Update decrypt command

Decrypt command was previously requiring that specified files have
in their paths the site name.  This isn't necessarily always the case
for example we can have global files that need to be decrypted and do
not contain the site name in the filepath, but the site name is
relevant in ensuring based on the site-definition.yaml file that
pegleg uses the correct revision of the global repository.

The end result should be that when decrypting a file, we specify the
site name, pegleg ensures we're on correct revisions of the repos
and if the file exists, decrypt and print to stdout

This patch addresses this by:
1. Updating pegleg.engine.secrets.decrypt to no longer require a
   site name.
2. Updating pegleg.cli.decrypt to no longer pass a site name to
   pegleg.engine.secrets.decrypt
3. Updating documentation for CLI.
4. Updating unit tests for CLI and secrets.

Change-Id: Ia97518b06a58b069a4d6c0b8d68a37f45e5d31bb

doc/source/cli/cli.rst

@@ -681,9 +681,9 @@ decrypt the encrypted secrets, and dump the cleartext secrets file to
 **site_name** (Required).
 
 Name of the ``site``. The ``site_name`` must match a ``site`` name in the site
-repository folder structure. The ``decrypt`` command also validates that the
-``site-name`` exists in the file path, before unwrapping and decrypting the
-documents in the ``filename``.
+repository folder structure. This is used to ensure the correct revision of
+the site and global repositories are used, as specified in the site's
+:file:`site-definition.yaml`.
 
 **-f / filename** (Required).
 

pegleg/cli.py

@@ -694,7 +694,7 @@ def encrypt(*, save_location, author, site_name):
 def decrypt(*, file_name, save_location, site_name):
     engine.repository.process_repositories(site_name)
 
-    decrypted = engine.secrets.decrypt(file_name, site_name)
+    decrypted = engine.secrets.decrypt(file_name)
     if save_location is None:
         click.echo(decrypted)
     else:

pegleg/engine/secrets.py

@@ -68,27 +68,22 @@ def encrypt(save_location, author, site_name):
             'No secret documents were found for site: {}'.format(site_name))
 
 
-def decrypt(file_path, site_name):
-    """
-    Decrypt one secrets file, and print the decrypted file to standard out.
+def decrypt(file_path):
+    """Decrypt one secrets file, and print the decrypted file to standard out.
 
-    Search in secrets file of a site, identified by ``site_name``, for a file
-    named ``file_name``.
-    If the  file is found and encrypted, unwrap and decrypt it, and print the
+    Search the specified file_path for a file.
+    If the file is found and encrypted, unwrap and decrypt it, and print the
     result to standard out.
     If the file is found, but it is not encrypted, print the contents of the
     file to standard out.
     Passphrase and salt for the decryption are read from environment variables.
     :param file_path: Path to the file to be unwrapped and decrypted.
     :type file_path: string
-    :param site_name: The name of the site to search for the file.
-    :type site_name: string
     :return: The decrypted secrets
     :rtype: list
     """
     LOG.info('Started decrypting...')
-    if (os.path.isfile(file_path) and
-            [s for s in file_path.split(os.path.sep) if s == site_name]):
+    if os.path.isfile(file_path):
         return PeglegSecretManagement(file_path).decrypt_secrets()
     else:
         LOG.info('File: {} was not found. Check your file path and name, '

tests/unit/engine/test_secrets.py

@@ -116,7 +116,7 @@ data: {0}-password
     # for _file in encrypted_files:
     decrypted = secrets.decrypt(str(save_location.join(
         "site/cicd/secrets/passphrases/"
-        "cicd-passphrase-encrypted.yaml")), "cicd")
+        "cicd-passphrase-encrypted.yaml")))
     assert yaml.load(decrypted) == yaml.load(passphrase_doc)