Merge pull request 'vars: fix shared dependency was not resolved correctly' (#2280) from DavHau/clan-core:DavHau-dave into main

2024-10-23 13:49:23 +00:00
parent f6d7d18ddb 33d049915c
commit 8bcac94826
2 changed files with 36 additions and 2 deletions
--- a/pkgs/clan-cli/clan_cli/vars/generate.py
+++ b/pkgs/clan-cli/clan_cli/vars/generate.py
@@ -58,7 +58,6 @@ def decrypt_dependencies(
    generator_name: str,
    secret_vars_store: SecretStoreBase,
    public_vars_store: FactStoreBase,
-    shared: bool,
 ) -> dict[str, dict[str, bytes]]:
    generator = machine.vars_generators[generator_name]
    dependencies = set(generator["dependencies"])
@@ -66,6 +65,7 @@ def decrypt_dependencies(
    for dep_generator in dependencies:
        decrypted_dependencies[dep_generator] = {}
        dep_files = machine.vars_generators[dep_generator]["files"]
+        shared = machine.vars_generators[dep_generator]["share"]
        for file_name, file in dep_files.items():
            if file["secret"]:
                decrypted_dependencies[dep_generator][file_name] = (
@@ -110,7 +110,10 @@ def execute_generator(

    # build temporary file tree of dependencies
    decrypted_dependencies = decrypt_dependencies(
-        machine, generator_name, secret_vars_store, public_vars_store, shared=is_shared
+        machine,
+        generator_name,
+        secret_vars_store,
+        public_vars_store,
    )

    def get_prompt_value(prompt_name: str) -> str:
--- a/pkgs/clan-cli/tests/test_vars.py
+++ b/pkgs/clan-cli/tests/test_vars.py
@@ -476,6 +476,37 @@ def test_share_flag(
    assert json.loads(vars_eval) == "hello\n"


+@pytest.mark.impure
+def test_depending_on_shared_secret_succeeds(
+    monkeypatch: pytest.MonkeyPatch,
+    temporary_home: Path,
+    sops_setup: SopsSetup,
+) -> None:
+    config = nested_dict()
+    shared_generator = config["clan"]["core"]["vars"]["generators"]["shared_generator"]
+    shared_generator["share"] = True
+    shared_generator["files"]["my_secret"]["secret"] = True
+    shared_generator["script"] = "echo hello > $out/my_secret"
+    dependent_generator = config["clan"]["core"]["vars"]["generators"][
+        "dependent_generator"
+    ]
+    dependent_generator["share"] = False
+    dependent_generator["files"]["my_secret"]["secret"] = True
+    dependent_generator["dependencies"] = ["shared_generator"]
+    dependent_generator["script"] = (
+        "cat $in/shared_generator/my_secret > $out/my_secret"
+    )
+    flake = generate_flake(
+        temporary_home,
+        flake_template=CLAN_CORE / "templates" / "minimal",
+        monkeypatch=monkeypatch,
+        machine_configs={"my_machine": config},
+    )
+    monkeypatch.chdir(flake.path)
+    sops_setup.init()
+    cli.run(["vars", "generate", "--flake", str(flake.path), "my_machine"])
+
+
@pytest.mark.impure
 def test_prompt_create_file(
    monkeypatch: pytest.MonkeyPatch,