make secrets stores inherit from an interface
This commit is contained in:
parent
81545766a0
commit
9257f140ba
|
@ -0,0 +1,34 @@
|
|||
from abc import ABC, abstractmethod
|
||||
from pathlib import Path
|
||||
|
||||
from clan_cli.machines.machines import Machine
|
||||
|
||||
|
||||
class SecretStoreBase(ABC):
|
||||
@abstractmethod
|
||||
def __init__(self, machine: Machine) -> None:
|
||||
pass
|
||||
|
||||
@abstractmethod
|
||||
def set(self, service: str, name: str, value: bytes) -> Path | None:
|
||||
pass
|
||||
|
||||
@abstractmethod
|
||||
def get(self, service: str, name: str) -> bytes:
|
||||
pass
|
||||
|
||||
@abstractmethod
|
||||
def exists(self, service: str, name: str) -> bool:
|
||||
pass
|
||||
|
||||
@abstractmethod
|
||||
def generate_hash(self) -> bytes:
|
||||
pass
|
||||
|
||||
@abstractmethod
|
||||
def update_check(self) -> bool:
|
||||
pass
|
||||
|
||||
@abstractmethod
|
||||
def upload(self, output_dir: Path) -> None:
|
||||
pass
|
|
@ -5,12 +5,14 @@ from pathlib import Path
|
|||
from clan_cli.machines.machines import Machine
|
||||
from clan_cli.nix import nix_shell
|
||||
|
||||
from . import SecretStoreBase
|
||||
|
||||
class SecretStore:
|
||||
|
||||
class SecretStore(SecretStoreBase):
|
||||
def __init__(self, machine: Machine) -> None:
|
||||
self.machine = machine
|
||||
|
||||
def set(self, _service: str, name: str, value: bytes) -> Path | None:
|
||||
def set(self, service: str, name: str, value: bytes) -> Path | None:
|
||||
subprocess.run(
|
||||
nix_shell(
|
||||
["nixpkgs#pass"],
|
||||
|
@ -21,7 +23,7 @@ class SecretStore:
|
|||
)
|
||||
return None # we manage the files outside of the git repo
|
||||
|
||||
def get(self, _service: str, name: str) -> bytes:
|
||||
def get(self, service: str, name: str) -> bytes:
|
||||
return subprocess.run(
|
||||
nix_shell(
|
||||
["nixpkgs#pass"],
|
||||
|
@ -31,7 +33,7 @@ class SecretStore:
|
|||
stdout=subprocess.PIPE,
|
||||
).stdout
|
||||
|
||||
def exists(self, _service: str, name: str) -> bool:
|
||||
def exists(self, service: str, name: str) -> bool:
|
||||
password_store = os.environ.get(
|
||||
"PASSWORD_STORE_DIR", f"{os.environ['HOME']}/.password-store"
|
||||
)
|
||||
|
|
|
@ -28,7 +28,7 @@ class SecretStore:
|
|||
)
|
||||
add_machine(self.machine.flake_dir, self.machine.name, pub_key, False)
|
||||
|
||||
def set(self, _service: str, name: str, value: bytes) -> Path | None:
|
||||
def set(self, service: str, name: str, value: bytes) -> Path | None:
|
||||
path = (
|
||||
sops_secrets_folder(self.machine.flake_dir) / f"{self.machine.name}-{name}"
|
||||
)
|
||||
|
@ -40,15 +40,18 @@ class SecretStore:
|
|||
)
|
||||
return path
|
||||
|
||||
def get(self, _service: str, _name: str) -> bytes:
|
||||
def get(self, service: str, _name: str) -> bytes:
|
||||
raise NotImplementedError()
|
||||
|
||||
def exists(self, _service: str, name: str) -> bool:
|
||||
def exists(self, service: str, name: str) -> bool:
|
||||
return has_secret(
|
||||
self.machine.flake_dir,
|
||||
f"{self.machine.name}-{name}",
|
||||
)
|
||||
|
||||
def update_check(self) -> bool:
|
||||
return False
|
||||
|
||||
def upload(self, output_dir: Path) -> None:
|
||||
key_name = f"{self.machine.name}-age.key"
|
||||
if not has_secret(self.machine.flake_dir, key_name):
|
||||
|
|
|
@ -5,8 +5,10 @@ from pathlib import Path
|
|||
from clan_cli.dirs import vm_state_dir
|
||||
from clan_cli.machines.machines import Machine
|
||||
|
||||
from . import SecretStoreBase
|
||||
|
||||
class SecretStore:
|
||||
|
||||
class SecretStore(SecretStoreBase):
|
||||
def __init__(self, machine: Machine) -> None:
|
||||
self.machine = machine
|
||||
self.dir = vm_state_dir(str(machine.flake), machine.name) / "secrets"
|
||||
|
@ -25,6 +27,9 @@ class SecretStore:
|
|||
def exists(self, service: str, name: str) -> bool:
|
||||
return (self.dir / service / name).exists()
|
||||
|
||||
def update_check(self) -> bool:
|
||||
return False
|
||||
|
||||
def upload(self, output_dir: Path) -> None:
|
||||
if os.path.exists(output_dir):
|
||||
shutil.rmtree(output_dir)
|
||||
|
|
Loading…
Reference in New Issue
Block a user