mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-01-05 12:34:00 +00:00
114 lines
3.8 KiB
Nix
114 lines
3.8 KiB
Nix
import ./make-test-python.nix ({ pkgs, ... }:
|
|
let
|
|
tls-cert =
|
|
pkgs.runCommand "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } ''
|
|
openssl req \
|
|
-x509 -newkey rsa:4096 -sha256 -days 365 \
|
|
-nodes -out cert.pem -keyout key.pem \
|
|
-subj '/CN=minio' -addext "subjectAltName=DNS:localhost"
|
|
|
|
mkdir -p $out
|
|
cp key.pem cert.pem $out
|
|
'';
|
|
|
|
accessKey = "BKIKJAA5BMMU2RHO6IBB";
|
|
secretKey = "V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12";
|
|
minioPythonScript = pkgs.writeScript "minio-test.py" ''
|
|
#! ${pkgs.python3.withPackages(ps: [ ps.minio ])}/bin/python
|
|
import io
|
|
import os
|
|
import sys
|
|
from minio import Minio
|
|
|
|
if len(sys.argv) > 1 and sys.argv[1] == 'tls':
|
|
tls = True
|
|
else:
|
|
tls = False
|
|
|
|
minioClient = Minio('localhost:9000',
|
|
access_key='${accessKey}',
|
|
secret_key='${secretKey}',
|
|
secure=tls,
|
|
cert_check=False)
|
|
sio = io.BytesIO()
|
|
sio.write(b'Test from Python')
|
|
sio.seek(0, os.SEEK_END)
|
|
sio_len = sio.tell()
|
|
sio.seek(0)
|
|
minioClient.put_object('test-bucket', 'test.txt', sio, sio_len, content_type='text/plain')
|
|
'';
|
|
rootCredentialsFile = "/etc/nixos/minio-root-credentials";
|
|
credsPartial = pkgs.writeText "minio-credentials-partial" ''
|
|
MINIO_ROOT_USER=${accessKey}
|
|
'';
|
|
credsFull = pkgs.writeText "minio-credentials-full" ''
|
|
MINIO_ROOT_USER=${accessKey}
|
|
MINIO_ROOT_PASSWORD=${secretKey}
|
|
'';
|
|
in
|
|
{
|
|
name = "minio";
|
|
meta = with pkgs.lib.maintainers; {
|
|
maintainers = [ bachp ];
|
|
};
|
|
|
|
nodes = {
|
|
machine = { pkgs, ... }: {
|
|
services.minio = {
|
|
enable = true;
|
|
inherit rootCredentialsFile;
|
|
};
|
|
environment.systemPackages = [ pkgs.minio-client ];
|
|
|
|
# Minio requires at least 1GiB of free disk space to run.
|
|
virtualisation.diskSize = 4 * 1024;
|
|
|
|
# Minio pre allocates 2GiB or memory, reserve some more
|
|
virtualisation.memorySize = 4096;
|
|
};
|
|
};
|
|
|
|
testScript = ''
|
|
|
|
start_all()
|
|
# simulate manually editing root credentials file
|
|
machine.wait_for_unit("multi-user.target")
|
|
machine.copy_from_host("${credsFull}", "${rootCredentialsFile}")
|
|
|
|
# Test non-TLS server
|
|
machine.wait_for_unit("minio.service")
|
|
machine.wait_for_open_port(9000)
|
|
|
|
# Create a test bucket on the server
|
|
machine.succeed(
|
|
"mc config host add minio http://localhost:9000 ${accessKey} ${secretKey} --api s3v4"
|
|
)
|
|
machine.succeed("mc mb minio/test-bucket")
|
|
machine.succeed("${minioPythonScript}")
|
|
assert "test-bucket" in machine.succeed("mc ls minio")
|
|
assert "Test from Python" in machine.succeed("mc cat minio/test-bucket/test.txt")
|
|
machine.succeed("mc rb --force minio/test-bucket")
|
|
machine.systemctl("stop minio.service")
|
|
|
|
# Test TLS server
|
|
machine.copy_from_host("${tls-cert}/cert.pem", "/var/lib/minio/certs/public.crt")
|
|
machine.copy_from_host("${tls-cert}/key.pem", "/var/lib/minio/certs/private.key")
|
|
|
|
machine.systemctl("start minio.service")
|
|
machine.wait_for_unit("minio.service")
|
|
machine.wait_for_open_port(9000)
|
|
|
|
# Create a test bucket on the server
|
|
machine.succeed(
|
|
"mc config host add minio https://localhost:9000 ${accessKey} ${secretKey} --api s3v4"
|
|
)
|
|
machine.succeed("mc --insecure mb minio/test-bucket")
|
|
machine.succeed("${minioPythonScript} tls")
|
|
assert "test-bucket" in machine.succeed("mc --insecure ls minio")
|
|
assert "Test from Python" in machine.succeed("mc --insecure cat minio/test-bucket/test.txt")
|
|
machine.succeed("mc --insecure rb --force minio/test-bucket")
|
|
|
|
machine.shutdown()
|
|
'';
|
|
})
|