241 lines
9 KiB
Nix
241 lines
9 KiB
Nix
import ./make-test-python.nix (
|
|
{ pkgs, ... }:
|
|
{
|
|
name = "influxdb2";
|
|
meta = with pkgs.lib.maintainers; {
|
|
maintainers = [ offline ];
|
|
};
|
|
|
|
nodes.machine =
|
|
{ lib, ... }:
|
|
{
|
|
environment.systemPackages = [ pkgs.influxdb2-cli ];
|
|
# Make sure that the service is restarted immediately if tokens need to be rewritten
|
|
# without relying on any Restart=on-failure behavior
|
|
systemd.services.influxdb2.serviceConfig.RestartSec = 6000;
|
|
services.influxdb2.enable = true;
|
|
services.influxdb2.provision = {
|
|
enable = true;
|
|
initialSetup = {
|
|
organization = "default";
|
|
bucket = "default";
|
|
passwordFile = pkgs.writeText "admin-pw" "ExAmPl3PA55W0rD";
|
|
tokenFile = pkgs.writeText "admin-token" "verysecureadmintoken";
|
|
};
|
|
organizations.someorg = {
|
|
buckets.somebucket = { };
|
|
auths.sometoken = {
|
|
description = "some auth token";
|
|
readBuckets = [ "somebucket" ];
|
|
writeBuckets = [ "somebucket" ];
|
|
};
|
|
};
|
|
users.someuser.passwordFile = pkgs.writeText "tmp-pw" "abcgoiuhaoga";
|
|
};
|
|
|
|
specialisation.withModifications.configuration =
|
|
{ ... }:
|
|
{
|
|
services.influxdb2.provision = {
|
|
organizations.someorg.buckets.somebucket.present = false;
|
|
organizations.someorg.auths.sometoken.present = false;
|
|
users.someuser.present = false;
|
|
|
|
organizations.myorg = {
|
|
description = "Myorg description";
|
|
buckets.mybucket = {
|
|
description = "Mybucket description";
|
|
};
|
|
auths.mytoken = {
|
|
operator = true;
|
|
description = "operator token";
|
|
tokenFile = pkgs.writeText "tmp-tok" "someusertoken";
|
|
};
|
|
};
|
|
users.myuser.passwordFile = pkgs.writeText "tmp-pw" "abcgoiuhaoga";
|
|
};
|
|
};
|
|
|
|
specialisation.withParentDelete.configuration =
|
|
{ ... }:
|
|
{
|
|
services.influxdb2.provision = {
|
|
organizations.someorg.present = false;
|
|
# Deleting the parent implies:
|
|
#organizations.someorg.buckets.somebucket.present = false;
|
|
#organizations.someorg.auths.sometoken.present = false;
|
|
};
|
|
};
|
|
|
|
specialisation.withNewTokens.configuration =
|
|
{ ... }:
|
|
{
|
|
services.influxdb2.provision = {
|
|
organizations.default = {
|
|
auths.operator = {
|
|
operator = true;
|
|
description = "new optoken";
|
|
tokenFile = pkgs.writeText "tmp-tok" "newoptoken";
|
|
};
|
|
auths.allaccess = {
|
|
operator = true;
|
|
description = "new allaccess";
|
|
tokenFile = pkgs.writeText "tmp-tok" "newallaccess";
|
|
};
|
|
auths.specifics = {
|
|
description = "new specifics";
|
|
readPermissions = [
|
|
"users"
|
|
"tasks"
|
|
];
|
|
writePermissions = [ "tasks" ];
|
|
tokenFile = pkgs.writeText "tmp-tok" "newspecificstoken";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
testScript =
|
|
{ nodes, ... }:
|
|
let
|
|
specialisations = "${nodes.machine.system.build.toplevel}/specialisation";
|
|
tokenArg = "--token verysecureadmintoken";
|
|
in
|
|
''
|
|
def assert_contains(haystack, needle):
|
|
if needle not in haystack:
|
|
print("The haystack that will cause the following exception is:")
|
|
print("---")
|
|
print(haystack)
|
|
print("---")
|
|
raise Exception(f"Expected string '{needle}' was not found")
|
|
|
|
def assert_lacks(haystack, needle):
|
|
if needle in haystack:
|
|
print("The haystack that will cause the following exception is:")
|
|
print("---")
|
|
print(haystack, end="")
|
|
print("---")
|
|
raise Exception(f"Unexpected string '{needle}' was found")
|
|
|
|
machine.wait_for_unit("influxdb2.service")
|
|
|
|
machine.fail("curl --fail -X POST 'http://localhost:8086/api/v2/signin' -u admin:wrongpassword")
|
|
machine.succeed("curl --fail -X POST 'http://localhost:8086/api/v2/signin' -u admin:ExAmPl3PA55W0rD")
|
|
|
|
out = machine.succeed("influx org list ${tokenArg}")
|
|
assert_contains(out, "default")
|
|
assert_lacks(out, "myorg")
|
|
assert_contains(out, "someorg")
|
|
|
|
out = machine.succeed("influx bucket list ${tokenArg} --org default")
|
|
assert_contains(out, "default")
|
|
|
|
machine.fail("influx bucket list ${tokenArg} --org myorg")
|
|
|
|
out = machine.succeed("influx bucket list ${tokenArg} --org someorg")
|
|
assert_contains(out, "somebucket")
|
|
|
|
out = machine.succeed("influx user list ${tokenArg}")
|
|
assert_contains(out, "admin")
|
|
assert_lacks(out, "myuser")
|
|
assert_contains(out, "someuser")
|
|
|
|
out = machine.succeed("influx auth list ${tokenArg}")
|
|
assert_lacks(out, "operator token")
|
|
assert_contains(out, "some auth token")
|
|
|
|
with subtest("withModifications"):
|
|
machine.succeed('${specialisations}/withModifications/bin/switch-to-configuration test')
|
|
machine.wait_for_unit("influxdb2.service")
|
|
|
|
out = machine.succeed("influx org list ${tokenArg}")
|
|
assert_contains(out, "default")
|
|
assert_contains(out, "myorg")
|
|
assert_contains(out, "someorg")
|
|
|
|
out = machine.succeed("influx bucket list ${tokenArg} --org myorg")
|
|
assert_contains(out, "mybucket")
|
|
|
|
out = machine.succeed("influx bucket list ${tokenArg} --org someorg")
|
|
assert_lacks(out, "somebucket")
|
|
|
|
out = machine.succeed("influx user list ${tokenArg}")
|
|
assert_contains(out, "admin")
|
|
assert_contains(out, "myuser")
|
|
assert_lacks(out, "someuser")
|
|
|
|
out = machine.succeed("influx auth list ${tokenArg}")
|
|
assert_contains(out, "operator token")
|
|
assert_lacks(out, "some auth token")
|
|
|
|
# Make sure the user token is also usable
|
|
machine.succeed("influx auth list --token someusertoken")
|
|
|
|
with subtest("keepsUnrelated"):
|
|
machine.succeed('${nodes.machine.system.build.toplevel}/bin/switch-to-configuration test')
|
|
machine.wait_for_unit("influxdb2.service")
|
|
|
|
out = machine.succeed("influx org list ${tokenArg}")
|
|
assert_contains(out, "default")
|
|
assert_contains(out, "myorg")
|
|
assert_contains(out, "someorg")
|
|
|
|
out = machine.succeed("influx bucket list ${tokenArg} --org default")
|
|
assert_contains(out, "default")
|
|
|
|
out = machine.succeed("influx bucket list ${tokenArg} --org myorg")
|
|
assert_contains(out, "mybucket")
|
|
|
|
out = machine.succeed("influx bucket list ${tokenArg} --org someorg")
|
|
assert_contains(out, "somebucket")
|
|
|
|
out = machine.succeed("influx user list ${tokenArg}")
|
|
assert_contains(out, "admin")
|
|
assert_contains(out, "myuser")
|
|
assert_contains(out, "someuser")
|
|
|
|
out = machine.succeed("influx auth list ${tokenArg}")
|
|
assert_contains(out, "operator token")
|
|
assert_contains(out, "some auth token")
|
|
|
|
with subtest("withParentDelete"):
|
|
machine.succeed('${specialisations}/withParentDelete/bin/switch-to-configuration test')
|
|
machine.wait_for_unit("influxdb2.service")
|
|
|
|
out = machine.succeed("influx org list ${tokenArg}")
|
|
assert_contains(out, "default")
|
|
assert_contains(out, "myorg")
|
|
assert_lacks(out, "someorg")
|
|
|
|
out = machine.succeed("influx bucket list ${tokenArg} --org default")
|
|
assert_contains(out, "default")
|
|
|
|
out = machine.succeed("influx bucket list ${tokenArg} --org myorg")
|
|
assert_contains(out, "mybucket")
|
|
|
|
machine.fail("influx bucket list ${tokenArg} --org someorg")
|
|
|
|
out = machine.succeed("influx user list ${tokenArg}")
|
|
assert_contains(out, "admin")
|
|
assert_contains(out, "myuser")
|
|
assert_contains(out, "someuser")
|
|
|
|
out = machine.succeed("influx auth list ${tokenArg}")
|
|
assert_contains(out, "operator token")
|
|
assert_lacks(out, "some auth token")
|
|
|
|
with subtest("withNewTokens"):
|
|
machine.succeed('${specialisations}/withNewTokens/bin/switch-to-configuration test')
|
|
machine.wait_for_unit("influxdb2.service")
|
|
|
|
out = machine.succeed("influx auth list ${tokenArg}")
|
|
assert_contains(out, "operator token")
|
|
assert_contains(out, "some auth token")
|
|
assert_contains(out, "new optoken")
|
|
assert_contains(out, "new allaccess")
|
|
assert_contains(out, "new specifics")
|
|
'';
|
|
}
|
|
)
|