diff options
| author | Robert Hensing <robert@roberthensing.nl> | 2022-09-23 14:39:06 +0100 |
|---|---|---|
| committer | Manuel Bärenz <programming@manuelbaerenz.de> | 2022-09-28 13:41:42 +0200 |
| commit | 9480b59b457af0143f6b02ccc3271380d780c8dc (patch) | |
| tree | 763aeb331984eba011e028b6dbe9ef3a252d4afe | |
| parent | f201ee917db8607ce1168900bc1bd5165618c31b (diff) | |
| download | nixpkgs-9480b59b457af0143f6b02ccc3271380d780c8dc.tar nixpkgs-9480b59b457af0143f6b02ccc3271380d780c8dc.tar.gz nixpkgs-9480b59b457af0143f6b02ccc3271380d780c8dc.tar.bz2 nixpkgs-9480b59b457af0143f6b02ccc3271380d780c8dc.tar.lz nixpkgs-9480b59b457af0143f6b02ccc3271380d780c8dc.tar.xz nixpkgs-9480b59b457af0143f6b02ccc3271380d780c8dc.tar.zst nixpkgs-9480b59b457af0143f6b02ccc3271380d780c8dc.zip | |
nixosTests.rabbitmq: Test config decryption (fails)
| -rw-r--r-- | nixos/tests/rabbitmq.nix | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/nixos/tests/rabbitmq.nix b/nixos/tests/rabbitmq.nix index f8e8e61c47d..040679e68d9 100644 --- a/nixos/tests/rabbitmq.nix +++ b/nixos/tests/rabbitmq.nix @@ -1,6 +1,12 @@ # This test runs rabbitmq and checks if rabbitmq is up and running. -import ./make-test-python.nix ({ pkgs, ... }: { +import ./make-test-python.nix ({ pkgs, ... }: +let + # in real life, you would keep this out of your repo and deploy it to a safe + # location using safe means. + configKeyPath = pkgs.writeText "fake-config-key" "hOjWzSEn2Z7cHzKOcf6i183O2NdjurSuoMDIIv01"; +in +{ name = "rabbitmq"; meta = with pkgs.lib.maintainers; { maintainers = [ eelco offline ]; @@ -10,6 +16,29 @@ import ./make-test-python.nix ({ pkgs, ... }: { services.rabbitmq = { enable = true; managementPlugin.enable = true; + + # To encrypt: + # rabbitmqctl --quiet encode --cipher blowfish_cfb64 --hash sha256 \ + # --iterations 10000 '<<"dJT8isYu6t0Xb6u56rPglSj1vK51SlNVlXfwsRxw">>' \ + # "hOjWzSEn2Z7cHzKOcf6i183O2NdjurSuoMDIIv01" ; + config = '' + [ { rabbit + , [ {default_user, <<"alice">>} + , { default_pass + , {encrypted,<<"oKKxyTze9PYmsEfl6FG1MxIUhxY7WPQL7HBoMPRC/1ZOdOZbtr9+DxjWW3e1D5SL48n3D9QOsGD0cOgYG7Qdvb7Txrepw8w=">>} + } + , {config_entry_decoder + , [ {passphrase, {file, <<"${configKeyPath}">>}} + , {cipher, blowfish_cfb64} + , {hash, sha256} + , {iterations, 10000} + ] + } + % , {rabbitmq_management, [{path_prefix, "/_queues"}]} + ] + } + ]. + ''; }; # Ensure there is sufficient extra disk space for rabbitmq to be happy virtualisation.diskSize = 1024; @@ -23,5 +52,10 @@ import ./make-test-python.nix ({ pkgs, ... }: { 'su -s ${pkgs.runtimeShell} rabbitmq -c "rabbitmqctl status"' ) machine.wait_for_open_port(15672) + + # The password is the plaintext that was encrypted with rabbitmqctl encode above. + machine.wait_until_succeeds( + '${pkgs.rabbitmq-java-client}/bin/PerfTest --time 10 --uri amqp://alice:dJT8isYu6t0Xb6u56rPglSj1vK51SlNVlXfwsRxw@localhost' + ) ''; }) |