Class: RKSeal::Kubeseal::CertCache

Inherits:

Object

• Object
• RKSeal::Kubeseal::CertCache

Defined in:

lib/rkseal/kubeseal.rb

Overview

On-disk cache for the controller’s PUBLIC certificate, so repeated seals do not each hit the cluster for ‘–fetch-cert`. The cert is public, hence the world-readable 0644 perms. One entry per controller identity, under the XDG cache dir:

${XDG_CACHE_HOME:-$HOME/.cache}/rkseal/<namespace>/<name>.pem

The namespace is a path segment rather than a ‘<namespace>-<name>` prefix so two distinct identities can never collide on one file (e.g. `a-b`/`c` vs `a`/`b-c`); a DNS-1123 name contains no `/`, so the layout is unambiguous. Writes go through a temp file + atomic rename so a concurrent seal never reads a half-written cert.

Defined inline (not a separate file) so this adapter stays self-contained and adds no new top-level require.

Constant Summary

DIR_PERMS =

0o755

FILE_PERMS =

0o644

Instance Method Summary

• #exist? ⇒ Boolean

  Whether a cached PEM already exists.

• #initialize(controller_namespace:, controller_name:) ⇒ CertCache constructor

  A new instance of CertCache.

• #path ⇒ String

  Absolute path to this controller’s cached PEM.

• #read ⇒ String

  The cached PEM contents.

• #write(pem) ⇒ String

  Persist a freshly fetched PEM (overwriting any existing entry) and return its path so the caller can hand it to ‘–cert`.

Constructor Details

#initialize(controller_namespace:, controller_name:) ⇒ CertCache

Returns a new instance of CertCache.

Parameters:

• controller_namespace (String)
• controller_name (String)

# File 'lib/rkseal/kubeseal.rb', line 326

def initialize(controller_namespace:, controller_name:)
  @controller_namespace = controller_namespace
  @controller_name = controller_name
end

Instance Method Details

#exist? ⇒ Boolean

Returns whether a cached PEM already exists.

Returns:

• (Boolean) —

  whether a cached PEM already exists.

# File 'lib/rkseal/kubeseal.rb', line 337

def exist?
  File.exist?(path)
end

#path ⇒ String

Returns absolute path to this controller’s cached PEM.

Returns:

• (String) —

  absolute path to this controller’s cached PEM.

# File 'lib/rkseal/kubeseal.rb', line 332

def path
  File.join(cache_dir, @controller_namespace, "#{@controller_name}.pem")
end

#read ⇒ String

Returns the cached PEM contents.

Returns:

• (String) —

  the cached PEM contents.

# File 'lib/rkseal/kubeseal.rb', line 342

def read
  File.read(path)
end

#write(pem) ⇒ String

Persist a freshly fetched PEM (overwriting any existing entry) and return its path so the caller can hand it to ‘–cert`.

Parameters:

• pem (String) —

  certificate contents.

Returns:

• (String) —

  the cache path that now holds the PEM.

# File 'lib/rkseal/kubeseal.rb', line 351

def write(pem)
  FileUtils.mkdir_p(File.dirname(path), mode: DIR_PERMS)
  write_atomically(pem)
  path
end