werf/werf

package secret

import (
    "context"
    "fmt"
    "strings"

    "github.com/spf13/cobra"

    "github.com/werf/werf/cmd/werf/common"
    "github.com/werf/werf/cmd/werf/docs/replacers/helm"
    secret_common "github.com/werf/werf/cmd/werf/helm/secret/common"
    "github.com/werf/werf/pkg/deploy/secrets_manager"
    "github.com/werf/werf/pkg/git_repo"
    "github.com/werf/werf/pkg/git_repo/gitdata"
    "github.com/werf/werf/pkg/werf"
)

var CmdData struct {
    OutputFilePath string
}

var commonCmdData common.CmdData

func NewCmd(ctx context.Context) *cobra.Command {
    ctx = common.NewContextWithCmdData(ctx, &commonCmdData)
    cmd := common.SetCommandContext(ctx, &cobra.Command{
        Use:                   "decrypt [FILE_PATH]",
        DisableFlagsInUseLine: true,
        Short:                 "Decrypt secret file data",
        Long:                  common.GetLongCommandDescription(helm.GetHelmSecretFileDecryptDocs().Long),
        Example: `  # Decrypt secret file
  $ werf helm secret file decrypt .helm/secret/privacy

  # Decrypt from a pipe
  $ cat .helm/secret/date | werf helm secret decrypt
  Tue Jun 26 09:58:10 PDT 1990`,
        Annotations: map[string]string{
            common.CmdEnvAnno: common.EnvsDescription(common.WerfSecretKey),
            common.DocsLongMD: helm.GetHelmSecretFileDecryptDocs().LongMD,
        },
        RunE: func(cmd *cobra.Command, args []string) error {
            ctx := cmd.Context()

            if err := common.ProcessLogOptions(&commonCmdData); err != nil {
                common.PrintHelp(cmd)
                return err
            }

            var filePath string

            if len(args) > 0 {
                filePath = args[0]
            }

            if err := runSecretDecrypt(ctx, filePath); err != nil {
                if strings.HasSuffix(err.Error(), secret_common.ExpectedFilePathOrPipeError().Error()) {
                    common.PrintHelp(cmd)
                }

                return err
            }

            return nil
        },
    })

    common.SetupDir(&commonCmdData, cmd)
    common.SetupTmpDir(&commonCmdData, cmd, common.SetupTmpDirOptions{})
    common.SetupHomeDir(&commonCmdData, cmd, common.SetupHomeDirOptions{})

    common.SetupGiterminismOptions(&commonCmdData, cmd)

    common.SetupLogOptions(&commonCmdData, cmd)

    cmd.Flags().StringVarP(&CmdData.OutputFilePath, "output-file-path", "o", "", "Write to file instead of stdout")

    return cmd
}

func runSecretDecrypt(ctx context.Context, filePath string) error {
    if err := werf.Init(*commonCmdData.TmpDir, *commonCmdData.HomeDir); err != nil {
        return fmt.Errorf("initialization error: %w", err)
    }

    gitDataManager, err := gitdata.GetHostGitDataManager(ctx)
    if err != nil {
        return fmt.Errorf("error getting host git data manager: %w", err)
    }

    if err := git_repo.Init(gitDataManager); err != nil {
        return err
    }

    workingDir := common.GetWorkingDir(&commonCmdData)

    return secret_common.SecretFileDecrypt(ctx, secrets_manager.NewSecretsManager(secrets_manager.SecretsManagerOptions{}), workingDir, filePath, CmdData.OutputFilePath)
}