difftreelog
fix post secret management refactor
in: trunk
3 files changed
cmds/fleet/src/cmds/secrets/mod.rsdiffbeforeafterboth--- a/cmds/fleet/src/cmds/secrets/mod.rs
+++ b/cmds/fleet/src/cmds/secrets/mod.rs
@@ -6,16 +6,20 @@
};
use anyhow::{anyhow, bail, ensure, Context, Result};
use chrono::{DateTime, Utc};
-use clap::Parser;
+use clap::{error::ErrorKind, Parser};
+use crossterm::{terminal, tty::IsTty};
+use itertools::Itertools;
use owo_colors::OwoColorize;
use serde::Deserialize;
use std::{
collections::{BTreeSet, HashSet},
- io::{self, Cursor, Read},
+ ffi::OsString,
+ io::{self, stdin, Cursor, Read, Write},
path::PathBuf,
};
use tabled::{Table, Tabled};
-use tokio::fs::read_to_string;
+use tempfile::NamedTempFile;
+use tokio::{fs::read_to_string, process::Command};
use tracing::{error, info, info_span, warn, Instrument};
#[derive(Parser)]
@@ -586,7 +590,7 @@
{
Ok(v) => v,
Err(e) => {
- error!("{e}");
+ error!("{e:?}");
continue;
}
};
cmds/fleet/src/host.rsdiffbeforeafterboth--- a/cmds/fleet/src/host.rs
+++ b/cmds/fleet/src/host.rs
@@ -385,7 +385,7 @@
let config_unchecked_field = nix_go!(fleet_field.unchecked.config);
let import = nix_go!(builtins_field.import);
- let overlays = nix_go!(fleet_field.overlays);
+ let overlays = nix_go!(config_unchecked_field.overlays);
let nixpkgs = nix_go!(fleet_field.nixpkgs | import);
let default_pkgs = nix_go!(nixpkgs(Obj {
modules/fleet/secrets.nixdiffbeforeafterboth153 overlays = [153 overlays = [154 (final: prev: let154 (final: prev: let155 lib = final.lib;155 lib = final.lib;156 inherit (lib) strings;156 inherit (lib) strings concatMap;157 inherit (strings) escapeShellArgs;157 inherit (strings) escapeShellArgs;158 in {158 in {159 mkEncryptSecret = {159 mkEncryptSecret = {160 rage ? prev.rage,160 rage ? prev.rage,161 recipients,161 recipients,162 }:162 }:163 prev.writeShellScript "encryptor" ''163 prev.writeShellScript "encryptor" ''164 #!/bin/sh164 #!/bin/sh165 exec ${rage}/bin/rage ${escapeShellArgs recipients} -e "$@"165 exec ${rage}/bin/rage ${escapeShellArgs (concatMap (r: ["-r" r]) recipients)} -e "$@"166 '';166 '';167 # TODO: Move to fleet167 # TODO: Move to fleet168 # TODO: Merge both generators to one with consistent options syntax?168 # TODO: Merge both generators to one with consistent options syntax?169 # Impure generator is built on local machine, then built closure is copied to remote machine,169 # Impure generator is built on local machine, then built closure is copied to remote machine,174 # (Some secrets-encryption-in-git/managed PKI solution is expected)174 # (Some secrets-encryption-in-git/managed PKI solution is expected)175 impureOn ? null,175 impureOn ? null,176 }:176 }:177 (prev.writeShellScript "impureGenerator.sh" ''177 (prev.writeShellScript "impureGenerator.sh" ''178 #!/bin/sh178 #!/bin/sh179 set -eu179 set -eu180180 cd /var/empty181 # TODO: Provide tempdir from outside, to make it securely erasurable as needed?182 tmp=$(mktemp -d)183 cd $tmp184 # cd /var/empty181185182 created_at=$(date -u +"%Y-%m-%dT%H:%M:%S.%NZ")186 created_at=$(date -u +"%Y-%m-%dT%H:%M:%S.%NZ")183187184 ${script}188 ${script}185189186 if ! test -d $out; then190 if ! test -d $out; then187 echo "impure generator script did not produce expected \$out output"191 echo "impure generator script did not produce expected \$out output"188 exit 1192 exit 1189 fi193 fi190194191 echo -n $created_at > $out/created_at195 echo -n $created_at > $out/created_at192 echo -n SUCCESS > $out/marker196 echo -n SUCCESS > $out/marker193 '')197 '')194 .overrideAttrs (old: {198 .overrideAttrs (old: {195 passthru = {199 passthru = {196 inherit impureOn;200 inherit impureOn;