Class: Seira::Secrets

Inherits:

Object

• Object
• Seira::Secrets

Defined in:

lib/seira/secrets.rb

Constant Summary

VALID_ACTIONS =

%w[help get set unset list list-decoded].freeze

PGBOUNCER_SECRETS_NAME =

'pgbouncer-secrets'.freeze

SUMMARY =

"Manage your application's secrets and environment variables.".freeze

Instance Attribute Summary

• #action ⇒ Object readonly

  Returns the value of attribute action.

• #app ⇒ Object readonly

  Returns the value of attribute app.

• #args ⇒ Object readonly

  Returns the value of attribute args.

• #context ⇒ Object readonly

  Returns the value of attribute context.

Instance Method Summary

• #copy_secret_across_namespace(key:, to:, from:) ⇒ Object
• #get(key) ⇒ Object
• #initialize(app:, action:, args:, context:) ⇒ Secrets constructor

  A new instance of Secrets.

• #main_secret_name ⇒ Object
• #run ⇒ Object

Constructor Details

#initialize(app:, action:, args:, context:) ⇒ Secrets

Returns a new instance of Secrets.

# File 'lib/seira/secrets.rb', line 17

def initialize(app:, action:, args:, context:)
  @app = app
  @action = action
  @args = args
  @context = context
end

Instance Attribute Details

#action ⇒ Object (readonly)

Returns the value of attribute action.

# File 'lib/seira/secrets.rb', line 15

def action
  @action
end

#app ⇒ Object (readonly)

Returns the value of attribute app.

# File 'lib/seira/secrets.rb', line 15

def app
  @app
end

#args ⇒ Object (readonly)

Returns the value of attribute args.

# File 'lib/seira/secrets.rb', line 15

def args
  @args
end

#context ⇒ Object (readonly)

Returns the value of attribute context.

# File 'lib/seira/secrets.rb', line 15

def context
  @context
end

Instance Method Details

#copy_secret_across_namespace(key:, to:, from:) ⇒ Object

# File 'lib/seira/secrets.rb', line 46

def copy_secret_across_namespace(key:, to:, from:)
  puts "Copying the #{key} secret from namespace #{from} to #{to}."
  json_string = `kubectl get secret #{key} --namespace #{from} -o json`
  secrets = JSON.parse(json_string)

  # At this point we would preferably simply do a write_secrets call, but the metadata is highly coupled to old
  # namespace so we need to clear out the old metadata
  new_secrets = Marshal.load(Marshal.dump(secrets))
  new_secrets.delete('metadata')
  new_secrets['metadata'] = {
    'name' => key,
    'namespace' => to
  }
  write_secrets(secrets: new_secrets, secret_name: key)
end

#get(key) ⇒ Object

# File 'lib/seira/secrets.rb', line 66

def get(key)
  secrets = fetch_current_secrets
  encoded_value = secrets.dig('data', key)
  encoded_value.nil? ? nil : Base64.decode64(encoded_value)
end

#main_secret_name ⇒ Object

# File 'lib/seira/secrets.rb', line 62

def main_secret_name
  "#{app}-secrets"
end

#run ⇒ Object

# File 'lib/seira/secrets.rb', line 24

def run
  case action
  when 'help'
    run_help
  when 'get'
    validate_single_key
    run_get
  when 'set'
    validate_keys_and_values
    run_set
  when 'unset'
    validate_single_key
    run_unset
  when 'list'
    run_list
  when 'list-decoded'
    run_list_decoded
  else
    fail "Unknown command encountered"
  end
end