split of generate_secrets method into smaller functions
This commit is contained in:
parent
53d658a3c0
commit
87f301122e
@ -8,24 +8,24 @@ from tempfile import TemporaryDirectory
|
||||
from clan_cli.cmd import run
|
||||
|
||||
from ..errors import ClanError
|
||||
from ..facts.modules import FactStoreBase
|
||||
from ..git import commit_files
|
||||
from ..machines.machines import Machine
|
||||
from ..nix import nix_shell
|
||||
from .check import check_secrets
|
||||
from .modules import SecretStoreBase
|
||||
|
||||
log = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def generate_secrets(machine: Machine) -> None:
|
||||
secrets_module = importlib.import_module(machine.secrets_module)
|
||||
secret_store = secrets_module.SecretStore(machine=machine)
|
||||
|
||||
facts_module = importlib.import_module(machine.facts_module)
|
||||
fact_store = facts_module.FactStore(machine=machine)
|
||||
|
||||
with TemporaryDirectory() as d:
|
||||
for service in machine.secrets_data:
|
||||
tmpdir = Path(d) / service
|
||||
def generate_service_secrets(
|
||||
machine: Machine,
|
||||
service: str,
|
||||
secret_store: SecretStoreBase,
|
||||
fact_store: FactStoreBase,
|
||||
tmpdir: Path,
|
||||
) -> None:
|
||||
service_dir = tmpdir / service
|
||||
# check if all secrets exist and generate them if at least one is missing
|
||||
needs_regeneration = not check_secrets(machine)
|
||||
log.debug(f"{service} needs_regeneration: {needs_regeneration}")
|
||||
@ -35,10 +35,10 @@ def generate_secrets(machine: Machine) -> None:
|
||||
msg += "fact/secret generation is only supported for local flakes"
|
||||
|
||||
env = os.environ.copy()
|
||||
facts_dir = tmpdir / "facts"
|
||||
facts_dir = service_dir / "facts"
|
||||
facts_dir.mkdir(parents=True)
|
||||
env["facts"] = str(facts_dir)
|
||||
secrets_dir = tmpdir / "secrets"
|
||||
secrets_dir = service_dir / "secrets"
|
||||
secrets_dir.mkdir(parents=True)
|
||||
env["secrets"] = str(secrets_dir)
|
||||
# fmt: off
|
||||
@ -74,9 +74,7 @@ def generate_secrets(machine: Machine) -> None:
|
||||
msg = f"did not generate a file for '{secret}' when running the following command:\n"
|
||||
msg += machine.secrets_data[service]["generator"]
|
||||
raise ClanError(msg)
|
||||
secret_path = secret_store.set(
|
||||
service, secret, secret_file.read_bytes()
|
||||
)
|
||||
secret_path = secret_store.set(service, secret, secret_file.read_bytes())
|
||||
if secret_path:
|
||||
files_to_commit.append(secret_path)
|
||||
|
||||
@ -96,6 +94,19 @@ def generate_secrets(machine: Machine) -> None:
|
||||
f"Update facts/secrets for service {service} in machine {machine.name}",
|
||||
)
|
||||
|
||||
|
||||
def generate_secrets(machine: Machine) -> None:
|
||||
secrets_module = importlib.import_module(machine.secrets_module)
|
||||
secret_store = secrets_module.SecretStore(machine=machine)
|
||||
|
||||
facts_module = importlib.import_module(machine.facts_module)
|
||||
fact_store = facts_module.FactStore(machine=machine)
|
||||
|
||||
with TemporaryDirectory() as tmp:
|
||||
tmpdir = Path(tmp)
|
||||
for service in machine.secrets_data:
|
||||
generate_service_secrets(machine, service, secret_store, fact_store, tmpdir)
|
||||
|
||||
print("successfully generated secrets")
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user