adds roles, iter x/n

bin/update_sops.sh

@@ -2,13 +2,18 @@
 # Purpose: manage .sops.yaml based on gpg keys in the same dir _and_ verify correct configuration
 set -euo pipefail
 
+# "anchor" for actions relevant to this script
+repo_root="$(realpath $(dirname "${BASH_SOURCE[0]}")/..)"
 # OPTIONS: ARGPARSING and VALIDATION
 # assume location of script as running directly from repo with keys (instead of as a standalone packaged tool)
-keyfiles_dir="$(realpath $(dirname "${BASH_SOURCE[0]}")/..)"
+keyfiles_dir="${repo_root}"
 # assume location of secrets config file in pwd
 sops_config_dir="${PWD}"
 # optional: secrets files to be updated
 secrets_file_list=()
+# optional: 
+opt_list_roles=0
+roles_def_dir="${repo_root}/roles"
 
 while (( $# >= 1 ));do
   cur="${1}";
@@ -19,6 +24,8 @@ while (( $# >= 1 ));do
     -k|--key|--keyfiles) keyfiles_dir="${2}"; shift ;;
     # ARGS: dir containing .sops.yaml (sops config file)
     -c|--config_dir) sops_config_dir="${2}"; shift ;;
+    # ARGS: [optional] show list of roles and exit
+    -lr|--list_roles) opt_list_roles=1 ;;
     # ARGS: [optional] [list] specify files containing sops-encrypted secrets
     -s|--secrets_file|-f|--file) secrets_file_list+=( "${2}" ); shift ;;
     # ARGS: [optional] [list] specify files containing sops-encrypted secrets
@@ -114,6 +121,13 @@ EOM
 # UPDATE SOPS CONFIG
 # TODO: remove the 'pushd;popd' workaround and make the functions aware of the dir being read
 pushd "${keyfiles_dir}" > /dev/null 2>&1
+if [[ "${opt_list_roles}" ]]; then
+  pushd "${roles_def_dir}" > /dev/null 2>&1
+  >&2 echo "# INFO: listing roles"
+  ls -1d *
+  exit 0
+  popd > /dev/null 2>&1
+fi
 (fn_update_sops_config) > "${sops_config}"
 popd > /dev/null 2>&1