pkg/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2025-12-26 22:24:59 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Nixos tests

Browse source
This commit is contained in:
vdbewout 2023-11-12 14:07:44 +01:00
parent bb33a028f7
commit dfa26814d0
No known key found for this signature in database
GPG key ID: F4756403592D3E9F
4 changed files with 202 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
modules/sops/default.nix
View file

@ -1,4 +1,4 @@
{ config, options, lib, pkgs, ... }:
{ config, lib, pkgs, ... }:
with lib;
@ -197,7 +197,7 @@ in {
type = types.listOf types.path;
default = [];
description = ''
Default sops file used for all secrets.
Default sops files used for all secrets.
'';
};

71
pkgs/sops-install-secrets/nixos-test.nix
View file

@ -377,4 +377,75 @@
inherit pkgs;
inherit (pkgs) system;
};
sops-files-shadowing = makeTest {
name = "sops-files-shadowing";
nodes.machine = {lib,...}:
let
inherit (lib.lists) reverseList;
inherit (lib.modules) mkDefault;
sopsFile = ./test-assets/secrets.yaml;
systemSopsFile = ./test-assets/secrets-system.yaml;
userSopsFile = ./test-assets/secrets-user.yaml;
sopsFiles = [ sopsFile ];
systemSopsFiles = sopsFiles ++ [ systemSopsFile ];
userSopsFiles = systemSopsFiles ++ [ userSopsFile ];
mkSecretConfig = key: sopsFiles: { inherit key sopsFiles; };
in {
imports = [ ../../modules/sops ];
sops = {
age.keyFile = ./test-assets/age-keys.txt;
defaultSopsFile = sopsFile;
secrets.test_key = {};
secrets.test_key_system = mkSecretConfig "test_key" systemSopsFiles;
secrets.test_key_user = mkSecretConfig "test_key" userSopsFiles;
secrets.test_key2_system = mkSecretConfig "test_key2" systemSopsFiles;
secrets.test_key2_user = mkSecretConfig "test_key2" userSopsFiles;
secrets.test_key3_user = mkSecretConfig "test_key3" userSopsFiles;
secrets.test_key3_user_reverse = mkSecretConfig "test_key3" (reverseList userSopsFiles);
secrets.test_key2_user_reverse = mkSecretConfig "test_key2" (reverseList userSopsFiles);
secrets.test_key_user_reverse = mkSecretConfig "test_key" (reverseList userSopsFiles);
secrets.priority_file = {
key = "test_key";
sopsFile = systemSopsFile;
sopsFiles = mkDefault userSopsFiles;
};
secrets.priority_same = {
inherit sopsFile;
key = "nested/test/file";
sopsFiles = [ systemSopsFile userSopsFile ];
};
};
};
testScript = ''
start_all()
machine.succeed("cat /run/secrets/test_key | grep -qw test_value")
machine.succeed("cat /run/secrets/test_key_system | grep -qw test_value_system")
machine.succeed("cat /run/secrets/test_key_user | grep -qw test_value_user")
machine.succeed("cat /run/secrets/test_key2_system | grep -qw test_value2_system")
machine.succeed("cat /run/secrets/test_key2_user | grep -qw test_value2_user")
machine.succeed("cat /run/secrets/test_key3_user | grep -qw test_value3_user")
machine.succeed("cat /run/secrets/test_key3_user_reverse | grep -qw test_value3_user")
machine.succeed("cat /run/secrets/test_key2_user_reverse | grep -qw test_value2_system")
machine.succeed("cat /run/secrets/test_key_user_reverse | grep -qw test_value")
machine.succeed("cat /run/secrets/priority_file | grep -qw test_value_system")
machine.succeed("cat /run/secrets/priority_same | grep -qw 'another value'")
'';
} {
inherit pkgs;
inherit (pkgs) system;
};
}

64
pkgs/sops-install-secrets/test-assets/secrets-system.yaml Normal file
View file

@ -0,0 +1,64 @@
test_key: ENC[AES256_GCM,data:nKT/4vbkpyYUS18rJ4na1pk=,iv:1VwaqxGdrUlquA6pr1yQV4wnq1FPlEhilK9FGPFs8SM=,tag:HUxe8+MUpyQUXuIwR3dxIQ==,type:str]
test_key2: ENC[AES256_GCM,data:IZ3XrdhsMKSAeRBxm1kiHSd+,iv:XGEBYa++pwrp3zQNGFDp7mSpQzZDEYC1oLEJOCnT5Bs=,tag:VuEURKlDst5aKTqmnPksog==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1yt3tfqlfrwdwx0z0ynwplcr6qxcxfaqycuprpmy89nr83ltx74tqdpszlw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQaGJ0ZlFUMXNNSkRYeitS
TVkvU1RacHJIYzdMT1AxaldVRnNIMVVxb1hZCnFOclVlMEdJUDJWMDhaejRkU3hq
Y0tObnZYYnhidTB2Z2p0amhUaTZGeHMKLS0tIERDU3pKb1FwZk44bXBualhnS0Z5
eWlUdXhCZGM2dzcxNEY0MTBwN3prTDgK9Sgzw8IuSnBBLS9cNlh6UnzTraxgrQe6
qo+34EQln2Kty7Ot+8TnYo1X+8xRn3VTsQw8+iVdcr28DI0ltMcFtQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1a8pk4akrdamj7nvqy3zywgtny8dxz7t5xzu7u8v9mhrayp9freqsqatyrs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWVkFidnFPQ0toY0RPeFZN
eCsxSUxlU05LUXJYVWVBb3NTblhKVExsNzN3CjkyWlJFaXE3N1RiaEJ1RjdtZncv
cERvdi9kQ3FYY2l3NmF4SUVzYlJxYUEKLS0tIFNSUzhkV0tDYWFjVUprczVCTS9Y
c3poQXZhSzZvVTY2YmdEVVVaUHVxTVkK7Y/YTczA/T5EmLJNjGkL6bh0eI0xH7aH
sjOdnuQG2vioHBYnsqWmmn0bUvY7y3q0h6y+gMDfmzYIgh6B2spUrA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-12T16:37:17Z"
mac: ENC[AES256_GCM,data:igpv/Z/VWq53sh3A+LqUl8jPOZumm3/0yaj7Tco9nAqzwJ7v/QNgUiCZlFe2tUZXXE/0kH+C990aRU8QqKR0uJJ86Jz0jyRTdHYEqPtWUabAg9kofAsU1tr+qTRJ1dfuYJ+BukF0tLNwFce00th+RRJzCjBncSHnP4go7rELyr0=,iv:reqRxtuXt/wOhDVHoYcjOpmhpTqFzMpqh8C0ZVKTwUI=,tag:F2irgrIq61xXhs4v5Y4img==,type:str]
pgp:
- created_at: "2023-11-12T16:37:09Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQEMA/m6nevQP1fAAQf9HVmJtTe34ameXLpIKgHvUmMLFzarqCTpFx1h4WZo+0Nk
3eHw572Mm0npG5/uRqbff6fdb433dNlJXLF/O3ZFLk30+6cKsWbcDXAlrCC6fug7
UJh3SJ+Vrp+fsPQXF+2JIkz7ktRZAJ1ktKOKh8P6UjJcrVVG0QH/2gx2wjx+0TBZ
Jem+zF+2TSvj/VQPcdfi4eBisyDGUopiSgLlvENNK6h3pStVWqQTMmMVEZw6SGvW
OwqgydTzzgsLsrZOr4RMNd0KOwhFtHZ758OMePoxdmhDMS/n06fia5TlajTidMOT
H5vosuHh3EuEyl+dKX/N2HwYToADCV+MIdMBN3n8JNJeAVJUp1Kxyh0MlMgUm/vk
g83FuYZ8u3F8MaCzk/+XlJUst0iraxPyO0DQpTuYRmtZ1seVAEidWsDmoDzqxq29
S4GigtxlDcAFhzSMuteLjhWPXO5CHOc+h9tPFqAUCQ==
=bj6u
-----END PGP MESSAGE-----
fp: 7FB89715AADA920D65D25E63F9BA9DEBD03F57C0
- created_at: "2023-11-12T16:37:09Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQGMA3ulPRkZxd/UAQwAqqwRqq/9n06pkZQ1TXS/4Y9s5QdoMOOYrlMwGXNIkieR
6u6qAmJhwsEBWp03gfggFnsfAnKH7zXGdNhWumLkWMvX6DldHkv+4jG/mWOqaNUw
wnkJXNpNoff79DIpZlYZkeTLyFU+02wvbSN56WJCXUCzu+07snT8mCFVRRu6+JJH
v3AD+7K/AWsL3NeL8/eijKuse2nMyWfkSQO77lNS65rI+HAEPkPr+AcYmc0qsvk1
nt+f/UwuLzdsx0wiJ/qoO23vpUGekA6f4Pl5sJX2vfIoroet6h/SlMEBFfgN+9uE
kHJvd31p5OWhSxGe1s+gYNpJqkRJlevcZhMw7GRY5wrlxSz+KjUysudSklAdBiDA
C2XvU9GrxKAvWLNZpmPLJgJSeEFdT3GaG0uZdkqXL3ERN+5i4xonLrmipJabLP2r
X2y4lHwTPqnJAAtzkajNbkJECl9HjXimQKIue3Adxdks48b87yn9r4jEFl5Q3jzi
7PJRGSXxXh7IYug9oK8j0lgBR73bXlKg6NoRb60Qf+fNr1C+2/u9/oZHtMVkL9DC
GQgYMcNl/iaXwtMKrXRpXdybJiUaEVDUj1IniOKslkA+SXqYPT/GEgzsZg7N1iNj
T8HB88mqIowz
=+4j5
-----END PGP MESSAGE-----
fp: 2504791468B153B8A3963CC97BA53D1919C5DFD4
unencrypted_suffix: _unencrypted
version: 3.7.3

65
pkgs/sops-install-secrets/test-assets/secrets-user.yaml Normal file
View file

@ -0,0 +1,65 @@
test_key: ENC[AES256_GCM,data:JZ2xgV5SWgDZavBCIcH+,iv:kl6h4EJbivo1wVHqzM8W0vHyf4U+qEYoqH6JXIgYdTw=,tag:z0roNXcgF+dGvv4MMAO2Rw==,type:str]
test_key2: ENC[AES256_GCM,data:E43CtluUaO4EzvWrrbwIWA==,iv:AI3togB1kiYo3VEjEwNyWCWb7XC1nooN3vDj/K9wuNc=,tag:7OYaY/Htw95akdr1klYFWg==,type:str]
test_key3: ENC[AES256_GCM,data:vWP0CpCR6Mh2mcTJBsQmBA==,iv:9iZHc5m89AmfWLKGqw6RHA+M51wclGqcZzVur7ZDk5k=,tag:yfdfW7VS3eptl/YRqn61mg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1yt3tfqlfrwdwx0z0ynwplcr6qxcxfaqycuprpmy89nr83ltx74tqdpszlw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBINGZkWG9TNkk3cTdvc2hh
NFNpbG11TnZjZHRZdFczSTZSRElGcHhkeFZ3CldjMXpjMFdOd1JzemFONmkya2pv
ZGlGN25DZVFpSG9waTkydjJXSUJFRjAKLS0tIFZWblk2cmtRWEdUYXo4REROTVpW
V0M4MjBaYTBrTCtSVXRtNGh0bzNaREUKsbZ9EK24APYCCC63qbI4YsJmkNFH/j88
ROwRAXFqm0SZcwqUU6TbK9ulyyfE9dsWZ8a6Zb3iDFlFVBuEd5Yb7w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1a8pk4akrdamj7nvqy3zywgtny8dxz7t5xzu7u8v9mhrayp9freqsqatyrs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaaXVQeVlFU0trMGROZEdp
Y2xJNzJzWGNFcEtVS1R4ODBIWWk5dkFEeDBVCktrWkFlUkI3eksyVWRmNTcxRWpU
YllzU1NwNHZHWk9oU2FabFFSRnJuY0UKLS0tIDBaUjVaak5qUGNlRHVpSi9HTEFW
OFdHYSsyNGcvSG91dGxFdk1NYmVRSkkKEEqXuDN7gFKwUDY6O9EMbhEzGIY/BfGU
SM435jTAcR76tq10HbgYgBQ2ef2vvUmvkVzHGQV9LsTxMT+11oFSHw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-12T16:44:49Z"
mac: ENC[AES256_GCM,data:auu+8Cs8qRX5OEfCSO0m5U9rEdgKYBWninSVu0H1+VDtGOxjOPhVjAJgIa9wHGbrhp7LoDFymgiGGzbG3H4B/gZAFEhoyYn8VfJOHouT12M6kijtBUAhSqL5csbTMfiZmganvKPYN6PXg7hX2MyjJlFAGLc/Ixte61fKGoExqgA=,iv:P1uCpCO+nqS+dUXhxCcYd/2q0PHVUfbGvYm5PHVrP9s=,tag:yxlNfyTSnM0Wbj95Z/8Ffw==,type:str]
pgp:
- created_at: "2023-11-12T16:41:00Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQEMA/m6nevQP1fAAQf/XVOr/ZOZo/b5lDJ7EIeRgwejwtJLGToF6xXM0jcZvlsB
1Vk2tuzOpAGpO8JpaTzZj0n4Da8+XXpEqLqeGFBsjPni+W0ErlYR/exIVFBZyCVM
gVFnjoAsiR7z+Y+ovYx1VBVpfav3GXXNkPOWNOQlXAhoS9Rxv04AU8XBBy5Hk5kH
is+eM9U+iVxlZfEGW3nAylSieMQdEjWG3MM8KgWr4SLSSLY+sAhiM6QwSDF0wkkn
mLcFJ4CwbWiZIa0995lbhIusTko+DJfdYB6b6e7yxftMySKskTKp0fRh6eagpLhC
oXca0MSIhdWUbgcB4MnWdXl6fGYL7YnTgwOg50ETdNJeAf6p+u/uBElu0Ym94ZRf
/DHrY/rRMx6xNtUCwxAI4ekmi/gXky9/lteZtkW87nXGaYweeQECfbDFWtNczbpn
mfQzF/LrdlaIMEyMGpLow7AgakEuIPXyH5f9hgz9IA==
=NPJP
-----END PGP MESSAGE-----
fp: 7FB89715AADA920D65D25E63F9BA9DEBD03F57C0
- created_at: "2023-11-12T16:41:00Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQGMA3ulPRkZxd/UAQv/UWnL12QFkO1EDguYrLyzq50qAc9wtWJvYP8SS4CP/k1t
ii0cSteyxbiPnYAFFRsiW3KDfkVIOl24+qKihmOcsq+uL90VxweGHJbZwwdNLU5v
YD+bbvfAN1iO2eY0ipTL1gNSu0zl4s8bZaTaYBIBhwTMXNWLfz7CHMU2yJ1g5sWK
oZjGYkleq76zUmhDpzKONivYQiN+UayZ5XqEavdVc5omUlM26hO6jgDUxYua7Wjf
m5cDyPHLzO04d91z0hLxYl5dfK93R2/1dicFmh0yin/nyxbqGBKUAoYdpYAhuI9M
JnKgeEx1mNZnCJdXSJouAA9FakTIkkbOPr45ik087VQ8AdY/c7Ao8SGB2W2kOPqt
+G2r5GBeO/0XH7FUIAcvekOHrjPV16aQpZCouJsFOUMtXi5lnViWhyVPPxERAzIL
sCN2AHI/aFXycPEXSnwoCMvW+3KOihLDxBUPK45Pjc7HfiOPDeWCva6BhG5gFQkT
sJ2B0yeaJoNlQO2bG+AJ0lgBW4s+Q0rtoSRj52cCnVj4zlgjrArPje/aU8pj0w5k
aSl1OoqsD1a5A7vkldmVgec9rWhByRDEnHke00OhmOcPDm6hv0fROwa5qls9RhR0
Gs6FXl5y3Cz7
=yMyb
-----END PGP MESSAGE-----
fp: 2504791468B153B8A3963CC97BA53D1919C5DFD4
unencrypted_suffix: _unencrypted
version: 3.7.3