Merge pull request #91 from redis-field-engineering/feat/phase-3-next-priorities

joshrotenberg · web-flow · commit 8ff24b7e26e6 · 2025-08-22T21:47:46.000-07:00
feat: add comprehensive SSO/SAML management and fix Cloud database backup
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -54,11 +54,16 @@ jobs:
       - name: Install Rust
         uses: dtolnay/rust-toolchain@stable
       
+      - name: Cache cargo
+        uses: Swatinem/rust-cache@v2
+      
       - name: Install tarpaulin
-        run: cargo install cargo-tarpaulin
+        uses: taiki-e/install-action@v2
+        with:
+          tool: cargo-tarpaulin
       
       - name: Generate coverage
-        run: cargo tarpaulin --workspace --all-features --out xml
+        run: cargo tarpaulin --workspace --all-features --out xml --timeout 300
       
       - name: Upload coverage to Codecov
         uses: codecov/codecov-action@v3
diff --git a/CLAUDE.md b/CLAUDE.md
@@ -454,4 +454,5 @@ Based on Redis Enterprise REST API v7+ documentation:
 3. Run `cargo test --workspace` to ensure everything is working
 4. Check for outdated dependencies: `cargo outdated`
 5. Review GitHub issues for priority tasks
-- remember to run clippy and fmt before pushing to github
+- remember to run clippy and fmt before pushing to github
+- these shoulnd't be in prs: 🤖 Generated with Claude Code
diff --git a/crates/redisctl/src/cli.rs b/crates/redisctl/src/cli.rs
@@ -167,6 +167,11 @@ pub enum CloudCommands {
         #[command(subcommand)]
         command: PrivateServiceConnectCommands,
     },
+    /// SSO/SAML management
+    Sso {
+        #[command(subcommand)]
+        command: SsoCommands,
+    },
 }
 
 #[derive(Subcommand)]
@@ -1130,3 +1135,128 @@ pub enum PrivateServiceConnectCommands {
         force: bool,
     },
 }
+
+#[derive(Subcommand)]
+pub enum SsoCommands {
+    /// Show SSO configuration
+    Show,
+    /// Update SSO configuration
+    Update {
+        /// Provider name (e.g., okta, azure)
+        #[arg(long)]
+        provider: String,
+        /// SSO login URL
+        #[arg(long)]
+        login_url: String,
+        /// SSO logout URL
+        #[arg(long)]
+        logout_url: Option<String>,
+        /// Enable SSO
+        #[arg(long)]
+        enabled: Option<bool>,
+    },
+    /// Delete SSO configuration
+    Delete {
+        /// Skip confirmation
+        #[arg(long)]
+        force: bool,
+    },
+    /// Test SSO configuration
+    Test {
+        /// Test user email
+        #[arg(long)]
+        email: String,
+    },
+
+    // SAML specific commands
+    /// Show SAML configuration
+    SamlShow,
+    /// Update SAML configuration
+    SamlUpdate {
+        /// SAML issuer URL
+        #[arg(long)]
+        issuer: String,
+        /// SAML SSO URL
+        #[arg(long)]
+        sso_url: String,
+        /// SAML certificate content
+        #[arg(long)]
+        certificate: Option<String>,
+    },
+    /// Get SAML metadata
+    SamlMetadata,
+    /// Upload SAML certificate
+    SamlUploadCert {
+        /// Certificate file path or content
+        certificate: String,
+    },
+
+    // User mapping commands
+    /// List SSO users
+    UserList,
+    /// Show SSO user details
+    UserShow {
+        /// User ID
+        id: u32,
+    },
+    /// Create SSO user mapping
+    UserCreate {
+        /// SSO user email
+        #[arg(long)]
+        email: String,
+        /// Local user ID to map to
+        #[arg(long)]
+        local_user_id: u32,
+        /// User role
+        #[arg(long)]
+        role: String,
+    },
+    /// Update SSO user mapping
+    UserUpdate {
+        /// User ID
+        id: u32,
+        /// Local user ID to map to
+        #[arg(long)]
+        local_user_id: Option<u32>,
+        /// User role
+        #[arg(long)]
+        role: Option<String>,
+    },
+    /// Delete SSO user mapping
+    UserDelete {
+        /// User ID
+        id: u32,
+        /// Skip confirmation
+        #[arg(long)]
+        force: bool,
+    },
+
+    // Group mapping commands
+    /// List SSO groups
+    GroupList,
+    /// Create SSO group mapping
+    GroupCreate {
+        /// SSO group name
+        #[arg(long)]
+        name: String,
+        /// Local role to map to
+        #[arg(long)]
+        role: String,
+    },
+    /// Update SSO group mapping
+    GroupUpdate {
+        /// Group ID
+        id: u32,
+        /// Local role to map to
+        #[arg(long)]
+        role: String,
+    },
+    /// Delete SSO group mapping
+    GroupDelete {
+        /// Group ID
+        id: u32,
+        /// Skip confirmation
+        #[arg(long)]
+        force: bool,
+    },
+}
diff --git a/crates/redisctl/src/commands/cloud.rs b/crates/redisctl/src/commands/cloud.rs
@@ -6,7 +6,7 @@ use crate::cli::{
     AccountCommands, AclCommands, ApiKeyCommands, BackupCommands, CloudAccountCommands,
     CloudCommands, CrdbCommands, DatabaseCommands, FixedPlanCommands, FlexiblePlanCommands,
     LogsCommands, MetricsCommands, PeeringCommands, PrivateServiceConnectCommands, RegionCommands,
-    SubscriptionCommands, TaskCommands, TransitGatewayCommands, UserCommands,
+    SsoCommands, SubscriptionCommands, TaskCommands, TransitGatewayCommands, UserCommands,
 };
 use crate::commands::api::handle_cloud_api;
 
@@ -76,6 +76,9 @@ pub async fn handle_cloud_command(
         CloudCommands::PrivateServiceConnect { command } => {
             handle_private_service_connect_command(command, profile, output_format, query).await
         }
+        CloudCommands::Sso { command } => {
+            handle_sso_command(command, profile, output_format, query).await
+        }
     }
 }
 
@@ -166,8 +169,21 @@ pub async fn handle_database_command(
                 .await?;
             println!("Database {} deleted successfully", id);
         }
-        DatabaseCommands::Backup { id: _ } => {
-            anyhow::bail!("Backup operations not yet implemented for Cloud databases");
+        DatabaseCommands::Backup { id } => {
+            let (subscription_id, database_id) = parse_database_id(&id)?;
+            let backup_data = serde_json::json!({
+                "description": format!("Database backup for {}", id)
+            });
+            let task = client
+                .post_raw(
+                    &format!(
+                        "/subscriptions/{}/databases/{}/backup",
+                        subscription_id, database_id
+                    ),
+                    backup_data,
+                )
+                .await?;
+            print_output(task, output_format, query)?;
         }
         DatabaseCommands::Import { id, url } => {
             let (subscription_id, database_id) = parse_database_id(&id)?;
@@ -1414,3 +1430,186 @@ pub async fn handle_private_service_connect_command(
 
     Ok(())
 }
+
+pub async fn handle_sso_command(
+    command: SsoCommands,
+    profile: &Profile,
+    output_format: OutputFormat,
+    query: Option<&str>,
+) -> Result<()> {
+    let client = create_cloud_client(profile)?;
+
+    match command {
+        SsoCommands::Show => {
+            let sso_config = client.get_raw("/sso").await?;
+            print_output(sso_config, output_format, query)?;
+        }
+        SsoCommands::Update {
+            provider,
+            login_url,
+            logout_url,
+            enabled,
+        } => {
+            let mut update_data = serde_json::json!({
+                "provider": provider,
+                "loginUrl": login_url
+            });
+
+            if let Some(logout_url) = logout_url {
+                update_data["logoutUrl"] = serde_json::Value::String(logout_url);
+            }
+            if let Some(enabled) = enabled {
+                update_data["enabled"] = serde_json::Value::Bool(enabled);
+            }
+
+            let sso_config = client.put_raw("/sso", update_data).await?;
+            print_output(sso_config, output_format, query)?;
+        }
+        SsoCommands::Delete { force } => {
+            if !force {
+                println!("Are you sure you want to delete SSO configuration? Use --force to skip confirmation.");
+                return Ok(());
+            }
+            client.delete_raw("/sso").await?;
+            println!("SSO configuration deleted successfully");
+        }
+        SsoCommands::Test { email } => {
+            let test_data = serde_json::json!({
+                "email": email
+            });
+            let result = client.post_raw("/sso/test", test_data).await?;
+            print_output(result, output_format, query)?;
+        }
+
+        // SAML specific commands
+        SsoCommands::SamlShow => {
+            let saml_config = client.get_raw("/sso/saml").await?;
+            print_output(saml_config, output_format, query)?;
+        }
+        SsoCommands::SamlUpdate {
+            issuer,
+            sso_url,
+            certificate,
+        } => {
+            let mut update_data = serde_json::json!({
+                "issuer": issuer,
+                "ssoUrl": sso_url
+            });
+
+            if let Some(certificate) = certificate {
+                update_data["certificate"] = serde_json::Value::String(certificate);
+            }
+
+            let saml_config = client.put_raw("/sso/saml", update_data).await?;
+            print_output(saml_config, output_format, query)?;
+        }
+        SsoCommands::SamlMetadata => {
+            let metadata = client.get_raw("/sso/saml/metadata").await?;
+            print_output(metadata, output_format, query)?;
+        }
+        SsoCommands::SamlUploadCert { certificate } => {
+            let cert_data = serde_json::json!({
+                "certificate": certificate
+            });
+            let result = client.post_raw("/sso/saml/certificate", cert_data).await?;
+            print_output(result, output_format, query)?;
+        }
+
+        // User mapping commands
+        SsoCommands::UserList => {
+            let users = client.get_raw("/sso/users").await?;
+            print_output(users, output_format, query)?;
+        }
+        SsoCommands::UserShow { id } => {
+            let user = client.get_raw(&format!("/sso/users/{}", id)).await?;
+            print_output(user, output_format, query)?;
+        }
+        SsoCommands::UserCreate {
+            email,
+            local_user_id,
+            role,
+        } => {
+            let create_data = serde_json::json!({
+                "email": email,
+                "localUserId": local_user_id,
+                "role": role
+            });
+            let user = client.post_raw("/sso/users", create_data).await?;
+            print_output(user, output_format, query)?;
+        }
+        SsoCommands::UserUpdate {
+            id,
+            local_user_id,
+            role,
+        } => {
+            let mut update_data = serde_json::Map::new();
+            if let Some(local_user_id) = local_user_id {
+                update_data.insert(
+                    "localUserId".to_string(),
+                    serde_json::Value::Number(local_user_id.into()),
+                );
+            }
+            if let Some(role) = role {
+                update_data.insert("role".to_string(), serde_json::Value::String(role));
+            }
+            if update_data.is_empty() {
+                anyhow::bail!("No update fields provided");
+            }
+
+            let user = client
+                .put_raw(
+                    &format!("/sso/users/{}", id),
+                    serde_json::Value::Object(update_data),
+                )
+                .await?;
+            print_output(user, output_format, query)?;
+        }
+        SsoCommands::UserDelete { id, force } => {
+            if !force {
+                println!(
+                    "Are you sure you want to delete SSO user mapping {}? Use --force to skip confirmation.",
+                    id
+                );
+                return Ok(());
+            }
+            client.delete_raw(&format!("/sso/users/{}", id)).await?;
+            println!("SSO user mapping {} deleted successfully", id);
+        }
+
+        // Group mapping commands
+        SsoCommands::GroupList => {
+            let groups = client.get_raw("/sso/groups").await?;
+            print_output(groups, output_format, query)?;
+        }
+        SsoCommands::GroupCreate { name, role } => {
+            let create_data = serde_json::json!({
+                "name": name,
+                "role": role
+            });
+            let group = client.post_raw("/sso/groups", create_data).await?;
+            print_output(group, output_format, query)?;
+        }
+        SsoCommands::GroupUpdate { id, role } => {
+            let update_data = serde_json::json!({
+                "role": role
+            });
+            let group = client
+                .put_raw(&format!("/sso/groups/{}", id), update_data)
+                .await?;
+            print_output(group, output_format, query)?;
+        }
+        SsoCommands::GroupDelete { id, force } => {
+            if !force {
+                println!(
+                    "Are you sure you want to delete SSO group mapping {}? Use --force to skip confirmation.",
+                    id
+                );
+                return Ok(());
+            }
+            client.delete_raw(&format!("/sso/groups/{}", id)).await?;
+            println!("SSO group mapping {} deleted successfully", id);
+        }
+    }
+
+    Ok(())
+}
