nixos/tests/tracee.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / tracee.nix
at master 3.8 kB view raw
 1import ./make-test-python.nix (
 2  { pkgs, ... }:
 3  rec {
 4    name = "tracee-integration";
 5    meta.maintainers = pkgs.tracee.meta.maintainers;
 6
 7    passthru.hello-world-builder =
 8      pkgs:
 9      pkgs.dockerTools.buildImage {
10        name = "hello-world";
11        tag = "latest";
12        config.Cmd = [ "${pkgs.hello}/bin/hello" ];
13      };
14
15    nodes = {
16      machine =
17        { config, pkgs, ... }:
18        {
19          # EventFilters/trace_only_events_from_new_containers and
20          # Test_EventFilters/trace_only_events_from_"dockerd"_binary_and_contain_it's_pid
21          # require docker/dockerd
22          virtualisation.docker.enable = true;
23          environment = {
24            variables.PATH = "/tmp/testdir";
25            systemPackages = with pkgs; [
26              # 'ls', 'uname' and 'who' are required by many tests in event_filters_test.go
27              coreutils
28              # the go integration tests as a binary
29              tracee.passthru.tests.integration-test-cli
30            ];
31          };
32        };
33    };
34
35    testScript =
36      let
37        skippedTests = [
38          # these comm tests for some reason do not resolve.
39          # something about the test is different as it works fine if I replicate
40          # the policies and run tracee myself but doesn't work in the integration
41          # test either with the automatic run or running the commands by hand
42          # while it's searching.
43          "Test_EventFilters/comm:_event:_data:_trace_event_magic_write_set_in_multiple_policies_using_multiple_filter_types"
44          "Test_EventFilters/comm:_event:_data:_trace_event_security_file_open_and_magic_write_using_multiple_filter_types"
45          "Test_EventFilters/comm:_event:_data:_trace_event_security_file_open_and_magic_write_using_multiple_filter_types_combined"
46          "Test_EventFilters/comm:_event:_data:_trace_event_security_file_open_set_in_multiple_policies_\\(with_and_without_in-kernel_filter\\)"
47          "Test_EventFilters/comm:_event:_data:_trace_event_security_file_open_set_in_multiple_policies_using_multiple_filter_types"
48          "Test_EventFilters/comm:_event:_data:_trace_event_set_in_a_specific_policy_with_data_from_ls_command"
49          "Test_EventFilters/comm:_event:_trace_events_set_in_two_specific_policies_from_ls_and_uname_commands"
50          "Test_EventFilters/pid:_event:_data:_trace_event_sched_switch_with_data_from_pid_0"
51          "Test_EventsDependencies/non_existing_ksymbol_dependency_with_sanity"
52          "Test_EventsDependencies/non_existing_probe_function_with_sanity"
53          "Test_EventsDependencies/sanity_of_exec_test_event"
54          "Test_TraceeCapture/capture_packet_context"
55        ];
56      in
57      ''
58        with subtest("prepare for integration tests"):
59          machine.wait_for_unit("docker.service")
60          machine.succeed('which bash')
61
62          # EventFilters/trace_only_events_from_new_containers also requires a container called "hello-world"
63          machine.succeed('docker load < ${passthru.hello-world-builder pkgs}')
64
65          # exec= needs fully resolved paths
66          machine.succeed(
67            'mkdir /tmp/testdir',
68            'cp $(which who) /tmp/testdir/who',
69            'cp $(which uname) /tmp/testdir/uname',
70          )
71
72        with subtest("run integration tests"):
73          # Test_EventFilters/comm:_event:_data:_trace_event_set_in_a_specific_policy_with_data_from_ls_command expects to be in a dir that includes "integration"
74          # tests must be ran with 1 process
75          print(machine.succeed(
76            'mkdir /tmp/integration',
77            'cd /tmp/integration && integration.test -test.v -test.parallel 1 -test.skip="^${builtins.concatStringsSep "$|^" skippedTests}$"'
78          ))
79      '';
80  }
81)