From e5e1cfd7146c2d0a52fbe2d1bef1d21b41db0dea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Thu, 3 Nov 2022 10:31:14 +0100
Subject: [PATCH] test that also the service main process can read updated
 secrets

---
 nix/checks/systemd-vaultd-test.nix | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/nix/checks/systemd-vaultd-test.nix b/nix/checks/systemd-vaultd-test.nix
index 0f4f758..5ef7c83 100644
--- a/nix/checks/systemd-vaultd-test.nix
+++ b/nix/checks/systemd-vaultd-test.nix
@@ -36,12 +36,13 @@
     systemd.services.service2 = {
       wantedBy = ["multi-user.target"];
       script = ''
-        cat $CREDENTIALS_DIRECTORY/secret > /tmp/service2
-        sleep infinity
-      '';
-      reload = ''
-        cat $CREDENTIALS_DIRECTORY/secret > /tmp/service2-reload
+        set -x
+        while true; do
+          cat $CREDENTIALS_DIRECTORY/secret > /tmp/service2
+          sleep 0.1
+        done
       '';
+      serviceConfig.ExecReload = "${pkgs.coreutils}/bin/true";
       serviceConfig.LoadCredential = ["secret:/run/systemd-vaultd/sock"];
       vault = {
         template = ''
@@ -109,7 +110,9 @@
     machine.succeed("systemctl restart vault-agent-default")
     machine.wait_until_succeeds("cat /run/systemd-vaultd/secrets/service2.service.json >&2")
     machine.succeed("systemctl reload service2")
-    out = machine.wait_until_succeeds("cat /tmp/service2-reload")
+
+    machine.succeed("rm /tmp/service2")
+    out = machine.wait_until_succeeds("cat /tmp/service2")
     print(out)
     assert out == "reload", f"{out} != reload"
   '';