nixos/tests/vault-agent.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / vault-agent.nix
at master 1.4 kB view raw
 1{ pkgs, ... }:
 2{
 3  name = "vault-agent";
 4
 5  nodes.machine =
 6    { config, pkgs, ... }:
 7    {
 8      services.vault-agent.instances.example.settings = {
 9        vault.address = config.environment.variables.VAULT_ADDR;
10
11        auto_auth = [
12          {
13            method = [
14              {
15                type = "token_file";
16                config.token_file_path = pkgs.writeText "vault-token" config.environment.variables.VAULT_TOKEN;
17              }
18            ];
19          }
20        ];
21
22        template = [
23          {
24            contents = ''
25              {{- with secret "secret/example" }}
26              {{ .Data.data.key }}"
27              {{- end }}
28            '';
29            perms = "0600";
30            destination = "/example";
31          }
32        ];
33      };
34
35      services.vault = {
36        enable = true;
37        dev = true;
38        devRootTokenID = config.environment.variables.VAULT_TOKEN;
39      };
40
41      environment = {
42        systemPackages = [ pkgs.vault ];
43        variables = {
44          VAULT_ADDR = "http://localhost:8200";
45          VAULT_TOKEN = "root";
46        };
47      };
48    };
49
50  testScript = ''
51    machine.wait_for_unit("vault.service")
52    machine.wait_for_open_port(8200)
53
54    machine.wait_until_succeeds('vault kv put secret/example key=example')
55
56    machine.wait_for_unit("vault-agent-example.service")
57
58    machine.wait_for_file("/example")
59    machine.succeed('grep "example" /example')
60  '';
61}