pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / minio.nix
at 25.11-pre 3.9 kB view raw
1import ./make-test-python.nix ( 2 { pkgs, ... }: 3 let 4 tls-cert = pkgs.runCommand "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } '' 5 openssl req \ 6 -x509 -newkey rsa:4096 -sha256 -days 365 \ 7 -nodes -out cert.pem -keyout key.pem \ 8 -subj '/CN=minio' -addext "subjectAltName=DNS:localhost" 9 10 mkdir -p $out 11 cp key.pem cert.pem $out 12 ''; 13 14 accessKey = "BKIKJAA5BMMU2RHO6IBB"; 15 secretKey = "V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12"; 16 minioPythonScript = pkgs.writeScript "minio-test.py" '' 17 #! ${pkgs.python3.withPackages (ps: [ ps.minio ])}/bin/python 18 import io 19 import os 20 import sys 21 from minio import Minio 22 23 if len(sys.argv) > 1 and sys.argv[1] == 'tls': 24 tls = True 25 else: 26 tls = False 27 28 minioClient = Minio('localhost:9000', 29 access_key='${accessKey}', 30 secret_key='${secretKey}', 31 secure=tls, 32 cert_check=False) 33 sio = io.BytesIO() 34 sio.write(b'Test from Python') 35 sio.seek(0, os.SEEK_END) 36 sio_len = sio.tell() 37 sio.seek(0) 38 minioClient.put_object('test-bucket', 'test.txt', sio, sio_len, content_type='text/plain') 39 ''; 40 rootCredentialsFile = "/etc/nixos/minio-root-credentials"; 41 credsPartial = pkgs.writeText "minio-credentials-partial" '' 42 MINIO_ROOT_USER=${accessKey} 43 ''; 44 credsFull = pkgs.writeText "minio-credentials-full" '' 45 MINIO_ROOT_USER=${accessKey} 46 MINIO_ROOT_PASSWORD=${secretKey} 47 ''; 48 in 49 { 50 name = "minio"; 51 meta = with pkgs.lib.maintainers; { 52 maintainers = [ bachp ]; 53 }; 54 55 nodes = { 56 machine = 57 { pkgs, ... }: 58 { 59 services.minio = { 60 enable = true; 61 inherit rootCredentialsFile; 62 }; 63 environment.systemPackages = [ pkgs.minio-client ]; 64 65 # Minio requires at least 1GiB of free disk space to run. 66 virtualisation.diskSize = 4 * 1024; 67 68 # Minio pre allocates 2GiB or memory, reserve some more 69 virtualisation.memorySize = 4096; 70 }; 71 }; 72 73 testScript = '' 74 75 start_all() 76 # simulate manually editing root credentials file 77 machine.wait_for_unit("multi-user.target") 78 machine.copy_from_host("${credsFull}", "${rootCredentialsFile}") 79 80 # Test non-TLS server 81 machine.wait_for_unit("minio.service") 82 machine.wait_for_open_port(9000) 83 84 # Create a test bucket on the server 85 machine.succeed( 86 "mc config host add minio http://localhost:9000 ${accessKey} ${secretKey} --api s3v4" 87 ) 88 machine.succeed("mc mb minio/test-bucket") 89 machine.succeed("${minioPythonScript}") 90 assert "test-bucket" in machine.succeed("mc ls minio") 91 assert "Test from Python" in machine.succeed("mc cat minio/test-bucket/test.txt") 92 machine.succeed("mc rb --force minio/test-bucket") 93 machine.systemctl("stop minio.service") 94 95 # Test TLS server 96 machine.copy_from_host("${tls-cert}/cert.pem", "/var/lib/minio/certs/public.crt") 97 machine.copy_from_host("${tls-cert}/key.pem", "/var/lib/minio/certs/private.key") 98 99 machine.systemctl("start minio.service") 100 machine.wait_for_unit("minio.service") 101 machine.wait_for_open_port(9000) 102 103 # Create a test bucket on the server 104 machine.succeed( 105 "mc config host add minio https://localhost:9000 ${accessKey} ${secretKey} --api s3v4" 106 ) 107 machine.succeed("mc --insecure mb minio/test-bucket") 108 machine.succeed("${minioPythonScript} tls") 109 assert "test-bucket" in machine.succeed("mc --insecure ls minio") 110 assert "Test from Python" in machine.succeed("mc --insecure cat minio/test-bucket/test.txt") 111 machine.succeed("mc --insecure rb --force minio/test-bucket") 112 113 machine.shutdown() 114 ''; 115 } 116)