Brightbox Cloud Command Line Interface¶ ↑
‘brightbox-cli` is a set of cli tools to interact with the Brightbox Cloud API.
You will need a Brightbox account in order to make use of these tools.
You can sign up at cloud.brightbox.com/signup
Installation instructions¶ ↑
Install from Rubygems
$ gem install brightbox-cli
Usage¶ ↑
The Brightbox CLI is a suite of tools that are accessible through the ‘brightbox` command in a similar way to how you access `git` commands.
For a list of available commands use:
$ brightbox help
To login with your user credentials use:
$ brightbox login john@example.com
To instead add api client (account-specific) credentials use:
$ brightbox config client_add cli-2igtb theclientsecret Using config file /home/ubuntu/.brightbox/config Creating new api client config cli-2igtb
To browse available resources use the resource name as the command:
$ brightbox servers ... List of servers $ brightbox images ... List of images
Two factor authentication ===¶ ↑
If you’ve enabled two factor authentication for your user, you should be prompted for a one time password (OTP) when it is required unless you have set up a two factor helper (see below).
The previous configuration setting ‘two_factor` is no longer required when using v4.0 or greater. This is ignored and can be removed.
Integrating with a password manager¶ ↑
You can retrieve your passwords from an external password manager by specifying a password helper command. This command will be executed any time your password is required and its output used as your password.
Configure the command in your config file (usually ~/.brightbox/config) in the appropriate section:
[john@example.com] username = john@example.com password_helper_command = pass john-example-com-brightbox
You can also specify a separate helper command to retrive two factor pins:
[john@example.com] username = john@example.com password_helper_command = pass john-example-com-brightbox two_factor_helper_command = get-two-factor-pin john-example-com-brightbox
Using GPG to secure passwords¶ ↑
If you use an OAuth application to access your accounts (www.brightbox.com/docs/guides/manager/oauth-applications/) then you frequently need to renter your password.
From v1.5.0 you can store your password locally encrypted by GPG (www.gnupg.org/) which will decrypt the password when needed. This will prompt for your GPG key if not available to the GPG agent using your OS’s configured pinentry program.
You need to have setup GPG with your own keys and have configured the pinentry to prompt you when the key is locked.
The password file is named after your configuration’s alias:
$ brightbox config alias client_id secret api_url auth_url ------------------------------------------------------------------------------------------------------------------ *main app-12345 xxxxxxxxxxxxxxx https://api.gb1.brightbox.com https://api.gb1.brightbox.com ------------------------------------------------------------------------------------------------------------------
The alias here is ‘main`. To prepare the password run this command:
$ gpg --encrypt --recipient gpg@example.com > ~/.brightbox/main.password.gpg (type your password)<RETURN> <CTRL+D> # Test it with... $ gpg --decrypt ~/.brightbox/main.password.gpg password!2015 $ brightbox accounts INFO: Decrypting /home/user/.brightbox/main.password.gpg to obtain password gpg: encrypted with 2048-bit RSA key, ID ABCDE890, created 2015-01-01 "Jason Null <gpg@example.com>" Your API credentials have been updated, please re-run your command.
Now when making commands you should only have to unlock your keyring to avoid typing your password.
If you are prompted to enter your password still then the file may be named incorrectly or there may be an issue with your GPG configuration.
To remove the password delete the ‘~/.brightbox/main.password.gpg` file.
Integrating with a password manager¶ ↑
You can retrieve your passwords from an external password manager by specifying a password helper command. This command will be executed any time your password is required and its output used as your password.
Configure the command in your config file (usually ~/.brightbox/config) in the appropriate section:
[john@example.com] username = john@example.com password_helper_command = pass john-example-com-brightbox
Documentation¶ ↑
BASH Auto-completion¶ ↑
A bash shell auto-completion script is provided to allow autocompletion of all sub-commands, options and resource identifiers. It is automatically configured by the Debian/Ubuntu packages, but if you’re installing from a gem you can manually tell bash about it like this:
complete -C _brightbox-bash-completer -o filenames brightbox
The command ‘_brightbox-bash-completer` should be installed in the system path when you install the gem. If for whatever reason it is not in the path, just specify the full path to it:
complete -C /full/path/to/bin/_brightbox-bash-completer -o filenames brightbox
UPGRADE NOTES¶ ↑
Version 4.0.0 removes the older, backward compatible binaries for users of the original ‘brightbox` (brightbox-deployment) gem.
So ‘brightbox-servers` will no longer work. Use the subcommand variation `brightbox servers` instead.
Alternatives¶ ↑
There are a number of alternative ways to manage Brightbox resources:
-
Control Panel - cloud.brightbox.com/
-
Terraform – registry.terraform.io/providers/brightbox/brightbox/latest
-
Kubernetes - github.com/brightbox/brightbox-cloud-controller-manager
Testing¶ ↑
You should be able to run the specs and features with the following steps:
$ bundle install $ bundle exec rake
The specs use VCR to playback filtered recordings from real API sessions. This process is not perfect, please report an issue
Packaging¶ ↑
Vendoring libraries¶ ↑
gems can be vendored into ‘lib/brightbox-cli/vendor/` for packaging and will be prioritised over any gems.
Debian/Ubuntu packaging¶ ↑
Packaging scripts are available in github.com/NeilW/brightbox-cli-debian-packaging
License¶ ↑
Copyright © 2010-2013 John Leach, Brightbox Systems Ltd <john@brightbox.co.uk>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.