pyrox.dev
1import ./make-test-python.nix ({ lib, pkgs, ... }:
2
3let
4 config_refresh = "10";
5 nullvalue = "NULL";
6 utc = false;
7in
8{
9 name = "osquery";
10 meta.maintainers = with lib.maintainers; [ znewman01 lewo ];
11
12 nodes.machine = { config, pkgs, ... }: {
13 services.osquery = {
14 enable = true;
15
16 settings.options = { inherit nullvalue utc; };
17 flags = {
18 inherit config_refresh;
19 nullvalue = "IGNORED";
20 };
21 };
22 };
23
24 testScript = { nodes, ... }:
25 let
26 cfg = nodes.machine.services.osquery;
27 in
28 ''
29 machine.start()
30 machine.wait_for_unit("osqueryd.service")
31
32 # Stop the osqueryd service so that we can use osqueryi to check information stored in the database.
33 machine.wait_until_succeeds("systemctl stop osqueryd.service")
34
35 # osqueryd was able to query information about the host.
36 machine.succeed("echo 'SELECT address FROM etc_hosts LIMIT 1;' | osqueryi | tee /dev/console | grep -q '127.0.0.1'")
37
38 # osquery binaries respect configuration from the Nix config option.
39 machine.succeed("echo 'SELECT value FROM osquery_flags WHERE name = \"utc\";' | osqueryi | tee /dev/console | grep -q ${lib.boolToString utc}")
40
41 # osquery binaries respect configuration from the Nix flags option.
42 machine.succeed("echo 'SELECT value FROM osquery_flags WHERE name = \"config_refresh\";' | osqueryi | tee /dev/console | grep -q ${config_refresh}")
43
44 # Demonstrate that osquery binaries prefer configuration plugin options over CLI flags.
45 # https://osquery.readthedocs.io/en/latest/deployment/configuration/#options.
46 machine.succeed("echo 'SELECT value FROM osquery_flags WHERE name = \"nullvalue\";' | osqueryi | tee /dev/console | grep -q ${nullvalue}")
47
48 # Module creates directories for default database_path and pidfile flag values.
49 machine.succeed("test -d $(dirname ${cfg.flags.database_path})")
50 machine.succeed("test -d $(dirname ${cfg.flags.pidfile})")
51 '';
52})