bind ssh controlmaster to live time of CLI
This commit is contained in:
Jörg Thalheim
@@ -7,6 +7,7 @@ from typing import TYPE_CHECKING
|
||||
|
||||
from clan_cli.errors import ClanError
|
||||
from clan_cli.machines import machines
|
||||
from clan_cli.ssh.host import Host
|
||||
|
||||
if TYPE_CHECKING:
|
||||
from .generate import Generator, Var
|
||||
@@ -183,5 +184,5 @@ class StoreBase(ABC):
|
||||
pass
|
||||
|
||||
@abstractmethod
|
||||
def upload(self, phases: list[str]) -> None:
|
||||
def upload(self, host: Host, phases: list[str]) -> None:
|
||||
pass
|
||||
|
||||
@@ -4,6 +4,7 @@ from pathlib import Path
|
||||
|
||||
from clan_cli.errors import ClanError
|
||||
from clan_cli.machines.machines import Machine
|
||||
from clan_cli.ssh.host import Host
|
||||
from clan_cli.vars._types import StoreBase
|
||||
from clan_cli.vars.generate import Generator, Var
|
||||
|
||||
@@ -72,6 +73,6 @@ class FactStore(StoreBase):
|
||||
msg = "populate_dir is not implemented for public vars stores"
|
||||
raise NotImplementedError(msg)
|
||||
|
||||
def upload(self, phases: list[str]) -> None:
|
||||
def upload(self, host: Host, phases: list[str]) -> None:
|
||||
msg = "upload is not implemented for public vars stores"
|
||||
raise NotImplementedError(msg)
|
||||
|
||||
@@ -6,6 +6,7 @@ from pathlib import Path
|
||||
from clan_cli.dirs import vm_state_dir
|
||||
from clan_cli.errors import ClanError
|
||||
from clan_cli.machines.machines import Machine
|
||||
from clan_cli.ssh.host import Host
|
||||
from clan_cli.vars._types import StoreBase
|
||||
from clan_cli.vars.generate import Generator, Var
|
||||
|
||||
@@ -69,6 +70,6 @@ class FactStore(StoreBase):
|
||||
msg = "populate_dir is not implemented for public vars stores"
|
||||
raise NotImplementedError(msg)
|
||||
|
||||
def upload(self, phases: list[str]) -> None:
|
||||
def upload(self, host: Host, phases: list[str]) -> None:
|
||||
msg = "upload is not implemented for public vars stores"
|
||||
raise NotImplementedError(msg)
|
||||
|
||||
@@ -3,6 +3,7 @@ import tempfile
|
||||
from pathlib import Path
|
||||
|
||||
from clan_cli.machines.machines import Machine
|
||||
from clan_cli.ssh.host import Host
|
||||
from clan_cli.vars._types import StoreBase
|
||||
from clan_cli.vars.generate import Generator, Var
|
||||
|
||||
@@ -45,6 +46,6 @@ class SecretStore(StoreBase):
|
||||
shutil.copytree(self.dir, output_dir)
|
||||
shutil.rmtree(self.dir)
|
||||
|
||||
def upload(self, phases: list[str]) -> None:
|
||||
def upload(self, host: Host, phases: list[str]) -> None:
|
||||
msg = "Cannot upload secrets with FS backend"
|
||||
raise NotImplementedError(msg)
|
||||
|
||||
@@ -10,6 +10,7 @@ from tempfile import TemporaryDirectory
|
||||
from clan_cli.cmd import CmdOut, Log, RunOpts, run
|
||||
from clan_cli.machines.machines import Machine
|
||||
from clan_cli.nix import nix_shell
|
||||
from clan_cli.ssh.host import Host
|
||||
from clan_cli.ssh.upload import upload
|
||||
from clan_cli.vars._types import StoreBase
|
||||
from clan_cli.vars.generate import Generator, Var
|
||||
@@ -146,9 +147,9 @@ class SecretStore(StoreBase):
|
||||
manifest += hashes
|
||||
return b"\n".join(manifest)
|
||||
|
||||
def needs_upload(self) -> bool:
|
||||
def needs_upload(self, host: Host) -> bool:
|
||||
local_hash = self.generate_hash()
|
||||
remote_hash = self.machine.target_host.run(
|
||||
remote_hash = host.run(
|
||||
# TODO get the path to the secrets from the machine
|
||||
[
|
||||
"cat",
|
||||
@@ -224,11 +225,11 @@ class SecretStore(StoreBase):
|
||||
|
||||
(output_dir / f".{self._store_backend}_info").write_bytes(self.generate_hash())
|
||||
|
||||
def upload(self, phases: list[str]) -> None:
|
||||
def upload(self, host: Host, phases: list[str]) -> None:
|
||||
if "partitioning" in phases:
|
||||
msg = "Cannot upload partitioning secrets"
|
||||
raise NotImplementedError(msg)
|
||||
if not self.needs_upload():
|
||||
if not self.needs_upload(host):
|
||||
log.info("Secrets already uploaded")
|
||||
return
|
||||
with TemporaryDirectory(prefix="vars-upload-") as _tempdir:
|
||||
@@ -237,4 +238,4 @@ class SecretStore(StoreBase):
|
||||
upload_dir = Path(
|
||||
self.machine.deployment["password-store"]["secretLocation"]
|
||||
)
|
||||
upload(self.machine.target_host, pass_dir, upload_dir)
|
||||
upload(host, pass_dir, upload_dir)
|
||||
|
||||
@@ -23,6 +23,7 @@ from clan_cli.secrets.secrets import (
|
||||
groups_folder,
|
||||
has_secret,
|
||||
)
|
||||
from clan_cli.ssh.host import Host
|
||||
from clan_cli.ssh.upload import upload
|
||||
from clan_cli.vars._types import StoreBase
|
||||
from clan_cli.vars.generate import Generator
|
||||
@@ -220,14 +221,15 @@ class SecretStore(StoreBase):
|
||||
target_path.write_bytes(self.get(generator, file.name))
|
||||
target_path.chmod(file.mode)
|
||||
|
||||
def upload(self, phases: list[str]) -> None:
|
||||
@override
|
||||
def upload(self, host: Host, phases: list[str]) -> None:
|
||||
if "partitioning" in phases:
|
||||
msg = "Cannot upload partitioning secrets"
|
||||
raise NotImplementedError(msg)
|
||||
with TemporaryDirectory(prefix="sops-upload-") as _tempdir:
|
||||
sops_upload_dir = Path(_tempdir).resolve()
|
||||
self.populate_dir(sops_upload_dir, phases)
|
||||
upload(self.machine.target_host, sops_upload_dir, Path("/var/lib/sops-nix"))
|
||||
upload(host, sops_upload_dir, Path("/var/lib/sops-nix"))
|
||||
|
||||
def exists(self, generator: Generator, name: str) -> bool:
|
||||
secret_folder = self.secret_path(generator, name)
|
||||
@@ -260,7 +262,6 @@ class SecretStore(StoreBase):
|
||||
|
||||
return keys
|
||||
|
||||
# }
|
||||
def needs_fix(self, generator: Generator, name: str) -> tuple[bool, str | None]:
|
||||
secret_path = self.secret_path(generator, name)
|
||||
current_recipients = sops.get_recipients(secret_path)
|
||||
|
||||
@@ -4,6 +4,7 @@ from pathlib import Path
|
||||
|
||||
from clan_cli.dirs import vm_state_dir
|
||||
from clan_cli.machines.machines import Machine
|
||||
from clan_cli.ssh.host import Host
|
||||
from clan_cli.vars._types import StoreBase
|
||||
from clan_cli.vars.generate import Generator, Var
|
||||
|
||||
@@ -60,6 +61,6 @@ class SecretStore(StoreBase):
|
||||
shutil.rmtree(output_dir)
|
||||
shutil.copytree(self.dir, output_dir)
|
||||
|
||||
def upload(self, phases: list[str]) -> None:
|
||||
def upload(self, host: Host, phases: list[str]) -> None:
|
||||
msg = "Cannot upload secrets to VMs"
|
||||
raise NotImplementedError(msg)
|
||||
|
||||
@@ -4,17 +4,19 @@ from pathlib import Path
|
||||
|
||||
from clan_cli.completions import add_dynamic_completer, complete_machines
|
||||
from clan_cli.machines.machines import Machine
|
||||
from clan_cli.ssh.host import Host
|
||||
|
||||
log = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def upload_secret_vars(machine: Machine, directory: Path | None = None) -> None:
|
||||
if directory:
|
||||
machine.secret_vars_store.populate_dir(
|
||||
directory, phases=["activation", "users", "services"]
|
||||
)
|
||||
else:
|
||||
machine.secret_vars_store.upload(phases=["activation", "users", "services"])
|
||||
def upload_secret_vars(machine: Machine, host: Host) -> None:
|
||||
machine.secret_vars_store.upload(host, phases=["activation", "users", "services"])
|
||||
|
||||
|
||||
def populate_secret_vars(machine: Machine, directory: Path) -> None:
|
||||
machine.secret_vars_store.populate_dir(
|
||||
directory, phases=["activation", "users", "services"]
|
||||
)
|
||||
|
||||
|
||||
def upload_command(args: argparse.Namespace) -> None:
|
||||
@@ -22,7 +24,11 @@ def upload_command(args: argparse.Namespace) -> None:
|
||||
directory = None
|
||||
if args.directory:
|
||||
directory = Path(args.directory)
|
||||
upload_secret_vars(machine, directory)
|
||||
populate_secret_vars(machine, directory)
|
||||
return
|
||||
|
||||
with machine.target_host() as host:
|
||||
upload_secret_vars(machine, host)
|
||||
|
||||
|
||||
def register_upload_parser(parser: argparse.ArgumentParser) -> None:
|
||||
|
||||
Reference in New Issue
Block a user