depot/nixos/tests/teleport.nix

116 lines
3 KiB
Nix
Raw Normal View History

{ system ? builtins.currentSystem
, config ? { }
, pkgs ? import ../.. { inherit system config; }
, lib ? pkgs.lib
}:
with import ../lib/testing-python.nix { inherit system pkgs; };
let
packages = with pkgs; {
"default" = teleport;
"15" = teleport_15;
};
minimal = package: {
services.teleport = {
enable = true;
inherit package;
};
};
client = package: {
services.teleport = {
enable = true;
inherit package;
settings = {
teleport = {
nodename = "client";
advertise_ip = "192.168.1.20";
auth_token = "8d1957b2-2ded-40e6-8297-d48156a898a9";
auth_servers = [ "192.168.1.10:3025" ];
log.severity = "DEBUG";
};
ssh_service = {
enabled = true;
labels = {
role = "client";
};
};
proxy_service.enabled = false;
auth_service.enabled = false;
};
};
networking.interfaces.eth1.ipv4.addresses = [{
address = "192.168.1.20";
prefixLength = 24;
}];
};
server = package: {
services.teleport = {
enable = true;
inherit package;
settings = {
teleport = {
nodename = "server";
advertise_ip = "192.168.1.10";
};
ssh_service.enabled = true;
proxy_service.enabled = true;
auth_service = {
enabled = true;
tokens = [ "node:8d1957b2-2ded-40e6-8297-d48156a898a9" ];
};
};
diag.enable = true;
insecure.enable = true;
};
networking = {
firewall.allowedTCPPorts = [ 3025 ];
interfaces.eth1.ipv4.addresses = [{
address = "192.168.1.10";
prefixLength = 24;
}];
};
};
in
lib.concatMapAttrs
(name: package: {
"minimal_${name}" = makeTest {
# minimal setup should always work
name = "teleport-minimal-setup";
meta.maintainers = with pkgs.lib.maintainers; [ justinas ];
nodes.minimal = minimal package;
testScript = ''
minimal.wait_for_open_port(3025)
minimal.wait_for_open_port(3080)
minimal.wait_for_open_port(3022)
'';
};
"basic_${name}" = makeTest {
# basic server and client test
name = "teleport-server-client";
meta.maintainers = with pkgs.lib.maintainers; [ justinas ];
nodes = {
server = server package;
client = client package;
};
testScript = ''
with subtest("teleport ready"):
server.wait_for_open_port(3025)
client.wait_for_open_port(3022)
with subtest("check applied configuration"):
server.wait_until_succeeds("tctl get nodes --format=json | ${pkgs.jq}/bin/jq -e '.[] | select(.spec.hostname==\"client\") | .metadata.labels.role==\"client\"'")
server.wait_for_open_port(3000)
client.succeed("journalctl -u teleport.service --grep='DEBU'")
server.succeed("journalctl -u teleport.service --grep='Starting teleport in insecure mode.'")
'';
};
})
packages