summary refs log tree commit diff
path: root/nixos/tests/google-oslogin/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/tests/google-oslogin/default.nix')
-rw-r--r--nixos/tests/google-oslogin/default.nix74
1 files changed, 0 insertions, 74 deletions
diff --git a/nixos/tests/google-oslogin/default.nix b/nixos/tests/google-oslogin/default.nix
deleted file mode 100644
index 72c87d7153b..00000000000
--- a/nixos/tests/google-oslogin/default.nix
+++ /dev/null
@@ -1,74 +0,0 @@
-import ../make-test-python.nix ({ pkgs, ... } :
-let
-  inherit (import ./../ssh-keys.nix pkgs)
-    snakeOilPrivateKey snakeOilPublicKey;
-
-    # don't check host keys or known hosts, use the snakeoil ssh key
-    ssh-config = builtins.toFile "ssh.conf" ''
-      UserKnownHostsFile=/dev/null
-      StrictHostKeyChecking=no
-      IdentityFile=~/.ssh/id_snakeoil
-    '';
-in {
-  name = "google-oslogin";
-  meta = with pkgs.lib.maintainers; {
-    maintainers = [ adisbladis flokli ];
-  };
-
-  nodes = {
-    # the server provides both the the mocked google metadata server and the ssh server
-    server = (import ./server.nix pkgs);
-
-    client = { ... }: {};
-  };
-  testScript =  ''
-    MOCKUSER = "mockuser_nixos_org"
-    MOCKADMIN = "mockadmin_nixos_org"
-    start_all()
-
-    server.wait_for_unit("mock-google-metadata.service")
-    server.wait_for_open_port(80)
-
-    # mockserver should return a non-expired ssh key for both mockuser and mockadmin
-    server.succeed(
-        f'${pkgs.google-guest-oslogin}/bin/google_authorized_keys {MOCKUSER} | grep -q "${snakeOilPublicKey}"'
-    )
-    server.succeed(
-        f'${pkgs.google-guest-oslogin}/bin/google_authorized_keys {MOCKADMIN} | grep -q "${snakeOilPublicKey}"'
-    )
-
-    # install snakeoil ssh key on the client, and provision .ssh/config file
-    client.succeed("mkdir -p ~/.ssh")
-    client.succeed(
-        "cat ${snakeOilPrivateKey} > ~/.ssh/id_snakeoil"
-    )
-    client.succeed("chmod 600 ~/.ssh/id_snakeoil")
-    client.succeed("cp ${ssh-config} ~/.ssh/config")
-
-    client.wait_for_unit("network.target")
-    server.wait_for_unit("sshd.service")
-
-    # we should not be able to connect as non-existing user
-    client.fail("ssh ghost@server 'true'")
-
-    # we should be able to connect as mockuser
-    client.succeed(f"ssh {MOCKUSER}@server 'true'")
-    # but we shouldn't be able to sudo
-    client.fail(
-        f"ssh {MOCKUSER}@server '/run/wrappers/bin/sudo /run/current-system/sw/bin/id' | grep -q 'root'"
-    )
-
-    # we should also be able to log in as mockadmin
-    client.succeed(f"ssh {MOCKADMIN}@server 'true'")
-    # pam_oslogin_admin.so should now have generated a sudoers file
-    server.succeed(
-        f"find /run/google-sudoers.d | grep -q '/run/google-sudoers.d/{MOCKADMIN}'"
-    )
-
-    # and we should be able to sudo
-    client.succeed(
-        f"ssh {MOCKADMIN}@server '/run/wrappers/bin/sudo /run/current-system/sw/bin/id' | grep -q 'root'"
-    )
-  '';
-  })
-
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-29 01:50:02 +0000