From 30c7e32a3d4c3db6ba3d03e64e2fe7548d475d07 Mon Sep 17 00:00:00 2001 From: Louis Opter Date: Tue, 21 Jan 2025 20:58:36 +0000 Subject: [PATCH] clan-cli: honor clan.core.sops.defaultGroups option in `vars fix` --- pkgs/clan-cli/clan_cli/vars/secret_modules/sops.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/pkgs/clan-cli/clan_cli/vars/secret_modules/sops.py b/pkgs/clan-cli/clan_cli/vars/secret_modules/sops.py index 1eb18e99f..e08b0eb29 100644 --- a/pkgs/clan-cli/clan_cli/vars/secret_modules/sops.py +++ b/pkgs/clan-cli/clan_cli/vars/secret_modules/sops.py @@ -7,15 +7,18 @@ from clan_cli.errors import ClanError from clan_cli.machines.machines import Machine from clan_cli.secrets import sops from clan_cli.secrets.folders import ( + sops_groups_folder, sops_machines_folder, sops_secrets_folder, sops_users_folder, ) from clan_cli.secrets.machines import add_machine, add_secret, has_machine from clan_cli.secrets.secrets import ( + allow_member, collect_keys_for_path, decrypt_secret, encrypt_secret, + groups_folder, has_secret, ) from clan_cli.ssh.upload import upload @@ -284,6 +287,16 @@ class SecretStore(StoreBase): continue secret_path = self.secret_path(generator, file.name) + + for group in self.machine.deployment["sops"]["defaultGroups"]: + allow_member( + groups_folder(secret_path), + sops_groups_folder(self.machine.flake_dir), + group, + # we just want to create missing symlinks, we call update_keys below: + do_update_keys=False, + ) + update_keys( secret_path, collect_keys_for_path(secret_path),