commit 524fe7ff5156ef3790b97b8056317fc737840d0a · pyrox.dev/nixpkgs

nixos/tests/all-tests.nix

···

       746
        
         varnish60 = handleTest ./varnish.nix { package = pkgs.varnish60; };

     

       747
        
         varnish72 = handleTest ./varnish.nix { package = pkgs.varnish72; };

     

       748
        
         vault = handleTest ./vault.nix {};

     

       0
        
       
     

       749
        
         vault-dev = handleTest ./vault-dev.nix {};

     

       750
        
         vault-postgresql = handleTest ./vault-postgresql.nix {};

     

       751
        
         vaultwarden = handleTest ./vaultwarden.nix {};

···

       746
        
         varnish60 = handleTest ./varnish.nix { package = pkgs.varnish60; };

     

       747
        
         varnish72 = handleTest ./varnish.nix { package = pkgs.varnish72; };

     

       748
        
         vault = handleTest ./vault.nix {};

     

       749
       +
         vault-agent = handleTest ./vault-agent.nix {};

     

       750
        
         vault-dev = handleTest ./vault-dev.nix {};

     

       751
        
         vault-postgresql = handleTest ./vault-postgresql.nix {};

     

       752
        
         vaultwarden = handleTest ./vaultwarden.nix {};

+52

nixos/tests/vault-agent.nix

···

       1
       +
       import ./make-test-python.nix ({ pkgs, ... }: {

     

       2
       +
         name = "vault-agent";

     

       3
       +
       

     

       4
       +
         nodes.machine = { config, pkgs, ... }: {

     

       5
       +
           services.vault-agent.instances.example.settings = {

     

       6
       +
             vault.address = config.environment.variables.VAULT_ADDR;

     

       7
       +
       

     

       8
       +
             auto_auth = [{

     

       9
       +
               method = [{

     

       10
       +
                 type = "token_file";

     

       11
       +
                 config.token_file_path = pkgs.writeText "vault-token" config.environment.variables.VAULT_TOKEN;

     

       12
       +
               }];

     

       13
       +
             }];

     

       14
       +
       

     

       15
       +
             template = [{

     

       16
       +
               contents = ''

     

       17
       +
                 {{- with secret "secret/example" }}

     

       18
       +
                 {{ .Data.data.key }}"

     

       19
       +
                 {{- end }}

     

       20
       +
               '';

     

       21
       +
               perms = "0600";

     

       22
       +
               destination = "/example";

     

       23
       +
             }];

     

       24
       +
           };

     

       25
       +
       

     

       26
       +
           services.vault = {

     

       27
       +
             enable = true;

     

       28
       +
             dev = true;

     

       29
       +
             devRootTokenID = config.environment.variables.VAULT_TOKEN;

     

       30
       +
           };

     

       31
       +
       

     

       32
       +
           environment = {

     

       33
       +
             systemPackages = [ pkgs.vault ];

     

       34
       +
             variables = {

     

       35
       +
               VAULT_ADDR = "http://localhost:8200";

     

       36
       +
               VAULT_TOKEN = "root";

     

       37
       +
             };

     

       38
       +
           };

     

       39
       +
         };

     

       40
       +
       

     

       41
       +
         testScript = ''

     

       42
       +
           machine.wait_for_unit("vault.service")

     

       43
       +
           machine.wait_for_open_port(8200)

     

       44
       +
       

     

       45
       +
           machine.wait_until_succeeds('vault kv put secret/example key=example')

     

       46
       +
       

     

       47
       +
           machine.wait_for_unit("vault-agent-example.service")

     

       48
       +
       

     

       49
       +
           machine.wait_for_file("/example")

     

       50
       +
           machine.succeed('grep "example" /example')

     

       51
       +
         '';

     

       52
       +
       })

+1 -1

pkgs/tools/security/vault/default.nix

···

       38
        
             --prefix PATH ${lib.makeBinPath [ gawk glibc ]}

     

       39
        
         '';

     

       40
        
       

     

       41
       -
         passthru.tests = { inherit (nixosTests) vault vault-postgresql vault-dev; };

     

       42
        
       

     

       43
        
         meta = with lib; {

     

       44
        
           homepage = "https://www.vaultproject.io/";

···

       38
        
             --prefix PATH ${lib.makeBinPath [ gawk glibc ]}

     

       39
        
         '';

     

       40
        
       

     

       41
       +
         passthru.tests = { inherit (nixosTests) vault vault-postgresql vault-dev vault-agent; };

     

       42
        
       

     

       43
        
         meta = with lib; {

     

       44
        
           homepage = "https://www.vaultproject.io/";