@brunodasilvalenga

Be agnostic about the authentication part and use aws-cli to control it.

As a developer,

• Would like to perform login from azure SSO

As a developer, I would like to install the CLI in mac os platforms using brew.

The README title does not make reference to the repository name.

Need to be changed to one-cli.

Message

Traceback (most recent call last):
  File "/usr/local/bin/one", line 11, in <module>
    load_entry_point('one', 'console_scripts', 'one')()
  File "/usr/local/lib/python3.8/site-packages/pkg_resources/__init__.py", line 490, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/local/lib/python3.8/site-packages/pkg_resources/__init__.py", line 2853, in load_entry_point
    return ep.load()
  File "/usr/local/lib/python3.8/site-packages/pkg_resources/__init__.py", line 2453, in load
    return self.resolve()
  File "/usr/local/lib/python3.8/site-packages/pkg_resources/__init__.py", line 2459, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/usr/src/one/one/__main__.py", line 1, in <module>
    from one.one import cli
  File "/usr/src/one/one/one.py", line 35, in <module>
    load_plugins()
  File "/usr/src/one/one/utils/load_plugins.py", line 19, in load_plugins
    mod = importlib.import_module(command_path)
  File "/usr/local/lib/python3.8/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
ModuleNotFoundError: No module named 'plugin'

As a developer, the same way that we will have one entrypoint to init the one-config.yaml #8 we will need the option to rollback to the past configuration with Makefile and docker-compose-yml

List of workspaces should be stored and read from the current folder (project).

That way the list of workspace can be part of the project code.

Story:
A developer,

• clones the project repository
• types one terraform init
• selects workspace
• types one terraform plan
• works
  Should work out of the box without previous knowledge of AWS accounts or roles.

Looking at the imports inside one/one.py I was able to see that the code is with high coupling when importing the CLI commands. The commands are described inside files that need to be imported inside this file every time a new command is developed the file needs to be imported inside one.py. In order to fix this issue would be to good to dynamically import modules inside a folder.

After doing all the steps with one-cli, like login ... set workspace ... init ... plan ... when executed "one terraform apply", the output is only the help of the command "terraform".

Steps to reproduce the error with domain stack

one workspace change
? Select workspace mgmt-ap-southeast-2-default
one terraform init

one terraform plan
Setting workspace to mgmt-ap-southeast-2-default

Error: No configuration files

Plan requires configuration to be present. Planning without a configuration
would mark everything for destruction, which is normally not what is desired.
If you would like to destroy everything, run plan with the -destroy option.
Otherwise, create a Terraform configuration file (.tf file) and try again.

As a user I would like to have the option to use only the AWS CLI passing params and using the previously configured credentials:

one aws s3 ls

Instead of the user type:

one login gsuite
one login azure

It should identify the IDP configured inside idp file and execute the login with

one login

summarize all docker layers download process as "one download" instead.

today:

Login with gsuite.

8fe190ebdada [====================================================================================================] 100.0% Downloading
8cae0e1ac61c [====================================================================================================] 100.0% Extracting
d5762e4a57cc [====================================================================================================] 100.0% Downloading
add44fca9da1 [====================================================================================================] 100.0% Downloading
f229385c16ac [====================================================================================================] 100.0% Downloading
731b87eb45d6 [====================================================================================================] 100.0% Downloading
c33c75ef9c42 [----------------------------------------------------------------------------------------------------] 0.5% Extractinging

what I am suggesting...

Login with gsuite.

G-Suite Image [====================================================================================================] 100.0% Downloading

Error using one auth with Azure AD

Steps to Reproduce the Problem

1. one auth
2. Select authentication type: SSO
3. Login with Azure

Specifications

• Version: Run one --version 0.5.1
• Platform: (macOS / Linux) macOS
• Installation method: (Binary / PyPI) Binary

In order to follow a pattern and to get more information on issues, we should have a template to explicitly document.

As a developer, I would like to perform the command one init and have one setup wizard to configure one config file for my project.

Is your proposal related to a problem?

In the future, the main authentication method for DNX will be AWS SSO. So we need to start preparing the CLI to authenticate using this SSO.

Describe the solution you'd like

The first solutions that came in my mind were to use a container with AWS CLI 2 (have support to auth with their SSO) and call:

aws configure sso

The main problem with this solution is that during the authentication process the AWS CLI will open the user default browser and because we are running inside docker this part could generate errors. Only testing to see...

Describe alternatives you've considered

Another alternative is to reimplement all AWS API calls inside the DNX CLI. This will require more work but we can guarantee that the default user browser will be open properly.

As a Developer, I would like to follow one pattern while printing the progress bar inside the CLI. This way the click library already has one built-in print function to handle this. And the objective of this issue is to move the old print method to this library.

Proposal:
When the user run a terraform command verify if the modules are updated or not.
It should be agnostic and not just for dnx-modules.

If the module is not updated show a message and a link to user advising that there's a new version for that.

As a developer, I would like to have one single script .sh to install and configure the CLI.

As a developer, I would like to have auto complete for commands and subcommands.

As a user,

I would like to import plugins from git repositories.

The last talk that I had with @adenot was clear to me that in the future we will need one way to have plugins for the CLI.

This feature has the idea of creating a python file inside a folder called plugins. This file could modify
existing commands or create new customizable commands.

As a developer, I would like to have one good status view about the docker images configuration setup when first run the CLI.

Story:

A developer,

• types one auth to authenticate
• chooses role bubbletea-admin
• role credential is stored under ~/.one/credentials
• works in a "project 1"
  Later, developer,
• works on "project 2" requiring role dnx-admin
• needs to authenticate again, types one auth
• chooses role dnx-admin
• role credential is stored under ~/.one/credentials
  Now if developer goes back to "project 1", need to authenticate again, even though the bubbletea-admin credentials would still be valid (12 hours by default)

Describe the solution you'd like

one aws-v2 ...

As a CI, I'd like to deploy calling a command like:

one --workspace=mgmt-ap-southeast-2-default init

So I don't need to call multiple commands and maintain a state file if plan and apply are done in 2 different jobs

Describe the solution you'd like

Every time to stdout something it's necessary to use click.echo() and sometimes also pass some style.
Would be good to have this call inside functions to avoid writing definitions for info, warn, and errors all the time.

As an user
I to start using the tool without having to watch a demo/training
So that I can make use of the tool on my own pace

Is your proposal related to a problem?

Some users don't want to have their modules checked all the time.

Describe the solution you'd like

Set a flag making possible to disable this check during runtime.

Is your proposal related to a problem?

To complex to setup and test the CLI manually.

Describe the solution you'd like

Add all commands to a Makefile.

During the usage of the CLI, some questions need to be prompt for the user to change his environment.

These questions are spamming some files and to make one scalable solution the ideal to keep questions organizer in another folder separated in files by the question function name.

Click attempts to support both Python 2 and Python 3 the same way and to be very robust even when the environment is misconfigured. Click wants to be functional at least on a basic level even if everything is completely broken.

What this means is that the echo() function applies some error correction in case the terminal is misconfigured instead of dying with an UnicodeError.

As an added benefit, starting with Click 2.0, the echo function also has good support for ANSI colors. It will automatically strip ANSI codes if the output stream is a file and if colorama is supported, ANSI colors will also work on Windows. See ANSI Colors for more information.

If you don’t need this, you can also use the print() construct / function.

Be agnostic about the authentication part and use aws-cli to control it.

As a maintainer, I'd like to:

• Create a config file in my project under .dnx/config.yml
• Define versions of the tools used (terraform, aws, etc)
• Commit file with my project so developers can use without previous knowledge of the environment

As a developer,

• I will clone the project repository
• run one commands
  It should work without problems with versions of tools used

Example of .one/config.yml:

tools:
  terraform: dnxsolutions/terraform:0.12.24-dnx1
  aws: dnxsolutions/aws:1.16.263-dnx2

The idea for this feature is to check the version of terraforming modules been used in the current project and compare it with modules.dnx.one/api.json endpoint.
In case any module is not in the latest version warn the CLI used about it.

I tried to use the nodejs application at bubbletea (https://gitlab.com/DNXLabs/bubbletea/hello-app)

one.yaml :

images:
  azure: dnxsolutions/docker-aws-azure-ad:latest
  gsuite: dnxsolutions/aws-google-auth:latest
  terraform: dnxsolutions/terraform:0.12.20-dnx1
workspaces:
  dev:
    assume-role: true
    aws-account-id: '056955071945'
    aws-role: bubbletea-nonprod-admin
app:
  name: hello
  port: 80
  docker:
    file: .pipeline/Dockerfile
    image-name: hello
    registry-type: ecr
    registry-options:
      ecr-aws-account-id: 472737656850
      ecr-aws-region: ap-southeast-2
      ecr-aws-assume-role: true
      ecr-aws-role: bubbletea-mgmt-admin
  ecs-task-definition-file: .pipeline/task-definition.tpl.json
```
I got the following error when trying to dockerlogin 

```
one app docker-login
Assuming role bubbletea-mgmt-admin at 472737656850
Traceback (most recent call last):
  File "cli.py", line 5, in <module>
  File "one/__main__.py", line 5, in main
  File "site-packages/click/core.py", line 829, in __call__
  File "site-packages/click/core.py", line 782, in main
  File "site-packages/click/core.py", line 1259, in invoke
  File "site-packages/click/core.py", line 1259, in invoke
  File "site-packages/click/core.py", line 1066, in invoke
  File "site-packages/click/core.py", line 610, in invoke
  File "one/commands/app.py", line 31, in docker_login
  File "one/utils/app/registry/ecr.py", line 42, in docker_login
  File "subprocess.py", line 340, in call
  File "subprocess.py", line 854, in __init__
  File "subprocess.py", line 1702, in _execute_child
FileNotFoundError: [Errno 2] No such file or directory: 'Unable'
[52999] Failed to execute script cli
```

Using all the steps with the "make" command everything works as expected for deploying to the infra-root stack, but using the "one terraform plan" command, it shows the following error:

**Setting workspace to default
Assuming role dnx-root at <master_account_id>

Error: Missing required argument

on .terraform / modules / security-baseline / _providers.tf line 1, in provider "aws":
1: provider "aws" {}

The argument "region" is required, but no definition was found.**

Quickly analyzing this issue, I noticed that using the "one terraform plan", the variable AWS_DEFAULT_REGION was not exposed to the container, but with the make command it was. This is probably the problem.