From 959b7d71ffa9122fcc807058b30f9854c7fdcb7e Mon Sep 17 00:00:00 2001
From: LeeW <lee.watson@netgo.de>
Date: Fri, 7 Feb 2025 10:45:45 +0100
Subject: [PATCH] adds roles, iter x/n

---
 bin/update_sops.sh           | 16 +++++++++++++++-
 roles/.gitignore             |  0
 roles/automation/.gitignorre |  0
 3 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 roles/.gitignore
 create mode 100644 roles/automation/.gitignorre

diff --git a/bin/update_sops.sh b/bin/update_sops.sh
index 4ba2144..40dc290 100755
--- a/bin/update_sops.sh
+++ b/bin/update_sops.sh
@@ -2,13 +2,18 @@
 # Purpose: manage .sops.yaml based on gpg keys in the same dir _and_ verify correct configuration
 set -euo pipefail
 
+# "anchor" for actions relevant to this script
+repo_root="$(realpath $(dirname "${BASH_SOURCE[0]}")/..)"
 # OPTIONS: ARGPARSING and VALIDATION
 # assume location of script as running directly from repo with keys (instead of as a standalone packaged tool)
-keyfiles_dir="$(realpath $(dirname "${BASH_SOURCE[0]}")/..)"
+keyfiles_dir="${repo_root}"
 # assume location of secrets config file in pwd
 sops_config_dir="${PWD}"
 # optional: secrets files to be updated
 secrets_file_list=()
+# optional: 
+opt_list_roles=0
+roles_def_dir="${repo_root}/roles"
 
 while (( $# >= 1 ));do
   cur="${1}";
@@ -19,6 +24,8 @@ while (( $# >= 1 ));do
     -k|--key|--keyfiles) keyfiles_dir="${2}"; shift ;;
     # ARGS: dir containing .sops.yaml (sops config file)
     -c|--config_dir) sops_config_dir="${2}"; shift ;;
+    # ARGS: [optional] show list of roles and exit
+    -lr|--list_roles) opt_list_roles=1 ;;
     # ARGS: [optional] [list] specify files containing sops-encrypted secrets
     -s|--secrets_file|-f|--file) secrets_file_list+=( "${2}" ); shift ;;
     # ARGS: [optional] [list] specify files containing sops-encrypted secrets
@@ -114,6 +121,13 @@ EOM
 # UPDATE SOPS CONFIG
 # TODO: remove the 'pushd;popd' workaround and make the functions aware of the dir being read
 pushd "${keyfiles_dir}" > /dev/null 2>&1
+if [[ "${opt_list_roles}" ]]; then
+  pushd "${roles_def_dir}" > /dev/null 2>&1
+  >&2 echo "# INFO: listing roles"
+  ls -1d *
+  exit 0
+  popd > /dev/null 2>&1
+fi
 (fn_update_sops_config) > "${sops_config}"
 popd > /dev/null 2>&1
 
diff --git a/roles/.gitignore b/roles/.gitignore
new file mode 100644
index 0000000..e69de29
diff --git a/roles/automation/.gitignorre b/roles/automation/.gitignorre
new file mode 100644
index 0000000..e69de29