Fix vars upload for public vars with neededFor activation/partitioning

When vars are marked with neededFor="activation" or "partitioning", they need to be available early in the boot process. However, the populate_dir methods in both sops and password_store secret backends were only calling self.get() which only retrieves secret vars from the .../secret path. This caused public vars (stored at .../value) to fail with "Secret does not exist" errors when trying to upload them. The fix uses file.value property instead, which properly delegates to the correct store (SecretStore or FactStore) based on whether the file is marked as secret or public. Fixes affected all neededFor phases in both backends: - sops: activation and partitioning phases - password_store: activation and partitioning phases
2025-11-02 16:01:43 +01:00
parent 35bffee544
commit a569a1d147
2 changed files with 4 additions and 4 deletions
--- a/pkgs/clan-cli/clan_cli/vars/secret_modules/password_store.py
+++ b/pkgs/clan-cli/clan_cli/vars/secret_modules/password_store.py
@@ -245,7 +245,7 @@ class SecretStore(StoreBase):
                            output_dir / "activation" / generator.name / file.name
                        )
                        out_file.parent.mkdir(parents=True, exist_ok=True)
-                        out_file.write_bytes(self.get(generator, file.name))
+                        out_file.write_bytes(file.value)
        if "partitioning" in phases:
            for generator in vars_generators:
                for file in generator.files:
@@ -254,7 +254,7 @@ class SecretStore(StoreBase):
                            output_dir / "partitioning" / generator.name / file.name
                        )
                        out_file.parent.mkdir(parents=True, exist_ok=True)
-                        out_file.write_bytes(self.get(generator, file.name))
+                        out_file.write_bytes(file.value)

        hash_data = self.generate_hash(machine)
        if hash_data:
--- a/pkgs/clan-cli/clan_cli/vars/secret_modules/sops.py
+++ b/pkgs/clan-cli/clan_cli/vars/secret_modules/sops.py
@@ -246,7 +246,7 @@ class SecretStore(StoreBase):
                        )
                        # chmod after in case it doesn't have u+w
                        target_path.touch(mode=0o600)
-                        target_path.write_bytes(self.get(generator, file.name))
+                        target_path.write_bytes(file.value)
                        target_path.chmod(file.mode)

        if "partitioning" in phases:
@@ -260,7 +260,7 @@ class SecretStore(StoreBase):
                        )
                        # chmod after in case it doesn't have u+w
                        target_path.touch(mode=0o600)
-                        target_path.write_bytes(self.get(generator, file.name))
+                        target_path.write_bytes(file.value)
                        target_path.chmod(file.mode)

    @override