From a1e2a4f64aa947235a5f49c532e5a600392eadce Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Thu, 22 Feb 2024 14:21:17 +0100
Subject: [PATCH] secret cli: accept a pattern in secrets list

---
 pkgs/clan-cli/clan_cli/secrets/secrets.py | 26 ++++++++++++++++++++---
 pkgs/clan-cli/tests/test_secrets_cli.py   |  8 +++++++
 2 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/pkgs/clan-cli/clan_cli/secrets/secrets.py b/pkgs/clan-cli/clan_cli/secrets/secrets.py
index 7ac0f0e8..b1bbab49 100644
--- a/pkgs/clan-cli/clan_cli/secrets/secrets.py
+++ b/pkgs/clan-cli/clan_cli/secrets/secrets.py
@@ -3,6 +3,7 @@ import getpass
 import os
 import shutil
 import sys
+from dataclasses import dataclass
 from pathlib import Path
 from typing import IO
 
@@ -210,17 +211,31 @@ def has_secret(flake_dir: Path, secret: str) -> bool:
     return (sops_secrets_folder(flake_dir) / secret / "secret").exists()
 
 
-def list_secrets(flake_dir: Path) -> list[str]:
+def list_secrets(flake_dir: Path, pattern: str | None = None) -> list[str]:
     path = sops_secrets_folder(flake_dir)
 
     def validate(name: str) -> bool:
-        return VALID_SECRET_NAME.match(name) is not None and has_secret(flake_dir, name)
+        return (
+            VALID_SECRET_NAME.match(name) is not None
+            and has_secret(flake_dir, name)
+            and (pattern is None or pattern in name)
+        )
 
     return list_objects(path, validate)
 
 
+@dataclass
+class ListSecretsOptions:
+    flake: Path
+    pattern: str | None
+
+
 def list_command(args: argparse.Namespace) -> None:
-    lst = list_secrets(Path(args.flake))
+    options = ListSecretsOptions(
+        flake=args.flake,
+        pattern=args.pattern,
+    )
+    lst = list_secrets(options.flake, options.pattern)
     if len(lst) > 0:
         print("\n".join(lst))
 
@@ -268,6 +283,11 @@ def rename_command(args: argparse.Namespace) -> None:
 
 def register_secrets_parser(subparser: argparse._SubParsersAction) -> None:
     parser_list = subparser.add_parser("list", help="list secrets")
+    parser_list.add_argument(
+        "pattern",
+        nargs="?",
+        help="a pattern to filter the secrets. All secrets containing the pattern will be listed.",
+    )
     parser_list.set_defaults(func=list_command)
 
     parser_get = subparser.add_parser("get", help="get a secret")
diff --git a/pkgs/clan-cli/tests/test_secrets_cli.py b/pkgs/clan-cli/tests/test_secrets_cli.py
index 95f2f81a..4dc56b81 100644
--- a/pkgs/clan-cli/tests/test_secrets_cli.py
+++ b/pkgs/clan-cli/tests/test_secrets_cli.py
@@ -275,6 +275,14 @@ def test_secrets(
     cli.run(["--flake", str(test_flake.path), "secrets", "list"])
     assert capsys.readouterr().out == "key\n"
 
+    capsys.readouterr()  # empty the buffer
+    cli.run(["--flake", str(test_flake.path), "secrets", "list", "nonexisting"])
+    assert capsys.readouterr().out == ""
+
+    capsys.readouterr()  # empty the buffer
+    cli.run(["--flake", str(test_flake.path), "secrets", "list", "key"])
+    assert capsys.readouterr().out == "key\n"
+
     cli.run(
         [
             "--flake",