git.delta.rocks / jrsonnet / refs/commits / 347bd4a9df43

difftreelog

fix do not assert for secret regeneration command

Yaroslav Bolyukin2024-12-03parent: #68ce59a.patch.diff
in: trunk

4 files changed

modifiedcmds/fleet/src/main.rsdiffbeforeafterboth
--- a/cmds/fleet/src/main.rs
+++ b/cmds/fleet/src/main.rs
@@ -203,7 +203,13 @@
 		.map(|a| extra_args::parse_os(&a))
 		.transpose()?
 		.unwrap_or_default();
-	let config = opts.fleet_opts.build(nix_args).await?;
+	let config = opts
+		.fleet_opts
+		.build(
+			nix_args,
+			matches!(opts.command, Opts::Deploy(_) | Opts::BuildSystems(_)),
+		)
+		.await?;
 
 	match run_command(&config, opts.fleet_opts, opts.command).await {
 		Ok(()) => {
modifiedcrates/fleet-base/src/opts.rsdiffbeforeafterboth
before · crates/fleet-base/src/opts.rs
1use std::{2	collections::BTreeMap,3	env::current_dir,4	ffi::OsString,5	str::FromStr,6	sync::{Arc, Mutex},7};89use anyhow::Result;10use clap::Parser;11use nix_eval::{nix_go, util::assert_warn, NixSessionPool, Value};12use nom::{13	bytes::complete::take_while1,14	character::complete::char,15	combinator::{map, opt},16	multi::separated_list1,17	sequence::{preceded, separated_pair},18};1920use crate::{21	fleetdata::FleetData,22	host::{Config, ConfigHost, FleetConfigInternals},23};2425#[derive(Clone)]26pub enum HostItem {27	Host {28		name: String,29		attrs: BTreeMap<String, String>,30	},31	Tag {32		name: String,33		attrs: BTreeMap<String, String>,34	},35}36fn host_item_parser(input: &str) -> Result<HostItem, String> {37	fn err_to_string(err: nom::Err<nom::error::Error<&str>>) -> String {38		err.to_string()39	}4041	let (input, is_tag) = map(opt(char('@')), |c| c.is_some())(input).map_err(err_to_string)?;42	let (input, name) = map(43		take_while1(|v| v != ',' && v != '?' && v != '@'),44		str::to_owned,45	)(input)46	.map_err(err_to_string)?;4748	let kw_item = separated_pair(49		map(take_while1(|v| v != '&' && v != '='), str::to_owned),50		char('='),51		map(take_while1(|v| v != '&'), str::to_owned),52	);53	let kw = map(separated_list1(char('&'), kw_item), |vec| {54		vec.into_iter().collect::<BTreeMap<_, _>>()55	});56	let mut opt_kw = map(opt(preceded(char('?'), kw)), Option::unwrap_or_default);5758	let (input, attrs) = opt_kw(input).map_err(err_to_string)?;5960	if !input.is_empty() {61		return Err(format!("unexpected trailing input: {input:?}"));62	}63	Ok(if is_tag {64		HostItem::Tag { name, attrs }65	} else {66		HostItem::Host { name, attrs }67	})68}6970// TODO: Rename to HostSelector71#[derive(Parser, Clone)]72pub struct FleetOpts {73	/// All hosts except those would be skipped74	#[clap(long, number_of_values = 1, value_parser = host_item_parser)]75	pub only: Vec<HostItem>,7677	/// Hosts to skip78	#[clap(long, number_of_values = 1)]79	pub skip: Vec<String>,8081	/// Host, which should be threaten as current machine82	// TODO: Replace with connectivity refactor83	#[clap(long, default_value_t = hostname::get().expect("unknown hostname").to_str().expect("hostname is not utf-8").to_owned())]84	pub localhost: String,8586	/// Override detected system for host, to perform builds via87	/// binfmt-declared qemu instead of trying to crosscompile88	#[clap(long, default_value = env!("NIX_SYSTEM"))]89	pub local_system: String,90}9192impl FleetOpts {93	pub async fn filter_skipped(94		&self,95		hosts: impl IntoIterator<Item = ConfigHost>,96	) -> Result<Vec<ConfigHost>> {97		let mut out = Vec::new();98		for host in hosts {99			if self.should_skip(&host).await? {100				continue;101			}102			out.push(host);103		}104		Ok(out)105	}106	pub async fn should_skip(&self, host: &ConfigHost) -> Result<bool> {107		if self.skip.iter().any(|h| h as &str == host.name) {108			return Ok(true);109		}110		if self.only.is_empty() {111			return Ok(false);112		}113		let mut have_group_matches = false;114		for item in self.only.iter() {115			match item {116				HostItem::Host { name, .. } if *name == host.name => {117					return Ok(false);118				}119				HostItem::Tag { .. } => {120					have_group_matches = true;121				}122				_ => {}123			}124		}125		if have_group_matches {126			let host_tags = host.tags().await?;127			for item in self.only.iter() {128				match item {129					HostItem::Tag { name, .. } if host_tags.contains(name) => {130						return Ok(false);131					}132					_ => {}133				}134			}135		}136		Ok(true)137	}138	pub async fn action_attr<T: FromStr>(&self, host: &ConfigHost, attr: &str) -> Result<Option<T>>139	where140		T::Err: Sync,141		anyhow::Error: From<T::Err>,142	{143		let str = self.action_attr_str(host, attr).await?;144		Ok(str.map(|v| T::from_str(&v)).transpose()?)145	}146	pub async fn action_attr_str(&self, host: &ConfigHost, attr: &str) -> Result<Option<String>> {147		if self.only.is_empty() {148			return Ok(None);149		}150		let mut have_group_matches = false;151		for item in self.only.iter() {152			match item {153				HostItem::Host { name, attrs }154					if *name == host.name && attrs.contains_key(attr) =>155				{156					return Ok(attrs.get(attr).cloned());157				}158				HostItem::Tag { attrs, .. } if attrs.contains_key(attr) => {159					have_group_matches = true;160				}161				_ => {}162			}163		}164		if have_group_matches {165			let host_tags = host.tags().await?;166			for item in self.only.iter() {167				match item {168					HostItem::Tag { name, attrs }169						if host_tags.contains(name) && attrs.contains_key(attr) =>170					{171						return Ok(attrs.get(attr).cloned());172					}173					_ => {}174				}175			}176		}177		Ok(None)178	}179	pub fn is_local(&self, host: &str) -> bool {180		self.localhost == host181	}182183	// TODO: Config should be detached from opts.184	pub async fn build(&self, nix_args: Vec<OsString>) -> Result<Config> {185		let directory = current_dir()?;186187		let pool = NixSessionPool::new(188			directory.as_os_str().to_owned(),189			nix_args.clone(),190			self.local_system.clone(),191		)192		.await?;193		let nix_session = pool.get().await?;194195		let builtins_field = Value::binding(nix_session.clone(), "builtins").await?;196197		let mut fleet_data_path = directory.clone();198		fleet_data_path.push("fleet.nix");199		let bytes = std::fs::read_to_string(fleet_data_path)?;200		let data: Mutex<FleetData> = nixlike::parse_str(&bytes)?;201202		let fleet_root = Value::binding(nix_session.clone(), "fleetConfigurations").await?;203		let fleet_field = nix_go!(fleet_root.default({ data }));204205		let config_field = nix_go!(fleet_field.config);206207		assert_warn("fleet config evaluation", &config_field).await?;208209		let import = nix_go!(builtins_field.import);210		let overlays = nix_go!(config_field.nixpkgs.overlays);211		let nixpkgs = nix_go!(config_field.nixpkgs.buildUsing | import);212213		let default_pkgs = nix_go!(nixpkgs(Obj {214			overlays,215			system: self.local_system.clone(),216		}));217218		Ok(Config(Arc::new(FleetConfigInternals {219			nix_session,220			directory,221			data,222			local_system: self.local_system.clone(),223			nix_args,224			config_field,225			default_pkgs,226			localhost: self.localhost.to_owned(),227		})))228	}229}
after · crates/fleet-base/src/opts.rs
1use std::{2	collections::BTreeMap,3	env::current_dir,4	ffi::OsString,5	str::FromStr,6	sync::{Arc, Mutex},7};89use anyhow::Result;10use clap::Parser;11use nix_eval::{nix_go, util::assert_warn, NixSessionPool, Value};12use nom::{13	bytes::complete::take_while1,14	character::complete::char,15	combinator::{map, opt},16	multi::separated_list1,17	sequence::{preceded, separated_pair},18};1920use crate::{21	fleetdata::FleetData,22	host::{Config, ConfigHost, FleetConfigInternals},23};2425#[derive(Clone)]26pub enum HostItem {27	Host {28		name: String,29		attrs: BTreeMap<String, String>,30	},31	Tag {32		name: String,33		attrs: BTreeMap<String, String>,34	},35}36fn host_item_parser(input: &str) -> Result<HostItem, String> {37	fn err_to_string(err: nom::Err<nom::error::Error<&str>>) -> String {38		err.to_string()39	}4041	let (input, is_tag) = map(opt(char('@')), |c| c.is_some())(input).map_err(err_to_string)?;42	let (input, name) = map(43		take_while1(|v| v != ',' && v != '?' && v != '@'),44		str::to_owned,45	)(input)46	.map_err(err_to_string)?;4748	let kw_item = separated_pair(49		map(take_while1(|v| v != '&' && v != '='), str::to_owned),50		char('='),51		map(take_while1(|v| v != '&'), str::to_owned),52	);53	let kw = map(separated_list1(char('&'), kw_item), |vec| {54		vec.into_iter().collect::<BTreeMap<_, _>>()55	});56	let mut opt_kw = map(opt(preceded(char('?'), kw)), Option::unwrap_or_default);5758	let (input, attrs) = opt_kw(input).map_err(err_to_string)?;5960	if !input.is_empty() {61		return Err(format!("unexpected trailing input: {input:?}"));62	}63	Ok(if is_tag {64		HostItem::Tag { name, attrs }65	} else {66		HostItem::Host { name, attrs }67	})68}6970// TODO: Rename to HostSelector71#[derive(Parser, Clone)]72pub struct FleetOpts {73	/// All hosts except those would be skipped74	#[clap(long, number_of_values = 1, value_parser = host_item_parser)]75	pub only: Vec<HostItem>,7677	/// Hosts to skip78	#[clap(long, number_of_values = 1)]79	pub skip: Vec<String>,8081	/// Host, which should be threaten as current machine82	// TODO: Replace with connectivity refactor83	#[clap(long, default_value_t = hostname::get().expect("unknown hostname").to_str().expect("hostname is not utf-8").to_owned())]84	pub localhost: String,8586	/// Override detected system for host, to perform builds via87	/// binfmt-declared qemu instead of trying to crosscompile88	#[clap(long, default_value = env!("NIX_SYSTEM"))]89	pub local_system: String,90}9192impl FleetOpts {93	pub async fn filter_skipped(94		&self,95		hosts: impl IntoIterator<Item = ConfigHost>,96	) -> Result<Vec<ConfigHost>> {97		let mut out = Vec::new();98		for host in hosts {99			if self.should_skip(&host).await? {100				continue;101			}102			out.push(host);103		}104		Ok(out)105	}106	pub async fn should_skip(&self, host: &ConfigHost) -> Result<bool> {107		if self.skip.iter().any(|h| h as &str == host.name) {108			return Ok(true);109		}110		if self.only.is_empty() {111			return Ok(false);112		}113		let mut have_group_matches = false;114		for item in self.only.iter() {115			match item {116				HostItem::Host { name, .. } if *name == host.name => {117					return Ok(false);118				}119				HostItem::Tag { .. } => {120					have_group_matches = true;121				}122				_ => {}123			}124		}125		if have_group_matches {126			let host_tags = host.tags().await?;127			for item in self.only.iter() {128				match item {129					HostItem::Tag { name, .. } if host_tags.contains(name) => {130						return Ok(false);131					}132					_ => {}133				}134			}135		}136		Ok(true)137	}138	pub async fn action_attr<T: FromStr>(&self, host: &ConfigHost, attr: &str) -> Result<Option<T>>139	where140		T::Err: Sync,141		anyhow::Error: From<T::Err>,142	{143		let str = self.action_attr_str(host, attr).await?;144		Ok(str.map(|v| T::from_str(&v)).transpose()?)145	}146	pub async fn action_attr_str(&self, host: &ConfigHost, attr: &str) -> Result<Option<String>> {147		if self.only.is_empty() {148			return Ok(None);149		}150		let mut have_group_matches = false;151		for item in self.only.iter() {152			match item {153				HostItem::Host { name, attrs }154					if *name == host.name && attrs.contains_key(attr) =>155				{156					return Ok(attrs.get(attr).cloned());157				}158				HostItem::Tag { attrs, .. } if attrs.contains_key(attr) => {159					have_group_matches = true;160				}161				_ => {}162			}163		}164		if have_group_matches {165			let host_tags = host.tags().await?;166			for item in self.only.iter() {167				match item {168					HostItem::Tag { name, attrs }169						if host_tags.contains(name) && attrs.contains_key(attr) =>170					{171						return Ok(attrs.get(attr).cloned());172					}173					_ => {}174				}175			}176		}177		Ok(None)178	}179	pub fn is_local(&self, host: &str) -> bool {180		self.localhost == host181	}182183	// TODO: Config should be detached from opts.184	pub async fn build(&self, nix_args: Vec<OsString>, assert: bool) -> Result<Config> {185		let directory = current_dir()?;186187		let pool = NixSessionPool::new(188			directory.as_os_str().to_owned(),189			nix_args.clone(),190			self.local_system.clone(),191		)192		.await?;193		let nix_session = pool.get().await?;194195		let builtins_field = Value::binding(nix_session.clone(), "builtins").await?;196197		let mut fleet_data_path = directory.clone();198		fleet_data_path.push("fleet.nix");199		let bytes = std::fs::read_to_string(fleet_data_path)?;200		let data: Mutex<FleetData> = nixlike::parse_str(&bytes)?;201202		let fleet_root = Value::binding(nix_session.clone(), "fleetConfigurations").await?;203		let fleet_field = nix_go!(fleet_root.default({ data }));204205		let config_field = nix_go!(fleet_field.config);206207		if assert {208			assert_warn("fleet config evaluation", &config_field).await?;209		}210211		let import = nix_go!(builtins_field.import);212		let overlays = nix_go!(config_field.nixpkgs.overlays);213		let nixpkgs = nix_go!(config_field.nixpkgs.buildUsing | import);214215		let default_pkgs = nix_go!(nixpkgs(Obj {216			overlays,217			system: self.local_system.clone(),218		}));219220		Ok(Config(Arc::new(FleetConfigInternals {221			nix_session,222			directory,223			data,224			local_system: self.local_system.clone(),225			nix_args,226			config_field,227			default_pkgs,228			localhost: self.localhost.to_owned(),229		})))230	}231}
modifiedcrates/nix-eval/src/util.rsdiffbeforeafterboth
--- a/crates/nix-eval/src/util.rs
+++ b/crates/nix-eval/src/util.rs
@@ -1,17 +1,19 @@
+use std::time::Instant;
+
 use anyhow::bail;
 use tracing::{debug, warn};
-use std::time::Instant;
 
 use crate::{nix_go_json, Value};
 
+#[tracing::instrument(level = "info", skip(val))]
 pub async fn assert_warn(action: &str, val: &Value) -> anyhow::Result<()> {
 	let before_errors = Instant::now();
 	let errors: Vec<String> = nix_go_json!(val.errors);
 	debug!("errors evaluation took {:?}", before_errors.elapsed());
 	if !errors.is_empty() {
 		bail!(
-			"{action} failed with error{}{}",
-			(errors.len() != 1).then_some("s:\n- ").unwrap_or(": "),
+			"failed with error{}{}",
+			if errors.len() != 1 { "s:\n- " } else { ": " },
 			errors.join("\n- "),
 		);
 	}
@@ -21,8 +23,8 @@
 	debug!("warnings evaluation took {:?}", before_errors.elapsed());
 	if !warnings.is_empty() {
 		warn!(
-			"{action} completed with warning{}{}",
-			(warnings.len() != 1).then_some("s:\n- ").unwrap_or(": "),
+			"completed with warning{}{}",
+			if warnings.len() != 1 { "s:\n- " } else { ": " },
 			warnings.join("\n- "),
 		);
 	}
modifiedmodules/secrets-data.nixdiffbeforeafterboth
--- a/modules/secrets-data.nix
+++ b/modules/secrets-data.nix
@@ -52,6 +52,7 @@
         default = null;
       };
     };
+    config = {};
   };
 
   hostSecretData = {
@@ -78,6 +79,7 @@
         default = null;
       };
     };
+    config = {};
   };
 in {
   options.data = mkDataOption ({config, ...}: {