56 lines
1.8 KiB
Nix
56 lines
1.8 KiB
Nix
|
{
|
||
|
lib,
|
||
|
}:
|
||
|
{
|
||
|
accessScript = {
|
||
|
fqdn
|
||
|
, hasSSL
|
||
|
, waitForServices ? s: []
|
||
|
, waitForPorts ? p: []
|
||
|
, waitForUnixSocket ? u: []
|
||
|
, extraScript ? {...}: ""
|
||
|
}: { nodes, ... }:
|
||
|
let
|
||
|
proto_fqdn = if hasSSL args then "https://${fqdn}" else "http://${fqdn}";
|
||
|
|
||
|
args = {
|
||
|
node.name = "server";
|
||
|
node.config = nodes.server;
|
||
|
inherit proto_fqdn;
|
||
|
};
|
||
|
in
|
||
|
''
|
||
|
import json
|
||
|
import os
|
||
|
import pathlib
|
||
|
|
||
|
start_all()
|
||
|
''
|
||
|
+ lib.strings.concatMapStrings (s: ''server.wait_for_unit("${s}")'' + "\n") (waitForServices args)
|
||
|
+ lib.strings.concatMapStrings (p: ''server.wait_for_open_port(${toString p})'' + "\n") (waitForPorts args)
|
||
|
+ lib.strings.concatMapStrings (u: ''server.wait_for_open_unix_socket("${u}")'' + "\n") (waitForUnixSocket args)
|
||
|
+ ''
|
||
|
if ${if hasSSL args then "True" else "False"}:
|
||
|
server.copy_from_vm("/etc/ssl/certs/ca-certificates.crt")
|
||
|
client.succeed("rm -r /etc/ssl/certs")
|
||
|
client.copy_from_host(str(pathlib.Path(os.environ.get("out", os.getcwd())) / "ca-certificates.crt"), "/etc/ssl/certs/ca-certificates.crt")
|
||
|
|
||
|
def curl(target, format, endpoint, succeed=True):
|
||
|
return json.loads(target.succeed(
|
||
|
"curl --fail-with-body --silent --show-error --output /dev/null --location"
|
||
|
+ " --cookie-jar /tmp/cookies"
|
||
|
+ " --connect-to ${fqdn}:443:server:443"
|
||
|
+ " --connect-to ${fqdn}:80:server:80"
|
||
|
+ f" --write-out '{format}'"
|
||
|
+ " " + endpoint
|
||
|
))
|
||
|
|
||
|
with subtest("access"):
|
||
|
response = curl(client, """{"code":%{response_code}}""", "${proto_fqdn}")
|
||
|
|
||
|
if response['code'] != 200:
|
||
|
raise Exception(f"Code is {response['code']}")
|
||
|
''
|
||
|
+ extraScript args;
|
||
|
}
|