mirrors/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2024-12-14 11:57:52 +00:00
Code Activity

Reuse the existing nixpkgs instance for the tests instead of re-importing it (#611)

Browse source 
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
This commit is contained in:
Ramses 2024-09-01 16:30:42 +02:00 committed by GitHub
parent 2acfc17e8c
commit 5db5921e40
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 17 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
pkgs/sops-install-secrets/default.nix
View file

@ -1,4 +1,4 @@
{ lib, buildGoModule, path, pkgs, vendorHash, go }:
{ lib, buildGoModule, stdenv, vendorHash, go, callPackages }:
buildGoModule {
pname = "sops-install-secrets";
version = "0.0.1";
@ -10,17 +10,14 @@ buildGoModule {
# requires root privileges for tests
doCheck = false;
passthru.tests = import ./nixos-test.nix {
makeTest = import (path + "/nixos/tests/make-test-python.nix");
inherit pkgs;
};
passthru.tests = callPackages ./nixos-test.nix { };
outputs = [ "out" ] ++
pkgs.lib.lists.optionals (pkgs.stdenv.isLinux) [ "unittest" ];
lib.lists.optionals (stdenv.isLinux) [ "unittest" ];
postInstall = ''
go test -c ./pkgs/sops-install-secrets
'' + pkgs.lib.optionalString (pkgs.stdenv.isLinux) ''
'' + lib.optionalString (stdenv.isLinux) ''
# *.test is only tested on linux. $unittest does not exist on darwin.
install -D ./sops-install-secrets.test $unittest/bin/sops-install-secrets.test
# newer versions of nixpkgs no longer require this step

51
pkgs/sops-install-secrets/nixos-test.nix
View file

@ -1,7 +1,6 @@
{ makeTest ? import <nixpkgs/nixos/tests/make-test-python.nix>
, pkgs ? (import <nixpkgs> { }) }:
{ lib, testers }:
let
userPasswordTest = name: extraConfig: makeTest {
userPasswordTest = name: extraConfig: testers.runNixOSTest {
inherit name;
nodes.machine = { config, lib, ... }: {
imports = [
@ -32,17 +31,14 @@ let
machine.succeed("cat /run/secrets-for-users/test_key | grep -q 'test_value'") # the user password still exists
# BUG in nixos's overlayfs... systemd crashes on switch-to-configuration test
'' + pkgs.lib.optionalString (!(extraConfig ? system.etc.overlay.enable)) ''
'' + lib.optionalString (!(extraConfig ? system.etc.overlay.enable)) ''
machine.succeed("/run/current-system/bin/switch-to-configuration test")
machine.succeed("cat /run/secrets/nested/test/file | grep -q 'another value'") # the regular secrets still work after a switch
machine.succeed("cat /run/secrets-for-users/test_key | grep -q 'test_value'") # the user password is still present after a switch
'';
} {
inherit pkgs;
inherit (pkgs) system;
};
in {
ssh-keys = makeTest {
ssh-keys = testers.runNixOSTest {
name = "sops-ssh-keys";
nodes.server = { ... }: {
imports = [ ../../modules/sops ];
@ -60,12 +56,9 @@ in {
start_all()
server.succeed("cat /run/secrets/test_key | grep -q test_value")
'';
} {
inherit pkgs;
inherit (pkgs) system;
};
pruning = makeTest {
pruning = testers.runNixOSTest {
name = "sops-pruning";
nodes.machine = { lib, ... }: {
imports = [ ../../modules/sops ];
@ -107,12 +100,9 @@ in {
machine.succeed("test -d /run/secrets.d/92")
machine.succeed("test -d /run/secrets.d/non-numeric")
'';
} {
inherit pkgs;
inherit (pkgs) system;
};
age-keys = makeTest {
age-keys = testers.runNixOSTest {
name = "sops-age-keys";
nodes.machine = { lib, ... }: {
imports = [ ../../modules/sops ];
@ -133,12 +123,9 @@ in {
start_all()
machine.succeed("cat /run/secrets/test_key | grep -q test_value")
'';
} {
inherit pkgs;
inherit (pkgs) system;
};
age-ssh-keys = makeTest {
age-ssh-keys = testers.runNixOSTest {
name = "sops-age-ssh-keys";
nodes.machine = {
imports = [ ../../modules/sops ];
@ -162,12 +149,9 @@ in {
start_all()
machine.succeed("cat /run/secrets/test_key | grep -q test_value")
'';
} {
inherit pkgs;
inherit (pkgs) system;
};
pgp-keys = makeTest {
pgp-keys = testers.runNixOSTest {
name = "sops-pgp-keys";
nodes.server = { pkgs, lib, config, ... }: {
imports = [ ../../modules/sops ];
@ -218,12 +202,9 @@ in {
target = server.succeed("readlink -f /run/existing-file")
assertEqual("/run/secrets.d/1/existing-file", target.strip())
'';
} {
inherit pkgs;
inherit (pkgs) system;
};
templates = makeTest {
templates = testers.runNixOSTest {
name = "sops-templates";
nodes.machine = { config, lib, ... }: {
imports = [ ../../modules/sops ];
@ -282,12 +263,9 @@ in {
if rendered.strip() != expected.strip() or rendered_default.strip() != expected_default.strip():
raise Exception("Template is not rendered correctly")
'';
} {
inherit pkgs;
inherit (pkgs) system;
};
restart-and-reload = makeTest {
restart-and-reload = testers.runNixOSTest {
name = "sops-restart-and-reload";
nodes.machine = { pkgs, lib, config, ... }: {
imports = [ ../../modules/sops ];
@ -399,9 +377,6 @@ in {
machine.fail("test -f /restarted") # not done in dry mode
machine.fail("test -f /reloaded") # not done in dry mode
'';
} {
inherit pkgs;
inherit (pkgs) system;
};
user-passwords = userPasswordTest "sops-user-passwords" {
@ -411,8 +386,8 @@ in {
chmod -R 700 /run/age-keys.txt
'';
};
} // pkgs.lib.optionalAttrs (pkgs.lib.versionAtLeast (pkgs.lib.versions.majorMinor pkgs.lib.version) "24.05") {
user-passwords-sysusers = userPasswordTest "sops-user-passwords-sysusers" {
} // lib.optionalAttrs (lib.versionAtLeast (lib.versions.majorMinor lib.version) "24.05") {
user-passwords-sysusers = userPasswordTest "sops-user-passwords-sysusers" ({ pkgs, ... }: {
systemd.sysusers.enable = true;
users.mutableUsers = true;
system.etc.overlay.enable = true;
@ -424,5 +399,5 @@ in {
printf '${builtins.readFile ./test-assets/age-keys.txt}' > /run/age-keys.txt
chmod -R 700 /run/age-keys.txt
'';
};
});
}