mirror of
https://github.com/moghtech/komodo.git
synced 2025-12-05 19:17:36 -06:00
db1cf786ac
* resolver v3
add new ec2 instance types
clean up testing config
document the libraries a bit
clean up main
update sysinfo and otel
update client resolver 3.0
resolver v3 prog
clean up gitignore
implement periphery resolver v3
clean up
core read api v3
more prog
execute api
missing apis
compiling
1.16.13
work on more granular traits
prog on crud
* fmt
* format
* resource2 not really a benefit
* axum to 0.8
* bump aws deps
* just make it 1.17.0
* clean up cors
* the komodo env file should be highest priority over additional files
* add entities / message for test alerter
* test alert implementation
* rust 1.84.0
* axum update :param to {param} syntax
* fix last axum updates
* Add test alerter button
* higher quality / colored icons
* komodo-logo
* simplify network stats
* rename Test Alerter button
* escape incoming sync backslashes (BREAKING)
* clean up rust client websocket subscription
* finish oidc comment
* show update available stack table
* update available deployment table
* feature: use the repo path instead of name in GetLatestCommit (#282)
* Update repo path handling in commit fetching
- Changed `name` to `path` for repository identification.
- Updated cache update function to use the new path field.
- Improved error message for non-directory repo paths.
* feat: use optional name and path in GetLatestCommit
* review: don't use optional for name
* review: use helper
* review: remove redundant to_string()
* 1.17.0-dev
* feature: add post_deploy command (#288)
* feature: add post_deploy command
* review: do not run post_deploy if deploy failed
* feature: interpolate secrets in custom alerter (#289)
* feature: interpolate secrets in custom alerter
* fix rust warning
* review: sanitize errors
* review: sanitize error message
* Remove .git from remote_url (#299)
Remove .git from remote_url
Co-authored-by: Deon Marshall <dmarshall@ccp.com.au>
* mbecker20 -> moghtech
* remove example from cargo toml workspace
* dev-1
* fix login screen logo
* more legible favicon
* fix new compose images
* docs new organization
* typescript subscribe_to_update_websocket
* add donate button docsite
* add config save button in desktop sidebar navigator
* add save button to config bottom
* feature: allow docker image text to overflow in table (#301)
* feature: allow docker image text to overflow in table
* review: use break-words
* wip: revert line break in css file
* feature: update devcontainer node release
* improve First Login docs
* FIx PullStack re #302 and record docker compose config on stack deploy
* requery alerts more often
* improve update indicator style and also put on home screen
* Add all services stack log
* 1.17.0-dev-2
* fix api name chnage
* choose which stack services to include in logs
* feature: improve tables quick actions on mobile (#312)
* feature: improve tables quick actions on mobile
* review: fix gap4
* review: use flex-wrap
* improve pull to git init on existing folder without .git
* Fix unclear ComposePull log re #244
* use komodo_client.subscribe_to_update_websocket, and click indicator to reconnect
* dev-3
* ServerTemplate description
* improve WriteComposeContentsToHost instrument fields
* give server stat charts labels
* filters wrap
* show provider usernames from config file
* Stack: Fix git repo new compose file initialization
* init sync file new repo
* set branch on git init folder
* ResourceSync: pending view toggle between "Execute" vs "Commit" sync direction
* Improve resource sync Execute / Pending view selector
* standardize running commands with interpolation / output sanitizations
* fix all clippy lints
* fix rand
* lock certain users username / password, prevent demo creds from being changed.
* revert to login screen whenever the call to check login fails
* ResourceSync state resolution refinement
* make sure parent directories exist whenever writing files
* don't prune images if server not enabled
* update most deps
* update openidconnect dependency, and use reqwest rustls-tls-native-roots
* dev-4
* resource sync only add escaping on toml between the """
* Stacks executions take list of services -- Auto update only redeploys services with update
* auto update all service deploy option
* dev-5 fix the stack service executions
* clean up service_args
* rust 1.85
* store sync edits on localstorage
* stack edits on localstorage and show last deployed config
* add yarn install to runfile
* Fix actions when core on https
* add update_available query parameter to filter for only stacks /deployments with available update
* rust 2024 and fmt
* rename test.compose.yaml to dev.compose.yaml, and update runfile
* update .devcontainer / dev docs for updated runfile
* use png in topbar logo, svg quality sometimes bad
* OIDC: Support PKCE auth (secret optional)
* update docs on OIDC and client secret
* cycle the oidc client on interval to ensure up to date JWKs
* add KOMODO_LOCK_LOGIN_CREDENTIALS_FOR in config doc
* update deps
* resource sync toggle resource / variable / user group inclusion independantly
* use jsonwebtoken
* improve variable value table overflow
* colored tags
* fix sync summary count ok
* default new tag colors to grey
* soften tag opacity a bit
* Update config.tsx (#358)
* isolate stacks / deployments with pending updates
* update some deps
* use Tooltip component instead of HoverCard for mobile compatibility
* batch Build builds
* link to typescript client in the intro
* add link to main docs from client docs
* doc tweaks
* use moghtech/komodo-core and moghtech/komodo-periphery as images
* remove unnecessary explicit network
* periphery.compose.yaml
* clean up periphery compose
* add link to config
* update periphery container compose config
* rust 1.85.1
* update sync docs
* 1.17.0
---------
Co-authored-by: unsync <1211591+unsync@users.noreply.github.com>
Co-authored-by: Deon Marshall <dmarshall@ccp.com.au>
Co-authored-by: komodo <komodo@komo.do>
Co-authored-by: wlatic <jamesoh@gmail.com>
345 lines
9.0 KiB
Rust
345 lines
9.0 KiB
Rust
use std::{
|
|
collections::HashSet,
|
|
path::{Path, PathBuf},
|
|
str::FromStr,
|
|
sync::OnceLock,
|
|
};
|
|
|
|
use anyhow::Context;
|
|
use command::run_komodo_command;
|
|
use komodo_client::{
|
|
api::{
|
|
execute::{BatchExecutionResponse, BatchRunAction, RunAction},
|
|
user::{CreateApiKey, CreateApiKeyResponse, DeleteApiKey},
|
|
},
|
|
entities::{
|
|
action::Action, config::core::CoreConfig,
|
|
permission::PermissionLevel, update::Update, user::action_user,
|
|
},
|
|
};
|
|
use mungos::{by_id::update_one_by_id, mongodb::bson::to_document};
|
|
use resolver_api::Resolve;
|
|
use tokio::fs;
|
|
|
|
use crate::{
|
|
api::{execute::ExecuteRequest, user::UserArgs},
|
|
config::core_config,
|
|
helpers::{
|
|
interpolate::{
|
|
add_interp_update_log,
|
|
interpolate_variables_secrets_into_string,
|
|
},
|
|
query::get_variables_and_secrets,
|
|
random_string,
|
|
update::update_update,
|
|
},
|
|
resource::{self, refresh_action_state_cache},
|
|
state::{action_states, db_client},
|
|
};
|
|
|
|
use super::ExecuteArgs;
|
|
|
|
impl super::BatchExecute for BatchRunAction {
|
|
type Resource = Action;
|
|
fn single_request(action: String) -> ExecuteRequest {
|
|
ExecuteRequest::RunAction(RunAction { action })
|
|
}
|
|
}
|
|
|
|
impl Resolve<ExecuteArgs> for BatchRunAction {
|
|
#[instrument(name = "BatchRunAction", skip(self, user), fields(user_id = user.id))]
|
|
async fn resolve(
|
|
self,
|
|
ExecuteArgs { user, .. }: &ExecuteArgs,
|
|
) -> serror::Result<BatchExecutionResponse> {
|
|
Ok(
|
|
super::batch_execute::<BatchRunAction>(&self.pattern, user)
|
|
.await?,
|
|
)
|
|
}
|
|
}
|
|
|
|
impl Resolve<ExecuteArgs> for RunAction {
|
|
#[instrument(name = "RunAction", skip(user, update), fields(user_id = user.id, update_id = update.id))]
|
|
async fn resolve(
|
|
self,
|
|
ExecuteArgs { user, update }: &ExecuteArgs,
|
|
) -> serror::Result<Update> {
|
|
let mut action = resource::get_check_permissions::<Action>(
|
|
&self.action,
|
|
user,
|
|
PermissionLevel::Execute,
|
|
)
|
|
.await?;
|
|
|
|
// get the action state for the action (or insert default).
|
|
let action_state = action_states()
|
|
.action
|
|
.get_or_insert_default(&action.id)
|
|
.await;
|
|
|
|
// This will set action state back to default when dropped.
|
|
// Will also check to ensure action not already busy before updating.
|
|
let _action_guard =
|
|
action_state.update(|state| state.running = true)?;
|
|
|
|
let mut update = update.clone();
|
|
|
|
update_update(update.clone()).await?;
|
|
|
|
let CreateApiKeyResponse { key, secret } = CreateApiKey {
|
|
name: update.id.clone(),
|
|
expires: 0,
|
|
}
|
|
.resolve(&UserArgs {
|
|
user: action_user().to_owned(),
|
|
})
|
|
.await?;
|
|
|
|
let contents = &mut action.config.file_contents;
|
|
|
|
// Wrap the file contents in the execution context.
|
|
*contents = full_contents(contents, &key, &secret);
|
|
|
|
let replacers =
|
|
interpolate(contents, &mut update, key.clone(), secret.clone())
|
|
.await?
|
|
.into_iter()
|
|
.collect::<Vec<_>>();
|
|
|
|
let file = format!("{}.ts", random_string(10));
|
|
let path = core_config().action_directory.join(&file);
|
|
|
|
if let Some(parent) = path.parent() {
|
|
fs::create_dir_all(parent)
|
|
.await
|
|
.with_context(|| format!("Failed to initialize Action file parent directory {parent:?}"))?;
|
|
}
|
|
|
|
fs::write(&path, contents).await.with_context(|| {
|
|
format!("Failed to write action file to {path:?}")
|
|
})?;
|
|
|
|
let CoreConfig { ssl_enabled, .. } = core_config();
|
|
|
|
let https_cert_flag = if *ssl_enabled {
|
|
" --unsafely-ignore-certificate-errors=localhost"
|
|
} else {
|
|
""
|
|
};
|
|
|
|
let mut res = run_komodo_command(
|
|
// Keep this stage name as is, the UI will find the latest update log by matching the stage name
|
|
"Execute Action",
|
|
None,
|
|
format!(
|
|
"deno run --allow-all{https_cert_flag} {}",
|
|
path.display()
|
|
),
|
|
)
|
|
.await;
|
|
|
|
res.stdout = svi::replace_in_string(&res.stdout, &replacers)
|
|
.replace(&key, "<ACTION_API_KEY>");
|
|
res.stderr = svi::replace_in_string(&res.stderr, &replacers)
|
|
.replace(&secret, "<ACTION_API_SECRET>");
|
|
|
|
cleanup_run(file + ".js", &path).await;
|
|
|
|
if let Err(e) = (DeleteApiKey { key })
|
|
.resolve(&UserArgs {
|
|
user: action_user().to_owned(),
|
|
})
|
|
.await
|
|
{
|
|
warn!(
|
|
"Failed to delete API key after action execution | {:#}",
|
|
e.error
|
|
);
|
|
};
|
|
|
|
update.logs.push(res);
|
|
update.finalize();
|
|
|
|
// Need to manually update the update before cache refresh,
|
|
// and before broadcast with update_update.
|
|
// The Err case of to_document should be unreachable,
|
|
// but will fail to update cache in that case.
|
|
if let Ok(update_doc) = to_document(&update) {
|
|
let _ = update_one_by_id(
|
|
&db_client().updates,
|
|
&update.id,
|
|
mungos::update::Update::Set(update_doc),
|
|
None,
|
|
)
|
|
.await;
|
|
refresh_action_state_cache().await;
|
|
}
|
|
|
|
update_update(update.clone()).await?;
|
|
|
|
Ok(update)
|
|
}
|
|
}
|
|
|
|
async fn interpolate(
|
|
contents: &mut String,
|
|
update: &mut Update,
|
|
key: String,
|
|
secret: String,
|
|
) -> serror::Result<HashSet<(String, String)>> {
|
|
let mut vars_and_secrets = get_variables_and_secrets().await?;
|
|
|
|
vars_and_secrets
|
|
.secrets
|
|
.insert(String::from("ACTION_API_KEY"), key);
|
|
vars_and_secrets
|
|
.secrets
|
|
.insert(String::from("ACTION_API_SECRET"), secret);
|
|
|
|
let mut global_replacers = HashSet::new();
|
|
let mut secret_replacers = HashSet::new();
|
|
|
|
interpolate_variables_secrets_into_string(
|
|
&vars_and_secrets,
|
|
contents,
|
|
&mut global_replacers,
|
|
&mut secret_replacers,
|
|
)?;
|
|
|
|
add_interp_update_log(update, &global_replacers, &secret_replacers);
|
|
|
|
Ok(secret_replacers)
|
|
}
|
|
|
|
fn full_contents(contents: &str, key: &str, secret: &str) -> String {
|
|
let CoreConfig {
|
|
port, ssl_enabled, ..
|
|
} = core_config();
|
|
let protocol = if *ssl_enabled { "https" } else { "http" };
|
|
let base_url = format!("{protocol}://localhost:{port}");
|
|
format!(
|
|
"import {{ KomodoClient }} from '{base_url}/client/lib.js';
|
|
import * as __YAML__ from 'jsr:@std/yaml';
|
|
import * as __TOML__ from 'jsr:@std/toml';
|
|
|
|
const YAML = {{
|
|
stringify: __YAML__.stringify,
|
|
parse: __YAML__.parse,
|
|
parseAll: __YAML__.parseAll,
|
|
parseDockerCompose: __YAML__.parse,
|
|
}}
|
|
|
|
const TOML = {{
|
|
stringify: __TOML__.stringify,
|
|
parse: __TOML__.parse,
|
|
parseResourceToml: __TOML__.parse,
|
|
parseCargoToml: __TOML__.parse,
|
|
}}
|
|
|
|
const komodo = KomodoClient('{base_url}', {{
|
|
type: 'api-key',
|
|
params: {{ key: '{key}', secret: '{secret}' }}
|
|
}});
|
|
|
|
async function main() {{
|
|
{contents}
|
|
|
|
console.log('🦎 Action completed successfully 🦎');
|
|
}}
|
|
|
|
main()
|
|
.catch(error => {{
|
|
console.error('🚨 Action exited early with errors 🚨')
|
|
if (error.status !== undefined && error.result !== undefined) {{
|
|
console.error('Status:', error.status);
|
|
console.error(JSON.stringify(error.result, null, 2));
|
|
}} else {{
|
|
console.error(JSON.stringify(error, null, 2));
|
|
}}
|
|
Deno.exit(1)
|
|
}});"
|
|
)
|
|
}
|
|
|
|
/// Cleans up file at given path.
|
|
/// ALSO if $DENO_DIR is set,
|
|
/// will clean up the generated file matching "file"
|
|
async fn cleanup_run(file: String, path: &Path) {
|
|
if let Err(e) = fs::remove_file(path).await {
|
|
warn!(
|
|
"Failed to delete action file after action execution | {e:#}"
|
|
);
|
|
}
|
|
// If $DENO_DIR is set (will be in container),
|
|
// will clean up the generated file matching "file" (NOT under path)
|
|
let Some(deno_dir) = deno_dir() else {
|
|
return;
|
|
};
|
|
delete_file(deno_dir.join("gen/file"), file).await;
|
|
}
|
|
|
|
fn deno_dir() -> Option<&'static Path> {
|
|
static DENO_DIR: OnceLock<Option<PathBuf>> = OnceLock::new();
|
|
DENO_DIR
|
|
.get_or_init(|| {
|
|
let deno_dir = std::env::var("DENO_DIR").ok()?;
|
|
PathBuf::from_str(&deno_dir).ok()
|
|
})
|
|
.as_deref()
|
|
}
|
|
|
|
/// file is just the terminating file path,
|
|
/// it may be nested multiple folder under path,
|
|
/// this will find the nested file and delete it.
|
|
/// Assumes the file is only there once.
|
|
fn delete_file(
|
|
dir: PathBuf,
|
|
file: String,
|
|
) -> std::pin::Pin<Box<dyn std::future::Future<Output = bool> + Send>>
|
|
{
|
|
Box::pin(async move {
|
|
let Ok(mut dir) = fs::read_dir(dir).await else {
|
|
return false;
|
|
};
|
|
// Collect the nested folders for recursing
|
|
// only after checking all the files in directory.
|
|
let mut folders = Vec::<PathBuf>::new();
|
|
|
|
while let Ok(Some(entry)) = dir.next_entry().await {
|
|
let Ok(meta) = entry.metadata().await else {
|
|
continue;
|
|
};
|
|
if meta.is_file() {
|
|
let Ok(name) = entry.file_name().into_string() else {
|
|
continue;
|
|
};
|
|
if name == file {
|
|
if let Err(e) = fs::remove_file(entry.path()).await {
|
|
warn!(
|
|
"Failed to clean up generated file after action execution | {e:#}"
|
|
);
|
|
};
|
|
return true;
|
|
}
|
|
} else {
|
|
folders.push(entry.path());
|
|
}
|
|
}
|
|
|
|
if folders.len() == 1 {
|
|
// unwrap ok, folders definitely is not empty
|
|
let folder = folders.pop().unwrap();
|
|
delete_file(folder, file).await
|
|
} else {
|
|
// Check folders with file.clone
|
|
for folder in folders {
|
|
if delete_file(folder, file.clone()).await {
|
|
return true;
|
|
}
|
|
}
|
|
false
|
|
}
|
|
})
|
|
}
|