selfhostblocks/modules/contracts/secret/test.nix

{ pkgs, lib, ... }:
let
  pkgs' = pkgs;

  testLib = pkgs.callPackage ../../../test/common.nix {};

  inherit (lib) getAttrFromPath setAttrByPath;
  inherit (lib) mkIf;
in
  { name,
    configRoot,
    createContent, # config to create a secret with value "secretA".
    modules ? [],
    owner ? "root",
    group ? "root",
    mode ? "0400",
    restartUnits ? [ "myunit.service" ],
  }: pkgs.testers.runNixOSTest {
    name = "secret_${name}_${owner}_${group}_${mode}";

    nodes.machine = { config, ... }: {
      imports = ( testLib.baseImports pkgs' ) ++ modules;
      config = lib.mkMerge [
        (setAttrByPath configRoot {
          A = {
            inherit owner group mode restartUnits;
          } // createContent;
        })
        (mkIf (owner != "root") {
          users.users.${owner}.isNormalUser = true;
        })
        (mkIf (group != "root") {
          users.groups.${group} = {};
        })
      ];
    };

    testScript = { nodes, ... }:
      let
        cfg = (getAttrFromPath configRoot nodes.machine)."A";
      in
        ''
          owner = machine.succeed("stat -c '%U' ${cfg.path}").strip()
          print(f"Got owner {owner}")
          if owner != "${owner}":
              raise Exception(f"Owner should be '${owner}' but got '{owner}'")

          group = machine.succeed("stat -c '%G' ${cfg.path}").strip()
          print(f"Got group {group}")
          if group != "${group}":
              raise Exception(f"Group should be '${group}' but got '{group}'")

          mode = str(int(machine.succeed("stat -c '%a' ${cfg.path}").strip()))
          print(f"Got mode {mode}")
          wantedMode = str(int("${mode}"))
          if mode != wantedMode:
              raise Exception(f"Mode should be '{wantedMode}' but got '{mode}'")

          content = machine.succeed("cat ${cfg.path}").strip()
          print(f"Got content {content}")
          if content != "secretA":
              raise Exception(f"Content should be 'secretA' but got '{content}'")
        '';
}
add contract test for secret contract 2024-10-21 12:03:40 +02:00			`{ pkgs, lib, ... }:`
			`let`
			`pkgs' = pkgs;`

			`testLib = pkgs.callPackage ../../../test/common.nix {};`

			`inherit (lib) getAttrFromPath setAttrByPath;`
			`inherit (lib) mkIf;`
			`in`
			`{ name,`
			`configRoot,`
			`createContent, # config to create a secret with value "secretA".`
			`modules ? [],`
			`owner ? "root",`
			`group ? "root",`
			`mode ? "0400",`
			`restartUnits ? [ "myunit.service" ],`
			`}: pkgs.testers.runNixOSTest {`
			`name = "secret_${name}_${owner}_${group}_${mode}";`

			`nodes.machine = { config, ... }: {`
			`imports = ( testLib.baseImports pkgs' ) ++ modules;`
			`config = lib.mkMerge [`
			`(setAttrByPath configRoot {`
			`A = {`
			`inherit owner group mode restartUnits;`
			`} // createContent;`
			`})`
			`(mkIf (owner != "root") {`
			`users.users.${owner}.isNormalUser = true;`
			`})`
			`(mkIf (group != "root") {`
			`users.groups.${group} = {};`
			`})`
			`];`
			`};`

			`testScript = { nodes, ... }:`
			`let`
			`cfg = (getAttrFromPath configRoot nodes.machine)."A";`
			`in`
			`''`
			`owner = machine.succeed("stat -c '%U' ${cfg.path}").strip()`
			`print(f"Got owner {owner}")`
			`if owner != "${owner}":`
			`raise Exception(f"Owner should be '${owner}' but got '{owner}'")`

			`group = machine.succeed("stat -c '%G' ${cfg.path}").strip()`
			`print(f"Got group {group}")`
			`if group != "${group}":`
			`raise Exception(f"Group should be '${group}' but got '{group}'")`

			`mode = str(int(machine.succeed("stat -c '%a' ${cfg.path}").strip()))`
			`print(f"Got mode {mode}")`
			`wantedMode = str(int("${mode}"))`
			`if mode != wantedMode:`
			`raise Exception(f"Mode should be '{wantedMode}' but got '{mode}'")`

			`content = machine.succeed("cat ${cfg.path}").strip()`
			`print(f"Got content {content}")`
			`if content != "secretA":`
			`raise Exception(f"Content should be 'secretA' but got '{content}'")`
			`'';`
			`}`