move secret stores into clan_cli codebase

2024-01-17 18:00:30 +01:00
parent b5a12bc4ba
commit 1d4e533438
14 changed files with 135 additions and 250 deletions
--- a/pkgs/clan-cli/clan_cli/machines/install.py
+++ b/pkgs/clan-cli/clan_cli/machines/install.py
@@ -1,4 +1,5 @@
 import argparse
+import importlib
 from dataclasses import dataclass
 from pathlib import Path
 from tempfile import TemporaryDirectory
@@ -10,6 +11,9 @@ from ..secrets.generate import generate_secrets


 def install_nixos(machine: Machine, kexec: str | None = None) -> None:
+    secrets_module = importlib.import_module(machine.secrets_module)
+    secret_store = secrets_module.SecretStore(machine=machine)
+
    h = machine.host
    target_host = f"{h.user or 'root'}@{h.host}"

@@ -25,7 +29,7 @@ def install_nixos(machine: Machine, kexec: str | None = None) -> None:
            upload_dir = upload_dir[1:]
        upload_dir = tmpdir / upload_dir
        upload_dir.mkdir(parents=True)
-        machine.run_upload_secrets(upload_dir)
+        secret_store.upload(upload_dir)

        cmd = [
            "nixos-anywhere",
--- a/pkgs/clan-cli/clan_cli/machines/machines.py
+++ b/pkgs/clan-cli/clan_cli/machines/machines.py
@@ -1,6 +1,4 @@
 import json
-import os
-import sys
 from pathlib import Path

 from ..cmd import Log, run
@@ -47,8 +45,6 @@ class Machine:
            self.machine_data = machine_data

        self.deployment_address = self.machine_data["deploymentAddress"]
-        self.upload_secrets = self.machine_data["uploadSecrets"]
-        self.generate_secrets = self.machine_data["generateSecrets"]
        self.secrets_module = self.machine_data["secretsModule"]
        self.secrets_data = json.loads(
            Path(self.machine_data["secretsData"]).read_text()
@@ -63,32 +59,6 @@ class Machine:
            self.name, self.deployment_address, meta={"machine": self}
        )

-    def run_upload_secrets(self, secrets_dir: Path) -> bool:
-        """
-        Upload the secrets to the provided directory
-        @secrets_dir: the directory to store the secrets in
-        """
-        env = os.environ.copy()
-        env["CLAN_DIR"] = str(self.flake_dir)
-        env["PYTHONPATH"] = str(
-            ":".join(sys.path)
-        )  # TODO do this in the clanCore module
-        env["SECRETS_DIR"] = str(secrets_dir)
-        print(f"uploading secrets... {self.upload_secrets}")
-        proc = run(
-            [self.upload_secrets],
-            env=env,
-            check=False,
-        )
-
-        if proc.returncode == 23:
-            print("no secrets to upload")
-            return False
-        elif proc.returncode != 0:
-            print("failed generate secrets directory")
-            exit(1)
-        return True
-
    def eval_nix(self, attr: str, refresh: bool = False) -> str:
        """
        eval a nix attribute of the machine