Class: Vkit::Core::CredentialStore

Inherits:

Object

• Object
• Vkit::Core::CredentialStore

Defined in:

lib/vkit/core/credential_store.rb

Constant Summary

SERVICE =

"vkit"

ACCOUNT =

"credentials"

Instance Method Summary

• #clear! ⇒ Object
• #clear_token! ⇒ Object
• #endpoint ⇒ Object
• #file_delete ⇒ Object
• #file_load ⇒ Object
• #file_store(payload) ⇒ Object
• #initialize ⇒ CredentialStore constructor

  A new instance of CredentialStore.

• #linux? ⇒ Boolean
• #linux_secret_service_delete ⇒ Object
• #linux_secret_service_load ⇒ Object
• #linux_secret_service_store(payload) ⇒ Object
• #load_payload ⇒ Object
• #logged_in? ⇒ Boolean
• #mac? ⇒ Boolean
• #mac_keychain_delete ⇒ Object
• #mac_keychain_load ⇒ Object
• #mac_keychain_store(payload) ⇒ Object
• #save(endpoint:, token:, user:) ⇒ Object
• #save_user(user) ⇒ Object
• #secret_tool_available? ⇒ Boolean
• #token ⇒ Object
• #user ⇒ Object

Constructor Details

#initialize ⇒ CredentialStore

Returns a new instance of CredentialStore.

# File 'lib/vkit/core/credential_store.rb', line 12

def initialize
  @os = RbConfig::CONFIG["host_os"]
  @fallback_path = File.join(Dir.home, ".vkit", "credentials.json")
end

Instance Method Details

#clear! ⇒ Object

# File 'lib/vkit/core/credential_store.rb', line 68

def clear!
  case
  when mac?
    mac_keychain_delete
  when linux? && secret_tool_available?
    linux_secret_service_delete
  else
    file_delete
  end
end

#clear_token! ⇒ Object

# File 'lib/vkit/core/credential_store.rb', line 79

def clear_token!
  payload = load_payload
  return unless payload

  payload.delete("token")

  case
  when mac?
    mac_keychain_store(payload)
  when linux? && secret_tool_available?
    linux_secret_service_store(payload)
  else
    file_store(payload)
  end
end

#endpoint ⇒ Object

# File 'lib/vkit/core/credential_store.rb', line 52

def endpoint
  load_payload&.dig("endpoint")
end

#file_delete ⇒ Object

# File 'lib/vkit/core/credential_store.rb', line 197

def file_delete
  FileUtils.rm_f(@fallback_path)
end

#file_load ⇒ Object

# File 'lib/vkit/core/credential_store.rb', line 190

def file_load
  return nil unless File.exist?(@fallback_path)
  JSON.parse(File.read(@fallback_path))
rescue
  nil
end

#file_store(payload) ⇒ Object

# File 'lib/vkit/core/credential_store.rb', line 184

def file_store(payload)
  FileUtils.mkdir_p(File.dirname(@fallback_path))
  File.write(@fallback_path, JSON.pretty_generate(payload))
  File.chmod(0o600, @fallback_path)
end

#linux? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/vkit/core/credential_store.rb', line 110

def linux?
  @os =~ /linux/
end

#linux_secret_service_delete ⇒ Object

# File 'lib/vkit/core/credential_store.rb', line 180

def linux_secret_service_delete
  linux_secret_service_store({})
end

#linux_secret_service_load ⇒ Object

# File 'lib/vkit/core/credential_store.rb', line 165

def linux_secret_service_load
  stdout, _stderr, status =
    Open3.capture3(
      "secret-tool",
      "lookup",
      "service", SERVICE,
      "account", ACCOUNT
    )

  return nil unless status.success?
  JSON.parse(stdout)
rescue
  nil
end

#linux_secret_service_store(payload) ⇒ Object

# File 'lib/vkit/core/credential_store.rb', line 154

def linux_secret_service_store(payload)
  Open3.capture3(
    "secret-tool",
    "store",
    "--label=VaultKit Credentials",
    "service", SERVICE,
    "account", ACCOUNT,
    stdin_data: payload.to_json
  )
end

#load_payload ⇒ Object

# File 'lib/vkit/core/credential_store.rb', line 95

def load_payload
  case
  when mac?
    mac_keychain_load
  when linux? && secret_tool_available?
    linux_secret_service_load
  else
    file_load
  end
end

#logged_in? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/vkit/core/credential_store.rb', line 64

def logged_in?
  !!(endpoint && token)
end

#mac? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/vkit/core/credential_store.rb', line 106

def mac?
  @os =~ /darwin/
end

#mac_keychain_delete ⇒ Object

# File 'lib/vkit/core/credential_store.rb', line 144

def mac_keychain_delete
  system(
    "security", "delete-generic-password",
    "-a", ACCOUNT,
    "-s", SERVICE,
    out: File::NULL,
    err: File::NULL
  )
end

#mac_keychain_load ⇒ Object

# File 'lib/vkit/core/credential_store.rb', line 129

def mac_keychain_load
  stdout, _stderr, status =
    Open3.capture3(
      "security", "find-generic-password",
      "-a", ACCOUNT,
      "-s", SERVICE,
      "-w"
    )

  return nil unless status.success?
  JSON.parse(stdout)
rescue
  nil
end

#mac_keychain_store(payload) ⇒ Object

# File 'lib/vkit/core/credential_store.rb', line 118

def mac_keychain_store(payload)
  mac_keychain_delete
  system(
    "security", "add-generic-password",
    "-a", ACCOUNT,
    "-s", SERVICE,
    "-w", payload.to_json,
    "-U"
  )
end

#save(endpoint:, token:, user:) ⇒ Object

# File 'lib/vkit/core/credential_store.rb', line 17

def save(endpoint:, token:, user:)
  payload = {
    "endpoint" => endpoint,
    "token" => token,
    "user" => user
  }

  case
  when mac?
    mac_keychain_store(payload)
  when linux? && secret_tool_available?
    linux_secret_service_store(payload)
  else
    file_store(payload)
  end

  true
end

#save_user(user) ⇒ Object

# File 'lib/vkit/core/credential_store.rb', line 36

def save_user(user)
  payload = load_payload
  return unless payload

  payload["user"] = user

  case
  when mac?
    mac_keychain_store(payload)
  when linux? && secret_tool_available?
    linux_secret_service_store(payload)
  else
    file_store(payload)
  end
end

#secret_tool_available? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/vkit/core/credential_store.rb', line 114

def secret_tool_available?
  system("which secret-tool > /dev/null 2>&1")
end

#token ⇒ Object

# File 'lib/vkit/core/credential_store.rb', line 56

def token
  load_payload&.dig("token")
end

#user ⇒ Object

# File 'lib/vkit/core/credential_store.rb', line 60

def user
  load_payload&.dig("user")
end