nixos/tests/vault-agent.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / vault-agent.nix
at 23.11-pre 1.3 kB view raw
 1import ./make-test-python.nix ({ pkgs, ... }: {
 2  name = "vault-agent";
 3
 4  nodes.machine = { config, pkgs, ... }: {
 5    services.vault-agent.instances.example.settings = {
 6      vault.address = config.environment.variables.VAULT_ADDR;
 7
 8      auto_auth = [{
 9        method = [{
10          type = "token_file";
11          config.token_file_path = pkgs.writeText "vault-token" config.environment.variables.VAULT_TOKEN;
12        }];
13      }];
14
15      template = [{
16        contents = ''
17          {{- with secret "secret/example" }}
18          {{ .Data.data.key }}"
19          {{- end }}
20        '';
21        perms = "0600";
22        destination = "/example";
23      }];
24    };
25
26    services.vault = {
27      enable = true;
28      dev = true;
29      devRootTokenID = config.environment.variables.VAULT_TOKEN;
30    };
31
32    environment = {
33      systemPackages = [ pkgs.vault ];
34      variables = {
35        VAULT_ADDR = "http://localhost:8200";
36        VAULT_TOKEN = "root";
37      };
38    };
39  };
40
41  testScript = ''
42    machine.wait_for_unit("vault.service")
43    machine.wait_for_open_port(8200)
44
45    machine.wait_until_succeeds('vault kv put secret/example key=example')
46
47    machine.wait_for_unit("vault-agent-example.service")
48
49    machine.wait_for_file("/example")
50    machine.succeed('grep "example" /example')
51  '';
52})