nixpkgs/nixos/tests/openldap.nix

{ pkgs ? (import ../.. { inherit system; config = { }; })
, system ? builtins.currentSystem
, ...
}:

let
  dbContents = ''
    dn: dc=example
    objectClass: domain
    dc: example

    dn: ou=users,dc=example
    objectClass: organizationalUnit
    ou: users
  '';
  testScript = ''
    machine.wait_for_unit("openldap.service")
    machine.succeed(
        'ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"',
    )
  '';
in {
  # New-style configuration
  current = import ./make-test-python.nix ({ pkgs, ... }: {
    inherit testScript;
    name = "openldap";

    machine = { pkgs, ... }: {
      environment.etc."openldap/root_password".text = "notapassword";
      services.openldap = {
        enable = true;
        settings = {
          children = {
            "cn=schema".includes = [
              "${pkgs.openldap}/etc/schema/core.ldif"
              "${pkgs.openldap}/etc/schema/cosine.ldif"
              "${pkgs.openldap}/etc/schema/inetorgperson.ldif"
              "${pkgs.openldap}/etc/schema/nis.ldif"
            ];
            "olcDatabase={1}mdb" = {
              # This tests string, base64 and path values, as well as lists of string values
              attrs = {
                objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
                olcDatabase = "{1}mdb";
                olcDbDirectory = "/var/db/openldap";
                olcSuffix = "dc=example";
                olcRootDN = {
                  # cn=root,dc=example
                  base64 = "Y249cm9vdCxkYz1leGFtcGxl";
                };
                olcRootPW = {
                  path = "/etc/openldap/root_password";
                };
              };
            };
          };
        };
        declarativeContents."dc=example" = dbContents;
      };
    };
  }) { inherit pkgs system; };

  # Old-style configuration
  oldOptions = import ./make-test-python.nix ({ pkgs, ... }: {
    inherit testScript;
    name = "openldap";

    machine = { pkgs, ... }: {
      services.openldap = {
        enable = true;
        logLevel = "stats acl";
        defaultSchemas = true;
        database = "mdb";
        suffix = "dc=example";
        rootdn = "cn=root,dc=example";
        rootpw = "notapassword";
        declarativeContents."dc=example" = dbContents;
      };
    };
  }) { inherit system pkgs; };

  # Manually managed configDir, for example if dynamic config is essential
  manualConfigDir = import ./make-test-python.nix ({ pkgs, ... }: {
    name = "openldap";

    machine = { pkgs, ... }: {
      services.openldap = {
        enable = true;
        configDir = "/var/db/slapd.d";
      };
    };

    testScript = let
      contents = pkgs.writeText "data.ldif" dbContents;
      config = pkgs.writeText "config.ldif" ''
        dn: cn=config
        cn: config
        objectClass: olcGlobal
        olcLogLevel: stats
        olcPidFile: /run/slapd/slapd.pid

        dn: cn=schema,cn=config
        cn: schema
        objectClass: olcSchemaConfig

        include: file://${pkgs.openldap}/etc/schema/core.ldif
        include: file://${pkgs.openldap}/etc/schema/cosine.ldif
        include: file://${pkgs.openldap}/etc/schema/inetorgperson.ldif

        dn: olcDatabase={1}mdb,cn=config
        objectClass: olcDatabaseConfig
        objectClass: olcMdbConfig
        olcDatabase: {1}mdb
        olcDbDirectory: /var/db/openldap
        olcDbIndex: objectClass eq
        olcSuffix: dc=example
        olcRootDN: cn=root,dc=example
        olcRootPW: notapassword
      '';
    in ''
      machine.succeed(
          "mkdir -p /var/db/slapd.d /var/db/openldap",
          "slapadd -F /var/db/slapd.d -n0 -l ${config}",
          "slapadd -F /var/db/slapd.d -n1 -l ${contents}",
          "chown -R openldap:openldap /var/db/slapd.d /var/db/openldap",
          "systemctl restart openldap",
      )
    '' + testScript;
  }) { inherit system pkgs; };
}
nixos/tests/openldap: make openldap test auto-callable The NixOS manual documents that you can invoke every tests using nix-build path/to/nixos/tests/test.nix which was not the case for openldap since it is not autocallable, but requires pkgs and system as arguments. Usually, make-test-pythons.nix takes care of this if it is imported at the top-level, but since openldap.nix contains multiple tests, this was not the case. This is however easily fixed by: * Adding default values for the pkgs and system arguments based on the definition in make-test-python.nix * Passing pkgs and system explicitly to make-test-python.nix to ensure the pkgs and system values passed from all-tests.nix are used. 2021-02-18 12:56:58 +01:00			`{ pkgs ? (import ../.. { inherit system; config = { }; })`
			`, system ? builtins.currentSystem`
			`, ...`
			`}:`

			`let`
nixos/openldap: Allow declarativeContents for multiple databases 2020-08-24 00:07:24 +01:00			`dbContents = ''`
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00			`dn: dc=example`
			`objectClass: domain`
			`dc: example`
nixos/openldap: add test 2018-03-03 18:53:16 +00:00
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00			`dn: ou=users,dc=example`
			`objectClass: organizationalUnit`
			`ou: users`
			`'';`
nixos/openldap: add test 2018-03-03 18:53:16 +00:00			`testScript = ''`
nixosTests.openldap: port test to python 2019-12-02 21:41:58 +01:00			`machine.wait_for_unit("openldap.service")`
			`machine.succeed(`
			`'ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"',`
			`)`
nixos/openldap: add test 2018-03-03 18:53:16 +00:00			`'';`
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00			`in {`
			`# New-style configuration`
nixos/tests/openldap: make openldap test auto-callable The NixOS manual documents that you can invoke every tests using nix-build path/to/nixos/tests/test.nix which was not the case for openldap since it is not autocallable, but requires pkgs and system as arguments. Usually, make-test-pythons.nix takes care of this if it is imported at the top-level, but since openldap.nix contains multiple tests, this was not the case. This is however easily fixed by: * Adding default values for the pkgs and system arguments based on the definition in make-test-python.nix * Passing pkgs and system explicitly to make-test-python.nix to ensure the pkgs and system values passed from all-tests.nix are used. 2021-02-18 12:56:58 +01:00			`current = import ./make-test-python.nix ({ pkgs, ... }: {`
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00			`inherit testScript;`
			`name = "openldap";`

			`machine = { pkgs, ... }: {`
nixos/openldap: fix path + base64 value types 2020-09-27 18:03:40 +01:00			`environment.etc."openldap/root_password".text = "notapassword";`
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00			`services.openldap = {`
			`enable = true;`
			`settings = {`
			`children = {`
nixos/openldap: migrate sssd-ldap to new settings 2020-09-27 23:23:31 +01:00			`"cn=schema".includes = [`
			`"${pkgs.openldap}/etc/schema/core.ldif"`
			`"${pkgs.openldap}/etc/schema/cosine.ldif"`
			`"${pkgs.openldap}/etc/schema/inetorgperson.ldif"`
			`"${pkgs.openldap}/etc/schema/nis.ldif"`
			`];`
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00			`"olcDatabase={1}mdb" = {`
nixos/openldap: fix path + base64 value types 2020-09-27 18:03:40 +01:00			`# This tests string, base64 and path values, as well as lists of string values`
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00			`attrs = {`
			`objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];`
			`olcDatabase = "{1}mdb";`
			`olcDbDirectory = "/var/db/openldap";`
			`olcSuffix = "dc=example";`
nixos/openldap: fix path + base64 value types 2020-09-27 18:03:40 +01:00			`olcRootDN = {`
			`# cn=root,dc=example`
			`base64 = "Y249cm9vdCxkYz1leGFtcGxl";`
			`};`
			`olcRootPW = {`
			`path = "/etc/openldap/root_password";`
			`};`
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00			`};`
			`};`
			`};`
			`};`
nixos/openldap: Allow declarativeContents for multiple databases 2020-08-24 00:07:24 +01:00			`declarativeContents."dc=example" = dbContents;`
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00			`};`
			`};`
nixos/tests/openldap: make openldap test auto-callable The NixOS manual documents that you can invoke every tests using nix-build path/to/nixos/tests/test.nix which was not the case for openldap since it is not autocallable, but requires pkgs and system as arguments. Usually, make-test-pythons.nix takes care of this if it is imported at the top-level, but since openldap.nix contains multiple tests, this was not the case. This is however easily fixed by: * Adding default values for the pkgs and system arguments based on the definition in make-test-python.nix * Passing pkgs and system explicitly to make-test-python.nix to ensure the pkgs and system values passed from all-tests.nix are used. 2021-02-18 12:56:58 +01:00			`}) { inherit pkgs system; };`
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00
			`# Old-style configuration`
nixos/tests/openldap: make openldap test auto-callable The NixOS manual documents that you can invoke every tests using nix-build path/to/nixos/tests/test.nix which was not the case for openldap since it is not autocallable, but requires pkgs and system as arguments. Usually, make-test-pythons.nix takes care of this if it is imported at the top-level, but since openldap.nix contains multiple tests, this was not the case. This is however easily fixed by: * Adding default values for the pkgs and system arguments based on the definition in make-test-python.nix * Passing pkgs and system explicitly to make-test-python.nix to ensure the pkgs and system values passed from all-tests.nix are used. 2021-02-18 12:56:58 +01:00			`oldOptions = import ./make-test-python.nix ({ pkgs, ... }: {`
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00			`inherit testScript;`
			`name = "openldap";`

			`machine = { pkgs, ... }: {`
			`services.openldap = {`
			`enable = true;`
nixos/openldap: use mkRenamedOptionModule This offers less helpful warnings, but makes the implementation considerably more straightforward. 2020-09-27 21:50:25 +01:00			`logLevel = "stats acl";`
			`defaultSchemas = true;`
			`database = "mdb";`
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00			`suffix = "dc=example";`
			`rootdn = "cn=root,dc=example";`
			`rootpw = "notapassword";`
nixos/openldap: use mkRenamedOptionModule This offers less helpful warnings, but makes the implementation considerably more straightforward. 2020-09-27 21:50:25 +01:00			`declarativeContents."dc=example" = dbContents;`
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00			`};`
			`};`
nixos/tests/openldap: make openldap test auto-callable The NixOS manual documents that you can invoke every tests using nix-build path/to/nixos/tests/test.nix which was not the case for openldap since it is not autocallable, but requires pkgs and system as arguments. Usually, make-test-pythons.nix takes care of this if it is imported at the top-level, but since openldap.nix contains multiple tests, this was not the case. This is however easily fixed by: * Adding default values for the pkgs and system arguments based on the definition in make-test-python.nix * Passing pkgs and system explicitly to make-test-python.nix to ensure the pkgs and system values passed from all-tests.nix are used. 2021-02-18 12:56:58 +01:00			`}) { inherit system pkgs; };`
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00
			`# Manually managed configDir, for example if dynamic config is essential`
nixos/tests/openldap: make openldap test auto-callable The NixOS manual documents that you can invoke every tests using nix-build path/to/nixos/tests/test.nix which was not the case for openldap since it is not autocallable, but requires pkgs and system as arguments. Usually, make-test-pythons.nix takes care of this if it is imported at the top-level, but since openldap.nix contains multiple tests, this was not the case. This is however easily fixed by: * Adding default values for the pkgs and system arguments based on the definition in make-test-python.nix * Passing pkgs and system explicitly to make-test-python.nix to ensure the pkgs and system values passed from all-tests.nix are used. 2021-02-18 12:56:58 +01:00			`manualConfigDir = import ./make-test-python.nix ({ pkgs, ... }: {`
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00			`name = "openldap";`

			`machine = { pkgs, ... }: {`
			`services.openldap = {`
			`enable = true;`
			`configDir = "/var/db/slapd.d";`
			`};`
			`};`

			`testScript = let`
nixos/openldap: Allow declarativeContents for multiple databases 2020-08-24 00:07:24 +01:00			`contents = pkgs.writeText "data.ldif" dbContents;`
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00			`config = pkgs.writeText "config.ldif" ''`
			`dn: cn=config`
			`cn: config`
			`objectClass: olcGlobal`
			`olcLogLevel: stats`
			`olcPidFile: /run/slapd/slapd.pid`

			`dn: cn=schema,cn=config`
			`cn: schema`
			`objectClass: olcSchemaConfig`

			`include: file://${pkgs.openldap}/etc/schema/core.ldif`
			`include: file://${pkgs.openldap}/etc/schema/cosine.ldif`
			`include: file://${pkgs.openldap}/etc/schema/inetorgperson.ldif`

			`dn: olcDatabase={1}mdb,cn=config`
			`objectClass: olcDatabaseConfig`
			`objectClass: olcMdbConfig`
			`olcDatabase: {1}mdb`
			`olcDbDirectory: /var/db/openldap`
			`olcDbIndex: objectClass eq`
			`olcSuffix: dc=example`
			`olcRootDN: cn=root,dc=example`
			`olcRootPW: notapassword`
			`'';`
			`in ''`
			`machine.succeed(`
			`"mkdir -p /var/db/slapd.d /var/db/openldap",`
			`"slapadd -F /var/db/slapd.d -n0 -l ${config}",`
			`"slapadd -F /var/db/slapd.d -n1 -l ${contents}",`
			`"chown -R openldap:openldap /var/db/slapd.d /var/db/openldap",`
			`"systemctl restart openldap",`
			`)`
			`'' + testScript;`
nixos/tests/openldap: make openldap test auto-callable The NixOS manual documents that you can invoke every tests using nix-build path/to/nixos/tests/test.nix which was not the case for openldap since it is not autocallable, but requires pkgs and system as arguments. Usually, make-test-pythons.nix takes care of this if it is imported at the top-level, but since openldap.nix contains multiple tests, this was not the case. This is however easily fixed by: * Adding default values for the pkgs and system arguments based on the definition in make-test-python.nix * Passing pkgs and system explicitly to make-test-python.nix to ensure the pkgs and system values passed from all-tests.nix are used. 2021-02-18 12:56:58 +01:00			`}) { inherit system pkgs; };`
nixos/openldap: add test 2018-03-03 18:53:16 +00:00			`}`