Class: Kubeseal::CLI

Inherits:
Object
  • Object
show all
Defined in:
lib/kubeseal/cli.rb

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(argv = ARGV) ⇒ CLI

Returns a new instance of CLI.



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/kubeseal/cli.rb', line 14

def initialize(argv = ARGV)
  @k8s_client = K8s::Client.autoconfig

  @mode = :encrypt
  @scope = :strict
  @decrypt_rearmor = true
  self.option_parser.parse(argv)

  @sealer = Kubeseal.new do |fetch_mode|
    case fetch_mode
    in :public_key
      fetch_cluster_sealer_active_public_key
    in :private_keys
      fetch_cluster_sealer_all_private_keys
    end
  end
end

Class Method Details

.start(argv = ARGV) ⇒ Object 



9
10
11
12
 
# File 'lib/kubeseal/cli.rb', line 9

def self.start(argv = ARGV)
  trap('INT'){ Kernel.exit(0) }
  self.new(argv).run
end

Instance Method Details

#option_parserObject 



32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/kubeseal/cli.rb', line 32

def option_parser
  OptionParser.new do |parser|
    parser.banner = "Usage: kubesealr [options]"

    parser.on("-d", "--decrypt", "Unseal sealed secrets (requires k8s User to have get access to secrets in kube-system namespace)") do |t|
      @mode = :decrypt
    end

    parser.on("-a", "--[no-]armor", "Emit base64-armored secrets when unsealing") do |t|
      @decrypt_rearmor = t
    end

    parser.on("-sTYPE", "--scope TYPE", [:strict, :"namespace-wide", :"cluster-wide"],
              "Select scope (strict, namespace-wide, cluster-wide)") do |v|
      @scope = v
    end
  end
end

#runObject 



51
52
53
54
55
56
57
58
 
# File 'lib/kubeseal/cli.rb', line 51

def run
  case @mode
  in :encrypt
    $stdout.puts(seal_stream($stdin.read))
  in :decrypt
    $stdout.puts(unseal_stream($stdin.read))
  end
end