From e90b3366a7ba34b5e6e6cd57449f242836244166 Mon Sep 17 00:00:00 2001
From: Florian Sesser <florian@private.storage>
Date: Mon, 30 Aug 2021 21:24:01 +0000
Subject: [PATCH] Add system tests for issuer metrics accessibility

---
 nixos/modules/tests/private-storage.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/nixos/modules/tests/private-storage.nix b/nixos/modules/tests/private-storage.nix
index 59c572fa..b8f645dc 100644
--- a/nixos/modules/tests/private-storage.nix
+++ b/nixos/modules/tests/private-storage.nix
@@ -294,5 +294,14 @@ in {
       code, log = client.execute('cat /tmp/stdout /tmp/stderr')
       client.log(log)
       raise
+
+    # The issuer metrics should be accessible from the monitoring network.
+    issuer.execute('ifconfig lo:fauxvpn 172.23.23.2/24')
+    issuer.wait_until_succeeds("nc -z 172.23.23.2 80")
+    issuer.succeed('curl --silent --insecure --fail --output /dev/null http://172.23.23.2/metrics')
+    # The issuer metrics should NOT be accessible from any other network.
+    issuer.fail('curl --silent --insecure --fail --output /dev/null http://localhost/metrics')
+    client.fail('curl --silent --insecure --fail --output /dev/null http://issuer/metrics')
+    issuer.execute('ifconfig lo:fauxvpn down')
   '';
 }
-- 
GitLab