diff --git a/crates/orchestrator/scripts/migrate-storage.nu b/crates/orchestrator/scripts/migrate-storage.nu index 1fb1abe..66f9aa6 100644 --- a/crates/orchestrator/scripts/migrate-storage.nu +++ b/crates/orchestrator/scripts/migrate-storage.nu @@ -339,31 +339,30 @@ def execute_migration [config: record, verbose: bool = false] { } # Execute migration - try { - let result = run-external $ORCHESTRATOR_BIN ...$cmd_args - + let r = (do { ^$ORCHESTRATOR_BIN ...$cmd_args } | complete) + if $r.exit_code == 0 { if $verbose { - log info $"Migration completed: ($result)" + log info $"Migration completed: ($r.stdout)" } print "āœ… Migration completed successfully!" # Parse and display results if available - if ($result | str contains "Migration Report") { + if ($r.stdout | str contains "Migration Report") { print "\nšŸ“Š Migration Report" print "===================" - print $result + print $r.stdout } - } catch { + } else { print "āŒ Migration failed!" # Try to get error details from the binary - let error_result = run-external $ORCHESTRATOR_BIN ...$cmd_args --dry-run - print $"Error details: ($error_result)" - } finally { - # Clean up temporary config file - rm -f $config_file + let r2 = (do { ^$ORCHESTRATOR_BIN ...$cmd_args --dry-run } | complete) + print $"Error details: ($r2.stdout)" } + + # Clean up temporary config file + rm -f $config_file } # Execute interactive migration @@ -394,22 +393,20 @@ def execute_migration_interactive [config: record] { let config_file = $"/tmp/migration_config_(random uuid).json" $binary_config | to json | save $config_file - try { - # Real-time progress monitoring - print "šŸ“Š Migration Progress:" - print "=====================\n" - - let result = run-external $ORCHESTRATOR_BIN "migrate" "--config-file" $config_file "--progress" + # Real-time progress monitoring + print "šŸ“Š Migration Progress:" + print "=====================\n" + let r = (do { ^$ORCHESTRATOR_BIN "migrate" "--config-file" $config_file "--progress" } | complete) + if $r.exit_code == 0 { print "\nāœ… Migration completed successfully!" - print $result - - } catch { + print $r.stdout + } else { print "\nāŒ Migration failed!" print "Check the logs for more details." - } finally { - rm -f $config_file } + + rm -f $config_file } # Validate storage types @@ -628,10 +625,10 @@ def "migrate validate" [ def "migrate status" [] { print "šŸ” Checking Migration Status..." - try { - let status = run-external $ORCHESTRATOR_BIN "migrate" "--status" - print $status - } catch { + let r = (do { ^$ORCHESTRATOR_BIN "migrate" "--status" } | complete) + if $r.exit_code == 0 { + print $r.stdout + } else { print "No active migrations found or binary not available" } } diff --git a/crates/vault-service/scripts/start-kms.nu b/crates/vault-service/scripts/start-kms.nu index c19f8a7..196e8c4 100644 --- a/crates/vault-service/scripts/start-kms.nu +++ b/crates/vault-service/scripts/start-kms.nu @@ -132,11 +132,12 @@ def check_service [pid_file: string] { print $"āœ“ KMS service is running \(PID: ($pid)\)" # Check health endpoint - try { - let health = http get "http://localhost:8081/api/v1/kms/health" | from json + let r = (do { ^http get "http://localhost:8081/api/v1/kms/health" | from json } | complete) + if $r.exit_code == 0 { + let health = ($r.stdout | from json) print $" Status: ($health.status)" print $" Backend: ($health.backend)" - } catch { + } else { print " āš  Health check failed - service may be starting" } } else { diff --git a/scripts/deploy-platform.nu b/scripts/deploy-platform.nu index 5022193..c714a29 100644 --- a/scripts/deploy-platform.nu +++ b/scripts/deploy-platform.nu @@ -132,11 +132,11 @@ def main [ # Check if Docker is installed and running def check_docker [] { - try { - docker ps | complete | get exit_code | $in == 0 + let result = (do { docker ps | complete } | complete) + if $result.exit_code == 0 { print $"(ansi green)āœ“ Docker is running(ansi reset)" true - } catch { + } else { print $"(ansi red_bold)āœ— Docker is not running or not installed(ansi reset)" print "Please install Docker and ensure it's running" false @@ -145,11 +145,11 @@ def check_docker [] { # Check if docker compose is installed def check_docker_compose [] { - try { - docker compose version | complete | get exit_code | $in == 0 + let result = (do { docker compose version | complete } | complete) + if $result.exit_code == 0 { print $"(ansi green)āœ“ docker compose is installed(ansi reset)" true - } catch { + } else { print $"(ansi red_bold)āœ— docker compose is not installed(ansi reset)" print "Please install docker compose plugin" false @@ -208,21 +208,17 @@ def validate_env_file [file: string] { # Create Docker networks def create_networks [] { - try { - docker network create provisioning-net | ignore - } catch {} + let networks = [ + "provisioning-net" + "provisioning-net-frontend" + "provisioning-net-backend" + "provisioning-net-storage" + ] - try { - docker network create provisioning-net-frontend | ignore - } catch {} - - try { - docker network create provisioning-net-backend | ignore - } catch {} - - try { - docker network create provisioning-net-storage | ignore - } catch {} + for network in $networks { + let result = (do { docker network create $network } | complete) + # Ignore errors (network may already exist) + } } # Run docker compose down diff --git a/scripts/generate-infrastructure-configs.nu b/scripts/generate-infrastructure-configs.nu index 5c90592..262a5a1 100644 --- a/scripts/generate-infrastructure-configs.nu +++ b/scripts/generate-infrastructure-configs.nu @@ -27,9 +27,8 @@ def main [--mode: string = "all", --format: string = "all", --output-dir: string # Create output directories [docker-compose kubernetes nginx prometheus systemd oci-registry] | each { |dir| - try { - mkdir $"($output_base)/($dir)" - } catch { } + let r = (do { mkdir $"($output_base)/($dir)" } | complete) + if $r.exit_code != 0 { } } # 1. Generate Docker Compose configurations @@ -89,21 +88,17 @@ def generate_docker_compose [mode: string, schema_base: string, output_base: str if ($formats | any { |f| $f == "yaml" }) { log info $" Generating docker-compose.($mode).yaml..." - try { - nickel export --format yaml $schema_file - | save $"($output_base)/docker-compose/docker-compose.($mode).yaml" - } catch {|e| - log error $"Failed to generate docker-compose.($mode).yaml: ($e.msg)" + let r = (do { ^nickel export --format yaml $schema_file | save $"($output_base)/docker-compose/docker-compose.($mode).yaml" } | complete) + if $r.exit_code != 0 { + log error $"Failed to generate docker-compose.($mode).yaml" } } if ($formats | any { |f| $f == "json" }) { log info $" Generating docker-compose.($mode).json..." - try { - nickel export --format json $schema_file - | save $"($output_base)/docker-compose/docker-compose.($mode).json" - } catch {|e| - log error $"Failed to generate docker-compose.($mode).json: ($e.msg)" + let r = (do { ^nickel export --format json $schema_file | save $"($output_base)/docker-compose/docker-compose.($mode).json" } | complete) + if $r.exit_code != 0 { + log error $"Failed to generate docker-compose.($mode).json" } } } @@ -112,17 +107,14 @@ def generate_kubernetes [mode: string, schema_base: string, output_base: string, let schema_file = $"($schema_base)/kubernetes.ncl" let mode_subdir = $"($output_base)/kubernetes/($mode)" - try { - mkdir $mode_subdir - } catch { } + let r = (do { mkdir $mode_subdir } | complete) + if $r.exit_code != 0 { } if ($formats | any { |f| $f == "yaml" }) { log info $" Generating kubernetes/($mode)/deployment.yaml..." - try { - nickel export --format yaml $schema_file - | save $"($mode_subdir)/deployment.yaml" - } catch {|e| - log error $"Failed to generate kubernetes manifest: ($e.msg)" + let r = (do { ^nickel export --format yaml $schema_file | save $"($mode_subdir)/deployment.yaml" } | complete) + if $r.exit_code != 0 { + log error $"Failed to generate kubernetes manifest" } } } @@ -132,11 +124,9 @@ def generate_nginx [mode: string, schema_base: string, output_base: string, form if ($formats | any { |f| $f == "json" }) { log info $" Generating nginx.($mode).json..." - try { - nickel export --format json $schema_file - | save $"($output_base)/nginx/nginx.($mode).json" - } catch {|e| - log error $"Failed to generate nginx config: ($e.msg)" + let r = (do { ^nickel export --format json $schema_file | save $"($output_base)/nginx/nginx.($mode).json" } | complete) + if $r.exit_code != 0 { + log error $"Failed to generate nginx config" } } } @@ -146,11 +136,9 @@ def generate_prometheus [mode: string, schema_base: string, output_base: string, if ($formats | any { |f| $f == "yaml" }) { log info $" Generating prometheus.($mode).yml..." - try { - nickel export --format yaml $schema_file - | save $"($output_base)/prometheus/prometheus.($mode).yml" - } catch {|e| - log error $"Failed to generate prometheus config: ($e.msg)" + let r = (do { ^nickel export --format yaml $schema_file | save $"($output_base)/prometheus/prometheus.($mode).yml" } | complete) + if $r.exit_code != 0 { + log error $"Failed to generate prometheus config" } } } @@ -160,11 +148,9 @@ def generate_systemd [mode: string, schema_base: string, output_base: string, fo if ($formats | any { |f| $f == "json" }) { log info $" Generating systemd.($mode).json..." - try { - nickel export --format json $schema_file - | save $"($output_base)/systemd/systemd.($mode).json" - } catch {|e| - log error $"Failed to generate systemd units: ($e.msg)" + let r = (do { ^nickel export --format json $schema_file | save $"($output_base)/systemd/systemd.($mode).json" } | complete) + if $r.exit_code != 0 { + log error $"Failed to generate systemd units" } } } @@ -174,11 +160,9 @@ def generate_oci_registry [mode: string, schema_base: string, output_base: strin if ($formats | any { |f| $f == "json" }) { log info $" Generating oci-registry.($mode).json..." - try { - nickel export --format json $schema_file - | save $"($output_base)/oci-registry/oci-registry.($mode).json" - } catch {|e| - log error $"Failed to generate OCI registry config: ($e.msg)" + let r = (do { ^nickel export --format json $schema_file | save $"($output_base)/oci-registry/oci-registry.($mode).json" } | complete) + if $r.exit_code != 0 { + log error $"Failed to generate OCI registry config" } } } diff --git a/scripts/generate-secrets.nu b/scripts/generate-secrets.nu index 41b644b..266e377 100755 --- a/scripts/generate-secrets.nu +++ b/scripts/generate-secrets.nu @@ -44,21 +44,31 @@ def main [ $content = ($content | str replace -a $secret.key $secret.value) } - # Save file + # Save file with restricted permissions (600: rw-------) $content | save -f $output + do { + ^chmod 600 $output | complete + } catch { + print $"(ansi yellow)āš ļø Warning: Could not set restrictive permissions on ($output)(ansi reset)" + } print $"(ansi green)āœ“ Generated ($output) with secure secrets(ansi reset)" print "" - print $"(ansi cyan_bold)Generated Secrets:(ansi reset)" + print $"(ansi cyan_bold)Generated Secrets (redacted):(ansi reset)" for secret in ($secrets | transpose key value) { let name = ($secret.key | str replace "CHANGE_ME_" "" | str replace "_" " " | str downcase | str title-case) - print $" ($name): ($secret.value | str substring 0..8)..." + print $" ($name): [REDACTED - see ($output)]" } print "" - print $"(ansi yellow)Keep this file secure! Add to .gitignore:(ansi reset)" - print $" echo '($output)' >> .gitignore" + print $"(ansi yellow)āš ļø SECURITY WARNING:(ansi reset)" + print $" ā€¢ Secrets are held in this process memory temporarily" + print $" ā€¢ The file ($output) contains unencrypted secrets" + print $" ā€¢ Use encrypted vaults (SOPS/Age) for production secrets" + print $" ā€¢ Never commit ($output) to version control" + print $" ā€¢ Add to .gitignore immediately:" + print $" echo '($output)' >> .gitignore" } # Generate random secret (base64) diff --git a/scripts/health-check.nu b/scripts/health-check.nu index 95535c7..2682e4e 100644 --- a/scripts/health-check.nu +++ b/scripts/health-check.nu @@ -64,7 +64,7 @@ def main [ # Check HTTP service health def check_service [name: string, url: string, timeout: int] { - try { + let result = (do { let response = (http get --max-time $timeout $url) { service: $name, @@ -72,21 +72,25 @@ def check_service [name: string, url: string, timeout: int] { url: $url, message: "OK" } - } catch { + } | complete) + + if $result.exit_code != 0 { { service: $name, status: "unhealthy", url: $url, message: $"Failed to connect to ($url)" } + } else { + $result.stdout } } # Check DNS service def check_dns [name: string, host: string, port: int, timeout: int] { - try { - dig +short +time=($timeout) @($host) -p ($port) health.check | complete | get exit_code - if $in == 0 { + let result = (do { + let dig_result = (dig +short +time=($timeout) @($host) -p ($port) health.check | complete) + if $dig_result.exit_code == 0 { { service: $name, status: "healthy", @@ -101,21 +105,25 @@ def check_dns [name: string, host: string, port: int, timeout: int] { message: "DNS not responding" } } - } catch { + } | complete) + + if $result.exit_code != 0 { { service: $name, status: "unhealthy", url: $"dns://($host):($port)", message: "Failed to query DNS" } + } else { + $result.stdout } } # Check PostgreSQL def check_postgres [name: string, host: string, port: int, timeout: int] { - try { - docker exec provisioning-postgres pg_isready -h localhost -p 5432 | complete | get exit_code - if $in == 0 { + let result = (do { + let pg_result = (docker exec provisioning-postgres pg_isready -h localhost -p 5432 | complete) + if $pg_result.exit_code == 0 { { service: $name, status: "healthy", @@ -130,13 +138,17 @@ def check_postgres [name: string, host: string, port: int, timeout: int] { message: "PostgreSQL not ready" } } - } catch { + } | complete) + + if $result.exit_code != 0 { { service: $name, status: "unhealthy", url: $"postgres://($host):($port)", message: "Failed to check PostgreSQL" } + } else { + $result.stdout } } diff --git a/scripts/run-docker.nu b/scripts/run-docker.nu index 51738dc..c45cfce 100644 --- a/scripts/run-docker.nu +++ b/scripts/run-docker.nu @@ -172,26 +172,26 @@ def "main health" [] { print "šŸ„ Health Check:\n" # Check orchestrator - try { - let health = (http get http://localhost:8080/health) + let r1 = (do { ^http get http://localhost:8080/health } | complete) + if $r1.exit_code == 0 { print $" āœ… Orchestrator: Healthy" - } catch { + } else { print $" āŒ Orchestrator: Not responding" } # Check control-center - try { - let health = (http get http://localhost:8081/health) + let r2 = (do { ^http get http://localhost:8081/health } | complete) + if $r2.exit_code == 0 { print $" āœ… Control Center: Healthy" - } catch { + } else { print $" āŒ Control Center: Not responding" } # Check KMS (mandatory per ADR-007) - try { - let health = (http get http://localhost:9998/health) + let r3 = (do { ^http get http://localhost:9998/health } | complete) + if $r3.exit_code == 0 { print $" āœ… KMS: Healthy" - } catch { + } else { print $" āŒ KMS: Not responding (required per ADR-007)" } diff --git a/scripts/run-native.nu b/scripts/run-native.nu index 149f918..c3202a3 100644 --- a/scripts/run-native.nu +++ b/scripts/run-native.nu @@ -188,18 +188,18 @@ def "main health" [] { print "šŸ„ Health Check:\n" # Check orchestrator - try { - let health = (http get http://localhost:8080/health) + let r1 = (do { ^http get http://localhost:8080/health } | complete) + if $r1.exit_code == 0 { print $" āœ… Orchestrator: Healthy" - } catch { + } else { print $" āŒ Orchestrator: Not responding" } # Check control-center - try { - let health = (http get http://localhost:8081/health) + let r2 = (do { ^http get http://localhost:8081/health } | complete) + if $r2.exit_code == 0 { print $" āœ… Control Center: Healthy" - } catch { + } else { print $" āŒ Control Center: Not responding" } diff --git a/scripts/start-provisioning-daemon.nu b/scripts/start-provisioning-daemon.nu index 205673c..1712c31 100644 --- a/scripts/start-provisioning-daemon.nu +++ b/scripts/start-provisioning-daemon.nu @@ -22,9 +22,10 @@ def is-running [pid: string] { return false } - try { - (ps | where pid == ($pid | into int) | length) > 0 - } catch { + let r = (do { ps | where pid == ($pid | into int) | length } | complete) + if $r.exit_code == 0 { + ($r.stdout | into int) > 0 + } else { false } } @@ -89,18 +90,22 @@ def stop-cmd [] { print $"Stopping daemon (PID: $pid)..." - try { - ^kill $pid + let r = (do { ^kill $pid } | complete) + if $r.exit_code == 0 { sleep 500ms if (is-running $pid) { print "Force killing daemon..." - ^kill -9 $pid + let r2 = (do { ^kill -9 $pid } | complete) + if $r2.exit_code != 0 { + print "āœ— Failed to force kill daemon" + return + } } remove-pid print "āœ“ Daemon stopped" - } catch { + } else { print "āœ— Failed to stop daemon" } } @@ -117,10 +122,11 @@ def status-cmd [] { print $" HTTP API: http://$DAEMON_HOST:$DAEMON_PORT/api/v1" print $" Nushell: http://$DAEMON_HOST:$DAEMON_PORT/api/v1/execute" - try { - let response = (curl -s $"http://$DAEMON_HOST:$DAEMON_PORT/api/v1/health" | from json) + let r = (do { ^curl -s $"http://$DAEMON_HOST:$DAEMON_PORT/api/v1/health" | from json } | complete) + if $r.exit_code == 0 { + let response = ($r.stdout | from json) print $" Status: ($response.status)" - } catch { + } else { print " Health check failed (daemon may not be responding)" } } diff --git a/scripts/validate-configs.nu b/scripts/validate-configs.nu index e097e0a..5beb0f6 100644 --- a/scripts/validate-configs.nu +++ b/scripts/validate-configs.nu @@ -5,12 +5,8 @@ def check-config [path: string] { if ($path | path exists) { - try { - open $path | ignore - true - } catch { - false - } + let r = (do { open $path | ignore } | complete) + if $r.exit_code == 0 { true } else { false } } else { false } diff --git a/scripts/validate-infrastructure.nu b/scripts/validate-infrastructure.nu index 889ccb8..0dacf3f 100644 --- a/scripts/validate-infrastructure.nu +++ b/scripts/validate-infrastructure.nu @@ -28,16 +28,20 @@ def main [--config-dir: string = "provisioning/platform/infrastructure"] { def validate_docker_compose [config_dir: string] { log info "Validating Docker Compose files..." - let dc_files = (try { ls -la $"($config_dir)/docker-compose/*.yaml" } catch { [] }) - | each { |file| $file.name } + let dc_files_result = (do { ls -la $"($config_dir)/docker-compose/*.yaml" } | complete) + let dc_files = if $dc_files_result.exit_code == 0 { + ($dc_files_result.stdout | lines | each { |line| $line | from json } | each { |file| $file.name }) + } else { + [] + } for file in $dc_files { let filename = $file | path basename - try { - docker-compose -f $file config --quiet + let r = (do { ^docker-compose -f $file config --quiet } | complete) + if $r.exit_code == 0 { log info $" āœ… ($filename)" - } catch {|e| - log warning $" āš ļø ($filename): ($e.msg)" + } else { + log warning $" āš ļø ($filename): validation error" } } } @@ -45,15 +49,19 @@ def validate_docker_compose [config_dir: string] { def validate_kubernetes [config_dir: string] { log info "Validating Kubernetes manifests..." - let k8s_files = (try { ls -la $"($config_dir)/kubernetes/**/*.yaml" } catch { [] }) - | each { |file| $file.name } + let k8s_files_result = (do { ls -la $"($config_dir)/kubernetes/**/*.yaml" } | complete) + let k8s_files = if $k8s_files_result.exit_code == 0 { + ($k8s_files_result.stdout | lines | each { |line| $line | from json } | each { |file| $file.name }) + } else { + [] + } for file in $k8s_files { let filename = $file | path basename - try { - kubectl apply --dry-run=client -f $file out+err> /dev/null + let r = (do { ^kubectl apply --dry-run=client -f $file out+err> /dev/null } | complete) + if $r.exit_code == 0 { log info $" āœ… ($filename)" - } catch {|e| + } else { log warning $" āš ļø ($filename): validation error" } } @@ -62,15 +70,19 @@ def validate_kubernetes [config_dir: string] { def validate_nginx [config_dir: string] { log info "Validating Nginx configurations..." - let nginx_files = (try { ls -la $"($config_dir)/nginx/*.conf" } catch { [] }) - | each { |file| $file.name } + let nginx_files_result = (do { ls -la $"($config_dir)/nginx/*.conf" } | complete) + let nginx_files = if $nginx_files_result.exit_code == 0 { + ($nginx_files_result.stdout | lines | each { |line| $line | from json } | each { |file| $file.name }) + } else { + [] + } for file in $nginx_files { let filename = $file | path basename - try { - nginx -t -c $file out+err> /dev/null + let r = (do { ^nginx -t -c $file out+err> /dev/null } | complete) + if $r.exit_code == 0 { log info $" āœ… ($filename)" - } catch {|e| + } else { log info $" ā„¹ļø ($filename): nginx binary not available" } } @@ -79,15 +91,19 @@ def validate_nginx [config_dir: string] { def validate_prometheus [config_dir: string] { log info "Validating Prometheus configurations..." - let prom_files = (try { ls -la $"($config_dir)/prometheus/*.yml" } catch { [] }) - | each { |file| $file.name } + let prom_files_result = (do { ls -la $"($config_dir)/prometheus/*.yml" } | complete) + let prom_files = if $prom_files_result.exit_code == 0 { + ($prom_files_result.stdout | lines | each { |line| $line | from json } | each { |file| $file.name }) + } else { + [] + } for file in $prom_files { let filename = $file | path basename - try { - promtool check config $file out+err> /dev/null + let r = (do { ^promtool check config $file out+err> /dev/null } | complete) + if $r.exit_code == 0 { log info $" āœ… ($filename)" - } catch {|e| + } else { log info $" ā„¹ļø ($filename): promtool not available" } } diff --git a/scripts/validate-system.nu b/scripts/validate-system.nu index bb2a139..04f4764 100644 --- a/scripts/validate-system.nu +++ b/scripts/validate-system.nu @@ -155,7 +155,7 @@ def main [] { $doc_files | each { |doc| if ($doc | path exists) { - let lines = (open $doc | split row "\n" | length) + let lines = (open $doc | lines | length) print $"āœ“ ($doc) - ($lines) lines" 1 } else {