Secrets tests passing. nix fmt doesn't complain

2023-10-17 23:49:16 +02:00
parent 1631dc631b
commit d96ea61243
14 changed files with 281 additions and 139 deletions
--- a/pkgs/clan-cli/tests/fixtures_flakes.py
+++ b/pkgs/clan-cli/tests/fixtures_flakes.py
@@ -1,4 +1,5 @@
 import fileinput
+import logging
 import shutil
 import tempfile
 from pathlib import Path
@@ -10,6 +11,8 @@ from root import CLAN_CORE
 from clan_cli.dirs import nixpkgs_source
 from clan_cli.types import FlakeName

+log = logging.getLogger(__name__)
+

 # substitutes string sin a file.
 # This can be used on the flake.nix or default.nix of a machine
@@ -35,6 +38,7 @@ class FlakeForTest(NamedTuple):

 def create_flake(
    monkeypatch: pytest.MonkeyPatch,
+    temporary_dir: Path,
    flake_name: FlakeName,
    clan_core_flake: Path | None = None,
    machines: list[str] = [],
@@ -45,56 +49,67 @@ def create_flake(
    The machine names map to the machines in ./test_machines
    """
    template = Path(__file__).parent / flake_name
+
    # copy the template to a new temporary location
-    with tempfile.TemporaryDirectory() as tmpdir_:
-        home = Path(tmpdir_)
-        flake = home / flake_name
-        shutil.copytree(template, flake)
-        # lookup the requested machines in ./test_machines and include them
-        if machines:
-            (flake / "machines").mkdir(parents=True, exist_ok=True)
-        for machine_name in machines:
-            machine_path = Path(__file__).parent / "machines" / machine_name
-            shutil.copytree(machine_path, flake / "machines" / machine_name)
-            substitute(flake / "machines" / machine_name / "default.nix", flake)
-        # in the flake.nix file replace the string __CLAN_URL__ with the the clan flake
-        # provided by get_test_flake_toplevel
-        flake_nix = flake / "flake.nix"
-        # this is where we would install the sops key to, when updating
-        substitute(flake_nix, clan_core_flake, flake)
-        if remote:
-            with tempfile.TemporaryDirectory() as workdir:
-                monkeypatch.chdir(workdir)
-                monkeypatch.setenv("HOME", str(home))
-                yield FlakeForTest(flake_name, flake)
-        else:
-            monkeypatch.chdir(flake)
+    home = Path(temporary_dir)
+    flake = home / ".local/state/clan/flake" / flake_name
+    shutil.copytree(template, flake)
+
+    # lookup the requested machines in ./test_machines and include them
+    if machines:
+        (flake / "machines").mkdir(parents=True, exist_ok=True)
+    for machine_name in machines:
+        machine_path = Path(__file__).parent / "machines" / machine_name
+        shutil.copytree(machine_path, flake / "machines" / machine_name)
+        substitute(flake / "machines" / machine_name / "default.nix", flake)
+    # in the flake.nix file replace the string __CLAN_URL__ with the the clan flake
+    # provided by get_test_flake_toplevel
+    flake_nix = flake / "flake.nix"
+    # this is where we would install the sops key to, when updating
+    substitute(flake_nix, clan_core_flake, flake)
+    if remote:
+        with tempfile.TemporaryDirectory() as workdir:
+            monkeypatch.chdir(workdir)
            monkeypatch.setenv("HOME", str(home))
            yield FlakeForTest(flake_name, flake)
+    else:
+        monkeypatch.chdir(flake)
+        monkeypatch.setenv("HOME", str(home))
+        yield FlakeForTest(flake_name, flake)


@pytest.fixture
-def test_flake(monkeypatch: pytest.MonkeyPatch) -> Iterator[FlakeForTest]:
-    yield from create_flake(monkeypatch, FlakeName("test_flake"))
+def test_flake(
+    monkeypatch: pytest.MonkeyPatch, temporary_dir: Path
+) -> Iterator[FlakeForTest]:
+    yield from create_flake(monkeypatch, temporary_dir, FlakeName("test_flake"))


@pytest.fixture
-def test_flake_with_core(monkeypatch: pytest.MonkeyPatch) -> Iterator[FlakeForTest]:
-    if not (CLAN_CORE / "flake.nix").exists():
-        raise Exception(
-            "clan-core flake not found. This test requires the clan-core flake to be present"
-        )
-    yield from create_flake(monkeypatch, FlakeName("test_flake_with_core"), CLAN_CORE)
-
-
-@pytest.fixture
-def test_flake_with_core_and_pass(
-    monkeypatch: pytest.MonkeyPatch,
+def test_flake_with_core(
+    monkeypatch: pytest.MonkeyPatch, temporary_dir: Path
 ) -> Iterator[FlakeForTest]:
    if not (CLAN_CORE / "flake.nix").exists():
        raise Exception(
            "clan-core flake not found. This test requires the clan-core flake to be present"
        )
    yield from create_flake(
-        monkeypatch, FlakeName("test_flake_with_core_and_pass"), CLAN_CORE
+        monkeypatch, temporary_dir, FlakeName("test_flake_with_core"), CLAN_CORE
+    )
+
+
+@pytest.fixture
+def test_flake_with_core_and_pass(
+    monkeypatch: pytest.MonkeyPatch,
+    temporary_dir: Path,
+) -> Iterator[FlakeForTest]:
+    if not (CLAN_CORE / "flake.nix").exists():
+        raise Exception(
+            "clan-core flake not found. This test requires the clan-core flake to be present"
+        )
+    yield from create_flake(
+        monkeypatch,
+        temporary_dir,
+        FlakeName("test_flake_with_core_and_pass"),
+        CLAN_CORE,
    )
--- a/pkgs/clan-cli/tests/helpers/cli.py
+++ b/pkgs/clan-cli/tests/helpers/cli.py
@@ -1,16 +1,23 @@
 import argparse
+import inspect
+import logging
+import shlex

 from clan_cli import create_parser
-import logging
-import sys
-import shlex
+
 log = logging.getLogger(__name__)

-import inspect

 def get_caller() -> str:
    frame = inspect.currentframe()
-    caller_frame = frame.f_back.f_back
+    if frame is None:
+        return "unknown"
+    caller_frame = frame.f_back
+    if caller_frame is None:
+        return "unknown"
+    caller_frame = caller_frame.f_back
+    if caller_frame is None:
+        return "unknown"
    frame_info = inspect.getframeinfo(caller_frame)
    ret = f"{frame_info.filename}:{frame_info.lineno}::{frame_info.function}"
    return ret
@@ -22,7 +29,7 @@ class Cli:

    def run(self, args: list[str]) -> argparse.Namespace:
        cmd = shlex.join(["clan"] + args)
-        log.debug(f"Command: {cmd}")
+        log.debug(f"$ {cmd}")
        log.debug(f"Caller {get_caller()}")
        parsed = self.parser.parse_args(args)
        if hasattr(parsed, "func"):
--- a/pkgs/clan-cli/tests/temporary_dir.py
+++ b/pkgs/clan-cli/tests/temporary_dir.py
@@ -1,3 +1,4 @@
+import logging
 import os
 import tempfile
 from pathlib import Path
@@ -5,14 +6,17 @@ from typing import Iterator

 import pytest

+log = logging.getLogger(__name__)
+

@pytest.fixture
 def temporary_dir() -> Iterator[Path]:
-    if os.getenv("TEST_KEEP_TEMPORARY_DIR"):
+    if os.getenv("TEST_KEEP_TEMPORARY_DIR") is not None:
        temp_dir = tempfile.mkdtemp(prefix="pytest-")
        path = Path(temp_dir)
+        log.info("Keeping temporary test directory: ", path)
        yield path
-        print("=========> Keeping temporary directory: ", path)
    else:
+        log.debug("TEST_KEEP_TEMPORARY_DIR not set, using TemporaryDirectory")
        with tempfile.TemporaryDirectory(prefix="pytest-") as dirpath:
            yield Path(dirpath)
--- a/pkgs/clan-cli/tests/test_secrets_cli.py
+++ b/pkgs/clan-cli/tests/test_secrets_cli.py
@@ -1,9 +1,8 @@
+import logging
 import os
 from contextlib import contextmanager
-from pathlib import Path
 from typing import TYPE_CHECKING, Iterator

-import logging
 import pytest
 from cli import Cli
 from fixtures_flakes import FlakeForTest
@@ -28,7 +27,7 @@ def _test_identities(
    cli.run(["secrets", what, "add", "foo", age_keys[0].pubkey, test_flake.name])
    assert (sops_folder / what / "foo" / "key.json").exists()
    with pytest.raises(ClanError):
-        cli.run(["secrets", what, "add", "foo", age_keys[0].pubkey])
+        cli.run(["secrets", what, "add", "foo", age_keys[0].pubkey, test_flake.name])

    cli.run(
        [
@@ -43,23 +42,23 @@ def _test_identities(
    )

    capsys.readouterr()  # empty the buffer
-    cli.run(["secrets", what, "get", "foo"])
+    cli.run(["secrets", what, "get", "foo", test_flake.name])
    out = capsys.readouterr()  # empty the buffer
    assert age_keys[0].pubkey in out.out

    capsys.readouterr()  # empty the buffer
-    cli.run(["secrets", what, "list"])
+    cli.run(["secrets", what, "list", test_flake.name])
    out = capsys.readouterr()  # empty the buffer
    assert "foo" in out.out

-    cli.run(["secrets", what, "remove", "foo"])
+    cli.run(["secrets", what, "remove", "foo", test_flake.name])
    assert not (sops_folder / what / "foo" / "key.json").exists()

    with pytest.raises(ClanError):  # already removed
-        cli.run(["secrets", what, "remove", "foo"])
+        cli.run(["secrets", what, "remove", "foo", test_flake.name])

    capsys.readouterr()
-    cli.run(["secrets", what, "list"])
+    cli.run(["secrets", what, "list", test_flake.name])
    out = capsys.readouterr()
    assert "foo" not in out.out

@@ -81,30 +80,36 @@ def test_groups(
 ) -> None:
    cli = Cli()
    capsys.readouterr()  # empty the buffer
-    cli.run(["secrets", "groups", "list"])
+    cli.run(["secrets", "groups", "list", test_flake.name])
    assert capsys.readouterr().out == ""

    with pytest.raises(ClanError):  # machine does not exist yet
-        cli.run(["secrets", "groups", "add-machine", "group1", "machine1"])
+        cli.run(
+            ["secrets", "groups", "add-machine", "group1", "machine1", test_flake.name]
+        )
    with pytest.raises(ClanError):  # user does not exist yet
-        cli.run(["secrets", "groups", "add-user", "groupb1", "user1"])
-    cli.run(["secrets", "machines", "add", "machine1", age_keys[0].pubkey])
-    cli.run(["secrets", "groups", "add-machine", "group1", "machine1"])
+        cli.run(["secrets", "groups", "add-user", "groupb1", "user1", test_flake.name])
+    cli.run(
+        ["secrets", "machines", "add", "machine1", age_keys[0].pubkey, test_flake.name]
+    )
+    cli.run(["secrets", "groups", "add-machine", "group1", "machine1", test_flake.name])

    # Should this fail?
-    cli.run(["secrets", "groups", "add-machine", "group1", "machine1"])
+    cli.run(["secrets", "groups", "add-machine", "group1", "machine1", test_flake.name])

-    cli.run(["secrets", "users", "add", "user1", age_keys[0].pubkey])
-    cli.run(["secrets", "groups", "add-user", "group1", "user1"])
+    cli.run(["secrets", "users", "add", "user1", age_keys[0].pubkey, test_flake.name])
+    cli.run(["secrets", "groups", "add-user", "group1", "user1", test_flake.name])

    capsys.readouterr()  # empty the buffer
-    cli.run(["secrets", "groups", "list"])
+    cli.run(["secrets", "groups", "list", test_flake.name])
    out = capsys.readouterr().out
    assert "user1" in out
    assert "machine1" in out

-    cli.run(["secrets", "groups", "remove-user", "group1", "user1"])
-    cli.run(["secrets", "groups", "remove-machine", "group1", "machine1"])
+    cli.run(["secrets", "groups", "remove-user", "group1", "user1", test_flake.name])
+    cli.run(
+        ["secrets", "groups", "remove-machine", "group1", "machine1", test_flake.name]
+    )
    groups = os.listdir(test_flake.path / "sops" / "groups")
    assert len(groups) == 0

@@ -122,104 +127,114 @@ def use_key(key: str, monkeypatch: pytest.MonkeyPatch) -> Iterator[None]:


 def test_secrets(
-    test_flake: Path,
+    test_flake: FlakeForTest,
    capsys: pytest.CaptureFixture,
    monkeypatch: pytest.MonkeyPatch,
    age_keys: list["KeyPair"],
 ) -> None:
    cli = Cli()
    capsys.readouterr()  # empty the buffer
-    cli.run(["secrets", "list"])
+    cli.run(["secrets", "list", test_flake.name])
    assert capsys.readouterr().out == ""

    monkeypatch.setenv("SOPS_NIX_SECRET", "foo")
-    monkeypatch.setenv("SOPS_AGE_KEY_FILE", str(test_flake / ".." / "age.key"))
+    monkeypatch.setenv("SOPS_AGE_KEY_FILE", str(test_flake.path / ".." / "age.key"))
    cli.run(["secrets", "key", "generate"])
    capsys.readouterr()  # empty the buffer
    cli.run(["secrets", "key", "show"])
    key = capsys.readouterr().out
    assert key.startswith("age1")
-    cli.run(["secrets", "users", "add", "testuser", key])
+    cli.run(["secrets", "users", "add", "testuser", key, test_flake.name])

    with pytest.raises(ClanError):  # does not exist yet
-        cli.run(["secrets", "get", "nonexisting"])
-    cli.run(["secrets", "set", "initialkey"])
+        cli.run(["secrets", "get", "nonexisting", test_flake.name])
+    cli.run(["secrets", "set", "initialkey", test_flake.name])
    capsys.readouterr()
-    cli.run(["secrets", "get", "initialkey"])
+    cli.run(["secrets", "get", "initialkey", test_flake.name])
    assert capsys.readouterr().out == "foo"
    capsys.readouterr()
-    cli.run(["secrets", "users", "list"])
+    cli.run(["secrets", "users", "list", test_flake.name])
    users = capsys.readouterr().out.rstrip().split("\n")
    assert len(users) == 1, f"users: {users}"
    owner = users[0]

    monkeypatch.setenv("EDITOR", "cat")
-    cli.run(["secrets", "set", "--edit", "initialkey"])
+    cli.run(["secrets", "set", "--edit", "initialkey", test_flake.name])
    monkeypatch.delenv("EDITOR")

-    cli.run(["secrets", "rename", "initialkey", "key"])
+    cli.run(["secrets", "rename", "initialkey", "key", test_flake.name])

    capsys.readouterr()  # empty the buffer
-    cli.run(["secrets", "list"])
+    cli.run(["secrets", "list", test_flake.name])
    assert capsys.readouterr().out == "key\n"

-    cli.run(["secrets", "machines", "add", "machine1", age_keys[0].pubkey])
-    cli.run(["secrets", "machines", "add-secret", "machine1", "key"])
+    cli.run(
+        ["secrets", "machines", "add", "machine1", age_keys[0].pubkey, test_flake.name]
+    )
+    cli.run(["secrets", "machines", "add-secret", "machine1", "key", test_flake.name])
    capsys.readouterr()
-    cli.run(["secrets", "machines", "list"])
+    cli.run(["secrets", "machines", "list", test_flake.name])
    assert capsys.readouterr().out == "machine1\n"

    with use_key(age_keys[0].privkey, monkeypatch):
        capsys.readouterr()
-        cli.run(["secrets", "get", "key"])
+        cli.run(["secrets", "get", "key", test_flake.name])

        assert capsys.readouterr().out == "foo"

-    cli.run(["secrets", "machines", "remove-secret", "machine1", "key"])
+    cli.run(
+        ["secrets", "machines", "remove-secret", "machine1", "key", test_flake.name]
+    )

-    cli.run(["secrets", "users", "add", "user1", age_keys[1].pubkey])
-    cli.run(["secrets", "users", "add-secret", "user1", "key"])
+    cli.run(["secrets", "users", "add", "user1", age_keys[1].pubkey, test_flake.name])
+    cli.run(["secrets", "users", "add-secret", "user1", "key", test_flake.name])
    capsys.readouterr()
    with use_key(age_keys[1].privkey, monkeypatch):
-        cli.run(["secrets", "get", "key"])
+        cli.run(["secrets", "get", "key", test_flake.name])
    assert capsys.readouterr().out == "foo"
-    cli.run(["secrets", "users", "remove-secret", "user1", "key"])
+    cli.run(["secrets", "users", "remove-secret", "user1", "key", test_flake.name])

    with pytest.raises(ClanError):  # does not exist yet
-        cli.run(["secrets", "groups", "add-secret", "admin-group", "key"])
-    cli.run(["secrets", "groups", "add-user", "admin-group", "user1"])
-    cli.run(["secrets", "groups", "add-user", "admin-group", owner])
-    cli.run(["secrets", "groups", "add-secret", "admin-group", "key"])
+        cli.run(
+            ["secrets", "groups", "add-secret", "admin-group", "key", test_flake.name]
+        )
+    cli.run(["secrets", "groups", "add-user", "admin-group", "user1", test_flake.name])
+    cli.run(["secrets", "groups", "add-user", "admin-group", owner, test_flake.name])
+    cli.run(["secrets", "groups", "add-secret", "admin-group", "key", test_flake.name])

    capsys.readouterr()  # empty the buffer
-    cli.run(["secrets", "set", "--group", "admin-group", "key2"])
+    cli.run(["secrets", "set", "--group", "admin-group", "key2", test_flake.name])

    with use_key(age_keys[1].privkey, monkeypatch):
        capsys.readouterr()
-        cli.run(["secrets", "get", "key"])
+        cli.run(["secrets", "get", "key", test_flake.name])
        assert capsys.readouterr().out == "foo"

    # extend group will update secrets
-    cli.run(["secrets", "users", "add", "user2", age_keys[2].pubkey])
-    cli.run(["secrets", "groups", "add-user", "admin-group", "user2"])
+    cli.run(["secrets", "users", "add", "user2", age_keys[2].pubkey, test_flake.name])
+    cli.run(["secrets", "groups", "add-user", "admin-group", "user2", test_flake.name])

    with use_key(age_keys[2].privkey, monkeypatch):  # user2
        capsys.readouterr()
-        cli.run(["secrets", "get", "key"])
+        cli.run(["secrets", "get", "key", test_flake.name])
        assert capsys.readouterr().out == "foo"

-    cli.run(["secrets", "groups", "remove-user", "admin-group", "user2"])
+    cli.run(
+        ["secrets", "groups", "remove-user", "admin-group", "user2", test_flake.name]
+    )
    with pytest.raises(ClanError), use_key(age_keys[2].privkey, monkeypatch):
        # user2 is not in the group anymore
        capsys.readouterr()
-        cli.run(["secrets", "get", "key"])
+        cli.run(["secrets", "get", "key", test_flake.name])
        print(capsys.readouterr().out)

-    cli.run(["secrets", "groups", "remove-secret", "admin-group", "key"])
+    cli.run(
+        ["secrets", "groups", "remove-secret", "admin-group", "key", test_flake.name]
+    )

-    cli.run(["secrets", "remove", "key"])
-    cli.run(["secrets", "remove", "key2"])
+    cli.run(["secrets", "remove", "key", test_flake.name])
+    cli.run(["secrets", "remove", "key2", test_flake.name])

    capsys.readouterr()  # empty the buffer
-    cli.run(["secrets", "list"])
+    cli.run(["secrets", "list", test_flake.name])
    assert capsys.readouterr().out == ""
--- a/pkgs/clan-cli/tests/test_vms_api_create.py
+++ b/pkgs/clan-cli/tests/test_vms_api_create.py
@@ -16,9 +16,12 @@ if TYPE_CHECKING:


@pytest.fixture
-def flake_with_vm_with_secrets(monkeypatch: pytest.MonkeyPatch) -> Iterator[FlakeForTest]:
+def flake_with_vm_with_secrets(
+    monkeypatch: pytest.MonkeyPatch, temporary_dir: Path
+) -> Iterator[FlakeForTest]:
    yield from create_flake(
        monkeypatch,
+        temporary_dir,
        FlakeName("test_flake_with_core_dynamic_machines"),
        CLAN_CORE,
        machines=["vm_with_secrets"],
@@ -27,10 +30,11 @@ def flake_with_vm_with_secrets(monkeypatch: pytest.MonkeyPatch) -> Iterator[Flak

@pytest.fixture
 def remote_flake_with_vm_without_secrets(
-    monkeypatch: pytest.MonkeyPatch,
+    monkeypatch: pytest.MonkeyPatch, temporary_dir: Path
 ) -> Iterator[FlakeForTest]:
    yield from create_flake(
        monkeypatch,
+        temporary_dir,
        FlakeName("test_flake_with_core_dynamic_machines"),
        CLAN_CORE,
        machines=["vm_without_secrets"],