pyrox.dev / nixpkgs
lol
fork atom

nixos/stratis: add test for encryption support

Nick Cao 732950b2 8db1ad78

+34
+1
nixos/tests/stratis/default.nix
··· 4 4 5 5 { 6 6 simple = import ./simple.nix { inherit system pkgs; }; 7 + encryption = import ./encryption.nix { inherit system pkgs; }; 7 8 }
+33
nixos/tests/stratis/encryption.nix
··· 1 + import ../make-test-python.nix ({ pkgs, ... }: 2 + { 3 + name = "stratis"; 4 + 5 + meta = with pkgs.lib.maintainers; { 6 + maintainers = [ nickcao ]; 7 + }; 8 + 9 + nodes.machine = { pkgs, ... }: { 10 + services.stratis.enable = true; 11 + virtualisation.emptyDiskImages = [ 2048 ]; 12 + }; 13 + 14 + testScript = 15 + let 16 + testkey1 = pkgs.writeText "testkey1" "supersecret1"; 17 + testkey2 = pkgs.writeText "testkey2" "supersecret2"; 18 + in 19 + '' 20 + machine.wait_for_unit("stratisd") 21 + # test creation of encrypted pool and filesystem 22 + machine.succeed("stratis key set testkey1 --keyfile-path ${testkey1}") 23 + machine.succeed("stratis key set testkey2 --keyfile-path ${testkey2}") 24 + machine.succeed("stratis pool create testpool /dev/vdb --key-desc testkey1") 25 + machine.succeed("stratis fs create testpool testfs") 26 + # test rebinding encrypted pool 27 + machine.succeed("stratis pool rebind keyring testpool testkey2") 28 + # test restarting encrypted pool 29 + uuid = machine.succeed("stratis pool list | grep -oE '[0-9a-fA-F-]{36}'").rstrip('\n') 30 + machine.succeed(" stratis pool stop testpool") 31 + machine.succeed(f"stratis pool start {uuid} --unlock-method keyring") 32 + ''; 33 + })