clan-cli: Add --host-key-check to machine update

2024-10-05 23:33:44 +02:00
parent 8df6ed40b5
commit 7bd50b03b3
4 changed files with 30 additions and 8 deletions
--- a/pkgs/clan-cli/clan_cli/machines/machines.py
+++ b/pkgs/clan-cli/clan_cli/machines/machines.py
@@ -13,7 +13,7 @@ from clan_cli.errors import ClanError
 from clan_cli.facts import public_modules as facts_public_modules
 from clan_cli.facts import secret_modules as facts_secret_modules
 from clan_cli.nix import nix_build, nix_config, nix_eval, nix_metadata
-from clan_cli.ssh import Host, parse_deployment_address
+from clan_cli.ssh import Host, HostKeyCheck, parse_deployment_address
 from clan_cli.vars.public_modules import FactStoreBase
 from clan_cli.vars.secret_modules import SecretStoreBase

@@ -27,6 +27,7 @@ class Machine:
    nix_options: list[str] = field(default_factory=list)
    cached_deployment: None | dict[str, Any] = None
    override_target_host: None | str = None
+    host_key_check: HostKeyCheck = HostKeyCheck.STRICT

    _eval_cache: dict[str, str] = field(default_factory=dict)
    _build_cache: dict[str, Path] = field(default_factory=dict)
@@ -143,7 +144,10 @@ class Machine:
    @property
    def target_host(self) -> Host:
        return parse_deployment_address(
-            self.name, self.target_host_address, meta={"machine": self}
+            self.name,
+            self.target_host_address,
+            self.host_key_check,
+            meta={"machine": self},
        )

    @property
@@ -159,6 +163,7 @@ class Machine:
        return parse_deployment_address(
            self.name,
            build_host,
+            self.host_key_check,
            forward_agent=True,
            meta={"machine": self, "target_host": self.target_host},
        )
--- a/pkgs/clan-cli/clan_cli/machines/update.py
+++ b/pkgs/clan-cli/clan_cli/machines/update.py
@@ -171,6 +171,7 @@ def update(args: argparse.Namespace) -> None:
            name=args.machines[0], flake=args.flake, nix_options=args.option
        )
        machine.override_target_host = args.target_host
+        machine.host_key_check = HostKeyCheck.from_str(args.host_key_check)
        machines.append(machine)

    elif args.target_host is not None:
@@ -187,7 +188,7 @@ def update(args: argparse.Namespace) -> None:
                except ClanError:  # check if we have a build host set
                    ignored_machines.append(machine)
                    continue
-
+                machine.host_key_check = HostKeyCheck.from_str(args.host_key_check)
                machines.append(machine)

            if not machines and ignored_machines != []:
@@ -201,8 +202,8 @@ def update(args: argparse.Namespace) -> None:
        else:
            machines = get_selected_machines(args.flake, args.option, args.machines)

-    group = MachineGroup(machines)
-    deploy_machine(group)
+    host_group = MachineGroup(machines)
+    deploy_machine(host_group)


 def register_update_parser(parser: argparse.ArgumentParser) -> None:
@@ -216,6 +217,12 @@ def register_update_parser(parser: argparse.ArgumentParser) -> None:
    )

    add_dynamic_completer(machines_parser, complete_machines)
+    parser.add_argument(
+        "--host-key-check",
+        choices=["strict", "tofu", "none"],
+        default="strict",
+        help="Host key (.ssh/known_hosts) check mode",
+    )

    parser.add_argument(
        "--target-host",