Also commit files when adding machines/users or removing secrets

2024-02-22 16:06:39 +01:00 · 2024-02-22 16:06:39 +01:00 · 52fcc91479
commit 52fcc91479
parent 65d2a4e081
4 changed files with 28 additions and 6 deletions
--- a/pkgs/clan-cli/clan_cli/git.py
+++ b/pkgs/clan-cli/clan_cli/git.py
@ -28,12 +28,10 @@ def commit_files(
    repo_dir: Path,
    commit_message: str | None = None,
 ) -> None:
-    # check that the file is in the git repository and exists
+    # check that the file is in the git repository
    for file_path in file_paths:
        if not Path(file_path).resolve().is_relative_to(repo_dir.resolve()):
            raise ClanError(f"File {file_path} is not in the git repository {repo_dir}")
-        if not file_path.exists():
-            raise ClanError(f"File {file_path} does not exist")
    # generate commit message if not provided
    if commit_message is None:
        commit_message = ""
--- a/pkgs/clan-cli/clan_cli/secrets/machines.py
+++ b/pkgs/clan-cli/clan_cli/secrets/machines.py
@ -2,6 +2,7 @@ import argparse
 from pathlib import Path

 from ..errors import ClanError
+from ..git import commit_files
 from ..machines.types import machine_name_type, validate_hostname
 from . import secrets
 from .folders import list_objects, remove_object, sops_machines_folder
@ -10,7 +11,13 @@ from .types import public_or_private_age_key_type, secret_name_type


 def add_machine(flake_dir: Path, name: str, key: str, force: bool) -> None:
-    write_key(sops_machines_folder(flake_dir) / name, key, force)
+    path = sops_machines_folder(flake_dir) / name
+    write_key(path, key, force)
+    commit_files(
+        [path],
+        flake_dir,
+        f"Add machine {name} to secrets",
+    )


 def remove_machine(flake_dir: Path, name: str) -> None:
@ -35,11 +42,16 @@ def list_machines(flake_dir: Path) -> list[str]:


 def add_secret(flake_dir: Path, machine: str, secret: str) -> None:
-    secrets.allow_member(
+    path = secrets.allow_member(
        secrets.machines_folder(flake_dir, secret),
        sops_machines_folder(flake_dir),
        machine,
    )
+    commit_files(
+        [path],
+        flake_dir,
+        f"Add {machine} to secret",
+    )


 def remove_secret(flake_dir: Path, machine: str, secret: str) -> None:
--- a/pkgs/clan-cli/clan_cli/secrets/secrets.py
+++ b/pkgs/clan-cli/clan_cli/secrets/secrets.py
@ -124,6 +124,11 @@ def remove_secret(flake_dir: Path, secret: str) -> None:
    if not path.exists():
        raise ClanError(f"Secret '{secret}' does not exist")
    shutil.rmtree(path)
+    commit_files(
+        [path],
+        flake_dir,
+        f"Remove secret {secret}",
+    )


 def remove_command(args: argparse.Namespace) -> None:
--- a/pkgs/clan-cli/clan_cli/secrets/users.py
+++ b/pkgs/clan-cli/clan_cli/secrets/users.py
@ -2,6 +2,7 @@ import argparse
 from pathlib import Path

 from ..errors import ClanError
+from ..git import commit_files
 from . import secrets
 from .folders import list_objects, remove_object, sops_users_folder
 from .sops import read_key, write_key
@ -14,7 +15,13 @@ from .types import (


 def add_user(flake_dir: Path, name: str, key: str, force: bool) -> None:
-    write_key(sops_users_folder(flake_dir) / name, key, force)
+    path = sops_users_folder(flake_dir) / name
+    write_key(path, key, force)
+    commit_files(
+        [path],
+        flake_dir,
+        f"Add user {name} to secrets",
+    )


 def remove_user(flake_dir: Path, name: str) -> None: