diff options
| author | Izorkin <izorkin@elven.pw> | 2020-05-23 16:44:02 +0300 |
|---|---|---|
| committer | Izorkin <izorkin@elven.pw> | 2020-05-23 16:44:02 +0300 |
| commit | 0342862b9150aae89150f198e53e08ce777a3738 (patch) | |
| tree | 4328377c492e2486ef8a50d0ca4377fd725aa87b | |
| parent | 5653677f0aae73d49d9e0adfc6a843bc7f7ec72d (diff) | |
| download | nixlib-0342862b9150aae89150f198e53e08ce777a3738.tar nixlib-0342862b9150aae89150f198e53e08ce777a3738.tar.gz nixlib-0342862b9150aae89150f198e53e08ce777a3738.tar.bz2 nixlib-0342862b9150aae89150f198e53e08ce777a3738.tar.lz nixlib-0342862b9150aae89150f198e53e08ce777a3738.tar.xz nixlib-0342862b9150aae89150f198e53e08ce777a3738.tar.zst nixlib-0342862b9150aae89150f198e53e08ce777a3738.zip | |
nixos/tests/mysql80: add check with unix auth
| -rw-r--r-- | nixos/tests/mysql/mysql.nix | 44 |
1 files changed, 37 insertions, 7 deletions
diff --git a/nixos/tests/mysql/mysql.nix b/nixos/tests/mysql/mysql.nix index 5379998b6b02..50e1c76e9fd0 100644 --- a/nixos/tests/mysql/mysql.nix +++ b/nixos/tests/mysql/mysql.nix @@ -44,16 +44,30 @@ import ./../make-test-python.nix ({ pkgs, ...} : { # Kernel panic - not syncing: Out of memory: compulsory panic_on_oom is enabled virtualisation.memorySize = 1024; + users.users.testuser = { }; + users.users.testuser2 = { }; services.mysql.enable = true; services.mysql.initialDatabases = [ - { name = "testdb"; schema = ./testdb.sql; } - { name = "empty_testdb"; } + { name = "testdb3"; schema = ./testdb.sql; } ]; # note that using pkgs.writeText here is generally not a good idea, # as it will store the password in world-readable /nix/store ;) services.mysql.initialScript = pkgs.writeText "mysql-init.sql" '' - CREATE USER 'passworduser'@'localhost' IDENTIFIED BY 'password123'; + CREATE USER 'testuser3'@'localhost' IDENTIFIED BY 'secure'; + GRANT ALL PRIVILEGES ON testdb3.* TO 'testuser3'@'localhost'; ''; + services.mysql.ensureDatabases = [ "testdb" "testdb2" ]; + services.mysql.ensureUsers = [{ + name = "testuser"; + ensurePermissions = { + "testdb.*" = "ALL PRIVILEGES"; + }; + } { + name = "testuser2"; + ensurePermissions = { + "testdb2.*" = "ALL PRIVILEGES"; + }; + }]; services.mysql.package = pkgs.mysql80; }; @@ -118,10 +132,26 @@ import ./../make-test-python.nix ({ pkgs, ...} : { ) mysql80.wait_for_unit("mysql") - mysql80.succeed("echo 'use empty_testdb;' | mysql -u root") - mysql80.succeed("echo 'use testdb; select * from tests;' | mysql -u root -N | grep 4") - # ';' acts as no-op, just check whether login succeeds with the user created from the initialScript - mysql80.succeed("echo ';' | mysql -u passworduser --password=password123") + mysql80.succeed( + "echo 'use testdb; create table tests (test_id INT, PRIMARY KEY (test_id));' | sudo -u testuser mysql -u testuser" + ) + mysql80.succeed( + "echo 'use testdb; insert into tests values (41);' | sudo -u testuser mysql -u testuser" + ) + # Ensure testuser2 is not able to insert into testdb as mysql testuser2 + mysql80.fail( + "echo 'use testdb; insert into tests values (22);' | sudo -u testuser2 mysql -u testuser2" + ) + # Ensure testuser2 is not able to authenticate as mysql testuser + mysql80.fail( + "echo 'use testdb; insert into tests values (22);' | sudo -u testuser2 mysql -u testuser" + ) + mysql80.succeed( + "echo 'use testdb; select test_id from tests;' | sudo -u testuser mysql -u testuser -N | grep 41" + ) + mysql80.succeed( + "echo 'use testdb3; select * from tests;' | mysql -u testuser3 --password=secure -N | grep 4" + ) mariadb.wait_for_unit("mysql") mariadb.succeed( |