clan tests: allow testing CLI interactions

This is an improvement of the clanTest nixos vm test module. The module now has a new option clan.test.fromFlake that allows to specify a flake.nix as the source for the test clan instead of specifying clan.XXX options. This in turn allows accessing the `flake.nix` inside the test driver allowing to use the clan cli on it
2025-06-11 18:47:12 +07:00
parent 86f6458cce
commit 6f451c700d
10 changed files with 301 additions and 26 deletions
--- a/checks/dummy-inventory-test-from-flake/default.nix
+++ b/checks/dummy-inventory-test-from-flake/default.nix
@@ -0,0 +1,61 @@
+{
+  pkgs,
+  nixosLib,
+  clan-core,
+  ...
+}:
+
+nixosLib.runTest (
+  { hostPkgs, config, ... }:
+  {
+    imports = [
+      clan-core.modules.nixosVmTest.clanTest
+    ];
+
+    hostPkgs = pkgs;
+
+    # This tests the compatibility of the inventory
+    # With the test framework
+    # - legacy-modules
+    # - clan.service modules
+    name = "dummy-inventory-test-from-flake";
+
+    clan.test.fromFlake = ./.;
+
+    testScript =
+      { nodes, ... }:
+      ''
+        ${clan-core.legacyPackages.${hostPkgs.system}.setupNixInNixPython}
+
+        def run_clan(cmd: list[str], **kwargs) -> str:
+            import subprocess
+            clan = "${clan-core.packages.${hostPkgs.system}.clan-cli}/bin/clan"
+            clan_args = ["--flake", "${config.clan.test.flakeForSandbox}"]
+            return subprocess.run(
+                ["${hostPkgs.util-linux}/bin/unshare", "--user", "--map-user", "1000", "--map-group", "1000", clan, *cmd, *clan_args],
+                **kwargs,
+                check=True,
+            ).stdout
+
+        start_all()
+        admin1.wait_for_unit("multi-user.target")
+        peer1.wait_for_unit("multi-user.target")
+        # Provided by the legacy module
+        print(admin1.succeed("systemctl status dummy-service"))
+        print(peer1.succeed("systemctl status dummy-service"))
+
+        # peer1 should have the 'hello' file
+        peer1.succeed("cat ${nodes.peer1.clan.core.vars.generators.new-service.files.not-a-secret.path}")
+
+        ls_out = peer1.succeed("ls -la ${nodes.peer1.clan.core.vars.generators.new-service.files.a-secret.path}")
+        # Check that the file is owned by 'nobody'
+        assert "nobody" in ls_out, f"File is not owned by 'nobody': {ls_out}"
+        # Check that the file is in the 'users' group
+        assert "users" in ls_out, f"File is not in the 'users' group: {ls_out}"
+        # Check that the file is in the '0644' mode
+        assert "-rw-r--r--" in ls_out, f"File is not in the '0644' mode: {ls_out}"
+
+        run_clan(["machines", "list"])
+      '';
+  }
+)