summary refs log tree commit diff
path: root/nixos/tests/tracee.nix
blob: 8ec86ef091ef7fe692b4c21b189b10610ed48d49 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
import ./make-test-python.nix ({ pkgs, ... }: {
  name = "tracee-integration";
  meta.maintainers = pkgs.tracee.meta.maintainers;

  nodes = {
    machine = { config, pkgs, ... }: {
      # EventFilters/trace_only_events_from_new_containers and
      # Test_EventFilters/trace_only_events_from_"dockerd"_binary_and_contain_it's_pid
      # require docker/dockerd
      virtualisation.docker.enable = true;

      environment.systemPackages = with pkgs; [
        # required by Test_EventFilters/trace_events_from_ls_and_which_binary_in_separate_scopes
        which
        # build the go integration tests as a binary
        (tracee.overrideAttrs (oa: {
          pname = oa.pname + "-integration";
          postPatch = oa.postPatch or "" + ''
            # prepare tester.sh (which will be embedded in the test binary)
            patchShebangs tests/integration/tester.sh

            # fix the test to look at nixos paths for running programs
            substituteInPlace tests/integration/integration_test.go \
              --replace "bin=/usr/bin/" "comm=" \
              --replace "binary=/usr/bin/" "comm=" \
              --replace "/usr/bin/dockerd" "dockerd" \
              --replace "/usr/bin" "/run/current-system/sw/bin"
          '';
          nativeBuildInputs = oa.nativeBuildInputs or [ ] ++ [ makeWrapper ];
          buildPhase = ''
            runHook preBuild
            # just build the static lib we need for the go test binary
            make $makeFlags ''${enableParallelBuilding:+-j$NIX_BUILD_CORES} bpf-core ./dist/btfhub

            # then compile the tests to be ran later
            CGO_LDFLAGS="$(pkg-config --libs libbpf)" go test -tags core,ebpf,integration -p 1 -c -o $GOPATH/tracee-integration ./tests/integration/...
            runHook postBuild
          '';
          doCheck = false;
          outputs = [ "out" ];
          installPhase = ''
            mkdir -p $out/bin
            mv $GOPATH/tracee-integration $out/bin/
          '';
          doInstallCheck = false;
        }))
      ];
    };
  };

  testScript = ''
    machine.wait_for_unit("docker.service")

    with subtest("run integration tests"):
      # EventFilters/trace_only_events_from_new_containers also requires a container called "alpine"
      machine.succeed('tar c -C ${pkgs.pkgsStatic.busybox} . | docker import - alpine --change "ENTRYPOINT [\"sleep\"]"')

      # Test_EventFilters/trace_event_set_in_a_specific_scope expects to be in a dir that includes "integration"
      print(machine.succeed(
        'mkdir /tmp/integration',
        'cd /tmp/integration && tracee-integration -test.v'
      ))
  '';
})