git.delta.rocks / jrsonnet / refs/commits / 352f51b2ac9d

1use crate::{fleetdata::FleetSecret, host::Config};2use anyhow::{bail, Result};3use clap::Clap;4use std::io::{self, Cursor, Read};56#[derive(Clap)]7pub enum Secrets {8	/// Force load keys for all defined hosts9	ForceKeys,10	/// Add secret, data should be provided in stdin11	Add {12		/// Secret name13		name: String,14		/// Secret owners15		machines: Vec<String>,16		/// Override secret if already present17		#[clap(long)]18		force: bool,19		#[clap(long)]20		public: Option<String>,21	},22}2324impl Secrets {25	pub fn run(self, config: &Config) -> Result<()> {26		match self {27			Secrets::ForceKeys => {28				for host in config.list_hosts()? {29					if config.should_skip(&host) {30						continue;31					}32					config.key(&host)?;33				}34			}35			Secrets::Add {36				machines,37				name,38				force,39				public,40			} => {41				let recipients = machines42					.iter()43					.map(|m| config.recipient(m))44					.collect::<Result<Vec<_>>>()?;4546				let secret = {47					let mut input = vec![];48					io::stdin().read_to_end(&mut input)?;4950					let mut encrypted = vec![];51					let recipients = recipients52						.iter()53						.cloned()54						.map(|r| Box::new(r) as Box<dyn age::Recipient>)55						.collect();56					let mut encryptor =57						age::Encryptor::with_recipients(recipients).wrap_output(&mut encrypted)?;58					io::copy(&mut Cursor::new(input), &mut encryptor)?;59					ascii85::encode(&encrypted)60				};6162				let mut data = config.data_mut();63				if data.secret.contains_key(&name) && !force {64					bail!("secret already defined");65				}66				data.secret.insert(67					name,68					FleetSecret {69						owners: machines,70						expire_at: None,71						secret,72						public,73					},74				);75			}76		}77		Ok(())78	}79}