From ef442ef31663c818c1b2baa4974ffc3fa3bd2e45 Mon Sep 17 00:00:00 2001 From: Louis Opter Date: Sat, 1 Feb 2025 22:39:22 +0000 Subject: [PATCH] clan-cli: secrets users add: make sure only one key argument was passed This is slightly better input validation FWIW. --- pkgs/clan-cli/clan_cli/secrets/users.py | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/pkgs/clan-cli/clan_cli/secrets/users.py b/pkgs/clan-cli/clan_cli/secrets/users.py index 658e40ba0..2d7598532 100644 --- a/pkgs/clan-cli/clan_cli/secrets/users.py +++ b/pkgs/clan-cli/clan_cli/secrets/users.py @@ -131,15 +131,19 @@ def add_command(args: argparse.Namespace) -> None: if args.flake is None: msg = "Could not find clan flake toplevel directory" raise ClanError(msg) + keys_args = (args.age_key, args.agekey, args.pgp_key) + keys_count = sum(1 if key else 0 for key in keys_args) + if keys_count != 1: + err_msg = ( + f"Please provide one key (got {keys_count}) through `--pgp-key`, " + f"`--age-key`, or as a positional (age key) argument." + ) + raise ClanError(err_msg) if args.age_key or args.agekey: key_type = sops.KeyType.AGE - elif args.pgp_key: - key_type = sops.KeyType.PGP else: - msg = "BUG!: key type not set" - raise ValueError(msg) + key_type = sops.KeyType.PGP key = args.agekey or args.age_key or args.pgp_key - assert key is not None, "key is None" add_user(args.flake.path, args.user, key, key_type, args.force)