nixos/tests/nextcloud/with-objectstore.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / nextcloud / with-objectstore.nix
at 25.11-pre 5.0 kB view raw
  1{
  2  name,
  3  pkgs,
  4  testBase,
  5  system,
  6  ...
  7}:
  8
  9with import ../../lib/testing-python.nix { inherit system pkgs; };
 10runTest (
 11  { config, lib, ... }:
 12  let
 13    accessKey = "BKIKJAA5BMMU2RHO6IBB";
 14    secretKey = "V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12";
 15
 16    rootCredentialsFile = pkgs.writeText "minio-credentials-full" ''
 17      MINIO_ROOT_USER=${accessKey}
 18      MINIO_ROOT_PASSWORD=${secretKey}
 19    '';
 20  in
 21  {
 22    inherit name;
 23    meta.maintainers = lib.teams.nextcloud.members;
 24
 25    imports = [ testBase ];
 26
 27    nodes = {
 28      nextcloud =
 29        {
 30          config,
 31          pkgs,
 32          nodes,
 33          ...
 34        }:
 35        {
 36          services.nextcloud.config.dbtype = "sqlite";
 37
 38          services.nextcloud.config.objectstore.s3 = {
 39            enable = true;
 40            bucket = "nextcloud";
 41            autocreate = true;
 42            key = accessKey;
 43            secretFile = "${pkgs.writeText "secretKey" secretKey}";
 44            hostname = "acme.test";
 45            useSsl = true;
 46            port = 443;
 47            usePathStyle = true;
 48            region = "us-east-1";
 49          };
 50
 51          security.pki.certificates = [
 52            (builtins.readFile ../common/acme/server/ca.cert.pem)
 53          ];
 54
 55          environment.systemPackages = [ pkgs.minio-client ];
 56
 57          # The dummy certs are for acme.test, so we pretend that's the FQDN
 58          # of the minio VM.
 59          networking.extraHosts = ''
 60            ${nodes.minio.networking.primaryIPAddress} acme.test
 61          '';
 62        };
 63
 64      client =
 65        { nodes, ... }:
 66        {
 67          security.pki.certificates = [
 68            (builtins.readFile ../common/acme/server/ca.cert.pem)
 69          ];
 70          networking.extraHosts = ''
 71            ${nodes.minio.networking.primaryIPAddress} acme.test
 72          '';
 73        };
 74
 75      minio =
 76        { ... }:
 77        {
 78          security.pki.certificates = [
 79            (builtins.readFile ../common/acme/server/ca.cert.pem)
 80          ];
 81
 82          services.nginx = {
 83            enable = true;
 84            recommendedProxySettings = true;
 85
 86            virtualHosts."acme.test" = {
 87              onlySSL = true;
 88              sslCertificate = ../common/acme/server/acme.test.cert.pem;
 89              sslCertificateKey = ../common/acme/server/acme.test.key.pem;
 90              locations."/".proxyPass = "http://127.0.0.1:9000";
 91            };
 92          };
 93
 94          networking.extraHosts = ''
 95            127.0.0.1 acme.test
 96          '';
 97
 98          networking.firewall.allowedTCPPorts = [
 99            9000
100            80
101            443
102          ];
103
104          services.minio = {
105            enable = true;
106            listenAddress = "0.0.0.0:9000";
107            consoleAddress = "0.0.0.0:9001";
108            inherit rootCredentialsFile;
109          };
110        };
111    };
112
113    test-helpers.init = ''
114      minio.start()
115      minio.wait_for_open_port(9000)
116      minio.wait_for_unit("nginx.service")
117      minio.wait_for_open_port(443)
118    '';
119
120    test-helpers.extraTests =
121      { nodes, ... }:
122      ''
123
124        with subtest("File is not on the filesystem"):
125            nextcloud.succeed("test ! -e ${nodes.nextcloud.services.nextcloud.home}/data/root/files/test-shared-file")
126
127        with subtest("Check if file is in S3"):
128            nextcloud.succeed(
129                "mc config host add minio https://acme.test ${accessKey} ${secretKey} --api s3v4"
130            )
131            files = nextcloud.succeed('mc ls minio/nextcloud|sort').strip().split('\n')
132
133            # Cannot assert an exact number here, nc27 writes more stuff initially into S3.
134            # For now let's assume it's always the most recently added file.
135            assert len(files) > 0, f"""
136              Expected to have at least one object in minio/nextcloud. But `mc ls` gave output:
137
138              '{files}'
139            """
140
141            import re
142            ptrn = re.compile("^\[[A-Z0-9 :-]+\] +(?P<details>[A-Za-z0-9 :]+)$")
143            match = ptrn.match(files[-1].strip())
144            assert match, "Cannot match mc client output!"
145            size, type_, file = tuple(match.group('details').split(' '))
146
147            assert size == "3B", f"""
148              Expected size of uploaded file to be 3 bytes, got {size}
149            """
150
151            assert type_ == 'STANDARD', f"""
152              Expected type of bucket entry to be a file, i.e. 'STANDARD'. Got {type_}
153            """
154
155            assert file.startswith('urn:oid'), """
156              Expected filename to start with 'urn:oid', instead got '{file}.
157            """
158
159        with subtest("Test download from S3"):
160            client.succeed(
161                "env AWS_ACCESS_KEY_ID=${accessKey} AWS_SECRET_ACCESS_KEY=${secretKey} "
162                + f"${lib.getExe pkgs.awscli2} s3 cp s3://nextcloud/{file} test --endpoint-url https://acme.test "
163                + "--region us-east-1 --ca-bundle /etc/ssl/certs/ca-bundle.crt"
164            )
165
166            client.succeed("test hi = $(cat test)")
167      '';
168  }
169)