From 7d64f7a53431bd42ef97a63698a48d7179dce9c7 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sat, 28 Dec 2019 15:29:22 +0100 Subject: [PATCH 1/2] nixosTests.mysql: add missing () to start_all() Because mysql.wait_for_unit() starts the vm as well, we didn't notice that. --- nixos/tests/mysql.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/tests/mysql.nix b/nixos/tests/mysql.nix index 2c0d212c2f1..b6b3625cc43 100644 --- a/nixos/tests/mysql.nix +++ b/nixos/tests/mysql.nix @@ -47,7 +47,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { }; testScript = '' - start_all + start_all() mysql.wait_for_unit("mysql") mysql.succeed("echo 'use empty_testdb;' | mysql -u root") From bf7841aae18eb113c2439d439a28747bbec26ee0 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sat, 28 Dec 2019 15:30:11 +0100 Subject: [PATCH 2/2] nixosTests.mysql: add additional test{db,user}2 Test that other users are not able to access the mysql database, and unix socket auth actually works. --- nixos/tests/mysql.nix | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/nixos/tests/mysql.nix b/nixos/tests/mysql.nix index b6b3625cc43..924bac84e26 100644 --- a/nixos/tests/mysql.nix +++ b/nixos/tests/mysql.nix @@ -27,6 +27,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { { users.users.testuser = { }; + users.users.testuser2 = { }; services.mysql.enable = true; services.mysql.initialScript = pkgs.writeText "mariadb-init.sql" '' ALTER USER root@localhost IDENTIFIED WITH unix_socket; @@ -34,12 +35,17 @@ import ./make-test-python.nix ({ pkgs, ...} : { DELETE FROM mysql.user WHERE user = '''; FLUSH PRIVILEGES; ''; - services.mysql.ensureDatabases = [ "testdb" ]; + services.mysql.ensureDatabases = [ "testdb" "testdb2" ]; services.mysql.ensureUsers = [{ name = "testuser"; ensurePermissions = { "testdb.*" = "ALL PRIVILEGES"; }; + } { + name = "testuser2"; + ensurePermissions = { + "testdb2.*" = "ALL PRIVILEGES"; + }; }]; services.mysql.package = pkgs.mariadb; }; @@ -62,6 +68,14 @@ import ./make-test-python.nix ({ pkgs, ...} : { mariadb.succeed( "echo 'use testdb; insert into tests values (42);' | sudo -u testuser mysql -u testuser" ) + # Ensure testuser2 is not able to insert into testdb as mysql testuser2 + mariadb.fail( + "echo 'use testdb; insert into tests values (23);' | sudo -u testuser2 mysql -u testuser2" + ) + # Ensure testuser2 is not able to authenticate as mysql testuser + mariadb.fail( + "echo 'use testdb; insert into tests values (23);' | sudo -u testuser2 mysql -u testuser" + ) mariadb.succeed( "echo 'use testdb; select test_id from tests;' | sudo -u testuser mysql -u testuser -N | grep 42" )