http::HeaderMap, routing::post, Router};
+use derive_variants::{EnumVariants, ExtractVariant};
+use komodo_client::{api::auth::*, entities::user::User};
+use resolver_api::Resolve;
+use response::Response;
+use serde::{Deserialize, Serialize};
+use serror::Json;
+use typeshare::typeshare;
+use uuid::Uuid;
+
+use crate::{
+  auth::{
+    get_user_id_from_headers,
+    github::{self, client::github_oauth_client},
+    google::{self, client::google_oauth_client},
+    oidc,
+  },
+  config::core_config,
+  helpers::query::get_user,
+  state::jwt_client,
+};
+
+pub struct AuthArgs {
+  pub headers: HeaderMap,
+}
+
+#[typeshare]
+#[derive(
+  Serialize, Deserialize, Debug, Clone, Resolve, EnumVariants,
+)]
+#[args(AuthArgs)]
+#[response(Response)]
+#[error(serror::Error)]
+#[variant_derive(Debug)]
+#[serde(tag = "type", content = "params")]
+#[allow(clippy::enum_variant_names, clippy::large_enum_variant)]
+pub enum AuthRequest {
+  GetLoginOptions(GetLoginOptions),
+  CreateLocalUser(CreateLocalUser),
+  LoginLocalUser(LoginLocalUser),
+  ExchangeForJwt(ExchangeForJwt),
+  GetUser(GetUser),
+}
+
+pub fn router() -> Router {
+  let mut router = Router::new().route("/", post(handler));
+
+  if core_config().local_auth {
+    info!("🔑 Local Login Enabled");
+  }
+
+  if github_oauth_client().is_some() {
+    info!("🔑 Github Login Enabled");
+    router = router.nest("/github", github::router())
+  }
+
+  if google_oauth_client().is_some() {
+    info!("🔑 Github Login Enabled");
+    router = router.nest("/google", google::router())
+  }
+
+  if core_config().oidc_enabled {
+    info!("🔑 OIDC Login Enabled");
+    router = router.nest("/oidc", oidc::router())
+  }
+
+  router
+}
+
+#[instrument(name = "AuthHandler", level = "debug", skip(headers))]
+async fn handler(
+  headers: HeaderMap,
+  Json(request): Json<AuthRequest>,
+) -> serror::Result<axum::response::Response> {
+  let timer = Instant::now();
+  let req_id = Uuid::new_v4();
+  debug!(
+    "/auth request {req_id} | METHOD: {:?}",
+    request.extract_variant()
+  );
+  let res = request.resolve(&AuthArgs { headers }).await;
+  if let Err(e) = &res {
+    debug!("/auth request {req_id} | error: {:#}", e.error);
+  }
+  let elapsed = timer.elapsed();
+  debug!("/auth request {req_id} | resolve time: {elapsed:?}");
+  res.map(|res| res.0)
+}
+
+fn login_options_reponse() -> &'static GetLoginOptionsResponse {
+  static GET_LOGIN_OPTIONS_RESPONSE: OnceLock<
+    GetLoginOptionsResponse,
+  > = OnceLock::new();
+  GET_LOGIN_OPTIONS_RESPONSE.get_or_init(|| {
+    let config = core_config();
+    GetLoginOptionsResponse {
+      local: config.local_auth,
+      github: config.github_oauth.enabled
+        && !config.github_oauth.id.is_empty()
+        && !config.github_oauth.secret.is_empty(),
+      google: config.google_oauth.enabled
+        && !config.google_oauth.id.is_empty()
+        && !config.google_oauth.secret.is_empty(),
+      oidc: config.oidc_enabled
+        && !config.oidc_provider.is_empty()
+        && !config.oidc_client_id.is_empty()
+        && !config.oidc_client_secret.is_empty(),
+      registration_disabled: config.disable_user_registration,
+    }
+  })
+}
+
+impl Resolve<AuthArgs> for GetLoginOptions {
+  #[instrument(name = "GetLoginOptions", level = "debug", skip(self))]
+  async fn resolve(
+    self,
+    _: &AuthArgs,
+  ) -> serror::Result<GetLoginOptionsResponse> {
+    Ok(*login_options_reponse())
+  }
+}
+
+impl Resolve<AuthArgs> for ExchangeForJwt {
+  #[instrument(name = "ExchangeForJwt", level = "debug", skip(self))]
+  async fn resolve(
+    self,
+    _: &AuthArgs,
+  ) -> serror::Result<ExchangeForJwtResponse> {
+    let jwt = jwt_client().redeem_exchange_token(&self.token).await?;
+    Ok(ExchangeForJwtResponse { jwt })
+  }
+}
+
+impl Resolve<AuthArgs> for GetUser {
+  #[instrument(name = "GetUser", level = "debug", skip(self))]
+  async fn resolve(
+    self,
+    AuthArgs { headers }: &AuthArgs,
+  ) -> serror::Result<User> {
+    let user_id = get_user_id_from_headers(headers).await?;
+    Ok(get_user(&user_id).await?)
+  }
+}

bin/core/src/api/execute/action.rs

@@ -1,51 +1,39 @@
 use std::{
   collections::HashSet,
   path::{Path, PathBuf},
+  str::FromStr,
   sync::OnceLock,
 };
 
 use anyhow::Context;
-use command::run_komodo_standard_command;
-use database::mungos::{
-  by_id::update_one_by_id, mongodb::bson::to_document,
-};
-use interpolate::Interpolator;
+use command::run_komodo_command;
 use komodo_client::{
-  api::execute::{BatchExecutionResponse, BatchRunAction, RunAction},
-  entities::{
-    FileFormat, JsonObject,
-    action::Action,
-    alert::{Alert, AlertData, SeverityLevel},
-    config::core::CoreConfig,
-    komodo_timestamp,
-    permission::PermissionLevel,
-    random_string,
-    update::Update,
-    user::action_user,
+  api::{
+    execute::{BatchExecutionResponse, BatchRunAction, RunAction},
+    user::{CreateApiKey, CreateApiKeyResponse, DeleteApiKey},
+  },
+  entities::{
+    action::Action, config::core::CoreConfig,
+    permission::PermissionLevel, update::Update, user::action_user,
   },
-  parsers::parse_key_value_list,
 };
-use mogh_auth_client::api::manage::{
-  CreateApiKey, CreateApiKeyResponse,
-};
-use mogh_auth_server::api::manage::api_key::{
-  create_api_key, delete_api_key,
-};
-use mogh_config::merge_objects;
-use mogh_resolver::Resolve;
+use mungos::{by_id::update_one_by_id, mongodb::bson::to_document};
+use resolver_api::Resolve;
 use tokio::fs;
 
 use crate::{
-  alert::send_alerts,
-  api::execute::ExecuteRequest,
-  auth::KomodoAuthImpl,
+  api::{execute::ExecuteRequest, user::UserArgs},
   config::core_config,
   helpers::{
-    query::{VariablesAndSecrets, get_variables_and_secrets},
+    interpolate::{
+      add_interp_update_log,
+      interpolate_variables_secrets_into_string,
+    },
+    query::get_variables_and_secrets,
+    random_string,
     update::update_update,
   },
-  permission::get_check_permissions,
-  resource::refresh_action_state_cache,
+  resource::{self, refresh_action_state_cache},
   state::{action_states, db_client},
 };
 
@@ -54,27 +42,16 @@ use super::ExecuteArgs;
 impl super::BatchExecute for BatchRunAction {
   type Resource = Action;
   fn single_request(action: String) -> ExecuteRequest {
-    ExecuteRequest::RunAction(RunAction {
-      action,
-      args: Default::default(),
-    })
+    ExecuteRequest::RunAction(RunAction { action })
   }
 }
 
 impl Resolve<ExecuteArgs> for BatchRunAction {
-  #[instrument(
-    "BatchRunAction",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      pattern = self.pattern,
-    )
-  )]
+  #[instrument(name = "BatchRunAction", skip(self, user), fields(user_id = user.id))]
   async fn resolve(
     self,
-    ExecuteArgs { user, id, .. }: &ExecuteArgs,
-  ) -> mogh_error::Result<BatchExecutionResponse> {
+    ExecuteArgs { user, .. }: &ExecuteArgs,
+  ) -> serror::Result<BatchExecutionResponse> {
     Ok(
       super::batch_execute::<BatchRunAction>(&self.pattern, user)
         .await?,
@@ -83,24 +60,15 @@ impl Resolve<ExecuteArgs> for BatchRunAction {
 }
 
 impl Resolve<ExecuteArgs> for RunAction {
-  #[instrument(
-    "RunAction",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      action = self.action,
-    )
-  )]
+  #[instrument(name = "RunAction", skip(user, update), fields(user_id = user.id, update_id = update.id))]
   async fn resolve(
     self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> mogh_error::Result<Update> {
-    let mut action = get_check_permissions::<Action>(
+    ExecuteArgs { user, update }: &ExecuteArgs,
+  ) -> serror::Result<Update> {
+    let mut action = resource::get_check_permissions::<Action>(
       &self.action,
-      user,
-      PermissionLevel::Execute.into(),
+      &user,
+      PermissionLevel::Execute,
     )
     .await?;
 
@@ -112,114 +80,65 @@ impl Resolve<ExecuteArgs> for RunAction {
 
     // This will set action state back to default when dropped.
     // Will also check to ensure action not already busy before updating.
-    let _action_guard = action_state.update_custom(
-      |state| state.running += 1,
-      |state| state.running -= 1,
-      false,
-    )?;
+    let _action_guard =
+      action_state.update(|state| state.running = true)?;
 
     let mut update = update.clone();
 
     update_update(update.clone()).await?;
 
-    let default_args = parse_action_arguments(
-      &action.config.arguments,
-      action.config.arguments_format,
-    )
-    .context("Failed to parse default Action arguments")?;
-
-    let args = merge_objects(
-      default_args,
-      self.args.unwrap_or_default(),
-      true,
-      true,
-    )
-    .context("Failed to merge request args with default args")?;
-
-    let args = serde_json::to_string(&args)
-      .context("Failed to serialize action run arguments")?;
-
-    let CreateApiKeyResponse { key, secret } = create_api_key(
-      &KomodoAuthImpl,
-      action_user().id.clone(),
-      CreateApiKey {
-        name: update.id.clone(),
-        expires: 0,
-      },
-    )
+    let CreateApiKeyResponse { key, secret } = CreateApiKey {
+      name: update.id.clone(),
+      expires: 0,
+    }
+    .resolve(&UserArgs {
+      user: action_user().to_owned(),
+    })
     .await?;
 
-    // Do next steps in seperate error handling block,
-    // and delete the API key before unwrapping the error.
-    // If Komodo shuts down during these steps, there will
-    // be a dangling api key in the DB with user_id: "000000000000000000000002".
-    // These need to be
-    let res = async {
-      let contents = &mut action.config.file_contents;
+    let contents = &mut action.config.file_contents;
 
-      // Wrap the file contents in the execution context.
-      *contents = full_contents(contents, &args, &key, &secret);
+    // Wrap the file contents in the execution context.
+    *contents = full_contents(contents, &key, &secret);
 
-      let replacers = interpolate(
-        contents,
-        &mut update,
-        key.clone(),
-        secret.clone(),
-      )
-      .await?
-      .into_iter()
-      .collect::<Vec<_>>();
+    let replacers =
+      interpolate(contents, &mut update, key.clone(), secret.clone())
+        .await?
+        .into_iter()
+        .collect::<Vec<_>>();
 
-      let file = format!("{}.ts", random_string(10));
-      let path = core_config().action_directory.join(&file);
+    let file = format!("{}.ts", random_string(10));
+    let path = core_config().action_directory.join(&file);
 
-      mogh_secret_file::write_async(&path, contents)
-        .await
-        .with_context(|| {
-          format!("Failed to write action file to {path:?}")
-        })?;
-
-      let CoreConfig { ssl_enabled, .. } = core_config();
-
-      let https_cert_flag = if *ssl_enabled {
-        " --unsafely-ignore-certificate-errors=localhost"
-      } else {
-        ""
-      };
-
-      let reload = if action.config.reload_deno_deps {
-        " --reload"
-      } else {
-        ""
-      };
-
-      let mut res = run_komodo_standard_command(
-        // Keep this stage name as is, the UI will find the latest update log by matching the stage name
-        "Execute Action",
-        None,
-        format!(
-          "deno run --allow-all{https_cert_flag}{reload} {}",
-          path.display()
-        ),
-      )
-      .await;
-
-      res.stdout = svi::replace_in_string(&res.stdout, &replacers)
-        .replace(&key, "<ACTION_API_KEY>");
-      res.stderr = svi::replace_in_string(&res.stderr, &replacers)
-        .replace(&secret, "<ACTION_API_SECRET>");
-
-      cleanup_run(file + ".js", &path).await;
-
-      update.logs.push(res);
-      update.finalize();
-
-      mogh_error::Ok(update)
+    if let Some(parent) = path.parent() {
+      let _ = fs::create_dir_all(parent).await;
     }
+
+    fs::write(&path, contents).await.with_context(|| {
+      format!("Failed to write action file to {path:?}")
+    })?;
+
+    let mut res = run_komodo_command(
+      // Keep this stage name as is, the UI will find the latest update log by matching the stage name
+      "Execute Action",
+      None,
+      format!("deno run --allow-all {}", path.display()),
+      false,
+    )
     .await;
 
-    if let Err(e) =
-      delete_api_key(&KomodoAuthImpl, &action_user().id, key).await
+    res.stdout = svi::replace_in_string(&res.stdout, &replacers)
+      .replace(&key, "<ACTION_API_KEY>");
+    res.stderr = svi::replace_in_string(&res.stderr, &replacers)
+      .replace(&secret, "<ACTION_API_SECRET>");
+
+    cleanup_run(file + ".js", &path).await;
+
+    if let Err(e) = (DeleteApiKey { key })
+      .resolve(&UserArgs {
+        user: action_user().to_owned(),
+      })
+      .await
     {
       warn!(
         "Failed to delete API key after action execution | {:#}",
@@ -227,7 +146,8 @@ impl Resolve<ExecuteArgs> for RunAction {
       );
     };
 
-    let update = res?;
+    update.logs.push(res);
+    update.finalize();
 
     // Need to manually update the update before cache refresh,
     // and before broadcast with update_update.
@@ -237,7 +157,7 @@ impl Resolve<ExecuteArgs> for RunAction {
       let _ = update_one_by_id(
         &db_client().updates,
         &update.id,
-        database::mungos::update::Update::Set(update_doc),
+        mungos::update::Update::Set(update_doc),
         None,
       )
       .await;
@@ -246,68 +166,48 @@ impl Resolve<ExecuteArgs> for RunAction {
 
     update_update(update.clone()).await?;
 
-    if !update.success && action.config.failure_alert {
-      let target = update.target.clone();
-      tokio::spawn(async move {
-        let alert = Alert {
-          id: Default::default(),
-          target,
-          ts: komodo_timestamp(),
-          resolved_ts: Some(komodo_timestamp()),
-          resolved: true,
-          level: SeverityLevel::Warning,
-          data: AlertData::ActionFailed {
-            id: action.id,
-            name: action.name,
-          },
-        };
-        send_alerts(&[alert]).await
-      });
-    }
-
     Ok(update)
   }
 }
 
-#[instrument("Interpolate", skip(contents, update, secret))]
 async fn interpolate(
   contents: &mut String,
   update: &mut Update,
   key: String,
   secret: String,
-) -> mogh_error::Result<HashSet<(String, String)>> {
-  let VariablesAndSecrets {
-    variables,
-    mut secrets,
-  } = get_variables_and_secrets().await?;
+) -> serror::Result<HashSet<(String, String)>> {
+  let mut vars_and_secrets = get_variables_and_secrets().await?;
 
-  secrets.insert(String::from("ACTION_API_KEY"), key);
-  secrets.insert(String::from("ACTION_API_SECRET"), secret);
+  vars_and_secrets
+    .secrets
+    .insert(String::from("ACTION_API_KEY"), key);
+  vars_and_secrets
+    .secrets
+    .insert(String::from("ACTION_API_SECRET"), secret);
 
-  let mut interpolator =
-    Interpolator::new(Some(&variables), &secrets);
+  let mut global_replacers = HashSet::new();
+  let mut secret_replacers = HashSet::new();
 
-  interpolator
-    .interpolate_string(contents)?
-    .push_logs(&mut update.logs);
+  interpolate_variables_secrets_into_string(
+    &vars_and_secrets,
+    contents,
+    &mut global_replacers,
+    &mut secret_replacers,
+  )?;
 
-  Ok(interpolator.secret_replacers)
+  add_interp_update_log(update, &global_replacers, &secret_replacers);
+
+  Ok(secret_replacers)
 }
 
-fn full_contents(
-  contents: &str,
-  // Pre-serialized to JSON string.
-  args: &str,
-  key: &str,
-  secret: &str,
-) -> String {
+fn full_contents(contents: &str, key: &str, secret: &str) -> String {
   let CoreConfig {
     port, ssl_enabled, ..
   } = core_config();
   let protocol = if *ssl_enabled { "https" } else { "http" };
   let base_url = format!("{protocol}://localhost:{port}");
   format!(
-    "import {{ KomodoClient, Types }} from '{base_url}/client/lib.js';
+    "import {{ KomodoClient }} from '{base_url}/client/lib.js';
 import * as __YAML__ from 'jsr:@std/yaml';
 import * as __TOML__ from 'jsr:@std/toml';
 
@@ -325,8 +225,6 @@ const TOML = {{
   parseCargoToml: __TOML__.parse,
 }}
 
-const ARGS = {args};
-
 const komodo = KomodoClient('{base_url}', {{
   type: 'api-key',
   params: {{ key: '{key}', secret: '{secret}' }}
@@ -345,7 +243,7 @@ main()
     console.error('Status:', error.status);
     console.error(JSON.stringify(error.result, null, 2));
   }} else {{
-    console.error(error);
+    console.error(JSON.stringify(error, null, 2));
   }}
   Deno.exit(1)
 }});"
@@ -355,7 +253,6 @@ main()
 /// Cleans up file at given path.
 /// ALSO if $DENO_DIR is set,
 /// will clean up the generated file matching "file"
-#[instrument("CleanupRun")]
 async fn cleanup_run(file: String, path: &Path) {
   if let Err(e) = fs::remove_file(path).await {
     warn!(
@@ -375,7 +272,7 @@ fn deno_dir() -> Option<&'static Path> {
   DENO_DIR
     .get_or_init(|| {
       let deno_dir = std::env::var("DENO_DIR").ok()?;
-      Some(PathBuf::from(&deno_dir))
+      PathBuf::from_str(&deno_dir).ok()
     })
     .as_deref()
 }
@@ -408,8 +305,8 @@ fn delete_file(
         if name == file {
           if let Err(e) = fs::remove_file(entry.path()).await {
             warn!(
-              "Failed to clean up generated file after action execution | {e:#}"
-            );
+            "Failed to clean up generated file after action execution | {e:#}"
+          );
           };
           return true;
         }
@@ -433,25 +330,3 @@ fn delete_file(
     }
   })
 }
-
-fn parse_action_arguments(
-  args: &str,
-  format: FileFormat,
-) -> anyhow::Result<JsonObject> {
-  match format {
-    FileFormat::KeyValue => {
-      let args = parse_key_value_list(args)
-        .context("Failed to parse args as key value list")?
-        .into_iter()
-        .map(|(k, v)| (k, serde_json::Value::String(v)))
-        .collect();
-      Ok(args)
-    }
-    FileFormat::Toml => toml::from_str(args)
-      .context("Failed to parse Toml to Action args"),
-    FileFormat::Yaml => serde_yaml_ng::from_str(args)
-      .context("Failed to parse Yaml to action args"),
-    FileFormat::Json => serde_json::from_str(args)
-      .context("Failed to parse Json to action args"),
-  }
-}

bin/core/src/api/execute/alerter.rs

@@ -1,47 +1,32 @@
-use anyhow::{Context, anyhow};
 use formatting::format_serror;
-use futures_util::{
-  StreamExt, TryStreamExt, stream::FuturesUnordered,
-};
 use komodo_client::{
-  api::execute::{SendAlert, TestAlerter},
+  api::execute::TestAlerter,
   entities::{
-    alert::{Alert, AlertData, AlertDataVariant, SeverityLevel},
+    alert::{Alert, AlertData, SeverityLevel},
     alerter::Alerter,
     komodo_timestamp,
     permission::PermissionLevel,
   },
 };
-use mogh_error::AddStatusCodeError;
-use mogh_resolver::Resolve;
-use reqwest::StatusCode;
+use resolver_api::Resolve;
 
 use crate::{
   alert::send_alert_to_alerter, helpers::update::update_update,
-  permission::get_check_permissions, resource::list_full_for_user,
+  resource::get_check_permissions,
 };
 
 use super::ExecuteArgs;
 
 impl Resolve<ExecuteArgs> for TestAlerter {
-  #[instrument(
-    "TestAlerter",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      alerter = self.alerter,
-    )
-  )]
+  #[instrument(name = "TestAlerter", skip(user, update), fields(user_id = user.id, update_id = update.id))]
   async fn resolve(
     self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
+    ExecuteArgs { user, update }: &ExecuteArgs,
   ) -> Result<Self::Response, Self::Error> {
     let alerter = get_check_permissions::<Alerter>(
       &self.alerter,
       user,
-      PermissionLevel::Execute.into(),
+      PermissionLevel::Execute,
     )
     .await?;
 
@@ -86,106 +71,3 @@ impl Resolve<ExecuteArgs> for TestAlerter {
     Ok(update)
   }
 }
-
-//
-
-impl Resolve<ExecuteArgs> for SendAlert {
-  #[instrument(
-    "SendAlert",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      request = format!("{self:?}"),
-    )
-  )]
-  async fn resolve(
-    self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> Result<Self::Response, Self::Error> {
-    let alerters = list_full_for_user::<Alerter>(
-      Default::default(),
-      user,
-      PermissionLevel::Read.into(),
-      &[],
-    )
-    .await?
-    .into_iter()
-    .filter(|a| {
-      a.config.enabled
-        && (self.alerters.is_empty()
-          || self.alerters.contains(&a.name)
-          || self.alerters.contains(&a.id))
-        && (a.config.alert_types.is_empty()
-          || a.config.alert_types.contains(&AlertDataVariant::Custom))
-    })
-    .collect::<Vec<_>>();
-
-    let alerters = if user.admin {
-      alerters
-    } else {
-      // Only keep alerters with execute permissions
-      alerters
-        .into_iter()
-        .map(|alerter| async move {
-          get_check_permissions::<Alerter>(
-            &alerter.id,
-            user,
-            PermissionLevel::Execute.into(),
-          )
-          .await
-        })
-        .collect::<FuturesUnordered<_>>()
-        .collect::<Vec<_>>()
-        .await
-        .into_iter()
-        .flatten()
-        .collect()
-    };
-
-    if alerters.is_empty() {
-      return Err(anyhow!(
-        "Could not find any valid alerters to send to, this required Execute permissions on the Alerter"
-      ).status_code(StatusCode::BAD_REQUEST));
-    }
-
-    let mut update = update.clone();
-
-    let ts = komodo_timestamp();
-
-    let alert = Alert {
-      id: Default::default(),
-      ts,
-      resolved: true,
-      level: self.level,
-      target: update.target.clone(),
-      data: AlertData::Custom {
-        message: self.message,
-        details: self.details,
-      },
-      resolved_ts: Some(ts),
-    };
-
-    update.push_simple_log(
-      "Send alert",
-      serde_json::to_string_pretty(&alert)
-        .context("Failed to serialize alert to JSON")?,
-    );
-
-    if let Err(e) = alerters
-      .iter()
-      .map(|alerter| send_alert_to_alerter(alerter, &alert))
-      .collect::<FuturesUnordered<_>>()
-      .try_collect::<Vec<_>>()
-      .await
-    {
-      update.push_error_log("Send Error", format_serror(&e.into()));
-    };
-
-    update.finalize();
-    update_update(update.clone()).await?;
-
-    Ok(update)
-  }
-}

bin/core/src/api/execute/build.rs

@@ -1,11 +1,26 @@
-use std::{
-  collections::{HashMap, HashSet},
-  future::IntoFuture,
-  time::Duration,
-};
+use std::{collections::HashSet, future::IntoFuture, time::Duration};
 
-use anyhow::{Context, anyhow};
-use database::mungos::{
+use anyhow::{anyhow, Context};
+use formatting::format_serror;
+use futures::future::join_all;
+use komodo_client::{
+  api::execute::{
+    BatchExecutionResponse, BatchRunBuild, CancelBuild, Deploy,
+    RunBuild,
+  },
+  entities::{
+    alert::{Alert, AlertData, SeverityLevel},
+    all_logs_success,
+    build::{Build, BuildConfig, ImageRegistryConfig},
+    builder::{Builder, BuilderConfig},
+    deployment::DeploymentState,
+    komodo_timestamp,
+    permission::PermissionLevel,
+    update::{Log, Update},
+    user::auto_redeploy_user,
+  },
+};
+use mungos::{
   by_id::update_one_by_id,
   find::find_collect,
   mongodb::{
@@ -13,50 +28,26 @@ use database::mungos::{
     options::FindOneOptions,
   },
 };
-use formatting::format_serror;
-use futures_util::future::join_all;
-use interpolate::Interpolator;
-use komodo_client::{
-  api::{
-    execute::{
-      BatchExecutionResponse, BatchRunBuild, CancelBuild, Deploy,
-      RunBuild,
-    },
-    write::RefreshBuildCache,
-  },
-  entities::{
-    alert::{Alert, AlertData, SeverityLevel},
-    all_logs_success,
-    build::{Build, BuildConfig},
-    builder::{Builder, BuilderConfig},
-    deployment::DeploymentState,
-    komodo_timestamp, optional_string,
-    permission::PermissionLevel,
-    repo::Repo,
-    update::{Log, Update},
-    user::auto_redeploy_user,
-  },
-};
-use mogh_resolver::Resolve;
 use periphery_client::api;
+use resolver_api::Resolve;
 use tokio_util::sync::CancellationToken;
-use uuid::Uuid;
 
 use crate::{
   alert::send_alerts,
-  api::write::WriteArgs,
   helpers::{
-    build_git_token,
-    builder::{cleanup_builder_instance, connect_builder_periphery},
+    builder::{cleanup_builder_instance, get_builder_periphery},
     channel::build_cancel_channel,
-    query::{
-      VariablesAndSecrets, get_deployment_state,
-      get_variables_and_secrets,
+    git_token,
+    interpolate::{
+      add_interp_update_log,
+      interpolate_variables_secrets_into_extra_args,
+      interpolate_variables_secrets_into_string,
+      interpolate_variables_secrets_into_system_command,
     },
+    query::{get_deployment_state, get_variables_and_secrets},
     registry_token,
     update::{init_execution_update, update_update},
   },
-  permission::get_check_permissions,
   resource::{self, refresh_build_state_cache},
   state::{action_states, db_client},
 };
@@ -71,19 +62,11 @@ impl super::BatchExecute for BatchRunBuild {
 }
 
 impl Resolve<ExecuteArgs> for BatchRunBuild {
-  #[instrument(
-    "BatchRunBuild",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      pattern = self.pattern,
-    )
-  )]
+  #[instrument(name = "BatchRunBuild", skip(user), fields(user_id = user.id))]
   async fn resolve(
     self,
-    ExecuteArgs { user, id, .. }: &ExecuteArgs,
-  ) -> mogh_error::Result<BatchExecutionResponse> {
+    ExecuteArgs { user, .. }: &ExecuteArgs,
+  ) -> serror::Result<BatchExecutionResponse> {
     Ok(
       super::batch_execute::<BatchRunBuild>(&self.pattern, user)
         .await?,
@@ -92,47 +75,18 @@ impl Resolve<ExecuteArgs> for BatchRunBuild {
 }
 
 impl Resolve<ExecuteArgs> for RunBuild {
-  #[instrument(
-    "RunBuild",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      build = self.build,
-    )
-  )]
+  #[instrument(name = "RunBuild", skip(user, update), fields(user_id = user.id, update_id = update.id))]
   async fn resolve(
     self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> mogh_error::Result<Update> {
-    let mut build = get_check_permissions::<Build>(
+    ExecuteArgs { user, update }: &ExecuteArgs,
+  ) -> serror::Result<Update> {
+    let mut build = resource::get_check_permissions::<Build>(
       &self.build,
-      user,
-      PermissionLevel::Execute.into(),
+      &user,
+      PermissionLevel::Execute,
     )
     .await?;
-
-    let mut repo = if !build.config.files_on_host
-      && !build.config.linked_repo.is_empty()
-    {
-      crate::resource::get::<Repo>(&build.config.linked_repo)
-        .await?
-        .into()
-    } else {
-      None
-    };
-
-    let VariablesAndSecrets {
-      mut variables,
-      secrets,
-    } = get_variables_and_secrets().await?;
-
-    // Add the $VERSION to variables. Use with [[$VERSION]]
-    variables.insert(
-      String::from("$VERSION"),
-      build.config.version.to_string(),
-    );
+    let mut vars_and_secrets = get_variables_and_secrets().await?;
 
     if build.config.builder_id.is_empty() {
       return Err(anyhow!("Must attach builder to RunBuild").into());
@@ -156,11 +110,26 @@ impl Resolve<ExecuteArgs> for RunBuild {
     update.version = build.config.version;
     update_update(update.clone()).await?;
 
-    let git_token =
-      build_git_token(&mut build, repo.as_mut()).await?;
+    // Add the $VERSION to variables. Use with [[$VERSION]]
+    if !vars_and_secrets.variables.contains_key("$VERSION") {
+      vars_and_secrets.variables.insert(
+        String::from("$VERSION"),
+        build.config.version.to_string(),
+      );
+    }
 
-    let registry_tokens =
-      validate_account_extract_registry_tokens(&build).await?;
+    let git_token = git_token(
+      &build.config.git_provider,
+      &build.config.git_account,
+      |https| build.config.git_https = https,
+    )
+    .await
+    .with_context(
+      || format!("Failed to get git token in call to db. This is a database error, not a token exisitence error. Stopping run. | {} | {}", build.config.git_provider, build.config.git_account),
+    )?;
+
+    let registry_token =
+      validate_account_extract_registry_token(&build).await?;
 
     let cancel = CancellationToken::new();
     let cancel_clone = cancel.clone();
@@ -190,7 +159,7 @@ impl Resolve<ExecuteArgs> for RunBuild {
             update.finalize();
             let id = update.id.clone();
             if let Err(e) = update_update(update).await {
-              warn!("Failed to modify Update {id} on db | {e:#}");
+              warn!("failed to modify Update {id} on db | {e:#}");
             }
             if !is_server_builder {
               cancel_clone.cancel();
@@ -208,7 +177,8 @@ impl Resolve<ExecuteArgs> for RunBuild {
     });
 
     // GET BUILDER PERIPHERY
-    let (periphery, cleanup_data) = match connect_builder_periphery(
+
+    let (periphery, cleanup_data) = match get_builder_periphery(
       build.name.clone(),
       Some(build.config.version),
       builder,
@@ -219,12 +189,12 @@ impl Resolve<ExecuteArgs> for RunBuild {
       Ok(builder) => builder,
       Err(e) => {
         warn!(
-          "Failed to get Builder for Build {} | {e:#}",
+          "failed to get builder for build {} | {e:#}",
           build.name
         );
         update.logs.push(Log::error(
-          "Get Builder",
-          format_serror(&e.context("Failed to get Builder").into()),
+          "get builder",
+          format_serror(&e.context("failed to get builder").into()),
         ));
         return handle_early_return(
           update, build.id, build.name, false,
@@ -233,93 +203,124 @@ impl Resolve<ExecuteArgs> for RunBuild {
       }
     };
 
-    // INTERPOLATE VARIABLES
+    // CLONE REPO
     let secret_replacers = if !build.config.skip_secret_interp {
-      let mut interpolator =
-        Interpolator::new(Some(&variables), &secrets);
+      // Interpolate variables / secrets into pre build command
+      let mut global_replacers = HashSet::new();
+      let mut secret_replacers = HashSet::new();
 
-      interpolator.interpolate_build(&mut build)?;
+      interpolate_variables_secrets_into_system_command(
+        &vars_and_secrets,
+        &mut build.config.pre_build,
+        &mut global_replacers,
+        &mut secret_replacers,
+      )?;
 
-      if let Some(repo) = repo.as_mut() {
-        interpolator.interpolate_repo(repo)?;
-      }
+      add_interp_update_log(
+        &mut update,
+        &global_replacers,
+        &secret_replacers,
+      );
 
-      interpolator.push_logs(&mut update.logs);
-
-      interpolator.secret_replacers
+      secret_replacers
     } else {
       Default::default()
     };
 
-    let commit_message = if !build.config.files_on_host
-      && (!build.config.repo.is_empty()
-        || !build.config.linked_repo.is_empty())
-    {
-      // PULL OR CLONE REPO
-      let res = tokio::select! {
-        res = periphery
-          .request(api::git::PullOrCloneRepo {
-            args: repo.as_ref().map(Into::into).unwrap_or((&build).into()),
-            git_token,
-            environment: Default::default(),
-            env_file_path: Default::default(),
-            on_clone: None,
-            on_pull: None,
-            skip_secret_interp: Default::default(),
-            replacers: Default::default(),
-          }) => res,
-        _ = cancel.cancelled() => {
-          debug!("Build cancelled during clone, cleaning up builder");
-          update.push_error_log("Build cancelled", String::from("user cancelled build during repo clone"));
-          cleanup_builder_instance(periphery, cleanup_data, &mut update)
-            .await;
-          info!("Builder cleaned up");
-          return handle_early_return(update, build.id, build.name, true).await
-        },
-      };
-
-      let commit_message = match res {
-        Ok(res) => {
-          debug!("Finished repo clone");
-          update.logs.extend(res.res.logs);
-          update.commit_hash =
-            res.res.commit_hash.unwrap_or_default().to_string();
-          res.res.commit_message.unwrap_or_default()
-        }
-        Err(e) => {
-          warn!("Failed build at clone repo | {e:#}");
-          update.push_error_log(
-            "Clone Repo",
-            format_serror(&e.context("Failed to clone repo").into()),
-          );
-          Default::default()
-        }
-      };
-
-      update_update(update.clone()).await?;
-
-      Some(commit_message)
-    } else {
-      None
+    let res = tokio::select! {
+      res = periphery
+        .request(api::git::CloneRepo {
+          args: (&build).into(),
+          git_token,
+          environment: Default::default(),
+          env_file_path: Default::default(),
+          skip_secret_interp: Default::default(),
+          replacers: secret_replacers.into_iter().collect(),
+        }) => res,
+      _ = cancel.cancelled() => {
+        debug!("build cancelled during clone, cleaning up builder");
+        update.push_error_log("build cancelled", String::from("user cancelled build during repo clone"));
+        cleanup_builder_instance(periphery, cleanup_data, &mut update)
+          .await;
+        info!("builder cleaned up");
+        return handle_early_return(update, build.id, build.name, true).await
+      },
     };
 
+    let commit_message = match res {
+      Ok(res) => {
+        debug!("finished repo clone");
+        update.logs.extend(res.logs);
+        update.commit_hash =
+          res.commit_hash.unwrap_or_default().to_string();
+        res.commit_message.unwrap_or_default()
+      }
+      Err(e) => {
+        warn!("failed build at clone repo | {e:#}");
+        update.push_error_log(
+          "clone repo",
+          format_serror(&e.context("failed to clone repo").into()),
+        );
+        Default::default()
+      }
+    };
+
+    update_update(update.clone()).await?;
+
     if all_logs_success(&update.logs) {
-      // RUN BUILD
+      let secret_replacers = if !build.config.skip_secret_interp {
+        // Interpolate variables / secrets into build args
+        let mut global_replacers = HashSet::new();
+        let mut secret_replacers = HashSet::new();
+
+        interpolate_variables_secrets_into_string(
+          &vars_and_secrets,
+          &mut build.config.build_args,
+          &mut global_replacers,
+          &mut secret_replacers,
+        )?;
+
+        interpolate_variables_secrets_into_string(
+          &vars_and_secrets,
+          &mut build.config.secret_args,
+          &mut global_replacers,
+          &mut secret_replacers,
+        )?;
+
+        interpolate_variables_secrets_into_extra_args(
+          &vars_and_secrets,
+          &mut build.config.extra_args,
+          &mut global_replacers,
+          &mut secret_replacers,
+        )?;
+
+        add_interp_update_log(
+          &mut update,
+          &global_replacers,
+          &secret_replacers,
+        );
+
+        secret_replacers
+      } else {
+        Default::default()
+      };
+
       let res = tokio::select! {
         res = periphery
           .request(api::build::Build {
             build: build.clone(),
-            repo,
-            registry_tokens,
+            registry_token,
             replacers: secret_replacers.into_iter().collect(),
-            // To push a commit hash tagged image
-            commit_hash: optional_string(&update.commit_hash),
-            // Unused for now
-            additional_tags: Default::default(),
-          }) => res.context("Failed at call to Periphery to build"),
+            // Push a commit hash tagged image
+            additional_tags: if update.commit_hash.is_empty() {
+              Default::default()
+            } else {
+              vec![update.commit_hash.clone()]
+            },
+          }) => res.context("failed at call to periphery to build"),
         _ = cancel.cancelled() => {
-          info!("Build cancelled during build, cleaning up builder");
-          update.push_error_log("Build cancelled", String::from("User cancelled build during docker build"));
+          info!("build cancelled during build, cleaning up builder");
+          update.push_error_log("build cancelled", String::from("user cancelled build during docker build"));
           cleanup_builder_instance(periphery, cleanup_data, &mut update)
             .await;
           return handle_early_return(update, build.id, build.name, true).await
@@ -332,10 +333,10 @@ impl Resolve<ExecuteArgs> for RunBuild {
           update.logs.extend(logs);
         }
         Err(e) => {
-          warn!("Error in build | {e:#}");
+          warn!("error in build | {e:#}");
           update.push_error_log(
-            "Build Error",
-            format_serror(&e.context("Failed to build").into()),
+            "build",
+            format_serror(&e.context("failed to build").into()),
           )
         }
       };
@@ -364,8 +365,6 @@ impl Resolve<ExecuteArgs> for RunBuild {
     // stop the cancel listening task from going forever
     cancel.cancel();
 
-    // If building on temporary cloud server (AWS),
-    // this will terminate the server.
     cleanup_builder_instance(periphery, cleanup_data, &mut update)
       .await;
 
@@ -377,7 +376,7 @@ impl Resolve<ExecuteArgs> for RunBuild {
       let _ = update_one_by_id(
         &db.updates,
         &update.id,
-        database::mungos::update::Update::Set(update_doc),
+        mungos::update::Update::Set(update_doc),
         None,
       )
       .await;
@@ -386,15 +385,13 @@ impl Resolve<ExecuteArgs> for RunBuild {
 
     update_update(update.clone()).await?;
 
-    let Build { id, name, .. } = build;
-
     if update.success {
       // don't hold response up for user
       tokio::spawn(async move {
-        handle_post_build_redeploy(&id).await;
+        handle_post_build_redeploy(&build.id).await;
       });
     } else {
-      let name = name.clone();
+      warn!("build unsuccessful, alerting...");
       let target = update.target.clone();
       let version = update.version;
       tokio::spawn(async move {
@@ -405,33 +402,27 @@ impl Resolve<ExecuteArgs> for RunBuild {
           resolved_ts: Some(komodo_timestamp()),
           resolved: true,
           level: SeverityLevel::Warning,
-          data: AlertData::BuildFailed { id, name, version },
+          data: AlertData::BuildFailed {
+            id: build.id,
+            name: build.name,
+            version,
+          },
         };
         send_alerts(&[alert]).await
       });
     }
 
-    if let Err(e) = (RefreshBuildCache { build: name })
-      .resolve(&WriteArgs { user: user.clone() })
-      .await
-    {
-      update.push_error_log(
-        "Refresh build cache",
-        format_serror(&e.error.into()),
-      );
-    }
-
     Ok(update.clone())
   }
 }
 
-#[instrument("HandleEarlyReturn", skip(update))]
+#[instrument(skip(update))]
 async fn handle_early_return(
   mut update: Update,
   build_id: String,
   build_name: String,
   is_cancel: bool,
-) -> mogh_error::Result<Update> {
+) -> serror::Result<Update> {
   update.finalize();
   // Need to manually update the update before cache refresh,
   // and before broadcast with add_update.
@@ -441,7 +432,7 @@ async fn handle_early_return(
     let _ = update_one_by_id(
       &db_client().updates,
       &update.id,
-      database::mungos::update::Update::Set(update_doc),
+      mungos::update::Update::Set(update_doc),
       None,
     )
     .await;
@@ -449,6 +440,7 @@ async fn handle_early_return(
   }
   update_update(update.clone()).await?;
   if !update.success && !is_cancel {
+    warn!("build unsuccessful, alerting...");
     let target = update.target.clone();
     let version = update.version;
     tokio::spawn(async move {
@@ -518,24 +510,15 @@ pub async fn validate_cancel_build(
 }
 
 impl Resolve<ExecuteArgs> for CancelBuild {
-  #[instrument(
-    "CancelBuild",
-    skip(user, update),
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      build = self.build,
-    )
-  )]
+  #[instrument(name = "CancelBuild", skip(user, update), fields(user_id = user.id, update_id = update.id))]
   async fn resolve(
     self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> mogh_error::Result<Update> {
-    let build = get_check_permissions::<Build>(
+    ExecuteArgs { user, update }: &ExecuteArgs,
+  ) -> serror::Result<Update> {
+    let build = resource::get_check_permissions::<Build>(
       &self.build,
-      user,
-      PermissionLevel::Execute.into(),
+      &user,
+      PermissionLevel::Execute,
     )
     .await?;
 
@@ -577,9 +560,7 @@ impl Resolve<ExecuteArgs> for CancelBuild {
       )
       .await
       {
-        warn!(
-          "Failed to set CancelBuild Update status Complete after timeout | {e:#}"
-        )
+        warn!("failed to set CancelBuild Update status Complete after timeout | {e:#}")
       }
     });
 
@@ -587,7 +568,7 @@ impl Resolve<ExecuteArgs> for CancelBuild {
   }
 }
 
-#[instrument("PostBuildRedeploy")]
+#[instrument]
 async fn handle_post_build_redeploy(build_id: &str) {
   let Ok(redeploy_deployments) = find_collect(
     &db_client().deployments,
@@ -606,9 +587,8 @@ async fn handle_post_build_redeploy(build_id: &str) {
     redeploy_deployments
       .into_iter()
       .map(|deployment| async move {
-        let state = get_deployment_state(&deployment.id)
-          .await
-          .unwrap_or_default();
+        let state =
+          get_deployment_state(&deployment).await.unwrap_or_default();
         if state == DeploymentState::Running {
           let req = super::ExecuteRequest::Deploy(Deploy {
             deployment: deployment.id.clone(),
@@ -623,11 +603,7 @@ async fn handle_post_build_redeploy(build_id: &str) {
               stop_signal: None,
               stop_time: None,
             }
-            .resolve(&ExecuteArgs {
-              user,
-              update,
-              id: Uuid::new_v4(),
-            })
+            .resolve(&ExecuteArgs { user, update })
             .await
           }
           .await;
@@ -653,49 +629,34 @@ async fn handle_post_build_redeploy(build_id: &str) {
 /// This will make sure that a build with non-none image registry has an account attached,
 /// and will check the core config for a token matching requirements.
 /// Otherwise it is left to periphery.
-#[instrument("ValidateRegistryTokens")]
-async fn validate_account_extract_registry_tokens(
+async fn validate_account_extract_registry_token(
   Build {
-    config: BuildConfig { image_registry, .. },
+    config:
+      BuildConfig {
+        image_registry:
+          ImageRegistryConfig {
+            domain, account, ..
+          },
+        ..
+      },
     ..
   }: &Build,
-  // Maps (domain, account) -> token
-) -> mogh_error::Result<Vec<(String, String, String)>> {
-  let mut res = HashMap::with_capacity(image_registry.capacity());
-
-  for (domain, account) in image_registry
-    .iter()
-    .map(|r| (r.domain.as_str(), r.account.as_str()))
-    // This ensures uniqueness / prevents redundant logins
-    .collect::<HashSet<_>>()
-  {
-    if domain.is_empty() {
-      continue;
-    }
-    if account.is_empty() {
-      return Err(
-        anyhow!(
-          "Must attach account to use registry provider {domain}"
-        )
-        .into(),
-      );
-    }
-    let Some(registry_token) = registry_token(domain, account).await.with_context(
-      || format!("Failed to get registry token in call to db. Stopping run. | {domain} | {account}"),
-    )? else {
-      continue;
-    };
-
-    res.insert(
-      (domain.to_string(), account.to_string()),
-      registry_token,
+) -> serror::Result<Option<String>> {
+  if domain.is_empty() {
+    return Ok(None);
+  }
+  if account.is_empty() {
+    return Err(
+      anyhow!(
+        "Must attach account to use registry provider {domain}"
+      )
+      .into(),
     );
   }
 
-  Ok(
-    res
-      .into_iter()
-      .map(|((domain, account), token)| (domain, account, token))
-      .collect(),
-  )
+  let registry_token = registry_token(domain, account).await.with_context(
+    || format!("Failed to get registry token in call to db. Stopping run. | {domain} | {account}"),
+  )?;
+
+  Ok(registry_token)
 }

bin/core/src/api/execute/deployment.rs

@@ -1,39 +1,40 @@
-use std::sync::OnceLock;
+use std::{collections::HashSet, sync::OnceLock};
 
-use anyhow::{Context, anyhow};
+use anyhow::{anyhow, Context};
+use cache::TimeoutCache;
 use formatting::format_serror;
-use interpolate::Interpolator;
 use komodo_client::{
   api::execute::*,
   entities::{
-    SwarmOrServer, Version,
     build::{Build, ImageRegistryConfig},
     deployment::{
-      Deployment, DeploymentImage, DeploymentInfo,
-      extract_registry_domain,
+      extract_registry_domain, Deployment, DeploymentImage,
     },
-    komodo_timestamp, optional_string,
+    get_image_name, komodo_timestamp, optional_string,
     permission::PermissionLevel,
     server::Server,
     update::{Log, Update},
+    user::User,
+    Version,
   },
 };
-use mogh_cache::TimeoutCache;
-use mogh_error::AddStatusCodeError;
-use mogh_resolver::Resolve;
 use periphery_client::api;
-use reqwest::StatusCode;
+use resolver_api::Resolve;
 
 use crate::{
   helpers::{
+    interpolate::{
+      add_interp_update_log,
+      interpolate_variables_secrets_into_extra_args,
+      interpolate_variables_secrets_into_string,
+    },
     periphery_client,
-    query::{VariablesAndSecrets, get_variables_and_secrets},
+    query::get_variables_and_secrets,
     registry_token,
-    swarm::swarm_request,
     update::update_update,
   },
-  monitor::{update_cache_for_server, update_cache_for_swarm},
-  resource::{self, setup_deployment_execution},
+  monitor::update_cache_for_server,
+  resource,
   state::action_states,
 };
 
@@ -51,19 +52,11 @@ impl super::BatchExecute for BatchDeploy {
 }
 
 impl Resolve<ExecuteArgs> for BatchDeploy {
-  #[instrument(
-    "BatchDeploy",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      pattern = self.pattern,
-    )
-  )]
+  #[instrument(name = "BatchDeploy", skip(user), fields(user_id = user.id))]
   async fn resolve(
     self,
-    ExecuteArgs { user, id, .. }: &ExecuteArgs,
-  ) -> mogh_error::Result<BatchExecutionResponse> {
+    ExecuteArgs { user, .. }: &ExecuteArgs,
+  ) -> serror::Result<BatchExecutionResponse> {
     Ok(
       super::batch_execute::<BatchDeploy>(&self.pattern, user)
         .await?,
@@ -71,32 +64,39 @@ impl Resolve<ExecuteArgs> for BatchDeploy {
   }
 }
 
+async fn setup_deployment_execution(
+  deployment: &str,
+  user: &User,
+) -> anyhow::Result<(Deployment, Server)> {
+  let deployment = resource::get_check_permissions::<Deployment>(
+    deployment,
+    user,
+    PermissionLevel::Execute,
+  )
+  .await?;
+
+  if deployment.config.server_id.is_empty() {
+    return Err(anyhow!("Deployment has no Server configured"));
+  }
+
+  let server =
+    resource::get::<Server>(&deployment.config.server_id).await?;
+
+  if !server.config.enabled {
+    return Err(anyhow!("Attached Server is not enabled"));
+  }
+
+  Ok((deployment, server))
+}
+
 impl Resolve<ExecuteArgs> for Deploy {
-  #[instrument(
-    "Deploy",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      deployment = self.deployment,
-      stop_signal = format!("{:?}", self.stop_signal),
-      stop_time = self.stop_time,
-    )
-  )]
+  #[instrument(name = "Deploy", skip(user, update), fields(user_id = user.id, update_id = update.id))]
   async fn resolve(
     self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> mogh_error::Result<Update> {
-    let (mut deployment, swarm_or_server) =
-      setup_deployment_execution(
-        &self.deployment,
-        user,
-        PermissionLevel::Execute.into(),
-      )
-      .await?;
-
-    swarm_or_server.verify_has_target()?;
+    ExecuteArgs { user, update }: &ExecuteArgs,
+  ) -> serror::Result<Update> {
+    let (mut deployment, server) =
+      setup_deployment_execution(&self.deployment, user).await?;
 
     // get the action state for the deployment (or insert default).
     let action_state = action_states()
@@ -111,18 +111,15 @@ impl Resolve<ExecuteArgs> for Deploy {
 
     let mut update = update.clone();
 
-    // Send update after setting action state, this way UI gets correct state.
+    // Send update after setting action state, this way frontend gets correct state.
     update_update(update.clone()).await?;
 
     // This block resolves the attached Build to an actual versioned image
     let (version, registry_token) = match &deployment.config.image {
       DeploymentImage::Build { build_id, version } => {
         let build = resource::get::<Build>(build_id).await?;
-        let image_names = build.get_image_names();
-        let image_name = image_names
-          .first()
-          .context("No image name could be created")
-          .context("Failed to create image name")?;
+        let image_name = get_image_name(&build)
+          .context("failed to create image name")?;
         let version = if version.is_none() {
           build.config.version
         } else {
@@ -139,27 +136,21 @@ impl Resolve<ExecuteArgs> for Deploy {
         deployment.config.image = DeploymentImage::Image {
           image: format!("{image_name}:{version_str}"),
         };
-        let first_registry = build
-          .config
-          .image_registry
-          .first()
-          .unwrap_or(ImageRegistryConfig::static_default());
-        if first_registry.domain.is_empty() {
+        if build.config.image_registry.domain.is_empty() {
           (version, None)
         } else {
           let ImageRegistryConfig {
             domain, account, ..
-          } = first_registry;
+          } = build.config.image_registry;
           if deployment.config.image_registry_account.is_empty() {
-            deployment.config.image_registry_account =
-              account.to_string();
+            deployment.config.image_registry_account = account
           }
           let token = if !deployment
             .config
             .image_registry_account
             .is_empty()
           {
-            registry_token(domain, &deployment.config.image_registry_account).await.with_context(
+            registry_token(&domain, &deployment.config.image_registry_account).await.with_context(
               || format!("Failed to get git token in call to db. Stopping run. | {domain} | {}", deployment.config.image_registry_account),
             )?
           } else {
@@ -188,17 +179,53 @@ impl Resolve<ExecuteArgs> for Deploy {
     // interpolate variables / secrets, returning the sanitizing replacers to send to
     // periphery so it may sanitize the final command for safe logging (avoids exposing secret values)
     let secret_replacers = if !deployment.config.skip_secret_interp {
-      let VariablesAndSecrets { variables, secrets } =
-        get_variables_and_secrets().await?;
+      let vars_and_secrets = get_variables_and_secrets().await?;
 
-      let mut interpolator =
-        Interpolator::new(Some(&variables), &secrets);
+      let mut global_replacers = HashSet::new();
+      let mut secret_replacers = HashSet::new();
 
-      interpolator
-        .interpolate_deployment(&mut deployment)?
-        .push_logs(&mut update.logs);
+      interpolate_variables_secrets_into_string(
+        &vars_and_secrets,
+        &mut deployment.config.environment,
+        &mut global_replacers,
+        &mut secret_replacers,
+      )?;
 
-      interpolator.secret_replacers
+      interpolate_variables_secrets_into_string(
+        &vars_and_secrets,
+        &mut deployment.config.ports,
+        &mut global_replacers,
+        &mut secret_replacers,
+      )?;
+
+      interpolate_variables_secrets_into_string(
+        &vars_and_secrets,
+        &mut deployment.config.volumes,
+        &mut global_replacers,
+        &mut secret_replacers,
+      )?;
+
+      interpolate_variables_secrets_into_extra_args(
+        &vars_and_secrets,
+        &mut deployment.config.extra_args,
+        &mut global_replacers,
+        &mut secret_replacers,
+      )?;
+
+      interpolate_variables_secrets_into_string(
+        &vars_and_secrets,
+        &mut deployment.config.command,
+        &mut global_replacers,
+        &mut secret_replacers,
+      )?;
+
+      add_interp_update_log(
+        &mut update,
+        &global_replacers,
+        &secret_replacers,
+      );
+
+      secret_replacers
     } else {
       Default::default()
     };
@@ -206,72 +233,26 @@ impl Resolve<ExecuteArgs> for Deploy {
     update.version = version;
     update_update(update.clone()).await?;
 
-    let deployment_id = deployment.id.clone();
-
-    match swarm_or_server {
-      SwarmOrServer::None => unreachable!(),
-      SwarmOrServer::Swarm(swarm) => {
-        match swarm_request(
-          &swarm.config.server_ids,
-          api::swarm::CreateSwarmService {
-            deployment,
-            registry_token,
-            replacers: secret_replacers.into_iter().collect(),
-          },
-        )
-        .await
-        {
-          Ok(logs) => {
-            update_cache_for_swarm(&swarm, true).await;
-            update.logs.extend(logs)
-          }
-          Err(e) => {
-            update.push_error_log(
-              "Create Swarm Service",
-              format_serror(&e.into()),
-            );
-          }
-        };
-      }
-      SwarmOrServer::Server(server) => {
-        match periphery_client(&server)
-          .await?
-          .request(api::container::RunContainer {
-            deployment,
-            stop_signal: self.stop_signal,
-            stop_time: self.stop_time,
-            registry_token,
-            replacers: secret_replacers.into_iter().collect(),
-          })
-          .await
-        {
-          Ok(log) => {
-            update_cache_for_server(&server, true).await;
-            update.logs.push(log)
-          }
-          Err(e) => {
-            update.push_error_log(
-              "Deploy Container",
-              format_serror(&e.into()),
-            );
-          }
-        };
-      }
-    }
-
-    if let Err(e) = resource::update_info::<Deployment>(
-      &deployment_id,
-      &DeploymentInfo {
-        latest_image_digest: Default::default(),
-      },
-    )
-    .await
+    match periphery_client(&server)?
+      .request(api::container::Deploy {
+        deployment,
+        stop_signal: self.stop_signal,
+        stop_time: self.stop_time,
+        registry_token,
+        replacers: secret_replacers.into_iter().collect(),
+      })
+      .await
     {
-      warn!(
-        "Failed to update deployment {} info after deploy | {e:#}",
-        deployment_id
-      );
-    }
+      Ok(log) => update.logs.push(log),
+      Err(e) => {
+        update.push_error_log(
+          "Deploy Container",
+          format_serror(&e.into()),
+        );
+      }
+    };
+
+    update_cache_for_server(&server).await;
 
     update.finalize();
     update_update(update.clone()).await?;
@@ -291,14 +272,6 @@ fn pull_cache() -> &'static PullCache {
   PULL_CACHE.get_or_init(Default::default)
 }
 
-#[instrument(
-  "PullDeploymentInner",
-  skip_all,
-  fields(
-    deployment = deployment.id,
-    server = server.id
-  )
-)]
 pub async fn pull_deployment_inner(
   deployment: Deployment,
   server: &Server,
@@ -306,11 +279,8 @@ pub async fn pull_deployment_inner(
   let (image, account, token) = match deployment.config.image {
     DeploymentImage::Build { build_id, version } => {
       let build = resource::get::<Build>(&build_id).await?;
-      let image_names = build.get_image_names();
-      let image_name = image_names
-        .first()
-        .context("No image name could be created")
-        .context("Failed to create image name")?;
+      let image_name = get_image_name(&build)
+        .context("failed to create image name")?;
       let version = if version.is_none() {
         build.config.version.to_string()
       } else {
@@ -324,31 +294,26 @@ pub async fn pull_deployment_inner(
       };
       // replace image with corresponding build image.
       let image = format!("{image_name}:{version}");
-      let first_registry = build
-        .config
-        .image_registry
-        .first()
-        .unwrap_or(ImageRegistryConfig::static_default());
-      if first_registry.domain.is_empty() {
+      if build.config.image_registry.domain.is_empty() {
         (image, None, None)
       } else {
         let ImageRegistryConfig {
           domain, account, ..
-        } = first_registry;
+        } = build.config.image_registry;
         let account =
           if deployment.config.image_registry_account.is_empty() {
             account
           } else {
-            &deployment.config.image_registry_account
+            deployment.config.image_registry_account
           };
         let token = if !account.is_empty() {
-          registry_token(domain, account).await.with_context(
+          registry_token(&domain, &account).await.with_context(
               || format!("Failed to get git token in call to db. Stopping run. | {domain} | {account}"),
             )?
         } else {
           None
         };
-        (image, optional_string(account), token)
+        (image, optional_string(&account), token)
       }
     }
     DeploymentImage::Image { image } => {
@@ -388,9 +353,8 @@ pub async fn pull_deployment_inner(
   }
 
   let res = async {
-    let log = match periphery_client(server)
-      .await?
-      .request(api::docker::PullImage {
+    let log = match periphery_client(server)?
+      .request(api::image::PullImage {
         name: image,
         account,
         token,
@@ -401,7 +365,7 @@ pub async fn pull_deployment_inner(
       Err(e) => Log::error("Pull image", format_serror(&e.into())),
     };
 
-    update_cache_for_server(server, true).await;
+    update_cache_for_server(server).await;
     anyhow::Ok(log)
   }
   .await;
@@ -414,33 +378,13 @@ pub async fn pull_deployment_inner(
 }
 
 impl Resolve<ExecuteArgs> for PullDeployment {
-  #[instrument(
-    "PullDeployment",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      deployment = self.deployment,
-    )
-  )]
+  #[instrument(name = "PullDeployment", skip(user, update), fields(user_id = user.id, update_id = update.id))]
   async fn resolve(
     self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> mogh_error::Result<Update> {
-    let (deployment, swarm_or_server) = setup_deployment_execution(
-      &self.deployment,
-      user,
-      PermissionLevel::Execute.into(),
-    )
-    .await?;
-
-    let SwarmOrServer::Server(server) = swarm_or_server else {
-      return Err(
-        anyhow!("PullDeployment should not be called for Deployment in Swarm Mode")
-          .status_code(StatusCode::BAD_REQUEST),
-      );
-    };
+    ExecuteArgs { user, update }: &ExecuteArgs,
+  ) -> serror::Result<Update> {
+    let (deployment, server) =
+      setup_deployment_execution(&self.deployment, user).await?;
 
     // get the action state for the deployment (or insert default).
     let action_state = action_states()
@@ -454,7 +398,7 @@ impl Resolve<ExecuteArgs> for PullDeployment {
       action_state.update(|state| state.pulling = true)?;
 
     let mut update = update.clone();
-    // Send update after setting action state, this way UI gets correct state.
+    // Send update after setting action state, this way frontend gets correct state.
     update_update(update.clone()).await?;
 
     let log = pull_deployment_inner(deployment, &server).await?;
@@ -468,33 +412,13 @@ impl Resolve<ExecuteArgs> for PullDeployment {
 }
 
 impl Resolve<ExecuteArgs> for StartDeployment {
-  #[instrument(
-    "StartDeployment",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      deployment = self.deployment,
-    )
-  )]
+  #[instrument(name = "StartDeployment", skip(user, update), fields(user_id = user.id, update_id = update.id))]
   async fn resolve(
     self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> mogh_error::Result<Update> {
-    let (deployment, swarm_or_server) = setup_deployment_execution(
-      &self.deployment,
-      user,
-      PermissionLevel::Execute.into(),
-    )
-    .await?;
-
-    let SwarmOrServer::Server(server) = swarm_or_server else {
-      return Err(
-        anyhow!("StartDeployment should not be called for Deployment in Swarm Mode")
-          .status_code(StatusCode::BAD_REQUEST),
-      );
-    };
+    ExecuteArgs { user, update }: &ExecuteArgs,
+  ) -> serror::Result<Update> {
+    let (deployment, server) =
+      setup_deployment_execution(&self.deployment, user).await?;
 
     // get the action state for the deployment (or insert default).
     let action_state = action_states()
@@ -509,11 +433,10 @@ impl Resolve<ExecuteArgs> for StartDeployment {
 
     let mut update = update.clone();
 
-    // Send update after setting action state, this way UI gets correct state.
+    // Send update after setting action state, this way frontend gets correct state.
     update_update(update.clone()).await?;
 
-    let log = match periphery_client(&server)
-      .await?
+    let log = match periphery_client(&server)?
       .request(api::container::StartContainer {
         name: deployment.name,
       })
@@ -527,7 +450,7 @@ impl Resolve<ExecuteArgs> for StartDeployment {
     };
 
     update.logs.push(log);
-    update_cache_for_server(&server, true).await;
+    update_cache_for_server(&server).await;
     update.finalize();
     update_update(update.clone()).await?;
 
@@ -536,33 +459,13 @@ impl Resolve<ExecuteArgs> for StartDeployment {
 }
 
 impl Resolve<ExecuteArgs> for RestartDeployment {
-  #[instrument(
-    "RestartDeployment",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      deployment = self.deployment,
-    )
-  )]
+  #[instrument(name = "RestartDeployment", skip(user, update), fields(user_id = user.id, update_id = update.id))]
   async fn resolve(
     self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> mogh_error::Result<Update> {
-    let (deployment, swarm_or_server) = setup_deployment_execution(
-      &self.deployment,
-      user,
-      PermissionLevel::Execute.into(),
-    )
-    .await?;
-
-    let SwarmOrServer::Server(server) = swarm_or_server else {
-      return Err(
-        anyhow!("RestartDeployment should not be called for Deployment in Swarm Mode")
-          .status_code(StatusCode::BAD_REQUEST),
-      );
-    };
+    ExecuteArgs { user, update }: &ExecuteArgs,
+  ) -> serror::Result<Update> {
+    let (deployment, server) =
+      setup_deployment_execution(&self.deployment, user).await?;
 
     // get the action state for the deployment (or insert default).
     let action_state = action_states()
@@ -577,11 +480,10 @@ impl Resolve<ExecuteArgs> for RestartDeployment {
 
     let mut update = update.clone();
 
-    // Send update after setting action state, this way UI gets correct state.
+    // Send update after setting action state, this way frontend gets correct state.
     update_update(update.clone()).await?;
 
-    let log = match periphery_client(&server)
-      .await?
+    let log = match periphery_client(&server)?
       .request(api::container::RestartContainer {
         name: deployment.name,
       })
@@ -597,7 +499,7 @@ impl Resolve<ExecuteArgs> for RestartDeployment {
     };
 
     update.logs.push(log);
-    update_cache_for_server(&server, true).await;
+    update_cache_for_server(&server).await;
     update.finalize();
     update_update(update.clone()).await?;
 
@@ -606,33 +508,13 @@ impl Resolve<ExecuteArgs> for RestartDeployment {
 }
 
 impl Resolve<ExecuteArgs> for PauseDeployment {
-  #[instrument(
-    "PauseDeployment",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      deployment = self.deployment,
-    )
-  )]
+  #[instrument(name = "PauseDeployment", skip(user, update), fields(user_id = user.id, update_id = update.id))]
   async fn resolve(
     self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> mogh_error::Result<Update> {
-    let (deployment, swarm_or_server) = setup_deployment_execution(
-      &self.deployment,
-      user,
-      PermissionLevel::Execute.into(),
-    )
-    .await?;
-
-    let SwarmOrServer::Server(server) = swarm_or_server else {
-      return Err(
-        anyhow!("PauseDeployment should not be called for Deployment in Swarm Mode")
-          .status_code(StatusCode::BAD_REQUEST),
-      );
-    };
+    ExecuteArgs { user, update }: &ExecuteArgs,
+  ) -> serror::Result<Update> {
+    let (deployment, server) =
+      setup_deployment_execution(&self.deployment, user).await?;
 
     // get the action state for the deployment (or insert default).
     let action_state = action_states()
@@ -647,11 +529,10 @@ impl Resolve<ExecuteArgs> for PauseDeployment {
 
     let mut update = update.clone();
 
-    // Send update after setting action state, this way UI gets correct state.
+    // Send update after setting action state, this way frontend gets correct state.
     update_update(update.clone()).await?;
 
-    let log = match periphery_client(&server)
-      .await?
+    let log = match periphery_client(&server)?
       .request(api::container::PauseContainer {
         name: deployment.name,
       })
@@ -665,7 +546,7 @@ impl Resolve<ExecuteArgs> for PauseDeployment {
     };
 
     update.logs.push(log);
-    update_cache_for_server(&server, true).await;
+    update_cache_for_server(&server).await;
     update.finalize();
     update_update(update.clone()).await?;
 
@@ -674,33 +555,13 @@ impl Resolve<ExecuteArgs> for PauseDeployment {
 }
 
 impl Resolve<ExecuteArgs> for UnpauseDeployment {
-  #[instrument(
-    "UnpauseDeployment",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      deployment = self.deployment,
-    )
-  )]
+  #[instrument(name = "UnpauseDeployment", skip(user, update), fields(user_id = user.id, update_id = update.id))]
   async fn resolve(
     self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> mogh_error::Result<Update> {
-    let (deployment, swarm_or_server) = setup_deployment_execution(
-      &self.deployment,
-      user,
-      PermissionLevel::Execute.into(),
-    )
-    .await?;
-
-    let SwarmOrServer::Server(server) = swarm_or_server else {
-      return Err(
-        anyhow!("UnpauseDeployment should not be called for Deployment in Swarm Mode")
-          .status_code(StatusCode::BAD_REQUEST),
-      );
-    };
+    ExecuteArgs { user, update }: &ExecuteArgs,
+  ) -> serror::Result<Update> {
+    let (deployment, server) =
+      setup_deployment_execution(&self.deployment, &user).await?;
 
     // get the action state for the deployment (or insert default).
     let action_state = action_states()
@@ -715,11 +576,10 @@ impl Resolve<ExecuteArgs> for UnpauseDeployment {
 
     let mut update = update.clone();
 
-    // Send update after setting action state, this way UI gets correct state.
+    // Send update after setting action state, this way frontend gets correct state.
     update_update(update.clone()).await?;
 
-    let log = match periphery_client(&server)
-      .await?
+    let log = match periphery_client(&server)?
       .request(api::container::UnpauseContainer {
         name: deployment.name,
       })
@@ -735,7 +595,7 @@ impl Resolve<ExecuteArgs> for UnpauseDeployment {
     };
 
     update.logs.push(log);
-    update_cache_for_server(&server, true).await;
+    update_cache_for_server(&server).await;
     update.finalize();
     update_update(update.clone()).await?;
 
@@ -744,35 +604,13 @@ impl Resolve<ExecuteArgs> for UnpauseDeployment {
 }
 
 impl Resolve<ExecuteArgs> for StopDeployment {
-  #[instrument(
-    "StopDeployment",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      deployment = self.deployment,
-      signal = format!("{:?}", self.signal),
-      time = self.time,
-    )
-  )]
+  #[instrument(name = "StopDeployment", skip(user, update), fields(user_id = user.id, update_id = update.id))]
   async fn resolve(
     self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> mogh_error::Result<Update> {
-    let (deployment, swarm_or_server) = setup_deployment_execution(
-      &self.deployment,
-      user,
-      PermissionLevel::Execute.into(),
-    )
-    .await?;
-
-    let SwarmOrServer::Server(server) = swarm_or_server else {
-      return Err(
-        anyhow!("StopDeployment should not be called for Deployment in Swarm Mode")
-          .status_code(StatusCode::BAD_REQUEST),
-      );
-    };
+    ExecuteArgs { user, update }: &ExecuteArgs,
+  ) -> serror::Result<Update> {
+    let (deployment, server) =
+      setup_deployment_execution(&self.deployment, &user).await?;
 
     // get the action state for the deployment (or insert default).
     let action_state = action_states()
@@ -787,11 +625,10 @@ impl Resolve<ExecuteArgs> for StopDeployment {
 
     let mut update = update.clone();
 
-    // Send update after setting action state, this way UI gets correct state.
+    // Send update after setting action state, this way frontend gets correct state.
     update_update(update.clone()).await?;
 
-    let log = match periphery_client(&server)
-      .await?
+    let log = match periphery_client(&server)?
       .request(api::container::StopContainer {
         name: deployment.name,
         signal: self
@@ -813,7 +650,7 @@ impl Resolve<ExecuteArgs> for StopDeployment {
     };
 
     update.logs.push(log);
-    update_cache_for_server(&server, true).await;
+    update_cache_for_server(&server).await;
     update.finalize();
     update_update(update.clone()).await?;
 
@@ -833,19 +670,11 @@ impl super::BatchExecute for BatchDestroyDeployment {
 }
 
 impl Resolve<ExecuteArgs> for BatchDestroyDeployment {
-  #[instrument(
-    "BatchDestroyDeployment",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      pattern = self.pattern,
-    )
-  )]
+  #[instrument(name = "BatchDestroyDeployment", skip(user), fields(user_id = user.id))]
   async fn resolve(
     self,
-    ExecuteArgs { user, id, .. }: &ExecuteArgs,
-  ) -> mogh_error::Result<BatchExecutionResponse> {
+    ExecuteArgs { user, .. }: &ExecuteArgs,
+  ) -> serror::Result<BatchExecutionResponse> {
     Ok(
       super::batch_execute::<BatchDestroyDeployment>(
         &self.pattern,
@@ -857,30 +686,13 @@ impl Resolve<ExecuteArgs> for BatchDestroyDeployment {
 }
 
 impl Resolve<ExecuteArgs> for DestroyDeployment {
-  #[instrument(
-    "DestroyDeployment",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      deployment = self.deployment,
-      signal = format!("{:?}", self.signal),
-      time = self.time,
-    )
-  )]
+  #[instrument(name = "DestroyDeployment", skip(user, update), fields(user_id = user.id, update_id = update.id))]
   async fn resolve(
     self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> mogh_error::Result<Update> {
-    let (deployment, swarm_or_server) = setup_deployment_execution(
-      &self.deployment,
-      user,
-      PermissionLevel::Execute.into(),
-    )
-    .await?;
-
-    swarm_or_server.verify_has_target()?;
+    ExecuteArgs { user, update }: &ExecuteArgs,
+  ) -> serror::Result<Update> {
+    let (deployment, server) =
+      setup_deployment_execution(&self.deployment, user).await?;
 
     // get the action state for the deployment (or insert default).
     let action_state = action_states()
@@ -895,65 +707,33 @@ impl Resolve<ExecuteArgs> for DestroyDeployment {
 
     let mut update = update.clone();
 
-    // Send update after setting action state, this way UI gets correct state.
+    // Send update after setting action state, this way frontend gets correct state.
     update_update(update.clone()).await?;
 
-    let log = match swarm_or_server {
-      SwarmOrServer::None => unreachable!(),
-      SwarmOrServer::Swarm(swarm) => {
-        match swarm_request(
-          &swarm.config.server_ids,
-          api::swarm::RemoveSwarmServices {
-            services: vec![deployment.name],
-          },
-        )
-        .await
-        {
-          Ok(log) => {
-            update_cache_for_swarm(&swarm, true).await;
-            log
-          }
-          Err(e) => Log::error(
-            "Remove Swarm Service",
-            format_serror(
-              &e.context("Failed to remove swarm service").into(),
-            ),
-          ),
-        }
-      }
-      SwarmOrServer::Server(server) => {
-        match periphery_client(&server)
-          .await?
-          .request(api::container::RemoveContainer {
-            name: deployment.name,
-            signal: self
-              .signal
-              .unwrap_or(deployment.config.termination_signal)
-              .into(),
-            time: self
-              .time
-              .unwrap_or(deployment.config.termination_timeout)
-              .into(),
-          })
-          .await
-        {
-          Ok(log) => {
-            update_cache_for_server(&server, true).await;
-            log
-          }
-          Err(e) => Log::error(
-            "Destroy Container",
-            format_serror(
-              &e.context("Failed to destroy container").into(),
-            ),
-          ),
-        }
-      }
+    let log = match periphery_client(&server)?
+      .request(api::container::RemoveContainer {
+        name: deployment.name,
+        signal: self
+          .signal
+          .unwrap_or(deployment.config.termination_signal)
+          .into(),
+        time: self
+          .time
+          .unwrap_or(deployment.config.termination_timeout)
+          .into(),
+      })
+      .await
+    {
+      Ok(log) => log,
+      Err(e) => Log::error(
+        "stop container",
+        format_serror(&e.context("failed to stop container").into()),
+      ),
     };
 
     update.logs.push(log);
     update.finalize();
-
+    update_cache_for_server(&server).await;
     update_update(update.clone()).await?;
 
     Ok(update)

bin/core/src/api/execute/maintenance.rs

@@ -1,609 +0,0 @@
-use std::{fmt::Write as _, sync::OnceLock};
-
-use anyhow::{Context, anyhow};
-use command::run_komodo_standard_command;
-use database::{
-  bson::{Document, doc},
-  mungos::find::find_collect,
-};
-use formatting::{bold, format_serror};
-use futures_util::{StreamExt, stream::FuturesOrdered};
-use komodo_client::{
-  api::execute::{
-    BackupCoreDatabase, ClearRepoCache, GlobalAutoUpdate,
-    RotateAllServerKeys, RotateCoreKeys,
-  },
-  entities::{
-    SwarmOrServer, deployment::DeploymentState, server::ServerState,
-    stack::StackState,
-  },
-};
-use mogh_error::AddStatusCodeError;
-use mogh_resolver::Resolve;
-use periphery_client::api;
-use reqwest::StatusCode;
-use tokio::sync::Mutex;
-
-use crate::{
-  api::{
-    execute::ExecuteArgs,
-    write::{
-      check_deployment_for_update_inner, check_stack_for_update_inner,
-    },
-  },
-  config::{core_config, core_keys},
-  helpers::{
-    periphery_client, query::find_swarm_or_server,
-    update::update_update,
-  },
-  resource::rotate_server_keys,
-  state::{
-    db_client, deployment_status_cache, server_status_cache,
-    stack_status_cache,
-  },
-};
-
-/// Makes sure the method can only be called once at a time
-fn clear_repo_cache_lock() -> &'static Mutex<()> {
-  static LOCK: OnceLock<Mutex<()>> = OnceLock::new();
-  LOCK.get_or_init(Default::default)
-}
-
-impl Resolve<ExecuteArgs> for ClearRepoCache {
-  #[instrument(
-    "ClearRepoCache",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id
-    )
-  )]
-  async fn resolve(
-    self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> Result<Self::Response, Self::Error> {
-    if !user.admin {
-      return Err(
-        anyhow!("This method is admin only.")
-          .status_code(StatusCode::FORBIDDEN),
-      );
-    }
-
-    let _lock = clear_repo_cache_lock()
-      .try_lock()
-      .context("Clear already in progress...")?;
-
-    let mut update = update.clone();
-
-    let mut contents =
-      tokio::fs::read_dir(&core_config().repo_directory)
-        .await
-        .context("Failed to read repo cache directory")?;
-
-    loop {
-      let path = match contents
-        .next_entry()
-        .await
-        .context("Failed to read contents at path")
-      {
-        Ok(Some(contents)) => contents.path(),
-        Ok(None) => break,
-        Err(e) => {
-          update.push_error_log(
-            "Read Directory",
-            format_serror(&e.into()),
-          );
-          continue;
-        }
-      };
-      if path.is_dir() {
-        match tokio::fs::remove_dir_all(&path)
-          .await
-          .context("Failed to clear contents at path")
-        {
-          Ok(_) => {}
-          Err(e) => {
-            update.push_error_log(
-              "Clear Directory",
-              format_serror(&e.into()),
-            );
-          }
-        };
-      }
-    }
-
-    update.finalize();
-    update_update(update.clone()).await?;
-
-    Ok(update)
-  }
-}
-
-//
-
-/// Makes sure the method can only be called once at a time
-fn backup_database_lock() -> &'static Mutex<()> {
-  static LOCK: OnceLock<Mutex<()>> = OnceLock::new();
-  LOCK.get_or_init(Default::default)
-}
-
-impl Resolve<ExecuteArgs> for BackupCoreDatabase {
-  #[instrument(
-    "BackupCoreDatabase",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-    )
-  )]
-  async fn resolve(
-    self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> Result<Self::Response, Self::Error> {
-    if !user.admin {
-      return Err(
-        anyhow!("This method is admin only.")
-          .status_code(StatusCode::FORBIDDEN),
-      );
-    }
-
-    let _lock = backup_database_lock()
-      .try_lock()
-      .context("Backup already in progress...")?;
-
-    let mut update = update.clone();
-
-    update_update(update.clone()).await?;
-
-    let res = run_komodo_standard_command(
-      "Backup Core Database",
-      None,
-      "km database backup --yes",
-    )
-    .await;
-
-    update.logs.push(res);
-    update.finalize();
-
-    update_update(update.clone()).await?;
-
-    Ok(update)
-  }
-}
-
-//
-
-/// Makes sure the method can only be called once at a time
-fn global_update_lock() -> &'static Mutex<()> {
-  static LOCK: OnceLock<Mutex<()>> = OnceLock::new();
-  LOCK.get_or_init(Default::default)
-}
-
-impl Resolve<ExecuteArgs> for GlobalAutoUpdate {
-  #[instrument(
-    "GlobalAutoUpdate",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-    )
-  )]
-  async fn resolve(
-    self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> Result<Self::Response, Self::Error> {
-    if !user.admin {
-      return Err(
-        anyhow!("This method is admin only.")
-          .status_code(StatusCode::FORBIDDEN),
-      );
-    }
-
-    let _lock = global_update_lock()
-      .try_lock()
-      .context("Global update already in progress...")?;
-
-    let mut update = update.clone();
-
-    update_update(update.clone()).await?;
-
-    // This is all done in sequence because there is no rush,
-    // the pulls / deploys happen spaced out to ease the load on system.
-    let servers = find_collect(&db_client().servers, None, None)
-      .await
-      .context("Failed to query for servers from database")?;
-    let swarms = find_collect(&db_client().swarms, None, None)
-      .await
-      .context("Failed to query for swarms from database")?;
-
-    let query = doc! {
-      "$or": [
-        { "config.poll_for_updates": true },
-        { "config.auto_update": true }
-      ]
-    };
-
-    let stacks =
-      find_collect(&db_client().stacks, query.clone(), None)
-        .await
-        .context("Failed to query for stacks from database")?;
-
-    let server_status_cache = server_status_cache();
-    let stack_status_cache = stack_status_cache();
-
-    // Will be edited later at update.logs[0]
-    update.push_simple_log("Auto Pull", String::new());
-
-    for stack in stacks {
-      let Some(status) = stack_status_cache.get(&stack.id).await
-      else {
-        continue;
-      };
-
-      // Only pull running stacks.
-      if !matches!(status.curr.state, StackState::Running) {
-        continue;
-      }
-
-      let swarm_or_server = find_swarm_or_server(
-        &stack.config.swarm_id,
-        &swarms,
-        &stack.config.server_id,
-        &servers,
-      )?;
-
-      if let SwarmOrServer::None = &swarm_or_server {
-        continue;
-      }
-
-      if let Some(server) =
-        servers.iter().find(|s| s.id == stack.config.server_id)
-        // This check is probably redundant along with running check
-        // but shouldn't hurt
-        && server_status_cache
-          .get(&server.id)
-          .await
-          .map(|s| matches!(s.state, ServerState::Ok))
-          .unwrap_or_default()
-      {
-        if let Err(e) = check_stack_for_update_inner(
-          stack.id,
-          &swarm_or_server,
-          self.skip_auto_update,
-          true,
-          false,
-        )
-        .await
-        {
-          update.push_error_log(
-            &format!("Check Stack {}", stack.name),
-            format_serror(&e.into()),
-          );
-        } else {
-          if !update.logs[0].stdout.is_empty() {
-            update.logs[0].stdout.push('\n');
-          }
-
-          update.logs[0].stdout.push_str(&format!(
-            "Checked Stack {} ✅",
-            bold(&stack.name)
-          ));
-        }
-      }
-    }
-
-    let deployment_status_cache = deployment_status_cache();
-    let deployments =
-      find_collect(&db_client().deployments, query, None)
-        .await
-        .context("Failed to query for deployments from database")?;
-
-    for deployment in deployments {
-      let Some(status) =
-        deployment_status_cache.get(&deployment.id).await
-      else {
-        continue;
-      };
-
-      // Only pull running deployments.
-      if !matches!(status.curr.state, DeploymentState::Running) {
-        continue;
-      }
-
-      let swarm_or_server = find_swarm_or_server(
-        &deployment.config.swarm_id,
-        &swarms,
-        &deployment.config.server_id,
-        &servers,
-      )?;
-
-      if let SwarmOrServer::None = &swarm_or_server {
-        continue;
-      }
-
-      let name = deployment.name.clone();
-
-      if let Err(e) = check_deployment_for_update_inner(
-        deployment,
-        &swarm_or_server,
-        self.skip_auto_update,
-        true,
-      )
-      .await
-      {
-        update.push_error_log(
-          &format!("Check Deployment {name}"),
-          format_serror(&e.into()),
-        );
-      } else {
-        if !update.logs[0].stdout.is_empty() {
-          update.logs[0].stdout.push('\n');
-        }
-        update.logs[0]
-          .stdout
-          .push_str(&format!("Checked Deployment {} ✅", bold(name)));
-      }
-    }
-
-    update.finalize();
-    update_update(update.clone()).await?;
-
-    Ok(update)
-  }
-}
-
-//
-
-/// Makes sure the method can only be called once at a time
-fn global_rotate_lock() -> &'static Mutex<()> {
-  static LOCK: OnceLock<Mutex<()>> = OnceLock::new();
-  LOCK.get_or_init(Default::default)
-}
-
-impl Resolve<ExecuteArgs> for RotateAllServerKeys {
-  #[instrument(
-    "RotateAllServerKeys",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-    )
-  )]
-  async fn resolve(
-    self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> Result<Self::Response, Self::Error> {
-    if !user.admin {
-      return Err(
-        anyhow!("This method is admin only.")
-          .status_code(StatusCode::FORBIDDEN),
-      );
-    }
-
-    let _lock = global_rotate_lock()
-      .try_lock()
-      .context("Key rotation already in progress...")?;
-
-    let mut update = update.clone();
-
-    update_update(update.clone()).await?;
-
-    let mut servers = db_client()
-      .servers
-      .find(Document::new())
-      .await
-      .context("Failed to query servers from database")?;
-
-    let server_status_cache = server_status_cache();
-
-    let mut log = String::new();
-
-    while let Some(server) = servers.next().await {
-      let server = match server {
-        Ok(server) => server,
-        Err(e) => {
-          warn!("Failed to parse Server | {e:#}");
-          continue;
-        }
-      };
-      if !server.config.auto_rotate_keys {
-        let _ = write!(
-          &mut log,
-          "\nSkipping {}: Key Rotation Disabled ⚙️",
-          bold(&server.name)
-        );
-        continue;
-      }
-      let Some(status) = server_status_cache.get(&server.id).await
-      else {
-        let _ = write!(
-          &mut log,
-          "\nSkipping {}: No Status ⚠️",
-          bold(&server.name)
-        );
-        continue;
-      };
-      match status.state {
-        ServerState::Disabled => {
-          let _ = write!(
-            &mut log,
-            "\nSkipping {}: Server Disabled ⚙️",
-            bold(&server.name)
-          );
-          continue;
-        }
-        ServerState::NotOk => {
-          let _ = write!(
-            &mut log,
-            "\nSkipping {}: Server Not Ok ⚠️",
-            bold(&server.name)
-          );
-          continue;
-        }
-        _ => {}
-      }
-      match rotate_server_keys(&server).await {
-        Ok(_) => {
-          let _ = write!(
-            &mut log,
-            "\nRotated keys for {} ✅",
-            bold(&server.name)
-          );
-        }
-        Err(e) => {
-          update.push_error_log(
-            "Key Rotation Failure",
-            format_serror(
-              &e.context(format!(
-                "Failed to rotate {} keys",
-                bold(&server.name)
-              ))
-              .into(),
-            ),
-          );
-        }
-      }
-    }
-
-    update.push_simple_log("Rotate Server Keys", log);
-    update.finalize();
-    update_update(update.clone()).await?;
-
-    Ok(update)
-  }
-}
-
-impl Resolve<ExecuteArgs> for RotateCoreKeys {
-  #[instrument(
-    "RotateCoreKeys",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      force = self.force,
-    )
-  )]
-  async fn resolve(
-    self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> Result<Self::Response, Self::Error> {
-    if !user.admin {
-      return Err(
-        anyhow!("This method is admin only.")
-          .status_code(StatusCode::FORBIDDEN),
-      );
-    }
-
-    let _lock = global_rotate_lock()
-      .try_lock()
-      .context("Key rotation already in progress...")?;
-
-    let mut update = update.clone();
-
-    update_update(update.clone()).await?;
-
-    let core_keys = core_keys();
-
-    if !core_keys.rotatable() {
-      return Err(anyhow!("Core `private_key` must be pointing to file, for example 'file:/config/keys/core.key'").into());
-    };
-
-    let server_status_cache = server_status_cache();
-    let servers =
-      find_collect(&db_client().servers, Document::new(), None)
-        .await
-        .context("Failed to query servers from database")?
-        .into_iter()
-        .map(|server| async move {
-          let state = server_status_cache
-            .get(&server.id)
-            .await
-            .map(|s| s.state)
-            .unwrap_or(ServerState::NotOk);
-          (server, state)
-        })
-        .collect::<FuturesOrdered<_>>()
-        .collect::<Vec<_>>()
-        .await;
-
-    if !self.force
-      && let Some((server, _)) = servers
-        .iter()
-        .find(|(_, state)| matches!(state, ServerState::NotOk))
-    {
-      return Err(
-        anyhow!("Server {} is NotOk, stopping key rotation. Pass `force: true` to continue anyways.", server.name).into(),
-      );
-    }
-
-    let public_key = core_keys
-      .rotate(mogh_pki::PkiKind::Mutual)
-      .await?
-      .into_inner();
-
-    info!("New Public Key: {public_key}");
-
-    let mut log = format!("New Public Key: {public_key}\n");
-
-    for (server, state) in servers {
-      match state {
-        ServerState::Disabled => {
-          let _ = write!(
-            &mut log,
-            "\nSkipping {}: Server Disabled ⚙️",
-            bold(&server.name)
-          );
-          continue;
-        }
-        ServerState::NotOk => {
-          // Shouldn't be reached unless 'force: true'
-          let _ = write!(
-            &mut log,
-            "\nSkipping {}: Server Not Ok ⚠️",
-            bold(&server.name)
-          );
-          continue;
-        }
-        _ => {}
-      }
-      let periphery = periphery_client(&server).await?;
-      let res = periphery
-        .request(api::keys::RotateCorePublicKey {
-          public_key: public_key.clone(),
-        })
-        .await;
-      match res {
-        Ok(_) => {
-          let _ = write!(
-            &mut log,
-            "\nRotated key for {} ✅",
-            bold(&server.name)
-          );
-        }
-        Err(e) => {
-          update.push_error_log(
-            "Key Rotation Failure",
-            format_serror(
-              &e.context(format!(
-                "Failed to rotate for {}. The new Core public key will have to be added manually.",
-                bold(&server.name)
-              ))
-              .into(),
-            ),
-          );
-        }
-      }
-    }
-
-    update.push_simple_log("Rotate Core Keys", log);
-    update.finalize();
-    update_update(update.clone()).await?;
-
-    Ok(update)
-  }
-}

bin/core/src/api/execute/mod.rs

@@ -1,36 +1,31 @@
-use std::pin::Pin;
+use std::{pin::Pin, time::Instant};
 
 use anyhow::Context;
-use axum::{
-  Extension, Router, extract::Path, middleware, routing::post,
-};
-use axum_extra::{TypedHeader, headers::ContentType};
-use database::mungos::by_id::find_one_by_id;
+use axum::{middleware, routing::post, Extension, Router};
+use axum_extra::{headers::ContentType, TypedHeader};
+use derive_variants::{EnumVariants, ExtractVariant};
 use formatting::format_serror;
-use futures_util::future::join_all;
+use futures::future::join_all;
 use komodo_client::{
   api::execute::*,
   entities::{
-    Operation,
-    permission::PermissionLevel,
     update::{Log, Update},
     user::User,
+    Operation,
   },
 };
-use mogh_auth_server::middleware::authenticate_request;
-use mogh_error::Json;
-use mogh_error::JsonString;
-use mogh_resolver::Resolve;
+use mungos::by_id::find_one_by_id;
+use resolver_api::Resolve;
+use response::JsonString;
 use serde::{Deserialize, Serialize};
-use serde_json::json;
-use strum::{Display, EnumDiscriminants};
+use serror::Json;
 use typeshare::typeshare;
 use uuid::Uuid;
 
 use crate::{
-  auth::KomodoAuthImpl,
+  auth::auth_request,
   helpers::update::{init_execution_update, update_update},
-  resource::{KomodoResource, list_full_for_user_using_pattern},
+  resource::{list_full_for_user_using_pattern, KomodoResource},
   state::db_client,
 };
 
@@ -38,91 +33,32 @@ mod action;
 mod alerter;
 mod build;
 mod deployment;
-mod maintenance;
 mod procedure;
 mod repo;
 mod server;
+mod server_template;
 mod stack;
-mod swarm;
 mod sync;
 
-use super::Variant;
+pub use {
+  deployment::pull_deployment_inner, stack::pull_stack_inner,
+};
 
 pub struct ExecuteArgs {
-  /// The execution id.
-  /// Unique for every /execute call.
-  pub id: Uuid,
   pub user: User,
   pub update: Update,
 }
 
 #[typeshare]
 #[derive(
-  Serialize, Deserialize, Debug, Clone, Resolve, EnumDiscriminants,
+  Serialize, Deserialize, Debug, Clone, Resolve, EnumVariants,
 )]
-#[strum_discriminants(name(ExecuteRequestVariant), derive(Display))]
+#[variant_derive(Debug)]
 #[args(ExecuteArgs)]
 #[response(JsonString)]
-#[error(mogh_error::Error)]
+#[error(serror::Error)]
 #[serde(tag = "type", content = "params")]
 pub enum ExecuteRequest {
-  // ==== STACK ====
-  DeployStack(DeployStack),
-  BatchDeployStack(BatchDeployStack),
-  DeployStackIfChanged(DeployStackIfChanged),
-  BatchDeployStackIfChanged(BatchDeployStackIfChanged),
-  PullStack(PullStack),
-  BatchPullStack(BatchPullStack),
-  StartStack(StartStack),
-  RestartStack(RestartStack),
-  StopStack(StopStack),
-  PauseStack(PauseStack),
-  UnpauseStack(UnpauseStack),
-  DestroyStack(DestroyStack),
-  BatchDestroyStack(BatchDestroyStack),
-  RunStackService(RunStackService),
-
-  // ==== DEPLOYMENT ====
-  Deploy(Deploy),
-  BatchDeploy(BatchDeploy),
-  PullDeployment(PullDeployment),
-  StartDeployment(StartDeployment),
-  RestartDeployment(RestartDeployment),
-  PauseDeployment(PauseDeployment),
-  UnpauseDeployment(UnpauseDeployment),
-  StopDeployment(StopDeployment),
-  DestroyDeployment(DestroyDeployment),
-  BatchDestroyDeployment(BatchDestroyDeployment),
-
-  // ==== BUILD ====
-  RunBuild(RunBuild),
-  BatchRunBuild(BatchRunBuild),
-  CancelBuild(CancelBuild),
-
-  // ==== REPO ====
-  CloneRepo(CloneRepo),
-  BatchCloneRepo(BatchCloneRepo),
-  PullRepo(PullRepo),
-  BatchPullRepo(BatchPullRepo),
-  BuildRepo(BuildRepo),
-  BatchBuildRepo(BatchBuildRepo),
-  CancelRepoBuild(CancelRepoBuild),
-
-  // ==== PROCEDURE ====
-  RunProcedure(RunProcedure),
-  BatchRunProcedure(BatchRunProcedure),
-
-  // ==== ACTION ====
-  RunAction(RunAction),
-  BatchRunAction(BatchRunAction),
-
-  // ==== SYNC ====
-  RunSync(RunSync),
-
-  // ==== ALERTER ====
-  TestAlerter(TestAlerter),
-  SendAlert(SendAlert),
-
   // ==== SERVER ====
   StartContainer(StartContainer),
   RestartContainer(RestartContainer),
@@ -146,50 +82,74 @@ pub enum ExecuteRequest {
   PruneBuildx(PruneBuildx),
   PruneSystem(PruneSystem),
 
-  // ==== SWARM ====
-  RemoveSwarmNodes(RemoveSwarmNodes),
-  RemoveSwarmStacks(RemoveSwarmStacks),
-  RemoveSwarmServices(RemoveSwarmServices),
-  CreateSwarmConfig(CreateSwarmConfig),
-  RotateSwarmConfig(RotateSwarmConfig),
-  RemoveSwarmConfigs(RemoveSwarmConfigs),
-  CreateSwarmSecret(CreateSwarmSecret),
-  RotateSwarmSecret(RotateSwarmSecret),
-  RemoveSwarmSecrets(RemoveSwarmSecrets),
+  // ==== DEPLOYMENT ====
+  Deploy(Deploy),
+  BatchDeploy(BatchDeploy),
+  PullDeployment(PullDeployment),
+  StartDeployment(StartDeployment),
+  RestartDeployment(RestartDeployment),
+  PauseDeployment(PauseDeployment),
+  UnpauseDeployment(UnpauseDeployment),
+  StopDeployment(StopDeployment),
+  DestroyDeployment(DestroyDeployment),
+  BatchDestroyDeployment(BatchDestroyDeployment),
 
-  // ==== MAINTENANCE ====
-  ClearRepoCache(ClearRepoCache),
-  BackupCoreDatabase(BackupCoreDatabase),
-  GlobalAutoUpdate(GlobalAutoUpdate),
-  RotateAllServerKeys(RotateAllServerKeys),
-  RotateCoreKeys(RotateCoreKeys),
+  // ==== STACK ====
+  DeployStack(DeployStack),
+  BatchDeployStack(BatchDeployStack),
+  DeployStackIfChanged(DeployStackIfChanged),
+  BatchDeployStackIfChanged(BatchDeployStackIfChanged),
+  PullStack(PullStack),
+  StartStack(StartStack),
+  RestartStack(RestartStack),
+  StopStack(StopStack),
+  PauseStack(PauseStack),
+  UnpauseStack(UnpauseStack),
+  DestroyStack(DestroyStack),
+  BatchDestroyStack(BatchDestroyStack),
+
+  // ==== BUILD ====
+  RunBuild(RunBuild),
+  BatchRunBuild(BatchRunBuild),
+  CancelBuild(CancelBuild),
+
+  // ==== REPO ====
+  CloneRepo(CloneRepo),
+  BatchCloneRepo(BatchCloneRepo),
+  PullRepo(PullRepo),
+  BatchPullRepo(BatchPullRepo),
+  BuildRepo(BuildRepo),
+  BatchBuildRepo(BatchBuildRepo),
+  CancelRepoBuild(CancelRepoBuild),
+
+  // ==== PROCEDURE ====
+  RunProcedure(RunProcedure),
+  BatchRunProcedure(BatchRunProcedure),
+
+  // ==== ACTION ====
+  RunAction(RunAction),
+  BatchRunAction(BatchRunAction),
+
+  // ==== SERVER TEMPLATE ====
+  LaunchServer(LaunchServer),
+
+  // ==== ALERTER ====
+  TestAlerter(TestAlerter),
+
+  // ==== SYNC ====
+  RunSync(RunSync),
 }
 
 pub fn router() -> Router {
   Router::new()
     .route("/", post(handler))
-    .route("/{variant}", post(variant_handler))
-    .layer(middleware::from_fn(
-      authenticate_request::<KomodoAuthImpl, true>,
-    ))
-}
-
-async fn variant_handler(
-  user: Extension<User>,
-  Path(Variant { variant }): Path<Variant>,
-  Json(params): Json<serde_json::Value>,
-) -> mogh_error::Result<(TypedHeader<ContentType>, String)> {
-  let req: ExecuteRequest = serde_json::from_value(json!({
-    "type": variant,
-    "params": params,
-  }))?;
-  handler(user, Json(req)).await
+    .layer(middleware::from_fn(auth_request))
 }
 
 async fn handler(
   Extension(user): Extension<User>,
   Json(request): Json<ExecuteRequest>,
-) -> mogh_error::Result<(TypedHeader<ContentType>, String)> {
+) -> serror::Result<(TypedHeader<ContentType>, String)> {
   let res = match inner_handler(request, user).await? {
     ExecutionResult::Single(update) => serde_json::to_string(&update)
       .context("Failed to serialize Update")?,
@@ -198,11 +158,8 @@ async fn handler(
   Ok((TypedHeader(ContentType::json()), res))
 }
 
-#[typeshare(serialized_as = "Update")]
-type BoxUpdate = Box<Update>;
-
 pub enum ExecutionResult {
-  Single(BoxUpdate),
+  Single(Update),
   /// The batch contents will be pre serialized here
   Batch(String),
 }
@@ -217,12 +174,10 @@ pub fn inner_handler(
   >,
 > {
   Box::pin(async move {
-    let task_id = Uuid::new_v4();
+    let req_id = Uuid::new_v4();
 
-    // Need to validate no cancel is active before any update is created.
-    // This ensures no double update created if Cancel is called more than once for the same request.
+    // need to validate no cancel is active before any update is created.
     build::validate_cancel_build(&request).await?;
-    repo::validate_cancel_repo_build(&request).await?;
 
     let update = init_execution_update(&request, &user).await?;
 
@@ -233,42 +188,33 @@ pub fn inner_handler(
     // here either.
     if update.operation == Operation::None {
       return Ok(ExecutionResult::Batch(
-        task(task_id, request, user, update).await?,
+        task(req_id, request, user, update).await?,
       ));
     }
 
-    // Spawn a task for the execution which continues
-    // running after this method returns.
     let handle =
-      tokio::spawn(task(task_id, request, user, update.clone()));
+      tokio::spawn(task(req_id, request, user, update.clone()));
 
-    // Spawns another task to monitor the first for failures,
-    // and add the log to Update about it (which primary task can't do because it errored out)
     tokio::spawn({
       let update_id = update.id.clone();
       async move {
         let log = match handle.await {
           Ok(Err(e)) => {
-            warn!("/execute request {task_id} task error: {e:#}",);
-            Log::error("Task Error", format_serror(&e.into()))
+            warn!("/execute request {req_id} task error: {e:#}",);
+            Log::error("task error", format_serror(&e.into()))
           }
           Err(e) => {
-            warn!("/execute request {task_id} spawn error: {e:?}",);
-            Log::error("Spawn Error", format!("{e:#?}"))
+            warn!("/execute request {req_id} spawn error: {e:?}",);
+            Log::error("spawn error", format!("{e:#?}"))
           }
           _ => return,
         };
         let res = async {
-          // Nothing to do if update was never actually created,
-          // which is the case when the id is empty.
-          if update_id.is_empty() {
-            return Ok(());
-          }
           let mut update =
             find_one_by_id(&db_client().updates, &update_id)
               .await
-              .context("Failed to query to db")?
-              .context("No update exists with given id")?;
+              .context("failed to query to db")?
+              .context("no update exists with given id")?;
           update.logs.push(log);
           update.finalize();
           update_update(update).await
@@ -277,43 +223,50 @@ pub fn inner_handler(
 
         if let Err(e) = res {
           warn!(
-            "Failed to update update with task error log | {e:#}"
+            "failed to update update with task error log | {e:#}"
           );
         }
       }
     });
 
-    Ok(ExecutionResult::Single(update.into()))
+    Ok(ExecutionResult::Single(update))
   })
 }
 
+#[instrument(
+  name = "ExecuteRequest",
+  skip(user, update),
+  fields(
+    user_id = user.id,
+    update_id = update.id,
+    request = format!("{:?}", request.extract_variant()))
+  )
+]
 async fn task(
-  id: Uuid,
+  req_id: Uuid,
   request: ExecuteRequest,
   user: User,
   update: Update,
 ) -> anyhow::Result<String> {
-  let variant: ExecuteRequestVariant = (&request).into();
+  info!("/execute request {req_id} | user: {}", user.username);
+  let timer = Instant::now();
 
-  info!(
-    "EXECUTE REQUEST {id} | METHOD: {variant} | USER: {} ({})",
-    user.username, user.id
-  );
-
-  let res =
-    match request.resolve(&ExecuteArgs { user, update, id }).await {
-      Err(e) => Err(e.error),
-      Ok(JsonString::Err(e)) => Err(
-        anyhow::Error::from(e)
-          .context("failed to serialize response"),
-      ),
-      Ok(JsonString::Ok(res)) => Ok(res),
-    };
+  let res = match request.resolve(&ExecuteArgs { user, update }).await
+  {
+    Err(e) => Err(e.error),
+    Ok(JsonString::Err(e)) => Err(
+      anyhow::Error::from(e).context("failed to serialize response"),
+    ),
+    Ok(JsonString::Ok(res)) => Ok(res),
+  };
 
   if let Err(e) = &res {
-    warn!("EXECUTE REQUEST {id} | METHOD: {variant} | ERROR: {e:#}");
+    warn!("/execute request {req_id} error: {e:#}");
   }
 
+  let elapsed = timer.elapsed();
+  debug!("/execute request {req_id} | resolve time: {elapsed:?}");
+
   res
 }
 
@@ -322,7 +275,6 @@ trait BatchExecute {
   fn single_request(name: String) -> ExecuteRequest;
 }
 
-#[instrument("BatchExecute", skip(user))]
 async fn batch_execute<E: BatchExecute>(
   pattern: &str,
   user: &User,
@@ -331,11 +283,9 @@ async fn batch_execute<E: BatchExecute>(
     pattern,
     Default::default(),
     user,
-    PermissionLevel::Execute.into(),
     &[],
   )
   .await?;
-
   let futures = resources.into_iter().map(|resource| {
     let user = user.clone();
     async move {

bin/core/src/api/execute/procedure.rs

@@ -1,30 +1,22 @@
 use std::pin::Pin;
 
-use database::mungos::{
-  by_id::update_one_by_id, mongodb::bson::to_document,
-};
-use formatting::{Color, bold, colored, format_serror, muted};
+use formatting::{bold, colored, format_serror, muted, Color};
 use komodo_client::{
   api::execute::{
     BatchExecutionResponse, BatchRunProcedure, RunProcedure,
   },
   entities::{
-    alert::{Alert, AlertData, SeverityLevel},
-    komodo_timestamp,
-    permission::PermissionLevel,
-    procedure::Procedure,
-    update::Update,
-    user::User,
+    permission::PermissionLevel, procedure::Procedure,
+    update::Update, user::User,
   },
 };
-use mogh_resolver::Resolve;
+use mungos::{by_id::update_one_by_id, mongodb::bson::to_document};
+use resolver_api::Resolve;
 use tokio::sync::Mutex;
 
 use crate::{
-  alert::send_alerts,
   helpers::{procedure::execute_procedure, update::update_update},
-  permission::get_check_permissions,
-  resource::refresh_procedure_state_cache,
+  resource::{self, refresh_procedure_state_cache},
   state::{action_states, db_client},
 };
 
@@ -38,15 +30,11 @@ impl super::BatchExecute for BatchRunProcedure {
 }
 
 impl Resolve<ExecuteArgs> for BatchRunProcedure {
-  #[instrument(
-    "BatchRunProcedure",
-    skip_all,
-    fields(operator = user.id)
-  )]
+  #[instrument(name = "BatchRunProcedure", skip(user), fields(user_id = user.id))]
   async fn resolve(
     self,
     ExecuteArgs { user, .. }: &ExecuteArgs,
-  ) -> mogh_error::Result<BatchExecutionResponse> {
+  ) -> serror::Result<BatchExecutionResponse> {
     Ok(
       super::batch_execute::<BatchRunProcedure>(&self.pattern, user)
         .await?,
@@ -55,20 +43,11 @@ impl Resolve<ExecuteArgs> for BatchRunProcedure {
 }
 
 impl Resolve<ExecuteArgs> for RunProcedure {
-  #[instrument(
-    "RunProcedure",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      procedure = self.procedure,
-    )
-  )]
+  #[instrument(name = "RunProcedure", skip(user, update), fields(user_id = user.id, update_id = update.id))]
   async fn resolve(
     self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> mogh_error::Result<Update> {
+    ExecuteArgs { user, update }: &ExecuteArgs,
+  ) -> serror::Result<Update> {
     Ok(
       resolve_inner(self.procedure, user.clone(), update.clone())
         .await?,
@@ -86,10 +65,10 @@ fn resolve_inner(
   >,
 > {
   Box::pin(async move {
-    let procedure = get_check_permissions::<Procedure>(
+    let procedure = resource::get_check_permissions::<Procedure>(
       &procedure,
       &user,
-      PermissionLevel::Execute.into(),
+      PermissionLevel::Execute,
     )
     .await?;
 
@@ -149,7 +128,7 @@ fn resolve_inner(
       let _ = update_one_by_id(
         &db_client().updates,
         &update.id,
-        database::mungos::update::Update::Set(update_doc),
+        mungos::update::Update::Set(update_doc),
         None,
       )
       .await;
@@ -158,25 +137,6 @@ fn resolve_inner(
 
     update_update(update.clone()).await?;
 
-    if !update.success && procedure.config.failure_alert {
-      let target = update.target.clone();
-      tokio::spawn(async move {
-        let alert = Alert {
-          id: Default::default(),
-          target,
-          ts: komodo_timestamp(),
-          resolved_ts: Some(komodo_timestamp()),
-          resolved: true,
-          level: SeverityLevel::Warning,
-          data: AlertData::ProcedureFailed {
-            id: procedure.id,
-            name: procedure.name,
-          },
-        };
-        send_alerts(&[alert]).await
-      });
-    }
-
     Ok(update)
   })
 }

bin/core/src/api/execute/repo.rs

@@ -1,15 +1,7 @@
 use std::{collections::HashSet, future::IntoFuture, time::Duration};
 
-use anyhow::{Context, anyhow};
-use database::mungos::{
-  by_id::update_one_by_id,
-  mongodb::{
-    bson::{doc, to_document},
-    options::FindOneOptions,
-  },
-};
+use anyhow::{anyhow, Context};
 use formatting::format_serror;
-use interpolate::Interpolator;
 use komodo_client::{
   api::{execute::*, write::RefreshRepoCache},
   entities::{
@@ -22,21 +14,33 @@ use komodo_client::{
     update::{Log, Update},
   },
 };
-use mogh_resolver::Resolve;
+use mungos::{
+  by_id::update_one_by_id,
+  mongodb::{
+    bson::{doc, to_document},
+    options::FindOneOptions,
+  },
+};
 use periphery_client::api;
+use resolver_api::Resolve;
 use tokio_util::sync::CancellationToken;
 
 use crate::{
   alert::send_alerts,
   api::write::WriteArgs,
   helpers::{
-    builder::{cleanup_builder_instance, connect_builder_periphery},
+    builder::{cleanup_builder_instance, get_builder_periphery},
     channel::repo_cancel_channel,
-    git_token, periphery_client,
-    query::{VariablesAndSecrets, get_variables_and_secrets},
+    git_token,
+    interpolate::{
+      add_interp_update_log,
+      interpolate_variables_secrets_into_string,
+      interpolate_variables_secrets_into_system_command,
+    },
+    periphery_client,
+    query::get_variables_and_secrets,
     update::update_update,
   },
-  permission::get_check_permissions,
   resource::{self, refresh_repo_state_cache},
   state::{action_states, db_client},
 };
@@ -51,19 +55,11 @@ impl super::BatchExecute for BatchCloneRepo {
 }
 
 impl Resolve<ExecuteArgs> for BatchCloneRepo {
-  #[instrument(
-    "BatchCloneRepo",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      pattern = self.pattern,
-    )
-  )]
+  #[instrument(name = "BatchCloneRepo", skip( user), fields(user_id = user.id))]
   async fn resolve(
     self,
-    ExecuteArgs { user, id, .. }: &ExecuteArgs,
-  ) -> mogh_error::Result<BatchExecutionResponse> {
+    ExecuteArgs { user, update }: &ExecuteArgs,
+  ) -> serror::Result<BatchExecutionResponse> {
     Ok(
       super::batch_execute::<BatchCloneRepo>(&self.pattern, user)
         .await?,
@@ -72,24 +68,15 @@ impl Resolve<ExecuteArgs> for BatchCloneRepo {
 }
 
 impl Resolve<ExecuteArgs> for CloneRepo {
-  #[instrument(
-    "CloneRepo",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      repo = self.repo,
-    )
-  )]
+  #[instrument(name = "CloneRepo", skip( user, update), fields(user_id = user.id, update_id = update.id))]
   async fn resolve(
     self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> mogh_error::Result<Update> {
-    let mut repo = get_check_permissions::<Repo>(
+    ExecuteArgs { user, update }: &ExecuteArgs,
+  ) -> serror::Result<Update> {
+    let mut repo = resource::get_check_permissions::<Repo>(
       &self.repo,
       user,
-      PermissionLevel::Execute.into(),
+      PermissionLevel::Execute,
     )
     .await?;
 
@@ -122,7 +109,7 @@ impl Resolve<ExecuteArgs> for CloneRepo {
     let server =
       resource::get::<Server>(&repo.config.server_id).await?;
 
-    let periphery = periphery_client(&server).await?;
+    let periphery = periphery_client(&server)?;
 
     // interpolate variables / secrets, returning the sanitizing replacers to send to
     // periphery so it may sanitize the final command for safe logging (avoids exposing secret values)
@@ -135,18 +122,16 @@ impl Resolve<ExecuteArgs> for CloneRepo {
         git_token,
         environment: repo.config.env_vars()?,
         env_file_path: repo.config.env_file_path,
-        on_clone: repo.config.on_clone.into(),
-        on_pull: repo.config.on_pull.into(),
         skip_secret_interp: repo.config.skip_secret_interp,
         replacers: secret_replacers.into_iter().collect(),
       })
       .await
     {
-      Ok(res) => res.res.logs,
+      Ok(res) => res.logs,
       Err(e) => {
         vec![Log::error(
-          "Clone Repo",
-          format_serror(&e.context("Failed to clone repo").into()),
+          "clone repo",
+          format_serror(&e.context("failed to clone repo").into()),
         )]
       }
     };
@@ -170,57 +155,40 @@ impl Resolve<ExecuteArgs> for CloneRepo {
       );
     };
 
-    handle_repo_update_return(update).await
+    handle_server_update_return(update).await
   }
 }
 
 impl super::BatchExecute for BatchPullRepo {
   type Resource = Repo;
   fn single_request(repo: String) -> ExecuteRequest {
-    ExecuteRequest::PullRepo(PullRepo { repo })
+    ExecuteRequest::CloneRepo(CloneRepo { repo })
   }
 }
 
 impl Resolve<ExecuteArgs> for BatchPullRepo {
-  #[instrument(
-    "BatchPullRepo",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      pattern = self.pattern
-    )
-  )]
+  #[instrument(name = "BatchPullRepo", skip(user), fields(user_id = user.id))]
   async fn resolve(
     self,
-    ExecuteArgs { user, id, .. }: &ExecuteArgs,
-  ) -> mogh_error::Result<BatchExecutionResponse> {
+    ExecuteArgs { user, .. }: &ExecuteArgs,
+  ) -> serror::Result<BatchExecutionResponse> {
     Ok(
-      super::batch_execute::<BatchPullRepo>(&self.pattern, user)
+      super::batch_execute::<BatchPullRepo>(&self.pattern, &user)
         .await?,
     )
   }
 }
 
 impl Resolve<ExecuteArgs> for PullRepo {
-  #[instrument(
-    "PullRepo",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      repo = self.repo,
-    )
-  )]
+  #[instrument(name = "PullRepo", skip(user, update), fields(user_id = user.id, update_id = update.id))]
   async fn resolve(
     self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> mogh_error::Result<Update> {
-    let mut repo = get_check_permissions::<Repo>(
+    ExecuteArgs { user, update }: &ExecuteArgs,
+  ) -> serror::Result<Update> {
+    let mut repo = resource::get_check_permissions::<Repo>(
       &self.repo,
-      user,
-      PermissionLevel::Execute.into(),
+      &user,
+      PermissionLevel::Execute,
     )
     .await?;
 
@@ -254,7 +222,7 @@ impl Resolve<ExecuteArgs> for PullRepo {
     let server =
       resource::get::<Server>(&repo.config.server_id).await?;
 
-    let periphery = periphery_client(&server).await?;
+    let periphery = periphery_client(&server)?;
 
     // interpolate variables / secrets, returning the sanitizing replacers to send to
     // periphery so it may sanitize the final command for safe logging (avoids exposing secret values)
@@ -267,15 +235,14 @@ impl Resolve<ExecuteArgs> for PullRepo {
         git_token,
         environment: repo.config.env_vars()?,
         env_file_path: repo.config.env_file_path,
-        on_pull: repo.config.on_pull.into(),
         skip_secret_interp: repo.config.skip_secret_interp,
         replacers: secret_replacers.into_iter().collect(),
       })
       .await
     {
       Ok(res) => {
-        update.commit_hash = res.res.commit_hash.unwrap_or_default();
-        res.res.logs
+        update.commit_hash = res.commit_hash.unwrap_or_default();
+        res.logs
       }
       Err(e) => {
         vec![Log::error(
@@ -305,18 +272,14 @@ impl Resolve<ExecuteArgs> for PullRepo {
       );
     };
 
-    handle_repo_update_return(update).await
+    handle_server_update_return(update).await
   }
 }
 
-#[instrument(
-  "HandleRepoEarlyReturn",
-  skip_all,
-  fields(update_id = update.id)
-)]
-async fn handle_repo_update_return(
+#[instrument(skip_all, fields(update_id = update.id))]
+async fn handle_server_update_return(
   update: Update,
-) -> mogh_error::Result<Update> {
+) -> serror::Result<Update> {
   // Need to manually update the update before cache refresh,
   // and before broadcast with add_update.
   // The Err case of to_document should be unreachable,
@@ -325,7 +288,7 @@ async fn handle_repo_update_return(
     let _ = update_one_by_id(
       &db_client().updates,
       &update.id,
-      database::mungos::update::Update::Set(update_doc),
+      mungos::update::Update::Set(update_doc),
       None,
     )
     .await;
@@ -335,7 +298,7 @@ async fn handle_repo_update_return(
   Ok(update)
 }
 
-#[instrument("UpdateLastPulledTime")]
+#[instrument]
 async fn update_last_pulled_time(repo_name: &str) {
   let res = db_client()
     .repos
@@ -359,19 +322,11 @@ impl super::BatchExecute for BatchBuildRepo {
 }
 
 impl Resolve<ExecuteArgs> for BatchBuildRepo {
-  #[instrument(
-    "BatchBuildRepo",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      pattern = self.pattern,
-    )
-  )]
+  #[instrument(name = "BatchBuildRepo", skip(user), fields(user_id = user.id))]
   async fn resolve(
     self,
-    ExecuteArgs { user, id, .. }: &ExecuteArgs,
-  ) -> mogh_error::Result<BatchExecutionResponse> {
+    ExecuteArgs { user, .. }: &ExecuteArgs,
+  ) -> serror::Result<BatchExecutionResponse> {
     Ok(
       super::batch_execute::<BatchBuildRepo>(&self.pattern, user)
         .await?,
@@ -380,24 +335,15 @@ impl Resolve<ExecuteArgs> for BatchBuildRepo {
 }
 
 impl Resolve<ExecuteArgs> for BuildRepo {
-  #[instrument(
-    "BuildRepo",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      repo = self.repo,
-    )
-  )]
+  #[instrument(name = "BuildRepo", skip(user, update), fields(user_id = user.id, update_id = update.id))]
   async fn resolve(
     self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> mogh_error::Result<Update> {
-    let mut repo = get_check_permissions::<Repo>(
+    ExecuteArgs { user, update }: &ExecuteArgs,
+  ) -> serror::Result<Update> {
+    let mut repo = resource::get_check_permissions::<Repo>(
       &self.repo,
       user,
-      PermissionLevel::Execute.into(),
+      PermissionLevel::Execute,
     )
     .await?;
 
@@ -474,7 +420,7 @@ impl Resolve<ExecuteArgs> for BuildRepo {
 
     // GET BUILDER PERIPHERY
 
-    let (periphery, cleanup_data) = match connect_builder_periphery(
+    let (periphery, cleanup_data) = match get_builder_periphery(
       repo.name.clone(),
       None,
       builder,
@@ -492,7 +438,8 @@ impl Resolve<ExecuteArgs> for BuildRepo {
         return handle_builder_early_return(
           update, repo.id, repo.name, false,
         )
-        .await;
+        .await
+        .map_err(Into::into);
       }
     };
 
@@ -510,8 +457,6 @@ impl Resolve<ExecuteArgs> for BuildRepo {
           git_token,
           environment: repo.config.env_vars()?,
           env_file_path: repo.config.env_file_path,
-          on_clone: repo.config.on_clone.into(),
-          on_pull: repo.config.on_pull.into(),
           skip_secret_interp: repo.config.skip_secret_interp,
           replacers: secret_replacers.into_iter().collect()
         }) => res,
@@ -528,15 +473,14 @@ impl Resolve<ExecuteArgs> for BuildRepo {
     let commit_message = match res {
       Ok(res) => {
         debug!("finished repo clone");
-        update.logs.extend(res.res.logs);
-        update.commit_hash = res.res.commit_hash.unwrap_or_default();
-
-        res.res.commit_message.unwrap_or_default()
+        update.logs.extend(res.logs);
+        update.commit_hash = res.commit_hash.unwrap_or_default();
+        res.commit_message.unwrap_or_default()
       }
       Err(e) => {
         update.push_error_log(
-          "Clone Repo",
-          format_serror(&e.context("Failed to clone repo").into()),
+          "clone repo",
+          format_serror(&e.context("failed to clone repo").into()),
         );
         Default::default()
       }
@@ -563,8 +507,6 @@ impl Resolve<ExecuteArgs> for BuildRepo {
     // stop the cancel listening task from going forever
     cancel.cancel();
 
-    // If building on temporary cloud server (AWS),
-    // this will terminate the server.
     cleanup_builder_instance(periphery, cleanup_data, &mut update)
       .await;
 
@@ -576,7 +518,7 @@ impl Resolve<ExecuteArgs> for BuildRepo {
       let _ = update_one_by_id(
         &db.updates,
         &update.id,
-        database::mungos::update::Update::Set(update_doc),
+        mungos::update::Update::Set(update_doc),
         None,
       )
       .await;
@@ -586,6 +528,7 @@ impl Resolve<ExecuteArgs> for BuildRepo {
     update_update(update.clone()).await?;
 
     if !update.success {
+      warn!("repo build unsuccessful, alerting...");
       let target = update.target.clone();
       tokio::spawn(async move {
         let alert = Alert {
@@ -608,13 +551,13 @@ impl Resolve<ExecuteArgs> for BuildRepo {
   }
 }
 
-#[instrument("HandleRepoBuildEarlyReturn", skip(update))]
+#[instrument(skip(update))]
 async fn handle_builder_early_return(
   mut update: Update,
   repo_id: String,
   repo_name: String,
   is_cancel: bool,
-) -> mogh_error::Result<Update> {
+) -> serror::Result<Update> {
   update.finalize();
   // Need to manually update the update before cache refresh,
   // and before broadcast with add_update.
@@ -624,7 +567,7 @@ async fn handle_builder_early_return(
     let _ = update_one_by_id(
       &db_client().updates,
       &update.id,
-      database::mungos::update::Update::Set(update_doc),
+      mungos::update::Update::Set(update_doc),
       None,
     )
     .await;
@@ -632,6 +575,7 @@ async fn handle_builder_early_return(
   }
   update_update(update.clone()).await?;
   if !update.success && !is_cancel {
+    warn!("repo build unsuccessful, alerting...");
     let target = update.target.clone();
     tokio::spawn(async move {
       let alert = Alert {
@@ -652,6 +596,7 @@ async fn handle_builder_early_return(
   Ok(update)
 }
 
+#[instrument(skip_all)]
 pub async fn validate_cancel_repo_build(
   request: &ExecuteRequest,
 ) -> anyhow::Result<()> {
@@ -701,24 +646,15 @@ pub async fn validate_cancel_repo_build(
 }
 
 impl Resolve<ExecuteArgs> for CancelRepoBuild {
-  #[instrument(
-    "CancelRepoBuild",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      repo = self.repo,
-    )
-  )]
+  #[instrument(name = "CancelRepoBuild", skip(user, update), fields(user_id = user.id, update_id = update.id))]
   async fn resolve(
     self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> mogh_error::Result<Update> {
-    let repo = get_check_permissions::<Repo>(
+    ExecuteArgs { user, update }: &ExecuteArgs,
+  ) -> serror::Result<Update> {
+    let repo = resource::get_check_permissions::<Repo>(
       &self.repo,
       user,
-      PermissionLevel::Execute.into(),
+      PermissionLevel::Execute,
     )
     .await?;
 
@@ -760,9 +696,7 @@ impl Resolve<ExecuteArgs> for CancelRepoBuild {
       )
       .await
       {
-        warn!(
-          "failed to set CancelRepoBuild Update status Complete after timeout | {e:#}"
-        )
+        warn!("failed to set CancelRepoBuild Update status Complete after timeout | {e:#}")
       }
     });
 
@@ -770,29 +704,44 @@ impl Resolve<ExecuteArgs> for CancelRepoBuild {
   }
 }
 
-#[instrument(
-  "Interpolate",
-  skip_all,
-  fields(
-    skip_secret_interp = repo.config.skip_secret_interp
-  )
-)]
 async fn interpolate(
   repo: &mut Repo,
   update: &mut Update,
 ) -> anyhow::Result<HashSet<(String, String)>> {
   if !repo.config.skip_secret_interp {
-    let VariablesAndSecrets { variables, secrets } =
-      get_variables_and_secrets().await?;
+    let vars_and_secrets = get_variables_and_secrets().await?;
 
-    let mut interpolator =
-      Interpolator::new(Some(&variables), &secrets);
+    let mut global_replacers = HashSet::new();
+    let mut secret_replacers = HashSet::new();
 
-    interpolator
-      .interpolate_repo(repo)?
-      .push_logs(&mut update.logs);
+    interpolate_variables_secrets_into_string(
+      &vars_and_secrets,
+      &mut repo.config.environment,
+      &mut global_replacers,
+      &mut secret_replacers,
+    )?;
 
-    Ok(interpolator.secret_replacers)
+    interpolate_variables_secrets_into_system_command(
+      &vars_and_secrets,
+      &mut repo.config.on_clone,
+      &mut global_replacers,
+      &mut secret_replacers,
+    )?;
+
+    interpolate_variables_secrets_into_system_command(
+      &vars_and_secrets,
+      &mut repo.config.on_pull,
+      &mut global_replacers,
+      &mut secret_replacers,
+    )?;
+
+    add_interp_update_log(
+      update,
+      &global_replacers,
+      &secret_replacers,
+    );
+
+    Ok(secret_replacers)
   } else {
     Ok(Default::default())
   }

bin/core/src/api/execute/server_template.rs

@@ -0,0 +1,156 @@
+use anyhow::{anyhow, Context};
+use formatting::format_serror;
+use komodo_client::{
+  api::{execute::LaunchServer, write::CreateServer},
+  entities::{
+    permission::PermissionLevel,
+    server::PartialServerConfig,
+    server_template::{ServerTemplate, ServerTemplateConfig},
+    update::Update,
+  },
+};
+use mungos::mongodb::bson::doc;
+use resolver_api::Resolve;
+
+use crate::{
+  api::write::WriteArgs,
+  cloud::{
+    aws::ec2::launch_ec2_instance, hetzner::launch_hetzner_server,
+  },
+  helpers::update::update_update,
+  resource,
+  state::db_client,
+};
+
+use super::ExecuteArgs;
+
+impl Resolve<ExecuteArgs> for LaunchServer {
+  #[instrument(name = "LaunchServer", skip(user, update), fields(user_id = user.id, update_id = update.id))]
+  async fn resolve(
+    self,
+    ExecuteArgs { user, update }: &ExecuteArgs,
+  ) -> serror::Result<Update> {
+    // validate name isn't already taken by another server
+    if db_client()
+      .servers
+      .find_one(doc! {
+        "name": &self.name
+      })
+      .await
+      .context("failed to query db for servers")?
+      .is_some()
+    {
+      return Err(anyhow!("name is already taken").into());
+    }
+
+    let template = resource::get_check_permissions::<ServerTemplate>(
+      &self.server_template,
+      user,
+      PermissionLevel::Execute,
+    )
+    .await?;
+
+    let mut update = update.clone();
+
+    update.push_simple_log(
+      "launching server",
+      format!("{:#?}", template.config),
+    );
+    update_update(update.clone()).await?;
+
+    let config = match template.config {
+      ServerTemplateConfig::Aws(config) => {
+        let region = config.region.clone();
+        let use_https = config.use_https;
+        let port = config.port;
+        let instance =
+          match launch_ec2_instance(&self.name, config).await {
+            Ok(instance) => instance,
+            Err(e) => {
+              update.push_error_log(
+                "launch server",
+                format!("failed to launch aws instance\n\n{e:#?}"),
+              );
+              update.finalize();
+              update_update(update.clone()).await?;
+              return Ok(update);
+            }
+          };
+        update.push_simple_log(
+          "launch server",
+          format!(
+            "successfully launched server {} on ip {}",
+            self.name, instance.ip
+          ),
+        );
+        let protocol = if use_https { "https" } else { "http" };
+        PartialServerConfig {
+          address: format!("{protocol}://{}:{port}", instance.ip)
+            .into(),
+          region: region.into(),
+          ..Default::default()
+        }
+      }
+      ServerTemplateConfig::Hetzner(config) => {
+        let datacenter = config.datacenter;
+        let use_https = config.use_https;
+        let port = config.port;
+        let server =
+          match launch_hetzner_server(&self.name, config).await {
+            Ok(server) => server,
+            Err(e) => {
+              update.push_error_log(
+                "launch server",
+                format!("failed to launch hetzner server\n\n{e:#?}"),
+              );
+              update.finalize();
+              update_update(update.clone()).await?;
+              return Ok(update);
+            }
+          };
+        update.push_simple_log(
+          "launch server",
+          format!(
+            "successfully launched server {} on ip {}",
+            self.name, server.ip
+          ),
+        );
+        let protocol = if use_https { "https" } else { "http" };
+        PartialServerConfig {
+          address: format!("{protocol}://{}:{port}", server.ip)
+            .into(),
+          region: datacenter.as_ref().to_string().into(),
+          ..Default::default()
+        }
+      }
+    };
+
+    match (CreateServer {
+      name: self.name,
+      config,
+    })
+    .resolve(&WriteArgs { user: user.clone() })
+    .await
+    {
+      Ok(server) => {
+        update.push_simple_log(
+          "create server",
+          format!("created server {} ({})", server.name, server.id),
+        );
+        update.other_data = server.id;
+      }
+      Err(e) => {
+        update.push_error_log(
+          "create server",
+          format_serror(
+            &e.error.context("failed to create server").into(),
+          ),
+        );
+      }
+    };
+
+    update.finalize();
+    update_update(update.clone()).await?;
+    Ok(update)
+  }
+}

bin/core/src/api/execute/swarm.rs

@@ -1,516 +0,0 @@
-use formatting::format_serror;
-use komodo_client::{
-  api::execute::{
-    CreateSwarmConfig, CreateSwarmSecret, RemoveSwarmConfigs,
-    RemoveSwarmNodes, RemoveSwarmSecrets, RemoveSwarmServices,
-    RemoveSwarmStacks, RotateSwarmConfig, RotateSwarmSecret,
-  },
-  entities::{permission::PermissionLevel, swarm::Swarm},
-};
-use mogh_resolver::Resolve;
-
-use crate::{
-  api::execute::ExecuteArgs,
-  helpers::{swarm::swarm_request, update::update_update},
-  monitor::update_cache_for_swarm,
-  permission::get_check_permissions,
-};
-
-impl Resolve<ExecuteArgs> for RemoveSwarmNodes {
-  #[instrument(
-    "RemoveSwarmNodes",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      swarm = self.swarm,
-      nodes = serde_json::to_string(&self.nodes).unwrap_or_else(|e| e.to_string()),
-      force = self.force,
-    )
-  )]
-  async fn resolve(
-    self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> Result<Self::Response, Self::Error> {
-    let swarm = get_check_permissions::<Swarm>(
-      &self.swarm,
-      user,
-      PermissionLevel::Execute.into(),
-    )
-    .await?;
-
-    update_update(update.clone()).await?;
-
-    let mut update = update.clone();
-
-    match swarm_request(
-      &swarm.config.server_ids,
-      periphery_client::api::swarm::RemoveSwarmNodes {
-        nodes: self.nodes,
-        force: self.force,
-      },
-    )
-    .await
-    {
-      Ok(log) => {
-        update.logs.push(log);
-        update_cache_for_swarm(&swarm, true).await;
-      }
-      Err(e) => update.push_error_log(
-        "Remove Swarm Nodes",
-        format_serror(
-          &e.context("Failed to remove swarm nodes").into(),
-        ),
-      ),
-    };
-
-    update.finalize();
-    update_update(update.clone()).await?;
-
-    Ok(update)
-  }
-}
-
-impl Resolve<ExecuteArgs> for RemoveSwarmStacks {
-  #[instrument(
-    "RemoveSwarmStacks",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      swarm = self.swarm,
-      stacks = serde_json::to_string(&self.stacks).unwrap_or_else(|e| e.to_string()),
-      detach = self.detach,
-    )
-  )]
-  async fn resolve(
-    self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> Result<Self::Response, Self::Error> {
-    let swarm = get_check_permissions::<Swarm>(
-      &self.swarm,
-      user,
-      PermissionLevel::Execute.into(),
-    )
-    .await?;
-
-    update_update(update.clone()).await?;
-
-    let mut update = update.clone();
-
-    match swarm_request(
-      &swarm.config.server_ids,
-      periphery_client::api::swarm::RemoveSwarmStacks {
-        stacks: self.stacks,
-        detach: self.detach,
-      },
-    )
-    .await
-    {
-      Ok(log) => {
-        update.logs.push(log);
-        update_cache_for_swarm(&swarm, true).await;
-      }
-      Err(e) => update.push_error_log(
-        "Remove Swarm Stacks",
-        format_serror(
-          &e.context("Failed to remove swarm stacks").into(),
-        ),
-      ),
-    };
-
-    update.finalize();
-    update_update(update.clone()).await?;
-
-    Ok(update)
-  }
-}
-
-impl Resolve<ExecuteArgs> for RemoveSwarmServices {
-  #[instrument(
-    "RemoveSwarmServices",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      swarm = self.swarm,
-      services = serde_json::to_string(&self.services).unwrap_or_else(|e| e.to_string()),
-    )
-  )]
-  async fn resolve(
-    self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> Result<Self::Response, Self::Error> {
-    let swarm = get_check_permissions::<Swarm>(
-      &self.swarm,
-      user,
-      PermissionLevel::Execute.into(),
-    )
-    .await?;
-
-    update_update(update.clone()).await?;
-
-    let mut update = update.clone();
-
-    match swarm_request(
-      &swarm.config.server_ids,
-      periphery_client::api::swarm::RemoveSwarmServices {
-        services: self.services,
-      },
-    )
-    .await
-    {
-      Ok(log) => {
-        update.logs.push(log);
-        update_cache_for_swarm(&swarm, true).await;
-      }
-      Err(e) => update.push_error_log(
-        "Remove Swarm Services",
-        format_serror(
-          &e.context("Failed to remove swarm services").into(),
-        ),
-      ),
-    };
-
-    update.finalize();
-    update_update(update.clone()).await?;
-
-    Ok(update)
-  }
-}
-
-impl Resolve<ExecuteArgs> for CreateSwarmConfig {
-  #[instrument(
-    "CreateSwarmConfig",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      swarm = self.swarm,
-      config = self.name,
-    )
-  )]
-  async fn resolve(
-    self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> Result<Self::Response, Self::Error> {
-    let swarm = get_check_permissions::<Swarm>(
-      &self.swarm,
-      user,
-      PermissionLevel::Execute.into(),
-    )
-    .await?;
-
-    update_update(update.clone()).await?;
-
-    let mut update = update.clone();
-
-    match swarm_request(
-      &swarm.config.server_ids,
-      periphery_client::api::swarm::CreateSwarmConfig {
-        name: self.name,
-        data: self.data,
-        labels: self.labels,
-        template_driver: self.template_driver,
-      },
-    )
-    .await
-    {
-      Ok(log) => {
-        update.logs.push(log);
-        update_cache_for_swarm(&swarm, true).await;
-      }
-      Err(e) => update.push_error_log(
-        "Create Swarm Config",
-        format_serror(
-          &e.context("Failed to create swarm config").into(),
-        ),
-      ),
-    };
-
-    update.finalize();
-    update_update(update.clone()).await?;
-
-    Ok(update)
-  }
-}
-
-impl Resolve<ExecuteArgs> for RotateSwarmConfig {
-  #[instrument(
-    "RotateSwarmConfig",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      swarm = self.swarm,
-      config = self.config,
-    )
-  )]
-  async fn resolve(
-    self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> Result<Self::Response, Self::Error> {
-    let swarm = get_check_permissions::<Swarm>(
-      &self.swarm,
-      user,
-      PermissionLevel::Execute.into(),
-    )
-    .await?;
-
-    update_update(update.clone()).await?;
-
-    let mut update = update.clone();
-
-    match swarm_request(
-      &swarm.config.server_ids,
-      periphery_client::api::swarm::RotateSwarmConfig {
-        config: self.config,
-        data: self.data,
-      },
-    )
-    .await
-    {
-      Ok(logs) => {
-        update.logs.extend(logs);
-        update_cache_for_swarm(&swarm, true).await;
-      }
-      Err(e) => update.push_error_log(
-        "Rotate Swarm Config",
-        format_serror(
-          &e.context("Failed to rotate swarm config").into(),
-        ),
-      ),
-    };
-
-    update.finalize();
-    update_update(update.clone()).await?;
-
-    Ok(update)
-  }
-}
-
-impl Resolve<ExecuteArgs> for RemoveSwarmConfigs {
-  #[instrument(
-    "RemoveSwarmConfigs",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      swarm = self.swarm,
-      configs = serde_json::to_string(&self.configs).unwrap_or_else(|e| e.to_string()),
-    )
-  )]
-  async fn resolve(
-    self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> Result<Self::Response, Self::Error> {
-    let swarm = get_check_permissions::<Swarm>(
-      &self.swarm,
-      user,
-      PermissionLevel::Execute.into(),
-    )
-    .await?;
-
-    update_update(update.clone()).await?;
-
-    let mut update = update.clone();
-
-    match swarm_request(
-      &swarm.config.server_ids,
-      periphery_client::api::swarm::RemoveSwarmConfigs {
-        configs: self.configs,
-      },
-    )
-    .await
-    {
-      Ok(log) => {
-        update.logs.push(log);
-        update_cache_for_swarm(&swarm, true).await;
-      }
-      Err(e) => update.push_error_log(
-        "Remove Swarm Configs",
-        format_serror(
-          &e.context("Failed to remove swarm configs").into(),
-        ),
-      ),
-    };
-
-    update.finalize();
-    update_update(update.clone()).await?;
-
-    Ok(update)
-  }
-}
-
-impl Resolve<ExecuteArgs> for CreateSwarmSecret {
-  #[instrument(
-    "CreateSwarmSecret",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      swarm = self.swarm,
-      secret = self.name,
-    )
-  )]
-  async fn resolve(
-    self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> Result<Self::Response, Self::Error> {
-    let swarm = get_check_permissions::<Swarm>(
-      &self.swarm,
-      user,
-      PermissionLevel::Execute.into(),
-    )
-    .await?;
-
-    update_update(update.clone()).await?;
-
-    let mut update = update.clone();
-
-    match swarm_request(
-      &swarm.config.server_ids,
-      periphery_client::api::swarm::CreateSwarmSecret {
-        name: self.name,
-        data: self.data,
-        driver: self.driver,
-        labels: self.labels,
-        template_driver: self.template_driver,
-      },
-    )
-    .await
-    {
-      Ok(log) => {
-        update.logs.push(log);
-        update_cache_for_swarm(&swarm, true).await;
-      }
-      Err(e) => update.push_error_log(
-        "Create Swarm Secret",
-        format_serror(
-          &e.context("Failed to create swarm secret").into(),
-        ),
-      ),
-    };
-
-    update.finalize();
-    update_update(update.clone()).await?;
-
-    Ok(update)
-  }
-}
-
-impl Resolve<ExecuteArgs> for RotateSwarmSecret {
-  #[instrument(
-    "RotateSwarmSecret",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      swarm = self.swarm,
-      secret = self.secret,
-    )
-  )]
-  async fn resolve(
-    self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> Result<Self::Response, Self::Error> {
-    let swarm = get_check_permissions::<Swarm>(
-      &self.swarm,
-      user,
-      PermissionLevel::Execute.into(),
-    )
-    .await?;
-
-    update_update(update.clone()).await?;
-
-    let mut update = update.clone();
-
-    match swarm_request(
-      &swarm.config.server_ids,
-      periphery_client::api::swarm::RotateSwarmSecret {
-        secret: self.secret,
-        data: self.data,
-      },
-    )
-    .await
-    {
-      Ok(logs) => {
-        update.logs.extend(logs);
-        update_cache_for_swarm(&swarm, true).await;
-      }
-      Err(e) => update.push_error_log(
-        "Rotate Swarm Secret",
-        format_serror(
-          &e.context("Failed to rotate swarm secret").into(),
-        ),
-      ),
-    };
-
-    update.finalize();
-    update_update(update.clone()).await?;
-
-    Ok(update)
-  }
-}
-
-impl Resolve<ExecuteArgs> for RemoveSwarmSecrets {
-  #[instrument(
-    "RemoveSwarmSecrets",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      swarm = self.swarm,
-      secrets = serde_json::to_string(&self.secrets).unwrap_or_else(|e| e.to_string()),
-    )
-  )]
-  async fn resolve(
-    self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> Result<Self::Response, Self::Error> {
-    let swarm = get_check_permissions::<Swarm>(
-      &self.swarm,
-      user,
-      PermissionLevel::Execute.into(),
-    )
-    .await?;
-
-    update_update(update.clone()).await?;
-
-    let mut update = update.clone();
-
-    match swarm_request(
-      &swarm.config.server_ids,
-      periphery_client::api::swarm::RemoveSwarmSecrets {
-        secrets: self.secrets,
-      },
-    )
-    .await
-    {
-      Ok(log) => {
-        update.logs.push(log);
-        update_cache_for_swarm(&swarm, true).await;
-      }
-      Err(e) => update.push_error_log(
-        "Remove Swarm Secrets",
-        format_serror(
-          &e.context("Failed to remove swarm secrets").into(),
-        ),
-      ),
-    };
-
-    update.finalize();
-    update_update(update.clone()).await?;
-
-    Ok(update)
-  }
-}

bin/core/src/api/execute/sync.rs

@@ -1,15 +1,11 @@
 use std::{collections::HashMap, str::FromStr};
 
-use anyhow::{Context, anyhow};
-use database::mungos::{
-  by_id::update_one_by_id,
-  mongodb::bson::{doc, oid::ObjectId},
-};
-use formatting::{Color, colored, format_serror};
+use anyhow::{anyhow, Context};
+use formatting::{colored, format_serror, Color};
 use komodo_client::{
   api::{execute::RunSync, write::RefreshResourceSyncPending},
   entities::{
-    self, ResourceTargetVariant,
+    self,
     action::Action,
     alerter::Alerter,
     build::Build,
@@ -20,76 +16,59 @@ use komodo_client::{
     procedure::Procedure,
     repo::Repo,
     server::Server,
+    server_template::ServerTemplate,
     stack::Stack,
     sync::ResourceSync,
     update::{Log, Update},
     user::sync_user,
+    ResourceTargetVariant,
   },
 };
-use mogh_resolver::Resolve;
+use mongo_indexed::doc;
+use mungos::{
+  by_id::update_one_by_id,
+  mongodb::bson::{oid::ObjectId, to_document},
+};
+use resolver_api::Resolve;
 
 use crate::{
   api::write::WriteArgs,
-  helpers::{
-    all_resources::AllResourcesById, query::get_id_to_tags,
-    update::update_update,
-  },
-  permission::get_check_permissions,
+  helpers::{query::get_id_to_tags, update::update_update},
+  resource::{self, refresh_resource_sync_state_cache},
   state::{action_states, db_client},
   sync::{
-    ResourceSyncTrait,
     deploy::{
-      SyncDeployParams, build_deploy_cache, deploy_from_cache,
+      build_deploy_cache, deploy_from_cache, SyncDeployParams,
     },
-    execute::{ExecuteResourceSync, get_updates_for_execution},
+    execute::{get_updates_for_execution, ExecuteResourceSync},
     remote::RemoteResources,
+    AllResourcesById, ResourceSyncTrait,
   },
 };
 
 use super::ExecuteArgs;
 
 impl Resolve<ExecuteArgs> for RunSync {
-  #[instrument(
-    "RunSync",
-    skip_all,
-    fields(
-      id = id.to_string(),
-      operator = user.id,
-      update_id = update.id,
-      sync = self.sync,
-      resource_type = format!("{:?}", self.resource_type),
-      resources = format!("{:?}", self.resources),
-    )
-  )]
+  #[instrument(name = "RunSync", skip(user, update), fields(user_id = user.id, update_id = update.id))]
   async fn resolve(
     self,
-    ExecuteArgs { user, update, id }: &ExecuteArgs,
-  ) -> mogh_error::Result<Update> {
+    ExecuteArgs { user, update }: &ExecuteArgs,
+  ) -> serror::Result<Update> {
     let RunSync {
       sync,
       resource_type: match_resource_type,
       resources: match_resources,
     } = self;
-    let sync = get_check_permissions::<entities::sync::ResourceSync>(
-      &sync,
-      user,
-      PermissionLevel::Execute.into(),
-    )
+    let sync = resource::get_check_permissions::<
+      entities::sync::ResourceSync,
+    >(&sync, &user, PermissionLevel::Execute)
     .await?;
 
-    let repo = if !sync.config.files_on_host
-      && !sync.config.linked_repo.is_empty()
-    {
-      crate::resource::get::<Repo>(&sync.config.linked_repo)
-        .await?
-        .into()
-    } else {
-      None
-    };
-
     // get the action state for the sync (or insert default).
-    let action_state =
-      action_states().sync.get_or_insert_default(&sync.id).await;
+    let action_state = action_states()
+      .resource_sync
+      .get_or_insert_default(&sync.id)
+      .await;
 
     // This will set action state back to default when dropped.
     // Will also check to ensure sync not already busy before updating.
@@ -108,10 +87,9 @@ impl Resolve<ExecuteArgs> for RunSync {
       message,
       file_errors,
       ..
-    } =
-      crate::sync::remote::get_remote_resources(&sync, repo.as_ref())
-        .await
-        .context("failed to get remote resources")?;
+    } = crate::sync::remote::get_remote_resources(&sync)
+      .await
+      .context("failed to get remote resources")?;
 
     update.logs.extend(logs);
     update_update(update.clone()).await?;
@@ -136,30 +114,22 @@ impl Resolve<ExecuteArgs> for RunSync {
           };
           match ObjectId::from_str(&name_or_id) {
             Ok(_) => match resource_type {
-              ResourceTargetVariant::Swarm => all_resources
-                .swarms
+              ResourceTargetVariant::Alerter => all_resources
+                .alerters
                 .get(&name_or_id)
-                .map(|s| s.name.clone()),
-              ResourceTargetVariant::Server => all_resources
-                .servers
-                .get(&name_or_id)
-                .map(|s| s.name.clone()),
-              ResourceTargetVariant::Stack => all_resources
-                .stacks
-                .get(&name_or_id)
-                .map(|s| s.name.clone()),
-              ResourceTargetVariant::Deployment => all_resources
-                .deployments
-                .get(&name_or_id)
-                .map(|d| d.name.clone()),
+                .map(|a| a.name.clone()),
               ResourceTargetVariant::Build => all_resources
                 .builds
                 .get(&name_or_id)
                 .map(|b| b.name.clone()),
-              ResourceTargetVariant::Repo => all_resources
-                .repos
+              ResourceTargetVariant::Builder => all_resources
+                .builders
                 .get(&name_or_id)
-                .map(|r| r.name.clone()),
+                .map(|b| b.name.clone()),
+              ResourceTargetVariant::Deployment => all_resources
+                .deployments
+                .get(&name_or_id)
+                .map(|d| d.name.clone()),
               ResourceTargetVariant::Procedure => all_resources
                 .procedures
                 .get(&name_or_id)
@@ -168,18 +138,26 @@ impl Resolve<ExecuteArgs> for RunSync {
                 .actions
                 .get(&name_or_id)
                 .map(|p| p.name.clone()),
+              ResourceTargetVariant::Repo => all_resources
+                .repos
+                .get(&name_or_id)
+                .map(|r| r.name.clone()),
+              ResourceTargetVariant::Server => all_resources
+                .servers
+                .get(&name_or_id)
+                .map(|s| s.name.clone()),
+              ResourceTargetVariant::ServerTemplate => all_resources
+                .templates
+                .get(&name_or_id)
+                .map(|t| t.name.clone()),
+              ResourceTargetVariant::Stack => all_resources
+                .stacks
+                .get(&name_or_id)
+                .map(|s| s.name.clone()),
               ResourceTargetVariant::ResourceSync => all_resources
                 .syncs
                 .get(&name_or_id)
                 .map(|s| s.name.clone()),
-              ResourceTargetVariant::Builder => all_resources
-                .builders
-                .get(&name_or_id)
-                .map(|b| b.name.clone()),
-              ResourceTargetVariant::Alerter => all_resources
-                .alerters
-                .get(&name_or_id)
-                .map(|a| a.name.clone()),
               ResourceTargetVariant::System => None,
             },
             Err(_) => Some(name_or_id),
@@ -226,141 +204,145 @@ impl Resolve<ExecuteArgs> for RunSync {
       deployment_map: &deployments_by_name,
       stacks: &resources.stacks,
       stack_map: &stacks_by_name,
+      all_resources: &all_resources,
     })
     .await?;
 
     let delete = sync.config.managed || sync.config.delete;
 
-    let server_deltas = if sync.config.include_resources {
+    let (servers_to_create, servers_to_update, servers_to_delete) =
       get_updates_for_execution::<Server>(
         resources.servers,
         delete,
+        &all_resources,
         match_resource_type,
         match_resources.as_deref(),
         &id_to_tags,
         &sync.config.match_tags,
       )
-      .await?
-    } else {
-      Default::default()
-    };
-    let stack_deltas = if sync.config.include_resources {
+      .await?;
+    let (
+      deployments_to_create,
+      deployments_to_update,
+      deployments_to_delete,
+    ) = get_updates_for_execution::<Deployment>(
+      resources.deployments,
+      delete,
+      &all_resources,
+      match_resource_type,
+      match_resources.as_deref(),
+      &id_to_tags,
+      &sync.config.match_tags,
+    )
+    .await?;
+    let (stacks_to_create, stacks_to_update, stacks_to_delete) =
       get_updates_for_execution::<Stack>(
         resources.stacks,
         delete,
+        &all_resources,
         match_resource_type,
         match_resources.as_deref(),
         &id_to_tags,
         &sync.config.match_tags,
       )
-      .await?
-    } else {
-      Default::default()
-    };
-    let deployment_deltas = if sync.config.include_resources {
-      get_updates_for_execution::<Deployment>(
-        resources.deployments,
-        delete,
-        match_resource_type,
-        match_resources.as_deref(),
-        &id_to_tags,
-        &sync.config.match_tags,
-      )
-      .await?
-    } else {
-      Default::default()
-    };
-    let build_deltas = if sync.config.include_resources {
+      .await?;
+    let (builds_to_create, builds_to_update, builds_to_delete) =
       get_updates_for_execution::<Build>(
         resources.builds,
         delete,
+        &all_resources,
         match_resource_type,
         match_resources.as_deref(),
         &id_to_tags,
         &sync.config.match_tags,
       )
-      .await?
-    } else {
-      Default::default()
-    };
-    let repo_deltas = if sync.config.include_resources {
+      .await?;
+    let (repos_to_create, repos_to_update, repos_to_delete) =
       get_updates_for_execution::<Repo>(
         resources.repos,
         delete,
+        &all_resources,
         match_resource_type,
         match_resources.as_deref(),
         &id_to_tags,
         &sync.config.match_tags,
       )
-      .await?
-    } else {
-      Default::default()
-    };
-    let procedure_deltas = if sync.config.include_resources {
-      get_updates_for_execution::<Procedure>(
-        resources.procedures,
-        delete,
-        match_resource_type,
-        match_resources.as_deref(),
-        &id_to_tags,
-        &sync.config.match_tags,
-      )
-      .await?
-    } else {
-      Default::default()
-    };
-    let action_deltas = if sync.config.include_resources {
+      .await?;
+    let (
+      procedures_to_create,
+      procedures_to_update,
+      procedures_to_delete,
+    ) = get_updates_for_execution::<Procedure>(
+      resources.procedures,
+      delete,
+      &all_resources,
+      match_resource_type,
+      match_resources.as_deref(),
+      &id_to_tags,
+      &sync.config.match_tags,
+    )
+    .await?;
+    let (actions_to_create, actions_to_update, actions_to_delete) =
       get_updates_for_execution::<Action>(
         resources.actions,
         delete,
+        &all_resources,
         match_resource_type,
         match_resources.as_deref(),
         &id_to_tags,
         &sync.config.match_tags,
       )
-      .await?
-    } else {
-      Default::default()
-    };
-    let builder_deltas = if sync.config.include_resources {
+      .await?;
+    let (builders_to_create, builders_to_update, builders_to_delete) =
       get_updates_for_execution::<Builder>(
         resources.builders,
         delete,
+        &all_resources,
         match_resource_type,
         match_resources.as_deref(),
         &id_to_tags,
         &sync.config.match_tags,
       )
-      .await?
-    } else {
-      Default::default()
-    };
-    let alerter_deltas = if sync.config.include_resources {
+      .await?;
+    let (alerters_to_create, alerters_to_update, alerters_to_delete) =
       get_updates_for_execution::<Alerter>(
         resources.alerters,
         delete,
+        &all_resources,
         match_resource_type,
         match_resources.as_deref(),
         &id_to_tags,
         &sync.config.match_tags,
       )
-      .await?
-    } else {
-      Default::default()
-    };
-    let resource_sync_deltas = if sync.config.include_resources {
-      get_updates_for_execution::<entities::sync::ResourceSync>(
-        resources.resource_syncs,
-        delete,
-        match_resource_type,
-        match_resources.as_deref(),
-        &id_to_tags,
-        &sync.config.match_tags,
-      )
-      .await?
-    } else {
-      Default::default()
-    };
+      .await?;
+    let (
+      server_templates_to_create,
+      server_templates_to_update,
+      server_templates_to_delete,
+    ) = get_updates_for_execution::<ServerTemplate>(
+      resources.server_templates,
+      delete,
+      &all_resources,
+      match_resource_type,
+      match_resources.as_deref(),
+      &id_to_tags,
+      &sync.config.match_tags,
+    )
+    .await?;
+    let (
+      resource_syncs_to_create,
+      resource_syncs_to_update,
+      resource_syncs_to_delete,
+    ) = get_updates_for_execution::<entities::sync::ResourceSync>(
+      resources.resource_syncs,
+      delete,
+      &all_resources,
+      match_resource_type,
+      match_resources.as_deref(),
+      &id_to_tags,
+      &sync.config.match_tags,
+    )
+    .await?;
 
     let (
       variables_to_create,
@@ -368,11 +350,12 @@ impl Resolve<ExecuteArgs> for RunSync {
       variables_to_delete,
     ) = if match_resource_type.is_none()
       && match_resources.is_none()
-      && sync.config.include_variables
+      && sync.config.match_tags.is_empty()
     {
       crate::sync::variables::get_updates_for_execution(
         resources.variables,
-        delete,
+        // Delete doesn't work with variables when match tags are set
+        sync.config.match_tags.is_empty() && delete,
       )
       .await?
     } else {
@@ -384,11 +367,13 @@ impl Resolve<ExecuteArgs> for RunSync {
       user_groups_to_delete,
     ) = if match_resource_type.is_none()
       && match_resources.is_none()
-      && sync.config.include_user_groups
+      && sync.config.match_tags.is_empty()
     {
       crate::sync::user_groups::get_updates_for_execution(
         resources.user_groups,
-        delete,
+        // Delete doesn't work with user groups when match tags are set
+        sync.config.match_tags.is_empty() && delete,
+        &all_resources,
       )
       .await?
     } else {
@@ -396,16 +381,39 @@ impl Resolve<ExecuteArgs> for RunSync {
     };
 
     if deploy_cache.is_empty()
-      && resource_sync_deltas.no_changes()
-      && server_deltas.no_changes()
-      && deployment_deltas.no_changes()
-      && stack_deltas.no_changes()
-      && build_deltas.no_changes()
-      && builder_deltas.no_changes()
-      && alerter_deltas.no_changes()
-      && repo_deltas.no_changes()
-      && procedure_deltas.no_changes()
-      && action_deltas.no_changes()
+      && resource_syncs_to_create.is_empty()
+      && resource_syncs_to_update.is_empty()
+      && resource_syncs_to_delete.is_empty()
+      && server_templates_to_create.is_empty()
+      && server_templates_to_update.is_empty()
+      && server_templates_to_delete.is_empty()
+      && servers_to_create.is_empty()
+      && servers_to_update.is_empty()
+      && servers_to_delete.is_empty()
+      && deployments_to_create.is_empty()
+      && deployments_to_update.is_empty()
+      && deployments_to_delete.is_empty()
+      && stacks_to_create.is_empty()
+      && stacks_to_update.is_empty()
+      && stacks_to_delete.is_empty()
+      && builds_to_create.is_empty()
+      && builds_to_update.is_empty()
+      && builds_to_delete.is_empty()
+      && builders_to_create.is_empty()
+      && builders_to_update.is_empty()
+      && builders_to_delete.is_empty()
+      && alerters_to_create.is_empty()
+      && alerters_to_update.is_empty()
+      && alerters_to_delete.is_empty()
+      && repos_to_create.is_empty()
+      && repos_to_update.is_empty()
+      && repos_to_delete.is_empty()
+      && procedures_to_create.is_empty()
+      && procedures_to_update.is_empty()
+      && procedures_to_delete.is_empty()
+      && actions_to_create.is_empty()
+      && actions_to_update.is_empty()
+      && actions_to_delete.is_empty()
       && user_groups_to_create.is_empty()
       && user_groups_to_update.is_empty()
       && user_groups_to_delete.is_empty()
@@ -448,52 +456,111 @@ impl Resolve<ExecuteArgs> for RunSync {
     );
     maybe_extend(
       &mut update.logs,
-      ResourceSync::execute_sync_updates(resource_sync_deltas).await,
+      ResourceSync::execute_sync_updates(
+        resource_syncs_to_create,
+        resource_syncs_to_update,
+        resource_syncs_to_delete,
+      )
+      .await,
     );
     maybe_extend(
       &mut update.logs,
-      Server::execute_sync_updates(server_deltas).await,
+      ServerTemplate::execute_sync_updates(
+        server_templates_to_create,
+        server_templates_to_update,
+        server_templates_to_delete,
+      )
+      .await,
     );
     maybe_extend(
       &mut update.logs,
-      Alerter::execute_sync_updates(alerter_deltas).await,
+      Server::execute_sync_updates(
+        servers_to_create,
+        servers_to_update,
+        servers_to_delete,
+      )
+      .await,
     );
     maybe_extend(
       &mut update.logs,
-      Action::execute_sync_updates(action_deltas).await,
+      Alerter::execute_sync_updates(
+        alerters_to_create,
+        alerters_to_update,
+        alerters_to_delete,
+      )
+      .await,
+    );
+    maybe_extend(
+      &mut update.logs,
+      Action::execute_sync_updates(
+        actions_to_create,
+        actions_to_update,
+        actions_to_delete,
+      )
+      .await,
     );
 
     // Dependent on server
     maybe_extend(
       &mut update.logs,
-      Builder::execute_sync_updates(builder_deltas).await,
+      Builder::execute_sync_updates(
+        builders_to_create,
+        builders_to_update,
+        builders_to_delete,
+      )
+      .await,
     );
     maybe_extend(
       &mut update.logs,
-      Repo::execute_sync_updates(repo_deltas).await,
+      Repo::execute_sync_updates(
+        repos_to_create,
+        repos_to_update,
+        repos_to_delete,
+      )
+      .await,
     );
 
     // Dependant on builder
     maybe_extend(
       &mut update.logs,
-      Build::execute_sync_updates(build_deltas).await,
+      Build::execute_sync_updates(
+        builds_to_create,
+        builds_to_update,
+        builds_to_delete,
+      )
+      .await,
     );
 
     // Dependant on server / build
     maybe_extend(
       &mut update.logs,
-      Deployment::execute_sync_updates(deployment_deltas).await,
+      Deployment::execute_sync_updates(
+        deployments_to_create,
+        deployments_to_update,
+        deployments_to_delete,
+      )
+      .await,
     );
     // stack only depends on server, but maybe will depend on build later.
     maybe_extend(
       &mut update.logs,
-      Stack::execute_sync_updates(stack_deltas).await,
+      Stack::execute_sync_updates(
+        stacks_to_create,
+        stacks_to_update,
+        stacks_to_delete,
+      )
+      .await,
     );
 
     // Dependant on everything
     maybe_extend(
       &mut update.logs,
-      Procedure::execute_sync_updates(procedure_deltas).await,
+      Procedure::execute_sync_updates(
+        procedures_to_create,
+        procedures_to_update,
+        procedures_to_delete,
+      )
+      .await,
     );
 
     // Execute the deploy cache
@@ -542,6 +609,21 @@ impl Resolve<ExecuteArgs> for RunSync {
     }
 
     update.finalize();
+
+    // Need to manually update the update before cache refresh,
+    // and before broadcast with add_update.
+    // The Err case of to_document should be unreachable,
+    // but will fail to update cache in that case.
+    if let Ok(update_doc) = to_document(&update) {
+      let _ = update_one_by_id(
+        &db.updates,
+        &update.id,
+        mungos::update::Update::Set(update_doc),
+        None,
+      )
+      .await;
+      refresh_resource_sync_state_cache().await;
+    }
     update_update(update.clone()).await?;
 
     Ok(update)

bin/core/src/api/listener/integrations/mod.rs

@@ -1,4 +0,0 @@
-pub mod github;
-pub mod gitlab;
-
-use super::{ExtractBranch, VerifySecret};

bin/core/src/api/mod.rs

@@ -1,57 +1,5 @@
-use axum::{Extension, Router, routing::get};
-use komodo_client::entities::user::User;
-use mogh_auth_server::middleware::authenticate_request;
-use mogh_error::Json;
-use mogh_server::{
-  cors::cors_layer, session::memory_session_layer,
-  ui::serve_static_ui,
-};
-
-use crate::{auth::KomodoAuthImpl, config::core_config, ts_client};
-
+pub mod auth;
 pub mod execute;
 pub mod read;
+pub mod user;
 pub mod write;
-
-mod listener;
-mod openapi;
-mod terminal;
-mod ws;
-
-#[derive(serde::Deserialize)]
-struct Variant {
-  variant: String,
-}
-
-pub fn app() -> Router {
-  let config = core_config();
-  Router::new()
-    .merge(openapi::serve_docs())
-    .route("/version", get(|| async { env!("CARGO_PKG_VERSION") }))
-    .nest("/auth", mogh_auth_server::api::router::<KomodoAuthImpl>())
-    .nest("/user", user_router())
-    .nest("/read", read::router())
-    .nest("/write", write::router())
-    .nest("/execute", execute::router())
-    .nest("/terminal", terminal::router())
-    .nest("/listener", listener::router())
-    .nest("/ws", ws::router())
-    .nest("/client", ts_client::router())
-    .layer(memory_session_layer(config))
-    .fallback_service(serve_static_ui(
-      &config.ui_path,
-      config.ui_index_force_no_cache,
-    ))
-    .layer(cors_layer(config))
-}
-
-fn user_router() -> Router {
-  Router::new()
-    .route(
-      "/",
-      get(|Extension(user): Extension<User>| async { Json(user) }),
-    )
-    .layer(axum::middleware::from_fn(
-      authenticate_request::<KomodoAuthImpl, false>,
-    ))
-}

bin/core/src/api/openapi/docs.html

@@ -1,18 +0,0 @@
-<!doctype html>
-<html>
-
-<head>
-  <title>Komodo API Docs</title>
-  <meta charset="utf-8" />
-  <meta name="viewport" content="width=device-width, initial-scale=1" />
-</head>
-
-<body>
-
-  <script id="api-reference" type="application/json">
-    $spec
-</script>
-  <script src="https://cdn.jsdelivr.net/npm/@scalar/api-reference"></script>
-</body>
-
-</html>

bin/core/src/api/openapi/mod.rs

@@ -1,8 +0,0 @@
-use komodo_client::openapi::KomodoApi;
-use utoipa::OpenApi as _;
-use utoipa_scalar::{Scalar, Servable as _};
-
-pub fn serve_docs() -> Scalar<utoipa::openapi::OpenApi> {
-  Scalar::with_url("/docs", KomodoApi::openapi())
-    .custom_html(include_str!("docs.html"))
-}

bin/core/src/api/read/action.rs

@@ -8,11 +8,10 @@ use komodo_client::{
     permission::PermissionLevel,
   },
 };
-use mogh_resolver::Resolve;
+use resolver_api::Resolve;
 
 use crate::{
   helpers::query::get_all_tags,
-  permission::get_check_permissions,
   resource,
   state::{action_state_cache, action_states},
 };
@@ -23,12 +22,12 @@ impl Resolve<ReadArgs> for GetAction {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Action> {
+  ) -> serror::Result<Action> {
     Ok(
-      get_check_permissions::<Action>(
+      resource::get_check_permissions::<Action>(
         &self.action,
         user,
-        PermissionLevel::Read.into(),
+        PermissionLevel::Read,
       )
       .await?,
     )
@@ -39,20 +38,15 @@ impl Resolve<ReadArgs> for ListActions {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Vec<ActionListItem>> {
+  ) -> serror::Result<Vec<ActionListItem>> {
     let all_tags = if self.query.tags.is_empty() {
       vec![]
     } else {
       get_all_tags(None).await?
     };
     Ok(
-      resource::list_for_user::<Action>(
-        self.query,
-        user,
-        PermissionLevel::Read.into(),
-        &all_tags,
-      )
-      .await?,
+      resource::list_for_user::<Action>(self.query, &user, &all_tags)
+        .await?,
     )
   }
 }
@@ -61,7 +55,7 @@ impl Resolve<ReadArgs> for ListFullActions {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListFullActionsResponse> {
+  ) -> serror::Result<ListFullActionsResponse> {
     let all_tags = if self.query.tags.is_empty() {
       vec![]
     } else {
@@ -69,10 +63,7 @@ impl Resolve<ReadArgs> for ListFullActions {
     };
     Ok(
       resource::list_full_for_user::<Action>(
-        self.query,
-        user,
-        PermissionLevel::Read.into(),
-        &all_tags,
+        self.query, &user, &all_tags,
       )
       .await?,
     )
@@ -83,11 +74,11 @@ impl Resolve<ReadArgs> for GetActionActionState {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ActionActionState> {
-    let action = get_check_permissions::<Action>(
+  ) -> serror::Result<ActionActionState> {
+    let action = resource::get_check_permissions::<Action>(
       &self.action,
-      user,
-      PermissionLevel::Read.into(),
+      &user,
+      PermissionLevel::Read,
     )
     .await?;
     let action_state = action_states()
@@ -104,11 +95,10 @@ impl Resolve<ReadArgs> for GetActionsSummary {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<GetActionsSummaryResponse> {
+  ) -> serror::Result<GetActionsSummaryResponse> {
     let actions = resource::list_full_for_user::<Action>(
       Default::default(),
-      user,
-      PermissionLevel::Read.into(),
+      &user,
       &[],
     )
     .await
@@ -131,8 +121,8 @@ impl Resolve<ReadArgs> for GetActionsSummary {
           .unwrap_or_default()
           .get()?,
       ) {
-        (_, action_states) if action_states.running > 0 => {
-          res.running += action_states.running;
+        (_, action_states) if action_states.running => {
+          res.running += 1;
         }
         (ActionState::Ok, _) => res.ok += 1,
         (ActionState::Failed, _) => res.failed += 1,

bin/core/src/api/read/alert.rs

@@ -1,22 +1,22 @@
 use anyhow::Context;
-use database::mungos::{
-  by_id::find_one_by_id,
-  find::find_collect,
-  mongodb::{bson::doc, options::FindOptions},
-};
 use komodo_client::{
   api::read::{
     GetAlert, GetAlertResponse, ListAlerts, ListAlertsResponse,
   },
-  entities::permission::PermissionLevel,
+  entities::{
+    deployment::Deployment, server::Server, stack::Stack,
+    sync::ResourceSync,
+  },
 };
-use mogh_resolver::Resolve;
+use mungos::{
+  by_id::find_one_by_id,
+  find::find_collect,
+  mongodb::{bson::doc, options::FindOptions},
+};
+use resolver_api::Resolve;
 
 use crate::{
-  config::core_config,
-  permission::{
-    check_user_target_access, user_resource_target_query,
-  },
+  config::core_config, resource::get_resource_ids_for_user,
   state::db_client,
 };
 
@@ -28,11 +28,26 @@ impl Resolve<ReadArgs> for ListAlerts {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListAlertsResponse> {
-    // Alerts
-    let query = user_resource_target_query(user, self.query)
-      .await?
-      .unwrap_or_default();
+  ) -> serror::Result<ListAlertsResponse> {
+    let mut query = self.query.unwrap_or_default();
+    if !user.admin && !core_config().transparent_mode {
+      let server_ids =
+        get_resource_ids_for_user::<Server>(user).await?;
+      let stack_ids =
+        get_resource_ids_for_user::<Stack>(user).await?;
+      let deployment_ids =
+        get_resource_ids_for_user::<Deployment>(user).await?;
+      let sync_ids =
+        get_resource_ids_for_user::<ResourceSync>(user).await?;
+      query.extend(doc! {
+        "$or": [
+          { "target.type": "Server", "target.id": { "$in": &server_ids } },
+          { "target.type": "Stack", "target.id": { "$in": &stack_ids } },
+          { "target.type": "Deployment", "target.id": { "$in": &deployment_ids } },
+          { "target.type": "ResourceSync", "target.id": { "$in": &sync_ids } },
+        ]
+      });
+    }
 
     let alerts = find_collect(
       &db_client().alerts,
@@ -61,21 +76,13 @@ impl Resolve<ReadArgs> for ListAlerts {
 impl Resolve<ReadArgs> for GetAlert {
   async fn resolve(
     self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<GetAlertResponse> {
-    let alert = find_one_by_id(&db_client().alerts, &self.id)
-      .await
-      .context("failed to query db for alert")?
-      .context("no alert found with given id")?;
-    if user.admin || core_config().transparent_mode {
-      return Ok(alert);
-    }
-    check_user_target_access(
-      &alert.target,
-      user,
-      PermissionLevel::Read.into(),
+    _: &ReadArgs,
+  ) -> serror::Result<GetAlertResponse> {
+    Ok(
+      find_one_by_id(&db_client().alerts, &self.id)
+        .await
+        .context("failed to query db for alert")?
+        .context("no alert found with given id")?,
     )
-    .await?;
-    Ok(alert)
   }
 }

bin/core/src/api/read/alerter.rs

@@ -1,6 +1,4 @@
 use anyhow::Context;
-use database::mongo_indexed::Document;
-use database::mungos::mongodb::bson::doc;
 use komodo_client::{
   api::read::*,
   entities::{
@@ -8,13 +6,12 @@ use komodo_client::{
     permission::PermissionLevel,
   },
 };
-use mogh_resolver::Resolve;
+use mongo_indexed::Document;
+use mungos::mongodb::bson::doc;
+use resolver_api::Resolve;
 
 use crate::{
-  helpers::query::get_all_tags,
-  permission::{get_check_permissions, list_resource_ids_for_user},
-  resource,
-  state::db_client,
+  helpers::query::get_all_tags, resource, state::db_client,
 };
 
 use super::ReadArgs;
@@ -23,12 +20,12 @@ impl Resolve<ReadArgs> for GetAlerter {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Alerter> {
+  ) -> serror::Result<Alerter> {
     Ok(
-      get_check_permissions::<Alerter>(
+      resource::get_check_permissions::<Alerter>(
         &self.alerter,
         user,
-        PermissionLevel::Read.into(),
+        PermissionLevel::Read,
       )
       .await?,
     )
@@ -39,20 +36,15 @@ impl Resolve<ReadArgs> for ListAlerters {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Vec<AlerterListItem>> {
+  ) -> serror::Result<Vec<AlerterListItem>> {
     let all_tags = if self.query.tags.is_empty() {
       vec![]
     } else {
       get_all_tags(None).await?
     };
     Ok(
-      resource::list_for_user::<Alerter>(
-        self.query,
-        user,
-        PermissionLevel::Read.into(),
-        &all_tags,
-      )
-      .await?,
+      resource::list_for_user::<Alerter>(self.query, user, &all_tags)
+        .await?,
     )
   }
 }
@@ -61,7 +53,7 @@ impl Resolve<ReadArgs> for ListFullAlerters {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListFullAlertersResponse> {
+  ) -> serror::Result<ListFullAlertersResponse> {
     let all_tags = if self.query.tags.is_empty() {
       vec![]
     } else {
@@ -69,10 +61,7 @@ impl Resolve<ReadArgs> for ListFullAlerters {
     };
     Ok(
       resource::list_full_for_user::<Alerter>(
-        self.query,
-        user,
-        PermissionLevel::Read.into(),
-        &all_tags,
+        self.query, &user, &all_tags,
       )
       .await?,
     )
@@ -83,12 +72,10 @@ impl Resolve<ReadArgs> for GetAlertersSummary {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<GetAlertersSummaryResponse> {
-    let query = match list_resource_ids_for_user::<Alerter>(
-      None,
-      user,
-      PermissionLevel::Read.into(),
-    )
+  ) -> serror::Result<GetAlertersSummaryResponse> {
+    let query = match resource::get_resource_object_ids_for_user::<
+      Alerter,
+    >(&user)
     .await?
     {
       Some(ids) => doc! {

bin/core/src/api/read/build.rs

@@ -2,27 +2,30 @@ use std::collections::{HashMap, HashSet};
 
 use anyhow::Context;
 use async_timing_util::unix_timestamp_ms;
-use database::mungos::{
-  find::find_collect,
-  mongodb::{bson::doc, options::FindOptions},
-};
-use futures_util::TryStreamExt;
+use futures::TryStreamExt;
 use komodo_client::{
   api::read::*,
   entities::{
-    Operation,
     build::{Build, BuildActionState, BuildListItem, BuildState},
+    config::core::CoreConfig,
     permission::PermissionLevel,
     update::UpdateStatus,
+    Operation,
   },
 };
-use mogh_resolver::Resolve;
+use mungos::{
+  find::find_collect,
+  mongodb::{bson::doc, options::FindOptions},
+};
+use resolver_api::Resolve;
 
 use crate::{
+  config::core_config,
   helpers::query::get_all_tags,
-  permission::get_check_permissions,
   resource,
-  state::{action_states, build_state_cache, db_client},
+  state::{
+    action_states, build_state_cache, db_client, github_client,
+  },
 };
 
 use super::ReadArgs;
@@ -31,12 +34,12 @@ impl Resolve<ReadArgs> for GetBuild {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Build> {
+  ) -> serror::Result<Build> {
     Ok(
-      get_check_permissions::<Build>(
+      resource::get_check_permissions::<Build>(
         &self.build,
         user,
-        PermissionLevel::Read.into(),
+        PermissionLevel::Read,
       )
       .await?,
     )
@@ -47,20 +50,15 @@ impl Resolve<ReadArgs> for ListBuilds {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Vec<BuildListItem>> {
+  ) -> serror::Result<Vec<BuildListItem>> {
     let all_tags = if self.query.tags.is_empty() {
       vec![]
     } else {
       get_all_tags(None).await?
     };
     Ok(
-      resource::list_for_user::<Build>(
-        self.query,
-        user,
-        PermissionLevel::Read.into(),
-        &all_tags,
-      )
-      .await?,
+      resource::list_for_user::<Build>(self.query, user, &all_tags)
+        .await?,
     )
   }
 }
@@ -69,7 +67,7 @@ impl Resolve<ReadArgs> for ListFullBuilds {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListFullBuildsResponse> {
+  ) -> serror::Result<ListFullBuildsResponse> {
     let all_tags = if self.query.tags.is_empty() {
       vec![]
     } else {
@@ -77,10 +75,7 @@ impl Resolve<ReadArgs> for ListFullBuilds {
     };
     Ok(
       resource::list_full_for_user::<Build>(
-        self.query,
-        user,
-        PermissionLevel::Read.into(),
-        &all_tags,
+        self.query, user, &all_tags,
       )
       .await?,
     )
@@ -91,11 +86,11 @@ impl Resolve<ReadArgs> for GetBuildActionState {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<BuildActionState> {
-    let build = get_check_permissions::<Build>(
+  ) -> serror::Result<BuildActionState> {
+    let build = resource::get_check_permissions::<Build>(
       &self.build,
       user,
-      PermissionLevel::Read.into(),
+      PermissionLevel::Read,
     )
     .await?;
     let action_state = action_states()
@@ -112,11 +107,10 @@ impl Resolve<ReadArgs> for GetBuildsSummary {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<GetBuildsSummaryResponse> {
+  ) -> serror::Result<GetBuildsSummaryResponse> {
     let builds = resource::list_full_for_user::<Build>(
       Default::default(),
       user,
-      PermissionLevel::Read.into(),
       &[],
     )
     .await
@@ -160,7 +154,7 @@ impl Resolve<ReadArgs> for GetBuildMonthlyStats {
   async fn resolve(
     self,
     _: &ReadArgs,
-  ) -> mogh_error::Result<GetBuildMonthlyStatsResponse> {
+  ) -> serror::Result<GetBuildMonthlyStatsResponse> {
     let curr_ts = unix_timestamp_ms() as i64;
     let next_day = curr_ts - curr_ts % ONE_DAY_MS + ONE_DAY_MS;
 
@@ -216,7 +210,7 @@ impl Resolve<ReadArgs> for ListBuildVersions {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Vec<BuildVersionResponseItem>> {
+  ) -> serror::Result<Vec<BuildVersionResponseItem>> {
     let ListBuildVersions {
       build,
       major,
@@ -224,10 +218,10 @@ impl Resolve<ReadArgs> for ListBuildVersions {
       patch,
       limit,
     } = self;
-    let build = get_check_permissions::<Build>(
+    let build = resource::get_check_permissions::<Build>(
       &build,
       user,
-      PermissionLevel::Read.into(),
+      PermissionLevel::Read,
     )
     .await?;
 
@@ -273,17 +267,14 @@ impl Resolve<ReadArgs> for ListCommonBuildExtraArgs {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListCommonBuildExtraArgsResponse> {
+  ) -> serror::Result<ListCommonBuildExtraArgsResponse> {
     let all_tags = if self.query.tags.is_empty() {
       vec![]
     } else {
       get_all_tags(None).await?
     };
     let builds = resource::list_full_for_user::<Build>(
-      self.query,
-      user,
-      PermissionLevel::Read.into(),
-      &all_tags,
+      self.query, user, &all_tags,
     )
     .await
     .context("failed to get resources matching query")?;
@@ -302,3 +293,81 @@ impl Resolve<ReadArgs> for ListCommonBuildExtraArgs {
     Ok(res)
   }
 }
+
+impl Resolve<ReadArgs> for GetBuildWebhookEnabled {
+  async fn resolve(
+    self,
+    ReadArgs { user }: &ReadArgs,
+  ) -> serror::Result<GetBuildWebhookEnabledResponse> {
+    let Some(github) = github_client() else {
+      return Ok(GetBuildWebhookEnabledResponse {
+        managed: false,
+        enabled: false,
+      });
+    };
+
+    let build = resource::get_check_permissions::<Build>(
+      &self.build,
+      user,
+      PermissionLevel::Read,
+    )
+    .await?;
+
+    if build.config.git_provider != "github.com"
+      || build.config.repo.is_empty()
+    {
+      return Ok(GetBuildWebhookEnabledResponse {
+        managed: false,
+        enabled: false,
+      });
+    }
+
+    let mut split = build.config.repo.split('/');
+    let owner = split.next().context("Build repo has no owner")?;
+
+    let Some(github) = github.get(owner) else {
+      return Ok(GetBuildWebhookEnabledResponse {
+        managed: false,
+        enabled: false,
+      });
+    };
+
+    let repo =
+      split.next().context("Build repo has no repo after the /")?;
+
+    let github_repos = github.repos();
+
+    let webhooks = github_repos
+      .list_all_webhooks(owner, repo)
+      .await
+      .context("failed to list all webhooks on repo")?
+      .body;
+
+    let CoreConfig {
+      host,
+      webhook_base_url,
+      ..
+    } = core_config();
+
+    let host = if webhook_base_url.is_empty() {
+      host
+    } else {
+      webhook_base_url
+    };
+    let url = format!("{host}/listener/github/build/{}", build.id);
+
+    for webhook in webhooks {
+      if webhook.active && webhook.config.url == url {
+        return Ok(GetBuildWebhookEnabledResponse {
+          managed: true,
+          enabled: true,
+        });
+      }
+    }
+
+    Ok(GetBuildWebhookEnabledResponse {
+      managed: true,
+      enabled: false,
+    })
+  }
+}

bin/core/src/api/read/builder.rs

@@ -1,6 +1,4 @@
 use anyhow::Context;
-use database::mongo_indexed::Document;
-use database::mungos::mongodb::bson::doc;
 use komodo_client::{
   api::read::*,
   entities::{
@@ -8,13 +6,12 @@ use komodo_client::{
     permission::PermissionLevel,
   },
 };
-use mogh_resolver::Resolve;
+use mongo_indexed::Document;
+use mungos::mongodb::bson::doc;
+use resolver_api::Resolve;
 
 use crate::{
-  helpers::query::get_all_tags,
-  permission::{get_check_permissions, list_resource_ids_for_user},
-  resource,
-  state::db_client,
+  helpers::query::get_all_tags, resource, state::db_client,
 };
 
 use super::ReadArgs;
@@ -23,12 +20,12 @@ impl Resolve<ReadArgs> for GetBuilder {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Builder> {
+  ) -> serror::Result<Builder> {
     Ok(
-      get_check_permissions::<Builder>(
+      resource::get_check_permissions::<Builder>(
         &self.builder,
         user,
-        PermissionLevel::Read.into(),
+        PermissionLevel::Read,
       )
       .await?,
     )
@@ -39,20 +36,15 @@ impl Resolve<ReadArgs> for ListBuilders {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Vec<BuilderListItem>> {
+  ) -> serror::Result<Vec<BuilderListItem>> {
     let all_tags = if self.query.tags.is_empty() {
       vec![]
     } else {
       get_all_tags(None).await?
     };
     Ok(
-      resource::list_for_user::<Builder>(
-        self.query,
-        user,
-        PermissionLevel::Read.into(),
-        &all_tags,
-      )
-      .await?,
+      resource::list_for_user::<Builder>(self.query, user, &all_tags)
+        .await?,
     )
   }
 }
@@ -61,7 +53,7 @@ impl Resolve<ReadArgs> for ListFullBuilders {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListFullBuildersResponse> {
+  ) -> serror::Result<ListFullBuildersResponse> {
     let all_tags = if self.query.tags.is_empty() {
       vec![]
     } else {
@@ -69,10 +61,7 @@ impl Resolve<ReadArgs> for ListFullBuilders {
     };
     Ok(
       resource::list_full_for_user::<Builder>(
-        self.query,
-        user,
-        PermissionLevel::Read.into(),
-        &all_tags,
+        self.query, user, &all_tags,
       )
       .await?,
     )
@@ -83,12 +72,10 @@ impl Resolve<ReadArgs> for GetBuildersSummary {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<GetBuildersSummaryResponse> {
-    let query = match list_resource_ids_for_user::<Builder>(
-      None,
-      user,
-      PermissionLevel::Read.into(),
-    )
+  ) -> serror::Result<GetBuildersSummaryResponse> {
+    let query = match resource::get_resource_object_ids_for_user::<
+      Builder,
+    >(&user)
     .await?
     {
       Some(ids) => doc! {

bin/core/src/api/read/deployment.rs

@@ -1,37 +1,26 @@
 use std::{cmp, collections::HashSet};
 
-use anyhow::{Context, anyhow};
+use anyhow::{anyhow, Context};
 use komodo_client::{
   api::read::*,
   entities::{
-    SwarmOrServer,
     deployment::{
       Deployment, DeploymentActionState, DeploymentConfig,
       DeploymentListItem, DeploymentState,
     },
-    docker::{
-      container::{Container, ContainerStats},
-      service::SwarmService,
-    },
+    docker::container::ContainerStats,
     permission::PermissionLevel,
-    server::{Server, ServerState},
+    server::Server,
     update::Log,
   },
 };
-use mogh_error::AddStatusCodeError as _;
-use mogh_resolver::Resolve;
-use periphery_client::api::{self, container::InspectContainer};
-use reqwest::StatusCode;
+use periphery_client::api;
+use resolver_api::Resolve;
 
 use crate::{
-  helpers::{
-    periphery_client, query::get_all_tags, swarm::swarm_request,
-  },
-  permission::get_check_permissions,
-  resource::{self, setup_deployment_execution},
-  state::{
-    action_states, deployment_status_cache, server_status_cache,
-  },
+  helpers::{periphery_client, query::get_all_tags},
+  resource,
+  state::{action_states, deployment_status_cache},
 };
 
 use super::ReadArgs;
@@ -40,12 +29,12 @@ impl Resolve<ReadArgs> for GetDeployment {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Deployment> {
+  ) -> serror::Result<Deployment> {
     Ok(
-      get_check_permissions::<Deployment>(
+      resource::get_check_permissions::<Deployment>(
         &self.deployment,
         user,
-        PermissionLevel::Read.into(),
+        PermissionLevel::Read,
       )
       .await?,
     )
@@ -56,29 +45,18 @@ impl Resolve<ReadArgs> for ListDeployments {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Vec<DeploymentListItem>> {
+  ) -> serror::Result<Vec<DeploymentListItem>> {
     let all_tags = if self.query.tags.is_empty() {
       vec![]
     } else {
       get_all_tags(None).await?
     };
-    let only_update_available = self.query.specific.update_available;
-    let deployments = resource::list_for_user::<Deployment>(
-      self.query,
-      user,
-      PermissionLevel::Read.into(),
-      &all_tags,
+    Ok(
+      resource::list_for_user::<Deployment>(
+        self.query, user, &all_tags,
+      )
+      .await?,
     )
-    .await?;
-    let deployments = if only_update_available {
-      deployments
-        .into_iter()
-        .filter(|deployment| deployment.info.update_available)
-        .collect()
-    } else {
-      deployments
-    };
-    Ok(deployments)
   }
 }
 
@@ -86,7 +64,7 @@ impl Resolve<ReadArgs> for ListFullDeployments {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListFullDeploymentsResponse> {
+  ) -> serror::Result<ListFullDeploymentsResponse> {
     let all_tags = if self.query.tags.is_empty() {
       vec![]
     } else {
@@ -94,10 +72,7 @@ impl Resolve<ReadArgs> for ListFullDeployments {
     };
     Ok(
       resource::list_full_for_user::<Deployment>(
-        self.query,
-        user,
-        PermissionLevel::Read.into(),
-        &all_tags,
+        self.query, user, &all_tags,
       )
       .await?,
     )
@@ -108,11 +83,11 @@ impl Resolve<ReadArgs> for GetDeploymentContainer {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<GetDeploymentContainerResponse> {
-    let deployment = get_check_permissions::<Deployment>(
+  ) -> serror::Result<GetDeploymentContainerResponse> {
+    let deployment = resource::get_check_permissions::<Deployment>(
       &self.deployment,
       user,
-      PermissionLevel::Read.into(),
+      PermissionLevel::Read,
     )
     .await?;
     let status = deployment_status_cache()
@@ -133,49 +108,35 @@ impl Resolve<ReadArgs> for GetDeploymentLog {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Log> {
+  ) -> serror::Result<Log> {
     let GetDeploymentLog {
       deployment,
       tail,
       timestamps,
     } = self;
-
-    let (deployment, swarm_or_server) = setup_deployment_execution(
+    let Deployment {
+      name,
+      config: DeploymentConfig { server_id, .. },
+      ..
+    } = resource::get_check_permissions::<Deployment>(
       &deployment,
       user,
-      PermissionLevel::Read.logs(),
+      PermissionLevel::Read,
     )
     .await?;
-
-    swarm_or_server.verify_has_target()?;
-
-    let log = match swarm_or_server {
-      SwarmOrServer::None => unreachable!(),
-      SwarmOrServer::Swarm(swarm) => swarm_request(
-        &swarm.config.server_ids,
-        periphery_client::api::swarm::GetSwarmServiceLog {
-          service: deployment.name,
-          tail,
-          timestamps,
-          no_task_ids: false,
-          no_resolve: false,
-          details: false,
-        },
-      )
+    if server_id.is_empty() {
+      return Ok(Log::default());
+    }
+    let server = resource::get::<Server>(&server_id).await?;
+    let res = periphery_client(&server)?
+      .request(api::container::GetContainerLog {
+        name,
+        tail: cmp::min(tail, MAX_LOG_LENGTH),
+        timestamps,
+      })
       .await
-      .context("Failed to get service log from swarm")?,
-      SwarmOrServer::Server(server) => periphery_client(&server)
-        .await?
-        .request(api::container::GetContainerLog {
-          name: deployment.name,
-          tail: cmp::min(tail, MAX_LOG_LENGTH),
-          timestamps,
-        })
-        .await
-        .context("failed at call to periphery")?,
-    };
-
-    Ok(log)
+      .context("failed at call to periphery")?;
+    Ok(res)
   }
 }
 
@@ -183,7 +144,7 @@ impl Resolve<ReadArgs> for SearchDeploymentLog {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Log> {
+  ) -> serror::Result<Log> {
     let SearchDeploymentLog {
       deployment,
       terms,
@@ -191,128 +152,31 @@ impl Resolve<ReadArgs> for SearchDeploymentLog {
       invert,
       timestamps,
     } = self;
-
-    let (deployment, swarm_or_server) = setup_deployment_execution(
+    let Deployment {
+      name,
+      config: DeploymentConfig { server_id, .. },
+      ..
+    } = resource::get_check_permissions::<Deployment>(
       &deployment,
       user,
-      PermissionLevel::Read.logs(),
+      PermissionLevel::Read,
     )
     .await?;
-
-    swarm_or_server.verify_has_target()?;
-
-    let log = match swarm_or_server {
-      SwarmOrServer::None => unreachable!(),
-      SwarmOrServer::Swarm(swarm) => swarm_request(
-        &swarm.config.server_ids,
-        periphery_client::api::swarm::GetSwarmServiceLogSearch {
-          service: deployment.name,
-          terms,
-          combinator,
-          invert,
-          timestamps,
-          no_task_ids: false,
-          no_resolve: false,
-          details: false,
-        },
-      )
-      .await
-      .context("Failed to search service log from swarm")?,
-      SwarmOrServer::Server(server) => periphery_client(&server)
-        .await?
-        .request(api::container::GetContainerLogSearch {
-          name: deployment.name,
-          terms,
-          combinator,
-          invert,
-          timestamps,
-        })
-        .await
-        .context("Failed to search container log from server")?,
-    };
-
-    Ok(log)
-  }
-}
-
-impl Resolve<ReadArgs> for InspectDeploymentContainer {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Container> {
-    let InspectDeploymentContainer { deployment } = self;
-    let (deployment, swarm_or_server) = setup_deployment_execution(
-      &deployment,
-      user,
-      PermissionLevel::Read.inspect(),
-    )
-    .await?;
-
-    let SwarmOrServer::Server(server) = swarm_or_server else {
-      return Err(
-        anyhow!(
-          "InspectDeploymentContainer should not be called for Deployment in Swarm Mode"
-        )
-        .status_code(StatusCode::BAD_REQUEST),
-      );
-    };
-
-    let cache = server_status_cache()
-      .get_or_insert_default(&server.id)
-      .await;
-
-    if cache.state != ServerState::Ok {
-      return Err(
-        anyhow!(
-          "Cannot inspect container: Server is {:?}",
-          cache.state
-        )
-        .into(),
-      );
+    if server_id.is_empty() {
+      return Ok(Log::default());
     }
-
-    periphery_client(&server)
-      .await?
-      .request(InspectContainer {
-        name: deployment.name,
+    let server = resource::get::<Server>(&server_id).await?;
+    let res = periphery_client(&server)?
+      .request(api::container::GetContainerLogSearch {
+        name,
+        terms,
+        combinator,
+        invert,
+        timestamps,
       })
       .await
-      .context("Failed to inspect container on server")
-      .map_err(Into::into)
-  }
-}
-
-impl Resolve<ReadArgs> for InspectDeploymentSwarmService {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<SwarmService> {
-    let InspectDeploymentSwarmService { deployment } = self;
-    let (deployment, swarm_or_server) = setup_deployment_execution(
-      &deployment,
-      user,
-      PermissionLevel::Read.logs(),
-    )
-    .await?;
-
-    let SwarmOrServer::Swarm(swarm) = swarm_or_server else {
-      return Err(
-        anyhow!(
-          "InspectDeploymentSwarmService should only be called for Deployment in Swarm Mode"
-        )
-        .status_code(StatusCode::BAD_REQUEST),
-      );
-    };
-
-    swarm_request(
-      &swarm.config.server_ids,
-      periphery_client::api::swarm::InspectSwarmService {
-        service: deployment.name,
-      },
-    )
-    .await
-    .context("Failed to inspect service on swarm")
-    .map_err(Into::into)
+      .context("failed at call to periphery")?;
+    Ok(res)
   }
 }
 
@@ -320,15 +184,15 @@ impl Resolve<ReadArgs> for GetDeploymentStats {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ContainerStats> {
+  ) -> serror::Result<ContainerStats> {
     let Deployment {
       name,
       config: DeploymentConfig { server_id, .. },
       ..
-    } = get_check_permissions::<Deployment>(
+    } = resource::get_check_permissions::<Deployment>(
       &self.deployment,
       user,
-      PermissionLevel::Read.into(),
+      PermissionLevel::Read,
     )
     .await?;
     if server_id.is_empty() {
@@ -337,8 +201,7 @@ impl Resolve<ReadArgs> for GetDeploymentStats {
       );
     }
     let server = resource::get::<Server>(&server_id).await?;
-    let res = periphery_client(&server)
-      .await?
+    let res = periphery_client(&server)?
       .request(api::container::GetContainerStats { name })
       .await
       .context("failed to get stats from periphery")?;
@@ -350,11 +213,11 @@ impl Resolve<ReadArgs> for GetDeploymentActionState {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<DeploymentActionState> {
-    let deployment = get_check_permissions::<Deployment>(
+  ) -> serror::Result<DeploymentActionState> {
+    let deployment = resource::get_check_permissions::<Deployment>(
       &self.deployment,
       user,
-      PermissionLevel::Read.into(),
+      PermissionLevel::Read,
     )
     .await?;
     let action_state = action_states()
@@ -371,11 +234,10 @@ impl Resolve<ReadArgs> for GetDeploymentsSummary {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<GetDeploymentsSummaryResponse> {
+  ) -> serror::Result<GetDeploymentsSummaryResponse> {
     let deployments = resource::list_full_for_user::<Deployment>(
       Default::default(),
       user,
-      PermissionLevel::Read.into(),
       &[],
     )
     .await
@@ -397,9 +259,7 @@ impl Resolve<ReadArgs> for GetDeploymentsSummary {
           res.not_deployed += 1;
         }
         DeploymentState::Unknown => {
-          if !deployment.template {
-            res.unknown += 1;
-          }
+          res.unknown += 1;
         }
         _ => {
           res.unhealthy += 1;
@@ -414,17 +274,14 @@ impl Resolve<ReadArgs> for ListCommonDeploymentExtraArgs {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListCommonDeploymentExtraArgsResponse> {
+  ) -> serror::Result<ListCommonDeploymentExtraArgsResponse> {
     let all_tags = if self.query.tags.is_empty() {
       vec![]
     } else {
       get_all_tags(None).await?
     };
     let deployments = resource::list_full_for_user::<Deployment>(
-      self.query,
-      user,
-      PermissionLevel::Read.into(),
-      &all_tags,
+      self.query, &user, &all_tags,
     )
     .await
     .context("failed to get resources matching query")?;

bin/core/src/api/read/mod.rs

@@ -1,61 +1,47 @@
-use std::collections::HashSet;
+use std::{collections::HashSet, sync::OnceLock, time::Instant};
 
-use anyhow::{Context, anyhow};
-use axum::{
-  Extension, Router, extract::Path, middleware, routing::post,
-};
+use anyhow::{anyhow, Context};
+use axum::{middleware, routing::post, Extension, Router};
 use komodo_client::{
   api::read::*,
   entities::{
-    ResourceTarget,
     build::Build,
     builder::{Builder, BuilderConfig},
     config::{DockerRegistry, GitProvider},
-    permission::PermissionLevel,
     repo::Repo,
     server::Server,
     sync::ResourceSync,
     user::User,
+    ResourceTarget,
   },
 };
-use mogh_auth_server::middleware::authenticate_request;
-use mogh_error::Response;
-use mogh_error::{AddStatusCodeError, Json};
-use mogh_resolver::Resolve;
-use reqwest::StatusCode;
+use resolver_api::Resolve;
+use response::Response;
 use serde::{Deserialize, Serialize};
-use serde_json::json;
-use strum::{Display, EnumDiscriminants};
+use serror::Json;
 use typeshare::typeshare;
 use uuid::Uuid;
 
 use crate::{
-  auth::KomodoAuthImpl,
-  config::{core_config, core_keys},
-  helpers::periphery_client,
+  auth::auth_request, config::core_config, helpers::periphery_client,
   resource,
 };
 
-use super::Variant;
-
 mod action;
 mod alert;
 mod alerter;
 mod build;
 mod builder;
 mod deployment;
-mod onboarding_key;
 mod permission;
 mod procedure;
 mod provider;
 mod repo;
-mod schedule;
 mod server;
+mod server_template;
 mod stack;
-mod swarm;
 mod sync;
 mod tag;
-mod terminal;
 mod toml;
 mod update;
 mod user;
@@ -67,13 +53,10 @@ pub struct ReadArgs {
 }
 
 #[typeshare]
-#[derive(
-  Serialize, Deserialize, Debug, Clone, Resolve, EnumDiscriminants,
-)]
-#[strum_discriminants(name(ReadRequestVariant), derive(Display))]
+#[derive(Serialize, Deserialize, Debug, Clone, Resolve)]
 #[args(ReadArgs)]
 #[response(Response)]
-#[error(mogh_error::Error)]
+#[error(serror::Error)]
 #[serde(tag = "type", content = "params")]
 enum ReadRequest {
   GetVersion(GetVersion),
@@ -82,108 +65,19 @@ enum ReadRequest {
   ListGitProvidersFromConfig(ListGitProvidersFromConfig),
   ListDockerRegistriesFromConfig(ListDockerRegistriesFromConfig),
 
-  // ==== SWARM ====
-  GetSwarmsSummary(GetSwarmsSummary),
-  GetSwarm(GetSwarm),
-  GetSwarmActionState(GetSwarmActionState),
-  ListSwarms(ListSwarms),
-  InspectSwarm(InspectSwarm),
-  ListFullSwarms(ListFullSwarms),
-  ListSwarmNodes(ListSwarmNodes),
-  InspectSwarmNode(InspectSwarmNode),
-  ListSwarmConfigs(ListSwarmConfigs),
-  InspectSwarmConfig(InspectSwarmConfig),
-  ListSwarmSecrets(ListSwarmSecrets),
-  InspectSwarmSecret(InspectSwarmSecret),
-  ListSwarmStacks(ListSwarmStacks),
-  InspectSwarmStack(InspectSwarmStack),
-  ListSwarmTasks(ListSwarmTasks),
-  InspectSwarmTask(InspectSwarmTask),
-  ListSwarmServices(ListSwarmServices),
-  InspectSwarmService(InspectSwarmService),
-  GetSwarmServiceLog(GetSwarmServiceLog),
-  SearchSwarmServiceLog(SearchSwarmServiceLog),
-  ListSwarmNetworks(ListSwarmNetworks),
+  // ==== USER ====
+  GetUsername(GetUsername),
+  GetPermissionLevel(GetPermissionLevel),
+  FindUser(FindUser),
+  ListUsers(ListUsers),
+  ListApiKeys(ListApiKeys),
+  ListApiKeysForServiceUser(ListApiKeysForServiceUser),
+  ListPermissions(ListPermissions),
+  ListUserTargetPermissions(ListUserTargetPermissions),
 
-  // ==== SERVER ====
-  GetServersSummary(GetServersSummary),
-  GetServer(GetServer),
-  GetServerState(GetServerState),
-  GetPeripheryInformation(GetPeripheryInformation),
-  GetServerActionState(GetServerActionState),
-  ListServers(ListServers),
-  ListFullServers(ListFullServers),
-
-  // ==== TERMINAL ====
-  ListTerminals(ListTerminals),
-
-  // ==== DOCKER ====
-  GetDockerContainersSummary(GetDockerContainersSummary),
-  ListAllDockerContainers(ListAllDockerContainers),
-  ListDockerContainers(ListDockerContainers),
-  InspectDockerContainer(InspectDockerContainer),
-  GetResourceMatchingContainer(GetResourceMatchingContainer),
-  GetContainerLog(GetContainerLog),
-  SearchContainerLog(SearchContainerLog),
-  ListComposeProjects(ListComposeProjects),
-  ListDockerNetworks(ListDockerNetworks),
-  InspectDockerNetwork(InspectDockerNetwork),
-  ListDockerImages(ListDockerImages),
-  InspectDockerImage(InspectDockerImage),
-  ListDockerImageHistory(ListDockerImageHistory),
-  ListDockerVolumes(ListDockerVolumes),
-  InspectDockerVolume(InspectDockerVolume),
-
-  // ==== SERVER STATS ====
-  GetSystemInformation(GetSystemInformation),
-  GetSystemStats(GetSystemStats),
-  GetHistoricalServerStats(GetHistoricalServerStats),
-  ListSystemProcesses(ListSystemProcesses),
-
-  // ==== STACK ====
-  GetStacksSummary(GetStacksSummary),
-  GetStack(GetStack),
-  GetStackActionState(GetStackActionState),
-  GetStackLog(GetStackLog),
-  SearchStackLog(SearchStackLog),
-  InspectStackContainer(InspectStackContainer),
-  InspectStackSwarmService(InspectStackSwarmService),
-  ListStacks(ListStacks),
-  ListFullStacks(ListFullStacks),
-  ListStackServices(ListStackServices),
-  ListCommonStackExtraArgs(ListCommonStackExtraArgs),
-  ListCommonStackBuildExtraArgs(ListCommonStackBuildExtraArgs),
-
-  // ==== DEPLOYMENT ====
-  GetDeploymentsSummary(GetDeploymentsSummary),
-  GetDeployment(GetDeployment),
-  GetDeploymentContainer(GetDeploymentContainer),
-  GetDeploymentActionState(GetDeploymentActionState),
-  GetDeploymentStats(GetDeploymentStats),
-  GetDeploymentLog(GetDeploymentLog),
-  SearchDeploymentLog(SearchDeploymentLog),
-  InspectDeploymentContainer(InspectDeploymentContainer),
-  InspectDeploymentSwarmService(InspectDeploymentSwarmService),
-  ListDeployments(ListDeployments),
-  ListFullDeployments(ListFullDeployments),
-  ListCommonDeploymentExtraArgs(ListCommonDeploymentExtraArgs),
-
-  // ==== BUILD ====
-  GetBuildsSummary(GetBuildsSummary),
-  GetBuild(GetBuild),
-  GetBuildActionState(GetBuildActionState),
-  GetBuildMonthlyStats(GetBuildMonthlyStats),
-  ListBuildVersions(ListBuildVersions),
-  ListBuilds(ListBuilds),
-  ListFullBuilds(ListFullBuilds),
-  ListCommonBuildExtraArgs(ListCommonBuildExtraArgs),
-
-  // ==== REPO ====
-  GetReposSummary(GetReposSummary),
-  GetRepo(GetRepo),
-  GetRepoActionState(GetRepoActionState),
-  ListRepos(ListRepos),
-  ListFullRepos(ListFullRepos),
+  // ==== USER GROUP ====
+  GetUserGroup(GetUserGroup),
+  ListUserGroups(ListUserGroups),
 
   // ==== PROCEDURE ====
   GetProceduresSummary(GetProceduresSummary),
@@ -199,16 +93,88 @@ enum ReadRequest {
   ListActions(ListActions),
   ListFullActions(ListFullActions),
 
-  // ==== SCHEDULE ====
-  ListSchedules(ListSchedules),
+  // ==== SERVER TEMPLATE ====
+  GetServerTemplate(GetServerTemplate),
+  GetServerTemplatesSummary(GetServerTemplatesSummary),
+  ListServerTemplates(ListServerTemplates),
+  ListFullServerTemplates(ListFullServerTemplates),
+
+  // ==== SERVER ====
+  GetServersSummary(GetServersSummary),
+  GetServer(GetServer),
+  GetServerState(GetServerState),
+  GetPeripheryVersion(GetPeripheryVersion),
+  GetServerActionState(GetServerActionState),
+  GetHistoricalServerStats(GetHistoricalServerStats),
+  ListServers(ListServers),
+  ListFullServers(ListFullServers),
+  InspectDockerContainer(InspectDockerContainer),
+  GetResourceMatchingContainer(GetResourceMatchingContainer),
+  GetContainerLog(GetContainerLog),
+  SearchContainerLog(SearchContainerLog),
+  InspectDockerNetwork(InspectDockerNetwork),
+  InspectDockerImage(InspectDockerImage),
+  ListDockerImageHistory(ListDockerImageHistory),
+  InspectDockerVolume(InspectDockerVolume),
+  ListAllDockerContainers(ListAllDockerContainers),
+  ListDockerContainers(ListDockerContainers),
+  ListDockerNetworks(ListDockerNetworks),
+  ListDockerImages(ListDockerImages),
+  ListDockerVolumes(ListDockerVolumes),
+  ListComposeProjects(ListComposeProjects),
+
+  // ==== DEPLOYMENT ====
+  GetDeploymentsSummary(GetDeploymentsSummary),
+  GetDeployment(GetDeployment),
+  GetDeploymentContainer(GetDeploymentContainer),
+  GetDeploymentActionState(GetDeploymentActionState),
+  GetDeploymentStats(GetDeploymentStats),
+  GetDeploymentLog(GetDeploymentLog),
+  SearchDeploymentLog(SearchDeploymentLog),
+  ListDeployments(ListDeployments),
+  ListFullDeployments(ListFullDeployments),
+  ListCommonDeploymentExtraArgs(ListCommonDeploymentExtraArgs),
+
+  // ==== BUILD ====
+  GetBuildsSummary(GetBuildsSummary),
+  GetBuild(GetBuild),
+  GetBuildActionState(GetBuildActionState),
+  GetBuildMonthlyStats(GetBuildMonthlyStats),
+  ListBuildVersions(ListBuildVersions),
+  GetBuildWebhookEnabled(GetBuildWebhookEnabled),
+  ListBuilds(ListBuilds),
+  ListFullBuilds(ListFullBuilds),
+  ListCommonBuildExtraArgs(ListCommonBuildExtraArgs),
+
+  // ==== REPO ====
+  GetReposSummary(GetReposSummary),
+  GetRepo(GetRepo),
+  GetRepoActionState(GetRepoActionState),
+  GetRepoWebhooksEnabled(GetRepoWebhooksEnabled),
+  ListRepos(ListRepos),
+  ListFullRepos(ListFullRepos),
 
   // ==== SYNC ====
   GetResourceSyncsSummary(GetResourceSyncsSummary),
   GetResourceSync(GetResourceSync),
   GetResourceSyncActionState(GetResourceSyncActionState),
+  GetSyncWebhooksEnabled(GetSyncWebhooksEnabled),
   ListResourceSyncs(ListResourceSyncs),
   ListFullResourceSyncs(ListFullResourceSyncs),
 
+  // ==== STACK ====
+  GetStacksSummary(GetStacksSummary),
+  GetStack(GetStack),
+  GetStackActionState(GetStackActionState),
+  GetStackWebhooksEnabled(GetStackWebhooksEnabled),
+  GetStackLog(GetStackLog),
+  SearchStackLog(SearchStackLog),
+  ListStacks(ListStacks),
+  ListFullStacks(ListFullStacks),
+  ListStackServices(ListStackServices),
+  ListCommonStackExtraArgs(ListCommonStackExtraArgs),
+  ListCommonStackBuildExtraArgs(ListCommonStackBuildExtraArgs),
+
   // ==== BUILDER ====
   GetBuildersSummary(GetBuildersSummary),
   GetBuilder(GetBuilder),
@@ -229,20 +195,6 @@ enum ReadRequest {
   GetTag(GetTag),
   ListTags(ListTags),
 
-  // ==== USER ====
-  GetUsername(GetUsername),
-  GetPermission(GetPermission),
-  FindUser(FindUser),
-  ListUsers(ListUsers),
-  ListApiKeys(ListApiKeys),
-  ListApiKeysForServiceUser(ListApiKeysForServiceUser),
-  ListPermissions(ListPermissions),
-  ListUserTargetPermissions(ListUserTargetPermissions),
-
-  // ==== USER GROUP ====
-  GetUserGroup(GetUserGroup),
-  ListUserGroups(ListUserGroups),
-
   // ==== UPDATE ====
   GetUpdate(GetUpdate),
   ListUpdates(ListUpdates),
@@ -251,6 +203,11 @@ enum ReadRequest {
   ListAlerts(ListAlerts),
   GetAlert(GetAlert),
 
+  // ==== SERVER STATS ====
+  GetSystemInformation(GetSystemInformation),
+  GetSystemStats(GetSystemStats),
+  ListSystemProcesses(ListSystemProcesses),
+
   // ==== VARIABLE ====
   GetVariable(GetVariable),
   ListVariables(ListVariables),
@@ -260,53 +217,28 @@ enum ReadRequest {
   ListGitProviderAccounts(ListGitProviderAccounts),
   GetDockerRegistryAccount(GetDockerRegistryAccount),
   ListDockerRegistryAccounts(ListDockerRegistryAccounts),
-
-  // ==== ONBOARDING KEY ====
-  ListOnboardingKeys(ListOnboardingKeys),
 }
 
 pub fn router() -> Router {
   Router::new()
     .route("/", post(handler))
-    .route("/{variant}", post(variant_handler))
-    .layer(middleware::from_fn(
-      authenticate_request::<KomodoAuthImpl, true>,
-    ))
-}
-
-async fn variant_handler(
-  user: Extension<User>,
-  Path(Variant { variant }): Path<Variant>,
-  Json(params): Json<serde_json::Value>,
-) -> mogh_error::Result<axum::response::Response> {
-  let req: ReadRequest = serde_json::from_value(json!({
-    "type": variant,
-    "params": params,
-  }))?;
-  handler(user, Json(req)).await
+    .layer(middleware::from_fn(auth_request))
 }
 
+#[instrument(name = "ReadHandler", level = "debug", skip(user), fields(user_id = user.id))]
 async fn handler(
   Extension(user): Extension<User>,
   Json(request): Json<ReadRequest>,
-) -> mogh_error::Result<axum::response::Response> {
+) -> serror::Result<axum::response::Response> {
+  let timer = Instant::now();
   let req_id = Uuid::new_v4();
-  let variant: ReadRequestVariant = (&request).into();
-
-  debug!(
-    "READ REQUEST {req_id} | METHOD: {variant} | USER: {} ({})",
-    user.username, user.id
-  );
-
+  debug!("/read request | user: {}", user.username);
   let res = request.resolve(&ReadArgs { user }).await;
-
   if let Err(e) = &res {
-    debug!(
-      "READ REQUEST {req_id} | METHOD: {variant} | ERROR: {:#}",
-      e.error
-    );
+    debug!("/read request {req_id} error: {:#}", e.error);
   }
-
+  let elapsed = timer.elapsed();
+  debug!("/read request {req_id} | resolve time: {elapsed:?}");
   res.map(|res| res.0)
 }
 
@@ -314,22 +246,18 @@ impl Resolve<ReadArgs> for GetVersion {
   async fn resolve(
     self,
     _: &ReadArgs,
-  ) -> mogh_error::Result<GetVersionResponse> {
+  ) -> serror::Result<GetVersionResponse> {
     Ok(GetVersionResponse {
       version: env!("CARGO_PKG_VERSION").to_string(),
     })
   }
 }
 
-//
-
-impl Resolve<ReadArgs> for GetCoreInfo {
-  async fn resolve(
-    self,
-    _: &ReadArgs,
-  ) -> mogh_error::Result<GetCoreInfoResponse> {
+fn core_info() -> &'static GetCoreInfoResponse {
+  static CORE_INFO: OnceLock<GetCoreInfoResponse> = OnceLock::new();
+  CORE_INFO.get_or_init(|| {
     let config = core_config();
-    let info = GetCoreInfoResponse {
+    GetCoreInfoResponse {
       title: config.title.clone(),
       monitoring_interval: config.monitoring_interval,
       webhook_base_url: if config.webhook_base_url.is_empty() {
@@ -341,22 +269,30 @@ impl Resolve<ReadArgs> for GetCoreInfo {
       ui_write_disabled: config.ui_write_disabled,
       disable_confirm_dialog: config.disable_confirm_dialog,
       disable_non_admin_create: config.disable_non_admin_create,
-      disable_websocket_reconnect: config.disable_websocket_reconnect,
-      enable_fancy_toml: config.enable_fancy_toml,
-      timezone: config.timezone.clone(),
-      public_key: core_keys().load().public.to_string(),
-    };
-    Ok(info)
-  }
+      github_webhook_owners: config
+        .github_webhook_app
+        .installations
+        .iter()
+        .map(|i| i.namespace.to_string())
+        .collect(),
+    }
+  })
 }
 
-//
+impl Resolve<ReadArgs> for GetCoreInfo {
+  async fn resolve(
+    self,
+    _: &ReadArgs,
+  ) -> serror::Result<GetCoreInfoResponse> {
+    Ok(core_info().clone())
+  }
+}
 
 impl Resolve<ReadArgs> for ListSecrets {
   async fn resolve(
     self,
     _: &ReadArgs,
-  ) -> mogh_error::Result<ListSecretsResponse> {
+  ) -> serror::Result<ListSecretsResponse> {
     let mut secrets = core_config()
       .secrets
       .keys()
@@ -378,15 +314,13 @@ impl Resolve<ReadArgs> for ListSecrets {
         }
         _ => {
           return Err(
-            anyhow!("target must be `Server` or `Builder`")
-              .status_code(StatusCode::BAD_REQUEST),
-          );
+            anyhow!("target must be `Server` or `Builder`").into(),
+          )
         }
       };
       if let Some(id) = server_id {
         let server = resource::get::<Server>(&id).await?;
-        let more = periphery_client(&server)
-          .await?
+        let more = periphery_client(&server)?
           .request(periphery_client::api::ListSecrets {})
           .await
           .with_context(|| {
@@ -406,13 +340,11 @@ impl Resolve<ReadArgs> for ListSecrets {
   }
 }
 
-//
-
 impl Resolve<ReadArgs> for ListGitProvidersFromConfig {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListGitProvidersFromConfigResponse> {
+  ) -> serror::Result<ListGitProvidersFromConfigResponse> {
     let mut providers = core_config().git_providers.clone();
 
     if let Some(target) = self.target {
@@ -440,9 +372,8 @@ impl Resolve<ReadArgs> for ListGitProvidersFromConfig {
         }
         _ => {
           return Err(
-            anyhow!("target must be `Server` or `Builder`")
-              .status_code(StatusCode::BAD_REQUEST),
-          );
+            anyhow!("target must be `Server` or `Builder`").into(),
+          )
         }
       }
     }
@@ -450,20 +381,17 @@ impl Resolve<ReadArgs> for ListGitProvidersFromConfig {
     let (builds, repos, syncs) = tokio::try_join!(
       resource::list_full_for_user::<Build>(
         Default::default(),
-        user,
-        PermissionLevel::Read.into(),
+        &user,
         &[]
       ),
       resource::list_full_for_user::<Repo>(
         Default::default(),
-        user,
-        PermissionLevel::Read.into(),
+        &user,
         &[]
       ),
       resource::list_full_for_user::<ResourceSync>(
         Default::default(),
-        user,
-        PermissionLevel::Read.into(),
+        &user,
         &[]
       ),
     )?;
@@ -511,13 +439,11 @@ impl Resolve<ReadArgs> for ListGitProvidersFromConfig {
   }
 }
 
-//
-
 impl Resolve<ReadArgs> for ListDockerRegistriesFromConfig {
   async fn resolve(
     self,
     _: &ReadArgs,
-  ) -> mogh_error::Result<ListDockerRegistriesFromConfigResponse> {
+  ) -> serror::Result<ListDockerRegistriesFromConfigResponse> {
     let mut registries = core_config().docker_registries.clone();
 
     if let Some(target) = self.target {
@@ -547,7 +473,7 @@ impl Resolve<ReadArgs> for ListDockerRegistriesFromConfig {
         _ => {
           return Err(
             anyhow!("target must be `Server` or `Builder`").into(),
-          );
+          )
         }
       }
     }
@@ -561,10 +487,9 @@ impl Resolve<ReadArgs> for ListDockerRegistriesFromConfig {
 async fn merge_git_providers_for_server(
   providers: &mut Vec<GitProvider>,
   server_id: &str,
-) -> mogh_error::Result<()> {
+) -> serror::Result<()> {
   let server = resource::get::<Server>(server_id).await?;
-  let more = periphery_client(&server)
-    .await?
+  let more = periphery_client(&server)?
     .request(periphery_client::api::ListGitProviders {})
     .await
     .with_context(|| {
@@ -600,10 +525,9 @@ fn merge_git_providers(
 async fn merge_docker_registries_for_server(
   registries: &mut Vec<DockerRegistry>,
   server_id: &str,
-) -> mogh_error::Result<()> {
+) -> serror::Result<()> {
   let server = resource::get::<Server>(server_id).await?;
-  let more = periphery_client(&server)
-    .await?
+  let more = periphery_client(&server)?
     .request(periphery_client::api::ListDockerRegistries {})
     .await
     .with_context(|| {

bin/core/src/api/read/onboarding_key.rs

@@ -1,51 +0,0 @@
-use std::cmp::Ordering;
-
-use anyhow::{Context, anyhow};
-use database::mungos::find::find_collect;
-use komodo_client::api::read::{
-  ListOnboardingKeys, ListOnboardingKeysResponse,
-};
-use mogh_error::AddStatusCodeError;
-use mogh_resolver::Resolve;
-use reqwest::StatusCode;
-
-use crate::{api::read::ReadArgs, state::db_client};
-
-//
-
-impl Resolve<ReadArgs> for ListOnboardingKeys {
-  async fn resolve(
-    self,
-    ReadArgs { user: admin }: &ReadArgs,
-  ) -> mogh_error::Result<ListOnboardingKeysResponse> {
-    if !admin.admin {
-      return Err(
-        anyhow!("This call is admin only")
-          .status_code(StatusCode::FORBIDDEN),
-      );
-    }
-
-    let mut keys =
-      find_collect(&db_client().onboarding_keys, None, None)
-        .await
-        .context(
-          "Failed to query database for Server onboarding keys",
-        )?;
-
-    // No expiry keys first, followed
-    keys.sort_by(|a, b| {
-      if a.expires == b.expires {
-        Ordering::Equal
-      } else if a.expires == 0 {
-        Ordering::Less
-      } else if b.expires == 0 {
-        Ordering::Greater
-      } else {
-        // Descending
-        b.expires.cmp(&a.expires)
-      }
-    });
-
-    Ok(keys)
-  }
-}

bin/core/src/api/read/permission.rs

@@ -1,14 +1,14 @@
-use anyhow::{Context, anyhow};
-use database::mungos::{find::find_collect, mongodb::bson::doc};
+use anyhow::{anyhow, Context};
 use komodo_client::{
   api::read::{
-    GetPermission, GetPermissionResponse, ListPermissions,
+    GetPermissionLevel, GetPermissionLevelResponse, ListPermissions,
     ListPermissionsResponse, ListUserTargetPermissions,
     ListUserTargetPermissionsResponse,
   },
   entities::permission::PermissionLevel,
 };
-use mogh_resolver::Resolve;
+use mungos::{find::find_collect, mongodb::bson::doc};
+use resolver_api::Resolve;
 
 use crate::{
   helpers::query::get_user_permission_on_target, state::db_client,
@@ -20,7 +20,7 @@ impl Resolve<ReadArgs> for ListPermissions {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListPermissionsResponse> {
+  ) -> serror::Result<ListPermissionsResponse> {
     let res = find_collect(
       &db_client().permissions,
       doc! {
@@ -35,13 +35,13 @@ impl Resolve<ReadArgs> for ListPermissions {
   }
 }
 
-impl Resolve<ReadArgs> for GetPermission {
+impl Resolve<ReadArgs> for GetPermissionLevel {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<GetPermissionResponse> {
+  ) -> serror::Result<GetPermissionLevelResponse> {
     if user.admin {
-      return Ok(PermissionLevel::Write.all());
+      return Ok(PermissionLevel::Write);
     }
     Ok(get_user_permission_on_target(user, &self.target).await?)
   }
@@ -51,7 +51,7 @@ impl Resolve<ReadArgs> for ListUserTargetPermissions {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListUserTargetPermissionsResponse> {
+  ) -> serror::Result<ListUserTargetPermissionsResponse> {
     if !user.admin {
       return Err(anyhow!("this method is admin only").into());
     }

bin/core/src/api/read/procedure.rs

@@ -6,11 +6,10 @@ use komodo_client::{
     procedure::{Procedure, ProcedureState},
   },
 };
-use mogh_resolver::Resolve;
+use resolver_api::Resolve;
 
 use crate::{
   helpers::query::get_all_tags,
-  permission::get_check_permissions,
   resource,
   state::{action_states, procedure_state_cache},
 };
@@ -21,12 +20,12 @@ impl Resolve<ReadArgs> for GetProcedure {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<GetProcedureResponse> {
+  ) -> serror::Result<GetProcedureResponse> {
     Ok(
-      get_check_permissions::<Procedure>(
+      resource::get_check_permissions::<Procedure>(
         &self.procedure,
         user,
-        PermissionLevel::Read.into(),
+        PermissionLevel::Read,
       )
       .await?,
     )
@@ -37,7 +36,7 @@ impl Resolve<ReadArgs> for ListProcedures {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListProceduresResponse> {
+  ) -> serror::Result<ListProceduresResponse> {
     let all_tags = if self.query.tags.is_empty() {
       vec![]
     } else {
@@ -45,10 +44,7 @@ impl Resolve<ReadArgs> for ListProcedures {
     };
     Ok(
       resource::list_for_user::<Procedure>(
-        self.query,
-        user,
-        PermissionLevel::Read.into(),
-        &all_tags,
+        self.query, user, &all_tags,
       )
       .await?,
     )
@@ -59,7 +55,7 @@ impl Resolve<ReadArgs> for ListFullProcedures {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListFullProceduresResponse> {
+  ) -> serror::Result<ListFullProceduresResponse> {
     let all_tags = if self.query.tags.is_empty() {
       vec![]
     } else {
@@ -67,10 +63,7 @@ impl Resolve<ReadArgs> for ListFullProcedures {
     };
     Ok(
       resource::list_full_for_user::<Procedure>(
-        self.query,
-        user,
-        PermissionLevel::Read.into(),
-        &all_tags,
+        self.query, &user, &all_tags,
       )
       .await?,
     )
@@ -81,11 +74,10 @@ impl Resolve<ReadArgs> for GetProceduresSummary {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<GetProceduresSummaryResponse> {
+  ) -> serror::Result<GetProceduresSummaryResponse> {
     let procedures = resource::list_full_for_user::<Procedure>(
       Default::default(),
       user,
-      PermissionLevel::Read.into(),
       &[],
     )
     .await
@@ -127,11 +119,11 @@ impl Resolve<ReadArgs> for GetProcedureActionState {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<GetProcedureActionStateResponse> {
-    let procedure = get_check_permissions::<Procedure>(
+  ) -> serror::Result<GetProcedureActionStateResponse> {
+    let procedure = resource::get_check_permissions::<Procedure>(
       &self.procedure,
       user,
-      PermissionLevel::Read.into(),
+      PermissionLevel::Read,
     )
     .await?;
     let action_state = action_states()

bin/core/src/api/read/provider.rs

@@ -1,11 +1,11 @@
-use anyhow::{Context, anyhow};
-use database::mongo_indexed::{Document, doc};
-use database::mungos::{
+use anyhow::{anyhow, Context};
+use komodo_client::api::read::*;
+use mongo_indexed::{doc, Document};
+use mungos::{
   by_id::find_one_by_id, find::find_collect,
   mongodb::options::FindOptions,
 };
-use komodo_client::api::read::*;
-use mogh_resolver::Resolve;
+use resolver_api::Resolve;
 
 use crate::state::db_client;
 
@@ -15,7 +15,7 @@ impl Resolve<ReadArgs> for GetGitProviderAccount {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<GetGitProviderAccountResponse> {
+  ) -> serror::Result<GetGitProviderAccountResponse> {
     if !user.admin {
       return Err(
         anyhow!("Only admins can read git provider accounts").into(),
@@ -35,7 +35,7 @@ impl Resolve<ReadArgs> for ListGitProviderAccounts {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListGitProviderAccountsResponse> {
+  ) -> serror::Result<ListGitProviderAccountsResponse> {
     if !user.admin {
       return Err(
         anyhow!("Only admins can read git provider accounts").into(),
@@ -65,7 +65,7 @@ impl Resolve<ReadArgs> for GetDockerRegistryAccount {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<GetDockerRegistryAccountResponse> {
+  ) -> serror::Result<GetDockerRegistryAccountResponse> {
     if !user.admin {
       return Err(
         anyhow!("Only admins can read docker registry accounts")
@@ -87,7 +87,7 @@ impl Resolve<ReadArgs> for ListDockerRegistryAccounts {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListDockerRegistryAccountsResponse> {
+  ) -> serror::Result<ListDockerRegistryAccountsResponse> {
     if !user.admin {
       return Err(
         anyhow!("Only admins can read docker registry accounts")

bin/core/src/api/read/repo.rs

@@ -2,17 +2,18 @@ use anyhow::Context;
 use komodo_client::{
   api::read::*,
   entities::{
+    config::core::CoreConfig,
     permission::PermissionLevel,
     repo::{Repo, RepoActionState, RepoListItem, RepoState},
   },
 };
-use mogh_resolver::Resolve;
+use resolver_api::Resolve;
 
 use crate::{
+  config::core_config,
   helpers::query::get_all_tags,
-  permission::get_check_permissions,
   resource,
-  state::{action_states, repo_state_cache},
+  state::{action_states, github_client, repo_state_cache},
 };
 
 use super::ReadArgs;
@@ -21,12 +22,12 @@ impl Resolve<ReadArgs> for GetRepo {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Repo> {
+  ) -> serror::Result<Repo> {
     Ok(
-      get_check_permissions::<Repo>(
+      resource::get_check_permissions::<Repo>(
         &self.repo,
         user,
-        PermissionLevel::Read.into(),
+        PermissionLevel::Read,
       )
       .await?,
     )
@@ -37,20 +38,15 @@ impl Resolve<ReadArgs> for ListRepos {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Vec<RepoListItem>> {
+  ) -> serror::Result<Vec<RepoListItem>> {
     let all_tags = if self.query.tags.is_empty() {
       vec![]
     } else {
       get_all_tags(None).await?
     };
     Ok(
-      resource::list_for_user::<Repo>(
-        self.query,
-        user,
-        PermissionLevel::Read.into(),
-        &all_tags,
-      )
-      .await?,
+      resource::list_for_user::<Repo>(self.query, &user, &all_tags)
+        .await?,
     )
   }
 }
@@ -59,7 +55,7 @@ impl Resolve<ReadArgs> for ListFullRepos {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListFullReposResponse> {
+  ) -> serror::Result<ListFullReposResponse> {
     let all_tags = if self.query.tags.is_empty() {
       vec![]
     } else {
@@ -67,10 +63,7 @@ impl Resolve<ReadArgs> for ListFullRepos {
     };
     Ok(
       resource::list_full_for_user::<Repo>(
-        self.query,
-        user,
-        PermissionLevel::Read.into(),
-        &all_tags,
+        self.query, &user, &all_tags,
       )
       .await?,
     )
@@ -81,11 +74,11 @@ impl Resolve<ReadArgs> for GetRepoActionState {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<RepoActionState> {
-    let repo = get_check_permissions::<Repo>(
+  ) -> serror::Result<RepoActionState> {
+    let repo = resource::get_check_permissions::<Repo>(
       &self.repo,
       user,
-      PermissionLevel::Read.into(),
+      PermissionLevel::Read,
     )
     .await?;
     let action_state = action_states()
@@ -102,11 +95,10 @@ impl Resolve<ReadArgs> for GetReposSummary {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<GetReposSummaryResponse> {
+  ) -> serror::Result<GetReposSummaryResponse> {
     let repos = resource::list_full_for_user::<Repo>(
       Default::default(),
       user,
-      PermissionLevel::Read.into(),
       &[],
     )
     .await
@@ -140,11 +132,7 @@ impl Resolve<ReadArgs> for GetReposSummary {
         }
         (RepoState::Ok, _) => res.ok += 1,
         (RepoState::Failed, _) => res.failed += 1,
-        (RepoState::Unknown, _) => {
-          if !repo.template {
-            res.unknown += 1
-          }
-        }
+        (RepoState::Unknown, _) => res.unknown += 1,
         // will never come off the cache in the building state, since that comes from action states
         (RepoState::Cloning, _)
         | (RepoState::Pulling, _)
@@ -157,3 +145,104 @@ impl Resolve<ReadArgs> for GetReposSummary {
     Ok(res)
   }
 }
+
+impl Resolve<ReadArgs> for GetRepoWebhooksEnabled {
+  async fn resolve(
+    self,
+    ReadArgs { user }: &ReadArgs,
+  ) -> serror::Result<GetRepoWebhooksEnabledResponse> {
+    let Some(github) = github_client() else {
+      return Ok(GetRepoWebhooksEnabledResponse {
+        managed: false,
+        clone_enabled: false,
+        pull_enabled: false,
+        build_enabled: false,
+      });
+    };
+
+    let repo = resource::get_check_permissions::<Repo>(
+      &self.repo,
+      user,
+      PermissionLevel::Read,
+    )
+    .await?;
+
+    if repo.config.git_provider != "github.com"
+      || repo.config.repo.is_empty()
+    {
+      return Ok(GetRepoWebhooksEnabledResponse {
+        managed: false,
+        clone_enabled: false,
+        pull_enabled: false,
+        build_enabled: false,
+      });
+    }
+
+    let mut split = repo.config.repo.split('/');
+    let owner = split.next().context("Repo repo has no owner")?;
+
+    let Some(github) = github.get(owner) else {
+      return Ok(GetRepoWebhooksEnabledResponse {
+        managed: false,
+        clone_enabled: false,
+        pull_enabled: false,
+        build_enabled: false,
+      });
+    };
+
+    let repo_name =
+      split.next().context("Repo repo has no repo after the /")?;
+
+    let github_repos = github.repos();
+
+    let webhooks = github_repos
+      .list_all_webhooks(owner, repo_name)
+      .await
+      .context("failed to list all webhooks on repo")?
+      .body;
+
+    let CoreConfig {
+      host,
+      webhook_base_url,
+      ..
+    } = core_config();
+
+    let host = if webhook_base_url.is_empty() {
+      host
+    } else {
+      webhook_base_url
+    };
+    let clone_url =
+      format!("{host}/listener/github/repo/{}/clone", repo.id);
+    let pull_url =
+      format!("{host}/listener/github/repo/{}/pull", repo.id);
+    let build_url =
+      format!("{host}/listener/github/repo/{}/build", repo.id);
+
+    let mut clone_enabled = false;
+    let mut pull_enabled = false;
+    let mut build_enabled = false;
+
+    for webhook in webhooks {
+      if !webhook.active {
+        continue;
+      }
+      if webhook.config.url == clone_url {
+        clone_enabled = true
+      }
+      if webhook.config.url == pull_url {
+        pull_enabled = true
+      }
+      if webhook.config.url == build_url {
+        build_enabled = true
+      }
+    }
+
+    Ok(GetRepoWebhooksEnabledResponse {
+      managed: true,
+      clone_enabled,
+      pull_enabled,
+      build_enabled,
+    })
+  }
+}

bin/core/src/api/read/schedule.rs

@@ -1,107 +0,0 @@
-use futures_util::future::join_all;
-use komodo_client::{
-  api::read::*,
-  entities::{
-    ResourceTarget,
-    action::Action,
-    permission::PermissionLevel,
-    procedure::Procedure,
-    resource::{ResourceQuery, TemplatesQueryBehavior},
-    schedule::Schedule,
-  },
-};
-use mogh_resolver::Resolve;
-
-use crate::{
-  helpers::query::{get_all_tags, get_last_run_at},
-  resource::list_full_for_user,
-  schedule::get_schedule_item_info,
-};
-
-use super::ReadArgs;
-
-impl Resolve<ReadArgs> for ListSchedules {
-  async fn resolve(
-    self,
-    args: &ReadArgs,
-  ) -> mogh_error::Result<Vec<Schedule>> {
-    let all_tags = get_all_tags(None).await?;
-    let (actions, procedures) = tokio::try_join!(
-      list_full_for_user::<Action>(
-        ResourceQuery {
-          names: Default::default(),
-          templates: TemplatesQueryBehavior::Include,
-          tag_behavior: self.tag_behavior,
-          tags: self.tags.clone(),
-          specific: Default::default(),
-        },
-        &args.user,
-        PermissionLevel::Read.into(),
-        &all_tags,
-      ),
-      list_full_for_user::<Procedure>(
-        ResourceQuery {
-          names: Default::default(),
-          templates: TemplatesQueryBehavior::Include,
-          tag_behavior: self.tag_behavior,
-          tags: self.tags.clone(),
-          specific: Default::default(),
-        },
-        &args.user,
-        PermissionLevel::Read.into(),
-        &all_tags,
-      )
-    )?;
-    let actions = actions.into_iter().map(async |action| {
-      let (next_scheduled_run, schedule_error) =
-        get_schedule_item_info(&ResourceTarget::Action(
-          action.id.clone(),
-        ));
-      let last_run_at =
-        get_last_run_at::<Action>(&action.id).await.unwrap_or(None);
-      Schedule {
-        target: ResourceTarget::Action(action.id),
-        name: action.name,
-        enabled: action.config.schedule_enabled,
-        schedule_format: action.config.schedule_format,
-        schedule: action.config.schedule,
-        schedule_timezone: action.config.schedule_timezone,
-        tags: action.tags,
-        last_run_at,
-        next_scheduled_run,
-        schedule_error,
-      }
-    });
-    let procedures = procedures.into_iter().map(async |procedure| {
-      let (next_scheduled_run, schedule_error) =
-        get_schedule_item_info(&ResourceTarget::Procedure(
-          procedure.id.clone(),
-        ));
-      let last_run_at = get_last_run_at::<Procedure>(&procedure.id)
-        .await
-        .unwrap_or(None);
-      Schedule {
-        target: ResourceTarget::Procedure(procedure.id),
-        name: procedure.name,
-        enabled: procedure.config.schedule_enabled,
-        schedule_format: procedure.config.schedule_format,
-        schedule: procedure.config.schedule,
-        schedule_timezone: procedure.config.schedule_timezone,
-        tags: procedure.tags,
-        last_run_at,
-        next_scheduled_run,
-        schedule_error,
-      }
-    });
-    let (actions, procedures) =
-      tokio::join!(join_all(actions), join_all(procedures));
-
-    Ok(
-      actions
-        .into_iter()
-        .chain(procedures)
-        .filter(|s| !s.schedule.is_empty())
-        .collect(),
-    )
-  }
-}

bin/core/src/api/read/server.rs

@@ -4,52 +4,46 @@ use std::{
   sync::{Arc, OnceLock},
 };
 
-use anyhow::{Context, anyhow};
+use anyhow::{anyhow, Context};
 use async_timing_util::{
-  FIFTEEN_SECONDS_MS, get_timelength_in_ms, unix_timestamp_ms,
-};
-use database::mungos::{
-  find::find_collect,
-  mongodb::{bson::doc, options::FindOptions},
+  get_timelength_in_ms, unix_timestamp_ms, FIFTEEN_SECONDS_MS,
 };
 use komodo_client::{
   api::read::*,
   entities::{
-    ResourceTarget,
     deployment::Deployment,
     docker::{
-      container::{
-        Container, ContainerListItem, ContainerStateStatusEnum,
-      },
+      container::{Container, ContainerListItem},
       image::{Image, ImageHistoryResponseItem},
       network::Network,
       volume::Volume,
     },
     permission::PermissionLevel,
     server::{
-      Server, ServerActionState, ServerListItem, ServerQuery,
-      ServerState,
+      Server, ServerActionState, ServerListItem, ServerState,
     },
     stack::{Stack, StackServiceNames},
     stats::{SystemInformation, SystemProcess},
     update::Log,
+    ResourceTarget,
   },
 };
-use mogh_error::AddStatusCode;
-use mogh_resolver::Resolve;
+use mungos::{
+  find::find_collect,
+  mongodb::{bson::doc, options::FindOptions},
+};
 use periphery_client::api::{
   self as periphery,
   container::InspectContainer,
-  docker::{
-    ImageHistory, InspectImage, InspectNetwork, InspectVolume,
-  },
+  image::{ImageHistory, InspectImage},
+  network::InspectNetwork,
+  volume::InspectVolume,
 };
-use reqwest::StatusCode;
+use resolver_api::Resolve;
 use tokio::sync::Mutex;
 
 use crate::{
   helpers::{periphery_client, query::get_all_tags},
-  permission::{get_check_permissions, list_resources_for_user},
   resource,
   stack::compose_container_match_regex,
   state::{action_states, db_client, server_status_cache},
@@ -61,37 +55,25 @@ impl Resolve<ReadArgs> for GetServersSummary {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<GetServersSummaryResponse> {
+  ) -> serror::Result<GetServersSummaryResponse> {
     let servers = resource::list_for_user::<Server>(
       Default::default(),
       user,
-      PermissionLevel::Read.into(),
       &[],
     )
     .await?;
-
-    let core_version = env!("CARGO_PKG_VERSION");
     let mut res = GetServersSummaryResponse::default();
-
     for server in servers {
       res.total += 1;
       match server.info.state {
         ServerState::Ok => {
-          // Check for version mismatch
-          if matches!(&server.info.version, Some(version) if version != core_version)
-          {
-            res.warning += 1;
-          } else {
-            res.healthy += 1;
-          }
+          res.healthy += 1;
         }
         ServerState::NotOk => {
           res.unhealthy += 1;
         }
         ServerState::Disabled => {
-          if !server.template {
-            res.disabled += 1;
-          }
+          res.disabled += 1;
         }
       }
     }
@@ -99,16 +81,36 @@ impl Resolve<ReadArgs> for GetServersSummary {
   }
 }
 
+impl Resolve<ReadArgs> for GetPeripheryVersion {
+  async fn resolve(
+    self,
+    ReadArgs { user }: &ReadArgs,
+  ) -> serror::Result<GetPeripheryVersionResponse> {
+    let server = resource::get_check_permissions::<Server>(
+      &self.server,
+      user,
+      PermissionLevel::Read,
+    )
+    .await?;
+    let version = server_status_cache()
+      .get(&server.id)
+      .await
+      .map(|s| s.version.clone())
+      .unwrap_or(String::from("unknown"));
+    Ok(GetPeripheryVersionResponse { version })
+  }
+}
+
 impl Resolve<ReadArgs> for GetServer {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Server> {
+  ) -> serror::Result<Server> {
     Ok(
-      get_check_permissions::<Server>(
+      resource::get_check_permissions::<Server>(
         &self.server,
         user,
-        PermissionLevel::Read.into(),
+        PermissionLevel::Read,
       )
       .await?,
     )
@@ -119,20 +121,15 @@ impl Resolve<ReadArgs> for ListServers {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Vec<ServerListItem>> {
+  ) -> serror::Result<Vec<ServerListItem>> {
     let all_tags = if self.query.tags.is_empty() {
       vec![]
     } else {
       get_all_tags(None).await?
     };
     Ok(
-      resource::list_for_user::<Server>(
-        self.query,
-        user,
-        PermissionLevel::Read.into(),
-        &all_tags,
-      )
-      .await?,
+      resource::list_for_user::<Server>(self.query, &user, &all_tags)
+        .await?,
     )
   }
 }
@@ -141,7 +138,7 @@ impl Resolve<ReadArgs> for ListFullServers {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListFullServersResponse> {
+  ) -> serror::Result<ListFullServersResponse> {
     let all_tags = if self.query.tags.is_empty() {
       vec![]
     } else {
@@ -149,10 +146,7 @@ impl Resolve<ReadArgs> for ListFullServers {
     };
     Ok(
       resource::list_full_for_user::<Server>(
-        self.query,
-        user,
-        PermissionLevel::Read.into(),
-        &all_tags,
+        self.query, &user, &all_tags,
       )
       .await?,
     )
@@ -163,11 +157,11 @@ impl Resolve<ReadArgs> for GetServerState {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<GetServerStateResponse> {
-    let server = get_check_permissions::<Server>(
+  ) -> serror::Result<GetServerStateResponse> {
+    let server = resource::get_check_permissions::<Server>(
       &self.server,
       user,
-      PermissionLevel::Read.into(),
+      PermissionLevel::Read,
     )
     .await?;
     let status = server_status_cache()
@@ -185,11 +179,11 @@ impl Resolve<ReadArgs> for GetServerActionState {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ServerActionState> {
-    let server = get_check_permissions::<Server>(
+  ) -> serror::Result<ServerActionState> {
+    let server = resource::get_check_permissions::<Server>(
       &self.server,
       user,
-      PermissionLevel::Read.into(),
+      PermissionLevel::Read,
     )
     .await?;
     let action_state = action_states()
@@ -202,50 +196,46 @@ impl Resolve<ReadArgs> for GetServerActionState {
   }
 }
 
-impl Resolve<ReadArgs> for GetPeripheryInformation {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<GetPeripheryInformationResponse> {
-    let server = get_check_permissions::<Server>(
-      &self.server,
-      user,
-      PermissionLevel::Read.into(),
-    )
-    .await?;
-    server_status_cache()
-      .get(&server.id)
-      .await
-      .context("Missing server status")?
-      .periphery_info
-      .as_ref()
-      .cloned()
-      .context("Server status missing Periphery Info. The Server may be disconnected.")
-      .status_code(StatusCode::INTERNAL_SERVER_ERROR)
-  }
+// This protects the peripheries from spam requests
+const SYSTEM_INFO_EXPIRY: u128 = FIFTEEN_SECONDS_MS;
+type SystemInfoCache =
+  Mutex<HashMap<String, Arc<(SystemInformation, u128)>>>;
+fn system_info_cache() -> &'static SystemInfoCache {
+  static SYSTEM_INFO_CACHE: OnceLock<SystemInfoCache> =
+    OnceLock::new();
+  SYSTEM_INFO_CACHE.get_or_init(Default::default)
 }
 
 impl Resolve<ReadArgs> for GetSystemInformation {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<SystemInformation> {
-    let server = get_check_permissions::<Server>(
+  ) -> serror::Result<SystemInformation> {
+    let server = resource::get_check_permissions::<Server>(
       &self.server,
       user,
-      PermissionLevel::Read.into(),
+      PermissionLevel::Read,
     )
-    .await
-    .status_code(StatusCode::BAD_REQUEST)?;
-    server_status_cache()
-      .get(&server.id)
-      .await
-      .context("Missing server status")?
-      .system_info
-      .as_ref()
-      .cloned()
-      .context("Server status missing system Info. The Server may be disconnected.")
-      .status_code(StatusCode::INTERNAL_SERVER_ERROR)
+    .await?;
+
+    let mut lock = system_info_cache().lock().await;
+    let res = match lock.get(&server.id) {
+      Some(cached) if cached.1 > unix_timestamp_ms() => {
+        cached.0.clone()
+      }
+      _ => {
+        let stats = periphery_client(&server)?
+          .request(periphery::stats::GetSystemInformation {})
+          .await?;
+        lock.insert(
+          server.id,
+          (stats.clone(), unix_timestamp_ms() + SYSTEM_INFO_EXPIRY)
+            .into(),
+        );
+        stats
+      }
+    };
+    Ok(res)
   }
 }
 
@@ -253,22 +243,22 @@ impl Resolve<ReadArgs> for GetSystemStats {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<GetSystemStatsResponse> {
-    let server = get_check_permissions::<Server>(
+  ) -> serror::Result<GetSystemStatsResponse> {
+    let server = resource::get_check_permissions::<Server>(
       &self.server,
       user,
-      PermissionLevel::Read.into(),
+      PermissionLevel::Read,
     )
     .await?;
-    server_status_cache()
-      .get(&server.id)
-      .await
-      .context("Missing server status")?
-      .system_stats
+    let status =
+      server_status_cache().get(&server.id).await.with_context(
+        || format!("did not find status for server at {}", server.id),
+      )?;
+    let stats = status
+      .stats
       .as_ref()
-      .cloned()
-      .context("Server status missing system stats. The Server may be disconnected.")
-      .status_code(StatusCode::INTERNAL_SERVER_ERROR)
+      .context("server stats not available")?;
+    Ok(stats.clone())
   }
 }
 
@@ -285,11 +275,11 @@ impl Resolve<ReadArgs> for ListSystemProcesses {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListSystemProcessesResponse> {
-    let server = get_check_permissions::<Server>(
+  ) -> serror::Result<ListSystemProcessesResponse> {
+    let server = resource::get_check_permissions::<Server>(
       &self.server,
       user,
-      PermissionLevel::Read.processes(),
+      PermissionLevel::Read,
     )
     .await?;
     let mut lock = processes_cache().lock().await;
@@ -298,8 +288,7 @@ impl Resolve<ReadArgs> for ListSystemProcesses {
         cached.0.clone()
       }
       _ => {
-        let stats = periphery_client(&server)
-          .await?
+        let stats = periphery_client(&server)?
           .request(periphery::stats::GetSystemProcesses {})
           .await?;
         lock.insert(
@@ -320,16 +309,16 @@ impl Resolve<ReadArgs> for GetHistoricalServerStats {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<GetHistoricalServerStatsResponse> {
+  ) -> serror::Result<GetHistoricalServerStatsResponse> {
     let GetHistoricalServerStats {
       server,
       granularity,
       page,
     } = self;
-    let server = get_check_permissions::<Server>(
+    let server = resource::get_check_permissions::<Server>(
       &server,
       user,
-      PermissionLevel::Read.into(),
+      PermissionLevel::Read,
     )
     .await?;
     let granularity =
@@ -373,18 +362,18 @@ impl Resolve<ReadArgs> for ListDockerContainers {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListDockerContainersResponse> {
-    let server = get_check_permissions::<Server>(
+  ) -> serror::Result<ListDockerContainersResponse> {
+    let server = resource::get_check_permissions::<Server>(
       &self.server,
       user,
-      PermissionLevel::Read.into(),
+      PermissionLevel::Read,
     )
     .await?;
     let cache = server_status_cache()
       .get_or_insert_default(&server.id)
       .await;
-    if let Some(docker) = &cache.docker {
-      Ok(docker.containers.clone())
+    if let Some(containers) = &cache.containers {
+      Ok(containers.clone())
     } else {
       Ok(Vec::new())
     }
@@ -395,14 +384,19 @@ impl Resolve<ReadArgs> for ListAllDockerContainers {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListAllDockerContainersResponse> {
+  ) -> serror::Result<ListAllDockerContainersResponse> {
     let servers = resource::list_for_user::<Server>(
-      ServerQuery::builder().names(self.servers.clone()).build(),
-      user,
-      PermissionLevel::Read.into(),
+      Default::default(),
+      &user,
       &[],
     )
-    .await?;
+    .await?
+    .into_iter()
+    .filter(|server| {
+      self.servers.is_empty()
+        || self.servers.contains(&server.id)
+        || self.servers.contains(&server.name)
+    });
 
     let mut containers = Vec::<ContainerListItem>::new();
 
@@ -410,61 +404,12 @@ impl Resolve<ReadArgs> for ListAllDockerContainers {
       let cache = server_status_cache()
         .get_or_insert_default(&server.id)
         .await;
-      let Some(docker) = &cache.docker else {
-        continue;
-      };
-      let more = docker
-        .containers
-        .iter()
-        .filter(|container| {
-          self.containers.is_empty()
-            || self.containers.contains(&container.name)
-        })
-        .cloned();
-      containers.extend(more);
-    }
-
-    Ok(containers)
-  }
-}
-
-impl Resolve<ReadArgs> for GetDockerContainersSummary {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<GetDockerContainersSummaryResponse> {
-    let servers = resource::list_full_for_user::<Server>(
-      Default::default(),
-      user,
-      PermissionLevel::Read.into(),
-      &[],
-    )
-    .await
-    .context("failed to get servers from db")?;
-
-    let mut res = GetDockerContainersSummaryResponse::default();
-
-    for server in servers {
-      let cache = server_status_cache()
-        .get_or_insert_default(&server.id)
-        .await;
-
-      if let Some(docker) = &cache.docker {
-        for container in &docker.containers {
-          res.total += 1;
-          match container.state {
-            ContainerStateStatusEnum::Created
-            | ContainerStateStatusEnum::Paused
-            | ContainerStateStatusEnum::Exited => res.stopped += 1,
-            ContainerStateStatusEnum::Running => res.running += 1,
-            ContainerStateStatusEnum::Empty => res.unknown += 1,
-            _ => res.unhealthy += 1,
-          }
-        }
+      if let Some(more_containers) = &cache.containers {
+        containers.extend(more_containers.clone());
       }
     }
 
-    Ok(res)
+    Ok(containers)
   }
 }
 
@@ -472,11 +417,11 @@ impl Resolve<ReadArgs> for InspectDockerContainer {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Container> {
-    let server = get_check_permissions::<Server>(
+  ) -> serror::Result<Container> {
+    let server = resource::get_check_permissions::<Server>(
       &self.server,
       user,
-      PermissionLevel::Read.inspect(),
+      PermissionLevel::Read,
     )
     .await?;
     let cache = server_status_cache()
@@ -491,8 +436,7 @@ impl Resolve<ReadArgs> for InspectDockerContainer {
         .into(),
       );
     }
-    let res = periphery_client(&server)
-      .await?
+    let res = periphery_client(&server)?
       .request(InspectContainer {
         name: self.container,
       })
@@ -507,21 +451,20 @@ impl Resolve<ReadArgs> for GetContainerLog {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Log> {
+  ) -> serror::Result<Log> {
     let GetContainerLog {
       server,
       container,
       tail,
       timestamps,
     } = self;
-    let server = get_check_permissions::<Server>(
+    let server = resource::get_check_permissions::<Server>(
       &server,
       user,
-      PermissionLevel::Read.logs(),
+      PermissionLevel::Read,
     )
     .await?;
-    let res = periphery_client(&server)
-      .await?
+    let res = periphery_client(&server)?
       .request(periphery::container::GetContainerLog {
         name: container,
         tail: cmp::min(tail, MAX_LOG_LENGTH),
@@ -537,7 +480,7 @@ impl Resolve<ReadArgs> for SearchContainerLog {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Log> {
+  ) -> serror::Result<Log> {
     let SearchContainerLog {
       server,
       container,
@@ -546,14 +489,13 @@ impl Resolve<ReadArgs> for SearchContainerLog {
       invert,
       timestamps,
     } = self;
-    let server = get_check_permissions::<Server>(
+    let server = resource::get_check_permissions::<Server>(
       &server,
       user,
-      PermissionLevel::Read.logs(),
+      PermissionLevel::Read,
     )
     .await?;
-    let res = periphery_client(&server)
-      .await?
+    let res = periphery_client(&server)?
       .request(periphery::container::GetContainerLogSearch {
         name: container,
         terms,
@@ -571,11 +513,11 @@ impl Resolve<ReadArgs> for GetResourceMatchingContainer {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<GetResourceMatchingContainerResponse> {
-    let server = get_check_permissions::<Server>(
+  ) -> serror::Result<GetResourceMatchingContainerResponse> {
+    let server = resource::get_check_permissions::<Server>(
       &self.server,
       user,
-      PermissionLevel::Read.into(),
+      PermissionLevel::Read,
     )
     .await?;
     // first check deployments
@@ -588,12 +530,12 @@ impl Resolve<ReadArgs> for GetResourceMatchingContainer {
     }
 
     // then check stacks
-    let stacks = list_resources_for_user::<Stack>(
-      doc! { "config.server_id": &server.id },
-      user,
-      PermissionLevel::Read.into(),
-    )
-    .await?;
+    let stacks =
+      resource::list_full_for_user_using_document::<Stack>(
+        doc! { "config.server_id": &server.id },
+        &user,
+      )
+      .await?;
 
     // check matching stack
     for stack in stacks {
@@ -632,18 +574,18 @@ impl Resolve<ReadArgs> for ListDockerNetworks {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListDockerNetworksResponse> {
-    let server = get_check_permissions::<Server>(
+  ) -> serror::Result<ListDockerNetworksResponse> {
+    let server = resource::get_check_permissions::<Server>(
       &self.server,
       user,
-      PermissionLevel::Read.into(),
+      PermissionLevel::Read,
     )
     .await?;
     let cache = server_status_cache()
       .get_or_insert_default(&server.id)
       .await;
-    if let Some(docker) = &cache.docker {
-      Ok(docker.networks.clone())
+    if let Some(networks) = &cache.networks {
+      Ok(networks.clone())
     } else {
       Ok(Vec::new())
     }
@@ -654,11 +596,11 @@ impl Resolve<ReadArgs> for InspectDockerNetwork {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Network> {
-    let server = get_check_permissions::<Server>(
+  ) -> serror::Result<Network> {
+    let server = resource::get_check_permissions::<Server>(
       &self.server,
       user,
-      PermissionLevel::Read.into(),
+      PermissionLevel::Read,
     )
     .await?;
     let cache = server_status_cache()
@@ -673,8 +615,7 @@ impl Resolve<ReadArgs> for InspectDockerNetwork {
         .into(),
       );
     }
-    let res = periphery_client(&server)
-      .await?
+    let res = periphery_client(&server)?
       .request(InspectNetwork { name: self.network })
       .await?;
     Ok(res)
@@ -685,18 +626,18 @@ impl Resolve<ReadArgs> for ListDockerImages {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListDockerImagesResponse> {
-    let server = get_check_permissions::<Server>(
+  ) -> serror::Result<ListDockerImagesResponse> {
+    let server = resource::get_check_permissions::<Server>(
       &self.server,
       user,
-      PermissionLevel::Read.into(),
+      PermissionLevel::Read,
     )
     .await?;
     let cache = server_status_cache()
       .get_or_insert_default(&server.id)
       .await;
-    if let Some(docker) = &cache.docker {
-      Ok(docker.images.clone())
+    if let Some(images) = &cache.images {
+      Ok(images.clone())
     } else {
       Ok(Vec::new())
     }
@@ -707,11 +648,11 @@ impl Resolve<ReadArgs> for InspectDockerImage {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Image> {
-    let server = get_check_permissions::<Server>(
+  ) -> serror::Result<Image> {
+    let server = resource::get_check_permissions::<Server>(
       &self.server,
       user,
-      PermissionLevel::Read.into(),
+      PermissionLevel::Read,
     )
     .await?;
     let cache = server_status_cache()
@@ -723,8 +664,7 @@ impl Resolve<ReadArgs> for InspectDockerImage {
           .into(),
       );
     }
-    let res = periphery_client(&server)
-      .await?
+    let res = periphery_client(&server)?
       .request(InspectImage { name: self.image })
       .await?;
     Ok(res)
@@ -735,11 +675,11 @@ impl Resolve<ReadArgs> for ListDockerImageHistory {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Vec<ImageHistoryResponseItem>> {
-    let server = get_check_permissions::<Server>(
+  ) -> serror::Result<Vec<ImageHistoryResponseItem>> {
+    let server = resource::get_check_permissions::<Server>(
       &self.server,
       user,
-      PermissionLevel::Read.into(),
+      PermissionLevel::Read,
     )
     .await?;
     let cache = server_status_cache()
@@ -754,8 +694,7 @@ impl Resolve<ReadArgs> for ListDockerImageHistory {
         .into(),
       );
     }
-    let res = periphery_client(&server)
-      .await?
+    let res = periphery_client(&server)?
       .request(ImageHistory { name: self.image })
       .await?;
     Ok(res)
@@ -766,18 +705,18 @@ impl Resolve<ReadArgs> for ListDockerVolumes {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListDockerVolumesResponse> {
-    let server = get_check_permissions::<Server>(
+  ) -> serror::Result<ListDockerVolumesResponse> {
+    let server = resource::get_check_permissions::<Server>(
       &self.server,
       user,
-      PermissionLevel::Read.into(),
+      PermissionLevel::Read,
     )
     .await?;
     let cache = server_status_cache()
       .get_or_insert_default(&server.id)
       .await;
-    if let Some(docker) = &cache.docker {
-      Ok(docker.volumes.clone())
+    if let Some(volumes) = &cache.volumes {
+      Ok(volumes.clone())
     } else {
       Ok(Vec::new())
     }
@@ -788,11 +727,11 @@ impl Resolve<ReadArgs> for InspectDockerVolume {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Volume> {
-    let server = get_check_permissions::<Server>(
+  ) -> serror::Result<Volume> {
+    let server = resource::get_check_permissions::<Server>(
       &self.server,
       user,
-      PermissionLevel::Read.into(),
+      PermissionLevel::Read,
     )
     .await?;
     let cache = server_status_cache()
@@ -804,8 +743,7 @@ impl Resolve<ReadArgs> for InspectDockerVolume {
           .into(),
       );
     }
-    let res = periphery_client(&server)
-      .await?
+    let res = periphery_client(&server)?
       .request(InspectVolume { name: self.volume })
       .await?;
     Ok(res)
@@ -816,64 +754,20 @@ impl Resolve<ReadArgs> for ListComposeProjects {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListComposeProjectsResponse> {
-    let server = get_check_permissions::<Server>(
+  ) -> serror::Result<ListComposeProjectsResponse> {
+    let server = resource::get_check_permissions::<Server>(
       &self.server,
       user,
-      PermissionLevel::Read.into(),
+      PermissionLevel::Read,
     )
     .await?;
     let cache = server_status_cache()
       .get_or_insert_default(&server.id)
       .await;
-    if let Some(docker) = &cache.docker {
-      Ok(docker.projects.clone())
+    if let Some(projects) = &cache.projects {
+      Ok(projects.clone())
     } else {
       Ok(Vec::new())
     }
   }
 }
-
-// impl Resolve<ReadArgs> for ListAllTerminals {
-//   async fn resolve(
-//     self,
-//     args: &ReadArgs,
-//   ) -> Result<Self::Response, Self::Error> {
-//     // match self.tar
-//     let mut terminals = resource::list_full_for_user::<Server>(
-//       self.query, &args.user, &all_tags,
-//     )
-//     .await?
-//     .into_iter()
-//     .map(|server| async move {
-//       (
-//         list_terminals_inner(&server, self.fresh).await,
-//         (server.id, server.name),
-//       )
-//     })
-//     .collect::<FuturesUnordered<_>>()
-//     .collect::<Vec<_>>()
-//     .await
-//     .into_iter()
-//     .flat_map(|(terminals, server)| {
-//       let terminals = terminals.ok()?;
-//       Some((terminals, server))
-//     })
-//     .flat_map(|(terminals, (server_id, server_name))| {
-//       terminals.into_iter().map(move |info| {
-//         TerminalInfoWithServer::from_terminal_info(
-//           &server_id,
-//           &server_name,
-//           info,
-//         )
-//       })
-//     })
-//     .collect::<Vec<_>>();
-
-//     terminals.sort_by(|a, b| {
-//       a.server_name.cmp(&b.server_name).then(a.name.cmp(&b.name))
-//     });
-
-//     Ok(terminals)
-//   }
-// }

bin/core/src/api/read/server_template.rs

@@ -0,0 +1,97 @@
+use anyhow::Context;
+use komodo_client::{
+  api::read::*,
+  entities::{
+    permission::PermissionLevel, server_template::ServerTemplate,
+  },
+};
+use mongo_indexed::Document;
+use mungos::mongodb::bson::doc;
+use resolver_api::Resolve;
+
+use crate::{
+  helpers::query::get_all_tags, resource, state::db_client,
+};
+
+use super::ReadArgs;
+
+impl Resolve<ReadArgs> for GetServerTemplate {
+  async fn resolve(
+    self,
+    ReadArgs { user }: &ReadArgs,
+  ) -> serror::Result<GetServerTemplateResponse> {
+    Ok(
+      resource::get_check_permissions::<ServerTemplate>(
+        &self.server_template,
+        user,
+        PermissionLevel::Read,
+      )
+      .await?,
+    )
+  }
+}
+
+impl Resolve<ReadArgs> for ListServerTemplates {
+  async fn resolve(
+    self,
+    ReadArgs { user }: &ReadArgs,
+  ) -> serror::Result<ListServerTemplatesResponse> {
+    let all_tags = if self.query.tags.is_empty() {
+      vec![]
+    } else {
+      get_all_tags(None).await?
+    };
+    Ok(
+      resource::list_for_user::<ServerTemplate>(
+        self.query, user, &all_tags,
+      )
+      .await?,
+    )
+  }
+}
+
+impl Resolve<ReadArgs> for ListFullServerTemplates {
+  async fn resolve(
+    self,
+    ReadArgs { user }: &ReadArgs,
+  ) -> serror::Result<ListFullServerTemplatesResponse> {
+    let all_tags = if self.query.tags.is_empty() {
+      vec![]
+    } else {
+      get_all_tags(None).await?
+    };
+    Ok(
+      resource::list_full_for_user::<ServerTemplate>(
+        self.query, user, &all_tags,
+      )
+      .await?,
+    )
+  }
+}
+
+impl Resolve<ReadArgs> for GetServerTemplatesSummary {
+  async fn resolve(
+    self,
+    ReadArgs { user }: &ReadArgs,
+  ) -> serror::Result<GetServerTemplatesSummaryResponse> {
+    let query = match resource::get_resource_object_ids_for_user::<
+      ServerTemplate,
+    >(&user)
+    .await?
+    {
+      Some(ids) => doc! {
+        "_id": { "$in": ids }
+      },
+      None => Document::new(),
+    };
+    let total = db_client()
+      .server_templates
+      .count_documents(query)
+      .await
+      .context("failed to count all server template documents")?;
+    let res = GetServerTemplatesSummaryResponse {
+      total: total as u32,
+    };
+    Ok(res)
+  }
+}

bin/core/src/api/read/stack.rs

@@ -1,33 +1,25 @@
 use std::collections::HashSet;
 
-use anyhow::{Context, anyhow};
+use anyhow::Context;
 use komodo_client::{
   api::read::*,
   entities::{
-    SwarmOrServer,
-    docker::{
-      container::Container, service::SwarmService, stack::SwarmStack,
-    },
+    config::core::CoreConfig,
     permission::PermissionLevel,
     stack::{Stack, StackActionState, StackListItem, StackState},
   },
 };
-use mogh_error::AddStatusCodeError as _;
-use mogh_resolver::Resolve;
-use periphery_client::api::{
-  compose::{GetComposeLog, GetComposeLogSearch},
-  container::InspectContainer,
+use periphery_client::api::compose::{
+  GetComposeLog, GetComposeLogSearch,
 };
-use reqwest::StatusCode;
+use resolver_api::Resolve;
 
 use crate::{
-  helpers::{
-    periphery_client, query::get_all_tags, swarm::swarm_request,
-  },
-  permission::get_check_permissions,
+  config::core_config,
+  helpers::{periphery_client, query::get_all_tags},
   resource,
-  stack::setup_stack_execution,
-  state::{action_states, stack_status_cache},
+  stack::get_stack_and_server,
+  state::{action_states, github_client, stack_status_cache},
 };
 
 use super::ReadArgs;
@@ -36,12 +28,12 @@ impl Resolve<ReadArgs> for GetStack {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Stack> {
+  ) -> serror::Result<Stack> {
     Ok(
-      get_check_permissions::<Stack>(
+      resource::get_check_permissions::<Stack>(
         &self.stack,
         user,
-        PermissionLevel::Read.into(),
+        PermissionLevel::Read,
       )
       .await?,
     )
@@ -52,11 +44,11 @@ impl Resolve<ReadArgs> for ListStackServices {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListStackServicesResponse> {
-    let stack = get_check_permissions::<Stack>(
+  ) -> serror::Result<ListStackServicesResponse> {
+    let stack = resource::get_check_permissions::<Stack>(
       &self.stack,
       user,
-      PermissionLevel::Read.into(),
+      PermissionLevel::Read,
     )
     .await?;
 
@@ -76,59 +68,26 @@ impl Resolve<ReadArgs> for GetStackLog {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<GetStackLogResponse> {
+  ) -> serror::Result<GetStackLogResponse> {
     let GetStackLog {
       stack,
-      mut services,
+      services,
       tail,
       timestamps,
     } = self;
-    let (stack, swarm_or_server) = setup_stack_execution(
-      &stack,
-      user,
-      PermissionLevel::Read.logs(),
-    )
-    .await?;
-
-    swarm_or_server.verify_has_target()?;
-
-    let log = match swarm_or_server {
-      SwarmOrServer::None => unreachable!(),
-      SwarmOrServer::Swarm(swarm) => {
-        let service = services.pop().context(
-          "Must pass single service for Swarm mode Stack logs",
-        )?;
-        swarm_request(
-          &swarm.config.server_ids,
-          periphery_client::api::swarm::GetSwarmServiceLog {
-            // The actual service name on swarm will be stackname_servicename
-            service: format!(
-              "{}_{service}",
-              stack.project_name(false)
-            ),
-            tail,
-            timestamps,
-            no_task_ids: false,
-            no_resolve: false,
-            details: false,
-          },
-        )
-        .await
-        .context("Failed to get stack service log from swarm")?
-      }
-      SwarmOrServer::Server(server) => periphery_client(&server)
-        .await?
-        .request(GetComposeLog {
-          project: stack.project_name(false),
-          services,
-          tail,
-          timestamps,
-        })
-        .await
-        .context("Failed to get stack log from periphery")?,
-    };
-
-    Ok(log)
+    let (stack, server) =
+      get_stack_and_server(&stack, user, PermissionLevel::Read, true)
+        .await?;
+    let res = periphery_client(&server)?
+      .request(GetComposeLog {
+        project: stack.project_name(false),
+        services,
+        tail,
+        timestamps,
+      })
+      .await
+      .context("Failed to get stack log from periphery")?;
+    Ok(res)
   }
 }
 
@@ -136,194 +95,30 @@ impl Resolve<ReadArgs> for SearchStackLog {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<SearchStackLogResponse> {
+  ) -> serror::Result<SearchStackLogResponse> {
     let SearchStackLog {
       stack,
-      mut services,
+      services,
       terms,
       combinator,
       invert,
       timestamps,
     } = self;
-    let (stack, swarm_or_server) = setup_stack_execution(
-      &stack,
-      user,
-      PermissionLevel::Read.logs(),
-    )
-    .await?;
-
-    swarm_or_server.verify_has_target()?;
-
-    let log = match swarm_or_server {
-      SwarmOrServer::None => unreachable!(),
-      SwarmOrServer::Swarm(swarm) => {
-        let service = services.pop().context(
-          "Must pass single service for Swarm mode Stack logs",
-        )?;
-        swarm_request(
-          &swarm.config.server_ids,
-          periphery_client::api::swarm::GetSwarmServiceLogSearch {
-            service,
-            terms,
-            combinator,
-            invert,
-            timestamps,
-            no_task_ids: false,
-            no_resolve: false,
-            details: false,
-          },
-        )
-        .await
-        .context("Failed to get stack service log from swarm")?
-      }
-      SwarmOrServer::Server(server) => periphery_client(&server)
-        .await?
-        .request(GetComposeLogSearch {
-          project: stack.project_name(false),
-          services,
-          terms,
-          combinator,
-          invert,
-          timestamps,
-        })
-        .await
-        .context("Failed to search stack log from periphery")?,
-    };
-
-    Ok(log)
-  }
-}
-
-impl Resolve<ReadArgs> for InspectStackContainer {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Container> {
-    let InspectStackContainer { stack, service } = self;
-    let (stack, swarm_or_server) = setup_stack_execution(
-      &stack,
-      user,
-      PermissionLevel::Read.inspect(),
-    )
-    .await?;
-
-    let SwarmOrServer::Server(server) = swarm_or_server else {
-      return Err(
-        anyhow!(
-          "InspectStackContainer should not be called for Stack in Swarm Mode"
-        )
-        .status_code(StatusCode::BAD_REQUEST),
-      );
-    };
-
-    let services = &stack_status_cache()
-      .get(&stack.id)
-      .await
-      .unwrap_or_default()
-      .curr
-      .services;
-
-    let Some(name) = services
-      .iter()
-      .find(|s| s.service == service)
-      .and_then(|s| s.container.as_ref().map(|c| c.name.clone()))
-    else {
-      return Err(anyhow!(
-        "No service found matching '{service}'. Was the stack last deployed manually?"
-      ).into());
-    };
-
-    let res = periphery_client(&server)
-      .await?
-      .request(InspectContainer { name })
-      .await
-      .context("Failed to inspect container on server")?;
-
-    Ok(res)
-  }
-}
-
-impl Resolve<ReadArgs> for InspectStackSwarmService {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<SwarmService> {
-    let InspectStackSwarmService { stack, service } = self;
-    let (stack, swarm_or_server) = setup_stack_execution(
-      &stack,
-      user,
-      PermissionLevel::Read.inspect(),
-    )
-    .await?;
-
-    let SwarmOrServer::Swarm(swarm) = swarm_or_server else {
-      return Err(
-        anyhow!(
-          "InspectStackSwarmService should only be called for Stack in Swarm Mode"
-        )
-        .status_code(StatusCode::BAD_REQUEST),
-      );
-    };
-
-    let services = &stack_status_cache()
-      .get(&stack.id)
-      .await
-      .unwrap_or_default()
-      .curr
-      .services;
-
-    let Some(service) = services
-      .iter()
-      .find(|s| s.service == service)
-      .and_then(|s| {
-        s.swarm_service.as_ref().and_then(|c| c.name.clone())
+    let (stack, server) =
+      get_stack_and_server(&stack, user, PermissionLevel::Read, true)
+        .await?;
+    let res = periphery_client(&server)?
+      .request(GetComposeLogSearch {
+        project: stack.project_name(false),
+        services,
+        terms,
+        combinator,
+        invert,
+        timestamps,
       })
-    else {
-      return Err(anyhow!(
-        "No service found matching '{service}'. Was the stack last deployed manually?"
-      ).into());
-    };
-
-    swarm_request(
-      &swarm.config.server_ids,
-      periphery_client::api::swarm::InspectSwarmService { service },
-    )
-    .await
-    .context("Failed to inspect service on swarm")
-    .map_err(Into::into)
-  }
-}
-
-impl Resolve<ReadArgs> for InspectStackSwarmInfo {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<SwarmStack> {
-    let (stack, swarm_or_server) = setup_stack_execution(
-      &self.stack,
-      user,
-      PermissionLevel::Read.inspect(),
-    )
-    .await?;
-
-    let SwarmOrServer::Swarm(swarm) = swarm_or_server else {
-      return Err(
-        anyhow!(
-          "InspectStackSwarmInfo should only be called for Stack in Swarm Mode"
-        )
-        .status_code(StatusCode::BAD_REQUEST),
-      );
-    };
-
-    swarm_request(
-      &swarm.config.server_ids,
-      periphery_client::api::swarm::InspectSwarmStack {
-        stack: stack.project_name(false),
-      },
-    )
-    .await
-    .context("Failed to inspect stack info on swarm")
-    .map_err(Into::into)
+      .await
+      .context("Failed to search stack log from periphery")?;
+    Ok(res)
   }
 }
 
@@ -331,20 +126,17 @@ impl Resolve<ReadArgs> for ListCommonStackExtraArgs {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListCommonStackExtraArgsResponse> {
+  ) -> serror::Result<ListCommonStackExtraArgsResponse> {
     let all_tags = if self.query.tags.is_empty() {
       vec![]
     } else {
       get_all_tags(None).await?
     };
     let stacks = resource::list_full_for_user::<Stack>(
-      self.query,
-      user,
-      PermissionLevel::Read.into(),
-      &all_tags,
+      self.query, &user, &all_tags,
     )
     .await
-    .context("Failed to get resources matching query")?;
+    .context("failed to get resources matching query")?;
 
     // first collect with guaranteed uniqueness
     let mut res = HashSet::<String>::new();
@@ -365,20 +157,17 @@ impl Resolve<ReadArgs> for ListCommonStackBuildExtraArgs {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListCommonStackBuildExtraArgsResponse> {
+  ) -> serror::Result<ListCommonStackBuildExtraArgsResponse> {
     let all_tags = if self.query.tags.is_empty() {
       vec![]
     } else {
       get_all_tags(None).await?
     };
     let stacks = resource::list_full_for_user::<Stack>(
-      self.query,
-      user,
-      PermissionLevel::Read.into(),
-      &all_tags,
+      self.query, &user, &all_tags,
     )
     .await
-    .context("Failed to get resources matching query")?;
+    .context("failed to get resources matching query")?;
 
     // first collect with guaranteed uniqueness
     let mut res = HashSet::<String>::new();
@@ -399,35 +188,16 @@ impl Resolve<ReadArgs> for ListStacks {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Vec<StackListItem>> {
+  ) -> serror::Result<Vec<StackListItem>> {
     let all_tags = if self.query.tags.is_empty() {
       vec![]
     } else {
       get_all_tags(None).await?
     };
-    let only_update_available = self.query.specific.update_available;
-    let stacks = resource::list_for_user::<Stack>(
-      self.query,
-      user,
-      PermissionLevel::Read.into(),
-      &all_tags,
+    Ok(
+      resource::list_for_user::<Stack>(self.query, user, &all_tags)
+        .await?,
     )
-    .await?;
-    let stacks = if only_update_available {
-      stacks
-        .into_iter()
-        .filter(|stack| {
-          stack
-            .info
-            .services
-            .iter()
-            .any(|service| service.update_available)
-        })
-        .collect()
-    } else {
-      stacks
-    };
-    Ok(stacks)
   }
 }
 
@@ -435,7 +205,7 @@ impl Resolve<ReadArgs> for ListFullStacks {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListFullStacksResponse> {
+  ) -> serror::Result<ListFullStacksResponse> {
     let all_tags = if self.query.tags.is_empty() {
       vec![]
     } else {
@@ -443,10 +213,7 @@ impl Resolve<ReadArgs> for ListFullStacks {
     };
     Ok(
       resource::list_full_for_user::<Stack>(
-        self.query,
-        user,
-        PermissionLevel::Read.into(),
-        &all_tags,
+        self.query, user, &all_tags,
       )
       .await?,
     )
@@ -457,11 +224,11 @@ impl Resolve<ReadArgs> for GetStackActionState {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<StackActionState> {
-    let stack = get_check_permissions::<Stack>(
+  ) -> serror::Result<StackActionState> {
+    let stack = resource::get_check_permissions::<Stack>(
       &self.stack,
       user,
-      PermissionLevel::Read.into(),
+      PermissionLevel::Read,
     )
     .await?;
     let action_state = action_states()
@@ -478,15 +245,14 @@ impl Resolve<ReadArgs> for GetStacksSummary {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<GetStacksSummaryResponse> {
+  ) -> serror::Result<GetStacksSummaryResponse> {
     let stacks = resource::list_full_for_user::<Stack>(
       Default::default(),
       user,
-      PermissionLevel::Read.into(),
       &[],
     )
     .await
-    .context("Failed to get stacks from database")?;
+    .context("failed to get stacks from db")?;
 
     let mut res = GetStacksSummaryResponse::default();
 
@@ -499,11 +265,7 @@ impl Resolve<ReadArgs> for GetStacksSummary {
         StackState::Running => res.running += 1,
         StackState::Stopped | StackState::Paused => res.stopped += 1,
         StackState::Down => res.down += 1,
-        StackState::Unknown => {
-          if !stack.template {
-            res.unknown += 1
-          }
-        }
+        StackState::Unknown => res.unknown += 1,
         _ => res.unhealthy += 1,
       }
     }
@@ -511,3 +273,91 @@ impl Resolve<ReadArgs> for GetStacksSummary {
     Ok(res)
   }
 }
+
+impl Resolve<ReadArgs> for GetStackWebhooksEnabled {
+  async fn resolve(
+    self,
+    ReadArgs { user }: &ReadArgs,
+  ) -> serror::Result<GetStackWebhooksEnabledResponse> {
+    let Some(github) = github_client() else {
+      return Ok(GetStackWebhooksEnabledResponse {
+        managed: false,
+        refresh_enabled: false,
+        deploy_enabled: false,
+      });
+    };
+
+    let stack = resource::get_check_permissions::<Stack>(
+      &self.stack,
+      user,
+      PermissionLevel::Read,
+    )
+    .await?;
+
+    if stack.config.git_provider != "github.com"
+      || stack.config.repo.is_empty()
+    {
+      return Ok(GetStackWebhooksEnabledResponse {
+        managed: false,
+        refresh_enabled: false,
+        deploy_enabled: false,
+      });
+    }
+
+    let mut split = stack.config.repo.split('/');
+    let owner = split.next().context("Sync repo has no owner")?;
+
+    let Some(github) = github.get(owner) else {
+      return Ok(GetStackWebhooksEnabledResponse {
+        managed: false,
+        refresh_enabled: false,
+        deploy_enabled: false,
+      });
+    };
+
+    let repo_name =
+      split.next().context("Repo repo has no repo after the /")?;
+
+    let github_repos = github.repos();
+
+    let webhooks = github_repos
+      .list_all_webhooks(owner, repo_name)
+      .await
+      .context("failed to list all webhooks on repo")?
+      .body;
+
+    let CoreConfig {
+      host,
+      webhook_base_url,
+      ..
+    } = core_config();
+
+    let host = if webhook_base_url.is_empty() {
+      host
+    } else {
+      webhook_base_url
+    };
+    let refresh_url =
+      format!("{host}/listener/github/stack/{}/refresh", stack.id);
+    let deploy_url =
+      format!("{host}/listener/github/stack/{}/deploy", stack.id);
+
+    let mut refresh_enabled = false;
+    let mut deploy_enabled = false;
+
+    for webhook in webhooks {
+      if webhook.active && webhook.config.url == refresh_url {
+        refresh_enabled = true
+      }
+      if webhook.active && webhook.config.url == deploy_url {
+        deploy_enabled = true
+      }
+    }
+
+    Ok(GetStackWebhooksEnabledResponse {
+      managed: true,
+      refresh_enabled,
+      deploy_enabled,
+    })
+  }
+}

bin/core/src/api/read/swarm.rs

@@ -1,522 +0,0 @@
-use anyhow::{Context, anyhow};
-use komodo_client::{
-  api::read::*,
-  entities::{
-    permission::PermissionLevel,
-    swarm::{Swarm, SwarmActionState, SwarmListItem, SwarmState},
-  },
-};
-use mogh_resolver::Resolve;
-
-use crate::{
-  helpers::{query::get_all_tags, swarm::swarm_request},
-  permission::get_check_permissions,
-  resource,
-  state::{action_states, server_status_cache, swarm_status_cache},
-};
-
-use super::ReadArgs;
-
-impl Resolve<ReadArgs> for GetSwarm {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Swarm> {
-    Ok(
-      get_check_permissions::<Swarm>(
-        &self.swarm,
-        user,
-        PermissionLevel::Read.into(),
-      )
-      .await?,
-    )
-  }
-}
-
-impl Resolve<ReadArgs> for ListSwarms {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Vec<SwarmListItem>> {
-    let all_tags = if self.query.tags.is_empty() {
-      vec![]
-    } else {
-      get_all_tags(None).await?
-    };
-    Ok(
-      resource::list_for_user::<Swarm>(
-        self.query,
-        user,
-        PermissionLevel::Read.into(),
-        &all_tags,
-      )
-      .await?,
-    )
-  }
-}
-
-impl Resolve<ReadArgs> for ListFullSwarms {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListFullSwarmsResponse> {
-    let all_tags = if self.query.tags.is_empty() {
-      vec![]
-    } else {
-      get_all_tags(None).await?
-    };
-    Ok(
-      resource::list_full_for_user::<Swarm>(
-        self.query,
-        user,
-        PermissionLevel::Read.into(),
-        &all_tags,
-      )
-      .await?,
-    )
-  }
-}
-
-impl Resolve<ReadArgs> for GetSwarmActionState {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<SwarmActionState> {
-    let swarm = get_check_permissions::<Swarm>(
-      &self.swarm,
-      user,
-      PermissionLevel::Read.into(),
-    )
-    .await?;
-    let action_state = action_states()
-      .swarm
-      .get(&swarm.id)
-      .await
-      .unwrap_or_default()
-      .get()?;
-    Ok(action_state)
-  }
-}
-
-impl Resolve<ReadArgs> for GetSwarmsSummary {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<GetSwarmsSummaryResponse> {
-    let swarms = resource::list_full_for_user::<Swarm>(
-      Default::default(),
-      user,
-      PermissionLevel::Read.into(),
-      &[],
-    )
-    .await
-    .context("failed to get swarms from db")?;
-
-    let mut res = GetSwarmsSummaryResponse::default();
-
-    let cache = swarm_status_cache();
-
-    for swarm in swarms {
-      res.total += 1;
-
-      match cache
-        .get(&swarm.id)
-        .await
-        .map(|status| status.state)
-        .unwrap_or_default()
-      {
-        SwarmState::Unknown => {
-          res.unknown += 1;
-        }
-        SwarmState::Healthy => {
-          res.healthy += 1;
-        }
-        SwarmState::Unhealthy => {
-          res.unhealthy += 1;
-        }
-        SwarmState::Down => {
-          res.down += 1;
-        }
-      }
-    }
-
-    Ok(res)
-  }
-}
-
-impl Resolve<ReadArgs> for InspectSwarm {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<InspectSwarmResponse> {
-    let swarm = get_check_permissions::<Swarm>(
-      &self.swarm,
-      user,
-      PermissionLevel::Read.inspect(),
-    )
-    .await?;
-    let cache =
-      swarm_status_cache().get_or_insert_default(&swarm.id).await;
-    let inspect = cache
-      .inspect
-      .as_ref()
-      .cloned()
-      .context("SwarmInspectInfo not available")?;
-    Ok(inspect)
-  }
-}
-
-impl Resolve<ReadArgs> for ListSwarmNodes {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListSwarmNodesResponse> {
-    let swarm = get_check_permissions::<Swarm>(
-      &self.swarm,
-      user,
-      PermissionLevel::Read.into(),
-    )
-    .await?;
-    let cache =
-      swarm_status_cache().get_or_insert_default(&swarm.id).await;
-    if let Some(lists) = &cache.lists {
-      Ok(lists.nodes.clone())
-    } else {
-      Ok(Vec::new())
-    }
-  }
-}
-
-impl Resolve<ReadArgs> for InspectSwarmNode {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<InspectSwarmNodeResponse> {
-    let swarm = get_check_permissions::<Swarm>(
-      &self.swarm,
-      user,
-      PermissionLevel::Read.inspect(),
-    )
-    .await?;
-    swarm_request(
-      &swarm.config.server_ids,
-      periphery_client::api::swarm::InspectSwarmNode {
-        node: self.node,
-      },
-    )
-    .await
-    .map_err(Into::into)
-  }
-}
-
-impl Resolve<ReadArgs> for ListSwarmServices {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListSwarmServicesResponse> {
-    let swarm = get_check_permissions::<Swarm>(
-      &self.swarm,
-      user,
-      PermissionLevel::Read.into(),
-    )
-    .await?;
-    let cache =
-      swarm_status_cache().get_or_insert_default(&swarm.id).await;
-    if let Some(lists) = &cache.lists {
-      Ok(lists.services.clone())
-    } else {
-      Ok(Vec::new())
-    }
-  }
-}
-
-impl Resolve<ReadArgs> for InspectSwarmService {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<InspectSwarmServiceResponse> {
-    let swarm = get_check_permissions::<Swarm>(
-      &self.swarm,
-      user,
-      PermissionLevel::Read.inspect(),
-    )
-    .await?;
-    swarm_request(
-      &swarm.config.server_ids,
-      periphery_client::api::swarm::InspectSwarmService {
-        service: self.service,
-      },
-    )
-    .await
-    .map_err(Into::into)
-  }
-}
-
-impl Resolve<ReadArgs> for GetSwarmServiceLog {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<GetSwarmServiceLogResponse> {
-    let swarm = get_check_permissions::<Swarm>(
-      &self.swarm,
-      user,
-      PermissionLevel::Read.logs(),
-    )
-    .await?;
-    swarm_request(
-      &swarm.config.server_ids,
-      periphery_client::api::swarm::GetSwarmServiceLog {
-        service: self.service,
-        tail: self.tail,
-        timestamps: self.timestamps,
-        no_task_ids: self.no_task_ids,
-        no_resolve: self.no_resolve,
-        details: self.details,
-      },
-    )
-    .await
-    .map_err(Into::into)
-  }
-}
-
-impl Resolve<ReadArgs> for SearchSwarmServiceLog {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<SearchSwarmServiceLogResponse> {
-    let swarm = get_check_permissions::<Swarm>(
-      &self.swarm,
-      user,
-      PermissionLevel::Read.logs(),
-    )
-    .await?;
-    swarm_request(
-      &swarm.config.server_ids,
-      periphery_client::api::swarm::GetSwarmServiceLogSearch {
-        service: self.service,
-        terms: self.terms,
-        combinator: self.combinator,
-        invert: self.invert,
-        timestamps: self.timestamps,
-        no_task_ids: self.no_task_ids,
-        no_resolve: self.no_resolve,
-        details: self.details,
-      },
-    )
-    .await
-    .map_err(Into::into)
-  }
-}
-
-impl Resolve<ReadArgs> for ListSwarmTasks {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListSwarmTasksResponse> {
-    let swarm = get_check_permissions::<Swarm>(
-      &self.swarm,
-      user,
-      PermissionLevel::Read.into(),
-    )
-    .await?;
-    let cache =
-      swarm_status_cache().get_or_insert_default(&swarm.id).await;
-    if let Some(lists) = &cache.lists {
-      Ok(lists.tasks.clone())
-    } else {
-      Ok(Vec::new())
-    }
-  }
-}
-
-impl Resolve<ReadArgs> for InspectSwarmTask {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<InspectSwarmTaskResponse> {
-    let swarm = get_check_permissions::<Swarm>(
-      &self.swarm,
-      user,
-      PermissionLevel::Read.inspect(),
-    )
-    .await?;
-    swarm_request(
-      &swarm.config.server_ids,
-      periphery_client::api::swarm::InspectSwarmTask {
-        task: self.task,
-      },
-    )
-    .await
-    .map_err(Into::into)
-  }
-}
-
-impl Resolve<ReadArgs> for ListSwarmSecrets {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListSwarmSecretsResponse> {
-    let swarm = get_check_permissions::<Swarm>(
-      &self.swarm,
-      user,
-      PermissionLevel::Read.into(),
-    )
-    .await?;
-    let cache =
-      swarm_status_cache().get_or_insert_default(&swarm.id).await;
-    if let Some(lists) = &cache.lists {
-      Ok(lists.secrets.clone())
-    } else {
-      Ok(Vec::new())
-    }
-  }
-}
-
-impl Resolve<ReadArgs> for InspectSwarmSecret {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<InspectSwarmSecretResponse> {
-    let swarm = get_check_permissions::<Swarm>(
-      &self.swarm,
-      user,
-      PermissionLevel::Read.inspect(),
-    )
-    .await?;
-    swarm_request(
-      &swarm.config.server_ids,
-      periphery_client::api::swarm::InspectSwarmSecret {
-        secret: self.secret,
-      },
-    )
-    .await
-    .map_err(Into::into)
-  }
-}
-
-impl Resolve<ReadArgs> for ListSwarmConfigs {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListSwarmConfigsResponse> {
-    let swarm = get_check_permissions::<Swarm>(
-      &self.swarm,
-      user,
-      PermissionLevel::Read.into(),
-    )
-    .await?;
-    let cache =
-      swarm_status_cache().get_or_insert_default(&swarm.id).await;
-    if let Some(lists) = &cache.lists {
-      Ok(lists.configs.clone())
-    } else {
-      Ok(Vec::new())
-    }
-  }
-}
-
-impl Resolve<ReadArgs> for InspectSwarmConfig {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<InspectSwarmConfigResponse> {
-    let swarm = get_check_permissions::<Swarm>(
-      &self.swarm,
-      user,
-      PermissionLevel::Read.inspect(),
-    )
-    .await?;
-    swarm_request(
-      &swarm.config.server_ids,
-      periphery_client::api::swarm::InspectSwarmConfig {
-        config: self.config,
-      },
-    )
-    .await
-    .map_err(Into::into)
-  }
-}
-
-impl Resolve<ReadArgs> for ListSwarmStacks {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListSwarmStacksResponse> {
-    let swarm = get_check_permissions::<Swarm>(
-      &self.swarm,
-      user,
-      PermissionLevel::Read.into(),
-    )
-    .await?;
-    let cache =
-      swarm_status_cache().get_or_insert_default(&swarm.id).await;
-    if let Some(lists) = &cache.lists {
-      Ok(lists.stacks.clone())
-    } else {
-      Ok(Vec::new())
-    }
-  }
-}
-
-impl Resolve<ReadArgs> for InspectSwarmStack {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<InspectSwarmStackResponse> {
-    let swarm = get_check_permissions::<Swarm>(
-      &self.swarm,
-      user,
-      PermissionLevel::Read.inspect(),
-    )
-    .await?;
-    swarm_request(
-      &swarm.config.server_ids,
-      periphery_client::api::swarm::InspectSwarmStack {
-        stack: self.stack,
-      },
-    )
-    .await
-    .map_err(Into::into)
-  }
-}
-
-impl Resolve<ReadArgs> for ListSwarmNetworks {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> Result<Self::Response, Self::Error> {
-    let swarm = get_check_permissions::<Swarm>(
-      &self.swarm,
-      user,
-      PermissionLevel::Read.into(),
-    )
-    .await?;
-
-    let cache = server_status_cache();
-
-    for server_id in swarm.config.server_ids {
-      let Some(status) = cache.get(&server_id).await else {
-        continue;
-      };
-      let Some(docker) = &status.docker else {
-        continue;
-      };
-      let networks = docker
-        .networks
-        .iter()
-        .filter(|network| {
-          network.driver.as_deref() == Some("overlay")
-        })
-        .cloned()
-        .collect::<Vec<_>>();
-      return Ok(networks);
-    }
-
-    Err(
-      anyhow!(
-        "Failed to retrieve swarm networks from any manager node."
-      )
-      .into(),
-    )
-  }
-}

bin/core/src/api/read/sync.rs

@@ -2,17 +2,21 @@ use anyhow::Context;
 use komodo_client::{
   api::read::*,
   entities::{
+    config::core::CoreConfig,
     permission::PermissionLevel,
     sync::{
       ResourceSync, ResourceSyncActionState, ResourceSyncListItem,
+      ResourceSyncState,
     },
   },
 };
-use mogh_resolver::Resolve;
+use resolver_api::Resolve;
 
 use crate::{
-  helpers::query::get_all_tags, permission::get_check_permissions,
-  resource, state::action_states,
+  config::core_config,
+  helpers::query::get_all_tags,
+  resource,
+  state::{action_states, github_client, resource_sync_state_cache},
 };
 
 use super::ReadArgs;
@@ -21,12 +25,12 @@ impl Resolve<ReadArgs> for GetResourceSync {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ResourceSync> {
+  ) -> serror::Result<ResourceSync> {
     Ok(
-      get_check_permissions::<ResourceSync>(
+      resource::get_check_permissions::<ResourceSync>(
         &self.sync,
-        user,
-        PermissionLevel::Read.into(),
+        &user,
+        PermissionLevel::Read,
       )
       .await?,
     )
@@ -37,7 +41,7 @@ impl Resolve<ReadArgs> for ListResourceSyncs {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Vec<ResourceSyncListItem>> {
+  ) -> serror::Result<Vec<ResourceSyncListItem>> {
     let all_tags = if self.query.tags.is_empty() {
       vec![]
     } else {
@@ -45,10 +49,7 @@ impl Resolve<ReadArgs> for ListResourceSyncs {
     };
     Ok(
       resource::list_for_user::<ResourceSync>(
-        self.query,
-        user,
-        PermissionLevel::Read.into(),
-        &all_tags,
+        self.query, &user, &all_tags,
       )
       .await?,
     )
@@ -59,7 +60,7 @@ impl Resolve<ReadArgs> for ListFullResourceSyncs {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListFullResourceSyncsResponse> {
+  ) -> serror::Result<ListFullResourceSyncsResponse> {
     let all_tags = if self.query.tags.is_empty() {
       vec![]
     } else {
@@ -67,10 +68,7 @@ impl Resolve<ReadArgs> for ListFullResourceSyncs {
     };
     Ok(
       resource::list_full_for_user::<ResourceSync>(
-        self.query,
-        user,
-        PermissionLevel::Read.into(),
-        &all_tags,
+        self.query, &user, &all_tags,
       )
       .await?,
     )
@@ -81,15 +79,15 @@ impl Resolve<ReadArgs> for GetResourceSyncActionState {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ResourceSyncActionState> {
-    let sync = get_check_permissions::<ResourceSync>(
+  ) -> serror::Result<ResourceSyncActionState> {
+    let sync = resource::get_check_permissions::<ResourceSync>(
       &self.sync,
       user,
-      PermissionLevel::Read.into(),
+      PermissionLevel::Read,
     )
     .await?;
     let action_state = action_states()
-      .sync
+      .resource_sync
       .get(&sync.id)
       .await
       .unwrap_or_default()
@@ -102,12 +100,11 @@ impl Resolve<ReadArgs> for GetResourceSyncsSummary {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<GetResourceSyncsSummaryResponse> {
+  ) -> serror::Result<GetResourceSyncsSummaryResponse> {
     let resource_syncs =
       resource::list_full_for_user::<ResourceSync>(
         Default::default(),
         user,
-        PermissionLevel::Read.into(),
         &[],
       )
       .await
@@ -115,6 +112,7 @@ impl Resolve<ReadArgs> for GetResourceSyncsSummary {
 
     let mut res = GetResourceSyncsSummaryResponse::default();
 
+    let cache = resource_sync_state_cache();
     let action_states = action_states();
 
     for resource_sync in resource_syncs {
@@ -133,20 +131,120 @@ impl Resolve<ReadArgs> for GetResourceSyncsSummary {
         res.failed += 1;
         continue;
       }
-      if action_states
-        .sync
-        .get(&resource_sync.id)
-        .await
-        .unwrap_or_default()
-        .get()?
-        .syncing
-      {
-        res.syncing += 1;
-        continue;
+
+      match (
+        cache.get(&resource_sync.id).await.unwrap_or_default(),
+        action_states
+          .resource_sync
+          .get(&resource_sync.id)
+          .await
+          .unwrap_or_default()
+          .get()?,
+      ) {
+        (_, action_states) if action_states.syncing => {
+          res.syncing += 1;
+        }
+        (ResourceSyncState::Ok, _) => res.ok += 1,
+        (ResourceSyncState::Failed, _) => res.failed += 1,
+        (ResourceSyncState::Unknown, _) => res.unknown += 1,
+        // will never come off the cache in the building state, since that comes from action states
+        (ResourceSyncState::Syncing, _) => {
+          unreachable!()
+        }
+        (ResourceSyncState::Pending, _) => {
+          unreachable!()
+        }
       }
-      res.ok += 1;
     }
 
     Ok(res)
   }
 }
+
+impl Resolve<ReadArgs> for GetSyncWebhooksEnabled {
+  async fn resolve(
+    self,
+    ReadArgs { user }: &ReadArgs,
+  ) -> serror::Result<GetSyncWebhooksEnabledResponse> {
+    let Some(github) = github_client() else {
+      return Ok(GetSyncWebhooksEnabledResponse {
+        managed: false,
+        refresh_enabled: false,
+        sync_enabled: false,
+      });
+    };
+
+    let sync = resource::get_check_permissions::<ResourceSync>(
+      &self.sync,
+      user,
+      PermissionLevel::Read,
+    )
+    .await?;
+
+    if sync.config.git_provider != "github.com"
+      || sync.config.repo.is_empty()
+    {
+      return Ok(GetSyncWebhooksEnabledResponse {
+        managed: false,
+        refresh_enabled: false,
+        sync_enabled: false,
+      });
+    }
+
+    let mut split = sync.config.repo.split('/');
+    let owner = split.next().context("Sync repo has no owner")?;
+
+    let Some(github) = github.get(owner) else {
+      return Ok(GetSyncWebhooksEnabledResponse {
+        managed: false,
+        refresh_enabled: false,
+        sync_enabled: false,
+      });
+    };
+
+    let repo_name =
+      split.next().context("Repo repo has no repo after the /")?;
+
+    let github_repos = github.repos();
+
+    let webhooks = github_repos
+      .list_all_webhooks(owner, repo_name)
+      .await
+      .context("failed to list all webhooks on repo")?
+      .body;
+
+    let CoreConfig {
+      host,
+      webhook_base_url,
+      ..
+    } = core_config();
+
+    let host = if webhook_base_url.is_empty() {
+      host
+    } else {
+      webhook_base_url
+    };
+    let refresh_url =
+      format!("{host}/listener/github/sync/{}/refresh", sync.id);
+    let sync_url =
+      format!("{host}/listener/github/sync/{}/sync", sync.id);
+
+    let mut refresh_enabled = false;
+    let mut sync_enabled = false;
+
+    for webhook in webhooks {
+      if webhook.active && webhook.config.url == refresh_url {
+        refresh_enabled = true
+      }
+      if webhook.active && webhook.config.url == sync_url {
+        sync_enabled = true
+      }
+    }
+
+    Ok(GetSyncWebhooksEnabledResponse {
+      managed: true,
+      refresh_enabled,
+      sync_enabled,
+    })
+  }
+}

bin/core/src/api/read/tag.rs

@@ -1,29 +1,24 @@
 use anyhow::Context;
-use database::mongo_indexed::doc;
-use database::mungos::{
-  find::find_collect, mongodb::options::FindOptions,
-};
 use komodo_client::{
   api::read::{GetTag, ListTags},
   entities::tag::Tag,
 };
-use mogh_resolver::Resolve;
+use mongo_indexed::doc;
+use mungos::{find::find_collect, mongodb::options::FindOptions};
+use resolver_api::Resolve;
 
 use crate::{helpers::query::get_tag, state::db_client};
 
 use super::ReadArgs;
 
 impl Resolve<ReadArgs> for GetTag {
-  async fn resolve(self, _: &ReadArgs) -> mogh_error::Result<Tag> {
+  async fn resolve(self, _: &ReadArgs) -> serror::Result<Tag> {
     Ok(get_tag(&self.tag).await?)
   }
 }
 
 impl Resolve<ReadArgs> for ListTags {
-  async fn resolve(
-    self,
-    _: &ReadArgs,
-  ) -> mogh_error::Result<Vec<Tag>> {
+  async fn resolve(self, _: &ReadArgs) -> serror::Result<Vec<Tag>> {
     let res = find_collect(
       &db_client().tags,
       self.query,

bin/core/src/api/read/terminal.rs

@@ -1,247 +0,0 @@
-use anyhow::Context as _;
-use futures_util::{
-  FutureExt, StreamExt as _, stream::FuturesUnordered,
-};
-use komodo_client::{
-  api::read::{ListTerminals, ListTerminalsResponse},
-  entities::{
-    deployment::Deployment,
-    permission::PermissionLevel,
-    server::Server,
-    stack::Stack,
-    terminal::{Terminal, TerminalTarget},
-    user::User,
-  },
-};
-use mogh_error::AddStatusCode;
-use mogh_resolver::Resolve;
-use reqwest::StatusCode;
-
-use crate::{
-  helpers::periphery_client, permission::get_check_permissions,
-  resource,
-};
-
-use super::ReadArgs;
-
-//
-
-impl Resolve<ReadArgs> for ListTerminals {
-  async fn resolve(
-    self,
-    ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListTerminalsResponse> {
-    let Some(target) = self.target else {
-      return list_all_terminals_for_user(user, self.use_names).await;
-    };
-    match &target {
-      TerminalTarget::Server { server } => {
-        let server = server
-          .as_ref()
-          .context("Must provide 'target.params.server'")
-          .status_code(StatusCode::BAD_REQUEST)?;
-        let server = get_check_permissions::<Server>(
-          server,
-          user,
-          PermissionLevel::Read.terminal(),
-        )
-        .await?;
-        list_terminals_on_server(&server, Some(target)).await
-      }
-      TerminalTarget::Container { server, .. } => {
-        let server = get_check_permissions::<Server>(
-          server,
-          user,
-          PermissionLevel::Read.terminal(),
-        )
-        .await?;
-        list_terminals_on_server(&server, Some(target)).await
-      }
-      TerminalTarget::Stack { stack, .. } => {
-        let server = get_check_permissions::<Stack>(
-          stack,
-          user,
-          PermissionLevel::Read.terminal(),
-        )
-        .await?
-        .config
-        .server_id;
-        let server = resource::get::<Server>(&server).await?;
-        list_terminals_on_server(&server, Some(target)).await
-      }
-      TerminalTarget::Deployment { deployment } => {
-        let server = get_check_permissions::<Deployment>(
-          deployment,
-          user,
-          PermissionLevel::Read.terminal(),
-        )
-        .await?
-        .config
-        .server_id;
-        let server = resource::get::<Server>(&server).await?;
-        list_terminals_on_server(&server, Some(target)).await
-      }
-    }
-  }
-}
-
-async fn list_all_terminals_for_user(
-  user: &User,
-  use_names: bool,
-) -> mogh_error::Result<Vec<Terminal>> {
-  let (mut servers, stacks, deployments) = tokio::try_join!(
-    resource::list_full_for_user::<Server>(
-      Default::default(),
-      user,
-      PermissionLevel::Read.terminal(),
-      &[]
-    )
-    .map(|res| res.map(|servers| servers
-      .into_iter()
-      // true denotes user actually has permission on this Server.
-      .map(|server| (server, true))
-      .collect::<Vec<_>>())),
-    resource::list_full_for_user::<Stack>(
-      Default::default(),
-      user,
-      PermissionLevel::Read.terminal(),
-      &[]
-    ),
-    resource::list_full_for_user::<Deployment>(
-      Default::default(),
-      user,
-      PermissionLevel::Read.terminal(),
-      &[]
-    ),
-  )?;
-
-  // Ensure any missing servers are present to query
-  for stack in &stacks {
-    if !stack.config.server_id.is_empty()
-      && !servers
-        .iter()
-        .any(|(server, _)| server.id == stack.config.server_id)
-    {
-      let server =
-        resource::get::<Server>(&stack.config.server_id).await?;
-      servers.push((server, false));
-    }
-  }
-  for deployment in &deployments {
-    if !deployment.config.server_id.is_empty()
-      && !servers
-        .iter()
-        .any(|(server, _)| server.id == deployment.config.server_id)
-    {
-      let server =
-        resource::get::<Server>(&deployment.config.server_id).await?;
-      servers.push((server, false));
-    }
-  }
-
-  let mut terminals = servers
-    .into_iter()
-    .map(|(server, server_permission)| async move {
-      (
-        list_terminals_on_server(&server, None).await,
-        (server.id, server.name, server_permission),
-      )
-    })
-    .collect::<FuturesUnordered<_>>()
-    .collect::<Vec<_>>()
-    .await
-    .into_iter()
-    .flat_map(
-      |(terminals, (server_id, server_name, server_permission))| {
-        let terminals = terminals
-          .ok()?
-          .into_iter()
-          .filter_map(|mut terminal| {
-            // Only keep terminals with appropriate perms.
-            match terminal.target.clone() {
-              TerminalTarget::Server { .. } => server_permission
-                .then(|| {
-                  terminal.target = TerminalTarget::Server {
-                    server: Some(if use_names {
-                      server_name.clone()
-                    } else {
-                      server_id.clone()
-                    }),
-                  };
-                  terminal
-                }),
-              TerminalTarget::Container { container, .. } => {
-                server_permission.then(|| {
-                  terminal.target = TerminalTarget::Container {
-                    server: if use_names {
-                      server_name.clone()
-                    } else {
-                      server_id.clone()
-                    },
-                    container,
-                  };
-                  terminal
-                })
-              }
-              TerminalTarget::Stack { stack, service } => {
-                stacks.iter().find(|s| s.id == stack).map(|s| {
-                  terminal.target = TerminalTarget::Stack {
-                    stack: if use_names {
-                      s.name.clone()
-                    } else {
-                      s.id.clone()
-                    },
-                    service,
-                  };
-                  terminal
-                })
-              }
-              TerminalTarget::Deployment { deployment } => {
-                deployments.iter().find(|d| d.id == deployment).map(
-                  |d| {
-                    terminal.target = TerminalTarget::Deployment {
-                      deployment: if use_names {
-                        d.name.clone()
-                      } else {
-                        d.id.clone()
-                      },
-                    };
-                    terminal
-                  },
-                )
-              }
-            }
-          })
-          .collect::<Vec<_>>();
-
-        Some(terminals)
-      },
-    )
-    .flatten()
-    .collect::<Vec<_>>();
-
-  terminals.sort_by(|a, b| {
-    a.target.cmp(&b.target).then(a.name.cmp(&b.name))
-  });
-
-  Ok(terminals)
-}
-
-async fn list_terminals_on_server(
-  server: &Server,
-  target: Option<TerminalTarget>,
-) -> mogh_error::Result<Vec<Terminal>> {
-  periphery_client(server)
-    .await?
-    .request(periphery_client::api::terminal::ListTerminals {
-      target,
-    })
-    .await
-    .with_context(|| {
-      format!(
-        "Failed to get Terminal list from Server {} ({})",
-        server.name, server.id
-      )
-    })
-    .map_err(Into::into)
-}

bin/core/src/api/read/toml.rs

@@ -1,5 +1,4 @@
 use anyhow::Context;
-use database::mungos::find::find_collect;
 use komodo_client::{
   api::read::{
     ExportAllResourcesToToml, ExportAllResourcesToTomlResponse,
@@ -7,186 +6,173 @@ use komodo_client::{
     ListUserGroups,
   },
   entities::{
-    ResourceTarget, action::Action, alerter::Alerter, build::Build,
-    builder::Builder, deployment::Deployment,
-    permission::PermissionLevel, procedure::Procedure, repo::Repo,
-    resource::ResourceQuery, server::Server, stack::Stack,
-    swarm::Swarm, sync::ResourceSync, toml::ResourcesToml,
-    user::User,
+    action::Action, alerter::Alerter, build::Build, builder::Builder,
+    deployment::Deployment, permission::PermissionLevel,
+    procedure::Procedure, repo::Repo, resource::ResourceQuery,
+    server::Server, server_template::ServerTemplate, stack::Stack,
+    sync::ResourceSync, toml::ResourcesToml, ResourceTarget,
   },
 };
-use mogh_resolver::Resolve;
+use mungos::find::find_collect;
+use resolver_api::Resolve;
 
 use crate::{
   helpers::query::{
     get_all_tags, get_id_to_tags, get_user_user_group_ids,
   },
-  permission::get_check_permissions,
   resource,
   state::db_client,
   sync::{
-    toml::{ToToml, convert_resource},
-    user_groups::{convert_user_groups, user_group_to_toml},
-    variables::variable_to_toml,
+    toml::{convert_resource, ToToml, TOML_PRETTY_OPTIONS},
+    user_groups::convert_user_groups,
+    AllResourcesById,
   },
 };
 
 use super::ReadArgs;
 
-async fn get_all_targets(
-  tags: &[String],
-  user: &User,
-) -> anyhow::Result<Vec<ResourceTarget>> {
-  let mut targets = Vec::<ResourceTarget>::new();
-  let all_tags = if tags.is_empty() {
-    vec![]
-  } else {
-    get_all_tags(None).await?
-  };
-  targets.extend(
-    resource::list_full_for_user::<Alerter>(
-      ResourceQuery::builder().tags(tags).build(),
-      user,
-      PermissionLevel::Read.into(),
-      &all_tags,
-    )
-    .await?
-    .into_iter()
-    .map(|resource| ResourceTarget::Alerter(resource.id)),
-  );
-  targets.extend(
-    resource::list_full_for_user::<Builder>(
-      ResourceQuery::builder().tags(tags).build(),
-      user,
-      PermissionLevel::Read.into(),
-      &all_tags,
-    )
-    .await?
-    .into_iter()
-    .map(|resource| ResourceTarget::Builder(resource.id)),
-  );
-  targets.extend(
-    resource::list_full_for_user::<Server>(
-      ResourceQuery::builder().tags(tags).build(),
-      user,
-      PermissionLevel::Read.into(),
-      &all_tags,
-    )
-    .await?
-    .into_iter()
-    .map(|resource| ResourceTarget::Server(resource.id)),
-  );
-  targets.extend(
-    resource::list_full_for_user::<Stack>(
-      ResourceQuery::builder().tags(tags).build(),
-      user,
-      PermissionLevel::Read.into(),
-      &all_tags,
-    )
-    .await?
-    .into_iter()
-    .map(|resource| ResourceTarget::Stack(resource.id)),
-  );
-  targets.extend(
-    resource::list_full_for_user::<Deployment>(
-      ResourceQuery::builder().tags(tags).build(),
-      user,
-      PermissionLevel::Read.into(),
-      &all_tags,
-    )
-    .await?
-    .into_iter()
-    .map(|resource| ResourceTarget::Deployment(resource.id)),
-  );
-  targets.extend(
-    resource::list_full_for_user::<Build>(
-      ResourceQuery::builder().tags(tags).build(),
-      user,
-      PermissionLevel::Read.into(),
-      &all_tags,
-    )
-    .await?
-    .into_iter()
-    .map(|resource| ResourceTarget::Build(resource.id)),
-  );
-  targets.extend(
-    resource::list_full_for_user::<Repo>(
-      ResourceQuery::builder().tags(tags).build(),
-      user,
-      PermissionLevel::Read.into(),
-      &all_tags,
-    )
-    .await?
-    .into_iter()
-    .map(|resource| ResourceTarget::Repo(resource.id)),
-  );
-  targets.extend(
-    resource::list_full_for_user::<Procedure>(
-      ResourceQuery::builder().tags(tags).build(),
-      user,
-      PermissionLevel::Read.into(),
-      &all_tags,
-    )
-    .await?
-    .into_iter()
-    .map(|resource| ResourceTarget::Procedure(resource.id)),
-  );
-  targets.extend(
-    resource::list_full_for_user::<Action>(
-      ResourceQuery::builder().tags(tags).build(),
-      user,
-      PermissionLevel::Read.into(),
-      &all_tags,
-    )
-    .await?
-    .into_iter()
-    .map(|resource| ResourceTarget::Action(resource.id)),
-  );
-  targets.extend(
-    resource::list_full_for_user::<ResourceSync>(
-      ResourceQuery::builder().tags(tags).build(),
-      user,
-      PermissionLevel::Read.into(),
-      &all_tags,
-    )
-    .await?
-    .into_iter()
-    // These will already be filtered by [ExportResourcesToToml]
-    .map(|resource| ResourceTarget::ResourceSync(resource.id)),
-  );
-  Ok(targets)
-}
-
 impl Resolve<ReadArgs> for ExportAllResourcesToToml {
   async fn resolve(
     self,
     args: &ReadArgs,
-  ) -> mogh_error::Result<ExportAllResourcesToTomlResponse> {
-    let targets = if self.include_resources {
-      get_all_targets(&self.tags, &args.user).await?
+  ) -> serror::Result<ExportAllResourcesToTomlResponse> {
+    let mut targets = Vec::<ResourceTarget>::new();
+
+    let all_tags = if self.tags.is_empty() {
+      vec![]
     } else {
-      Vec::new()
+      get_all_tags(None).await?
     };
 
-    let user_groups = if self.include_user_groups {
-      if args.user.admin {
-        find_collect(&db_client().user_groups, None, None)
-          .await
-          .context("failed to query db for user groups")?
-          .into_iter()
-          .map(|user_group| user_group.id)
-          .collect()
-      } else {
-        get_user_user_group_ids(&args.user.id).await?
-      }
+    let ReadArgs { user } = args;
+
+    targets.extend(
+      resource::list_for_user::<Alerter>(
+        ResourceQuery::builder().tags(self.tags.clone()).build(),
+        &user,
+        &all_tags,
+      )
+      .await?
+      .into_iter()
+      .map(|resource| ResourceTarget::Alerter(resource.id)),
+    );
+    targets.extend(
+      resource::list_for_user::<Builder>(
+        ResourceQuery::builder().tags(self.tags.clone()).build(),
+        &user,
+        &all_tags,
+      )
+      .await?
+      .into_iter()
+      .map(|resource| ResourceTarget::Builder(resource.id)),
+    );
+    targets.extend(
+      resource::list_for_user::<Server>(
+        ResourceQuery::builder().tags(self.tags.clone()).build(),
+        &user,
+        &all_tags,
+      )
+      .await?
+      .into_iter()
+      .map(|resource| ResourceTarget::Server(resource.id)),
+    );
+    targets.extend(
+      resource::list_for_user::<Stack>(
+        ResourceQuery::builder().tags(self.tags.clone()).build(),
+        &user,
+        &all_tags,
+      )
+      .await?
+      .into_iter()
+      .map(|resource| ResourceTarget::Stack(resource.id)),
+    );
+    targets.extend(
+      resource::list_for_user::<Deployment>(
+        ResourceQuery::builder().tags(self.tags.clone()).build(),
+        &user,
+        &all_tags,
+      )
+      .await?
+      .into_iter()
+      .map(|resource| ResourceTarget::Deployment(resource.id)),
+    );
+    targets.extend(
+      resource::list_for_user::<Build>(
+        ResourceQuery::builder().tags(self.tags.clone()).build(),
+        &user,
+        &all_tags,
+      )
+      .await?
+      .into_iter()
+      .map(|resource| ResourceTarget::Build(resource.id)),
+    );
+    targets.extend(
+      resource::list_for_user::<Repo>(
+        ResourceQuery::builder().tags(self.tags.clone()).build(),
+        &user,
+        &all_tags,
+      )
+      .await?
+      .into_iter()
+      .map(|resource| ResourceTarget::Repo(resource.id)),
+    );
+    targets.extend(
+      resource::list_for_user::<Procedure>(
+        ResourceQuery::builder().tags(self.tags.clone()).build(),
+        &user,
+        &all_tags,
+      )
+      .await?
+      .into_iter()
+      .map(|resource| ResourceTarget::Procedure(resource.id)),
+    );
+    targets.extend(
+      resource::list_for_user::<Action>(
+        ResourceQuery::builder().tags(self.tags.clone()).build(),
+        &user,
+        &all_tags,
+      )
+      .await?
+      .into_iter()
+      .map(|resource| ResourceTarget::Action(resource.id)),
+    );
+    targets.extend(
+      resource::list_for_user::<ServerTemplate>(
+        ResourceQuery::builder().tags(self.tags.clone()).build(),
+        &user,
+        &all_tags,
+      )
+      .await?
+      .into_iter()
+      .map(|resource| ResourceTarget::ServerTemplate(resource.id)),
+    );
+    targets.extend(
+      resource::list_full_for_user::<ResourceSync>(
+        ResourceQuery::builder().tags(self.tags.clone()).build(),
+        &user,
+        &all_tags,
+      )
+      .await?
+      .into_iter()
+      // These will already be filtered by [ExportResourcesToToml]
+      .map(|resource| ResourceTarget::ResourceSync(resource.id)),
+    );
+
+    let user_groups = if user.admin && self.tags.is_empty() {
+      find_collect(&db_client().user_groups, None, None)
+        .await
+        .context("failed to query db for user groups")?
+        .into_iter()
+        .map(|user_group| user_group.id)
+        .collect()
     } else {
-      Vec::new()
+      get_user_user_group_ids(&user.id).await?
     };
 
     ExportResourcesToToml {
       targets,
       user_groups,
-      include_variables: self.include_variables,
+      include_variables: self.tags.is_empty(),
     }
     .resolve(args)
     .await
@@ -197,150 +183,43 @@ impl Resolve<ReadArgs> for ExportResourcesToToml {
   async fn resolve(
     self,
     args: &ReadArgs,
-  ) -> mogh_error::Result<ExportResourcesToTomlResponse> {
+  ) -> serror::Result<ExportResourcesToTomlResponse> {
     let ExportResourcesToToml {
       targets,
       user_groups,
       include_variables,
     } = self;
     let mut res = ResourcesToml::default();
+    let all = AllResourcesById::load().await?;
     let id_to_tags = get_id_to_tags(None).await?;
     let ReadArgs { user } = args;
     for target in targets {
       match target {
-        ResourceTarget::Swarm(id) => {
-          let mut swarm = get_check_permissions::<Swarm>(
+        ResourceTarget::Alerter(id) => {
+          let alerter = resource::get_check_permissions::<Alerter>(
             &id,
-            user,
-            PermissionLevel::Read.into(),
+            &user,
+            PermissionLevel::Read,
           )
           .await?;
-          Swarm::replace_ids(&mut swarm);
-          res.swarms.push(convert_resource::<Swarm>(
-            swarm,
+          res.alerters.push(convert_resource::<Alerter>(
+            alerter,
             false,
             vec![],
             &id_to_tags,
           ))
         }
-        ResourceTarget::Server(id) => {
-          let mut server = get_check_permissions::<Server>(
-            &id,
-            user,
-            PermissionLevel::Read.into(),
-          )
-          .await?;
-          Server::replace_ids(&mut server);
-          res.servers.push(convert_resource::<Server>(
-            server,
-            false,
-            vec![],
-            &id_to_tags,
-          ))
-        }
-        ResourceTarget::Stack(id) => {
-          let mut stack = get_check_permissions::<Stack>(
-            &id,
-            user,
-            PermissionLevel::Read.into(),
-          )
-          .await?;
-          Stack::replace_ids(&mut stack);
-          res.stacks.push(convert_resource::<Stack>(
-            stack,
-            false,
-            vec![],
-            &id_to_tags,
-          ))
-        }
-        ResourceTarget::Deployment(id) => {
-          let mut deployment = get_check_permissions::<Deployment>(
-            &id,
-            user,
-            PermissionLevel::Read.into(),
-          )
-          .await?;
-          Deployment::replace_ids(&mut deployment);
-          res.deployments.push(convert_resource::<Deployment>(
-            deployment,
-            false,
-            vec![],
-            &id_to_tags,
-          ))
-        }
-        ResourceTarget::Build(id) => {
-          let mut build = get_check_permissions::<Build>(
-            &id,
-            user,
-            PermissionLevel::Read.into(),
-          )
-          .await?;
-          Build::replace_ids(&mut build);
-          res.builds.push(convert_resource::<Build>(
-            build,
-            false,
-            vec![],
-            &id_to_tags,
-          ))
-        }
-        ResourceTarget::Repo(id) => {
-          let mut repo = get_check_permissions::<Repo>(
-            &id,
-            user,
-            PermissionLevel::Read.into(),
-          )
-          .await?;
-          Repo::replace_ids(&mut repo);
-          res.repos.push(convert_resource::<Repo>(
-            repo,
-            false,
-            vec![],
-            &id_to_tags,
-          ))
-        }
-        ResourceTarget::Procedure(id) => {
-          let mut procedure = get_check_permissions::<Procedure>(
-            &id,
-            user,
-            PermissionLevel::Read.into(),
-          )
-          .await?;
-          Procedure::replace_ids(&mut procedure);
-          res.procedures.push(convert_resource::<Procedure>(
-            procedure,
-            false,
-            vec![],
-            &id_to_tags,
-          ));
-        }
-        ResourceTarget::Action(id) => {
-          let mut action = get_check_permissions::<Action>(
-            &id,
-            user,
-            PermissionLevel::Read.into(),
-          )
-          .await?;
-          Action::replace_ids(&mut action);
-          res.actions.push(convert_resource::<Action>(
-            action,
-            false,
-            vec![],
-            &id_to_tags,
-          ));
-        }
         ResourceTarget::ResourceSync(id) => {
-          let mut sync = get_check_permissions::<ResourceSync>(
+          let sync = resource::get_check_permissions::<ResourceSync>(
             &id,
-            user,
-            PermissionLevel::Read.into(),
+            &user,
+            PermissionLevel::Read,
           )
           .await?;
           if sync.config.file_contents.is_empty()
             && (sync.config.files_on_host
-              || !sync.config.repo.is_empty()
-              || !sync.config.linked_repo.is_empty())
+              || !sync.config.repo.is_empty())
           {
-            ResourceSync::replace_ids(&mut sync);
             res.resource_syncs.push(convert_resource::<ResourceSync>(
               sync,
               false,
@@ -349,14 +228,45 @@ impl Resolve<ReadArgs> for ExportResourcesToToml {
             ))
           }
         }
-        ResourceTarget::Builder(id) => {
-          let mut builder = get_check_permissions::<Builder>(
-            &id,
-            user,
-            PermissionLevel::Read.into(),
+        ResourceTarget::ServerTemplate(id) => {
+          let template = resource::get_check_permissions::<
+            ServerTemplate,
+          >(
+            &id, &user, PermissionLevel::Read
           )
           .await?;
-          Builder::replace_ids(&mut builder);
+          res.server_templates.push(
+            convert_resource::<ServerTemplate>(
+              template,
+              false,
+              vec![],
+              &id_to_tags,
+            ),
+          )
+        }
+        ResourceTarget::Server(id) => {
+          let server = resource::get_check_permissions::<Server>(
+            &id,
+            &user,
+            PermissionLevel::Read,
+          )
+          .await?;
+          res.servers.push(convert_resource::<Server>(
+            server,
+            false,
+            vec![],
+            &id_to_tags,
+          ))
+        }
+        ResourceTarget::Builder(id) => {
+          let mut builder =
+            resource::get_check_permissions::<Builder>(
+              &id,
+              &user,
+              PermissionLevel::Read,
+            )
+            .await?;
+          Builder::replace_ids(&mut builder, &all);
           res.builders.push(convert_resource::<Builder>(
             builder,
             false,
@@ -364,26 +274,101 @@ impl Resolve<ReadArgs> for ExportResourcesToToml {
             &id_to_tags,
           ))
         }
-        ResourceTarget::Alerter(id) => {
-          let mut alerter = get_check_permissions::<Alerter>(
+        ResourceTarget::Build(id) => {
+          let mut build = resource::get_check_permissions::<Build>(
             &id,
-            user,
-            PermissionLevel::Read.into(),
+            &user,
+            PermissionLevel::Read,
           )
           .await?;
-          Alerter::replace_ids(&mut alerter);
-          res.alerters.push(convert_resource::<Alerter>(
-            alerter,
+          Build::replace_ids(&mut build, &all);
+          res.builds.push(convert_resource::<Build>(
+            build,
             false,
             vec![],
             &id_to_tags,
           ))
         }
+        ResourceTarget::Deployment(id) => {
+          let mut deployment = resource::get_check_permissions::<
+            Deployment,
+          >(
+            &id, &user, PermissionLevel::Read
+          )
+          .await?;
+          Deployment::replace_ids(&mut deployment, &all);
+          res.deployments.push(convert_resource::<Deployment>(
+            deployment,
+            false,
+            vec![],
+            &id_to_tags,
+          ))
+        }
+        ResourceTarget::Repo(id) => {
+          let mut repo = resource::get_check_permissions::<Repo>(
+            &id,
+            &user,
+            PermissionLevel::Read,
+          )
+          .await?;
+          Repo::replace_ids(&mut repo, &all);
+          res.repos.push(convert_resource::<Repo>(
+            repo,
+            false,
+            vec![],
+            &id_to_tags,
+          ))
+        }
+        ResourceTarget::Stack(id) => {
+          let mut stack = resource::get_check_permissions::<Stack>(
+            &id,
+            &user,
+            PermissionLevel::Read,
+          )
+          .await?;
+          Stack::replace_ids(&mut stack, &all);
+          res.stacks.push(convert_resource::<Stack>(
+            stack,
+            false,
+            vec![],
+            &id_to_tags,
+          ))
+        }
+        ResourceTarget::Procedure(id) => {
+          let mut procedure = resource::get_check_permissions::<
+            Procedure,
+          >(
+            &id, &user, PermissionLevel::Read
+          )
+          .await?;
+          Procedure::replace_ids(&mut procedure, &all);
+          res.procedures.push(convert_resource::<Procedure>(
+            procedure,
+            false,
+            vec![],
+            &id_to_tags,
+          ));
+        }
+        ResourceTarget::Action(id) => {
+          let mut action = resource::get_check_permissions::<Action>(
+            &id,
+            &user,
+            PermissionLevel::Read,
+          )
+          .await?;
+          Action::replace_ids(&mut action, &all);
+          res.actions.push(convert_resource::<Action>(
+            action,
+            false,
+            vec![],
+            &id_to_tags,
+          ));
+        }
         ResourceTarget::System(_) => continue,
       };
     }
 
-    add_user_groups(user_groups, &mut res, args)
+    add_user_groups(user_groups, &mut res, &all, args)
       .await
       .context("failed to add user groups")?;
 
@@ -412,6 +397,7 @@ impl Resolve<ReadArgs> for ExportResourcesToToml {
 async fn add_user_groups(
   user_groups: Vec<String>,
   res: &mut ResourcesToml,
+  all: &AllResourcesById,
   args: &ReadArgs,
 ) -> anyhow::Result<()> {
   let user_groups = ListUserGroups {}
@@ -423,7 +409,7 @@ async fn add_user_groups(
       user_groups.contains(&ug.name) || user_groups.contains(&ug.id)
     });
   let mut ug = Vec::with_capacity(user_groups.size_hint().0);
-  convert_user_groups(user_groups, &mut ug).await?;
+  convert_user_groups(user_groups, all, &mut ug).await?;
   res.user_groups = ug.into_iter().map(|ug| ug.1).collect();
 
   Ok(())
@@ -506,6 +492,14 @@ fn serialize_resources_toml(
     Builder::push_to_toml_string(builder, &mut toml)?;
   }
 
+  for server_template in resources.server_templates {
+    if !toml.is_empty() {
+      toml.push_str("\n\n##\n\n");
+    }
+    toml.push_str("[[server_template]]\n");
+    ServerTemplate::push_to_toml_string(server_template, &mut toml)?;
+  }
+
   for resource_sync in resources.resource_syncs {
     if !toml.is_empty() {
       toml.push_str("\n\n##\n\n");
@@ -518,14 +512,22 @@ fn serialize_resources_toml(
     if !toml.is_empty() {
       toml.push_str("\n\n##\n\n");
     }
-    toml.push_str(&variable_to_toml(variable)?);
+    toml.push_str("[[variable]]\n");
+    toml.push_str(
+      &toml_pretty::to_string(variable, TOML_PRETTY_OPTIONS)
+        .context("failed to serialize variables to toml")?,
+    );
   }
 
-  for user_group in resources.user_groups {
+  for user_group in &resources.user_groups {
     if !toml.is_empty() {
       toml.push_str("\n\n##\n\n");
     }
-    toml.push_str(&user_group_to_toml(user_group)?);
+    toml.push_str("[[user_group]]\n");
+    toml.push_str(
+      &toml_pretty::to_string(user_group, TOML_PRETTY_OPTIONS)
+        .context("failed to serialize user_groups to toml")?,
+    );
   }
 
   Ok(toml)

bin/core/src/api/read/update.rs

@@ -1,28 +1,34 @@
 use std::collections::HashMap;
 
-use anyhow::Context;
-use database::mungos::{
+use anyhow::{anyhow, Context};
+use komodo_client::{
+  api::read::{GetUpdate, ListUpdates, ListUpdatesResponse},
+  entities::{
+    action::Action,
+    alerter::Alerter,
+    build::Build,
+    builder::Builder,
+    deployment::Deployment,
+    permission::PermissionLevel,
+    procedure::Procedure,
+    repo::Repo,
+    server::Server,
+    server_template::ServerTemplate,
+    stack::Stack,
+    sync::ResourceSync,
+    update::{Update, UpdateListItem},
+    user::User,
+    ResourceTarget,
+  },
+};
+use mungos::{
   by_id::find_one_by_id,
   find::find_collect,
   mongodb::{bson::doc, options::FindOptions},
 };
-use komodo_client::{
-  api::read::{GetUpdate, ListUpdates, ListUpdatesResponse},
-  entities::{
-    permission::PermissionLevel,
-    update::{Update, UpdateListItem},
-    user::User,
-  },
-};
-use mogh_resolver::Resolve;
+use resolver_api::Resolve;
 
-use crate::{
-  config::core_config,
-  permission::{
-    check_user_target_access, user_resource_target_query,
-  },
-  state::db_client,
-};
+use crate::{config::core_config, resource, state::db_client};
 
 use super::ReadArgs;
 
@@ -32,8 +38,140 @@ impl Resolve<ReadArgs> for ListUpdates {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListUpdatesResponse> {
-    let query = user_resource_target_query(user, self.query).await?;
+  ) -> serror::Result<ListUpdatesResponse> {
+    let query = if user.admin || core_config().transparent_mode {
+      self.query
+    } else {
+      let server_query =
+        resource::get_resource_ids_for_user::<Server>(&user)
+          .await?
+          .map(|ids| {
+            doc! {
+              "target.type": "Server", "target.id": { "$in": ids }
+            }
+          })
+          .unwrap_or_else(|| doc! { "target.type": "Server" });
+
+      let deployment_query =
+        resource::get_resource_ids_for_user::<Deployment>(&user)
+          .await?
+          .map(|ids| {
+            doc! {
+              "target.type": "Deployment", "target.id": { "$in": ids }
+            }
+          })
+          .unwrap_or_else(|| doc! { "target.type": "Deployment" });
+
+      let stack_query =
+        resource::get_resource_ids_for_user::<Stack>(&user)
+          .await?
+          .map(|ids| {
+            doc! {
+              "target.type": "Stack", "target.id": { "$in": ids }
+            }
+          })
+          .unwrap_or_else(|| doc! { "target.type": "Stack" });
+
+      let build_query =
+        resource::get_resource_ids_for_user::<Build>(&user)
+          .await?
+          .map(|ids| {
+            doc! {
+              "target.type": "Build", "target.id": { "$in": ids }
+            }
+          })
+          .unwrap_or_else(|| doc! { "target.type": "Build" });
+
+      let repo_query =
+        resource::get_resource_ids_for_user::<Repo>(&user)
+          .await?
+          .map(|ids| {
+            doc! {
+              "target.type": "Repo", "target.id": { "$in": ids }
+            }
+          })
+          .unwrap_or_else(|| doc! { "target.type": "Repo" });
+
+      let procedure_query =
+        resource::get_resource_ids_for_user::<Procedure>(&user)
+          .await?
+          .map(|ids| {
+            doc! {
+              "target.type": "Procedure", "target.id": { "$in": ids }
+            }
+          })
+          .unwrap_or_else(|| doc! { "target.type": "Procedure" });
+
+      let action_query =
+        resource::get_resource_ids_for_user::<Action>(&user)
+          .await?
+          .map(|ids| {
+            doc! {
+              "target.type": "Action", "target.id": { "$in": ids }
+            }
+          })
+          .unwrap_or_else(|| doc! { "target.type": "Action" });
+
+      let builder_query =
+        resource::get_resource_ids_for_user::<Builder>(&user)
+          .await?
+          .map(|ids| {
+            doc! {
+              "target.type": "Builder", "target.id": { "$in": ids }
+            }
+          })
+          .unwrap_or_else(|| doc! { "target.type": "Builder" });
+
+      let alerter_query =
+        resource::get_resource_ids_for_user::<Alerter>(&user)
+          .await?
+          .map(|ids| {
+            doc! {
+              "target.type": "Alerter", "target.id": { "$in": ids }
+            }
+          })
+          .unwrap_or_else(|| doc! { "target.type": "Alerter" });
+
+      let server_template_query =
+        resource::get_resource_ids_for_user::<ServerTemplate>(&user)
+          .await?
+          .map(|ids| {
+            doc! {
+              "target.type": "ServerTemplate", "target.id": { "$in": ids }
+            }
+          })
+          .unwrap_or_else(|| doc! { "target.type": "ServerTemplate" });
+
+      let resource_sync_query =
+        resource::get_resource_ids_for_user::<ResourceSync>(
+          &user,
+        )
+        .await?
+        .map(|ids| {
+          doc! {
+            "target.type": "ResourceSync", "target.id": { "$in": ids }
+          }
+        })
+        .unwrap_or_else(|| doc! { "target.type": "ResourceSync" });
+
+      let mut query = self.query.unwrap_or_default();
+      query.extend(doc! {
+        "$or": [
+          server_query,
+          deployment_query,
+          stack_query,
+          build_query,
+          repo_query,
+          procedure_query,
+          action_query,
+          alerter_query,
+          builder_query,
+          server_template_query,
+          resource_sync_query,
+        ]
+      });
+      query.into()
+    };
 
     let usernames = find_collect(&db_client().users, None, None)
       .await
@@ -92,7 +230,7 @@ impl Resolve<ReadArgs> for GetUpdate {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<Update> {
+  ) -> serror::Result<Update> {
     let update = find_one_by_id(&db_client().updates, &self.id)
       .await
       .context("failed to query to db")?
@@ -100,12 +238,101 @@ impl Resolve<ReadArgs> for GetUpdate {
     if user.admin || core_config().transparent_mode {
       return Ok(update);
     }
-    check_user_target_access(
-      &update.target,
-      user,
-      PermissionLevel::Read.into(),
-    )
-    .await?;
+    match &update.target {
+      ResourceTarget::System(_) => {
+        return Err(
+          anyhow!("user must be admin to view system updates").into(),
+        )
+      }
+      ResourceTarget::Server(id) => {
+        resource::get_check_permissions::<Server>(
+          id,
+          &user,
+          PermissionLevel::Read,
+        )
+        .await?;
+      }
+      ResourceTarget::Deployment(id) => {
+        resource::get_check_permissions::<Deployment>(
+          id,
+          &user,
+          PermissionLevel::Read,
+        )
+        .await?;
+      }
+      ResourceTarget::Build(id) => {
+        resource::get_check_permissions::<Build>(
+          id,
+          &user,
+          PermissionLevel::Read,
+        )
+        .await?;
+      }
+      ResourceTarget::Repo(id) => {
+        resource::get_check_permissions::<Repo>(
+          id,
+          &user,
+          PermissionLevel::Read,
+        )
+        .await?;
+      }
+      ResourceTarget::Builder(id) => {
+        resource::get_check_permissions::<Builder>(
+          id,
+          &user,
+          PermissionLevel::Read,
+        )
+        .await?;
+      }
+      ResourceTarget::Alerter(id) => {
+        resource::get_check_permissions::<Alerter>(
+          id,
+          &user,
+          PermissionLevel::Read,
+        )
+        .await?;
+      }
+      ResourceTarget::Procedure(id) => {
+        resource::get_check_permissions::<Procedure>(
+          id,
+          &user,
+          PermissionLevel::Read,
+        )
+        .await?;
+      }
+      ResourceTarget::Action(id) => {
+        resource::get_check_permissions::<Action>(
+          id,
+          &user,
+          PermissionLevel::Read,
+        )
+        .await?;
+      }
+      ResourceTarget::ServerTemplate(id) => {
+        resource::get_check_permissions::<ServerTemplate>(
+          id,
+          &user,
+          PermissionLevel::Read,
+        )
+        .await?;
+      }
+      ResourceTarget::ResourceSync(id) => {
+        resource::get_check_permissions::<ResourceSync>(
+          id,
+          &user,
+          PermissionLevel::Read,
+        )
+        .await?;
+      }
+      ResourceTarget::Stack(id) => {
+        resource::get_check_permissions::<Stack>(
+          id,
+          &user,
+          PermissionLevel::Read,
+        )
+        .await?;
+      }
+    }
     Ok(update)
   }
 }

bin/core/src/api/read/user.rs

@@ -1,9 +1,4 @@
-use anyhow::{Context, anyhow};
-use database::mungos::{
-  by_id::find_one_by_id,
-  find::find_collect,
-  mongodb::{bson::doc, options::FindOptions},
-};
+use anyhow::{anyhow, Context};
 use komodo_client::{
   api::read::{
     FindUser, FindUserResponse, GetUsername, GetUsernameResponse,
@@ -11,9 +6,14 @@ use komodo_client::{
     ListApiKeysForServiceUserResponse, ListApiKeysResponse,
     ListUsers, ListUsersResponse,
   },
-  entities::user::{UserConfig, admin_service_user},
+  entities::user::{admin_service_user, UserConfig},
 };
-use mogh_resolver::Resolve;
+use mungos::{
+  by_id::find_one_by_id,
+  find::find_collect,
+  mongodb::{bson::doc, options::FindOptions},
+};
+use resolver_api::Resolve;
 
 use crate::{helpers::query::get_user, state::db_client};
 
@@ -23,7 +23,7 @@ impl Resolve<ReadArgs> for GetUsername {
   async fn resolve(
     self,
     _: &ReadArgs,
-  ) -> mogh_error::Result<GetUsernameResponse> {
+  ) -> serror::Result<GetUsernameResponse> {
     if let Some(user) = admin_service_user(&self.user_id) {
       return Ok(GetUsernameResponse {
         username: user.username,
@@ -53,7 +53,7 @@ impl Resolve<ReadArgs> for FindUser {
   async fn resolve(
     self,
     ReadArgs { user: admin }: &ReadArgs,
-  ) -> mogh_error::Result<FindUserResponse> {
+  ) -> serror::Result<FindUserResponse> {
     if !admin.admin {
       return Err(anyhow!("This method is admin only.").into());
     }
@@ -65,7 +65,7 @@ impl Resolve<ReadArgs> for ListUsers {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListUsersResponse> {
+  ) -> serror::Result<ListUsersResponse> {
     if !user.admin {
       return Err(
         anyhow!("this route is only accessable by admins").into(),
@@ -87,7 +87,7 @@ impl Resolve<ReadArgs> for ListApiKeys {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListApiKeysResponse> {
+  ) -> serror::Result<ListApiKeysResponse> {
     let api_keys = find_collect(
       &db_client().api_keys,
       doc! { "user_id": &user.id },
@@ -109,7 +109,7 @@ impl Resolve<ReadArgs> for ListApiKeysForServiceUser {
   async fn resolve(
     self,
     ReadArgs { user: admin }: &ReadArgs,
-  ) -> mogh_error::Result<ListApiKeysForServiceUserResponse> {
+  ) -> serror::Result<ListApiKeysForServiceUserResponse> {
     if !admin.admin {
       return Err(anyhow!("This method is admin only.").into());
     }

bin/core/src/api/read/user_group.rs

@@ -1,15 +1,15 @@
 use std::str::FromStr;
 
 use anyhow::Context;
-use database::mungos::{
+use komodo_client::api::read::*;
+use mungos::{
   find::find_collect,
   mongodb::{
-    bson::{Document, doc, oid::ObjectId},
+    bson::{doc, oid::ObjectId, Document},
     options::FindOptions,
   },
 };
-use komodo_client::api::read::*;
-use mogh_resolver::Resolve;
+use resolver_api::Resolve;
 
 use crate::state::db_client;
 
@@ -19,7 +19,7 @@ impl Resolve<ReadArgs> for GetUserGroup {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<GetUserGroupResponse> {
+  ) -> serror::Result<GetUserGroupResponse> {
     let mut filter = match ObjectId::from_str(&self.user_group) {
       Ok(id) => doc! { "_id": id },
       Err(_) => doc! { "name": &self.user_group },
@@ -43,7 +43,7 @@ impl Resolve<ReadArgs> for ListUserGroups {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListUserGroupsResponse> {
+  ) -> serror::Result<ListUserGroupsResponse> {
     let mut filter = Document::new();
     if !user.admin {
       filter.insert("users", &user.id);

bin/core/src/api/read/variable.rs

@@ -1,10 +1,8 @@
 use anyhow::Context;
-use database::mongo_indexed::doc;
-use database::mungos::{
-  find::find_collect, mongodb::options::FindOptions,
-};
 use komodo_client::api::read::*;
-use mogh_resolver::Resolve;
+use mongo_indexed::doc;
+use mungos::{find::find_collect, mongodb::options::FindOptions};
+use resolver_api::Resolve;
 
 use crate::{helpers::query::get_variable, state::db_client};
 
@@ -14,7 +12,7 @@ impl Resolve<ReadArgs> for GetVariable {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<GetVariableResponse> {
+  ) -> serror::Result<GetVariableResponse> {
     let mut variable = get_variable(&self.name).await?;
     if !variable.is_secret || user.admin {
       return Ok(variable);
@@ -28,7 +26,7 @@ impl Resolve<ReadArgs> for ListVariables {
   async fn resolve(
     self,
     ReadArgs { user }: &ReadArgs,
-  ) -> mogh_error::Result<ListVariablesResponse> {
+  ) -> serror::Result<ListVariablesResponse> {
     let variables = find_collect(
       &db_client().variables,
       None,

bin/core/src/api/terminal.rs

@@ -1,56 +0,0 @@
-use anyhow::Context;
-use axum::{Extension, Router, middleware, routing::post};
-use komodo_client::{api::terminal::*, entities::user::User};
-use mogh_auth_server::middleware::authenticate_request;
-use mogh_error::Json;
-
-use crate::{
-  auth::KomodoAuthImpl, helpers::terminal::setup_target_for_user,
-};
-
-pub fn router() -> Router {
-  Router::new()
-    .route("/execute", post(execute_terminal))
-    .layer(middleware::from_fn(
-      authenticate_request::<KomodoAuthImpl, true>,
-    ))
-}
-
-// =================
-//  ExecuteTerminal
-// =================
-
-#[instrument(
-  name = "ExecuteTerminal",
-  skip_all,
-  fields(
-    operator = user.id,
-    target,
-    terminal,
-    init = format!("{init:?}")
-  )
-)]
-async fn execute_terminal(
-  Extension(user): Extension<User>,
-  Json(ExecuteTerminalBody {
-    target,
-    terminal,
-    command,
-    init,
-  }): Json<ExecuteTerminalBody>,
-) -> mogh_error::Result<axum::body::Body> {
-  info!(
-    "TERMINAL EXECUTE REQUEST | USER: {} ({})",
-    user.username, user.id
-  );
-
-  let (target, terminal, periphery) =
-    setup_target_for_user(target, terminal, init, &user).await?;
-
-  let stream = periphery
-    .execute_terminal(target, terminal, command)
-    .await
-    .context("Failed to execute command on Terminal")?;
-
-  Ok(axum::body::Body::from_stream(stream))
-}

bin/core/src/api/user.rs

@@ -0,0 +1,193 @@
+use std::{collections::VecDeque, time::Instant};
+
+use anyhow::{anyhow, Context};
+use axum::{middleware, routing::post, Extension, Json, Router};
+use derive_variants::EnumVariants;
+use komodo_client::{
+  api::user::*,
+  entities::{api_key::ApiKey, komodo_timestamp, user::User},
+};
+use mongo_indexed::doc;
+use mungos::{by_id::update_one_by_id, mongodb::bson::to_bson};
+use resolver_api::Resolve;
+use response::Response;
+use serde::{Deserialize, Serialize};
+use typeshare::typeshare;
+use uuid::Uuid;
+
+use crate::{
+  auth::auth_request,
+  helpers::{query::get_user, random_string},
+  state::db_client,
+};
+
+pub struct UserArgs {
+  pub user: User,
+}
+
+#[typeshare]
+#[derive(
+  Serialize, Deserialize, Debug, Clone, Resolve, EnumVariants,
+)]
+#[args(UserArgs)]
+#[response(Response)]
+#[error(serror::Error)]
+#[serde(tag = "type", content = "params")]
+enum UserRequest {
+  PushRecentlyViewed(PushRecentlyViewed),
+  SetLastSeenUpdate(SetLastSeenUpdate),
+  CreateApiKey(CreateApiKey),
+  DeleteApiKey(DeleteApiKey),
+}
+
+pub fn router() -> Router {
+  Router::new()
+    .route("/", post(handler))
+    .layer(middleware::from_fn(auth_request))
+}
+
+#[instrument(name = "UserHandler", level = "debug", skip(user))]
+async fn handler(
+  Extension(user): Extension<User>,
+  Json(request): Json<UserRequest>,
+) -> serror::Result<axum::response::Response> {
+  let timer = Instant::now();
+  let req_id = Uuid::new_v4();
+  debug!(
+    "/user request {req_id} | user: {} ({})",
+    user.username, user.id
+  );
+  let res = request.resolve(&UserArgs { user }).await;
+  if let Err(e) = &res {
+    warn!("/user request {req_id} error: {:#}", e.error);
+  }
+  let elapsed = timer.elapsed();
+  debug!("/user request {req_id} | resolve time: {elapsed:?}");
+  res.map(|res| res.0)
+}
+
+const RECENTLY_VIEWED_MAX: usize = 10;
+
+impl Resolve<UserArgs> for PushRecentlyViewed {
+  #[instrument(
+    name = "PushRecentlyViewed",
+    level = "debug",
+    skip(user)
+  )]
+  async fn resolve(
+    self,
+    UserArgs { user }: &UserArgs,
+  ) -> serror::Result<PushRecentlyViewedResponse> {
+    let user = get_user(&user.id).await?;
+
+    let (resource_type, id) = self.resource.extract_variant_id();
+    let update = match user.recents.get(&resource_type) {
+      Some(recents) => {
+        let mut recents = recents
+          .iter()
+          .filter(|_id| !id.eq(*_id))
+          .take(RECENTLY_VIEWED_MAX - 1)
+          .collect::<VecDeque<_>>();
+        recents.push_front(id);
+        doc! { format!("recents.{resource_type}"): to_bson(&recents)? }
+      }
+      None => {
+        doc! { format!("recents.{resource_type}"): [id] }
+      }
+    };
+    update_one_by_id(
+      &db_client().users,
+      &user.id,
+      mungos::update::Update::Set(update),
+      None,
+    )
+    .await
+    .with_context(|| {
+      format!("failed to update recents.{resource_type}")
+    })?;
+
+    Ok(PushRecentlyViewedResponse {})
+  }
+}
+
+impl Resolve<UserArgs> for SetLastSeenUpdate {
+  #[instrument(
+    name = "SetLastSeenUpdate",
+    level = "debug",
+    skip(user)
+  )]
+  async fn resolve(
+    self,
+    UserArgs { user }: &UserArgs,
+  ) -> serror::Result<SetLastSeenUpdateResponse> {
+    update_one_by_id(
+      &db_client().users,
+      &user.id,
+      mungos::update::Update::Set(doc! {
+        "last_update_view": komodo_timestamp()
+      }),
+      None,
+    )
+    .await
+    .context("failed to update user last_update_view")?;
+    Ok(SetLastSeenUpdateResponse {})
+  }
+}
+
+const SECRET_LENGTH: usize = 40;
+const BCRYPT_COST: u32 = 10;
+
+impl Resolve<UserArgs> for CreateApiKey {
+  #[instrument(name = "CreateApiKey", level = "debug", skip(user))]
+  async fn resolve(
+    self,
+    UserArgs { user }: &UserArgs,
+  ) -> serror::Result<CreateApiKeyResponse> {
+    let user = get_user(&user.id).await?;
+
+    let key = format!("K-{}", random_string(SECRET_LENGTH));
+    let secret = format!("S-{}", random_string(SECRET_LENGTH));
+    let secret_hash = bcrypt::hash(&secret, BCRYPT_COST)
+      .context("failed at hashing secret string")?;
+
+    let api_key = ApiKey {
+      name: self.name,
+      key: key.clone(),
+      secret: secret_hash,
+      user_id: user.id.clone(),
+      created_at: komodo_timestamp(),
+      expires: self.expires,
+    };
+    db_client()
+      .api_keys
+      .insert_one(api_key)
+      .await
+      .context("failed to create api key on db")?;
+    Ok(CreateApiKeyResponse { key, secret })
+  }
+}
+
+impl Resolve<UserArgs> for DeleteApiKey {
+  #[instrument(name = "DeleteApiKey", level = "debug", skip(user))]
+  async fn resolve(
+    self,
+    UserArgs { user }: &UserArgs,
+  ) -> serror::Result<DeleteApiKeyResponse> {
+    let client = db_client();
+    let key = client
+      .api_keys
+      .find_one(doc! { "key": &self.key })
+      .await
+      .context("failed at db query")?
+      .context("no api key with key found")?;
+    if user.id != key.user_id {
+      return Err(anyhow!("api key does not belong to user").into());
+    }
+    client
+      .api_keys
+      .delete_one(doc! { "key": key.key })
+      .await
+      .context("failed to delete api key from db")?;
+    Ok(DeleteApiKeyResponse {})
+  }
+}

bin/core/src/api/write/action.rs

@@ -4,105 +4,68 @@ use komodo_client::{
     action::Action, permission::PermissionLevel, update::Update,
   },
 };
-use mogh_resolver::Resolve;
+use resolver_api::Resolve;
 
-use crate::{permission::get_check_permissions, resource};
+use crate::resource;
 
 use super::WriteArgs;
 
 impl Resolve<WriteArgs> for CreateAction {
-  #[instrument(
-    "CreateAction",
-    skip_all,
-    fields(
-      operator = user.id,
-      action = self.name,
-      config = serde_json::to_string(&self.config).unwrap(),
-    )
-  )]
+  #[instrument(name = "CreateAction", skip(user))]
   async fn resolve(
     self,
     WriteArgs { user }: &WriteArgs,
-  ) -> mogh_error::Result<Action> {
-    resource::create::<Action>(&self.name, self.config, None, user)
-      .await
+  ) -> serror::Result<Action> {
+    Ok(
+      resource::create::<Action>(&self.name, self.config, user)
+        .await?,
+    )
   }
 }
 
 impl Resolve<WriteArgs> for CopyAction {
-  #[instrument(
-    "CopyAction",
-    skip_all,
-    fields(
-      operator = user.id,
-      action = self.name,
-      copy_action = self.id,
-    )
-  )]
+  #[instrument(name = "CopyAction", skip(user))]
   async fn resolve(
     self,
     WriteArgs { user }: &WriteArgs,
-  ) -> mogh_error::Result<Action> {
-    let Action { config, .. } = get_check_permissions::<Action>(
-      &self.id,
-      user,
-      PermissionLevel::Write.into(),
+  ) -> serror::Result<Action> {
+    let Action { config, .. } =
+      resource::get_check_permissions::<Action>(
+        &self.id,
+        &user,
+        PermissionLevel::Write,
+      )
+      .await?;
+    Ok(
+      resource::create::<Action>(&self.name, config.into(), &user)
+        .await?,
     )
-    .await?;
-    resource::create::<Action>(&self.name, config.into(), None, user)
-      .await
   }
 }
 
 impl Resolve<WriteArgs> for UpdateAction {
-  #[instrument(
-    "UpdateAction",
-    skip_all,
-    fields(
-      operator = user.id,
-      action = self.id,
-      update = serde_json::to_string(&self.config).unwrap(),
-    )
-  )]
+  #[instrument(name = "UpdateAction", skip(user))]
   async fn resolve(
     self,
     WriteArgs { user }: &WriteArgs,
-  ) -> mogh_error::Result<Action> {
+  ) -> serror::Result<Action> {
     Ok(resource::update::<Action>(&self.id, self.config, user).await?)
   }
 }
 
 impl Resolve<WriteArgs> for RenameAction {
-  #[instrument(
-    "RenameAction",
-    skip_all,
-    fields(
-      operator = user.id,
-      action = self.id,
-      new_name = self.name,
-    )
-  )]
+  #[instrument(name = "RenameAction", skip(user))]
   async fn resolve(
     self,
     WriteArgs { user }: &WriteArgs,
-  ) -> mogh_error::Result<Update> {
+  ) -> serror::Result<Update> {
     Ok(resource::rename::<Action>(&self.id, &self.name, user).await?)
   }
 }
 
 impl Resolve<WriteArgs> for DeleteAction {
-  #[instrument(
-    "DeleteAction",
-    skip_all,
-    fields(
-      operator = user.id,
-      action = self.id
-    )
-  )]
-  async fn resolve(
-    self,
-    WriteArgs { user }: &WriteArgs,
-  ) -> mogh_error::Result<Action> {
-    Ok(resource::delete::<Action>(&self.id, user).await?)
+  #[instrument(name = "DeleteAction", skip(args))]
+  async fn resolve(self, args: &WriteArgs) -> serror::Result<Action> {
+    Ok(resource::delete::<Action>(&self.id, args).await?)
   }
 }

bin/core/src/api/write/alert.rs

@@ -1,41 +0,0 @@
-use std::str::FromStr;
-
-use anyhow::{Context, anyhow};
-use database::mungos::mongodb::bson::{doc, oid::ObjectId};
-use komodo_client::{api::write::CloseAlert, entities::NoData};
-use mogh_error::AddStatusCodeError;
-use mogh_resolver::Resolve;
-use reqwest::StatusCode;
-
-use crate::{api::write::WriteArgs, state::db_client};
-
-impl Resolve<WriteArgs> for CloseAlert {
-  #[instrument(
-    "CloseAlert",
-    skip_all,
-    fields(
-      operator = admin.id,
-      alert_id = self.id,
-    )
-  )]
-  async fn resolve(
-    self,
-    WriteArgs { user: admin }: &WriteArgs,
-  ) -> Result<Self::Response, Self::Error> {
-    if !admin.admin {
-      return Err(
-        anyhow!("This call is admin only")
-          .status_code(StatusCode::FORBIDDEN),
-      );
-    }
-    db_client()
-      .alerts
-      .update_one(
-        doc! { "_id": ObjectId::from_str(&self.id)? },
-        doc! { "$set": { "resolved": true } },
-      )
-      .await
-      .context("Failed to close Alert on database")?;
-    Ok(NoData {})
-  }
-}

bin/core/src/api/write/alerter.rs

@@ -4,87 +4,61 @@ use komodo_client::{
     alerter::Alerter, permission::PermissionLevel, update::Update,
   },
 };
-use mogh_resolver::Resolve;
+use resolver_api::Resolve;
 
-use crate::{permission::get_check_permissions, resource};
+use crate::resource;
 
 use super::WriteArgs;
 
 impl Resolve<WriteArgs> for CreateAlerter {
-  #[instrument(
-    "CreateAlerter",
-    skip_all,
-    fields(
-      operator = user.id,
-      alerter = self.name,
-      config = serde_json::to_string(&self.config).unwrap(),
-    )
-  )]
+  #[instrument(name = "CreateAlerter", skip(user))]
   async fn resolve(
     self,
     WriteArgs { user }: &WriteArgs,
-  ) -> mogh_error::Result<Alerter> {
-    resource::create::<Alerter>(&self.name, self.config, None, user)
-      .await
+  ) -> serror::Result<Alerter> {
+    Ok(
+      resource::create::<Alerter>(&self.name, self.config, user)
+        .await?,
+    )
   }
 }
 
 impl Resolve<WriteArgs> for CopyAlerter {
-  #[instrument(
-    "CopyAlerter",
-    skip_all,
-    fields(
-      operator = user.id,
-      alerter = self.name,
-      copy_alerter = self.id,
-    )
-  )]
+  #[instrument(name = "CopyAlerter", skip(user))]
   async fn resolve(
     self,
     WriteArgs { user }: &WriteArgs,
-  ) -> mogh_error::Result<Alerter> {
-    let Alerter { config, .. } = get_check_permissions::<Alerter>(
-      &self.id,
-      user,
-      PermissionLevel::Write.into(),
+  ) -> serror::Result<Alerter> {
+    let Alerter { config, .. } =
+      resource::get_check_permissions::<Alerter>(
+        &self.id,
+        &user,
+        PermissionLevel::Write,
+      )
+      .await?;
+    Ok(
+      resource::create::<Alerter>(&self.name, config.into(), user)
+        .await?,
     )
-    .await?;
-    resource::create::<Alerter>(&self.name, config.into(), None, user)
-      .await
   }
 }
 
 impl Resolve<WriteArgs> for DeleteAlerter {
-  #[instrument(
-    "DeleteAlerter",
-    skip_all,
-    fields(
-      operator = user.id,
-      alerter = self.id,
-    )
-  )]
+  #[instrument(name = "DeleteAlerter", skip(args))]
   async fn resolve(
     self,
-    WriteArgs { user }: &WriteArgs,
-  ) -> mogh_error::Result<Alerter> {
-    Ok(resource::delete::<Alerter>(&self.id, user).await?)
+    args: &WriteArgs,
+  ) -> serror::Result<Alerter> {
+    Ok(resource::delete::<Alerter>(&self.id, args).await?)
   }
 }
 
 impl Resolve<WriteArgs> for UpdateAlerter {
-  #[instrument(
-    "UpdateAlerter",
-    skip_all,
-    fields(
-      operator = user.id,
-      alerter = self.id,
-      update = serde_json::to_string(&self.config).unwrap()
-    )
-  )]
+  #[instrument(name = "UpdateAlerter", skip(user))]
   async fn resolve(
     self,
     WriteArgs { user }: &WriteArgs,
-  ) -> mogh_error::Result<Alerter> {
+  ) -> serror::Result<Alerter> {
     Ok(
       resource::update::<Alerter>(&self.id, self.config, user)
         .await?,
@@ -93,19 +67,11 @@ impl Resolve<WriteArgs> for UpdateAlerter {
 }
 
 impl Resolve<WriteArgs> for RenameAlerter {
-  #[instrument(
-    "RenameAlerter",
-    skip_all,
-    fields(
-      operator = user.id,
-      alerter = self.id,
-      new_name = self.name,
-    )
-  )]
+  #[instrument(name = "RenameAlerter", skip(user))]
   async fn resolve(
     self,
     WriteArgs { user }: &WriteArgs,
-  ) -> mogh_error::Result<Update> {
+  ) -> serror::Result<Update> {
     Ok(resource::rename::<Alerter>(&self.id, &self.name, user).await?)
   }
 }

bin/core/src/api/write/build.rs

@@ -1,452 +1,163 @@
-use std::{path::PathBuf, time::Duration};
-
-use anyhow::{Context, anyhow};
-use database::mungos::mongodb::bson::to_document;
-use database::{
-  mongo_indexed::doc, mungos::mongodb::bson::oid::ObjectId,
-};
-use formatting::format_serror;
+use anyhow::{anyhow, Context};
+use git::GitRes;
 use komodo_client::{
   api::write::*,
   entities::{
-    FileContents, NoData, Operation, RepoExecutionArgs,
-    all_logs_success,
-    build::{Build, BuildInfo},
-    builder::{Builder, BuilderConfig},
+    build::{Build, BuildInfo, PartialBuildConfig},
+    config::core::CoreConfig,
     permission::PermissionLevel,
-    repo::Repo,
-    server::ServerState,
     update::Update,
+    CloneArgs, NoData,
   },
 };
-use mogh_resolver::Resolve;
-use periphery_client::api::build::{
-  GetDockerfileContentsOnHost, WriteDockerfileContentsToHost,
+use mongo_indexed::doc;
+use mungos::mongodb::bson::to_document;
+use octorust::types::{
+  ReposCreateWebhookRequest, ReposCreateWebhookRequestConfig,
 };
-use tokio::fs;
+use resolver_api::Resolve;
 
 use crate::{
   config::core_config,
-  connection::PeripheryConnectionArgs,
-  helpers::{
-    git_token, periphery_client,
-    query::get_server_with_state,
-    update::{add_update, make_update},
-  },
-  periphery::PeripheryClient,
-  permission::get_check_permissions,
+  helpers::git_token,
   resource,
-  state::db_client,
+  state::{db_client, github_client},
 };
 
 use super::WriteArgs;
 
 impl Resolve<WriteArgs> for CreateBuild {
-  #[instrument(
-    "CreateBuild",
-    skip_all,
-    fields(
-      operator = user.id,
-      build = self.name,
-      config = serde_json::to_string(&self.config).unwrap(),
-    )
-  )]
+  #[instrument(name = "CreateBuild", skip(user))]
   async fn resolve(
     self,
     WriteArgs { user }: &WriteArgs,
-  ) -> mogh_error::Result<Build> {
-    resource::create::<Build>(&self.name, self.config, None, user)
-      .await
+  ) -> serror::Result<Build> {
+    Ok(
+      resource::create::<Build>(&self.name, self.config, user)
+        .await?,
+    )
   }
 }
 
 impl Resolve<WriteArgs> for CopyBuild {
-  #[instrument(
-    "CopyBuild",
-    skip_all,
-    fields(
-      operator = user.id,
-      build = self.name,
-      copy_build = self.id,
-    )
-  )]
+  #[instrument(name = "CopyBuild", skip(user))]
   async fn resolve(
     self,
     WriteArgs { user }: &WriteArgs,
-  ) -> mogh_error::Result<Build> {
-    let Build { mut config, .. } = get_check_permissions::<Build>(
-      &self.id,
-      user,
-      PermissionLevel::Read.into(),
-    )
-    .await?;
+  ) -> serror::Result<Build> {
+    let Build { mut config, .. } =
+      resource::get_check_permissions::<Build>(
+        &self.id,
+        user,
+        PermissionLevel::Write,
+      )
+      .await?;
     // reset version to 0.0.0
     config.version = Default::default();
-    resource::create::<Build>(&self.name, config.into(), None, user)
-      .await
+    Ok(
+      resource::create::<Build>(&self.name, config.into(), user)
+        .await?,
+    )
   }
 }
 
 impl Resolve<WriteArgs> for DeleteBuild {
-  #[instrument(
-    "DeleteBuild",
-    skip_all,
-    fields(
-      operator = user.id,
-      build = self.id,
-    )
-  )]
-  async fn resolve(
-    self,
-    WriteArgs { user }: &WriteArgs,
-  ) -> mogh_error::Result<Build> {
-    Ok(resource::delete::<Build>(&self.id, user).await?)
+  #[instrument(name = "DeleteBuild", skip(args))]
+  async fn resolve(self, args: &WriteArgs) -> serror::Result<Build> {
+    Ok(resource::delete::<Build>(&self.id, args).await?)
   }
 }
 
 impl Resolve<WriteArgs> for UpdateBuild {
-  #[instrument(
-    "UpdateBuild",
-    skip_all,
-    fields(
-      operator = user.id,
-      build = self.id,
-      update = serde_json::to_string(&self.config).unwrap(),
-    )
-  )]
+  #[instrument(name = "UpdateBuild", skip(user))]
   async fn resolve(
     self,
     WriteArgs { user }: &WriteArgs,
-  ) -> mogh_error::Result<Build> {
+  ) -> serror::Result<Build> {
     Ok(resource::update::<Build>(&self.id, self.config, user).await?)
   }
 }
 
 impl Resolve<WriteArgs> for RenameBuild {
-  #[instrument(
-    "RenameBuild",
-    skip_all,
-    fields(
-      operator = user.id,
-      build = self.id,
-      new_name = self.name,
-    )
-  )]
+  #[instrument(name = "RenameBuild", skip(user))]
   async fn resolve(
     self,
     WriteArgs { user }: &WriteArgs,
-  ) -> mogh_error::Result<Update> {
+  ) -> serror::Result<Update> {
     Ok(resource::rename::<Build>(&self.id, &self.name, user).await?)
   }
 }
 
-impl Resolve<WriteArgs> for WriteBuildFileContents {
+impl Resolve<WriteArgs> for RefreshBuildCache {
   #[instrument(
-    "WriteBuildFileContents",
-    skip_all,
-    fields(
-      operator = args.user.id,
-      build = self.build,
-    )
+    name = "RefreshBuildCache",
+    level = "debug",
+    skip(user)
   )]
-  async fn resolve(
-    self,
-    args: &WriteArgs,
-  ) -> mogh_error::Result<Update> {
-    let build = get_check_permissions::<Build>(
-      &self.build,
-      &args.user,
-      PermissionLevel::Write.into(),
-    )
-    .await?;
-
-    if !build.config.files_on_host
-      && build.config.repo.is_empty()
-      && build.config.linked_repo.is_empty()
-    {
-      return Err(anyhow!(
-        "Build is not configured to use Files on Host or Git Repo, can't write dockerfile contents"
-      ).into());
-    }
-
-    let mut update =
-      make_update(&build, Operation::WriteDockerfile, &args.user);
-
-    update.push_simple_log("Dockerfile to write", &self.contents);
-
-    if build.config.files_on_host {
-      match get_on_host_periphery(&build)
-        .await?
-        .request(WriteDockerfileContentsToHost {
-          name: build.name,
-          build_path: build.config.build_path,
-          dockerfile_path: build.config.dockerfile_path,
-          contents: self.contents,
-        })
-        .await
-        .context("Failed to write dockerfile contents to host")
-      {
-        Ok(log) => {
-          update.logs.push(log);
-        }
-        Err(e) => {
-          update.push_error_log(
-            "Write Dockerfile Contents",
-            format_serror(&e.into()),
-          );
-        }
-      };
-
-      if !all_logs_success(&update.logs) {
-        update.finalize();
-        update.id = add_update(update.clone()).await?;
-
-        return Ok(update);
-      }
-
-      if let Err(e) =
-        (RefreshBuildCache { build: build.id }).resolve(args).await
-      {
-        update.push_error_log(
-          "Refresh build cache",
-          format_serror(&e.error.into()),
-        );
-      }
-
-      update.finalize();
-      update.id = add_update(update.clone()).await?;
-
-      Ok(update)
-    } else {
-      write_dockerfile_contents_git(self, args, build, update).await
-    }
-  }
-}
-
-#[instrument("WriteDockerfileContentsGit", skip_all)]
-async fn write_dockerfile_contents_git(
-  req: WriteBuildFileContents,
-  args: &WriteArgs,
-  build: Build,
-  mut update: Update,
-) -> mogh_error::Result<Update> {
-  let WriteBuildFileContents { build: _, contents } = req;
-
-  let mut repo_args: RepoExecutionArgs = if !build
-    .config
-    .files_on_host
-    && !build.config.linked_repo.is_empty()
-  {
-    (&crate::resource::get::<Repo>(&build.config.linked_repo).await?)
-      .into()
-  } else {
-    (&build).into()
-  };
-  let root = repo_args.unique_path(&core_config().repo_directory)?;
-  repo_args.destination = Some(root.display().to_string());
-
-  let build_path = build
-    .config
-    .build_path
-    .parse::<PathBuf>()
-    .context("Invalid build path")?;
-  let dockerfile_path = build
-    .config
-    .dockerfile_path
-    .parse::<PathBuf>()
-    .context("Invalid dockerfile path")?;
-
-  let full_path = root.join(&build_path).join(&dockerfile_path);
-
-  if let Some(parent) = full_path.parent() {
-    fs::create_dir_all(parent).await.with_context(|| {
-      format!(
-        "Failed to initialize dockerfile parent directory {parent:?}"
-      )
-    })?;
-  }
-
-  let access_token = if let Some(account) = &repo_args.account {
-    git_token(&repo_args.provider, account, |https| repo_args.https = https)
-    .await
-    .with_context(
-      || format!("Failed to get git token in call to db. Stopping run. | {} | {account}", repo_args.provider),
-    )?
-  } else {
-    None
-  };
-
-  // Ensure the folder is initialized as git repo.
-  // This allows a new file to be committed on a branch that may not exist.
-  if !root.join(".git").exists() {
-    git::init_folder_as_repo(
-      &root,
-      &repo_args,
-      access_token.as_deref(),
-      &mut update.logs,
-    )
-    .await;
-
-    if !all_logs_success(&update.logs) {
-      update.finalize();
-      update.id = add_update(update.clone()).await?;
-
-      return Ok(update);
-    }
-  }
-
-  // Save this for later -- repo_args moved next.
-  let branch = repo_args.branch.clone();
-  // Pull latest changes to repo to ensure linear commit history
-  match git::pull_or_clone(
-    repo_args,
-    &core_config().repo_directory,
-    access_token,
-  )
-  .await
-  .context("Failed to pull latest changes before commit")
-  {
-    Ok((res, _)) => update.logs.extend(res.logs),
-    Err(e) => {
-      update.push_error_log("Pull Repo", format_serror(&e.into()));
-      update.finalize();
-      return Ok(update);
-    }
-  };
-
-  if !all_logs_success(&update.logs) {
-    update.finalize();
-    update.id = add_update(update.clone()).await?;
-
-    return Ok(update);
-  }
-
-  if let Err(e) = mogh_secret_file::write_async(&full_path, &contents)
-    .await
-    .with_context(|| {
-      format!("Failed to write dockerfile contents to {full_path:?}")
-    })
-  {
-    update
-      .push_error_log("Write Dockerfile", format_serror(&e.into()));
-  } else {
-    update.push_simple_log(
-      "Write Dockerfile",
-      format!("File written to {full_path:?}"),
-    );
-  };
-
-  if !all_logs_success(&update.logs) {
-    update.finalize();
-    update.id = add_update(update.clone()).await?;
-
-    return Ok(update);
-  }
-
-  let commit_res = git::commit_file(
-    &format!("{}: Commit Dockerfile", args.user.username),
-    &root,
-    &build_path.join(&dockerfile_path),
-    &branch,
-  )
-  .await;
-
-  update.logs.extend(commit_res.logs);
-
-  if let Err(e) = (RefreshBuildCache { build: build.name })
-    .resolve(args)
-    .await
-  {
-    update.push_error_log(
-      "Refresh build cache",
-      format_serror(&e.error.into()),
-    );
-  }
-
-  update.finalize();
-  update.id = add_update(update.clone()).await?;
-
-  Ok(update)
-}
-
-impl Resolve<WriteArgs> for RefreshBuildCache {
   async fn resolve(
     self,
     WriteArgs { user }: &WriteArgs,
-  ) -> mogh_error::Result<NoData> {
+  ) -> serror::Result<NoData> {
     // Even though this is a write request, this doesn't change any config. Anyone that can execute the
     // build should be able to do this.
-    let build = get_check_permissions::<Build>(
+    let build = resource::get_check_permissions::<Build>(
       &self.build,
       user,
-      PermissionLevel::Execute.into(),
+      PermissionLevel::Execute,
     )
     .await?;
 
-    let repo = if !build.config.files_on_host
-      && !build.config.linked_repo.is_empty()
+    if build.config.repo.is_empty()
+      || build.config.git_provider.is_empty()
     {
-      crate::resource::get::<Repo>(&build.config.linked_repo)
-        .await?
-        .into()
+      // Nothing to do here
+      return Ok(NoData {});
+    }
+
+    let config = core_config();
+
+    let mut clone_args: CloneArgs = (&build).into();
+    let repo_path =
+      clone_args.unique_path(&core_config().repo_directory)?;
+    clone_args.destination = Some(repo_path.display().to_string());
+    // Don't want to run these on core.
+    clone_args.on_clone = None;
+    clone_args.on_pull = None;
+
+    let access_token = if let Some(username) = &clone_args.account {
+      git_token(&clone_args.provider, username, |https| {
+          clone_args.https = https
+        })
+        .await
+        .with_context(
+          || format!("Failed to get git token in call to db. Stopping run. | {} | {username}", clone_args.provider),
+        )?
     } else {
       None
     };
 
-    let RemoteDockerfileContents {
-      path,
-      contents,
-      error,
-      hash,
-      message,
-    } = if build.config.files_on_host {
-      // =============
-      // FILES ON HOST
-      // =============
-      match get_on_host_dockerfile(&build).await {
-        Ok(FileContents { path, contents }) => {
-          RemoteDockerfileContents {
-            path: Some(path),
-            contents: Some(contents),
-            ..Default::default()
-          }
-        }
-        Err(e) => RemoteDockerfileContents {
-          error: Some(format_serror(&e.into())),
-          ..Default::default()
-        },
-      }
-    } else if let Some(repo) = &repo {
-      let Some(res) = get_git_remote(&build, repo.into()).await?
-      else {
-        // Nothing to do here
-        return Ok(NoData {});
-      };
-      res
-    } else if !build.config.repo.is_empty() {
-      let Some(res) = get_git_remote(&build, (&build).into()).await?
-      else {
-        // Nothing to do here
-        return Ok(NoData {});
-      };
-      res
-    } else {
-      // =============
-      // UI BASED FILE
-      // =============
-      RemoteDockerfileContents::default()
-    };
+    let GitRes {
+      hash: latest_hash,
+      message: latest_message,
+      ..
+    } = git::pull_or_clone(
+      clone_args,
+      &config.repo_directory,
+      access_token,
+      &[],
+      "",
+      None,
+      &[],
+    )
+    .await
+    .context("failed to clone build repo")?;
 
     let info = BuildInfo {
       last_built_at: build.info.last_built_at,
       built_hash: build.info.built_hash,
       built_message: build.info.built_message,
-      built_contents: build.info.built_contents,
-      remote_path: path,
-      remote_contents: contents,
-      remote_error: error,
-      latest_hash: hash,
-      latest_message: message,
+      latest_hash,
+      latest_message,
     };
 
     let info = to_document(&info)
@@ -465,143 +176,200 @@ impl Resolve<WriteArgs> for RefreshBuildCache {
   }
 }
 
-async fn get_on_host_periphery(
-  build: &Build,
-) -> anyhow::Result<PeripheryClient> {
-  if build.config.builder_id.is_empty() {
-    return Err(anyhow!("No builder associated with build"));
-  }
-
-  let builder = resource::get::<Builder>(&build.config.builder_id)
-    .await
-    .context("Failed to get builder")?;
-
-  match builder.config {
-    BuilderConfig::Aws(_) => {
-      Err(anyhow!("Files on host doesn't work with AWS builder"))
-    }
-    BuilderConfig::Url(config) => {
-      // TODO: Ensure connection is actually established.
-      // Builder id no good because it may be active for multiple connections.
-      let periphery = PeripheryClient::new(
-        PeripheryConnectionArgs::from_url_builder(
-          &ObjectId::new().to_hex(),
-          &config,
-        ),
-        config.insecure_tls,
-      )
-      .await?;
-      // Poll for connection to be estalished
-      let mut err = None;
-      for _ in 0..10 {
-        tokio::time::sleep(Duration::from_secs(1)).await;
-        match periphery.health_check().await {
-          Ok(_) => return Ok(periphery),
-          Err(e) => err = Some(e),
-        };
-      }
-      Err(err.context("Missing error")?)
-    }
-    BuilderConfig::Server(config) => {
-      if config.server_id.is_empty() {
-        return Err(anyhow!(
-          "Builder is type server, but has no server attached"
-        ));
-      }
-      let (server, state) =
-        get_server_with_state(&config.server_id).await?;
-      if state != ServerState::Ok {
-        return Err(anyhow!(
-          "Builder server is disabled or not reachable"
-        ));
-      };
-      periphery_client(&server).await
-    }
-  }
-}
-
-/// The successful case will be included as Some(remote_contents).
-/// The error case will be included as Some(remote_error)
-async fn get_on_host_dockerfile(
-  build: &Build,
-) -> anyhow::Result<FileContents> {
-  get_on_host_periphery(build)
-    .await?
-    .request(GetDockerfileContentsOnHost {
-      name: build.name.clone(),
-      build_path: build.config.build_path.clone(),
-      dockerfile_path: build.config.dockerfile_path.clone(),
-    })
-    .await
-}
-
-async fn get_git_remote(
-  build: &Build,
-  mut clone_args: RepoExecutionArgs,
-) -> anyhow::Result<Option<RemoteDockerfileContents>> {
-  if clone_args.provider.is_empty() {
-    // Nothing to do here
-    return Ok(None);
-  }
-  let config = core_config();
-  let repo_path = clone_args.unique_path(&config.repo_directory)?;
-  clone_args.destination = Some(repo_path.display().to_string());
-
-  let access_token = if let Some(username) = &clone_args.account {
-    git_token(&clone_args.provider, username, |https| {
-          clone_args.https = https
-        })
-        .await
-        .with_context(
-          || format!("Failed to get git token in call to db. Stopping run. | {} | {username}", clone_args.provider),
-        )?
-  } else {
-    None
-  };
-
-  let (res, _) = git::pull_or_clone(
-    clone_args,
-    &config.repo_directory,
-    access_token,
-  )
-  .await
-  .context("Failed to clone Build repo")?;
-
-  // Ensure clone / pull successful,
-  // propogate error log -> 'errored' and return.
-  if let Some(failure) = res.logs.iter().find(|log| !log.success) {
-    return Ok(Some(RemoteDockerfileContents {
-      path: Some(format!("Failed at: {}", failure.stage)),
-      error: Some(failure.combined()),
-      ..Default::default()
-    }));
-  }
-
-  let relative_path = PathBuf::from(&build.config.build_path)
-    .join(&build.config.dockerfile_path);
-
-  let full_path = repo_path.join(&relative_path);
-  let (contents, error) =
-    match fs::read_to_string(&full_path).await.with_context(|| {
-      format!("Failed to read dockerfile contents at {full_path:?}")
-    }) {
-      Ok(contents) => (Some(contents), None),
-      Err(e) => (None, Some(format_serror(&e.into()))),
+impl Resolve<WriteArgs> for CreateBuildWebhook {
+  #[instrument(name = "CreateBuildWebhook", skip(args))]
+  async fn resolve(
+    self,
+    args: &WriteArgs,
+  ) -> serror::Result<CreateBuildWebhookResponse> {
+    let Some(github) = github_client() else {
+      return Err(
+        anyhow!(
+          "github_webhook_app is not configured in core config toml"
+        )
+        .into(),
+      );
     };
-  Ok(Some(RemoteDockerfileContents {
-    path: Some(relative_path.display().to_string()),
-    contents,
-    error,
-    hash: res.commit_hash,
-    message: res.commit_message,
-  }))
+
+    let WriteArgs { user } = args;
+
+    let build = resource::get_check_permissions::<Build>(
+      &self.build,
+      user,
+      PermissionLevel::Write,
+    )
+    .await?;
+
+    if build.config.repo.is_empty() {
+      return Err(
+        anyhow!("No repo configured, can't create webhook").into(),
+      );
+    }
+
+    let mut split = build.config.repo.split('/');
+    let owner = split.next().context("Build repo has no owner")?;
+
+    let Some(github) = github.get(owner) else {
+      return Err(
+        anyhow!("Cannot manage repo webhooks under owner {owner}")
+          .into(),
+      );
+    };
+
+    let repo =
+      split.next().context("Build repo has no repo after the /")?;
+
+    let github_repos = github.repos();
+
+    // First make sure the webhook isn't already created (inactive ones are ignored)
+    let webhooks = github_repos
+      .list_all_webhooks(owner, repo)
+      .await
+      .context("failed to list all webhooks on repo")?
+      .body;
+
+    let CoreConfig {
+      host,
+      webhook_base_url,
+      webhook_secret,
+      ..
+    } = core_config();
+
+    let webhook_secret = if build.config.webhook_secret.is_empty() {
+      webhook_secret
+    } else {
+      &build.config.webhook_secret
+    };
+
+    let host = if webhook_base_url.is_empty() {
+      host
+    } else {
+      webhook_base_url
+    };
+    let url = format!("{host}/listener/github/build/{}", build.id);
+
+    for webhook in webhooks {
+      if webhook.active && webhook.config.url == url {
+        return Ok(NoData {});
+      }
+    }
+
+    // Now good to create the webhook
+    let request = ReposCreateWebhookRequest {
+      active: Some(true),
+      config: Some(ReposCreateWebhookRequestConfig {
+        url,
+        secret: webhook_secret.to_string(),
+        content_type: String::from("json"),
+        insecure_ssl: None,
+        digest: Default::default(),
+        token: Default::default(),
+      }),
+      events: vec![String::from("push")],
+      name: String::from("web"),
+    };
+    github_repos
+      .create_webhook(owner, repo, &request)
+      .await
+      .context("failed to create webhook")?;
+
+    if !build.config.webhook_enabled {
+      UpdateBuild {
+        id: build.id,
+        config: PartialBuildConfig {
+          webhook_enabled: Some(true),
+          ..Default::default()
+        },
+      }
+      .resolve(args)
+      .await
+      .map_err(|e| e.error)
+      .context("failed to update build to enable webhook")?;
+    }
+
+    Ok(NoData {})
+  }
 }
 
-#[derive(Default)]
-pub struct RemoteDockerfileContents {
-  pub path: Option<String>,
-  pub contents: Option<String>,
-  pub error: Option<String>,
-  pub hash: Option<String>,
-  pub message: Option<String>,
+impl Resolve<WriteArgs> for DeleteBuildWebhook {
+  #[instrument(name = "DeleteBuildWebhook", skip(user))]
+  async fn resolve(
+    self,
+    WriteArgs { user }: &WriteArgs,
+  ) -> serror::Result<DeleteBuildWebhookResponse> {
+    let Some(github) = github_client() else {
+      return Err(
+        anyhow!(
+          "github_webhook_app is not configured in core config toml"
+        )
+        .into(),
+      );
+    };
+
+    let build = resource::get_check_permissions::<Build>(
+      &self.build,
+      &user,
+      PermissionLevel::Write,
+    )
+    .await?;
+
+    if build.config.git_provider != "github.com" {
+      return Err(
+        anyhow!("Can only manage github.com repo webhooks").into(),
+      );
+    }
+
+    if build.config.repo.is_empty() {
+      return Err(
+        anyhow!("No repo configured, can't delete webhook").into(),
+      );
+    }
+
+    let mut split = build.config.repo.split('/');
+    let owner = split.next().context("Build repo has no owner")?;
+
+    let Some(github) = github.get(owner) else {
+      return Err(
+        anyhow!("Cannot manage repo webhooks under owner {owner}")
+          .into(),
+      );
+    };
+
+    let repo =
+      split.next().context("Build repo has no repo after the /")?;
+
+    let github_repos = github.repos();
+
+    let webhooks = github_repos
+      .list_all_webhooks(owner, repo)
+      .await
+      .context("failed to list all webhooks on repo")?
+      .body;
+
+    let CoreConfig {
+      host,
+      webhook_base_url,
+      ..
+    } = core_config();
+
+    let host = if webhook_base_url.is_empty() {
+      host
+    } else {
+      webhook_base_url
+    };
+    let url = format!("{host}/listener/github/build/{}", build.id);
+
+    for webhook in webhooks {
+      if webhook.active && webhook.config.url == url {
+        github_repos
+          .delete_webhook(owner, repo, webhook.id)
+          .await
+          .context("failed to delete webhook")?;
+        return Ok(NoData {});
+      }
+    }
+
+    // No webhook to delete, all good
+    Ok(NoData {})
+  }
 }

bin/core/src/api/write/builder.rs

@@ -4,87 +4,61 @@ use komodo_client::{
     builder::Builder, permission::PermissionLevel, update::Update,
   },
 };
-use mogh_resolver::Resolve;
+use resolver_api::Resolve;
 
-use crate::{permission::get_check_permissions, resource};
+use crate::resource;
 
 use super::WriteArgs;
 
 impl Resolve<WriteArgs> for CreateBuilder {
-  #[instrument(
-    "CreateBuilder",
-    skip_all,
-    fields(
-      operator = user.id,
-      builder = self.name,
-      config = serde_json::to_string(&self.config).unwrap(),
-    )
-  )]
+  #[instrument(name = "CreateBuilder", skip(user))]
   async fn resolve(
     self,
     WriteArgs { user }: &WriteArgs,
-  ) -> mogh_error::Result<Builder> {
-    resource::create::<Builder>(&self.name, self.config, None, user)
-      .await
+  ) -> serror::Result<Builder> {
+    Ok(
+      resource::create::<Builder>(&self.name, self.config, user)
+        .await?,
+    )
   }
 }
 
 impl Resolve<WriteArgs> for CopyBuilder {
-  #[instrument(
-    "CopyBuilder",
-    skip_all,
-    fields(
-      operator = user.id,
-      builder = self.name,
-      copy_builder = self.id,
-    )
-  )]
+  #[instrument(name = "CopyBuilder", skip(user))]
   async fn resolve(
     self,
     WriteArgs { user }: &WriteArgs,
-  ) -> mogh_error::Result<Builder> {
-    let Builder { config, .. } = get_check_permissions::<Builder>(
-      &self.id,
-      user,
-      PermissionLevel::Write.into(),
+  ) -> serror::Result<Builder> {
+    let Builder { config, .. } =
+      resource::get_check_permissions::<Builder>(
+        &self.id,
+        user,
+        PermissionLevel::Write,
+      )
+      .await?;
+    Ok(
+      resource::create::<Builder>(&self.name, config.into(), &user)
+        .await?,
     )
-    .await?;
-    resource::create::<Builder>(&self.name, config.into(), None, user)
-      .await
   }
 }
 
 impl Resolve<WriteArgs> for DeleteBuilder {
-  #[instrument(
-    "DeleteBuilder",
-    skip_all,
-    fields(
-      operator = user.id,
-      builder = self.id,
-    )
-  )]
+  #[instrument(name = "DeleteBuilder", skip(args))]
   async fn resolve(
     self,
-    WriteArgs { user }: &WriteArgs,
-  ) -> mogh_error::Result<Builder> {
-    Ok(resource::delete::<Builder>(&self.id, user).await?)
+    args: &WriteArgs,
+  ) -> serror::Result<Builder> {
+    Ok(resource::delete::<Builder>(&self.id, args).await?)
   }
 }
 
 impl Resolve<WriteArgs> for UpdateBuilder {
-  #[instrument(
-    "UpdateBuilder",
-    skip_all,
-    fields(
-      operator = user.id,
-      builder = self.id,
-      update = serde_json::to_string(&self.config).unwrap(),
-    )
-  )]
+  #[instrument(name = "UpdateBuilder", skip(user))]
   async fn resolve(
     self,
     WriteArgs { user }: &WriteArgs,
-  ) -> mogh_error::Result<Builder> {
+  ) -> serror::Result<Builder> {
     Ok(
       resource::update::<Builder>(&self.id, self.config, user)
         .await?,
@@ -93,19 +67,14 @@ impl Resolve<WriteArgs> for UpdateBuilder {
 }
 
 impl Resolve<WriteArgs> for RenameBuilder {
-  #[instrument(
-    "RenameBuilder",
-    skip_all,
-    fields(
-      operator = user.id,
-      builder = self.id,
-      new_name = self.name
-    )
-  )]
+  #[instrument(name = "RenameBuilder", skip(user))]
   async fn resolve(
     self,
     WriteArgs { user }: &WriteArgs,
-  ) -> mogh_error::Result<Update> {
-    Ok(resource::rename::<Builder>(&self.id, &self.name, user).await?)
+  ) -> serror::Result<Update> {
+    Ok(
+      resource::rename::<Builder>(&self.id, &self.name, &user)
+        .await?,
+    )
   }
 }

bin/core/src/api/write/deployment.rs

@@ -1,125 +1,83 @@
-use std::sync::OnceLock;
-
-use anyhow::{Context, anyhow};
-use database::mungos::{by_id::update_one_by_id, mongodb::bson::doc};
-use futures_util::{StreamExt as _, stream::FuturesOrdered};
+use anyhow::{anyhow, Context};
 use komodo_client::{
-  api::{execute::Deploy, write::*},
+  api::write::*,
   entities::{
-    Operation, ResourceTarget, SwarmOrServer,
-    alert::{Alert, AlertData, SeverityLevel},
     deployment::{
-      Deployment, DeploymentImage, DeploymentInfo, DeploymentState,
-      PartialDeploymentConfig, RestartMode, extract_registry_domain,
+      Deployment, DeploymentImage, DeploymentState,
+      PartialDeploymentConfig, RestartMode,
     },
     docker::container::RestartPolicyNameEnum,
-    komodo_timestamp, optional_string,
+    komodo_timestamp,
     permission::PermissionLevel,
     server::{Server, ServerState},
-    to_container_compatible_name,
+    to_komodo_name,
     update::Update,
-    user::{auto_redeploy_user, system_user},
+    Operation,
   },
 };
-use mogh_cache::SetCache;
-use mogh_resolver::Resolve;
+use mungos::{by_id::update_one_by_id, mongodb::bson::doc};
 use periphery_client::api::{self, container::InspectContainer};
+use resolver_api::Resolve;
 
 use crate::{
-  alert::send_alerts,
-  api::execute::{self, ExecuteRequest, ExecutionResult},
   helpers::{
     periphery_client,
-    query::{get_deployment_state, get_swarm_or_server},
-    registry_token,
-    update::{add_update, make_update, poll_update_until_complete},
-  },
-  permission::get_check_permissions,
-  resource::{
-    self, list_full_for_user_using_pattern,
-    setup_deployment_execution,
-  },
-  state::{
-    action_states, db_client, deployment_status_cache,
-    image_digest_cache, server_status_cache,
+    query::get_deployment_state,
+    update::{add_update, make_update},
   },
+  resource,
+  state::{action_states, db_client, server_status_cache},
 };
 
 use super::WriteArgs;
 
 impl Resolve<WriteArgs> for CreateDeployment {
-  #[instrument(
-    "CreateDeployment",
-    skip_all,
-    fields(
-      operator = user.id,
-      deployment = self.name,
-      config = serde_json::to_string(&self.config).unwrap(),
-    )
-  )]
+  #[instrument(name = "CreateDeployment", skip(user))]
   async fn resolve(
     self,
     WriteArgs { user }: &WriteArgs,
-  ) -> mogh_error::Result<Deployment> {
-    resource::create::<Deployment>(
-      &self.name,
-      self.config,
-      None,
-      user,
+  ) -> serror::Result<Deployment> {
+    Ok(
+      resource::create::<Deployment>(&self.name, self.config, user)
+        .await?,
     )
-    .await
   }
 }
 
 impl Resolve<WriteArgs> for CopyDeployment {
-  #[instrument(
-    "CopyDeployment",
-    skip_all,
-    fields(
-      operator = user.id,
-      deployment = self.name,
-      copy_deployment = self.id,
-    )
-  )]
+  #[instrument(name = "CopyDeployment", skip(user))]
   async fn resolve(
     self,
     WriteArgs { user }: &WriteArgs,
-  ) -> mogh_error::Result<Deployment> {
+  ) -> serror::Result<Deployment> {
     let Deployment { config, .. } =
-      get_check_permissions::<Deployment>(
+      resource::get_check_permissions::<Deployment>(
         &self.id,
         user,
-        PermissionLevel::Read.into(),
+        PermissionLevel::Write,
       )
       .await?;
-    resource::create::<Deployment>(
-      &self.name,
-      config.into(),
-      None,
-      user,
+    Ok(
+      resource::create::<Deployment>(
+        &self.name,
+        config.into(),
+        &user,
+      )
+      .await?,
     )
-    .await
   }
 }
 
 impl Resolve<WriteArgs> for CreateDeploymentFromContainer {
-  #[instrument(
-    "CreateDeploymentFromContainer",
-    skip_all,
-    fields(
-      operator = user.id,
-      server = self.server,
-      deployment = self.name,
-    )
-  )]
+  #[instrument(name = "CreateDeploymentFromContainer", skip(user))]
   async fn resolve(
     self,
     WriteArgs { user }: &WriteArgs,
-  ) -> mogh_error::Result<Deployment> {
-    let server = get_check_permissions::<Server>(
+  ) -> serror::Result<Deployment> {
+    let server = resource::get_check_permissions::<Server>(
       &self.server,
       user,
-      PermissionLevel::Read.inspect().attach(),
+      PermissionLevel::Write,
     )
     .await?;
     let cache = server_status_cache()
@@ -134,8 +92,7 @@ impl Resolve<WriteArgs> for CreateDeploymentFromContainer {
         .into(),
       );
     }
-    let container = periphery_client(&server)
-      .await?
+    let container = periphery_client(&server)?
       .request(InspectContainer {
         name: self.name.clone(),
       })
@@ -199,91 +156,46 @@ impl Resolve<WriteArgs> for CreateDeploymentFromContainer {
       });
     }
 
-    resource::create::<Deployment>(&self.name, config, None, user)
-      .await
+    Ok(
+      resource::create::<Deployment>(&self.name, config, &user)
+        .await?,
+    )
   }
 }
 
 impl Resolve<WriteArgs> for DeleteDeployment {
-  #[instrument(
-    "DeleteDeployment",
-    skip_all,
-    fields(
-      operator = user.id,
-      deployment = self.id
-    )
-  )]
+  #[instrument(name = "DeleteDeployment", skip(args))]
   async fn resolve(
     self,
-    WriteArgs { user }: &WriteArgs,
-  ) -> mogh_error::Result<Deployment> {
-    Ok(resource::delete::<Deployment>(&self.id, user).await?)
+    args: &WriteArgs,
+  ) -> serror::Result<Deployment> {
+    Ok(resource::delete::<Deployment>(&self.id, args).await?)
   }
 }
 
 impl Resolve<WriteArgs> for UpdateDeployment {
-  #[instrument(
-    "UpdateDeployment",
-    skip_all,
-    fields(
-      operator = user.id,
-      deployment = self.id,
-      update = serde_json::to_string(&self.config).unwrap(),
-    )
-  )]
+  #[instrument(name = "UpdateDeployment", skip(user))]
   async fn resolve(
     self,
     WriteArgs { user }: &WriteArgs,
-  ) -> mogh_error::Result<Deployment> {
-    // If the update changes image,
-    // also update the stored latest image digest.
-    let image_update = self
-      .config
-      .image
-      .as_ref()
-      .map(|image| image.as_image().is_some())
-      .unwrap_or_default();
-
-    let deployment =
-      resource::update::<Deployment>(&self.id, self.config, user)
-        .await?;
-
-    if image_update {
-      tokio::spawn(async move {
-        let _ = (CheckDeploymentForUpdate {
-          deployment: self.id,
-          skip_auto_update: false,
-          wait_for_auto_update: false,
-        })
-        .resolve(&WriteArgs {
-          user: system_user().to_owned(),
-        })
-        .await;
-      });
-    }
-
-    Ok(deployment)
+  ) -> serror::Result<Deployment> {
+    Ok(
+      resource::update::<Deployment>(&self.id, self.config, &user)
+        .await?,
+    )
   }
 }
 
 impl Resolve<WriteArgs> for RenameDeployment {
-  #[instrument(
-    "RenameDeployment",
-    skip_all,
-    fields(
-      operator = user.id,
-      deployment = self.id,
-      new_name = self.name,
-    )
-  )]
+  #[instrument(name = "RenameDeployment", skip(user))]
   async fn resolve(
     self,
     WriteArgs { user }: &WriteArgs,
-  ) -> mogh_error::Result<Update> {
-    let deployment = get_check_permissions::<Deployment>(
+  ) -> serror::Result<Update> {
+    let deployment = resource::get_check_permissions::<Deployment>(
       &self.id,
       user,
-      PermissionLevel::Write.into(),
+      PermissionLevel::Write,
     )
     .await?;
 
@@ -298,10 +210,9 @@ impl Resolve<WriteArgs> for RenameDeployment {
     let _action_guard =
       action_state.update(|state| state.renaming = true)?;
 
-    let name = to_container_compatible_name(&self.name);
+    let name = to_komodo_name(&self.name);
 
-    let container_state =
-      get_deployment_state(&deployment.id).await?;
+    let container_state = get_deployment_state(&deployment).await?;
 
     if container_state == DeploymentState::Unknown {
       return Err(
@@ -313,12 +224,12 @@ impl Resolve<WriteArgs> for RenameDeployment {
     }
 
     let mut update =
-      make_update(&deployment, Operation::RenameDeployment, user);
+      make_update(&deployment, Operation::RenameDeployment, &user);
 
     update_one_by_id(
       &db_client().deployments,
       &deployment.id,
-      database::mungos::update::Update::Set(
+      mungos::update::Update::Set(
         doc! { "name": &name, "updated_at": komodo_timestamp() },
       ),
       None,
@@ -329,8 +240,7 @@ impl Resolve<WriteArgs> for RenameDeployment {
     if container_state != DeploymentState::NotDeployed {
       let server =
         resource::get::<Server>(&deployment.config.server_id).await?;
-      let log = periphery_client(&server)
-        .await?
+      let log = periphery_client(&server)?
         .request(api::container::RenameContainer {
           curr_name: deployment.name.clone(),
           new_name: name.clone(),
@@ -353,322 +263,3 @@ impl Resolve<WriteArgs> for RenameDeployment {
     Ok(update)
   }
 }
-
-//
-
-impl Resolve<WriteArgs> for CheckDeploymentForUpdate {
-  #[instrument(
-    "CheckDeploymentForUpdate",
-    skip_all,
-    fields(
-      operator = user.id,
-      deployment = self.deployment,
-      skip_auto_update = self.skip_auto_update,
-      wait_for_auto_update = self.wait_for_auto_update,
-    )
-  )]
-  async fn resolve(
-    self,
-    WriteArgs { user }: &WriteArgs,
-  ) -> mogh_error::Result<Self::Response> {
-    // Even though this is a write request, this doesn't change any config. Anyone that can execute the
-    // deployment should be able to do this.
-    let (deployment, swarm_or_server) = setup_deployment_execution(
-      &self.deployment,
-      user,
-      PermissionLevel::Execute.into(),
-    )
-    .await?;
-
-    swarm_or_server.verify_has_target()?;
-
-    check_deployment_for_update_inner(
-      deployment,
-      &swarm_or_server,
-      self.skip_auto_update,
-      self.wait_for_auto_update,
-    )
-    .await
-    .map_err(Into::into)
-  }
-}
-
-/// If it goes down the "update available" path,
-/// only send alert if deployment id is not in this cache.
-/// If alert is sent, add ID to cache.
-/// If later it goes down non "update available" path,
-/// remove the id from cache, so next time it does another alert
-/// will be sent.
-fn deployment_alert_sent_cache() -> &'static SetCache<String> {
-  static CACHE: OnceLock<SetCache<String>> = OnceLock::new();
-  CACHE.get_or_init(Default::default)
-}
-
-/// Checks remote registry for latest image digest,
-/// and saves it to database associated with the deployment.
-///
-/// Returns true if update is available and auto deploy is false.
-/// If auto deploy is true, this will deploy.
-#[instrument(
-  "CheckDeploymentForUpdateInner",
-  skip_all,
-  fields(
-    deployment = deployment.id,
-    skip_auto_update,
-    wait_for_auto_update,
-  )
-)]
-pub async fn check_deployment_for_update_inner(
-  deployment: Deployment,
-  swarm_or_server: &SwarmOrServer,
-  skip_auto_update: bool,
-  // Otherwise spawns task to run in background
-  wait_for_auto_update: bool,
-) -> anyhow::Result<CheckDeploymentForUpdateResponse> {
-  let alert_cache = deployment_alert_sent_cache();
-
-  let (image, account, token) = match &deployment.config.image {
-    DeploymentImage::Image { image } => {
-      if image.contains('@') {
-        // Images with a hardcoded digest can't have update.
-        return Ok(CheckDeploymentForUpdateResponse {
-          deployment: deployment.id,
-          update_available: false,
-        });
-      }
-      let domain = extract_registry_domain(&image)?;
-      let account =
-        optional_string(&deployment.config.image_registry_account);
-      let token = if let Some(account) = &account {
-        registry_token(&domain, account).await?
-      } else {
-        None
-      };
-      (image, account, token)
-    }
-    DeploymentImage::Build { .. } => {
-      alert_cache.remove(&deployment.id).await;
-      // This method not used for build based deployments
-      // as deployed version vs built version can be inferred from Updates.
-      return Ok(CheckDeploymentForUpdateResponse {
-        deployment: deployment.id,
-        update_available: false,
-      });
-    }
-  };
-
-  let latest_digest = image_digest_cache()
-    .get(&swarm_or_server, &image, account, token)
-    .await?;
-
-  resource::update_info::<Deployment>(
-    &deployment.id,
-    &DeploymentInfo {
-      latest_image_digest: latest_digest.clone(),
-    },
-  )
-  .await?;
-
-  let Some((state, Some(current_digests))) =
-    deployment_status_cache()
-      .get(&deployment.id)
-      .await
-      .map(|s| (s.curr.state, s.curr.image_digests.clone()))
-  else {
-    alert_cache.remove(&deployment.id).await;
-    return Ok(CheckDeploymentForUpdateResponse {
-      deployment: deployment.id,
-      update_available: false,
-    });
-  };
-
-  // If not running or latest digest matches current, early return
-  if !matches!(state, DeploymentState::Running)
-    || !latest_digest.update_available(&current_digests)
-  {
-    alert_cache.remove(&deployment.id).await;
-    return Ok(CheckDeploymentForUpdateResponse {
-      deployment: deployment.id,
-      update_available: false,
-    });
-  }
-
-  if !skip_auto_update && deployment.config.auto_update {
-    // Trigger deploy + alert
-
-    // Conservatively remove from alert cache so 'skip_auto_update'
-    // doesn't cause alerts not to be sent on subsequent calls.
-    alert_cache.remove(&deployment.id).await;
-
-    let swarm_id = swarm_or_server.swarm_id().map(str::to_string);
-    let swarm_name = swarm_or_server.swarm_name().map(str::to_string);
-    let server_id = swarm_or_server.server_id().map(str::to_string);
-    let server_name =
-      swarm_or_server.server_name().map(str::to_string);
-    let id = deployment.id.clone();
-    let name = deployment.name.clone();
-    let image = image.clone();
-
-    let run = async move {
-      match execute::inner_handler(
-        ExecuteRequest::Deploy(Deploy {
-          deployment: name.clone(),
-          stop_signal: None,
-          stop_time: None,
-        }),
-        auto_redeploy_user().to_owned(),
-      )
-      .await
-      {
-        Ok(res) => {
-          let ExecutionResult::Single(update) = res else {
-            unreachable!()
-          };
-          let Ok(update) =
-            poll_update_until_complete(&update.id).await
-          else {
-            return;
-          };
-          if update.success {
-            let ts = komodo_timestamp();
-            let alert = Alert {
-              id: Default::default(),
-              ts,
-              resolved: true,
-              resolved_ts: ts.into(),
-              level: SeverityLevel::Ok,
-              target: ResourceTarget::Deployment(id.clone()),
-              data: AlertData::DeploymentAutoUpdated {
-                id,
-                name,
-                swarm_id,
-                swarm_name,
-                server_id,
-                server_name,
-                image,
-              },
-            };
-            let res = db_client().alerts.insert_one(&alert).await;
-            if let Err(e) = res {
-              error!(
-                "Failed to record DeploymentAutoUpdated to db | {e:#}"
-              );
-            }
-            send_alerts(&[alert]).await;
-          }
-        }
-        Err(e) => {
-          warn!("Failed to auto update Deployment {name} | {e:#}",)
-        }
-      }
-    };
-
-    if wait_for_auto_update {
-      run.await
-    } else {
-      tokio::spawn(run);
-    }
-  } else {
-    // Avoid spamming alerts
-    if alert_cache.contains(&deployment.id).await {
-      return Ok(CheckDeploymentForUpdateResponse {
-        deployment: deployment.id,
-        update_available: true,
-      });
-    }
-    alert_cache.insert(deployment.id.clone()).await;
-    let ts = komodo_timestamp();
-    let alert = Alert {
-      id: Default::default(),
-      ts,
-      resolved: true,
-      resolved_ts: ts.into(),
-      level: SeverityLevel::Ok,
-      target: ResourceTarget::Deployment(deployment.id.clone()),
-      data: AlertData::DeploymentImageUpdateAvailable {
-        id: deployment.id.clone(),
-        name: deployment.name.clone(),
-        swarm_id: swarm_or_server.swarm_id().map(str::to_string),
-        swarm_name: swarm_or_server.swarm_name().map(str::to_string),
-        server_id: swarm_or_server.server_id().map(str::to_string),
-        server_name: swarm_or_server
-          .server_name()
-          .map(str::to_string),
-        image: image.clone(),
-      },
-    };
-    let res = db_client().alerts.insert_one(&alert).await;
-    if let Err(e) = res {
-      error!(
-        "Failed to record DeploymentImageUpdateAvailable to db | {e:#}"
-      );
-    }
-    send_alerts(&[alert]).await;
-  }
-
-  Ok(CheckDeploymentForUpdateResponse {
-    deployment: deployment.id,
-    update_available: !deployment.config.auto_update,
-  })
-}
-
-//
-
-impl Resolve<WriteArgs> for BatchCheckDeploymentForUpdate {
-  #[instrument(
-    "BatchCheckDeploymentForUpdate",
-    skip_all,
-    fields(
-      operator = user.id,
-      pattern = self.pattern,
-      skip_auto_update = self.skip_auto_update,
-      wait_for_auto_update = self.wait_for_auto_update,
-    )
-  )]
-  async fn resolve(
-    self,
-    WriteArgs { user }: &WriteArgs,
-  ) -> Result<Self::Response, Self::Error> {
-    let deployments = list_full_for_user_using_pattern::<Deployment>(
-      &self.pattern,
-      Default::default(),
-      user,
-      PermissionLevel::Execute.into(),
-      &[],
-    )
-    .await?;
-
-    let res = deployments
-      .into_iter()
-      .map(|deployment| async move {
-        let swarm_or_server = get_swarm_or_server(
-          &deployment.config.swarm_id,
-          &deployment.config.server_id,
-        )
-        .await?;
-        swarm_or_server.verify_has_target().map_err(|e| e.error)?;
-        check_deployment_for_update_inner(
-          deployment,
-          &swarm_or_server,
-          self.skip_auto_update,
-          self.wait_for_auto_update,
-        )
-        .await
-      })
-      .collect::<FuturesOrdered<_>>()
-      .collect::<Vec<_>>()
-      .await
-      .into_iter()
-      .filter_map(|res| {
-        res
-          .inspect_err(|e| {
-            warn!(
-              "Failed to check deployment for update in batch run | {e:#}"
-            )
-          })
-          .ok()
-      })
-      .collect();
-    Ok(res)
-  }
-}

bin/core/src/api/write/description.rs

@@ -0,0 +1,123 @@
+use anyhow::anyhow;
+use komodo_client::{
+  api::write::{UpdateDescription, UpdateDescriptionResponse},
+  entities::{
+    action::Action, alerter::Alerter, build::Build, builder::Builder,
+    deployment::Deployment, procedure::Procedure, repo::Repo,
+    server::Server, server_template::ServerTemplate, stack::Stack,
+    sync::ResourceSync, ResourceTarget,
+  },
+};
+use resolver_api::Resolve;
+
+use crate::resource;
+
+use super::WriteArgs;
+
+impl Resolve<WriteArgs> for UpdateDescription {
+  #[instrument(name = "UpdateDescription", skip(user))]
+  async fn resolve(
+    self,
+    WriteArgs { user }: &WriteArgs,
+  ) -> serror::Result<UpdateDescriptionResponse> {
+    match self.target {
+      ResourceTarget::System(_) => {
+        return Err(
+          anyhow!(
+            "cannot update description of System resource target"
+          )
+          .into(),
+        )
+      }
+      ResourceTarget::Server(id) => {
+        resource::update_description::<Server>(
+          &id,
+          &self.description,
+          &user,
+        )
+        .await?;
+      }
+      ResourceTarget::Deployment(id) => {
+        resource::update_description::<Deployment>(
+          &id,
+          &self.description,
+          &user,
+        )
+        .await?;
+      }
+      ResourceTarget::Build(id) => {
+        resource::update_description::<Build>(
+          &id,
+          &self.description,
+          &user,
+        )
+        .await?;
+      }
+      ResourceTarget::Repo(id) => {
+        resource::update_description::<Repo>(
+          &id,
+          &self.description,
+          &user,
+        )
+        .await?;
+      }
+      ResourceTarget::Builder(id) => {
+        resource::update_description::<Builder>(
+          &id,
+          &self.description,
+          &user,
+        )
+        .await?;
+      }
+      ResourceTarget::Alerter(id) => {
+        resource::update_description::<Alerter>(
+          &id,
+          &self.description,
+          &user,
+        )
+        .await?;
+      }
+      ResourceTarget::Procedure(id) => {
+        resource::update_description::<Procedure>(
+          &id,
+          &self.description,
+          &user,
+        )
+        .await?;
+      }
+      ResourceTarget::Action(id) => {
+        resource::update_description::<Action>(
+          &id,
+          &self.description,
+          &user,
+        )
+        .await?;
+      }
+      ResourceTarget::ServerTemplate(id) => {
+        resource::update_description::<ServerTemplate>(
+          &id,
+          &self.description,
+          &user,
+        )
+        .await?;
+      }
+      ResourceTarget::ResourceSync(id) => {
+        resource::update_description::<ResourceSync>(
+          &id,
+          &self.description,
+          &user,
+        )
+        .await?;
+      }
+      ResourceTarget::Stack(id) => {
+        resource::update_description::<Stack>(
+          &id,
+          &self.description,
+          &user,
+        )
+        .await?;
+      }
+    }
+    Ok(UpdateDescriptionResponse {})
+  }
+}

bin/core/src/api/write/mod.rs

@@ -1,101 +1,86 @@
+use std::time::Instant;
+
 use anyhow::Context;
-use axum::{
-  Extension, Router, extract::Path, middleware, routing::post,
-};
+use axum::{middleware, routing::post, Extension, Router};
+use derive_variants::{EnumVariants, ExtractVariant};
 use komodo_client::{api::write::*, entities::user::User};
-use mogh_auth_server::middleware::authenticate_request;
-use mogh_error::Json;
-use mogh_error::Response;
-use mogh_resolver::Resolve;
+use resolver_api::Resolve;
+use response::Response;
 use serde::{Deserialize, Serialize};
-use serde_json::json;
-use strum::Display;
-use strum::EnumDiscriminants;
+use serror::Json;
 use typeshare::typeshare;
 use uuid::Uuid;
 
-use crate::auth::KomodoAuthImpl;
-
-use super::Variant;
+use crate::auth::auth_request;
 
 mod action;
-mod alert;
 mod alerter;
 mod build;
 mod builder;
 mod deployment;
-mod onboarding;
+mod description;
 mod permissions;
 mod procedure;
 mod provider;
 mod repo;
-mod resource;
 mod server;
+mod server_template;
 mod service_user;
 mod stack;
-mod swarm;
 mod sync;
 mod tag;
-mod terminal;
 mod user;
 mod user_group;
 mod variable;
 
-pub use {
-  deployment::check_deployment_for_update_inner,
-  stack::check_stack_for_update_inner,
-};
-
 pub struct WriteArgs {
   pub user: User,
 }
 
 #[typeshare]
 #[derive(
-  Serialize, Deserialize, Debug, Clone, Resolve, EnumDiscriminants,
+  Serialize, Deserialize, Debug, Clone, Resolve, EnumVariants,
 )]
-#[strum_discriminants(name(WriteRequestVariant), derive(Display))]
+#[variant_derive(Debug)]
 #[args(WriteArgs)]
 #[response(Response)]
-#[error(mogh_error::Error)]
+#[error(serror::Error)]
 #[serde(tag = "type", content = "params")]
 pub enum WriteRequest {
-  // ==== RESOURCE ====
-  UpdateResourceMeta(UpdateResourceMeta),
+  // ==== USER ====
+  UpdateUserUsername(UpdateUserUsername),
+  UpdateUserPassword(UpdateUserPassword),
+  DeleteUser(DeleteUser),
 
-  // ==== SWARM ====
-  CreateSwarm(CreateSwarm),
-  CopySwarm(CopySwarm),
-  DeleteSwarm(DeleteSwarm),
-  UpdateSwarm(UpdateSwarm),
-  RenameSwarm(RenameSwarm),
+  // ==== SERVICE USER ====
+  CreateServiceUser(CreateServiceUser),
+  UpdateServiceUserDescription(UpdateServiceUserDescription),
+  CreateApiKeyForServiceUser(CreateApiKeyForServiceUser),
+  DeleteApiKeyForServiceUser(DeleteApiKeyForServiceUser),
+
+  // ==== USER GROUP ====
+  CreateUserGroup(CreateUserGroup),
+  RenameUserGroup(RenameUserGroup),
+  DeleteUserGroup(DeleteUserGroup),
+  AddUserToUserGroup(AddUserToUserGroup),
+  RemoveUserFromUserGroup(RemoveUserFromUserGroup),
+  SetUsersInUserGroup(SetUsersInUserGroup),
+
+  // ==== PERMISSIONS ====
+  UpdateUserAdmin(UpdateUserAdmin),
+  UpdateUserBasePermissions(UpdateUserBasePermissions),
+  UpdatePermissionOnResourceType(UpdatePermissionOnResourceType),
+  UpdatePermissionOnTarget(UpdatePermissionOnTarget),
+
+  // ==== DESCRIPTION ====
+  UpdateDescription(UpdateDescription),
 
   // ==== SERVER ====
   CreateServer(CreateServer),
-  CopyServer(CopyServer),
   DeleteServer(DeleteServer),
   UpdateServer(UpdateServer),
   RenameServer(RenameServer),
   CreateNetwork(CreateNetwork),
-  UpdateServerPublicKey(UpdateServerPublicKey),
-  RotateServerKeys(RotateServerKeys),
-
-  // ==== TERMINAL ====
-  CreateTerminal(CreateTerminal),
-  DeleteTerminal(DeleteTerminal),
-  DeleteAllTerminals(DeleteAllTerminals),
-  BatchDeleteAllTerminals(BatchDeleteAllTerminals),
-
-  // ==== STACK ====
-  CreateStack(CreateStack),
-  CopyStack(CopyStack),
-  DeleteStack(DeleteStack),
-  UpdateStack(UpdateStack),
-  RenameStack(RenameStack),
-  WriteStackFileContents(WriteStackFileContents),
-  RefreshStackCache(RefreshStackCache),
-  CheckStackForUpdate(CheckStackForUpdate),
-  BatchCheckStackForUpdate(BatchCheckStackForUpdate),
 
   // ==== DEPLOYMENT ====
   CreateDeployment(CreateDeployment),
@@ -104,8 +89,6 @@ pub enum WriteRequest {
   DeleteDeployment(DeleteDeployment),
   UpdateDeployment(UpdateDeployment),
   RenameDeployment(RenameDeployment),
-  CheckDeploymentForUpdate(CheckDeploymentForUpdate),
-  BatchCheckDeploymentForUpdate(BatchCheckDeploymentForUpdate),
 
   // ==== BUILD ====
   CreateBuild(CreateBuild),
@@ -113,8 +96,23 @@ pub enum WriteRequest {
   DeleteBuild(DeleteBuild),
   UpdateBuild(UpdateBuild),
   RenameBuild(RenameBuild),
-  WriteBuildFileContents(WriteBuildFileContents),
   RefreshBuildCache(RefreshBuildCache),
+  CreateBuildWebhook(CreateBuildWebhook),
+  DeleteBuildWebhook(DeleteBuildWebhook),
+
+  // ==== BUILDER ====
+  CreateBuilder(CreateBuilder),
+  CopyBuilder(CopyBuilder),
+  DeleteBuilder(DeleteBuilder),
+  UpdateBuilder(UpdateBuilder),
+  RenameBuilder(RenameBuilder),
+
+  // ==== SERVER TEMPLATE ====
+  CreateServerTemplate(CreateServerTemplate),
+  CopyServerTemplate(CopyServerTemplate),
+  DeleteServerTemplate(DeleteServerTemplate),
+  UpdateServerTemplate(UpdateServerTemplate),
+  RenameServerTemplate(RenameServerTemplate),
 
   // ==== REPO ====
   CreateRepo(CreateRepo),
@@ -123,6 +121,15 @@ pub enum WriteRequest {
   UpdateRepo(UpdateRepo),
   RenameRepo(RenameRepo),
   RefreshRepoCache(RefreshRepoCache),
+  CreateRepoWebhook(CreateRepoWebhook),
+  DeleteRepoWebhook(DeleteRepoWebhook),
+
+  // ==== ALERTER ====
+  CreateAlerter(CreateAlerter),
+  CopyAlerter(CopyAlerter),
+  DeleteAlerter(DeleteAlerter),
+  UpdateAlerter(UpdateAlerter),
+  RenameAlerter(RenameAlerter),
 
   // ==== PROCEDURE ====
   CreateProcedure(CreateProcedure),
@@ -147,58 +154,25 @@ pub enum WriteRequest {
   WriteSyncFileContents(WriteSyncFileContents),
   CommitSync(CommitSync),
   RefreshResourceSyncPending(RefreshResourceSyncPending),
+  CreateSyncWebhook(CreateSyncWebhook),
+  DeleteSyncWebhook(DeleteSyncWebhook),
 
-  // ==== BUILDER ====
-  CreateBuilder(CreateBuilder),
-  CopyBuilder(CopyBuilder),
-  DeleteBuilder(DeleteBuilder),
-  UpdateBuilder(UpdateBuilder),
-  RenameBuilder(RenameBuilder),
-
-  // ==== ALERTER ====
-  CreateAlerter(CreateAlerter),
-  CopyAlerter(CopyAlerter),
-  DeleteAlerter(DeleteAlerter),
-  UpdateAlerter(UpdateAlerter),
-  RenameAlerter(RenameAlerter),
-
-  // ==== ONBOARDING KEY ====
-  CreateOnboardingKey(CreateOnboardingKey),
-  UpdateOnboardingKey(UpdateOnboardingKey),
-  DeleteOnboardingKey(DeleteOnboardingKey),
-
-  // ==== USER ====
-  PushRecentlyViewed(PushRecentlyViewed),
-  SetLastSeenUpdate(SetLastSeenUpdate),
-  CreateLocalUser(CreateLocalUser),
-  DeleteUser(DeleteUser),
-
-  // ==== SERVICE USER ====
-  CreateServiceUser(CreateServiceUser),
-  UpdateServiceUserDescription(UpdateServiceUserDescription),
-  CreateApiKeyForServiceUser(CreateApiKeyForServiceUser),
-  DeleteApiKeyForServiceUser(DeleteApiKeyForServiceUser),
-
-  // ==== USER GROUP ====
-  CreateUserGroup(CreateUserGroup),
-  RenameUserGroup(RenameUserGroup),
-  DeleteUserGroup(DeleteUserGroup),
-  AddUserToUserGroup(AddUserToUserGroup),
-  RemoveUserFromUserGroup(RemoveUserFromUserGroup),
-  SetUsersInUserGroup(SetUsersInUserGroup),
-  SetEveryoneUserGroup(SetEveryoneUserGroup),
-
-  // ==== PERMISSIONS ====
-  UpdateUserAdmin(UpdateUserAdmin),
-  UpdateUserBasePermissions(UpdateUserBasePermissions),
-  UpdatePermissionOnResourceType(UpdatePermissionOnResourceType),
-  UpdatePermissionOnTarget(UpdatePermissionOnTarget),
+  // ==== STACK ====
+  CreateStack(CreateStack),
+  CopyStack(CopyStack),
+  DeleteStack(DeleteStack),
+  UpdateStack(UpdateStack),
+  RenameStack(RenameStack),
+  WriteStackFileContents(WriteStackFileContents),
+  RefreshStackCache(RefreshStackCache),
+  CreateStackWebhook(CreateStackWebhook),
+  DeleteStackWebhook(DeleteStackWebhook),
 
   // ==== TAG ====
   CreateTag(CreateTag),
   DeleteTag(DeleteTag),
   RenameTag(RenameTag),
-  UpdateTagColor(UpdateTagColor),
+  UpdateTagsOnResource(UpdateTagsOnResource),
 
   // ==== VARIABLE ====
   CreateVariable(CreateVariable),
@@ -207,70 +181,63 @@ pub enum WriteRequest {
   UpdateVariableIsSecret(UpdateVariableIsSecret),
   DeleteVariable(DeleteVariable),
 
-  // ==== PROVIDER ====
+  // ==== PROVIDERS ====
   CreateGitProviderAccount(CreateGitProviderAccount),
   UpdateGitProviderAccount(UpdateGitProviderAccount),
   DeleteGitProviderAccount(DeleteGitProviderAccount),
   CreateDockerRegistryAccount(CreateDockerRegistryAccount),
   UpdateDockerRegistryAccount(UpdateDockerRegistryAccount),
   DeleteDockerRegistryAccount(DeleteDockerRegistryAccount),
-
-  // ==== ALERT ====
-  CloseAlert(CloseAlert),
 }
 
 pub fn router() -> Router {
   Router::new()
     .route("/", post(handler))
-    .route("/{variant}", post(variant_handler))
-    .layer(middleware::from_fn(
-      authenticate_request::<KomodoAuthImpl, true>,
-    ))
-}
-
-async fn variant_handler(
-  user: Extension<User>,
-  Path(Variant { variant }): Path<Variant>,
-  Json(params): Json<serde_json::Value>,
-) -> mogh_error::Result<axum::response::Response> {
-  let req: WriteRequest = serde_json::from_value(json!({
-    "type": variant,
-    "params": params,
-  }))?;
-  handler(user, Json(req)).await
+    .layer(middleware::from_fn(auth_request))
 }
 
 async fn handler(
   Extension(user): Extension<User>,
   Json(request): Json<WriteRequest>,
-) -> mogh_error::Result<axum::response::Response> {
-  let res = tokio::spawn(task(request, user))
+) -> serror::Result<axum::response::Response> {
+  let req_id = Uuid::new_v4();
+
+  let res = tokio::spawn(task(req_id, request, user))
     .await
     .context("failure in spawned task");
 
+  if let Err(e) = &res {
+    warn!("/write request {req_id} spawn error: {e:#}");
+  }
+
   res?
 }
 
+#[instrument(
+  name = "WriteRequest",
+  skip(user, request),
+  fields(
+    user_id = user.id,
+    request = format!("{:?}", request.extract_variant())
+  )
+)]
 async fn task(
+  req_id: Uuid,
   request: WriteRequest,
   user: User,
-) -> mogh_error::Result<axum::response::Response> {
-  let req_id = Uuid::new_v4();
-  let variant: WriteRequestVariant = (&request).into();
+) -> serror::Result<axum::response::Response> {
+  info!("/write request | user: {}", user.username);
 
-  info!(
-    "WRITE REQUEST {req_id} | METHOD: {variant} | USER: {} ({})",
-    user.username, user.id
-  );
+  let timer = Instant::now();
 
   let res = request.resolve(&WriteArgs { user }).await;
 
   if let Err(e) = &res {
-    warn!(
-      "WRITE REQUEST {req_id} | METHOD: {variant} | ERROR: {:#}",
-      e.error
-    );
+    warn!("/write request {req_id} error: {:#}", e.error);
   }
 
+  let elapsed = timer.elapsed();
+  debug!("/write request {req_id} | resolve time: {elapsed:?}");
+
   res.map(|res| res.0)
 }

bin/core/src/api/write/onboarding.rs

@@ -1,208 +0,0 @@
-use anyhow::{Context, anyhow};
-use database::mungos::mongodb::bson::{Document, doc};
-use komodo_client::{
-  api::write::{
-    CreateOnboardingKey, CreateOnboardingKeyResponse,
-    DeleteOnboardingKey, DeleteOnboardingKeyResponse,
-    UpdateOnboardingKey, UpdateOnboardingKeyResponse,
-  },
-  entities::{
-    komodo_timestamp, onboarding_key::OnboardingKey, random_string,
-  },
-};
-use mogh_error::{AddStatusCode, AddStatusCodeError};
-use mogh_pki::EncodedKeyPair;
-use mogh_resolver::Resolve;
-use reqwest::StatusCode;
-
-use crate::{api::write::WriteArgs, state::db_client};
-
-//
-
-impl Resolve<WriteArgs> for CreateOnboardingKey {
-  #[instrument(
-    "CreateOnboardingKey",
-    skip_all,
-    fields(
-      operator = admin.id,
-      name = self.name,
-      expires = self.expires,
-      tags = format!("{:?}", self.tags),
-      copy_server = self.copy_server,
-      create_builder = self.create_builder,
-    )
-  )]
-  async fn resolve(
-    self,
-    WriteArgs { user: admin }: &WriteArgs,
-  ) -> mogh_error::Result<CreateOnboardingKeyResponse> {
-    if !admin.admin {
-      return Err(
-        anyhow!("This call is admin only")
-          .status_code(StatusCode::FORBIDDEN),
-      );
-    }
-    let private_key = if let Some(private_key) = self.private_key {
-      private_key
-    } else {
-      format!("O_{}_O", random_string(28))
-    };
-    let public_key = EncodedKeyPair::from_private_key(
-      mogh_pki::PkiKind::Mutual,
-      &private_key,
-    )?
-    .public
-    .into_inner();
-    let onboarding_key = OnboardingKey {
-      public_key,
-      name: self.name,
-      enabled: true,
-      onboarded: Default::default(),
-      created_at: komodo_timestamp(),
-      expires: self.expires,
-      tags: self.tags,
-      fix_existing_servers: self.fix_existing_servers,
-      copy_server: self.copy_server,
-      create_builder: self.create_builder,
-    };
-    let db = db_client();
-    // Create the key
-    db.onboarding_keys
-      .insert_one(&onboarding_key)
-      .await
-      .context(
-        "Failed to create Server onboarding key on database",
-      )?;
-    let created = db
-      .onboarding_keys
-      .find_one(doc! { "public_key": &onboarding_key.public_key })
-      .await
-      .context("Failed to query database for Server onboarding keys")?
-      .context(
-        "No Server onboarding key found on database after create",
-      )?;
-    Ok(CreateOnboardingKeyResponse {
-      private_key,
-      created,
-    })
-  }
-}
-
-//
-
-impl Resolve<WriteArgs> for UpdateOnboardingKey {
-  #[instrument(
-    "UpdateOnboardingKey",
-    skip_all,
-    fields(
-      operator = admin.id,
-      public_key = self.public_key,
-      update = format!("{:?}", self),
-    )
-  )]
-  async fn resolve(
-    self,
-    WriteArgs { user: admin }: &WriteArgs,
-  ) -> mogh_error::Result<UpdateOnboardingKeyResponse> {
-    if !admin.admin {
-      return Err(
-        anyhow!("This call is admin only")
-          .status_code(StatusCode::FORBIDDEN),
-      );
-    }
-
-    let query = doc! { "public_key": &self.public_key };
-
-    // No changes
-    if self.is_none() {
-      return db_client()
-        .onboarding_keys
-        .find_one(query)
-        .await
-        .context("Failed to query database for onboarding key")?
-        .context("No matching onboarding key found")
-        .status_code(StatusCode::NOT_FOUND);
-    }
-
-    let mut update = Document::new();
-
-    if let Some(enabled) = self.enabled {
-      update.insert("enabled", enabled);
-    }
-
-    if let Some(name) = self.name {
-      update.insert("name", name);
-    }
-
-    if let Some(expires) = self.expires {
-      update.insert("expires", expires);
-    }
-
-    if let Some(tags) = self.tags {
-      update.insert("tags", tags);
-    }
-
-    if let Some(fix_existing_servers) = self.fix_existing_servers {
-      update.insert("fix_existing_servers", fix_existing_servers);
-    }
-
-    if let Some(copy_server) = self.copy_server {
-      update.insert("copy_server", copy_server);
-    }
-
-    if let Some(create_builder) = self.create_builder {
-      update.insert("create_builder", create_builder);
-    }
-
-    db_client()
-      .onboarding_keys
-      .update_one(query.clone(), doc! { "$set": update })
-      .await
-      .context("Failed to update onboarding key on database")?;
-
-    db_client()
-      .onboarding_keys
-      .find_one(query)
-      .await
-      .context("Failed to query database for onboarding key")?
-      .context("No matching onboarding key found")
-      .status_code(StatusCode::NOT_FOUND)
-  }
-}
-
-//
-
-impl Resolve<WriteArgs> for DeleteOnboardingKey {
-  #[instrument(
-    "DeleteOnboardingKey",
-    skip_all,
-    fields(
-      operator = admin.id,
-      public_key = self.public_key,
-    )
-  )]
-  async fn resolve(
-    self,
-    WriteArgs { user: admin }: &WriteArgs,
-  ) -> mogh_error::Result<DeleteOnboardingKeyResponse> {
-    if !admin.admin {
-      return Err(
-        anyhow!("This call is admin only")
-          .status_code(StatusCode::FORBIDDEN),
-      );
-    }
-    let db = db_client();
-    let query = doc! { "public_key": &self.public_key };
-    let creation_key = db
-      .onboarding_keys
-      .find_one(query.clone())
-      .await
-      .context("Failed to query database for Server onboarding keys")?
-      .context("Server onboarding key matching provided public key not found")
-      .status_code(StatusCode::NOT_FOUND)?;
-    db.onboarding_keys.delete_one(query).await.context(
-      "Failed to delete Server onboarding key from database",
-    )?;
-    Ok(creation_key)
-  }
-}