yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

clan-cli: secrets.sops: improve age keys detection

Browse Source 
This change allows you to e.g. directly pass `$(age-keygen)` on the
command line.
This commit is contained in:
Louis Opter
2024-10-23 18:42:18 -07:00
committed by Mic92
parent 67c7876629
commit daf51f523e
3 changed files with 15 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
pkgs/clan-cli/clan_cli/machines/create.py
View File

@@ -81,6 +81,7 @@ def create_machine(opts: CreateOptions) -> None:
msg = "Machine name must be a valid hostname"
raise ClanError(msg, location="Create Machine")
# lopter@(2024-10-22): Could we just use warn and use the existing config?
if dst.exists():
msg = f"Machine {machine_name} already exists in {clan_dir}"
description = (

5
pkgs/clan-cli/clan_cli/secrets/sops.py
View File

@@ -245,6 +245,11 @@ def maybe_get_admin_public_key() -> None | SopsKey:
return None
if len(keyring) > 1:
# louis@(2024-10-22):
#
# This is confusing when it shows up and you have no information
# about where each key is going from, could we log the discovery
# of each key?
msg = (
f"Found more than {len(keyring)} public keys in your "
f"environment/system and cannot decide which one to "

15
pkgs/clan-cli/clan_cli/secrets/types.py
View File

@@ -21,14 +21,15 @@ def secret_name_type(arg_value: str) -> str:
def public_or_private_age_key_type(arg_value: str) -> str:
if Path(arg_value).is_file():
arg_value = Path(arg_value).read_text().strip()
if arg_value.startswith("age1"):
return arg_value.strip()
if arg_value.startswith("AGE-SECRET-KEY-"):
return get_public_age_key(arg_value)
if not arg_value.startswith("age1"):
msg = f"Please provide an age key starting with age1, got: '{arg_value}'"
for line in arg_value.splitlines():
if line.startswith("#"):
continue
if line.startswith("age1"):
return line.strip()
if line.startswith("AGE-SECRET-KEY-"):
return get_public_age_key(line)
msg = f"Please provide an age key starting with age1 or AGE-SECRET-KEY-, got: '{arg_value}'"
raise ClanError(msg)
return arg_value
def group_or_user_name_type(what: str) -> Callable[[str], str]: