From 9257f140ba059943dcb23c19286cdae9cf684861 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Fri, 16 Feb 2024 14:47:28 +0100
Subject: [PATCH] make secrets stores inherit from an interface

---
 .../clan_cli/secrets/modules/__init__.py      | 34 +++++++++++++++++++
 .../secrets/modules/password_store.py         | 10 +++---
 .../clan-cli/clan_cli/secrets/modules/sops.py |  9 +++--
 pkgs/clan-cli/clan_cli/secrets/modules/vm.py  |  7 +++-
 4 files changed, 52 insertions(+), 8 deletions(-)

diff --git a/pkgs/clan-cli/clan_cli/secrets/modules/__init__.py b/pkgs/clan-cli/clan_cli/secrets/modules/__init__.py
index e69de29b..6105bf86 100644
--- a/pkgs/clan-cli/clan_cli/secrets/modules/__init__.py
+++ b/pkgs/clan-cli/clan_cli/secrets/modules/__init__.py
@@ -0,0 +1,34 @@
+from abc import ABC, abstractmethod
+from pathlib import Path
+
+from clan_cli.machines.machines import Machine
+
+
+class SecretStoreBase(ABC):
+    @abstractmethod
+    def __init__(self, machine: Machine) -> None:
+        pass
+
+    @abstractmethod
+    def set(self, service: str, name: str, value: bytes) -> Path | None:
+        pass
+
+    @abstractmethod
+    def get(self, service: str, name: str) -> bytes:
+        pass
+
+    @abstractmethod
+    def exists(self, service: str, name: str) -> bool:
+        pass
+
+    @abstractmethod
+    def generate_hash(self) -> bytes:
+        pass
+
+    @abstractmethod
+    def update_check(self) -> bool:
+        pass
+
+    @abstractmethod
+    def upload(self, output_dir: Path) -> None:
+        pass
diff --git a/pkgs/clan-cli/clan_cli/secrets/modules/password_store.py b/pkgs/clan-cli/clan_cli/secrets/modules/password_store.py
index cc06c34b..e185be53 100644
--- a/pkgs/clan-cli/clan_cli/secrets/modules/password_store.py
+++ b/pkgs/clan-cli/clan_cli/secrets/modules/password_store.py
@@ -5,12 +5,14 @@ from pathlib import Path
 from clan_cli.machines.machines import Machine
 from clan_cli.nix import nix_shell
 
+from . import SecretStoreBase
 
-class SecretStore:
+
+class SecretStore(SecretStoreBase):
     def __init__(self, machine: Machine) -> None:
         self.machine = machine
 
-    def set(self, _service: str, name: str, value: bytes) -> Path | None:
+    def set(self, service: str, name: str, value: bytes) -> Path | None:
         subprocess.run(
             nix_shell(
                 ["nixpkgs#pass"],
@@ -21,7 +23,7 @@ class SecretStore:
         )
         return None  # we manage the files outside of the git repo
 
-    def get(self, _service: str, name: str) -> bytes:
+    def get(self, service: str, name: str) -> bytes:
         return subprocess.run(
             nix_shell(
                 ["nixpkgs#pass"],
@@ -31,7 +33,7 @@ class SecretStore:
             stdout=subprocess.PIPE,
         ).stdout
 
-    def exists(self, _service: str, name: str) -> bool:
+    def exists(self, service: str, name: str) -> bool:
         password_store = os.environ.get(
             "PASSWORD_STORE_DIR", f"{os.environ['HOME']}/.password-store"
         )
diff --git a/pkgs/clan-cli/clan_cli/secrets/modules/sops.py b/pkgs/clan-cli/clan_cli/secrets/modules/sops.py
index cb5ccda4..218b7887 100644
--- a/pkgs/clan-cli/clan_cli/secrets/modules/sops.py
+++ b/pkgs/clan-cli/clan_cli/secrets/modules/sops.py
@@ -28,7 +28,7 @@ class SecretStore:
         )
         add_machine(self.machine.flake_dir, self.machine.name, pub_key, False)
 
-    def set(self, _service: str, name: str, value: bytes) -> Path | None:
+    def set(self, service: str, name: str, value: bytes) -> Path | None:
         path = (
             sops_secrets_folder(self.machine.flake_dir) / f"{self.machine.name}-{name}"
         )
@@ -40,15 +40,18 @@ class SecretStore:
         )
         return path
 
-    def get(self, _service: str, _name: str) -> bytes:
+    def get(self, service: str, _name: str) -> bytes:
         raise NotImplementedError()
 
-    def exists(self, _service: str, name: str) -> bool:
+    def exists(self, service: str, name: str) -> bool:
         return has_secret(
             self.machine.flake_dir,
             f"{self.machine.name}-{name}",
         )
 
+    def update_check(self) -> bool:
+        return False
+
     def upload(self, output_dir: Path) -> None:
         key_name = f"{self.machine.name}-age.key"
         if not has_secret(self.machine.flake_dir, key_name):
diff --git a/pkgs/clan-cli/clan_cli/secrets/modules/vm.py b/pkgs/clan-cli/clan_cli/secrets/modules/vm.py
index 33701c51..fe318669 100644
--- a/pkgs/clan-cli/clan_cli/secrets/modules/vm.py
+++ b/pkgs/clan-cli/clan_cli/secrets/modules/vm.py
@@ -5,8 +5,10 @@ from pathlib import Path
 from clan_cli.dirs import vm_state_dir
 from clan_cli.machines.machines import Machine
 
+from . import SecretStoreBase
 
-class SecretStore:
+
+class SecretStore(SecretStoreBase):
     def __init__(self, machine: Machine) -> None:
         self.machine = machine
         self.dir = vm_state_dir(str(machine.flake), machine.name) / "secrets"
@@ -25,6 +27,9 @@ class SecretStore:
     def exists(self, service: str, name: str) -> bool:
         return (self.dir / service / name).exists()
 
+    def update_check(self) -> bool:
+        return False
+
     def upload(self, output_dir: Path) -> None:
         if os.path.exists(output_dir):
             shutil.rmtree(output_dir)