diff options
Diffstat (limited to 'lib/gitlab/encrypted_ldap_command.rb')
-rw-r--r-- | lib/gitlab/encrypted_ldap_command.rb | 92 |
1 files changed, 6 insertions, 86 deletions
diff --git a/lib/gitlab/encrypted_ldap_command.rb b/lib/gitlab/encrypted_ldap_command.rb index cdb3e268b51..3675646185e 100644 --- a/lib/gitlab/encrypted_ldap_command.rb +++ b/lib/gitlab/encrypted_ldap_command.rb @@ -2,93 +2,13 @@ # rubocop:disable Rails/Output module Gitlab - class EncryptedLdapCommand - class << self - def write(contents) - encrypted = Gitlab::Auth::Ldap::Config.encrypted_secrets - return unless validate_config(encrypted) - - validate_contents(contents) - encrypted.write(contents) - - puts "File encrypted and saved." - rescue Interrupt - puts "Aborted changing file: nothing saved." - rescue ActiveSupport::MessageEncryptor::InvalidMessage - puts "Couldn't decrypt #{encrypted.content_path}. Perhaps you passed the wrong key?" - end - - def edit - encrypted = Gitlab::Auth::Ldap::Config.encrypted_secrets - return unless validate_config(encrypted) - - if ENV["EDITOR"].blank? - puts 'No $EDITOR specified to open file. Please provide one when running the command:' - puts 'gitlab-rake gitlab:ldap:secret:edit EDITOR=vim' - return - end - - temp_file = Tempfile.new(File.basename(encrypted.content_path), File.dirname(encrypted.content_path)) - contents_changed = false - - encrypted.change do |contents| - contents = encrypted_file_template unless File.exist?(encrypted.content_path) - File.write(temp_file.path, contents) - system(ENV['EDITOR'], temp_file.path) - changes = File.read(temp_file.path) - contents_changed = contents != changes - validate_contents(changes) - changes - end - - puts "Contents were unchanged." unless contents_changed - puts "File encrypted and saved." - rescue Interrupt - puts "Aborted changing file: nothing saved." - rescue ActiveSupport::MessageEncryptor::InvalidMessage - puts "Couldn't decrypt #{encrypted.content_path}. Perhaps you passed the wrong key?" - ensure - temp_file&.unlink - end - - def show - encrypted = Gitlab::Auth::Ldap::Config.encrypted_secrets - return unless validate_config(encrypted) + class EncryptedLdapCommand < EncryptedCommandBase + DISPLAY_NAME = "LDAP" + EDIT_COMMAND_NAME = "gitlab:ldap:secret:edit" - puts encrypted.read.presence || "File '#{encrypted.content_path}' does not exist. Use `gitlab-rake gitlab:ldap:secret:edit` to change that." - rescue ActiveSupport::MessageEncryptor::InvalidMessage - puts "Couldn't decrypt #{encrypted.content_path}. Perhaps you passed the wrong key?" - end - - private - - def validate_config(encrypted) - dir_path = File.dirname(encrypted.content_path) - - unless File.exist?(dir_path) - puts "Directory #{dir_path} does not exist. Create the directory and try again." - return false - end - - if encrypted.key.nil? - puts "Missing encryption key encrypted_settings_key_base." - return false - end - - true - end - - def validate_contents(contents) - begin - config = YAML.safe_load(contents, permitted_classes: [Symbol]) - error_contents = "Did not include any key-value pairs" unless config.is_a?(Hash) - rescue Psych::Exception => e - error_contents = e.message - end - - puts "WARNING: Content was not a valid LDAP secret yml file. #{error_contents}" if error_contents - - contents + class << self + def encrypted_secrets + Gitlab::Auth::Ldap::Config.encrypted_secrets end def encrypted_file_template |