yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

clan-cli: secrets: properly update secrets when an user is removed

Browse Source 
Fixes #2659.
This commit is contained in:
Louis Opter
2025-01-22 18:16:54 +00:00
committed by Mic92
parent 36a54ead12
commit 81cf521d8c
2 changed files with 42 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
pkgs/clan-cli/clan_cli/secrets/secrets.py
View File

@@ -82,6 +82,11 @@ def update_secrets(
for path in secret_paths:
if not filter_secrets(path):
continue
# clean-up non-existent users, groups, and machines
# from the secret before we update it:
changed_files.extend(cleanup_dangling_symlinks(path / "users"))
changed_files.extend(cleanup_dangling_symlinks(path / "groups"))
changed_files.extend(cleanup_dangling_symlinks(path / "machines"))
changed_files.extend(
update_keys(
path,
@@ -91,6 +96,17 @@ def update_secrets(
return changed_files
def cleanup_dangling_symlinks(folder: Path) -> list[Path]:
if not folder.exists():
return []
removed: list[Path] = []
for link in folder.iterdir():
if link.is_symlink() and not link.exists():
link.unlink()
removed.append(folder / link)
return removed
def collect_keys_for_type(folder: Path) -> set[tuple[str, sops.KeyType]]:
if not folder.exists():
return set()