seira 0.6.1 → 0.6.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/seira/secrets.rb +32 -7
- data/lib/seira/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b267c856966fa9d1bc45dbc7bc438409b3d1063f3153a0e73ace8df2e957b9b9
|
|
4
|
+
data.tar.gz: fb3b80730b70076fbd01c42418bd2d20f7890e6bd76d43c64cc75d99c8941440
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1525fe34f26af87c6a39711922c16aa818e1824a1f20e8c10ac202af8432a55008c1f1130a19af64c6c71615bfbd651c9d9287ee75a6f6336a146420d80968ec
|
|
7
|
+
data.tar.gz: ffa5b5331fd8381478b22ecac09f10794f17e3fae9d26442510290f7d5e47ddf5159b538f17835798772ea7a26cb39e4a2cefb2de210ca46c7d333885857dff2
|
data/lib/seira/secrets.rb
CHANGED
|
@@ -10,7 +10,7 @@ module Seira
|
|
|
10
10
|
class Secrets
|
|
11
11
|
include Seira::Commands
|
|
12
12
|
|
|
13
|
-
VALID_ACTIONS = %w[help get set unset list list-decoded].freeze
|
|
13
|
+
VALID_ACTIONS = %w[help get set unset list list-decoded create-secret-container].freeze
|
|
14
14
|
PGBOUNCER_SECRETS_NAME = 'pgbouncer-secrets'.freeze
|
|
15
15
|
SUMMARY = "Manage your application's secrets and environment variables.".freeze
|
|
16
16
|
|
|
@@ -40,6 +40,8 @@ module Seira
|
|
|
40
40
|
run_list
|
|
41
41
|
when 'list-decoded'
|
|
42
42
|
run_list_decoded
|
|
43
|
+
when 'create-secret-container'
|
|
44
|
+
run_create_secret_container
|
|
43
45
|
else
|
|
44
46
|
fail "Unknown command encountered"
|
|
45
47
|
end
|
|
@@ -76,14 +78,17 @@ module Seira
|
|
|
76
78
|
def run_help
|
|
77
79
|
puts SUMMARY
|
|
78
80
|
puts "\n\n"
|
|
79
|
-
puts "Possible actions
|
|
81
|
+
puts "Possible actions to operate on secret contaiers. Default"
|
|
82
|
+
puts "container will be used unless --container=<name> specified:\n\n"
|
|
80
83
|
puts "get: fetch the value of a secret: `secrets get PASSWORD`"
|
|
81
84
|
puts "set: set one or more secret values: `secrets set USERNAME=admin PASSWORD=asdf`"
|
|
82
85
|
puts " to specify a value with spaces: `secrets set LIPSUM=\"Lorem ipsum\"`"
|
|
83
86
|
puts " to specify a value with newlines: `secrets set RSA_KEY=\"$(cat key.pem)\"`"
|
|
84
87
|
puts "unset: remove a secret: `secrets unset PASSWORD`"
|
|
85
88
|
puts "list: list all secret keys and values"
|
|
86
|
-
puts "list: list all secret keys and values, and decode from base64"
|
|
89
|
+
puts "list-decoded: list all secret keys and values, and decode from base64"
|
|
90
|
+
puts "\n\n"
|
|
91
|
+
puts "create-secret-container: takes one argument, the name, and creates a new container of secrets (Secret object) with that name"
|
|
87
92
|
end
|
|
88
93
|
|
|
89
94
|
def validate_single_key
|
|
@@ -137,9 +142,17 @@ module Seira
|
|
|
137
142
|
end
|
|
138
143
|
end
|
|
139
144
|
|
|
145
|
+
def run_create_secret_container
|
|
146
|
+
secret_name = key
|
|
147
|
+
puts "Creating Kubernetes Secret with name '#{secret_name}'..."
|
|
148
|
+
kubectl("create secret generic #{secret_name}", context: context)
|
|
149
|
+
puts "Secret Object '#{secret_name}' created. You can now set, unset, list secrets in this container Secret object."
|
|
150
|
+
end
|
|
151
|
+
|
|
140
152
|
# In the normal case the secret we are updating is just main_secret_name,
|
|
141
|
-
# but in special cases we may be doing an operation on a different secret
|
|
142
|
-
|
|
153
|
+
# but in special cases we may be doing an operation on a different secret such
|
|
154
|
+
# as use passing --container arg
|
|
155
|
+
def write_secrets(secrets:, secret_name: secret_container_from_args)
|
|
143
156
|
Dir.mktmpdir do |dir|
|
|
144
157
|
file_name = "#{dir}/temp-secrets-#{Seira::Cluster.current_cluster}-#{secret_name}.json"
|
|
145
158
|
File.open(file_name, "w") do |f|
|
|
@@ -160,8 +173,9 @@ module Seira
|
|
|
160
173
|
|
|
161
174
|
# Returns the still-base64encoded secrets hashmap
|
|
162
175
|
def fetch_current_secrets
|
|
163
|
-
json_string = kubectl("get secret #{
|
|
176
|
+
json_string = kubectl("get secret #{secret_container_from_args} -o json", context: context, return_output: true)
|
|
164
177
|
json = JSON.parse(json_string)
|
|
178
|
+
json['data'] ||= {} # For secret that has no key/values yet, this ensures a consistent experience
|
|
165
179
|
fail "Unexpected Kind" unless json['kind'] == 'Secret'
|
|
166
180
|
json
|
|
167
181
|
end
|
|
@@ -170,8 +184,19 @@ module Seira
|
|
|
170
184
|
args[0]
|
|
171
185
|
end
|
|
172
186
|
|
|
187
|
+
def secret_container_from_args
|
|
188
|
+
relevant_arg = args.find { |arg| arg.start_with? '--container=' }
|
|
189
|
+
|
|
190
|
+
if relevant_arg
|
|
191
|
+
relevant_arg.split("=")[1]
|
|
192
|
+
else
|
|
193
|
+
main_secret_name
|
|
194
|
+
end
|
|
195
|
+
end
|
|
196
|
+
|
|
197
|
+
# Filter out parameters which start with --
|
|
173
198
|
def key_value_map
|
|
174
|
-
args.map do |arg|
|
|
199
|
+
args.reject { |arg| arg.start_with?("--") }.map do |arg|
|
|
175
200
|
equals_index = arg.index('=')
|
|
176
201
|
[arg[0..equals_index - 1], arg[equals_index + 1..-1]]
|
|
177
202
|
end.to_h
|
data/lib/seira/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: seira
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.6.
|
|
4
|
+
version: 0.6.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Scott Ringwelski
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-08-
|
|
11
|
+
date: 2019-08-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: highline
|