Sample Dockerfile for the CLI (#22)

rmoff · gunnarmorling · web-flow · commit 247fba3fa287 · 2024-09-12T17:54:56.000+01:00
* Sample Dockerfile for the CLI

* Add declarative example

* Update cli-docker/README.adoc

Co-authored-by: Gunnar Morling &lt;gunnar.morling@googlemail.com&gt;

* Update image to include a way to generate refresh token too

* typo

* Update cli-docker/entrypoint.sh

Co-authored-by: Gunnar Morling &lt;gunnar.morling@googlemail.com&gt;

---------

Co-authored-by: Gunnar Morling &lt;gunnar.morling@googlemail.com&gt;
diff --git a/README.md b/README.md
@@ -85,6 +85,12 @@ _Decodable provides a managed PyFlink service. Learn more [here](https://docs.de
 |-------------------------------------------------------|-------------|
 | [Flink SQL Troubleshooting](troubleshooting-flinksql) | A set of Docker Compose environments for demonstrating various Flink SQL troubleshooting scenarios (see [related blog](https://www.decodable.co/blog/flink-sql-misconfiguration-misunderstanding-and-mishaps?utm_medium=github&utm_source=examples_repo&utm_campaign=blog&utm_content=troubleshooting-flinksql))|
 
+### Decodable tools
+
+| Example                                               | Description |
+|-------------------------------------------------------|-------------|
+| [Decodable CLI Docker image](cli-docker) | An example Dockerfile for running the Decodable CLI under Docker.|
+
 ## License
 
 This code base is available under the Apache License, version 2.
diff --git a/cli-docker/Dockerfile b/cli-docker/Dockerfile
@@ -0,0 +1,28 @@
+FROM amd64/ubuntu:latest
+
+# Set environment variables
+ENV DECO_CLI_VERSION=1.20.0
+ENV DECO_CLI_URL=https://releases.decodable.co/decodable-cli/linux/amd64/decodable-cli-linux-amd64-${DECO_CLI_VERSION}.tar.gz
+
+# Install necessary packages
+RUN apt-get update && \
+    apt-get install -y curl tar && \
+    rm -rf /var/lib/apt/lists/*
+
+# Download and unpack the Decodable CLI
+RUN curl -L $DECO_CLI_URL -o /tmp/decodable-cli.tar.gz && \
+    tar -xzf /tmp/decodable-cli.tar.gz -C /tmp && \
+    mv /tmp/decodable-cli-linux-amd64-${DECO_CLI_VERSION}/bin/decodable /usr/local/bin && \
+    rm -r /tmp/decodable-cli.tar.gz /tmp/decodable-cli-linux-amd64-${DECO_CLI_VERSION}
+
+# Copy the entrypoint script into the image
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+
+# Make the entrypoint script executable
+RUN chmod +x /usr/local/bin/entrypoint.sh
+
+# Verify installation
+RUN decodable --version
+
+# Set entrypoint
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
diff --git a/cli-docker/README.adoc b/cli-docker/README.adoc
@@ -0,0 +1,101 @@
+= Example container image for Decodable CLI
+
+The https://docs.decodable.co/cli.html[Decodable CLI] enables you configure, view, and control resources on your Decodable account.
+
+== Build
+
+[source,bash]
+----
+cd cli-docker
+docker build -t decodable-cli .
+----
+
+== Usage
+
+You need two configuration values:
+
+* Your Decodable **account name**
+* The **refresh token** for your account. You can obtain this by running the Docker image with the `print-refresh-token` argument:
++
+[source,bash]
+----
+docker run --rm -it                                    \
+           -e DECODABLE_ACCOUNT_NAME=<your account id> \
+           decodable-cli:latest                        \
+           print-refresh-token
+----
++
+You'll be prompted to open a URL in your web browser which will take you through the Decodable authentication process.
+After entering the supplied values you'll get a refresh token.
++
+WARNING: Anyone with refresh token can access your Decodable account. 
+Treat your refresh token as you would any other sensitive information such as passwords.
+If you invoke the Docker container as illustrated below note that the refresh token will remain on your command line history and thus be vulnerable to local access.
+
+=== Invocation
+
+[source,bash]
+----
+docker run --rm                                            \
+           -e DECODABLE_ACCOUNT_NAME=<your account id>     \
+           -e DECODABLE_REFRESH_TOKEN=<your refresh token> \
+           decodable-cli:latest                            \
+           <decodable CLI command line arguments>
+----
+
+For example:
+
+* Get CLI version
++
+[source,bash]
+----
+docker run --rm                                            \
+           -e DECODABLE_ACCOUNT_NAME=<your account id>     \
+           -e DECODABLE_REFRESH_TOKEN=<your refresh token> \
+           decodable-cli:latest                            \
+           --version
+----
+
+Show status of all resources
++
+[source,bash]
+----
+docker run --rm                                            \
+           -e DECODABLE_ACCOUNT_NAME=<your account id>     \
+           -e DECODABLE_REFRESH_TOKEN=<your refresh token> \
+           decodable-cli:latest                            \
+           query --no-spec
+----
+
+* Create and populate a secret "postgres-prod"
++
+[source,bash]
+----
+# Create the resource definition
+# Ref: https://docs.decodable.co/declarative/definitions.html#secret
+cat <<EOF > postgres-prod.yaml
+---
+kind: secret
+metadata:
+  name: postgres-prod
+  description: 🤫 The password for the Production Postgres server
+spec_version: v1
+spec:
+  value_file: ./pg_pw.txt
+EOF
+
+# Write the password to a file, which is read when
+# the resource is created
+cat <<EOF > pg_pw.txt
+hunter2
+EOF
+
+# Invoke the Decodable `apply` command
+# Ref: https://docs.decodable.co/declarative/apply.html#_how_to_use_the_apply_command
+docker run --rm                                            \
+           -e DECODABLE_ACCOUNT_NAME=<your account id>     \
+           -e DECODABLE_REFRESH_TOKEN=<your refresh token> \
+           -v $PWD:/data                                   \
+           decodable-cli:latest                            \
+           apply /data/postgres-prod.yaml
+----
diff --git a/cli-docker/entrypoint.sh b/cli-docker/entrypoint.sh
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+# write the config file if env var set
+if [ -n "$DECODABLE_ACCOUNT_NAME" ]; then
+mkdir -p ~/.decodable
+cat <<EOF > ~/.decodable/config
+version: 1.0.0
+active-profile: default
+
+profiles:
+  default:
+    account: $DECODABLE_ACCOUNT_NAME
+EOF
+else
+  echo "\n⚠️ DECODABLE_ACCOUNT_NAME not set.\n"
+  exit 1
+fi
+
+# write the auth file if env var set
+if [ -n "$DECODABLE_REFRESH_TOKEN" ]; then
+mkdir -p ~/.decodable
+cat <<EOF > ~/.decodable/auth
+version: 1.0.0
+tokens:
+    default:
+        refresh_token: $DECODABLE_REFRESH_TOKEN
+EOF
+fi
+
+# Execute the main process
+if [ "$1" = "print-refresh-token" ]; then
+  decodable login
+  echo "Refresh token: $(decodable token refresh)"
+else
+  if [ -n "$DECODABLE_REFRESH_TOKEN" ]; then
+    exec decodable "$@"
+  else
+    echo "\n⚠️ DECODABLE_REFRESH_TOKEN not set.\n👉 Use print-refresh-token to generate a refresh token.\n"
+    exit 1
+  fi
+fi
