refactor - consolidate all non-function code

bin/update_sops.sh

@@ -2,68 +2,6 @@
 # Purpose: manage .sops.yaml based on gpg keys in the same dir _and_ verify correct configuration
 set -euo pipefail
 
-# "anchor" for actions relevant to this script
-repo_root="$(realpath $(dirname "${BASH_SOURCE[0]}")/..)"
-# OPTIONS: ARGPARSING and VALIDATION
-# assume location of script as running directly from repo with keys (instead of as a standalone packaged tool)
-keyfiles_dir="${repo_root}"
-# assume location of secrets config file in pwd
-sops_config_dir="${PWD}"
-# path to role definitions
-roles_def_dir="${repo_root}/roles"
-# optional:
-opt_list_roles=0
-# optional: specify "roles"
-roles_list=()
-# optional: secrets files to be updated
-secrets_file_list=()
-
-while (( $# >= 1 ));do
-  cur="${1}";
-  case $cur in
-    # ARGS: print this help
-    -h|--help) echo "# ARGUMENTS:"; grep -A 1 '# ARGS:' "${BASH_SOURCE[0]}"; exit 0 ;;
-    # ARGS: dir containing gpg keyfiles
-    -k|--key|--keyfiles) keyfiles_dir="${2}"; shift ;;
-    # ARGS: dir containing .sops.yaml (sops config file)
-    -c|--config_dir) sops_config_dir="${2}"; shift ;;
-    # ARGS: [optional] show list of roles and exit
-    -lr|--list_roles) opt_list_roles=1 ;;
-    # ARGS: [optional] [list] specify "roles" which correspond to e.g. job roles, projects, etc
-    -r|--role) roles_list+=( "${2}" ); shift ;;
-    # ARGS: [optional] [list] specify files containing sops-encrypted secrets
-    -s|--secrets_file|-f|--file) secrets_file_list+=( "${2}" ); shift ;;
-    # ARGS: [optional] [list] specify files containing sops-encrypted secrets
-    *) secrets_file_list+=( "${cur}" )
-  esac
-  shift;
-done
-
-# Resolve Parameters
-# ... i.e. combine,override,etc options which interact
-if [[ "${#roles_list[@]}" -eq 1 ]]; then
-  # simply change keyfiles_dir to the "roles" dir
-  keyfiles_dir="${roles_def_dir}/${roles_list[0]}"
-elif [[ "${#roles_list[@]}" -gt 1 ]]; then
-  >&2 echo "# ERROR: only specify one role"
-  exit 1
-fi
-
-# VALIDATE INPUTS
-keyfiles_dir="$(realpath "${keyfiles_dir}")"
-test -d "${keyfiles_dir}" || (echo "E: specify dir containing keyfiles; invalid dir: '${keyfiles_dir}'" && exit 1)
-sops_config_dir="$(realpath "${sops_config_dir}")"
-test -d "${sops_config_dir}" || (echo "E: specify dir containing .sops.yaml, invalid dir: '${sops_config_dir}'" && exit 1)
-sops_config="${sops_config_dir}/.sops.yaml"
-# create it! # test -e "${sops_config}" || (echo "E: could not locate .sops.yaml, tried ${sops_config}" && exit 1)
-if [[ "${#secrets_file_list[@]}" != "0" ]]; then
-  for secrets_file in "${secrets_file_list[@]}"; do
-    test -e "${secrets_file}" || (echo "E: could not locate file with secrets, tried: ${secrets_file}" && exit 1)
-  done
-fi
-# /VALIDATE INPUTS
-# /OPTIONS: ARGPARSING and VALIDATION
-
 function fn_gpg_extract_fpr(){
   gpgkeyfile=$1;shift;
   # fingerprint
@@ -175,6 +113,68 @@ fn_sops_updatekeys_and_verify(){
   GPG_TTY=$(tty) sops -d "${sops_enc_file}"
 }
 
+# "anchor" for actions relevant to this script
+repo_root="$(realpath $(dirname "${BASH_SOURCE[0]}")/..)"
+# OPTIONS: ARGPARSING and VALIDATION
+# assume location of script as running directly from repo with keys (instead of as a standalone packaged tool)
+keyfiles_dir="${repo_root}"
+# assume location of secrets config file in pwd
+sops_config_dir="${PWD}"
+# path to role definitions
+roles_def_dir="${repo_root}/roles"
+# optional:
+opt_list_roles=0
+# optional: specify "roles"
+roles_list=()
+# optional: secrets files to be updated
+secrets_file_list=()
+
+while (( $# >= 1 ));do
+  cur="${1}";
+  case $cur in
+    # ARGS: print this help
+    -h|--help) echo "# ARGUMENTS:"; grep -A 1 '# ARGS:' "${BASH_SOURCE[0]}"; exit 0 ;;
+    # ARGS: dir containing gpg keyfiles
+    -k|--key|--keyfiles) keyfiles_dir="${2}"; shift ;;
+    # ARGS: dir containing .sops.yaml (sops config file)
+    -c|--config_dir) sops_config_dir="${2}"; shift ;;
+    # ARGS: [optional] show list of roles and exit
+    -lr|--list_roles) opt_list_roles=1 ;;
+    # ARGS: [optional] [list] specify "roles" which correspond to e.g. job roles, projects, etc
+    -r|--role) roles_list+=( "${2}" ); shift ;;
+    # ARGS: [optional] [list] specify files containing sops-encrypted secrets
+    -s|--secrets_file|-f|--file) secrets_file_list+=( "${2}" ); shift ;;
+    # ARGS: [optional] [list] specify files containing sops-encrypted secrets
+    *) secrets_file_list+=( "${cur}" )
+  esac
+  shift;
+done
+
+# Resolve Parameters
+# ... i.e. combine,override,etc options which interact
+if [[ "${#roles_list[@]}" -eq 1 ]]; then
+  # simply change keyfiles_dir to the "roles" dir
+  keyfiles_dir="${roles_def_dir}/${roles_list[0]}"
+elif [[ "${#roles_list[@]}" -gt 1 ]]; then
+  >&2 echo "# ERROR: only specify one role"
+  exit 1
+fi
+
+# VALIDATE INPUTS
+keyfiles_dir="$(realpath "${keyfiles_dir}")"
+test -d "${keyfiles_dir}" || (echo "E: specify dir containing keyfiles; invalid dir: '${keyfiles_dir}'" && exit 1)
+sops_config_dir="$(realpath "${sops_config_dir}")"
+test -d "${sops_config_dir}" || (echo "E: specify dir containing .sops.yaml, invalid dir: '${sops_config_dir}'" && exit 1)
+sops_config="${sops_config_dir}/.sops.yaml"
+# create it! # test -e "${sops_config}" || (echo "E: could not locate .sops.yaml, tried ${sops_config}" && exit 1)
+if [[ "${#secrets_file_list[@]}" != "0" ]]; then
+  for secrets_file in "${secrets_file_list[@]}"; do
+    test -e "${secrets_file}" || (echo "E: could not locate file with secrets, tried: ${secrets_file}" && exit 1)
+  done
+fi
+# /VALIDATE INPUTS
+# /OPTIONS: ARGPARSING and VALIDATION
+
 # BEGIN
 if [[ "${opt_list_roles}" -eq 1 ]]; then
   # list available roles and exit
@@ -207,3 +207,5 @@ if [[ "${#secrets_file_list[@]}" != "0" ]]; then
 else
   echo "# WARN: no secrets file passed in, make sure to call 'sops updatekeys' on secrets files"
 fi
+
+exit