From f47e62ed6330b01e07d352c745360c4ed42895a2 Mon Sep 17 00:00:00 2001 From: Sander van der Burg Date: Tue, 13 Apr 2021 21:06:03 +0200 Subject: [PATCH] Add basic testcases for Disnix --- example-deployments/disnix/processes-bare.nix | 9 +++- .../disnix/processes-with-apache-mysql.nix | 9 +++- ...esses-with-tomcat-mysql-multi-instance.nix | 9 +++- .../disnix/processes-with-tomcat-mysql.nix | 15 ++++-- services-agnostic/constructors.nix | 2 +- services-agnostic/disnix-service/default.nix | 5 +- tests/default.nix | 16 +++++++ tests/disnix/apache-mysql/default.nix | 45 ++++++++++++++++++ tests/disnix/bare/default.nix | 40 ++++++++++++++++ tests/disnix/infra-bootstrap.nix | 3 ++ .../tomcat-mysql-multi-instance/default.nix | 47 +++++++++++++++++++ tests/disnix/tomcat-mysql/default.nix | 31 ++++++++++++ tests/disnix/tomcat-mysql/infra-bootstrap.nix | 3 ++ 13 files changed, 223 insertions(+), 11 deletions(-) create mode 100644 tests/disnix/apache-mysql/default.nix create mode 100644 tests/disnix/bare/default.nix create mode 100644 tests/disnix/infra-bootstrap.nix create mode 100644 tests/disnix/tomcat-mysql-multi-instance/default.nix create mode 100644 tests/disnix/tomcat-mysql/default.nix create mode 100644 tests/disnix/tomcat-mysql/infra-bootstrap.nix diff --git a/example-deployments/disnix/processes-bare.nix b/example-deployments/disnix/processes-bare.nix index 1a22e05..ada22b6 100644 --- a/example-deployments/disnix/processes-bare.nix +++ b/example-deployments/disnix/processes-bare.nix @@ -9,6 +9,7 @@ , tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp") , forceDisableUserChange ? false , processManager +, enablePAM ? false }: let @@ -19,9 +20,13 @@ let }; in rec { - sshd = { + sshd = rec { + port = 22; + pkg = constructors.sshd { - extraSSHDConfig = '' + inherit port; + + extraSSHDConfig = pkgs.lib.optionalString enablePAM '' UsePAM yes ''; }; diff --git a/example-deployments/disnix/processes-with-apache-mysql.nix b/example-deployments/disnix/processes-with-apache-mysql.nix index 963ba64..5436aa3 100644 --- a/example-deployments/disnix/processes-with-apache-mysql.nix +++ b/example-deployments/disnix/processes-with-apache-mysql.nix @@ -9,6 +9,7 @@ , tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp") , forceDisableUserChange ? false , processManager +, enablePAM ? false }: let @@ -23,9 +24,13 @@ let }; in rec { - sshd = { + sshd = rec { + port = 22; + pkg = constructors.sshd { - extraSSHDConfig = '' + inherit port; + + extraSSHDConfig = pkgs.lib.optionalString enablePAM '' UsePAM yes ''; }; diff --git a/example-deployments/disnix/processes-with-tomcat-mysql-multi-instance.nix b/example-deployments/disnix/processes-with-tomcat-mysql-multi-instance.nix index ba9071e..a001f2e 100644 --- a/example-deployments/disnix/processes-with-tomcat-mysql-multi-instance.nix +++ b/example-deployments/disnix/processes-with-tomcat-mysql-multi-instance.nix @@ -9,6 +9,7 @@ , tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp") , forceDisableUserChange ? false , processManager +, enablePAM ? false }: let @@ -23,9 +24,13 @@ let }; in rec { - sshd = { + sshd = rec { + port = 22; + pkg = constructors.sshd { - extraSSHDConfig = '' + inherit port; + + extraSSHDConfig = pkgs.lib.optionalString enablePAM '' UsePAM yes ''; }; diff --git a/example-deployments/disnix/processes-with-tomcat-mysql.nix b/example-deployments/disnix/processes-with-tomcat-mysql.nix index c2d94de..156f72c 100644 --- a/example-deployments/disnix/processes-with-tomcat-mysql.nix +++ b/example-deployments/disnix/processes-with-tomcat-mysql.nix @@ -9,6 +9,7 @@ , tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp") , forceDisableUserChange ? false , processManager +, enablePAM ? false }: let @@ -23,9 +24,13 @@ let }; in rec { - sshd = { + sshd = rec { + port = 22; + pkg = constructors.sshd { - extraSSHDConfig = '' + inherit port; + + extraSSHDConfig = pkgs.lib.optionalString enablePAM '' UsePAM yes ''; }; @@ -52,8 +57,12 @@ rec { properties.requiresUniqueIdsFor = [ "uids" "gids" ]; }; - apache = { + apache = rec { + port = 80; + pkg = constructors.basicAuthReverseProxyApache { + inherit port; + dependency = tomcat; serverAdmin = "admin@localhost"; targetProtocol = "ajp"; diff --git a/services-agnostic/constructors.nix b/services-agnostic/constructors.nix index a4c1747..fcc7ee1 100644 --- a/services-agnostic/constructors.nix +++ b/services-agnostic/constructors.nix @@ -60,7 +60,7 @@ in }; disnix-service = import ./disnix-service { - inherit createManagedProcess processManager nix-processmgmt ids; + inherit createManagedProcess nix-processmgmt ids processManager; inherit (pkgs) stdenv lib writeTextFile nix disnix dysnomia inetutils findutils; }; diff --git a/services-agnostic/disnix-service/default.nix b/services-agnostic/disnix-service/default.nix index 4dd83ba..80606cf 100644 --- a/services-agnostic/disnix-service/default.nix +++ b/services-agnostic/disnix-service/default.nix @@ -27,7 +27,10 @@ createManagedProcess { inherit stdenv lib writeTextFile nix-processmgmt processManager dysnomiaProperties dysnomiaContainers containerProviders extraDysnomiaContainersPath processManagerContainerSettings; }; daemonExtraArgs = [ "--daemon" ]; - dependencies = lib.optional (dbus-daemon != null) dbus-daemon.pkg + dependencies = + # If we use systemd, we should not add dbus-daemon as a dependency. It causes infinite recursion. + # Moreover, since D-Bus is already enabled for systemd, there is no reason to wait for it anyway. + lib.optional (dbus-daemon != null && processManager != "systemd") dbus-daemon.pkg ++ map (containerProvider: containerProvider.pkg) containerProviders; credentials = { diff --git a/tests/default.nix b/tests/default.nix index 429d9f4..f2483e9 100644 --- a/tests/default.nix +++ b/tests/default.nix @@ -23,6 +23,22 @@ in inherit pkgs processManagers profiles testService; }; + disnix = import ./disnix/bare { + inherit pkgs processManagers profiles testService; + }; + + disnix-with-apache-mysql = import ./disnix/apache-mysql { + inherit pkgs processManagers profiles testService; + }; + + disnix-with-tomcat-mysql = import ./disnix/tomcat-mysql { + inherit pkgs processManagers profiles testService; + }; + + disnix-with-tomcat-mysql-multi-instance = import ./disnix/tomcat-mysql-multi-instance { + inherit pkgs processManagers profiles testService; + }; + docker = import ./docker { inherit pkgs processManagers profiles testService; }; diff --git a/tests/disnix/apache-mysql/default.nix b/tests/disnix/apache-mysql/default.nix new file mode 100644 index 0000000..a6f5970 --- /dev/null +++ b/tests/disnix/apache-mysql/default.nix @@ -0,0 +1,45 @@ +{ pkgs, testService, processManagers, profiles }: + +let + env = "NIX_PATH='nixpkgs=${}' SSH_OPTS='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' DISNIX_REMOTE_CLIENT=disnix-client"; +in +testService { + exprFile = ../../../example-deployments/disnix/processes-with-apache-mysql.nix; + systemPackages = [ pkgs.disnix ]; + + initialTests = {forceDisableUserChange, ...}: + let + homeDir = if forceDisableUserChange then "/home/unprivileged" else "/root"; + in + '' + machine.succeed("cd ${homeDir}") + machine.succeed('ssh-keygen -t ecdsa -f key -N ""') + machine.succeed("mkdir -m 700 ${homeDir}/.ssh") + machine.succeed("cp key.pub ${homeDir}/.ssh/authorized_keys") + machine.succeed("chmod 600 ${homeDir}/.ssh/authorized_keys") + machine.succeed("cp key ${homeDir}/.ssh/id_dsa") + machine.succeed("chmod 600 ${homeDir}/.ssh/id_dsa") + ''; + + readiness = {instanceName, instance, ...}: + pkgs.lib.optionalString (instanceName == "sshd") '' + machine.wait_for_open_port(${toString instance.port}) + ''; + + tests = {instanceName, instance, forceDisableUserChange, ...}: + pkgs.lib.optionalString (instanceName == "disnix-service") '' + machine.succeed( + "${env} disnix-capture-infra ${../infra-bootstrap.nix} > infrastructure.nix" + ) + + # Check if the container services are present + machine.succeed("grep 'process = {' infrastructure.nix") + machine.succeed("grep 'apache-webapplication = {' infrastructure.nix") + machine.succeed("grep 'mysql-database = {' infrastructure.nix") + ''; + + inherit processManagers; + + # We don't support unprivileged multi-user deployments + profiles = builtins.filter (profile: profile == "privileged") profiles; +} diff --git a/tests/disnix/bare/default.nix b/tests/disnix/bare/default.nix new file mode 100644 index 0000000..79244d7 --- /dev/null +++ b/tests/disnix/bare/default.nix @@ -0,0 +1,40 @@ +{ pkgs, testService, processManagers, profiles }: + +let + env = "NIX_PATH='nixpkgs=${}' SSH_OPTS='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' DISNIX_REMOTE_CLIENT=disnix-client"; +in +testService { + exprFile = ../../../example-deployments/disnix/processes-bare.nix; + systemPackages = [ pkgs.disnix ]; + + initialTests = {forceDisableUserChange, ...}: + let + homeDir = if forceDisableUserChange then "/home/unprivileged" else "/root"; + in + '' + machine.succeed("cd ${homeDir}") + machine.succeed('ssh-keygen -t ecdsa -f key -N ""') + machine.succeed("mkdir -m 700 ${homeDir}/.ssh") + machine.succeed("cp key.pub ${homeDir}/.ssh/authorized_keys") + machine.succeed("chmod 600 ${homeDir}/.ssh/authorized_keys") + machine.succeed("cp key ${homeDir}/.ssh/id_dsa") + machine.succeed("chmod 600 ${homeDir}/.ssh/id_dsa") + ''; + + readiness = {instanceName, instance, ...}: + pkgs.lib.optionalString (instanceName == "sshd") '' + machine.wait_for_open_port(${toString instance.port}) + ''; + + tests = {instanceName, instance, forceDisableUserChange, ...}: + pkgs.lib.optionalString (instanceName == "disnix-service") '' + machine.succeed( + "${env} disnix-capture-infra ${../infra-bootstrap.nix} | grep 'process = {'" + ) + ''; + + inherit processManagers; + + # We don't support unprivileged multi-user deployments + profiles = builtins.filter (profile: profile == "privileged") profiles; +} diff --git a/tests/disnix/infra-bootstrap.nix b/tests/disnix/infra-bootstrap.nix new file mode 100644 index 0000000..309d4d7 --- /dev/null +++ b/tests/disnix/infra-bootstrap.nix @@ -0,0 +1,3 @@ +{ + localhost.properties.hostname = "localhost"; +} diff --git a/tests/disnix/tomcat-mysql-multi-instance/default.nix b/tests/disnix/tomcat-mysql-multi-instance/default.nix new file mode 100644 index 0000000..15c6a38 --- /dev/null +++ b/tests/disnix/tomcat-mysql-multi-instance/default.nix @@ -0,0 +1,47 @@ +{ pkgs, testService, processManagers, profiles }: + +let + env = "NIX_PATH='nixpkgs=${}' SSH_OPTS='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' DISNIX_REMOTE_CLIENT=disnix-client"; +in +testService { + exprFile = ../../../example-deployments/disnix/processes-with-tomcat-mysql-multi-instance.nix; + systemPackages = [ pkgs.disnix ]; + + initialTests = {forceDisableUserChange, ...}: + let + homeDir = if forceDisableUserChange then "/home/unprivileged" else "/root"; + in + '' + machine.succeed("cd ${homeDir}") + machine.succeed('ssh-keygen -t ecdsa -f key -N ""') + machine.succeed("mkdir -m 700 ${homeDir}/.ssh") + machine.succeed("cp key.pub ${homeDir}/.ssh/authorized_keys") + machine.succeed("chmod 600 ${homeDir}/.ssh/authorized_keys") + machine.succeed("cp key ${homeDir}/.ssh/id_dsa") + machine.succeed("chmod 600 ${homeDir}/.ssh/id_dsa") + ''; + + readiness = {instanceName, instance, ...}: + pkgs.lib.optionalString (instanceName == "sshd") '' + machine.wait_for_open_port(${toString instance.port}) + ''; + + tests = {instanceName, instance, forceDisableUserChange, ...}: + pkgs.lib.optionalString (instanceName == "disnix-service") '' + machine.succeed( + "${env} disnix-capture-infra ${../infra-bootstrap.nix} > infrastructure.nix" + ) + + # Check if the container services are present + machine.succeed("grep 'process = {' infrastructure.nix") + machine.succeed("grep 'tomcat-webapplication-primary = {' infrastructure.nix") + machine.succeed("grep 'tomcat-webapplication-secondary = {' infrastructure.nix") + machine.succeed("grep 'mysql-database-primary = {' infrastructure.nix") + machine.succeed("grep 'mysql-database-secondary = {' infrastructure.nix") + ''; + + inherit processManagers; + + # We don't support unprivileged multi-user deployments + profiles = builtins.filter (profile: profile == "privileged") profiles; +} diff --git a/tests/disnix/tomcat-mysql/default.nix b/tests/disnix/tomcat-mysql/default.nix new file mode 100644 index 0000000..d45c5a0 --- /dev/null +++ b/tests/disnix/tomcat-mysql/default.nix @@ -0,0 +1,31 @@ +{ pkgs, testService, processManagers, profiles }: + +let + env = "NIX_PATH='nixpkgs=${}' DISNIX_CLIENT_INTERFACE=disnix-soap-client DISNIX_TARGET_PROPERTY=targetEPR DISNIX_SOAP_CLIENT_USERNAME=admin DISNIX_SOAP_CLIENT_PASSWORD=secret"; +in +testService { + exprFile = ../../../example-deployments/disnix/processes-with-tomcat-mysql.nix; + systemPackages = [ pkgs.disnix pkgs.DisnixWebService ]; + + readiness = {instanceName, instance, ...}: + pkgs.lib.optionalString (instanceName == "sshd" || instanceName == "apache") '' + machine.wait_for_open_port(${toString instance.port}) + ''; + + tests = {instanceName, instance, forceDisableUserChange, ...}: + pkgs.lib.optionalString (instanceName == "disnix-service") '' + machine.succeed( + "${env} disnix-capture-infra ${./infra-bootstrap.nix} > infrastructure.nix" + ) + + # Check if the container services are present + machine.succeed("grep 'process = {' infrastructure.nix") + machine.succeed("grep 'tomcat-webapplication = {' infrastructure.nix") + machine.succeed("grep 'mysql-database = {' infrastructure.nix") + ''; + + inherit processManagers; + + # We don't support unprivileged multi-user deployments + profiles = builtins.filter (profile: profile == "privileged") profiles; +} diff --git a/tests/disnix/tomcat-mysql/infra-bootstrap.nix b/tests/disnix/tomcat-mysql/infra-bootstrap.nix new file mode 100644 index 0000000..4b2cd49 --- /dev/null +++ b/tests/disnix/tomcat-mysql/infra-bootstrap.nix @@ -0,0 +1,3 @@ +{ + localhost.properties.targetEPR = "http://localhost/DisnixWebService/services/DisnixWebService"; +}