tests/openssh: tidy up tests (41911ed9) · Commits · nix / nixpkgs

nixos/tests/openssh.nix

+19 −17

Original line number	Diff line number	Diff line
		@@ -22,6 +22,19 @@ in {
		];
		};

		server-allowed-users =
		{ ... }:

		{
		services.openssh = { enable = true; settings.AllowUsers = [ "alice" "bob" ]; };
		users.groups = { alice = { }; bob = { }; carol = { }; };
		users.users = {
		alice = { isNormalUser = true; group = "alice"; openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; };
		bob = { isNormalUser = true; group = "bob"; openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; };
		carol = { isNormalUser = true; group = "carol"; openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; };
		};
		};

		server-lazy =
		{ ... }:

		@@ -95,19 +108,6 @@ in {
		};
		};

		server_allowedusers =
		{ ... }:

		{
		services.openssh = { enable = true; settings.AllowUsers = [ "alice" "bob" ]; };
		users.groups = { alice = { }; bob = { }; carol = { }; };
		users.users = {
		alice = { isNormalUser = true; group = "alice"; openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; };
		bob = { isNormalUser = true; group = "bob"; openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; };
		carol = { isNormalUser = true; group = "carol"; openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; };
		};
		};

		client =
		{ ... }: {
		virtualisation.vlans = [ 1 2 ];
		@@ -119,6 +119,7 @@ in {
		start_all()

		server.wait_for_unit("sshd", timeout=30)
		server_allowed_users.wait_for_unit("sshd", timeout=30)
		server_localhost_only.wait_for_unit("sshd", timeout=30)
		server_match_rule.wait_for_unit("sshd", timeout=30)

		@@ -166,8 +167,9 @@ in {
		"cat ${snakeOilPrivateKey} > privkey.snakeoil"
		)
		client.succeed("chmod 600 privkey.snakeoil")
		# The final segment in this IP is allocated according to the alphabetical order of machines in this test.
		client.succeed(
		"ssh -p 2222 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil root@192.168.2.4 true",
		"ssh -p 2222 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil root@192.168.2.5 true",
		timeout=30
		)

		@@ -198,15 +200,15 @@ in {
		)
		client.succeed("chmod 600 privkey.snakeoil")
		client.succeed(
		"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil alice@server_allowedusers true",
		"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil alice@server-allowed-users true",
		timeout=30
		)
		client.succeed(
		"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil bob@server_allowedusers true",
		"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil bob@server-allowed-users true",
		timeout=30
		)
		client.fail(
		"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil carol@server_allowedusers true",
		"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil carol@server-allowed-users true",
		timeout=30
		)
		'';