summaryrefslogtreecommitdiff
path: root/lib/leap_cli
diff options
context:
space:
mode:
Diffstat (limited to 'lib/leap_cli')
-rw-r--r--lib/leap_cli/commands/compile.rb2
-rw-r--r--lib/leap_cli/config/secrets.rb31
2 files changed, 20 insertions, 13 deletions
diff --git a/lib/leap_cli/commands/compile.rb b/lib/leap_cli/commands/compile.rb
index 67d1bb6..78d7520 100644
--- a/lib/leap_cli/commands/compile.rb
+++ b/lib/leap_cli/commands/compile.rb
@@ -40,7 +40,7 @@ module LeapCli
manager.export_nodes(nodes)
# a "clean" export of secrets will also remove keys that are no longer used,
# but this should not be done if we are not examining all possible nodes.
- clean_export = LeapCli.leapfile.environment.nil? && nodes.nil?
+ clean_export = nodes.nil?
manager.export_secrets(clean_export)
end
diff --git a/lib/leap_cli/config/secrets.rb b/lib/leap_cli/config/secrets.rb
index 4450b9c..366ffd3 100644
--- a/lib/leap_cli/config/secrets.rb
+++ b/lib/leap_cli/config/secrets.rb
@@ -28,22 +28,29 @@ module LeapCli; module Config
end
#
- # if only_discovered_keys is true, then we will only export
- # those secrets that have been discovered and the prior ones will be cleaned out.
+ # if clean is true, then only secrets that have been discovered
+ # during this run will be exported.
#
- # this should only be triggered when all nodes have been processed, otherwise
- # secrets that are actually in use will get mistakenly removed.
+ # if environment is also pinned, then we will clean those secrets
+ # just for that environment.
#
- def dump_json(only_discovered_keys=false)
- if only_discovered_keys
+ # the clean argument should only be used when all nodes have
+ # been processed, otherwise secrets that are actually in use will
+ # get mistakenly removed.
+ #
+ def dump_json(clean=false)
+ pinned_env = LeapCli.leapfile.environment
+ if clean
self.each_key do |environment|
- self[environment].each_key do |key|
- unless @discovered_keys[environment] && @discovered_keys[environment][key]
- self[environment].delete(key)
+ if pinned_env.nil? || pinned_env == environment
+ self[environment].each_key do |key|
+ unless @discovered_keys[environment] && @discovered_keys[environment][key]
+ self[environment].delete(key)
+ end
+ end
+ if self[environment].empty?
+ self.delete(environment)
end
- end
- if self[environment].empty?
- self.delete(environment)
end
end
end