nixos/tests/teleport: init

This commit is contained in:
Yurii Matsiuk 2022-01-10 13:46:47 +01:00
parent d811a6ea73
commit 77b442226d
No known key found for this signature in database
GPG Key ID: 61302290298601AA
2 changed files with 100 additions and 0 deletions

View File

@ -471,6 +471,7 @@ in
systemd-unit-path = handleTest ./systemd-unit-path.nix {};
taskserver = handleTest ./taskserver.nix {};
telegraf = handleTest ./telegraf.nix {};
teleport = handleTest ./teleport.nix {};
tiddlywiki = handleTest ./tiddlywiki.nix {};
tigervnc = handleTest ./tigervnc.nix {};
timezone = handleTest ./timezone.nix {};

99
nixos/tests/teleport.nix Normal file
View File

@ -0,0 +1,99 @@
{ system ? builtins.currentSystem
, config ? { }
, pkgs ? import ../.. { inherit system config; }
}:
with import ../lib/testing-python.nix { inherit system pkgs; };
let
minimal = { config, ... }: {
services.teleport.enable = true;
};
client = { config, ... }: {
services.teleport = {
enable = true;
settings = {
teleport = {
nodename = "client";
advertise_ip = "192.168.1.20";
auth_token = "8d1957b2-2ded-40e6-8297-d48156a898a9";
auth_servers = [ "192.168.1.10:3025" ];
log.severity = "DEBUG";
};
ssh_service = {
enabled = true;
labels = {
role = "client";
};
};
proxy_service.enabled = false;
auth_service.enabled = false;
};
};
networking.interfaces.eth1.ipv4.addresses = [{
address = "192.168.1.20";
prefixLength = 24;
}];
};
server = { config, ... }: {
services.teleport = {
enable = true;
settings = {
teleport = {
nodename = "server";
advertise_ip = "192.168.1.10";
};
ssh_service.enabled = true;
proxy_service.enabled = true;
auth_service = {
enabled = true;
tokens = [ "node:8d1957b2-2ded-40e6-8297-d48156a898a9" ];
};
};
diag.enable = true;
insecure.enable = true;
};
networking = {
firewall.allowedTCPPorts = [ 3025 ];
interfaces.eth1.ipv4.addresses = [{
address = "192.168.1.10";
prefixLength = 24;
}];
};
};
in
{
minimal = makeTest {
# minimal setup should always work
name = "teleport-minimal-setup";
meta.maintainers = with pkgs.lib.maintainers; [ ymatsiuk ];
nodes = { inherit minimal; };
testScript = ''
minimal.wait_for_open_port("3025")
minimal.wait_for_open_port("3080")
minimal.wait_for_open_port("3022")
'';
};
basic = makeTest {
# basic server and client test
name = "teleport-server-client";
meta.maintainers = with pkgs.lib.maintainers; [ ymatsiuk ];
nodes = { inherit server client; };
testScript = ''
with subtest("teleport ready"):
server.wait_for_open_port("3025")
client.wait_for_open_port("3022")
with subtest("check applied configuration"):
server.wait_until_succeeds("tctl get nodes --format=json | ${pkgs.jq}/bin/jq -e '.[] | select(.spec.hostname==\"client\") | .metadata.labels.role==\"client\"'")
server.wait_for_open_port("3000")
client.succeed("journalctl -u teleport.service --grep='DEBU'")
server.succeed("journalctl -u teleport.service --grep='Starting teleport in insecure mode.'")
'';
};
}