sops/refactor: lay groundwork for secrets with arbitrary paths
This commit is contained in:
DavHau
@@ -49,27 +49,27 @@ class Group:
|
|||||||
|
|
||||||
def list_groups(flake_dir: Path) -> list[Group]:
|
def list_groups(flake_dir: Path) -> list[Group]:
|
||||||
groups: list[Group] = []
|
groups: list[Group] = []
|
||||||
folder = sops_groups_folder(flake_dir)
|
groups_dir = sops_groups_folder(flake_dir)
|
||||||
if not folder.exists():
|
if not groups_dir.exists():
|
||||||
return groups
|
return groups
|
||||||
|
|
||||||
for name in os.listdir(folder):
|
for group in os.listdir(groups_dir):
|
||||||
group_folder = folder / name
|
group_folder = groups_dir / group
|
||||||
if not group_folder.is_dir():
|
if not group_folder.is_dir():
|
||||||
continue
|
continue
|
||||||
machines_path = machines_folder(flake_dir, name)
|
machines_path = machines_folder(flake_dir, group)
|
||||||
machines = []
|
machines = []
|
||||||
if machines_path.is_dir():
|
if machines_path.is_dir():
|
||||||
for f in machines_path.iterdir():
|
for f in machines_path.iterdir():
|
||||||
if validate_hostname(f.name):
|
if validate_hostname(f.name):
|
||||||
machines.append(f.name)
|
machines.append(f.name)
|
||||||
users_path = users_folder(flake_dir, name)
|
users_path = users_folder(flake_dir, group)
|
||||||
users = []
|
users = []
|
||||||
if users_path.is_dir():
|
if users_path.is_dir():
|
||||||
for f in users_path.iterdir():
|
for f in users_path.iterdir():
|
||||||
if VALID_USER_NAME.match(f.name):
|
if VALID_USER_NAME.match(f.name):
|
||||||
users.append(f.name)
|
users.append(f.name)
|
||||||
groups.append(Group(flake_dir, name, machines, users))
|
groups.append(Group(flake_dir, group, machines, users))
|
||||||
return groups
|
return groups
|
||||||
|
|
||||||
|
|
||||||
@@ -204,7 +204,9 @@ def add_group_argument(parser: argparse.ArgumentParser) -> None:
|
|||||||
|
|
||||||
def add_secret(flake_dir: Path, group: str, name: str) -> None:
|
def add_secret(flake_dir: Path, group: str, name: str) -> None:
|
||||||
secrets.allow_member(
|
secrets.allow_member(
|
||||||
secrets.groups_folder(flake_dir, name), sops_groups_folder(flake_dir), group
|
secrets.groups_folder(sops_secrets_folder(flake_dir) / name),
|
||||||
|
sops_groups_folder(flake_dir),
|
||||||
|
group,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
@@ -214,7 +216,7 @@ def add_secret_command(args: argparse.Namespace) -> None:
|
|||||||
|
|
||||||
def remove_secret(flake_dir: Path, group: str, name: str) -> None:
|
def remove_secret(flake_dir: Path, group: str, name: str) -> None:
|
||||||
updated_paths = secrets.disallow_member(
|
updated_paths = secrets.disallow_member(
|
||||||
secrets.groups_folder(flake_dir, name), group
|
secrets.groups_folder(sops_secrets_folder(flake_dir) / name), group
|
||||||
)
|
)
|
||||||
commit_files(
|
commit_files(
|
||||||
updated_paths,
|
updated_paths,
|
||||||
|
|||||||
@@ -6,7 +6,12 @@ from ..errors import ClanError
|
|||||||
from ..git import commit_files
|
from ..git import commit_files
|
||||||
from ..machines.types import machine_name_type, validate_hostname
|
from ..machines.types import machine_name_type, validate_hostname
|
||||||
from . import secrets
|
from . import secrets
|
||||||
from .folders import list_objects, remove_object, sops_machines_folder
|
from .folders import (
|
||||||
|
list_objects,
|
||||||
|
remove_object,
|
||||||
|
sops_machines_folder,
|
||||||
|
sops_secrets_folder,
|
||||||
|
)
|
||||||
from .secrets import update_secrets
|
from .secrets import update_secrets
|
||||||
from .sops import read_key, write_key
|
from .sops import read_key, write_key
|
||||||
from .types import public_or_private_age_key_type, secret_name_type
|
from .types import public_or_private_age_key_type, secret_name_type
|
||||||
@@ -56,7 +61,7 @@ def list_machines(flake_dir: Path) -> list[str]:
|
|||||||
|
|
||||||
def add_secret(flake_dir: Path, machine: str, secret: str) -> None:
|
def add_secret(flake_dir: Path, machine: str, secret: str) -> None:
|
||||||
paths = secrets.allow_member(
|
paths = secrets.allow_member(
|
||||||
secrets.machines_folder(flake_dir, secret),
|
secrets.machines_folder(sops_secrets_folder(flake_dir) / secret),
|
||||||
sops_machines_folder(flake_dir),
|
sops_machines_folder(flake_dir),
|
||||||
machine,
|
machine,
|
||||||
)
|
)
|
||||||
@@ -69,7 +74,7 @@ def add_secret(flake_dir: Path, machine: str, secret: str) -> None:
|
|||||||
|
|
||||||
def remove_secret(flake_dir: Path, machine: str, secret: str) -> None:
|
def remove_secret(flake_dir: Path, machine: str, secret: str) -> None:
|
||||||
updated_paths = secrets.disallow_member(
|
updated_paths = secrets.disallow_member(
|
||||||
secrets.machines_folder(flake_dir, secret), machine
|
secrets.machines_folder(sops_secrets_folder(flake_dir) / secret), machine
|
||||||
)
|
)
|
||||||
commit_files(
|
commit_files(
|
||||||
updated_paths,
|
updated_paths,
|
||||||
|
|||||||
@@ -95,7 +95,7 @@ def encrypt_secret(
|
|||||||
for user in add_users:
|
for user in add_users:
|
||||||
files_to_commit.extend(
|
files_to_commit.extend(
|
||||||
allow_member(
|
allow_member(
|
||||||
users_folder(flake_dir, secret_path.name),
|
users_folder(secret_path),
|
||||||
sops_users_folder(flake_dir),
|
sops_users_folder(flake_dir),
|
||||||
user,
|
user,
|
||||||
False,
|
False,
|
||||||
@@ -105,7 +105,7 @@ def encrypt_secret(
|
|||||||
for machine in add_machines:
|
for machine in add_machines:
|
||||||
files_to_commit.extend(
|
files_to_commit.extend(
|
||||||
allow_member(
|
allow_member(
|
||||||
machines_folder(flake_dir, secret_path.name),
|
machines_folder(secret_path),
|
||||||
sops_machines_folder(flake_dir),
|
sops_machines_folder(flake_dir),
|
||||||
machine,
|
machine,
|
||||||
False,
|
False,
|
||||||
@@ -115,7 +115,7 @@ def encrypt_secret(
|
|||||||
for group in add_groups:
|
for group in add_groups:
|
||||||
files_to_commit.extend(
|
files_to_commit.extend(
|
||||||
allow_member(
|
allow_member(
|
||||||
groups_folder(flake_dir, secret_path.name),
|
groups_folder(secret_path),
|
||||||
sops_groups_folder(flake_dir),
|
sops_groups_folder(flake_dir),
|
||||||
group,
|
group,
|
||||||
False,
|
False,
|
||||||
@@ -128,7 +128,7 @@ def encrypt_secret(
|
|||||||
keys.add(key.pubkey)
|
keys.add(key.pubkey)
|
||||||
files_to_commit.extend(
|
files_to_commit.extend(
|
||||||
allow_member(
|
allow_member(
|
||||||
users_folder(flake_dir, secret_path.name),
|
users_folder(secret_path),
|
||||||
sops_users_folder(flake_dir),
|
sops_users_folder(flake_dir),
|
||||||
key.username,
|
key.username,
|
||||||
False,
|
False,
|
||||||
@@ -169,16 +169,16 @@ def add_secret_argument(parser: argparse.ArgumentParser, autocomplete: bool) ->
|
|||||||
add_dynamic_completer(secrets_parser, complete_secrets)
|
add_dynamic_completer(secrets_parser, complete_secrets)
|
||||||
|
|
||||||
|
|
||||||
def machines_folder(flake_dir: Path, secret: str) -> Path:
|
def machines_folder(secret_path: Path) -> Path:
|
||||||
return sops_secrets_folder(flake_dir) / secret / "machines"
|
return secret_path / "machines"
|
||||||
|
|
||||||
|
|
||||||
def users_folder(flake_dir: Path, secret: str) -> Path:
|
def users_folder(secret_path: Path) -> Path:
|
||||||
return sops_secrets_folder(flake_dir) / secret / "users"
|
return secret_path / "users"
|
||||||
|
|
||||||
|
|
||||||
def groups_folder(flake_dir: Path, secret: str) -> Path:
|
def groups_folder(secret_path: Path) -> Path:
|
||||||
return sops_secrets_folder(flake_dir) / secret / "groups"
|
return secret_path / "groups"
|
||||||
|
|
||||||
|
|
||||||
def list_directory(directory: Path) -> str:
|
def list_directory(directory: Path) -> str:
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ from ..completions import (
|
|||||||
from ..errors import ClanError
|
from ..errors import ClanError
|
||||||
from ..git import commit_files
|
from ..git import commit_files
|
||||||
from . import secrets
|
from . import secrets
|
||||||
from .folders import list_objects, remove_object, sops_users_folder
|
from .folders import list_objects, remove_object, sops_secrets_folder, sops_users_folder
|
||||||
from .secrets import update_secrets
|
from .secrets import update_secrets
|
||||||
from .sops import read_key, write_key
|
from .sops import read_key, write_key
|
||||||
from .types import (
|
from .types import (
|
||||||
@@ -63,7 +63,9 @@ def list_users(flake_dir: Path) -> list[str]:
|
|||||||
|
|
||||||
def add_secret(flake_dir: Path, user: str, secret: str) -> None:
|
def add_secret(flake_dir: Path, user: str, secret: str) -> None:
|
||||||
updated_paths = secrets.allow_member(
|
updated_paths = secrets.allow_member(
|
||||||
secrets.users_folder(flake_dir, secret), sops_users_folder(flake_dir), user
|
secrets.users_folder(sops_secrets_folder(flake_dir) / secret),
|
||||||
|
sops_users_folder(flake_dir),
|
||||||
|
user,
|
||||||
)
|
)
|
||||||
commit_files(
|
commit_files(
|
||||||
updated_paths,
|
updated_paths,
|
||||||
@@ -74,7 +76,7 @@ def add_secret(flake_dir: Path, user: str, secret: str) -> None:
|
|||||||
|
|
||||||
def remove_secret(flake_dir: Path, user: str, secret: str) -> None:
|
def remove_secret(flake_dir: Path, user: str, secret: str) -> None:
|
||||||
updated_paths = secrets.disallow_member(
|
updated_paths = secrets.disallow_member(
|
||||||
secrets.users_folder(flake_dir, secret), user
|
secrets.users_folder(sops_secrets_folder(flake_dir) / secret), user
|
||||||
)
|
)
|
||||||
commit_files(
|
commit_files(
|
||||||
updated_paths,
|
updated_paths,
|
||||||
|
|||||||
Reference in New Issue
Block a user