yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request 'secret fixes' (#572) from Mic92-cli into main

Browse Source
This commit is contained in:
clan-bot
2023-11-29 10:40:22 +00:00
parent f4ad6d1f61 f3b3aba6c5
commit 28d18ee501
4 changed files with 35 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pkgs/clan-cli/clan_cli/machines/install.py
View File

@@ -18,7 +18,13 @@ def install_nixos(machine: Machine) -> None:
with TemporaryDirectory() as tmpdir_: with TemporaryDirectory() as tmpdir_:
tmpdir = Path(tmpdir_) tmpdir = Path(tmpdir_)
machine.run_upload_secrets(tmpdir / machine.secrets_upload_directory) upload_dir = machine.secrets_upload_directory
if upload_dir.startswith("/"):
upload_dir = upload_dir[1:]
upload_dir = tmpdir / upload_dir
upload_dir.mkdir(parents=True)
machine.run_upload_secrets(upload_dir)
subprocess.run( subprocess.run(
nix_shell( nix_shell(

1
pkgs/clan-cli/clan_cli/machines/machines.py
View File

@@ -73,7 +73,6 @@ class Machine:
proc = subprocess.run( proc = subprocess.run(
[self.upload_secrets], [self.upload_secrets],
env=env, env=env,
stdout=subprocess.PIPE,
text=True, text=True,
) )

26
pkgs/clan-cli/clan_cli/secrets/key.py
View File

@@ -1,8 +1,16 @@
import argparse import argparse
from pathlib import Path
from .. import tty from .. import tty
from ..errors import ClanError from ..errors import ClanError
from .sops import default_sops_key_path, generate_private_key, get_public_key from .folders import sops_secrets_folder
from .secrets import collect_keys_for_path, list_secrets
from .sops import (
default_sops_key_path,
generate_private_key,
get_public_key,
update_keys,
)
def generate_key() -> str: def generate_key() -> str:
@@ -34,6 +42,16 @@ def show_command(args: argparse.Namespace) -> None:
print(show_key()) print(show_key())
def update_command(args: argparse.Namespace) -> None:
flake_dir = Path(args.flake)
for name in list_secrets(flake_dir):
secret_path = sops_secrets_folder(flake_dir) / name
update_keys(
secret_path,
list(sorted(collect_keys_for_path(secret_path))),
)
def register_key_parser(parser: argparse.ArgumentParser) -> None: def register_key_parser(parser: argparse.ArgumentParser) -> None:
subparser = parser.add_subparsers( subparser = parser.add_subparsers(
title="command", title="command",
@@ -47,3 +65,9 @@ def register_key_parser(parser: argparse.ArgumentParser) -> None:
parser_show = subparser.add_parser("show", help="show age public key") parser_show = subparser.add_parser("show", help="show age public key")
parser_show.set_defaults(func=show_command) parser_show.set_defaults(func=show_command)
parser_update = subparser.add_parser(
"update",
help="re-encrypt all secrets with current keys (useful when changing keys)",
)
parser_update.set_defaults(func=update_command)

3
pkgs/clan-cli/tests/test_ssh_remote.py
View File

@@ -7,6 +7,9 @@ def test_parse_ipv6() -> None:
host = parse_deployment_address("foo", "[fe80::1%eth0]:2222") host = parse_deployment_address("foo", "[fe80::1%eth0]:2222")
assert host.host == "fe80::1%eth0" assert host.host == "fe80::1%eth0"
assert host.port == 2222 assert host.port == 2222
host = parse_deployment_address("foo", "[fe80::1%eth0]")
assert host.host == "fe80::1%eth0"
assert host.port is None
def test_run(host_group: HostGroup) -> None: def test_run(host_group: HostGroup) -> None: