git.delta.rocks / jrsonnet / refs/commits / eab67eb0e28a

difftreelog

refactor disable secret generation

Yaroslav Bolyukin2021-03-09parent: #35b9319.patch.diff
in: trunk

2 files changed

modifiedsrc/cmds/generate_secrets.rsdiffbeforeafterboth
before · src/cmds/generate_secrets.rs
1use std::collections::HashSet;23use anyhow::Result;4use clap::Clap;5use log::info;67use crate::db::{8	keys::KeyDb,9	secret::{list_secrets, SecretDb},10	Db, DbData,11};1213#[derive(Clap)]14pub struct GenerateSecrets {15	/// If set - remove orphaned secrets16	#[clap(long)]17	cleanup: bool,18}1920impl GenerateSecrets {21	pub fn run(self) -> Result<()> {22		let db = Db::new(".fleet")?;23		let mut secrets = SecretDb::open(&db)?;2425		let defined_secrets = list_secrets()?;26		for (secret, data) in defined_secrets.iter() {27			let keys = KeyDb::open(&db)?;28			secrets.ensure_generated(&keys, &secret, &data)?;29		}30		let key_names = defined_secrets31			.keys()32			.filter(|s| !secrets.has_secret(s))33			.cloned()34			.collect::<HashSet<_>>();35		if !key_names.is_empty() {36			if self.cleanup {37				info!("Removed orphan secrets:");38			} else {39				info!("Orphan secrets found, run with --cleanup to remove them from db:");40			}41			for key in key_names {42				info!("- {}", key);43				if self.cleanup {44					secrets.remove_secret(&key)45				}46			}47		}4849		Ok(())50	}51}
after · src/cmds/generate_secrets.rs
1use std::collections::HashSet;23use anyhow::Result;4use clap::Clap;5use log::info;67use crate::db::{8	secret::{list_secrets, SecretDb},9	Db, DbData,10};1112#[derive(Clap)]13pub struct GenerateSecrets {14	/// If set - remove orphaned secrets15	#[clap(long)]16	cleanup: bool,17}1819impl GenerateSecrets {20	pub fn run(self) -> Result<()> {21		let db = Db::new(".fleet")?;22		let mut secrets = SecretDb::open(&db)?;2324		let defined_secrets = list_secrets()?;25		for (secret, data) in defined_secrets.iter() {26			// let keys = KeyDb::open(&db)?;27			// secrets.ensure_generated(&keys, &secret, &data)?;28		}29		let key_names = defined_secrets30			.keys()31			.filter(|s| !secrets.has_secret(s))32			.cloned()33			.collect::<HashSet<_>>();34		if !key_names.is_empty() {35			if self.cleanup {36				info!("Removed orphan secrets:");37			} else {38				info!("Orphan secrets found, run with --cleanup to remove them from db:");39			}40			for key in key_names {41				info!("- {}", key);42				if self.cleanup {43					secrets.remove_secret(&key)44				}45			}46		}4748		Ok(())49	}50}
modifiedsrc/db/secret.rsdiffbeforeafterboth
--- a/src/db/secret.rs
+++ b/src/db/secret.rs
@@ -1,4 +1,4 @@
-use crate::{command::CommandExt, nix::SECRETS_ATTRIBUTE};
+use crate::{command::CommandExt, host::FleetConfig, nix::SECRETS_ATTRIBUTE};
 use anyhow::{bail, Result};
 use log::info;
 use serde::{Deserialize, Deserializer, Serialize, Serializer};
@@ -10,7 +10,7 @@
 };
 use time::{Duration, PrimitiveDateTime};
 
-use super::{db::DbData, keys::KeyDb};
+use super::db::DbData;
 
 #[derive(Serialize, Deserialize, Debug)]
 pub struct SecretListData {
@@ -109,7 +109,7 @@
 	// Secrets are generated on machine running fleet command
 	pub fn generate_secret(
 		&mut self,
-		keys: &KeyDb,
+		fleet_config: FleetConfig,
 		secret: &str,
 		data: &SecretListData,
 	) -> Result<()> {
@@ -119,7 +119,7 @@
 				rage_keys.push(' ');
 			}
 			rage_keys.push_str("--recipient \"");
-			rage_keys.push_str(&keys.get_host_key(&owner)?);
+			// rage_keys.push_str(&keys.get_host_key(&owner)?);
 			rage_keys.push('"')
 		}
 		let created_at: PrimitiveDateTime = SystemTime::now().into();
@@ -184,13 +184,13 @@
 	}
 	pub fn ensure_generated(
 		&mut self,
-		keys: &KeyDb,
+		// keys: &KeyDb,
 		secret: &str,
 		data: &SecretListData,
 	) -> Result<()> {
 		if self.need_to_generate(secret, data)? {
 			info!("Generating secret {}", secret);
-			self.generate_secret(keys, secret, data)?;
+			// self.generate_secret(keys, secret, data)?;
 		}
 
 		Ok(())