diff options
| author | Jan Hrnko <jan.hrnko@satoshilabs.com> | 2019-11-09 19:35:48 +0100 |
|---|---|---|
| committer | Florian Klink <flokli@flokli.de> | 2019-11-22 20:38:56 +0100 |
| commit | 541e2ca6d341f1571b8f57aff42dad641eae8cac (patch) | |
| tree | c6f10f8d76bf2fcc4964a1f8ec7937f2796d9163 /nixos/tests/firewall.nix | |
| parent | 05163ec981edbac6a1337feaa54e78a453e32094 (diff) | |
| download | nixpkgs-541e2ca6d341f1571b8f57aff42dad641eae8cac.tar nixpkgs-541e2ca6d341f1571b8f57aff42dad641eae8cac.tar.gz nixpkgs-541e2ca6d341f1571b8f57aff42dad641eae8cac.tar.bz2 nixpkgs-541e2ca6d341f1571b8f57aff42dad641eae8cac.tar.lz nixpkgs-541e2ca6d341f1571b8f57aff42dad641eae8cac.tar.xz nixpkgs-541e2ca6d341f1571b8f57aff42dad641eae8cac.tar.zst nixpkgs-541e2ca6d341f1571b8f57aff42dad641eae8cac.zip | |
nixos/firewall: port test to python
Diffstat (limited to 'nixos/tests/firewall.nix')
| -rw-r--r-- | nixos/tests/firewall.nix | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/nixos/tests/firewall.nix b/nixos/tests/firewall.nix index fcf758910e0..09a1fef852e 100644 --- a/nixos/tests/firewall.nix +++ b/nixos/tests/firewall.nix @@ -1,6 +1,6 @@ # Test the firewall module. -import ./make-test.nix ( { pkgs, ... } : { +import ./make-test-python.nix ( { pkgs, ... } : { name = "firewall"; meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ eelco ]; @@ -36,30 +36,30 @@ import ./make-test.nix ( { pkgs, ... } : { testScript = { nodes, ... }: let newSystem = nodes.walled2.config.system.build.toplevel; in '' - $walled->start; - $attacker->start; + start_all() - $walled->waitForUnit("firewall"); - $walled->waitForUnit("httpd"); - $attacker->waitForUnit("network.target"); + walled.wait_for_unit("firewall") + walled.wait_for_unit("httpd") + attacker.wait_for_unit("network.target") # Local connections should still work. - $walled->succeed("curl -v http://localhost/ >&2"); + walled.succeed("curl -v http://localhost/ >&2") # Connections to the firewalled machine should fail, but ping should succeed. - $attacker->fail("curl --fail --connect-timeout 2 http://walled/ >&2"); - $attacker->succeed("ping -c 1 walled >&2"); + attacker.fail("curl --fail --connect-timeout 2 http://walled/ >&2") + attacker.succeed("ping -c 1 walled >&2") # Outgoing connections/pings should still work. - $walled->succeed("curl -v http://attacker/ >&2"); - $walled->succeed("ping -c 1 attacker >&2"); + walled.succeed("curl -v http://attacker/ >&2") + walled.succeed("ping -c 1 attacker >&2") # If we stop the firewall, then connections should succeed. - $walled->stopJob("firewall"); - $attacker->succeed("curl -v http://walled/ >&2"); + walled.stop_job("firewall") + attacker.succeed("curl -v http://walled/ >&2") # Check whether activation of a new configuration reloads the firewall. - $walled->succeed("${newSystem}/bin/switch-to-configuration test 2>&1" . - " | grep -qF firewall.service"); + walled.succeed( + "${newSystem}/bin/switch-to-configuration test 2>&1 | grep -qF firewall.service" + ) ''; }) |