From 29f70640efa2d9dab5384377cd81b0d9f5d094cc Mon Sep 17 00:00:00 2001 From: DavHau Date: Thu, 10 Oct 2024 19:27:02 +0700 Subject: [PATCH] vars,facts: add sops.defaultGroups to new machines Prior to this, when initializing new machines, only the current user had access to it's key which prevents other admin users to deploy this machine later --- pkgs/clan-cli/clan_cli/facts/secret_modules/sops.py | 1 + pkgs/clan-cli/clan_cli/vars/secret_modules/sops.py | 1 + pkgs/clan-cli/tests/test_vars.py | 1 + 3 files changed, 3 insertions(+) diff --git a/pkgs/clan-cli/clan_cli/facts/secret_modules/sops.py b/pkgs/clan-cli/clan_cli/facts/secret_modules/sops.py index 56c268474..071ef3c82 100644 --- a/pkgs/clan-cli/clan_cli/facts/secret_modules/sops.py +++ b/pkgs/clan-cli/clan_cli/facts/secret_modules/sops.py @@ -28,6 +28,7 @@ class SecretStore(SecretStoreBase): sops_secrets_folder(self.machine.flake_dir) / f"{self.machine.name}-age.key", priv_key, + add_groups=self.machine.deployment["sops"]["defaultGroups"], ) add_machine(self.machine.flake_dir, self.machine.name, pub_key, False) diff --git a/pkgs/clan-cli/clan_cli/vars/secret_modules/sops.py b/pkgs/clan-cli/clan_cli/vars/secret_modules/sops.py index 4e7b90602..b38a23750 100644 --- a/pkgs/clan-cli/clan_cli/vars/secret_modules/sops.py +++ b/pkgs/clan-cli/clan_cli/vars/secret_modules/sops.py @@ -48,6 +48,7 @@ class SecretStore(SecretStoreBase): sops_secrets_folder(self.machine.flake_dir) / f"{self.machine.name}-age.key", priv_key, + add_groups=self.machine.deployment["sops"]["defaultGroups"], ) add_machine(self.machine.flake_dir, self.machine.name, pub_key, False) diff --git a/pkgs/clan-cli/tests/test_vars.py b/pkgs/clan-cli/tests/test_vars.py index 5a7355acd..a9f36a978 100644 --- a/pkgs/clan-cli/tests/test_vars.py +++ b/pkgs/clan-cli/tests/test_vars.py @@ -159,6 +159,7 @@ def test_generate_secret_var_sops( ) +# TODO: it doesn't actually test if the group has access @pytest.mark.impure def test_generate_secret_var_sops_with_default_group( monkeypatch: pytest.MonkeyPatch,