nixpkgs/nixos/tests/nginx.nix

# verifies:
#   1. nginx generates config file with shared http context definitions above
#      generated virtual hosts config.
#   2. whether the ETag header is properly generated whenever we're serving
#      files in Nix store paths
#   3. nginx doesn't restart on configuration changes (only reloads)
import ./make-test-python.nix ({ pkgs, ... }: {
  name = "nginx";
  meta = with pkgs.stdenv.lib.maintainers; {
    maintainers = [ mbbx6spp danbst ];
  };

  nodes = {
    webserver = { pkgs, lib, ... }: {
      services.nginx.enable = true;
      services.nginx.commonHttpConfig = ''
        log_format ceeformat '@cee: {"status":"$status",'
          '"request_time":$request_time,'
          '"upstream_response_time":$upstream_response_time,'
          '"pipe":"$pipe","bytes_sent":$bytes_sent,'
          '"connection":"$connection",'
          '"remote_addr":"$remote_addr",'
          '"host":"$host",'
          '"timestamp":"$time_iso8601",'
          '"request":"$request",'
          '"http_referer":"$http_referer",'
          '"upstream_addr":"$upstream_addr"}';
      '';
      services.nginx.virtualHosts."0.my.test" = {
        extraConfig = ''
          access_log syslog:server=unix:/dev/log,facility=user,tag=mytag,severity=info ceeformat;
          location /favicon.ico { allow all; access_log off; log_not_found off; }
        '';
      };

      services.nginx.virtualHosts.localhost = {
        root = pkgs.runCommand "testdir" {} ''
          mkdir "$out"
          echo hello world > "$out/index.html"
        '';
      };

      services.nginx.enableReload = true;

      nesting.clone = [
        {
          services.nginx.virtualHosts.localhost = {
            root = lib.mkForce (pkgs.runCommand "testdir2" {} ''
              mkdir "$out"
              echo content changed > "$out/index.html"
            '');
          };
        }

        {
          services.nginx.virtualHosts."1.my.test".listen = [ { addr = "127.0.0.1"; port = 8080; }];
        }

        {
          services.nginx.package = pkgs.nginxUnstable;
        }

        {
          services.nginx.package = pkgs.nginxUnstable;
          services.nginx.virtualHosts."!@$$(#*%".locations."~@#*$*!)".proxyPass = ";;;";
        }
      ];
    };

  };

  testScript = { nodes, ... }: let
    etagSystem = "${nodes.webserver.config.system.build.toplevel}/fine-tune/child-1";
    justReloadSystem = "${nodes.webserver.config.system.build.toplevel}/fine-tune/child-2";
    reloadRestartSystem = "${nodes.webserver.config.system.build.toplevel}/fine-tune/child-3";
    reloadWithErrorsSystem = "${nodes.webserver.config.system.build.toplevel}/fine-tune/child-4";
  in ''
    url = "http://localhost/index.html"


    def check_etag():
        etag = webserver.succeed(
            f'curl -v {url} 2>&1 | sed -n -e "s/^< etag: *//ip"'
        ).rstrip()
        http_code = webserver.succeed(
            f"curl -w '%{{http_code}}' --head --fail -H 'If-None-Match: {etag}' {url}"
        )
        assert http_code.split("\n")[-1] == "304"

        return etag


    webserver.wait_for_unit("nginx")
    webserver.wait_for_open_port(80)

    with subtest("check ETag if serving Nix store paths"):
        old_etag = check_etag()
        webserver.succeed(
            "${etagSystem}/bin/switch-to-configuration test >&2"
        )
        webserver.sleep(1)
        new_etag = check_etag()
        assert old_etag != new_etag

    with subtest("config is reloaded on nixos-rebuild switch"):
        webserver.succeed(
            "${justReloadSystem}/bin/switch-to-configuration test >&2"
        )
        webserver.wait_for_open_port(8080)
        webserver.fail("journalctl -u nginx | grep -q -i stopped")
        webserver.succeed("journalctl -u nginx | grep -q -i reloaded")

    with subtest("restart when nginx package changes"):
        webserver.succeed(
            "${reloadRestartSystem}/bin/switch-to-configuration test >&2"
        )
        webserver.wait_for_unit("nginx")
        webserver.succeed("journalctl -u nginx | grep -q -i stopped")

    with subtest("nixos-rebuild --switch should fail when there are configuration errors"):
        webserver.fail(
            "${reloadWithErrorsSystem}/bin/switch-to-configuration test >&2"
        )
        webserver.succeed("[[ $(systemctl is-failed nginx-config-reload) == failed ]]")
        webserver.succeed("[[ $(systemctl is-failed nginx) == active ]]")
        # just to make sure operation is idempotent. During development I had a situation
        # when first time it shows error, but stops showing it on subsequent rebuilds
        webserver.fail(
            "${reloadWithErrorsSystem}/bin/switch-to-configuration test >&2"
        )
  '';
})
nginx service: add commonHttpConfig option 2017-02-28 09:15:20 -06:00			`# verifies:`
			`# 1. nginx generates config file with shared http context definitions above`
			`# generated virtual hosts config.`
nixos/tests/nginx: Add subtest for Nix ETag patch This is to make sure that we get different ETag values whenever we switch to a different store path but with the same file contents. I've checked this against the old behaviour without the patch and it fails as expected. Signed-off-by: aszlig <aszlig@nix.build> 2019-04-18 09:35:26 +02:00			`# 2. whether the ETag header is properly generated whenever we're serving`
			`# files in Nix store paths`
nginx: expose generated config and allow nginx reloads (#57429) * nginx: expose generated config and allow nginx reloads Fixes: https://github.com/NixOS/nixpkgs/issues/15906 Another try was done, but not yet merged in https://github.com/NixOS/nixpkgs/pull/24476 This add 2 new features: ability to review generated Nginx config (and NixOS has sophisticated generation!) and reloading of nginx on config changes. This preserves nginx restart on package updates. I've modified nginx test to use this new feature and check reload/restart behavior. * rename to enableReload * add sleep(1) in ETag test (race condition) and rewrite rebuild-switch using `nesting.clone` 2019-08-21 16:52:46 +03:00			`# 3. nginx doesn't restart on configuration changes (only reloads)`
nixosTests.nginx*: port to python 2019-11-24 20:42:54 +01:00			`import ./make-test-python.nix ({ pkgs, ... }: {`
nixos/tests/nginx: fix name 2017-08-11 17:37:14 +02:00			`name = "nginx";`
nginx service: add commonHttpConfig option 2017-02-28 09:15:20 -06:00			`meta = with pkgs.stdenv.lib.maintainers; {`
nixos/nginx: don't hide nginx config errors on nixos-rebuild --switch with reload enabled (#76179) nixos/nginx: don't hide nginx config errors on nixos-rebuild --switch with reload enabled Closes https://github.com/NixOS/nixpkgs/issues/73455 2020-01-05 00:39:23 +02:00			`maintainers = [ mbbx6spp danbst ];`
nginx service: add commonHttpConfig option 2017-02-28 09:15:20 -06:00			`};`

nginx: expose generated config and allow nginx reloads (#57429) * nginx: expose generated config and allow nginx reloads Fixes: https://github.com/NixOS/nixpkgs/issues/15906 Another try was done, but not yet merged in https://github.com/NixOS/nixpkgs/pull/24476 This add 2 new features: ability to review generated Nginx config (and NixOS has sophisticated generation!) and reloading of nginx on config changes. This preserves nginx restart on package updates. I've modified nginx test to use this new feature and check reload/restart behavior. * rename to enableReload * add sleep(1) in ETag test (race condition) and rewrite rebuild-switch using `nesting.clone` 2019-08-21 16:52:46 +03:00			`nodes = {`
			`webserver = { pkgs, lib, ... }: {`
nixos/tests/nginx: Add subtest for Nix ETag patch This is to make sure that we get different ETag values whenever we switch to a different store path but with the same file contents. I've checked this against the old behaviour without the patch and it fails as expected. Signed-off-by: aszlig <aszlig@nix.build> 2019-04-18 09:35:26 +02:00			`services.nginx.enable = true;`
			`services.nginx.commonHttpConfig = ''`
nginx service: add commonHttpConfig option 2017-02-28 09:15:20 -06:00			`log_format ceeformat '@cee: {"status":"$status",'`
			`'"request_time":$request_time,'`
			`'"upstream_response_time":$upstream_response_time,'`
			`'"pipe":"$pipe","bytes_sent":$bytes_sent,'`
			`'"connection":"$connection",'`
			`'"remote_addr":"$remote_addr",'`
			`'"host":"$host",'`
			`'"timestamp":"$time_iso8601",'`
			`'"request":"$request",'`
			`'"http_referer":"$http_referer",'`
			`'"upstream_addr":"$upstream_addr"}';`
nixos/tests/nginx: Add subtest for Nix ETag patch This is to make sure that we get different ETag values whenever we switch to a different store path but with the same file contents. I've checked this against the old behaviour without the patch and it fails as expected. Signed-off-by: aszlig <aszlig@nix.build> 2019-04-18 09:35:26 +02:00			`'';`
			`services.nginx.virtualHosts."0.my.test" = {`
			`extraConfig = ''`
			`access_log syslog:server=unix:/dev/log,facility=user,tag=mytag,severity=info ceeformat;`
			`location /favicon.ico { allow all; access_log off; log_not_found off; }`
nginx service: add commonHttpConfig option 2017-02-28 09:15:20 -06:00			`'';`
			`};`
nginx: expose generated config and allow nginx reloads (#57429) * nginx: expose generated config and allow nginx reloads Fixes: https://github.com/NixOS/nixpkgs/issues/15906 Another try was done, but not yet merged in https://github.com/NixOS/nixpkgs/pull/24476 This add 2 new features: ability to review generated Nginx config (and NixOS has sophisticated generation!) and reloading of nginx on config changes. This preserves nginx restart on package updates. I've modified nginx test to use this new feature and check reload/restart behavior. * rename to enableReload * add sleep(1) in ETag test (race condition) and rewrite rebuild-switch using `nesting.clone` 2019-08-21 16:52:46 +03:00
nixos/tests/nginx: Add subtest for Nix ETag patch This is to make sure that we get different ETag values whenever we switch to a different store path but with the same file contents. I've checked this against the old behaviour without the patch and it fails as expected. Signed-off-by: aszlig <aszlig@nix.build> 2019-04-18 09:35:26 +02:00			`services.nginx.virtualHosts.localhost = {`
			`root = pkgs.runCommand "testdir" {} ''`
			`mkdir "$out"`
			`echo hello world > "$out/index.html"`
			`'';`
			`};`

nginx: expose generated config and allow nginx reloads (#57429) * nginx: expose generated config and allow nginx reloads Fixes: https://github.com/NixOS/nixpkgs/issues/15906 Another try was done, but not yet merged in https://github.com/NixOS/nixpkgs/pull/24476 This add 2 new features: ability to review generated Nginx config (and NixOS has sophisticated generation!) and reloading of nginx on config changes. This preserves nginx restart on package updates. I've modified nginx test to use this new feature and check reload/restart behavior. * rename to enableReload * add sleep(1) in ETag test (race condition) and rewrite rebuild-switch using `nesting.clone` 2019-08-21 16:52:46 +03:00			`services.nginx.enableReload = true;`

			`nesting.clone = [`
			`{`
			`services.nginx.virtualHosts.localhost = {`
			`root = lib.mkForce (pkgs.runCommand "testdir2" {} ''`
			`mkdir "$out"`
			`echo content changed > "$out/index.html"`
			`'');`
			`};`
			`}`

			`{`
			`services.nginx.virtualHosts."1.my.test".listen = [ { addr = "127.0.0.1"; port = 8080; }];`
			`}`

			`{`
			`services.nginx.package = pkgs.nginxUnstable;`
			`}`
nixos/nginx: don't hide nginx config errors on nixos-rebuild --switch with reload enabled (#76179) nixos/nginx: don't hide nginx config errors on nixos-rebuild --switch with reload enabled Closes https://github.com/NixOS/nixpkgs/issues/73455 2020-01-05 00:39:23 +02:00
			`{`
			`services.nginx.package = pkgs.nginxUnstable;`
			`services.nginx.virtualHosts."!@$$(#%".locations."~@#$*!)".proxyPass = ";;;";`
			`}`
nginx: expose generated config and allow nginx reloads (#57429) * nginx: expose generated config and allow nginx reloads Fixes: https://github.com/NixOS/nixpkgs/issues/15906 Another try was done, but not yet merged in https://github.com/NixOS/nixpkgs/pull/24476 This add 2 new features: ability to review generated Nginx config (and NixOS has sophisticated generation!) and reloading of nginx on config changes. This preserves nginx restart on package updates. I've modified nginx test to use this new feature and check reload/restart behavior. * rename to enableReload * add sleep(1) in ETag test (race condition) and rewrite rebuild-switch using `nesting.clone` 2019-08-21 16:52:46 +03:00			`];`
nixos/tests/nginx: Add subtest for Nix ETag patch This is to make sure that we get different ETag values whenever we switch to a different store path but with the same file contents. I've checked this against the old behaviour without the patch and it fails as expected. Signed-off-by: aszlig <aszlig@nix.build> 2019-04-18 09:35:26 +02:00			`};`
nginx: expose generated config and allow nginx reloads (#57429) * nginx: expose generated config and allow nginx reloads Fixes: https://github.com/NixOS/nixpkgs/issues/15906 Another try was done, but not yet merged in https://github.com/NixOS/nixpkgs/pull/24476 This add 2 new features: ability to review generated Nginx config (and NixOS has sophisticated generation!) and reloading of nginx on config changes. This preserves nginx restart on package updates. I've modified nginx test to use this new feature and check reload/restart behavior. * rename to enableReload * add sleep(1) in ETag test (race condition) and rewrite rebuild-switch using `nesting.clone` 2019-08-21 16:52:46 +03:00
nginx service: add commonHttpConfig option 2017-02-28 09:15:20 -06:00			`};`

nixos/tests/nginx: Add subtest for Nix ETag patch This is to make sure that we get different ETag values whenever we switch to a different store path but with the same file contents. I've checked this against the old behaviour without the patch and it fails as expected. Signed-off-by: aszlig <aszlig@nix.build> 2019-04-18 09:35:26 +02:00			`testScript = { nodes, ... }: let`
nginx: expose generated config and allow nginx reloads (#57429) * nginx: expose generated config and allow nginx reloads Fixes: https://github.com/NixOS/nixpkgs/issues/15906 Another try was done, but not yet merged in https://github.com/NixOS/nixpkgs/pull/24476 This add 2 new features: ability to review generated Nginx config (and NixOS has sophisticated generation!) and reloading of nginx on config changes. This preserves nginx restart on package updates. I've modified nginx test to use this new feature and check reload/restart behavior. * rename to enableReload * add sleep(1) in ETag test (race condition) and rewrite rebuild-switch using `nesting.clone` 2019-08-21 16:52:46 +03:00			`etagSystem = "${nodes.webserver.config.system.build.toplevel}/fine-tune/child-1";`
			`justReloadSystem = "${nodes.webserver.config.system.build.toplevel}/fine-tune/child-2";`
			`reloadRestartSystem = "${nodes.webserver.config.system.build.toplevel}/fine-tune/child-3";`
nixos/nginx: don't hide nginx config errors on nixos-rebuild --switch with reload enabled (#76179) nixos/nginx: don't hide nginx config errors on nixos-rebuild --switch with reload enabled Closes https://github.com/NixOS/nixpkgs/issues/73455 2020-01-05 00:39:23 +02:00			`reloadWithErrorsSystem = "${nodes.webserver.config.system.build.toplevel}/fine-tune/child-4";`
nixos/tests/nginx: Add subtest for Nix ETag patch This is to make sure that we get different ETag values whenever we switch to a different store path but with the same file contents. I've checked this against the old behaviour without the patch and it fails as expected. Signed-off-by: aszlig <aszlig@nix.build> 2019-04-18 09:35:26 +02:00			`in ''`
nixosTests.nginx*: port to python 2019-11-24 20:42:54 +01:00			`url = "http://localhost/index.html"`
nginx: expose generated config and allow nginx reloads (#57429) * nginx: expose generated config and allow nginx reloads Fixes: https://github.com/NixOS/nixpkgs/issues/15906 Another try was done, but not yet merged in https://github.com/NixOS/nixpkgs/pull/24476 This add 2 new features: ability to review generated Nginx config (and NixOS has sophisticated generation!) and reloading of nginx on config changes. This preserves nginx restart on package updates. I've modified nginx test to use this new feature and check reload/restart behavior. * rename to enableReload * add sleep(1) in ETag test (race condition) and rewrite rebuild-switch using `nesting.clone` 2019-08-21 16:52:46 +03:00

nixosTests.nginx*: review fixes Co-Authored-By: Florian Klink <flokli@flokli.de> 2019-11-25 00:29:44 +01:00			`def check_etag():`
nixos/nginx: fix test When using format-strings, curly brackets need to be escaped using `{{` to avoid errors from python. And apparently, Perl's `==` is used to compare substrings[1] which is why the translation to `assert http_code == "304"` failed as the string contains several headers from curl. [1] Just check `perl <(echo 'die "alarm" if "foo\n304" == 304')` 2019-12-26 18:03:39 +01:00			`etag = webserver.succeed(`
			`f'curl -v {url} 2>&1 \| sed -n -e "s/^< etag: *//ip"'`
			`).rstrip()`
nixosTests.nginx*: review fixes Co-Authored-By: Florian Klink <flokli@flokli.de> 2019-11-25 00:29:44 +01:00			`http_code = webserver.succeed(`
nixos/nginx: fix test When using format-strings, curly brackets need to be escaped using `{{` to avoid errors from python. And apparently, Perl's `==` is used to compare substrings[1] which is why the translation to `assert http_code == "304"` failed as the string contains several headers from curl. [1] Just check `perl <(echo 'die "alarm" if "foo\n304" == 304')` 2019-12-26 18:03:39 +01:00			`f"curl -w '%{{http_code}}' --head --fail -H 'If-None-Match: {etag}' {url}"`
nixosTests.nginx*: port to python 2019-11-24 20:42:54 +01:00			`)`
nixos/nginx: fix test When using format-strings, curly brackets need to be escaped using `{{` to avoid errors from python. And apparently, Perl's `==` is used to compare substrings[1] which is why the translation to `assert http_code == "304"` failed as the string contains several headers from curl. [1] Just check `perl <(echo 'die "alarm" if "foo\n304" == 304')` 2019-12-26 18:03:39 +01:00			`assert http_code.split("\n")[-1] == "304"`
nixosTests.nginx*: port to python 2019-11-24 20:42:54 +01:00
			`return etag`


			`webserver.wait_for_unit("nginx")`
nixosTests.nginx*: review fixes Co-Authored-By: Florian Klink <flokli@flokli.de> 2019-11-25 00:29:44 +01:00			`webserver.wait_for_open_port(80)`
nixosTests.nginx*: port to python 2019-11-24 20:42:54 +01:00
			`with subtest("check ETag if serving Nix store paths"):`
nixosTests.nginx*: review fixes Co-Authored-By: Florian Klink <flokli@flokli.de> 2019-11-25 00:29:44 +01:00			`old_etag = check_etag()`
nixosTests.nginx*: port to python 2019-11-24 20:42:54 +01:00			`webserver.succeed(`
			`"${etagSystem}/bin/switch-to-configuration test >&2"`
			`)`
nixos/nginx: fix test When using format-strings, curly brackets need to be escaped using `{{` to avoid errors from python. And apparently, Perl's `==` is used to compare substrings[1] which is why the translation to `assert http_code == "304"` failed as the string contains several headers from curl. [1] Just check `perl <(echo 'die "alarm" if "foo\n304" == 304')` 2019-12-26 18:03:39 +01:00			`webserver.sleep(1)`
nixosTests.nginx*: review fixes Co-Authored-By: Florian Klink <flokli@flokli.de> 2019-11-25 00:29:44 +01:00			`new_etag = check_etag()`
			`assert old_etag != new_etag`
nixosTests.nginx*: port to python 2019-11-24 20:42:54 +01:00
			`with subtest("config is reloaded on nixos-rebuild switch"):`
			`webserver.succeed(`
			`"${justReloadSystem}/bin/switch-to-configuration test >&2"`
			`)`
nixosTests.nginx*: review fixes Co-Authored-By: Florian Klink <flokli@flokli.de> 2019-11-25 00:29:44 +01:00			`webserver.wait_for_open_port(8080)`
nixosTests.nginx*: port to python 2019-11-24 20:42:54 +01:00			`webserver.fail("journalctl -u nginx \| grep -q -i stopped")`
			`webserver.succeed("journalctl -u nginx \| grep -q -i reloaded")`

			`with subtest("restart when nginx package changes"):`
			`webserver.succeed(`
			`"${reloadRestartSystem}/bin/switch-to-configuration test >&2"`
			`)`
			`webserver.wait_for_unit("nginx")`
			`webserver.succeed("journalctl -u nginx \| grep -q -i stopped")`
nixos/nginx: don't hide nginx config errors on nixos-rebuild --switch with reload enabled (#76179) nixos/nginx: don't hide nginx config errors on nixos-rebuild --switch with reload enabled Closes https://github.com/NixOS/nixpkgs/issues/73455 2020-01-05 00:39:23 +02:00
			`with subtest("nixos-rebuild --switch should fail when there are configuration errors"):`
			`webserver.fail(`
			`"${reloadWithErrorsSystem}/bin/switch-to-configuration test >&2"`
			`)`
			`webserver.succeed("[[ $(systemctl is-failed nginx-config-reload) == failed ]]")`
			`webserver.succeed("[[ $(systemctl is-failed nginx) == active ]]")`
			`# just to make sure operation is idempotent. During development I had a situation`
			`# when first time it shows error, but stops showing it on subsequent rebuilds`
			`webserver.fail(`
			`"${reloadWithErrorsSystem}/bin/switch-to-configuration test >&2"`
			`)`
nginx service: add commonHttpConfig option 2017-02-28 09:15:20 -06:00			`'';`
			`})`