nixos/tests/taskserver.nix at 16.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / taskserver.nix
at 16.09-beta 4.9 kB view raw
  1import ./make-test.nix {
  2  name = "taskserver";
  3
  4  nodes = rec {
  5    server = {
  6      services.taskserver.enable = true;
  7      services.taskserver.listenHost = "::";
  8      services.taskserver.fqdn = "server";
  9      services.taskserver.organisations = {
 10        testOrganisation.users = [ "alice" "foo" ];
 11        anotherOrganisation.users = [ "bob" ];
 12      };
 13    };
 14
 15    client1 = { pkgs, ... }: {
 16      environment.systemPackages = [ pkgs.taskwarrior pkgs.gnutls ];
 17      users.users.alice.isNormalUser = true;
 18      users.users.bob.isNormalUser = true;
 19      users.users.foo.isNormalUser = true;
 20      users.users.bar.isNormalUser = true;
 21    };
 22
 23    client2 = client1;
 24  };
 25
 26  testScript = { nodes, ... }: let
 27    cfg = nodes.server.config.services.taskserver;
 28    portStr = toString cfg.listenPort;
 29  in ''
 30    sub su ($$) {
 31      my ($user, $cmd) = @_;
 32      my $esc = $cmd =~ s/'/'\\${"'"}'/gr;
 33      return "su - $user -c '$esc'";
 34    }
 35
 36    sub setupClientsFor ($$) {
 37      my ($org, $user) = @_;
 38
 39      for my $client ($client1, $client2) {
 40        $client->nest("initialize client for user $user", sub {
 41          $client->succeed(
 42            (su $user, "rm -rf /home/$user/.task"),
 43            (su $user, "task rc.confirmation=no config confirmation no")
 44          );
 45
 46          my $exportinfo = $server->succeed(
 47            "nixos-taskserver user export $org $user"
 48          );
 49
 50          $exportinfo =~ s/'/'\\'''/g;
 51
 52          $client->nest("importing taskwarrior configuration", sub {
 53            my $cmd = su $user, "eval '$exportinfo' >&2";
 54            my ($status, $out) = $client->execute_($cmd);
 55            if ($status != 0) {
 56              $client->log("output: $out");
 57              die "command `$cmd' did not succeed (exit code $status)\n";
 58            }
 59          });
 60
 61          $client->succeed(su $user,
 62            "task config taskd.server server:${portStr} >&2"
 63          );
 64
 65          $client->succeed(su $user, "task sync init >&2");
 66        });
 67      }
 68    }
 69
 70    sub restartServer {
 71      $server->succeed("systemctl restart taskserver.service");
 72      $server->waitForOpenPort(${portStr});
 73    }
 74
 75    sub readdImperativeUser {
 76      $server->nest("(re-)add imperative user bar", sub {
 77        $server->execute("nixos-taskserver org remove imperativeOrg");
 78        $server->succeed(
 79          "nixos-taskserver org add imperativeOrg",
 80          "nixos-taskserver user add imperativeOrg bar"
 81        );
 82        setupClientsFor "imperativeOrg", "bar";
 83      });
 84    }
 85
 86    sub testSync ($) {
 87      my $user = $_[0];
 88      subtest "sync for user $user", sub {
 89        $client1->succeed(su $user, "task add foo >&2");
 90        $client1->succeed(su $user, "task sync >&2");
 91        $client2->fail(su $user, "task list >&2");
 92        $client2->succeed(su $user, "task sync >&2");
 93        $client2->succeed(su $user, "task list >&2");
 94      };
 95    }
 96
 97    sub checkClientCert ($) {
 98      my $user = $_[0];
 99      my $cmd = "gnutls-cli".
100        " --x509cafile=/home/$user/.task/keys/ca.cert".
101        " --x509keyfile=/home/$user/.task/keys/private.key".
102        " --x509certfile=/home/$user/.task/keys/public.cert".
103        " --port=${portStr} server < /dev/null";
104      return su $user, $cmd;
105    }
106
107    startAll;
108
109    $server->waitForUnit("taskserver.service");
110
111    $server->succeed(
112      "nixos-taskserver user list testOrganisation | grep -qxF alice",
113      "nixos-taskserver user list testOrganisation | grep -qxF foo",
114      "nixos-taskserver user list anotherOrganisation | grep -qxF bob"
115    );
116
117    $server->waitForOpenPort(${portStr});
118
119    $client1->waitForUnit("multi-user.target");
120    $client2->waitForUnit("multi-user.target");
121
122    setupClientsFor "testOrganisation", "alice";
123    setupClientsFor "testOrganisation", "foo";
124    setupClientsFor "anotherOrganisation", "bob";
125
126    testSync $_ for ("alice", "bob", "foo");
127
128    $server->fail("nixos-taskserver user add imperativeOrg bar");
129    readdImperativeUser;
130
131    testSync "bar";
132
133    subtest "checking certificate revocation of user bar", sub {
134      $client1->succeed(checkClientCert "bar");
135
136      $server->succeed("nixos-taskserver user remove imperativeOrg bar");
137      restartServer;
138
139      $client1->fail(checkClientCert "bar");
140
141      $client1->succeed(su "bar", "task add destroy everything >&2");
142      $client1->fail(su "bar", "task sync >&2");
143    };
144
145    readdImperativeUser;
146
147    subtest "checking certificate revocation of org imperativeOrg", sub {
148      $client1->succeed(checkClientCert "bar");
149
150      $server->succeed("nixos-taskserver org remove imperativeOrg");
151      restartServer;
152
153      $client1->fail(checkClientCert "bar");
154
155      $client1->succeed(su "bar", "task add destroy even more >&2");
156      $client1->fail(su "bar", "task sync >&2");
157    };
158
159    readdImperativeUser;
160
161    subtest "check whether declarative config overrides user bar", sub {
162      restartServer;
163      testSync "bar";
164    };
165  '';
166}