makit 0.0.157 → 0.0.158

data/lib/makit/secrets/azure_key_vault.rb

@@ -1,323 +1,323 @@
-
-
-module Makit
-    module Secrets
-      # Azure Key Vault operations
-      class AzureKeyVault
-        # Required environment variables
-        REQUIRED_VARS = [
-          "AZURE_STORAGE_ACCOUNT",
-          "AZURE_STORAGE_ACCOUNT_KEY",
-        ].freeze
-  
-        # Optional environment variables
-        OPTIONAL_VARS = [
-          "AZURE_CDN_RESOURCE_GROUP",
-          "AZURE_CDN_PROFILE_NAME",
-          "AZURE_CDN_ENDPOINT_NAME",
-          "GITLAB_NUGET_TOKEN",
-          "GITLAB_USERNAME",
-        ].freeze
-  
-        # All environment variablesazure_key_vault.r
-        ALL_VARS = (REQUIRED_VARS + OPTIONAL_VARS).freeze
-  
-        # Check if kvenv is available
-        def self.kvenv_available?
-          system("which kvenv > /dev/null 2>&1")
-        end
-  
-        # Check if Azure CLI is authenticated
-        def self.azure_cli_authenticated?
-          return false unless system("which az > /dev/null 2>&1")
-          system("az account show > /dev/null 2>&1")
-        end
-  
-        # Get Azure Key Vault name from environment or use default
-        def self.keyvault_name
-          ENV["AZURE_KEYVAULT_NAME"] || "louparslow-secrets"
-        end
-  
-        # Get secret name from environment or auto-generate from GIT_REMOTE_URL
-        def self.secret_name
-          return ENV["AZURE_SECRET_NAME"] if ENV["AZURE_SECRET_NAME"] && !ENV["AZURE_SECRET_NAME"].empty?
-          
-          # Auto-generate from GIT_REMOTE_URL
-          git_remote_url = get_git_remote_url
-          if git_remote_url && !git_remote_url.empty?
-            generate_secret_name_from_url(git_remote_url)
-          else
-            "portal-secrets"  # Fallback default
-          end
-        end
-        
-        # Get GIT_REMOTE_URL from various sources
-        def self.get_git_remote_url
-          # Try constant first
-          return GIT_REMOTE_URL if defined?(GIT_REMOTE_URL) && !GIT_REMOTE_URL.nil? && !GIT_REMOTE_URL.empty?
-          
-          # Try Git module
-          if defined?(Makit::Git) && Makit::Git.git_repo?
-            url = Makit::Git.get_remote_url
-            return url if url && !url.empty?
-          end
-          
-          # Try project configuration
-          if defined?(Makit::Configuration::Project)
-            project = Makit::Configuration::Project.default
-            url = project.git_remote_url
-            return url if url && !url.nil? && !url.empty?
-          end
-          
-          nil
-        end
-        
-        # Generate a valid Azure Key Vault secret name from a Git remote URL
-        # Azure Key Vault secret names must be 1-127 characters, alphanumeric and hyphens only,
-        # cannot start or end with hyphen, and cannot have consecutive hyphens
-        def self.generate_secret_name_from_url(url)
-          # Remove protocol (http://, https://, git@)
-          name = url.gsub(/^https?:\/\//, "").gsub(/^git@/, "")
-          
-          # Remove .git suffix if present
-          name = name.gsub(/\.git$/, "")
-          
-          # Replace invalid characters with hyphens
-          name = name.gsub(/[^a-zA-Z0-9\-]/, "-")
-          
-          # Remove consecutive hyphens
-          name = name.gsub(/-+/, "-")
-          
-          # Remove leading/trailing hyphens
-          name = name.gsub(/^-+|-+$/, "")
-          
-          # Ensure it starts with a letter or number (Azure requirement)
-          name = "secret-#{name}" if name.empty? || name.match(/^[^a-zA-Z0-9]/)
-          
-          # Truncate to 127 characters (Azure Key Vault limit)
-          name = name[0, 127]
-          
-          # Remove trailing hyphen if truncation created one
-          name = name.gsub(/-+$/, "")
-          
-          # Ensure it's not empty
-          name = "git-secrets" if name.empty?
-          
-          name
-        end
-  
-        # Get secret prefix from environment
-        def self.secret_prefix
-          ENV["AZURE_SECRET_PREFIX"]
-        end
-  
-        # Setup method: Attempt to initialize environment variables
-        def self.setup
-          puts "Setting up secrets...".colorize(:blue)
-  
-          # Check if required variables are already set
-          missing_required = REQUIRED_VARS.select { |var| ENV[var].nil? || ENV[var].empty? }
-  
-          if missing_required.empty?
-            puts "  All required environment variables are already set".colorize(:green)
-            return true
-          end
-  
-          puts "  Missing required variables: #{missing_required.join(", ")}".colorize(:yellow)
-          puts "  Attempting to load from Azure Key Vault...".colorize(:yellow)
-  
-          # Try to load from Azure Key Vault
-          if load(keyvault_name: nil, secret_name: nil)
-            # Verify again after loading
-            still_missing = REQUIRED_VARS.select { |var| ENV[var].nil? || ENV[var].empty? }
-            if still_missing.empty?
-              puts "  Successfully loaded all required secrets".colorize(:green)
-              return true
-            else
-              puts "  Warning: Still missing required variables: #{still_missing.join(", ")}".colorize(:yellow)
-              return false
-            end
-          else
-            puts "  Could not load secrets from Azure Key Vault".colorize(:yellow)
-            puts "  Please set environment variables manually or configure Azure Key Vault access".colorize(:yellow)
-            return false
-          end
-        end
-  
-        # Verify that expected environment variables are set
-        def self.verify(warn_only: true)
-          issues = []
-          warnings = []
-  
-          # Check required variables
-          REQUIRED_VARS.each do |var|
-            if ENV[var].nil? || ENV[var].empty?
-              issues << "Required variable '#{var}' is not set"
-            end
-          end
-  
-          # Check optional variables (only warn)
-          OPTIONAL_VARS.each do |var|
-            if ENV[var].nil? || ENV[var].empty?
-              warnings << "Optional variable '#{var}' is not set"
-            end
-          end
-  
-          # Report issues
-          if issues.any?
-            if warn_only
-              issues.each { |issue| puts "  ⚠️  #{issue}".colorize(:yellow) }
-            else
-              issues.each { |issue| puts "  ❌ #{issue}".colorize(:red) }
-            end
-          end
-  
-          if warnings.any?
-            warnings.each { |warning| puts "  ℹ️  #{warning}".colorize(:cyan) }
-          end
-  
-          if issues.empty? && warnings.empty?
-            puts "  ✅ All environment variables are set".colorize(:green)
-            return true
-          elsif issues.empty?
-            puts "  ✅ All required environment variables are set".colorize(:green)
-            return true
-          else
-            return false
-          end
-        end
-  
-        # Get status of all environment variables
-        def self.status
-          puts "Environment Variables Status:".colorize(:blue)
-          puts ""
-  
-          puts "Required Variables:".colorize(:cyan)
-          REQUIRED_VARS.each do |var|
-            status = ENV[var].nil? || ENV[var].empty? ? "❌ Not set" : "✅ Set"
-            color = ENV[var].nil? || ENV[var].empty? ? :red : :green
-            puts "  #{var}: #{status}".colorize(color)
-          end
-  
-          puts ""
-          puts "Optional Variables:".colorize(:cyan)
-          OPTIONAL_VARS.each do |var|
-            status = ENV[var].nil? || ENV[var].empty? ? "⚪ Not set" : "✅ Set"
-            color = ENV[var].nil? || ENV[var].empty? ? :yellow : :green
-            puts "  #{var}: #{status}".colorize(color)
-          end
-        end
-  
-        # Load secrets from Azure Key Vault using kvenv
-        # @param keyvault_name [String, nil] The Azure Key Vault name (defaults to ENV["AZURE_KEYVAULT_NAME"] or "louparslow-secrets")
-        # @param secret_name [String, nil] The secret name in Key Vault (defaults to ENV["AZURE_SECRET_NAME"] or "portal-secrets")
-        # @return [Boolean] true if secrets were loaded successfully, false otherwise
-        def self.load(keyvault_name: nil, secret_name: nil)
-          # Use provided parameters or fall back to defaults
-          kv_name = keyvault_name || self.keyvault_name
-          sec_name = secret_name || self.secret_name
-  
-          unless kvenv_available?
-            puts "  Warning: kvenv not installed, secrets will not be loaded".colorize(:yellow)
-            return false
-          end
-  
-          # Check if Azure CLI is authenticated (kvenv can use this)
-          unless azure_cli_authenticated?
-            puts "  Warning: Azure CLI not authenticated, run 'az login' first".colorize(:yellow)
-            return false
-          end
-  
-          cache_file = "/tmp/kvenv-#{sec_name}.json"
-  
-          # Build kvenv command
-          cmd_parts = [
-            "kvenv cache",
-            "--azure",
-            "--azure-keyvault-name #{kv_name}",
-          ]
-  
-          if secret_prefix
-            cmd_parts << "--secret-prefix #{secret_prefix}"
-          else
-            cmd_parts << "--secret-name #{sec_name}"
-          end
-  
-          cmd_parts << "--output #{cache_file}"
-  
-          # Run kvenv to cache secrets
-          puts "  Loading secrets from Key Vault: #{kv_name}, Secret: #{sec_name}".colorize(:cyan)
-          success = system(cmd_parts.join(" "))
-          return false unless success
-          return false unless File.exist?(cache_file)
-  
-          # Load secrets from cache file
-          begin
-            require "json"
-            secrets = JSON.parse(File.read(cache_file))
-  
-            # Set environment variables (don't override existing ones)
-            loaded_count = 0
-            secrets.each do |key, value|
-              unless ENV[key]
-                ENV[key] = value
-                loaded_count += 1
-              end
-            end
-  
-            puts "  Loaded #{loaded_count} secrets from Azure Key Vault (#{secrets.keys.count} total in secret)".colorize(:green)
-            true
-          rescue => e
-            puts "  Warning: Could not parse secrets from cache: #{e.message}".colorize(:yellow)
-            false
-          end
-        end
-  
-        # Set a secret in Azure Key Vault
-        # @param secret_name [String] The name of the secret to set
-        # @param secret_value [String] The value of the secret
-        # @param keyvault_name [String, nil] The Azure Key Vault name (defaults to ENV["AZURE_KEYVAULT_NAME"] or "louparslow-secrets")
-        # @return [Boolean] true if secret was set successfully, false otherwise
-        def self.set(secret_name, secret_value, keyvault_name: nil)
-          # Use provided parameter or fall back to default
-          kv_name = keyvault_name || self.keyvault_name
-  
-          if secret_name.nil? || secret_name.empty?
-            raise "Secret name is required"
-          end
-  
-          if secret_value.nil? || secret_value.empty?
-            raise "Secret value is required"
-          end
-  
-          unless azure_cli_authenticated?
-            raise "Azure CLI is not authenticated. Run 'az login' first"
-          end
-  
-          puts "  Setting secret '#{secret_name}' in Key Vault: #{kv_name}".colorize(:cyan)
-  
-          # Build Azure CLI command
-          cmd = [
-            "az keyvault secret set",
-            "--vault-name '#{kv_name}'",
-            "--name '#{secret_name}'",
-            "--value '#{secret_value}'",
-            "2>&1",
-          ].join(" ")
-  
-          output = `#{cmd}`
-          exit_code = $?.exitstatus
-  
-          if exit_code != 0
-            puts "  Error: Failed to set secret".colorize(:red)
-            puts "  #{output}".colorize(:red)
-            return false
-          end
-  
-          puts "  Successfully set secret '#{secret_name}' in Key Vault".colorize(:green)
-          true
-        end
-      end
-    end
-  end
+
+
+module Makit
+    module Secrets
+      # Azure Key Vault operations
+      class AzureKeyVault
+        # Required environment variables
+        REQUIRED_VARS = [
+          "AZURE_STORAGE_ACCOUNT",
+          "AZURE_STORAGE_ACCOUNT_KEY",
+        ].freeze
+  
+        # Optional environment variables
+        OPTIONAL_VARS = [
+          "AZURE_CDN_RESOURCE_GROUP",
+          "AZURE_CDN_PROFILE_NAME",
+          "AZURE_CDN_ENDPOINT_NAME",
+          "GITLAB_NUGET_TOKEN",
+          "GITLAB_USERNAME",
+        ].freeze
+  
+        # All environment variablesazure_key_vault.r
+        ALL_VARS = (REQUIRED_VARS + OPTIONAL_VARS).freeze
+  
+        # Check if kvenv is available
+        def self.kvenv_available?
+          system("which kvenv > /dev/null 2>&1")
+        end
+  
+        # Check if Azure CLI is authenticated
+        def self.azure_cli_authenticated?
+          return false unless system("which az > /dev/null 2>&1")
+          system("az account show > /dev/null 2>&1")
+        end
+  
+        # Get Azure Key Vault name from environment or use default
+        def self.keyvault_name
+          ENV["AZURE_KEYVAULT_NAME"] || "louparslow-secrets"
+        end
+  
+        # Get secret name from environment or auto-generate from GIT_REMOTE_URL
+        def self.secret_name
+          return ENV["AZURE_SECRET_NAME"] if ENV["AZURE_SECRET_NAME"] && !ENV["AZURE_SECRET_NAME"].empty?
+          
+          # Auto-generate from GIT_REMOTE_URL
+          git_remote_url = get_git_remote_url
+          if git_remote_url && !git_remote_url.empty?
+            generate_secret_name_from_url(git_remote_url)
+          else
+            "portal-secrets"  # Fallback default
+          end
+        end
+        
+        # Get GIT_REMOTE_URL from various sources
+        def self.get_git_remote_url
+          # Try constant first
+          return GIT_REMOTE_URL if defined?(GIT_REMOTE_URL) && !GIT_REMOTE_URL.nil? && !GIT_REMOTE_URL.empty?
+          
+          # Try Git module
+          if defined?(Makit::Git) && Makit::Git.git_repo?
+            url = Makit::Git.get_remote_url
+            return url if url && !url.empty?
+          end
+          
+          # Try project configuration
+          if defined?(Makit::Configuration::Project)
+            project = Makit::Configuration::Project.default
+            url = project.git_remote_url
+            return url if url && !url.nil? && !url.empty?
+          end
+          
+          nil
+        end
+        
+        # Generate a valid Azure Key Vault secret name from a Git remote URL
+        # Azure Key Vault secret names must be 1-127 characters, alphanumeric and hyphens only,
+        # cannot start or end with hyphen, and cannot have consecutive hyphens
+        def self.generate_secret_name_from_url(url)
+          # Remove protocol (http://, https://, git@)
+          name = url.gsub(/^https?:\/\//, "").gsub(/^git@/, "")
+          
+          # Remove .git suffix if present
+          name = name.gsub(/\.git$/, "")
+          
+          # Replace invalid characters with hyphens
+          name = name.gsub(/[^a-zA-Z0-9\-]/, "-")
+          
+          # Remove consecutive hyphens
+          name = name.gsub(/-+/, "-")
+          
+          # Remove leading/trailing hyphens
+          name = name.gsub(/^-+|-+$/, "")
+          
+          # Ensure it starts with a letter or number (Azure requirement)
+          name = "secret-#{name}" if name.empty? || name.match(/^[^a-zA-Z0-9]/)
+          
+          # Truncate to 127 characters (Azure Key Vault limit)
+          name = name[0, 127]
+          
+          # Remove trailing hyphen if truncation created one
+          name = name.gsub(/-+$/, "")
+          
+          # Ensure it's not empty
+          name = "git-secrets" if name.empty?
+          
+          name
+        end
+  
+        # Get secret prefix from environment
+        def self.secret_prefix
+          ENV["AZURE_SECRET_PREFIX"]
+        end
+  
+        # Setup method: Attempt to initialize environment variables
+        def self.setup
+          puts "Setting up secrets...".colorize(:blue)
+  
+          # Check if required variables are already set
+          missing_required = REQUIRED_VARS.select { |var| ENV[var].nil? || ENV[var].empty? }
+  
+          if missing_required.empty?
+            puts "  All required environment variables are already set".colorize(:green)
+            return true
+          end
+  
+          puts "  Missing required variables: #{missing_required.join(", ")}".colorize(:yellow)
+          puts "  Attempting to load from Azure Key Vault...".colorize(:yellow)
+  
+          # Try to load from Azure Key Vault
+          if load(keyvault_name: nil, secret_name: nil)
+            # Verify again after loading
+            still_missing = REQUIRED_VARS.select { |var| ENV[var].nil? || ENV[var].empty? }
+            if still_missing.empty?
+              puts "  Successfully loaded all required secrets".colorize(:green)
+              return true
+            else
+              puts "  Warning: Still missing required variables: #{still_missing.join(", ")}".colorize(:yellow)
+              return false
+            end
+          else
+            puts "  Could not load secrets from Azure Key Vault".colorize(:yellow)
+            puts "  Please set environment variables manually or configure Azure Key Vault access".colorize(:yellow)
+            return false
+          end
+        end
+  
+        # Verify that expected environment variables are set
+        def self.verify(warn_only: true)
+          issues = []
+          warnings = []
+  
+          # Check required variables
+          REQUIRED_VARS.each do |var|
+            if ENV[var].nil? || ENV[var].empty?
+              issues << "Required variable '#{var}' is not set"
+            end
+          end
+  
+          # Check optional variables (only warn)
+          OPTIONAL_VARS.each do |var|
+            if ENV[var].nil? || ENV[var].empty?
+              warnings << "Optional variable '#{var}' is not set"
+            end
+          end
+  
+          # Report issues
+          if issues.any?
+            if warn_only
+              issues.each { |issue| puts "  ⚠️  #{issue}".colorize(:yellow) }
+            else
+              issues.each { |issue| puts "  ❌ #{issue}".colorize(:red) }
+            end
+          end
+  
+          if warnings.any?
+            warnings.each { |warning| puts "  ℹ️  #{warning}".colorize(:cyan) }
+          end
+  
+          if issues.empty? && warnings.empty?
+            puts "  ✅ All environment variables are set".colorize(:green)
+            return true
+          elsif issues.empty?
+            puts "  ✅ All required environment variables are set".colorize(:green)
+            return true
+          else
+            return false
+          end
+        end
+  
+        # Get status of all environment variables
+        def self.status
+          puts "Environment Variables Status:".colorize(:blue)
+          puts ""
+  
+          puts "Required Variables:".colorize(:cyan)
+          REQUIRED_VARS.each do |var|
+            status = ENV[var].nil? || ENV[var].empty? ? "❌ Not set" : "✅ Set"
+            color = ENV[var].nil? || ENV[var].empty? ? :red : :green
+            puts "  #{var}: #{status}".colorize(color)
+          end
+  
+          puts ""
+          puts "Optional Variables:".colorize(:cyan)
+          OPTIONAL_VARS.each do |var|
+            status = ENV[var].nil? || ENV[var].empty? ? "⚪ Not set" : "✅ Set"
+            color = ENV[var].nil? || ENV[var].empty? ? :yellow : :green
+            puts "  #{var}: #{status}".colorize(color)
+          end
+        end
+  
+        # Load secrets from Azure Key Vault using kvenv
+        # @param keyvault_name [String, nil] The Azure Key Vault name (defaults to ENV["AZURE_KEYVAULT_NAME"] or "louparslow-secrets")
+        # @param secret_name [String, nil] The secret name in Key Vault (defaults to ENV["AZURE_SECRET_NAME"] or "portal-secrets")
+        # @return [Boolean] true if secrets were loaded successfully, false otherwise
+        def self.load(keyvault_name: nil, secret_name: nil)
+          # Use provided parameters or fall back to defaults
+          kv_name = keyvault_name || self.keyvault_name
+          sec_name = secret_name || self.secret_name
+  
+          unless kvenv_available?
+            puts "  Warning: kvenv not installed, secrets will not be loaded".colorize(:yellow)
+            return false
+          end
+  
+          # Check if Azure CLI is authenticated (kvenv can use this)
+          unless azure_cli_authenticated?
+            puts "  Warning: Azure CLI not authenticated, run 'az login' first".colorize(:yellow)
+            return false
+          end
+  
+          cache_file = "/tmp/kvenv-#{sec_name}.json"
+  
+          # Build kvenv command
+          cmd_parts = [
+            "kvenv cache",
+            "--azure",
+            "--azure-keyvault-name #{kv_name}",
+          ]
+  
+          if secret_prefix
+            cmd_parts << "--secret-prefix #{secret_prefix}"
+          else
+            cmd_parts << "--secret-name #{sec_name}"
+          end
+  
+          cmd_parts << "--output #{cache_file}"
+  
+          # Run kvenv to cache secrets
+          puts "  Loading secrets from Key Vault: #{kv_name}, Secret: #{sec_name}".colorize(:cyan)
+          success = system(cmd_parts.join(" "))
+          return false unless success
+          return false unless File.exist?(cache_file)
+  
+          # Load secrets from cache file
+          begin
+            require "json"
+            secrets = JSON.parse(File.read(cache_file))
+  
+            # Set environment variables (don't override existing ones)
+            loaded_count = 0
+            secrets.each do |key, value|
+              unless ENV[key]
+                ENV[key] = value
+                loaded_count += 1
+              end
+            end
+  
+            puts "  Loaded #{loaded_count} secrets from Azure Key Vault (#{secrets.keys.count} total in secret)".colorize(:green)
+            true
+          rescue => e
+            puts "  Warning: Could not parse secrets from cache: #{e.message}".colorize(:yellow)
+            false
+          end
+        end
+  
+        # Set a secret in Azure Key Vault
+        # @param secret_name [String] The name of the secret to set
+        # @param secret_value [String] The value of the secret
+        # @param keyvault_name [String, nil] The Azure Key Vault name (defaults to ENV["AZURE_KEYVAULT_NAME"] or "louparslow-secrets")
+        # @return [Boolean] true if secret was set successfully, false otherwise
+        def self.set(secret_name, secret_value, keyvault_name: nil)
+          # Use provided parameter or fall back to default
+          kv_name = keyvault_name || self.keyvault_name
+  
+          if secret_name.nil? || secret_name.empty?
+            raise "Secret name is required"
+          end
+  
+          if secret_value.nil? || secret_value.empty?
+            raise "Secret value is required"
+          end
+  
+          unless azure_cli_authenticated?
+            raise "Azure CLI is not authenticated. Run 'az login' first"
+          end
+  
+          puts "  Setting secret '#{secret_name}' in Key Vault: #{kv_name}".colorize(:cyan)
+  
+          # Build Azure CLI command
+          cmd = [
+            "az keyvault secret set",
+            "--vault-name '#{kv_name}'",
+            "--name '#{secret_name}'",
+            "--value '#{secret_value}'",
+            "2>&1",
+          ].join(" ")
+  
+          output = `#{cmd}`
+          exit_code = $?.exitstatus
+  
+          if exit_code != 0
+            puts "  Error: Failed to set secret".colorize(:red)
+            puts "  #{output}".colorize(:red)
+            return false
+          end
+  
+          puts "  Successfully set secret '#{secret_name}' in Key Vault".colorize(:green)
+          true
+        end
+      end
+    end
+  end