make secrets stores inherit from an interface
This commit is contained in:
parent
81545766a0
commit
9257f140ba
@ -0,0 +1,34 @@
|
|||||||
|
from abc import ABC, abstractmethod
|
||||||
|
from pathlib import Path
|
||||||
|
|
||||||
|
from clan_cli.machines.machines import Machine
|
||||||
|
|
||||||
|
|
||||||
|
class SecretStoreBase(ABC):
|
||||||
|
@abstractmethod
|
||||||
|
def __init__(self, machine: Machine) -> None:
|
||||||
|
pass
|
||||||
|
|
||||||
|
@abstractmethod
|
||||||
|
def set(self, service: str, name: str, value: bytes) -> Path | None:
|
||||||
|
pass
|
||||||
|
|
||||||
|
@abstractmethod
|
||||||
|
def get(self, service: str, name: str) -> bytes:
|
||||||
|
pass
|
||||||
|
|
||||||
|
@abstractmethod
|
||||||
|
def exists(self, service: str, name: str) -> bool:
|
||||||
|
pass
|
||||||
|
|
||||||
|
@abstractmethod
|
||||||
|
def generate_hash(self) -> bytes:
|
||||||
|
pass
|
||||||
|
|
||||||
|
@abstractmethod
|
||||||
|
def update_check(self) -> bool:
|
||||||
|
pass
|
||||||
|
|
||||||
|
@abstractmethod
|
||||||
|
def upload(self, output_dir: Path) -> None:
|
||||||
|
pass
|
||||||
@ -5,12 +5,14 @@ from pathlib import Path
|
|||||||
from clan_cli.machines.machines import Machine
|
from clan_cli.machines.machines import Machine
|
||||||
from clan_cli.nix import nix_shell
|
from clan_cli.nix import nix_shell
|
||||||
|
|
||||||
|
from . import SecretStoreBase
|
||||||
|
|
||||||
class SecretStore:
|
|
||||||
|
class SecretStore(SecretStoreBase):
|
||||||
def __init__(self, machine: Machine) -> None:
|
def __init__(self, machine: Machine) -> None:
|
||||||
self.machine = machine
|
self.machine = machine
|
||||||
|
|
||||||
def set(self, _service: str, name: str, value: bytes) -> Path | None:
|
def set(self, service: str, name: str, value: bytes) -> Path | None:
|
||||||
subprocess.run(
|
subprocess.run(
|
||||||
nix_shell(
|
nix_shell(
|
||||||
["nixpkgs#pass"],
|
["nixpkgs#pass"],
|
||||||
@ -21,7 +23,7 @@ class SecretStore:
|
|||||||
)
|
)
|
||||||
return None # we manage the files outside of the git repo
|
return None # we manage the files outside of the git repo
|
||||||
|
|
||||||
def get(self, _service: str, name: str) -> bytes:
|
def get(self, service: str, name: str) -> bytes:
|
||||||
return subprocess.run(
|
return subprocess.run(
|
||||||
nix_shell(
|
nix_shell(
|
||||||
["nixpkgs#pass"],
|
["nixpkgs#pass"],
|
||||||
@ -31,7 +33,7 @@ class SecretStore:
|
|||||||
stdout=subprocess.PIPE,
|
stdout=subprocess.PIPE,
|
||||||
).stdout
|
).stdout
|
||||||
|
|
||||||
def exists(self, _service: str, name: str) -> bool:
|
def exists(self, service: str, name: str) -> bool:
|
||||||
password_store = os.environ.get(
|
password_store = os.environ.get(
|
||||||
"PASSWORD_STORE_DIR", f"{os.environ['HOME']}/.password-store"
|
"PASSWORD_STORE_DIR", f"{os.environ['HOME']}/.password-store"
|
||||||
)
|
)
|
||||||
|
|||||||
@ -28,7 +28,7 @@ class SecretStore:
|
|||||||
)
|
)
|
||||||
add_machine(self.machine.flake_dir, self.machine.name, pub_key, False)
|
add_machine(self.machine.flake_dir, self.machine.name, pub_key, False)
|
||||||
|
|
||||||
def set(self, _service: str, name: str, value: bytes) -> Path | None:
|
def set(self, service: str, name: str, value: bytes) -> Path | None:
|
||||||
path = (
|
path = (
|
||||||
sops_secrets_folder(self.machine.flake_dir) / f"{self.machine.name}-{name}"
|
sops_secrets_folder(self.machine.flake_dir) / f"{self.machine.name}-{name}"
|
||||||
)
|
)
|
||||||
@ -40,15 +40,18 @@ class SecretStore:
|
|||||||
)
|
)
|
||||||
return path
|
return path
|
||||||
|
|
||||||
def get(self, _service: str, _name: str) -> bytes:
|
def get(self, service: str, _name: str) -> bytes:
|
||||||
raise NotImplementedError()
|
raise NotImplementedError()
|
||||||
|
|
||||||
def exists(self, _service: str, name: str) -> bool:
|
def exists(self, service: str, name: str) -> bool:
|
||||||
return has_secret(
|
return has_secret(
|
||||||
self.machine.flake_dir,
|
self.machine.flake_dir,
|
||||||
f"{self.machine.name}-{name}",
|
f"{self.machine.name}-{name}",
|
||||||
)
|
)
|
||||||
|
|
||||||
|
def update_check(self) -> bool:
|
||||||
|
return False
|
||||||
|
|
||||||
def upload(self, output_dir: Path) -> None:
|
def upload(self, output_dir: Path) -> None:
|
||||||
key_name = f"{self.machine.name}-age.key"
|
key_name = f"{self.machine.name}-age.key"
|
||||||
if not has_secret(self.machine.flake_dir, key_name):
|
if not has_secret(self.machine.flake_dir, key_name):
|
||||||
|
|||||||
@ -5,8 +5,10 @@ from pathlib import Path
|
|||||||
from clan_cli.dirs import vm_state_dir
|
from clan_cli.dirs import vm_state_dir
|
||||||
from clan_cli.machines.machines import Machine
|
from clan_cli.machines.machines import Machine
|
||||||
|
|
||||||
|
from . import SecretStoreBase
|
||||||
|
|
||||||
class SecretStore:
|
|
||||||
|
class SecretStore(SecretStoreBase):
|
||||||
def __init__(self, machine: Machine) -> None:
|
def __init__(self, machine: Machine) -> None:
|
||||||
self.machine = machine
|
self.machine = machine
|
||||||
self.dir = vm_state_dir(str(machine.flake), machine.name) / "secrets"
|
self.dir = vm_state_dir(str(machine.flake), machine.name) / "secrets"
|
||||||
@ -25,6 +27,9 @@ class SecretStore:
|
|||||||
def exists(self, service: str, name: str) -> bool:
|
def exists(self, service: str, name: str) -> bool:
|
||||||
return (self.dir / service / name).exists()
|
return (self.dir / service / name).exists()
|
||||||
|
|
||||||
|
def update_check(self) -> bool:
|
||||||
|
return False
|
||||||
|
|
||||||
def upload(self, output_dir: Path) -> None:
|
def upload(self, output_dir: Path) -> None:
|
||||||
if os.path.exists(output_dir):
|
if os.path.exists(output_dir):
|
||||||
shutil.rmtree(output_dir)
|
shutil.rmtree(output_dir)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user