Class: Nvoi::Cli::Credentials::Edit::Command

Inherits:

Object

• Object
• Nvoi::Cli::Credentials::Edit::Command

Defined in:

lib/nvoi/cli/credentials/edit/command.rb

Overview

Command handles editing encrypted credentials

Constant Summary

DEFAULT_ENCRYPTED_FILE =

"deploy.enc"

DEFAULT_KEY_FILE =

"deploy.key"

DEFAULT_EDITOR =

"vim"

TEMP_FILE_PATTERN =

"nvoi-credentials-"

Instance Method Summary

• #initialize(options) ⇒ Command constructor

  A new instance of Command.

• #run ⇒ Object
• #set(path, value) ⇒ Object

Constructor Details

#initialize(options) ⇒ Command

Returns a new instance of Command.

# File 'lib/nvoi/cli/credentials/edit/command.rb', line 17

def initialize(options)
  @options = options
  @log = Nvoi.logger
  @editor = ENV["EDITOR"] || DEFAULT_EDITOR
end

Instance Method Details

#run ⇒ Object

# File 'lib/nvoi/cli/credentials/edit/command.rb', line 23

def run
  @log.info "Credentials Editor"

  working_dir = resolve_working_dir
  enc_path = resolve_enc_path(working_dir)
  is_first_time = !File.exist?(enc_path)

  manager = if is_first_time
    @log.info "Creating new encrypted credentials file"
    Utils::CredentialStore.for_init(working_dir)
  else
    Utils::CredentialStore.new(working_dir, @options[:credentials], @options[:master_key])
  end

  # Get initial content
  content = if is_first_time
    default_template
  else
    manager.read
  end

  # Create temp file
  tmp_file = Tempfile.new([TEMP_FILE_PATTERN, ".yaml"])
  tmp_path = tmp_file.path

  begin
    tmp_file.write(content)
    tmp_file.close

    # Edit loop: keep opening editor until valid or user quits
    loop do
      # Get file mtime before edit
      before_mtime = File.mtime(tmp_path)

      # Open editor
      unless system(@editor, tmp_path)
        raise Errors::CredentialError, "editor failed"
      end

      # Check if file was modified
      after_mtime = File.mtime(tmp_path)
      if after_mtime == before_mtime
        puts "No changes made, aborting."
        return
      end

      # Read edited content
      edited_content = File.read(tmp_path)

      # Validate
      validation_error = validate(edited_content)
      if validation_error
        puts "\n\e[31mValidation failed:\e[0m #{validation_error}"
        puts "\nPress Enter to re-edit, or Ctrl+C to abort..."
        $stdin.gets
        next
      end

      # Valid: save
      if is_first_time
        manager.initialize_credentials(edited_content)
      else
        manager.write(edited_content)
      end

      puts "\e[32mCredentials saved:\e[0m #{manager.encrypted_path}"
      break
    end
  ensure
    tmp_file.close rescue nil
    tmp_file.unlink rescue nil
  end

  # Update .gitignore on first run
  if manager.key_path
    begin
      update_gitignore(working_dir)
      @log.info "Added %s to .gitignore", DEFAULT_KEY_FILE
    rescue StandardError => e
      @log.warning "Failed to update .gitignore: %s", e.message
    end

    @log.success "Master key saved to: %s", manager.key_path
    @log.warning "Keep this key safe! You cannot decrypt credentials without it."
  end
end

#set(path, value) ⇒ Object

# File 'lib/nvoi/cli/credentials/edit/command.rb', line 110

def set(path, value)
  @log.info "Setting credential value"

  working_dir = resolve_working_dir
  manager = Utils::CredentialStore.new(working_dir, @options[:credentials], @options[:master_key])

  # Read current content
  content = manager.read
  data = YAML.safe_load(content, permitted_classes: [Symbol])

  # Navigate path and set value
  keys = path.split(".")
  current = data

  # Handle 'application.' prefix - it's implied
  keys.shift if keys.first == "application"

  # Navigate to parent
  keys[0..-2].each do |key|
    current["application"] ||= {}
    current = current["application"]
    current[key] ||= {}
    current = current[key]
  end

  # Set the value
  if keys.length == 1
    data["application"] ||= {}
    data["application"][keys.last] = value
  else
    current[keys.last] = value
  end

  # Write back
  new_content = YAML.dump(data)
  manager.write(new_content)

  @log.success "Updated: %s = %s", path, value
end