Class: Browserctl::State::Transports::OnePassword

Inherits:

Browserctl::State::Transport::Base

• Object
• Browserctl::State::Transport::Base
• Browserctl::State::Transports::OnePassword

Defined in:

lib/browserctl/state/transports/one_password.rb

Overview

1Password transport — stores bundles as Documents. URIs look like ‘op://Vault/ItemName`.

The op CLI has no streaming primitive for documents, so we stage the blob to a tmpfile (chmod 0600) and use ‘op document create` / `op document get`.

Constant Summary

SAFE_REF =

%r{\Aop://[^/]+/[^/]+\z}

Class Method Summary

• .scheme ⇒ Object

Instance Method Summary

• #available? ⇒ Boolean
• #parse_ref(uri) ⇒ Object
• #read(parsed) ⇒ Object
• #validate!(uri) ⇒ Object
• #write(parsed, blob) ⇒ Object

Methods inherited from Browserctl::State::Transport::Base

#handles?

Class Method Details

.scheme ⇒ Object

# File 'lib/browserctl/state/transports/one_password.rb', line 19

def self.scheme = "op"

Instance Method Details

#available? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/browserctl/state/transports/one_password.rb', line 21

def available?
  system("which", "op", out: ::File::NULL, err: ::File::NULL)
end

#parse_ref(uri) ⇒ Object

# File 'lib/browserctl/state/transports/one_password.rb', line 57

def parse_ref(uri)
  # op://Vault/Item — exactly two segments after the scheme
  rest = uri.delete_prefix("op://")
  rest.split("/", 2)
end

#read(parsed) ⇒ Object

Raises:

• (Transport::TransportError)

# File 'lib/browserctl/state/transports/one_password.rb', line 25

def read(parsed)
  uri = parsed.to_s
  validate!(uri)
  out, err, status = Open3.capture3("op", "read", uri, binmode: true)
  return out if status.success?

  raise Transport::TransportError, "op read failed: #{err.strip.empty? ? out : err}"
end

#validate!(uri) ⇒ Object

Raises:

• (Transport::TransportError)

# File 'lib/browserctl/state/transports/one_password.rb', line 51

def validate!(uri)
  return if SAFE_REF.match?(uri)

  raise Transport::TransportError, "invalid 1Password reference: #{uri.inspect} (expected op://Vault/Item)"
end

#write(parsed, blob) ⇒ Object

# File 'lib/browserctl/state/transports/one_password.rb', line 34

def write(parsed, blob)
  uri = parsed.to_s
  validate!(uri)
  vault, title = parse_ref(uri)

  Dir.mktmpdir do |tmp|
    path = ::File.join(tmp, "#{title}.bctl")
    ::File.open(path, "wb", 0o600) { |f| f.write(blob) }

    args = ["op", "document", "create", path, "--title", title, "--vault", vault]
    out, err, status = Open3.capture3(*args)
    unless status.success?
      raise Transport::TransportError, "op document create failed: #{err.strip.empty? ? out : err}"
    end
  end
end