yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request 'Revert "vars: fix - upload machines own secrets only"' (#1950) from DavHau/clan-core:DavHau-dave into main

Browse Source
This commit is contained in:
clan-bot
2024-08-21 13:02:27 +00:00
parent 9b929f6f0d 0cd29daf88
commit aeb62e8de8
4 changed files with 27 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
nixosModules/clanCore/vars/secret/sops/default.nix
View File

@@ -10,11 +10,17 @@ let
inherit (import ./funcs.nix { inherit lib; }) listVars; inherit (import ./funcs.nix { inherit lib; }) listVars;
varsDirMachines = varsDirMachines = config.clan.core.clanDir + "/sops/vars/per-machine";
config.clan.core.clanDir + "/sops/vars/per-machine/${config.clan.core.machineName}";
varsDirShared = config.clan.core.clanDir + "/sops/vars/shared"; varsDirShared = config.clan.core.clanDir + "/sops/vars/shared";
vars = lib.traceValSeq (listVars varsDirMachines) ++ (listVars varsDirShared); varsUnfiltered = (listVars varsDirMachines) ++ (listVars varsDirShared);
filterVars =
vars:
builtins.elem vars.machine [
config.clan.core.machineName
"shared"
];
vars = lib.filter filterVars varsUnfiltered;
in in
{ {

9
nixosModules/clanCore/vars/secret/sops/eval-tests/default.nix
View File

@@ -21,24 +21,23 @@ in
}; };
test_listSecrets = { test_listSecrets = {
expr = listVars "per_machine" ./populated/vars/my_machine; expr = listVars ./populated/vars;
expected = [ expected = [
{ {
machine = "my_machine";
generator = "my_generator"; generator = "my_generator";
name = "my_secret"; name = "my_secret";
id = "per_machine/my_generator/my_secret";
sopsFile = "${./populated/vars/my_machine}/my_generator/my_secret/secret";
} }
]; ];
}; };
test_listSecrets_no_vars = { test_listSecrets_no_vars = {
expr = listVars "per_machine" noVars; expr = listVars noVars;
expected = [ ]; expected = [ ];
}; };
test_listSecrets_empty_vars = { test_listSecrets_empty_vars = {
expr = listVars "per_machine" emtpyVars; expr = listVars emtpyVars;
expected = [ ]; expected = [ ];
}; };
} }

20
nixosModules/clanCore/vars/secret/sops/funcs.nix
View File

@@ -14,13 +14,17 @@ rec {
listVars = listVars =
varsDir: varsDir:
flip concatMap (readDirNames (varsDir)) ( flip concatMap (readDirNames varsDir) (
generator_name: machine_name:
flip map (readDirNames (varsDir + "/${generator_name}")) (secret_name: { flip concatMap (readDirNames (varsDir + "/${machine_name}")) (
generator = generator_name; generator_name:
name = secret_name; flip map (readDirNames (varsDir + "/${machine_name}/${generator_name}")) (secret_name: {
id = "${generator_name}/${secret_name}"; machine = machine_name;
sopsFile = "${varsDir}/${generator_name}/${secret_name}/secret"; generator = generator_name;
}) name = secret_name;
id = "${machine_name}/${generator_name}/${secret_name}";
sopsFile = "${varsDir}/${machine_name}/${generator_name}/${secret_name}/secret";
})
)
); );
} }

4
pkgs/clan-cli/tests/test_vars_deployment.py
View File

@@ -35,8 +35,8 @@ def test_vm_deployment(
cli.run(["vars", "generate", "my_machine"]) cli.run(["vars", "generate", "my_machine"])
run_vm_in_thread("my_machine") run_vm_in_thread("my_machine")
qga = qga_connect("my_machine") qga = qga_connect("my_machine")
qga.run("ls /run/secrets/my_generator/my_secret", check=True) qga.run("ls /run/secrets/my_machine/my_generator/my_secret", check=True)
_, out, _ = qga.run("cat /run/secrets/my_generator/my_secret") _, out, _ = qga.run("cat /run/secrets/my_machine/my_generator/my_secret")
assert out == "hello\n" assert out == "hello\n"
qga.exec_cmd("poweroff") qga.exec_cmd("poweroff")
wait_vm_down("my_machine") wait_vm_down("my_machine")