diff options
Diffstat (limited to 'lib/leap_cli')
-rw-r--r-- | lib/leap_cli/commands/compile.rb | 2 | ||||
-rw-r--r-- | lib/leap_cli/config/secrets.rb | 31 |
2 files changed, 20 insertions, 13 deletions
diff --git a/lib/leap_cli/commands/compile.rb b/lib/leap_cli/commands/compile.rb index 67d1bb6..78d7520 100644 --- a/lib/leap_cli/commands/compile.rb +++ b/lib/leap_cli/commands/compile.rb @@ -40,7 +40,7 @@ module LeapCli manager.export_nodes(nodes) # a "clean" export of secrets will also remove keys that are no longer used, # but this should not be done if we are not examining all possible nodes. - clean_export = LeapCli.leapfile.environment.nil? && nodes.nil? + clean_export = nodes.nil? manager.export_secrets(clean_export) end diff --git a/lib/leap_cli/config/secrets.rb b/lib/leap_cli/config/secrets.rb index 4450b9c..366ffd3 100644 --- a/lib/leap_cli/config/secrets.rb +++ b/lib/leap_cli/config/secrets.rb @@ -28,22 +28,29 @@ module LeapCli; module Config end # - # if only_discovered_keys is true, then we will only export - # those secrets that have been discovered and the prior ones will be cleaned out. + # if clean is true, then only secrets that have been discovered + # during this run will be exported. # - # this should only be triggered when all nodes have been processed, otherwise - # secrets that are actually in use will get mistakenly removed. + # if environment is also pinned, then we will clean those secrets + # just for that environment. # - def dump_json(only_discovered_keys=false) - if only_discovered_keys + # the clean argument should only be used when all nodes have + # been processed, otherwise secrets that are actually in use will + # get mistakenly removed. + # + def dump_json(clean=false) + pinned_env = LeapCli.leapfile.environment + if clean self.each_key do |environment| - self[environment].each_key do |key| - unless @discovered_keys[environment] && @discovered_keys[environment][key] - self[environment].delete(key) + if pinned_env.nil? || pinned_env == environment + self[environment].each_key do |key| + unless @discovered_keys[environment] && @discovered_keys[environment][key] + self[environment].delete(key) + end + end + if self[environment].empty? + self.delete(environment) end - end - if self[environment].empty? - self.delete(environment) end end end |