yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request 'fix vars migration prompts. add secretsForUsers to vars interface and implement that for pass' (#2551) from lassulus/clan-core:vars-stuff into main

Browse Source
This commit is contained in:
clan-bot
2024-12-04 09:03:24 +00:00
parent 15458c33ba 4b63296d5f
commit 1511b14b3c
8 changed files with 128 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
pkgs/clan-cli/clan_cli/vars/generate.py
View File

@@ -233,15 +233,12 @@ def execute_generator(
def _ask_prompts(
generators: list[Generator],
) -> dict[str, dict[str, str]]:
prompt_values: dict[str, dict[str, str]] = {}
for generator in generators:
for prompt in generator.prompts:
if generator.name not in prompt_values:
prompt_values[generator.name] = {}
var_id = f"{generator.name}/{prompt.name}"
prompt_values[generator.name][prompt.name] = ask(var_id, prompt.prompt_type)
generator: Generator,
) -> dict[str, str]:
prompt_values: dict[str, str] = {}
for prompt in generator.prompts:
var_id = f"{generator.name}/{prompt.name}"
prompt_values[prompt.name] = ask(var_id, prompt.prompt_type)
return prompt_values
@@ -422,17 +419,16 @@ def generate_vars_for_machine(
closure = get_closure(machine, generator_name, regenerate)
if len(closure) == 0:
return False
prompt_values = _ask_prompts(closure)
for generator in closure:
if _check_can_migrate(machine, generator):
_migrate_files(machine, generator)
else:
execute_generator(
machine,
generator,
machine.secret_vars_store,
machine.public_vars_store,
prompt_values.get(generator.name, {}),
machine=machine,
generator=generator,
secret_vars_store=machine.secret_vars_store,
public_vars_store=machine.public_vars_store,
prompt_values=_ask_prompts(generator),
)
# flush caches to make sure the new secrets are available in evaluation
machine.flush_caches()
@@ -464,7 +460,7 @@ def generate_vars(
raise ClanError(msg) from errors[0][1]
if not was_regenerated and len(machines) > 0:
machine.info("All vars are already up to date")
log.info("All vars are already up to date")
return was_regenerated

11
pkgs/clan-cli/clan_cli/vars/secret_modules/password_store.py
View File

@@ -150,7 +150,10 @@ class SecretStore(SecretStoreBase):
return local_hash.decode() != remote_hash
def populate_dir(self, output_dir: Path) -> None:
with tarfile.open(output_dir / "secrets.tar.gz", "w:gz") as tar:
with (
tarfile.open(output_dir / "secrets.tar.gz", "w:gz") as tar,
tarfile.open(output_dir / "secrets_for_users.tar.gz", "w:gz") as user_tar,
):
for generator in self.machine.vars_generators:
dir_exists = False
for file in generator.files:
@@ -170,7 +173,10 @@ class SecretStore(SecretStoreBase):
tar_file.mode = 0o440
tar_file.uname = file.owner
tar_file.gname = file.group
tar.addfile(tarinfo=tar_file, fileobj=io.BytesIO(content))
if file.needed_for_users:
user_tar.addfile(tarinfo=tar_file, fileobj=io.BytesIO(content))
else:
tar.addfile(tarinfo=tar_file, fileobj=io.BytesIO(content))
(output_dir / ".pass_info").write_bytes(self.generate_hash())
def upload(self) -> None:
@@ -179,6 +185,7 @@ class SecretStore(SecretStoreBase):
return
with TemporaryDirectory(prefix="vars-upload-") as tempdir:
pass_dir = Path(tempdir)
self.populate_dir(pass_dir)
upload_dir = Path(
self.machine.deployment["password-store"]["secretLocation"]
)

2
pkgs/clan-cli/clan_cli/vars/var.py
View File

@@ -15,6 +15,7 @@ class Var:
deploy: bool = False
owner: str = "root"
group: str = "root"
needed_for_users: bool = False
# TODO: those shouldn't be set here
_store: "StoreBase | None" = None
@@ -74,4 +75,5 @@ class Var:
deploy=data["deploy"],
owner=data.get("owner", "root"),
group=data.get("group", "root"),
needed_for_users=data.get("neededForUsers", False),
)