nixosTests.vault-agent: init · pyrox.dev/nixpkgs@524fe7f

pyrox.dev / nixpkgs

fork atom

lol

fork atom

nixosTests.vault-agent: init

IndeedNotJames 2 years ago 524fe7ff 4e8bde77

+54 -1

3 changed files

expand all

nixos

tests

all-tests.nix

vault-agent.nix

pkgs

tools

security

vault

default.nix

nixos/tests/all-tests.nix

··· 746 746 varnish60 = handleTest ./varnish.nix { package = pkgs.varnish60; }; 747 747 varnish72 = handleTest ./varnish.nix { package = pkgs.varnish72; }; 748 748 vault = handleTest ./vault.nix {}; 749 + vault-agent = handleTest ./vault-agent.nix {}; 749 750 vault-dev = handleTest ./vault-dev.nix {}; 750 751 vault-postgresql = handleTest ./vault-postgresql.nix {}; 751 752 vaultwarden = handleTest ./vaultwarden.nix {};

+52

nixos/tests/vault-agent.nix

··· 1 + import ./make-test-python.nix ({ pkgs, ... }: { 2 + name = "vault-agent"; 3 + 4 + nodes.machine = { config, pkgs, ... }: { 5 + services.vault-agent.instances.example.settings = { 6 + vault.address = config.environment.variables.VAULT_ADDR; 7 + 8 + auto_auth = [{ 9 + method = [{ 10 + type = "token_file"; 11 + config.token_file_path = pkgs.writeText "vault-token" config.environment.variables.VAULT_TOKEN; 12 + }]; 13 + }]; 14 + 15 + template = [{ 16 + contents = '' 17 + {{- with secret "secret/example" }} 18 + {{ .Data.data.key }}" 19 + {{- end }} 20 + ''; 21 + perms = "0600"; 22 + destination = "/example"; 23 + }]; 24 + }; 25 + 26 + services.vault = { 27 + enable = true; 28 + dev = true; 29 + devRootTokenID = config.environment.variables.VAULT_TOKEN; 30 + }; 31 + 32 + environment = { 33 + systemPackages = [ pkgs.vault ]; 34 + variables = { 35 + VAULT_ADDR = "http://localhost:8200"; 36 + VAULT_TOKEN = "root"; 37 + }; 38 + }; 39 + }; 40 + 41 + testScript = '' 42 + machine.wait_for_unit("vault.service") 43 + machine.wait_for_open_port(8200) 44 + 45 + machine.wait_until_succeeds('vault kv put secret/example key=example') 46 + 47 + machine.wait_for_unit("vault-agent-example.service") 48 + 49 + machine.wait_for_file("/example") 50 + machine.succeed('grep "example" /example') 51 + ''; 52 + })

+1 -1

pkgs/tools/security/vault/default.nix

··· 38 38 --prefix PATH ${lib.makeBinPath [ gawk glibc ]} 39 39 ''; 40 40 41 - passthru.tests = { inherit (nixosTests) vault vault-postgresql vault-dev; }; 41 + passthru.tests = { inherit (nixosTests) vault vault-postgresql vault-dev vault-agent; }; 42 42 43 43 meta = with lib; { 44 44 homepage = "https://www.vaultproject.io/";