airship
/
pegleg
Code Issues Proposed changes

Merge "Update decrypt command"

This commit is contained in:
Zuul 2019-05-23 16:20:59 +00:00 committed by Gerrit Code Review
parent 0b297e5058 fb5d54fdb9
commit e4496a5530
4 changed files with 10 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/source/cli/cli.rst
View File

@ -669,9 +669,9 @@ decrypt the encrypted secrets, and dump the cleartext secrets file to
**site_name** (Required). **site_name** (Required).
Name of the ``site``. The ``site_name`` must match a ``site`` name in the site Name of the ``site``. The ``site_name`` must match a ``site`` name in the site
repository folder structure. The ``decrypt`` command also validates that the repository folder structure. This is used to ensure the correct revision of
``site-name`` exists in the file path, before unwrapping and decrypting the the site and global repositories are used, as specified in the site's
documents in the ``filename``. :file:`site-definition.yaml`.
**-f / filename** (Required). **-f / filename** (Required).

2
pegleg/cli.py
View File

@ -694,7 +694,7 @@ def encrypt(*, save_location, author, site_name):
def decrypt(*, file_name, save_location, site_name): def decrypt(*, file_name, save_location, site_name):
engine.repository.process_repositories(site_name) engine.repository.process_repositories(site_name)
decrypted = engine.secrets.decrypt(file_name, site_name) decrypted = engine.secrets.decrypt(file_name)
if save_location is None: if save_location is None:
click.echo(decrypted) click.echo(decrypted)
else: else:

15
pegleg/engine/secrets.py
View File

@ -68,27 +68,22 @@ def encrypt(save_location, author, site_name):
'No secret documents were found for site: {}'.format(site_name)) 'No secret documents were found for site: {}'.format(site_name))
def decrypt(file_path, site_name): def decrypt(file_path):
""" """Decrypt one secrets file, and print the decrypted file to standard out.
Decrypt one secrets file, and print the decrypted file to standard out.
Search in secrets file of a site, identified by ``site_name``, for a file Search the specified file_path for a file.
named ``file_name``. If the file is found and encrypted, unwrap and decrypt it, and print the
If the file is found and encrypted, unwrap and decrypt it, and print the
result to standard out. result to standard out.
If the file is found, but it is not encrypted, print the contents of the If the file is found, but it is not encrypted, print the contents of the
file to standard out. file to standard out.
Passphrase and salt for the decryption are read from environment variables. Passphrase and salt for the decryption are read from environment variables.
:param file_path: Path to the file to be unwrapped and decrypted. :param file_path: Path to the file to be unwrapped and decrypted.
:type file_path: string :type file_path: string
:param site_name: The name of the site to search for the file.
:type site_name: string
:return: The decrypted secrets :return: The decrypted secrets
:rtype: list :rtype: list
""" """
LOG.info('Started decrypting...') LOG.info('Started decrypting...')
if (os.path.isfile(file_path) and if os.path.isfile(file_path):
[s for s in file_path.split(os.path.sep) if s == site_name]):
return PeglegSecretManagement(file_path).decrypt_secrets() return PeglegSecretManagement(file_path).decrypt_secrets()
else: else:
LOG.info('File: {} was not found. Check your file path and name, ' LOG.info('File: {} was not found. Check your file path and name, '

2
tests/unit/engine/test_secrets.py
View File

@ -116,7 +116,7 @@ data: {0}-password
# for _file in encrypted_files: # for _file in encrypted_files:
decrypted = secrets.decrypt(str(save_location.join( decrypted = secrets.decrypt(str(save_location.join(
"site/cicd/secrets/passphrases/" "site/cicd/secrets/passphrases/"
"cicd-passphrase-encrypted.yaml")), "cicd") "cicd-passphrase-encrypted.yaml")))
assert yaml.load(decrypted) == yaml.load(passphrase_doc) assert yaml.load(decrypted) == yaml.load(passphrase_doc)