jw-pkg/src/python/jw/pkg/cmds/secrets/lib/DistroContext.py

# -*- coding: utf-8 -*-

from __future__ import annotations

import re

from pathlib import Path

from typing import TYPE_CHECKING

if TYPE_CHECKING:
    from typing import Iterable
    from ....lib.FileContext import FileContext

from ....lib.log import *
from ....lib.util import run_cmd
from ....lib.TarIo import TarIo
from ....lib.ProcFilterGpg import ProcFilterGpg

from .base import Attrs
from .FilesContext import FilesContext

class DistroContext(FilesContext):

    def __init__(self, distro: Distro) -> None:
        super().__init__(distro.ctx)
        self.__distro = distro

    async def match_files(self, pkg_names: Iterable[str], pattern: str) -> list[str]:
        ret: list[str] = []
        for pkg_name in pkg_names:
            for path in await self.__distro.pkg_files(pkg_name):
                if re.match(pattern, path):
                    ret.append(path)
        return ret

    async def list_template_files(self, pkg_names: Iterable[str]) -> list[str]:
        if not pkg_names:
            pkg_names = [p.name for p in await self.__distro.select()]
        return await self.match_files(pkg_names, pattern=r'.*\.jw-tmpl$')

    async def list_secret_paths(self, pkg_names: Iterable[str], ignore_missing: bool=False) -> list[str]:
        ret = []
        for tmpl in await self.list_template_files(pkg_names):
            path = str(Path(tmpl).with_suffix(".jw-secret"))
            if ignore_missing and not await self.ctx.file_exists(path):
                continue
            ret.append(path)
        return ret

    async def list_compilation_targets(self, pkg_names: Iterable[str], ignore_missing: bool=False) -> list[str]:
        ret = []
        for tmpl in await self.list_template_files(pkg_names):
            path = tmpl.removesuffix('.jw-tmpl')
            if ignore_missing and not await self.ctx.file_exists(path):
                continue
            ret.append(path)
        return ret

    async def remove_compilation_targets(self, pkg_names: Iterable[str]) -> list[str]:
        for path in await self.list_compilation_targets(pkg_names):
            try:
                self.ctx.stat(path)
                log(NOTICE, f'Removing {path}')
                await self.ctx.unlink(path)
            except FileNotFoundError as e:
                log(DEBUG, f'Compilation target {path} doesn\'t exist (ignored)')
                continue

    async def compile_template_files(self, pkg_names: Iterable[str], default_attrs: Attrs) -> list[str]:
        missing = 0
        for target in await self.list_compilation_targets(pkg_names):
            if not await self.compile_template_file(target, default_attrs):
                missing += 1
        if missing > 0:
            log(WARNING, f'{missing} missing secrets found. You might want to add them and run sudo {app.cmdline} again')

    async def install(self, src_uri: str, pkg_names: Iterable[str], only_missing: bool=False) -> None:
        if only_missing:
            raise NotImplementedError('--only-missing is not yet implemented')
        secret_paths = await self.list_secret_paths(pkg_names)
        ec = self.ctx
        from ....lib.ec.Local import Local
        from ....lib.FileContext import FileContext
        if not isinstance(ec, Local):
            ec = Local() # Security: Use a local exec context for decrypting and filtering secrets
        async with TarIo.create(src=src_uri, dst=self.ctx) as tio:
            tio.src.add_proc_filter(FileContext.Direction.In, ProcFilterGpg(ec=ec))
            extracted_paths = await tio.extract(path_filter=secret_paths)
            for path in secret_paths:
                if not path in extracted_paths:
                    log(NOTICE, f'not extracted: {path}')
                else:
                    log(NOTICE, f'extracted:     {path}')
cmds.secrets: Make commands work remotely The "secrets" class of commands currently only works on the host it's invoked on. Use the current FileContext to allow using the existing commands on a target host. Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-17 15:49:25 +02:00			`# -- coding: utf-8 --`

			`from __future__ import annotations`

			`import re`

			`from pathlib import Path`

			`from typing import TYPE_CHECKING`

			`if TYPE_CHECKING:`
			`from typing import Iterable`
			`from ....lib.FileContext import FileContext`

			`from ....lib.log import *`
			`from ....lib.util import run_cmd`
cmds.secrets.lib.DistroContext.install(): Add method Add DistroContext.install(). It takes a tar file containing secrets, decrypts it, and installs all secrets needed on target and present in that file. For every file that should be extracted, it logs if it acutally did something or didn't. It also features an only_missing argument, which is just a stub for "allow to define somy extraction policy with respect to replacing all / some / not replace / whatever. Not thought through. Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-24 16:29:14 +02:00			`from ....lib.TarIo import TarIo`
			`from ....lib.ProcFilterGpg import ProcFilterGpg`
cmds.secrets: Make commands work remotely The "secrets" class of commands currently only works on the host it's invoked on. Use the current FileContext to allow using the existing commands on a target host. Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-17 15:49:25 +02:00
			`from .base import Attrs`
			`from .FilesContext import FilesContext`

			`class DistroContext(FilesContext):`

			`def __init__(self, distro: Distro) -> None:`
			`super().__init__(distro.ctx)`
			`self.__distro = distro`

cmds.secrets.lib.DistroContext: packages -> pkg_names Cosmetics: The "packages" parameter to some DistroContext's methods has a confusing name in same contexts, notably when mixed with a list of Package instances, so rename it to "pkg_names". Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-21 11:22:51 +02:00			`async def match_files(self, pkg_names: Iterable[str], pattern: str) -> list[str]:`
cmds.secrets: Make commands work remotely The "secrets" class of commands currently only works on the host it's invoked on. Use the current FileContext to allow using the existing commands on a target host. Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-17 15:49:25 +02:00			`ret: list[str] = []`
cmds.secrets.lib.DistroContext: packages -> pkg_names Cosmetics: The "packages" parameter to some DistroContext's methods has a confusing name in same contexts, notably when mixed with a list of Package instances, so rename it to "pkg_names". Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-21 11:22:51 +02:00			`for pkg_name in pkg_names:`
			`for path in await self.__distro.pkg_files(pkg_name):`
cmds.secrets: Make commands work remotely The "secrets" class of commands currently only works on the host it's invoked on. Use the current FileContext to allow using the existing commands on a target host. Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-17 15:49:25 +02:00			`if re.match(pattern, path):`
			`ret.append(path)`
			`return ret`

cmds.secrets.lib.DistroContext: packages -> pkg_names Cosmetics: The "packages" parameter to some DistroContext's methods has a confusing name in same contexts, notably when mixed with a list of Package instances, so rename it to "pkg_names". Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-21 11:22:51 +02:00			`async def list_template_files(self, pkg_names: Iterable[str]) -> list[str]:`
cmds.secrets.lib.DistroContext.list_template_files(): List more Default to Distro's idea of relevant packages if no packages are specified on the command line. Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-21 11:20:42 +02:00			`if not pkg_names:`
			`pkg_names = [p.name for p in await self.__distro.select()]`
cmds.secrets.lib.DistroContext: packages -> pkg_names Cosmetics: The "packages" parameter to some DistroContext's methods has a confusing name in same contexts, notably when mixed with a list of Package instances, so rename it to "pkg_names". Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-21 11:22:51 +02:00			`return await self.match_files(pkg_names, pattern=r'.*\.jw-tmpl$')`
cmds.secrets: Make commands work remotely The "secrets" class of commands currently only works on the host it's invoked on. Use the current FileContext to allow using the existing commands on a target host. Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-17 15:49:25 +02:00
cmds.secrets.lib.DistroContext: packages -> pkg_names Cosmetics: The "packages" parameter to some DistroContext's methods has a confusing name in same contexts, notably when mixed with a list of Package instances, so rename it to "pkg_names". Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-21 11:22:51 +02:00			`async def list_secret_paths(self, pkg_names: Iterable[str], ignore_missing: bool=False) -> list[str]:`
cmds.secrets: Make commands work remotely The "secrets" class of commands currently only works on the host it's invoked on. Use the current FileContext to allow using the existing commands on a target host. Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-17 15:49:25 +02:00			`ret = []`
cmds.secrets.lib.DistroContext: packages -> pkg_names Cosmetics: The "packages" parameter to some DistroContext's methods has a confusing name in same contexts, notably when mixed with a list of Package instances, so rename it to "pkg_names". Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-21 11:22:51 +02:00			`for tmpl in await self.list_template_files(pkg_names):`
cmds.secrets: Make commands work remotely The "secrets" class of commands currently only works on the host it's invoked on. Use the current FileContext to allow using the existing commands on a target host. Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-17 15:49:25 +02:00			`path = str(Path(tmpl).with_suffix(".jw-secret"))`
lib.FileContext.file_exists(): Fix missing await file_exists and _stat() in file_exists() are async, need to be awaited, but aren't. Fix that. Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-21 10:21:22 +02:00			`if ignore_missing and not await self.ctx.file_exists(path):`
cmds.secrets: Make commands work remotely The "secrets" class of commands currently only works on the host it's invoked on. Use the current FileContext to allow using the existing commands on a target host. Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-17 15:49:25 +02:00			`continue`
			`ret.append(path)`
			`return ret`

cmds.secrets.lib.DistroContext: packages -> pkg_names Cosmetics: The "packages" parameter to some DistroContext's methods has a confusing name in same contexts, notably when mixed with a list of Package instances, so rename it to "pkg_names". Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-21 11:22:51 +02:00			`async def list_compilation_targets(self, pkg_names: Iterable[str], ignore_missing: bool=False) -> list[str]:`
cmds.secrets: Make commands work remotely The "secrets" class of commands currently only works on the host it's invoked on. Use the current FileContext to allow using the existing commands on a target host. Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-17 15:49:25 +02:00			`ret = []`
cmds.secrets.lib.DistroContext: packages -> pkg_names Cosmetics: The "packages" parameter to some DistroContext's methods has a confusing name in same contexts, notably when mixed with a list of Package instances, so rename it to "pkg_names". Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-21 11:22:51 +02:00			`for tmpl in await self.list_template_files(pkg_names):`
cmds.secrets: Make commands work remotely The "secrets" class of commands currently only works on the host it's invoked on. Use the current FileContext to allow using the existing commands on a target host. Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-17 15:49:25 +02:00			`path = tmpl.removesuffix('.jw-tmpl')`
lib.FileContext.file_exists(): Fix missing await file_exists and _stat() in file_exists() are async, need to be awaited, but aren't. Fix that. Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-21 10:21:22 +02:00			`if ignore_missing and not await self.ctx.file_exists(path):`
cmds.secrets: Make commands work remotely The "secrets" class of commands currently only works on the host it's invoked on. Use the current FileContext to allow using the existing commands on a target host. Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-17 15:49:25 +02:00			`continue`
			`ret.append(path)`
			`return ret`

cmds.secrets.lib.DistroContext: packages -> pkg_names Cosmetics: The "packages" parameter to some DistroContext's methods has a confusing name in same contexts, notably when mixed with a list of Package instances, so rename it to "pkg_names". Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-21 11:22:51 +02:00			`async def remove_compilation_targets(self, pkg_names: Iterable[str]) -> list[str]:`
			`for path in await self.list_compilation_targets(pkg_names):`
cmds.secrets: Make commands work remotely The "secrets" class of commands currently only works on the host it's invoked on. Use the current FileContext to allow using the existing commands on a target host. Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-17 15:49:25 +02:00			`try:`
			`self.ctx.stat(path)`
			`log(NOTICE, f'Removing {path}')`
			`await self.ctx.unlink(path)`
			`except FileNotFoundError as e:`
			`log(DEBUG, f'Compilation target {path} doesn\'t exist (ignored)')`
			`continue`

cmds.secrets.lib.DistroContext: packages -> pkg_names Cosmetics: The "packages" parameter to some DistroContext's methods has a confusing name in same contexts, notably when mixed with a list of Package instances, so rename it to "pkg_names". Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-21 11:22:51 +02:00			`async def compile_template_files(self, pkg_names: Iterable[str], default_attrs: Attrs) -> list[str]:`
cmds.secrets: Make commands work remotely The "secrets" class of commands currently only works on the host it's invoked on. Use the current FileContext to allow using the existing commands on a target host. Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-17 15:49:25 +02:00			`missing = 0`
cmds.secrets.lib.DistroContext: packages -> pkg_names Cosmetics: The "packages" parameter to some DistroContext's methods has a confusing name in same contexts, notably when mixed with a list of Package instances, so rename it to "pkg_names". Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-21 11:22:51 +02:00			`for target in await self.list_compilation_targets(pkg_names):`
cmds.secrets: Make commands work remotely The "secrets" class of commands currently only works on the host it's invoked on. Use the current FileContext to allow using the existing commands on a target host. Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-17 15:49:25 +02:00			`if not await self.compile_template_file(target, default_attrs):`
			`missing += 1`
			`if missing > 0:`
			`log(WARNING, f'{missing} missing secrets found. You might want to add them and run sudo {app.cmdline} again')`
cmds.secrets.lib.DistroContext.install(): Add method Add DistroContext.install(). It takes a tar file containing secrets, decrypts it, and installs all secrets needed on target and present in that file. For every file that should be extracted, it logs if it acutally did something or didn't. It also features an only_missing argument, which is just a stub for "allow to define somy extraction policy with respect to replacing all / some / not replace / whatever. Not thought through. Signed-off-by: Jan Lindemann <jan@janware.com> 2026-04-24 16:29:14 +02:00
			`async def install(self, src_uri: str, pkg_names: Iterable[str], only_missing: bool=False) -> None:`
			`if only_missing:`
			`raise NotImplementedError('--only-missing is not yet implemented')`
			`secret_paths = await self.list_secret_paths(pkg_names)`
			`ec = self.ctx`
			`from ....lib.ec.Local import Local`
			`from ....lib.FileContext import FileContext`
			`if not isinstance(ec, Local):`
			`ec = Local() # Security: Use a local exec context for decrypting and filtering secrets`
			`async with TarIo.create(src=src_uri, dst=self.ctx) as tio:`
			`tio.src.add_proc_filter(FileContext.Direction.In, ProcFilterGpg(ec=ec))`
			`extracted_paths = await tio.extract(path_filter=secret_paths)`
			`for path in secret_paths:`
			`if not path in extracted_paths:`
			`log(NOTICE, f'not extracted: {path}')`
			`else:`
			`log(NOTICE, f'extracted: {path}')`