git.delta.rocks / jrsonnet / refs/commits / 5eda0552da5c

difftreelog

refactor move keys command to secrets

Yaroslav Bolyukin2021-09-18parent: #fad91f8.patch.diff
in: trunk

3 files changed

deletedsrc/cmds/fetch_keys.rsdiffbeforeafterboth
before · src/cmds/fetch_keys.rs
1use crate::host::FleetOpts;2use anyhow::Result;3use clap::Clap;4use log::{info, warn};56#[derive(Clap)]7pub struct FetchKeys {8	#[clap(flatten)]9	fleet_opts: FleetOpts,1011	/// If true - remove orphaned keys12	#[clap(long)]13	cleanup: bool,14}1516impl FetchKeys {17	pub fn run(self) -> Result<()> {18		let fleet = self.fleet_opts.build()?;19		let hosts = fleet.list_hosts()?;20		for host in hosts.iter() {21			if host.skip() {22				warn!("Skipped host {}", host.hostname);23				continue;24			}25			host.key()?;26		}27		let orphans: Vec<_> = fleet.list_orphaned_keys()?;28		if !orphans.is_empty() {29			if self.cleanup {30				info!("Removed orphan host keys:");31			} else {32				info!("Orphan host keys found, run with --cleanup to remove them from db:");33			}34			for (name, path) in orphans {35				info!("- {}", name);36				if self.cleanup {37					std::fs::remove_file(path)?;38				}39			}40		}41		Ok(())42	}43}
addedsrc/cmds/secrets/mod.rsdiffbeforeafterboth
--- /dev/null
+++ b/src/cmds/secrets/mod.rs
@@ -0,0 +1,51 @@
+use std::io::Write;
+
+use anyhow::Result;
+use clap::Clap;
+
+use crate::host::Config;
+
+#[derive(Clap)]
+pub enum Secrets {
+	/// Force load keys for all defined hosts
+	ForceKeys,
+	/// Add secret, data should be provided in stdin
+	Add {
+		/// Secret owner
+		machine: String,
+		/// Secret name
+		name: String,
+	},
+}
+
+impl Secrets {
+	pub fn run(self, config: &Config) -> Result<()> {
+		match self {
+			Secrets::ForceKeys => {
+				for host in config.list_hosts()? {
+					if config.should_skip(&host) {
+						continue;
+					}
+					config.key(&host)?;
+				}
+			}
+			Secrets::Add { machine, name } => {
+				let recipient = config.recipient(&machine)?;
+				let encryptor = age::Encryptor::with_recipients(vec![Box::new(recipient)]);
+
+				let mut encrypted = vec![];
+				{
+					let mut w = encryptor.wrap_output(&mut encrypted)?;
+
+					let stdin = std::io::stdin();
+					let mut lock = stdin.lock();
+					std::io::copy(&mut lock, &mut w)?;
+					w.flush()?;
+				}
+
+				config.update_secret(&machine, &name, &encrypted)
+			}
+		}
+		Ok(())
+	}
+}
modifiedsrc/main.rsdiffbeforeafterboth
--- a/src/main.rs
+++ b/src/main.rs
@@ -15,12 +15,12 @@
 #[derive(Clap)]
 #[clap(version = "1.0", author = "CertainLach <iam@lach.pw>")]
 enum Opts {
-	/// Fetch encryption (ssh) public keys from remote hosts
-	FetchKeys(FetchKeys),
 	/// Force generation of missing secrets
 	GenerateSecrets(GenerateSecrets),
 	/// Prepare systems for deployments
 	BuildSystems(BuildSystems),
+	/// Secret management
+	Secrets(Secrets),
 }
 
 fn main() -> Result<()> {