From 2fa095f30ca2a02bf4024617b3fb3fecfab16a2c Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Mon, 1 Dec 2014 12:51:22 -0800
Subject: better secrets.json compile when environment is pinned.

---
 lib/leap_cli/commands/compile.rb |  2 +-
 lib/leap_cli/config/secrets.rb   | 31 +++++++++++++++++++------------
 2 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/lib/leap_cli/commands/compile.rb b/lib/leap_cli/commands/compile.rb
index 67d1bb6..78d7520 100644
--- a/lib/leap_cli/commands/compile.rb
+++ b/lib/leap_cli/commands/compile.rb
@@ -40,7 +40,7 @@ module LeapCli
       manager.export_nodes(nodes)
       # a "clean" export of secrets will also remove keys that are no longer used,
       # but this should not be done if we are not examining all possible nodes.
-      clean_export = LeapCli.leapfile.environment.nil? && nodes.nil?
+      clean_export = nodes.nil?
       manager.export_secrets(clean_export)
     end
 
diff --git a/lib/leap_cli/config/secrets.rb b/lib/leap_cli/config/secrets.rb
index 4450b9c..366ffd3 100644
--- a/lib/leap_cli/config/secrets.rb
+++ b/lib/leap_cli/config/secrets.rb
@@ -28,22 +28,29 @@ module LeapCli; module Config
     end
 
     #
-    # if only_discovered_keys is true, then we will only export
-    # those secrets that have been discovered and the prior ones will be cleaned out.
+    # if clean is true, then only secrets that have been discovered
+    # during this run will be exported.
     #
-    # this should only be triggered when all nodes have been processed, otherwise
-    # secrets that are actually in use will get mistakenly removed.
+    # if environment is also pinned, then we will clean those secrets
+    # just for that environment.
     #
-    def dump_json(only_discovered_keys=false)
-      if only_discovered_keys
+    # the clean argument should only be used when all nodes have
+    # been processed, otherwise secrets that are actually in use will
+    # get mistakenly removed.
+    #
+    def dump_json(clean=false)
+      pinned_env = LeapCli.leapfile.environment
+      if clean
         self.each_key do |environment|
-          self[environment].each_key do |key|
-            unless @discovered_keys[environment] && @discovered_keys[environment][key]
-              self[environment].delete(key)
+          if pinned_env.nil? || pinned_env == environment
+            self[environment].each_key do |key|
+              unless @discovered_keys[environment] && @discovered_keys[environment][key]
+                self[environment].delete(key)
+              end
+            end
+            if self[environment].empty?
+              self.delete(environment)
             end
-          end
-          if self[environment].empty?
-            self.delete(environment)
           end
         end
       end
-- 
cgit v1.2.3