allow to persist zerotier identities/ips/meshnames for non-controller

2023-11-10 11:42:44 +01:00
parent b8ed607658
commit c28089d4b2
6 changed files with 145 additions and 35 deletions
--- a/pkgs/clan-cli/tests/test_flake_api.py
+++ b/pkgs/clan-cli/tests/test_flake_api.py
@@ -27,7 +27,7 @@ def test_inspect_ok(api: TestClient, test_flake_with_core: FlakeForTest) -> None
    assert response.status_code == 200, "Failed to inspect vm"
    data = response.json()
    print("Data: ", data)
-    assert data.get("flake_attrs") == ["vm1"]
+    assert data.get("flake_attrs") == ["vm1", "vm2"]


@pytest.mark.impure
--- a/pkgs/clan-cli/tests/test_flake_with_core/flake.nix
+++ b/pkgs/clan-cli/tests/test_flake_with_core/flake.nix
@@ -31,6 +31,13 @@
              '';
            };
          };
+          vm2 = { lib, ... }: {
+            clan.networking.deploymentAddress = "__CLAN_DEPLOYMENT_ADDRESS__";
+            system.stateVersion = lib.version;
+            sops.age.keyFile = "__CLAN_SOPS_KEY_PATH__";
+            clanCore.secretsUploadDirectory = "__CLAN_SOPS_KEY_DIR__";
+            clan.networking.zerotier.networkId = "82b44b162ec6c013";
+          };
        };
      };
    in
--- a/pkgs/clan-cli/tests/test_secrets_generate.py
+++ b/pkgs/clan-cli/tests/test_secrets_generate.py
@@ -1,3 +1,4 @@
+import ipaddress
 from typing import TYPE_CHECKING

 import pytest
@@ -39,16 +40,9 @@ def test_generate_secret(
        test_flake_with_core.name, "vm1", "zerotier-network-id"
    )
    assert len(network_id) == 16
-    age_key = (
-        sops_secrets_folder(test_flake_with_core.path)
-        .joinpath("vm1-age.key")
-        .joinpath("secret")
-    )
-    identity_secret = (
-        sops_secrets_folder(test_flake_with_core.path)
-        .joinpath("vm1-zerotier-identity-secret")
-        .joinpath("secret")
-    )
+    secrets_folder = sops_secrets_folder(test_flake_with_core.path)
+    age_key = secrets_folder / "vm1-age.key" / "secret"
+    identity_secret = secrets_folder / "vm1-zerotier-identity-secret" / "secret"
    age_key_mtime = age_key.lstat().st_mtime_ns
    secret1_mtime = identity_secret.lstat().st_mtime_ns

@@ -57,10 +51,14 @@ def test_generate_secret(
    assert age_key.lstat().st_mtime_ns == age_key_mtime
    assert identity_secret.lstat().st_mtime_ns == secret1_mtime

-    machine_path = (
-        sops_secrets_folder(test_flake_with_core.path)
-        .joinpath("vm1-zerotier-identity-secret")
-        .joinpath("machines")
-        .joinpath("vm1")
-    )
-    assert machine_path.exists()
+    assert (
+        secrets_folder / "vm1-zerotier-identity-secret" / "machines" / "vm1"
+    ).exists()
+
+    cli.run(["secrets", "generate", "vm2"])
+    assert has_secret(test_flake_with_core.path, "vm2-age.key")
+    assert has_secret(test_flake_with_core.path, "vm2-zerotier-identity-secret")
+    ip = machine_get_fact(test_flake_with_core.name, "vm1", "zerotier-ip")
+    assert ipaddress.IPv6Address(ip).is_private
+    meshname = machine_get_fact(test_flake_with_core.name, "vm1", "zerotier-meshname")
+    assert len(meshname) == 26