pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / influxdb2.nix
at 24.11-pre 8.4 kB view raw
1import ./make-test-python.nix ({ pkgs, ...} : { 2 name = "influxdb2"; 3 meta = with pkgs.lib.maintainers; { 4 maintainers = [ offline ]; 5 }; 6 7 nodes.machine = { lib, ... }: { 8 environment.systemPackages = [ pkgs.influxdb2-cli ]; 9 # Make sure that the service is restarted immediately if tokens need to be rewritten 10 # without relying on any Restart=on-failure behavior 11 systemd.services.influxdb2.serviceConfig.RestartSec = 6000; 12 services.influxdb2.enable = true; 13 services.influxdb2.provision = { 14 enable = true; 15 initialSetup = { 16 organization = "default"; 17 bucket = "default"; 18 passwordFile = pkgs.writeText "admin-pw" "ExAmPl3PA55W0rD"; 19 tokenFile = pkgs.writeText "admin-token" "verysecureadmintoken"; 20 }; 21 organizations.someorg = { 22 buckets.somebucket = {}; 23 auths.sometoken = { 24 description = "some auth token"; 25 readBuckets = ["somebucket"]; 26 writeBuckets = ["somebucket"]; 27 }; 28 }; 29 users.someuser.passwordFile = pkgs.writeText "tmp-pw" "abcgoiuhaoga"; 30 }; 31 32 specialisation.withModifications.configuration = { ... }: { 33 services.influxdb2.provision = { 34 organizations.someorg.buckets.somebucket.present = false; 35 organizations.someorg.auths.sometoken.present = false; 36 users.someuser.present = false; 37 38 organizations.myorg = { 39 description = "Myorg description"; 40 buckets.mybucket = { 41 description = "Mybucket description"; 42 }; 43 auths.mytoken = { 44 operator = true; 45 description = "operator token"; 46 tokenFile = pkgs.writeText "tmp-tok" "someusertoken"; 47 }; 48 }; 49 users.myuser.passwordFile = pkgs.writeText "tmp-pw" "abcgoiuhaoga"; 50 }; 51 }; 52 53 specialisation.withParentDelete.configuration = { ... }: { 54 services.influxdb2.provision = { 55 organizations.someorg.present = false; 56 # Deleting the parent implies: 57 #organizations.someorg.buckets.somebucket.present = false; 58 #organizations.someorg.auths.sometoken.present = false; 59 }; 60 }; 61 62 specialisation.withNewTokens.configuration = { ... }: { 63 services.influxdb2.provision = { 64 organizations.default = { 65 auths.operator = { 66 operator = true; 67 description = "new optoken"; 68 tokenFile = pkgs.writeText "tmp-tok" "newoptoken"; 69 }; 70 auths.allaccess = { 71 operator = true; 72 description = "new allaccess"; 73 tokenFile = pkgs.writeText "tmp-tok" "newallaccess"; 74 }; 75 auths.specifics = { 76 description = "new specifics"; 77 readPermissions = ["users" "tasks"]; 78 writePermissions = ["tasks"]; 79 tokenFile = pkgs.writeText "tmp-tok" "newspecificstoken"; 80 }; 81 }; 82 }; 83 }; 84 }; 85 86 testScript = { nodes, ... }: 87 let 88 specialisations = "${nodes.machine.system.build.toplevel}/specialisation"; 89 tokenArg = "--token verysecureadmintoken"; 90 in '' 91 def assert_contains(haystack, needle): 92 if needle not in haystack: 93 print("The haystack that will cause the following exception is:") 94 print("---") 95 print(haystack) 96 print("---") 97 raise Exception(f"Expected string '{needle}' was not found") 98 99 def assert_lacks(haystack, needle): 100 if needle in haystack: 101 print("The haystack that will cause the following exception is:") 102 print("---") 103 print(haystack, end="") 104 print("---") 105 raise Exception(f"Unexpected string '{needle}' was found") 106 107 machine.wait_for_unit("influxdb2.service") 108 109 machine.fail("curl --fail -X POST 'http://localhost:8086/api/v2/signin' -u admin:wrongpassword") 110 machine.succeed("curl --fail -X POST 'http://localhost:8086/api/v2/signin' -u admin:ExAmPl3PA55W0rD") 111 112 out = machine.succeed("influx org list ${tokenArg}") 113 assert_contains(out, "default") 114 assert_lacks(out, "myorg") 115 assert_contains(out, "someorg") 116 117 out = machine.succeed("influx bucket list ${tokenArg} --org default") 118 assert_contains(out, "default") 119 120 machine.fail("influx bucket list ${tokenArg} --org myorg") 121 122 out = machine.succeed("influx bucket list ${tokenArg} --org someorg") 123 assert_contains(out, "somebucket") 124 125 out = machine.succeed("influx user list ${tokenArg}") 126 assert_contains(out, "admin") 127 assert_lacks(out, "myuser") 128 assert_contains(out, "someuser") 129 130 out = machine.succeed("influx auth list ${tokenArg}") 131 assert_lacks(out, "operator token") 132 assert_contains(out, "some auth token") 133 134 with subtest("withModifications"): 135 machine.succeed('${specialisations}/withModifications/bin/switch-to-configuration test') 136 machine.wait_for_unit("influxdb2.service") 137 138 out = machine.succeed("influx org list ${tokenArg}") 139 assert_contains(out, "default") 140 assert_contains(out, "myorg") 141 assert_contains(out, "someorg") 142 143 out = machine.succeed("influx bucket list ${tokenArg} --org myorg") 144 assert_contains(out, "mybucket") 145 146 out = machine.succeed("influx bucket list ${tokenArg} --org someorg") 147 assert_lacks(out, "somebucket") 148 149 out = machine.succeed("influx user list ${tokenArg}") 150 assert_contains(out, "admin") 151 assert_contains(out, "myuser") 152 assert_lacks(out, "someuser") 153 154 out = machine.succeed("influx auth list ${tokenArg}") 155 assert_contains(out, "operator token") 156 assert_lacks(out, "some auth token") 157 158 # Make sure the user token is also usable 159 machine.succeed("influx auth list --token someusertoken") 160 161 with subtest("keepsUnrelated"): 162 machine.succeed('${nodes.machine.system.build.toplevel}/bin/switch-to-configuration test') 163 machine.wait_for_unit("influxdb2.service") 164 165 out = machine.succeed("influx org list ${tokenArg}") 166 assert_contains(out, "default") 167 assert_contains(out, "myorg") 168 assert_contains(out, "someorg") 169 170 out = machine.succeed("influx bucket list ${tokenArg} --org default") 171 assert_contains(out, "default") 172 173 out = machine.succeed("influx bucket list ${tokenArg} --org myorg") 174 assert_contains(out, "mybucket") 175 176 out = machine.succeed("influx bucket list ${tokenArg} --org someorg") 177 assert_contains(out, "somebucket") 178 179 out = machine.succeed("influx user list ${tokenArg}") 180 assert_contains(out, "admin") 181 assert_contains(out, "myuser") 182 assert_contains(out, "someuser") 183 184 out = machine.succeed("influx auth list ${tokenArg}") 185 assert_contains(out, "operator token") 186 assert_contains(out, "some auth token") 187 188 with subtest("withParentDelete"): 189 machine.succeed('${specialisations}/withParentDelete/bin/switch-to-configuration test') 190 machine.wait_for_unit("influxdb2.service") 191 192 out = machine.succeed("influx org list ${tokenArg}") 193 assert_contains(out, "default") 194 assert_contains(out, "myorg") 195 assert_lacks(out, "someorg") 196 197 out = machine.succeed("influx bucket list ${tokenArg} --org default") 198 assert_contains(out, "default") 199 200 out = machine.succeed("influx bucket list ${tokenArg} --org myorg") 201 assert_contains(out, "mybucket") 202 203 machine.fail("influx bucket list ${tokenArg} --org someorg") 204 205 out = machine.succeed("influx user list ${tokenArg}") 206 assert_contains(out, "admin") 207 assert_contains(out, "myuser") 208 assert_contains(out, "someuser") 209 210 out = machine.succeed("influx auth list ${tokenArg}") 211 assert_contains(out, "operator token") 212 assert_lacks(out, "some auth token") 213 214 with subtest("withNewTokens"): 215 machine.succeed('${specialisations}/withNewTokens/bin/switch-to-configuration test') 216 machine.wait_for_unit("influxdb2.service") 217 218 out = machine.succeed("influx auth list ${tokenArg}") 219 assert_contains(out, "operator token") 220 assert_contains(out, "some auth token") 221 assert_contains(out, "new optoken") 222 assert_contains(out, "new allaccess") 223 assert_contains(out, "new specifics") 224 ''; 225})