forked from clan/clan-core
drop global argparse flags
They get shadowed by subargparser options.
This commit is contained in:
parent
5dcac604d1
commit
f0f97baa65
@ -145,14 +145,14 @@
|
|||||||
machine.succeed("echo testing > /var/test-backups/somefile")
|
machine.succeed("echo testing > /var/test-backups/somefile")
|
||||||
|
|
||||||
# create
|
# create
|
||||||
machine.succeed("clan --debug --flake ${self} backups create test-backup")
|
machine.succeed("clan backups create --debug --flake ${self} test-backup")
|
||||||
machine.wait_until_succeeds("! systemctl is-active borgbackup-job-test-backup >&2")
|
machine.wait_until_succeeds("! systemctl is-active borgbackup-job-test-backup >&2")
|
||||||
machine.succeed("test -f /run/mount-external-disk")
|
machine.succeed("test -f /run/mount-external-disk")
|
||||||
machine.succeed("test -f /run/unmount-external-disk")
|
machine.succeed("test -f /run/unmount-external-disk")
|
||||||
|
|
||||||
# list
|
# list
|
||||||
backup_id = json.loads(machine.succeed("borg-job-test-backup list --json"))["archives"][0]["archive"]
|
backup_id = json.loads(machine.succeed("borg-job-test-backup list --json"))["archives"][0]["archive"]
|
||||||
out = machine.succeed("clan --debug --flake ${self} backups list test-backup").strip()
|
out = machine.succeed("clan backups list --debug --flake ${self} test-backup").strip()
|
||||||
print(out)
|
print(out)
|
||||||
assert backup_id in out, f"backup {backup_id} not found in {out}"
|
assert backup_id in out, f"backup {backup_id} not found in {out}"
|
||||||
localbackup_id = "hdd::/mnt/external-disk/snapshot.0"
|
localbackup_id = "hdd::/mnt/external-disk/snapshot.0"
|
||||||
@ -160,14 +160,14 @@
|
|||||||
|
|
||||||
## borgbackup restore
|
## borgbackup restore
|
||||||
machine.succeed("rm -f /var/test-backups/somefile")
|
machine.succeed("rm -f /var/test-backups/somefile")
|
||||||
machine.succeed(f"clan --debug --flake ${self} backups restore test-backup borgbackup 'test-backup::borg@machine:.::{backup_id}' >&2")
|
machine.succeed(f"clan backups restore --debug --flake ${self} test-backup borgbackup 'test-backup::borg@machine:.::{backup_id}' >&2")
|
||||||
assert machine.succeed("cat /var/test-backups/somefile").strip() == "testing", "restore failed"
|
assert machine.succeed("cat /var/test-backups/somefile").strip() == "testing", "restore failed"
|
||||||
machine.succeed("test -f /var/test-service/pre-restore-command")
|
machine.succeed("test -f /var/test-service/pre-restore-command")
|
||||||
machine.succeed("test -f /var/test-service/post-restore-command")
|
machine.succeed("test -f /var/test-service/post-restore-command")
|
||||||
|
|
||||||
## localbackup restore
|
## localbackup restore
|
||||||
machine.succeed("rm -f /var/test-backups/somefile /var/test-service/{pre,post}-restore-command")
|
machine.succeed("rm -f /var/test-backups/somefile /var/test-service/{pre,post}-restore-command")
|
||||||
machine.succeed(f"clan --debug --flake ${self} backups restore test-backup localbackup '{localbackup_id}' >&2")
|
machine.succeed(f"clan backups restore --debug --flake ${self} test-backup localbackup '{localbackup_id}' >&2")
|
||||||
assert machine.succeed("cat /var/test-backups/somefile").strip() == "testing", "restore failed"
|
assert machine.succeed("cat /var/test-backups/somefile").strip() == "testing", "restore failed"
|
||||||
machine.succeed("test -f /var/test-service/pre-restore-command")
|
machine.succeed("test -f /var/test-service/pre-restore-command")
|
||||||
machine.succeed("test -f /var/test-service/post-restore-command")
|
machine.succeed("test -f /var/test-service/post-restore-command")
|
||||||
|
@ -1,33 +1,58 @@
|
|||||||
{ ... }:
|
{ self, ... }:
|
||||||
{
|
{
|
||||||
perSystem =
|
perSystem =
|
||||||
{ ... }:
|
|
||||||
{
|
{
|
||||||
# checks = pkgs.lib.mkIf (pkgs.stdenv.isLinux) {
|
nodes,
|
||||||
# flash = (import ../lib/test-base.nix) {
|
pkgs,
|
||||||
# name = "flash";
|
lib,
|
||||||
# nodes.target = {
|
...
|
||||||
# virtualisation.emptyDiskImages = [ 4096 ];
|
}:
|
||||||
# virtualisation.memorySize = 3000;
|
let
|
||||||
# environment.systemPackages = [ self.packages.${pkgs.system}.clan-cli ];
|
dependencies = [
|
||||||
# environment.etc."install-closure".source = "${closureInfo}/store-paths";
|
self
|
||||||
|
pkgs.stdenv.drvPath
|
||||||
|
pkgs.jq
|
||||||
|
pkgs.disko
|
||||||
|
pkgs.stdenvNoCC.drvPath
|
||||||
|
pkgs.openssl
|
||||||
|
pkgs.curl
|
||||||
|
self.clanInternals.machines.${pkgs.hostPlatform.system}.test_install_machine.config.system.build.toplevel
|
||||||
|
self.clanInternals.machines.${pkgs.hostPlatform.system}.test_install_machine.config.system.build.diskoScript
|
||||||
|
self.clanInternals.machines.${pkgs.hostPlatform.system}.test_install_machine.config.system.clan.deployment.file
|
||||||
|
self.clanInternals.machines.${pkgs.hostPlatform.system}.test_install_machine.pkgs.disko
|
||||||
|
] ++ builtins.map (i: i.outPath) (builtins.attrValues self.inputs);
|
||||||
|
closureInfo = pkgs.closureInfo { rootPaths = dependencies; };
|
||||||
|
in
|
||||||
|
{
|
||||||
|
# Currently disabled...
|
||||||
|
checks = pkgs.lib.mkIf (false && pkgs.stdenv.isLinux) {
|
||||||
|
flash = (import ../lib/test-base.nix) {
|
||||||
|
name = "flash";
|
||||||
|
nodes.target = {
|
||||||
|
virtualisation.emptyDiskImages = [ 4096 ];
|
||||||
|
virtualisation.memorySize = 3000;
|
||||||
|
environment.systemPackages = [ self.packages.${pkgs.system}.clan-cli ];
|
||||||
|
environment.etc."install-closure".source = "${closureInfo}/store-paths";
|
||||||
|
|
||||||
# nix.settings = {
|
nix.settings = {
|
||||||
# substituters = lib.mkForce [ ];
|
substituters = lib.mkForce [ ];
|
||||||
# hashed-mirrors = null;
|
hashed-mirrors = null;
|
||||||
# connect-timeout = lib.mkForce 3;
|
connect-timeout = lib.mkForce 3;
|
||||||
# flake-registry = pkgs.writeText "flake-registry" ''{"flakes":[],"version":2}'';
|
flake-registry = pkgs.writeText "flake-registry" ''{"flakes":[],"version":2}'';
|
||||||
# experimental-features = [
|
experimental-features = [
|
||||||
# "nix-command"
|
"nix-command"
|
||||||
# "flakes"
|
"flakes"
|
||||||
# ];
|
];
|
||||||
# };
|
};
|
||||||
# };
|
};
|
||||||
# testScript = ''
|
testScript = ''
|
||||||
# start_all()
|
start_all()
|
||||||
# machine.succeed("clan --debug --flake ${../..} flash --yes --disk main /dev/vdb test_install_machine")
|
machine.succeed("nix-store --verify-path ${
|
||||||
# '';
|
self.clanInternals.machines.${pkgs.hostPlatform.system}.test_install_machine.config.system.build.diskoScript
|
||||||
# } { inherit pkgs self; };
|
}")
|
||||||
# };
|
machine.execute("timeout 30 clan flash --debug --flake ${../..} --yes --disk main /dev/vdb test_install_machine")
|
||||||
|
'';
|
||||||
|
} { inherit pkgs self; };
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -2,8 +2,8 @@
|
|||||||
{
|
{
|
||||||
clan.machines.test_install_machine = {
|
clan.machines.test_install_machine = {
|
||||||
clan.networking.targetHost = "test_install_machine";
|
clan.networking.targetHost = "test_install_machine";
|
||||||
fileSystems."/".device = lib.mkDefault "/dev/null";
|
fileSystems."/".device = lib.mkDefault "/dev/vdb";
|
||||||
boot.loader.grub.device = lib.mkDefault "/dev/null";
|
boot.loader.grub.device = lib.mkDefault "/dev/vdb";
|
||||||
|
|
||||||
imports = [ self.nixosModules.test_install_machine ];
|
imports = [ self.nixosModules.test_install_machine ];
|
||||||
};
|
};
|
||||||
@ -98,7 +98,7 @@
|
|||||||
client.succeed("${pkgs.coreutils}/bin/install -Dm 600 ${../lib/ssh/privkey} /root/.ssh/id_ed25519")
|
client.succeed("${pkgs.coreutils}/bin/install -Dm 600 ${../lib/ssh/privkey} /root/.ssh/id_ed25519")
|
||||||
client.wait_until_succeeds("ssh -o StrictHostKeyChecking=accept-new -v root@target hostname")
|
client.wait_until_succeeds("ssh -o StrictHostKeyChecking=accept-new -v root@target hostname")
|
||||||
|
|
||||||
client.succeed("clan --debug --flake ${../..} machines install --yes test_install_machine root@target >&2")
|
client.succeed("clan machines install --debug --flake ${../..} --yes test_install_machine root@target >&2")
|
||||||
try:
|
try:
|
||||||
target.shutdown()
|
target.shutdown()
|
||||||
except BrokenPipeError:
|
except BrokenPipeError:
|
||||||
|
@ -46,7 +46,7 @@ sudo umount /dev/sdb1
|
|||||||
It also includes the language and keymap currently used into the installer image.
|
It also includes the language and keymap currently used into the installer image.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
clan --flake git+https://git.clan.lol/clan/clan-core flash flash-installer --disk main /dev/sd<X>
|
clan flash --flake git+https://git.clan.lol/clan/clan-core flash-installer --disk main /dev/sd<X>
|
||||||
```
|
```
|
||||||
|
|
||||||
!!! Danger "Specifying the wrong device can lead to unrecoverable data loss."
|
!!! Danger "Specifying the wrong device can lead to unrecoverable data loss."
|
||||||
|
@ -107,8 +107,6 @@ For more detailed information, visit: https://docs.clan.lol
|
|||||||
),
|
),
|
||||||
formatter_class=argparse.RawTextHelpFormatter,
|
formatter_class=argparse.RawTextHelpFormatter,
|
||||||
)
|
)
|
||||||
add_common_flags(parser)
|
|
||||||
|
|
||||||
subparsers = parser.add_subparsers()
|
subparsers = parser.add_subparsers()
|
||||||
|
|
||||||
parser_backups = subparsers.add_parser(
|
parser_backups = subparsers.add_parser(
|
||||||
|
@ -11,10 +11,10 @@ def test_backups(
|
|||||||
|
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake_with_core.path),
|
|
||||||
"backups",
|
"backups",
|
||||||
"list",
|
"list",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake_with_core.path),
|
||||||
"vm1",
|
"vm1",
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
|
@ -39,9 +39,9 @@ def test_set_some_option(
|
|||||||
cli = Cli()
|
cli = Cli()
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
|
"config",
|
||||||
"--flake",
|
"--flake",
|
||||||
str(test_flake.path),
|
str(test_flake.path),
|
||||||
"config",
|
|
||||||
"--quiet",
|
"--quiet",
|
||||||
"--options-file",
|
"--options-file",
|
||||||
example_options,
|
example_options,
|
||||||
@ -64,9 +64,9 @@ def test_configure_machine(
|
|||||||
|
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
|
"config",
|
||||||
"--flake",
|
"--flake",
|
||||||
str(test_flake.path),
|
str(test_flake.path),
|
||||||
"config",
|
|
||||||
"-m",
|
"-m",
|
||||||
"machine1",
|
"machine1",
|
||||||
"clan.jitsi.enable",
|
"clan.jitsi.enable",
|
||||||
@ -78,9 +78,9 @@ def test_configure_machine(
|
|||||||
# read a option value
|
# read a option value
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
|
"config",
|
||||||
"--flake",
|
"--flake",
|
||||||
str(test_flake.path),
|
str(test_flake.path),
|
||||||
"config",
|
|
||||||
"-m",
|
"-m",
|
||||||
"machine1",
|
"machine1",
|
||||||
"clan.jitsi.enable",
|
"clan.jitsi.enable",
|
||||||
|
@ -15,10 +15,10 @@ def test_flakes_inspect(
|
|||||||
cli = Cli()
|
cli = Cli()
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake_with_core.path),
|
|
||||||
"flakes",
|
"flakes",
|
||||||
"inspect",
|
"inspect",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake_with_core.path),
|
||||||
"--machine",
|
"--machine",
|
||||||
"vm1",
|
"vm1",
|
||||||
]
|
]
|
||||||
|
@ -21,55 +21,55 @@ def test_import_sops(
|
|||||||
monkeypatch.setenv("SOPS_AGE_KEY", age_keys[1].privkey)
|
monkeypatch.setenv("SOPS_AGE_KEY", age_keys[1].privkey)
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"machines",
|
"machines",
|
||||||
"add",
|
"add",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"machine1",
|
"machine1",
|
||||||
age_keys[0].pubkey,
|
age_keys[0].pubkey,
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"users",
|
"users",
|
||||||
"add",
|
"add",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"user1",
|
"user1",
|
||||||
age_keys[1].pubkey,
|
age_keys[1].pubkey,
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"users",
|
"users",
|
||||||
"add",
|
"add",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"user2",
|
"user2",
|
||||||
age_keys[2].pubkey,
|
age_keys[2].pubkey,
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"groups",
|
"groups",
|
||||||
"add-user",
|
"add-user",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"group1",
|
"group1",
|
||||||
"user1",
|
"user1",
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"groups",
|
"groups",
|
||||||
"add-user",
|
"add-user",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"group1",
|
"group1",
|
||||||
"user2",
|
"user2",
|
||||||
]
|
]
|
||||||
@ -78,10 +78,10 @@ def test_import_sops(
|
|||||||
# To edit:
|
# To edit:
|
||||||
# SOPS_AGE_KEY=AGE-SECRET-KEY-1U5ENXZQAY62NC78Y2WC0SEGRRMAEEKH79EYY5TH4GPFWJKEAY0USZ6X7YQ sops --age age14tva0txcrl0zes05x7gkx56qd6wd9q3nwecjac74xxzz4l47r44sv3fz62 ./data/secrets.yaml
|
# SOPS_AGE_KEY=AGE-SECRET-KEY-1U5ENXZQAY62NC78Y2WC0SEGRRMAEEKH79EYY5TH4GPFWJKEAY0USZ6X7YQ sops --age age14tva0txcrl0zes05x7gkx56qd6wd9q3nwecjac74xxzz4l47r44sv3fz62 ./data/secrets.yaml
|
||||||
cmd = [
|
cmd = [
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"import-sops",
|
"import-sops",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"--group",
|
"--group",
|
||||||
"group1",
|
"group1",
|
||||||
"--machine",
|
"--machine",
|
||||||
@ -91,10 +91,10 @@ def test_import_sops(
|
|||||||
|
|
||||||
cli.run(cmd)
|
cli.run(cmd)
|
||||||
capsys.readouterr()
|
capsys.readouterr()
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", "users", "list"])
|
cli.run(["secrets", "users", "list", "--flake", str(test_flake.path)])
|
||||||
users = sorted(capsys.readouterr().out.rstrip().split())
|
users = sorted(capsys.readouterr().out.rstrip().split())
|
||||||
assert users == ["user1", "user2"]
|
assert users == ["user1", "user2"]
|
||||||
|
|
||||||
capsys.readouterr()
|
capsys.readouterr()
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", "get", "secret-key"])
|
cli.run(["secrets", "get", "--flake", str(test_flake.path), "secret-key"])
|
||||||
assert capsys.readouterr().out == "secret-value"
|
assert capsys.readouterr().out == "secret-value"
|
||||||
|
@ -9,11 +9,11 @@ def test_machine_subcommands(
|
|||||||
) -> None:
|
) -> None:
|
||||||
cli = Cli()
|
cli = Cli()
|
||||||
cli.run(
|
cli.run(
|
||||||
["--flake", str(test_flake_with_core.path), "machines", "create", "machine1"]
|
["machines", "create", "--flake", str(test_flake_with_core.path), "machine1"]
|
||||||
)
|
)
|
||||||
|
|
||||||
capsys.readouterr()
|
capsys.readouterr()
|
||||||
cli.run(["--flake", str(test_flake_with_core.path), "machines", "list"])
|
cli.run(["machines", "list", "--flake", str(test_flake_with_core.path)])
|
||||||
|
|
||||||
out = capsys.readouterr()
|
out = capsys.readouterr()
|
||||||
|
|
||||||
@ -22,11 +22,11 @@ def test_machine_subcommands(
|
|||||||
assert "vm2" in out.out
|
assert "vm2" in out.out
|
||||||
|
|
||||||
cli.run(
|
cli.run(
|
||||||
["--flake", str(test_flake_with_core.path), "machines", "delete", "machine1"]
|
["machines", "delete", "--flake", str(test_flake_with_core.path), "machine1"]
|
||||||
)
|
)
|
||||||
|
|
||||||
capsys.readouterr()
|
capsys.readouterr()
|
||||||
cli.run(["--flake", str(test_flake_with_core.path), "machines", "list"])
|
cli.run(["machines", "list", "--flake", str(test_flake_with_core.path)])
|
||||||
out = capsys.readouterr()
|
out = capsys.readouterr()
|
||||||
|
|
||||||
assert "machine1" not in out.out
|
assert "machine1" not in out.out
|
||||||
|
@ -27,11 +27,11 @@ def _test_identities(
|
|||||||
|
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
what,
|
what,
|
||||||
"add",
|
"add",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"foo",
|
"foo",
|
||||||
age_keys[0].pubkey,
|
age_keys[0].pubkey,
|
||||||
]
|
]
|
||||||
@ -41,11 +41,11 @@ def _test_identities(
|
|||||||
with pytest.raises(ClanError): # raises "foo already exists"
|
with pytest.raises(ClanError): # raises "foo already exists"
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
what,
|
what,
|
||||||
"add",
|
"add",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"foo",
|
"foo",
|
||||||
age_keys[0].pubkey,
|
age_keys[0].pubkey,
|
||||||
]
|
]
|
||||||
@ -54,11 +54,11 @@ def _test_identities(
|
|||||||
# rotate the key
|
# rotate the key
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
what,
|
what,
|
||||||
"add",
|
"add",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"-f",
|
"-f",
|
||||||
"foo",
|
"foo",
|
||||||
age_keys[1].privkey,
|
age_keys[1].privkey,
|
||||||
@ -68,11 +68,11 @@ def _test_identities(
|
|||||||
capsys.readouterr() # empty the buffer
|
capsys.readouterr() # empty the buffer
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
what,
|
what,
|
||||||
"get",
|
"get",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"foo",
|
"foo",
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
@ -80,18 +80,18 @@ def _test_identities(
|
|||||||
assert age_keys[1].pubkey in out.out
|
assert age_keys[1].pubkey in out.out
|
||||||
|
|
||||||
capsys.readouterr() # empty the buffer
|
capsys.readouterr() # empty the buffer
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", what, "list"])
|
cli.run(["secrets", what, "list", "--flake", str(test_flake.path)])
|
||||||
out = capsys.readouterr() # empty the buffer
|
out = capsys.readouterr() # empty the buffer
|
||||||
assert "foo" in out.out
|
assert "foo" in out.out
|
||||||
|
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", what, "remove", "foo"])
|
cli.run(["secrets", what, "remove", "--flake", str(test_flake.path), "foo"])
|
||||||
assert not (sops_folder / what / "foo" / "key.json").exists()
|
assert not (sops_folder / what / "foo" / "key.json").exists()
|
||||||
|
|
||||||
with pytest.raises(ClanError): # already removed
|
with pytest.raises(ClanError): # already removed
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", what, "remove", "foo"])
|
cli.run(["secrets", what, "remove", "--flake", str(test_flake.path), "foo"])
|
||||||
|
|
||||||
capsys.readouterr()
|
capsys.readouterr()
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", what, "list"])
|
cli.run(["secrets", what, "list", "--flake", str(test_flake.path)])
|
||||||
out = capsys.readouterr()
|
out = capsys.readouterr()
|
||||||
assert "foo" not in out.out
|
assert "foo" not in out.out
|
||||||
|
|
||||||
@ -113,17 +113,17 @@ def test_groups(
|
|||||||
) -> None:
|
) -> None:
|
||||||
cli = Cli()
|
cli = Cli()
|
||||||
capsys.readouterr() # empty the buffer
|
capsys.readouterr() # empty the buffer
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", "groups", "list"])
|
cli.run(["secrets", "groups", "list", "--flake", str(test_flake.path)])
|
||||||
assert capsys.readouterr().out == ""
|
assert capsys.readouterr().out == ""
|
||||||
|
|
||||||
with pytest.raises(ClanError): # machine does not exist yet
|
with pytest.raises(ClanError): # machine does not exist yet
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"groups",
|
"groups",
|
||||||
"add-machine",
|
"add-machine",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"group1",
|
"group1",
|
||||||
"machine1",
|
"machine1",
|
||||||
]
|
]
|
||||||
@ -131,33 +131,33 @@ def test_groups(
|
|||||||
with pytest.raises(ClanError): # user does not exist yet
|
with pytest.raises(ClanError): # user does not exist yet
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"groups",
|
"groups",
|
||||||
"add-user",
|
"add-user",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"groupb1",
|
"groupb1",
|
||||||
"user1",
|
"user1",
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"machines",
|
"machines",
|
||||||
"add",
|
"add",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"machine1",
|
"machine1",
|
||||||
age_keys[0].pubkey,
|
age_keys[0].pubkey,
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"groups",
|
"groups",
|
||||||
"add-machine",
|
"add-machine",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"group1",
|
"group1",
|
||||||
"machine1",
|
"machine1",
|
||||||
]
|
]
|
||||||
@ -166,11 +166,11 @@ def test_groups(
|
|||||||
# Should this fail?
|
# Should this fail?
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"groups",
|
"groups",
|
||||||
"add-machine",
|
"add-machine",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"group1",
|
"group1",
|
||||||
"machine1",
|
"machine1",
|
||||||
]
|
]
|
||||||
@ -178,51 +178,51 @@ def test_groups(
|
|||||||
|
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"users",
|
"users",
|
||||||
"add",
|
"add",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"user1",
|
"user1",
|
||||||
age_keys[0].pubkey,
|
age_keys[0].pubkey,
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"groups",
|
"groups",
|
||||||
"add-user",
|
"add-user",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"group1",
|
"group1",
|
||||||
"user1",
|
"user1",
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
|
|
||||||
capsys.readouterr() # empty the buffer
|
capsys.readouterr() # empty the buffer
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", "groups", "list"])
|
cli.run(["secrets", "groups", "list", "--flake", str(test_flake.path)])
|
||||||
out = capsys.readouterr().out
|
out = capsys.readouterr().out
|
||||||
assert "user1" in out
|
assert "user1" in out
|
||||||
assert "machine1" in out
|
assert "machine1" in out
|
||||||
|
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"groups",
|
"groups",
|
||||||
"remove-user",
|
"remove-user",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"group1",
|
"group1",
|
||||||
"user1",
|
"user1",
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"groups",
|
"groups",
|
||||||
"remove-machine",
|
"remove-machine",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"group1",
|
"group1",
|
||||||
"machine1",
|
"machine1",
|
||||||
]
|
]
|
||||||
@ -251,90 +251,90 @@ def test_secrets(
|
|||||||
) -> None:
|
) -> None:
|
||||||
cli = Cli()
|
cli = Cli()
|
||||||
capsys.readouterr() # empty the buffer
|
capsys.readouterr() # empty the buffer
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", "list"])
|
cli.run(["secrets", "list", "--flake", str(test_flake.path)])
|
||||||
assert capsys.readouterr().out == ""
|
assert capsys.readouterr().out == ""
|
||||||
|
|
||||||
monkeypatch.setenv("SOPS_NIX_SECRET", "foo")
|
monkeypatch.setenv("SOPS_NIX_SECRET", "foo")
|
||||||
monkeypatch.setenv("SOPS_AGE_KEY_FILE", str(test_flake.path / ".." / "age.key"))
|
monkeypatch.setenv("SOPS_AGE_KEY_FILE", str(test_flake.path / ".." / "age.key"))
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", "key", "generate"])
|
cli.run(["secrets", "key", "generate", "--flake", str(test_flake.path)])
|
||||||
capsys.readouterr() # empty the buffer
|
capsys.readouterr() # empty the buffer
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", "key", "show"])
|
cli.run(["secrets", "key", "show", "--flake", str(test_flake.path)])
|
||||||
key = capsys.readouterr().out
|
key = capsys.readouterr().out
|
||||||
assert key.startswith("age1")
|
assert key.startswith("age1")
|
||||||
cli.run(
|
cli.run(
|
||||||
["--flake", str(test_flake.path), "secrets", "users", "add", "testuser", key]
|
["secrets", "users", "add", "--flake", str(test_flake.path), "testuser", key]
|
||||||
)
|
)
|
||||||
|
|
||||||
with pytest.raises(ClanError): # does not exist yet
|
with pytest.raises(ClanError): # does not exist yet
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", "get", "nonexisting"])
|
cli.run(["secrets", "get", "--flake", str(test_flake.path), "nonexisting"])
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", "set", "initialkey"])
|
cli.run(["secrets", "set", "--flake", str(test_flake.path), "initialkey"])
|
||||||
capsys.readouterr()
|
capsys.readouterr()
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", "get", "initialkey"])
|
cli.run(["secrets", "get", "--flake", str(test_flake.path), "initialkey"])
|
||||||
assert capsys.readouterr().out == "foo"
|
assert capsys.readouterr().out == "foo"
|
||||||
capsys.readouterr()
|
capsys.readouterr()
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", "users", "list"])
|
cli.run(["secrets", "users", "list", "--flake", str(test_flake.path)])
|
||||||
users = capsys.readouterr().out.rstrip().split("\n")
|
users = capsys.readouterr().out.rstrip().split("\n")
|
||||||
assert len(users) == 1, f"users: {users}"
|
assert len(users) == 1, f"users: {users}"
|
||||||
owner = users[0]
|
owner = users[0]
|
||||||
|
|
||||||
monkeypatch.setenv("EDITOR", "cat")
|
monkeypatch.setenv("EDITOR", "cat")
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", "set", "--edit", "initialkey"])
|
cli.run(["secrets", "set", "--edit", "--flake", str(test_flake.path), "initialkey"])
|
||||||
monkeypatch.delenv("EDITOR")
|
monkeypatch.delenv("EDITOR")
|
||||||
|
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", "rename", "initialkey", "key"])
|
cli.run(["secrets", "rename", "--flake", str(test_flake.path), "initialkey", "key"])
|
||||||
|
|
||||||
capsys.readouterr() # empty the buffer
|
capsys.readouterr() # empty the buffer
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", "list"])
|
cli.run(["secrets", "list", "--flake", str(test_flake.path)])
|
||||||
assert capsys.readouterr().out == "key\n"
|
assert capsys.readouterr().out == "key\n"
|
||||||
|
|
||||||
capsys.readouterr() # empty the buffer
|
capsys.readouterr() # empty the buffer
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", "list", "nonexisting"])
|
cli.run(["secrets", "list", "--flake", str(test_flake.path), "nonexisting"])
|
||||||
assert capsys.readouterr().out == ""
|
assert capsys.readouterr().out == ""
|
||||||
|
|
||||||
capsys.readouterr() # empty the buffer
|
capsys.readouterr() # empty the buffer
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", "list", "key"])
|
cli.run(["secrets", "list", "--flake", str(test_flake.path), "key"])
|
||||||
assert capsys.readouterr().out == "key\n"
|
assert capsys.readouterr().out == "key\n"
|
||||||
|
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"machines",
|
"machines",
|
||||||
"add",
|
"add",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"machine1",
|
"machine1",
|
||||||
age_keys[1].pubkey,
|
age_keys[1].pubkey,
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"machines",
|
"machines",
|
||||||
"add-secret",
|
"add-secret",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"machine1",
|
"machine1",
|
||||||
"key",
|
"key",
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
capsys.readouterr()
|
capsys.readouterr()
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", "machines", "list"])
|
cli.run(["secrets", "machines", "list", "--flake", str(test_flake.path)])
|
||||||
assert capsys.readouterr().out == "machine1\n"
|
assert capsys.readouterr().out == "machine1\n"
|
||||||
|
|
||||||
with use_key(age_keys[1].privkey, monkeypatch):
|
with use_key(age_keys[1].privkey, monkeypatch):
|
||||||
capsys.readouterr()
|
capsys.readouterr()
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", "get", "key"])
|
cli.run(["secrets", "get", "--flake", str(test_flake.path), "key"])
|
||||||
|
|
||||||
assert capsys.readouterr().out == "foo"
|
assert capsys.readouterr().out == "foo"
|
||||||
|
|
||||||
# rotate machines key
|
# rotate machines key
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"machines",
|
"machines",
|
||||||
"add",
|
"add",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"-f",
|
"-f",
|
||||||
"machine1",
|
"machine1",
|
||||||
age_keys[0].privkey,
|
age_keys[0].privkey,
|
||||||
@ -344,17 +344,17 @@ def test_secrets(
|
|||||||
# should also rotate the encrypted secret
|
# should also rotate the encrypted secret
|
||||||
with use_key(age_keys[0].privkey, monkeypatch):
|
with use_key(age_keys[0].privkey, monkeypatch):
|
||||||
capsys.readouterr()
|
capsys.readouterr()
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", "get", "key"])
|
cli.run(["secrets", "get", "--flake", str(test_flake.path), "key"])
|
||||||
|
|
||||||
assert capsys.readouterr().out == "foo"
|
assert capsys.readouterr().out == "foo"
|
||||||
|
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"machines",
|
"machines",
|
||||||
"remove-secret",
|
"remove-secret",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"machine1",
|
"machine1",
|
||||||
"key",
|
"key",
|
||||||
]
|
]
|
||||||
@ -362,37 +362,37 @@ def test_secrets(
|
|||||||
|
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"users",
|
"users",
|
||||||
"add",
|
"add",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"user1",
|
"user1",
|
||||||
age_keys[1].pubkey,
|
age_keys[1].pubkey,
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"users",
|
"users",
|
||||||
"add-secret",
|
"add-secret",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"user1",
|
"user1",
|
||||||
"key",
|
"key",
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
capsys.readouterr()
|
capsys.readouterr()
|
||||||
with use_key(age_keys[1].privkey, monkeypatch):
|
with use_key(age_keys[1].privkey, monkeypatch):
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", "get", "key"])
|
cli.run(["secrets", "get", "--flake", str(test_flake.path), "key"])
|
||||||
assert capsys.readouterr().out == "foo"
|
assert capsys.readouterr().out == "foo"
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"users",
|
"users",
|
||||||
"remove-secret",
|
"remove-secret",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"user1",
|
"user1",
|
||||||
"key",
|
"key",
|
||||||
]
|
]
|
||||||
@ -401,44 +401,44 @@ def test_secrets(
|
|||||||
with pytest.raises(ClanError): # does not exist yet
|
with pytest.raises(ClanError): # does not exist yet
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"groups",
|
"groups",
|
||||||
"add-secret",
|
"add-secret",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"admin-group",
|
"admin-group",
|
||||||
"key",
|
"key",
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"groups",
|
"groups",
|
||||||
"add-user",
|
"add-user",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"admin-group",
|
"admin-group",
|
||||||
"user1",
|
"user1",
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"groups",
|
"groups",
|
||||||
"add-user",
|
"add-user",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"admin-group",
|
"admin-group",
|
||||||
owner,
|
owner,
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"groups",
|
"groups",
|
||||||
"add-secret",
|
"add-secret",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"admin-group",
|
"admin-group",
|
||||||
"key",
|
"key",
|
||||||
]
|
]
|
||||||
@ -447,10 +447,10 @@ def test_secrets(
|
|||||||
capsys.readouterr() # empty the buffer
|
capsys.readouterr() # empty the buffer
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"set",
|
"set",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"--group",
|
"--group",
|
||||||
"admin-group",
|
"admin-group",
|
||||||
"key2",
|
"key2",
|
||||||
@ -459,28 +459,28 @@ def test_secrets(
|
|||||||
|
|
||||||
with use_key(age_keys[1].privkey, monkeypatch):
|
with use_key(age_keys[1].privkey, monkeypatch):
|
||||||
capsys.readouterr()
|
capsys.readouterr()
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", "get", "key"])
|
cli.run(["secrets", "get", "--flake", str(test_flake.path), "key"])
|
||||||
assert capsys.readouterr().out == "foo"
|
assert capsys.readouterr().out == "foo"
|
||||||
|
|
||||||
# extend group will update secrets
|
# extend group will update secrets
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"users",
|
"users",
|
||||||
"add",
|
"add",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"user2",
|
"user2",
|
||||||
age_keys[2].pubkey,
|
age_keys[2].pubkey,
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"groups",
|
"groups",
|
||||||
"add-user",
|
"add-user",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"admin-group",
|
"admin-group",
|
||||||
"user2",
|
"user2",
|
||||||
]
|
]
|
||||||
@ -488,16 +488,16 @@ def test_secrets(
|
|||||||
|
|
||||||
with use_key(age_keys[2].privkey, monkeypatch): # user2
|
with use_key(age_keys[2].privkey, monkeypatch): # user2
|
||||||
capsys.readouterr()
|
capsys.readouterr()
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", "get", "key"])
|
cli.run(["secrets", "get", "--flake", str(test_flake.path), "key"])
|
||||||
assert capsys.readouterr().out == "foo"
|
assert capsys.readouterr().out == "foo"
|
||||||
|
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"groups",
|
"groups",
|
||||||
"remove-user",
|
"remove-user",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"admin-group",
|
"admin-group",
|
||||||
"user2",
|
"user2",
|
||||||
]
|
]
|
||||||
@ -505,24 +505,24 @@ def test_secrets(
|
|||||||
with pytest.raises(ClanError), use_key(age_keys[2].privkey, monkeypatch):
|
with pytest.raises(ClanError), use_key(age_keys[2].privkey, monkeypatch):
|
||||||
# user2 is not in the group anymore
|
# user2 is not in the group anymore
|
||||||
capsys.readouterr()
|
capsys.readouterr()
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", "get", "key"])
|
cli.run(["secrets", "get", "--flake", str(test_flake.path), "key"])
|
||||||
print(capsys.readouterr().out)
|
print(capsys.readouterr().out)
|
||||||
|
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"groups",
|
"groups",
|
||||||
"remove-secret",
|
"remove-secret",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake.path),
|
||||||
"admin-group",
|
"admin-group",
|
||||||
"key",
|
"key",
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
|
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", "remove", "key"])
|
cli.run(["secrets", "remove", "--flake", str(test_flake.path), "key"])
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", "remove", "key2"])
|
cli.run(["secrets", "remove", "--flake", str(test_flake.path), "key2"])
|
||||||
|
|
||||||
capsys.readouterr() # empty the buffer
|
capsys.readouterr() # empty the buffer
|
||||||
cli.run(["--flake", str(test_flake.path), "secrets", "list"])
|
cli.run(["secrets", "list", "--flake", str(test_flake.path)])
|
||||||
assert capsys.readouterr().out == ""
|
assert capsys.readouterr().out == ""
|
||||||
|
@ -24,27 +24,27 @@ def test_generate_secret(
|
|||||||
cli = Cli()
|
cli = Cli()
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake_with_core.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"users",
|
"users",
|
||||||
"add",
|
"add",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake_with_core.path),
|
||||||
"user1",
|
"user1",
|
||||||
age_keys[0].pubkey,
|
age_keys[0].pubkey,
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake_with_core.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"groups",
|
"groups",
|
||||||
"add-user",
|
"add-user",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake_with_core.path),
|
||||||
"admins",
|
"admins",
|
||||||
"user1",
|
"user1",
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
cmd = ["--flake", str(test_flake_with_core.path), "facts", "generate", "vm1"]
|
cmd = ["facts", "generate", "--flake", str(test_flake_with_core.path), "vm1"]
|
||||||
cli.run(cmd)
|
cli.run(cmd)
|
||||||
has_secret(test_flake_with_core.path, "vm1-age.key")
|
has_secret(test_flake_with_core.path, "vm1-age.key")
|
||||||
has_secret(test_flake_with_core.path, "vm1-zerotier-identity-secret")
|
has_secret(test_flake_with_core.path, "vm1-zerotier-identity-secret")
|
||||||
@ -60,7 +60,7 @@ def test_generate_secret(
|
|||||||
secret1_mtime = identity_secret.lstat().st_mtime_ns
|
secret1_mtime = identity_secret.lstat().st_mtime_ns
|
||||||
|
|
||||||
# test idempotency for vm1 and also generate for vm2
|
# test idempotency for vm1 and also generate for vm2
|
||||||
cli.run(["facts", "generate"])
|
cli.run(["facts", "generate", "--flake", str(test_flake_with_core.path)])
|
||||||
assert age_key.lstat().st_mtime_ns == age_key_mtime
|
assert age_key.lstat().st_mtime_ns == age_key_mtime
|
||||||
assert identity_secret.lstat().st_mtime_ns == secret1_mtime
|
assert identity_secret.lstat().st_mtime_ns == secret1_mtime
|
||||||
|
|
||||||
|
@ -23,11 +23,11 @@ def test_secrets_upload(
|
|||||||
cli = Cli()
|
cli = Cli()
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake_with_core.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"users",
|
"users",
|
||||||
"add",
|
"add",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake_with_core.path),
|
||||||
"user1",
|
"user1",
|
||||||
age_keys[0].pubkey,
|
age_keys[0].pubkey,
|
||||||
]
|
]
|
||||||
@ -35,18 +35,18 @@ def test_secrets_upload(
|
|||||||
|
|
||||||
cli.run(
|
cli.run(
|
||||||
[
|
[
|
||||||
"--flake",
|
|
||||||
str(test_flake_with_core.path),
|
|
||||||
"secrets",
|
"secrets",
|
||||||
"machines",
|
"machines",
|
||||||
"add",
|
"add",
|
||||||
|
"--flake",
|
||||||
|
str(test_flake_with_core.path),
|
||||||
"vm1",
|
"vm1",
|
||||||
age_keys[1].pubkey,
|
age_keys[1].pubkey,
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
monkeypatch.setenv("SOPS_NIX_SECRET", age_keys[0].privkey)
|
monkeypatch.setenv("SOPS_NIX_SECRET", age_keys[0].privkey)
|
||||||
cli.run(
|
cli.run(
|
||||||
["--flake", str(test_flake_with_core.path), "secrets", "set", "vm1-age.key"]
|
["secrets", "set", "--flake", str(test_flake_with_core.path), "vm1-age.key"]
|
||||||
)
|
)
|
||||||
|
|
||||||
flake = test_flake_with_core.path.joinpath("flake.nix")
|
flake = test_flake_with_core.path.joinpath("flake.nix")
|
||||||
@ -55,7 +55,7 @@ def test_secrets_upload(
|
|||||||
new_text = flake.read_text().replace("__CLAN_TARGET_ADDRESS__", addr)
|
new_text = flake.read_text().replace("__CLAN_TARGET_ADDRESS__", addr)
|
||||||
|
|
||||||
flake.write_text(new_text)
|
flake.write_text(new_text)
|
||||||
cli.run(["--flake", str(test_flake_with_core.path), "facts", "upload", "vm1"])
|
cli.run(["facts", "upload", "--flake", str(test_flake_with_core.path), "vm1"])
|
||||||
|
|
||||||
# the flake defines this path as the location where the sops key should be installed
|
# the flake defines this path as the location where the sops key should be installed
|
||||||
sops_key = test_flake_with_core.path.joinpath("key.txt")
|
sops_key = test_flake_with_core.path.joinpath("key.txt")
|
||||||
|
@ -86,7 +86,7 @@ def test_inspect(
|
|||||||
test_flake_with_core: FlakeForTest, capsys: pytest.CaptureFixture
|
test_flake_with_core: FlakeForTest, capsys: pytest.CaptureFixture
|
||||||
) -> None:
|
) -> None:
|
||||||
cli = Cli()
|
cli = Cli()
|
||||||
cli.run(["--flake", str(test_flake_with_core.path), "vms", "inspect", "vm1"])
|
cli.run(["vms", "inspect", "--flake", str(test_flake_with_core.path), "vm1"])
|
||||||
out = capsys.readouterr() # empty the buffer
|
out = capsys.readouterr() # empty the buffer
|
||||||
assert "Cores" in out.out
|
assert "Cores" in out.out
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user