From 3f2541bbb161ed1117cf2c0ee84f2de8046ce180 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Thu, 13 Mar 2025 23:45:17 +0100 Subject: [PATCH] nixosTests.auth-mysql: migrate to runTest Part Of #386873 --- nixos/tests/all-tests.nix | 2 +- nixos/tests/auth-mysql.nix | 314 ++++++++++++++++++------------------- 2 files changed, 157 insertions(+), 159 deletions(-) diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 34fd7b62d25f..4eccb9f67639 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -183,7 +183,7 @@ in { atticd = runTest ./atticd.nix; atuin = runTest ./atuin.nix; audiobookshelf = runTest ./audiobookshelf.nix; - auth-mysql = handleTest ./auth-mysql.nix {}; + auth-mysql = runTest ./auth-mysql.nix; authelia = handleTest ./authelia.nix {}; auto-cpufreq = handleTest ./auto-cpufreq.nix {}; autobrr = handleTest ./autobrr.nix {}; diff --git a/nixos/tests/auth-mysql.nix b/nixos/tests/auth-mysql.nix index 0a4d8f577fc7..7009f063afea 100644 --- a/nixos/tests/auth-mysql.nix +++ b/nixos/tests/auth-mysql.nix @@ -1,180 +1,178 @@ -import ./make-test-python.nix ( - { pkgs, lib, ... }: +{ pkgs, lib, ... }: - let - dbUser = "nixos_auth"; - dbPassword = "topsecret123"; - dbName = "auth"; +let + dbUser = "nixos_auth"; + dbPassword = "topsecret123"; + dbName = "auth"; - mysqlUsername = "mysqltest"; - mysqlPassword = "topsecretmysqluserpassword123"; - mysqlGroup = "mysqlusers"; + mysqlUsername = "mysqltest"; + mysqlPassword = "topsecretmysqluserpassword123"; + mysqlGroup = "mysqlusers"; - localUsername = "localtest"; - localPassword = "topsecretlocaluserpassword123"; + localUsername = "localtest"; + localPassword = "topsecretlocaluserpassword123"; - mysqlInit = pkgs.writeText "mysqlInit" '' - CREATE USER '${dbUser}'@'localhost' IDENTIFIED BY '${dbPassword}'; - CREATE DATABASE ${dbName}; - GRANT ALL PRIVILEGES ON ${dbName}.* TO '${dbUser}'@'localhost'; - FLUSH PRIVILEGES; + mysqlInit = pkgs.writeText "mysqlInit" '' + CREATE USER '${dbUser}'@'localhost' IDENTIFIED BY '${dbPassword}'; + CREATE DATABASE ${dbName}; + GRANT ALL PRIVILEGES ON ${dbName}.* TO '${dbUser}'@'localhost'; + FLUSH PRIVILEGES; - USE ${dbName}; - CREATE TABLE `groups` ( - rowid int(11) NOT NULL auto_increment, - gid int(11) NOT NULL, - name char(255) NOT NULL, - PRIMARY KEY (rowid) - ); + USE ${dbName}; + CREATE TABLE `groups` ( + rowid int(11) NOT NULL auto_increment, + gid int(11) NOT NULL, + name char(255) NOT NULL, + PRIMARY KEY (rowid) + ); - CREATE TABLE `users` ( - name varchar(255) NOT NULL, - uid int(11) NOT NULL auto_increment, - gid int(11) NOT NULL, - password varchar(255) NOT NULL, - PRIMARY KEY (uid), - UNIQUE (name) - ) AUTO_INCREMENT=5000; + CREATE TABLE `users` ( + name varchar(255) NOT NULL, + uid int(11) NOT NULL auto_increment, + gid int(11) NOT NULL, + password varchar(255) NOT NULL, + PRIMARY KEY (uid), + UNIQUE (name) + ) AUTO_INCREMENT=5000; - INSERT INTO `users` (name, uid, gid, password) VALUES - ('${mysqlUsername}', 5000, 5000, SHA2('${mysqlPassword}', 256)); - INSERT INTO `groups` (name, gid) VALUES ('${mysqlGroup}', 5000); - ''; - in - { - name = "auth-mysql"; - meta.maintainers = with lib.maintainers; [ netali ]; + INSERT INTO `users` (name, uid, gid, password) VALUES + ('${mysqlUsername}', 5000, 5000, SHA2('${mysqlPassword}', 256)); + INSERT INTO `groups` (name, gid) VALUES ('${mysqlGroup}', 5000); + ''; +in +{ + name = "auth-mysql"; + meta.maintainers = with lib.maintainers; [ netali ]; - nodes.machine = - { ... }: - { - services.mysql = { - enable = true; - package = pkgs.mariadb; - settings.mysqld.bind-address = "127.0.0.1"; - initialScript = mysqlInit; - }; - - users.users.${localUsername} = { - isNormalUser = true; - password = localPassword; - }; - - security.pam.services.login.makeHomeDir = true; - - users.mysql = { - enable = true; - host = "127.0.0.1"; - user = dbUser; - database = dbName; - passwordFile = "${builtins.toFile "dbPassword" dbPassword}"; - pam = { - table = "users"; - userColumn = "name"; - passwordColumn = "password"; - passwordCrypt = "sha256"; - disconnectEveryOperation = true; - }; - nss = { - getpwnam = '' - SELECT name, 'x', uid, gid, name, CONCAT('/home/', name), "/run/current-system/sw/bin/bash" \ - FROM users \ - WHERE name='%1$s' \ - LIMIT 1 - ''; - getpwuid = '' - SELECT name, 'x', uid, gid, name, CONCAT('/home/', name), "/run/current-system/sw/bin/bash" \ - FROM users \ - WHERE uid=%1$u \ - LIMIT 1 - ''; - getspnam = '' - SELECT name, password, 1, 0, 99999, 7, 0, -1, 0 \ - FROM users \ - WHERE name='%1$s' \ - LIMIT 1 - ''; - getpwent = '' - SELECT name, 'x', uid, gid, name, CONCAT('/home/', name), "/run/current-system/sw/bin/bash" \ - FROM users - ''; - getspent = '' - SELECT name, password, 1, 0, 99999, 7, 0, -1, 0 \ - FROM users - ''; - getgrnam = '' - SELECT name, 'x', gid FROM groups WHERE name='%1$s' LIMIT 1 - ''; - getgrgid = '' - SELECT name, 'x', gid FROM groups WHERE gid='%1$u' LIMIT 1 - ''; - getgrent = '' - SELECT name, 'x', gid FROM groups - ''; - memsbygid = '' - SELECT name FROM users WHERE gid=%1$u - ''; - gidsbymem = '' - SELECT gid FROM users WHERE name='%1$s' - ''; - }; - }; + nodes.machine = + { ... }: + { + services.mysql = { + enable = true; + package = pkgs.mariadb; + settings.mysqld.bind-address = "127.0.0.1"; + initialScript = mysqlInit; }; - testScript = '' - def switch_to_tty(tty_number): - machine.fail(f"pgrep -f 'agetty.*tty{tty_number}'") - machine.send_key(f"alt-f{tty_number}") - machine.wait_until_succeeds(f"[ $(fgconsole) = {tty_number} ]") - machine.wait_for_unit(f"getty@tty{tty_number}.service") - machine.wait_until_succeeds(f"pgrep -f 'agetty.*tty{tty_number}'") + users.users.${localUsername} = { + isNormalUser = true; + password = localPassword; + }; + + security.pam.services.login.makeHomeDir = true; + + users.mysql = { + enable = true; + host = "127.0.0.1"; + user = dbUser; + database = dbName; + passwordFile = "${builtins.toFile "dbPassword" dbPassword}"; + pam = { + table = "users"; + userColumn = "name"; + passwordColumn = "password"; + passwordCrypt = "sha256"; + disconnectEveryOperation = true; + }; + nss = { + getpwnam = '' + SELECT name, 'x', uid, gid, name, CONCAT('/home/', name), "/run/current-system/sw/bin/bash" \ + FROM users \ + WHERE name='%1$s' \ + LIMIT 1 + ''; + getpwuid = '' + SELECT name, 'x', uid, gid, name, CONCAT('/home/', name), "/run/current-system/sw/bin/bash" \ + FROM users \ + WHERE uid=%1$u \ + LIMIT 1 + ''; + getspnam = '' + SELECT name, password, 1, 0, 99999, 7, 0, -1, 0 \ + FROM users \ + WHERE name='%1$s' \ + LIMIT 1 + ''; + getpwent = '' + SELECT name, 'x', uid, gid, name, CONCAT('/home/', name), "/run/current-system/sw/bin/bash" \ + FROM users + ''; + getspent = '' + SELECT name, password, 1, 0, 99999, 7, 0, -1, 0 \ + FROM users + ''; + getgrnam = '' + SELECT name, 'x', gid FROM groups WHERE name='%1$s' LIMIT 1 + ''; + getgrgid = '' + SELECT name, 'x', gid FROM groups WHERE gid='%1$u' LIMIT 1 + ''; + getgrent = '' + SELECT name, 'x', gid FROM groups + ''; + memsbygid = '' + SELECT name FROM users WHERE gid=%1$u + ''; + gidsbymem = '' + SELECT gid FROM users WHERE name='%1$s' + ''; + }; + }; + }; + + testScript = '' + def switch_to_tty(tty_number): + machine.fail(f"pgrep -f 'agetty.*tty{tty_number}'") + machine.send_key(f"alt-f{tty_number}") + machine.wait_until_succeeds(f"[ $(fgconsole) = {tty_number} ]") + machine.wait_for_unit(f"getty@tty{tty_number}.service") + machine.wait_until_succeeds(f"pgrep -f 'agetty.*tty{tty_number}'") - def try_login(tty_number, username, password): - machine.wait_until_tty_matches(tty_number, "login: ") - machine.send_chars(f"{username}\n") - machine.wait_until_tty_matches(tty_number, f"login: {username}") - machine.wait_until_succeeds("pgrep login") - machine.wait_until_tty_matches(tty_number, "Password: ") - machine.send_chars(f"{password}\n") + def try_login(tty_number, username, password): + machine.wait_until_tty_matches(tty_number, "login: ") + machine.send_chars(f"{username}\n") + machine.wait_until_tty_matches(tty_number, f"login: {username}") + machine.wait_until_succeeds("pgrep login") + machine.wait_until_tty_matches(tty_number, "Password: ") + machine.send_chars(f"{password}\n") - machine.wait_for_unit("multi-user.target") - machine.wait_for_unit("mysql.service") - machine.wait_until_succeeds("cat /etc/security/pam_mysql.conf | grep users.db_passwd") - machine.wait_until_succeeds("pgrep -f 'agetty.*tty1'") + machine.wait_for_unit("multi-user.target") + machine.wait_for_unit("mysql.service") + machine.wait_until_succeeds("cat /etc/security/pam_mysql.conf | grep users.db_passwd") + machine.wait_until_succeeds("pgrep -f 'agetty.*tty1'") - with subtest("Local login"): - switch_to_tty("2") - try_login("2", "${localUsername}", "${localPassword}") + with subtest("Local login"): + switch_to_tty("2") + try_login("2", "${localUsername}", "${localPassword}") - machine.wait_until_succeeds("pgrep -u ${localUsername} bash") - machine.send_chars("id > local_id.txt\n") - machine.wait_for_file("/home/${localUsername}/local_id.txt") - machine.succeed("cat /home/${localUsername}/local_id.txt | grep 'uid=1000(${localUsername}) gid=100(users) groups=100(users)'") + machine.wait_until_succeeds("pgrep -u ${localUsername} bash") + machine.send_chars("id > local_id.txt\n") + machine.wait_for_file("/home/${localUsername}/local_id.txt") + machine.succeed("cat /home/${localUsername}/local_id.txt | grep 'uid=1000(${localUsername}) gid=100(users) groups=100(users)'") - with subtest("Local incorrect login"): - switch_to_tty("3") - try_login("3", "${localUsername}", "wrongpassword") + with subtest("Local incorrect login"): + switch_to_tty("3") + try_login("3", "${localUsername}", "wrongpassword") - machine.wait_until_tty_matches("3", "Login incorrect") - machine.wait_until_tty_matches("3", "login:") + machine.wait_until_tty_matches("3", "Login incorrect") + machine.wait_until_tty_matches("3", "login:") - with subtest("MySQL login"): - switch_to_tty("4") - try_login("4", "${mysqlUsername}", "${mysqlPassword}") + with subtest("MySQL login"): + switch_to_tty("4") + try_login("4", "${mysqlUsername}", "${mysqlPassword}") - machine.wait_until_succeeds("pgrep -u ${mysqlUsername} bash") - machine.send_chars("id > mysql_id.txt\n") - machine.wait_for_file("/home/${mysqlUsername}/mysql_id.txt") - machine.succeed("cat /home/${mysqlUsername}/mysql_id.txt | grep 'uid=5000(${mysqlUsername}) gid=5000(${mysqlGroup}) groups=5000(${mysqlGroup})'") + machine.wait_until_succeeds("pgrep -u ${mysqlUsername} bash") + machine.send_chars("id > mysql_id.txt\n") + machine.wait_for_file("/home/${mysqlUsername}/mysql_id.txt") + machine.succeed("cat /home/${mysqlUsername}/mysql_id.txt | grep 'uid=5000(${mysqlUsername}) gid=5000(${mysqlGroup}) groups=5000(${mysqlGroup})'") - with subtest("MySQL incorrect login"): - switch_to_tty("5") - try_login("5", "${mysqlUsername}", "wrongpassword") + with subtest("MySQL incorrect login"): + switch_to_tty("5") + try_login("5", "${mysqlUsername}", "wrongpassword") - machine.wait_until_tty_matches("5", "Login incorrect") - machine.wait_until_tty_matches("5", "login:") - ''; - } -) + machine.wait_until_tty_matches("5", "Login incorrect") + machine.wait_until_tty_matches("5", "login:") + ''; +}