transip / tipctl Goto Github PK

View Code? Open in Web Editor NEW

16.0 11.0 4.0 737 KB

The command line interface for the TransIP API

Home Page: https://api.transip.nl/rest/docs.html

License: Apache License 2.0

PHP 99.14% Shell 0.86%

transip cli client api rest transip-api-v6

tipctl's People

Contributors

Stargazers

Watchers

Forkers

curry684 fvanmaldegem mniknab mikepage

tipctl's Issues

swagger.json or Open API?

This might not be the right place to ask this, but it's certainly close to the fire.

Do you also have a swagger.json (or open api 3 file) of your API? That way I can easily create it for other other platforms.

[Feature request] add the possibility to specify a specific cli-config.json file in a CLI command

[Feature request] add the possibility to specify a specific cli-config.json file within a specific CLI command.

Currently it's limited to a hard-coded $HOME_DIR$/.config/transip-api/cli-config.json. If I e.g. have to switch accounts I would have to run setup again.

Would also be fine to use the tipctl setup --no-interaction --apiUrl 'https://api.transip.nl/v6' --loginName 'yourUsername' --apiPrivateKey 'yourKeyPair' --apiUseWhitelist true however I keep getting a runtime exception saying the provided RestAPI key is invalid (setup.php line 89). How do I have to input the private key here? Tried multiple options.

setup.php:89

$privateKey = '';

// multiline input hack
for ($i = 0; $i < 30; $i++) {
    $privateKeyPart = $helper->ask($input, $output, $keyQuestion);
    $privateKey     .= $privateKeyPart . PHP_EOL;

    if (strpos($privateKeyPart, '-----END PRIVATE KEY-----') !== false || $privateKeyPart == '') {
        break;
    }
}

if (strlen($privateKey) < 2) {
    throw new RuntimeException('Provided RestAPI key is invalid');
}

Thanks!

Inconsistent version tagging

Most versions of tipctl are tagged in git with the prefix 'v', some are not.

What I expect: all version tags start with 'v'.

every command output same deprecated error

bash-5.1# tipctl list

Deprecated: Return type of Transip\Api\Library\Entity\AbstractEntity::jsonSerialize() should either be compatible with JsonSerializable::jsonSerialize(): mixed, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /tmp/vendor/transip/transip-api-php/src/Entity/AbstractEntity.php on line 18
Transip RestAPI CLI 6.12.0

Can you fix this?

I've created a fresh docker container with this Dockerfile:

FROM composer

RUN composer global require transip/tipctl && \
    apk add openssl\
    wget \
    jq 

ENV PATH="/tmp/vendor/bin:${PATH}"

In other words:

I'm using the alpine container with composer preinstalled
then add tipctl by using the composer command

And now I'm having a container with PHP 8.1.1, Composer version 2.2.2, and Transip RestAPI CLI 6.12.0.
And a deprecated warning on every request.

My PHP skills are not enough to solve this and create a PR.

Change the field order of the output of domain:dns:getzonefile

Please consider to change the field order of the output of domain:dns:getzonefile to match the argument order of other commands in tipctl.

The zone file output looks like:

@                    AAAA  3600 2a01:7c8:3:1337::27
@                    MX    3600 10 @
@                    TXT   3600 "v=spf1 ~all"
this                 A     300  195.60.214.12
transip-A._domainkey CNAME 3600 _dkim-A.transip.email.
transip-B._domainkey CNAME 3600 _dkim-B.transip.email.
transip-C._domainkey CNAME 3600 _dkim-C.transip.email.
www                  CNAME 3600 @
_dmarc               TXT   3600 "v=DMARC1; p=none;"

This results in this order: While the argument order of a command is: . The latter order also matches the order in the web portel of TransIP. ;-) It's nice and predictable when the order is consistent.

Discussion on how to securely handle tipctl within PHP open_basedir restrictions

All files used by tipctl have to be available within the restrictions of PHPs open_basedir. The defaults used to e.g. run setup, adds files to /tmp and tries to create the configuration file under /home/user/.config/transip-api/cli-config.json. Running setup results in a series of PHP warnings and adding these folders to open_basedir or disabling open_basedir restrictions is a not really a good practice.

For now I managed by temporarily disabling the open_basedir restrictions to run the setup and after re-enabling, adding the configuration folder (/home/user/.config/transip-api/) to open_basedir

Anyhow, created this ticket see if a way of working was maybe already existent or of not, discuss on how to handle this securely. Thanks!

When running setup:

Checking API connection to endpoint 'https://api.transip.nl/v6'
PHP Warning:  is_dir(): open_basedir restriction in effect. File(/tmp/symfony-cache/@) is not within the allowed path(s): (/var/www/:/usr/share/webapps/) in phar:///usr/share/webapps/TransIP/tipctl.phar/vendor/symfony/cache/Traits/FilesystemCommonTrait.php on line 41
PHP Warning:  is_file(): open_basedir restriction in effect. File(/tmp/symfony-cache/@/L/J/NN8iPTNeZtJ7PibNDwnA) is not within the allowed path(s): (/var/www/:/usr/share/webapps/) in phar:///usr/share/webapps/TransIP/tipctl.phar/vendor/symfony/cache/Traits/FilesystemTrait.php on line 62
PHP Warning:  is_file(): open_basedir restriction in effect. File(/tmp/symfony-cache/@/J/H/FTp7JKavN6CBFmf-tlwA) is not within the allowed path(s): (/var/www/:/usr/share/webapps/) in phar:///usr/share/webapps/TransIP/tipctl.phar/vendor/symfony/cache/Traits/FilesystemTrait.php on line 62
PHP Warning:  is_file(): open_basedir restriction in effect. File(/tmp/symfony-cache/@/L/J/NN8iPTNeZtJ7PibNDwnA) is not within the allowed path(s): (/var/www/:/usr/share/webapps/) in phar:///usr/share/webapps/TransIP/tipctl.phar/vendor/symfony/cache/Traits/FilesystemTrait.php on line 62
PHP Warning:  is_dir(): open_basedir restriction in effect. File(/tmp/symfony-cache/@/L/J/) is not within the allowed path(s): (/var/www/:/usr/share/webapps/) in phar:///usr/share/webapps/TransIP/tipctl.phar/vendor/symfony/cache/Traits/FilesystemCommonTrait.php on line 116
PHP Warning:  is_file(): open_basedir restriction in effect. File(/tmp/symfony-cache/@/J/H/FTp7JKavN6CBFmf-tlwA) is not within the allowed path(s): (/var/www/:/usr/share/webapps/) in phar:///usr/share/webapps/TransIP/tipctl.phar/vendor/symfony/cache/Traits/FilesystemTrait.php on line 62
PHP Warning:  is_dir(): open_basedir restriction in effect. File(/tmp/symfony-cache/@/J/H/) is not within the allowed path(s): (/var/www/:/usr/share/webapps/) in phar:///usr/share/webapps/TransIP/tipctl.phar/vendor/symfony/cache/Traits/FilesystemCommonTrait.php on line 116

API connection successful
PHP Warning:  is_dir(): open_basedir restriction in effect. File(/user/.config/transip-api) is not within the allowed path(s): (/var/www/:/usr/share/webapps/) in phar:///usr/share/webapps/TransIP/tipctl.phar/vendor/symfony/filesystem/Filesystem.php on line 97
PHP Warning:  is_dir(): open_basedir restriction in effect. File(/user/.config/transip-api) is not within the allowed path(s): (/var/www/:/usr/share/webapps/) in phar:///usr/share/webapps/TransIP/tipctl.phar/vendor/symfony/filesystem/Filesystem.php on line 102

In Setup.php line 124:

  Config directory '/user/.config/transip-api' could not be created

setup [--apiUrl [APIURL]] [--loginName LOGINNAME] [--apiPrivateKey APIPRIVATEKEY] [--apiUseWhitelist [APIUSEWHITELIST]] [--format [FORMAT]]

PHP Warning:  is_file(): open_basedir restriction in effect. File(/tmp/symfony-cache/@/60037c08348023.48298829) is not within the allowed path(s): (/var/www/:/usr/share/webapps/) in phar:///usr/share/webapps/TransIP/tipctl.phar/vendor/symfony/cache/Traits/FilesystemCommonTrait.php on line 181

Deprecated error

I am testing tipctl.phar v6.24.0 on FreeBSD 12.4 and php 8.1.

I get with every tipctl command a couple of deprecated errors:

Deprecated: Return type of HumbugBox384\KevinGH\RequirementChecker\RequirementCollection::getIterator() should either be compatible with IteratorAggregate::getIterator(): Traversable, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in phar:///root/tipctl/tipctl.phar/.box/src/RequirementCollection.php on line 15

Deprecated: Return type of HumbugBox384\KevinGH\RequirementChecker\RequirementCollection::count() should either be compatible with Countable::count(): int, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in phar:///root/tipctl/tipctl.phar/.box/src/RequirementCollection.php on line 19

Add command to update a DNS record set

Currently, I can add, remove and update a single DNS record at a time.
But sometimes, I have multiple records for the same Name and Type.
For example, multiple A records, or multiple TLSA records.

What I want: a command to get the record set for a given Name and Type,
modify it locally, and then upload it.

For example:

tipctl -t domain:dns:updatednsentry example.com @ 3600 A 0.0.0.0 0.0.0.1

This should create (or update) two A records.

Please upgrade the code to support PHP 8

tipctl.phar --version

Box Requirements Checker

Using PHP 8.0.2
PHP is using the following php.ini file:
/etc/php.ini

Checking Box requirements:
E....

[ERROR] Your system is not ready to run the application.

Fix the following mandatory requirements:

The application requires the version "^7.2.0" or greater.

Remote IP is not authorized - apiUseWhitelist false not working?

Issue

My API key pair has been generated with the 'Whitelisted IP' checkbox off.
I have no IP's in the Whitelisted IP's list.

I am unable to connect to the API.
I'm getting error: Remote IP is not authorized for this request; called from IP xxx.xxx.xxx.xxx

When I would add my remote IP to the whitelist it works as expected (The then generated Access tokens have the 'Whitelisted IP' propertie on Yes).

Running:
./tipctl.phar setup -n --apiUseWhitelist=false --loginName=myusername --apiPrivateKey="$(cat private.key)" -vvv

Result:

Box Requirements Checker
========================

> Using PHP 8.2.12
> PHP is using the following php.ini file:
  /usr/local/etc/php/php.ini

> Checking Box requirements:
  ✔ The application requires the version "^7.2.5|^8.0" or greater.
  ✔ The application requires the extension "json".
  ✔ The package "guzzlehttp/guzzle" requires the extension "json".
  ✔ The package "transip/transip-api-php" requires the extension "json".
  ✔ The package "transip/transip-api-php" requires the extension "openssl".
  
                                                                                
 [OK] Your system is ready to run the application.                              
                                                                                

Checking API connection to endpoint 'https://api.transip.nl/v6'

API connection failed!
Remote IP is not authorized for this request; called from IP xxx.xxx.xxx.xxx

So I'm not sure, but or there is something wrong with the API itself, not letting me use not-whitelisted IP's.
Or tipctl is not properly telling the API I want to login without whitelisted IP.

Can anybody replicate this issue or can I test something else?

Extra info
I'm building a docker container which should update my IP in DNS when my WAN IP changes (so I really can't use whitelisted IP).
Dockerfile so far:

FROM php:8.2-cli
WORKDIR /root
COPY . .
ADD --chmod=700 https://github.com/transip/tipctl/releases/latest/download/tipctl.phar tipctl.phar
RUN echo 'alias tipctl="/root/tipctl.phar"' >> ~/.bashrc
RUN cp /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini
RUN ./tipctl.phar setup -n --apiUseWhitelist=false --loginName=myusername --apiPrivateKey="$(cat private.key)" -vvv