Merge branch 'main' into allow-bastion-server

lib/mrsk/cli/accessory.rb

@@ -7,6 +7,7 @@ class Mrsk::Cli::Accessory < Mrsk::Cli::Base
       with_accessory(name) do |accessory|
         directories(name)
         upload(name)
+
         on(accessory.host) do
           execute *MRSK.auditor.record("accessory #{name} boot"), verbosity: :debug
           execute *accessory.run

lib/mrsk/cli/app.rb

@@ -104,11 +104,6 @@ class Mrsk::Cli::App < Mrsk::Cli::Base
     on(MRSK.hosts) { |host| puts_by_host host, capture_with_info(*MRSK.app.list_images) }
   end
 
-  desc "current", "Return the current running container ID"
-  def current
-    on(MRSK.hosts) { |host| puts_by_host host, capture_with_info(*MRSK.app.current_container_id) }
-  end
-
   desc "logs", "Show lines from app on servers"
   option :since, aliases: "-s", desc: "Show logs since timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)"
   option :lines, type: :numeric, aliases: "-n", desc: "Number of log lines to pull from each server"

lib/mrsk/commands/accessory.rb

@@ -39,10 +39,10 @@ class Mrsk::Commands::Accessory < Mrsk::Commands::Base
   end
 
   def follow_logs(grep: nil)
-    run_over_ssh pipe(
-      docker(:logs, service_name, "-t", "-n", "10", "-f", "2>&1"),
-      (%(grep "#{grep}") if grep)
-    ).join(" ")
+    run_over_ssh \
+      pipe \
+        docker(:logs, service_name, "-t", "-n", "10", "-f", "2>&1"),
+        (%(grep "#{grep}") if grep)
   end
 
 
@@ -64,11 +64,11 @@ class Mrsk::Commands::Accessory < Mrsk::Commands::Base
   end
 
   def execute_in_existing_container_over_ssh(*command)
-    run_over_ssh execute_in_existing_container(*command, interactive: true).join(" ")
+    run_over_ssh execute_in_existing_container(*command, interactive: true)
   end
 
   def execute_in_new_container_over_ssh(*command)
-    run_over_ssh execute_in_new_container(*command, interactive: true).join(" ")
+    run_over_ssh execute_in_new_container(*command, interactive: true)
   end
 
   def run_over_ssh(command)

lib/mrsk/commands/app.rb

@@ -6,7 +6,6 @@ class Mrsk::Commands::App < Mrsk::Commands::Base
       "-d",
       "--restart unless-stopped",
       "--name", service_with_version,
-      *rails_master_key_arg,
       *role.env_args,
       *config.volume_args,
       *role.label_args,
@@ -35,11 +34,13 @@ class Mrsk::Commands::App < Mrsk::Commands::Base
   end
 
   def follow_logs(host:, grep: nil)
-    run_over_ssh pipe(
-      current_container_id,
-      "xargs docker logs -t -n 10 -f 2>&1",
-      (%(grep "#{grep}") if grep)
-    ).join(" "), host: host
+    run_over_ssh \
+      pipe(
+        current_container_id,
+        "xargs docker logs -t -n 10 -f 2>&1",
+        (%(grep "#{grep}") if grep)
+      ),
+      host: host
   end
 
 
@@ -54,7 +55,6 @@ class Mrsk::Commands::App < Mrsk::Commands::Base
     docker :run,
       ("-it" if interactive),
       "--rm",
-      *rails_master_key_arg,
       *config.env_args,
       *config.volume_args,
       config.absolute_image,
@@ -62,11 +62,11 @@ class Mrsk::Commands::App < Mrsk::Commands::Base
   end
 
   def execute_in_existing_container_over_ssh(*command, host:)
-    run_over_ssh execute_in_existing_container(*command, interactive: true).join(" "), host: host
+    run_over_ssh execute_in_existing_container(*command, interactive: true), host: host
   end
 
   def execute_in_new_container_over_ssh(*command, host:)
-    run_over_ssh execute_in_new_container(*command, interactive: true).join(" "), host: host
+    run_over_ssh execute_in_new_container(*command, interactive: true), host: host
   end
 
 
@@ -128,12 +128,4 @@ class Mrsk::Commands::App < Mrsk::Commands::Base
     def service_filter
       [ "--filter", "label=service=#{config.service}" ]
     end
-
-    def rails_master_key_arg
-      if master_key = config.master_key
-        [ "-e", redact("RAILS_MASTER_KEY=#{master_key}") ]
-      else
-        []
-      end
-    end
 end

lib/mrsk/commands/base.rb

@@ -8,14 +8,11 @@ module Mrsk::Commands
       @config = config
     end
 
-    def run_over_ssh(command, host:)
-      ssh_command = "ssh"
-
-      if config.ssh_proxy
-        ssh_command << " -J #{config.ssh_proxy.jump_proxies}"
+    def run_over_ssh(*command, host:)
+      "ssh".tap do |cmd|
+        cmd << " -J #{config.ssh_proxy.jump_proxies}" if config.ssh_proxy
+        cmd << " -t #{config.ssh_user}@#{host} '#{command.join(" ")}'"
       end
-
-      ssh_command << " -t #{config.ssh_user}@#{host} '#{command}'"
     end
 
     private

lib/mrsk/configuration.rb

@@ -117,12 +117,6 @@ class Mrsk::Configuration
     { user: ssh_user, proxy: ssh_proxy, auth_methods: [ "publickey" ] }.compact
   end
 
-  def master_key
-    unless raw_config.skip_master_key
-      ENV["RAILS_MASTER_KEY"] || File.read(Pathname.new(File.expand_path("config/master.key")))
-    end
-  end
-
 
   def valid?
     ensure_required_keys_present && ensure_env_available

lib/mrsk/configuration/role.rb

@@ -96,7 +96,12 @@ class Mrsk::Configuration::Role
     def merged_env_with_secrets
       merged_env.tap do |new_env|
         new_env["secret"] = Array(config.env["secret"]) + Array(specialized_env["secret"])
-        new_env["clear"]  = (Array(config.env["clear"] || config.env) + Array(specialized_env["clear"] || specialized_env)).uniq
+
+        # If there's no secret/clear split, everything is clear
+        clear_app_env  = config.env["secret"] ? Array(config.env["clear"]) : Array(config.env["clear"] || config.env)
+        clear_role_env = specialized_env["secret"] ? Array(specialized_env["clear"]) : Array(specialized_env["clear"] || specialized_env)
+
+        new_env["clear"] = (clear_app_env + clear_role_env).uniq
       end
     end
 end