nathan/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2026-06-05 21:03:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

nixos/utils: add regressions tests to genJqSecretsReplacement

Browse Source
This commit is contained in:
ibizaman
2026-03-02 21:00:42 +01:00
parent 0d64c7f2c9
commit 15c8fb2585
3 changed files with 183 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
nixos/tests/all-tests.nix
View File

@@ -1698,6 +1698,7 @@ in
userborn-mutable-users = runTest ./userborn-mutable-users.nix;
userborn-static = runTest ./userborn-static.nix;
ustreamer = runTest ./ustreamer.nix;
utils = import ./utils { inherit runTest; };
uwsgi = runTest ./uwsgi.nix;
v2ray = runTest ./v2ray.nix;
varnish60 = runTest {

5
nixos/tests/utils/default.nix Normal file
View File

@@ -0,0 +1,5 @@
{ runTest }:
{
genJqSecretsReplacement = runTest ./genJqSecretsReplacement.nix;
}

177
nixos/tests/utils/genJqSecretsReplacement.nix Normal file
View File

@@ -0,0 +1,177 @@
{ lib, pkgs, ... }:
let
secretA = pkgs.writeText "secretA" "AAAAA";
secretJSON = pkgs.writeText "secretA" (
builtins.toJSON [
{ "a" = "topsecretpassword1234"; }
{ "b" = "topsecretpassword5678"; }
]
);
tests = {
simple = {
set = {
example = [
{
irrelevant = "not interesting";
}
{
ignored = "ignored attr";
relevant = {
secret = {
_secret = secretA;
};
};
}
];
};
expect = {
example = [
{
irrelevant = "not interesting";
}
{
ignored = "ignored attr";
relevant = {
secret = "AAAAA";
};
}
];
};
};
structured = {
set = {
example = [
{
irrelevant = "not interesting";
}
{
ignored = "ignored attr";
relevant = {
secret = {
_secret = secretJSON;
quote = false;
};
};
}
];
};
expect = {
example = [
{
irrelevant = "not interesting";
}
{
ignored = "ignored attr";
relevant = {
secret = [
{ "a" = "topsecretpassword1234"; }
{ "b" = "topsecretpassword5678"; }
];
};
}
];
};
};
loadCredentials = {
set = {
example = [
{
irrelevant = "not interesting";
}
{
ignored = "ignored attr";
relevant = {
secret = {
_secret = secretJSON;
quote = false;
};
};
}
];
};
opts = {
loadCredential = true;
};
expect = {
example = [
{
irrelevant = "not interesting";
}
{
ignored = "ignored attr";
relevant = {
secret = [
{ "a" = "topsecretpassword1234"; }
{ "b" = "topsecretpassword5678"; }
];
};
}
];
};
};
};
in
{
name = "utils-genJqSecretsReplacement";
meta.maintainers = [ pkgs.lib.maintainers.ibizaman ];
nodes.machine =
{ lib, utils, ... }:
let
secretsReplacements = lib.mapAttrs (
name: test:
(utils.genJqSecretsReplacement (test.opts or { }) test.set "/var/lib/genJqTest-${name}/file")
) tests;
in
{
systemd.services = lib.mapAttrs' (
name: secretsReplacement:
lib.nameValuePair "genJqTest-${name}" {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
LoadCredential = secretsReplacement.credentials;
};
script = "echo 'Done generating files'";
preStart = ''
mkdir -p /var/lib/genJqTest-${name}
''
+ secretsReplacement.script;
}
) secretsReplacements;
};
testScript = ''
import json
machine.start()
''
+ lib.concatStringsSep "\n" (
lib.mapAttrsToList (
name: test:
let
expect = pkgs.writeText "expect" (builtins.toJSON test.expect);
in
''
with subtest("${name}"):
machine.wait_for_unit("genJqTest-${name}.service")
gotRaw = machine.succeed("cat /var/lib/genJqTest-${name}/file")
try:
got = json.loads(gotRaw)
except Exception:
print(f"raw file: {gotRaw}")
raise
print(got)
with open("${expect}", "r") as file:
expect = json.loads(file.read())
if got != expect:
raise Exception(f"Unexpected file:\ngot={got}\n!=\nexpect={expect}")
''
) tests
);
}