spacebar/kamal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #732 from basecamp/always-send-clear-env

Browse Source 
Always send the clear env to the container
This commit is contained in:
Donal McBreen
2024-03-26 11:01:59 +00:00
committed by GitHub
parent 9f9c9ccbde 5481fbb973
commit 827e18480d
19 changed files with 206 additions and 201 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/kamal/cli/env.rb
View File

@@ -9,20 +9,20 @@ class Kamal::Cli::Env < Kamal::Cli::Base
KAMAL.roles_on(host).each do |role|
execute *KAMAL.app(role: role).make_env_directory
upload! StringIO.new(role.env_file), role.host_env_file_path, mode: 400
upload! role.env.secrets_io, role.env.secrets_file, mode: 400
end
end
on(KAMAL.traefik_hosts) do
execute *KAMAL.traefik.make_env_directory
upload! StringIO.new(KAMAL.traefik.env_file), KAMAL.traefik.host_env_file_path, mode: 400
upload! KAMAL.traefik.env.secrets_io, KAMAL.traefik.env.secrets_file, mode: 400
end
on(KAMAL.accessory_hosts) do
KAMAL.accessories_on(host).each do |accessory|
accessory_config = KAMAL.config.accessory(accessory)
execute *KAMAL.accessory(accessory).make_env_directory
upload! StringIO.new(accessory_config.env_file), accessory_config.host_env_file_path, mode: 400
upload! accessory_config.env.secrets_io, accessory_config.env.secrets_file, mode: 400
end
end
end

4
lib/kamal/commands/accessory.rb
View File

@@ -99,11 +99,11 @@ class Kamal::Commands::Accessory < Kamal::Commands::Base
end
def make_env_directory
make_directory accessory_config.host_env_directory
make_directory accessory_config.env.secrets_directory
end
def remove_env_file
[ :rm, "-f", accessory_config.host_env_file_path ]
[ :rm, "-f", accessory_config.env.secrets_file ]
end
private

4
lib/kamal/commands/app.rb
View File

@@ -68,11 +68,11 @@ class Kamal::Commands::App < Kamal::Commands::Base
def make_env_directory
make_directory role.host_env_directory
make_directory role.env.secrets_directory
end
def remove_env_file
[ :rm, "-f", role.host_env_file_path ]
[ :rm, "-f", role.env.secrets_file ]
end

20
lib/kamal/commands/traefik.rb
View File

@@ -71,20 +71,18 @@ class Kamal::Commands::Traefik < Kamal::Commands::Base
"#{host_port}:#{CONTAINER_PORT}"
end
def env_file
Kamal::EnvFile.new(config.traefik.fetch("env", {}))
end
def host_env_file_path
File.join host_env_directory, "traefik.env"
def env
Kamal::Configuration::Env.from_config \
config: config.traefik.fetch("env", {}),
secrets_file: File.join(config.host_env_directory, "traefik", "traefik.env")
end
def make_env_directory
make_directory(host_env_directory)
make_directory(env.secrets_directory)
end
def remove_env_file
[ :rm, "-f", host_env_file_path ]
[ :rm, "-f", env.secrets_file ]
end
private
@@ -97,11 +95,7 @@ class Kamal::Commands::Traefik < Kamal::Commands::Base
end
def env_args
argumentize "--env-file", host_env_file_path
end
def host_env_directory
File.join config.host_env_directory, "traefik"
env.args
end
def labels

11
lib/kamal/configuration.rb
View File

@@ -6,7 +6,7 @@ require "erb"
require "net/ssh/proxy/jump"
class Kamal::Configuration
delegate :service, :image, :servers, :env, :labels, :registry, :stop_wait_time, :hooks_path, :logging, to: :raw_config, allow_nil: true
delegate :service, :image, :servers, :labels, :registry, :stop_wait_time, :hooks_path, :logging, to: :raw_config, allow_nil: true
delegate :argumentize, :optionize, to: Kamal::Utils
attr_reader :destination, :raw_config
@@ -216,12 +216,17 @@ class Kamal::Configuration
raw_config.hooks_path || ".kamal/hooks"
end
def asset_path
raw_config.asset_path
end
def host_env_directory
"#{run_directory}/env"
end
def asset_path
raw_config.asset_path
def env
raw_config.env || {}
end

22
lib/kamal/configuration/accessory.rb
View File

@@ -42,23 +42,13 @@ class Kamal::Configuration::Accessory
end
def env
specifics["env"] || {}
end
def env_file
Kamal::EnvFile.new(env)
end
def host_env_directory
File.join config.host_env_directory, "accessories"
end
def host_env_file_path
File.join host_env_directory, "#{service_name}.env"
Kamal::Configuration::Env.from_config \
config: specifics.fetch("env", {}),
secrets_file: File.join(config.host_env_directory, "accessories", "#{service_name}.env")
end
def env_args
argumentize "--env-file", host_env_file_path
env.args
end
def files
@@ -111,10 +101,10 @@ class Kamal::Configuration::Accessory
end
def with_clear_env_loaded
(env["clear"] || env).each { |k, v| ENV[k] = v }
env.clear.each { |k, v| ENV[k] = v }
yield
ensure
(env["clear"] || env).each { |k, v| ENV.delete(k) }
env.clear.each { |k, v| ENV.delete(k) }
end
def read_dynamic_file(local_file)

40
lib/kamal/configuration/env.rb Normal file
View File

@@ -0,0 +1,40 @@
class Kamal::Configuration::Env
attr_reader :secrets_keys, :clear, :secrets_file
delegate :argumentize, to: Kamal::Utils
def self.from_config(config:, secrets_file: nil)
secrets_keys = config.fetch("secret", [])
clear = config.fetch("clear", config.key?("secret") ? {} : config)
new clear: clear, secrets_keys: secrets_keys, secrets_file: secrets_file
end
def initialize(clear:, secrets_keys:, secrets_file:)
@clear = clear
@secrets_keys = secrets_keys
@secrets_file = secrets_file
end
def args
[ "--env-file", secrets_file, *argumentize("--env", clear) ]
end
def secrets_io
StringIO.new(Kamal::EnvFile.new(secrets).to_s)
end
def secrets
@secrets ||= secrets_keys.to_h { |key| [ key, ENV.fetch(key) ] }
end
def secrets_directory
File.dirname(secrets_file)
end
def merge(other)
self.class.new \
clear: @clear.merge(other.clear),
secrets_keys: @secrets_keys | other.secrets_keys,
secrets_file: secrets_file
end
end

42
lib/kamal/configuration/role.rb
View File

@@ -51,27 +51,11 @@ class Kamal::Configuration::Role
def env
if config.env && config.env["secret"]
merged_env_with_secrets
else
merged_env
end
end
def env_file
Kamal::EnvFile.new(env)
end
def host_env_directory
File.join config.host_env_directory, "roles"
end
def host_env_file_path
File.join host_env_directory, "#{[ config.service, name, config.destination ].compact.join("-")}.env"
@env ||= base_env.merge(specialized_env)
end
def env_args
argumentize "--env-file", host_env_file_path
env.args
end
def asset_volume_args
@@ -217,7 +201,7 @@ class Kamal::Configuration::Role
end
def traefik_service
[ config.service, name, config.destination ].compact.join("-")
container_prefix
end
def custom_labels
@@ -236,24 +220,14 @@ class Kamal::Configuration::Role
end
def specialized_env
specializations["env"] || {}
end
def merged_env
config.env&.merge(specialized_env) || {}
Kamal::Configuration::Env.from_config config: specializations.fetch("env", {})
end
# Secrets are stored in an array, which won't merge by default, so have to do it by hand.
def merged_env_with_secrets
merged_env.tap do |new_env|
new_env["secret"] = Array(config.env["secret"]) + Array(specialized_env["secret"])
# If there's no secret/clear split, everything is clear
clear_app_env = config.env["secret"] ? Array(config.env["clear"]) : Array(config.env["clear"] || config.env)
clear_role_env = specialized_env["secret"] ? Array(specialized_env["clear"]) : Array(specialized_env["clear"] || specialized_env)
new_env["clear"] = clear_app_env.to_h.merge(clear_role_env.to_h)
end
def base_env
Kamal::Configuration::Env.from_config \
config: config.env,
secrets_file: File.join(config.host_env_directory, "roles", "#{container_prefix}.env")
end
def http_health_check(port:, path:)

14
lib/kamal/env_file.rb
View File

@@ -6,18 +6,8 @@ class Kamal::EnvFile
def to_s
env_file = StringIO.new.tap do |contents|
if (secrets = @env["secret"]).present?
@env.fetch("secret", @env)&.each do |key|
contents << docker_env_file_line(key, ENV.fetch(key))
end
@env["clear"]&.each do |key, value|
contents << docker_env_file_line(key, value)
end
else
@env.fetch("clear", @env)&.each do |key, value|
contents << docker_env_file_line(key, value)
end
@env.each do |key, value|
contents << docker_env_file_line(key, value)
end
end.string