adds roles, iter x/n

bin/update_sops.sh

@@ -13,6 +13,8 @@ sops_config_dir="${PWD}"
 roles_def_dir="${repo_root}/roles"
 # optional:
 opt_list_roles=0
+# optional: specify "roles"
+roles_list=()
 # optional: secrets files to be updated
 secrets_file_list=()
 
@@ -27,6 +29,8 @@ while (( $# >= 1 ));do
     -c|--config_dir) sops_config_dir="${2}"; shift ;;
     # ARGS: [optional] show list of roles and exit
     -lr|--list_roles) opt_list_roles=1 ;;
+    # ARGS: [optional] [list] specify "roles" which correspond to e.g. job roles, projects, etc
+    -r|--role) roles_list+=( "${2}" ); shift ;;
     # ARGS: [optional] [list] specify files containing sops-encrypted secrets
     -s|--secrets_file|-f|--file) secrets_file_list+=( "${2}" ); shift ;;
     # ARGS: [optional] [list] specify files containing sops-encrypted secrets
@@ -35,6 +39,16 @@ while (( $# >= 1 ));do
   shift;
 done
 
+# Resolve Parameters
+# ... i.e. combine,override,etc options which interact
+if [[ "${#roles_list[@]}" -eq 1 ]]; then
+  # simply change keyfiles_dir to the "roles" dir
+  keyfiles_dir="${roles_def_dir}/${roles_list[0]}"
+elif [[ "${#roles_list[@]}" -gt 1 ]]; then
+  >&2 echo "# ERROR: only specify one role"
+  exit 1
+fi
+
 # VALIDATE INPUTS
 keyfiles_dir="$(realpath "${keyfiles_dir}")"
 test -d "${keyfiles_dir}" || (echo "E: specify dir containing keyfiles; invalid dir: '${keyfiles_dir}'" && exit 1)