clan-cli sops: accept bytes
This commit is contained in:
parent
da34bd7199
commit
11bf0b8b9e
|
|
@ -39,7 +39,7 @@ class SecretStore(SecretStoreBase):
|
|||
encrypt_secret(
|
||||
self.machine.flake_dir,
|
||||
path,
|
||||
value.decode(),
|
||||
value,
|
||||
add_machines=[self.machine.name],
|
||||
add_groups=groups,
|
||||
)
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@ def collect_keys_for_path(path: Path) -> set[str]:
|
|||
def encrypt_secret(
|
||||
flake_dir: Path,
|
||||
secret: Path,
|
||||
value: IO[str] | str | None,
|
||||
value: IO[str] | str | bytes | None,
|
||||
add_users: list[str] = [],
|
||||
add_machines: list[str] = [],
|
||||
add_groups: list[str] = [],
|
||||
|
|
|
|||
|
|
@ -134,7 +134,7 @@ def update_keys(secret_path: Path, keys: list[str]) -> None:
|
|||
|
||||
|
||||
def encrypt_file(
|
||||
secret_path: Path, content: IO[str] | str | None, keys: list[str]
|
||||
secret_path: Path, content: IO[str] | str | bytes | None, keys: list[str]
|
||||
) -> None:
|
||||
folder = secret_path.parent
|
||||
folder.mkdir(parents=True, exist_ok=True)
|
||||
|
|
@ -157,11 +157,17 @@ def encrypt_file(
|
|||
# hopefully /tmp is written to an in-memory file to avoid leaking secrets
|
||||
with NamedTemporaryFile(delete=False) as f:
|
||||
try:
|
||||
with open(f.name, "w") as fd:
|
||||
if isinstance(content, str):
|
||||
if isinstance(content, str):
|
||||
with open(f.name, "w") as fd:
|
||||
fd.write(content)
|
||||
else:
|
||||
elif isinstance(content, bytes):
|
||||
with open(f.name, "wb") as fd:
|
||||
fd.write(content)
|
||||
elif isinstance(content, IO):
|
||||
with open(f.name, "w") as fd:
|
||||
shutil.copyfileobj(content, fd)
|
||||
else:
|
||||
raise ClanError("Invalid content type")
|
||||
# we pass an empty manifest to pick up existing configuration of the user
|
||||
args = ["sops", "--config", str(manifest)]
|
||||
args.extend(["-i", "--encrypt", str(f.name)])
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user