From 8cc41f543a838ebe255b609fd5745a32c0a0eaed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 17 Dec 2024 16:29:14 +0100 Subject: [PATCH 1/6] clan_cli: merge four var tests into one --- pkgs/clan-cli/tests/test_vars.py | 320 +++++++++---------------------- 1 file changed, 95 insertions(+), 225 deletions(-) diff --git a/pkgs/clan-cli/tests/test_vars.py b/pkgs/clan-cli/tests/test_vars.py index 517548c1a..c44c399e0 100644 --- a/pkgs/clan-cli/tests/test_vars.py +++ b/pkgs/clan-cli/tests/test_vars.py @@ -94,42 +94,7 @@ def test_required_generators() -> None: @pytest.mark.with_core -def test_generate_public_var( - monkeypatch: pytest.MonkeyPatch, - flake: ClanFlake, -) -> None: - config = flake.machines["my_machine"] - config["nixpkgs"]["hostPlatform"] = "x86_64-linux" - my_generator = config["clan"]["core"]["vars"]["generators"]["my_generator"] - my_generator["files"]["my_value"]["secret"] = False - my_generator["script"] = "echo hello > $out/my_value" - flake.refresh() - monkeypatch.chdir(flake.path) - machine = Machine(name="my_machine", flake=FlakeId(str(flake.path))) - assert not check_vars(machine) - vars_text = stringify_all_vars(machine) - assert "my_generator/my_value: " in vars_text - cli.run(["vars", "generate", "--flake", str(flake.path), "my_machine"]) - assert check_vars(machine) - store = in_repo.FactStore( - Machine(name="my_machine", flake=FlakeId(str(flake.path))) - ) - assert store.exists(Generator("my_generator"), "my_value") - assert store.get(Generator("my_generator"), "my_value").decode() == "hello\n" - vars_text = stringify_all_vars(machine) - assert "my_generator/my_value: hello" in vars_text - vars_eval = run( - nix_eval( - [ - f"{flake.path}#nixosConfigurations.my_machine.config.clan.core.vars.generators.my_generator.files.my_value.value", - ] - ) - ).stdout.strip() - assert json.loads(vars_eval) == "hello\n" - - -@pytest.mark.with_core -def test_generate_secret_var_sops( +def test_generate_public_and_secret_vars( monkeypatch: pytest.MonkeyPatch, flake: ClanFlake, sops_setup: SopsSetup, @@ -137,17 +102,76 @@ def test_generate_secret_var_sops( config = flake.machines["my_machine"] config["nixpkgs"]["hostPlatform"] = "x86_64-linux" my_generator = config["clan"]["core"]["vars"]["generators"]["my_generator"] + my_generator["files"]["my_value"]["secret"] = False my_generator["files"]["my_secret"]["secret"] = True - my_generator["script"] = "echo hello > $out/my_secret" + my_generator["script"] = ( + "echo -n public > $out/my_value; echo -n secret > $out/my_secret; echo -n non-default > $out/value_with_default" + ) + + my_generator["files"]["value_with_default"]["secret"] = False + my_generator["files"]["value_with_default"]["value"]["_type"] = "override" + my_generator["files"]["value_with_default"]["value"]["priority"] = 1000 # mkDefault + my_generator["files"]["value_with_default"]["value"]["content"] = "default_value" + + my_shared_generator = config["clan"]["core"]["vars"]["generators"][ + "my_shared_generator" + ] + my_shared_generator["share"] = True + my_shared_generator["files"]["my_shared_value"]["secret"] = False + my_shared_generator["script"] = "echo -n shared > $out/my_shared_value" + + dependent_generator = config["clan"]["core"]["vars"]["generators"][ + "dependent_generator" + ] + dependent_generator["share"] = False + dependent_generator["files"]["my_secret"]["secret"] = True + dependent_generator["dependencies"] = ["my_shared_generator"] + dependent_generator["script"] = ( + "cat $in/my_shared_generator/my_shared_value > $out/my_secret" + ) + flake.refresh() monkeypatch.chdir(flake.path) sops_setup.init() + machine = Machine(name="my_machine", flake=FlakeId(str(flake.path))) assert not check_vars(machine) vars_text = stringify_all_vars(machine) + assert "my_generator/my_value: " in vars_text + assert "my_generator/my_secret: " in vars_text + assert "my_shared_generator/my_shared_value: " in vars_text + assert "dependent_generator/my_secret: " in vars_text + + # ensure evaluating the default value works without generating the value + value_non_default = run( + nix_eval( + [ + f"{flake.path}#nixosConfigurations.my_machine.config.clan.core.vars.generators.my_generator.files.value_with_default.value", + ] + ) + ).stdout.strip() + assert json.loads(value_non_default) == "default_value" + cli.run(["vars", "generate", "--flake", str(flake.path), "my_machine"]) assert check_vars(machine) - assert "my_generator/my_secret: " in vars_text + # get last commit message + commit_message = run( + ["git", "log", "-3", "--pretty=%B"], + ).stdout.strip() + assert ( + "Update vars via generator my_generator for machine my_machine" + in commit_message + ) + assert ( + "Update vars via generator my_shared_generator for machine my_machine" + in commit_message + ) + assert get_var(machine, "my_generator/my_value").printable_value == "public" + assert ( + get_var(machine, "my_shared_generator/my_shared_value").printable_value + == "shared" + ) + vars_text = stringify_all_vars(machine) in_repo_store = in_repo.FactStore( Machine(name="my_machine", flake=FlakeId(str(flake.path))) ) @@ -156,9 +180,32 @@ def test_generate_secret_var_sops( Machine(name="my_machine", flake=FlakeId(str(flake.path))) ) assert sops_store.exists(Generator("my_generator"), "my_secret") - assert sops_store.get(Generator("my_generator"), "my_secret").decode() == "hello\n" - vars_text = stringify_all_vars(machine) + assert sops_store.get(Generator("my_generator"), "my_secret").decode() == "secret" + assert sops_store.exists(Generator("dependent_generator"), "my_secret") + assert ( + sops_store.get(Generator("dependent_generator"), "my_secret").decode() + == "shared" + ) + + assert "my_generator/my_value: public" in vars_text assert "my_generator/my_secret" in vars_text + vars_eval = run( + nix_eval( + [ + f"{flake.path}#nixosConfigurations.my_machine.config.clan.core.vars.generators.my_generator.files.my_value.value", + ] + ) + ).stdout.strip() + assert json.loads(vars_eval) == "public" + + value_non_default = run( + nix_eval( + [ + f"{flake.path}#nixosConfigurations.my_machine.config.clan.core.vars.generators.my_generator.files.value_with_default.value", + ] + ) + ).stdout.strip() + assert json.loads(value_non_default) == "non-default" # test regeneration works cli.run( ["vars", "generate", "--flake", str(flake.path), "my_machine", "--regenerate"] @@ -521,33 +568,6 @@ def test_share_flag( assert json.loads(vars_eval) == "hello\n" -@pytest.mark.with_core -def test_depending_on_shared_secret_succeeds( - monkeypatch: pytest.MonkeyPatch, - flake: ClanFlake, - sops_setup: SopsSetup, -) -> None: - config = flake.machines["my_machine"] - config["nixpkgs"]["hostPlatform"] = "x86_64-linux" - shared_generator = config["clan"]["core"]["vars"]["generators"]["shared_generator"] - shared_generator["share"] = True - shared_generator["files"]["my_secret"]["secret"] = True - shared_generator["script"] = "echo hello > $out/my_secret" - dependent_generator = config["clan"]["core"]["vars"]["generators"][ - "dependent_generator" - ] - dependent_generator["share"] = False - dependent_generator["files"]["my_secret"]["secret"] = True - dependent_generator["dependencies"] = ["shared_generator"] - dependent_generator["script"] = ( - "cat $in/shared_generator/my_secret > $out/my_secret" - ) - flake.refresh() - monkeypatch.chdir(flake.path) - sops_setup.init() - cli.run(["vars", "generate", "--flake", str(flake.path), "my_machine"]) - - @pytest.mark.with_core def test_multi_machine_shared_vars( monkeypatch: pytest.MonkeyPatch, @@ -646,37 +666,13 @@ def test_prompt_create_file( ) -@pytest.mark.with_core -def test_api_get_prompts( - monkeypatch: pytest.MonkeyPatch, - flake: ClanFlake, -) -> None: - from clan_cli.vars.list import get_prompts - - config = flake.machines["my_machine"] - config["nixpkgs"]["hostPlatform"] = "x86_64-linux" - my_generator = config["clan"]["core"]["vars"]["generators"]["my_generator"] - my_generator["prompts"]["prompt1"]["type"] = "line" - my_generator["files"]["prompt1"]["secret"] = False - flake.refresh() - monkeypatch.chdir(flake.path) - monkeypatch.setattr("clan_cli.vars.prompt.MOCK_PROMPT_RESPONSE", iter(["input1"])) - cli.run(["vars", "generate", "--flake", str(flake.path), "my_machine"]) - machine = Machine(name="my_machine", flake=FlakeId(str(flake.path))) - api_prompts = get_prompts(machine) - assert len(api_prompts) == 1 - assert api_prompts[0].name == "my_generator" - assert api_prompts[0].prompts[0].name == "prompt1" - assert api_prompts[0].prompts[0].previous_value == "input1" - - @pytest.mark.with_core def test_api_set_prompts( monkeypatch: pytest.MonkeyPatch, flake: ClanFlake, ) -> None: from clan_cli.vars._types import GeneratorUpdate - from clan_cli.vars.list import set_prompts + from clan_cli.vars.list import get_prompts, set_prompts config = flake.machines["my_machine"] config["nixpkgs"]["hostPlatform"] = "x86_64-linux" @@ -684,8 +680,10 @@ def test_api_set_prompts( my_generator["prompts"]["prompt1"]["type"] = "line" my_generator["files"]["prompt1"]["secret"] = False flake.refresh() + monkeypatch.chdir(flake.path) machine = Machine(name="my_machine", flake=FlakeId(str(flake.path))) + set_prompts( machine, [ @@ -709,111 +707,11 @@ def test_api_set_prompts( ) assert store.get(Generator("my_generator"), "prompt1").decode() == "input2" - -@pytest.mark.with_core -def test_commit_message( - monkeypatch: pytest.MonkeyPatch, - flake: ClanFlake, - sops_setup: SopsSetup, -) -> None: - config = flake.machines["my_machine"] - config["nixpkgs"]["hostPlatform"] = "x86_64-linux" - my_generator = config["clan"]["core"]["vars"]["generators"]["my_generator"] - my_generator["files"]["my_value"]["secret"] = False - my_generator["script"] = "echo hello > $out/my_value" - my_secret_generator = config["clan"]["core"]["vars"]["generators"][ - "my_secret_generator" - ] - my_secret_generator["files"]["my_secret"]["secret"] = True - my_secret_generator["script"] = "echo hello > $out/my_secret" - flake.refresh() - monkeypatch.chdir(flake.path) - sops_setup.init() - cli.run( - [ - "vars", - "generate", - "--flake", - str(flake.path), - "my_machine", - "--generator", - "my_generator", - ] - ) - # get last commit message - commit_message = run( - ["git", "log", "-1", "--pretty=%B"], - ).stdout.strip() - assert ( - commit_message - == "Update vars via generator my_generator for machine my_machine" - ) - cli.run( - [ - "vars", - "generate", - "--flake", - str(flake.path), - "my_machine", - "--generator", - "my_secret_generator", - ] - ) - commit_message = run( - ["git", "log", "-1", "--pretty=%B"], - ).stdout.strip() - assert ( - commit_message - == "Update vars via generator my_secret_generator for machine my_machine" - ) - # ensure `clan vars set` also sets a reasonable commit message - set_var( - "my_machine", - "my_generator/my_value", - b"world", - FlakeId(str(flake.path)), - ) - commit_message = run( - ["git", "log", "-1", "--pretty=%B"], - ).stdout.strip() - assert all(x in commit_message for x in ["Update var", "my_generator", "my_value"]) - - -@pytest.mark.with_core -def test_default_value( - monkeypatch: pytest.MonkeyPatch, - flake: ClanFlake, -) -> None: - config = flake.machines["my_machine"] - config["nixpkgs"]["hostPlatform"] = "x86_64-linux" - my_generator = config["clan"]["core"]["vars"]["generators"]["my_generator"] - my_generator["files"]["my_value"]["secret"] = False - my_generator["files"]["my_value"]["value"]["_type"] = "override" - my_generator["files"]["my_value"]["value"]["priority"] = 1000 # mkDefault - my_generator["files"]["my_value"]["value"]["content"] = "foo" - my_generator["script"] = "echo -n hello > $out/my_value" - flake.refresh() - monkeypatch.chdir(flake.path) - # ensure evaluating the default value works without generating the value - value_eval = run( - nix_eval( - [ - f"{flake.path}#nixosConfigurations.my_machine.config.clan.core.vars.generators.my_generator.files.my_value.value", - ] - ) - ).stdout.strip() - assert json.loads(value_eval) == "foo" - # generate - cli.run(["vars", "generate", "--flake", str(flake.path), "my_machine"]) - # ensure the value is set correctly - value_eval = run( - nix_eval( - [ - f"{flake.path}#nixosConfigurations.my_machine.config.clan.core.vars.generators.my_generator.files.my_value.value", - ] - ) - ).stdout.strip() - assert json.loads(value_eval) == "hello" + api_prompts = get_prompts(machine) + assert len(api_prompts) == 1 + assert api_prompts[0].name == "my_generator" + assert api_prompts[0].prompts[0].name == "prompt1" + assert api_prompts[0].prompts[0].previous_value == "input2" @pytest.mark.with_core @@ -1027,34 +925,6 @@ def test_keygen( assert (temporary_home / "sops" / "users" / "user").is_dir() -@pytest.mark.with_core -def test_vars_get( - monkeypatch: pytest.MonkeyPatch, - flake: ClanFlake, -) -> None: - config = flake.machines["my_machine"] - config["nixpkgs"]["hostPlatform"] = "x86_64-linux" - my_generator = config["clan"]["core"]["vars"]["generators"]["my_generator"] - my_generator["files"]["my_value"]["secret"] = False - my_generator["script"] = "echo -n hello > $out/my_value" - my_shared_generator = config["clan"]["core"]["vars"]["generators"][ - "my_shared_generator" - ] - my_shared_generator["share"] = True - my_shared_generator["files"]["my_shared_value"]["secret"] = False - my_shared_generator["script"] = "echo -n hello > $out/my_shared_value" - flake.refresh() - monkeypatch.chdir(flake.path) - cli.run(["vars", "generate", "--flake", str(flake.path), "my_machine"]) - machine = Machine(name="my_machine", flake=FlakeId(str(flake.path))) - # get the value of a public var - assert get_var(machine, "my_generator/my_value").printable_value == "hello" - assert ( - get_var(machine, "my_shared_generator/my_shared_value").printable_value - == "hello" - ) - - @pytest.mark.with_core def test_invalidation( monkeypatch: pytest.MonkeyPatch, From 0ab3ec5e16a78d8153803a3ce3246e4cd9e95566 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 17 Dec 2024 17:10:22 +0100 Subject: [PATCH 2/6] vars: delete duplicate shared flag test --- pkgs/clan-cli/tests/test_vars.py | 67 -------------------------------- 1 file changed, 67 deletions(-) diff --git a/pkgs/clan-cli/tests/test_vars.py b/pkgs/clan-cli/tests/test_vars.py index c44c399e0..f01f86803 100644 --- a/pkgs/clan-cli/tests/test_vars.py +++ b/pkgs/clan-cli/tests/test_vars.py @@ -501,73 +501,6 @@ def test_prompt( ) -@pytest.mark.with_core -def test_share_flag( - monkeypatch: pytest.MonkeyPatch, - flake: ClanFlake, - sops_setup: SopsSetup, -) -> None: - config = flake.machines["my_machine"] - config["nixpkgs"]["hostPlatform"] = "x86_64-linux" - shared_generator = config["clan"]["core"]["vars"]["generators"]["shared_generator"] - shared_generator["share"] = True - shared_generator["files"]["my_secret"]["secret"] = True - shared_generator["files"]["my_value"]["secret"] = False - shared_generator["script"] = ( - "echo hello > $out/my_secret && echo hello > $out/my_value" - ) - unshared_generator = config["clan"]["core"]["vars"]["generators"][ - "unshared_generator" - ] - unshared_generator["share"] = False - unshared_generator["files"]["my_secret"]["secret"] = True - unshared_generator["files"]["my_value"]["secret"] = False - unshared_generator["script"] = ( - "echo hello > $out/my_secret && echo hello > $out/my_value" - ) - flake.refresh() - monkeypatch.chdir(flake.path) - sops_setup.init() - machine = Machine(name="my_machine", flake=FlakeId(str(flake.path))) - assert not check_vars(machine) - cli.run(["vars", "generate", "--flake", str(flake.path), "my_machine"]) - assert check_vars(machine) - sops_store = sops.SecretStore( - Machine(name="my_machine", flake=FlakeId(str(flake.path))) - ) - in_repo_store = in_repo.FactStore( - Machine(name="my_machine", flake=FlakeId(str(flake.path))) - ) - # check secrets stored correctly - assert sops_store.exists(Generator("shared_generator", share=True), "my_secret") - assert not sops_store.exists( - Generator("shared_generator", share=False), "my_secret" - ) - assert sops_store.exists(Generator("unshared_generator", share=False), "my_secret") - assert not sops_store.exists( - Generator("unshared_generator", share=True), "my_secret" - ) - # check values stored correctly - assert in_repo_store.exists(Generator("shared_generator", share=True), "my_value") - assert not in_repo_store.exists( - Generator("shared_generator", share=False), "my_value" - ) - assert in_repo_store.exists( - Generator("unshared_generator", share=False), "my_value" - ) - assert not in_repo_store.exists( - Generator("unshared_generator", share=True), "my_value" - ) - vars_eval = run( - nix_eval( - [ - f"{flake.path}#nixosConfigurations.my_machine.config.clan.core.vars.generators.shared_generator.files.my_value.value", - ] - ) - ).stdout.strip() - assert json.loads(vars_eval) == "hello\n" - - @pytest.mark.with_core def test_multi_machine_shared_vars( monkeypatch: pytest.MonkeyPatch, From ab1626d0eb361bad5fe73c3925c43ea071895695 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 17 Dec 2024 17:10:45 +0100 Subject: [PATCH 3/6] var: merge migration tests into one --- pkgs/clan-cli/tests/test_vars.py | 46 ++++++++++++-------------------- 1 file changed, 17 insertions(+), 29 deletions(-) diff --git a/pkgs/clan-cli/tests/test_vars.py b/pkgs/clan-cli/tests/test_vars.py index f01f86803..5a818af65 100644 --- a/pkgs/clan-cli/tests/test_vars.py +++ b/pkgs/clan-cli/tests/test_vars.py @@ -730,34 +730,6 @@ def test_stdout_of_generate( caplog.clear() -@pytest.mark.with_core -def test_migration_skip( - monkeypatch: pytest.MonkeyPatch, - flake: ClanFlake, - sops_setup: SopsSetup, -) -> None: - config = flake.machines["my_machine"] - config["nixpkgs"]["hostPlatform"] = "x86_64-linux" - my_service = config["clan"]["core"]["facts"]["services"]["my_service"] - my_service["secret"]["my_value"] = {} - my_service["generator"]["script"] = "echo -n hello > $secrets/my_value" - my_generator = config["clan"]["core"]["vars"]["generators"]["my_generator"] - # the var to migrate to is mistakenly marked as not secret (migration should fail) - my_generator["files"]["my_value"]["secret"] = False - my_generator["migrateFact"] = "my_service" - my_generator["script"] = "echo -n world > $out/my_value" - flake.refresh() - monkeypatch.chdir(flake.path) - sops_setup.init() - cli.run(["facts", "generate", "--flake", str(flake.path), "my_machine"]) - cli.run(["vars", "generate", "--flake", str(flake.path), "my_machine"]) - in_repo_store = in_repo.FactStore( - Machine(name="my_machine", flake=FlakeId(str(flake.path))) - ) - assert in_repo_store.exists(Generator("my_generator"), "my_value") - assert in_repo_store.get(Generator("my_generator"), "my_value").decode() == "world" - - @pytest.mark.with_core def test_migration( monkeypatch: pytest.MonkeyPatch, @@ -777,7 +749,17 @@ def test_migration( my_generator["files"]["my_value"]["secret"] = False my_generator["files"]["my_secret"]["secret"] = True my_generator["migrateFact"] = "my_service" - my_generator["script"] = "echo -n world > $out/my_value" + my_generator["script"] = "echo -n other > $out/my_value" + + other_service = config["clan"]["core"]["facts"]["services"]["other_service"] + other_service["secret"]["other_value"] = {} + other_service["generator"]["script"] = "echo -n hello > $secrets/other_value" + other_generator = config["clan"]["core"]["vars"]["generators"]["other_generator"] + # the var to migrate to is mistakenly marked as not secret (migration should fail) + other_generator["files"]["other_value"]["secret"] = False + other_generator["migrateFact"] = "my_service" + other_generator["script"] = "echo -n value-from-vars > $out/other_value" + flake.refresh() monkeypatch.chdir(flake.path) sops_setup.init() @@ -797,6 +779,12 @@ def test_migration( assert sops_store.exists(Generator("my_generator"), "my_secret") assert sops_store.get(Generator("my_generator"), "my_secret").decode() == "hello" + assert in_repo_store.exists(Generator("other_generator"), "other_value") + assert ( + in_repo_store.get(Generator("other_generator"), "other_value").decode() + == "value-from-vars" + ) + @pytest.mark.with_core def test_fails_when_files_are_left_from_other_backend( From 5ebbb3ee982afb6771a7df9ca8a6268c75c70c43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 17 Dec 2024 17:20:02 +0100 Subject: [PATCH 4/6] vars: remove duplicate test --- pkgs/clan-cli/tests/test_vars.py | 32 -------------------------------- 1 file changed, 32 deletions(-) diff --git a/pkgs/clan-cli/tests/test_vars.py b/pkgs/clan-cli/tests/test_vars.py index 5a818af65..fc85885cb 100644 --- a/pkgs/clan-cli/tests/test_vars.py +++ b/pkgs/clan-cli/tests/test_vars.py @@ -430,38 +430,6 @@ def test_generate_secret_for_multiple_machines( ) -@pytest.mark.with_core -def test_dependant_generators( - monkeypatch: pytest.MonkeyPatch, - flake: ClanFlake, -) -> None: - config = flake.machines["my_machine"] - config["nixpkgs"]["hostPlatform"] = "x86_64-linux" - parent_gen = config["clan"]["core"]["vars"]["generators"]["parent_generator"] - parent_gen["files"]["my_value"]["secret"] = False - parent_gen["script"] = "echo hello > $out/my_value" - child_gen = config["clan"]["core"]["vars"]["generators"]["child_generator"] - child_gen["files"]["my_value"]["secret"] = False - child_gen["dependencies"] = ["parent_generator"] - child_gen["script"] = "cat $in/parent_generator/my_value > $out/my_value" - flake.refresh() - monkeypatch.chdir(flake.path) - cli.run(["vars", "generate", "--flake", str(flake.path), "my_machine"]) - in_repo_store = in_repo.FactStore( - Machine(name="my_machine", flake=FlakeId(str(flake.path))) - ) - assert in_repo_store.exists(Generator("parent_generator"), "my_value") - assert ( - in_repo_store.get(Generator("parent_generator"), "my_value").decode() - == "hello\n" - ) - assert in_repo_store.exists(Generator("child_generator"), "my_value") - assert ( - in_repo_store.get(Generator("child_generator"), "my_value").decode() - == "hello\n" - ) - - @pytest.mark.with_core @pytest.mark.parametrize( ("prompt_type", "input_value"), From 1255c3108e966763a6270fdfbe4e6bb21622881b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 17 Dec 2024 17:20:31 +0100 Subject: [PATCH 5/6] merge three prompt type tests into one --- pkgs/clan-cli/tests/test_vars.py | 87 ++++++++++++++------------------ 1 file changed, 37 insertions(+), 50 deletions(-) diff --git a/pkgs/clan-cli/tests/test_vars.py b/pkgs/clan-cli/tests/test_vars.py index fc85885cb..10928ecc1 100644 --- a/pkgs/clan-cli/tests/test_vars.py +++ b/pkgs/clan-cli/tests/test_vars.py @@ -431,41 +431,61 @@ def test_generate_secret_for_multiple_machines( @pytest.mark.with_core -@pytest.mark.parametrize( - ("prompt_type", "input_value"), - [ - ("line", "my input"), - ("multiline", "my\nmultiline\ninput\n"), - # The hidden type cannot easily be tested, as getpass() reads from /dev/tty directly - # ("hidden", "my hidden input"), - ], -) def test_prompt( monkeypatch: pytest.MonkeyPatch, flake: ClanFlake, - prompt_type: str, - input_value: str, + sops_setup: SopsSetup, ) -> None: config = flake.machines["my_machine"] config["nixpkgs"]["hostPlatform"] = "x86_64-linux" my_generator = config["clan"]["core"]["vars"]["generators"]["my_generator"] - my_generator["files"]["my_value"]["secret"] = False + my_generator["files"]["line_value"]["secret"] = False + my_generator["files"]["multiline_value"]["secret"] = False + my_generator["prompts"]["prompt1"]["description"] = "dream2nix" my_generator["prompts"]["prompt1"]["createFile"] = False - my_generator["prompts"]["prompt1"]["type"] = prompt_type - my_generator["script"] = "cat $prompts/prompt1 > $out/my_value" + my_generator["prompts"]["prompt1"]["type"] = "line" + + my_generator["prompts"]["prompt2"]["description"] = "dream2nix" + my_generator["prompts"]["prompt2"]["createFile"] = False + my_generator["prompts"]["prompt2"]["type"] = "line" + + my_generator["prompts"]["prompt_create_file"]["createFile"] = True + + my_generator["script"] = ( + "cat $prompts/prompt1 > $out/line_value; cat $prompts/prompt2 > $out/multiline_value" + ) flake.refresh() monkeypatch.chdir(flake.path) + sops_setup.init() monkeypatch.setattr( - "clan_cli.vars.prompt.MOCK_PROMPT_RESPONSE", iter([input_value]) + "clan_cli.vars.prompt.MOCK_PROMPT_RESPONSE", + iter(["line input", "my\nmultiline\ninput\n", "prompt_create_file"]), ) cli.run(["vars", "generate", "--flake", str(flake.path), "my_machine"]) in_repo_store = in_repo.FactStore( Machine(name="my_machine", flake=FlakeId(str(flake.path))) ) - assert in_repo_store.exists(Generator("my_generator"), "my_value") + assert in_repo_store.exists(Generator("my_generator"), "line_value") assert ( - in_repo_store.get(Generator("my_generator"), "my_value").decode() == input_value + in_repo_store.get(Generator("my_generator"), "line_value").decode() + == "line input" + ) + + assert in_repo_store.exists(Generator("my_generator"), "multiline_value") + assert ( + in_repo_store.get(Generator("my_generator"), "multiline_value").decode() + == "my\nmultiline\ninput\n" + ) + sops_store = sops.SecretStore( + Machine(name="my_machine", flake=FlakeId(str(flake.path))) + ) + assert sops_store.exists( + Generator(name="my_generator", share=False, files=[]), "prompt_create_file" + ) + assert ( + sops_store.get(Generator(name="my_generator"), "prompt_create_file").decode() + == "prompt_create_file" ) @@ -534,39 +554,6 @@ def test_multi_machine_shared_vars( assert sops_store_2.machine_has_access(generator, "my_secret") -@pytest.mark.with_core -def test_prompt_create_file( - monkeypatch: pytest.MonkeyPatch, - flake: ClanFlake, - sops_setup: SopsSetup, -) -> None: - """ - Test that the createFile flag in the prompt configuration works as expected - """ - config = flake.machines["my_machine"] - config["nixpkgs"]["hostPlatform"] = "x86_64-linux" - my_generator = config["clan"]["core"]["vars"]["generators"]["my_generator"] - my_generator["prompts"]["prompt1"]["createFile"] = True - my_generator["prompts"]["prompt2"]["createFile"] = False - flake.refresh() - monkeypatch.chdir(flake.path) - sops_setup.init() - monkeypatch.setattr( - "clan_cli.vars.prompt.MOCK_PROMPT_RESPONSE", iter(["input1", "input2"]) - ) - cli.run(["vars", "generate", "--flake", str(flake.path), "my_machine"]) - sops_store = sops.SecretStore( - Machine(name="my_machine", flake=FlakeId(str(flake.path))) - ) - assert sops_store.exists( - Generator(name="my_generator", share=False, files=[]), "prompt1" - ) - assert not sops_store.exists(Generator(name="my_generator"), "prompt2") - assert ( - sops_store.get(Generator(name="my_generator"), "prompt1").decode() == "input1" - ) - - @pytest.mark.with_core def test_api_set_prompts( monkeypatch: pytest.MonkeyPatch, From 9d9e5bdd26cccd8ff3e9f75cc376810e469621c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 17 Dec 2024 17:37:22 +0100 Subject: [PATCH 6/6] vars/tests: merge test_build_scripts_for_correct_system into test_generate_secret_for_multiple_machines --- pkgs/clan-cli/tests/test_vars.py | 52 ++++++-------------------------- 1 file changed, 10 insertions(+), 42 deletions(-) diff --git a/pkgs/clan-cli/tests/test_vars.py b/pkgs/clan-cli/tests/test_vars.py index 10928ecc1..695f5ba83 100644 --- a/pkgs/clan-cli/tests/test_vars.py +++ b/pkgs/clan-cli/tests/test_vars.py @@ -8,7 +8,7 @@ from age_keys import SopsSetup from clan_cli.clan_uri import FlakeId from clan_cli.errors import ClanError from clan_cli.machines.machines import Machine -from clan_cli.nix import nix_command, nix_eval, run +from clan_cli.nix import nix_eval, run from clan_cli.vars.check import check_vars from clan_cli.vars.generate import Generator, generate_vars_for_machine from clan_cli.vars.get import get_var @@ -372,6 +372,10 @@ def test_generate_secret_for_multiple_machines( flake: ClanFlake, sops_setup: SopsSetup, ) -> None: + from clan_cli.nix import nix_config + + local_system = nix_config()["system"] + machine1_config = flake.machines["machine1"] machine1_config["nixpkgs"]["hostPlatform"] = "x86_64-linux" machine1_generator = machine1_config["clan"]["core"]["vars"]["generators"][ @@ -383,7 +387,11 @@ def test_generate_secret_for_multiple_machines( "echo machine1 > $out/my_secret && echo machine1 > $out/my_value" ) machine2_config = flake.machines["machine2"] - machine2_config["nixpkgs"]["hostPlatform"] = "x86_64-linux" + # Test that we can generate secrets for other platforms + machine2_config["nixpkgs"]["hostPlatform"] = ( + "aarch64-linux" if local_system == "x86_64-linux" else "x86_64-linux" + ) + machine2_generator = machine2_config["clan"]["core"]["vars"]["generators"][ "my_generator" ] @@ -831,43 +839,3 @@ def test_invalidation( cli.run(["vars", "generate", "--flake", str(flake.path), "my_machine"]) value2_new = get_var(machine, "my_generator/my_value").printable_value assert value2 == value2_new - - -@pytest.mark.with_core -def test_build_scripts_for_correct_system( - flake: ClanFlake, -) -> None: - """ - Ensure that the build script is generated for the current local system, - not the system of the target machine - """ - from clan_cli.nix import nix_config - - local_system = nix_config()["system"] - config = flake.machines["my_machine"] - config["nixpkgs"]["hostPlatform"] = ( - "aarch64-linux" if local_system == "x86_64-linux" else "x86_64-linux" - ) - my_generator = config["clan"]["core"]["vars"]["generators"]["my_generator"] - my_generator["files"]["my_value"]["secret"] = False - my_generator["script"] = "echo -n hello > $out/my_value" - flake.refresh() - # get the current system - # build the final script - generator = Generator("my_generator") - generator._machine = Machine(name="my_machine", flake=FlakeId(str(flake.path))) # NOQA: SLF001 - final_script = generator.final_script - script_path = str(final_script).removeprefix("/build/store") - # get the nix derivation for the script - cmd_out = run( - nix_command( - [ - "show-derivation", - script_path, - ] - ) - ) - assert cmd_out.returncode == 0 - out_json = json.loads(cmd_out.stdout) - generator_script_system = next(iter(out_json.values()))["system"] - assert generator_script_system == local_system