git.delta.rocks / jrsonnet / refs/commits / 80667c474dc7

difftreelog

feat generation data

Yaroslav Bolyukin2024-11-30parent: #6d807f6.patch.diff
in: trunk

4 files changed

modifiedcmds/fleet/src/cmds/secrets/mod.rsdiffbeforeafterboth
--- a/cmds/fleet/src/cmds/secrets/mod.rs
+++ b/cmds/fleet/src/cmds/secrets/mod.rs
@@ -288,6 +288,8 @@
 		created_at,
 		expires_at,
 		parts,
+		// TODO: Fill with expected
+		generation_data: serde_json::Value::Null,
 	})
 }
 async fn generate(
@@ -507,6 +509,7 @@
 							created_at: Utc::now(),
 							expires_at,
 							parts,
+							generation_data: serde_json::Value::Null,
 						},
 					},
 				);
@@ -534,6 +537,7 @@
 						created_at: Utc::now(),
 						expires_at: None,
 						parts: BTreeMap::new(),
+						generation_data: serde_json::Value::Null,
 					}
 				};
modifiedcrates/fleet-base/src/fleetdata.rsdiffbeforeafterboth
before · crates/fleet-base/src/fleetdata.rs
1use std::{2	collections::BTreeMap,3	io::{self, Cursor},4};56use age::Recipient;7use chrono::{DateTime, Utc};8use fleet_shared::SecretData;9use rand::{10	distributions::{Alphanumeric, DistString},11	thread_rng,12};13use serde::{de::Error, Deserialize, Serialize};14use serde_json::Value;1516#[derive(Serialize, Deserialize, Default)]17#[serde(rename_all = "camelCase")]18pub struct HostData {19	#[serde(default)]20	#[serde(skip_serializing_if = "String::is_empty")]21	pub encryption_key: String,22}2324const VERSION: &str = "0.1.0";25pub struct FleetDataVersion;26impl Serialize for FleetDataVersion {27	fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>28	where29		S: serde::Serializer,30	{31		VERSION.serialize(serializer)32	}33}34impl<'de> Deserialize<'de> for FleetDataVersion {35	fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>36	where37		D: serde::Deserializer<'de>,38	{39		let version = String::deserialize(deserializer)?;40		if version != VERSION {41			return Err(D::Error::custom(format!(42				"fleet.nix data version mismatch, expected {VERSION}, got {version}.\nFollow the docs for migration instruction"43			)));44		}45		Ok(Self)46	}47}4849fn generate_gc_prefix() -> String {50	let id = Alphanumeric.sample_string(&mut thread_rng(), 8);51	format!("fleet-gc-{id}")52}5354#[derive(Serialize, Deserialize)]55#[serde(rename_all = "camelCase")]56pub struct FleetData {57	pub version: FleetDataVersion,58	#[serde(default = "generate_gc_prefix")]59	pub gc_root_prefix: String,6061	#[serde(default)]62	pub hosts: BTreeMap<String, HostData>,63	#[serde(default)]64	#[serde(skip_serializing_if = "BTreeMap::is_empty")]65	pub shared_secrets: BTreeMap<String, FleetSharedSecret>,66	#[serde(default)]67	#[serde(skip_serializing_if = "BTreeMap::is_empty")]68	pub host_secrets: BTreeMap<String, BTreeMap<String, FleetSecret>>,6970	// extra_name => anything71	#[serde(default)]72	#[serde(skip_serializing_if = "BTreeMap::is_empty")]73	pub extra: BTreeMap<String, Value>,74}7576#[derive(Serialize, Deserialize, Clone)]77#[serde(rename_all = "camelCase")]78#[must_use]79pub struct FleetSharedSecret {80	pub owners: Vec<String>,81	#[serde(flatten)]82	pub secret: FleetSecret,83}8485/// Returns None if recipients.is_empty()86pub fn encrypt_secret_data<'a>(87	recipients: impl IntoIterator<Item = &'a dyn Recipient>,88	data: Vec<u8>,89) -> Option<SecretData> {90	let mut encrypted = vec![];91	let mut encryptor = age::Encryptor::with_recipients(recipients.into_iter())92		.ok()?93		.wrap_output(&mut encrypted)94		.expect("in memory write");95	io::copy(&mut Cursor::new(data), &mut encryptor).expect("in memory copy");96	encryptor.finish().expect("in memory flush");97	Some(SecretData {98		data: encrypted,99		encrypted: true,100	})101}102103#[derive(Serialize, Deserialize, Clone)]104pub struct FleetSecretPart {105	pub raw: SecretData,106}107108#[derive(Serialize, Deserialize, Clone)]109#[serde(rename_all = "camelCase")]110#[must_use]111pub struct FleetSecret {112	#[serde(default = "Utc::now")]113	pub created_at: DateTime<Utc>,114	#[serde(default)]115	#[serde(skip_serializing_if = "Option::is_none", alias = "expire_at")]116	pub expires_at: Option<DateTime<Utc>>,117118	#[serde(flatten)]119	pub parts: BTreeMap<String, FleetSecretPart>,120}
modifiedcrates/nix-eval/src/macros.rsdiffbeforeafterboth
--- a/crates/nix-eval/src/macros.rs
+++ b/crates/nix-eval/src/macros.rs
@@ -7,7 +7,7 @@
 	pub(crate) out: String,
 	used_fields: Vec<Value>,
 }
-trait AttrSetValue {
+pub trait AttrSetValue {
 	fn to_builder(self) -> NixExprBuilder;
 }
 trait Primitive {}
modifiedmodules/nixos/secrets.nixdiffbeforeafterboth
--- a/modules/nixos/secrets.nix
+++ b/modules/nixos/secrets.nix
@@ -41,6 +41,17 @@
           type = str;
           description = "Secret public data (only available for plaintext)";
         };
+
+        expectedGenerationData = mkOption {
+          type = unspecified;
+          description = "Data that gets embedded into secret part";
+          default = null;
+        };
+        generationData = mkOption {
+          type = unspecified;
+          description = "Data that is embedded into secret part";
+          default = null;
+        };
       };
       config = {
         hash = hashString "sha1" config.raw;