nixos/tests/angie-api.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / angie-api.nix
at 24.11-pre 5.4 kB view raw
  1import ./make-test-python.nix ({lib, pkgs, ...}:
  2let
  3  hosts = ''
  4    192.168.2.101 example.com
  5    192.168.2.101 api.example.com
  6    192.168.2.101 backend.example.com
  7  '';
  8
  9in
 10{
 11  name = "angie-api";
 12  meta.maintainers = with pkgs.lib.maintainers; [ izorkin ];
 13
 14  nodes = {
 15    server = { pkgs, ... }: {
 16      networking = {
 17        interfaces.eth1 = {
 18          ipv4.addresses = [
 19            { address = "192.168.2.101"; prefixLength = 24; }
 20          ];
 21        };
 22        extraHosts = hosts;
 23        firewall.allowedTCPPorts = [ 80 ];
 24      };
 25
 26      services.nginx = {
 27        enable = true;
 28        package = pkgs.angie;
 29
 30        upstreams = {
 31          "backend-http" = {
 32            servers = { "backend.example.com:8080" = { fail_timeout = "0"; }; };
 33            extraConfig = ''
 34              zone upstream 256k;
 35            '';
 36          };
 37          "backend-socket" = {
 38            servers = { "unix:/run/example.sock" = { fail_timeout = "0"; }; };
 39            extraConfig = ''
 40              zone upstream 256k;
 41            '';
 42          };
 43        };
 44
 45        virtualHosts."api.example.com" = {
 46          locations."/console/" = {
 47            extraConfig = ''
 48              api /status/;
 49
 50              allow 192.168.2.201;
 51              deny all;
 52            '';
 53          };
 54        };
 55
 56        virtualHosts."example.com" = {
 57          locations."/test/" = {
 58            root = lib.mkForce (pkgs.runCommandLocal "testdir" {} ''
 59              mkdir -p "$out/test"
 60              cat > "$out/test/index.html" <<EOF
 61              <html><body>Hello World!</body></html>
 62              EOF
 63            '');
 64            extraConfig = ''
 65              status_zone test_zone;
 66
 67              allow 192.168.2.201;
 68              deny all;
 69            '';
 70          };
 71          locations."/test/locked/" = {
 72            extraConfig = ''
 73              status_zone test_zone;
 74
 75              deny all;
 76            '';
 77          };
 78          locations."/test/error/" = {
 79            extraConfig = ''
 80              status_zone test_zone;
 81
 82              allow all;
 83            '';
 84          };
 85          locations."/upstream-http/" = {
 86            proxyPass = "http://backend-http";
 87          };
 88          locations."/upstream-socket/" = {
 89            proxyPass = "http://backend-socket";
 90          };
 91        };
 92      };
 93    };
 94
 95    client = { pkgs, ... }: {
 96      environment.systemPackages = [ pkgs.jq ];
 97      networking = {
 98        interfaces.eth1 = {
 99          ipv4.addresses = [
100            { address = "192.168.2.201"; prefixLength = 24; }
101          ];
102        };
103        extraHosts = hosts;
104      };
105    };
106  };
107
108  testScript = ''
109    start_all()
110
111    server.wait_for_unit("nginx")
112    server.wait_for_open_port(80)
113
114    # Check Angie version
115    client.succeed("curl --verbose http://api.example.com/console/ | jq -e '.angie.version' | grep '${pkgs.angie.version}'")
116
117    # Check access
118    client.succeed("curl --verbose --head http://api.example.com/console/ | grep 'HTTP/1.1 200'")
119    server.succeed("curl --verbose --head http://api.example.com/console/ | grep 'HTTP/1.1 403 Forbidden'")
120
121    # Check responses and requests
122    client.succeed("curl --verbose http://example.com/test/")
123    client.succeed("curl --verbose http://example.com/test/locked/")
124    client.succeed("curl --verbose http://example.com/test/locked/")
125    client.succeed("curl --verbose http://example.com/test/error/")
126    client.succeed("curl --verbose http://example.com/test/error/")
127    client.succeed("curl --verbose http://example.com/test/error/")
128    server.succeed("curl --verbose http://example.com/test/")
129    client.succeed("curl --verbose http://api.example.com/console/ | jq -e '.http.location_zones.test_zone.responses.\"200\"' | grep '1'")
130    client.succeed("curl --verbose http://api.example.com/console/ | jq -e '.http.location_zones.test_zone.responses.\"403\"' | grep '3'")
131    client.succeed("curl --verbose http://api.example.com/console/ | jq -e '.http.location_zones.test_zone.responses.\"404\"' | grep '3'")
132    client.succeed("curl --verbose http://api.example.com/console/ | jq -e '.http.location_zones.test_zone.requests.total' | grep '7'")
133
134    # Check upstreams
135    client.succeed("curl --verbose http://api.example.com/console/ | jq -e '.http.upstreams.\"backend-http\".peers.\"192.168.2.101:8080\".state' | grep 'up'")
136    client.succeed("curl --verbose http://api.example.com/console/ | jq -e '.http.upstreams.\"backend-http\".peers.\"192.168.2.101:8080\".health.fails' | grep '0'")
137    client.succeed("curl --verbose http://api.example.com/console/ | jq -e '.http.upstreams.\"backend-socket\".peers.\"unix:/run/example.sock\".state' | grep 'up'")
138    client.succeed("curl --verbose http://api.example.com/console/ | jq -e '.http.upstreams.\"backend-socket\".peers.\"unix:/run/example.sock\".health.fails' | grep '0'")
139    client.succeed("curl --verbose http://example.com/upstream-http/")
140    client.succeed("curl --verbose http://example.com/upstream-socket/")
141    client.succeed("curl --verbose http://example.com/upstream-socket/")
142    client.succeed("curl --verbose http://api.example.com/console/ | jq -e '.http.upstreams.\"backend-http\".peers.\"192.168.2.101:8080\".health.fails' | grep '1'")
143    client.succeed("curl --verbose http://api.example.com/console/ | jq -e '.http.upstreams.\"backend-socket\".peers.\"unix:/run/example.sock\".health.fails' | grep '2'")
144
145    server.shutdown()
146    client.shutdown()
147  '';
148})