vars: introduce ensure_machine_has_access method for sops

this should help avoiding overriding existing shared secrets by not triggering vars regeneration if a machine has no access. wip
2024-11-14 13:17:50 +01:00
parent 609dc90775
commit 2b270a8951
1 changed files with 4 additions and 0 deletions
--- a/pkgs/clan-cli/clan_cli/vars/generate.py
+++ b/pkgs/clan-cli/clan_cli/vars/generate.py
@@ -297,6 +297,10 @@ def _check_can_migrate(
            if machine.secret_vars_store.exists(
                generator_name, fname, vars_generator["share"]
            ):
+                if vars_generator["deploy"]:
+                    machine.secret_vars_store.ensure_machine_has_access(
+                        generator_name, fname, vars_generator["share"]
+                    )
                return False
        else:
            if machine.public_vars_store.exists(