From d8c2df2e72bdf4e8af71494e5de11117e24a629f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 8 Aug 2023 16:28:38 +0200 Subject: [PATCH] add test for import-sops command --- pkgs/clan-cli/clan_cli/secrets/import_sops.py | 15 ++++++------ pkgs/clan-cli/tests/conftest.py | 2 +- pkgs/clan-cli/tests/data/secrets.yaml | 23 +++++++++++++++++++ pkgs/clan-cli/tests/root.py | 22 ++++++++++++++++++ pkgs/clan-cli/tests/test_secrets.py | 18 ++++++++++++--- 5 files changed, 69 insertions(+), 11 deletions(-) create mode 100644 pkgs/clan-cli/tests/data/secrets.yaml create mode 100644 pkgs/clan-cli/tests/root.py diff --git a/pkgs/clan-cli/clan_cli/secrets/import_sops.py b/pkgs/clan-cli/clan_cli/secrets/import_sops.py index 36c369dd..4bce9a34 100644 --- a/pkgs/clan-cli/clan_cli/secrets/import_sops.py +++ b/pkgs/clan-cli/clan_cli/secrets/import_sops.py @@ -6,7 +6,7 @@ from pathlib import Path from ..errors import ClanError from ..nix import nix_shell -from .secrets import encrypt_secret +from .secrets import encrypt_secret, sops_secrets_folder def import_sops(args: argparse.Namespace) -> None: @@ -34,18 +34,19 @@ def import_sops(args: argparse.Namespace) -> None: f"WARNING: {k} is not a string but {type(v)}, skipping", file=sys.stderr, ) - encrypt_secret(k, v) + continue + encrypt_secret(sops_secrets_folder() / k, v) def register_import_sops_parser(parser: argparse.ArgumentParser) -> None: + parser.add_argument( + "--input_type", + type=str, + help="the input type of the sops file (yaml, json, ...)", + ) parser.add_argument( "sops_file", type=str, help="the sops file to import (- for stdin)", ) - parser.add_argument( - "input_type", - type=str, - help="the input type of the sops file (yaml, json, ...)", - ) parser.set_defaults(func=import_sops) diff --git a/pkgs/clan-cli/tests/conftest.py b/pkgs/clan-cli/tests/conftest.py index 14a0cf03..48134764 100644 --- a/pkgs/clan-cli/tests/conftest.py +++ b/pkgs/clan-cli/tests/conftest.py @@ -3,4 +3,4 @@ import sys sys.path.append(os.path.join(os.path.dirname(__file__), "helpers")) -pytest_plugins = ["temporary_dir", "clan_flake"] +pytest_plugins = ["temporary_dir", "clan_flake", "root"] diff --git a/pkgs/clan-cli/tests/data/secrets.yaml b/pkgs/clan-cli/tests/data/secrets.yaml new file mode 100644 index 00000000..3bc63659 --- /dev/null +++ b/pkgs/clan-cli/tests/data/secrets.yaml @@ -0,0 +1,23 @@ +secret-key: ENC[AES256_GCM,data:gjX4OmCUdd3TlA4p,iv:3yZVpyd6FqkITQY0nU2M1iubmzvkR6PfkK2m/s6nQh8=,tag:Abgp9xkiFFylZIyAlap6Ew==,type:str] +nested: + secret-key: ENC[AES256_GCM,data:iUMgDhhIjwvd7wL4,iv:jiJIrh12dSu/sXX+z9ITVoEMNDMjwIlFBnyv40oN4LE=,tag:G9VmAa66Km1sc7JEhW5AvA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age14tva0txcrl0zes05x7gkx56qd6wd9q3nwecjac74xxzz4l47r44sv3fz62 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0eWdRVjlydXlXOVZFQ3lO + bzU1eG9Iam5Ka29Sdlo0cHJ4b1R6bjdNSzBjCkgwRndCbWZQWHlDU0x1cWRmaGVt + N29lbjR6UjN0L2RhaXEzSG9zQmRsZGsKLS0tIEdsdWgxSmZwU3BWUDVxVWRSSC9M + eVZ6bjgwZnR2TTM5MkRYZWNFSFplQWsKmSzv12/dftL9jx2y35UZUGVK6xWdatE8 + BGJiCvMlp0BQNrh2s/+YaEaBa48w8LL79U/XJnEZ+ZUwxmlbSTn6Hg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-08-08T14:27:20Z" + mac: ENC[AES256_GCM,data:iRWWX+L5Q5nKn3fBCLaWoz/mvqGnNnRd93gJmYXDZbRjFoHa9IFJZst5QDIDa1ZRYUe6G0/+lV5SBi+vwRm1pHysJ3c0ZWYjBP+e1jw3jLXxLV5gACsDC8by+6rFUCho0Xgu+Nqu2ehhNenjQQnCvDH5ivWbW70KFT5ynNgR9Tw=,iv:RYnnbLMC/hNfMwWPreMq9uvY0khajwQTZENO/P34ckY=,tag:Xi1PS5vM1c+sRkroHkPn1Q==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/pkgs/clan-cli/tests/root.py b/pkgs/clan-cli/tests/root.py new file mode 100644 index 00000000..5855b523 --- /dev/null +++ b/pkgs/clan-cli/tests/root.py @@ -0,0 +1,22 @@ +from pathlib import Path + +import pytest + +TEST_ROOT = Path(__file__).parent.resolve() +PROJECT_ROOT = TEST_ROOT.parent + + +@pytest.fixture +def project_root() -> Path: + """ + Root directory of the tests + """ + return PROJECT_ROOT + + +@pytest.fixture +def test_root() -> Path: + """ + Root directory of the tests + """ + return TEST_ROOT diff --git a/pkgs/clan-cli/tests/test_secrets.py b/pkgs/clan-cli/tests/test_secrets.py index 31166633..2e8ca612 100644 --- a/pkgs/clan-cli/tests/test_secrets.py +++ b/pkgs/clan-cli/tests/test_secrets.py @@ -104,9 +104,7 @@ def test_groups(clan_flake: Path, capsys: pytest.CaptureFixture) -> None: assert len(groups) == 0 -def test_secrets( - clan_flake: Path, capsys: pytest.CaptureFixture, monkeypatch: pytest.MonkeyPatch -) -> None: +def test_secrets(clan_flake: Path, capsys: pytest.CaptureFixture) -> None: cli = SecretCli() capsys.readouterr() # empty the buffer cli.run(["list"]) @@ -159,3 +157,17 @@ def test_secrets( capsys.readouterr() # empty the buffer cli.run(["list"]) assert capsys.readouterr().out == "" + + +def test_import_sops( + test_root: Path, clan_flake: Path, capsys: pytest.CaptureFixture +) -> None: + cli = SecretCli() + + with mock_env(SOPS_AGE_KEY=PRIVKEY_2): + # To edit: + # SOPS_AGE_KEY=AGE-SECRET-KEY-1U5ENXZQAY62NC78Y2WC0SEGRRMAEEKH79EYY5TH4GPFWJKEAY0USZ6X7YQ sops --age age14tva0txcrl0zes05x7gkx56qd6wd9q3nwecjac74xxzz4l47r44sv3fz62 ./data/secrets.yaml + cli.run(["import-sops", str(test_root.joinpath("data", "secrets.yaml"))]) + capsys.readouterr() + cli.run(["get", "secret-key"]) + assert capsys.readouterr().out == "secret-value"