nixpkgs/nixos/tests/vault-agent.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

53 lines
1.3 KiB
Nix
Raw Normal View History

2023-04-25 15:58:30 +02:00
import ./make-test-python.nix ({ pkgs, ... }: {
name = "vault-agent";
nodes.machine = { config, pkgs, ... }: {
services.vault-agent.instances.example.settings = {
vault.address = config.environment.variables.VAULT_ADDR;
auto_auth = [{
method = [{
type = "token_file";
config.token_file_path = pkgs.writeText "vault-token" config.environment.variables.VAULT_TOKEN;
}];
}];
template = [{
contents = ''
{{- with secret "secret/example" }}
{{ .Data.data.key }}"
{{- end }}
'';
perms = "0600";
destination = "/example";
}];
};
services.vault = {
enable = true;
dev = true;
devRootTokenID = config.environment.variables.VAULT_TOKEN;
};
environment = {
systemPackages = [ pkgs.vault ];
variables = {
VAULT_ADDR = "http://localhost:8200";
VAULT_TOKEN = "root";
};
};
};
testScript = ''
machine.wait_for_unit("vault.service")
machine.wait_for_open_port(8200)
machine.wait_until_succeeds('vault kv put secret/example key=example')
machine.wait_for_unit("vault-agent-example.service")
machine.wait_for_file("/example")
machine.succeed('grep "example" /example')
'';
})