yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

vars: ensure shared generators don't depend on machine specific generators

Browse Source 
A dependency relation like this would not make sense as it would not be clear which machines generator the shared generator would depend on
This commit is contained in:
DavHau
2025-08-20 15:39:17 +07:00
parent de0b1b2d70
commit 527b4b2e40
2 changed files with 38 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
pkgs/clan-cli/clan_cli/tests/test_vars.py
View File

@@ -681,6 +681,39 @@ def test_prompt(
assert sops_store.get(my_generator, "prompt_persist").decode() == "prompt_persist" assert sops_store.get(my_generator, "prompt_persist").decode() == "prompt_persist"
@pytest.mark.with_core
def test_shared_vars_must_never_depend_on_machine_specific_vars(
monkeypatch: pytest.MonkeyPatch,
flake_with_sops: ClanFlake,
) -> None:
"""
Ensure that shared vars never depend on machine specific vars.
"""
flake = flake_with_sops
config = flake.machines["my_machine"]
config["nixpkgs"]["hostPlatform"] = "x86_64-linux"
my_generator = config["clan"]["core"]["vars"]["generators"]["my_generator"]
my_generator["share"] = True
my_generator["files"]["my_value"]["secret"] = False
my_generator["script"] = 'echo "$RANDOM" > "$out"/my_value'
my_generator["dependencies"] = ["machine_specific_generator"]
machine_specific_generator = config["clan"]["core"]["vars"]["generators"][
"machine_specific_generator"
]
machine_specific_generator["share"] = False
machine_specific_generator["files"]["my_value"]["secret"] = False
machine_specific_generator["script"] = 'echo "$RANDOM" > "$out"/my_value'
flake.refresh()
monkeypatch.chdir(flake.path)
# make sure an Exception is raised when trying to generate vars
with pytest.raises(
ClanError,
match="Shared generators must not depend on machine specific generators",
):
cli.run(["vars", "generate", "--flake", str(flake.path), "my_machine"])
@pytest.mark.with_core @pytest.mark.with_core
def test_multi_machine_shared_vars( def test_multi_machine_shared_vars(
monkeypatch: pytest.MonkeyPatch, monkeypatch: pytest.MonkeyPatch,

5
pkgs/clan-cli/clan_cli/vars/generator.py
View File

@@ -228,6 +228,11 @@ class Generator:
msg = f"Generator {dep_key.name} not found in machine {machine.name}" msg = f"Generator {dep_key.name} not found in machine {machine.name}"
raise ClanError(msg) raise ClanError(msg)
# Check that shared generators don't depend on machine-specific generators
if self.share and not dep_generator.share:
msg = f"Shared generators must not depend on machine specific generators. Generator '{self.name}' (shared) depends on '{dep_generator.name}' (machine-specific)"
raise ClanError(msg)
dep_files = dep_generator.files dep_files = dep_generator.files
for file in dep_files: for file in dep_files:
if file.secret: if file.secret: