PolicyCommands.php
<?php
namespace Drush\Commands;
use Consolidation\AnnotatedCommand\CommandData;
use Consolidation\AnnotatedCommand\Hooks\HookManager;
use Drush\Attributes as CLI;
use Drush\Commands\core\RsyncCommands;
use Drush\Commands\core\UpdateDBCommands;
use Drush\Commands\sql\SqlSyncCommands;
/**
* Load this commandfile using the --include option - e.g. `drush --include=/path/to/drush/examples`
*
* See [Drush Test Traits](https://github.com/drush-ops/drush/blob/13.x/docs/contribute/unish.md#about-the-test-suites) for info on testing Drush commands.
*/
class PolicyCommands extends DrushCommands
{
/**
* Prevent catastrophic braino. Note that this file has to be local to the
* machine that initiates the sql:sync command.
*
* @throws \Exception
*/
#[CLI\Hook(type: HookManager::ARGUMENT_VALIDATOR, target: SqlSyncCommands::SYNC)]
public function sqlSyncValidate(CommandData $commandData)
{
if ($commandData->input()->getArgument('target') == '@prod') {
throw new \Exception(dt('Per !file, you may never overwrite the production database.', ['!file' => __FILE__]));
}
}
/**
* Limit rsync operations to production site.
*/
#[CLI\Hook(type: HookManager::ARGUMENT_VALIDATOR, target: RsyncCommands::RSYNC)]
public function rsyncValidate(CommandData $commandData)
{
if (preg_match("/^@prod/", $commandData->input()->getArgument('target'))) {
throw new \Exception(dt('Per !file, you may never rsync to the production site.', ['!file' => __FILE__]));
}
}
/**
* Unauthorized may not execute updates.
*/
#[CLI\Hook(type: HookManager::ARGUMENT_VALIDATOR, target: UpdateDBCommands::UPDATEDB)]
public function validateUpdateDb(CommandData $commandData)
{
if (!$commandData->input()->getOption('secret') == 'mysecret') {
throw new \Exception(dt('UpdateDb command requires a secret token per site policy.'));
}
}
#[CLI\Hook(type: HookManager::OPTION_HOOK, target: UpdateDBCommands::UPDATEDB)]
#[CLI\Option(name: 'secret', description: 'A required token else user may not run updatedb command.')]
public function optionsetUpdateDb($options = ['secret' => self::REQ])
{
}
}
Last update:
March 15, 2023
Authors: