blob: b35c28b85cda1a915a650cd71fbc68deb43035ef (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
# frozen_string_literal: true
# rubocop:disable Rails/Output
module Gitlab
class EncryptedCommandBase
DISPLAY_NAME = "Base"
EDIT_COMMAND_NAME = "base"
class << self
def encrypted_secrets
raise NotImplementedError
end
def write(contents)
encrypted = encrypted_secrets
return unless validate_config(encrypted)
validate_contents(contents)
encrypted.write(contents)
puts "File encrypted and saved."
rescue Interrupt
warn "Aborted changing file: nothing saved."
rescue ActiveSupport::MessageEncryptor::InvalidMessage
warn "Couldn't decrypt #{encrypted.content_path}. Perhaps you passed the wrong key?"
end
def edit
encrypted = encrypted_secrets
return unless validate_config(encrypted)
if ENV["EDITOR"].blank?
warn 'No $EDITOR specified to open file. Please provide one when running the command:'
warn "gitlab-rake #{self::EDIT_COMMAND_NAME} EDITOR=vim"
return
end
temp_file = Tempfile.new(File.basename(encrypted.content_path), File.dirname(encrypted.content_path))
contents_changed = false
encrypted.change do |contents|
contents = encrypted_file_template unless File.exist?(encrypted.content_path)
File.write(temp_file.path, contents)
system(ENV['EDITOR'], temp_file.path)
changes = File.read(temp_file.path)
contents_changed = contents != changes
validate_contents(changes)
changes
end
puts "Contents were unchanged." unless contents_changed
puts "File encrypted and saved."
rescue Interrupt
warn "Aborted changing file: nothing saved."
rescue ActiveSupport::MessageEncryptor::InvalidMessage
warn "Couldn't decrypt #{encrypted.content_path}. Perhaps you passed the wrong key?"
ensure
temp_file&.unlink
end
def show
encrypted = encrypted_secrets
return unless validate_config(encrypted)
puts encrypted.read.presence || "File '#{encrypted.content_path}' does not exist. Use `gitlab-rake #{self::EDIT_COMMAND_NAME}` to change that."
rescue ActiveSupport::MessageEncryptor::InvalidMessage
warn "Couldn't decrypt #{encrypted.content_path}. Perhaps you passed the wrong key?"
end
def validate_config(encrypted)
dir_path = File.dirname(encrypted.content_path)
unless File.exist?(dir_path)
warn "Directory #{dir_path} does not exist. Create the directory and try again."
return false
end
if encrypted.key.nil?
warn "Missing encryption key encrypted_settings_key_base."
return false
end
true
end
def validate_contents(contents)
begin
config = YAML.safe_load(contents, permitted_classes: [Symbol])
error_contents = "Did not include any key-value pairs" unless config.is_a?(Hash)
rescue Psych::Exception => e
error_contents = e.message
end
puts "WARNING: Content was not a valid #{self::DISPLAY_NAME} secret yml file. #{error_contents}" if error_contents
contents
end
def encrypted_file_template
raise NotImplementedError
end
end
end
end
# rubocop:enable Rails/Output
|