mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-15 14:26:33 +01:00
53 lines
1.3 KiB
Nix
53 lines
1.3 KiB
Nix
|
import ./make-test-python.nix ({ pkgs, ... }: {
|
||
|
name = "vault-agent";
|
||
|
|
||
|
nodes.machine = { config, pkgs, ... }: {
|
||
|
services.vault-agent.instances.example.settings = {
|
||
|
vault.address = config.environment.variables.VAULT_ADDR;
|
||
|
|
||
|
auto_auth = [{
|
||
|
method = [{
|
||
|
type = "token_file";
|
||
|
config.token_file_path = pkgs.writeText "vault-token" config.environment.variables.VAULT_TOKEN;
|
||
|
}];
|
||
|
}];
|
||
|
|
||
|
template = [{
|
||
|
contents = ''
|
||
|
{{- with secret "secret/example" }}
|
||
|
{{ .Data.data.key }}"
|
||
|
{{- end }}
|
||
|
'';
|
||
|
perms = "0600";
|
||
|
destination = "/example";
|
||
|
}];
|
||
|
};
|
||
|
|
||
|
services.vault = {
|
||
|
enable = true;
|
||
|
dev = true;
|
||
|
devRootTokenID = config.environment.variables.VAULT_TOKEN;
|
||
|
};
|
||
|
|
||
|
environment = {
|
||
|
systemPackages = [ pkgs.vault ];
|
||
|
variables = {
|
||
|
VAULT_ADDR = "http://localhost:8200";
|
||
|
VAULT_TOKEN = "root";
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
|
||
|
testScript = ''
|
||
|
machine.wait_for_unit("vault.service")
|
||
|
machine.wait_for_open_port(8200)
|
||
|
|
||
|
machine.wait_until_succeeds('vault kv put secret/example key=example')
|
||
|
|
||
|
machine.wait_for_unit("vault-agent-example.service")
|
||
|
|
||
|
machine.wait_for_file("/example")
|
||
|
machine.succeed('grep "example" /example')
|
||
|
'';
|
||
|
})
|