From ac5d421f847689ac1d599bd872012efbcd262928 Mon Sep 17 00:00:00 2001
From: DavHau <d.hauer.it@gmail.com>
Date: Wed, 24 Jul 2024 18:12:19 +0700
Subject: [PATCH] sops/refactor: lay groundwork for secrets with arbitrary
 paths

---
 pkgs/clan-cli/clan_cli/secrets/groups.py   | 20 +++++++++++---------
 pkgs/clan-cli/clan_cli/secrets/machines.py | 11 ++++++++---
 pkgs/clan-cli/clan_cli/secrets/secrets.py  | 20 ++++++++++----------
 pkgs/clan-cli/clan_cli/secrets/users.py    |  8 +++++---
 4 files changed, 34 insertions(+), 25 deletions(-)

diff --git a/pkgs/clan-cli/clan_cli/secrets/groups.py b/pkgs/clan-cli/clan_cli/secrets/groups.py
index 67f637823..654b3dc99 100644
--- a/pkgs/clan-cli/clan_cli/secrets/groups.py
+++ b/pkgs/clan-cli/clan_cli/secrets/groups.py
@@ -49,27 +49,27 @@ class Group:
 
 def list_groups(flake_dir: Path) -> list[Group]:
     groups: list[Group] = []
-    folder = sops_groups_folder(flake_dir)
-    if not folder.exists():
+    groups_dir = sops_groups_folder(flake_dir)
+    if not groups_dir.exists():
         return groups
 
-    for name in os.listdir(folder):
-        group_folder = folder / name
+    for group in os.listdir(groups_dir):
+        group_folder = groups_dir / group
         if not group_folder.is_dir():
             continue
-        machines_path = machines_folder(flake_dir, name)
+        machines_path = machines_folder(flake_dir, group)
         machines = []
         if machines_path.is_dir():
             for f in machines_path.iterdir():
                 if validate_hostname(f.name):
                     machines.append(f.name)
-        users_path = users_folder(flake_dir, name)
+        users_path = users_folder(flake_dir, group)
         users = []
         if users_path.is_dir():
             for f in users_path.iterdir():
                 if VALID_USER_NAME.match(f.name):
                     users.append(f.name)
-        groups.append(Group(flake_dir, name, machines, users))
+        groups.append(Group(flake_dir, group, machines, users))
     return groups
 
 
@@ -204,7 +204,9 @@ def add_group_argument(parser: argparse.ArgumentParser) -> None:
 
 def add_secret(flake_dir: Path, group: str, name: str) -> None:
     secrets.allow_member(
-        secrets.groups_folder(flake_dir, name), sops_groups_folder(flake_dir), group
+        secrets.groups_folder(sops_secrets_folder(flake_dir) / name),
+        sops_groups_folder(flake_dir),
+        group,
     )
 
 
@@ -214,7 +216,7 @@ def add_secret_command(args: argparse.Namespace) -> None:
 
 def remove_secret(flake_dir: Path, group: str, name: str) -> None:
     updated_paths = secrets.disallow_member(
-        secrets.groups_folder(flake_dir, name), group
+        secrets.groups_folder(sops_secrets_folder(flake_dir) / name), group
     )
     commit_files(
         updated_paths,
diff --git a/pkgs/clan-cli/clan_cli/secrets/machines.py b/pkgs/clan-cli/clan_cli/secrets/machines.py
index 9fe41d601..af7543ff3 100644
--- a/pkgs/clan-cli/clan_cli/secrets/machines.py
+++ b/pkgs/clan-cli/clan_cli/secrets/machines.py
@@ -6,7 +6,12 @@ from ..errors import ClanError
 from ..git import commit_files
 from ..machines.types import machine_name_type, validate_hostname
 from . import secrets
-from .folders import list_objects, remove_object, sops_machines_folder
+from .folders import (
+    list_objects,
+    remove_object,
+    sops_machines_folder,
+    sops_secrets_folder,
+)
 from .secrets import update_secrets
 from .sops import read_key, write_key
 from .types import public_or_private_age_key_type, secret_name_type
@@ -56,7 +61,7 @@ def list_machines(flake_dir: Path) -> list[str]:
 
 def add_secret(flake_dir: Path, machine: str, secret: str) -> None:
     paths = secrets.allow_member(
-        secrets.machines_folder(flake_dir, secret),
+        secrets.machines_folder(sops_secrets_folder(flake_dir) / secret),
         sops_machines_folder(flake_dir),
         machine,
     )
@@ -69,7 +74,7 @@ def add_secret(flake_dir: Path, machine: str, secret: str) -> None:
 
 def remove_secret(flake_dir: Path, machine: str, secret: str) -> None:
     updated_paths = secrets.disallow_member(
-        secrets.machines_folder(flake_dir, secret), machine
+        secrets.machines_folder(sops_secrets_folder(flake_dir) / secret), machine
     )
     commit_files(
         updated_paths,
diff --git a/pkgs/clan-cli/clan_cli/secrets/secrets.py b/pkgs/clan-cli/clan_cli/secrets/secrets.py
index fb03f69f9..981907e51 100644
--- a/pkgs/clan-cli/clan_cli/secrets/secrets.py
+++ b/pkgs/clan-cli/clan_cli/secrets/secrets.py
@@ -95,7 +95,7 @@ def encrypt_secret(
     for user in add_users:
         files_to_commit.extend(
             allow_member(
-                users_folder(flake_dir, secret_path.name),
+                users_folder(secret_path),
                 sops_users_folder(flake_dir),
                 user,
                 False,
@@ -105,7 +105,7 @@ def encrypt_secret(
     for machine in add_machines:
         files_to_commit.extend(
             allow_member(
-                machines_folder(flake_dir, secret_path.name),
+                machines_folder(secret_path),
                 sops_machines_folder(flake_dir),
                 machine,
                 False,
@@ -115,7 +115,7 @@ def encrypt_secret(
     for group in add_groups:
         files_to_commit.extend(
             allow_member(
-                groups_folder(flake_dir, secret_path.name),
+                groups_folder(secret_path),
                 sops_groups_folder(flake_dir),
                 group,
                 False,
@@ -128,7 +128,7 @@ def encrypt_secret(
         keys.add(key.pubkey)
         files_to_commit.extend(
             allow_member(
-                users_folder(flake_dir, secret_path.name),
+                users_folder(secret_path),
                 sops_users_folder(flake_dir),
                 key.username,
                 False,
@@ -169,16 +169,16 @@ def add_secret_argument(parser: argparse.ArgumentParser, autocomplete: bool) ->
         add_dynamic_completer(secrets_parser, complete_secrets)
 
 
-def machines_folder(flake_dir: Path, secret: str) -> Path:
-    return sops_secrets_folder(flake_dir) / secret / "machines"
+def machines_folder(secret_path: Path) -> Path:
+    return secret_path / "machines"
 
 
-def users_folder(flake_dir: Path, secret: str) -> Path:
-    return sops_secrets_folder(flake_dir) / secret / "users"
+def users_folder(secret_path: Path) -> Path:
+    return secret_path / "users"
 
 
-def groups_folder(flake_dir: Path, secret: str) -> Path:
-    return sops_secrets_folder(flake_dir) / secret / "groups"
+def groups_folder(secret_path: Path) -> Path:
+    return secret_path / "groups"
 
 
 def list_directory(directory: Path) -> str:
diff --git a/pkgs/clan-cli/clan_cli/secrets/users.py b/pkgs/clan-cli/clan_cli/secrets/users.py
index 57ade40f3..ba40d93b9 100644
--- a/pkgs/clan-cli/clan_cli/secrets/users.py
+++ b/pkgs/clan-cli/clan_cli/secrets/users.py
@@ -9,7 +9,7 @@ from ..completions import (
 from ..errors import ClanError
 from ..git import commit_files
 from . import secrets
-from .folders import list_objects, remove_object, sops_users_folder
+from .folders import list_objects, remove_object, sops_secrets_folder, sops_users_folder
 from .secrets import update_secrets
 from .sops import read_key, write_key
 from .types import (
@@ -63,7 +63,9 @@ def list_users(flake_dir: Path) -> list[str]:
 
 def add_secret(flake_dir: Path, user: str, secret: str) -> None:
     updated_paths = secrets.allow_member(
-        secrets.users_folder(flake_dir, secret), sops_users_folder(flake_dir), user
+        secrets.users_folder(sops_secrets_folder(flake_dir) / secret),
+        sops_users_folder(flake_dir),
+        user,
     )
     commit_files(
         updated_paths,
@@ -74,7 +76,7 @@ def add_secret(flake_dir: Path, user: str, secret: str) -> None:
 
 def remove_secret(flake_dir: Path, user: str, secret: str) -> None:
     updated_paths = secrets.disallow_member(
-        secrets.users_folder(flake_dir, secret), user
+        secrets.users_folder(sops_secrets_folder(flake_dir) / secret), user
     )
     commit_files(
         updated_paths,