let
pgheroPort = 1337;
pgheroUser = "pghero";
pgheroPass = "pghero";
in
{ lib, ... }:
{
name = "pghero";
meta.maintainers = [ lib.maintainers.tie ];
nodes.machine =
{ config, ... }:
services.postgresql = {
enable = true;
# This test uses default peer authentication (socket and its directory is
# world-readably by default), so we essentially test that we can connect
# with DynamicUser= set.
ensureUsers = [
ensureClauses.superuser = true;
}
];
};
services.pghero = {
listenAddress = "[::]:${toString pgheroPort}";
settings = {
databases = {
postgres.url = "<%= ENV['POSTGRES_DATABASE_URL'] %>";
nulldb.url = "nulldb:///";
environment = {
PGHERO_USERNAME = pgheroUser;
PGHERO_PASSWORD = pgheroPass;
POSTGRES_DATABASE_URL = "postgresql:///postgres?host=/run/postgresql";
testScript = ''
pgheroPort = ${toString pgheroPort}
pgheroUser = "${pgheroUser}"
pgheroPass = "${pgheroPass}"
pgheroUnauthorizedURL = f"http://localhost:{pgheroPort}"
pgheroBaseURL = f"http://{pgheroUser}:{pgheroPass}@localhost:{pgheroPort}"
def expect_http_code(node, code, url):
http_code = node.succeed(f"curl -s -o /dev/null -w '%{{http_code}}' '{url}'")
assert http_code.split("\n")[-1].strip() == code, \
f"expected HTTP status code {code} but got {http_code}"
machine.wait_for_unit("postgresql.service")
machine.wait_for_unit("pghero.service")
with subtest("requires HTTP Basic Auth credentials"):
expect_http_code(machine, "401", pgheroUnauthorizedURL)
with subtest("works with some databases being unavailable"):
expect_http_code(machine, "500", pgheroBaseURL + "/nulldb")
with subtest("connects to the PostgreSQL database"):
expect_http_code(machine, "200", pgheroBaseURL + "/postgres")
'';