Merge pull request 'vars: add test for multiple machines' (#1763) from DavHau/clan-core:DavHau-vars into main

2024-07-16 11:38:31 +00:00 · 2024-07-16 11:38:31 +00:00 · 14bb11d702
commit 14bb11d702
parent 91c2ad8974 d700f651b4
1 changed files with 76 additions and 9 deletions
--- a/pkgs/clan-cli/tests/test_vars.py
+++ b/pkgs/clan-cli/tests/test_vars.py
@ -10,6 +10,10 @@ from fixtures_flakes import generate_flake
 from helpers import cli
 from root import CLAN_CORE

+from clan_cli.clan_uri import FlakeId
+from clan_cli.machines.machines import Machine
+from clan_cli.vars.secret_modules.sops import SecretStore
+

 def def_value() -> defaultdict:
    return defaultdict(def_value)
@ -27,8 +31,8 @@ def test_generate_public_var(
 ) -> None:
    config = nested_dict()
    my_generator = config["clan"]["core"]["vars"]["generators"]["my_generator"]
-    my_generator["files"]["my_secret"]["secret"] = False
-    my_generator["script"] = "echo hello > $out/my_secret"
+    my_generator["files"]["my_value"]["secret"] = False
+    my_generator["script"] = "echo hello > $out/my_value"
    flake = generate_flake(
        temporary_home,
        flake_template=CLAN_CORE / "templates" / "minimal",
@ -36,11 +40,11 @@ def test_generate_public_var(
    )
    monkeypatch.chdir(flake.path)
    cli.run(["vars", "generate", "--flake", str(flake.path), "my_machine"])
-    secret_path = (
-        flake.path / "machines" / "my_machine" / "vars" / "my_generator" / "my_secret"
+    var_file_path = (
+        flake.path / "machines" / "my_machine" / "vars" / "my_generator" / "my_value"
    )
-    assert secret_path.is_file()
-    assert secret_path.read_text() == "hello\n"
+    assert var_file_path.is_file()
+    assert var_file_path.read_text() == "hello\n"


@pytest.mark.impure
@ -77,9 +81,8 @@ def test_generate_secret_var_with_default_group(
    assert not (
        flake.path / "machines" / "my_machine" / "vars" / "my_generator" / "my_secret"
    ).is_file()
-    assert (
-        flake.path / "sops" / "secrets" / "vars-my_machine-my_generator-my_secret"
-    ).is_dir()
+    sops_store = SecretStore(Machine(name="my_machine", flake=FlakeId(flake.path)))
+    assert sops_store.exists("my_generator", "my_secret")
    assert (
        flake.path
        / "sops"
@ -88,3 +91,67 @@ def test_generate_secret_var_with_default_group(
        / "groups"
        / "my_group"
    ).exists()
+    assert sops_store.get("my_generator", "my_secret").decode() == "hello\n"
+
+
+@pytest.mark.impure
+def test_generate_secret_for_multiple_machines(
+    monkeypatch: pytest.MonkeyPatch,
+    temporary_home: Path,
+    sops_setup: SopsSetup,
+) -> None:
+    user = os.environ.get("USER", "user")
+    machine1_config = nested_dict()
+    machine1_generator = machine1_config["clan"]["core"]["vars"]["generators"][
+        "my_generator"
+    ]
+    machine1_generator["files"]["my_secret"]["secret"] = True
+    machine1_generator["files"]["my_value"]["secret"] = False
+    machine1_generator["script"] = (
+        "echo machine1 > $out/my_secret && echo machine1 > $out/my_value"
+    )
+    machine2_config = nested_dict()
+    machine2_generator = machine2_config["clan"]["core"]["vars"]["generators"][
+        "my_generator"
+    ]
+    machine2_generator["files"]["my_secret"]["secret"] = True
+    machine2_generator["files"]["my_value"]["secret"] = False
+    machine2_generator["script"] = (
+        "echo machine2 > $out/my_secret && echo machine2 > $out/my_value"
+    )
+    flake = generate_flake(
+        temporary_home,
+        flake_template=CLAN_CORE / "templates" / "minimal",
+        machine_configs=dict(machine1=machine1_config, machine2=machine2_config),
+    )
+    monkeypatch.chdir(flake.path)
+    cli.run(
+        [
+            "secrets",
+            "users",
+            "add",
+            "--flake",
+            str(flake.path),
+            user,
+            sops_setup.keys[0].pubkey,
+        ]
+    )
+    cli.run(["vars", "generate", "--flake", str(flake.path)])
+    # check if public vars have been created correctly
+    machine1_var_file_path = (
+        flake.path / "machines" / "machine1" / "vars" / "my_generator" / "my_value"
+    )
+    machine2_var_file_path = (
+        flake.path / "machines" / "machine2" / "vars" / "my_generator" / "my_value"
+    )
+    assert machine1_var_file_path.is_file()
+    assert machine1_var_file_path.read_text() == "machine1\n"
+    assert machine2_var_file_path.is_file()
+    assert machine2_var_file_path.read_text() == "machine2\n"
+    # check if secret vars have been created correctly
+    sops_store1 = SecretStore(Machine(name="machine1", flake=FlakeId(flake.path)))
+    sops_store2 = SecretStore(Machine(name="machine2", flake=FlakeId(flake.path)))
+    assert sops_store1.exists("my_generator", "my_secret")
+    assert sops_store2.exists("my_generator", "my_secret")
+    assert sops_store1.get("my_generator", "my_secret").decode() == "machine1\n"
+    assert sops_store2.get("my_generator", "my_secret").decode() == "machine2\n"