Class: RKSeal::ContextGuard

Inherits:

Object

• Object
• RKSeal::ContextGuard

Defined in:

lib/rkseal/context_guard.rb

Overview

Gatekeeper for the one genuinely dangerous operation: deploying to a cluster. Applying a SealedSecret to the wrong context can clobber another environment, so a deploy must be explicitly confirmed by the operator.

rkseal always operates on the current kube context – there is no allow-list. The guard’s job is narrow: surface the active context and ask the operator to confirm before Kubectl#apply runs. Deploy is never the default for ‘edit`; this class enforces the “explicit + confirmed” requirement via an interactive yes/no prompt that defaults to No.

This class does NOT shell out itself – it delegates to the injected Kubectl for the context name and to a Thor shell for the prompt.

Instance Method Summary

• #confirm_deploy(secret_name:, namespace:) ⇒ Boolean

  Surface the active context and ask the operator to confirm the deploy.

• #current_context ⇒ String

  The current kube context, as reported by kubectl.

• #initialize(kubectl:, prompt: Thor::Shell::Basic.new) ⇒ ContextGuard constructor

  A new instance of ContextGuard.

Constructor Details

#initialize(kubectl:, prompt: Thor::Shell::Basic.new) ⇒ ContextGuard

Returns a new instance of ContextGuard.

Parameters:

• kubectl (RKSeal::Kubectl) —

  adapter used to read the active context.

• prompt (Thor::Shell::Basic) (defaults to: Thor::Shell::Basic.new) —

  shell used for the interactive confirmation; injected so specs can drive #yes? without real stdin.

# File 'lib/rkseal/context_guard.rb', line 22

def initialize(kubectl:, prompt: Thor::Shell::Basic.new)
  @kubectl = kubectl
  @prompt = prompt
end

Instance Method Details

#confirm_deploy(secret_name:, namespace:) ⇒ Boolean

Surface the active context and ask the operator to confirm the deploy. Called immediately before Kubectl#apply; the apply happens only when this returns true. The prompt defaults to No, so an empty answer (or a non-interactive run) declines.

rubocop:disable Naming/PredicateMethod – this is an action (“ask and apply-or-not”), not a query; its name is a frozen part of the public API that the command layer codes against, so it cannot take a ‘?` suffix.

Parameters:

• secret_name (String) —

  the SealedSecret’s name, for the prompt.

• namespace (String) —

  the target namespace, for the prompt.

Returns:

• (Boolean) —

  whether the operator approved the deploy.

Raises:

• (RKSeal::CommandError) —

  if kubectl cannot report a context.

# File 'lib/rkseal/context_guard.rb', line 48

def confirm_deploy(secret_name:, namespace:)
  context = current_context
  @prompt.yes?(
    "Deploy #{secret_name.inspect} (namespace #{namespace.inspect}) " \
    "to context #{context.inspect}? [y/N]"
  )
end

#current_context ⇒ String

The current kube context, as reported by kubectl.

Returns:

• (String)

Raises:

• (RKSeal::CommandError) —

  if kubectl cannot report a context.

# File 'lib/rkseal/context_guard.rb', line 31

def current_context
  @kubectl.current_context
end