Class: Gitlab::EncryptedCommandBase
- Inherits:
-
Object
- Object
- Gitlab::EncryptedCommandBase
show all
- Defined in:
- lib/gitlab/encrypted_command_base.rb
Constant Summary
collapse
- DISPLAY_NAME =
"Base"
- EDIT_COMMAND_NAME =
"base"
Class Method Summary
collapse
Class Method Details
.edit(args: {}) ⇒ Object
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
# File 'lib/gitlab/encrypted_command_base.rb', line 28
def edit(args: {})
encrypted = encrypted_secrets(**args)
return unless validate_config(encrypted)
if ENV["EDITOR"].blank?
warn 'No $EDITOR specified to open file. Please provide one when running the command:'
warn "gitlab-rake #{self::EDIT_COMMAND_NAME} EDITOR=vim"
return
end
temp_file = Tempfile.new(File.basename(encrypted.content_path), File.dirname(encrypted.content_path))
contents_changed = false
encrypted.change do |contents|
contents = encrypted_file_template unless File.exist?(encrypted.content_path)
File.write(temp_file.path, contents)
edit_success = system(*editor_args, temp_file.path)
raise "Unable to run $EDITOR: #{editor_args}" unless edit_success
changes = File.read(temp_file.path)
contents_changed = contents != changes
validate_contents(changes)
changes
end
puts "Contents were unchanged." unless contents_changed
puts "File encrypted and saved."
rescue Interrupt
warn "Aborted changing file: nothing saved."
rescue ActiveSupport::MessageEncryptor::InvalidMessage
warn "Couldn't decrypt #{encrypted.content_path}. Perhaps you passed the wrong key?"
ensure
temp_file&.unlink
end
|
.editor_args ⇒ Object
107
108
109
|
# File 'lib/gitlab/encrypted_command_base.rb', line 107
def editor_args
ENV['EDITOR']&.split
end
|
.encrypted_file_template ⇒ Object
103
104
105
|
# File 'lib/gitlab/encrypted_command_base.rb', line 103
def encrypted_file_template
raise NotImplementedError
end
|
.encrypted_secrets(**args) ⇒ Object
10
11
12
|
# File 'lib/gitlab/encrypted_command_base.rb', line 10
def encrypted_secrets(**args)
raise NotImplementedError
end
|
.show(args: {}) ⇒ Object
65
66
67
68
69
70
71
72
|
# File 'lib/gitlab/encrypted_command_base.rb', line 65
def show(args: {})
encrypted = encrypted_secrets(**args)
return unless validate_config(encrypted)
puts encrypted.read.presence || "File '#{encrypted.content_path}' does not exist. Use `gitlab-rake #{self::EDIT_COMMAND_NAME}` to change that."
rescue ActiveSupport::MessageEncryptor::InvalidMessage
warn "Couldn't decrypt #{encrypted.content_path}. Perhaps you passed the wrong key?"
end
|
.validate_config(encrypted) ⇒ Object
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
# File 'lib/gitlab/encrypted_command_base.rb', line 74
def validate_config(encrypted)
dir_path = File.dirname(encrypted.content_path)
unless File.exist?(dir_path)
warn "Directory #{dir_path} does not exist. Create the directory and try again."
return false
end
if encrypted.key.nil?
warn "Missing encryption key encrypted_settings_key_base."
return false
end
true
end
|
.validate_contents(contents) ⇒ Object
90
91
92
93
94
95
96
97
98
99
100
101
|
# File 'lib/gitlab/encrypted_command_base.rb', line 90
def validate_contents(contents)
begin
config = YAML.safe_load(contents, permitted_classes: [Symbol])
error_contents = "Did not include any key-value pairs" unless config.is_a?(Hash)
rescue Psych::Exception => e
error_contents = e.message
end
puts "WARNING: Content was not a valid #{self::DISPLAY_NAME} secret yml file. #{error_contents}" if error_contents
contents
end
|
.write(contents, args: {}) ⇒ Object
14
15
16
17
18
19
20
21
22
23
24
25
26
|
# File 'lib/gitlab/encrypted_command_base.rb', line 14
def write(contents, args: {})
encrypted = encrypted_secrets(**args)
return unless validate_config(encrypted)
validate_contents(contents)
encrypted.write(contents)
puts "File encrypted and saved."
rescue Interrupt
warn "Aborted changing file: nothing saved."
rescue ActiveSupport::MessageEncryptor::InvalidMessage
warn "Couldn't decrypt #{encrypted.content_path}. Perhaps you passed the wrong key?"
end
|