Merge pull request 'vars,facts: add sops.defaultGroups to new machines' (#2241) from DavHau/clan-core:DavHau-dave into main

pkgs/clan-cli/clan_cli/facts/secret_modules/sops.py

@@ -28,6 +28,7 @@ class SecretStore(SecretStoreBase):
             sops_secrets_folder(self.machine.flake_dir)
             / f"{self.machine.name}-age.key",
             priv_key,
+            add_groups=self.machine.deployment["sops"]["defaultGroups"],
         )
         add_machine(self.machine.flake_dir, self.machine.name, pub_key, False)
 

pkgs/clan-cli/clan_cli/vars/secret_modules/sops.py

@@ -48,6 +48,7 @@ class SecretStore(SecretStoreBase):
             sops_secrets_folder(self.machine.flake_dir)
             / f"{self.machine.name}-age.key",
             priv_key,
+            add_groups=self.machine.deployment["sops"]["defaultGroups"],
         )
         add_machine(self.machine.flake_dir, self.machine.name, pub_key, False)
 

pkgs/clan-cli/tests/test_vars.py

@@ -159,6 +159,7 @@ def test_generate_secret_var_sops(
     )
 
 
+# TODO: it doesn't actually test if the group has access
 @pytest.mark.impure
 def test_generate_secret_var_sops_with_default_group(
     monkeypatch: pytest.MonkeyPatch,