yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

zerotier: migrate from facts to vars

Browse Source
This commit is contained in:
Jörg Thalheim
2025-04-22 14:36:13 +02:00
parent b5cc250237
commit fe6fd41a4d
12 changed files with 148 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
pkgs/clan-cli/clan_cli/tests/test_secrets_generate.py
View File

@@ -4,7 +4,6 @@ from typing import TYPE_CHECKING
import pytest
from clan_cli.facts.secret_modules.sops import SecretStore
from clan_cli.flake import Flake
from clan_cli.machines.facts import machine_get_fact
from clan_cli.machines.machines import Machine
from clan_cli.secrets.folders import sops_secrets_folder
from clan_cli.tests.fixtures_flakes import FlakeForTest
@@ -45,66 +44,90 @@ def test_generate_secret(
"user1",
]
)
cmd = ["facts", "generate", "--flake", str(test_flake_with_core.path), "vm1"]
cmd = [
"vars",
"generate",
"--flake",
str(test_flake_with_core.path),
"vm1",
"--generator",
"zerotier",
]
cli.run(cmd)
store1 = SecretStore(
Machine(name="vm1", flake=Flake(str(test_flake_with_core.path)))
)
assert store1.exists("", "age.key")
assert store1.exists("", "zerotier-identity-secret")
network_id = machine_get_fact(
test_flake_with_core.path, "vm1", "zerotier-network-id"
)
network_id = (
test_flake_with_core.path
/ "vars"
/ "per-machine"
/ "vm1"
/ "zerotier"
/ "zerotier-network-id"
/ "value"
).read_text()
assert len(network_id) == 16
secrets_folder = sops_secrets_folder(test_flake_with_core.path)
age_key = secrets_folder / "vm1-age.key" / "secret"
identity_secret = secrets_folder / "vm1-zerotier-identity-secret" / "secret"
identity_secret = (
test_flake_with_core.path
/ "vars"
/ "per-machine"
/ "vm1"
/ "zerotier"
/ "zerotier-identity-secret"
/ "secret"
)
age_key_mtime = age_key.lstat().st_mtime_ns
secret1_mtime = identity_secret.lstat().st_mtime_ns
# Assert that the age key is valid
age_secret = store1.get("", "age.key").decode()
assert age_secret.isprintable()
assert is_valid_age_key(age_secret)
# test idempotency for vm1 and also generate for vm2
cli.run(["facts", "generate", "--flake", str(test_flake_with_core.path)])
cli.run(
[
"vars",
"generate",
"--flake",
str(test_flake_with_core.path),
"--generator",
"zerotier",
]
)
assert age_key.lstat().st_mtime_ns == age_key_mtime
assert identity_secret.lstat().st_mtime_ns == secret1_mtime
assert (
secrets_folder / "vm1-zerotier-identity-secret" / "machines" / "vm1"
).exists()
store2 = SecretStore(
Machine(name="vm2", flake=Flake(str(test_flake_with_core.path)))
)
# clan vars generate
# TODO: Test vars
# varsStore = VarsSecretStore(
# machine=Machine(name="vm2", flake=FlakeId(str(test_flake_with_core.path)))
# )
# generators = get_generators(str(test_flake_with_core.path), "vm2")
# generator = next((gen for gen in generators if gen.name == "root-password"), None)
# if not generator:
# raise Exception("Generator not found")
# password_update = GeneratorUpdate(
# generator=generator.name, prompt_values={"password": "1234"}
# )
# set_prompts(str(test_flake_with_core.path), "vm2", [password_update])
# assert varsStore.exists(generator, "root-password")
assert store2.exists("", "age.key")
assert store2.exists("", "zerotier-identity-secret")
(
test_flake_with_core.path
/ "vars"
/ "per-machine"
/ "vm2"
/ "zerotier"
/ "zerotier-identity-secret"
/ "secret"
).exists()
ip = machine_get_fact(test_flake_with_core.path, "vm1", "zerotier-ip")
ip = (
test_flake_with_core.path
/ "vars"
/ "per-machine"
/ "vm2"
/ "zerotier"
/ "zerotier-ip"
/ "value"
).read_text()
assert ipaddress.IPv6Address(ip).is_private
# Assert that the age key is valid
age_secret = store2.get("", "age.key").decode()
assert age_secret.isprintable()
assert is_valid_age_key(age_secret)

35
pkgs/clan-cli/clan_cli/tests/test_secrets_password_store.py
View File

@@ -2,10 +2,6 @@ import subprocess
from pathlib import Path
import pytest
from clan_cli.facts.secret_modules.password_store import SecretStore
from clan_cli.flake import Flake
from clan_cli.machines.facts import machine_get_fact
from clan_cli.machines.machines import Machine
from clan_cli.nix import nix_shell
from clan_cli.ssh.host import Host
from clan_cli.tests.fixtures_flakes import ClanFlake
@@ -32,6 +28,8 @@ def test_upload_secret(
config["clan"]["core"]["networking"]["targetHost"] = addr
config["clan"]["user-password"]["user"] = "alice"
config["clan"]["user-password"]["prompt"] = False
vars_config = config["clan"]["core"]["vars"]
vars_config["settings"]["secretStore"] = "password-store"
facts = config["clan"]["core"]["facts"]
facts["secretStore"] = "password-store"
facts["secretUploadDirectory"]["_type"] = "override"
@@ -62,23 +60,32 @@ def test_upload_secret(
check=True,
)
subprocess.run(nix_shell(["pass"], ["pass", "init", "test@local"]), check=True)
cli.run(["facts", "generate", "vm1", "--flake", str(flake.path)])
cli.run(["vars", "generate", "vm1", "--flake", str(flake.path), "--generator", "zerotier"])
store = SecretStore(Machine(name="vm1", flake=Flake(str(flake.path))))
network_id = machine_get_fact(flake.path, "vm1", "zerotier-network-id")
network_id = (
flake.path
/ "vars"
/ "per-machine"
/ "vm1"
/ "zerotier"
/ "zerotier-network-id"
/ "value"
).read_text()
assert len(network_id) == 16
identity_secret = (
temporary_home / "pass" / "machines" / "vm1" / "zerotier-identity-secret.gpg"
temporary_home
/ "pass"
/ "clan-vars"
/ "per-machine"
/ "vm1"
/ "zerotier"
/ "zerotier-identity-secret.gpg"
)
secret1_mtime = identity_secret.lstat().st_mtime_ns
# test idempotency
cli.run(["facts", "generate", "vm1"])
cli.run(["vars", "generate", "vm1", "--generator", "zerotier"])
assert identity_secret.lstat().st_mtime_ns == secret1_mtime
cli.run(["facts", "upload", "vm1"])
cli.run(["vars", "upload", "vm1"])
zerotier_identity_secret = flake.path / "secrets" / "zerotier-identity-secret"
assert zerotier_identity_secret.exists()
assert store.exists("", "zerotier-identity-secret")
assert store.exists("", "zerotier-identity-secret")