git.delta.rocks / jrsonnet / refs/commits / 204755f76096

difftreelog

feat fleet secret ensure subcommand

suumuztxYaroslav Bolyukin2026-04-18parent: #48f2bca.patch.diff
in: trunk

1 file changed

modifiedcmds/fleet/src/cmds/secrets.rsdiffbeforeafterboth
5use clap::Parser;5use clap::Parser;
6use fleet_base::{fleetdata::SecretOwner, host::Config, opts::FleetOpts};6use fleet_base::{fleetdata::SecretOwner, host::Config, opts::FleetOpts};
7use itertools::Itertools as _;7use itertools::Itertools as _;
8use nix_eval::nix_go;
8use tracing::warn;9use tracing::{info, warn};
910
10#[derive(Parser)]11#[derive(Parser)]
11pub enum Secret {12pub enum Secret {
206					}207					}
207				}208				}
208			}209			}
209			Secret::Ensure { name, machine } => todo!(),210			Secret::Ensure { name, machine } => {
211				let hosts: Vec<String> = if machine.is_empty() {
212					config
213						.list_hosts()?
214						.into_iter()
215						.filter(|h| opts.should_skip(h).ok() != Some(true))
216						.map(|h| h.name)
217						.collect()
218				} else {
219					machine
220				};
221
222				for hostname in &hosts {
223					let nixos_cfg = config.system_config(hostname)?;
224					let secrets = nix_go!(nixos_cfg.secrets);
225					if secrets.has_field(&name)? {
226						info!("ensuring secret {name} for {hostname}");
227						// Force evaluation of secret parts, triggering __fleetEnsureHostSecret
228						nix_go!(secrets[{ &name }].definition.parts);
229					}
230				}
231			}
210		}232		}
211		Ok(())233		Ok(())
212	}234	}