diff options
| author | Alyssa Ross <hi@alyssa.is> | 2020-01-11 23:37:02 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2020-01-11 23:41:30 +0000 |
| commit | 6c557e3f1c28cf87e9fba232811d6875dd1399c1 (patch) | |
| tree | 035a071d5d8980df6de0fa42e2ef8fc0cce7055e /nixpkgs/nixos/tests/firewall.nix | |
| parent | da7500bc026e937ac7fce7b50f67a0e1765737a7 (diff) | |
| parent | e4134747f5666bcab8680aff67fa3b63384f9a0f (diff) | |
| download | nixlib-6c557e3f1c28cf87e9fba232811d6875dd1399c1.tar nixlib-6c557e3f1c28cf87e9fba232811d6875dd1399c1.tar.gz nixlib-6c557e3f1c28cf87e9fba232811d6875dd1399c1.tar.bz2 nixlib-6c557e3f1c28cf87e9fba232811d6875dd1399c1.tar.lz nixlib-6c557e3f1c28cf87e9fba232811d6875dd1399c1.tar.xz nixlib-6c557e3f1c28cf87e9fba232811d6875dd1399c1.tar.zst nixlib-6c557e3f1c28cf87e9fba232811d6875dd1399c1.zip | |
Merge commit 'e4134747f5666bcab8680aff67fa3b63384f9a0f'
Diffstat (limited to 'nixpkgs/nixos/tests/firewall.nix')
| -rw-r--r-- | nixpkgs/nixos/tests/firewall.nix | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/nixpkgs/nixos/tests/firewall.nix b/nixpkgs/nixos/tests/firewall.nix index fcf758910e00..09a1fef852e6 100644 --- a/nixpkgs/nixos/tests/firewall.nix +++ b/nixpkgs/nixos/tests/firewall.nix @@ -1,6 +1,6 @@ # Test the firewall module. -import ./make-test.nix ( { pkgs, ... } : { +import ./make-test-python.nix ( { pkgs, ... } : { name = "firewall"; meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ eelco ]; @@ -36,30 +36,30 @@ import ./make-test.nix ( { pkgs, ... } : { testScript = { nodes, ... }: let newSystem = nodes.walled2.config.system.build.toplevel; in '' - $walled->start; - $attacker->start; + start_all() - $walled->waitForUnit("firewall"); - $walled->waitForUnit("httpd"); - $attacker->waitForUnit("network.target"); + walled.wait_for_unit("firewall") + walled.wait_for_unit("httpd") + attacker.wait_for_unit("network.target") # Local connections should still work. - $walled->succeed("curl -v http://localhost/ >&2"); + walled.succeed("curl -v http://localhost/ >&2") # Connections to the firewalled machine should fail, but ping should succeed. - $attacker->fail("curl --fail --connect-timeout 2 http://walled/ >&2"); - $attacker->succeed("ping -c 1 walled >&2"); + attacker.fail("curl --fail --connect-timeout 2 http://walled/ >&2") + attacker.succeed("ping -c 1 walled >&2") # Outgoing connections/pings should still work. - $walled->succeed("curl -v http://attacker/ >&2"); - $walled->succeed("ping -c 1 attacker >&2"); + walled.succeed("curl -v http://attacker/ >&2") + walled.succeed("ping -c 1 attacker >&2") # If we stop the firewall, then connections should succeed. - $walled->stopJob("firewall"); - $attacker->succeed("curl -v http://walled/ >&2"); + walled.stop_job("firewall") + attacker.succeed("curl -v http://walled/ >&2") # Check whether activation of a new configuration reloads the firewall. - $walled->succeed("${newSystem}/bin/switch-to-configuration test 2>&1" . - " | grep -qF firewall.service"); + walled.succeed( + "${newSystem}/bin/switch-to-configuration test 2>&1 | grep -qF firewall.service" + ) ''; }) |