From c535cf78a1b7c07d2425634a96ab9188e197e82f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 9 Aug 2023 14:10:04 +0200 Subject: [PATCH 1/2] add secret api for machines/users/secrets --- pkgs/clan-cli/clan_cli/secrets/folders.py | 8 +++++--- pkgs/clan-cli/clan_cli/secrets/machines.py | 16 ++++++++++++++-- pkgs/clan-cli/clan_cli/secrets/secrets.py | 15 +++++++++++---- pkgs/clan-cli/clan_cli/secrets/users.py | 8 +++++--- 4 files changed, 35 insertions(+), 12 deletions(-) diff --git a/pkgs/clan-cli/clan_cli/secrets/folders.py b/pkgs/clan-cli/clan_cli/secrets/folders.py index b0f487bb..f9e8d31e 100644 --- a/pkgs/clan-cli/clan_cli/secrets/folders.py +++ b/pkgs/clan-cli/clan_cli/secrets/folders.py @@ -24,12 +24,14 @@ sops_machines_folder = gen_sops_subfolder("machines") sops_groups_folder = gen_sops_subfolder("groups") -def list_objects(path: Path, is_valid: Callable[[str], bool]) -> None: +def list_objects(path: Path, is_valid: Callable[[str], bool]) -> list[str]: + objs: list[str] = [] if not path.exists(): - return + return objs for f in os.listdir(path): if is_valid(f): - print(f) + objs.append(f) + return objs def remove_object(path: Path, name: str) -> None: diff --git a/pkgs/clan-cli/clan_cli/secrets/machines.py b/pkgs/clan-cli/clan_cli/secrets/machines.py index d7a2ffb0..330f2ad6 100644 --- a/pkgs/clan-cli/clan_cli/secrets/machines.py +++ b/pkgs/clan-cli/clan_cli/secrets/machines.py @@ -11,12 +11,24 @@ from .types import ( ) +def add_machine(name: str, key: str, force: bool) -> None: + write_key(sops_machines_folder() / name, key, force) + + +def remove_machine(name: str) -> None: + remove_object(sops_machines_folder(), name) + + +def list_machines() -> list[str]: + return list_objects(sops_machines_folder(), lambda x: validate_hostname(x)) + + def list_command(args: argparse.Namespace) -> None: - list_objects(sops_machines_folder(), lambda x: validate_hostname(x)) + print("\n".join(list_machines())) def add_command(args: argparse.Namespace) -> None: - write_key(sops_machines_folder() / args.machine, args.key, args.force) + add_machine(args.machine, args.key, args.force) def remove_command(args: argparse.Namespace) -> None: diff --git a/pkgs/clan-cli/clan_cli/secrets/secrets.py b/pkgs/clan-cli/clan_cli/secrets/secrets.py index 7282ebdc..4cc78e03 100644 --- a/pkgs/clan-cli/clan_cli/secrets/secrets.py +++ b/pkgs/clan-cli/clan_cli/secrets/secrets.py @@ -84,14 +84,17 @@ def encrypt_secret( encrypt_file(secret / "secret", value, list(sorted(keys))) -def remove_command(args: argparse.Namespace) -> None: - secret: str = args.secret +def remove_secret(secret: str) -> None: path = sops_secrets_folder() / secret if not path.exists(): raise ClanError(f"Secret '{secret}' does not exist") shutil.rmtree(path) +def remove_command(args: argparse.Namespace) -> None: + remove_secret(args.secret) + + def add_secret_argument(parser: argparse.ArgumentParser) -> None: parser.add_argument("secret", help="the name of the secret", type=secret_name_type) @@ -168,12 +171,16 @@ def disallow_member(group_folder: Path, name: str) -> None: ) -def list_command(args: argparse.Namespace) -> None: - list_objects( +def list_secrets() -> list[str]: + return list_objects( sops_secrets_folder(), lambda n: VALID_SECRET_NAME.match(n) is not None ) +def list_command(args: argparse.Namespace) -> None: + print("\n".join(list_secrets())) + + def get_command(args: argparse.Namespace) -> None: secret: str = args.secret ensure_sops_key() diff --git a/pkgs/clan-cli/clan_cli/secrets/users.py b/pkgs/clan-cli/clan_cli/secrets/users.py index b39d0030..b5c48d21 100644 --- a/pkgs/clan-cli/clan_cli/secrets/users.py +++ b/pkgs/clan-cli/clan_cli/secrets/users.py @@ -19,12 +19,14 @@ def remove_user(name: str) -> None: remove_object(sops_users_folder(), name) -def list_users() -> None: - list_objects(sops_users_folder(), lambda n: VALID_SECRET_NAME.match(n) is not None) +def list_users() -> list[str]: + return list_objects( + sops_users_folder(), lambda n: VALID_SECRET_NAME.match(n) is not None + ) def list_command(args: argparse.Namespace) -> None: - list_users() + print("\n".join(list_users())) def add_command(args: argparse.Namespace) -> None: From 6c169b0bed739adedfdf4170bf83d8f4b6216f75 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 9 Aug 2023 14:22:56 +0200 Subject: [PATCH 2/2] print nothing if secret collections are empty --- pkgs/clan-cli/clan_cli/secrets/machines.py | 22 ++++++++++++++++------ pkgs/clan-cli/clan_cli/secrets/secrets.py | 4 +++- pkgs/clan-cli/clan_cli/secrets/users.py | 18 +++++++++++++----- 3 files changed, 32 insertions(+), 12 deletions(-) diff --git a/pkgs/clan-cli/clan_cli/secrets/machines.py b/pkgs/clan-cli/clan_cli/secrets/machines.py index 330f2ad6..ebb9fb8a 100644 --- a/pkgs/clan-cli/clan_cli/secrets/machines.py +++ b/pkgs/clan-cli/clan_cli/secrets/machines.py @@ -23,8 +23,20 @@ def list_machines() -> list[str]: return list_objects(sops_machines_folder(), lambda x: validate_hostname(x)) +def add_secret(machine: str, secret: str) -> None: + secrets.allow_member( + secrets.machines_folder(secret), sops_machines_folder(), machine + ) + + +def remove_secret(machine: str, secret: str) -> None: + secrets.disallow_member(secrets.machines_folder(secret), machine) + + def list_command(args: argparse.Namespace) -> None: - print("\n".join(list_machines())) + lst = list_machines() + if len(lst) > 0: + print("\n".join(lst)) def add_command(args: argparse.Namespace) -> None: @@ -32,17 +44,15 @@ def add_command(args: argparse.Namespace) -> None: def remove_command(args: argparse.Namespace) -> None: - remove_object(sops_machines_folder(), args.machine) + remove_machine(args.machine) def add_secret_command(args: argparse.Namespace) -> None: - secrets.allow_member( - secrets.machines_folder(args.secret), sops_machines_folder(), args.machine - ) + add_secret(args.machine, args.secret) def remove_secret_command(args: argparse.Namespace) -> None: - secrets.disallow_member(secrets.machines_folder(args.secret), args.machine) + remove_secret(args.machine, args.secret) def register_machines_parser(parser: argparse.ArgumentParser) -> None: diff --git a/pkgs/clan-cli/clan_cli/secrets/secrets.py b/pkgs/clan-cli/clan_cli/secrets/secrets.py index 4cc78e03..ed59022a 100644 --- a/pkgs/clan-cli/clan_cli/secrets/secrets.py +++ b/pkgs/clan-cli/clan_cli/secrets/secrets.py @@ -178,7 +178,9 @@ def list_secrets() -> list[str]: def list_command(args: argparse.Namespace) -> None: - print("\n".join(list_secrets())) + lst = list_secrets() + if len(lst) > 0: + print("\n".join(lst)) def get_command(args: argparse.Namespace) -> None: diff --git a/pkgs/clan-cli/clan_cli/secrets/users.py b/pkgs/clan-cli/clan_cli/secrets/users.py index b5c48d21..25cf28ae 100644 --- a/pkgs/clan-cli/clan_cli/secrets/users.py +++ b/pkgs/clan-cli/clan_cli/secrets/users.py @@ -25,8 +25,18 @@ def list_users() -> list[str]: ) +def add_secret(user: str, secret: str) -> None: + secrets.allow_member(secrets.users_folder(secret), sops_users_folder(), user) + + +def remove_secret(user: str, secret: str) -> None: + secrets.disallow_member(secrets.users_folder(secret), user) + + def list_command(args: argparse.Namespace) -> None: - print("\n".join(list_users())) + lst = list_users() + if len(lst) > 0: + print("\n".join(lst)) def add_command(args: argparse.Namespace) -> None: @@ -38,13 +48,11 @@ def remove_command(args: argparse.Namespace) -> None: def add_secret_command(args: argparse.Namespace) -> None: - secrets.allow_member( - secrets.users_folder(args.secret), sops_users_folder(), args.user - ) + add_secret(args.user, args.secret) def remove_secret_command(args: argparse.Namespace) -> None: - secrets.disallow_member(secrets.users_folder(args.secret), args.user) + remove_secret(args.user, args.secret) def register_users_parser(parser: argparse.ArgumentParser) -> None: