test: also test nspawn system→service inheritance of creds

diff --git a/test/TEST-54-CREDS/test.sh b/test/TEST-54-CREDS/test.sh
index 3689be42032845678a00d5b09b6707fe3d7f7feb..d045d2391f2881fc3ffbaecfb3eb884d40814839 100755 (executable)
--- a/test/TEST-54-CREDS/test.sh
+++ b/test/TEST-54-CREDS/test.sh
@@ -3,6 +3,7 @@
 set -e
 
 TEST_DESCRIPTION="test credentials"
+NSPAWN_ARGUMENTS="--set-credential=mynspawncredential:strangevalue"
 
 # shellcheck source=test/test-functions
 . "${TEST_BASE_DIR:?}/test-functions"

diff --git a/test/units/testsuite-54.sh b/test/units/testsuite-54.sh
index 15b0d5c2db1ba637efda0b0b2ae233a1bcd20d16..bf43205cbd2782ab41e6db5e96137c6c145865f4 100755 (executable)
--- a/test/units/testsuite-54.sh
+++ b/test/units/testsuite-54.sh
@@ -22,6 +22,20 @@ echo piff > /tmp/ts54-fallback
 rm /tmp/ts54-fallback
 [ "$(systemd-run -p LoadCredential=paff:/tmp/ts54-fallback -p SetCredential=paff:poff --pipe --wait systemd-creds cat paff)" = "poff" ]
 
+if systemd-detect-virt -q -c ; then
+    # If this test is run in nspawn a credential should have been passed to us. See test/TEST-54-CREDS/test.sh
+    [ "$(systemd-creds --system cat mynspawncredential)" = "strangevalue" ]
+
+    # Test that propagation from system credential to service credential works
+    [ "$(systemd-run -p LoadCredential=mynspawncredential --pipe --wait systemd-creds cat mynspawncredential)" = "strangevalue" ]
+
+    # Check it also works, if we rename it while propagating it
+    [ "$(systemd-run -p LoadCredential=miau:mynspawncredential --pipe --wait systemd-creds cat miau)" = "strangevalue" ]
+
+    # Combine it with a fallback (which should have no effect, given the cred should be passed down)
+    [ "$(systemd-run -p LoadCredential=mynspawncredential -p SetCredential=mynspawncredential:zzz --pipe --wait systemd-creds cat mynspawncredential)" = "strangevalue" ]
+fi
+
 # Verify that the creds are immutable
 systemd-run -p LoadCredential=passwd:/etc/passwd \
             -p DynamicUser=1 \