nixos/tests/tracee.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / tracee.nix
at 24.11-pre 2.6 kB view raw
 1import ./make-test-python.nix ({ pkgs, ... }: rec {
 2  name = "tracee-integration";
 3  meta.maintainers = pkgs.tracee.meta.maintainers;
 4
 5  passthru.hello-world-builder = pkgs: pkgs.dockerTools.buildImage {
 6    name = "hello-world";
 7    tag = "latest";
 8    config.Cmd = [ "${pkgs.hello}/bin/hello" ];
 9  };
10
11  nodes = {
12    machine = { config, pkgs, ... }: {
13      # EventFilters/trace_only_events_from_new_containers and
14      # Test_EventFilters/trace_only_events_from_"dockerd"_binary_and_contain_it's_pid
15      # require docker/dockerd
16      virtualisation.docker.enable = true;
17
18      environment.systemPackages = with pkgs; [
19        # required by Test_EventFilters/trace_events_from_ls_and_which_binary_in_separate_scopes
20        which
21        # the go integration tests as a binary
22        tracee.passthru.tests.integration-test-cli
23      ];
24    };
25  };
26
27  testScript =
28    let
29      skippedTests = [
30        # these comm tests for some reason do not resolve.
31        # something about the test is different as it works fine if I replicate
32        # the policies and run tracee myself but doesn't work in the integration
33        # test either with the automatic run or running the commands by hand
34        # while it's searching.
35        "Test_EventFilters/comm:_event:_args:_trace_event_set_in_a_specific_policy_with_args_from_ls_command"
36        "Test_EventFilters/comm:_event:_trace_events_set_in_two_specific_policies_from_ls_and_uname_commands"
37
38        # worked at some point, seems to be flakey
39        "Test_EventFilters/pid:_event:_args:_trace_event_sched_switch_with_args_from_pid_0"
40      ];
41    in
42    ''
43      with subtest("prepare for integration tests"):
44        machine.wait_for_unit("docker.service")
45        machine.succeed('which bash')
46
47        # EventFilters/trace_only_events_from_new_containers also requires a container called "hello-world"
48        machine.succeed('docker load < ${passthru.hello-world-builder pkgs}')
49
50        # exec= needs fully resolved paths
51        machine.succeed(
52          'mkdir /tmp/testdir',
53          'cp $(which who) /tmp/testdir/who',
54          'cp $(which uname) /tmp/testdir/uname',
55        )
56
57      with subtest("run integration tests"):
58        # Test_EventFilters/trace_event_set_in_a_specific_scope expects to be in a dir that includes "integration"
59        # tests must be ran with 1 process
60        print(machine.succeed(
61          'mkdir /tmp/integration',
62          'cd /tmp/integration && export PATH="/tmp/testdir:$PATH" && integration.test -test.v -test.parallel 1 -test.skip="^${builtins.concatStringsSep "$|^" skippedTests}$"'
63        ))
64    '';
65})