yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request 'feat(scripts/update-vars): expose all configurables as arguments {repo_root, test_dir, check_attr}' (#3333) from hsjobeki/clan-core:lib-cleanup into main

Browse Source 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3333
This commit is contained in:
hsjobeki
2025-04-16 08:50:44 +00:00
parent f1856fbaa3 2796038254
commit 49977bd935
7 changed files with 175 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
checks/dummy-inventory-test/default.nix
View File

@@ -40,7 +40,7 @@ clanLib.test.makeTestClan {
perMachine = { perMachine = {
nixosModule = { nixosModule = {
# This should be generated by: # This should be generated by:
# ./pkgs/scripts/update-vars.py inventory-test-framework-compatibility-test # ./pkgs/scripts/update-vars.py
clan.core.vars.generators.new-service = { clan.core.vars.generators.new-service = {
files.hello = { files.hello = {
secret = false; secret = false;

2
lib/default.nix
View File

@@ -25,7 +25,7 @@ lib.fix (clanLib: {
buildClanModule = clanLib.callLib ./build-clan { }; buildClanModule = clanLib.callLib ./build-clan { };
inventory = clanLib.callLib ./inventory { }; inventory = clanLib.callLib ./inventory { };
modules = clanLib.callLib ./inventory/frontmatter { }; modules = clanLib.callLib ./inventory/frontmatter { };
test = clanLib.callLib ./tests { }; test = clanLib.callLib ./test { };
# Plain imports. # Plain imports.
values = import ./introspection { inherit lib; }; values = import ./introspection { inherit lib; };

119
lib/test/default.nix Normal file
View File

@@ -0,0 +1,119 @@
{ lib, clanLib }:
let
inherit (lib)
mkOption
types
;
in
{
minifyModule = ./minify.nix;
sopsModule = ./sops.nix;
# A function that returns an extension to runTest
makeTestClan =
{
nixosTest,
pkgs,
self,
...
}:
let
nixos-lib = import (pkgs.path + "/nixos/lib") { };
in
(nixos-lib.runTest (
{ config, ... }:
let
clanFlakeResult = config.clan;
in
{
imports = [ nixosTest ];
options = {
clanSettings = mkOption {
default = { };
type = types.submodule {
options = {
clan-core = mkOption { default = self; };
nixpkgs = mkOption { default = self.inputs.nixpkgs; };
nix-darwin = mkOption { default = self.inputs.nix-darwin; };
};
};
};
clan = mkOption {
default = { };
type = types.submoduleWith {
specialArgs = {
inherit (config.clanSettings)
clan-core
nixpkgs
nix-darwin
;
};
modules = [
clanLib.buildClanModule.flakePartsModule
];
};
};
};
config = {
# Inherit all nodes from the clan
# i.e. nodes.jon <- clan.machines.jon
# clanInternals.nixosModules contains nixosModules per node
nodes = clanFlakeResult.clanInternals.nixosModules;
hostPkgs = pkgs;
# !WARNING: Write a detailed comment if adding new options here
# We should be very careful about adding new options here because it affects all tests
# Keep in mind:
# - tests should be close to the real world as possible
# - ensure stability: in clan-core and downstream
# - ensure that the tests are fast and reliable
defaults = (
{ config, ... }:
{
imports = [
# Speed up evaluation
clanLib.test.minifyModule
# Setup for sops during tests
# configures a static age-key to skip the age-key generation
clanLib.test.sopsModule
];
# Disable documentation
# This is nice to speed up the evaluation
# And also suppresses any warnings or errors about the documentation
documentation.enable = lib.mkDefault false;
# Disable garbage collection during the test
# https://nix.dev/manual/nix/2.28/command-ref/conf-file.html?highlight=min-free#available-settings
nix.settings.min-free = 0;
# This is typically set once via vars generate for a machine
# Since we have ephemeral machines, we set it here for the test
system.stateVersion = config.system.nixos.release;
# Currently this is the default in NixOS, but we set it explicitly to avoid surprises
# Disable the initrd systemd service which has the following effect
#
# With the below on 'false' initrd runs a 'minimal shell script', called the stage-1 init.
# Benefits:
# Simple and fast.
# Easier to debug for very minimal or custom setups.
# Drawbacks:
# Limited flexibility.
# Harder to handle advanced setups (like TPM, LUKS, or LVM-on-LUKS) but not needed since we are in a test
# No systemd journal logs from initrd.
boot.initrd.systemd.enable = false;
}
);
# TODO: figure out if we really need this
# I am proposing for less magic in the test-framework
# People may add this in their own tests
# _module.args = { inherit self; };
# node.specialArgs.self = self;
};
}
)).config.result;
}

0
lib/tests/minify.nix → lib/test/minify.nix
View File

16
lib/test/sops.nix Normal file
View File

@@ -0,0 +1,16 @@
# nixosModule
{ config, lib, ... }:
{
# configures a static age-key to skip the age-key generation
sops.age.keyFile = "/run/age-key.txt";
system.activationScripts =
{
setupSecrets.deps = [ "age-key" ];
age-key.text = ''
echo AGE-SECRET-KEY-1PL0M9CWRCG3PZ9DXRTTLMCVD57U6JDFE8K7DNVQ35F4JENZ6G3MQ0RQLRV > /run/age-key.txt
'';
}
// lib.optionalAttrs (lib.filterAttrs (_: v: v.neededForUsers) config.sops.secrets != { }) {
setupSecretsForUsers.deps = [ "age-key" ];
};
}

92
lib/tests/default.nix
View File

@@ -1,92 +0,0 @@
{ lib, clanLib }:
let
inherit (lib)
mkOption
types
;
in
{
minifyModule = ./minify.nix;
# A function that returns an extension to runTest
makeTestClan =
{
nixosTest,
pkgs,
self,
...
}:
let
nixos-lib = import (pkgs.path + "/nixos/lib") { };
in
(nixos-lib.runTest (
{ config, ... }:
let
clanFlakeResult = config.clan;
in
{
imports = [ nixosTest ];
options = {
clanSettings = mkOption {
default = { };
type = types.submodule {
options = {
clan-core = mkOption { default = self; };
nixpkgs = mkOption { default = self.inputs.nixpkgs; };
nix-darwin = mkOption { default = self.inputs.nix-darwin; };
};
};
};
clan = mkOption {
default = { };
type = types.submoduleWith {
specialArgs = {
inherit (config.clanSettings)
clan-core
nixpkgs
nix-darwin
;
};
modules = [
clanLib.buildClanModule.flakePartsModule
];
};
};
};
config = {
nodes = clanFlakeResult.clanInternals.nixosModules;
hostPkgs = pkgs;
# speed-up evaluation
defaults = (
{ config, ... }:
{
imports = [
clanLib.test.minifyModule
];
documentation.enable = lib.mkDefault false;
nix.settings.min-free = 0;
system.stateVersion = config.system.nixos.release;
boot.initrd.systemd.enable = false;
# setup for sops
sops.age.keyFile = "/run/age-key.txt";
system.activationScripts =
{
setupSecrets.deps = [ "age-key" ];
age-key.text = ''
echo AGE-SECRET-KEY-1PL0M9CWRCG3PZ9DXRTTLMCVD57U6JDFE8K7DNVQ35F4JENZ6G3MQ0RQLRV > /run/age-key.txt
'';
}
// lib.optionalAttrs (lib.filterAttrs (_: v: v.neededForUsers) config.sops.secrets != { }) {
setupSecretsForUsers.deps = [ "age-key" ];
};
}
);
# to accept external dependencies such as disko
_module.args = { inherit self; };
node.specialArgs.self = self;
};
}
)).config.result;
}

61
pkgs/scripts/update-vars.py
View File

@@ -13,29 +13,19 @@ from clan_cli.machines.machines import Machine
from clan_cli.nix import nix_build, nix_config, nix_eval from clan_cli.nix import nix_build, nix_config, nix_eval
from clan_cli.vars.generate import generate_vars from clan_cli.vars.generate import generate_vars
if _project_root := os.environ.get("PRJ_ROOT"):
clan_core_dir = Path(_project_root)
else:
msg = "PRJ_ROOT not set. Enter the dev environment first"
raise Exception(msg) # noqa TRY002
sops_priv_key = ( sops_priv_key = (
"AGE-SECRET-KEY-1PL0M9CWRCG3PZ9DXRTTLMCVD57U6JDFE8K7DNVQ35F4JENZ6G3MQ0RQLRV" "AGE-SECRET-KEY-1PL0M9CWRCG3PZ9DXRTTLMCVD57U6JDFE8K7DNVQ35F4JENZ6G3MQ0RQLRV"
) )
sops_pub_key = "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg" sops_pub_key = "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg"
def _test_dir(test_name: str) -> Path: def machine_names(repo_root: Path, check_attr: str) -> list[str]:
return Path(clan_core_dir / "checks" / test_name)
def machine_names(test_name: str) -> list[str]:
""" """
Get the machine names from the test flake Get the machine names from the test flake
""" """
cmd = nix_eval( cmd = nix_eval(
[ [
f"{clan_core_dir}#checks.{nix_config()['system']}.{test_name}.nodes", f"{repo_root}#checks.{nix_config()['system']}.{check_attr}.nodes",
"--apply", "--apply",
"builtins.attrNames", "builtins.attrNames",
] ]
@@ -51,9 +41,9 @@ class TestMachine(Machine):
clan-core#checks.<system>.<test_name>.nodes.<machine_name>.<attr> clan-core#checks.<system>.<test_name>.nodes.<machine_name>.<attr>
""" """
def __init__(self, name: str, flake: Flake, test_name: str) -> None: def __init__(self, name: str, flake: Flake, check_attr: str) -> None:
super().__init__(name, flake) super().__init__(name, flake)
self.test_name = test_name self.check_attr = check_attr
@property @property
def deployment(self) -> dict: def deployment(self) -> dict:
@@ -61,7 +51,7 @@ class TestMachine(Machine):
return self._deployment return self._deployment
cmd = nix_build( cmd = nix_build(
[ [
f"{clan_core_dir}#checks.{nix_config()['system']}.{self.test_name}.nodes.{self.name}.system.clan.deployment.file" f"{self.flake.path}#checks.{nix_config()['system']}.{self.check_attr}.nodes.{self.name}.system.clan.deployment.file"
] ]
) )
out = subprocess.run(cmd, check=True, text=True, stdout=subprocess.PIPE) out = subprocess.run(cmd, check=True, text=True, stdout=subprocess.PIPE)
@@ -86,7 +76,7 @@ class TestMachine(Machine):
# return self.nix("eval", attr, nix_options) # return self.nix("eval", attr, nix_options)
cmd = nix_eval( cmd = nix_eval(
[ [
f"{clan_core_dir}#checks.{nix_config()['system']}.{self.test_name}.nodes.{self.name}.{attr}" f"{self.flake.path}#checks.{nix_config()['system']}.{self.check_attr}.nodes.{self.name}.{attr}"
] ]
) )
out = subprocess.run(cmd, check=True, text=True, stdout=subprocess.PIPE) out = subprocess.run(cmd, check=True, text=True, stdout=subprocess.PIPE)
@@ -108,7 +98,7 @@ class TestMachine(Machine):
cmd = nix_build( cmd = nix_build(
[ [
f"{clan_core_dir}#checks.{nix_config()['system']}.{self.test_name}.nodes.{self.name}.{attr}" f"{self.flake.path}#checks.{nix_config()['system']}.{self.check_attr}.nodes.{self.name}.{attr}"
] ]
) )
out = subprocess.run(cmd, check=True, text=True, stdout=subprocess.PIPE) out = subprocess.run(cmd, check=True, text=True, stdout=subprocess.PIPE)
@@ -125,12 +115,34 @@ def parse_args() -> argparse.Namespace:
import argparse import argparse
parser = argparse.ArgumentParser( parser = argparse.ArgumentParser(
description="Update the vars of an inventory test", description="""
Update the vars of a 'makeTestClan' integration test.
See 'clanLib.test.makeTestClan' for more information on how to create such a test.
""",
) )
parser.add_argument( parser.add_argument(
"test_name", "--repo_root",
type=Path,
help="""
Should be an absolute path to the repo root.
This path is used as root to evaluate and build attributes using the nix commands.
i.e. 'nix eval <repo_root>#checks ...'
""",
required=False,
default=os.environ.get("PRJ_ROOT"),
)
parser.add_argument(
"test_dir",
type=Path,
help="""
The folder of the test. Usually passed as 'directory' to clan in the test.
Must be relative to the repo_root.
""",
)
parser.add_argument(
"check_attr",
type=str, type=str,
help="The name of the test to update", help="The attribute name of the flake#checks to update",
) )
return parser.parse_args() return parser.parse_args()
@@ -138,14 +150,17 @@ def parse_args() -> argparse.Namespace:
if __name__ == "__main__": if __name__ == "__main__":
os.environ["CLAN_NO_COMMIT"] = "1" os.environ["CLAN_NO_COMMIT"] = "1"
args = parse_args() args = parse_args()
test_dir = _test_dir(args.test_name) test_dir = args.repo_root / args.test_dir
subprocess.run(["rm", "-rf", f"{test_dir}/vars", f"{test_dir}/sops"]) subprocess.run(["rm", "-rf", f"{test_dir}/vars", f"{test_dir}/sops"])
flake = Flake(str(test_dir)) flake = Flake(str(test_dir))
flake._path = test_dir # noqa SLF001 flake._path = test_dir # noqa SLF001
flake._is_local = True # noqa SLF001 flake._is_local = True # noqa SLF001
machines = [ machines = [
TestMachine(name, flake, args.test_name) TestMachine(name, flake, args.check_attr)
for name in machine_names(args.test_name) for name in machine_names(
args.repo_root,
args.check_attr,
)
] ]
user = "admin" user = "admin"
admin_key_path = Path(flake.path / "sops" / "users" / user / "key.json") admin_key_path = Path(flake.path / "sops" / "users" / user / "key.json")