mleku/next.orly.dev
1
0
Fork 1
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8b3d03da2c5b93dbc3f46442d0e097b1ef1b99af
next.orly.dev/scripts/docker-policy/README.md
mleku baede6d37f
Some checks failed
Go / build (push) Has been cancelled
Details
Go / release (push) Has been cancelled
Details
extend script test to two read two write to ensure script continues running
2025-11-11 15:24:58 +00:00

249 lines
7.4 KiB
Markdown
Raw Blame History

# ORLY Policy Engine Docker Test
This directory contains a Docker-based test environment to verify that the `cs-policy.js` script is executed by the ORLY relay's policy engine when events are received.
## Test Structure
```
test-docker-policy/
├── Dockerfile # Ubuntu 22.04.5 based image
├── docker-compose.yml # Container orchestration
├── cs-policy.js # Policy script that writes to a file
├── policy.json # Policy configuration pointing to the script
├── env # Environment variables for ORLY
├── start.sh # Container startup script
├── test-policy.sh # Automated test runner
└── README.md # This file
```
## What the Test Does
1. **Builds** an Ubuntu 22.04.5 Docker image with ORLY relay
2. **Configures** the policy engine with `cs-policy-daemon.js`
3. **Starts** the relay with policy engine enabled
4. **Publishes 2 events** to test write control (EVENT messages)
5. **Queries for those events** to test read control (REQ messages)
6. **Verifies** that:
- Both events were published successfully
- Events can be queried and retrieved
- Policy script processed both write and read operations
- Policy script logged to both file and relay log (stderr)
7. **Reports** detailed results with policy invocation counts
## How cs-policy-daemon.js Works
The policy script is a long-lived process that:
1. Reads events from stdin (one JSON event per line)
2. Processes each event and returns a JSON response to stdout
3. Logs debug information to:
- `/home/orly/cs-policy-output.txt` (file output)
- stderr (appears in relay log with prefix `[policy script /path]`)
**Key Features:**
- Logs event details including kind, ID, and access type (read/write)
- Writes debug output to stderr which appears in the relay log
- Returns JSON responses to stdout for policy decisions
## Quick Start
Run the automated test:
```bash
./scripts/docker-policy/test-policy.sh
```
## Policy Test Tool
The `policytest` tool is a command-line utility for testing policy enforcement:
```bash
# Test write control (EVENT messages)
./policytest -url ws://localhost:8777 -type event -kind 1
# Test read control (REQ messages)
./policytest -url ws://localhost:8777 -type req -kind 1
# Test both write and read control
./policytest -url ws://localhost:8777 -type both -kind 1
# Publish multiple events and query for them (full integration test)
./policytest -url ws://localhost:8777 -type publish-and-query -kind 1 -count 2
```
### Options
- `-url` - Relay WebSocket URL (default: `ws://127.0.0.1:3334`)
- `-type` - Test type:
- `event` - Test write control only
- `req` - Test read control only
- `both` - Test write then read
- `publish-and-query` - Publish events then query for them (full test)
- `-kind` - Event kind to test (default: `4678`)
- `-count` - Number of events to publish for `publish-and-query` (default: `2`)
- `-timeout` - Operation timeout (default: `20s`)
### Output
The `publish-and-query` test provides detailed output:
```
Publishing 2 events of kind 1...
Event 1/2 published successfully (id: a1b2c3d4...)
Event 2/2 published successfully (id: e5f6g7h8...)
PUBLISH: 2 accepted, 0 rejected out of 2 total
Querying for events of kind 1...
Query returned 2 events
QUERY: found 2/2 published events (total returned: 2)
SUCCESS: All published events were retrieved
```
## Manual Testing
### 1. Build and Start Container
```bash
cd /home/mleku/src/next.orly.dev
docker-compose -f test-docker-policy/docker-compose.yml up -d
```
### 2. Check Relay Logs
```bash
docker logs orly-policy-test -f
```
### 3. Send Test Event
```bash
# Using websocat
echo '["EVENT",{"id":"test123","pubkey":"4db2c42f3c02079dd6feae3f88f6c8693940a00ade3cc8e5d72050bd6e577cd5","created_at":'$(date +%s)',"kind":1,"tags":[],"content":"Test","sig":"0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"}]' | websocat ws://localhost:8777
```
### 4. Verify Output File
```bash
# Check if file exists
docker exec orly-policy-test test -f /home/orly/cs-policy-output.txt && echo "File exists!"
# View contents
docker exec orly-policy-test cat /home/orly/cs-policy-output.txt
```
### 5. Cleanup
```bash
# Stop container
docker-compose -f test-docker-policy/docker-compose.yml down
# Remove volumes
docker-compose -f test-docker-policy/docker-compose.yml down -v
```
## Troubleshooting
### Policy Script Not Running
Check if policy is enabled:
```bash
docker exec orly-policy-test cat /home/orly/env | grep POLICY
```
Check policy configuration:
```bash
docker exec orly-policy-test cat /home/orly/.config/ORLY/policy.json
```
### Node.js Issues
Verify Node.js is installed:
```bash
docker exec orly-policy-test node --version
```
Test the script manually:
```bash
docker exec orly-policy-test node /home/orly/cs-policy.js
docker exec orly-policy-test cat /home/orly/cs-policy-output.txt
```
### Relay Not Starting
View full logs:
```bash
docker logs orly-policy-test
```
Check if relay is listening:
```bash
docker exec orly-policy-test netstat -tlnp | grep 8777
```
## Expected Output
When successful, you should see:
```
=== Step 9: Publishing 2 events and querying for them ===
--- Publishing and querying events ---
Publishing 2 events of kind 1...
Event 1/2 published successfully (id: abc12345...)
Event 2/2 published successfully (id: def67890...)
PUBLISH: 2 accepted, 0 rejected out of 2 total
Querying for events of kind 1...
Query returned 2 events
QUERY: found 2/2 published events (total returned: 2)
SUCCESS: All published events were retrieved
=== Step 10: Checking relay logs ===
INFO [policy script /home/orly/cs-policy-daemon.js] [cs-policy] Policy script started
INFO [policy script /home/orly/cs-policy-daemon.js] [cs-policy] Processing event abc12345, kind: 1, access: write
INFO [policy script /home/orly/cs-policy-daemon.js] [cs-policy] Processing event def67890, kind: 1, access: write
INFO [policy script /home/orly/cs-policy-daemon.js] [cs-policy] Processing event abc12345, kind: 1, access: read
INFO [policy script /home/orly/cs-policy-daemon.js] [cs-policy] Processing event def67890, kind: 1, access: read
=== Step 12: Checking output file ===
✓ SUCCESS: cs-policy-output.txt file exists!
Output file contents:
1234567890123: Policy script started
1234567890456: Event ID: abc12345..., Kind: 1, Access: write
1234567890789: Event ID: def67890..., Kind: 1, Access: write
1234567891012: Event ID: abc12345..., Kind: 1, Access: read
1234567891234: Event ID: def67890..., Kind: 1, Access: read
Policy invocations summary:
- Write operations (EVENT): 2 (expected: 2)
- Read operations (REQ): 2 (expected: >=1)
✓ SUCCESS: Policy script processed both write and read operations!
- Published 2 events (write control)
- Queried events (read control)
```
The test verifies:
- **Write Control**: Policy script processes EVENT messages (2 publications)
- **Read Control**: Policy script processes REQ messages (query retrieves events)
- **Dual Logging**: Script output appears in both file and relay log (stderr)
- **Event Lifecycle**: Events are stored and can be retrieved
## Configuration Files
### env
Environment variables for ORLY relay:
- `ORLY_PORT=8777` - WebSocket port
- `ORLY_POLICY_ENABLED=true` - Enable policy engine
- `ORLY_LOG_LEVEL=debug` - Verbose logging
### policy.json
Policy configuration:
```json
{
"script": "/home/orly/cs-policy.js"
}
```
Points to the policy script that will be executed for each event.
Reference in New Issue View Git Blame Copy Permalink