Add basic testcases for Disnix

2021-04-13 21:06:03 +02:00 · 2021-04-13 21:06:03 +02:00 · f47e62ed63
parent 32e6e10b86
commit f47e62ed63
13 changed files with 223 additions and 11 deletions
--- a/example-deployments/disnix/processes-bare.nix
+++ b/example-deployments/disnix/processes-bare.nix
@ -9,6 +9,7 @@
 , tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
 , forceDisableUserChange ? false
 , processManager
+, enablePAM ? false
 }:

 let
@ -19,9 +20,13 @@ let
  };
 in
 rec {
-  sshd = {
+  sshd = rec {
+    port = 22;
+
    pkg = constructors.sshd {
-      extraSSHDConfig = ''
+      inherit port;
+
+      extraSSHDConfig = pkgs.lib.optionalString enablePAM ''
        UsePAM yes
      '';
    };
--- a/example-deployments/disnix/processes-with-apache-mysql.nix
+++ b/example-deployments/disnix/processes-with-apache-mysql.nix
@ -9,6 +9,7 @@
 , tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
 , forceDisableUserChange ? false
 , processManager
+, enablePAM ? false
 }:

 let
@ -23,9 +24,13 @@ let
  };
 in
 rec {
-  sshd = {
+  sshd = rec {
+    port = 22;
+
    pkg = constructors.sshd {
-      extraSSHDConfig = ''
+      inherit port;
+
+      extraSSHDConfig = pkgs.lib.optionalString enablePAM ''
        UsePAM yes
      '';
    };
--- a/example-deployments/disnix/processes-with-tomcat-mysql-multi-instance.nix
+++ b/example-deployments/disnix/processes-with-tomcat-mysql-multi-instance.nix
@ -9,6 +9,7 @@
 , tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
 , forceDisableUserChange ? false
 , processManager
+, enablePAM ? false
 }:

 let
@ -23,9 +24,13 @@ let
  };
 in
 rec {
-  sshd = {
+  sshd = rec {
+    port = 22;
+
    pkg = constructors.sshd {
-      extraSSHDConfig = ''
+      inherit port;
+
+      extraSSHDConfig = pkgs.lib.optionalString enablePAM ''
        UsePAM yes
      '';
    };
--- a/example-deployments/disnix/processes-with-tomcat-mysql.nix
+++ b/example-deployments/disnix/processes-with-tomcat-mysql.nix
@ -9,6 +9,7 @@
 , tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
 , forceDisableUserChange ? false
 , processManager
+, enablePAM ? false
 }:

 let
@ -23,9 +24,13 @@ let
  };
 in
 rec {
-  sshd = {
+  sshd = rec {
+    port = 22;
+
    pkg = constructors.sshd {
-      extraSSHDConfig = ''
+      inherit port;
+
+      extraSSHDConfig = pkgs.lib.optionalString enablePAM ''
        UsePAM yes
      '';
    };
@ -52,8 +57,12 @@ rec {
    properties.requiresUniqueIdsFor = [ "uids" "gids" ];
  };

-  apache = {
+  apache = rec {
+    port = 80;
+
    pkg = constructors.basicAuthReverseProxyApache {
+      inherit port;
+
      dependency = tomcat;
      serverAdmin = "admin@localhost";
      targetProtocol = "ajp";
--- a/services-agnostic/constructors.nix
+++ b/services-agnostic/constructors.nix
@ -60,7 +60,7 @@ in
  };

  disnix-service = import ./disnix-service {
-    inherit createManagedProcess processManager nix-processmgmt ids;
+    inherit createManagedProcess nix-processmgmt ids processManager;
    inherit (pkgs) stdenv lib writeTextFile nix disnix dysnomia inetutils findutils;
  };

--- a/services-agnostic/disnix-service/default.nix
+++ b/services-agnostic/disnix-service/default.nix
@ -27,7 +27,10 @@ createManagedProcess {
    inherit stdenv lib writeTextFile nix-processmgmt processManager dysnomiaProperties dysnomiaContainers containerProviders extraDysnomiaContainersPath processManagerContainerSettings;
  };
  daemonExtraArgs = [ "--daemon" ];
-  dependencies = lib.optional (dbus-daemon != null) dbus-daemon.pkg
+  dependencies =
+    # If we use systemd, we should not add dbus-daemon as a dependency. It causes infinite recursion.
+    # Moreover, since D-Bus is already enabled for systemd, there is no reason to wait for it anyway.
+    lib.optional (dbus-daemon != null && processManager != "systemd") dbus-daemon.pkg
    ++ map (containerProvider: containerProvider.pkg) containerProviders;

  credentials = {
--- a/tests/default.nix
+++ b/tests/default.nix
@ -23,6 +23,22 @@ in
    inherit pkgs processManagers profiles testService;
  };

+  disnix = import ./disnix/bare {
+    inherit pkgs processManagers profiles testService;
+  };
+
+  disnix-with-apache-mysql = import ./disnix/apache-mysql {
+    inherit pkgs processManagers profiles testService;
+  };
+
+  disnix-with-tomcat-mysql = import ./disnix/tomcat-mysql {
+    inherit pkgs processManagers profiles testService;
+  };
+
+  disnix-with-tomcat-mysql-multi-instance = import ./disnix/tomcat-mysql-multi-instance {
+    inherit pkgs processManagers profiles testService;
+  };
+
  docker = import ./docker {
    inherit pkgs processManagers profiles testService;
  };
--- a/tests/disnix/apache-mysql/default.nix
+++ b/tests/disnix/apache-mysql/default.nix
@ -0,0 +1,45 @@
+{ pkgs, testService, processManagers, profiles }:
+
+let
+  env = "NIX_PATH='nixpkgs=${<nixpkgs>}' SSH_OPTS='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' DISNIX_REMOTE_CLIENT=disnix-client";
+in
+testService {
+  exprFile = ../../../example-deployments/disnix/processes-with-apache-mysql.nix;
+  systemPackages = [ pkgs.disnix ];
+
+  initialTests = {forceDisableUserChange, ...}:
+    let
+      homeDir = if forceDisableUserChange then "/home/unprivileged" else "/root";
+    in
+    ''
+      machine.succeed("cd ${homeDir}")
+      machine.succeed('ssh-keygen -t ecdsa -f key -N ""')
+      machine.succeed("mkdir -m 700 ${homeDir}/.ssh")
+      machine.succeed("cp key.pub ${homeDir}/.ssh/authorized_keys")
+      machine.succeed("chmod 600 ${homeDir}/.ssh/authorized_keys")
+      machine.succeed("cp key ${homeDir}/.ssh/id_dsa")
+      machine.succeed("chmod 600 ${homeDir}/.ssh/id_dsa")
+    '';
+
+  readiness = {instanceName, instance, ...}:
+    pkgs.lib.optionalString (instanceName == "sshd") ''
+      machine.wait_for_open_port(${toString instance.port})
+    '';
+
+  tests = {instanceName, instance, forceDisableUserChange, ...}:
+    pkgs.lib.optionalString (instanceName == "disnix-service") ''
+      machine.succeed(
+          "${env} disnix-capture-infra ${../infra-bootstrap.nix} > infrastructure.nix"
+      )
+
+      # Check if the container services are present
+      machine.succeed("grep 'process = {' infrastructure.nix")
+      machine.succeed("grep 'apache-webapplication = {' infrastructure.nix")
+      machine.succeed("grep 'mysql-database = {' infrastructure.nix")
+    '';
+
+  inherit processManagers;
+
+  # We don't support unprivileged multi-user deployments
+  profiles = builtins.filter (profile: profile == "privileged") profiles;
+}
--- a/tests/disnix/bare/default.nix
+++ b/tests/disnix/bare/default.nix
@ -0,0 +1,40 @@
+{ pkgs, testService, processManagers, profiles }:
+
+let
+  env = "NIX_PATH='nixpkgs=${<nixpkgs>}' SSH_OPTS='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' DISNIX_REMOTE_CLIENT=disnix-client";
+in
+testService {
+  exprFile = ../../../example-deployments/disnix/processes-bare.nix;
+  systemPackages = [ pkgs.disnix ];
+
+  initialTests = {forceDisableUserChange, ...}:
+    let
+      homeDir = if forceDisableUserChange then "/home/unprivileged" else "/root";
+    in
+    ''
+      machine.succeed("cd ${homeDir}")
+      machine.succeed('ssh-keygen -t ecdsa -f key -N ""')
+      machine.succeed("mkdir -m 700 ${homeDir}/.ssh")
+      machine.succeed("cp key.pub ${homeDir}/.ssh/authorized_keys")
+      machine.succeed("chmod 600 ${homeDir}/.ssh/authorized_keys")
+      machine.succeed("cp key ${homeDir}/.ssh/id_dsa")
+      machine.succeed("chmod 600 ${homeDir}/.ssh/id_dsa")
+    '';
+
+  readiness = {instanceName, instance, ...}:
+    pkgs.lib.optionalString (instanceName == "sshd") ''
+      machine.wait_for_open_port(${toString instance.port})
+    '';
+
+  tests = {instanceName, instance, forceDisableUserChange, ...}:
+    pkgs.lib.optionalString (instanceName == "disnix-service") ''
+      machine.succeed(
+          "${env} disnix-capture-infra ${../infra-bootstrap.nix} | grep 'process = {'"
+      )
+    '';
+
+  inherit processManagers;
+
+  # We don't support unprivileged multi-user deployments
+  profiles = builtins.filter (profile: profile == "privileged") profiles;
+}
--- a/tests/disnix/infra-bootstrap.nix
+++ b/tests/disnix/infra-bootstrap.nix
@ -0,0 +1,3 @@
+{
+  localhost.properties.hostname = "localhost";
+}
--- a/tests/disnix/tomcat-mysql-multi-instance/default.nix
+++ b/tests/disnix/tomcat-mysql-multi-instance/default.nix
@ -0,0 +1,47 @@
+{ pkgs, testService, processManagers, profiles }:
+
+let
+  env = "NIX_PATH='nixpkgs=${<nixpkgs>}' SSH_OPTS='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' DISNIX_REMOTE_CLIENT=disnix-client";
+in
+testService {
+  exprFile = ../../../example-deployments/disnix/processes-with-tomcat-mysql-multi-instance.nix;
+  systemPackages = [ pkgs.disnix ];
+
+  initialTests = {forceDisableUserChange, ...}:
+    let
+      homeDir = if forceDisableUserChange then "/home/unprivileged" else "/root";
+    in
+    ''
+      machine.succeed("cd ${homeDir}")
+      machine.succeed('ssh-keygen -t ecdsa -f key -N ""')
+      machine.succeed("mkdir -m 700 ${homeDir}/.ssh")
+      machine.succeed("cp key.pub ${homeDir}/.ssh/authorized_keys")
+      machine.succeed("chmod 600 ${homeDir}/.ssh/authorized_keys")
+      machine.succeed("cp key ${homeDir}/.ssh/id_dsa")
+      machine.succeed("chmod 600 ${homeDir}/.ssh/id_dsa")
+    '';
+
+  readiness = {instanceName, instance, ...}:
+    pkgs.lib.optionalString (instanceName == "sshd") ''
+      machine.wait_for_open_port(${toString instance.port})
+    '';
+
+  tests = {instanceName, instance, forceDisableUserChange, ...}:
+    pkgs.lib.optionalString (instanceName == "disnix-service") ''
+      machine.succeed(
+          "${env} disnix-capture-infra ${../infra-bootstrap.nix} > infrastructure.nix"
+      )
+
+      # Check if the container services are present
+      machine.succeed("grep 'process = {' infrastructure.nix")
+      machine.succeed("grep 'tomcat-webapplication-primary = {' infrastructure.nix")
+      machine.succeed("grep 'tomcat-webapplication-secondary = {' infrastructure.nix")
+      machine.succeed("grep 'mysql-database-primary = {' infrastructure.nix")
+      machine.succeed("grep 'mysql-database-secondary = {' infrastructure.nix")
+    '';
+
+  inherit processManagers;
+
+  # We don't support unprivileged multi-user deployments
+  profiles = builtins.filter (profile: profile == "privileged") profiles;
+}
--- a/tests/disnix/tomcat-mysql/default.nix
+++ b/tests/disnix/tomcat-mysql/default.nix
@ -0,0 +1,31 @@
+{ pkgs, testService, processManagers, profiles }:
+
+let
+  env = "NIX_PATH='nixpkgs=${<nixpkgs>}' DISNIX_CLIENT_INTERFACE=disnix-soap-client DISNIX_TARGET_PROPERTY=targetEPR DISNIX_SOAP_CLIENT_USERNAME=admin DISNIX_SOAP_CLIENT_PASSWORD=secret";
+in
+testService {
+  exprFile = ../../../example-deployments/disnix/processes-with-tomcat-mysql.nix;
+  systemPackages = [ pkgs.disnix pkgs.DisnixWebService ];
+
+  readiness = {instanceName, instance, ...}:
+    pkgs.lib.optionalString (instanceName == "sshd" || instanceName == "apache") ''
+      machine.wait_for_open_port(${toString instance.port})
+    '';
+
+  tests = {instanceName, instance, forceDisableUserChange, ...}:
+    pkgs.lib.optionalString (instanceName == "disnix-service") ''
+      machine.succeed(
+          "${env} disnix-capture-infra ${./infra-bootstrap.nix} > infrastructure.nix"
+      )
+
+      # Check if the container services are present
+      machine.succeed("grep 'process = {' infrastructure.nix")
+      machine.succeed("grep 'tomcat-webapplication = {' infrastructure.nix")
+      machine.succeed("grep 'mysql-database = {' infrastructure.nix")
+    '';
+
+  inherit processManagers;
+
+  # We don't support unprivileged multi-user deployments
+  profiles = builtins.filter (profile: profile == "privileged") profiles;
+}
--- a/tests/disnix/tomcat-mysql/infra-bootstrap.nix
+++ b/tests/disnix/tomcat-mysql/infra-bootstrap.nix
@ -0,0 +1,3 @@
+{
+  localhost.properties.targetEPR = "http://localhost/DisnixWebService/services/DisnixWebService";
+}