yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

refactor clanCore.secrets -> clanCore.facts

Browse Source
This commit is contained in:
lassulus
2024-03-25 15:55:25 +01:00
committed by Jörg Thalheim
parent 0676bf7283
commit a8d35d37e7
19 changed files with 342 additions and 165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pkgs/clan-cli/clan_cli/facts/check.py
View File

@@ -18,9 +18,9 @@ def check_secrets(machine: Machine, service: None | str = None) -> bool:
if service:
services = [service]
else:
services = list(machine.secrets_data.keys())
services = list(machine.facts_data.keys())
for service in services:
for secret_fact in machine.secrets_data[service]["secrets"]:
for secret_fact in machine.facts_data[service]["secret"]:
if isinstance(secret_fact, str):
secret_name = secret_fact
else:
@@ -31,7 +31,7 @@ def check_secrets(machine: Machine, service: None | str = None) -> bool:
)
missing_secret_facts.append((service, secret_name))
for public_fact in machine.secrets_data[service]["facts"]:
for public_fact in machine.facts_data[service]["public"]:
if not public_facts_store.exists(service, public_fact):
log.info(
f"Public fact '{public_fact}' for service {service} is missing."

18
pkgs/clan-cli/clan_cli/facts/generate.py
View File

@@ -54,13 +54,13 @@ def generate_service_facts(
secrets_dir.mkdir(parents=True)
env["secrets"] = str(secrets_dir)
# compatibility for old outputs.nix users
if isinstance(machine.secrets_data[service]["generator"], str):
generator = machine.secrets_data[service]["generator"]
if isinstance(machine.facts_data[service]["generator"], str):
generator = machine.facts_data[service]["generator"]
else:
generator = machine.secrets_data[service]["generator"]["finalScript"]
if machine.secrets_data[service]["generator"]["prompt"]:
generator = machine.facts_data[service]["generator"]["finalScript"]
if machine.facts_data[service]["generator"]["prompt"]:
prompt_value = prompt(
machine.secrets_data[service]["generator"]["prompt"]
machine.facts_data[service]["generator"]["prompt"]
)
env["prompt_value"] = prompt_value
# fmt: off
@@ -90,7 +90,7 @@ def generate_service_facts(
)
files_to_commit = []
# store secrets
for secret in machine.secrets_data[service]["secrets"]:
for secret in machine.facts_data[service]["secret"]:
if isinstance(secret, str):
# TODO: This is the old NixOS module, can be dropped everyone has updated.
secret_name = secret
@@ -111,11 +111,11 @@ def generate_service_facts(
files_to_commit.append(secret_path)
# store facts
for name in machine.secrets_data[service]["facts"]:
for name in machine.facts_data[service]["public"]:
fact_file = facts_dir / name
if not fact_file.is_file():
msg = f"did not generate a file for '{name}' when running the following command:\n"
msg += machine.secrets_data[service]["generator"]
msg += machine.facts_data[service]["generator"]
raise ClanError(msg)
fact_file = public_facts_store.set(service, name, fact_file.read_bytes())
if fact_file:
@@ -147,7 +147,7 @@ def generate_facts(
with TemporaryDirectory() as tmp:
tmpdir = Path(tmp)
for service in machine.secrets_data:
for service in machine.facts_data:
generate_service_facts(
machine=machine,
service=service,

4
pkgs/clan-cli/clan_cli/facts/secret_modules/password_store.py
View File

@@ -106,8 +106,8 @@ class SecretStore(SecretStoreBase):
return local_hash.decode() == remote_hash
def upload(self, output_dir: Path) -> None:
for service in self.machine.secrets_data:
for secret in self.machine.secrets_data[service]["secrets"]:
for service in self.machine.facts_data:
for secret in self.machine.facts_data[service]["secret"]:
if isinstance(secret, dict):
secret_name = secret["name"]
else:

4
pkgs/clan-cli/clan_cli/facts/secret_modules/sops.py
View File

@@ -14,9 +14,9 @@ class SecretStore(SecretStoreBase):
self.machine = machine
# no need to generate keys if we don't manage secrets
if not hasattr(self.machine, "secrets_data"):
if not hasattr(self.machine, "facts_data"):
return
if not self.machine.secrets_data:
if not self.machine.facts_data:
return
if has_machine(self.machine.flake_dir, self.machine.name):

23
pkgs/clan-cli/clan_cli/machines/machines.py
View File

@@ -47,7 +47,7 @@ class Machine:
eval_cache: dict[str, str]
build_cache: dict[str, Path]
_flake_path: Path | None
_deployment_info: None | dict[str, str]
_deployment_info: None | dict
vm: QMPWrapper
def __init__(
@@ -75,7 +75,7 @@ class Machine:
self.eval_cache: dict[str, str] = {}
self.build_cache: dict[str, Path] = {}
self._flake_path: Path | None = None
self._deployment_info: None | dict[str, str] = deployment_info
self._deployment_info: None | dict = deployment_info
state_dir = vm_state_dir(flake_url=str(self.flake), vm_name=self.data.name)
@@ -88,7 +88,7 @@ class Machine:
return str(self)
@property
def deployment_info(self) -> dict[str, str]:
def deployment_info(self) -> dict:
if self._deployment_info is not None:
return self._deployment_info
self._deployment_info = json.loads(
@@ -113,26 +113,21 @@ class Machine:
@property
def secret_facts_module(self) -> str:
return self.deployment_info["secretFactsModule"]
return self.deployment_info["facts"]["secretModule"]
@property
def public_facts_module(self) -> str:
return self.deployment_info["publicFactsModule"]
return self.deployment_info["facts"]["publicModule"]
@property
def secrets_data(self) -> dict[str, dict[str, Any]]:
if self.deployment_info["secretsData"]:
try:
return json.loads(Path(self.deployment_info["secretsData"]).read_text())
except json.JSONDecodeError as e:
raise ClanError(
f"Failed to parse secretsData for machine {self.data.name} as json"
) from e
def facts_data(self) -> dict[str, dict[str, Any]]:
if self.deployment_info["facts"]["services"]:
return self.deployment_info["facts"]["services"]
return {}
@property
def secrets_upload_directory(self) -> str:
return self.deployment_info["secretsUploadDirectory"]
return self.deployment_info["facts"]["secretUploadDirectory"]
@property
def flake_dir(self) -> Path: