From 1c2781d39c9b1dbac1e574795b83436891617b7e Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Sun, 24 Nov 2019 20:42:54 +0100 Subject: [PATCH 1/4] nixosTests.nginx*: port to python --- nixos/tests/nginx-sso.nix | 16 +++++---- nixos/tests/nginx.nix | 71 ++++++++++++++++++++------------------- 2 files changed, 46 insertions(+), 41 deletions(-) diff --git a/nixos/tests/nginx-sso.nix b/nixos/tests/nginx-sso.nix index e19992cb6bf..067f196b16b 100644 --- a/nixos/tests/nginx-sso.nix +++ b/nixos/tests/nginx-sso.nix @@ -1,4 +1,4 @@ -import ./make-test.nix ({ pkgs, ... }: { +import ./make-test-python.nix ({ pkgs, ... }: { name = "nginx-sso"; meta = { maintainers = with pkgs.stdenv.lib.maintainers; [ delroth ]; @@ -27,18 +27,20 @@ import ./make-test.nix ({ pkgs, ... }: { }; testScript = '' - startAll; + start_all() - $machine->waitForUnit("nginx-sso.service"); - $machine->waitForOpenPort(8080); + machine.wait_for_unit("nginx-sso.service") + machine.wait_for_open_port(8080) # No valid user -> 401. - $machine->fail("curl -sSf http://localhost:8080/auth"); + machine.fail("curl -sSf http://localhost:8080/auth") # Valid user but no matching ACL -> 403. - $machine->fail("curl -sSf -H 'Authorization: Token MyToken' http://localhost:8080/auth"); + machine.fail("curl -sSf -H 'Authorization: Token MyToken' http://localhost:8080/auth") # Valid user and matching ACL -> 200. - $machine->succeed("curl -sSf -H 'Authorization: Token MyToken' -H 'X-Application: MyApp' http://localhost:8080/auth"); + machine.succeed( + "curl -sSf -H 'Authorization: Token MyToken' -H 'X-Application: MyApp' http://localhost:8080/auth" + ) ''; }) diff --git a/nixos/tests/nginx.nix b/nixos/tests/nginx.nix index d0b7306ae83..8402015f8cc 100644 --- a/nixos/tests/nginx.nix +++ b/nixos/tests/nginx.nix @@ -4,7 +4,7 @@ # 2. whether the ETag header is properly generated whenever we're serving # files in Nix store paths # 3. nginx doesn't restart on configuration changes (only reloads) -import ./make-test.nix ({ pkgs, ... }: { +import ./make-test-python.nix ({ pkgs, ... }: { name = "nginx"; meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ mbbx6spp ]; @@ -69,43 +69,46 @@ import ./make-test.nix ({ pkgs, ... }: { justReloadSystem = "${nodes.webserver.config.system.build.toplevel}/fine-tune/child-2"; reloadRestartSystem = "${nodes.webserver.config.system.build.toplevel}/fine-tune/child-3"; in '' - my $url = 'http://localhost/index.html'; + url = "http://localhost/index.html" - sub checkEtag { - my $etag = $webserver->succeed( - 'curl -v '.$url.' 2>&1 | sed -n -e "s/^< [Ee][Tt][Aa][Gg]: *//p"' - ); - $etag =~ s/\r?\n$//; - my $httpCode = $webserver->succeed( - 'curl -w "%{http_code}" -X HEAD -H \'If-None-Match: '.$etag.'\' '.$url - ); - chomp $httpCode; - die "HTTP code is not 304" unless $httpCode == 304; - return $etag; - } - $webserver->waitForUnit("nginx"); - $webserver->waitForOpenPort("80"); + def checkEtag(): + etag = webserver.succeed( + f'curl -v {url} 2>&1 | sed -n -e "s/^< [Ee][Tt][Aa][Gg]: *//p"' + ) + httpCode = webserver.succeed( + f"curl -w '%{http_code}' -X HEAD -H 'If-None-Match: {etag}' {url}" + ) + assert httpCode == "304" - subtest "check ETag if serving Nix store paths", sub { - my $oldEtag = checkEtag; - $webserver->succeed("${etagSystem}/bin/switch-to-configuration test >&2"); - $webserver->sleep(1); # race condition - my $newEtag = checkEtag; - die "Old ETag $oldEtag is the same as $newEtag" if $oldEtag eq $newEtag; - }; + return etag - subtest "config is reloaded on nixos-rebuild switch", sub { - $webserver->succeed("${justReloadSystem}/bin/switch-to-configuration test >&2"); - $webserver->waitForOpenPort("8080"); - $webserver->fail("journalctl -u nginx | grep -q -i stopped"); - $webserver->succeed("journalctl -u nginx | grep -q -i reloaded"); - }; - subtest "restart when nginx package changes", sub { - $webserver->succeed("${reloadRestartSystem}/bin/switch-to-configuration test >&2"); - $webserver->waitForUnit("nginx"); - $webserver->succeed("journalctl -u nginx | grep -q -i stopped"); - }; + webserver.wait_for_unit("nginx") + webserver.wait_for_open_port("80") + + with subtest("check ETag if serving Nix store paths"): + oldEtag = checkEtag + webserver.succeed( + "${etagSystem}/bin/switch-to-configuration test >&2" + ) + webserver.sleep(1) # race condition + newEtag = checkEtag + assert oldEtag != newEtag + + with subtest("config is reloaded on nixos-rebuild switch"): + webserver.succeed( + "${justReloadSystem}/bin/switch-to-configuration test >&2" + ) + webserver.wait_for_open_port("8080") + webserver.fail("journalctl -u nginx | grep -q -i stopped") + webserver.succeed("journalctl -u nginx | grep -q -i reloaded") + + with subtest("restart when nginx package changes"): + webserver.succeed( + "${reloadRestartSystem}/bin/switch-to-configuration test >&2" + ) + webserver.wait_for_unit("nginx") + webserver.succeed("journalctl -u nginx | grep -q -i stopped") ''; }) From abbce768dc2aceb21d234a018115bbf96a924b31 Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Mon, 25 Nov 2019 00:29:44 +0100 Subject: [PATCH 2/4] nixosTests.nginx*: review fixes Co-Authored-By: Florian Klink --- nixos/tests/nginx.nix | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/nixos/tests/nginx.nix b/nixos/tests/nginx.nix index 8402015f8cc..24e85d77c88 100644 --- a/nixos/tests/nginx.nix +++ b/nixos/tests/nginx.nix @@ -72,35 +72,32 @@ import ./make-test-python.nix ({ pkgs, ... }: { url = "http://localhost/index.html" - def checkEtag(): - etag = webserver.succeed( - f'curl -v {url} 2>&1 | sed -n -e "s/^< [Ee][Tt][Aa][Gg]: *//p"' - ) - httpCode = webserver.succeed( + def check_etag(): + etag = webserver.succeed(f'curl -v {url} 2>&1 | sed -n -e "s/^< etag: *//ip"') + http_code = webserver.succeed( f"curl -w '%{http_code}' -X HEAD -H 'If-None-Match: {etag}' {url}" ) - assert httpCode == "304" + assert http_code == "304" return etag webserver.wait_for_unit("nginx") - webserver.wait_for_open_port("80") + webserver.wait_for_open_port(80) with subtest("check ETag if serving Nix store paths"): - oldEtag = checkEtag + old_etag = check_etag() webserver.succeed( "${etagSystem}/bin/switch-to-configuration test >&2" ) - webserver.sleep(1) # race condition - newEtag = checkEtag - assert oldEtag != newEtag + new_etag = check_etag() + assert old_etag != new_etag with subtest("config is reloaded on nixos-rebuild switch"): webserver.succeed( "${justReloadSystem}/bin/switch-to-configuration test >&2" ) - webserver.wait_for_open_port("8080") + webserver.wait_for_open_port(8080) webserver.fail("journalctl -u nginx | grep -q -i stopped") webserver.succeed("journalctl -u nginx | grep -q -i reloaded") From 495b0b581c53cc36e788a1345963f5b1427deabd Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Thu, 26 Dec 2019 17:50:35 +0100 Subject: [PATCH 3/4] nixos/tests/nginx-sso: add subtests for each assertion --- nixos/tests/nginx-sso.nix | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/nixos/tests/nginx-sso.nix b/nixos/tests/nginx-sso.nix index 067f196b16b..8834fc31c38 100644 --- a/nixos/tests/nginx-sso.nix +++ b/nixos/tests/nginx-sso.nix @@ -32,15 +32,17 @@ import ./make-test-python.nix ({ pkgs, ... }: { machine.wait_for_unit("nginx-sso.service") machine.wait_for_open_port(8080) - # No valid user -> 401. - machine.fail("curl -sSf http://localhost:8080/auth") + with subtest("No valid user -> 401"): + machine.fail("curl -sSf http://localhost:8080/auth") - # Valid user but no matching ACL -> 403. - machine.fail("curl -sSf -H 'Authorization: Token MyToken' http://localhost:8080/auth") + with subtest("Valid user but no matching ACL -> 403"): + machine.fail( + "curl -sSf -H 'Authorization: Token MyToken' http://localhost:8080/auth" + ) - # Valid user and matching ACL -> 200. - machine.succeed( - "curl -sSf -H 'Authorization: Token MyToken' -H 'X-Application: MyApp' http://localhost:8080/auth" - ) + with subtest("Valid user and matching ACL -> 200"): + machine.succeed( + "curl -sSf -H 'Authorization: Token MyToken' -H 'X-Application: MyApp' http://localhost:8080/auth" + ) ''; }) From c5c7ccf022559bd3c40506786a1ffba1b28a08d0 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Thu, 26 Dec 2019 18:03:39 +0100 Subject: [PATCH 4/4] nixos/nginx: fix test When using format-strings, curly brackets need to be escaped using `{{` to avoid errors from python. And apparently, Perl's `==` is used to compare substrings[1] which is why the translation to `assert http_code == "304"` failed as the string contains several headers from curl. [1] Just check `perl <(echo 'die "alarm" if "foo\n304" == 304')` --- nixos/tests/nginx.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/nixos/tests/nginx.nix b/nixos/tests/nginx.nix index 24e85d77c88..55d2c930908 100644 --- a/nixos/tests/nginx.nix +++ b/nixos/tests/nginx.nix @@ -73,11 +73,13 @@ import ./make-test-python.nix ({ pkgs, ... }: { def check_etag(): - etag = webserver.succeed(f'curl -v {url} 2>&1 | sed -n -e "s/^< etag: *//ip"') + etag = webserver.succeed( + f'curl -v {url} 2>&1 | sed -n -e "s/^< etag: *//ip"' + ).rstrip() http_code = webserver.succeed( - f"curl -w '%{http_code}' -X HEAD -H 'If-None-Match: {etag}' {url}" + f"curl -w '%{{http_code}}' --head --fail -H 'If-None-Match: {etag}' {url}" ) - assert http_code == "304" + assert http_code.split("\n")[-1] == "304" return etag @@ -90,6 +92,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { webserver.succeed( "${etagSystem}/bin/switch-to-configuration test >&2" ) + webserver.sleep(1) new_etag = check_etag() assert old_etag != new_etag