vuls: init at 0.27.0
[NixPkgs.git] / nixos / tests / pghero.nix
blobbce32da008862209c7aa8e93f86d4bd54ba4519f
1 let
2   pgheroPort = 1337;
3   pgheroUser = "pghero";
4   pgheroPass = "pghero";
5 in
6 { lib, ... }: {
7   name = "pghero";
8   meta.maintainers = [ lib.maintainers.tie ];
10   nodes.machine = { config, ... }: {
11     services.postgresql = {
12       enable = true;
13       # This test uses default peer authentication (socket and its directory is
14       # world-readably by default), so we essentially test that we can connect
15       # with DynamicUser= set.
16       ensureUsers = [{
17         name = "pghero";
18         ensureClauses.superuser = true;
19       }];
20     };
21     services.pghero = {
22       enable = true;
23       listenAddress = "[::]:${toString pgheroPort}";
24       settings = {
25         databases = {
26           postgres.url = "<%= ENV['POSTGRES_DATABASE_URL'] %>";
27           nulldb.url = "nulldb:///";
28         };
29       };
30       environment = {
31         PGHERO_USERNAME = pgheroUser;
32         PGHERO_PASSWORD = pgheroPass;
33         POSTGRES_DATABASE_URL = "postgresql:///postgres?host=/run/postgresql";
34       };
35     };
36   };
38   testScript = ''
39     pgheroPort = ${toString pgheroPort}
40     pgheroUser = "${pgheroUser}"
41     pgheroPass = "${pgheroPass}"
43     pgheroUnauthorizedURL = f"http://localhost:{pgheroPort}"
44     pgheroBaseURL = f"http://{pgheroUser}:{pgheroPass}@localhost:{pgheroPort}"
46     def expect_http_code(node, code, url):
47         http_code = node.succeed(f"curl -s -o /dev/null -w '%{{http_code}}' '{url}'")
48         assert http_code.split("\n")[-1].strip() == code, \
49           f"expected HTTP status code {code} but got {http_code}"
51     machine.wait_for_unit("postgresql.service")
52     machine.wait_for_unit("pghero.service")
54     with subtest("requires HTTP Basic Auth credentials"):
55       expect_http_code(machine, "401", pgheroUnauthorizedURL)
57     with subtest("works with some databases being unavailable"):
58       expect_http_code(machine, "500", pgheroBaseURL + "/nulldb")
60     with subtest("connects to the PostgreSQL database"):
61       expect_http_code(machine, "200", pgheroBaseURL + "/postgres")
62   '';