nixosTests.nginx-modsecurity: migrate to runTest

Part of #386873
2025-06-09 19:13:26 +03:00 · 2025-03-29 23:52:25 +01:00 · 2025-03-29 23:52:25 +01:00 · 9a3d7473c4
commit 9a3d7473c4
parent af2b019d25
2 changed files with 46 additions and 48 deletions
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@ -804,7 +804,7 @@ in {
  nginx-globalredirect = runTest ./nginx-globalredirect.nix;
  nginx-http3 = handleTest ./nginx-http3.nix {};
  nginx-mime = runTest ./nginx-mime.nix;
-  nginx-modsecurity = handleTest ./nginx-modsecurity.nix {};
+  nginx-modsecurity = runTest ./nginx-modsecurity.nix;
  nginx-moreheaders = handleTest ./nginx-moreheaders.nix {};
  nginx-njs = handleTest ./nginx-njs.nix {};
  nginx-proxyprotocol = handleTest ./nginx-proxyprotocol {};
--- a/nixos/tests/nginx-modsecurity.nix
+++ b/nixos/tests/nginx-modsecurity.nix
@ -1,51 +1,49 @@
-import ./make-test-python.nix (
-  { pkgs, lib, ... }:
-  {
-    name = "nginx-modsecurity";
+{ ... }:
+{
+  name = "nginx-modsecurity";

-    nodes.machine =
-      {
-        config,
-        lib,
-        pkgs,
-        ...
-      }:
-      {
-        services.nginx = {
-          enable = true;
-          additionalModules = [ pkgs.nginxModules.modsecurity ];
-          virtualHosts.localhost =
-            let
-              modsecurity_conf = pkgs.writeText "modsecurity.conf" ''
-                SecRuleEngine On
-                SecDefaultAction "phase:1,log,auditlog,deny,status:403"
-                SecDefaultAction "phase:2,log,auditlog,deny,status:403"
-                SecRule REQUEST_METHOD   "HEAD"        "id:100, phase:1, block"
-                SecRule REQUEST_FILENAME "secret.html" "id:101, phase:2, block"
-              '';
-              testroot = pkgs.runCommand "testroot" { } ''
-                mkdir -p $out
-                echo "<html><body>Hello World!</body></html>" > $out/index.html
-                echo "s3cret" > $out/secret.html
-              '';
-            in
-            {
-              root = testroot;
-              extraConfig = ''
-                modsecurity on;
-                modsecurity_rules_file ${modsecurity_conf};
-              '';
-            };
-        };
+  nodes.machine =
+    {
+      config,
+      lib,
+      pkgs,
+      ...
+    }:
+    {
+      services.nginx = {
+        enable = true;
+        additionalModules = [ pkgs.nginxModules.modsecurity ];
+        virtualHosts.localhost =
+          let
+            modsecurity_conf = pkgs.writeText "modsecurity.conf" ''
+              SecRuleEngine On
+              SecDefaultAction "phase:1,log,auditlog,deny,status:403"
+              SecDefaultAction "phase:2,log,auditlog,deny,status:403"
+              SecRule REQUEST_METHOD   "HEAD"        "id:100, phase:1, block"
+              SecRule REQUEST_FILENAME "secret.html" "id:101, phase:2, block"
+            '';
+            testroot = pkgs.runCommand "testroot" { } ''
+              mkdir -p $out
+              echo "<html><body>Hello World!</body></html>" > $out/index.html
+              echo "s3cret" > $out/secret.html
+            '';
+          in
+          {
+            root = testroot;
+            extraConfig = ''
+              modsecurity on;
+              modsecurity_rules_file ${modsecurity_conf};
+            '';
+          };
      };
-    testScript = ''
-      machine.wait_for_unit("nginx")
+    };
+  testScript = ''
+    machine.wait_for_unit("nginx")

-      response = machine.wait_until_succeeds("curl -fvvv -s http://127.0.0.1/")
-      assert "Hello World!" in response
+    response = machine.wait_until_succeeds("curl -fvvv -s http://127.0.0.1/")
+    assert "Hello World!" in response

-      machine.fail("curl -fvvv -X HEAD -s http://127.0.0.1/")
-      machine.fail("curl -fvvv -s http://127.0.0.1/secret.html")
-    '';
-  }
-)
+    machine.fail("curl -fvvv -X HEAD -s http://127.0.0.1/")
+    machine.fail("curl -fvvv -s http://127.0.0.1/secret.html")
+  '';
+}