vuls: init at 0.27.0
[NixPkgs.git] / nixos / tests / angie-api.nix
blob4c8d6b54247b18a8dc4736c83b20928d4c545082
1 import ./make-test-python.nix ({lib, pkgs, ...}:
2 let
3   hosts = ''
4     192.168.2.101 example.com
5     192.168.2.101 api.example.com
6     192.168.2.101 backend.example.com
7   '';
9 in
11   name = "angie-api";
12   meta.maintainers = with pkgs.lib.maintainers; [ izorkin ];
14   nodes = {
15     server = { pkgs, ... }: {
16       networking = {
17         interfaces.eth1 = {
18           ipv4.addresses = [
19             { address = "192.168.2.101"; prefixLength = 24; }
20           ];
21         };
22         extraHosts = hosts;
23         firewall.allowedTCPPorts = [ 80 ];
24       };
26       services.nginx = {
27         enable = true;
28         package = pkgs.angie;
30         upstreams = {
31           "backend-http" = {
32             servers = { "backend.example.com:8080" = { fail_timeout = "0"; }; };
33             extraConfig = ''
34               zone upstream 256k;
35             '';
36           };
37           "backend-socket" = {
38             servers = { "unix:/run/example.sock" = { fail_timeout = "0"; }; };
39             extraConfig = ''
40               zone upstream 256k;
41             '';
42           };
43         };
45         virtualHosts."api.example.com" = {
46           locations."/console/" = {
47             extraConfig = ''
48               api /status/;
50               allow 192.168.2.201;
51               deny all;
52             '';
53           };
54         };
56         virtualHosts."example.com" = {
57           locations."/test/" = {
58             root = lib.mkForce (pkgs.runCommandLocal "testdir" {} ''
59               mkdir -p "$out/test"
60               cat > "$out/test/index.html" <<EOF
61               <html><body>Hello World!</body></html>
62               EOF
63             '');
64             extraConfig = ''
65               status_zone test_zone;
67               allow 192.168.2.201;
68               deny all;
69             '';
70           };
71           locations."/test/locked/" = {
72             extraConfig = ''
73               status_zone test_zone;
75               deny all;
76             '';
77           };
78           locations."/test/error/" = {
79             extraConfig = ''
80               status_zone test_zone;
82               allow all;
83             '';
84           };
85           locations."/upstream-http/" = {
86             proxyPass = "http://backend-http";
87           };
88           locations."/upstream-socket/" = {
89             proxyPass = "http://backend-socket";
90           };
91         };
92       };
93     };
95     client = { pkgs, ... }: {
96       environment.systemPackages = [ pkgs.jq ];
97       networking = {
98         interfaces.eth1 = {
99           ipv4.addresses = [
100             { address = "192.168.2.201"; prefixLength = 24; }
101           ];
102         };
103         extraHosts = hosts;
104       };
105     };
106   };
108   testScript = ''
109     start_all()
111     server.wait_for_unit("nginx")
112     server.wait_for_open_port(80)
114     # Check Angie version
115     client.succeed("curl --verbose http://api.example.com/console/ | jq -e '.angie.version' | grep '${pkgs.angie.version}'")
117     # Check access
118     client.succeed("curl --verbose --head http://api.example.com/console/ | grep 'HTTP/1.1 200'")
119     server.succeed("curl --verbose --head http://api.example.com/console/ | grep 'HTTP/1.1 403 Forbidden'")
121     # Check responses and requests
122     client.succeed("curl --verbose http://example.com/test/")
123     client.succeed("curl --verbose http://example.com/test/locked/")
124     client.succeed("curl --verbose http://example.com/test/locked/")
125     client.succeed("curl --verbose http://example.com/test/error/")
126     client.succeed("curl --verbose http://example.com/test/error/")
127     client.succeed("curl --verbose http://example.com/test/error/")
128     server.succeed("curl --verbose http://example.com/test/")
129     client.succeed("curl --verbose http://api.example.com/console/ | jq -e '.http.location_zones.test_zone.responses.\"200\"' | grep '1'")
130     client.succeed("curl --verbose http://api.example.com/console/ | jq -e '.http.location_zones.test_zone.responses.\"403\"' | grep '3'")
131     client.succeed("curl --verbose http://api.example.com/console/ | jq -e '.http.location_zones.test_zone.responses.\"404\"' | grep '3'")
132     client.succeed("curl --verbose http://api.example.com/console/ | jq -e '.http.location_zones.test_zone.requests.total' | grep '7'")
134     # Check upstreams
135     client.succeed("curl --verbose http://api.example.com/console/ | jq -e '.http.upstreams.\"backend-http\".peers.\"192.168.2.101:8080\".state' | grep 'up'")
136     client.succeed("curl --verbose http://api.example.com/console/ | jq -e '.http.upstreams.\"backend-http\".peers.\"192.168.2.101:8080\".health.fails' | grep '0'")
137     client.succeed("curl --verbose http://api.example.com/console/ | jq -e '.http.upstreams.\"backend-socket\".peers.\"unix:/run/example.sock\".state' | grep 'up'")
138     client.succeed("curl --verbose http://api.example.com/console/ | jq -e '.http.upstreams.\"backend-socket\".peers.\"unix:/run/example.sock\".health.fails' | grep '0'")
139     client.succeed("curl --verbose http://example.com/upstream-http/")
140     client.succeed("curl --verbose http://example.com/upstream-socket/")
141     client.succeed("curl --verbose http://example.com/upstream-socket/")
142     client.succeed("curl --verbose http://api.example.com/console/ | jq -e '.http.upstreams.\"backend-http\".peers.\"192.168.2.101:8080\".health.fails' | grep '1'")
143     client.succeed("curl --verbose http://api.example.com/console/ | jq -e '.http.upstreams.\"backend-socket\".peers.\"unix:/run/example.sock\".health.fails' | grep '2'")
145     server.shutdown()
146     client.shutdown()
147   '';