diff options
| author | Florian Klink <flokli@flokli.de> | 2020-04-01 16:21:38 +0200 |
|---|---|---|
| committer | Florian Klink <flokli@flokli.de> | 2020-04-29 14:36:35 +0200 |
| commit | 21da5c4f6f8a63475545751aee53552ee9bc72eb (patch) | |
| tree | 2b10dd2a68143f266c1592e85f4394e3d52abc32 /nixos/tests/google-oslogin/default.nix | |
| parent | f38e45c2e0ea15c1882308299fbe24f6c46b8243 (diff) | |
| download | nixpkgs-21da5c4f6f8a63475545751aee53552ee9bc72eb.tar nixpkgs-21da5c4f6f8a63475545751aee53552ee9bc72eb.tar.gz nixpkgs-21da5c4f6f8a63475545751aee53552ee9bc72eb.tar.bz2 nixpkgs-21da5c4f6f8a63475545751aee53552ee9bc72eb.tar.lz nixpkgs-21da5c4f6f8a63475545751aee53552ee9bc72eb.tar.xz nixpkgs-21da5c4f6f8a63475545751aee53552ee9bc72eb.tar.zst nixpkgs-21da5c4f6f8a63475545751aee53552ee9bc72eb.zip | |
nixos/oslogin: put mockuser and mockadmin in constants, rename
This allows us to change them easily without search/replacing. Afterwards, we rename them to look a bit more like they are on GCP.
Diffstat (limited to 'nixos/tests/google-oslogin/default.nix')
| -rw-r--r-- | nixos/tests/google-oslogin/default.nix | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/nixos/tests/google-oslogin/default.nix b/nixos/tests/google-oslogin/default.nix index 1977e92e987..97783c81f39 100644 --- a/nixos/tests/google-oslogin/default.nix +++ b/nixos/tests/google-oslogin/default.nix @@ -22,6 +22,8 @@ in { client = { ... }: {}; }; testScript = '' + MOCKUSER = "mockuser_nixos_org" + MOCKADMIN = "mockadmin_nixos_org" start_all() server.wait_for_unit("mock-google-metadata.service") @@ -29,10 +31,10 @@ in { # mockserver should return a non-expired ssh key for both mockuser and mockadmin server.succeed( - '${pkgs.google-compute-engine-oslogin}/bin/google_authorized_keys mockuser | grep -q "${snakeOilPublicKey}"' + f'${pkgs.google-compute-engine-oslogin}/bin/google_authorized_keys {MOCKUSER} | grep -q "${snakeOilPublicKey}"' ) server.succeed( - '${pkgs.google-compute-engine-oslogin}/bin/google_authorized_keys mockadmin | grep -q "${snakeOilPublicKey}"' + f'${pkgs.google-compute-engine-oslogin}/bin/google_authorized_keys {MOCKADMIN} | grep -q "${snakeOilPublicKey}"' ) # install snakeoil ssh key on the client, and provision .ssh/config file @@ -50,20 +52,22 @@ in { client.fail("ssh ghost@server 'true'") # we should be able to connect as mockuser - client.succeed("ssh mockuser@server 'true'") + client.succeed(f"ssh {MOCKUSER}@server 'true'") # but we shouldn't be able to sudo client.fail( - "ssh mockuser@server '/run/wrappers/bin/sudo /run/current-system/sw/bin/id' | grep -q 'root'" + f"ssh {MOCKUSER}@server '/run/wrappers/bin/sudo /run/current-system/sw/bin/id' | grep -q 'root'" ) # we should also be able to log in as mockadmin - client.succeed("ssh mockadmin@server 'true'") + client.succeed(f"ssh {MOCKADMIN}@server 'true'") # pam_oslogin_admin.so should now have generated a sudoers file - server.succeed("find /run/google-sudoers.d | grep -q '/run/google-sudoers.d/mockadmin'") + server.succeed( + f"find /run/google-sudoers.d | grep -q '/run/google-sudoers.d/{MOCKADMIN}'" + ) # and we should be able to sudo client.succeed( - "ssh mockadmin@server '/run/wrappers/bin/sudo /run/current-system/sw/bin/id' | grep -q 'root'" + f"ssh {MOCKADMIN}@server '/run/wrappers/bin/sudo /run/current-system/sw/bin/id' | grep -q 'root'" ) ''; }) |