diff options
| author | Jörg Thalheim <Mic92@users.noreply.github.com> | 2022-07-05 10:54:11 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-05 10:54:11 +0200 |
| commit | 826c20dcae34f7e3be4d1a638b07fb7d95570ba0 (patch) | |
| tree | f9ac09af4ca536eda263b1cdb8996c0e1ba3d71f /nixos/tests | |
| parent | f5522fb775353e6858d33b4986d344d1ba4adb83 (diff) | |
nixos/vault: add option to start in dev mode. (#180114)
* nixos/vault: add option to start in dev mode. This is not only useful for nixos tests i.e. when testing vault agent setups but also when playing around with vault in local setups. In our tests we can now make use of this option to test more vault features. i.e. adding this feature has uncovered the need for a `StateDirectory`. * Update nixos/modules/services/security/vault.nix Co-authored-by: Robert Hensing <roberth@users.noreply.github.com> Co-authored-by: Jonas Chevalier <zimbatm@zimbatm.com> Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
Diffstat (limited to 'nixos/tests')
| -rw-r--r-- | nixos/tests/all-tests.nix | 1 | ||||
| -rw-r--r-- | nixos/tests/vault-dev.nix | 35 |
2 files changed, 36 insertions, 0 deletions
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index b7690a125ec59..e08be48db24f1 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -590,6 +590,7 @@ in { uwsgi = handleTest ./uwsgi.nix {}; v2ray = handleTest ./v2ray.nix {}; vault = handleTest ./vault.nix {}; + vault-dev = handleTest ./vault-dev.nix {}; vault-postgresql = handleTest ./vault-postgresql.nix {}; vaultwarden = handleTest ./vaultwarden.nix {}; vector = handleTest ./vector.nix {}; diff --git a/nixos/tests/vault-dev.nix b/nixos/tests/vault-dev.nix new file mode 100644 index 0000000000000..ba9a1015cc13c --- /dev/null +++ b/nixos/tests/vault-dev.nix @@ -0,0 +1,35 @@ +import ./make-test-python.nix ({ pkgs, ... }: +{ + name = "vault-dev"; + meta = with pkgs.lib.maintainers; { + maintainers = [ lnl7 mic92 ]; + }; + nodes.machine = { pkgs, config, ... }: { + environment.systemPackages = [ pkgs.vault ]; + environment.variables.VAULT_ADDR = "http://127.0.0.1:8200"; + environment.variables.VAULT_TOKEN = "phony-secret"; + + services.vault = { + enable = true; + dev = true; + devRootTokenID = config.environment.variables.VAULT_TOKEN; + }; + }; + + testScript = '' + import json + start_all() + machine.wait_for_unit("multi-user.target") + machine.wait_for_unit("vault.service") + machine.wait_for_open_port(8200) + out = machine.succeed("vault status -format=json") + print(out) + status = json.loads(out) + assert status.get("initialized") == True + machine.succeed("vault kv put secret/foo bar=baz") + out = machine.succeed("vault kv get -format=json secret/foo") + print(out) + status = json.loads(out) + assert status.get("data", {}).get("data", {}).get("bar") == "baz" + ''; +}) |