Class: RKSeal::CLI

Inherits:

Thor

• Object
• Thor
• RKSeal::CLI

Defined in:

lib/rkseal/cli.rb

Overview

Thor-based command-line interface: parses ARGV, validates options, and dispatches to the orchestration commands. It is intentionally thin – it maps flags/positionals onto RKSeal::Commands::Create / RKSeal::Commands::Edit, prints their RKSeal::Commands::Result, and turns the gem’s fail-fast Errors into a single clean line + non-zero exit. No business logic lives here.

rubocop:disable Metrics/ClassLength – length here is Thor’s declarative ‘method_option` surface (every flag for both subcommands plus their long_desc help text), not logic. The two command bodies stay thin and delegate straight to the orchestration classes.

Constant Summary

SCOPE_SYMBOLS =

kubeseal’s ‘–scope` strings, as exposed on the CLI, mapped to the symbols the command/adapter layers expect. Thor does not underscore enum values.

{
  "strict" => :strict,
  "namespace-wide" => :namespace_wide,
  "cluster-wide" => :cluster_wide
}.freeze

Class Method Summary

• .dispatch(*args) ⇒ void

  Entry point used by ‘exe/rkseal`, and Thor’s internal command router.

• .exit_on_failure? ⇒ Boolean

  Make argument/usage errors (and our rescued errors) exit non-zero rather than return 0, so the CLI is shell-script friendly.

• .thor_dispatch ⇒ Object

  ‘dispatch` is also Thor’s own internal 4-arg command router, which Thor.start calls.

Instance Method Summary

• #create(namespace, name) ⇒ void

  Author a new SealedSecret.

• #edit(namespace, name) ⇒ void

  Edit an existing SealedSecret.

• #list(namespace = nil) ⇒ void

  List SealedSecrets (read-only, metadata only).

• #reencrypt(namespace, name) ⇒ void

  Re-encrypt an existing SealedSecret to the newest controller key.

• #validate(namespace = nil, name = nil) ⇒ void

  Validate a SealedSecret (local <NAME>.yaml, or –file <path>).

• #version ⇒ void
• #view(namespace, name) ⇒ void

  Print the live Secret for a SealedSecret (read-only).

Class Method Details

.dispatch(*args) ⇒ void

This method returns an undefined value.

Entry point used by ‘exe/rkseal`, and Thor’s internal command router.

Dual-role on arity:

- called as `dispatch(argv)` (a single Array, from `exe/rkseal`): run
  {Thor.start} and translate any deliberately-raised {RKSeal::Error}
  into a one-line stderr message with a non-zero exit -- no backtrace.
  Thor's own parse errors keep their {exit_on_failure?} handling;
  unexpected exceptions propagate.
- called by Thor internally (`dispatch(meth, args, opts, config)`):
  delegate to Thor's preserved router unchanged.

Parameters:

• args (Array) —

  either ‘[argv]` (public) or Thor’s four router args.

# File 'lib/rkseal/cli.rb', line 52

def dispatch(*args)
  return thor_dispatch(*args) unless args.length == 1 && args.first.is_a?(Array)

  begin
    start(args.first)
  rescue RKSeal::Error => e
    warn(e.message)
    exit(1)
  end
end

.exit_on_failure? ⇒ Boolean

Make argument/usage errors (and our rescued errors) exit non-zero rather than return 0, so the CLI is shell-script friendly.

Returns:

• (Boolean)

# File 'lib/rkseal/cli.rb', line 28

def self.exit_on_failure?
  true
end

.thor_dispatch ⇒ Object

‘dispatch` is also Thor’s own internal 4-arg command router, which Thor.start calls. Preserve it under an alias so our public 1-arg entry point can reuse the name (as the gem’s contract requires) without clobbering Thor’s routing.

# File 'lib/rkseal/cli.rb', line 37

alias thor_dispatch dispatch

Instance Method Details

#create(namespace, name) ⇒ void

This method returns an undefined value.

Author a new SealedSecret.

Parameters:

• namespace (String) —

  target namespace.

• name (String) —

  Secret name (also the output filename stem).

# File 'lib/rkseal/cli.rb', line 97

def create(namespace, name)
  validate_identifiers!(namespace, name)
  result = Commands::Create.new(
    namespace: namespace, name: name,
    scope: scope_symbol, type: options["type"],
    from_file: parsed_from_file, no_edit: options["no-edit"],
    string_data: options["string-data"],
    kubeseal: build_kubeseal
  ).call
  report(result)
end

#edit(namespace, name) ⇒ void

This method returns an undefined value.

Edit an existing SealedSecret. Reads current values from the cluster; if the Secret is absent there but a local <NAME>.yaml exists, automatically falls back to the offline local edit. ‘–local` forces the offline path.

Parameters:

• namespace (String) —

  target namespace.

• name (String) —

  Secret name (also the output filename stem).

# File 'lib/rkseal/cli.rb', line 171

def edit(namespace, name)
  validate_identifiers!(namespace, name)
  result = options["local"] ? edit_local(namespace, name) : edit_auto(namespace, name)
  report(result)
end

#list(namespace = nil) ⇒ void

This method returns an undefined value.

List SealedSecrets (read-only, metadata only).

Parameters:

• namespace (String, nil) (defaults to: nil) —

  limit to this namespace; omit for all.

# File 'lib/rkseal/cli.rb', line 291

def list(namespace = nil)
  Secret.validate_identifier!(field: "namespace", value: namespace) if namespace
  say(Commands::List.new(namespace: namespace, kubectl: Kubectl.new).call)
end

#reencrypt(namespace, name) ⇒ void

This method returns an undefined value.

Re-encrypt an existing SealedSecret to the newest controller key.

Parameters:

• namespace (String) —

  target namespace.

• name (String) —

  Secret name (also the output filename stem).

# File 'lib/rkseal/cli.rb', line 205

def reencrypt(namespace, name)
  validate_identifiers!(namespace, name)
  result = Commands::Reencrypt.new(
    namespace: namespace, name: name,
    deploy: options["deploy"], assume_yes: options["yes"],
    kubectl: Kubectl.new, kubeseal: build_kubeseal
  ).call
  report(result)
end

#validate(namespace = nil, name = nil) ⇒ void

This method returns an undefined value.

Validate a SealedSecret (local <NAME>.yaml, or –file <path>).

Parameters:

• namespace (String, nil) (defaults to: nil) —

  target namespace (omit with –file).

• name (String, nil) (defaults to: nil) —

  Secret name (omit with –file).

Raises:

• (InvalidInputError)

# File 'lib/rkseal/cli.rb', line 240

def validate(namespace = nil, name = nil)
  file = options["file"]
  raise InvalidInputError, "give NAMESPACE NAME or --file <path>" if file.nil? && name.nil?

  validate_identifiers!(namespace, name) unless file
  path = Commands::Validate.new(
    namespace: namespace, name: name, file: file, kubeseal: build_kubeseal
  ).call
  say("SealedSecret #{path} is valid.")
end

#version ⇒ void

This method returns an undefined value.

# File 'lib/rkseal/cli.rb', line 299

def version
  say("rkseal #{RKSeal::VERSION}")
end

#view(namespace, name) ⇒ void

This method returns an undefined value.

Print the live Secret for a SealedSecret (read-only).

Parameters:

• namespace (String) —

  target namespace.

• name (String) —

  Secret name.

# File 'lib/rkseal/cli.rb', line 269

def view(namespace, name)
  validate_identifiers!(namespace, name)
  manifest = Commands::View.new(
    namespace: namespace, name: name, reveal: options["reveal"], kubectl: Kubectl.new
  ).call
  say(manifest)
end