git.delta.rocks / jrsonnet / refs/commits / 5eda0552da5c

difftreelog

refactor move keys command to secrets

Yaroslav Bolyukin2021-09-18parent: #fad91f8.patch.diff
in: trunk

3 files changed

deletedsrc/cmds/fetch_keys.rsdiffbeforeafterboth
--- a/src/cmds/fetch_keys.rs
+++ /dev/null
@@ -1,43 +0,0 @@
-use crate::host::FleetOpts;
-use anyhow::Result;
-use clap::Clap;
-use log::{info, warn};
-
-#[derive(Clap)]
-pub struct FetchKeys {
-	#[clap(flatten)]
-	fleet_opts: FleetOpts,
-
-	/// If true - remove orphaned keys
-	#[clap(long)]
-	cleanup: bool,
-}
-
-impl FetchKeys {
-	pub fn run(self) -> Result<()> {
-		let fleet = self.fleet_opts.build()?;
-		let hosts = fleet.list_hosts()?;
-		for host in hosts.iter() {
-			if host.skip() {
-				warn!("Skipped host {}", host.hostname);
-				continue;
-			}
-			host.key()?;
-		}
-		let orphans: Vec<_> = fleet.list_orphaned_keys()?;
-		if !orphans.is_empty() {
-			if self.cleanup {
-				info!("Removed orphan host keys:");
-			} else {
-				info!("Orphan host keys found, run with --cleanup to remove them from db:");
-			}
-			for (name, path) in orphans {
-				info!("- {}", name);
-				if self.cleanup {
-					std::fs::remove_file(path)?;
-				}
-			}
-		}
-		Ok(())
-	}
-}
addedsrc/cmds/secrets/mod.rsdiffbeforeafterboth
after · src/cmds/secrets/mod.rs
1use std::io::Write;23use anyhow::Result;4use clap::Clap;56use crate::host::Config;78#[derive(Clap)]9pub enum Secrets {10	/// Force load keys for all defined hosts11	ForceKeys,12	/// Add secret, data should be provided in stdin13	Add {14		/// Secret owner15		machine: String,16		/// Secret name17		name: String,18	},19}2021impl Secrets {22	pub fn run(self, config: &Config) -> Result<()> {23		match self {24			Secrets::ForceKeys => {25				for host in config.list_hosts()? {26					if config.should_skip(&host) {27						continue;28					}29					config.key(&host)?;30				}31			}32			Secrets::Add { machine, name } => {33				let recipient = config.recipient(&machine)?;34				let encryptor = age::Encryptor::with_recipients(vec![Box::new(recipient)]);3536				let mut encrypted = vec![];37				{38					let mut w = encryptor.wrap_output(&mut encrypted)?;3940					let stdin = std::io::stdin();41					let mut lock = stdin.lock();42					std::io::copy(&mut lock, &mut w)?;43					w.flush()?;44				}4546				config.update_secret(&machine, &name, &encrypted)47			}48		}49		Ok(())50	}51}
modifiedsrc/main.rsdiffbeforeafterboth
--- a/src/main.rs
+++ b/src/main.rs
@@ -15,12 +15,12 @@
 #[derive(Clap)]
 #[clap(version = "1.0", author = "CertainLach <iam@lach.pw>")]
 enum Opts {
-	/// Fetch encryption (ssh) public keys from remote hosts
-	FetchKeys(FetchKeys),
 	/// Force generation of missing secrets
 	GenerateSecrets(GenerateSecrets),
 	/// Prepare systems for deployments
 	BuildSystems(BuildSystems),
+	/// Secret management
+	Secrets(Secrets),
 }
 
 fn main() -> Result<()> {