yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

vars: fix migration - secrets end up in public store

Browse Source
This commit is contained in:
DavHau
2024-11-26 17:01:42 +07:00
parent 72ef3006b4
commit 173436632d
2 changed files with 18 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
pkgs/clan-cli/clan_cli/vars/generate.py
View File

@@ -274,6 +274,11 @@ def _migrate_file(
old_value = machine.public_facts_store.get(service_name, fact_name) old_value = machine.public_facts_store.get(service_name, fact_name)
is_shared = machine.vars_generators[generator_name]["share"] is_shared = machine.vars_generators[generator_name]["share"]
is_deployed = machine.vars_generators[generator_name]["files"][var_name]["deploy"] is_deployed = machine.vars_generators[generator_name]["files"][var_name]["deploy"]
if is_secret:
machine.secret_vars_store.set(
generator_name, var_name, old_value, shared=is_shared, deployed=is_deployed
)
else:
machine.public_vars_store.set( machine.public_vars_store.set(
generator_name, var_name, old_value, shared=is_shared, deployed=is_deployed generator_name, var_name, old_value, shared=is_shared, deployed=is_deployed
) )

11
pkgs/clan-cli/tests/test_vars.py
View File

@@ -782,9 +782,13 @@ def test_migration(
config["nixpkgs"]["hostPlatform"] = "x86_64-linux" config["nixpkgs"]["hostPlatform"] = "x86_64-linux"
my_service = config["clan"]["core"]["facts"]["services"]["my_service"] my_service = config["clan"]["core"]["facts"]["services"]["my_service"]
my_service["public"]["my_value"] = {} my_service["public"]["my_value"] = {}
my_service["generator"]["script"] = "echo -n hello > $facts/my_value" my_service["secret"]["my_secret"] = {}
my_service["generator"]["script"] = (
"echo -n hello > $facts/my_value && echo -n hello > $secrets/my_secret"
)
my_generator = config["clan"]["core"]["vars"]["generators"]["my_generator"] my_generator = config["clan"]["core"]["vars"]["generators"]["my_generator"]
my_generator["files"]["my_value"]["secret"] = False my_generator["files"]["my_value"]["secret"] = False
my_generator["files"]["my_secret"]["secret"] = True
my_generator["migrateFact"] = "my_service" my_generator["migrateFact"] = "my_service"
my_generator["script"] = "echo -n world > $out/my_value" my_generator["script"] = "echo -n world > $out/my_value"
flake.refresh() flake.refresh()
@@ -795,8 +799,13 @@ def test_migration(
in_repo_store = in_repo.FactStore( in_repo_store = in_repo.FactStore(
Machine(name="my_machine", flake=FlakeId(str(flake.path))) Machine(name="my_machine", flake=FlakeId(str(flake.path)))
) )
sops_store = sops.SecretStore(
Machine(name="my_machine", flake=FlakeId(str(flake.path)))
)
assert in_repo_store.exists("my_generator", "my_value") assert in_repo_store.exists("my_generator", "my_value")
assert in_repo_store.get("my_generator", "my_value").decode() == "hello" assert in_repo_store.get("my_generator", "my_value").decode() == "hello"
assert sops_store.exists("my_generator", "my_secret")
assert sops_store.get("my_generator", "my_secret").decode() == "hello"
@pytest.mark.impure @pytest.mark.impure