This commit is contained in:
177
Sources/VaultClient/VaultClient.swift
Normal file
177
Sources/VaultClient/VaultClient.swift
Normal file
@@ -0,0 +1,177 @@
|
||||
import CommandClient
|
||||
import ConfigurationClient
|
||||
import Dependencies
|
||||
import DependenciesMacros
|
||||
import FileClient
|
||||
|
||||
public extension DependencyValues {
|
||||
/// Manages interactions with `ansible-vault` command line application.
|
||||
var vaultClient: VaultClient {
|
||||
get { self[VaultClient.self] }
|
||||
set { self[VaultClient.self] = newValue }
|
||||
}
|
||||
}
|
||||
|
||||
@DependencyClient
|
||||
public struct VaultClient: Sendable {
|
||||
/// Run an `ansible-vault` command.
|
||||
public var run: Run
|
||||
|
||||
@DependencyClient
|
||||
public struct Run: Sendable {
|
||||
/// Decrypt an `ansible-vault` file.
|
||||
public var decrypt: @Sendable (RunOptions) async throws -> String
|
||||
/// Encrypt an `ansible-vault` file.
|
||||
public var encrypt: @Sendable (RunOptions) async throws -> String
|
||||
}
|
||||
|
||||
public struct RunOptions: Equatable, Sendable {
|
||||
|
||||
/// Extra arguments / options passed to the `ansible-vault` command.
|
||||
let extraOptions: [String]?
|
||||
/// Logging options to use while running the command.
|
||||
let loggingOptions: LoggingOptions
|
||||
/// The optional output file path.
|
||||
let outputFilePath: String?
|
||||
/// Disable logging output.
|
||||
let quiet: Bool
|
||||
/// Optional shell used to call the command.
|
||||
let shell: String?
|
||||
/// The path to the vault file, if not supplied we will search the current directory for it.
|
||||
let vaultFilePath: String?
|
||||
|
||||
/// Create new run options.
|
||||
///
|
||||
/// - Parameters:
|
||||
/// - extraOptions: Extra arguments / options passed to the command.
|
||||
/// - loggingOptions: The logging options used while running the command.
|
||||
/// - outputFilePath: The optional output file path.
|
||||
/// - quiet: Disable logging output of the command.
|
||||
/// - shell: The shell used to call the command.
|
||||
/// - vaultFilePath: The vault file, if not supplied we will search in the current working directory.
|
||||
public init(
|
||||
extraOptions: [String]? = nil,
|
||||
loggingOptions: LoggingOptions,
|
||||
outputFilePath: String? = nil,
|
||||
quiet: Bool = false,
|
||||
shell: String? = nil,
|
||||
vaultFilePath: String? = nil
|
||||
) {
|
||||
self.extraOptions = extraOptions
|
||||
self.loggingOptions = loggingOptions
|
||||
self.outputFilePath = outputFilePath
|
||||
self.quiet = quiet
|
||||
self.shell = shell
|
||||
self.vaultFilePath = vaultFilePath
|
||||
}
|
||||
}
|
||||
|
||||
@_spi(Internal)
|
||||
public enum Route: String, Equatable, Sendable {
|
||||
case decrypt
|
||||
case encrypt
|
||||
|
||||
public var verb: String { rawValue }
|
||||
}
|
||||
}
|
||||
|
||||
extension VaultClient: DependencyKey {
|
||||
|
||||
public static let testValue: VaultClient = Self(run: Run())
|
||||
|
||||
public static var liveValue: VaultClient {
|
||||
.init(
|
||||
run: .init(
|
||||
decrypt: { try await $0.run(route: .decrypt) },
|
||||
encrypt: { try await $0.run(route: .encrypt) }
|
||||
)
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@_spi(Internal)
|
||||
public extension VaultClient {
|
||||
enum Constants {
|
||||
public static let vaultCommand = "ansible-vault"
|
||||
}
|
||||
}
|
||||
|
||||
extension VaultClient.RunOptions {
|
||||
|
||||
// Sets up the default arguments and runs the `ansible-vault` command,
|
||||
// returning the output file path, which is either supplied by the caller
|
||||
// or found via the `fileClient.findVaultFileInCurrentDirectory`.
|
||||
//
|
||||
// This allows the output to be piped into other commands.
|
||||
//
|
||||
//
|
||||
@discardableResult
|
||||
func run(route: VaultClient.Route) async throws -> String {
|
||||
@Dependency(\.commandClient) var commandClient
|
||||
|
||||
return try await commandClient.run(
|
||||
logging: loggingOptions,
|
||||
quiet: quiet,
|
||||
shell: shell
|
||||
) {
|
||||
@Dependency(\.configurationClient) var configurationClient
|
||||
@Dependency(\.fileClient) var fileClient
|
||||
@Dependency(\.logger) var logger
|
||||
|
||||
var output: String?
|
||||
|
||||
let configuration = try await configurationClient.findAndLoad()
|
||||
logger.trace("Configuration: \(configuration)")
|
||||
|
||||
var vaultFilePath: String? = vaultFilePath
|
||||
|
||||
if vaultFilePath == nil {
|
||||
vaultFilePath = try await fileClient
|
||||
.findVaultFileInCurrentDirectory()?
|
||||
.cleanFilePath
|
||||
}
|
||||
|
||||
guard let vaultFilePath else {
|
||||
throw VaultClientError.vaultFileNotFound
|
||||
}
|
||||
output = vaultFilePath
|
||||
|
||||
logger.trace("Vault file: \(vaultFilePath)")
|
||||
|
||||
var arguments = [
|
||||
VaultClient.Constants.vaultCommand,
|
||||
route.verb
|
||||
]
|
||||
|
||||
if let outputFilePath {
|
||||
arguments.append(contentsOf: ["--output", outputFilePath])
|
||||
output = outputFilePath
|
||||
}
|
||||
|
||||
if let extraOptions {
|
||||
arguments.append(contentsOf: extraOptions)
|
||||
}
|
||||
|
||||
if let vaultArgs = configuration.vault.args {
|
||||
arguments.append(contentsOf: vaultArgs)
|
||||
}
|
||||
|
||||
if arguments.contains("encrypt"),
|
||||
!arguments.contains("--encrypt-vault-id"),
|
||||
let id = configuration.vault.encryptId
|
||||
{
|
||||
arguments.append(contentsOf: ["--encrypt-vault-id", id])
|
||||
}
|
||||
|
||||
arguments.append(vaultFilePath)
|
||||
|
||||
logger.trace("Arguments: \(arguments)")
|
||||
|
||||
return (arguments, output ?? "")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
enum VaultClientError: Error {
|
||||
case vaultFileNotFound
|
||||
}
|
||||
Reference in New Issue
Block a user