refactor common test script
This commit is contained in:
parent
308db5fe6b
commit
1b4247233b
10 changed files with 213 additions and 356 deletions
55
test/common.nix
Normal file
55
test/common.nix
Normal file
|
@ -0,0 +1,55 @@
|
||||||
|
{
|
||||||
|
lib,
|
||||||
|
}:
|
||||||
|
{
|
||||||
|
accessScript = {
|
||||||
|
fqdn
|
||||||
|
, hasSSL
|
||||||
|
, waitForServices ? s: []
|
||||||
|
, waitForPorts ? p: []
|
||||||
|
, waitForUnixSocket ? u: []
|
||||||
|
, extraScript ? {...}: ""
|
||||||
|
}: { nodes, ... }:
|
||||||
|
let
|
||||||
|
proto_fqdn = if hasSSL args then "https://${fqdn}" else "http://${fqdn}";
|
||||||
|
|
||||||
|
args = {
|
||||||
|
node.name = "server";
|
||||||
|
node.config = nodes.server;
|
||||||
|
inherit proto_fqdn;
|
||||||
|
};
|
||||||
|
in
|
||||||
|
''
|
||||||
|
import json
|
||||||
|
import os
|
||||||
|
import pathlib
|
||||||
|
|
||||||
|
start_all()
|
||||||
|
''
|
||||||
|
+ lib.strings.concatMapStrings (s: ''server.wait_for_unit("${s}")'' + "\n") (waitForServices args)
|
||||||
|
+ lib.strings.concatMapStrings (p: ''server.wait_for_open_port(${toString p})'' + "\n") (waitForPorts args)
|
||||||
|
+ lib.strings.concatMapStrings (u: ''server.wait_for_open_unix_socket("${u}")'' + "\n") (waitForUnixSocket args)
|
||||||
|
+ ''
|
||||||
|
if ${if hasSSL args then "True" else "False"}:
|
||||||
|
server.copy_from_vm("/etc/ssl/certs/ca-certificates.crt")
|
||||||
|
client.succeed("rm -r /etc/ssl/certs")
|
||||||
|
client.copy_from_host(str(pathlib.Path(os.environ.get("out", os.getcwd())) / "ca-certificates.crt"), "/etc/ssl/certs/ca-certificates.crt")
|
||||||
|
|
||||||
|
def curl(target, format, endpoint, succeed=True):
|
||||||
|
return json.loads(target.succeed(
|
||||||
|
"curl --fail-with-body --silent --show-error --output /dev/null --location"
|
||||||
|
+ " --cookie-jar /tmp/cookies"
|
||||||
|
+ " --connect-to ${fqdn}:443:server:443"
|
||||||
|
+ " --connect-to ${fqdn}:80:server:80"
|
||||||
|
+ f" --write-out '{format}'"
|
||||||
|
+ " " + endpoint
|
||||||
|
))
|
||||||
|
|
||||||
|
with subtest("access"):
|
||||||
|
response = curl(client, """{"code":%{response_code}}""", "${proto_fqdn}")
|
||||||
|
|
||||||
|
if response['code'] != 200:
|
||||||
|
raise Exception(f"Code is {response['code']}")
|
||||||
|
''
|
||||||
|
+ extraScript args;
|
||||||
|
}
|
|
@ -1,62 +1,51 @@
|
||||||
{ pkgs, lib, ... }:
|
{ pkgs, lib, ... }:
|
||||||
let
|
let
|
||||||
pkgs' = pkgs;
|
pkgs' = pkgs;
|
||||||
|
|
||||||
|
domain = "example.com";
|
||||||
|
healthUrl = "/health";
|
||||||
|
loginUrl = "/UI/Login";
|
||||||
|
|
||||||
|
testLib = pkgs.callPackage ../common.nix {};
|
||||||
|
|
||||||
# TODO: Test login
|
# TODO: Test login
|
||||||
commonTestScript = appname: cfgPathFn: { nodes, ... }:
|
commonTestScript = appname: cfgPathFn:
|
||||||
let
|
let
|
||||||
shbapp = nodes.server.shb.arr.${appname};
|
fqdn = "${appname}.${domain}";
|
||||||
cfgPath = cfgPathFn shbapp;
|
in testLib.accessScript {
|
||||||
apiKey = if (shbapp.settings ? ApiKey) then "01234567890123456789" else null;
|
inherit fqdn;
|
||||||
hasSSL = !(isNull shbapp.ssl);
|
hasSSL = { node, ... }: !(isNull node.config.shb.arr.${appname}.ssl);
|
||||||
fqdn = if hasSSL then "https://${appname}.example.com" else "http://${appname}.example.com";
|
waitForServices = { ... }: [
|
||||||
healthUrl = "/health";
|
"${appname}.service"
|
||||||
loginUrl = "/UI/Login";
|
"nginx.service"
|
||||||
in
|
];
|
||||||
''
|
waitForPorts = { node, ... }: [
|
||||||
import json
|
node.config.shb.arr.${appname}.settings.Port
|
||||||
import os
|
];
|
||||||
import pathlib
|
extraScript = { node, proto_fqdn, ... }: let
|
||||||
|
shbapp = node.config.shb.arr.${appname};
|
||||||
|
cfgPath = cfgPathFn shbapp;
|
||||||
|
apiKey = if (shbapp.settings ? ApiKey) then "01234567890123456789" else null;
|
||||||
|
in ''
|
||||||
|
with subtest("health"):
|
||||||
|
response = curl(client, """{"code":%{response_code}}""", "${fqdn}${healthUrl}")
|
||||||
|
|
||||||
start_all()
|
if response['code'] != 200:
|
||||||
server.wait_for_unit("${appname}.service")
|
raise Exception(f"Code is {response['code']}")
|
||||||
server.wait_for_unit("nginx.service")
|
|
||||||
server.wait_for_open_port(${builtins.toString shbapp.settings.Port})
|
|
||||||
|
|
||||||
if ${if hasSSL then "True" else "False"}:
|
with subtest("login"):
|
||||||
server.copy_from_vm("/etc/ssl/certs/ca-certificates.crt")
|
response = curl(client, """{"code":%{response_code}}""", "${fqdn}${loginUrl}")
|
||||||
client.succeed("rm -r /etc/ssl/certs")
|
|
||||||
client.copy_from_host(str(pathlib.Path(os.environ.get("out", os.getcwd())) / "ca-certificates.crt"), "/etc/ssl/certs/ca-certificates.crt")
|
|
||||||
|
|
||||||
def curl(target, format, endpoint, succeed=True):
|
if response['code'] != 200:
|
||||||
return json.loads(target.succeed(
|
raise Exception(f"Code is {response['code']}")
|
||||||
"curl -X GET --fail-with-body --silent --show-error --output /dev/null --location"
|
'' + lib.optionalString (apiKey != null) ''
|
||||||
+ " --connect-to ${appname}.example.com:443:server:443"
|
|
||||||
+ " --connect-to ${appname}.example.com:80:server:80"
|
|
||||||
+ " --cookie-jar /tmp/cookies"
|
|
||||||
# Uncomment for debugging:
|
|
||||||
# + " -v"
|
|
||||||
+ f" --write-out '{format}'"
|
|
||||||
+ " " + endpoint
|
|
||||||
))
|
|
||||||
|
|
||||||
with subtest("health"):
|
with subtest("apikey"):
|
||||||
response = curl(client, """{"code":%{response_code}}""", "${fqdn}${healthUrl}")
|
config = server.succeed("cat ${cfgPath}")
|
||||||
|
if "${apiKey}" not in config:
|
||||||
if response['code'] != 200:
|
raise Exception(f"Unexpected API Key. Want '${apiKey}', got '{config}'")
|
||||||
raise Exception(f"Code is {response['code']}")
|
'';
|
||||||
|
};
|
||||||
with subtest("login"):
|
|
||||||
response = curl(client, """{"code":%{response_code}}""", "${fqdn}${loginUrl}")
|
|
||||||
|
|
||||||
if response['code'] != 200:
|
|
||||||
raise Exception(f"Code is {response['code']}")
|
|
||||||
'' + lib.optionalString (apiKey != null) ''
|
|
||||||
|
|
||||||
with subtest("apikey"):
|
|
||||||
config = server.succeed("cat ${cfgPath}")
|
|
||||||
if "${apiKey}" not in config:
|
|
||||||
raise Exception(f"Unexpected API Key. Want '${apiKey}', got '{config}'")
|
|
||||||
'';
|
|
||||||
|
|
||||||
basic = appname: cfgPathFn: pkgs.testers.runNixOSTest {
|
basic = appname: cfgPathFn: pkgs.testers.runNixOSTest {
|
||||||
name = "arr-${appname}-basic";
|
name = "arr-${appname}-basic";
|
||||||
|
@ -78,7 +67,7 @@ let
|
||||||
|
|
||||||
shb.arr.${appname} = {
|
shb.arr.${appname} = {
|
||||||
enable = true;
|
enable = true;
|
||||||
domain = "example.com";
|
inherit domain;
|
||||||
subdomain = appname;
|
subdomain = appname;
|
||||||
|
|
||||||
settings.ApiKey.source = pkgs.writeText "APIKey" "01234567890123456789"; # Needs to be >=20 characters.
|
settings.ApiKey.source = pkgs.writeText "APIKey" "01234567890123456789"; # Needs to be >=20 characters.
|
||||||
|
|
|
@ -2,46 +2,26 @@
|
||||||
let
|
let
|
||||||
pkgs' = pkgs;
|
pkgs' = pkgs;
|
||||||
|
|
||||||
|
testLib = pkgs.callPackage ../common.nix {};
|
||||||
|
|
||||||
subdomain = "a";
|
subdomain = "a";
|
||||||
domain = "example.com";
|
domain = "example.com";
|
||||||
fqdn = "${subdomain}.${domain}";
|
fqdn = "${subdomain}.${domain}";
|
||||||
|
|
||||||
# TODO: Test login
|
commonTestScript = testLib.accessScript {
|
||||||
commonTestScript = { nodes, ... }:
|
inherit fqdn;
|
||||||
let
|
hasSSL = { node, ... }: !(isNull node.config.shb.audiobookshelf.ssl);
|
||||||
hasSSL = !(isNull nodes.server.shb.audiobookshelf.ssl);
|
waitForServices = { ... }: [
|
||||||
proto_fqdn = if hasSSL then "https://${fqdn}" else "http://${fqdn}";
|
"audiobookshelf.service"
|
||||||
in
|
"nginx.service"
|
||||||
''
|
];
|
||||||
import json
|
waitForPorts = { node, ... }: [
|
||||||
import os
|
node.config.shb.audiobookshelf.webPort
|
||||||
import pathlib
|
];
|
||||||
|
# TODO: Test login
|
||||||
start_all()
|
# extraScript = { ... }: ''
|
||||||
server.wait_for_unit("audiobookshelf.service")
|
# '';
|
||||||
server.wait_for_unit("nginx.service")
|
};
|
||||||
server.wait_for_open_port(${builtins.toString nodes.server.shb.audiobookshelf.webPort})
|
|
||||||
|
|
||||||
if ${if hasSSL then "True" else "False"}:
|
|
||||||
server.copy_from_vm("/etc/ssl/certs/ca-certificates.crt")
|
|
||||||
client.succeed("rm -r /etc/ssl/certs")
|
|
||||||
client.copy_from_host(str(pathlib.Path(os.environ.get("out", os.getcwd())) / "ca-certificates.crt"), "/etc/ssl/certs/ca-certificates.crt")
|
|
||||||
|
|
||||||
def curl(target, format, endpoint, succeed=True):
|
|
||||||
return json.loads(target.succeed(
|
|
||||||
"curl --fail-with-body --silent --show-error --output /dev/null --location"
|
|
||||||
+ " --connect-to ${fqdn}:443:server:443"
|
|
||||||
+ " --connect-to ${fqdn}:80:server:80"
|
|
||||||
+ f" --write-out '{format}'"
|
|
||||||
+ " " + endpoint
|
|
||||||
))
|
|
||||||
|
|
||||||
with subtest("access"):
|
|
||||||
response = curl(client, """{"code":%{response_code}}""", "${proto_fqdn}")
|
|
||||||
|
|
||||||
if response['code'] != 200:
|
|
||||||
raise Exception(f"Code is {response['code']}")
|
|
||||||
'';
|
|
||||||
|
|
||||||
base = {
|
base = {
|
||||||
imports = [
|
imports = [
|
||||||
|
|
|
@ -6,47 +6,26 @@ let
|
||||||
domain = "example.com";
|
domain = "example.com";
|
||||||
fqdn = "${subdomain}.${domain}";
|
fqdn = "${subdomain}.${domain}";
|
||||||
|
|
||||||
commonTestScript = { nodes, ... }:
|
testLib = pkgs.callPackage ../common.nix {};
|
||||||
let
|
|
||||||
hasSSL = !(isNull nodes.server.shb.deluge.ssl);
|
|
||||||
proto_fqdn = if hasSSL then "https://${fqdn}" else "http://${fqdn}";
|
|
||||||
in
|
|
||||||
''
|
|
||||||
import json
|
|
||||||
import os
|
|
||||||
import pathlib
|
|
||||||
|
|
||||||
start_all()
|
commonTestScript = testLib.accessScript {
|
||||||
server.wait_for_unit("nginx.service")
|
inherit fqdn;
|
||||||
server.wait_for_unit("deluged.service")
|
hasSSL = { node, ... }: !(isNull node.config.shb.deluge.ssl);
|
||||||
server.wait_for_unit("delugeweb.service")
|
waitForServices = { ... }: [
|
||||||
server.wait_for_open_port(${toString nodes.server.shb.deluge.daemonPort})
|
"nginx.service"
|
||||||
server.wait_for_open_port(${toString nodes.server.shb.deluge.webPort})
|
"deluged.service"
|
||||||
|
"delugeweb.service"
|
||||||
if ${if hasSSL then "True" else "False"}:
|
];
|
||||||
server.copy_from_vm("/etc/ssl/certs/ca-certificates.crt")
|
waitForPorts = { node, ... }: [
|
||||||
client.succeed("rm -r /etc/ssl/certs")
|
node.config.shb.deluge.daemonPort
|
||||||
client.copy_from_host(str(pathlib.Path(os.environ.get("out", os.getcwd())) / "ca-certificates.crt"), "/etc/ssl/certs/ca-certificates.crt")
|
node.config.shb.deluge.webPort
|
||||||
|
];
|
||||||
def curl(target, format, endpoint, succeed=True):
|
extraScript = { node, ... }: ''
|
||||||
return json.loads(target.succeed(
|
print(${node.name}.succeed('journalctl -n100 -u deluged'))
|
||||||
"curl --fail-with-body --silent --show-error --output /dev/null --location"
|
print(${node.name}.succeed('systemctl status deluged'))
|
||||||
+ " --connect-to ${fqdn}:443:server:443"
|
print(${node.name}.succeed('systemctl status delugeweb'))
|
||||||
+ " --connect-to ${fqdn}:80:server:80"
|
|
||||||
+ f" --write-out '{format}'"
|
|
||||||
+ " " + endpoint
|
|
||||||
))
|
|
||||||
|
|
||||||
print(server.succeed('journalctl -n100 -u deluged'))
|
|
||||||
print(server.succeed('systemctl status deluged'))
|
|
||||||
print(server.succeed('systemctl status delugeweb'))
|
|
||||||
|
|
||||||
with subtest("access"):
|
|
||||||
response = curl(client, """{"code":%{response_code}}""", "${proto_fqdn}")
|
|
||||||
|
|
||||||
if response['code'] != 200:
|
|
||||||
raise Exception(f"Code is {response['code']}")
|
|
||||||
'';
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
# TODO: Test login directly to deluge daemon to exercise extraUsers
|
# TODO: Test login directly to deluge daemon to exercise extraUsers
|
||||||
authTestScript = { nodes, ... }:
|
authTestScript = { nodes, ... }:
|
||||||
|
|
|
@ -2,46 +2,26 @@
|
||||||
let
|
let
|
||||||
pkgs' = pkgs;
|
pkgs' = pkgs;
|
||||||
|
|
||||||
|
testLib = pkgs.callPackage ../common.nix {};
|
||||||
|
|
||||||
subdomain = "g";
|
subdomain = "g";
|
||||||
domain = "example.com";
|
domain = "example.com";
|
||||||
fqdn = "${subdomain}.${domain}";
|
fqdn = "${subdomain}.${domain}";
|
||||||
|
|
||||||
# TODO: Test login
|
commonTestScript = testLib.accessScript {
|
||||||
commonTestScript = { nodes, ... }:
|
inherit fqdn;
|
||||||
let
|
hasSSL = { node, ... }: !(isNull node.config.shb.grocy.ssl);
|
||||||
hasSSL = !(isNull nodes.server.shb.grocy.ssl);
|
waitForServices = { ... }: [
|
||||||
proto_fqdn = if hasSSL then "https://${fqdn}" else "http://${fqdn}";
|
"phpfpm-grocy.service"
|
||||||
in
|
"nginx.service"
|
||||||
''
|
];
|
||||||
import json
|
waitForUnixSocket = { node, ... }: [
|
||||||
import os
|
node.config.services.phpfpm.pools.grocy.socket
|
||||||
import pathlib
|
];
|
||||||
|
# TODO: Test login
|
||||||
start_all()
|
# extraScript = { ... }: ''
|
||||||
server.wait_for_unit("phpfpm-grocy.service")
|
# '';
|
||||||
server.wait_for_unit("nginx.service")
|
};
|
||||||
server.wait_for_open_unix_socket("${nodes.server.services.phpfpm.pools.grocy.socket}")
|
|
||||||
|
|
||||||
if ${if hasSSL then "True" else "False"}:
|
|
||||||
server.copy_from_vm("/etc/ssl/certs/ca-certificates.crt")
|
|
||||||
client.succeed("rm -r /etc/ssl/certs")
|
|
||||||
client.copy_from_host(str(pathlib.Path(os.environ.get("out", os.getcwd())) / "ca-certificates.crt"), "/etc/ssl/certs/ca-certificates.crt")
|
|
||||||
|
|
||||||
def curl(target, format, endpoint, succeed=True):
|
|
||||||
return json.loads(target.succeed(
|
|
||||||
"curl --fail-with-body --silent --show-error --output /dev/null --location"
|
|
||||||
+ " --connect-to ${fqdn}:443:server:443"
|
|
||||||
+ " --connect-to ${fqdn}:80:server:80"
|
|
||||||
+ f" --write-out '{format}'"
|
|
||||||
+ " " + endpoint
|
|
||||||
))
|
|
||||||
|
|
||||||
with subtest("access"):
|
|
||||||
response = curl(client, """{"code":%{response_code}}""", "${proto_fqdn}")
|
|
||||||
|
|
||||||
if response['code'] != 200:
|
|
||||||
raise Exception(f"Code is {response['code']}")
|
|
||||||
'';
|
|
||||||
|
|
||||||
base = {
|
base = {
|
||||||
imports = [
|
imports = [
|
||||||
|
|
|
@ -2,46 +2,23 @@
|
||||||
let
|
let
|
||||||
pkgs' = pkgs;
|
pkgs' = pkgs;
|
||||||
|
|
||||||
|
testLib = pkgs.callPackage ../common.nix {};
|
||||||
|
|
||||||
subdomain = "ha";
|
subdomain = "ha";
|
||||||
domain = "example.com";
|
domain = "example.com";
|
||||||
fqdn = "${subdomain}.${domain}";
|
fqdn = "${subdomain}.${domain}";
|
||||||
|
|
||||||
# TODO: Test login
|
commonTestScript = testLib.accessScript {
|
||||||
commonTestScript = { nodes, ... }:
|
inherit fqdn;
|
||||||
let
|
hasSSL = { node, ... }: !(isNull node.config.shb.home-assistant.ssl);
|
||||||
hasSSL = !(isNull nodes.server.shb.home-assistant.ssl);
|
waitForServices = { ... }: [
|
||||||
proto_fqdn = if hasSSL then "https://${fqdn}" else "http://${fqdn}";
|
"home-assistant.service"
|
||||||
in
|
"nginx.service"
|
||||||
''
|
];
|
||||||
import json
|
waitForPorts = { node, ... }: [
|
||||||
import os
|
8123
|
||||||
import pathlib
|
];
|
||||||
|
};
|
||||||
start_all()
|
|
||||||
server.wait_for_unit("home-assistant.service")
|
|
||||||
server.wait_for_unit("nginx.service")
|
|
||||||
server.wait_for_open_port(8123)
|
|
||||||
|
|
||||||
if ${if hasSSL then "True" else "False"}:
|
|
||||||
server.copy_from_vm("/etc/ssl/certs/ca-certificates.crt")
|
|
||||||
client.succeed("rm -r /etc/ssl/certs")
|
|
||||||
client.copy_from_host(str(pathlib.Path(os.environ.get("out", os.getcwd())) / "ca-certificates.crt"), "/etc/ssl/certs/ca-certificates.crt")
|
|
||||||
|
|
||||||
def curl(target, format, endpoint, succeed=True):
|
|
||||||
return json.loads(target.succeed(
|
|
||||||
"curl --fail-with-body --silent --show-error --output /dev/null --location"
|
|
||||||
+ " --connect-to ${fqdn}:443:server:443"
|
|
||||||
+ " --connect-to ${fqdn}:80:server:80"
|
|
||||||
+ f" --write-out '{format}'"
|
|
||||||
+ " " + endpoint
|
|
||||||
))
|
|
||||||
|
|
||||||
with subtest("access"):
|
|
||||||
response = curl(client, """{"code":%{response_code}}""", "${proto_fqdn}")
|
|
||||||
|
|
||||||
if response['code'] != 200:
|
|
||||||
raise Exception(f"Code is {response['code']}")
|
|
||||||
'';
|
|
||||||
|
|
||||||
base = { config, ... }: {
|
base = { config, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
|
|
|
@ -2,42 +2,23 @@
|
||||||
let
|
let
|
||||||
pkgs' = pkgs;
|
pkgs' = pkgs;
|
||||||
|
|
||||||
# TODO: Test login
|
testLib = pkgs.callPackage ../common.nix {};
|
||||||
commonTestScript = { nodes, ... }:
|
|
||||||
let
|
|
||||||
hasSSL = !(isNull nodes.server.shb.jellyfin.ssl);
|
|
||||||
fqdn = if hasSSL then "https://j.example.com" else "http://j.example.com";
|
|
||||||
in
|
|
||||||
''
|
|
||||||
import json
|
|
||||||
import os
|
|
||||||
import pathlib
|
|
||||||
|
|
||||||
start_all()
|
subdomain = "j";
|
||||||
server.wait_for_unit("jellyfin.service")
|
domain = "example.com";
|
||||||
server.wait_for_unit("nginx.service")
|
fqdn = "${subdomain}.${domain}";
|
||||||
server.wait_for_open_port(8096)
|
|
||||||
|
|
||||||
if ${if hasSSL then "True" else "False"}:
|
commonTestScript = testLib.accessScript {
|
||||||
server.copy_from_vm("/etc/ssl/certs/ca-certificates.crt")
|
inherit fqdn;
|
||||||
client.succeed("rm -r /etc/ssl/certs")
|
hasSSL = { node, ... }: !(isNull node.config.shb.jellyfin.ssl);
|
||||||
client.copy_from_host(str(pathlib.Path(os.environ.get("out", os.getcwd())) / "ca-certificates.crt"), "/etc/ssl/certs/ca-certificates.crt")
|
waitForServices = { ... }: [
|
||||||
|
"jellyfin.service"
|
||||||
def curl(target, format, endpoint, succeed=True):
|
"nginx.service"
|
||||||
return json.loads(target.succeed(
|
];
|
||||||
"curl --fail-with-body --silent --show-error --output /dev/null --location"
|
waitForPorts = { node, ... }: [
|
||||||
+ " --connect-to j.example.com:443:server:443"
|
8096
|
||||||
+ " --connect-to j.example.com:80:server:80"
|
];
|
||||||
+ f" --write-out '{format}'"
|
};
|
||||||
+ " " + endpoint
|
|
||||||
))
|
|
||||||
|
|
||||||
with subtest("access"):
|
|
||||||
response = curl(client, """{"code":%{response_code}}""", "${fqdn}")
|
|
||||||
|
|
||||||
if response['code'] != 200:
|
|
||||||
raise Exception(f"Code is {response['code']}")
|
|
||||||
'';
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
basic = pkgs.testers.runNixOSTest {
|
basic = pkgs.testers.runNixOSTest {
|
||||||
|
|
|
@ -2,65 +2,24 @@
|
||||||
let
|
let
|
||||||
pkgs' = pkgs;
|
pkgs' = pkgs;
|
||||||
|
|
||||||
|
testLib = pkgs.callPackage ../common.nix {};
|
||||||
|
|
||||||
subdomain = "grafana";
|
subdomain = "grafana";
|
||||||
domain = "example.com";
|
domain = "example.com";
|
||||||
fqdn = "${subdomain}.${domain}";
|
fqdn = "${subdomain}.${domain}";
|
||||||
|
|
||||||
password = "securepw";
|
password = "securepw";
|
||||||
|
|
||||||
commonTestScript = { nodes, ... }:
|
commonTestScript = testLib.accessScript {
|
||||||
let
|
inherit fqdn;
|
||||||
hasSSL = !(isNull nodes.server.shb.monitoring.ssl);
|
hasSSL = { node, ... }: !(isNull node.config.shb.monitoring.ssl);
|
||||||
proto_fqdn = if hasSSL then "https://${fqdn}" else "http://${fqdn}";
|
waitForServices = { ... }: [
|
||||||
in
|
"nginx.service"
|
||||||
''
|
];
|
||||||
import base64
|
waitForPorts = { node, ... }: [
|
||||||
import json
|
node.config.shb.monitoring.grafanaPort
|
||||||
import os
|
];
|
||||||
import pathlib
|
};
|
||||||
|
|
||||||
start_all()
|
|
||||||
server.wait_for_unit("nginx.service")
|
|
||||||
server.wait_for_open_port(${toString nodes.server.shb.monitoring.grafanaPort})
|
|
||||||
|
|
||||||
if ${if hasSSL then "True" else "False"}:
|
|
||||||
server.copy_from_vm("/etc/ssl/certs/ca-certificates.crt")
|
|
||||||
client.succeed("rm -r /etc/ssl/certs")
|
|
||||||
client.copy_from_host(str(pathlib.Path(os.environ.get("out", os.getcwd())) / "ca-certificates.crt"), "/etc/ssl/certs/ca-certificates.crt")
|
|
||||||
|
|
||||||
def find_in_logs(unit, text):
|
|
||||||
return server.systemctl("status {}".format(unit))[1].find(text) != -1
|
|
||||||
|
|
||||||
def curl(target, format, endpoint, user = None):
|
|
||||||
errcode, r = target.execute(
|
|
||||||
"curl --fail-with-body --silent --show-error --location"
|
|
||||||
+ " --connect-to ${fqdn}:443:server:443"
|
|
||||||
+ " --connect-to ${fqdn}:80:server:80"
|
|
||||||
+ (f" --header \"Authorization: Basic {base64.b64encode(user).decode('utf-8')}\"" if user is not None else "")
|
|
||||||
+ (" --output /dev/null" if format != "" else "")
|
|
||||||
+ (f" --write-out '{format}'" if format != "" else "")
|
|
||||||
+ " " + endpoint
|
|
||||||
)
|
|
||||||
if format == "":
|
|
||||||
return r
|
|
||||||
return json.loads(r)
|
|
||||||
|
|
||||||
with subtest("access"):
|
|
||||||
response = curl(client, """{"code":%{response_code}}""", "${proto_fqdn}")
|
|
||||||
|
|
||||||
if response['code'] != 200:
|
|
||||||
raise Exception(f"Code is {response['code']}")
|
|
||||||
|
|
||||||
with subtest("api succeed"):
|
|
||||||
response = curl(client, """{"code":%{response_code}}""", "${proto_fqdn}/api/org", user=b"admin:${password}")
|
|
||||||
if response['code'] != 200:
|
|
||||||
raise Exception(f"Code is {response['code']}")
|
|
||||||
|
|
||||||
with subtest("api wrong code"):
|
|
||||||
response = curl(client, """{"code":%{response_code}}""", "${proto_fqdn}/api/org", user=b"admin:wrong")
|
|
||||||
if response['code'] != 401:
|
|
||||||
raise Exception(f"Code is {response['code']}")
|
|
||||||
'';
|
|
||||||
|
|
||||||
base = {
|
base = {
|
||||||
imports = [
|
imports = [
|
||||||
|
|
|
@ -8,45 +8,24 @@ let
|
||||||
domain = "example.com";
|
domain = "example.com";
|
||||||
fqdn = "${subdomain}.${domain}";
|
fqdn = "${subdomain}.${domain}";
|
||||||
|
|
||||||
commonTestScript = { nodes, ... }:
|
testLib = pkgs.callPackage ../common.nix {};
|
||||||
let
|
|
||||||
hasSSL = !(isNull nodes.server.shb.nextcloud.ssl);
|
commonTestScript = testLib.accessScript {
|
||||||
proto_fqdn = if hasSSL then "https://${fqdn}" else "http://${fqdn}";
|
inherit fqdn;
|
||||||
in
|
hasSSL = { node, ... }: !(isNull node.config.shb.nextcloud.ssl);
|
||||||
''
|
waitForServices = { ... }: [
|
||||||
import json
|
"phpfpm-nextcloud.service"
|
||||||
import os
|
"nginx.service"
|
||||||
import pathlib
|
];
|
||||||
|
waitForUnixSocket = { node, ... }: [
|
||||||
|
node.config.services.phpfpm.pools.nextcloud.socket
|
||||||
|
];
|
||||||
|
extraScript = { node, proto_fqdn, ... }: ''
|
||||||
import time
|
import time
|
||||||
|
|
||||||
start_all()
|
|
||||||
server.wait_for_unit("phpfpm-nextcloud.service")
|
|
||||||
server.wait_for_unit("nginx.service")
|
|
||||||
server.wait_for_open_unix_socket("${nodes.server.services.phpfpm.pools.nextcloud.socket}")
|
|
||||||
|
|
||||||
if ${if hasSSL then "True" else "False"}:
|
|
||||||
server.copy_from_vm("/etc/ssl/certs/ca-certificates.crt")
|
|
||||||
client.succeed("rm -r /etc/ssl/certs")
|
|
||||||
client.copy_from_host(str(pathlib.Path(os.environ.get("out", os.getcwd())) / "ca-certificates.crt"), "/etc/ssl/certs/ca-certificates.crt")
|
|
||||||
|
|
||||||
def find_in_logs(unit, text):
|
def find_in_logs(unit, text):
|
||||||
return server.systemctl("status {}".format(unit))[1].find(text) != -1
|
return server.systemctl("status {}".format(unit))[1].find(text) != -1
|
||||||
|
|
||||||
def curl(target, format, endpoint, succeed=True):
|
|
||||||
return json.loads(target.succeed(
|
|
||||||
"curl --fail-with-body --silent --show-error --output /dev/null --location"
|
|
||||||
+ " --connect-to ${fqdn}:443:server:443"
|
|
||||||
+ " --connect-to ${fqdn}:80:server:80"
|
|
||||||
+ f" --write-out '{format}'"
|
|
||||||
+ " " + endpoint
|
|
||||||
))
|
|
||||||
|
|
||||||
with subtest("access"):
|
|
||||||
response = curl(client, """{"code":%{response_code}}""", "${proto_fqdn}")
|
|
||||||
|
|
||||||
if response['code'] != 200:
|
|
||||||
raise Exception(f"Code is {response['code']}")
|
|
||||||
|
|
||||||
with subtest("cron job succeeds"):
|
with subtest("cron job succeeds"):
|
||||||
# This calls blocks until the service is done.
|
# This calls blocks until the service is done.
|
||||||
server.systemctl("start nextcloud-cron.service")
|
server.systemctl("start nextcloud-cron.service")
|
||||||
|
@ -133,6 +112,7 @@ let
|
||||||
if content != "hello\n":
|
if content != "hello\n":
|
||||||
raise Exception("Got incorrect content for file, expected 'hello\n' but got:\n{}".format(content))
|
raise Exception("Got incorrect content for file, expected 'hello\n' but got:\n{}".format(content))
|
||||||
'';
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
base = {
|
base = {
|
||||||
imports = [
|
imports = [
|
||||||
|
|
|
@ -2,47 +2,24 @@
|
||||||
let
|
let
|
||||||
pkgs' = pkgs;
|
pkgs' = pkgs;
|
||||||
|
|
||||||
|
testLib = pkgs.callPackage ../common.nix {};
|
||||||
|
|
||||||
subdomain = "v";
|
subdomain = "v";
|
||||||
domain = "example.com";
|
domain = "example.com";
|
||||||
fqdn = "${subdomain}.${domain}";
|
fqdn = "${subdomain}.${domain}";
|
||||||
|
|
||||||
# TODO: Test login
|
commonTestScript = testLib.accessScript {
|
||||||
commonTestScript = { nodes, ... }:
|
inherit fqdn;
|
||||||
let
|
hasSSL = { node, ... }: !(isNull node.config.shb.vaultwarden.ssl);
|
||||||
hasSSL = !(isNull nodes.server.shb.vaultwarden.ssl);
|
waitForServices = { ... }: [
|
||||||
proto_fqdn = if hasSSL then "https://${fqdn}" else "http://${fqdn}";
|
"vaultwarden.service"
|
||||||
in
|
"nginx.service"
|
||||||
''
|
];
|
||||||
import json
|
waitForPorts = { node, ... }: [
|
||||||
import os
|
8222
|
||||||
import pathlib
|
5432
|
||||||
|
];
|
||||||
start_all()
|
};
|
||||||
server.wait_for_unit("vaultwarden.service")
|
|
||||||
server.wait_for_unit("nginx.service")
|
|
||||||
server.wait_for_open_port(8222)
|
|
||||||
server.wait_for_open_port(5432)
|
|
||||||
|
|
||||||
if ${if hasSSL then "True" else "False"}:
|
|
||||||
server.copy_from_vm("/etc/ssl/certs/ca-certificates.crt")
|
|
||||||
client.succeed("rm -r /etc/ssl/certs")
|
|
||||||
client.copy_from_host(str(pathlib.Path(os.environ.get("out", os.getcwd())) / "ca-certificates.crt"), "/etc/ssl/certs/ca-certificates.crt")
|
|
||||||
|
|
||||||
def curl(target, format, endpoint, succeed=True):
|
|
||||||
return json.loads(target.succeed(
|
|
||||||
"curl --fail-with-body --silent --show-error --output /dev/null --location"
|
|
||||||
+ " --connect-to ${fqdn}:443:server:443"
|
|
||||||
+ " --connect-to ${fqdn}:80:server:80"
|
|
||||||
+ f" --write-out '{format}'"
|
|
||||||
+ " " + endpoint
|
|
||||||
))
|
|
||||||
|
|
||||||
with subtest("access"):
|
|
||||||
response = curl(client, """{"code":%{response_code}}""", "${proto_fqdn}")
|
|
||||||
|
|
||||||
if response['code'] != 200:
|
|
||||||
raise Exception(f"Code is {response['code']}")
|
|
||||||
'';
|
|
||||||
|
|
||||||
base = { config, ... }: {
|
base = { config, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
|
|
Loading…
Reference in a new issue