nixos/acme: Port test to python

nixos/tests/acme.nix

@@ -1,6 +1,6 @@
 let
   commonConfig = ./common/letsencrypt/common.nix;
-in import ./make-test.nix {
+in import ./make-test-python.nix {
   name = "acme";
 
   nodes = rec {
@@ -90,39 +90,44 @@ in import ./make-test.nix {
       newServerSystem = nodes.webserver2.config.system.build.toplevel;
       switchToNewServer = "${newServerSystem}/bin/switch-to-configuration test";
     in
-    # Note, waitForUnit does not work for oneshot services that do not have RemainAfterExit=true,
+    # Note, wait_for_unit does not work for oneshot services that do not have RemainAfterExit=true,
     # this is because a oneshot goes from inactive => activating => inactive, and never
     # reaches the active state. To work around this, we create some mock target units which
     # get pulled in by the oneshot units. The target units linger after activation, and hence we
     # can use them to probe that a oneshot fired. It is a bit ugly, but it is the best we can do
     ''
-      $client->start;
+      client.start()
-      $letsencrypt->start;
+      letsencrypt.start()
-      $acmeStandalone->start;
+      acmeStandalone.start()
 
-      $letsencrypt->waitForUnit("default.target");
+      letsencrypt.wait_for_unit("default.target")
-      $letsencrypt->waitForUnit("pebble.service");
+      letsencrypt.wait_for_unit("pebble.service")
 
-      subtest "can request certificate with HTTPS-01 challenge", sub {
+      with subtest("can request certificate with HTTPS-01 challenge"):
-        $acmeStandalone->waitForUnit("default.target");
+          acmeStandalone.wait_for_unit("default.target")
-        $acmeStandalone->succeed("systemctl start acme-standalone.com.service");
+          acmeStandalone.succeed("systemctl start acme-standalone.com.service")
-        $acmeStandalone->waitForUnit("acme-finished-standalone.com.target");
+          acmeStandalone.wait_for_unit("acme-finished-standalone.com.target")
-      };
 
-      $client->waitForUnit("default.target");
+      client.wait_for_unit("default.target")
 
-      $client->succeed('curl https://acme-v02.api.letsencrypt.org:15000/roots/0 > /tmp/ca.crt');
+      client.succeed("curl https://acme-v02.api.letsencrypt.org:15000/roots/0 > /tmp/ca.crt")
-      $client->succeed('curl https://acme-v02.api.letsencrypt.org:15000/intermediate-keys/0 >> /tmp/ca.crt');
+      client.succeed(
+          "curl https://acme-v02.api.letsencrypt.org:15000/intermediate-keys/0 >> /tmp/ca.crt"
+      )
 
-      subtest "Can request certificate for nginx service", sub {
+      with subtest("Can request certificate for nginx service"):
-        $webserver->waitForUnit("acme-finished-a.example.com.target");
+          webserver.wait_for_unit("acme-finished-a.example.com.target")
-        $client->succeed('curl --cacert /tmp/ca.crt https://a.example.com/ | grep -qF "hello world"');
+          client.succeed(
-      };
+              "curl --cacert /tmp/ca.crt https://a.example.com/ | grep -qF 'hello world'"
+          )
 
-      subtest "Can add another certificate for nginx service", sub {
+      with subtest("Can add another certificate for nginx service"):
-        $webserver->succeed("/run/current-system/fine-tune/child-1/bin/switch-to-configuration test");
+          webserver.succeed(
-        $webserver->waitForUnit("acme-finished-b.example.com.target");
+              "/run/current-system/fine-tune/child-1/bin/switch-to-configuration test"
-        $client->succeed('curl --cacert /tmp/ca.crt https://b.example.com/ | grep -qF "hello world"');
+          )
-      };
+          webserver.wait_for_unit("acme-finished-b.example.com.target")
+          client.succeed(
+              "curl --cacert /tmp/ca.crt https://b.example.com/ | grep -qF 'hello world'"
+          )
     '';
 }