vuls: init at 0.27.0
[NixPkgs.git] / nixos / tests / influxdb2.nix
blob1631ac1d94081004c9ad41bcdb98b3045d973ba3
1 import ./make-test-python.nix ({ pkgs, ...} : {
2   name = "influxdb2";
3   meta = with pkgs.lib.maintainers; {
4     maintainers = [ offline ];
5   };
7   nodes.machine = { lib, ... }: {
8     environment.systemPackages = [ pkgs.influxdb2-cli ];
9     # Make sure that the service is restarted immediately if tokens need to be rewritten
10     # without relying on any Restart=on-failure behavior
11     systemd.services.influxdb2.serviceConfig.RestartSec = 6000;
12     services.influxdb2.enable = true;
13     services.influxdb2.provision = {
14       enable = true;
15       initialSetup = {
16         organization = "default";
17         bucket = "default";
18         passwordFile = pkgs.writeText "admin-pw" "ExAmPl3PA55W0rD";
19         tokenFile = pkgs.writeText "admin-token" "verysecureadmintoken";
20       };
21       organizations.someorg = {
22         buckets.somebucket = {};
23         auths.sometoken = {
24           description = "some auth token";
25           readBuckets = ["somebucket"];
26           writeBuckets = ["somebucket"];
27         };
28       };
29       users.someuser.passwordFile = pkgs.writeText "tmp-pw" "abcgoiuhaoga";
30     };
32     specialisation.withModifications.configuration = { ... }: {
33       services.influxdb2.provision = {
34         organizations.someorg.buckets.somebucket.present = false;
35         organizations.someorg.auths.sometoken.present = false;
36         users.someuser.present = false;
38         organizations.myorg = {
39           description = "Myorg description";
40           buckets.mybucket = {
41             description = "Mybucket description";
42           };
43           auths.mytoken = {
44             operator = true;
45             description = "operator token";
46             tokenFile = pkgs.writeText "tmp-tok" "someusertoken";
47           };
48         };
49         users.myuser.passwordFile = pkgs.writeText "tmp-pw" "abcgoiuhaoga";
50       };
51     };
53     specialisation.withParentDelete.configuration = { ... }: {
54       services.influxdb2.provision = {
55         organizations.someorg.present = false;
56         # Deleting the parent implies:
57         #organizations.someorg.buckets.somebucket.present = false;
58         #organizations.someorg.auths.sometoken.present = false;
59       };
60     };
62     specialisation.withNewTokens.configuration = { ... }: {
63       services.influxdb2.provision = {
64         organizations.default = {
65           auths.operator = {
66             operator = true;
67             description = "new optoken";
68             tokenFile = pkgs.writeText "tmp-tok" "newoptoken";
69           };
70           auths.allaccess = {
71             operator = true;
72             description = "new allaccess";
73             tokenFile = pkgs.writeText "tmp-tok" "newallaccess";
74           };
75           auths.specifics = {
76             description = "new specifics";
77             readPermissions = ["users" "tasks"];
78             writePermissions = ["tasks"];
79             tokenFile = pkgs.writeText "tmp-tok" "newspecificstoken";
80           };
81         };
82       };
83     };
84   };
86   testScript = { nodes, ... }:
87     let
88       specialisations = "${nodes.machine.system.build.toplevel}/specialisation";
89       tokenArg = "--token verysecureadmintoken";
90     in ''
91       def assert_contains(haystack, needle):
92           if needle not in haystack:
93               print("The haystack that will cause the following exception is:")
94               print("---")
95               print(haystack)
96               print("---")
97               raise Exception(f"Expected string '{needle}' was not found")
99       def assert_lacks(haystack, needle):
100           if needle in haystack:
101               print("The haystack that will cause the following exception is:")
102               print("---")
103               print(haystack, end="")
104               print("---")
105               raise Exception(f"Unexpected string '{needle}' was found")
107       machine.wait_for_unit("influxdb2.service")
109       machine.fail("curl --fail -X POST 'http://localhost:8086/api/v2/signin' -u admin:wrongpassword")
110       machine.succeed("curl --fail -X POST 'http://localhost:8086/api/v2/signin' -u admin:ExAmPl3PA55W0rD")
112       out = machine.succeed("influx org list ${tokenArg}")
113       assert_contains(out, "default")
114       assert_lacks(out, "myorg")
115       assert_contains(out, "someorg")
117       out = machine.succeed("influx bucket list ${tokenArg} --org default")
118       assert_contains(out, "default")
120       machine.fail("influx bucket list ${tokenArg} --org myorg")
122       out = machine.succeed("influx bucket list ${tokenArg} --org someorg")
123       assert_contains(out, "somebucket")
125       out = machine.succeed("influx user list ${tokenArg}")
126       assert_contains(out, "admin")
127       assert_lacks(out, "myuser")
128       assert_contains(out, "someuser")
130       out = machine.succeed("influx auth list ${tokenArg}")
131       assert_lacks(out, "operator token")
132       assert_contains(out, "some auth token")
134       with subtest("withModifications"):
135         machine.succeed('${specialisations}/withModifications/bin/switch-to-configuration test')
136         machine.wait_for_unit("influxdb2.service")
138         out = machine.succeed("influx org list ${tokenArg}")
139         assert_contains(out, "default")
140         assert_contains(out, "myorg")
141         assert_contains(out, "someorg")
143         out = machine.succeed("influx bucket list ${tokenArg} --org myorg")
144         assert_contains(out, "mybucket")
146         out = machine.succeed("influx bucket list ${tokenArg} --org someorg")
147         assert_lacks(out, "somebucket")
149         out = machine.succeed("influx user list ${tokenArg}")
150         assert_contains(out, "admin")
151         assert_contains(out, "myuser")
152         assert_lacks(out, "someuser")
154         out = machine.succeed("influx auth list ${tokenArg}")
155         assert_contains(out, "operator token")
156         assert_lacks(out, "some auth token")
158         # Make sure the user token is also usable
159         machine.succeed("influx auth list --token someusertoken")
161       with subtest("keepsUnrelated"):
162         machine.succeed('${nodes.machine.system.build.toplevel}/bin/switch-to-configuration test')
163         machine.wait_for_unit("influxdb2.service")
165         out = machine.succeed("influx org list ${tokenArg}")
166         assert_contains(out, "default")
167         assert_contains(out, "myorg")
168         assert_contains(out, "someorg")
170         out = machine.succeed("influx bucket list ${tokenArg} --org default")
171         assert_contains(out, "default")
173         out = machine.succeed("influx bucket list ${tokenArg} --org myorg")
174         assert_contains(out, "mybucket")
176         out = machine.succeed("influx bucket list ${tokenArg} --org someorg")
177         assert_contains(out, "somebucket")
179         out = machine.succeed("influx user list ${tokenArg}")
180         assert_contains(out, "admin")
181         assert_contains(out, "myuser")
182         assert_contains(out, "someuser")
184         out = machine.succeed("influx auth list ${tokenArg}")
185         assert_contains(out, "operator token")
186         assert_contains(out, "some auth token")
188       with subtest("withParentDelete"):
189         machine.succeed('${specialisations}/withParentDelete/bin/switch-to-configuration test')
190         machine.wait_for_unit("influxdb2.service")
192         out = machine.succeed("influx org list ${tokenArg}")
193         assert_contains(out, "default")
194         assert_contains(out, "myorg")
195         assert_lacks(out, "someorg")
197         out = machine.succeed("influx bucket list ${tokenArg} --org default")
198         assert_contains(out, "default")
200         out = machine.succeed("influx bucket list ${tokenArg} --org myorg")
201         assert_contains(out, "mybucket")
203         machine.fail("influx bucket list ${tokenArg} --org someorg")
205         out = machine.succeed("influx user list ${tokenArg}")
206         assert_contains(out, "admin")
207         assert_contains(out, "myuser")
208         assert_contains(out, "someuser")
210         out = machine.succeed("influx auth list ${tokenArg}")
211         assert_contains(out, "operator token")
212         assert_lacks(out, "some auth token")
214       with subtest("withNewTokens"):
215         machine.succeed('${specialisations}/withNewTokens/bin/switch-to-configuration test')
216         machine.wait_for_unit("influxdb2.service")
218         out = machine.succeed("influx auth list ${tokenArg}")
219         assert_contains(out, "operator token")
220         assert_contains(out, "some auth token")
221         assert_contains(out, "new optoken")
222         assert_contains(out, "new allaccess")
223         assert_contains(out, "new specifics")
224     '';