Class: KubernetesDeploy::EjsonSecretProvisioner

Inherits:

Object

• Object
• KubernetesDeploy::EjsonSecretProvisioner

Defined in:

lib/kubernetes-deploy/ejson_secret_provisioner.rb

Constant Summary

MANAGEMENT_ANNOTATION =

"kubernetes-deploy.shopify.io/ejson-secret"

MANAGED_SECRET_EJSON_KEY =

"kubernetes_secrets"

EJSON_SECRETS_FILE =

"secrets.ejson"

EJSON_KEYS_SECRET =

"ejson-keys"

Instance Method Summary

• #initialize(namespace:, context:, template_dir:, logger:, prune: true) ⇒ EjsonSecretProvisioner constructor

  A new instance of EjsonSecretProvisioner.

• #run ⇒ Object
• #secret_changes_required? ⇒ Boolean

Constructor Details

#initialize(namespace:, context:, template_dir:, logger:, prune: true) ⇒ EjsonSecretProvisioner

Returns a new instance of EjsonSecretProvisioner.

# File 'lib/kubernetes-deploy/ejson_secret_provisioner.rb', line 20

def initialize(namespace:, context:, template_dir:, logger:, prune: true)
  @namespace = namespace
  @context = context
  @ejson_file = "#{template_dir}/#{EJSON_SECRETS_FILE}"
  @logger = logger
  @prune = prune
  @kubectl = Kubectl.new(
    namespace: @namespace,
    context: @context,
    logger: @logger,
    log_failure_by_default: false,
    output_is_sensitive: true # output may contain ejson secrets
  )
end

Instance Method Details

#run ⇒ Object

# File 'lib/kubernetes-deploy/ejson_secret_provisioner.rb', line 39

def run
  create_secrets
  prune_managed_secrets if @prune
end

#secret_changes_required? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/kubernetes-deploy/ejson_secret_provisioner.rb', line 35

def secret_changes_required?
  File.exist?(@ejson_file) || managed_secrets_exist?
end