Method: Sanctum::Command::Push#run

Defined in:
lib/sanctum/command/push.rb

#runObject 



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'lib/sanctum/command/push.rb', line 8

def run
  targets.each do |target|
    # Use command line if force: true
    if options[:cli][:force]
      force = options[:cli][:force]
    else
      force = target.fetch(:force) {options[:sanctum][:force]}
    end

    # Build array of local paths by recursively searching for local files for each prefix specified in sanctum.yaml
    local_paths = get_local_paths(File.join(File.dirname(config_file), target[:path]))

    local_secrets = build_local_secrets(local_paths)
    vault_secrets = build_vault_secrets(local_paths, target[:prefix], target[:path])

    # Compare secrets
    # vault_secrets paths have been mapped to local_paths to make comparison easier
    differences = compare_secrets(vault_secrets, local_secrets, target[:name], "push")
    next if differences.nil?

    # Get uniq array of HashDiff returned paths
    diff_paths = differences.map{|x| x[1][0]}.uniq

    # Only write changes
    vault_secrets = only_changes(diff_paths, local_secrets)

    #Convert paths back to vault prefix so we can sync
    vault_secrets = vault_secrets.map {|k, v| [k.gsub(File.join(File.dirname(config_file), target[:path]), target[:prefix]), v] }.to_h

    if force
      warn red("#{target[:name]}: Forcefully writing differences to vault(push)")
      VaultTransit.write_to_vault(vault_client, vault_secrets)
    else
      #Confirm with user, and write to local file if approved
      next unless confirmed_with_user?
      VaultTransit.write_to_vault(vault_client, vault_secrets)
    end
  end
end