clan-cli secrets: actually check if only service needs regeneration

2024-03-03 04:05:56 +01:00 · 2024-03-03 04:05:56 +01:00 · a23c251b09
commit a23c251b09
parent a1dcddf9b4
2 changed files with 16 additions and 5 deletions
--- a/pkgs/clan-cli/clan_cli/secrets/check.py
+++ b/pkgs/clan-cli/clan_cli/secrets/check.py
@ -7,7 +7,7 @@ from ..machines.machines import Machine
 log = logging.getLogger(__name__)


-def check_secrets(machine: Machine) -> bool:
+def check_secrets(machine: Machine, service: None | str = None) -> bool:
    secrets_module = importlib.import_module(machine.secrets_module)
    secret_store = secrets_module.SecretStore(machine=machine)
    facts_module = importlib.import_module(machine.facts_module)
@ -15,7 +15,11 @@ def check_secrets(machine: Machine) -> bool:

    missing_secrets = []
    missing_facts = []
-    for service in machine.secrets_data:
+    if service:
+        services = [service]
+    else:
+        services = list(machine.secrets_data.keys())
+    for service in services:
        for secret in machine.secrets_data[service]["secrets"]:
            if isinstance(secret, str):
                secret_name = secret
@ -38,8 +42,11 @@ def check_secrets(machine: Machine) -> bool:


 def check_command(args: argparse.Namespace) -> None:
-    machine = Machine(name=args.machine, flake=args.flake)
-    check_secrets(machine)
+    machine = Machine(
+        name=args.machine,
+        flake=args.flake,
+    )
+    check_secrets(machine, service=args.service)


 def register_check_parser(parser: argparse.ArgumentParser) -> None:
@ -47,4 +54,8 @@ def register_check_parser(parser: argparse.ArgumentParser) -> None:
        "machine",
        help="The machine to check secrets for",
    )
+    parser.add_argument(
+        "--service",
+        help="the service to check",
+    )
    parser.set_defaults(func=check_command)
--- a/pkgs/clan-cli/clan_cli/secrets/generate.py
+++ b/pkgs/clan-cli/clan_cli/secrets/generate.py
@ -29,7 +29,7 @@ def generate_service_secrets(
 ) -> None:
    service_dir = tmpdir / service
    # check if all secrets exist and generate them if at least one is missing
-    needs_regeneration = not check_secrets(machine)
+    needs_regeneration = not check_secrets(machine, service=service)
    log.debug(f"{service} needs_regeneration: {needs_regeneration}")
    if needs_regeneration:
        if not isinstance(machine.flake, Path):