Merge "Update decrypt command"
This commit is contained in:
commit
e4496a5530
@ -669,9 +669,9 @@ decrypt the encrypted secrets, and dump the cleartext secrets file to
|
|||||||
**site_name** (Required).
|
**site_name** (Required).
|
||||||
|
|
||||||
Name of the ``site``. The ``site_name`` must match a ``site`` name in the site
|
Name of the ``site``. The ``site_name`` must match a ``site`` name in the site
|
||||||
repository folder structure. The ``decrypt`` command also validates that the
|
repository folder structure. This is used to ensure the correct revision of
|
||||||
``site-name`` exists in the file path, before unwrapping and decrypting the
|
the site and global repositories are used, as specified in the site's
|
||||||
documents in the ``filename``.
|
:file:`site-definition.yaml`.
|
||||||
|
|
||||||
**-f / filename** (Required).
|
**-f / filename** (Required).
|
||||||
|
|
||||||
|
@ -694,7 +694,7 @@ def encrypt(*, save_location, author, site_name):
|
|||||||
def decrypt(*, file_name, save_location, site_name):
|
def decrypt(*, file_name, save_location, site_name):
|
||||||
engine.repository.process_repositories(site_name)
|
engine.repository.process_repositories(site_name)
|
||||||
|
|
||||||
decrypted = engine.secrets.decrypt(file_name, site_name)
|
decrypted = engine.secrets.decrypt(file_name)
|
||||||
if save_location is None:
|
if save_location is None:
|
||||||
click.echo(decrypted)
|
click.echo(decrypted)
|
||||||
else:
|
else:
|
||||||
|
@ -68,12 +68,10 @@ def encrypt(save_location, author, site_name):
|
|||||||
'No secret documents were found for site: {}'.format(site_name))
|
'No secret documents were found for site: {}'.format(site_name))
|
||||||
|
|
||||||
|
|
||||||
def decrypt(file_path, site_name):
|
def decrypt(file_path):
|
||||||
"""
|
"""Decrypt one secrets file, and print the decrypted file to standard out.
|
||||||
Decrypt one secrets file, and print the decrypted file to standard out.
|
|
||||||
|
|
||||||
Search in secrets file of a site, identified by ``site_name``, for a file
|
Search the specified file_path for a file.
|
||||||
named ``file_name``.
|
|
||||||
If the file is found and encrypted, unwrap and decrypt it, and print the
|
If the file is found and encrypted, unwrap and decrypt it, and print the
|
||||||
result to standard out.
|
result to standard out.
|
||||||
If the file is found, but it is not encrypted, print the contents of the
|
If the file is found, but it is not encrypted, print the contents of the
|
||||||
@ -81,14 +79,11 @@ def decrypt(file_path, site_name):
|
|||||||
Passphrase and salt for the decryption are read from environment variables.
|
Passphrase and salt for the decryption are read from environment variables.
|
||||||
:param file_path: Path to the file to be unwrapped and decrypted.
|
:param file_path: Path to the file to be unwrapped and decrypted.
|
||||||
:type file_path: string
|
:type file_path: string
|
||||||
:param site_name: The name of the site to search for the file.
|
|
||||||
:type site_name: string
|
|
||||||
:return: The decrypted secrets
|
:return: The decrypted secrets
|
||||||
:rtype: list
|
:rtype: list
|
||||||
"""
|
"""
|
||||||
LOG.info('Started decrypting...')
|
LOG.info('Started decrypting...')
|
||||||
if (os.path.isfile(file_path) and
|
if os.path.isfile(file_path):
|
||||||
[s for s in file_path.split(os.path.sep) if s == site_name]):
|
|
||||||
return PeglegSecretManagement(file_path).decrypt_secrets()
|
return PeglegSecretManagement(file_path).decrypt_secrets()
|
||||||
else:
|
else:
|
||||||
LOG.info('File: {} was not found. Check your file path and name, '
|
LOG.info('File: {} was not found. Check your file path and name, '
|
||||||
|
@ -116,7 +116,7 @@ data: {0}-password
|
|||||||
# for _file in encrypted_files:
|
# for _file in encrypted_files:
|
||||||
decrypted = secrets.decrypt(str(save_location.join(
|
decrypted = secrets.decrypt(str(save_location.join(
|
||||||
"site/cicd/secrets/passphrases/"
|
"site/cicd/secrets/passphrases/"
|
||||||
"cicd-passphrase-encrypted.yaml")), "cicd")
|
"cicd-passphrase-encrypted.yaml")))
|
||||||
assert yaml.load(decrypted) == yaml.load(passphrase_doc)
|
assert yaml.load(decrypted) == yaml.load(passphrase_doc)
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user