vars password-store: add neededForUsers option
This commit is contained in:
lassulus
@@ -150,7 +150,10 @@ class SecretStore(SecretStoreBase):
|
||||
return local_hash.decode() != remote_hash
|
||||
|
||||
def populate_dir(self, output_dir: Path) -> None:
|
||||
with tarfile.open(output_dir / "secrets.tar.gz", "w:gz") as tar:
|
||||
with (
|
||||
tarfile.open(output_dir / "secrets.tar.gz", "w:gz") as tar,
|
||||
tarfile.open(output_dir / "secrets_for_users.tar.gz", "w:gz") as user_tar,
|
||||
):
|
||||
for generator in self.machine.vars_generators:
|
||||
dir_exists = False
|
||||
for file in generator.files:
|
||||
@@ -170,7 +173,10 @@ class SecretStore(SecretStoreBase):
|
||||
tar_file.mode = 0o440
|
||||
tar_file.uname = file.owner
|
||||
tar_file.gname = file.group
|
||||
tar.addfile(tarinfo=tar_file, fileobj=io.BytesIO(content))
|
||||
if file.needed_for_users:
|
||||
user_tar.addfile(tarinfo=tar_file, fileobj=io.BytesIO(content))
|
||||
else:
|
||||
tar.addfile(tarinfo=tar_file, fileobj=io.BytesIO(content))
|
||||
(output_dir / ".pass_info").write_bytes(self.generate_hash())
|
||||
|
||||
def upload(self) -> None:
|
||||
@@ -179,6 +185,7 @@ class SecretStore(SecretStoreBase):
|
||||
return
|
||||
with TemporaryDirectory(prefix="vars-upload-") as tempdir:
|
||||
pass_dir = Path(tempdir)
|
||||
self.populate_dir(pass_dir)
|
||||
upload_dir = Path(
|
||||
self.machine.deployment["password-store"]["secretLocation"]
|
||||
)
|
||||
|
||||
@@ -15,6 +15,7 @@ class Var:
|
||||
deploy: bool = False
|
||||
owner: str = "root"
|
||||
group: str = "root"
|
||||
needed_for_users: bool = False
|
||||
|
||||
# TODO: those shouldn't be set here
|
||||
_store: "StoreBase | None" = None
|
||||
@@ -74,4 +75,5 @@ class Var:
|
||||
deploy=data["deploy"],
|
||||
owner=data.get("owner", "root"),
|
||||
group=data.get("group", "root"),
|
||||
needed_for_users=data.get("neededForUsers", False),
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user