yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix gpg key fixture on macOS

Browse Source 
macOS has length limitations for unix sockets, which are violated by the
default length of temporary directories.
This commit is contained in:
Jörg Thalheim
2025-03-25 18:09:04 +01:00
parent ff669e2957
commit 5baf37f7e9
3 changed files with 34 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
pkgs/clan-cli/tests/conftest.py
View File

@@ -6,6 +6,7 @@ pytest_plugins = [
"root", "root",
"age_keys", "age_keys",
"gpg_keys", "gpg_keys",
"git_repo",
"sshd", "sshd",
"command", "command",
"ports", "ports",

25
pkgs/clan-cli/tests/gpg_keys.py Normal file
View File

@@ -0,0 +1,25 @@
import shutil
from dataclasses import dataclass
from pathlib import Path
import pytest
@dataclass
class GpgKey:
fingerprint: str
gpg_home: Path
@pytest.fixture
def gpg_key(
temp_dir: Path,
monkeypatch: pytest.MonkeyPatch,
test_root: Path,
) -> GpgKey:
gpg_home = temp_dir / "gnupghome"
shutil.copytree(test_root / "data" / "gnupg-home", gpg_home)
monkeypatch.setenv("GNUPGHOME", str(gpg_home))
return GpgKey("9A9B2741C8062D3D3DF1302D8B049E262A5CA255", gpg_home)

32
pkgs/clan-cli/tests/test_secrets_cli.py
View File

@@ -2,10 +2,8 @@ import json
import logging import logging
import os import os
import re import re
import shutil
from collections.abc import Iterator from collections.abc import Iterator
from contextlib import contextmanager from contextlib import contextmanager
from pathlib import Path
from typing import TYPE_CHECKING from typing import TYPE_CHECKING
import pytest import pytest
@@ -426,12 +424,12 @@ def use_age_key(key: str, monkeypatch: pytest.MonkeyPatch) -> Iterator[None]:
@contextmanager @contextmanager
def use_gpg_key(key: str, monkeypatch: pytest.MonkeyPatch) -> Iterator[None]: def use_gpg_key(key: GpgKey, monkeypatch: pytest.MonkeyPatch) -> Iterator[None]:
old_key_file = os.environ.get("SOPS_AGE_KEY_FILE") old_key_file = os.environ.get("SOPS_AGE_KEY_FILE")
old_key = os.environ.get("SOPS_AGE_KEY") old_key = os.environ.get("SOPS_AGE_KEY")
monkeypatch.delenv("SOPS_AGE_KEY_FILE", raising=False) monkeypatch.delenv("SOPS_AGE_KEY_FILE", raising=False)
monkeypatch.delenv("SOPS_AGE_KEY", raising=False) monkeypatch.delenv("SOPS_AGE_KEY", raising=False)
monkeypatch.setenv("SOPS_PGP_FP", key) monkeypatch.setenv("SOPS_PGP_FP", key.fingerprint)
try: try:
yield yield
finally: finally:
@@ -442,25 +440,11 @@ def use_gpg_key(key: str, monkeypatch: pytest.MonkeyPatch) -> Iterator[None]:
monkeypatch.setenv("SOPS_AGE_KEY", old_key) monkeypatch.setenv("SOPS_AGE_KEY", old_key)
@pytest.fixture
def gpg_key(
temp_dir: Path,
monkeypatch: pytest.MonkeyPatch,
test_root: Path,
) -> str:
gpg_home = temp_dir / "gnupghome"
shutil.copytree(test_root / "data" / "gnupg-home", gpg_home)
monkeypatch.setenv("GNUPGHOME", str(gpg_home))
return "9A9B2741C8062D3D3DF1302D8B049E262A5CA255"
def test_secrets( def test_secrets(
test_flake: FlakeForTest, test_flake: FlakeForTest,
capture_output: CaptureOutput, capture_output: CaptureOutput,
monkeypatch: pytest.MonkeyPatch, monkeypatch: pytest.MonkeyPatch,
gpg_key: str, gpg_key: GpgKey,
age_keys: list["KeyPair"], age_keys: list["KeyPair"],
) -> None: ) -> None:
with capture_output as output: with capture_output as output:
@@ -687,7 +671,7 @@ def test_secrets(
"--flake", "--flake",
str(test_flake.path), str(test_flake.path),
"--pgp-key", "--pgp-key",
gpg_key, gpg_key.fingerprint,
"user2", "user2",
] ]
) )
@@ -754,7 +738,7 @@ def test_secrets_key_generate_gpg(
test_flake: FlakeForTest, test_flake: FlakeForTest,
capture_output: CaptureOutput, capture_output: CaptureOutput,
monkeypatch: pytest.MonkeyPatch, monkeypatch: pytest.MonkeyPatch,
gpg_key: str, gpg_key: GpgKey,
) -> None: ) -> None:
with use_gpg_key(gpg_key, monkeypatch): with use_gpg_key(gpg_key, monkeypatch):
# Make sure clan secrets key generate recognizes # Make sure clan secrets key generate recognizes
@@ -776,7 +760,7 @@ def test_secrets_key_generate_gpg(
cli.run(["secrets", "key", "show", "--flake", str(test_flake.path)]) cli.run(["secrets", "key", "show", "--flake", str(test_flake.path)])
key = json.loads(output.out) key = json.loads(output.out)
assert key["type"] == "pgp" assert key["type"] == "pgp"
assert key["publickey"] == gpg_key assert key["publickey"] == gpg_key.fingerprint
# Add testuser with the key that was (not) generated for the clan: # Add testuser with the key that was (not) generated for the clan:
cli.run( cli.run(
@@ -787,7 +771,7 @@ def test_secrets_key_generate_gpg(
"--flake", "--flake",
str(test_flake.path), str(test_flake.path),
"--pgp-key", "--pgp-key",
gpg_key, gpg_key.fingerprint,
"testuser", "testuser",
] ]
) )
@@ -804,7 +788,7 @@ def test_secrets_key_generate_gpg(
) )
key = json.loads(output.out) key = json.loads(output.out)
assert key["type"] == "pgp" assert key["type"] == "pgp"
assert key["publickey"] == gpg_key assert key["publickey"] == gpg_key.fingerprint
monkeypatch.setenv("SOPS_NIX_SECRET", "secret-value") monkeypatch.setenv("SOPS_NIX_SECRET", "secret-value")
cli.run(["secrets", "set", "--flake", str(test_flake.path), "secret-name"]) cli.run(["secrets", "set", "--flake", str(test_flake.path), "secret-name"])