Better handling --root option

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

Author: kvaps

main.go

@@ -77,6 +77,35 @@ func init() {
 	for _, cmd := range commands.Commands {
 		rootCmd.AddCommand(cmd)
 	}
+	
+	// Add PersistentPreRunE to auto-detect project root if --root flag was not explicitly set
+	originalPersistentPreRunE := rootCmd.PersistentPreRunE
+	rootCmd.PersistentPreRunE = func(cmd *cobra.Command, args []string) error {
+		// Auto-detect project root if --root flag was not explicitly set
+		if !cmd.PersistentFlags().Changed("root") {
+			currentDir, err := os.Getwd()
+			if err == nil {
+				detectedRoot, err := commands.DetectProjectRoot(currentDir)
+				if err == nil && detectedRoot != "" {
+					commands.Config.RootDir = detectedRoot
+				}
+			}
+		}
+		
+		// Load config after root detection (skip for init and completion commands)
+		cmdName := cmd.Use
+		if !strings.HasPrefix(cmdName, "init") && !strings.HasPrefix(cmdName, "completion") {
+			configFile := filepath.Join(commands.Config.RootDir, "Chart.yaml")
+			if err := loadConfig(configFile); err != nil {
+				return fmt.Errorf("error loading configuration: %w", err)
+			}
+		}
+		
+		if originalPersistentPreRunE != nil {
+			return originalPersistentPreRunE(cmd, args)
+		}
+		return nil
+	}
 }
 
 func initConfig() {
@@ -88,20 +117,13 @@ func initConfig() {
 	if cmd.HasParent() && cmd.Parent() != rootCmd {
 		cmd = cmd.Parent()
 	}
+	
 	if strings.HasPrefix(cmd.Use, "init") {
 		if strings.HasPrefix(Version, "v") {
 			commands.Config.InitOptions.Version = strings.TrimPrefix(Version, `v`)
 		} else {
 			commands.Config.InitOptions.Version = "0.1.0"
 		}
-	} else {
-		if !strings.HasPrefix(cmd.Use, "completion") {
-			configFile := filepath.Join(commands.Config.RootDir, "Chart.yaml")
-			if err := loadConfig(configFile); err != nil {
-				fmt.Fprintf(os.Stderr, "Error loading configuration: %v\n", err)
-				os.Exit(1)
-			}
-		}
 	}
 }
 

pkg/commands/init.go

@@ -304,12 +304,13 @@ var initCmd = &cobra.Command{
 		talosconfigFileExists := fileExists(talosconfigFile)
 		encryptedTalosconfigFileExists := fileExists(encryptedTalosconfigFile)
 
-		// If encrypted file exists, decrypt it
+		// If encrypted file exists, decrypt it (don't require key - will generate if needed)
 		if encryptedTalosconfigFileExists && !talosconfigFileExists {
-			if err := age.DecryptYAMLFile(Config.RootDir, "talosconfig.encrypted", "talosconfig"); err != nil {
-				return fmt.Errorf("failed to decrypt talosconfig: %w", err)
+			_, err := handleTalosconfigEncryption(false)
+			if err != nil {
+				// If decryption fails (e.g., no key), continue to generate
 			}
-			talosconfigFileExists = true
+			talosconfigFileExists = fileExists(talosconfigFile)
 		}
 
 		// Generate talosconfig only if it doesn't exist
@@ -331,22 +332,13 @@ var initCmd = &cobra.Command{
 			talosconfigFileExists = true
 		}
 
-		// If talosconfig exists but encrypted file doesn't, encrypt it
-		if talosconfigFileExists && !encryptedTalosconfigFileExists {
-			// Ensure key exists
-			if !keyFileExists {
-				_, keyCreated, err := age.GenerateKey(Config.RootDir)
-				if err != nil {
-					return fmt.Errorf("failed to generate key: %w", err)
-				}
-				keyFileExists = true // Update flag after creation
-				keyWasCreated = keyCreated
-			}
-
-			// Encrypt talosconfig
-			if err := age.EncryptYAMLFile(Config.RootDir, "talosconfig", "talosconfig.encrypted"); err != nil {
-				return fmt.Errorf("failed to encrypt talosconfig: %w", err)
-			}
+		// Encrypt talosconfig if needed
+		talosKeyCreated, err := handleTalosconfigEncryption(false)
+		if err != nil {
+			return err
+		}
+		if talosKeyCreated {
+			keyWasCreated = true
 		}
 
 		// Handle kubeconfig encryption logic (check if kubeconfig exists from Chart.yaml)
@@ -627,6 +619,60 @@ func printSecretsWarning() {
 	fmt.Fprintf(os.Stderr, "\n")
 }
 
+// handleTalosconfigEncryption handles encryption/decryption logic for talosconfig file.
+// It decrypts if encrypted file exists, encrypts if plain file exists.
+// requireKeyForDecrypt: if true, returns error if key is missing when trying to decrypt.
+// Returns true if key was created during this call, false otherwise.
+func handleTalosconfigEncryption(requireKeyForDecrypt bool) (bool, error) {
+	talosconfigFile := filepath.Join(Config.RootDir, "talosconfig")
+	encryptedTalosconfigFile := filepath.Join(Config.RootDir, "talosconfig.encrypted")
+	talosconfigFileExists := fileExists(talosconfigFile)
+	encryptedTalosconfigFileExists := fileExists(encryptedTalosconfigFile)
+	keyFile := filepath.Join(Config.RootDir, "talm.key")
+	keyFileExists := fileExists(keyFile)
+	keyWasCreated := false
+
+	// If encrypted file exists, decrypt it
+	if encryptedTalosconfigFileExists && !talosconfigFileExists {
+		if !keyFileExists {
+			if requireKeyForDecrypt {
+				return false, fmt.Errorf("talosconfig.encrypted exists but talm.key is missing. Cannot decrypt without key")
+			}
+			// If key is not required, just return (don't decrypt)
+			return false, nil
+		}
+		fmt.Fprintf(os.Stderr, "Decrypting talosconfig.encrypted -> talosconfig\n")
+		if err := age.DecryptYAMLFile(Config.RootDir, "talosconfig.encrypted", "talosconfig"); err != nil {
+			return false, fmt.Errorf("failed to decrypt talosconfig: %w", err)
+		}
+		talosconfigFileExists = true
+	}
+
+	// If talosconfig exists but encrypted file doesn't, encrypt it
+	if talosconfigFileExists && !encryptedTalosconfigFileExists {
+		// Ensure key exists
+		if !keyFileExists {
+			_, keyCreated, err := age.GenerateKey(Config.RootDir)
+			if err != nil {
+				return false, fmt.Errorf("failed to generate key: %w", err)
+			}
+			keyWasCreated = keyCreated
+			if keyCreated {
+				fmt.Fprintf(os.Stderr, "Generated new encryption key: talm.key\n")
+			}
+			keyFileExists = true
+		}
+
+		// Encrypt talosconfig
+		fmt.Fprintf(os.Stderr, "Encrypting talosconfig -> talosconfig.encrypted\n")
+		if err := age.EncryptYAMLFile(Config.RootDir, "talosconfig", "talosconfig.encrypted"); err != nil {
+			return false, fmt.Errorf("failed to encrypt talosconfig: %w", err)
+		}
+	}
+
+	return keyWasCreated, nil
+}
+
 func writeToDestination(data []byte, destination string, permissions os.FileMode) error {
 	if err := validateFileExists(destination); err != nil {
 		return err

pkg/commands/root.go

@@ -18,6 +18,8 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"os"
+	"path/filepath"
 	"time"
 
 	"github.com/cozystack/talm/pkg/modeline"
@@ -112,6 +114,45 @@ func addCommand(cmd *cobra.Command) {
 	Commands = append(Commands, cmd)
 }
 
+// DetectProjectRoot automatically detects the project root directory by looking
+// for Chart.yaml and secrets.yaml files in the current directory and parent directories.
+// Returns the absolute path to the project root, or empty string if not found.
+func DetectProjectRoot(startDir string) (string, error) {
+	absStartDir, err := filepath.Abs(startDir)
+	if err != nil {
+		return "", fmt.Errorf("failed to get absolute path: %w", err)
+	}
+
+	currentDir := absStartDir
+	for {
+		chartYaml := filepath.Join(currentDir, "Chart.yaml")
+		secretsYaml := filepath.Join(currentDir, "secrets.yaml")
+
+		chartExists := false
+		secretsExists := false
+
+		if _, err := os.Stat(chartYaml); err == nil {
+			chartExists = true
+		}
+		if _, err := os.Stat(secretsYaml); err == nil {
+			secretsExists = true
+		}
+
+		if chartExists && secretsExists {
+			return currentDir, nil
+		}
+
+		parentDir := filepath.Dir(currentDir)
+		if parentDir == currentDir {
+			// Reached filesystem root
+			break
+		}
+		currentDir = parentDir
+	}
+
+	return "", nil
+}
+
 func processModelineAndUpdateGlobals(configFile string, nodesFromArgs bool, endpointsFromArgs bool, owerwrite bool) error {
 	modelineConfig, err := modeline.ReadAndParseModeline(configFile)
 	if err != nil {

pkg/commands/talosconfig.go

@@ -0,0 +1,49 @@
+// Copyright Cozystack Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package commands
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+)
+
+// talosconfigCmd represents the `talosconfig` command.
+var talosconfigCmd = &cobra.Command{
+	Use:   "talosconfig",
+	Short: "Manage talosconfig file (decrypt/encrypt)",
+	Long:  `Manage talosconfig file: decrypt if encrypted file exists, encrypt if plain file exists.`,
+	Args:  cobra.NoArgs,
+	RunE: func(cmd *cobra.Command, args []string) error {
+		// Handle talosconfig encryption/decryption logic
+		if _, err := handleTalosconfigEncryption(true); err != nil {
+			return err
+		}
+
+		// Update .gitignore if needed
+		if err := writeGitignoreFile(); err != nil {
+			// Don't fail the command if gitignore update fails, but log warning
+			fmt.Fprintf(os.Stderr, "Warning: failed to update .gitignore: %v\n", err)
+		}
+
+		return nil
+	},
+}
+
+func init() {
+	addCommand(talosconfigCmd)
+}
+

pkg/commands/talosctl_wrapper.go

@@ -119,6 +119,28 @@ func wrapTalosCommand(cmd *cobra.Command, cmdName string) *cobra.Command {
 				return err
 			}
 		}
+		
+		// Ensure talosconfig path is set to project root if not explicitly set via flag
+		if !cmd.PersistentFlags().Changed("talosconfig") {
+			var talosconfigPath string
+			if GlobalArgs.Talosconfig != "" {
+				// Use existing path from Chart.yaml or default
+				talosconfigPath = GlobalArgs.Talosconfig
+			} else {
+				// Use talosconfig from project root
+				talosconfigPath = Config.GlobalOptions.Talosconfig
+				if talosconfigPath == "" {
+					talosconfigPath = "talosconfig"
+				}
+			}
+			// Make it absolute path relative to project root if it's relative
+			if !filepath.IsAbs(talosconfigPath) {
+				GlobalArgs.Talosconfig = filepath.Join(Config.RootDir, talosconfigPath)
+			} else {
+				GlobalArgs.Talosconfig = talosconfigPath
+			}
+		}
+		
 		// Sync GlobalArgs to talosctl commands
 		taloscommands.GlobalArgs = GlobalArgs
 		if originalPreRunE != nil {
@@ -161,6 +183,7 @@ func init() {
 		"config":       true, // talm manages config differently
 		"patch":        true, // not needed in talm
 		"upgrade-k8s":  true, // not needed in talm
+		"talosconfig": true, // talm has its own talosconfig command
 	}
 
 	// Import and wrap each command from talosctl