Sign upLogin

intuit/heirloom

View on GitHub
Star
lib/heirloom/cli/rotate.rb

Summary

Maintainability
A
1 hr
Test Coverage
module Heirloom
  module CLI
    class Rotate

      include Heirloom::CLI::Shared

      def self.command_summary
        'Rotate keys for an Heirloom'
      end

      def initialize
        @opts = read_options
        @logger = HeirloomLogger.new :log_level => @opts[:level]
        @config = load_config :logger => @logger,
                              :opts   => @opts

        ensure_valid_options :provided => @opts,
                             :required => [:name, :id, :old_secret, :new_secret],
                             :config   => @config

        @catalog = Heirloom::Catalog.new :name   => @opts[:name],
                                         :config => @config

        @archive = Archive.new :name   => @opts[:name],
                               :config => @config,
                               :id     => @opts[:id]

        unless @opts[:bucket_prefix]
          ensure_archive_exists :archive => @archive,
                                :config  => @config
        end

        # Lookup upload regions, metadata region, and bucket_prefix from simpledb unless specified
        @opts[:regions]       ||= @catalog.regions
        @opts[:region]        ||= @catalog.regions.first
        @opts[:bucket_prefix] ||= @catalog.bucket_prefix
      end

      def rotate
        @archive.rotate @opts
      rescue Heirloom::Exceptions::RotateFailed => e
        @config.logger.error e.message
        exit 1
      end

      private

      def read_options
        Trollop::options do
          version Heirloom::VERSION
          banner <<-EOS

#{Rotate.command_summary}.  

Will download the heirloom to temp directory, decrypt, encrypt, and upload, replacing original.

Usage:

heirloom rotate -n NAME -i ID --new-secret MY_NEW_SECRET --old-secret MY_OLD_SECRET

To rotate Heirloom without looking up details in SimpleDB, specify region (-r) and bucket_prefix (-b) options.

EOS
          opt :bucket_prefix, "Bucket prefix of the Heirloom to download.", :type => :string
          opt :help, "Display Help"
          opt :id, "ID of the Heirloom to rotate.", :type => :string
          opt :level, "Log level [debug|info|warn|error].", :type    => :string,
                                                            :default => 'info'
          opt :metadata_region, "AWS region to store Heirloom metadata.", :type    => :string
          opt :name, "Name of Heirloom.", :type => :string
          opt :region, "Region to download Heirloom.", :type    => :string,
                                                       :default => 'us-west-1'
          opt :new_secret, "New Secret for encrypted Heirloom.", :type => :string,
                                                                 :short => :none
          opt :old_secret, "Old secret for encrypted Heirloom.", :type => :string,
                                                                 :short => :none
          opt :aws_access_key, "AWS Access Key ID", :type => :string, 
                                                    :short => :none
          opt :aws_secret_key, "AWS Secret Access Key", :type => :string, 
                                                        :short => :none
          opt :environment, "Environment (defined in heirloom config)", :type => :string
        end
      end
    end
  end
end