add test for import-sops command

2023-08-08 16:28:38 +02:00 · 2023-08-08 16:28:38 +02:00 · d8c2df2e72
commit d8c2df2e72
parent 1d1452ddd5
5 changed files with 69 additions and 11 deletions
--- a/pkgs/clan-cli/clan_cli/secrets/import_sops.py
+++ b/pkgs/clan-cli/clan_cli/secrets/import_sops.py
@ -6,7 +6,7 @@ from pathlib import Path

 from ..errors import ClanError
 from ..nix import nix_shell
-from .secrets import encrypt_secret
+from .secrets import encrypt_secret, sops_secrets_folder


 def import_sops(args: argparse.Namespace) -> None:
@ -34,18 +34,19 @@ def import_sops(args: argparse.Namespace) -> None:
                    f"WARNING: {k} is not a string but {type(v)}, skipping",
                    file=sys.stderr,
                )
-            encrypt_secret(k, v)
+                continue
+            encrypt_secret(sops_secrets_folder() / k, v)


 def register_import_sops_parser(parser: argparse.ArgumentParser) -> None:
+    parser.add_argument(
+        "--input_type",
+        type=str,
+        help="the input type of the sops file (yaml, json, ...)",
+    )
    parser.add_argument(
        "sops_file",
        type=str,
        help="the sops file to import (- for stdin)",
    )
-    parser.add_argument(
-        "input_type",
-        type=str,
-        help="the input type of the sops file (yaml, json, ...)",
-    )
    parser.set_defaults(func=import_sops)
--- a/pkgs/clan-cli/tests/conftest.py
+++ b/pkgs/clan-cli/tests/conftest.py
@ -3,4 +3,4 @@ import sys

 sys.path.append(os.path.join(os.path.dirname(__file__), "helpers"))

-pytest_plugins = ["temporary_dir", "clan_flake"]
+pytest_plugins = ["temporary_dir", "clan_flake", "root"]
--- a/pkgs/clan-cli/tests/data/secrets.yaml
+++ b/pkgs/clan-cli/tests/data/secrets.yaml
@ -0,0 +1,23 @@
+secret-key: ENC[AES256_GCM,data:gjX4OmCUdd3TlA4p,iv:3yZVpyd6FqkITQY0nU2M1iubmzvkR6PfkK2m/s6nQh8=,tag:Abgp9xkiFFylZIyAlap6Ew==,type:str]
+nested:
+    secret-key: ENC[AES256_GCM,data:iUMgDhhIjwvd7wL4,iv:jiJIrh12dSu/sXX+z9ITVoEMNDMjwIlFBnyv40oN4LE=,tag:G9VmAa66Km1sc7JEhW5AvA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age14tva0txcrl0zes05x7gkx56qd6wd9q3nwecjac74xxzz4l47r44sv3fz62
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0eWdRVjlydXlXOVZFQ3lO
+            bzU1eG9Iam5Ka29Sdlo0cHJ4b1R6bjdNSzBjCkgwRndCbWZQWHlDU0x1cWRmaGVt
+            N29lbjR6UjN0L2RhaXEzSG9zQmRsZGsKLS0tIEdsdWgxSmZwU3BWUDVxVWRSSC9M
+            eVZ6bjgwZnR2TTM5MkRYZWNFSFplQWsKmSzv12/dftL9jx2y35UZUGVK6xWdatE8
+            BGJiCvMlp0BQNrh2s/+YaEaBa48w8LL79U/XJnEZ+ZUwxmlbSTn6Hg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-08-08T14:27:20Z"
+    mac: ENC[AES256_GCM,data:iRWWX+L5Q5nKn3fBCLaWoz/mvqGnNnRd93gJmYXDZbRjFoHa9IFJZst5QDIDa1ZRYUe6G0/+lV5SBi+vwRm1pHysJ3c0ZWYjBP+e1jw3jLXxLV5gACsDC8by+6rFUCho0Xgu+Nqu2ehhNenjQQnCvDH5ivWbW70KFT5ynNgR9Tw=,iv:RYnnbLMC/hNfMwWPreMq9uvY0khajwQTZENO/P34ckY=,tag:Xi1PS5vM1c+sRkroHkPn1Q==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3
--- a/pkgs/clan-cli/tests/root.py
+++ b/pkgs/clan-cli/tests/root.py
@ -0,0 +1,22 @@
+from pathlib import Path
+
+import pytest
+
+TEST_ROOT = Path(__file__).parent.resolve()
+PROJECT_ROOT = TEST_ROOT.parent
+
+
+@pytest.fixture
+def project_root() -> Path:
+    """
+    Root directory of the tests
+    """
+    return PROJECT_ROOT
+
+
+@pytest.fixture
+def test_root() -> Path:
+    """
+    Root directory of the tests
+    """
+    return TEST_ROOT
--- a/pkgs/clan-cli/tests/test_secrets.py
+++ b/pkgs/clan-cli/tests/test_secrets.py
@ -104,9 +104,7 @@ def test_groups(clan_flake: Path, capsys: pytest.CaptureFixture) -> None:
    assert len(groups) == 0


-def test_secrets(
-    clan_flake: Path, capsys: pytest.CaptureFixture, monkeypatch: pytest.MonkeyPatch
-) -> None:
+def test_secrets(clan_flake: Path, capsys: pytest.CaptureFixture) -> None:
    cli = SecretCli()
    capsys.readouterr()  # empty the buffer
    cli.run(["list"])
@ -159,3 +157,17 @@ def test_secrets(
    capsys.readouterr()  # empty the buffer
    cli.run(["list"])
    assert capsys.readouterr().out == ""
+
+
+def test_import_sops(
+    test_root: Path, clan_flake: Path, capsys: pytest.CaptureFixture
+) -> None:
+    cli = SecretCli()
+
+    with mock_env(SOPS_AGE_KEY=PRIVKEY_2):
+        # To edit:
+        # SOPS_AGE_KEY=AGE-SECRET-KEY-1U5ENXZQAY62NC78Y2WC0SEGRRMAEEKH79EYY5TH4GPFWJKEAY0USZ6X7YQ sops --age age14tva0txcrl0zes05x7gkx56qd6wd9q3nwecjac74xxzz4l47r44sv3fz62 ./data/secrets.yaml
+        cli.run(["import-sops", str(test_root.joinpath("data", "secrets.yaml"))])
+        capsys.readouterr()
+        cli.run(["get", "secret-key"])
+        assert capsys.readouterr().out == "secret-value"