From 7208c6dc825390f8647ac107c36a07149d97939c Mon Sep 17 00:00:00 2001
From: DavHau <d.hauer.it@gmail.com>
Date: Wed, 23 Oct 2024 20:41:51 +0700
Subject: [PATCH] vars: fix shared dependency was not resolved correctly

---
 pkgs/clan-cli/clan_cli/vars/generate.py |  7 ++++--
 pkgs/clan-cli/tests/test_vars.py        | 31 +++++++++++++++++++++++++
 2 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/pkgs/clan-cli/clan_cli/vars/generate.py b/pkgs/clan-cli/clan_cli/vars/generate.py
index 2391878bd..a9e25f3ce 100644
--- a/pkgs/clan-cli/clan_cli/vars/generate.py
+++ b/pkgs/clan-cli/clan_cli/vars/generate.py
@@ -58,7 +58,6 @@ def decrypt_dependencies(
     generator_name: str,
     secret_vars_store: SecretStoreBase,
     public_vars_store: FactStoreBase,
-    shared: bool,
 ) -> dict[str, dict[str, bytes]]:
     generator = machine.vars_generators[generator_name]
     dependencies = set(generator["dependencies"])
@@ -66,6 +65,7 @@ def decrypt_dependencies(
     for dep_generator in dependencies:
         decrypted_dependencies[dep_generator] = {}
         dep_files = machine.vars_generators[dep_generator]["files"]
+        shared = machine.vars_generators[dep_generator]["share"]
         for file_name, file in dep_files.items():
             if file["secret"]:
                 decrypted_dependencies[dep_generator][file_name] = (
@@ -110,7 +110,10 @@ def execute_generator(
 
     # build temporary file tree of dependencies
     decrypted_dependencies = decrypt_dependencies(
-        machine, generator_name, secret_vars_store, public_vars_store, shared=is_shared
+        machine,
+        generator_name,
+        secret_vars_store,
+        public_vars_store,
     )
 
     def get_prompt_value(prompt_name: str) -> str:
diff --git a/pkgs/clan-cli/tests/test_vars.py b/pkgs/clan-cli/tests/test_vars.py
index a9f36a978..09fdcdf71 100644
--- a/pkgs/clan-cli/tests/test_vars.py
+++ b/pkgs/clan-cli/tests/test_vars.py
@@ -476,6 +476,37 @@ def test_share_flag(
     assert json.loads(vars_eval) == "hello\n"
 
 
+@pytest.mark.impure
+def test_depending_on_shared_secret_succeeds(
+    monkeypatch: pytest.MonkeyPatch,
+    temporary_home: Path,
+    sops_setup: SopsSetup,
+) -> None:
+    config = nested_dict()
+    shared_generator = config["clan"]["core"]["vars"]["generators"]["shared_generator"]
+    shared_generator["share"] = True
+    shared_generator["files"]["my_secret"]["secret"] = True
+    shared_generator["script"] = "echo hello > $out/my_secret"
+    dependent_generator = config["clan"]["core"]["vars"]["generators"][
+        "dependent_generator"
+    ]
+    dependent_generator["share"] = False
+    dependent_generator["files"]["my_secret"]["secret"] = True
+    dependent_generator["dependencies"] = ["shared_generator"]
+    dependent_generator["script"] = (
+        "cat $in/shared_generator/my_secret > $out/my_secret"
+    )
+    flake = generate_flake(
+        temporary_home,
+        flake_template=CLAN_CORE / "templates" / "minimal",
+        monkeypatch=monkeypatch,
+        machine_configs={"my_machine": config},
+    )
+    monkeypatch.chdir(flake.path)
+    sops_setup.init()
+    cli.run(["vars", "generate", "--flake", str(flake.path), "my_machine"])
+
+
 @pytest.mark.impure
 def test_prompt_create_file(
     monkeypatch: pytest.MonkeyPatch,