RubyGems - kamal - Versions diffs - 2.6.1 → 2.8.0 - Mend

kamal 2.6.1 → 2.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

checksums.yaml +4 -4
data/lib/kamal/cli/accessory.rb +15 -2
data/lib/kamal/cli/app/ssl_certificates.rb +28 -0
data/lib/kamal/cli/app.rb +1 -0
data/lib/kamal/cli/build.rb +33 -15
data/lib/kamal/cli/main.rb +7 -2
data/lib/kamal/cli/port_forwarding.rb +42 -0
data/lib/kamal/cli/registry.rb +16 -8
data/lib/kamal/cli/templates/deploy.yml +4 -3
data/lib/kamal/cli/templates/sample_hooks/pre-deploy.sample +13 -1
data/lib/kamal/cli/templates/secrets +1 -1
data/lib/kamal/commander.rb +1 -1
data/lib/kamal/commands/accessory.rb +8 -3
data/lib/kamal/commands/app/execution.rb +2 -2
data/lib/kamal/commands/app/proxy.rb +4 -0
data/lib/kamal/commands/app.rb +4 -2
data/lib/kamal/commands/base.rb +8 -0
data/lib/kamal/commands/builder/base.rb +11 -1
data/lib/kamal/commands/builder/local.rb +15 -2
data/lib/kamal/commands/builder/pack.rb +46 -0
data/lib/kamal/commands/builder/remote.rb +9 -1
data/lib/kamal/commands/builder.rb +14 -2
data/lib/kamal/commands/registry.rb +22 -0
data/lib/kamal/configuration/accessory.rb +2 -1
data/lib/kamal/configuration/builder.rb +12 -0
data/lib/kamal/configuration/docs/builder.yml +13 -0
data/lib/kamal/configuration/docs/proxy.yml +39 -0
data/lib/kamal/configuration/proxy/boot.rb +8 -0
data/lib/kamal/configuration/proxy.rb +52 -4
data/lib/kamal/configuration/registry.rb +8 -0
data/lib/kamal/configuration/role.rb +5 -3
data/lib/kamal/configuration/validator/accessory.rb +2 -0
data/lib/kamal/configuration/validator/builder.rb +2 -0
data/lib/kamal/configuration/validator/proxy.rb +10 -0
data/lib/kamal/configuration/validator/registry.rb +5 -3
data/lib/kamal/configuration/validator/role.rb +1 -0
data/lib/kamal/configuration/validator.rb +14 -0
data/lib/kamal/configuration.rb +12 -3
data/lib/kamal/secrets/adapters/bitwarden_secrets_manager.rb +10 -16
data/lib/kamal/secrets/adapters/one_password.rb +45 -11
data/lib/kamal/secrets/adapters/passbolt.rb +130 -0
data/lib/kamal/version.rb +1 -1
metadata +6 -2

data/lib/kamal/secrets/adapters/passbolt.rb ADDED Viewed

@@ -0,0 +1,130 @@
+class Kamal::Secrets::Adapters::Passbolt < Kamal::Secrets::Adapters::Base
+  def requires_account?
+    false
+  end
+  private
+    def login(*)
+      `passbolt verify`
+      raise RuntimeError, "Failed to login to Passbolt" unless $?.success?
+    end
+    def fetch_secrets(secrets, from:, **)
+      secrets = prefixed_secrets(secrets, from: from)
+      raise ArgumentError, "No secrets given to fetch" if secrets.empty?
+      secret_names = secrets.collect { |s| s.split("/").last }
+      folders = secrets_get_folders(secrets)
+      # build filter conditions for each secret with its corresponding folder
+      filter_conditions = []
+      secrets.each do |secret|
+        parts = secret.split("/")
+        secret_name = parts.last
+        if parts.size > 1
+          # get the folder path without the secret name
+          folder_path = parts[0..-2]
+          # find the most nested folder for this path
+          current_folder = nil
+          current_path = []
+          folder_path.each do |folder_name|
+            current_path << folder_name
+            matching_folders = folders.select { |f| get_folder_path(f, folders) == current_path.join("/") }
+            current_folder = matching_folders.first if matching_folders.any?
+          end
+          if current_folder
+            filter_conditions << "(Name == #{secret_name.shellescape.inspect} && FolderParentID == #{current_folder["id"].shellescape.inspect})"
+          end
+        else
+          # for root level secrets (no folders)
+          filter_conditions << "Name == #{secret_name.shellescape.inspect}"
+        end
+      end
+      filter_condition = filter_conditions.any? ? "--filter '#{filter_conditions.join(" || ")}'" : ""
+      items = `passbolt list resources #{filter_condition} #{folders.map { |item| "--folder #{item["id"]}" }.join(" ")} --json`
+      raise RuntimeError, "Could not read #{secrets} from Passbolt" unless $?.success?
+      items = JSON.parse(items)
+      found_names = items.map { |item| item["name"] }
+      missing_secrets = secret_names - found_names
+      raise RuntimeError, "Could not find the following secrets in Passbolt: #{missing_secrets.join(", ")}" if missing_secrets.any?
+      items.to_h { |item| [ item["name"], item["password"] ] }
+    end
+    def secrets_get_folders(secrets)
+      # extract all folder paths (both parent and nested)
+      folder_paths = secrets
+        .select { |s| s.include?("/") }
+        .map { |s| s.split("/")[0..-2] } # get all parts except the secret name
+        .uniq
+      return [] if folder_paths.empty?
+      all_folders = []
+      # first get all top-level folders
+      parent_folders = folder_paths.map(&:first).uniq
+      filter_condition = "--filter '#{parent_folders.map { |name| "Name == #{name.shellescape.inspect}" }.join(" || ")}'"
+      fetch_folders = `passbolt list folders #{filter_condition} --json`
+      raise RuntimeError, "Could not read folders from Passbolt" unless $?.success?
+      parent_folder_items = JSON.parse(fetch_folders)
+      all_folders.concat(parent_folder_items)
+      # get nested folders for each parent
+      folder_paths.each do |path|
+        next if path.size <= 1 # skip non-nested folders
+        parent = path[0]
+        parent_folder = parent_folder_items.find { |f| f["name"] == parent }
+        next unless parent_folder
+        # for each nested level, get the folders using the parent's ID
+        current_parent = parent_folder
+        path[1..-1].each do |folder_name|
+          filter_condition = "--filter 'Name == #{folder_name.shellescape.inspect} && FolderParentID == #{current_parent["id"].shellescape.inspect}'"
+          fetch_nested = `passbolt list folders #{filter_condition} --json`
+          next unless $?.success?
+          nested_folders = JSON.parse(fetch_nested)
+          break if nested_folders.empty?
+          all_folders.concat(nested_folders)
+          current_parent = nested_folders.first
+        end
+      end
+      # check if we found all required folders
+      found_paths = all_folders.map { |f| get_folder_path(f, all_folders) }
+      missing_paths = folder_paths.map { |path| path.join("/") } - found_paths
+      raise RuntimeError, "Could not find the following folders in Passbolt: #{missing_paths.join(", ")}" if missing_paths.any?
+      all_folders
+    end
+    def get_folder_path(folder, all_folders, path = [])
+      path.unshift(folder["name"])
+      return path.join("/") if folder["folder_parent_id"].to_s.empty?
+      parent = all_folders.find { |f| f["id"] == folder["folder_parent_id"] }
+      return path.join("/") unless parent
+      get_folder_path(parent, all_folders, path)
+    end
+    def check_dependencies!
+      raise RuntimeError, "Passbolt CLI is not installed" unless cli_installed?
+    end
+    def cli_installed?
+      `passbolt --version 2> /dev/null`
+      $?.success?
+    end
+end

data/lib/kamal/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Kamal
-  VERSION = "2.6.1"
+  VERSION = "2.8.0"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: kamal
 version: !ruby/object:Gem::Version
-  version: 2.6.1
+  version: 2.8.0
 platform: ruby
 authors:
 - David Heinemeier Hansson
@@ -220,6 +220,7 @@ files:
 - lib/kamal/cli/app/assets.rb
 - lib/kamal/cli/app/boot.rb
 - lib/kamal/cli/app/error_pages.rb
+- lib/kamal/cli/app/ssl_certificates.rb
 - lib/kamal/cli/base.rb
 - lib/kamal/cli/build.rb
 - lib/kamal/cli/build/clone.rb
@@ -228,6 +229,7 @@ files:
 - lib/kamal/cli/healthcheck/poller.rb
 - lib/kamal/cli/lock.rb
 - lib/kamal/cli/main.rb
+- lib/kamal/cli/port_forwarding.rb
 - lib/kamal/cli/proxy.rb
 - lib/kamal/cli/prune.rb
 - lib/kamal/cli/registry.rb
@@ -265,6 +267,7 @@ files:
 - lib/kamal/commands/builder/cloud.rb
 - lib/kamal/commands/builder/hybrid.rb
 - lib/kamal/commands/builder/local.rb
+- lib/kamal/commands/builder/pack.rb
 - lib/kamal/commands/builder/remote.rb
 - lib/kamal/commands/docker.rb
 - lib/kamal/commands/hook.rb
@@ -327,6 +330,7 @@ files:
 - lib/kamal/secrets/adapters/gcp_secret_manager.rb
 - lib/kamal/secrets/adapters/last_pass.rb
 - lib/kamal/secrets/adapters/one_password.rb
+- lib/kamal/secrets/adapters/passbolt.rb
 - lib/kamal/secrets/adapters/test.rb
 - lib/kamal/secrets/dotenv/inline_command_substitution.rb
 - lib/kamal/sshkit_with_ext.rb
@@ -352,7 +356,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.7
+rubygems_version: 3.6.9
 specification_version: 4
 summary: Deploy web apps in containers to servers running Docker with zero downtime.
 test_files: []