openldap: use specialisations for tests

This speeds up tests a bit. Also, ensure that mutable config works for manual config dir.
2025-07-13 21:50:33 +03:00 · 2022-06-05 13:47:24 +01:00 · 2022-06-05 13:47:24 +01:00 · ad5acb9b0e
commit ad5acb9b0e
parent fd7d901133
1 changed files with 93 additions and 90 deletions
--- a/nixos/tests/openldap.nix
+++ b/nixos/tests/openldap.nix
@ -1,9 +1,4 @@
-{ pkgs ? (import ../.. { inherit system; config = { }; })
+import ./make-test-python.nix ({ pkgs, ... }: let
 , system ? builtins.currentSystem
 , ...
 }:
 let
  dbContents = ''
    dn: dc=example
    objectClass: domain
@ -13,100 +8,108 @@ let
    objectClass: organizationalUnit
    ou: users
  '';
-  testScript = ''
+
-    machine.wait_for_unit("openldap.service")
+  ldifConfig = ''
-    machine.succeed(
+    dn: cn=config
-        'ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"',
+    cn: config
-    )
+    objectClass: olcGlobal
    olcLogLevel: stats
    dn: cn=schema,cn=config
    cn: schema
    objectClass: olcSchemaConfig
    include: file://${pkgs.openldap}/etc/schema/core.ldif
    include: file://${pkgs.openldap}/etc/schema/cosine.ldif
    include: file://${pkgs.openldap}/etc/schema/inetorgperson.ldif
    dn: olcDatabase={0}config,cn=config
    olcDatabase: {0}config
    objectClass: olcDatabaseConfig
    olcRootDN: cn=root,cn=config
    olcRootPW: configpassword
    dn: olcDatabase={1}mdb,cn=config
    objectClass: olcDatabaseConfig
    objectClass: olcMdbConfig
    olcDatabase: {1}mdb
    olcDbDirectory: /var/db/openldap
    olcDbIndex: objectClass eq
    olcSuffix: dc=example
    olcRootDN: cn=root,dc=example
    olcRootPW: notapassword
  '';
 in {
-  # New-style configuration
+  name = "openldap";
  current = import ./make-test-python.nix ({ pkgs, ... }: {
    inherit testScript;
    name = "openldap";
-    nodes.machine = { pkgs, ... }: {
+  nodes.machine = { pkgs, ... }: {
-      environment.etc."openldap/root_password".text = "notapassword";
+    environment.etc."openldap/root_password".text = "notapassword";
-      services.openldap = {
+    services.openldap = {
-        enable = true;
+      enable = true;
-        urlList = [ "ldapi:///" "ldap://" ];
+      urlList = [ "ldapi:///" "ldap://" ];
-        settings = {
+      settings = {
-          children = {
+        children = {
-            "cn=schema".includes = [
+          "cn=schema".includes = [
-              "${pkgs.openldap}/etc/schema/core.ldif"
+            "${pkgs.openldap}/etc/schema/core.ldif"
-              "${pkgs.openldap}/etc/schema/cosine.ldif"
+            "${pkgs.openldap}/etc/schema/cosine.ldif"
-              "${pkgs.openldap}/etc/schema/inetorgperson.ldif"
+            "${pkgs.openldap}/etc/schema/inetorgperson.ldif"
-              "${pkgs.openldap}/etc/schema/nis.ldif"
+            "${pkgs.openldap}/etc/schema/nis.ldif"
-            ];
+          ];
-            "olcDatabase={1}mdb" = {
+          "olcDatabase={1}mdb" = {
-              # This tests string, base64 and path values, as well as lists of string values
+            # This tests string, base64 and path values, as well as lists of string values
-              attrs = {
+            attrs = {
-                objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
+              objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
-                olcDatabase = "{1}mdb";
+              olcDatabase = "{1}mdb";
-                olcDbDirectory = "/var/lib/openldap/db";
+              olcDbDirectory = "/var/lib/openldap/db";
-                olcSuffix = "dc=example";
+              olcSuffix = "dc=example";
-                olcRootDN = {
+              olcRootDN = {
-                  # cn=root,dc=example
+                # cn=root,dc=example
-                  base64 = "Y249cm9vdCxkYz1leGFtcGxl";
+                base64 = "Y249cm9vdCxkYz1leGFtcGxl";
-                };
+              };
-                olcRootPW = {
+              olcRootPW = {
-                  path = "/etc/openldap/root_password";
+                path = "/etc/openldap/root_password";
                };
              };
            };
          };
        };
        declarativeContents."dc=example" = dbContents;
      };
    };
  }) { inherit pkgs system; };
  # Manually managed configDir, for example if dynamic config is essential
  manualConfigDir = import ./make-test-python.nix ({ pkgs, ... }: {
    name = "openldap";
    nodes.machine = { pkgs, ... }: {
      services.openldap = {
        enable = true;
        configDir = "/var/db/slapd.d";
      };
      declarativeContents."dc=example" = dbContents;
    };
-    testScript = let
+    specialisation = {
-      contents = pkgs.writeText "data.ldif" dbContents;
+      manualConfigDir = {
-      config = pkgs.writeText "config.ldif" ''
+        inheritParentConfig = false;
-        dn: cn=config
+        configuration = { ... }: {
-        cn: config
+          services.openldap = {
-        objectClass: olcGlobal
+            enable = true;
-        olcLogLevel: stats
+            configDir = "/var/db/slapd.d";
-        olcPidFile: /run/slapd/slapd.pid
+          };
        };
      };
    };
  };
  testScript = { nodes, ... }: let
    specializations = "${nodes.machine.config.system.build.toplevel}/specialisation";
    changeRootPw = ''
      dn: olcDatabase={1}mdb,cn=config
      changetype: modify
      replace: olcRootPW
      olcRootPW: foobar
    '';
  in ''
    machine.wait_for_unit("openldap.service")
    machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"')
-        dn: cn=schema,cn=config
+    with subtest("manual config dir"):
        cn: schema
        objectClass: olcSchemaConfig
        include: file://${pkgs.openldap}/etc/schema/core.ldif
        include: file://${pkgs.openldap}/etc/schema/cosine.ldif
        include: file://${pkgs.openldap}/etc/schema/inetorgperson.ldif
        dn: olcDatabase={1}mdb,cn=config
        objectClass: olcDatabaseConfig
        objectClass: olcMdbConfig
        olcDatabase: {1}mdb
        olcDbDirectory: /var/db/openldap
        olcDbIndex: objectClass eq
        olcSuffix: dc=example
        olcRootDN: cn=root,dc=example
        olcRootPW: notapassword
      '';
    in ''
      machine.succeed(
-          "mkdir -p /var/db/slapd.d /var/db/openldap",
+        'mkdir -p /var/db/slapd.d /var/db/openldap',
-          "slapadd -F /var/db/slapd.d -n0 -l ${config}",
+        'slapadd -F /var/db/slapd.d -n0 -l ${pkgs.writeText "config.ldif" ldifConfig}',
-          "slapadd -F /var/db/slapd.d -n1 -l ${contents}",
+        'slapadd -F /var/db/slapd.d -n1 -l ${pkgs.writeText "contents.ldif" dbContents}',
-          "chown -R openldap:openldap /var/db/slapd.d /var/db/openldap",
+        'chown -R openldap:openldap /var/db/slapd.d /var/db/openldap',
-          "systemctl restart openldap",
+        '${specializations}/manualConfigDir/bin/switch-to-configuration test',
      )
-    '' + testScript;
+      machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"')
-  }) { inherit system pkgs; };
+      machine.succeed('ldapmodify -D cn=root,cn=config -w configpassword -f ${pkgs.writeText "rootpw.ldif" changeRootPw}')
-}
+      machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w foobar -b "dc=example"')
  '';
 })