yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

clan_cli vars: actually upload

Browse Source
This commit is contained in:
lassulus
2024-11-11 16:07:00 +01:00
parent 616ddca734
commit ddc7afd67d
4 changed files with 32 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkgs/clan-cli/clan_cli/machines/machines.py
View File

@@ -151,6 +151,10 @@ class Machine:
def secrets_upload_directory(self) -> str:
return self.deployment["facts"]["secretUploadDirectory"]
@property
def secret_vars_upload_directory(self) -> str:
return self.deployment["vars"]["secretUploadDirectory"]
@property
def flake_dir(self) -> Path:
if self.flake.is_local():

2
pkgs/clan-cli/clan_cli/machines/update.py
View File

@@ -21,6 +21,7 @@ from clan_cli.machines.machines import Machine
from clan_cli.nix import nix_command, nix_metadata
from clan_cli.ssh import HostKeyCheck
from clan_cli.vars.generate import generate_vars
from clan_cli.vars.upload import upload_secret_vars
from .inventory import get_all_machines, get_selected_machines
from .machine_group import MachineGroup
@@ -120,6 +121,7 @@ def deploy_machine(machines: MachineGroup) -> None:
generate_vars([machine], None, False)
upload_secrets(machine)
upload_secret_vars(machine)
path = upload_sources(
machine,

38
pkgs/clan-cli/clan_cli/vars/secret_modules/password_store.py
View File

@@ -1,9 +1,9 @@
import os
import subprocess
from itertools import chain
from pathlib import Path
from typing import override
from clan_cli.cmd import run
from clan_cli.machines.machines import Machine
from clan_cli.nix import nix_shell
@@ -36,7 +36,7 @@ class SecretStore(SecretStoreBase):
shared: bool = False,
deployed: bool = True,
) -> Path | None:
subprocess.run(
run(
nix_shell(
["nixpkgs#pass"],
[
@@ -52,7 +52,7 @@ class SecretStore(SecretStoreBase):
return None # we manage the files outside of the git repo
def get(self, generator_name: str, name: str, shared: bool = False) -> bytes:
return subprocess.run(
return run(
nix_shell(
["nixpkgs#pass"],
[
@@ -61,9 +61,7 @@ class SecretStore(SecretStoreBase):
str(self.entry_dir(generator_name, name, shared)),
],
),
check=True,
stdout=subprocess.PIPE,
).stdout
).stdout.encode()
def exists(self, generator_name: str, name: str, shared: bool = False) -> bool:
return (
@@ -74,7 +72,7 @@ class SecretStore(SecretStoreBase):
def generate_hash(self) -> bytes:
hashes = []
hashes.append(
subprocess.run(
run(
nix_shell(
["nixpkgs#git"],
[
@@ -87,9 +85,10 @@ class SecretStore(SecretStoreBase):
self.entry_prefix,
],
),
stdout=subprocess.PIPE,
check=False,
).stdout.strip()
)
.stdout.strip()
.encode()
)
shared_dir = Path(self._password_store_dir) / self.entry_prefix / "shared"
machine_dir = (
@@ -101,7 +100,7 @@ class SecretStore(SecretStoreBase):
for symlink in chain(shared_dir.glob("**/*"), machine_dir.glob("**/*")):
if symlink.is_symlink():
hashes.append(
subprocess.run(
run(
nix_shell(
["nixpkgs#git"],
[
@@ -114,9 +113,10 @@ class SecretStore(SecretStoreBase):
str(symlink),
],
),
stdout=subprocess.PIPE,
check=False,
).stdout.strip()
)
.stdout.strip()
.encode()
)
# we sort the hashes to make sure that the order is always the same
@@ -128,9 +128,8 @@ class SecretStore(SecretStoreBase):
local_hash = self.generate_hash()
remote_hash = self.machine.target_host.run(
# TODO get the path to the secrets from the machine
["cat", f"{self.machine.secrets_upload_directory}/.pass_info"],
["cat", f"{self.machine.secret_vars_upload_directory}/.pass_info"],
check=False,
stdout=subprocess.PIPE,
).stdout.strip()
if not remote_hash:
@@ -143,10 +142,15 @@ class SecretStore(SecretStoreBase):
for secret_var in self.get_all():
if not secret_var.deployed:
continue
rel_dir = self.rel_dir(
secret_var.generator, secret_var.name, secret_var.shared
if secret_var.shared:
output_file = (
output_dir / "shared" / secret_var.generator / secret_var.name
)
with (output_dir / rel_dir).open("wb") as f:
else:
output_file = output_dir / secret_var.generator / secret_var.name
output_file.parent.mkdir(parents=True, exist_ok=True)
with (output_file).open("wb") as f:
f.write(
self.get(secret_var.generator, secret_var.name, secret_var.shared)
)

8
pkgs/clan-cli/clan_cli/vars/upload.py
View File

@@ -12,8 +12,8 @@ from clan_cli.nix import nix_shell
log = logging.getLogger(__name__)
def upload_secrets(machine: Machine) -> None:
secret_store_module = importlib.import_module(machine.secret_facts_module)
def upload_secret_vars(machine: Machine) -> None:
secret_store_module = importlib.import_module(machine.secret_vars_module)
secret_store = secret_store_module.SecretStore(machine=machine)
if not secret_store.needs_upload():
@@ -38,7 +38,7 @@ def upload_secrets(machine: Machine) -> None:
"--delete",
"--chmod=D700,F600",
f"{tempdir!s}/",
f"{host.target_for_rsync}:{machine.secrets_upload_directory}/",
f"{host.target_for_rsync}:{machine.secret_vars_upload_directory}/",
],
),
log=Log.BOTH,
@@ -48,7 +48,7 @@ def upload_secrets(machine: Machine) -> None:
def upload_command(args: argparse.Namespace) -> None:
machine = Machine(name=args.machine, flake=args.flake)
upload_secrets(machine)
upload_secret_vars(machine)
def register_upload_parser(parser: argparse.ArgumentParser) -> None: