require_relative "../errors" require_relative "./validation" class MuchKeys::CLI::Validator def self.validate_primary_mode_option(options) raise MuchKeys::CLIOptionsError, primary_mode_error_message unless options_has_one_mode?(options) end def self.validate_encrypt_options(options) validation = MuchKeys::CLI::Validation.new if !options[:file] || !options[:public_key] validation.errors << "--decrypt needs the --file and --public_key set." end validation end def self.validate_decrypt_options(options) validation = MuchKeys::CLI::Validation.new if options[:consul_key] && options[:public_key] && options[:private_key] validate_automatic_certificate(validation, options) else validation.errors << "--decrypt needs the --consul_key, --public_key and --private_key set." end validation end def self.validate_automatic_certificate(chained_validation, options) # i won't mutate chained_validation on principle validation = MuchKeys::CLI::Validation.new validation.errors = chained_validation.errors.dup key_name = options[:consul_key] if !secret_adapter.auto_certificates_exist_for_key?(key_name) certfile_expected = secret_adapter.certfile_name(key_name) validation.errors << "--decrypt needs the --public_key option passed or a PEM file needs to be at #{certfile_expected}." if !options[:public_key] validation.errors << "--decrypt needs the --private_key option passed or a PEM file needs to be at #{certfile_expected}." if !options[:private_key] end validation end def self.validate_plain_options(options) validation = MuchKeys::CLI::Validation.new if !options[:consul_key] validation.errors << "--plain needs the --consul_key option passed." end validation end def self.options_has_one_mode?(options) [ options[:encrypt], options[:decrypt], options[:plain] ].count(true) == 1 end def self.primary_mode_error_message "You must pass only one and at least one of the following flags: --encrypt, --decrypt, or --plain" end def self.secret_adapter MuchKeys::Secret end end