nixos/tests/teleport.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / teleport.nix
at master 3.1 kB view raw
  1{
  2  system ? builtins.currentSystem,
  3  config ? { },
  4  pkgs ? import ../.. { inherit system config; },
  5  lib ? pkgs.lib,
  6}:
  7
  8with import ../lib/testing-python.nix { inherit system pkgs; };
  9
 10let
 11  packages = with pkgs; {
 12    "16" = teleport_16;
 13    "17" = teleport_17;
 14    "18" = teleport_18;
 15  };
 16
 17  minimal = package: {
 18    services.teleport = {
 19      enable = true;
 20      inherit package;
 21    };
 22  };
 23
 24  client = package: {
 25    services.teleport = {
 26      enable = true;
 27      inherit package;
 28      settings = {
 29        teleport = {
 30          nodename = "client";
 31          advertise_ip = "192.168.1.20";
 32          auth_token = "8d1957b2-2ded-40e6-8297-d48156a898a9";
 33          auth_servers = [ "192.168.1.10:3025" ];
 34          log.severity = "DEBUG";
 35        };
 36        ssh_service = {
 37          enabled = true;
 38          labels = {
 39            role = "client";
 40          };
 41        };
 42        proxy_service.enabled = false;
 43        auth_service.enabled = false;
 44      };
 45    };
 46    networking.interfaces.eth1.ipv4.addresses = [
 47      {
 48        address = "192.168.1.20";
 49        prefixLength = 24;
 50      }
 51    ];
 52  };
 53
 54  server = package: {
 55    services.teleport = {
 56      enable = true;
 57      inherit package;
 58      settings = {
 59        teleport = {
 60          nodename = "server";
 61          advertise_ip = "192.168.1.10";
 62        };
 63        ssh_service.enabled = true;
 64        proxy_service.enabled = true;
 65        auth_service = {
 66          enabled = true;
 67          tokens = [ "node:8d1957b2-2ded-40e6-8297-d48156a898a9" ];
 68        };
 69      };
 70      diag.enable = true;
 71      insecure.enable = true;
 72    };
 73    networking = {
 74      firewall.allowedTCPPorts = [ 3025 ];
 75      interfaces.eth1.ipv4.addresses = [
 76        {
 77          address = "192.168.1.10";
 78          prefixLength = 24;
 79        }
 80      ];
 81    };
 82  };
 83in
 84lib.concatMapAttrs (name: package: {
 85  "minimal_${name}" = makeTest {
 86    # minimal setup should always work
 87    name = "teleport-minimal-setup";
 88    meta.maintainers = with pkgs.lib.maintainers; [ justinas ];
 89    nodes.minimal = minimal package;
 90
 91    testScript = ''
 92      minimal.wait_for_open_port(3025)
 93      minimal.wait_for_open_port(3080)
 94      minimal.wait_for_open_port(3022)
 95    '';
 96  };
 97
 98  "basic_${name}" = makeTest {
 99    # basic server and client test
100    name = "teleport-server-client";
101    meta.maintainers = with pkgs.lib.maintainers; [ justinas ];
102    nodes = {
103      server = server package;
104      client = client package;
105    };
106
107    testScript = ''
108      with subtest("teleport ready"):
109          server.wait_for_open_port(3025)
110          client.wait_for_open_port(3022)
111
112      with subtest("check applied configuration"):
113          server.wait_until_succeeds("tctl get nodes --format=json | ${pkgs.jq}/bin/jq -e '.[] | select(.spec.hostname==\"client\") | .metadata.labels.role==\"client\"'")
114          server.wait_for_open_port(3000)
115          client.succeed("journalctl -u teleport.service --grep='DEBU'")
116          server.succeed("journalctl -u teleport.service --grep='Starting teleport in insecure mode.'")
117    '';
118  };
119}) packages