secret cli: add get command that returns the key of users/machines

pkgs/clan-cli/clan_cli/secrets/machines.py

@@ -3,11 +3,8 @@ import argparse
 from ..machines.types import machine_name_type, validate_hostname
 from . import secrets
 from .folders import list_objects, remove_object, sops_machines_folder
-from .sops import write_key
-from .types import (
-    public_or_private_age_key_type,
-    secret_name_type,
-)
+from .sops import read_key, write_key
+from .types import public_or_private_age_key_type, secret_name_type
 
 
 def add_machine(name: str, key: str, force: bool) -> None:
@@ -18,6 +15,10 @@ def remove_machine(name: str) -> None:
     remove_object(sops_machines_folder(), name)
 
 
+def get_machine(name: str) -> str:
+    return read_key(sops_machines_folder() / name)
+
+
 def list_machines() -> list[str]:
     return list_objects(sops_machines_folder(), lambda x: validate_hostname(x))
 
@@ -42,6 +43,10 @@ def add_command(args: argparse.Namespace) -> None:
     add_machine(args.machine, args.key, args.force)
 
 
+def get_command(args: argparse.Namespace) -> None:
+    print(get_machine(args.machine))
+
+
 def remove_command(args: argparse.Namespace) -> None:
     remove_machine(args.machine)
 
@@ -82,6 +87,12 @@ def register_machines_parser(parser: argparse.ArgumentParser) -> None:
     )
     add_parser.set_defaults(func=add_command)
 
+    get_parser = subparser.add_parser("get", help="get a machine public key")
+    get_parser.add_argument(
+        "machine", help="the name of the machine", type=machine_name_type
+    )
+    get_parser.set_defaults(func=get_command)
+
     remove_parser = subparser.add_parser("remove", help="remove a machine")
     remove_parser.add_argument(
         "machine", help="the name of the machine", type=machine_name_type

pkgs/clan-cli/clan_cli/secrets/users.py

@@ -2,7 +2,7 @@ import argparse
 
 from . import secrets
 from .folders import list_objects, remove_object, sops_users_folder
-from .sops import write_key
+from .sops import read_key, write_key
 from .types import (
     VALID_SECRET_NAME,
     public_or_private_age_key_type,
@@ -19,6 +19,10 @@ def remove_user(name: str) -> None:
     remove_object(sops_users_folder(), name)
 
 
+def get_user(name: str) -> str:
+    return read_key(sops_users_folder() / name)
+
+
 def list_users() -> list[str]:
     return list_objects(
         sops_users_folder(), lambda n: VALID_SECRET_NAME.match(n) is not None
@@ -43,6 +47,10 @@ def add_command(args: argparse.Namespace) -> None:
     add_user(args.user, args.key, args.force)
 
 
+def get_command(args: argparse.Namespace) -> None:
+    print(get_user(args.user))
+
+
 def remove_command(args: argparse.Namespace) -> None:
     remove_user(args.user)
 
@@ -77,6 +85,10 @@ def register_users_parser(parser: argparse.ArgumentParser) -> None:
     )
     add_parser.set_defaults(func=add_command)
 
+    get_parser = subparser.add_parser("get", help="get a user public key")
+    get_parser.add_argument("user", help="the name of the user", type=user_name_type)
+    get_parser.set_defaults(func=get_command)
+
     remove_parser = subparser.add_parser("remove", help="remove a user")
     remove_parser.add_argument("user", help="the name of the user", type=user_name_type)
     remove_parser.set_defaults(func=remove_command)

pkgs/clan-cli/tests/test_secrets_cli.py

@@ -36,8 +36,13 @@ def _test_identities(
             age_keys[0].privkey,
         ]
     )
-    capsys.readouterr()  # empty the buffer
 
+    capsys.readouterr()  # empty the buffer
+    cli.run(["secrets", what, "get", "foo"])
+    out = capsys.readouterr()  # empty the buffer
+    assert age_keys[0].pubkey in out.out
+
+    capsys.readouterr()  # empty the buffer
     cli.run(["secrets", what, "list"])
     out = capsys.readouterr()  # empty the buffer
     assert "foo" in out.out