talexander/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

nixosTests.cfssl: handleTest -> runTest

Browse Source
This commit is contained in:
Sizhe Zhao 2025-06-07 19:40:09 +08:00
parent 4633acf70e
commit 1fe7725039
No known key found for this signature in database
GPG Key ID: ED1807251A7DA08F
2 changed files with 83 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/tests/all-tests.nix
View File

@ -306,7 +306,7 @@ in
"x86_64-linux"
] ./ceph-single-node-bluestore-dmcrypt.nix;
certmgr = import ./certmgr.nix { inherit pkgs runTest; };
cfssl = handleTestOn [ "aarch64-linux" "x86_64-linux" ] ./cfssl.nix { };
cfssl = runTestOn [ "aarch64-linux" "x86_64-linux" ] ./cfssl.nix;
cgit = runTest ./cgit.nix;
charliecloud = runTest ./charliecloud.nix;
chromadb = runTest ./chromadb.nix;

166
nixos/tests/cfssl.nix
View File

@ -1,89 +1,87 @@
import ./make-test-python.nix (
{ pkgs, ... }:
{
name = "cfssl";
{ pkgs, ... }:
{
name = "cfssl";
nodes.machine =
{
config,
lib,
pkgs,
...
}:
{
networking.firewall.allowedTCPPorts = [ config.services.cfssl.port ];
nodes.machine =
{
config,
lib,
pkgs,
...
}:
{
networking.firewall.allowedTCPPorts = [ config.services.cfssl.port ];
services.cfssl.enable = true;
systemd.services.cfssl.after = [ "cfssl-init.service" ];
services.cfssl.enable = true;
systemd.services.cfssl.after = [ "cfssl-init.service" ];
systemd.services.cfssl-init = {
description = "Initialize the cfssl CA";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "cfssl";
Type = "oneshot";
WorkingDirectory = config.services.cfssl.dataDir;
};
script = with pkgs; ''
${cfssl}/bin/cfssl genkey -initca ${
pkgs.writeText "ca.json" (
builtins.toJSON {
hosts = [ "ca.example.com" ];
key = {
algo = "rsa";
size = 4096;
};
names = [
{
C = "US";
L = "San Francisco";
O = "Internet Widgets, LLC";
OU = "Certificate Authority";
ST = "California";
}
];
}
)
} | ${cfssl}/bin/cfssljson -bare ca
'';
systemd.services.cfssl-init = {
description = "Initialize the cfssl CA";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "cfssl";
Type = "oneshot";
WorkingDirectory = config.services.cfssl.dataDir;
};
};
testScript =
let
cfsslrequest =
with pkgs;
writeScript "cfsslrequest" ''
curl -f -X POST -H "Content-Type: application/json" -d @${csr} \
http://localhost:8888/api/v1/cfssl/newkey | ${cfssl}/bin/cfssljson /tmp/certificate
'';
csr = pkgs.writeText "csr.json" (
builtins.toJSON {
CN = "www.example.com";
hosts = [
"example.com"
"www.example.com"
];
key = {
algo = "rsa";
size = 2048;
};
names = [
{
C = "US";
L = "San Francisco";
O = "Example Company, LLC";
OU = "Operations";
ST = "California";
script = with pkgs; ''
${cfssl}/bin/cfssl genkey -initca ${
pkgs.writeText "ca.json" (
builtins.toJSON {
hosts = [ "ca.example.com" ];
key = {
algo = "rsa";
size = 4096;
};
names = [
{
C = "US";
L = "San Francisco";
O = "Internet Widgets, LLC";
OU = "Certificate Authority";
ST = "California";
}
];
}
];
}
);
in
''
machine.wait_for_unit("cfssl.service")
machine.wait_until_succeeds("${cfsslrequest}")
machine.succeed("ls /tmp/certificate-key.pem")
'';
}
)
)
} | ${cfssl}/bin/cfssljson -bare ca
'';
};
};
testScript =
let
cfsslrequest =
with pkgs;
writeScript "cfsslrequest" ''
curl -f -X POST -H "Content-Type: application/json" -d @${csr} \
http://localhost:8888/api/v1/cfssl/newkey | ${cfssl}/bin/cfssljson /tmp/certificate
'';
csr = pkgs.writeText "csr.json" (
builtins.toJSON {
CN = "www.example.com";
hosts = [
"example.com"
"www.example.com"
];
key = {
algo = "rsa";
size = 2048;
};
names = [
{
C = "US";
L = "San Francisco";
O = "Example Company, LLC";
OU = "Operations";
ST = "California";
}
];
}
);
in
''
machine.wait_for_unit("cfssl.service")
machine.wait_until_succeeds("${cfsslrequest}")
machine.succeed("ls /tmp/certificate-key.pem")
'';
}