nixos/tests/openresty-lua.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / openresty-lua.nix
at 25.11-pre 3.5 kB view raw
  1import ./make-test-python.nix (
  2  { pkgs, lib, ... }:
  3  let
  4    luaLibs = [
  5      pkgs.lua.pkgs.markdown
  6    ];
  7
  8    getLuaPath = lib: "${lib}/share/lua/${pkgs.lua.luaversion}/?.lua";
  9    luaPath = lib.concatStringsSep ";" (map getLuaPath luaLibs);
 10  in
 11  {
 12    name = "openresty-lua";
 13    meta = with pkgs.lib.maintainers; {
 14      maintainers = [ bbigras ];
 15    };
 16
 17    nodes = {
 18      webserver =
 19        { pkgs, lib, ... }:
 20        {
 21          networking = {
 22            extraHosts = ''
 23              127.0.0.1 default.test
 24              127.0.0.1 sandbox.test
 25            '';
 26          };
 27          services.nginx = {
 28            enable = true;
 29            package = pkgs.openresty;
 30
 31            commonHttpConfig = ''
 32              lua_package_path '${luaPath};;';
 33            '';
 34
 35            virtualHosts."default.test" = {
 36              default = true;
 37              locations."/" = {
 38                extraConfig = ''
 39                  default_type text/html;
 40                  access_by_lua '
 41                    local markdown = require "markdown"
 42                    markdown("source")
 43                  ';
 44                '';
 45              };
 46            };
 47
 48            virtualHosts."sandbox.test" = {
 49              locations."/test1-write" = {
 50                extraConfig = ''
 51                  content_by_lua_block {
 52                    local create = os.execute('${pkgs.coreutils}/bin/mkdir /tmp/test1-read')
 53                    local create = os.execute('${pkgs.coreutils}/bin/touch /tmp/test1-read/foo.txt')
 54                    local echo = os.execute('${pkgs.coreutils}/bin/echo worked > /tmp/test1-read/foo.txt')
 55                  }
 56                '';
 57              };
 58              locations."/test1-read" = {
 59                root = "/tmp";
 60              };
 61              locations."/test2-write" = {
 62                extraConfig = ''
 63                  content_by_lua_block {
 64                    local create = os.execute('${pkgs.coreutils}/bin/mkdir /var/web/test2-read')
 65                    local create = os.execute('${pkgs.coreutils}/bin/touch /var/web/test2-read/bar.txt')
 66                    local echo = os.execute('${pkgs.coreutils}/bin/echo error-worked > /var/web/test2-read/bar.txt')
 67                  }
 68                '';
 69              };
 70              locations."/test2-read" = {
 71                root = "/var/web";
 72              };
 73            };
 74          };
 75        };
 76    };
 77
 78    testScript =
 79      { nodes, ... }:
 80      ''
 81        url = "http://localhost"
 82
 83        webserver.wait_for_unit("nginx")
 84        webserver.wait_for_open_port(80)
 85
 86        http_code = webserver.succeed(
 87          f"curl -w '%{{http_code}}' --head --fail {url}"
 88        )
 89        assert http_code.split("\n")[-1] == "200"
 90
 91        # This test checks the creation and reading of a file in sandbox mode.
 92        # Checking write in temporary folder
 93        webserver.succeed("$(curl -vvv http://sandbox.test/test1-write)")
 94        webserver.succeed('test "$(curl -fvvv http://sandbox.test/test1-read/foo.txt)" = worked')
 95        # Checking write in protected folder. In sandbox mode for the nginx service, the folder /var/web is mounted
 96        # in read-only mode.
 97        webserver.succeed("mkdir -p /var/web")
 98        webserver.succeed("chown nginx:nginx /var/web")
 99        webserver.succeed("$(curl -vvv http://sandbox.test/test2-write)")
100        assert "404 Not Found" in machine.succeed(
101            "curl -vvv -s http://sandbox.test/test2-read/bar.txt"
102        )
103      '';
104  }
105)