clan/clan-core
11
2
Fork 13
Code Issues 90 Pull Requests 4 Actions Packages Projects 1 Releases Wiki Activity

fix case when secrets are regenerated during update/install
All checks were successful
checks / check-links (pull_request) Successful in 14s
Details
checks / checks-impure (pull_request) Successful in 1m53s
Details
checks / checks (pull_request) Successful in 4m11s
Details

Browse Source
This commit is contained in:
Jörg Thalheim 2024-04-12 14:38:21 +02:00
parent 573a462aee
commit b3522b73aa
3 changed files with 101 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
pkgs/clan-cli/clan_cli/facts/generate.py
View File

@ -36,12 +36,13 @@ def generate_service_facts(
public_facts_store: FactStoreBase,
tmpdir: Path,
prompt: Callable[[str], str],
) -> None:
) -> bool:
service_dir = tmpdir / service
# check if all secrets exist and generate them if at least one is missing
needs_regeneration = not check_secrets(machine, service=service)
log.debug(f"{service} needs_regeneration: {needs_regeneration}")
if needs_regeneration:
if not needs_regeneration:
return False
if not isinstance(machine.flake, Path):
msg = f"flake is not a Path: {machine.flake}"
msg += "fact/secret generation is only supported for local flakes"
@ -59,9 +60,7 @@ def generate_service_facts(
else:
generator = machine.facts_data[service]["generator"]["finalScript"]
if machine.facts_data[service]["generator"]["prompt"]:
prompt_value = prompt(
machine.facts_data[service]["generator"]["prompt"]
)
prompt_value = prompt(machine.facts_data[service]["generator"]["prompt"])
env["prompt_value"] = prompt_value
# fmt: off
cmd = nix_shell(
@ -125,12 +124,13 @@ def generate_service_facts(
machine.flake_dir,
f"Update facts/secrets for service {service} in machine {machine.name}",
)
return True
def generate_facts(
machine: Machine,
prompt: None | Callable[[str], str] = None,
) -> None:
) -> bool:
secret_facts_module = importlib.import_module(machine.secret_facts_module)
secret_facts_store = secret_facts_module.SecretStore(machine=machine)
@ -145,10 +145,11 @@ def generate_facts(
prompt = prompt_func
was_regenerated = False
with TemporaryDirectory() as tmp:
tmpdir = Path(tmp)
for service in machine.facts_data:
generate_service_facts(
was_regenerated |= generate_service_facts(
machine=machine,
service=service,
secret_facts_store=secret_facts_store,
@ -157,7 +158,12 @@ def generate_facts(
prompt=prompt,
)
print("successfully generated secrets")
if was_regenerated:
# flush caches to make sure the new secrets are available in evaluation
machine.flush_caches()
else:
print("All secrets and facts are already up to date")
return was_regenerated
def generate_command(args: argparse.Namespace) -> None:

6
pkgs/clan-cli/clan_cli/machines/machines.py
View File

@ -81,6 +81,12 @@ class Machine:
self.vm: QMPWrapper = QMPWrapper(state_dir)
def flush_caches(self) -> None:
self._deployment_info = None
self._flake_path = None
self.build_cache.clear()
self.eval_cache.clear()
def __str__(self) -> str:
return f"Machine(name={self.data.name}, flake={self.data.flake_id})"

10
pkgs/clan-cli/clan_cli/machines/update.py
View File

@ -96,6 +96,11 @@ def deploy_nixos(hosts: HostGroup) -> None:
ssh_arg = f"-p {h.port}" if h.port else ""
env = os.environ.copy()
env["NIX_SSHOPTS"] = ssh_arg
machine: Machine = h.meta["machine"]
generate_facts(machine)
upload_secrets(machine)
path = upload_sources(".", target)
if h.host_key_check != HostKeyCheck.STRICT:
@ -105,11 +110,6 @@ def deploy_nixos(hosts: HostGroup) -> None:
ssh_arg += " -i " + h.key if h.key else ""
machine: Machine = h.meta["machine"]
generate_facts(machine)
upload_secrets(machine)
extra_args = h.meta.get("extra_args", [])
cmd = [
"nixos-rebuild",