vars: implement generating public variables via in_repo

2024-07-09 12:42:15 +07:00
parent 26ff2beea9
commit 3447a98bee
16 changed files with 452 additions and 279 deletions
--- a/pkgs/clan-cli/clan_cli/vars/generate.py
+++ b/pkgs/clan-cli/clan_cli/vars/generate.py
@@ -37,7 +37,7 @@ def read_multiline_input(prompt: str = "Finish with Ctrl-D") -> str:
    return proc.stdout


-def bubblewrap_cmd(generator: str, facts_dir: Path, secrets_dir: Path) -> list[str]:
+def bubblewrap_cmd(generator: str, generator_dir: Path) -> list[str]:
    # fmt: off
    return nix_shell(
        [
@@ -49,8 +49,7 @@ def bubblewrap_cmd(generator: str, facts_dir: Path, secrets_dir: Path) -> list[s
            "--ro-bind", "/nix/store", "/nix/store",
            "--tmpfs",  "/usr/lib/systemd",
            "--dev", "/dev",
-            "--bind", str(facts_dir), str(facts_dir),
-            "--bind", str(secrets_dir), str(secrets_dir),
+            "--bind", str(generator_dir), str(generator_dir),
            "--unshare-all",
            "--unshare-user",
            "--uid", "1000",
@@ -61,19 +60,19 @@ def bubblewrap_cmd(generator: str, facts_dir: Path, secrets_dir: Path) -> list[s
    # fmt: on


-def generate_service_facts(
+def execute_generator(
    machine: Machine,
-    service: str,
+    generator_name: str,
    regenerate: bool,
-    secret_facts_store: SecretStoreBase,
-    public_facts_store: FactStoreBase,
+    secret_vars_store: SecretStoreBase,
+    public_vars_store: FactStoreBase,
    tmpdir: Path,
    prompt: Callable[[str], str],
 ) -> bool:
-    service_dir = tmpdir / service
+    generator_dir = tmpdir / generator_name
    # check if all secrets exist and generate them if at least one is missing
-    needs_regeneration = not check_secrets(machine, service=service)
-    log.debug(f"{service} needs_regeneration: {needs_regeneration}")
+    needs_regeneration = not check_secrets(machine, generator_name=generator_name)
+    log.debug(f"{generator_name} needs_regeneration: {needs_regeneration}")
    if not (needs_regeneration or regenerate):
        return False
    if not isinstance(machine.flake, Path):
@@ -81,22 +80,15 @@ def generate_service_facts(
        msg += "fact/secret generation is only supported for local flakes"

    env = os.environ.copy()
-    facts_dir = service_dir / "facts"
-    facts_dir.mkdir(parents=True)
-    env["facts"] = str(facts_dir)
-    secrets_dir = service_dir / "secrets"
-    secrets_dir.mkdir(parents=True)
-    env["secrets"] = str(secrets_dir)
+    generator_dir.mkdir(parents=True)
+    env["out"] = str(generator_dir)
    # compatibility for old outputs.nix users
-    if isinstance(machine.facts_data[service]["generator"], str):
-        generator = machine.facts_data[service]["generator"]
-    else:
-        generator = machine.facts_data[service]["generator"]["finalScript"]
-        if machine.facts_data[service]["generator"]["prompt"]:
-            prompt_value = prompt(machine.facts_data[service]["generator"]["prompt"])
-            env["prompt_value"] = prompt_value
+    generator = machine.vars_generators[generator_name]["finalScript"]
+    # if machine.vars_data[generator_name]["generator"]["prompt"]:
+    #     prompt_value = prompt(machine.vars_data[generator_name]["generator"]["prompt"])
+    #     env["prompt_value"] = prompt_value
    if sys.platform == "linux":
-        cmd = bubblewrap_cmd(generator, facts_dir, secrets_dir)
+        cmd = bubblewrap_cmd(generator, generator_dir)
    else:
        cmd = ["bash", "-c", generator]
    run(
@@ -105,40 +97,29 @@ def generate_service_facts(
    )
    files_to_commit = []
    # store secrets
-    for secret in machine.facts_data[service]["secret"]:
-        if isinstance(secret, str):
-            # TODO: This is the old NixOS module, can be dropped everyone has updated.
-            secret_name = secret
-            groups = []
-        else:
-            secret_name = secret["name"]
-            groups = secret.get("groups", [])
+    files = machine.vars_generators[generator_name]["files"]
+    for file_name, file in files.items():
+        groups = file.get("groups", [])

-        secret_file = secrets_dir / secret_name
+        secret_file = generator_dir / file_name
        if not secret_file.is_file():
-            msg = f"did not generate a file for '{secret_name}' when running the following command:\n"
+            msg = f"did not generate a file for '{file_name}' when running the following command:\n"
            msg += generator
            raise ClanError(msg)
-        secret_path = secret_facts_store.set(
-            service, secret_name, secret_file.read_bytes(), groups
-        )
-        if secret_path:
-            files_to_commit.append(secret_path)
-
-    # store facts
-    for name in machine.facts_data[service]["public"]:
-        fact_file = facts_dir / name
-        if not fact_file.is_file():
-            msg = f"did not generate a file for '{name}' when running the following command:\n"
-            msg += machine.facts_data[service]["generator"]
-            raise ClanError(msg)
-        fact_file = public_facts_store.set(service, name, fact_file.read_bytes())
-        if fact_file:
-            files_to_commit.append(fact_file)
+        if file["secret"]:
+            file_path = secret_vars_store.set(
+                generator_name, file_name, secret_file.read_bytes(), groups
+            )
+        else:
+            file_path = public_vars_store.set(
+                generator_name, file_name, secret_file.read_bytes()
+            )
+        if file_path:
+            files_to_commit.append(file_path)
    commit_files(
        files_to_commit,
        machine.flake_dir,
-        f"Update facts/secrets for service {service} in machine {machine.name}",
+        f"Update facts/secrets for service {generator_name} in machine {machine.name}",
    )
    return True

@@ -148,41 +129,43 @@ def prompt_func(text: str) -> str:
    return read_multiline_input()


-def _generate_facts_for_machine(
+def _generate_vars_for_machine(
    machine: Machine,
-    service: str | None,
+    generator_name: str | None,
    regenerate: bool,
    tmpdir: Path,
    prompt: Callable[[str], str] = prompt_func,
 ) -> bool:
    local_temp = tmpdir / machine.name
    local_temp.mkdir()
-    secret_facts_module = importlib.import_module(machine.secret_facts_module)
-    secret_facts_store = secret_facts_module.SecretStore(machine=machine)
+    secret_vars_module = importlib.import_module(machine.secret_vars_module)
+    secret_vars_store = secret_vars_module.SecretStore(machine=machine)

-    public_facts_module = importlib.import_module(machine.public_facts_module)
-    public_facts_store = public_facts_module.FactStore(machine=machine)
+    public_vars_module = importlib.import_module(machine.public_vars_module)
+    public_vars_store = public_vars_module.FactStore(machine=machine)

    machine_updated = False

-    if service and service not in machine.facts_data:
-        services = list(machine.facts_data.keys())
+    if generator_name and generator_name not in machine.vars_generators:
+        generators = list(machine.vars_generators.keys())
        raise ClanError(
-            f"Could not find service with name: {service}. The following services are available: {services}"
+            f"Could not find generator with name: {generator_name}. The following generators are available: {generators}"
        )

-    if service:
-        machine_service_facts = {service: machine.facts_data[service]}
+    if generator_name:
+        machine_generator_facts = {
+            generator_name: machine.vars_generators[generator_name]
+        }
    else:
-        machine_service_facts = machine.facts_data
+        machine_generator_facts = machine.vars_generators

-    for service in machine_service_facts:
-        machine_updated |= generate_service_facts(
+    for generator_name in machine_generator_facts:
+        machine_updated |= execute_generator(
            machine=machine,
-            service=service,
+            generator_name=generator_name,
            regenerate=regenerate,
-            secret_facts_store=secret_facts_store,
-            public_facts_store=public_facts_store,
+            secret_vars_store=secret_vars_store,
+            public_vars_store=public_vars_store,
            tmpdir=local_temp,
            prompt=prompt,
        )
@@ -192,9 +175,9 @@ def _generate_facts_for_machine(
    return machine_updated


-def generate_facts(
+def generate_vars(
    machines: list[Machine],
-    service: str | None,
+    generator_name: str | None,
    regenerate: bool,
    prompt: Callable[[str], str] = prompt_func,
 ) -> bool:
@@ -205,8 +188,8 @@ def generate_facts(
        for machine in machines:
            errors = 0
            try:
-                was_regenerated |= _generate_facts_for_machine(
-                    machine, service, regenerate, tmpdir, prompt
+                was_regenerated |= _generate_vars_for_machine(
+                    machine, generator_name, regenerate, tmpdir, prompt
                )
            except Exception as exc:
                log.error(f"Failed to generate facts for {machine.name}: {exc}")
@@ -226,7 +209,7 @@ def generate_command(args: argparse.Namespace) -> None:
        machines = get_all_machines(args.flake, args.option)
    else:
        machines = get_selected_machines(args.flake, args.option, args.machines)
-    generate_facts(machines, args.service, args.regenerate)
+    generate_vars(machines, args.service, args.regenerate)


 def register_generate_parser(parser: argparse.ArgumentParser) -> None: