blob: d68917c6c7acb2fd2add0282b5347f1014f61f39 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
{ system ? builtins.currentSystem
, config ? { }
, pkgs ? import ../.. { inherit system config; }
, lib ? pkgs.lib
}:
with import ../lib/testing-python.nix { inherit system pkgs; };
let
packages = with pkgs; {
"default" = teleport;
"12" = teleport_12;
"13" = teleport_13;
};
minimal = package: {
services.teleport = {
enable = true;
inherit package;
};
};
client = package: {
services.teleport = {
enable = true;
inherit package;
settings = {
teleport = {
nodename = "client";
advertise_ip = "192.168.1.20";
auth_token = "8d1957b2-2ded-40e6-8297-d48156a898a9";
auth_servers = [ "192.168.1.10:3025" ];
log.severity = "DEBUG";
};
ssh_service = {
enabled = true;
labels = {
role = "client";
};
};
proxy_service.enabled = false;
auth_service.enabled = false;
};
};
networking.interfaces.eth1.ipv4.addresses = [{
address = "192.168.1.20";
prefixLength = 24;
}];
};
server = package: {
services.teleport = {
enable = true;
inherit package;
settings = {
teleport = {
nodename = "server";
advertise_ip = "192.168.1.10";
};
ssh_service.enabled = true;
proxy_service.enabled = true;
auth_service = {
enabled = true;
tokens = [ "node:8d1957b2-2ded-40e6-8297-d48156a898a9" ];
};
};
diag.enable = true;
insecure.enable = true;
};
networking = {
firewall.allowedTCPPorts = [ 3025 ];
interfaces.eth1.ipv4.addresses = [{
address = "192.168.1.10";
prefixLength = 24;
}];
};
};
in
lib.concatMapAttrs
(name: package: {
"minimal_${name}" = makeTest {
# minimal setup should always work
name = "teleport-minimal-setup";
meta.maintainers = with pkgs.lib.maintainers; [ justinas ];
nodes.minimal = minimal package;
testScript = ''
minimal.wait_for_open_port(3025)
minimal.wait_for_open_port(3080)
minimal.wait_for_open_port(3022)
'';
};
"basic_${name}" = makeTest {
# basic server and client test
name = "teleport-server-client";
meta.maintainers = with pkgs.lib.maintainers; [ justinas ];
nodes = {
server = server package;
client = client package;
};
testScript = ''
with subtest("teleport ready"):
server.wait_for_open_port(3025)
client.wait_for_open_port(3022)
with subtest("check applied configuration"):
server.wait_until_succeeds("tctl get nodes --format=json | ${pkgs.jq}/bin/jq -e '.[] | select(.spec.hostname==\"client\") | .metadata.labels.role==\"client\"'")
server.wait_for_open_port(3000)
client.succeed("journalctl -u teleport.service --grep='DEBU'")
server.succeed("journalctl -u teleport.service --grep='Starting teleport in insecure mode.'")
'';
};
})
packages
|
