yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

clan-cli: secrets.sops: improve age keys detection

Browse Source 
This change allows you to e.g. directly pass `$(age-keygen)` on the
command line.
This commit is contained in:
Louis Opter
2024-10-23 18:42:18 -07:00
committed by Mic92
parent 67c7876629
commit daf51f523e
3 changed files with 15 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
pkgs/clan-cli/clan_cli/machines/create.py
View File

@@ -81,6 +81,7 @@ def create_machine(opts: CreateOptions) -> None:
msg = "Machine name must be a valid hostname" msg = "Machine name must be a valid hostname"
raise ClanError(msg, location="Create Machine") raise ClanError(msg, location="Create Machine")
# lopter@(2024-10-22): Could we just use warn and use the existing config?
if dst.exists(): if dst.exists():
msg = f"Machine {machine_name} already exists in {clan_dir}" msg = f"Machine {machine_name} already exists in {clan_dir}"
description = ( description = (

5
pkgs/clan-cli/clan_cli/secrets/sops.py
View File

@@ -245,6 +245,11 @@ def maybe_get_admin_public_key() -> None | SopsKey:
return None return None
if len(keyring) > 1: if len(keyring) > 1:
# louis@(2024-10-22):
#
# This is confusing when it shows up and you have no information
# about where each key is going from, could we log the discovery
# of each key?
msg = ( msg = (
f"Found more than {len(keyring)} public keys in your " f"Found more than {len(keyring)} public keys in your "
f"environment/system and cannot decide which one to " f"environment/system and cannot decide which one to "

17
pkgs/clan-cli/clan_cli/secrets/types.py
View File

@@ -21,14 +21,15 @@ def secret_name_type(arg_value: str) -> str:
def public_or_private_age_key_type(arg_value: str) -> str: def public_or_private_age_key_type(arg_value: str) -> str:
if Path(arg_value).is_file(): if Path(arg_value).is_file():
arg_value = Path(arg_value).read_text().strip() arg_value = Path(arg_value).read_text().strip()
if arg_value.startswith("age1"): for line in arg_value.splitlines():
return arg_value.strip() if line.startswith("#"):
if arg_value.startswith("AGE-SECRET-KEY-"): continue
return get_public_age_key(arg_value) if line.startswith("age1"):
if not arg_value.startswith("age1"): return line.strip()
msg = f"Please provide an age key starting with age1, got: '{arg_value}'" if line.startswith("AGE-SECRET-KEY-"):
raise ClanError(msg) return get_public_age_key(line)
return arg_value msg = f"Please provide an age key starting with age1 or AGE-SECRET-KEY-, got: '{arg_value}'"
raise ClanError(msg)
def group_or_user_name_type(what: str) -> Callable[[str], str]: def group_or_user_name_type(what: str) -> Callable[[str], str]: