diff options
author | IndeedNotJames <git@indeednotjames.com> | 2023-04-25 15:58:30 +0200 |
---|---|---|
committer | IndeedNotJames <git@indeednotjames.com> | 2023-04-25 15:58:30 +0200 |
commit | 524fe7ff5156ef3790b97b8056317fc737840d0a (patch) | |
tree | fe6ce54ddb9e6a4e21f3e3c6321639659ca89114 /nixos/tests | |
parent | 4e8bde773f7645cc238a9efd86c9d491af74ca35 (diff) |
nixosTests.vault-agent: init
Diffstat (limited to 'nixos/tests')
-rw-r--r-- | nixos/tests/all-tests.nix | 1 | ||||
-rw-r--r-- | nixos/tests/vault-agent.nix | 52 |
2 files changed, 53 insertions, 0 deletions
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 5b802fb263042..997d389382381 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -746,6 +746,7 @@ in { varnish60 = handleTest ./varnish.nix { package = pkgs.varnish60; }; varnish72 = handleTest ./varnish.nix { package = pkgs.varnish72; }; vault = handleTest ./vault.nix {}; + vault-agent = handleTest ./vault-agent.nix {}; vault-dev = handleTest ./vault-dev.nix {}; vault-postgresql = handleTest ./vault-postgresql.nix {}; vaultwarden = handleTest ./vaultwarden.nix {}; diff --git a/nixos/tests/vault-agent.nix b/nixos/tests/vault-agent.nix new file mode 100644 index 0000000000000..dc86c829b67af --- /dev/null +++ b/nixos/tests/vault-agent.nix @@ -0,0 +1,52 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "vault-agent"; + + nodes.machine = { config, pkgs, ... }: { + services.vault-agent.instances.example.settings = { + vault.address = config.environment.variables.VAULT_ADDR; + + auto_auth = [{ + method = [{ + type = "token_file"; + config.token_file_path = pkgs.writeText "vault-token" config.environment.variables.VAULT_TOKEN; + }]; + }]; + + template = [{ + contents = '' + {{- with secret "secret/example" }} + {{ .Data.data.key }}" + {{- end }} + ''; + perms = "0600"; + destination = "/example"; + }]; + }; + + services.vault = { + enable = true; + dev = true; + devRootTokenID = config.environment.variables.VAULT_TOKEN; + }; + + environment = { + systemPackages = [ pkgs.vault ]; + variables = { + VAULT_ADDR = "http://localhost:8200"; + VAULT_TOKEN = "root"; + }; + }; + }; + + testScript = '' + machine.wait_for_unit("vault.service") + machine.wait_for_open_port(8200) + + machine.wait_until_succeeds('vault kv put secret/example key=example') + + machine.wait_for_unit("vault-agent-example.service") + + machine.wait_for_file("/example") + machine.succeed('grep "example" /example') + ''; +}) |