diff options
author | Andreas Stührk <andy@yaxi.tech> | 2023-02-09 12:19:58 +0100 |
---|---|---|
committer | pennae <82953136+pennae@users.noreply.github.com> | 2023-02-11 18:21:21 +0100 |
commit | 8dade1f713c7f64f0514ba4c00fa6e2bb1be8d79 (patch) | |
tree | c1ee27b2884024809ccb80de4d3fd9a451b235f7 /nixos | |
parent | 84220a70983948dd611f0cfdecb70ffe02556312 (diff) |
nixos/envoy: add option `requireValidConfig` to make config validation errors non-fatal
Co-authored-by: Vincent Haupert <vincent@yaxi.tech>
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/networking/envoy.nix | 17 | ||||
-rw-r--r-- | nixos/tests/envoy.nix | 33 |
2 files changed, 40 insertions, 10 deletions
diff --git a/nixos/modules/services/networking/envoy.nix b/nixos/modules/services/networking/envoy.nix index 3e2616185500d..c68ceab9619c4 100644 --- a/nixos/modules/services/networking/envoy.nix +++ b/nixos/modules/services/networking/envoy.nix @@ -6,12 +6,11 @@ let cfg = config.services.envoy; format = pkgs.formats.json { }; conf = format.generate "envoy.json" cfg.settings; - validateConfig = file: + validateConfig = required: file: pkgs.runCommand "validate-envoy-conf" { } '' - ${cfg.package}/bin/envoy --log-level error --mode validate -c "${file}" + ${cfg.package}/bin/envoy --log-level error --mode validate -c "${file}" ${lib.optionalString (!required) "|| true"} cp "${file}" "$out" ''; - in { @@ -20,6 +19,16 @@ in package = mkPackageOptionMD pkgs "envoy" { }; + requireValidConfig = mkOption { + type = types.bool; + default = true; + description = lib.mdDoc '' + Whether a failure during config validation at build time is fatal. + When the config can't be checked during build time, for example when it includes + other files, disable this option. + ''; + }; + settings = mkOption { type = format.type; default = { }; @@ -55,7 +64,7 @@ in requires = [ "network-online.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { - ExecStart = "${cfg.package}/bin/envoy -c ${validateConfig conf}"; + ExecStart = "${cfg.package}/bin/envoy -c ${validateConfig cfg.requireValidConfig conf}"; CacheDirectory = [ "envoy" ]; LogsDirectory = [ "envoy" ]; Restart = "no"; diff --git a/nixos/tests/envoy.nix b/nixos/tests/envoy.nix index a14c1fca3bb5f..1e4bfe626398e 100644 --- a/nixos/tests/envoy.nix +++ b/nixos/tests/envoy.nix @@ -22,12 +22,33 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : { clusters = []; }; }; + specialisation = { + withoutConfigValidation.configuration = { ... }: { + services.envoy = { + requireValidConfig = false; + settings.admin.access_log_path = lib.mkForce "/var/log/envoy/access.log"; + }; + }; + }; }; - testScript = '' - machine.start() - machine.wait_for_unit("envoy.service") - machine.wait_for_open_port(80) - machine.wait_until_succeeds("curl -fsS localhost:80/ready") - ''; + testScript = { nodes, ... }: + let + specialisations = "${nodes.machine.system.build.toplevel}/specialisation"; + in + '' + machine.start() + + with subtest("envoy.service starts and responds with ready"): + machine.wait_for_unit("envoy.service") + machine.wait_for_open_port(80) + machine.wait_until_succeeds("curl -fsS localhost:80/ready") + + with subtest("envoy.service works with config path not available at eval time"): + machine.succeed('${specialisations}/withoutConfigValidation/bin/switch-to-configuration test') + machine.wait_for_unit("envoy.service") + machine.wait_for_open_port(80) + machine.wait_until_succeeds("curl -fsS localhost:80/ready") + machine.succeed('test -f /var/log/envoy/access.log') + ''; }) |