Merge pull request 'clan-cli: Fix passwordstore clan facts generate requiring CTRL+D for every secret' (#1573) from Qubasa/clan-core:Qubasa-main into main
This commit is contained in:
clan-bot
@@ -2,7 +2,6 @@ import os
|
|||||||
import subprocess
|
import subprocess
|
||||||
from pathlib import Path
|
from pathlib import Path
|
||||||
|
|
||||||
from clan_cli.cmd import Log, run
|
|
||||||
from clan_cli.machines.machines import Machine
|
from clan_cli.machines.machines import Machine
|
||||||
from clan_cli.nix import nix_shell
|
from clan_cli.nix import nix_shell
|
||||||
|
|
||||||
@@ -16,25 +15,25 @@ class SecretStore(SecretStoreBase):
|
|||||||
def set(
|
def set(
|
||||||
self, service: str, name: str, value: bytes, groups: list[str]
|
self, service: str, name: str, value: bytes, groups: list[str]
|
||||||
) -> Path | None:
|
) -> Path | None:
|
||||||
run(
|
subprocess.run(
|
||||||
nix_shell(
|
nix_shell(
|
||||||
["nixpkgs#pass"],
|
["nixpkgs#pass"],
|
||||||
["pass", "insert", "-m", f"machines/{self.machine.name}/{name}"],
|
["pass", "insert", "-m", f"machines/{self.machine.name}/{name}"],
|
||||||
),
|
),
|
||||||
input=value,
|
input=value,
|
||||||
log=Log.BOTH,
|
check=True,
|
||||||
error_msg=f"Failed to insert secret {name}",
|
|
||||||
)
|
)
|
||||||
return None # we manage the files outside of the git repo
|
return None # we manage the files outside of the git repo
|
||||||
|
|
||||||
def get(self, service: str, name: str) -> bytes:
|
def get(self, service: str, name: str) -> bytes:
|
||||||
return run(
|
return subprocess.run(
|
||||||
nix_shell(
|
nix_shell(
|
||||||
["nixpkgs#pass"],
|
["nixpkgs#pass"],
|
||||||
["pass", "show", f"machines/{self.machine.name}/{name}"],
|
["pass", "show", f"machines/{self.machine.name}/{name}"],
|
||||||
),
|
),
|
||||||
error_msg=f"Failed to get secret {name}",
|
check=True,
|
||||||
).stdout.encode("utf-8")
|
stdout=subprocess.PIPE,
|
||||||
|
).stdout
|
||||||
|
|
||||||
def exists(self, service: str, name: str) -> bool:
|
def exists(self, service: str, name: str) -> bool:
|
||||||
password_store = os.environ.get(
|
password_store = os.environ.get(
|
||||||
@@ -49,7 +48,7 @@ class SecretStore(SecretStoreBase):
|
|||||||
)
|
)
|
||||||
hashes = []
|
hashes = []
|
||||||
hashes.append(
|
hashes.append(
|
||||||
run(
|
subprocess.run(
|
||||||
nix_shell(
|
nix_shell(
|
||||||
["nixpkgs#git"],
|
["nixpkgs#git"],
|
||||||
[
|
[
|
||||||
@@ -62,15 +61,13 @@ class SecretStore(SecretStoreBase):
|
|||||||
f"machines/{self.machine.name}",
|
f"machines/{self.machine.name}",
|
||||||
],
|
],
|
||||||
),
|
),
|
||||||
check=False,
|
stdout=subprocess.PIPE,
|
||||||
)
|
).stdout.strip()
|
||||||
.stdout.encode("utf-8")
|
|
||||||
.strip()
|
|
||||||
)
|
)
|
||||||
for symlink in Path(password_store).glob(f"machines/{self.machine.name}/**/*"):
|
for symlink in Path(password_store).glob(f"machines/{self.machine.name}/**/*"):
|
||||||
if symlink.is_symlink():
|
if symlink.is_symlink():
|
||||||
hashes.append(
|
hashes.append(
|
||||||
run(
|
subprocess.run(
|
||||||
nix_shell(
|
nix_shell(
|
||||||
["nixpkgs#git"],
|
["nixpkgs#git"],
|
||||||
[
|
[
|
||||||
@@ -83,10 +80,8 @@ class SecretStore(SecretStoreBase):
|
|||||||
str(symlink),
|
str(symlink),
|
||||||
],
|
],
|
||||||
),
|
),
|
||||||
check=False,
|
stdout=subprocess.PIPE,
|
||||||
)
|
).stdout.strip()
|
||||||
.stdout.encode("utf-8")
|
|
||||||
.strip()
|
|
||||||
)
|
)
|
||||||
|
|
||||||
# we sort the hashes to make sure that the order is always the same
|
# we sort the hashes to make sure that the order is always the same
|
||||||
|
|||||||
Reference in New Issue
Block a user