Merge pull request 'secret fixes' (#572) from Mic92-cli into main

2023-11-29 10:40:22 +00:00
parent f4ad6d1f61 f3b3aba6c5
commit 28d18ee501
4 changed files with 35 additions and 3 deletions
--- a/pkgs/clan-cli/clan_cli/machines/install.py
+++ b/pkgs/clan-cli/clan_cli/machines/install.py
@@ -18,7 +18,13 @@ def install_nixos(machine: Machine) -> None:

    with TemporaryDirectory() as tmpdir_:
        tmpdir = Path(tmpdir_)
-        machine.run_upload_secrets(tmpdir / machine.secrets_upload_directory)
+        upload_dir = machine.secrets_upload_directory
+
+        if upload_dir.startswith("/"):
+            upload_dir = upload_dir[1:]
+        upload_dir = tmpdir / upload_dir
+        upload_dir.mkdir(parents=True)
+        machine.run_upload_secrets(upload_dir)

        subprocess.run(
            nix_shell(
--- a/pkgs/clan-cli/clan_cli/machines/machines.py
+++ b/pkgs/clan-cli/clan_cli/machines/machines.py
@@ -73,7 +73,6 @@ class Machine:
        proc = subprocess.run(
            [self.upload_secrets],
            env=env,
-            stdout=subprocess.PIPE,
            text=True,
        )

--- a/pkgs/clan-cli/clan_cli/secrets/key.py
+++ b/pkgs/clan-cli/clan_cli/secrets/key.py
@@ -1,8 +1,16 @@
 import argparse
+from pathlib import Path

 from .. import tty
 from ..errors import ClanError
-from .sops import default_sops_key_path, generate_private_key, get_public_key
+from .folders import sops_secrets_folder
+from .secrets import collect_keys_for_path, list_secrets
+from .sops import (
+    default_sops_key_path,
+    generate_private_key,
+    get_public_key,
+    update_keys,
+)


 def generate_key() -> str:
@@ -34,6 +42,16 @@ def show_command(args: argparse.Namespace) -> None:
    print(show_key())


+def update_command(args: argparse.Namespace) -> None:
+    flake_dir = Path(args.flake)
+    for name in list_secrets(flake_dir):
+        secret_path = sops_secrets_folder(flake_dir) / name
+        update_keys(
+            secret_path,
+            list(sorted(collect_keys_for_path(secret_path))),
+        )
+
+
 def register_key_parser(parser: argparse.ArgumentParser) -> None:
    subparser = parser.add_subparsers(
        title="command",
@@ -47,3 +65,9 @@ def register_key_parser(parser: argparse.ArgumentParser) -> None:

    parser_show = subparser.add_parser("show", help="show age public key")
    parser_show.set_defaults(func=show_command)
+
+    parser_update = subparser.add_parser(
+        "update",
+        help="re-encrypt all secrets with current keys (useful when changing keys)",
+    )
+    parser_update.set_defaults(func=update_command)
--- a/pkgs/clan-cli/tests/test_ssh_remote.py
+++ b/pkgs/clan-cli/tests/test_ssh_remote.py
@@ -7,6 +7,9 @@ def test_parse_ipv6() -> None:
    host = parse_deployment_address("foo", "[fe80::1%eth0]:2222")
    assert host.host == "fe80::1%eth0"
    assert host.port == 2222
+    host = parse_deployment_address("foo", "[fe80::1%eth0]")
+    assert host.host == "fe80::1%eth0"
+    assert host.port is None


 def test_run(host_group: HostGroup) -> None: