Class: Subspace::Commands::Secrets

Inherits:
Base
  • Object
show all
Defined in:
lib/subspace/commands/secrets.rb

Instance Method Summary collapse

Methods inherited from Base

#confirm_overwrite, #copy, #dest_dir, #gem_path, #inventory, #pass_through_params, #playbook_dir, #project_name, #project_path, #require_configuration, #set_subspace_version, #template, #template!, #template_dir

Methods included from Ansible

#ansible_command, #ansible_playbook

Constructor Details

#initialize(args, options) ⇒ Secrets

Returns a new instance of Secrets.



2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
 
# File 'lib/subspace/commands/secrets.rb', line 2

def initialize(args, options)
  if args.first == "rekey"
    rekey
  else
    @environment = args.first
    @action = if options.edit
      "edit"
    elsif options.create
      "create"
    else
      "view"
    end

    run
  end
end

Instance Method Details

#create_localObject 



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/subspace/commands/secrets.rb', line 31

def create_local
  if File.exists? File.join(project_path, "config/application.yml")
    answer = ask "config/application.yml already exists. Reply 'yes' to overwrite: [no] "
    abort unless answer == "yes"
  end
  src = application_yml_template
  dest = "config/application.yml"
  vars_file = File.join(project_path, dest_dir, "/secrets/#{@environment}.yml")
  extra_vars = "project_path=#{project_path} vars_file=#{vars_file} src=#{src} dest=#{dest}"
  ansible_command "ansible-playbook", File.join(playbook_dir, "local_template.yml"), "--extra-vars", extra_vars
  say "File created at config/application.yml with #{@environment} secrets"
  say "-------------------------------------------------------------------\n"

  system "cat", "config/application.yml"
end

#rekeyObject 



47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
# File 'lib/subspace/commands/secrets.rb', line 47

def rekey
  secret_files = Dir.glob("config/subspace/secrets/*.yml").map {|x| "secrets/#{File.basename(x)}"}
  exit unless agree("This will re-key your secrets with a new random vault_pass. (#{secret_files}).  Proceed? (yes to continue) ")


  say "Writing new password to .vault_pass.new"
  File.write "config/subspace/.vault_pass.new", SecureRandom.base64(24) + "\n"
  success = ansible_command "ansible-vault", "rekey", "--vault-password-file", ".vault_pass", "--new-vault-password-file", ".vault_pass.new", "-v", *secret_files
  if success
    FileUtils.mv "config/subspace/.vault_pass", "config/subspace/.vault_pass.old"
    FileUtils.mv "config/subspace/.vault_pass.new", "config/subspace/.vault_pass"
  else
    say "Something went wrong, not changing .vault_pass"
  end
end

#runObject 



19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/subspace/commands/secrets.rb', line 19

def run
  update_ansible_cfg
  case @action
  when "create"
    create_local
  when "view", "edit"
    ansible_command "ansible-vault", @action, "secrets/#{@environment}.yml"
  else
    abort "Invalid secrets command"
  end
end