vuls: init at 0.27.0
[NixPkgs.git] / nixos / tests / openresty-lua.nix
blobe3629e9ca40a6e37291eefe98a5d0e702b6395f2
1 import ./make-test-python.nix ({ pkgs, lib, ... }:
2   let
3     luaLibs = [
4       pkgs.lua.pkgs.markdown
5     ];
7     getLuaPath = lib: "${lib}/share/lua/${pkgs.lua.luaversion}/?.lua";
8     luaPath = lib.concatStringsSep ";" (map getLuaPath luaLibs);
9   in
10   {
11     name = "openresty-lua";
12     meta = with pkgs.lib.maintainers; {
13       maintainers = [ bbigras ];
14     };
16     nodes = {
17       webserver = { pkgs, lib, ... }: {
18         networking = {
19           extraHosts = ''
20             127.0.0.1 default.test
21             127.0.0.1 sandbox.test
22           '';
23         };
24         services.nginx = {
25           enable = true;
26           package = pkgs.openresty;
28           commonHttpConfig = ''
29             lua_package_path '${luaPath};;';
30           '';
32           virtualHosts."default.test" = {
33             default = true;
34             locations."/" = {
35               extraConfig = ''
36                 default_type text/html;
37                 access_by_lua '
38                   local markdown = require "markdown"
39                   markdown("source")
40                 ';
41               '';
42             };
43           };
45           virtualHosts."sandbox.test" = {
46             locations."/test1-write" = {
47               extraConfig = ''
48                 content_by_lua_block {
49                   local create = os.execute('${pkgs.coreutils}/bin/mkdir /tmp/test1-read')
50                   local create = os.execute('${pkgs.coreutils}/bin/touch /tmp/test1-read/foo.txt')
51                   local echo = os.execute('${pkgs.coreutils}/bin/echo worked > /tmp/test1-read/foo.txt')
52                 }
53               '';
54             };
55             locations."/test1-read" = {
56               root = "/tmp";
57             };
58             locations."/test2-write" = {
59               extraConfig = ''
60                 content_by_lua_block {
61                   local create = os.execute('${pkgs.coreutils}/bin/mkdir /var/web/test2-read')
62                   local create = os.execute('${pkgs.coreutils}/bin/touch /var/web/test2-read/bar.txt')
63                   local echo = os.execute('${pkgs.coreutils}/bin/echo error-worked > /var/web/test2-read/bar.txt')
64                 }
65               '';
66             };
67             locations."/test2-read" = {
68               root = "/var/web";
69             };
70           };
71         };
72       };
73     };
75     testScript = { nodes, ... }:
76       ''
77         url = "http://localhost"
79         webserver.wait_for_unit("nginx")
80         webserver.wait_for_open_port(80)
82         http_code = webserver.succeed(
83           f"curl -w '%{{http_code}}' --head --fail {url}"
84         )
85         assert http_code.split("\n")[-1] == "200"
87         # This test checks the creation and reading of a file in sandbox mode.
88         # Checking write in temporary folder
89         webserver.succeed("$(curl -vvv http://sandbox.test/test1-write)")
90         webserver.succeed('test "$(curl -fvvv http://sandbox.test/test1-read/foo.txt)" = worked')
91         # Checking write in protected folder. In sandbox mode for the nginx service, the folder /var/web is mounted
92         # in read-only mode.
93         webserver.succeed("mkdir -p /var/web")
94         webserver.succeed("chown nginx:nginx /var/web")
95         webserver.succeed("$(curl -vvv http://sandbox.test/test2-write)")
96         assert "404 Not Found" in machine.succeed(
97             "curl -vvv -s http://sandbox.test/test2-read/bar.txt"
98         )
99       '';
100   })