Luis/nextjs-python-web-template
Template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request 'clan/secrets: fix if user/machine directory does not contain a key.json' (#257) from Mic92-main into main

Browse Source
This commit is contained in:
clan-bot
2023-09-07 10:52:00 +00:00
parent 80e75fc502 c3ccf68007
commit cbff4a44e0
5 changed files with 30 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
pkgs/clan-cli/clan_cli/secrets/machines.py
View File

@@ -20,7 +20,12 @@ def get_machine(name: str) -> str:
def list_machines() -> list[str]: def list_machines() -> list[str]:
return list_objects(sops_machines_folder(), lambda x: validate_hostname(x)) path = sops_machines_folder()
def validate(name: str) -> bool:
return validate_hostname(name) and (path / name / "key.json").exists()
return list_objects(path, validate)
def add_secret(machine: str, secret: str) -> None: def add_secret(machine: str, secret: str) -> None:

10
pkgs/clan-cli/clan_cli/secrets/secrets.py
View File

@@ -172,10 +172,16 @@ def disallow_member(group_folder: Path, name: str) -> None:
def list_secrets() -> list[str]: def list_secrets() -> list[str]:
return list_objects( path = sops_secrets_folder()
sops_secrets_folder(), lambda n: VALID_SECRET_NAME.match(n) is not None
def validate(name: str) -> bool:
return (
VALID_SECRET_NAME.match(name) is not None
and (path / name / "secret").exists()
) )
return list_objects(path, validate)
def list_command(args: argparse.Namespace) -> None: def list_command(args: argparse.Namespace) -> None:
lst = list_secrets() lst = list_secrets()

3
pkgs/clan-cli/clan_cli/secrets/sops.py
View File

@@ -55,8 +55,9 @@ def ensure_user_or_machine(pub_key: str) -> SopsKey:
for folder in folders: for folder in folders:
if folder.exists(): if folder.exists():
for user in folder.iterdir(): for user in folder.iterdir():
if not user.is_dir(): if not (user / "key.json").exists():
continue continue
if read_key(user) == pub_key: if read_key(user) == pub_key:
key.username = user.name key.username = user.name
return key return key

12
pkgs/clan-cli/clan_cli/secrets/users.py
View File

@@ -4,7 +4,7 @@ from . import secrets
from .folders import list_objects, remove_object, sops_users_folder from .folders import list_objects, remove_object, sops_users_folder
from .sops import read_key, write_key from .sops import read_key, write_key
from .types import ( from .types import (
VALID_SECRET_NAME, VALID_USER_NAME,
public_or_private_age_key_type, public_or_private_age_key_type,
secret_name_type, secret_name_type,
user_name_type, user_name_type,
@@ -24,10 +24,16 @@ def get_user(name: str) -> str:
def list_users() -> list[str]: def list_users() -> list[str]:
return list_objects( path = sops_users_folder()
sops_users_folder(), lambda n: VALID_SECRET_NAME.match(n) is not None
def validate(name: str) -> bool:
return (
VALID_USER_NAME.match(name) is not None
and (path / name / "key.json").exists()
) )
return list_objects(path, validate)
def add_secret(user: str, secret: str) -> None: def add_secret(user: str, secret: str) -> None:
secrets.allow_member(secrets.users_folder(secret), sops_users_folder(), user) secrets.allow_member(secrets.users_folder(secret), sops_users_folder(), user)

3
pkgs/clan-cli/tests/test_secrets_cli.py
View File

@@ -153,6 +153,9 @@ def test_secrets(
cli.run(["secrets", "machines", "add", "machine1", age_keys[0].pubkey]) cli.run(["secrets", "machines", "add", "machine1", age_keys[0].pubkey])
cli.run(["secrets", "machines", "add-secret", "machine1", "key"]) cli.run(["secrets", "machines", "add-secret", "machine1", "key"])
capsys.readouterr()
cli.run(["secrets", "machines", "list"])
assert capsys.readouterr().out == "machine1\n"
with use_key(age_keys[0].privkey, monkeypatch): with use_key(age_keys[0].privkey, monkeypatch):
capsys.readouterr() capsys.readouterr()