vuls: init at 0.27.0
[NixPkgs.git] / nixos / tests / tracee.nix
blob1c241f3ec498396cc80d360fdb8e7d1b2c8edf33
1 import ./make-test-python.nix ({ pkgs, ... }: rec {
2   name = "tracee-integration";
3   meta.maintainers = pkgs.tracee.meta.maintainers;
5   passthru.hello-world-builder = pkgs: pkgs.dockerTools.buildImage {
6     name = "hello-world";
7     tag = "latest";
8     config.Cmd = [ "${pkgs.hello}/bin/hello" ];
9   };
11   nodes = {
12     machine = { config, pkgs, ... }: {
13       # EventFilters/trace_only_events_from_new_containers and
14       # Test_EventFilters/trace_only_events_from_"dockerd"_binary_and_contain_it's_pid
15       # require docker/dockerd
16       virtualisation.docker.enable = true;
18       environment.systemPackages = with pkgs; [
19         # required by Test_EventFilters/trace_events_from_ls_and_which_binary_in_separate_scopes
20         which
21         # the go integration tests as a binary
22         tracee.passthru.tests.integration-test-cli
23       ];
24     };
25   };
27   testScript =
28     let
29       skippedTests = [
30         # these comm tests for some reason do not resolve.
31         # something about the test is different as it works fine if I replicate
32         # the policies and run tracee myself but doesn't work in the integration
33         # test either with the automatic run or running the commands by hand
34         # while it's searching.
35         "Test_EventFilters/comm:_event:_args:_trace_event_set_in_a_specific_policy_with_args_from_ls_command"
36         "Test_EventFilters/comm:_event:_trace_events_set_in_two_specific_policies_from_ls_and_uname_commands"
38         # worked at some point, seems to be flakey
39         "Test_EventFilters/pid:_event:_args:_trace_event_sched_switch_with_args_from_pid_0"
40       ];
41     in
42     ''
43       with subtest("prepare for integration tests"):
44         machine.wait_for_unit("docker.service")
45         machine.succeed('which bash')
47         # EventFilters/trace_only_events_from_new_containers also requires a container called "hello-world"
48         machine.succeed('docker load < ${passthru.hello-world-builder pkgs}')
50         # exec= needs fully resolved paths
51         machine.succeed(
52           'mkdir /tmp/testdir',
53           'cp $(which who) /tmp/testdir/who',
54           'cp $(which uname) /tmp/testdir/uname',
55         )
57       with subtest("run integration tests"):
58         # Test_EventFilters/trace_event_set_in_a_specific_scope expects to be in a dir that includes "integration"
59         # tests must be ran with 1 process
60         print(machine.succeed(
61           'mkdir /tmp/integration',
62           'cd /tmp/integration && export PATH="/tmp/testdir:$PATH" && integration.test -test.v -test.parallel 1 -test.skip="^${builtins.concatStringsSep "$|^" skippedTests}$"'
63         ))
64     '';