yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

sops: refactor some function names for clarity

Browse Source
This commit is contained in:
DavHau
2024-10-02 13:56:43 +02:00
parent e5b7e2773d
commit 1f1be62c60
4 changed files with 18 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pkgs/clan-cli/clan_cli/secrets/key.py
View File

@@ -6,7 +6,7 @@ from clan_cli.errors import ClanError
from clan_cli.git import commit_files from clan_cli.git import commit_files
from .secrets import update_secrets from .secrets import update_secrets
from .sops import default_sops_key_path, generate_private_key, get_public_key from .sops import default_admin_key_path, generate_private_key, get_public_key
log = logging.getLogger(__name__) log = logging.getLogger(__name__)
@@ -34,19 +34,19 @@ def extract_public_key(filepath: Path) -> str:
def generate_key() -> str: def generate_key() -> str:
path = default_sops_key_path() path = default_admin_key_path()
if path.exists(): if path.exists():
log.info(f"Key already exists at {path}") log.info(f"Key already exists at {path}")
return extract_public_key(path) return extract_public_key(path)
priv_key, pub_key = generate_private_key(out_file=path) priv_key, pub_key = generate_private_key(out_file=path)
log.info( log.info(
f"Generated age private key at '{default_sops_key_path()}' for your user. Please back it up on a secure location or you will lose access to your secrets." f"Generated age private key at '{default_admin_key_path()}' for your user. Please back it up on a secure location or you will lose access to your secrets."
) )
return pub_key return pub_key
def show_key() -> str: def show_key() -> str:
return get_public_key(default_sops_key_path().read_text()) return get_public_key(default_admin_key_path().read_text())
def generate_command(args: argparse.Namespace) -> None: def generate_command(args: argparse.Namespace) -> None:

10
pkgs/clan-cli/clan_cli/secrets/machines.py
View File

@@ -22,13 +22,13 @@ from .sops import read_key, write_key
from .types import public_or_private_age_key_type, secret_name_type from .types import public_or_private_age_key_type, secret_name_type
def add_machine(flake_dir: Path, machine: str, key: str, force: bool) -> None: def add_machine(flake_dir: Path, machine: str, pubkey: str, force: bool) -> None:
path = sops_machines_folder(flake_dir) / machine machine_path = sops_machines_folder(flake_dir) / machine
write_key(path, key, force) write_key(machine_path, pubkey, force)
paths = [path] paths = [machine_path]
def filter_machine_secrets(secret: Path) -> bool: def filter_machine_secrets(secret: Path) -> bool:
return secret.joinpath("machines", machine).exists() return (secret / "machines" / machine).exists()
paths.extend(update_secrets(flake_dir, filter_secrets=filter_machine_secrets)) paths.extend(update_secrets(flake_dir, filter_secrets=filter_machine_secrets))
commit_files( commit_files(

6
pkgs/clan-cli/clan_cli/secrets/secrets.py
View File

@@ -27,7 +27,7 @@ from .folders import (
sops_secrets_folder, sops_secrets_folder,
sops_users_folder, sops_users_folder,
) )
from .sops import decrypt_file, encrypt_file, ensure_sops_key, read_key, update_keys from .sops import decrypt_file, encrypt_file, ensure_admin_key, read_key, update_keys
from .types import VALID_SECRET_NAME, secret_name_type from .types import VALID_SECRET_NAME, secret_name_type
@@ -96,7 +96,7 @@ def encrypt_secret(
add_machines = [] add_machines = []
if add_users is None: if add_users is None:
add_users = [] add_users = []
key = ensure_sops_key(flake_dir) key = ensure_admin_key(flake_dir)
recipient_keys = set() recipient_keys = set()
files_to_commit = [] files_to_commit = []
@@ -293,7 +293,7 @@ def list_command(args: argparse.Namespace) -> None:
def decrypt_secret(flake_dir: Path, secret_path: Path) -> str: def decrypt_secret(flake_dir: Path, secret_path: Path) -> str:
ensure_sops_key(flake_dir) ensure_admin_key(flake_dir)
path = secret_path / "secret" path = secret_path / "secret"
if not path.exists(): if not path.exists():
msg = f"Secret '{secret_path!s}' does not exist" msg = f"Secret '{secret_path!s}' does not exist"

12
pkgs/clan-cli/clan_cli/secrets/sops.py
View File

@@ -103,7 +103,7 @@ def ensure_user_or_machine(flake_dir: Path, pub_key: str) -> SopsKey:
return key return key
def default_sops_key_path() -> Path: def default_admin_key_path() -> Path:
raw_path = os.environ.get("SOPS_AGE_KEY_FILE") raw_path = os.environ.get("SOPS_AGE_KEY_FILE")
if raw_path: if raw_path:
return Path(raw_path) return Path(raw_path)
@@ -111,11 +111,11 @@ def default_sops_key_path() -> Path:
@API.register @API.register
def maybe_get_public_key() -> str | None: def maybe_get_admin_public_key() -> str | None:
key = os.environ.get("SOPS_AGE_KEY") key = os.environ.get("SOPS_AGE_KEY")
if key: if key:
return get_public_key(key) return get_public_key(key)
path = default_sops_key_path() path = default_admin_key_path()
if path.exists(): if path.exists():
return get_public_key(path.read_text()) return get_public_key(path.read_text())
@@ -123,14 +123,14 @@ def maybe_get_public_key() -> str | None:
def maybe_get_sops_key(flake_dir: Path) -> SopsKey | None: def maybe_get_sops_key(flake_dir: Path) -> SopsKey | None:
pub_key = maybe_get_public_key() pub_key = maybe_get_admin_public_key()
if pub_key: if pub_key:
return maybe_get_user_or_machine(flake_dir, pub_key) return maybe_get_user_or_machine(flake_dir, pub_key)
return None return None
def ensure_sops_key(flake_dir: Path) -> SopsKey: def ensure_admin_key(flake_dir: Path) -> SopsKey:
pub_key = maybe_get_public_key() pub_key = maybe_get_admin_public_key()
if not pub_key: if not pub_key:
msg = "No sops key found. Please generate one with 'clan secrets key generate'." msg = "No sops key found. Please generate one with 'clan secrets key generate'."
raise ClanError(msg) raise ClanError(msg)