difftreelog
fix post secret management refactor
in: trunk
3 files changed
cmds/fleet/src/cmds/secrets/mod.rsdiffbeforeafterboth--- a/cmds/fleet/src/cmds/secrets/mod.rs
+++ b/cmds/fleet/src/cmds/secrets/mod.rs
@@ -6,16 +6,20 @@
};
use anyhow::{anyhow, bail, ensure, Context, Result};
use chrono::{DateTime, Utc};
-use clap::Parser;
+use clap::{error::ErrorKind, Parser};
+use crossterm::{terminal, tty::IsTty};
+use itertools::Itertools;
use owo_colors::OwoColorize;
use serde::Deserialize;
use std::{
collections::{BTreeSet, HashSet},
- io::{self, Cursor, Read},
+ ffi::OsString,
+ io::{self, stdin, Cursor, Read, Write},
path::PathBuf,
};
use tabled::{Table, Tabled};
-use tokio::fs::read_to_string;
+use tempfile::NamedTempFile;
+use tokio::{fs::read_to_string, process::Command};
use tracing::{error, info, info_span, warn, Instrument};
#[derive(Parser)]
@@ -586,7 +590,7 @@
{
Ok(v) => v,
Err(e) => {
- error!("{e}");
+ error!("{e:?}");
continue;
}
};
cmds/fleet/src/host.rsdiffbeforeafterboth385 let config_unchecked_field = nix_go!(fleet_field.unchecked.config);385 let config_unchecked_field = nix_go!(fleet_field.unchecked.config);386386387 let import = nix_go!(builtins_field.import);387 let import = nix_go!(builtins_field.import);388 let overlays = nix_go!(fleet_field.overlays);388 let overlays = nix_go!(config_unchecked_field.overlays);389 let nixpkgs = nix_go!(fleet_field.nixpkgs | import);389 let nixpkgs = nix_go!(fleet_field.nixpkgs | import);390390391 let default_pkgs = nix_go!(nixpkgs(Obj {391 let default_pkgs = nix_go!(nixpkgs(Obj {modules/fleet/secrets.nixdiffbeforeafterboth--- a/modules/fleet/secrets.nix
+++ b/modules/fleet/secrets.nix
@@ -153,7 +153,7 @@
overlays = [
(final: prev: let
lib = final.lib;
- inherit (lib) strings;
+ inherit (lib) strings concatMap;
inherit (strings) escapeShellArgs;
in {
mkEncryptSecret = {
@@ -162,7 +162,7 @@
}:
prev.writeShellScript "encryptor" ''
#!/bin/sh
- exec ${rage}/bin/rage ${escapeShellArgs recipients} -e "$@"
+ exec ${rage}/bin/rage ${escapeShellArgs (concatMap (r: ["-r" r]) recipients)} -e "$@"
'';
# TODO: Move to fleet
# TODO: Merge both generators to one with consistent options syntax?
@@ -177,8 +177,12 @@
(prev.writeShellScript "impureGenerator.sh" ''
#!/bin/sh
set -eu
- cd /var/empty
+ # TODO: Provide tempdir from outside, to make it securely erasurable as needed?
+ tmp=$(mktemp -d)
+ cd $tmp
+ # cd /var/empty
+
created_at=$(date -u +"%Y-%m-%dT%H:%M:%S.%NZ")
${script}