From e103a4186c8aff9fd7fef8e1fe25d235cd93a7b0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Wed, 9 Aug 2023 15:06:32 +0200
Subject: [PATCH] add api for secret groups and decrypting secrets

---
 pkgs/clan-cli/clan_cli/secrets/groups.py  | 54 ++++++++++++++++-------
 pkgs/clan-cli/clan_cli/secrets/secrets.py |  9 ++--
 2 files changed, 44 insertions(+), 19 deletions(-)

diff --git a/pkgs/clan-cli/clan_cli/secrets/groups.py b/pkgs/clan-cli/clan_cli/secrets/groups.py
index a5f8acd8..07c9c862 100644
--- a/pkgs/clan-cli/clan_cli/secrets/groups.py
+++ b/pkgs/clan-cli/clan_cli/secrets/groups.py
@@ -23,29 +23,51 @@ def users_folder(group: str) -> Path:
     return sops_groups_folder() / group / "users"
 
 
-# TODO: make this a tree
-def list_command(args: argparse.Namespace) -> None:
+class Group:
+    def __init__(self, name: str, machines: list[str], users: list[str]) -> None:
+        self.name = name
+        self.machines = machines
+        self.users = users
+
+
+def list_groups() -> list[Group]:
+    groups = []
     folder = sops_groups_folder()
     if not folder.exists():
-        return
+        return groups
 
-    for group in os.listdir(folder):
-        group_folder = folder / group
+    for name in os.listdir(folder):
+        group_folder = folder / name
         if not group_folder.is_dir():
             continue
-        print(group)
-        machines = machines_folder(group)
-        if machines.is_dir():
-            print("machines:")
-            for f in machines.iterdir():
+        machines_path = machines_folder(name)
+        machines = []
+        if machines_path.is_dir():
+            for f in machines_path.iterdir():
                 if validate_hostname(f.name):
-                    print(f.name)
-        users = users_folder(group)
-        if users.is_dir():
-            print("users:")
-            for f in users.iterdir():
+                    machines.append(f.name)
+        users_path = users_folder(name)
+        users = []
+        if users_path.is_dir():
+            for f in users_path.iterdir():
                 if VALID_USER_NAME.match(f.name):
-                    print(f)
+                    users.append(f.name)
+        groups.append(Group(name, machines, users))
+    return groups
+
+
+def list_command(args: argparse.Namespace) -> None:
+    for group in list_groups():
+        print(group.name)
+        if group.machines:
+            print("machines:")
+            for machine in group.machines:
+                print(f"  {machine}")
+        if group.users:
+            print("users:")
+            for user in group.users:
+                print(f"  {user}")
+        print()
 
 
 def list_directory(directory: Path) -> str:
diff --git a/pkgs/clan-cli/clan_cli/secrets/secrets.py b/pkgs/clan-cli/clan_cli/secrets/secrets.py
index ed59022a..72ac6856 100644
--- a/pkgs/clan-cli/clan_cli/secrets/secrets.py
+++ b/pkgs/clan-cli/clan_cli/secrets/secrets.py
@@ -183,13 +183,16 @@ def list_command(args: argparse.Namespace) -> None:
         print("\n".join(lst))
 
 
-def get_command(args: argparse.Namespace) -> None:
-    secret: str = args.secret
+def decrypt_secret(secret: str) -> str:
     ensure_sops_key()
     secret_path = sops_secrets_folder() / secret / "secret"
     if not secret_path.exists():
         raise ClanError(f"Secret '{secret}' does not exist")
-    print(decrypt_file(secret_path), end="")
+    return decrypt_file(secret_path)
+
+
+def get_command(args: argparse.Namespace) -> None:
+    print(decrypt_secret(args.secret), end="")
 
 
 def set_command(args: argparse.Namespace) -> None: