diff --git a/Gemfile.lock b/Gemfile.lock index b2179b8e..0463a2f8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - aptible-cli (0.26.3) + aptible-cli (0.26.4) activesupport (>= 4.0, < 6.0) aptible-api (~> 1.12) aptible-auth (~> 1.4) diff --git a/lib/aptible/cli.rb b/lib/aptible/cli.rb index 56757ac5..e9683c49 100644 --- a/lib/aptible/cli.rb +++ b/lib/aptible/cli.rb @@ -7,6 +7,16 @@ require 'aptible/cli/renderer' require 'aptible/cli/resource_formatter' +# Set no_sensitive_extras=true as the default for all API resources. +# This avoids returning sensitive embedded data unless explicitly requested. +Aptible::Api::Resource.headers = + { 'Prefer' => 'no_sensitive_extras=true' } + +def with_sensitive(resource) + resource.headers['Prefer'] = 'no_sensitive_extras=false' + resource.find_by_url(resource.href) +end + module Aptible module CLI class TtyLogFormatter diff --git a/lib/aptible/cli/agent.rb b/lib/aptible/cli/agent.rb index 6bc1ff2f..8af664c9 100644 --- a/lib/aptible/cli/agent.rb +++ b/lib/aptible/cli/agent.rb @@ -92,10 +92,13 @@ def initialize(*) level = Logger::WARN debug_level = ENV['APTIBLE_DEBUG'] level = debug_level if debug_level - require 'httplog' if ENV['BUNDLER_VERSION'] && \ - ENV['APTIBLE_LOG_HTTP_REQUEST_RESPONSE'] && \ - !ENV['APTIBLE_LOG_HTTP_REQUEST_RESPONSE'] \ - .downcase.start_with?('f') + if ENV['BUNDLER_VERSION'] && \ + ENV['APTIBLE_LOG_HTTP_REQUEST_RESPONSE'] && \ + !ENV['APTIBLE_LOG_HTTP_REQUEST_RESPONSE'] \ + .downcase.start_with?('f') + require 'httplog' + HttpLog.configure { |c| c.log_headers = true } + end conf.logger.tap { |l| l.level = level } end warn_sso_enforcement diff --git a/lib/aptible/cli/helpers/database.rb b/lib/aptible/cli/helpers/database.rb index 0b79269f..2830c103 100644 --- a/lib/aptible/cli/helpers/database.rb +++ b/lib/aptible/cli/helpers/database.rb @@ -314,6 +314,9 @@ def find_credential(database, type = nil) raise Thor::Error, "Database #{database.handle} is not provisioned" end + # Maybe reload with senstive data + database = with_sensitive(database) if database.objects[:database_credentials].nil? + finder = proc { |c| c.default } finder = proc { |c| c.type == type } if type credential = database.database_credentials.find(&finder) @@ -322,14 +325,6 @@ def find_credential(database, type = nil) types = database.database_credentials.map(&:type) - # On v1, we fallback to the DB. We make sure to make --type work, to - # avoid a confusing experience for customers. - if database.account.stack.version == 'v1' - types << database.type - types.uniq! - return database if type.nil? || type == database.type - end - valid = types.join(', ') err = 'No default credential for database' @@ -365,6 +360,8 @@ def validate_image_type(type) end def render_database(database, account) + # Maybe reload with senstive data + database = with_sensitive(database) if database.connection_url.nil? Formatter.render(Renderer.current) do |root| root.keyed_object('connection_url') do |node| ResourceFormatter.inject_database(node, database, account) diff --git a/lib/aptible/cli/helpers/log_drain.rb b/lib/aptible/cli/helpers/log_drain.rb index 62c636f5..4cb036fa 100644 --- a/lib/aptible/cli/helpers/log_drain.rb +++ b/lib/aptible/cli/helpers/log_drain.rb @@ -65,7 +65,9 @@ def ensure_url(options, url_format_msg: nil) end def ensure_log_drain(account, handle) - drains = account.reload.log_drains.select { |d| d.handle == handle } + link = account.links['log_drains'].base_href + account_drains = Aptible::Api::LogDrain.all(href: link, token: fetch_token) + drains = account_drains.select { |d| d.handle == handle } if drains.empty? raise Thor::Error, "No drain found with handle #{handle}" diff --git a/lib/aptible/cli/helpers/metric_drain.rb b/lib/aptible/cli/helpers/metric_drain.rb index 9cd8e4c6..3799f327 100644 --- a/lib/aptible/cli/helpers/metric_drain.rb +++ b/lib/aptible/cli/helpers/metric_drain.rb @@ -19,6 +19,7 @@ def create_metric_drain(account, drain_opts) end def ensure_metric_drain(account, handle) + account = with_sensitive(account) drains = account.metric_drains.select { |d| d.handle == handle } if drains.empty? diff --git a/lib/aptible/cli/resource_formatter.rb b/lib/aptible/cli/resource_formatter.rb index a4a8a852..121b0b06 100644 --- a/lib/aptible/cli/resource_formatter.rb +++ b/lib/aptible/cli/resource_formatter.rb @@ -128,6 +128,8 @@ def inject_database_minimal(node, database, account) end def inject_database(node, database, account) + database = with_sensitive(database) if database.objects[:database_credentials].nil? + node.value('id', database.id) node.value('handle', database.handle) node.value('created_at', database.created_at) diff --git a/lib/aptible/cli/subcommands/db.rb b/lib/aptible/cli/subcommands/db.rb index 8656ebb9..0dbb71ab 100644 --- a/lib/aptible/cli/subcommands/db.rb +++ b/lib/aptible/cli/subcommands/db.rb @@ -335,6 +335,8 @@ def self.included(thor) return use_rds_tunnel(handle, desired_port) if aws_rds_db?(handle) database = ensure_database(options.merge(db: handle)) + # Maybe reload with senstive data + database = with_sensitive(database) if database.objects[:database_credentials].nil? credential = find_credential(database, options[:type]) m = "Creating #{credential.type} tunnel to #{database.handle}..." @@ -481,6 +483,7 @@ def self.included(thor) telemetry(__method__, options.merge(handle: handle)) database = ensure_database(options.merge(db: handle)) + credential = find_credential(database, options[:type]) Formatter.render(Renderer.current) do |root| diff --git a/lib/aptible/cli/version.rb b/lib/aptible/cli/version.rb index e8cef53e..7e0021f6 100644 --- a/lib/aptible/cli/version.rb +++ b/lib/aptible/cli/version.rb @@ -1,5 +1,5 @@ module Aptible module CLI - VERSION = '0.26.3'.freeze + VERSION = '0.26.4'.freeze end end