Class: RKSeal::Commands::View

Inherits:

Object

• Object
• RKSeal::Commands::View

Defined in:

lib/rkseal/commands/view.rb

Overview

Orchestrates the ‘rkseal view <namespace> <secret-name>` flow.

A strictly read-only inspector: it reads the live unsealed Secret from the cluster (the only source of current values) and renders the full Secret manifest as a string for the CLI to print. It NEVER opens ‘$EDITOR`, never provisions a SecureWorkspace, and never writes a file.

By default ‘data` is shown as raw base64 (verbatim, consistent with `edit`). With `reveal: true` the values are decoded and presented as plaintext `stringData` – an explicit opt-in for the operator who wants to read the cleartext.

If the Secret is absent from the cluster, the flow fails fast and points the user at ‘create`.

Examples:

show base64 (default)

puts RKSeal::Commands::View.new(namespace: "app", name: "db").call

reveal plaintext

puts RKSeal::Commands::View.new(namespace: "app", name: "db", reveal: true).call

Instance Attribute Summary

• #name ⇒ String readonly
• #namespace ⇒ String readonly
• #reveal ⇒ Boolean readonly

  Whether to decode data to plaintext stringData.

Instance Method Summary

• #call ⇒ String

  Run the view flow: read the cluster Secret and render it.

• #initialize(namespace:, name:, reveal: false, kubectl: Kubectl.new) ⇒ View constructor

  A new instance of View.

Constructor Details

#initialize(namespace:, name:, reveal: false, kubectl: Kubectl.new) ⇒ View

Returns a new instance of View.

Parameters:

• namespace (String) —

  target namespace (positional CLI arg).

• name (String) —

  Secret name (positional CLI arg).

• reveal (Boolean) (defaults to: false) —

  decode data to plaintext; defaults to false.

• kubectl (RKSeal::Kubectl) (defaults to: Kubectl.new) —

  cluster adapter (read only).

# File 'lib/rkseal/commands/view.rb', line 36

def initialize(namespace:, name:, reveal: false, kubectl: Kubectl.new)
  @namespace = namespace
  @name = name
  @reveal = reveal
  @kubectl = kubectl
end

Instance Attribute Details

#name ⇒ String (readonly)

Returns:

• (String)

# File 'lib/rkseal/commands/view.rb', line 28

def name
  @name
end

#namespace ⇒ String (readonly)

Returns:

• (String)

# File 'lib/rkseal/commands/view.rb', line 26

def namespace
  @namespace
end

#reveal ⇒ Boolean (readonly)

Returns whether to decode data to plaintext stringData.

Returns:

• (Boolean) —

  whether to decode data to plaintext stringData.

# File 'lib/rkseal/commands/view.rb', line 30

def reveal
  @reveal
end

Instance Method Details

#call ⇒ String

Run the view flow: read the cluster Secret and render it.

Side effects: a single read-only ‘kubectl get secret`. No editor, no workspace, no file write.

Returns:

• (String) —

  the full Secret manifest YAML to print.

Raises:

• (RKSeal::NotFoundError) —

  the Secret is absent (points at ‘create`).

• (RKSeal::CommandError) —

  kubectl failed.

# File 'lib/rkseal/commands/view.rb', line 51

def call
  @kubectl.ensure_available!
  secret = Secret.from_kubectl_json(@kubectl.get_secret(name: @name, namespace: @namespace))
  secret.to_buffer(reveal: @reveal)
end