vars: introduce deploy=true/false for generated files
This commit is contained in:
DavHau
@@ -152,6 +152,7 @@ def execute_generator(
|
||||
# store secrets
|
||||
files = machine.vars_generators[generator_name]["files"]
|
||||
for file_name, file in files.items():
|
||||
is_deployed = file["deploy"]
|
||||
groups = machine.deployment["sops"]["defaultGroups"]
|
||||
|
||||
secret_file = tmpdir_out / file_name
|
||||
@@ -166,6 +167,7 @@ def execute_generator(
|
||||
secret_file.read_bytes(),
|
||||
groups,
|
||||
shared=is_shared,
|
||||
deployed=is_deployed,
|
||||
)
|
||||
else:
|
||||
file_path = public_vars_store.set(
|
||||
|
||||
@@ -17,6 +17,7 @@ class SecretStoreBase(ABC):
|
||||
value: bytes,
|
||||
groups: list[str],
|
||||
shared: bool = False,
|
||||
deployed: bool = True,
|
||||
) -> Path | None:
|
||||
pass
|
||||
|
||||
|
||||
@@ -31,6 +31,7 @@ class SecretStore(SecretStoreBase):
|
||||
value: bytes,
|
||||
groups: list[str],
|
||||
shared: bool = False,
|
||||
deployed: bool = True,
|
||||
) -> Path | None:
|
||||
subprocess.run(
|
||||
nix_shell(
|
||||
|
||||
@@ -58,6 +58,7 @@ class SecretStore(SecretStoreBase):
|
||||
value: bytes,
|
||||
groups: list[str],
|
||||
shared: bool = False,
|
||||
deployed: bool = True,
|
||||
) -> Path | None:
|
||||
path = self.secret_path(generator_name, name, shared)
|
||||
encrypt_secret(
|
||||
@@ -66,6 +67,9 @@ class SecretStore(SecretStoreBase):
|
||||
value,
|
||||
add_machines=[self.machine.name],
|
||||
add_groups=groups,
|
||||
meta=dict(
|
||||
deploy=deployed,
|
||||
),
|
||||
)
|
||||
return path
|
||||
|
||||
|
||||
@@ -21,6 +21,7 @@ class SecretStore(SecretStoreBase):
|
||||
value: bytes,
|
||||
groups: list[str],
|
||||
shared: bool = False,
|
||||
deployed: bool = True,
|
||||
) -> Path | None:
|
||||
secret_file = self.dir / service / name
|
||||
secret_file.parent.mkdir(parents=True, exist_ok=True)
|
||||
|
||||
Reference in New Issue
Block a user