clan/clan-core
12
4
Fork 18
Code Issues 99 Pull Requests 3 Actions Packages Projects 1 Releases Wiki Activity

add api for secret groups and decrypting secrets
Some checks failed
build / test (pull_request) Failing after 23s
Details

Browse Source
This commit is contained in:
Jörg Thalheim 2023-08-09 15:06:32 +02:00
parent caa1c0dfd8
commit e103a4186c
2 changed files with 44 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
pkgs/clan-cli/clan_cli/secrets/groups.py
View File

@ -23,29 +23,51 @@ def users_folder(group: str) -> Path:
return sops_groups_folder() / group / "users" return sops_groups_folder() / group / "users"
# TODO: make this a tree class Group:
def list_command(args: argparse.Namespace) -> None: def __init__(self, name: str, machines: list[str], users: list[str]) -> None:
self.name = name
self.machines = machines
self.users = users
def list_groups() -> list[Group]:
groups = []
folder = sops_groups_folder() folder = sops_groups_folder()
if not folder.exists(): if not folder.exists():
return return groups
for group in os.listdir(folder): for name in os.listdir(folder):
group_folder = folder / group group_folder = folder / name
if not group_folder.is_dir(): if not group_folder.is_dir():
continue continue
print(group) machines_path = machines_folder(name)
machines = machines_folder(group) machines = []
if machines.is_dir(): if machines_path.is_dir():
print("machines:") for f in machines_path.iterdir():
for f in machines.iterdir():
if validate_hostname(f.name): if validate_hostname(f.name):
print(f.name) machines.append(f.name)
users = users_folder(group) users_path = users_folder(name)
if users.is_dir(): users = []
print("users:") if users_path.is_dir():
for f in users.iterdir(): for f in users_path.iterdir():
if VALID_USER_NAME.match(f.name): if VALID_USER_NAME.match(f.name):
print(f) users.append(f.name)
groups.append(Group(name, machines, users))
return groups
def list_command(args: argparse.Namespace) -> None:
for group in list_groups():
print(group.name)
if group.machines:
print("machines:")
for machine in group.machines:
print(f" {machine}")
if group.users:
print("users:")
for user in group.users:
print(f" {user}")
print()
def list_directory(directory: Path) -> str: def list_directory(directory: Path) -> str:

9
pkgs/clan-cli/clan_cli/secrets/secrets.py
View File

@ -183,13 +183,16 @@ def list_command(args: argparse.Namespace) -> None:
print("\n".join(lst)) print("\n".join(lst))
def get_command(args: argparse.Namespace) -> None: def decrypt_secret(secret: str) -> str:
secret: str = args.secret
ensure_sops_key() ensure_sops_key()
secret_path = sops_secrets_folder() / secret / "secret" secret_path = sops_secrets_folder() / secret / "secret"
if not secret_path.exists(): if not secret_path.exists():
raise ClanError(f"Secret '{secret}' does not exist") raise ClanError(f"Secret '{secret}' does not exist")
print(decrypt_file(secret_path), end="") return decrypt_file(secret_path)
def get_command(args: argparse.Namespace) -> None:
print(decrypt_secret(args.secret), end="")
def set_command(args: argparse.Namespace) -> None: def set_command(args: argparse.Namespace) -> None: