diff options
Diffstat (limited to 'nixos/tests')
-rw-r--r-- | nixos/tests/krb5/default.nix | 5 | ||||
-rw-r--r-- | nixos/tests/krb5/deprecated-config.nix | 48 | ||||
-rw-r--r-- | nixos/tests/krb5/example-config.nix | 106 | ||||
-rw-r--r-- | nixos/tests/pgjwt.nix | 51 |
4 files changed, 182 insertions, 28 deletions
diff --git a/nixos/tests/krb5/default.nix b/nixos/tests/krb5/default.nix new file mode 100644 index 000000000000..dd5b2f37202e --- /dev/null +++ b/nixos/tests/krb5/default.nix @@ -0,0 +1,5 @@ +{ system ? builtins.currentSystem }: +{ + example-config = import ./example-config.nix { inherit system; }; + deprecated-config = import ./deprecated-config.nix { inherit system; }; +} diff --git a/nixos/tests/krb5/deprecated-config.nix b/nixos/tests/krb5/deprecated-config.nix new file mode 100644 index 000000000000..980b3e762dc6 --- /dev/null +++ b/nixos/tests/krb5/deprecated-config.nix @@ -0,0 +1,48 @@ +# Verifies that the configuration suggested in deprecated example values +# will result in the expected output. + +import ../make-test.nix ({ pkgs, ...} : { + name = "krb5-with-deprecated-config"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ eqyiel ]; + }; + + machine = + { config, pkgs, ... }: { + krb5 = { + enable = true; + defaultRealm = "ATHENA.MIT.EDU"; + domainRealm = "athena.mit.edu"; + kdc = "kerberos.mit.edu"; + kerberosAdminServer = "kerberos.mit.edu"; + }; + }; + + testScript = + let snapshot = pkgs.writeText "krb5-with-deprecated-config.conf" '' + [libdefaults] + default_realm = ATHENA.MIT.EDU + + [realms] + ATHENA.MIT.EDU = { + admin_server = kerberos.mit.edu + kdc = kerberos.mit.edu + } + + [domain_realm] + .athena.mit.edu = ATHENA.MIT.EDU + athena.mit.edu = ATHENA.MIT.EDU + + [capaths] + + + [appdefaults] + + + [plugins] + + ''; + in '' + $machine->succeed("diff /etc/krb5.conf ${snapshot}"); + ''; +}) diff --git a/nixos/tests/krb5/example-config.nix b/nixos/tests/krb5/example-config.nix new file mode 100644 index 000000000000..d5328720931e --- /dev/null +++ b/nixos/tests/krb5/example-config.nix @@ -0,0 +1,106 @@ +# Verifies that the configuration suggested in (non-deprecated) example values +# will result in the expected output. + +import ../make-test.nix ({ pkgs, ...} : { + name = "krb5-with-example-config"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ eqyiel ]; + }; + + machine = + { config, pkgs, ... }: { + krb5 = { + enable = true; + kerberos = pkgs.krb5Full; + libdefaults = { + default_realm = "ATHENA.MIT.EDU"; + }; + realms = { + "ATHENA.MIT.EDU" = { + admin_server = "athena.mit.edu"; + kdc = "athena.mit.edu"; + }; + }; + domain_realm = { + "example.com" = "EXAMPLE.COM"; + ".example.com" = "EXAMPLE.COM"; + }; + capaths = { + "ATHENA.MIT.EDU" = { + "EXAMPLE.COM" = "."; + }; + "EXAMPLE.COM" = { + "ATHENA.MIT.EDU" = "."; + }; + }; + appdefaults = { + pam = { + debug = false; + ticket_lifetime = 36000; + renew_lifetime = 36000; + max_timeout = 30; + timeout_shift = 2; + initial_timeout = 1; + }; + }; + plugins = { + ccselect = { + disable = "k5identity"; + }; + }; + extraConfig = '' + [logging] + kdc = SYSLOG:NOTICE + admin_server = SYSLOG:NOTICE + default = SYSLOG:NOTICE + ''; + }; + }; + + testScript = + let snapshot = pkgs.writeText "krb5-with-example-config.conf" '' + [libdefaults] + default_realm = ATHENA.MIT.EDU + + [realms] + ATHENA.MIT.EDU = { + admin_server = athena.mit.edu + kdc = athena.mit.edu + } + + [domain_realm] + .example.com = EXAMPLE.COM + example.com = EXAMPLE.COM + + [capaths] + ATHENA.MIT.EDU = { + EXAMPLE.COM = . + } + EXAMPLE.COM = { + ATHENA.MIT.EDU = . + } + + [appdefaults] + pam = { + debug = false + initial_timeout = 1 + max_timeout = 30 + renew_lifetime = 36000 + ticket_lifetime = 36000 + timeout_shift = 2 + } + + [plugins] + ccselect = { + disable = k5identity + } + + [logging] + kdc = SYSLOG:NOTICE + admin_server = SYSLOG:NOTICE + default = SYSLOG:NOTICE + ''; + in '' + $machine->succeed("diff /etc/krb5.conf ${snapshot}"); + ''; +}) diff --git a/nixos/tests/pgjwt.nix b/nixos/tests/pgjwt.nix index 2cf2963ae316..d186c42a2a98 100644 --- a/nixos/tests/pgjwt.nix +++ b/nixos/tests/pgjwt.nix @@ -1,42 +1,37 @@ -import ./make-test.nix ({ pkgs, ...} : +import ./make-test.nix ({ pkgs, lib, ...}: let - test = pkgs.writeText "test.sql" '' - CREATE EXTENSION pgcrypto; - CREATE EXTENSION pgjwt; - select sign('{"sub":"1234567890","name":"John Doe","admin":true}', 'secret'); - select * from verify('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ', 'secret'); + test = with pkgs; runCommand "patch-test" { + nativeBuildInputs = [ pgjwt ]; + } + '' + sed -e '12 i CREATE EXTENSION pgcrypto;\nCREATE EXTENSION pgtap;\nSET search_path TO tap,public;' ${pgjwt.src}/test.sql > $out; ''; in -{ +with pkgs; { name = "pgjwt"; - meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ spinus ]; + meta = with lib.maintainers; { + maintainers = [ spinus willibutz ]; }; nodes = { - master = - { pkgs, config, ... }: - - { - services.postgresql = let mypg = pkgs.postgresql95; in { - enable = true; - package = mypg; - extraPlugins =[pkgs.pgjwt]; - initialScript = pkgs.writeText "postgresql-init.sql" - '' - CREATE ROLE postgres WITH superuser login createdb; - ''; - }; + master = { pkgs, config, ... }: + { + services.postgresql = { + enable = true; + extraPlugins = [ pgjwt pgtap ]; }; + }; }; - testScript = '' + testScript = { nodes, ... }: + let + sqlSU = "${nodes.master.config.services.postgresql.superUser}"; + pgProve = "${pkgs.perlPackages.TAPParserSourceHandlerpgTAP}"; + in + '' startAll; $master->waitForUnit("postgresql"); - $master->succeed("timeout 10 bash -c 'while ! psql postgres -c \"SELECT 1;\";do sleep 1;done;'"); - $master->succeed("cat ${test} | psql postgres"); - # I can't make original test working :[ - # $master->succeed("${pkgs.perlPackages.TAPParserSourceHandlerpgTAP}/bin/pg_prove -d postgres ${pkgs.pgjwt.src}/test.sql"); - + $master->copyFileFromHost("${test}","/tmp/test.sql"); + $master->succeed("${pkgs.sudo}/bin/sudo -u ${sqlSU} PGOPTIONS=--search_path=tap,public ${pgProve}/bin/pg_prove -d postgres -v -f /tmp/test.sql"); ''; }) |