yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request 'add secret api for machines/users/secrets' (#111) from Mic92-mic92 into main

Browse Source
This commit is contained in:
clan-bot
2023-08-09 12:50:42 +00:00
parent 0bef07e0c3 6c169b0bed
commit 7f918437bc
4 changed files with 66 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pkgs/clan-cli/clan_cli/secrets/folders.py
View File

@@ -24,12 +24,14 @@ sops_machines_folder = gen_sops_subfolder("machines")
sops_groups_folder = gen_sops_subfolder("groups") sops_groups_folder = gen_sops_subfolder("groups")
def list_objects(path: Path, is_valid: Callable[[str], bool]) -> None: def list_objects(path: Path, is_valid: Callable[[str], bool]) -> list[str]:
objs: list[str] = []
if not path.exists(): if not path.exists():
return return objs
for f in os.listdir(path): for f in os.listdir(path):
if is_valid(f): if is_valid(f):
print(f) objs.append(f)
return objs
def remove_object(path: Path, name: str) -> None: def remove_object(path: Path, name: str) -> None:

40
pkgs/clan-cli/clan_cli/secrets/machines.py
View File

@@ -11,26 +11,48 @@ from .types import (
) )
def list_command(args: argparse.Namespace) -> None: def add_machine(name: str, key: str, force: bool) -> None:
list_objects(sops_machines_folder(), lambda x: validate_hostname(x)) write_key(sops_machines_folder() / name, key, force)
def add_command(args: argparse.Namespace) -> None: def remove_machine(name: str) -> None:
write_key(sops_machines_folder() / args.machine, args.key, args.force) remove_object(sops_machines_folder(), name)
def remove_command(args: argparse.Namespace) -> None: def list_machines() -> list[str]:
remove_object(sops_machines_folder(), args.machine) return list_objects(sops_machines_folder(), lambda x: validate_hostname(x))
def add_secret_command(args: argparse.Namespace) -> None: def add_secret(machine: str, secret: str) -> None:
secrets.allow_member( secrets.allow_member(
secrets.machines_folder(args.secret), sops_machines_folder(), args.machine secrets.machines_folder(secret), sops_machines_folder(), machine
) )
def remove_secret(machine: str, secret: str) -> None:
secrets.disallow_member(secrets.machines_folder(secret), machine)
def list_command(args: argparse.Namespace) -> None:
lst = list_machines()
if len(lst) > 0:
print("\n".join(lst))
def add_command(args: argparse.Namespace) -> None:
add_machine(args.machine, args.key, args.force)
def remove_command(args: argparse.Namespace) -> None:
remove_machine(args.machine)
def add_secret_command(args: argparse.Namespace) -> None:
add_secret(args.machine, args.secret)
def remove_secret_command(args: argparse.Namespace) -> None: def remove_secret_command(args: argparse.Namespace) -> None:
secrets.disallow_member(secrets.machines_folder(args.secret), args.machine) remove_secret(args.machine, args.secret)
def register_machines_parser(parser: argparse.ArgumentParser) -> None: def register_machines_parser(parser: argparse.ArgumentParser) -> None:

17
pkgs/clan-cli/clan_cli/secrets/secrets.py
View File

@@ -84,14 +84,17 @@ def encrypt_secret(
encrypt_file(secret / "secret", value, list(sorted(keys))) encrypt_file(secret / "secret", value, list(sorted(keys)))
def remove_command(args: argparse.Namespace) -> None: def remove_secret(secret: str) -> None:
secret: str = args.secret
path = sops_secrets_folder() / secret path = sops_secrets_folder() / secret
if not path.exists(): if not path.exists():
raise ClanError(f"Secret '{secret}' does not exist") raise ClanError(f"Secret '{secret}' does not exist")
shutil.rmtree(path) shutil.rmtree(path)
def remove_command(args: argparse.Namespace) -> None:
remove_secret(args.secret)
def add_secret_argument(parser: argparse.ArgumentParser) -> None: def add_secret_argument(parser: argparse.ArgumentParser) -> None:
parser.add_argument("secret", help="the name of the secret", type=secret_name_type) parser.add_argument("secret", help="the name of the secret", type=secret_name_type)
@@ -168,12 +171,18 @@ def disallow_member(group_folder: Path, name: str) -> None:
) )
def list_command(args: argparse.Namespace) -> None: def list_secrets() -> list[str]:
list_objects( return list_objects(
sops_secrets_folder(), lambda n: VALID_SECRET_NAME.match(n) is not None sops_secrets_folder(), lambda n: VALID_SECRET_NAME.match(n) is not None
) )
def list_command(args: argparse.Namespace) -> None:
lst = list_secrets()
if len(lst) > 0:
print("\n".join(lst))
def get_command(args: argparse.Namespace) -> None: def get_command(args: argparse.Namespace) -> None:
secret: str = args.secret secret: str = args.secret
ensure_sops_key() ensure_sops_key()

24
pkgs/clan-cli/clan_cli/secrets/users.py
View File

@@ -19,12 +19,24 @@ def remove_user(name: str) -> None:
remove_object(sops_users_folder(), name) remove_object(sops_users_folder(), name)
def list_users() -> None: def list_users() -> list[str]:
list_objects(sops_users_folder(), lambda n: VALID_SECRET_NAME.match(n) is not None) return list_objects(
sops_users_folder(), lambda n: VALID_SECRET_NAME.match(n) is not None
)
def add_secret(user: str, secret: str) -> None:
secrets.allow_member(secrets.users_folder(secret), sops_users_folder(), user)
def remove_secret(user: str, secret: str) -> None:
secrets.disallow_member(secrets.users_folder(secret), user)
def list_command(args: argparse.Namespace) -> None: def list_command(args: argparse.Namespace) -> None:
list_users() lst = list_users()
if len(lst) > 0:
print("\n".join(lst))
def add_command(args: argparse.Namespace) -> None: def add_command(args: argparse.Namespace) -> None:
@@ -36,13 +48,11 @@ def remove_command(args: argparse.Namespace) -> None:
def add_secret_command(args: argparse.Namespace) -> None: def add_secret_command(args: argparse.Namespace) -> None:
secrets.allow_member( add_secret(args.user, args.secret)
secrets.users_folder(args.secret), sops_users_folder(), args.user
)
def remove_secret_command(args: argparse.Namespace) -> None: def remove_secret_command(args: argparse.Namespace) -> None:
secrets.disallow_member(secrets.users_folder(args.secret), args.user) remove_secret(args.user, args.secret)
def register_users_parser(parser: argparse.ArgumentParser) -> None: def register_users_parser(parser: argparse.ArgumentParser) -> None: