Class: Kdep::Commands::EnvCheck

Inherits:
Object
  • Object
show all
Defined in:
lib/kdep/commands/env_check.rb

Overview

Validates the live ConfigMap+Secret in the cluster against the contract declared in ‘env.spec` at the repo root.

Reports three buckets:

- missing : keys declared (and required) in env.spec but absent in
            cluster ConfigMap/Secret
- extra   : keys present in cluster but not declared in env.spec
- invalid : declared keys whose value fails type validation

Independent of Infisical: just compares declared shape vs live K8s state.

Instance Method Summary collapse

Constructor Details

#initialize(global_options:, command_options:, args:) ⇒ EnvCheck

Returns a new instance of EnvCheck.



17
18
19
20
21
22
 
# File 'lib/kdep/commands/env_check.rb', line 17

def initialize(global_options:, command_options:, args:)
  @global_options = global_options
  @command_options = command_options
  @args = args
  @ui = Kdep::UI.new
end

Instance Method Details

#executeObject 



24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 
# File 'lib/kdep/commands/env_check.rb', line 24

def execute
  deploy_name = @args[0]
  env_arg = @args[1] || @command_options[:env]

  discovery = Kdep::Discovery.new
  kdep_dir = discovery.find_kdep_dir
  unless kdep_dir
    @ui.error("No kdep/ directory found")
    exit 1
  end

  deploy_dir = resolve_deploy_dir(kdep_dir, deploy_name, discovery)
  exit 1 unless deploy_dir

  repo_root = File.expand_path("..", kdep_dir)
  spec_path = File.join(repo_root, "env.spec")
  unless File.exist?(spec_path)
    @ui.error("env.spec not found at #{spec_path}")
    exit 1
  end

  spec = EnvSpec.parse_file(spec_path)
  config = Kdep::Config.new(deploy_dir, env_arg).load
  namespace = config["namespace"]
  unless namespace
    @ui.error("namespace missing in app.yml -- cannot query cluster")
    exit 1
  end

  configmap_name = config["configmap_name"] || "config-#{config["name"]}"
  secret_name    = config["secret_name"]    || "#{File.basename(deploy_dir)}-secrets"

  live_cm  = fetch_data("configmap", configmap_name, namespace)
  live_sec = fetch_data("secret",    secret_name,    namespace, decode: true)

  merged = live_cm.merge(live_sec)
  problems = spec.validate(merged, env: env_arg || "*", strict: true)

  scope_label = env_arg || "shared"
  if problems.empty?
    @ui.success("env satisfies env.spec (#{scope_label}, namespace=#{namespace})")
    exit 0
  end

  @ui.error("env.spec mismatches in #{namespace} (scope=#{scope_label}):")
  problems.each { |p| @ui.error("  - #{p}") }
  exit 1
end