From 9b8812794b8c489ddb7756a7993affcef7fdd36f Mon Sep 17 00:00:00 2001
From: nicoo <nicoo@mur.at>
Date: Sun, 24 Dec 2023 15:50:12 +0000
Subject: [PATCH] nixosTests.ssh-agent-auth: Test both `sudo` and `sudo-rs`

---
 nixos/tests/ssh-agent-auth.nix | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/nixos/tests/ssh-agent-auth.nix b/nixos/tests/ssh-agent-auth.nix
index 2233ce0b3279..2274e463ce95 100644
--- a/nixos/tests/ssh-agent-auth.nix
+++ b/nixos/tests/ssh-agent-auth.nix
@@ -5,7 +5,7 @@ import ./make-test-python.nix ({ lib, pkgs, ... }:
     name = "ssh-agent-auth";
     meta.maintainers = with lib.maintainers; [ nicoo ];
 
-    nodes.sudoVM = { lib, ... }: {
+    nodes = let nodeConfig = n: { ... }: {
       users.users = {
         admin = {
           isNormalUser = true;
@@ -16,7 +16,7 @@ import ./make-test-python.nix ({ lib, pkgs, ... }:
       };
 
       security.pam.enableSSHAgentAuth = true;
-      security.sudo = {
+      security.${lib.replaceStrings [ "_" ] [ "-" ] n} = {
         enable = true;
         wheelNeedsPassword = true;  # We are checking `pam_ssh_agent_auth(8)` works for a sudoer
       };
@@ -24,6 +24,7 @@ import ./make-test-python.nix ({ lib, pkgs, ... }:
       # Necessary for pam_ssh_agent_auth  >_>'
       services.openssh.enable = true;
     };
+    in lib.genAttrs [ "sudo" "sudo_rs" ] nodeConfig;
 
     testScript = let
       privateKeyPath = "/home/admin/.ssh/id_ecdsa";
@@ -36,13 +37,15 @@ import ./make-test-python.nix ({ lib, pkgs, ... }:
         ${lib.getExe pkgs.faketty} sudo -u foo -- id -un
       '';
     in ''
-      sudoVM.copy_from_host("${snakeOilPrivateKey}", "${privateKeyPath}")
-      sudoVM.succeed("chmod -R 0700 /home/admin")
-      sudoVM.succeed("chown -R admin:users /home/admin")
+      for vm in (sudo, sudo_rs):
+        sudo_impl = vm.name.replace("_", "-")
+        with subtest(f"wheel user can auth with ssh-agent for {sudo_impl}"):
+            vm.copy_from_host("${snakeOilPrivateKey}", "${privateKeyPath}")
+            vm.succeed("chmod -R 0700 /home/admin")
+            vm.succeed("chown -R admin:users /home/admin")
 
-      with subtest("sudoer can auth through pam_ssh_agent_auth(8)"):
-          # Run `userScript` in an environment with an SSH-agent available
-          assert sudoVM.succeed("sudo -u admin -- ssh-agent ${userScript} 2>&1").strip() == "foo"
+            # Run `userScript` in an environment with an SSH-agent available
+            assert vm.succeed("sudo -u admin -- ssh-agent ${userScript} 2>&1").strip() == "foo"
     '';
   }
 )