difftreelog
fix generation data assertion for not regenerated secrets
in: trunk
1 file changed
modules/secrets-data.nixdiffbeforeafterboth131 ||131 ||132 sort (a: b: a < b) (config.data.sharedSecrets.${name} or { owners = [ ]; }).owners132 sort (a: b: a < b) (config.data.sharedSecrets.${name} or { owners = [ ]; }).owners133 == sort (a: b: a < b) secret.expectedOwners;133 == sort (a: b: a < b) secret.expectedOwners;134 message = "Shared secret ${name} is expected to be encrypted for ${toJSON secret.expectedOwners}, but it is encrypted for ${134 message = "Shared secret ${name} is expected to be encrypted for ${toJSON secret.expectedOwners}, but it is encrypted for ${135 toJSON config.data.sharedSecrets.${name}.owners135 toJSON (config.data.sharedSecrets.${name} or { owners = [ ]; }).owners136 }. Run fleet secrets regenerate to fix";136 }. Run fleet secrets regenerate to fix";137 }) config.sharedSecrets)137 }) config.sharedSecrets)138 ++ (mapAttrsToList (name: secret: {138 ++ (mapAttrsToList (name: secret: {139 # TODO: Same aassertion should be in host secrets139 # TODO: Same aassertion should be in host secrets140 assertion = config.data.sharedSecrets.${name}.generationData == secret.expectedGenerationData;140 assertion =141 (config.data.sharedSecrets.${name} or { generationData = null; }).generationData142 == secret.expectedGenerationData;141 message = "Shared secret ${name} has unexpected generation data ${toJSON secret.expectedGenerationData} != ${143 message = "Shared secret ${name} has unexpected generation data ${toJSON secret.expectedGenerationData} != ${142 toJSON config.data.sharedSecrets.${name}.expectedGenerationData144 toJSON (config.data.sharedSecrets.${name} or { generationData = null; }).generationData143 }. Run fleet secrets regenerate to fix";145 }. Run fleet secrets regenerate to fix";144 }) config.sharedSecrets);146 }) config.sharedSecrets);145 sharedSecrets = mapAttrs (_: _: { }) config.data.sharedSecrets;147 sharedSecrets = mapAttrs (_: _: { }) config.data.sharedSecrets;146 };148 };