Merge "Update decrypt command"

2019-05-23 16:20:59 +00:00 · 2019-05-23 16:20:59 +00:00 · e4496a5530
parent 0b297e5058 fb5d54fdb9
commit e4496a5530
4 changed files with 10 additions and 15 deletions
--- a/doc/source/cli/cli.rst
+++ b/doc/source/cli/cli.rst
@ -669,9 +669,9 @@ decrypt the encrypted secrets, and dump the cleartext secrets file to
 **site_name** (Required).

 Name of the ``site``. The ``site_name`` must match a ``site`` name in the site
-repository folder structure. The ``decrypt`` command also validates that the
-``site-name`` exists in the file path, before unwrapping and decrypting the
-documents in the ``filename``.
+repository folder structure. This is used to ensure the correct revision of
+the site and global repositories are used, as specified in the site's
+:file:`site-definition.yaml`.

 **-f / filename** (Required).

--- a/pegleg/cli.py
+++ b/pegleg/cli.py
@ -694,7 +694,7 @@ def encrypt(*, save_location, author, site_name):
 def decrypt(*, file_name, save_location, site_name):
    engine.repository.process_repositories(site_name)

-    decrypted = engine.secrets.decrypt(file_name, site_name)
+    decrypted = engine.secrets.decrypt(file_name)
    if save_location is None:
        click.echo(decrypted)
    else:
--- a/pegleg/engine/secrets.py
+++ b/pegleg/engine/secrets.py
@ -68,27 +68,22 @@ def encrypt(save_location, author, site_name):
            'No secret documents were found for site: {}'.format(site_name))


-def decrypt(file_path, site_name):
-    """
-    Decrypt one secrets file, and print the decrypted file to standard out.
+def decrypt(file_path):
+    """Decrypt one secrets file, and print the decrypted file to standard out.

-    Search in secrets file of a site, identified by ``site_name``, for a file
-    named ``file_name``.
-    If the  file is found and encrypted, unwrap and decrypt it, and print the
+    Search the specified file_path for a file.
+    If the file is found and encrypted, unwrap and decrypt it, and print the
    result to standard out.
    If the file is found, but it is not encrypted, print the contents of the
    file to standard out.
    Passphrase and salt for the decryption are read from environment variables.
    :param file_path: Path to the file to be unwrapped and decrypted.
    :type file_path: string
-    :param site_name: The name of the site to search for the file.
-    :type site_name: string
    :return: The decrypted secrets
    :rtype: list
    """
    LOG.info('Started decrypting...')
-    if (os.path.isfile(file_path) and
-            [s for s in file_path.split(os.path.sep) if s == site_name]):
+    if os.path.isfile(file_path):
        return PeglegSecretManagement(file_path).decrypt_secrets()
    else:
        LOG.info('File: {} was not found. Check your file path and name, '
--- a/tests/unit/engine/test_secrets.py
+++ b/tests/unit/engine/test_secrets.py
@ -116,7 +116,7 @@ data: {0}-password
    # for _file in encrypted_files:
    decrypted = secrets.decrypt(str(save_location.join(
        "site/cicd/secrets/passphrases/"
-        "cicd-passphrase-encrypted.yaml")), "cicd")
+        "cicd-passphrase-encrypted.yaml")))
    assert yaml.load(decrypted) == yaml.load(passphrase_doc)