vuls: init at 0.27.0
[NixPkgs.git] / nixos / tests / vault-agent.nix
blobdc86c829b67af9e5bd4148bb853847aaeeb0dd7c
1 import ./make-test-python.nix ({ pkgs, ... }: {
2   name = "vault-agent";
4   nodes.machine = { config, pkgs, ... }: {
5     services.vault-agent.instances.example.settings = {
6       vault.address = config.environment.variables.VAULT_ADDR;
8       auto_auth = [{
9         method = [{
10           type = "token_file";
11           config.token_file_path = pkgs.writeText "vault-token" config.environment.variables.VAULT_TOKEN;
12         }];
13       }];
15       template = [{
16         contents = ''
17           {{- with secret "secret/example" }}
18           {{ .Data.data.key }}"
19           {{- end }}
20         '';
21         perms = "0600";
22         destination = "/example";
23       }];
24     };
26     services.vault = {
27       enable = true;
28       dev = true;
29       devRootTokenID = config.environment.variables.VAULT_TOKEN;
30     };
32     environment = {
33       systemPackages = [ pkgs.vault ];
34       variables = {
35         VAULT_ADDR = "http://localhost:8200";
36         VAULT_TOKEN = "root";
37       };
38     };
39   };
41   testScript = ''
42     machine.wait_for_unit("vault.service")
43     machine.wait_for_open_port(8200)
45     machine.wait_until_succeeds('vault kv put secret/example key=example')
47     machine.wait_for_unit("vault-agent-example.service")
49     machine.wait_for_file("/example")
50     machine.succeed('grep "example" /example')
51   '';