UNPKG

@heroku-cli/plugin-pg-v5

Version:

Heroku CLI plugin to manage Postgres.

github.com/heroku/cli/tree/main/packages/pg-v5

heroku/cli

82 lines (68 loc) 2.99 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
'use strict' const cli = require('heroku-cli-util') async function run(context, heroku) { const host = require('../../lib/host') const fetcher = require('../../lib/fetcher')(heroku) const util = require('../../lib/util') const {app, args, flags} = context let db = await fetcher.addon(app, args.database) let all = flags.all let warnings = [] let cred = flags.name || 'default' if (all && flags.name !== undefined) { throw new Error('cannot pass both --all and --name') } if (util.legacyEssentialPlan(db) && cred !== 'default') { throw new Error('Legacy Essential-tier databases do not support named credentials.') } if (all && flags.force) { warnings.push('This forces rotation on all credentials including the default credential.') } let attachments = await heroku.get(`/addons/${db.name}/addon-attachments`) if (flags.name) { attachments = attachments.filter(a => a.namespace === `credential:${cred}`) } if (!flags.all) { warnings.push(`The password for the ${cred} credential will rotate.`) } if (flags.all || flags.force || cred === 'default') { warnings.push('Connections will be reset and applications will be restarted.') } else { warnings.push('Connections older than 30 minutes will be reset, and a temporary rotation username will be used during the process.') } if (flags.force) { warnings.push(`Any followers lagging in replication (see ${cli.color.cmd('heroku pg:info')}) will be inaccessible until caught up.`) } if (attachments.length > 0) { warnings.push(`This command will affect the app${(attachments.length > 1) ? 's' : ''} ${[...new Set(attachments.map(c => cli.color.app(c.app.name)))].sort().join(', ')}.`) } await cli.confirmApp(app, flags.confirm, `WARNING: Destructive Action ${warnings.join('\n')}`) let body = flags.force ? {host: host(db), forced: true} : {host: host(db)} if (all) { await cli.action(`Rotating all credentials on ${cli.color.addon(db.name)}`, (async function () { await heroku.post(`/postgres/v0/databases/${db.name}/credentials_rotation`, body) })()) } else { await cli.action(`Rotating ${cred} on ${cli.color.addon(db.name)}`, (async function () { await heroku.post(`/postgres/v0/databases/${db.name}/credentials/${encodeURIComponent(cred)}/credentials_rotation`, body) })()) } } module.exports = { topic: 'pg', command: 'credentials:rotate', description: 'rotate the database credentials', needsApp: true, needsAuth: true, flags: [ {name: 'name', char: 'n', description: 'which credential to rotate (default credentials if not specified)', hasValue: true}, {name: 'all', description: 'rotate all credentials', hasValue: false}, {name: 'confirm', char: 'c', hasValue: true}, {name: 'force', description: 'forces rotating the targeted credentials', hasValue: false}, ], args: [{name: 'database', optional: true}], run: cli.command({preauth: true}, run), }