mirrors/sops-nix
mirrors/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2025-03-05 16:17:47 +00:00
Code Activity

fix scope in sops.templates; add relevant test

Browse source
This commit is contained in:
mlatus 2023-04-18 12:47:12 +08:00
parent 77aacab6fa
commit 4de4d820ba
2 changed files with 13 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
modules/sops/templates/default.nix
View file

@ -5,6 +5,7 @@ with builtins;
let let
cfg = config.sops; cfg = config.sops;
secretsForUsers = lib.filterAttrs (_: v: v.neededForUsers) cfg.secrets; secretsForUsers = lib.filterAttrs (_: v: v.neededForUsers) cfg.secrets;
users = config.users.users;
in { in {
options.sops = { options.sops = {
templates = mkOption { templates = mkOption {
@ -44,7 +45,7 @@ in {
}; };
group = mkOption { group = mkOption {
type = str; type = str;
default = config.users.users.${config.owner}.group; default = users.${config.owner}.group;
description = '' description = ''
Group of the file. Group of the file.
''; '';

12
pkgs/sops-install-secrets/nixos-test.nix
View file

@ -222,6 +222,9 @@
owner = "someuser"; owner = "someuser";
group = "somegroup"; group = "somegroup";
}; };
sops.templates.test_default.content = ''
Test value: ${config.sops.placeholder.test_key}
'';
users.groups.somegroup = {}; users.groups.somegroup = {};
users.users.someuser = { users.users.someuser = {
@ -234,6 +237,8 @@
start_all() start_all()
machine.succeed("[ $(stat -c%U /run/secrets-rendered/test_template) = 'someuser' ]") machine.succeed("[ $(stat -c%U /run/secrets-rendered/test_template) = 'someuser' ]")
machine.succeed("[ $(stat -c%G /run/secrets-rendered/test_template) = 'somegroup' ]") machine.succeed("[ $(stat -c%G /run/secrets-rendered/test_template) = 'somegroup' ]")
machine.succeed("[ $(stat -c%U /run/secrets-rendered/test_default) = 'root' ]")
machine.succeed("[ $(stat -c%G /run/secrets-rendered/test_default) = 'root' ]")
expected = """ expected = """
This line is not modified. This line is not modified.
@ -242,7 +247,12 @@
""" """
rendered = machine.succeed("cat /run/secrets-rendered/test_template") rendered = machine.succeed("cat /run/secrets-rendered/test_template")
if rendered.strip() != expected.strip(): expected_default = """
Test value: test_value
"""
rendered_default = machine.succeed("cat /run/secrets-rendered/test_default")
if rendered.strip() != expected.strip() or rendered_default.strip() != expected_default.strip():
raise Exception("Template is not rendered correctly") raise Exception("Template is not rendered correctly")
''; '';
} { } {