nixos/tests/kanidm: bind certs path to fix ofborg tests

provision # [ 8.223448] (kanidmd)[819]: kanidm.service: Failed to set up mount namespacing: /ofborg/checkout/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/ofborg-evaluator-1/nixos/tests/common/acme/server: No such file or directory
2024-08-22 10:08:17 -04:00 · 2024-08-22 10:08:17 -04:00 · b93f6e4acd
commit b93f6e4acd
parent e78f80bc6b
2 changed files with 18 additions and 4 deletions
--- a/nixos/tests/kanidm-provisioning.nix
+++ b/nixos/tests/kanidm-provisioning.nix
@ -4,6 +4,13 @@ import ./make-test-python.nix (
    certs = import ./common/acme/server/snakeoil-certs.nix;
    serverDomain = certs.domain;

+    # copy certs to store to work around mount namespacing
+    certsPath = pkgs.runCommandNoCC "snakeoil-certs" { } ''
+      mkdir $out
+      cp ${certs."${serverDomain}".cert} $out/snakeoil.crt
+      cp ${certs."${serverDomain}".key} $out/snakeoil.key
+    '';
+
    provisionAdminPassword = "very-strong-password-for-admin";
    provisionIdmAdminPassword = "very-strong-password-for-idm-admin";
    provisionIdmAdminPassword2 = "very-strong-alternative-password-for-idm-admin";
@ -23,8 +30,8 @@ import ./make-test-python.nix (
            domain = serverDomain;
            bindaddress = "[::]:443";
            ldapbindaddress = "[::1]:636";
-            tls_chain = certs."${serverDomain}".cert;
-            tls_key = certs."${serverDomain}".key;
+            tls_chain = "${certsPath}/snakeoil.crt";
+            tls_key = "${certsPath}/snakeoil.key";
          };
          # So we can check whether provisioning did what we wanted
          enableClient = true;
--- a/nixos/tests/kanidm.nix
+++ b/nixos/tests/kanidm.nix
@ -6,6 +6,13 @@ import ./make-test-python.nix ({ pkgs, ... }:
    testCredentials = {
      password = "Password1_cZPEwpCWvrReripJmAZdmVIZd8HHoHcl";
    };
+
+    # copy certs to store to work around mount namespacing
+    certsPath = pkgs.runCommandNoCC "snakeoil-certs" { } ''
+      mkdir $out
+      cp ${certs."${serverDomain}".cert} $out/snakeoil.crt
+      cp ${certs."${serverDomain}".key} $out/snakeoil.key
+    '';
  in
  {
    name = "kanidm";
@ -19,8 +26,8 @@ import ./make-test-python.nix ({ pkgs, ... }:
          domain = serverDomain;
          bindaddress = "[::]:443";
          ldapbindaddress = "[::1]:636";
-          tls_chain = certs."${serverDomain}".cert;
-          tls_key = certs."${serverDomain}".key;
+          tls_chain = "${certsPath}/snakeoil.crt";
+          tls_key = "${certsPath}/snakeoil.key";
        };
      };