clan-core/pkgs/clan-cli/tests/test_import_sops_cli.py

from pathlib import Path
from typing import TYPE_CHECKING

import pytest
from cli import Cli
from fixtures_flakes import FlakeForTest

if TYPE_CHECKING:
    from age_keys import KeyPair


def test_import_sops(
    test_root: Path,
    test_flake: FlakeForTest,
    capsys: pytest.CaptureFixture,
    monkeypatch: pytest.MonkeyPatch,
    age_keys: list["KeyPair"],
) -> None:
    cli = Cli()

    monkeypatch.setenv("SOPS_AGE_KEY", age_keys[1].privkey)
    cli.run(
        [
            "secrets",
            "machines",
            "add",
            "--flake",
            str(test_flake.path),
            "machine1",
            age_keys[0].pubkey,
        ]
    )
    cli.run(
        [
            "secrets",
            "users",
            "add",
            "--flake",
            str(test_flake.path),
            "user1",
            age_keys[1].pubkey,
        ]
    )
    cli.run(
        [
            "secrets",
            "users",
            "add",
            "--flake",
            str(test_flake.path),
            "user2",
            age_keys[2].pubkey,
        ]
    )
    cli.run(
        [
            "secrets",
            "groups",
            "add-user",
            "--flake",
            str(test_flake.path),
            "group1",
            "user1",
        ]
    )
    cli.run(
        [
            "secrets",
            "groups",
            "add-user",
            "--flake",
            str(test_flake.path),
            "group1",
            "user2",
        ]
    )

    # To edit:
    # SOPS_AGE_KEY=AGE-SECRET-KEY-1U5ENXZQAY62NC78Y2WC0SEGRRMAEEKH79EYY5TH4GPFWJKEAY0USZ6X7YQ sops --age age14tva0txcrl0zes05x7gkx56qd6wd9q3nwecjac74xxzz4l47r44sv3fz62 ./data/secrets.yaml
    cmd = [
        "secrets",
        "import-sops",
        "--flake",
        str(test_flake.path),
        "--group",
        "group1",
        "--machine",
        "machine1",
        str(test_root.joinpath("data", "secrets.yaml")),
    ]

    cli.run(cmd)
    capsys.readouterr()
    cli.run(["secrets", "users", "list", "--flake", str(test_flake.path)])
    users = sorted(capsys.readouterr().out.rstrip().split())
    assert users == ["user1", "user2"]

    capsys.readouterr()
    cli.run(["secrets", "get", "--flake", str(test_flake.path), "secret-key"])
    assert capsys.readouterr().out == "secret-value"
don't add user to a secret if they already can access the secret If the user is part of a group we don't need to add them explicitly 2023-08-09 08:17:11 +00:00			`from pathlib import Path`
			`from typing import TYPE_CHECKING`

			`import pytest`
tests: generalize secret cli parser to work for all cli commands 2023-08-24 15:29:31 +00:00			`from cli import Cli`
nix fmt 2023-10-23 20:34:43 +00:00			`from fixtures_flakes import FlakeForTest`

don't add user to a secret if they already can access the secret If the user is part of a group we don't need to add them explicitly 2023-08-09 08:17:11 +00:00			`if TYPE_CHECKING:`
rename cli tests to have a common suffix rename test_import_sops -> test_import_sops 2023-08-09 13:51:10 +00:00			`from age_keys import KeyPair`
don't add user to a secret if they already can access the secret If the user is part of a group we don't need to add them explicitly 2023-08-09 08:17:11 +00:00

			`def test_import_sops(`
			`test_root: Path,`
Fixing a multitude of tests 2023-10-23 20:31:12 +00:00			`test_flake: FlakeForTest,`
don't add user to a secret if they already can access the secret If the user is part of a group we don't need to add them explicitly 2023-08-09 08:17:11 +00:00			`capsys: pytest.CaptureFixture,`
replace mock_env with monkeypatch 2023-08-26 09:44:38 +00:00			`monkeypatch: pytest.MonkeyPatch,`
rename cli tests to have a common suffix rename test_import_sops -> test_import_sops 2023-08-09 13:51:10 +00:00			`age_keys: list["KeyPair"],`
don't add user to a secret if they already can access the secret If the user is part of a group we don't need to add them explicitly 2023-08-09 08:17:11 +00:00			`) -> None:`
tests: generalize secret cli parser to work for all cli commands 2023-08-24 15:29:31 +00:00			`cli = Cli()`
don't add user to a secret if they already can access the secret If the user is part of a group we don't need to add them explicitly 2023-08-09 08:17:11 +00:00
replace mock_env with monkeypatch 2023-08-26 09:44:38 +00:00			`monkeypatch.setenv("SOPS_AGE_KEY", age_keys[1].privkey)`
nix fmt 2023-10-23 20:34:43 +00:00			`cli.run(`
clan-cli secrets: flake_name -> flake_dir 2023-11-03 11:51:17 +00:00			`[`
			`"secrets",`
			`"machines",`
			`"add",`
drop global argparse flags They get shadowed by subargparser options. 2024-05-29 08:10:10 +00:00			`"--flake",`
			`str(test_flake.path),`
clan-cli secrets: flake_name -> flake_dir 2023-11-03 11:51:17 +00:00			`"machine1",`
			`age_keys[0].pubkey,`
			`]`
			`)`
			`cli.run(`
			`[`
			`"secrets",`
			`"users",`
			`"add",`
drop global argparse flags They get shadowed by subargparser options. 2024-05-29 08:10:10 +00:00			`"--flake",`
			`str(test_flake.path),`
clan-cli secrets: flake_name -> flake_dir 2023-11-03 11:51:17 +00:00			`"user1",`
			`age_keys[1].pubkey,`
			`]`
			`)`
			`cli.run(`
			`[`
			`"secrets",`
			`"users",`
			`"add",`
drop global argparse flags They get shadowed by subargparser options. 2024-05-29 08:10:10 +00:00			`"--flake",`
			`str(test_flake.path),`
clan-cli secrets: flake_name -> flake_dir 2023-11-03 11:51:17 +00:00			`"user2",`
			`age_keys[2].pubkey,`
			`]`
			`)`
			`cli.run(`
			`[`
			`"secrets",`
			`"groups",`
			`"add-user",`
drop global argparse flags They get shadowed by subargparser options. 2024-05-29 08:10:10 +00:00			`"--flake",`
			`str(test_flake.path),`
clan-cli secrets: flake_name -> flake_dir 2023-11-03 11:51:17 +00:00			`"group1",`
			`"user1",`
			`]`
			`)`
			`cli.run(`
			`[`
			`"secrets",`
			`"groups",`
			`"add-user",`
drop global argparse flags They get shadowed by subargparser options. 2024-05-29 08:10:10 +00:00			`"--flake",`
			`str(test_flake.path),`
clan-cli secrets: flake_name -> flake_dir 2023-11-03 11:51:17 +00:00			`"group1",`
			`"user2",`
			`]`
nix fmt 2023-10-23 20:34:43 +00:00			`)`
don't add user to a secret if they already can access the secret If the user is part of a group we don't need to add them explicitly 2023-08-09 08:17:11 +00:00
replace mock_env with monkeypatch 2023-08-26 09:44:38 +00:00			`# To edit:`
			`# SOPS_AGE_KEY=AGE-SECRET-KEY-1U5ENXZQAY62NC78Y2WC0SEGRRMAEEKH79EYY5TH4GPFWJKEAY0USZ6X7YQ sops --age age14tva0txcrl0zes05x7gkx56qd6wd9q3nwecjac74xxzz4l47r44sv3fz62 ./data/secrets.yaml`
Fixing a multitude of tests 2023-10-23 20:31:12 +00:00			`cmd = [`
nix fmt 2023-10-23 20:34:43 +00:00			`"secrets",`
			`"import-sops",`
drop global argparse flags They get shadowed by subargparser options. 2024-05-29 08:10:10 +00:00			`"--flake",`
			`str(test_flake.path),`
nix fmt 2023-10-23 20:34:43 +00:00			`"--group",`
			`"group1",`
			`"--machine",`
			`"machine1",`
			`str(test_root.joinpath("data", "secrets.yaml")),`
			`]`
All tests passing babyyy !! 2023-10-24 14:44:54 +00:00
nix fmt 2023-10-23 20:34:43 +00:00			`cli.run(cmd)`
replace mock_env with monkeypatch 2023-08-26 09:44:38 +00:00			`capsys.readouterr()`
drop global argparse flags They get shadowed by subargparser options. 2024-05-29 08:10:10 +00:00			`cli.run(["secrets", "users", "list", "--flake", str(test_flake.path)])`
replace mock_env with monkeypatch 2023-08-26 09:44:38 +00:00			`users = sorted(capsys.readouterr().out.rstrip().split())`
			`assert users == ["user1", "user2"]`
don't add user to a secret if they already can access the secret If the user is part of a group we don't need to add them explicitly 2023-08-09 08:17:11 +00:00
replace mock_env with monkeypatch 2023-08-26 09:44:38 +00:00			`capsys.readouterr()`
drop global argparse flags They get shadowed by subargparser options. 2024-05-29 08:10:10 +00:00			`cli.run(["secrets", "get", "--flake", str(test_flake.path), "secret-key"])`
replace mock_env with monkeypatch 2023-08-26 09:44:38 +00:00			`assert capsys.readouterr().out == "secret-value"`