cmds.secrets.lib.DistroContext.install(): Add method
Add DistroContext.install(). It takes a tar file containing secrets, decrypts it, and installs all secrets needed on target and present in that file. For every file that should be extracted, it logs if it acutally did something or didn't.
It also features an only_missing argument, which is just a stub for "allow to define somy extraction policy with respect to replacing all / some / not replace / whatever. Not thought through.
Signed-off-by: Jan Lindemann <jan@janware.com>
This commit is contained in:
parent
db22f11b32
commit
b88a8ee299
GPG key ID:
3750640C9E25DD61
1 changed files with 20 additions and 0 deletions
|
|
@ -14,6 +14,8 @@ if TYPE_CHECKING:
|
||||||
|
|
||||||
from ....lib.log import *
|
from ....lib.log import *
|
||||||
from ....lib.util import run_cmd
|
from ....lib.util import run_cmd
|
||||||
|
from ....lib.TarIo import TarIo
|
||||||
|
from ....lib.ProcFilterGpg import ProcFilterGpg
|
||||||
|
|
||||||
from .base import Attrs
|
from .base import Attrs
|
||||||
from .FilesContext import FilesContext
|
from .FilesContext import FilesContext
|
||||||
|
|
@ -72,3 +74,21 @@ class DistroContext(FilesContext):
|
||||||
missing += 1
|
missing += 1
|
||||||
if missing > 0:
|
if missing > 0:
|
||||||
log(WARNING, f'{missing} missing secrets found. You might want to add them and run sudo {app.cmdline} again')
|
log(WARNING, f'{missing} missing secrets found. You might want to add them and run sudo {app.cmdline} again')
|
||||||
|
|
||||||
|
async def install(self, src_uri: str, pkg_names: Iterable[str], only_missing: bool=False) -> None:
|
||||||
|
if only_missing:
|
||||||
|
raise NotImplementedError('--only-missing is not yet implemented')
|
||||||
|
secret_paths = await self.list_secret_paths(pkg_names)
|
||||||
|
ec = self.ctx
|
||||||
|
from ....lib.ec.Local import Local
|
||||||
|
from ....lib.FileContext import FileContext
|
||||||
|
if not isinstance(ec, Local):
|
||||||
|
ec = Local() # Security: Use a local exec context for decrypting and filtering secrets
|
||||||
|
async with TarIo.create(src=src_uri, dst=self.ctx) as tio:
|
||||||
|
tio.src.add_proc_filter(FileContext.Direction.In, ProcFilterGpg(ec=ec))
|
||||||
|
extracted_paths = await tio.extract(path_filter=secret_paths)
|
||||||
|
for path in secret_paths:
|
||||||
|
if not path in extracted_paths:
|
||||||
|
log(NOTICE, f'not extracted: {path}')
|
||||||
|
else:
|
||||||
|
log(NOTICE, f'extracted: {path}')
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue