diff options
author | Jacek Galowicz <jacek@galowicz.de> | 2019-10-27 13:53:55 +0100 |
---|---|---|
committer | Jacek Galowicz <jacek.galowicz@cyberus-technology.de> | 2019-11-04 23:51:10 +0100 |
commit | e5ee59626309a3af57fe1befbff75081f942f5e3 (patch) | |
tree | 21f352007766132cfe5081179a78652bdd45512b /nixos/tests/acme.nix | |
parent | d4a5ea5219c548287d0c4f253e9b43b159199244 (diff) |
nixos/acme: Port test to python
Diffstat (limited to 'nixos/tests/acme.nix')
-rw-r--r-- | nixos/tests/acme.nix | 65 |
1 files changed, 35 insertions, 30 deletions
diff --git a/nixos/tests/acme.nix b/nixos/tests/acme.nix index 206d97849f02..6bd315ff1eaa 100644 --- a/nixos/tests/acme.nix +++ b/nixos/tests/acme.nix @@ -1,6 +1,6 @@ let commonConfig = ./common/letsencrypt/common.nix; -in import ./make-test.nix { +in import ./make-test-python.nix { name = "acme"; nodes = rec { @@ -90,39 +90,44 @@ in import ./make-test.nix { newServerSystem = nodes.webserver2.config.system.build.toplevel; switchToNewServer = "${newServerSystem}/bin/switch-to-configuration test"; in - # Note, waitForUnit does not work for oneshot services that do not have RemainAfterExit=true, + # Note, wait_for_unit does not work for oneshot services that do not have RemainAfterExit=true, # this is because a oneshot goes from inactive => activating => inactive, and never # reaches the active state. To work around this, we create some mock target units which # get pulled in by the oneshot units. The target units linger after activation, and hence we # can use them to probe that a oneshot fired. It is a bit ugly, but it is the best we can do '' - $client->start; - $letsencrypt->start; - $acmeStandalone->start; - - $letsencrypt->waitForUnit("default.target"); - $letsencrypt->waitForUnit("pebble.service"); - - subtest "can request certificate with HTTPS-01 challenge", sub { - $acmeStandalone->waitForUnit("default.target"); - $acmeStandalone->succeed("systemctl start acme-standalone.com.service"); - $acmeStandalone->waitForUnit("acme-finished-standalone.com.target"); - }; - - $client->waitForUnit("default.target"); - - $client->succeed('curl https://acme-v02.api.letsencrypt.org:15000/roots/0 > /tmp/ca.crt'); - $client->succeed('curl https://acme-v02.api.letsencrypt.org:15000/intermediate-keys/0 >> /tmp/ca.crt'); - - subtest "Can request certificate for nginx service", sub { - $webserver->waitForUnit("acme-finished-a.example.com.target"); - $client->succeed('curl --cacert /tmp/ca.crt https://a.example.com/ | grep -qF "hello world"'); - }; - - subtest "Can add another certificate for nginx service", sub { - $webserver->succeed("/run/current-system/fine-tune/child-1/bin/switch-to-configuration test"); - $webserver->waitForUnit("acme-finished-b.example.com.target"); - $client->succeed('curl --cacert /tmp/ca.crt https://b.example.com/ | grep -qF "hello world"'); - }; + client.start() + letsencrypt.start() + acmeStandalone.start() + + letsencrypt.wait_for_unit("default.target") + letsencrypt.wait_for_unit("pebble.service") + + with subtest("can request certificate with HTTPS-01 challenge"): + acmeStandalone.wait_for_unit("default.target") + acmeStandalone.succeed("systemctl start acme-standalone.com.service") + acmeStandalone.wait_for_unit("acme-finished-standalone.com.target") + + client.wait_for_unit("default.target") + + client.succeed("curl https://acme-v02.api.letsencrypt.org:15000/roots/0 > /tmp/ca.crt") + client.succeed( + "curl https://acme-v02.api.letsencrypt.org:15000/intermediate-keys/0 >> /tmp/ca.crt" + ) + + with subtest("Can request certificate for nginx service"): + webserver.wait_for_unit("acme-finished-a.example.com.target") + client.succeed( + "curl --cacert /tmp/ca.crt https://a.example.com/ | grep -qF 'hello world'" + ) + + with subtest("Can add another certificate for nginx service"): + webserver.succeed( + "/run/current-system/fine-tune/child-1/bin/switch-to-configuration test" + ) + webserver.wait_for_unit("acme-finished-b.example.com.target") + client.succeed( + "curl --cacert /tmp/ca.crt https://b.example.com/ | grep -qF 'hello world'" + ) ''; } |