clan-cli: Fix user-password without user-prompt. Remove newlines from user-password and root-password. Improve test_generate_secret

2024-06-24 20:08:02 +02:00
parent 0ce560da52
commit 10877d73f4
4 changed files with 26 additions and 8 deletions
--- a/pkgs/clan-cli/tests/test_flake_with_core/flake.nix
+++ b/pkgs/clan-cli/tests/test_flake_with_core/flake.nix
@@ -41,7 +41,10 @@
              imports = [
                clan-core.clanModules.sshd
                clan-core.clanModules.root-password
+                clan-core.clanModules.user-password
              ];
+              clan.user-password.user = "alice";
+              clan.user-password.prompt = false;
              clan.networking.targetHost = "__CLAN_TARGET_ADDRESS__";
              system.stateVersion = lib.version;
              sops.age.keyFile = "__CLAN_SOPS_KEY_PATH__";
--- a/pkgs/clan-cli/tests/test_secrets_generate.py
+++ b/pkgs/clan-cli/tests/test_secrets_generate.py
@@ -83,6 +83,7 @@ def test_generate_secret(

    # Assert that the age key is valid
    age_secret = decrypt_secret(test_flake_with_core.path, "vm1-age.key")
+    assert age_secret.isprintable()
    assert is_valid_age_key(age_secret)

    # # Assert that the ssh key is valid
@@ -100,6 +101,9 @@ def test_generate_secret(
    ).exists()

    assert has_secret(test_flake_with_core.path, "vm2-password")
+    assert has_secret(test_flake_with_core.path, "vm2-password-hash")
+    assert has_secret(test_flake_with_core.path, "vm2-user-password")
+    assert has_secret(test_flake_with_core.path, "vm2-user-password-hash")
    assert has_secret(test_flake_with_core.path, "vm2-ssh.id_ed25519")
    assert has_secret(test_flake_with_core.path, "vm2-age.key")
    assert has_secret(test_flake_with_core.path, "vm2-zerotier-identity-secret")
@@ -109,6 +113,7 @@ def test_generate_secret(

    # Assert that the age key is valid
    age_secret = decrypt_secret(test_flake_with_core.path, "vm2-age.key")
+    assert age_secret.isprintable()
    assert is_valid_age_key(age_secret)

    # Assert that the ssh key is valid
@@ -116,8 +121,18 @@ def test_generate_secret(
    ssh_pub = machine_get_fact(test_flake_with_core.path, "vm2", "ssh.id_ed25519.pub")
    assert is_valid_ssh_key(ssh_secret, ssh_pub)

+    # Assert that root-password is valid
    pwd_secret = decrypt_secret(test_flake_with_core.path, "vm2-password")
-    # remove last newline
-    pwd_secret = pwd_secret[:-1]
    assert pwd_secret.isprintable()
    assert pwd_secret.isascii()
+    pwd_hash = decrypt_secret(test_flake_with_core.path, "vm2-password-hash")
+    assert pwd_hash.isprintable()
+    assert pwd_hash.isascii()
+
+    # Assert that user-password is valid
+    pwd_secret = decrypt_secret(test_flake_with_core.path, "vm2-user-password")
+    assert pwd_secret.isprintable()
+    assert pwd_secret.isascii()
+    pwd_hash = decrypt_secret(test_flake_with_core.path, "vm2-user-password-hash")
+    assert pwd_hash.isprintable()
+    assert pwd_hash.isascii()