lib/mongoid/tasks/encryption.rake
# frozen_string_literal: true
require 'optparse'
def parse_data_key_options(argv = ARGV)
# The only way to use OptionParser to parse custom options in rake is
# to pass an empty argument ("--") before specifying them, e.g.:
#
# rake db:mongoid:encryption:create_data_key -- --client default
#
# Otherwise, rake complains about an unknown option. Thus, we can tell
# if the argument list is valid for us to parse by detecting this empty
# argument.
#
# (This works around an issue in the tests, where the specs are loading
# the tasks directly to test them, but the option parser is then picking
# up rspec command-line arguments and raising an exception).
return {} unless argv.include?('--')
{}.tap do |options|
parser = OptionParser.new do |opts|
opts.on('-c', '--client CLIENT', 'Name of the client to use') do |v|
options[:client_name] = v
end
opts.on('-p', '--provider PROVIDER', 'KMS provider to use') do |v|
options[:kms_provider_name] = v
end
opts.on('-n', '--key-alt-name KEY_ALT_NAME', 'Alternate name for the key') do |v|
options[:key_alt_name] = v
end
end
# rubocop:disable Lint/EmptyBlock
parser.parse!(parser.order!(argv) {})
# rubocop:enable Lint/EmptyBlock
end
end
namespace :db do
namespace :mongoid do
namespace :encryption do
desc 'Create encryption key'
task create_data_key: [ :environment ] do
options = parse_data_key_options
result = Mongoid::Tasks::Encryption.create_data_key(
client_name: options[:client_name],
kms_provider_name: options[:kms_provider_name],
key_alt_name: options[:key_alt_name]
)
output = [].tap do |lines|
lines << "Created data key with id: '#{result[:key_id]}'"
lines << "with key alt name: '#{result[:key_alt_name]}'" if result[:key_alt_name]
lines << "for kms provider: '#{result[:kms_provider]}'"
lines << "in key vault: '#{result[:key_vault_namespace]}'."
end
puts output.join(' ')
end
end
end
end