nixpkgs/nixos/tests/minio.nix
2024-12-09 16:30:47 +01:00

114 lines
3.8 KiB
Nix

import ./make-test-python.nix ({ pkgs, ... }:
let
tls-cert =
pkgs.runCommand "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } ''
openssl req \
-x509 -newkey rsa:4096 -sha256 -days 365 \
-nodes -out cert.pem -keyout key.pem \
-subj '/CN=minio' -addext "subjectAltName=DNS:localhost"
mkdir -p $out
cp key.pem cert.pem $out
'';
accessKey = "BKIKJAA5BMMU2RHO6IBB";
secretKey = "V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12";
minioPythonScript = pkgs.writeScript "minio-test.py" ''
#! ${pkgs.python3.withPackages(ps: [ ps.minio ])}/bin/python
import io
import os
import sys
from minio import Minio
if len(sys.argv) > 1 and sys.argv[1] == 'tls':
tls = True
else:
tls = False
minioClient = Minio('localhost:9000',
access_key='${accessKey}',
secret_key='${secretKey}',
secure=tls,
cert_check=False)
sio = io.BytesIO()
sio.write(b'Test from Python')
sio.seek(0, os.SEEK_END)
sio_len = sio.tell()
sio.seek(0)
minioClient.put_object('test-bucket', 'test.txt', sio, sio_len, content_type='text/plain')
'';
rootCredentialsFile = "/etc/nixos/minio-root-credentials";
credsPartial = pkgs.writeText "minio-credentials-partial" ''
MINIO_ROOT_USER=${accessKey}
'';
credsFull = pkgs.writeText "minio-credentials-full" ''
MINIO_ROOT_USER=${accessKey}
MINIO_ROOT_PASSWORD=${secretKey}
'';
in
{
name = "minio";
meta = with pkgs.lib.maintainers; {
maintainers = [ bachp ];
};
nodes = {
machine = { pkgs, ... }: {
services.minio = {
enable = true;
inherit rootCredentialsFile;
};
environment.systemPackages = [ pkgs.minio-client ];
# Minio requires at least 1GiB of free disk space to run.
virtualisation.diskSize = 4 * 1024;
# Minio pre allocates 2GiB or memory, reserve some more
virtualisation.memorySize = 4096;
};
};
testScript = ''
start_all()
# simulate manually editing root credentials file
machine.wait_for_unit("multi-user.target")
machine.copy_from_host("${credsFull}", "${rootCredentialsFile}")
# Test non-TLS server
machine.wait_for_unit("minio.service")
machine.wait_for_open_port(9000)
# Create a test bucket on the server
machine.succeed(
"mc config host add minio http://localhost:9000 ${accessKey} ${secretKey} --api s3v4"
)
machine.succeed("mc mb minio/test-bucket")
machine.succeed("${minioPythonScript}")
assert "test-bucket" in machine.succeed("mc ls minio")
assert "Test from Python" in machine.succeed("mc cat minio/test-bucket/test.txt")
machine.succeed("mc rb --force minio/test-bucket")
machine.systemctl("stop minio.service")
# Test TLS server
machine.copy_from_host("${tls-cert}/cert.pem", "/var/lib/minio/certs/public.crt")
machine.copy_from_host("${tls-cert}/key.pem", "/var/lib/minio/certs/private.key")
machine.systemctl("start minio.service")
machine.wait_for_unit("minio.service")
machine.wait_for_open_port(9000)
# Create a test bucket on the server
machine.succeed(
"mc config host add minio https://localhost:9000 ${accessKey} ${secretKey} --api s3v4"
)
machine.succeed("mc --insecure mb minio/test-bucket")
machine.succeed("${minioPythonScript} tls")
assert "test-bucket" in machine.succeed("mc --insecure ls minio")
assert "Test from Python" in machine.succeed("mc --insecure cat minio/test-bucket/test.txt")
machine.succeed("mc --insecure rb --force minio/test-bucket")
machine.shutdown()
'';
})