movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-11 04:05:40 +03:00
Code Issues Projects Releases Packages Wiki Activity

nixosTests.auth-mysql: migrate to runTest

Browse source 
Part Of #386873
This commit is contained in:
Martin Weinelt 2025-03-13 23:45:17 +01:00
parent add74983e7
commit 3f2541bbb1
No known key found for this signature in database
GPG key ID: 87C1E9888F856759
2 changed files with 157 additions and 159 deletions
Download patch file Download diff file Expand all files Collapse all files

2
nixos/tests/all-tests.nix
View file

@ -183,7 +183,7 @@ in {
atticd = runTest ./atticd.nix; atticd = runTest ./atticd.nix;
atuin = runTest ./atuin.nix; atuin = runTest ./atuin.nix;
audiobookshelf = runTest ./audiobookshelf.nix; audiobookshelf = runTest ./audiobookshelf.nix;
auth-mysql = handleTest ./auth-mysql.nix {}; auth-mysql = runTest ./auth-mysql.nix;
authelia = handleTest ./authelia.nix {}; authelia = handleTest ./authelia.nix {};
auto-cpufreq = handleTest ./auto-cpufreq.nix {}; auto-cpufreq = handleTest ./auto-cpufreq.nix {};
autobrr = handleTest ./autobrr.nix {}; autobrr = handleTest ./autobrr.nix {};

314
nixos/tests/auth-mysql.nix
View file

@ -1,180 +1,178 @@
import ./make-test-python.nix ( { pkgs, lib, ... }:
{ pkgs, lib, ... }:
let let
dbUser = "nixos_auth"; dbUser = "nixos_auth";
dbPassword = "topsecret123"; dbPassword = "topsecret123";
dbName = "auth"; dbName = "auth";
mysqlUsername = "mysqltest"; mysqlUsername = "mysqltest";
mysqlPassword = "topsecretmysqluserpassword123"; mysqlPassword = "topsecretmysqluserpassword123";
mysqlGroup = "mysqlusers"; mysqlGroup = "mysqlusers";
localUsername = "localtest"; localUsername = "localtest";
localPassword = "topsecretlocaluserpassword123"; localPassword = "topsecretlocaluserpassword123";
mysqlInit = pkgs.writeText "mysqlInit" '' mysqlInit = pkgs.writeText "mysqlInit" ''
CREATE USER '${dbUser}'@'localhost' IDENTIFIED BY '${dbPassword}'; CREATE USER '${dbUser}'@'localhost' IDENTIFIED BY '${dbPassword}';
CREATE DATABASE ${dbName}; CREATE DATABASE ${dbName};
GRANT ALL PRIVILEGES ON ${dbName}.* TO '${dbUser}'@'localhost'; GRANT ALL PRIVILEGES ON ${dbName}.* TO '${dbUser}'@'localhost';
FLUSH PRIVILEGES; FLUSH PRIVILEGES;
USE ${dbName}; USE ${dbName};
CREATE TABLE `groups` ( CREATE TABLE `groups` (
rowid int(11) NOT NULL auto_increment, rowid int(11) NOT NULL auto_increment,
gid int(11) NOT NULL, gid int(11) NOT NULL,
name char(255) NOT NULL, name char(255) NOT NULL,
PRIMARY KEY (rowid) PRIMARY KEY (rowid)
); );
CREATE TABLE `users` ( CREATE TABLE `users` (
name varchar(255) NOT NULL, name varchar(255) NOT NULL,
uid int(11) NOT NULL auto_increment, uid int(11) NOT NULL auto_increment,
gid int(11) NOT NULL, gid int(11) NOT NULL,
password varchar(255) NOT NULL, password varchar(255) NOT NULL,
PRIMARY KEY (uid), PRIMARY KEY (uid),
UNIQUE (name) UNIQUE (name)
) AUTO_INCREMENT=5000; ) AUTO_INCREMENT=5000;
INSERT INTO `users` (name, uid, gid, password) VALUES INSERT INTO `users` (name, uid, gid, password) VALUES
('${mysqlUsername}', 5000, 5000, SHA2('${mysqlPassword}', 256)); ('${mysqlUsername}', 5000, 5000, SHA2('${mysqlPassword}', 256));
INSERT INTO `groups` (name, gid) VALUES ('${mysqlGroup}', 5000); INSERT INTO `groups` (name, gid) VALUES ('${mysqlGroup}', 5000);
''; '';
in in
{ {
name = "auth-mysql"; name = "auth-mysql";
meta.maintainers = with lib.maintainers; [ netali ]; meta.maintainers = with lib.maintainers; [ netali ];
nodes.machine = nodes.machine =
{ ... }: { ... }:
{ {
services.mysql = { services.mysql = {
enable = true; enable = true;
package = pkgs.mariadb; package = pkgs.mariadb;
settings.mysqld.bind-address = "127.0.0.1"; settings.mysqld.bind-address = "127.0.0.1";
initialScript = mysqlInit; initialScript = mysqlInit;
};
users.users.${localUsername} = {
isNormalUser = true;
password = localPassword;
};
security.pam.services.login.makeHomeDir = true;
users.mysql = {
enable = true;
host = "127.0.0.1";
user = dbUser;
database = dbName;
passwordFile = "${builtins.toFile "dbPassword" dbPassword}";
pam = {
table = "users";
userColumn = "name";
passwordColumn = "password";
passwordCrypt = "sha256";
disconnectEveryOperation = true;
};
nss = {
getpwnam = ''
SELECT name, 'x', uid, gid, name, CONCAT('/home/', name), "/run/current-system/sw/bin/bash" \
FROM users \
WHERE name='%1$s' \
LIMIT 1
'';
getpwuid = ''
SELECT name, 'x', uid, gid, name, CONCAT('/home/', name), "/run/current-system/sw/bin/bash" \
FROM users \
WHERE uid=%1$u \
LIMIT 1
'';
getspnam = ''
SELECT name, password, 1, 0, 99999, 7, 0, -1, 0 \
FROM users \
WHERE name='%1$s' \
LIMIT 1
'';
getpwent = ''
SELECT name, 'x', uid, gid, name, CONCAT('/home/', name), "/run/current-system/sw/bin/bash" \
FROM users
'';
getspent = ''
SELECT name, password, 1, 0, 99999, 7, 0, -1, 0 \
FROM users
'';
getgrnam = ''
SELECT name, 'x', gid FROM groups WHERE name='%1$s' LIMIT 1
'';
getgrgid = ''
SELECT name, 'x', gid FROM groups WHERE gid='%1$u' LIMIT 1
'';
getgrent = ''
SELECT name, 'x', gid FROM groups
'';
memsbygid = ''
SELECT name FROM users WHERE gid=%1$u
'';
gidsbymem = ''
SELECT gid FROM users WHERE name='%1$s'
'';
};
};
}; };
testScript = '' users.users.${localUsername} = {
def switch_to_tty(tty_number): isNormalUser = true;
machine.fail(f"pgrep -f 'agetty.*tty{tty_number}'") password = localPassword;
machine.send_key(f"alt-f{tty_number}") };
machine.wait_until_succeeds(f"[ $(fgconsole) = {tty_number} ]")
machine.wait_for_unit(f"getty@tty{tty_number}.service") security.pam.services.login.makeHomeDir = true;
machine.wait_until_succeeds(f"pgrep -f 'agetty.*tty{tty_number}'")
users.mysql = {
enable = true;
host = "127.0.0.1";
user = dbUser;
database = dbName;
passwordFile = "${builtins.toFile "dbPassword" dbPassword}";
pam = {
table = "users";
userColumn = "name";
passwordColumn = "password";
passwordCrypt = "sha256";
disconnectEveryOperation = true;
};
nss = {
getpwnam = ''
SELECT name, 'x', uid, gid, name, CONCAT('/home/', name), "/run/current-system/sw/bin/bash" \
FROM users \
WHERE name='%1$s' \
LIMIT 1
'';
getpwuid = ''
SELECT name, 'x', uid, gid, name, CONCAT('/home/', name), "/run/current-system/sw/bin/bash" \
FROM users \
WHERE uid=%1$u \
LIMIT 1
'';
getspnam = ''
SELECT name, password, 1, 0, 99999, 7, 0, -1, 0 \
FROM users \
WHERE name='%1$s' \
LIMIT 1
'';
getpwent = ''
SELECT name, 'x', uid, gid, name, CONCAT('/home/', name), "/run/current-system/sw/bin/bash" \
FROM users
'';
getspent = ''
SELECT name, password, 1, 0, 99999, 7, 0, -1, 0 \
FROM users
'';
getgrnam = ''
SELECT name, 'x', gid FROM groups WHERE name='%1$s' LIMIT 1
'';
getgrgid = ''
SELECT name, 'x', gid FROM groups WHERE gid='%1$u' LIMIT 1
'';
getgrent = ''
SELECT name, 'x', gid FROM groups
'';
memsbygid = ''
SELECT name FROM users WHERE gid=%1$u
'';
gidsbymem = ''
SELECT gid FROM users WHERE name='%1$s'
'';
};
};
};
testScript = ''
def switch_to_tty(tty_number):
machine.fail(f"pgrep -f 'agetty.*tty{tty_number}'")
machine.send_key(f"alt-f{tty_number}")
machine.wait_until_succeeds(f"[ $(fgconsole) = {tty_number} ]")
machine.wait_for_unit(f"getty@tty{tty_number}.service")
machine.wait_until_succeeds(f"pgrep -f 'agetty.*tty{tty_number}'")
def try_login(tty_number, username, password): def try_login(tty_number, username, password):
machine.wait_until_tty_matches(tty_number, "login: ") machine.wait_until_tty_matches(tty_number, "login: ")
machine.send_chars(f"{username}\n") machine.send_chars(f"{username}\n")
machine.wait_until_tty_matches(tty_number, f"login: {username}") machine.wait_until_tty_matches(tty_number, f"login: {username}")
machine.wait_until_succeeds("pgrep login") machine.wait_until_succeeds("pgrep login")
machine.wait_until_tty_matches(tty_number, "Password: ") machine.wait_until_tty_matches(tty_number, "Password: ")
machine.send_chars(f"{password}\n") machine.send_chars(f"{password}\n")
machine.wait_for_unit("multi-user.target") machine.wait_for_unit("multi-user.target")
machine.wait_for_unit("mysql.service") machine.wait_for_unit("mysql.service")
machine.wait_until_succeeds("cat /etc/security/pam_mysql.conf | grep users.db_passwd") machine.wait_until_succeeds("cat /etc/security/pam_mysql.conf | grep users.db_passwd")
machine.wait_until_succeeds("pgrep -f 'agetty.*tty1'") machine.wait_until_succeeds("pgrep -f 'agetty.*tty1'")
with subtest("Local login"): with subtest("Local login"):
switch_to_tty("2") switch_to_tty("2")
try_login("2", "${localUsername}", "${localPassword}") try_login("2", "${localUsername}", "${localPassword}")
machine.wait_until_succeeds("pgrep -u ${localUsername} bash") machine.wait_until_succeeds("pgrep -u ${localUsername} bash")
machine.send_chars("id > local_id.txt\n") machine.send_chars("id > local_id.txt\n")
machine.wait_for_file("/home/${localUsername}/local_id.txt") machine.wait_for_file("/home/${localUsername}/local_id.txt")
machine.succeed("cat /home/${localUsername}/local_id.txt | grep 'uid=1000(${localUsername}) gid=100(users) groups=100(users)'") machine.succeed("cat /home/${localUsername}/local_id.txt | grep 'uid=1000(${localUsername}) gid=100(users) groups=100(users)'")
with subtest("Local incorrect login"): with subtest("Local incorrect login"):
switch_to_tty("3") switch_to_tty("3")
try_login("3", "${localUsername}", "wrongpassword") try_login("3", "${localUsername}", "wrongpassword")
machine.wait_until_tty_matches("3", "Login incorrect") machine.wait_until_tty_matches("3", "Login incorrect")
machine.wait_until_tty_matches("3", "login:") machine.wait_until_tty_matches("3", "login:")
with subtest("MySQL login"): with subtest("MySQL login"):
switch_to_tty("4") switch_to_tty("4")
try_login("4", "${mysqlUsername}", "${mysqlPassword}") try_login("4", "${mysqlUsername}", "${mysqlPassword}")
machine.wait_until_succeeds("pgrep -u ${mysqlUsername} bash") machine.wait_until_succeeds("pgrep -u ${mysqlUsername} bash")
machine.send_chars("id > mysql_id.txt\n") machine.send_chars("id > mysql_id.txt\n")
machine.wait_for_file("/home/${mysqlUsername}/mysql_id.txt") machine.wait_for_file("/home/${mysqlUsername}/mysql_id.txt")
machine.succeed("cat /home/${mysqlUsername}/mysql_id.txt | grep 'uid=5000(${mysqlUsername}) gid=5000(${mysqlGroup}) groups=5000(${mysqlGroup})'") machine.succeed("cat /home/${mysqlUsername}/mysql_id.txt | grep 'uid=5000(${mysqlUsername}) gid=5000(${mysqlGroup}) groups=5000(${mysqlGroup})'")
with subtest("MySQL incorrect login"): with subtest("MySQL incorrect login"):
switch_to_tty("5") switch_to_tty("5")
try_login("5", "${mysqlUsername}", "wrongpassword") try_login("5", "${mysqlUsername}", "wrongpassword")
machine.wait_until_tty_matches("5", "Login incorrect") machine.wait_until_tty_matches("5", "Login incorrect")
machine.wait_until_tty_matches("5", "login:") machine.wait_until_tty_matches("5", "login:")
''; '';
} }
)