difftreelog
feat secret read-shared subcommand
in: trunk
3 files changed
cmds/fleet/src/cmds/secrets/mod.rsdiffbeforeafterboth94 #[clap(short = 'p', long, default_value = "secret")]94 #[clap(short = 'p', long, default_value = "secret")]95 part: String,95 part: String,96 },96 },97 /// Read secret from remote host, requires sudo on said host98 ReadShared {99 name: String,100 /// Which private secret part to read101 #[clap(short = 'p', long, default_value = "secret")]102 part: String,103 /// Which host should we use to decrypt, in case if reencryption is required, without104 /// regeneration105 #[clap(long)]106 prefer_identities: Vec<String>,107 },97 UpdateShared {108 UpdateShared {98 name: String,109 name: String,99110634645635 stdout().write_all(&data)?;646 stdout().write_all(&data)?;636 }647 }648 Secret::ReadShared {649 name,650 part: part_name,651 prefer_identities,652 } => {653 let secret = config.shared_secret(&name)?;654 let Some(part) = secret.secret.parts.get(&part_name) else {655 bail!("no part {part_name} in secret {name}");656 };657 let data = if part.raw.encrypted {658 let identity_holder = if !prefer_identities.is_empty() {659 prefer_identities660 .iter()661 .find(|i| secret.owners.iter().any(|s| s == *i))662 } else {663 secret.owners.first()664 };665 let Some(identity_holder) = identity_holder else {666 bail!("no available holder found");667 };668 let host = config.host(identity_holder).await?;669 host.decrypt(part.raw.clone()).await?670 } else {671 part.raw.data.clone()672 };673 stdout().write_all(&data)?;674 }637 Secret::UpdateShared {675 Secret::UpdateShared {638 name,676 name,639 machine,677 machine,crates/fleet-base/src/lib.rsdiffbeforeafterboth1pub mod command;1pub mod fleetdata;2pub mod fleetdata;2pub mod host;3pub mod host;3pub mod command;4mod keys;4pub mod opts;5pub mod opts;5mod keys;66crates/nix-eval/build.rsdiffbeforeafterbothno syntactic changes