clan/clan-core
12
4
Fork 19
Code Issues 99 Pull Requests 2 Actions Packages Projects 1 Releases Wiki Activity

Merge pull request 'clan/secrets: fix if user/machine directory does not contain a key.json' (#257) from Mic92-main into main
All checks were successful
checks-impure / test (push) Successful in 6s
Details
checks / test (push) Successful in 50s
Details

Browse Source
This commit is contained in:
clan-bot 2023-09-07 10:52:00 +00:00
commit cbff4a44e0
5 changed files with 30 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pkgs/clan-cli/clan_cli/secrets/machines.py
View File

@ -20,7 +20,12 @@ def get_machine(name: str) -> str:
def list_machines() -> list[str]:
return list_objects(sops_machines_folder(), lambda x: validate_hostname(x))
path = sops_machines_folder()
def validate(name: str) -> bool:
return validate_hostname(name) and (path / name / "key.json").exists()
return list_objects(path, validate)
def add_secret(machine: str, secret: str) -> None:

12
pkgs/clan-cli/clan_cli/secrets/secrets.py
View File

@ -172,9 +172,15 @@ def disallow_member(group_folder: Path, name: str) -> None:
def list_secrets() -> list[str]:
return list_objects(
sops_secrets_folder(), lambda n: VALID_SECRET_NAME.match(n) is not None
)
path = sops_secrets_folder()
def validate(name: str) -> bool:
return (
VALID_SECRET_NAME.match(name) is not None
and (path / name / "secret").exists()
)
return list_objects(path, validate)
def list_command(args: argparse.Namespace) -> None:

3
pkgs/clan-cli/clan_cli/secrets/sops.py
View File

@ -55,8 +55,9 @@ def ensure_user_or_machine(pub_key: str) -> SopsKey:
for folder in folders:
if folder.exists():
for user in folder.iterdir():
if not user.is_dir():
if not (user / "key.json").exists():
continue
if read_key(user) == pub_key:
key.username = user.name
return key

14
pkgs/clan-cli/clan_cli/secrets/users.py
View File

@ -4,7 +4,7 @@ from . import secrets
from .folders import list_objects, remove_object, sops_users_folder
from .sops import read_key, write_key
from .types import (
VALID_SECRET_NAME,
VALID_USER_NAME,
public_or_private_age_key_type,
secret_name_type,
user_name_type,
@ -24,9 +24,15 @@ def get_user(name: str) -> str:
def list_users() -> list[str]:
return list_objects(
sops_users_folder(), lambda n: VALID_SECRET_NAME.match(n) is not None
)
path = sops_users_folder()
def validate(name: str) -> bool:
return (
VALID_USER_NAME.match(name) is not None
and (path / name / "key.json").exists()
)
return list_objects(path, validate)
def add_secret(user: str, secret: str) -> None:

3
pkgs/clan-cli/tests/test_secrets_cli.py
View File

@ -153,6 +153,9 @@ def test_secrets(
cli.run(["secrets", "machines", "add", "machine1", age_keys[0].pubkey])
cli.run(["secrets", "machines", "add-secret", "machine1", "key"])
capsys.readouterr()
cli.run(["secrets", "machines", "list"])
assert capsys.readouterr().out == "machine1\n"
with use_key(age_keys[0].privkey, monkeypatch):
capsys.readouterr()