clan-core/pkgs/clan-cli/clan_cli/secrets/import_sops.py

import argparse
import json
import sys
from pathlib import Path

from ..cmd import run
from ..completions import (
    add_dynamic_completer,
    complete_groups,
    complete_machines,
    complete_users,
)
from ..errors import ClanError
from ..nix import nix_shell
from .secrets import encrypt_secret, sops_secrets_folder


def import_sops(args: argparse.Namespace) -> None:
    file = Path(args.sops_file)
    file_type = file.suffix

    try:
        file.read_text()
    except OSError as e:
        raise ClanError(f"Could not read file {file}: {e}") from e
    if file_type == ".yaml":
        cmd = ["sops"]
        if args.input_type:
            cmd += ["--input-type", args.input_type]
        cmd += ["--output-type", "json", "--decrypt", args.sops_file]
        cmd = nix_shell(["nixpkgs#sops"], cmd)

        res = run(cmd, error_msg=f"Could not import sops file {file}")
        secrets = json.loads(res.stdout)
        for k, v in secrets.items():
            k = args.prefix + k
            if not isinstance(v, str):
                print(
                    f"WARNING: {k} is not a string but {type(v)}, skipping",
                    file=sys.stderr,
                )
                continue
            if (sops_secrets_folder(Path(args.flake)) / k / "secret").exists():
                print(
                    f"WARNING: {k} already exists, skipping",
                    file=sys.stderr,
                )
                continue
            encrypt_secret(
                Path(args.flake),
                sops_secrets_folder(Path(args.flake)) / k,
                v,
                add_groups=args.group,
                add_machines=args.machine,
                add_users=args.user,
            )


def register_import_sops_parser(parser: argparse.ArgumentParser) -> None:
    parser.add_argument(
        "--input-type",
        type=str,
        default=None,
        help="the input type of the sops file (yaml, json, ...). If not specified, it will be guessed from the file extension",
    )
    group_action = parser.add_argument(
        "--group",
        type=str,
        action="append",
        default=[],
        help="the group to import the secrets to",
    )
    add_dynamic_completer(group_action, complete_groups)
    machine_action = parser.add_argument(
        "--machine",
        type=str,
        action="append",
        default=[],
        help="the machine to import the secrets to",
    )
    add_dynamic_completer(machine_action, complete_machines)
    user_action = parser.add_argument(
        "--user",
        type=str,
        action="append",
        default=[],
        help="the user to import the secrets to",
    )
    add_dynamic_completer(user_action, complete_users)
    parser.add_argument(
        "--prefix",
        type=str,
        default="",
        help="the prefix to use for the secret names",
    )
    parser.add_argument(
        "sops_file",
        type=str,
        help="the sops file to import (- for stdin)",
    )

    parser.set_defaults(func=import_sops)
add import-sops command to secrets 2023-08-08 13:48:19 +00:00			`import argparse`
			`import json`
			`import sys`
			`from pathlib import Path`

clan: add dynamic-completions to `clan secrets set` 2024-06-04 13:17:24 +00:00			`from ..cmd import run`
clan: add dynamic completions for `clan secrets import-sops` 2024-06-04 11:40:24 +00:00			`from ..completions import (`
			`add_dynamic_completer,`
			`complete_groups,`
			`complete_machines,`
			`complete_users,`
			`)`
add import-sops command to secrets 2023-08-08 13:48:19 +00:00			`from ..errors import ClanError`
			`from ..nix import nix_shell`
add test for import-sops command 2023-08-08 14:28:38 +00:00			`from .secrets import encrypt_secret, sops_secrets_folder`
add import-sops command to secrets 2023-08-08 13:48:19 +00:00

			`def import_sops(args: argparse.Namespace) -> None:`
			`file = Path(args.sops_file)`
			`file_type = file.suffix`

			`try:`
			`file.read_text()`
			`except OSError as e:`
			`raise ClanError(f"Could not read file {file}: {e}") from e`
			`if file_type == ".yaml":`
			`cmd = ["sops"]`
			`if args.input_type:`
			`cmd += ["--input-type", args.input_type]`
			`cmd += ["--output-type", "json", "--decrypt", args.sops_file]`
prefix nixpkgs# explicitly in nix_shell This makes the function usage less confusing (you can now tell from the call side what are flags and what is passed to nix-shell) and allows to use different flakes to download packages. 2023-12-08 14:00:11 +00:00			`cmd = nix_shell(["nixpkgs#sops"], cmd)`
cmd.py refactor part 5 2024-01-12 15:52:29 +00:00
			`res = run(cmd, error_msg=f"Could not import sops file {file}")`
add import-sops command to secrets 2023-08-08 13:48:19 +00:00			`secrets = json.loads(res.stdout)`
			`for k, v in secrets.items():`
add option to import sops secrets with groups,users,machines,prefixes 2023-08-08 16:46:37 +00:00			`k = args.prefix + k`
add import-sops command to secrets 2023-08-08 13:48:19 +00:00			`if not isinstance(v, str):`
			`print(`
			`f"WARNING: {k} is not a string but {type(v)}, skipping",`
			`file=sys.stderr,`
			`)`
add test for import-sops command 2023-08-08 14:28:38 +00:00			`continue`
clan-cli secrets: flake_name -> flake_dir 2023-11-03 11:51:17 +00:00			`if (sops_secrets_folder(Path(args.flake)) / k / "secret").exists():`
add option to import sops secrets with groups,users,machines,prefixes 2023-08-08 16:46:37 +00:00			`print(`
			`f"WARNING: {k} already exists, skipping",`
			`file=sys.stderr,`
			`)`
			`continue`
			`encrypt_secret(`
clan-cli secrets: flake_name -> flake_dir 2023-11-03 11:51:17 +00:00			`Path(args.flake),`
			`sops_secrets_folder(Path(args.flake)) / k,`
add option to import sops secrets with groups,users,machines,prefixes 2023-08-08 16:46:37 +00:00			`v,`
			`add_groups=args.group,`
			`add_machines=args.machine,`
			`add_users=args.user,`
			`)`
add import-sops command to secrets 2023-08-08 13:48:19 +00:00

			`def register_import_sops_parser(parser: argparse.ArgumentParser) -> None:`
			`parser.add_argument(`
add option to import sops secrets with groups,users,machines,prefixes 2023-08-08 16:46:37 +00:00			`"--input-type",`
			`type=str,`
			`default=None,`
			`help="the input type of the sops file (yaml, json, ...). If not specified, it will be guessed from the file extension",`
			`)`
clan: add dynamic completions for `clan secrets import-sops` 2024-06-04 11:40:24 +00:00			`group_action = parser.add_argument(`
add option to import sops secrets with groups,users,machines,prefixes 2023-08-08 16:46:37 +00:00			`"--group",`
			`type=str,`
			`action="append",`
			`default=[],`
			`help="the group to import the secrets to",`
			`)`
clan: add dynamic completions for `clan secrets import-sops` 2024-06-04 11:40:24 +00:00			`add_dynamic_completer(group_action, complete_groups)`
			`machine_action = parser.add_argument(`
add option to import sops secrets with groups,users,machines,prefixes 2023-08-08 16:46:37 +00:00			`"--machine",`
			`type=str,`
			`action="append",`
			`default=[],`
			`help="the machine to import the secrets to",`
			`)`
clan: add dynamic completions for `clan secrets import-sops` 2024-06-04 11:40:24 +00:00			`add_dynamic_completer(machine_action, complete_machines)`
			`user_action = parser.add_argument(`
add option to import sops secrets with groups,users,machines,prefixes 2023-08-08 16:46:37 +00:00			`"--user",`
			`type=str,`
			`action="append",`
			`default=[],`
			`help="the user to import the secrets to",`
			`)`
clan: add dynamic completions for `clan secrets import-sops` 2024-06-04 11:40:24 +00:00			`add_dynamic_completer(user_action, complete_users)`
add option to import sops secrets with groups,users,machines,prefixes 2023-08-08 16:46:37 +00:00			`parser.add_argument(`
			`"--prefix",`
add import-sops command to secrets 2023-08-08 13:48:19 +00:00			`type=str,`
add option to import sops secrets with groups,users,machines,prefixes 2023-08-08 16:46:37 +00:00			`default="",`
			`help="the prefix to use for the secret names",`
add import-sops command to secrets 2023-08-08 13:48:19 +00:00			`)`
			`parser.add_argument(`
add test for import-sops command 2023-08-08 14:28:38 +00:00			`"sops_file",`
add import-sops command to secrets 2023-08-08 13:48:19 +00:00			`type=str,`
add test for import-sops command 2023-08-08 14:28:38 +00:00			`help="the sops file to import (- for stdin)",`
add import-sops command to secrets 2023-08-08 13:48:19 +00:00			`)`
Fixing a multitude of tests 2023-10-23 20:31:12 +00:00
add import-sops command to secrets 2023-08-08 13:48:19 +00:00			`parser.set_defaults(func=import_sops)`