2 files changed, 40 insertions, 8 deletions

diff --git a/lib/leap_cli/commands/db.rb b/lib/leap_cli/commands/db.rb
index e4fd3858..5307ac4d 100644
--- a/lib/leap_cli/commands/db.rb
+++ b/lib/leap_cli/commands/db.rb
@@ -5,15 +5,28 @@ module LeapCli; module Commands
     db.desc 'Destroy one or more databases. If present, limit to FILTER nodes. For example `leap db destroy --db sessions,tokens testing`.'
     db.arg_name 'FILTER', :optional => true
     db.command :destroy do |destroy|
-      destroy.flag :db, :arg_name => "DATABASES", :desc => 'Comma separated list of databases to destroy (no space). Use "--db all" to destroy all databases.', :optional => false
+      destroy.flag :db, :arg_name => "DATABASES", :desc => 'Comma separated list of databases to destroy (no space). Use "--db all" to destroy all databases.', :optional => true
+      destroy.flag :user, :arg_name => "USERS", :desc => 'Comma separated list of usernames. The storage databases for these user(s) will be destroyed.', :optional => true
       destroy.action do |global_options,options,args|
         dbs = (options[:db]||"").split(',')
-        bail!('No databases specified') if dbs.empty?
+        users = (options[:user]||"").split(',')
+        if dbs.empty? && users.empty?
+          bail!('Either --db or --user is required.')
+        end
         nodes = manager.filter(args)
         if nodes.any?
           nodes = nodes[:services => 'couchdb']
         end
-        if nodes.any?
+        unless nodes.any?
+          bail! 'No db nodes selected.'
+        end
+        if users.any?
+          unless global_options[:yes]
+            say 'You are about to permanently destroy user databases for [%s] for nodes [%s].' % [users.join(', '), nodes.keys.join(', ')]
+            bail! unless agree("Continue? ")
+          end
+          destroy_user_dbs(nodes, users)
+        elsif dbs.any?
           unless global_options[:yes]
             if dbs.include?('all')
               say 'You are about to permanently destroy all database data for nodes [%s].' % nodes.keys.join(', ')
@@ -28,8 +41,6 @@ module LeapCli; module Commands
             destroy_dbs(nodes, dbs)
           end
           say 'You must run `leap deploy` in order to create the databases again.'
-        else
-          say 'No nodes'
         end
       end
     end
@@ -39,8 +50,7 @@ module LeapCli; module Commands
 
   def destroy_all_dbs(nodes)
     ssh_connect(nodes) do |ssh|
-      ssh.run('/etc/init.d/bigcouch stop && test ! -z "$(ls /opt/bigcouch/var/lib/ 2> /dev/null)" && rm -r /opt/bigcouch/var/lib/* && echo "db destroyed" || echo "db already destroyed"')
-      ssh.run('grep ^seq_dir /etc/leap/tapicero.yaml | cut -f2 -d\" | xargs rm -rv')
+      ssh.run('/etc/init.d/bigcouch stop && test ! -z "$(ls /opt/bigcouch/var/lib/ 2> /dev/null)" && rm -r /opt/bigcouch/var/lib/* && echo "All DBs destroyed" || echo "DBs already destroyed"')
     end
   end
 
@@ -54,6 +64,16 @@ module LeapCli; module Commands
     end
   end
 
+  def destroy_user_dbs(nodes, users)
+    nodes.each_node do |node|
+      ssh_connect(node) do |ssh|
+        users.each do |user|
+          ssh.run(DESTROY_USER_DB_COMMAND % {:user => user})
+        end
+      end
+    end
+  end
+
   DESTROY_DB_COMMAND = %{
 if [ 200 = `curl -ns -w "%%{http_code}" -X GET "127.0.0.1:5984/%{db}" -o /dev/null` ]; then
   echo "Result from DELETE /%{db}:" `curl -ns -X DELETE "127.0.0.1:5984/%{db}"`;
@@ -62,4 +82,5 @@ else
 fi
 }
 
+  DESTROY_USER_DB_COMMAND = %{/srv/leap/couchdb/scripts/destroy-user-db --username %{user}}
 end; end
diff --git a/lib/leap_cli/macros/stunnel.rb b/lib/leap_cli/macros/stunnel.rb
index f16308c7..821bda38 100644
--- a/lib/leap_cli/macros/stunnel.rb
+++ b/lib/leap_cli/macros/stunnel.rb
@@ -49,12 +49,14 @@ module LeapCli
       result = Config::ObjectList.new
       node_list.each_node do |node|
         if node.name != self.name || options[:include_self]
+          s_port = stunnel_port(port)
           result["#{node.name}_#{port}"] = Config::Object[
             'accept_port', @next_stunnel_port,
             'connect', node.domain.internal,
-            'connect_port', stunnel_port(port),
+            'connect_port', s_port,
             'original_port', port
           ]
+          manager.connections.add(:from => @node.ip_address, :to => node.ip_address, :port => s_port)
           @next_stunnel_port += 1
         end
       end
@@ -76,6 +78,15 @@ module LeapCli
       }
     end
 
+    #
+    # lists the ips that connect to this node, on particular ports.
+    #
+    def stunnel_firewall
+      manager.connections.select {|connection|
+        connection['to'] == @node.ip_address
+      }
+    end
+
     private
 
     #