2022-01-10 12:46:47 +00:00
|
|
|
{
|
|
|
|
system ? builtins.currentSystem,
|
|
|
|
config ? { },
|
|
|
|
pkgs ? import ../.. { inherit system config; },
|
2023-02-23 18:15:12 +00:00
|
|
|
lib ? pkgs.lib,
|
2022-01-10 12:46:47 +00:00
|
|
|
}:
|
|
|
|
|
|
|
|
with import ../lib/testing-python.nix { inherit system pkgs; };
|
|
|
|
|
|
|
|
let
|
2023-02-23 18:15:12 +00:00
|
|
|
packages = with pkgs; {
|
|
|
|
"default" = teleport;
|
2024-07-04 17:28:15 +00:00
|
|
|
"15" = teleport_15;
|
2022-01-10 12:46:47 +00:00
|
|
|
};
|
|
|
|
|
2023-02-23 18:15:12 +00:00
|
|
|
minimal = package: {
|
2022-01-10 12:46:47 +00:00
|
|
|
services.teleport = {
|
|
|
|
enable = true;
|
2023-02-23 18:15:12 +00:00
|
|
|
inherit package;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
client = package: {
|
|
|
|
services.teleport = {
|
|
|
|
enable = true;
|
|
|
|
inherit package;
|
2022-01-10 12:46:47 +00:00
|
|
|
settings = {
|
|
|
|
teleport = {
|
|
|
|
nodename = "client";
|
|
|
|
advertise_ip = "192.168.1.20";
|
|
|
|
auth_token = "8d1957b2-2ded-40e6-8297-d48156a898a9";
|
|
|
|
auth_servers = [ "192.168.1.10:3025" ];
|
|
|
|
log.severity = "DEBUG";
|
|
|
|
};
|
|
|
|
ssh_service = {
|
|
|
|
enabled = true;
|
|
|
|
labels = {
|
|
|
|
role = "client";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
proxy_service.enabled = false;
|
|
|
|
auth_service.enabled = false;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
networking.interfaces.eth1.ipv4.addresses = [
|
|
|
|
{
|
|
|
|
address = "192.168.1.20";
|
|
|
|
prefixLength = 24;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
2023-02-23 18:15:12 +00:00
|
|
|
server = package: {
|
2022-01-10 12:46:47 +00:00
|
|
|
services.teleport = {
|
|
|
|
enable = true;
|
2023-02-23 18:15:12 +00:00
|
|
|
inherit package;
|
2022-01-10 12:46:47 +00:00
|
|
|
settings = {
|
|
|
|
teleport = {
|
|
|
|
nodename = "server";
|
|
|
|
advertise_ip = "192.168.1.10";
|
|
|
|
};
|
|
|
|
ssh_service.enabled = true;
|
|
|
|
proxy_service.enabled = true;
|
|
|
|
auth_service = {
|
|
|
|
enabled = true;
|
|
|
|
tokens = [ "node:8d1957b2-2ded-40e6-8297-d48156a898a9" ];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
diag.enable = true;
|
|
|
|
insecure.enable = true;
|
|
|
|
};
|
|
|
|
networking = {
|
|
|
|
firewall.allowedTCPPorts = [ 3025 ];
|
|
|
|
interfaces.eth1.ipv4.addresses = [
|
|
|
|
{
|
|
|
|
address = "192.168.1.10";
|
|
|
|
prefixLength = 24;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
in
|
2023-02-23 18:15:12 +00:00
|
|
|
lib.concatMapAttrs (name: package: {
|
|
|
|
"minimal_${name}" = makeTest {
|
|
|
|
# minimal setup should always work
|
|
|
|
name = "teleport-minimal-setup";
|
2023-02-28 11:08:24 +00:00
|
|
|
meta.maintainers = with pkgs.lib.maintainers; [ justinas ];
|
2023-02-23 18:15:12 +00:00
|
|
|
nodes.minimal = minimal package;
|
2022-01-10 12:46:47 +00:00
|
|
|
|
2023-02-23 18:15:12 +00:00
|
|
|
testScript = ''
|
|
|
|
minimal.wait_for_open_port(3025)
|
|
|
|
minimal.wait_for_open_port(3080)
|
|
|
|
minimal.wait_for_open_port(3022)
|
|
|
|
'';
|
|
|
|
};
|
2022-01-10 12:46:47 +00:00
|
|
|
|
2023-02-23 18:15:12 +00:00
|
|
|
"basic_${name}" = makeTest {
|
|
|
|
# basic server and client test
|
|
|
|
name = "teleport-server-client";
|
2023-02-28 11:08:24 +00:00
|
|
|
meta.maintainers = with pkgs.lib.maintainers; [ justinas ];
|
2023-02-23 18:15:12 +00:00
|
|
|
nodes = {
|
|
|
|
server = server package;
|
|
|
|
client = client package;
|
|
|
|
};
|
2022-01-10 12:46:47 +00:00
|
|
|
|
2023-02-23 18:15:12 +00:00
|
|
|
testScript = ''
|
|
|
|
with subtest("teleport ready"):
|
|
|
|
server.wait_for_open_port(3025)
|
|
|
|
client.wait_for_open_port(3022)
|
2022-01-10 12:46:47 +00:00
|
|
|
|
2023-02-23 18:15:12 +00:00
|
|
|
with subtest("check applied configuration"):
|
|
|
|
server.wait_until_succeeds("tctl get nodes --format=json | ${pkgs.jq}/bin/jq -e '.[] | select(.spec.hostname==\"client\") | .metadata.labels.role==\"client\"'")
|
|
|
|
server.wait_for_open_port(3000)
|
|
|
|
client.succeed("journalctl -u teleport.service --grep='DEBU'")
|
|
|
|
server.succeed("journalctl -u teleport.service --grep='Starting teleport in insecure mode.'")
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
}) packages
|