commit 10e79d43f61a6f73e1ac4686c280ec44d041c2bc · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

nixos/tests: add gitolite test

Bjørn Forsman 8 years ago 10e79d43 497108b4

+140

2 changed files

expand all

unified split

nixos

release.nix

tests

gitolite.nix

nixos/release.nix

··· 250 250 tests.firewall = callTest tests/firewall.nix {}; 251 251 tests.fleet = hydraJob (import tests/fleet.nix { system = "x86_64-linux"; }); 252 252 #tests.gitlab = callTest tests/gitlab.nix {}; 253 + tests.gitolite = callTest tests/gitolite.nix {}; 253 254 tests.glance = callTest tests/glance.nix {}; 254 255 tests.gocd-agent = callTest tests/gocd-agent.nix {}; 255 256 tests.gocd-server = callTest tests/gocd-server.nix {};

+139

nixos/tests/gitolite.nix

··· 1 + import ./make-test.nix ({ pkgs, ...}: 2 + 3 + let 4 + adminPrivateKey = pkgs.writeText "id_ed25519" '' 5 + -----BEGIN OPENSSH PRIVATE KEY----- 6 + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW 7 + QyNTUxOQAAACDu7qxYQAPdAU6RrhB3llk2N1v4PTwcVzcX1oX265uC3gAAAJBJiYxDSYmM 8 + QwAAAAtzc2gtZWQyNTUxOQAAACDu7qxYQAPdAU6RrhB3llk2N1v4PTwcVzcX1oX265uC3g 9 + AAAEDE1W6vMwSEUcF1r7Hyypm/+sCOoDmKZgPxi3WOa1mD2u7urFhAA90BTpGuEHeWWTY3 10 + W/g9PBxXNxfWhfbrm4LeAAAACGJmb0BtaW5pAQIDBAU= 11 + -----END OPENSSH PRIVATE KEY----- 12 + ''; 13 + 14 + adminPublicKey = pkgs.writeText "id_ed25519.pub" '' 15 + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7urFhAA90BTpGuEHeWWTY3W/g9PBxXNxfWhfbrm4Le root@client 16 + ''; 17 + 18 + alicePrivateKey = pkgs.writeText "id_ed25519" '' 19 + -----BEGIN OPENSSH PRIVATE KEY----- 20 + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW 21 + QyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQAAAJAwVQ5VMFUO 22 + VQAAAAtzc2gtZWQyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQ 23 + AAAEB7lbfkkdkJoE+4TKHPdPQWBKLSx+J54Eg8DaTr+3KoSlt5a8eH8BYZYjoQhzXGVKKH 24 + Je1pw1D0p7O2Vb9VTLzBAAAACGJmb0BtaW5pAQIDBAU= 25 + -----END OPENSSH PRIVATE KEY----- 26 + ''; 27 + 28 + alicePublicKey = pkgs.writeText "id_ed25519.pub" '' 29 + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFt5a8eH8BYZYjoQhzXGVKKHJe1pw1D0p7O2Vb9VTLzB alice@client 30 + ''; 31 + 32 + bobPrivateKey = pkgs.writeText "id_ed25519" '' 33 + -----BEGIN OPENSSH PRIVATE KEY----- 34 + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW 35 + QyNTUxOQAAACCWTaJ1D9Xjxy6759FvQ9oXTes1lmWBciXPkEeqTikBMAAAAJDQBmNV0AZj 36 + VQAAAAtzc2gtZWQyNTUxOQAAACCWTaJ1D9Xjxy6759FvQ9oXTes1lmWBciXPkEeqTikBMA 37 + AAAEDM1IYYFUwk/IVxauha9kuR6bbRtT3gZ6ZA0GLb9txb/pZNonUP1ePHLrvn0W9D2hdN 38 + 6zWWZYFyJc+QR6pOKQEwAAAACGJmb0BtaW5pAQIDBAU= 39 + -----END OPENSSH PRIVATE KEY----- 40 + ''; 41 + 42 + bobPublicKey = pkgs.writeText "id_ed25519.pub" '' 43 + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZNonUP1ePHLrvn0W9D2hdN6zWWZYFyJc+QR6pOKQEw bob@client 44 + ''; 45 + 46 + gitoliteAdminConfSnippet = '' 47 + repo alice-project 48 + RW+ = alice 49 + ''; 50 + in 51 + { 52 + name = "gitolite"; 53 + 54 + meta = with pkgs.stdenv.lib.maintainers; { 55 + maintainers = [ bjornfor ]; 56 + }; 57 + 58 + nodes = { 59 + 60 + server = 61 + { config, pkgs, lib, ... }: 62 + { 63 + services.gitolite = { 64 + enable = true; 65 + adminPubkey = builtins.readFile adminPublicKey; 66 + }; 67 + services.openssh.enable = true; 68 + }; 69 + 70 + client = 71 + { config, pkgs, lib, ... }: 72 + { 73 + environment.systemPackages = [ pkgs.git ]; 74 + programs.ssh.extraConfig = '' 75 + Host * 76 + UserKnownHostsFile /dev/null 77 + StrictHostKeyChecking no 78 + # there's nobody around that can input password 79 + PreferredAuthentications publickey 80 + ''; 81 + users.extraUsers.alice = { isNormalUser = true; }; 82 + users.extraUsers.bob = { isNormalUser = true; }; 83 + }; 84 + 85 + }; 86 + 87 + testScript = '' 88 + startAll; 89 + 90 + subtest "can setup ssh keys on system", sub { 91 + $client->mustSucceed("mkdir -p ~root/.ssh"); 92 + $client->mustSucceed("cp ${adminPrivateKey} ~root/.ssh/id_ed25519"); 93 + $client->mustSucceed("chmod 600 ~root/.ssh/id_ed25519"); 94 + 95 + $client->mustSucceed("sudo -u alice mkdir -p ~alice/.ssh"); 96 + $client->mustSucceed("sudo -u alice cp ${alicePrivateKey} ~alice/.ssh/id_ed25519"); 97 + $client->mustSucceed("sudo -u alice chmod 600 ~alice/.ssh/id_ed25519"); 98 + 99 + $client->mustSucceed("sudo -u bob mkdir -p ~bob/.ssh"); 100 + $client->mustSucceed("sudo -u bob cp ${bobPrivateKey} ~bob/.ssh/id_ed25519"); 101 + $client->mustSucceed("sudo -u bob chmod 600 ~bob/.ssh/id_ed25519"); 102 + }; 103 + 104 + subtest "gitolite server starts", sub { 105 + $server->waitForUnit("gitolite-init.service"); 106 + $server->waitForUnit("sshd.service"); 107 + $client->mustSucceed('ssh gitolite@server info'); 108 + }; 109 + 110 + subtest "admin can clone and configure gitolite-admin.git", sub { 111 + $client->mustSucceed('git clone gitolite@server:gitolite-admin.git'); 112 + $client->mustSucceed("git config --global user.name 'System Administrator'"); 113 + $client->mustSucceed("git config --global user.email root\@domain.example"); 114 + $client->mustSucceed("cp ${alicePublicKey} gitolite-admin/keydir/alice.pub"); 115 + $client->mustSucceed("cp ${bobPublicKey} gitolite-admin/keydir/bob.pub"); 116 + $client->mustSucceed('(cd gitolite-admin && git add . && git commit -m "Add keys for alice, bob" && git push)'); 117 + $client->mustSucceed("printf '${gitoliteAdminConfSnippet}' >> gitolite-admin/conf/gitolite.conf"); 118 + $client->mustSucceed('(cd gitolite-admin && git add . && git commit -m "Add repo for alice" && git push)'); 119 + }; 120 + 121 + subtest "non-admins cannot clone gitolite-admin.git", sub { 122 + $client->mustFail('sudo -i -u alice git clone gitolite@server:gitolite-admin.git'); 123 + $client->mustFail('sudo -i -u bob git clone gitolite@server:gitolite-admin.git'); 124 + }; 125 + 126 + subtest "non-admins can clone testing.git", sub { 127 + $client->mustSucceed('sudo -i -u alice git clone gitolite@server:testing.git'); 128 + $client->mustSucceed('sudo -i -u bob git clone gitolite@server:testing.git'); 129 + }; 130 + 131 + subtest "alice can clone alice-project.git", sub { 132 + $client->mustSucceed('sudo -i -u alice git clone gitolite@server:alice-project.git'); 133 + }; 134 + 135 + subtest "bob cannot clone alice-project.git", sub { 136 + $client->mustFail('sudo -i -u bob git clone gitolite@server:alice-project.git'); 137 + }; 138 + ''; 139 + })