Merge branch 'main' into introduce-git-gateway

* main:
  No longer used
  Fix env validation
  Fix tests
  Fix test
  Extract Kamal::EnvFile
This commit is contained in:
dhh
2023-09-16 11:31:18 -07:00
11 changed files with 156 additions and 133 deletions

View File

@@ -1,5 +1,5 @@
class Kamal::Commands::Traefik < Kamal::Commands::Base
delegate :argumentize, :env_file_with_secrets, :optionize, to: Kamal::Utils
delegate :argumentize, :optionize, to: Kamal::Utils
DEFAULT_IMAGE = "traefik:v2.9"
CONTAINER_PORT = 80
@@ -64,7 +64,7 @@ class Kamal::Commands::Traefik < Kamal::Commands::Base
end
def env_file
env_file_with_secrets config.traefik.fetch("env", {})
Kamal::EnvFile.new(config.traefik.fetch("env", {}))
end
def host_env_file_path

View File

@@ -206,7 +206,7 @@ class Kamal::Configuration
# Will raise KeyError if any secret ENVs are missing
def ensure_env_available
roles.each(&:env_file)
roles.collect(&:env_file).each(&:to_s)
true
end

View File

@@ -1,5 +1,5 @@
class Kamal::Configuration::Accessory
delegate :argumentize, :env_file_with_secrets, :optionize, to: Kamal::Utils
delegate :argumentize, :optionize, to: Kamal::Utils
attr_accessor :name, :specifics
@@ -46,7 +46,7 @@ class Kamal::Configuration::Accessory
end
def env_file
env_file_with_secrets env
Kamal::EnvFile.new(env)
end
def host_env_directory

View File

@@ -1,6 +1,6 @@
class Kamal::Configuration::Role
CORD_FILE = "cord"
delegate :argumentize, :env_file_with_secrets, :optionize, to: Kamal::Utils
delegate :argumentize, :optionize, to: Kamal::Utils
attr_accessor :name
@@ -46,7 +46,7 @@ class Kamal::Configuration::Role
end
def env_file
env_file_with_secrets env
Kamal::EnvFile.new(env)
end
def host_env_directory

41
lib/kamal/env_file.rb Normal file
View File

@@ -0,0 +1,41 @@
# Encode an env hash as a string where secret values have been looked up and all values escaped for Docker.
class Kamal::EnvFile
def initialize(env)
@env = env
end
def to_s
env_file = StringIO.new.tap do |contents|
if (secrets = @env["secret"]).present?
@env.fetch("secret", @env)&.each do |key|
contents << docker_env_file_line(key, ENV.fetch(key))
end
@env["clear"]&.each do |key, value|
contents << docker_env_file_line(key, value)
end
else
@env.fetch("clear", @env)&.each do |key, value|
contents << docker_env_file_line(key, value)
end
end
end.string
# Ensure the file has some contents to avoid the SSHKIT empty file warning
env_file.presence || "\n"
end
alias to_str to_s
private
def docker_env_file_line(key, value)
"#{key.to_s}=#{escape_docker_env_file_value(value)}\n"
end
# Escape a value to make it safe to dump in a docker file.
def escape_docker_env_file_value(value)
# Doublequotes are treated literally in docker env files
# so remove leading and trailing ones and unescape any others
value.to_s.dump[1..-2].gsub(/\\"/, "\"")
end
end

View File

@@ -16,26 +16,6 @@ module Kamal::Utils
end
end
def env_file_with_secrets(env)
env_file = StringIO.new.tap do |contents|
if (secrets = env["secret"]).present?
env.fetch("secret", env)&.each do |key|
contents << docker_env_file_line(key, ENV.fetch(key))
end
env["clear"]&.each do |key, value|
contents << docker_env_file_line(key, value)
end
else
env.fetch("clear", env)&.each do |key, value|
contents << docker_env_file_line(key, value)
end
end
end.string
# Ensure the file has some contents to avoid the SSHKIT empty file warning
env_file.presence || "\n"
end
# Returns a list of shell-dashed option arguments. If the value is true, it's treated like a value-less option.
def optionize(args, with: nil)
options = if with
@@ -78,15 +58,4 @@ module Kamal::Utils
.gsub(/`/, '\\\\`')
.gsub(DOLLAR_SIGN_WITHOUT_SHELL_EXPANSION_REGEX, '\$')
end
# Escape a value to make it safe to dump in a docker file.
def escape_docker_env_file_value(value)
# Doublequotes are treated literally in docker env files
# so remove leading and trailing ones and unescape any others
value.to_s.dump[1..-2].gsub(/\\"/, "\"")
end
def docker_env_file_line(key, value)
"#{key.to_s}=#{escape_docker_env_file_value(value)}\n"
end
end