✨ Add unified seed engine, remove secrets vault subgroup#17
Merged
Conversation
c06a87f to
b7b2e14
Compare
Introduce `ws-cli seed` — a Go-native declarative projection engine that
supersedes the q2-55 Ansible seed tier and the standalone secrets vault.
internals/seed/:
- version:v1 dest-keyed manifest (top-level `secrets:` map + `seeds:` SeedOp)
- two tiers via a single resolved plan: bare FS-mirror verbatim copy +
manifest behavior overlay (manifest wins per dest; one write per dest)
- ops copy/merge/append/prepend; merge deep-merges json/yaml/toml
(format inferred from dest extension, lists replace, scalar-vs-map = error)
- closed-var + ${secrets.NAME} templating, unknown token fails loud
- ownership-boundary allow-list (st_uid==geteuid() on nearest existing
ancestor; no system gate) + non-blocking consumed-dir notice
- os.Root TOCTOU-safe atomic writer with final-symlink refusal
- secret-bearing -> 0600, lazy/per-entry fail-closed master key
cmd/seed/: `seed apply [dest...] [--force]` (boot hook = no-arg) + `seed ls`.
Remove `cmd/secrets/vault/` and orphaned `internals/secrets/vault.go`
(+ test); keep crypto.go/key.go and `secrets {encrypt,decrypt,generate}`.
Add github.com/pelletier/go-toml/v2 v2.4.2. Bump version 0.0.66 -> 0.0.67.
b7b2e14 to
53fc1dd
Compare
Add a `blockinfile`-style managed marker block op (markers auto-inserted, body replaced idempotently, force-gate bypass, fixed `>>> ws-seed >>>` text with a tunable `comment:` prefix, fail-closed on malformed markers). Fold in code-review fixes: preserve an existing dest's mode on in-place ops, count inline `content` as a behavior, return nonzero on failure (`SilenceUsage` on apply), zero the cached master key at run end, propagate the real source-read error, fix the consumed-dir notice ordering and report `force:false` skips, and disable JSON HTML escaping on merge.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Introduce
ws-cli seed— a Go-native declarative projection engine that supersedes the q2-55 Ansible seed tier and the standalone secrets vault. Part of q2-59 (cli × lockstep-ws-cli); the workspace PR pins this tag.internals/seed/version: v1destination-keyed manifest (top-levelsecrets:map +seeds:SeedOp).seeds:= behavior overlay (manifest wins per dest; one write per dest — no raw-projection-then-skip leak).copy/merge/append/prepend;mergedeep-merges JSON/YAML/TOML (format inferred from the dest extension, lists replace, scalar-vs-map conflict = hard error, dest left byte-unchanged).${secrets.NAME}templating; unknown token fails loud.st_uid == geteuid()on the nearest existing ancestor; no system gate, no sudo. Else skip + warn.os.RootTOCTOU-safe atomic writer (siblingO_EXCLtemp →Chmod→Rename) with final-component symlink refusal.0600, cleartext never logged; master key resolved lazily and per-entry fail-closed (a secrets-free manifest needs no key).cmd/seed/ws-cli seed apply [dest...] [--force](boot hook = no-arg) +ws-cli seed ls.Removals (breaking, no migrate)
Delete
cmd/secrets/vault/and the orphanedinternals/secrets/vault.go(+ test). Keepcrypto.go/key.goandsecrets {encrypt,decrypt,generate}.Misc
Add
github.com/pelletier/go-toml/v2 v2.4.2. Bump version0.0.66 → 0.0.67.Tests: full
internals/seed+cmd/seedmatrix (mirror/merge/template/secrets/ownership/os.Root-symlink/precedence/force) green;go vetclean; live binary round-trip verified.