nixos/tests/openresty-lua.nix at 23.11-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / openresty-lua.nix
at 23.11-beta 3.4 kB view raw
  1import ./make-test-python.nix ({ pkgs, lib, ... }:
  2  let
  3    lualibs = [
  4      pkgs.lua.pkgs.markdown
  5    ];
  6
  7    getPath = lib: type: "${lib}/share/lua/${pkgs.lua.luaversion}/?.${type}";
  8    getLuaPath = lib: getPath lib "lua";
  9    luaPath = lib.concatStringsSep ";" (map getLuaPath lualibs);
 10  in
 11  {
 12    name = "openresty-lua";
 13    meta = with pkgs.lib.maintainers; {
 14      maintainers = [ bbigras ];
 15    };
 16
 17    nodes = {
 18      webserver = { pkgs, lib, ... }: {
 19        networking = {
 20          extraHosts = ''
 21            127.0.0.1 default.test
 22            127.0.0.1 sandbox.test
 23          '';
 24        };
 25        services.nginx = {
 26          enable = true;
 27          package = pkgs.openresty;
 28
 29          commonHttpConfig = ''
 30            lua_package_path '${luaPath};;';
 31          '';
 32
 33          virtualHosts."default.test" = {
 34            default = true;
 35            locations."/" = {
 36              extraConfig = ''
 37                default_type text/html;
 38                access_by_lua '
 39                  local markdown = require "markdown"
 40                  markdown("source")
 41                ';
 42              '';
 43            };
 44          };
 45
 46          virtualHosts."sandbox.test" = {
 47            locations."/test1-write" = {
 48              extraConfig = ''
 49                content_by_lua_block {
 50                  local create = os.execute('${pkgs.coreutils}/bin/mkdir /tmp/test1-read')
 51                  local create = os.execute('${pkgs.coreutils}/bin/touch /tmp/test1-read/foo.txt')
 52                  local echo = os.execute('${pkgs.coreutils}/bin/echo worked > /tmp/test1-read/foo.txt')
 53                }
 54              '';
 55            };
 56            locations."/test1-read" = {
 57              root = "/tmp";
 58            };
 59            locations."/test2-write" = {
 60              extraConfig = ''
 61                content_by_lua_block {
 62                  local create = os.execute('${pkgs.coreutils}/bin/mkdir /var/web/test2-read')
 63                  local create = os.execute('${pkgs.coreutils}/bin/touch /var/web/test2-read/bar.txt')
 64                  local echo = os.execute('${pkgs.coreutils}/bin/echo error-worked > /var/web/test2-read/bar.txt')
 65                }
 66              '';
 67            };
 68            locations."/test2-read" = {
 69              root = "/var/web";
 70            };
 71          };
 72        };
 73      };
 74    };
 75
 76    testScript = { nodes, ... }:
 77      ''
 78        url = "http://localhost"
 79
 80        webserver.wait_for_unit("nginx")
 81        webserver.wait_for_open_port(80)
 82
 83        http_code = webserver.succeed(
 84          f"curl -w '%{{http_code}}' --head --fail {url}"
 85        )
 86        assert http_code.split("\n")[-1] == "200"
 87
 88        # This test checks the creation and reading of a file in sandbox mode.
 89        # Checking write in temporary folder
 90        webserver.succeed("$(curl -vvv http://sandbox.test/test1-write)")
 91        webserver.succeed('test "$(curl -fvvv http://sandbox.test/test1-read/foo.txt)" = worked')
 92        # Checking write in protected folder. In sandbox mode for the nginx service, the folder /var/web is mounted
 93        # in read-only mode.
 94        webserver.succeed("mkdir -p /var/web")
 95        webserver.succeed("chown nginx:nginx /var/web")
 96        webserver.succeed("$(curl -vvv http://sandbox.test/test2-write)")
 97        assert "404 Not Found" in machine.succeed(
 98            "curl -vvv -s http://sandbox.test/test2-read/bar.txt"
 99        )
100      '';
101  })