airship/airshipctl
Code Issues Proposed changes

Revert "Adding encrypt and decrypt subcommands to secret command"

Browse Source 
This reverts commit 8fccf09753.

Reason for revert: This change is no longer needed and never used, specified commands aren't implemented. All the encryption logic was implemented in this [1] PS chain.

[1] https://review.opendev.org/q/topic:%22generator_sops_encrypter%22+(status:open%20OR%20status:merged)
 

Change-Id: I94737137707cea63c05573147ba3bde808bf6f00
This commit is contained in:
Ruslan Aliev 2021-03-08 22:15:01 +00:00
parent 2351051ffd
commit 159cddb269
11 changed files with 2 additions and 340 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/root.go
View File

@ -74,7 +74,7 @@ func AddDefaultAirshipCTLCommands(cmd *cobra.Command, factory cfg.Factory) *cobr
cmd.AddCommand(completion.NewCompletionCommand()) cmd.AddCommand(completion.NewCompletionCommand())
cmd.AddCommand(document.NewDocumentCommand(factory)) cmd.AddCommand(document.NewDocumentCommand(factory))
cmd.AddCommand(config.NewConfigCommand(factory)) cmd.AddCommand(config.NewConfigCommand(factory))
cmd.AddCommand(secret.NewSecretCommand(factory)) cmd.AddCommand(secret.NewSecretCommand())
cmd.AddCommand(phase.NewPhaseCommand(factory)) cmd.AddCommand(phase.NewPhaseCommand(factory))
cmd.AddCommand(plan.NewPlanCommand(factory)) cmd.AddCommand(plan.NewPlanCommand(factory))
cmd.AddCommand(NewVersionCommand()) cmd.AddCommand(NewVersionCommand())

65
cmd/secret/decrypt/decrypt.go
View File

@ -1,65 +0,0 @@
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package decrypt
import (
"github.com/spf13/cobra"
"opendev.org/airship/airshipctl/pkg/config"
"opendev.org/airship/airshipctl/pkg/errors"
"opendev.org/airship/airshipctl/pkg/log"
)
const (
decryptShort = `
Decrypt encrypted yaml files into plaintext files representing Kubernetes objects consisting of sensitive data.`
decryptExample = `
# Decrypt all encrypted files in the manifests directory.
airshipctl secret decrypt
# Decrypt encrypted file from src and write the plain text to a different dst file
airshipctl secret decrypt \
--src /tmp/manifests/target/secrets/encrypted-qualified-secret.yaml \
--dst /tmp/manifests/target/secrets/qualified-secret.yaml
`
)
// NewDecryptCommand creates a new command for decrypting encrypted secrets in the manifests
func NewDecryptCommand(_ config.Factory) *cobra.Command {
var srcPath, dstPath string
decryptCmd := &cobra.Command{
Use: "decrypt",
Short: decryptShort[1:],
Example: decryptExample,
RunE: func(cmd *cobra.Command, args []string) error {
// TODO: Need to integrate with business logic to decrypt with sops
return errors.ErrNotImplemented{What: "secret encryption/decryption"}
},
}
decryptCmd.Flags().StringVar(&srcPath, "src", "",
`Path to the file or directory that has secrets in encrypted text that need to be decrypted. `+
`Defaults to the manifest location in airship config`)
decryptCmd.Flags().StringVar(&dstPath, "dst", "",
"Path to the file or directory to store decrypted secrets. Defaults to src if empty.")
err := decryptCmd.MarkFlagRequired("dst")
if err != nil {
log.Fatalf("marking dst flag required failed: %v", err)
}
return decryptCmd
}

36
cmd/secret/decrypt/decrypt_test.go
View File

@ -1,36 +0,0 @@
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package decrypt_test
import (
"testing"
"opendev.org/airship/airshipctl/cmd/secret/decrypt"
"opendev.org/airship/airshipctl/testutil"
)
func TestDecrypt(t *testing.T) {
cmdTests := []*testutil.CmdTest{
{
Name: "decrypt-cmd-cmd-with-help",
CmdLine: "--help",
Cmd: decrypt.NewDecryptCommand(nil),
},
}
for _, tt := range cmdTests {
testutil.RunTest(t, tt)
}
}

20
cmd/secret/decrypt/testdata/TestDecryptGoldenOutput/decrypt-cmd-cmd-with-help.golden vendored
View File

@ -1,20 +0,0 @@
Decrypt encrypted yaml files into plaintext files representing Kubernetes objects consisting of sensitive data.
Usage:
decrypt [flags]
Examples:
# Decrypt all encrypted files in the manifests directory.
airshipctl secret decrypt
# Decrypt encrypted file from src and write the plain text to a different dst file
airshipctl secret decrypt \
--src /tmp/manifests/target/secrets/encrypted-qualified-secret.yaml \
--dst /tmp/manifests/target/secrets/qualified-secret.yaml
Flags:
--dst string Path to the file or directory to store decrypted secrets. Defaults to src if empty.
-h, --help help for decrypt
--src string Path to the file or directory that has secrets in encrypted text that need to be decrypted. Defaults to the manifest location in airship config

64
cmd/secret/encrypt/encrypt.go
View File

@ -1,64 +0,0 @@
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package encrypt
import (
"github.com/spf13/cobra"
"opendev.org/airship/airshipctl/pkg/config"
"opendev.org/airship/airshipctl/pkg/errors"
"opendev.org/airship/airshipctl/pkg/log"
)
const (
encryptShort = `
Encrypt plain text yaml files representing Kubernetes objects consisting of sensitive configuration.`
encryptExample = `
# Encrypt all kubernetes objects in the manifests directory.
airshipctl secret encrypt
# Encrypt file from src and write to a different dst file
airshipctl secret encrypt \
--src /tmp/manifests/target/secrets/qualified-secret.yaml \
--dst /tmp/manifests/target/secrets/encrypted-qualified-secret.yaml
`
)
// NewEncryptCommand creates a new command for encrypting plain text secrets using sops
func NewEncryptCommand(_ config.Factory) *cobra.Command {
var srcPath, dstPath string
encryptCmd := &cobra.Command{
Use: "encrypt",
Short: encryptShort[1:],
Example: encryptExample,
RunE: func(cmd *cobra.Command, args []string) error {
return errors.ErrNotImplemented{What: "secret encryption/decryption"}
},
}
encryptCmd.Flags().StringVar(&srcPath, "src", "",
`Path to the file or directory that has secrets in plaintext that need to be encrypted. `+
`Defaults to the manifest location in airship config`)
encryptCmd.Flags().StringVar(&dstPath, "dst", "",
"Path to the file or directory that has encrypted secrets for decryption. Defaults to src if empty.")
err := encryptCmd.MarkFlagRequired("dst")
if err != nil {
log.Fatalf("marking dst flag required failed: %v", err)
}
return encryptCmd
}

36
cmd/secret/encrypt/encrypt_test.go
View File

@ -1,36 +0,0 @@
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package encrypt_test
import (
"testing"
"opendev.org/airship/airshipctl/cmd/secret/encrypt"
"opendev.org/airship/airshipctl/testutil"
)
func TestDecrypt(t *testing.T) {
cmdTests := []*testutil.CmdTest{
{
Name: "encrypt-cmd-cmd-with-help",
CmdLine: "--help",
Cmd: encrypt.NewEncryptCommand(nil),
},
}
for _, tt := range cmdTests {
testutil.RunTest(t, tt)
}
}

20
cmd/secret/encrypt/testdata/TestDecryptGoldenOutput/encrypt-cmd-cmd-with-help.golden vendored
View File

@ -1,20 +0,0 @@
Encrypt plain text yaml files representing Kubernetes objects consisting of sensitive configuration.
Usage:
encrypt [flags]
Examples:
# Encrypt all kubernetes objects in the manifests directory.
airshipctl secret encrypt
# Encrypt file from src and write to a different dst file
airshipctl secret encrypt \
--src /tmp/manifests/target/secrets/qualified-secret.yaml \
--dst /tmp/manifests/target/secrets/encrypted-qualified-secret.yaml
Flags:
--dst string Path to the file or directory that has encrypted secrets for decryption. Defaults to src if empty.
-h, --help help for encrypt
--src string Path to the file or directory that has secrets in plaintext that need to be encrypted. Defaults to the manifest location in airship config

7
cmd/secret/secret.go
View File

@ -17,14 +17,11 @@ package secret
import ( import (
"github.com/spf13/cobra" "github.com/spf13/cobra"
"opendev.org/airship/airshipctl/cmd/secret/decrypt"
"opendev.org/airship/airshipctl/cmd/secret/encrypt"
"opendev.org/airship/airshipctl/cmd/secret/generate" "opendev.org/airship/airshipctl/cmd/secret/generate"
"opendev.org/airship/airshipctl/pkg/config"
) )
// NewSecretCommand creates a new command for managing airshipctl secrets // NewSecretCommand creates a new command for managing airshipctl secrets
func NewSecretCommand(cfgFactory config.Factory) *cobra.Command { func NewSecretCommand() *cobra.Command {
secretRootCmd := &cobra.Command{ secretRootCmd := &cobra.Command{
Use: "secret", Use: "secret",
// TODO(howell): Make this more expressive // TODO(howell): Make this more expressive
@ -32,8 +29,6 @@ func NewSecretCommand(cfgFactory config.Factory) *cobra.Command {
} }
secretRootCmd.AddCommand(generate.NewGenerateCommand()) secretRootCmd.AddCommand(generate.NewGenerateCommand())
secretRootCmd.AddCommand(encrypt.NewEncryptCommand(cfgFactory))
secretRootCmd.AddCommand(decrypt.NewDecryptCommand(cfgFactory))
return secretRootCmd return secretRootCmd
} }

2
docs/source/cli/airshipctl_secret.md
View File

@ -22,7 +22,5 @@ Manage secrets
### SEE ALSO ### SEE ALSO
* [airshipctl](airshipctl.md) - A unified entrypoint to various airship components * [airshipctl](airshipctl.md) - A unified entrypoint to various airship components
* [airshipctl secret decrypt](airshipctl_secret_decrypt.md) - Decrypt encrypted yaml files into plaintext files representing Kubernetes objects consisting of sensitive data.
* [airshipctl secret encrypt](airshipctl_secret_encrypt.md) - Encrypt plain text yaml files representing Kubernetes objects consisting of sensitive configuration.
* [airshipctl secret generate](airshipctl_secret_generate.md) - Generate various secrets * [airshipctl secret generate](airshipctl_secret_generate.md) - Generate various secrets

45
docs/source/cli/airshipctl_secret_decrypt.md
View File

@ -1,45 +0,0 @@
## airshipctl secret decrypt
Decrypt encrypted yaml files into plaintext files representing Kubernetes objects consisting of sensitive data.
### Synopsis
Decrypt encrypted yaml files into plaintext files representing Kubernetes objects consisting of sensitive data.
```
airshipctl secret decrypt [flags]
```
### Examples
```
# Decrypt all encrypted files in the manifests directory.
airshipctl secret decrypt
# Decrypt encrypted file from src and write the plain text to a different dst file
airshipctl secret decrypt \
--src /tmp/manifests/target/secrets/encrypted-qualified-secret.yaml \
--dst /tmp/manifests/target/secrets/qualified-secret.yaml
```
### Options
```
--dst string Path to the file or directory to store decrypted secrets. Defaults to src if empty.
-h, --help help for decrypt
--src string Path to the file or directory that has secrets in encrypted text that need to be decrypted. Defaults to the manifest location in airship config
```
### Options inherited from parent commands
```
--airshipconf string Path to file for airshipctl configuration. (default "$HOME/.airship/config")
--debug enable verbose output
```
### SEE ALSO
* [airshipctl secret](airshipctl_secret.md) - Manage secrets

45
docs/source/cli/airshipctl_secret_encrypt.md
View File

@ -1,45 +0,0 @@
## airshipctl secret encrypt
Encrypt plain text yaml files representing Kubernetes objects consisting of sensitive configuration.
### Synopsis
Encrypt plain text yaml files representing Kubernetes objects consisting of sensitive configuration.
```
airshipctl secret encrypt [flags]
```
### Examples
```
# Encrypt all kubernetes objects in the manifests directory.
airshipctl secret encrypt
# Encrypt file from src and write to a different dst file
airshipctl secret encrypt \
--src /tmp/manifests/target/secrets/qualified-secret.yaml \
--dst /tmp/manifests/target/secrets/encrypted-qualified-secret.yaml
```
### Options
```
--dst string Path to the file or directory that has encrypted secrets for decryption. Defaults to src if empty.
-h, --help help for encrypt
--src string Path to the file or directory that has secrets in plaintext that need to be encrypted. Defaults to the manifest location in airship config
```
### Options inherited from parent commands
```
--airshipconf string Path to file for airshipctl configuration. (default "$HOME/.airship/config")
--debug enable verbose output
```
### SEE ALSO
* [airshipctl secret](airshipctl_secret.md) - Manage secrets