nixos/tests/vault-agent.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / vault-agent.nix
at 25.11-pre 1.6 kB view raw
 1import ./make-test-python.nix (
 2  { pkgs, ... }:
 3  {
 4    name = "vault-agent";
 5
 6    nodes.machine =
 7      { config, pkgs, ... }:
 8      {
 9        services.vault-agent.instances.example.settings = {
10          vault.address = config.environment.variables.VAULT_ADDR;
11
12          auto_auth = [
13            {
14              method = [
15                {
16                  type = "token_file";
17                  config.token_file_path = pkgs.writeText "vault-token" config.environment.variables.VAULT_TOKEN;
18                }
19              ];
20            }
21          ];
22
23          template = [
24            {
25              contents = ''
26                {{- with secret "secret/example" }}
27                {{ .Data.data.key }}"
28                {{- end }}
29              '';
30              perms = "0600";
31              destination = "/example";
32            }
33          ];
34        };
35
36        services.vault = {
37          enable = true;
38          dev = true;
39          devRootTokenID = config.environment.variables.VAULT_TOKEN;
40        };
41
42        environment = {
43          systemPackages = [ pkgs.vault ];
44          variables = {
45            VAULT_ADDR = "http://localhost:8200";
46            VAULT_TOKEN = "root";
47          };
48        };
49      };
50
51    testScript = ''
52      machine.wait_for_unit("vault.service")
53      machine.wait_for_open_port(8200)
54
55      machine.wait_until_succeeds('vault kv put secret/example key=example')
56
57      machine.wait_for_unit("vault-agent-example.service")
58
59      machine.wait_for_file("/example")
60      machine.succeed('grep "example" /example')
61    '';
62  }
63)