vars,facts: add sops.defaultGroups to new machines

Prior to this, when initializing new machines, only the current user had access to it's key which prevents other admin users to deploy this machine later
2024-10-10 19:27:02 +07:00
parent f821ff74d7
commit d9597dab05
3 changed files with 3 additions and 0 deletions
--- a/pkgs/clan-cli/clan_cli/facts/secret_modules/sops.py
+++ b/pkgs/clan-cli/clan_cli/facts/secret_modules/sops.py
@@ -28,6 +28,7 @@ class SecretStore(SecretStoreBase):
            sops_secrets_folder(self.machine.flake_dir)
            / f"{self.machine.name}-age.key",
            priv_key,
+            add_groups=self.machine.deployment["sops"]["defaultGroups"],
        )
        add_machine(self.machine.flake_dir, self.machine.name, pub_key, False)

--- a/pkgs/clan-cli/clan_cli/vars/secret_modules/sops.py
+++ b/pkgs/clan-cli/clan_cli/vars/secret_modules/sops.py
@@ -48,6 +48,7 @@ class SecretStore(SecretStoreBase):
            sops_secrets_folder(self.machine.flake_dir)
            / f"{self.machine.name}-age.key",
            priv_key,
+            add_groups=self.machine.deployment["sops"]["defaultGroups"],
        )
        add_machine(self.machine.flake_dir, self.machine.name, pub_key, False)

--- a/pkgs/clan-cli/tests/test_vars.py
+++ b/pkgs/clan-cli/tests/test_vars.py
@@ -159,6 +159,7 @@ def test_generate_secret_var_sops(
    )


+# TODO: it doesn't actually test if the group has access
@pytest.mark.impure
 def test_generate_secret_var_sops_with_default_group(
    monkeypatch: pytest.MonkeyPatch,