Class: RKSeal::Commands::Validate

Inherits:

Object

• Object
• RKSeal::Commands::Validate

Defined in:

lib/rkseal/commands/validate.rb

Overview

Orchestrates the ‘rkseal validate <namespace> <secret-name>` flow (and its `–file <path>` variant).

Asks the controller whether a SealedSecret is well-formed and decryptable for its target, via ‘kubeseal –validate`. It does not decrypt or expose anything; it is a pre-flight check you can run before committing or applying. No editor, no workspace, no cluster Secret read, no file write.

Input is either the local ‘<name>.yaml` in the output directory, or an explicit file path (`file:`), which takes precedence and lets you validate any SealedSecret manifest regardless of name.

Examples:

validate the local <name>.yaml

RKSeal::Commands::Validate.new(namespace: "app", name: "db").call

validate an arbitrary file

RKSeal::Commands::Validate.new(file: "out/db.yaml").call

Instance Attribute Summary

• #file ⇒ String^? readonly

  Explicit file path to validate, if given.

• #name ⇒ String^? readonly
• #namespace ⇒ String^? readonly

Instance Method Summary

• #call ⇒ String

  Run the validation.

• #initialize(namespace: nil, name: nil, file: nil, kubeseal: Kubeseal.new, output_dir: Dir.pwd) ⇒ Validate constructor

  A new instance of Validate.

Constructor Details

#initialize(namespace: nil, name: nil, file: nil, kubeseal: Kubeseal.new, output_dir: Dir.pwd) ⇒ Validate

Returns a new instance of Validate.

Parameters:

• namespace (String, nil) (defaults to: nil) —

  target namespace (positional CLI arg); may be nil when ‘file:` is used.

• name (String, nil) (defaults to: nil) —

  Secret name (positional CLI arg); the ‘<name>.yaml` stem. May be nil when `file:` is used.

• file (String, nil) (defaults to: nil) —

  explicit SealedSecret file path; overrides the ‘<name>.yaml` lookup when present.

• kubeseal (RKSeal::Kubeseal) (defaults to: Kubeseal.new) —

  sealing adapter (validate).

• output_dir (String) (defaults to: Dir.pwd) —

  directory the ‘<name>.yaml` is read from (CWD).

# File 'lib/rkseal/commands/validate.rb', line 37

def initialize(namespace: nil, name: nil, file: nil,
               kubeseal: Kubeseal.new, output_dir: Dir.pwd)
  @namespace = namespace
  @name = name
  @file = file
  @kubeseal = kubeseal
  @output_dir = output_dir
end

Instance Attribute Details

#file ⇒ String^? (readonly)

Returns explicit file path to validate, if given.

Returns:

• (String, nil) —

  explicit file path to validate, if given.

# File 'lib/rkseal/commands/validate.rb', line 27

def file
  @file
end

#name ⇒ String^? (readonly)

Returns:

• (String, nil)

# File 'lib/rkseal/commands/validate.rb', line 25

def name
  @name
end

#namespace ⇒ String^? (readonly)

Returns:

• (String, nil)

# File 'lib/rkseal/commands/validate.rb', line 23

def namespace
  @namespace
end

Instance Method Details

#call ⇒ String

Run the validation.

Returns:

• (String) —

  the validated path (so the CLI can name it in the “valid” message).

Raises:

• (RKSeal::InvalidInputError) —

  the target file does not exist.

• (RKSeal::ValidationError) —

  the controller rejected the SealedSecret (the message carries the reason; the CLI prints it and exits non-zero).

• (RKSeal::CommandError) —

  the validate operation itself failed.

# File 'lib/rkseal/commands/validate.rb', line 54

def call
  @kubeseal.ensure_available!
  path = target_path
  @kubeseal.validate(read_sealed(path))
  path
end