diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-19 12:08:42 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-19 12:08:42 +0300 |
commit | b76ae638462ab0f673e5915986070518dd3f9ad3 (patch) | |
tree | bdab0533383b52873be0ec0eb4d3c66598ff8b91 /lib/gitlab/encrypted_command_base.rb | |
parent | 434373eabe7b4be9593d18a585fb763f1e5f1a6f (diff) |
Add latest changes from gitlab-org/gitlab@14-2-stable-eev14.2.0-rc42
Diffstat (limited to 'lib/gitlab/encrypted_command_base.rb')
-rw-r--r-- | lib/gitlab/encrypted_command_base.rb | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/lib/gitlab/encrypted_command_base.rb b/lib/gitlab/encrypted_command_base.rb new file mode 100644 index 00000000000..b35c28b85cd --- /dev/null +++ b/lib/gitlab/encrypted_command_base.rb @@ -0,0 +1,105 @@ +# frozen_string_literal: true + +# rubocop:disable Rails/Output +module Gitlab + class EncryptedCommandBase + DISPLAY_NAME = "Base" + EDIT_COMMAND_NAME = "base" + + class << self + def encrypted_secrets + raise NotImplementedError + end + + def write(contents) + encrypted = encrypted_secrets + return unless validate_config(encrypted) + + validate_contents(contents) + encrypted.write(contents) + + puts "File encrypted and saved." + rescue Interrupt + warn "Aborted changing file: nothing saved." + rescue ActiveSupport::MessageEncryptor::InvalidMessage + warn "Couldn't decrypt #{encrypted.content_path}. Perhaps you passed the wrong key?" + end + + def edit + encrypted = encrypted_secrets + return unless validate_config(encrypted) + + if ENV["EDITOR"].blank? + warn 'No $EDITOR specified to open file. Please provide one when running the command:' + warn "gitlab-rake #{self::EDIT_COMMAND_NAME} EDITOR=vim" + return + end + + temp_file = Tempfile.new(File.basename(encrypted.content_path), File.dirname(encrypted.content_path)) + contents_changed = false + + encrypted.change do |contents| + contents = encrypted_file_template unless File.exist?(encrypted.content_path) + File.write(temp_file.path, contents) + system(ENV['EDITOR'], temp_file.path) + changes = File.read(temp_file.path) + contents_changed = contents != changes + validate_contents(changes) + changes + end + + puts "Contents were unchanged." unless contents_changed + puts "File encrypted and saved." + rescue Interrupt + warn "Aborted changing file: nothing saved." + rescue ActiveSupport::MessageEncryptor::InvalidMessage + warn "Couldn't decrypt #{encrypted.content_path}. Perhaps you passed the wrong key?" + ensure + temp_file&.unlink + end + + def show + encrypted = encrypted_secrets + return unless validate_config(encrypted) + + puts encrypted.read.presence || "File '#{encrypted.content_path}' does not exist. Use `gitlab-rake #{self::EDIT_COMMAND_NAME}` to change that." + rescue ActiveSupport::MessageEncryptor::InvalidMessage + warn "Couldn't decrypt #{encrypted.content_path}. Perhaps you passed the wrong key?" + end + + def validate_config(encrypted) + dir_path = File.dirname(encrypted.content_path) + + unless File.exist?(dir_path) + warn "Directory #{dir_path} does not exist. Create the directory and try again." + return false + end + + if encrypted.key.nil? + warn "Missing encryption key encrypted_settings_key_base." + return false + end + + true + end + + def validate_contents(contents) + begin + config = YAML.safe_load(contents, permitted_classes: [Symbol]) + error_contents = "Did not include any key-value pairs" unless config.is_a?(Hash) + rescue Psych::Exception => e + error_contents = e.message + end + + puts "WARNING: Content was not a valid #{self::DISPLAY_NAME} secret yml file. #{error_contents}" if error_contents + + contents + end + + def encrypted_file_template + raise NotImplementedError + end + end + end +end +# rubocop:enable Rails/Output |