From 9e6737710c4fb2613850e699178b23d54f1a3261 Mon Sep 17 00:00:00 2001 From: Silvan Mosberger Date: Fri, 18 Dec 2020 16:42:42 +0100 Subject: [PATCH] Revert "Module-builtin assertions, disabling assertions and submodule assertions" --- lib/modules.nix | 164 +++--------------- lib/options.nix | 2 +- lib/tests/misc.nix | 2 +- lib/tests/modules.sh | 82 +++------ .../modules/assertions/condition-true.nix | 8 - lib/tests/modules/assertions/enable-false.nix | 9 - lib/tests/modules/assertions/multi.nix | 23 --- lib/tests/modules/assertions/simple.nix | 6 - .../assertions/submodule-attrsOf-attrsOf.nix | 13 -- .../modules/assertions/submodule-attrsOf.nix | 13 -- lib/tests/modules/assertions/submodule.nix | 13 -- .../assertions/underscore-attributes.nix | 8 - lib/tests/modules/assertions/warning.nix | 9 - nixos/doc/manual/development/assertions.xml | 161 +++++------------ nixos/modules/misc/assertions.nix | 15 +- nixos/modules/system/activation/top-level.nix | 10 +- 16 files changed, 96 insertions(+), 442 deletions(-) delete mode 100644 lib/tests/modules/assertions/condition-true.nix delete mode 100644 lib/tests/modules/assertions/enable-false.nix delete mode 100644 lib/tests/modules/assertions/multi.nix delete mode 100644 lib/tests/modules/assertions/simple.nix delete mode 100644 lib/tests/modules/assertions/submodule-attrsOf-attrsOf.nix delete mode 100644 lib/tests/modules/assertions/submodule-attrsOf.nix delete mode 100644 lib/tests/modules/assertions/submodule.nix delete mode 100644 lib/tests/modules/assertions/underscore-attributes.nix delete mode 100644 lib/tests/modules/assertions/warning.nix diff --git a/lib/modules.nix b/lib/modules.nix index 5548c5f7049..3f2bfd478b0 100644 --- a/lib/modules.nix +++ b/lib/modules.nix @@ -46,7 +46,6 @@ let showFiles showOption unknownModule - literalExample ; in @@ -73,20 +72,14 @@ rec { check ? true }: let - # An internal module that's always added, defining special options which - # change the behavior of the module evaluation itself. This is under a - # `_`-prefixed namespace in order to prevent name clashes with - # user-defined options + # This internal module declare internal options under the `_module' + # attribute. These options are fragile, as they are used by the + # module system to change the interpretation of modules. internalModule = rec { - # FIXME: Using ./modules.nix directly breaks the doc for some reason - _file = "lib/modules.nix"; + _file = ./modules.nix; key = _file; - # Most of these options are set to be internal only for prefix != [], - # aka it's a submodule evaluation. This way their docs are displayed - # only once as a top-level NixOS option, but will be hidden for all - # submodules, even though they are available there too options = { _module.args = mkOption { # Because things like `mkIf` are entirely useless for @@ -96,7 +89,7 @@ rec { # a `_module.args.pkgs = import (fetchTarball { ... }) {}` won't # start a download when `pkgs` wasn't evaluated. type = types.lazyAttrsOf types.unspecified; - internal = prefix != []; + internal = true; description = "Arguments passed to each module."; }; @@ -104,19 +97,13 @@ rec { type = types.bool; internal = true; default = check; - description = '' - Whether to check whether all option definitions have matching - declarations. - - Note that this has nothing to do with the similarly named - option - ''; + description = "Whether to check whether all option definitions have matching declarations."; }; _module.freeformType = mkOption { # Disallow merging for now, but could be implemented nicely with a `types.optionType` type = types.nullOr (types.uniq types.attrs); - internal = prefix != []; + internal = true; default = null; description = '' If set, merge all definitions that don't have an associated option @@ -129,75 +116,6 @@ rec { turned off. ''; }; - - _module.checks = mkOption { - description = '' - Evaluation checks to trigger during module evaluation. The - attribute name will be displayed when it is triggered, allowing - users to disable/change these checks if necessary. See - the section on Warnings and Assertions in the manual for more - information. - ''; - example = literalExample '' - { - gpgSshAgent = { - enable = config.programs.gnupg.agent.enableSSHSupport && config.programs.ssh.startAgent; - message = "You can't use ssh-agent and GnuPG agent with SSH support enabled at the same time!"; - }; - - grafanaPassword = { - enable = config.services.grafana.database.password != ""; - message = "Grafana passwords will be stored as plaintext in the Nix store!"; - type = "warning"; - }; - } - ''; - default = {}; - internal = prefix != []; - type = types.attrsOf (types.submodule { - options.enable = mkOption { - description = '' - Whether to enable this check. Set this to false to not trigger - any errors or warning messages. This is useful for ignoring a - check in case it doesn't make sense in certain scenarios. - ''; - default = true; - type = types.bool; - }; - - options.check = mkOption { - description = '' - The condition that must succeed in order for this check to be - successful and not trigger a warning or error. - ''; - readOnly = true; - type = types.bool; - }; - - options.type = mkOption { - description = '' - The type of the check. The default - "error" type will cause evaluation to fail, - while the "warning" type will only show a - warning. - ''; - type = types.enum [ "error" "warning" ]; - default = "error"; - example = "warning"; - }; - - options.message = mkOption { - description = '' - The message to display if this check triggers. - To display option names in the message, add - options to the module function arguments - and use ''${options.path.to.option}. - ''; - type = types.str; - example = "Enabling both \${options.services.foo.enable} and \${options.services.bar.enable} is not possible."; - }; - }); - }; }; config = { @@ -236,35 +154,6 @@ rec { # paths, meaning recursiveUpdate will never override any value else recursiveUpdate freeformConfig declaredConfig; - # Triggers all checks defined by _module.checks before returning its argument - triggerChecks = let - - handleCheck = errors: name: - let - value = config._module.checks.${name}; - show = - # Assertions with a _ prefix aren't meant to be configurable - if lib.hasPrefix "_" name then value.message - else "[${showOption prefix}${optionalString (prefix != []) "/"}${name}] ${value.message}"; - in - if value.enable -> value.check then errors - else if value.type == "warning" then lib.warn show errors - else if value.type == "error" then errors ++ [ show ] - else abort "Unknown check type ${value.type}"; - - errors = lib.foldl' handleCheck [] (lib.attrNames config._module.checks); - - errorMessage = '' - Failed checks: - ${lib.concatMapStringsSep "\n" (a: "- ${a}") errors} - ''; - - trigger = if errors == [] then null else throw errorMessage; - - in builtins.seq trigger; - - finalConfig = triggerChecks (removeAttrs config [ "_module" ]); - checkUnmatched = if config._module.check && config._module.freeformType == null && merged.unmatchedDefns != [] then let @@ -284,7 +173,7 @@ rec { result = builtins.seq checkUnmatched { inherit options; - config = finalConfig; + config = removeAttrs config [ "_module" ]; inherit (config) _module; }; in result; @@ -625,8 +514,6 @@ rec { definitions = map (def: def.value) res.defsFinal; files = map (def: def.file) res.defsFinal; inherit (res) isDefined; - # This allows options to be correctly displayed using `${options.path.to.it}` - __toString = _: showOption loc; }; # Merge definitions of a value of a given type. @@ -886,15 +773,14 @@ rec { visible = false; apply = x: throw "The option `${showOption optionName}' can no longer be used since it's been removed. ${replacementInstructions}"; }); - config._module.checks = - let opt = getAttrFromPath optionName options; in { - ${"removed-" + showOption optionName} = lib.mkIf opt.isDefined { + config.assertions = + let opt = getAttrFromPath optionName options; in [{ + assertion = !opt.isDefined; message = '' The option definition `${showOption optionName}' in ${showFiles opt.files} no longer has any effect; please remove it. ${replacementInstructions} ''; - }; - }; + }]; }; /* Return a module that causes a warning to be shown if the @@ -955,18 +841,14 @@ rec { })) from); config = { - _module.checks = - let warningMessages = map (f: - let val = getAttrFromPath f config; - opt = getAttrFromPath f options; - in { - ${"merged" + showOption f} = lib.mkIf (val != "_mkMergedOptionModule") { - type = "warning"; - message = "The option `${showOption f}' defined in ${showFiles opt.files} has been changed to `${showOption to}' that has a different type. Please read `${showOption to}' documentation and update your configuration accordingly."; - }; - } - ) from; - in mkMerge warningMessages; + warnings = filter (x: x != "") (map (f: + let val = getAttrFromPath f config; + opt = getAttrFromPath f options; + in + optionalString + (val != "_mkMergedOptionModule") + "The option `${showOption f}' defined in ${showFiles opt.files} has been changed to `${showOption to}' that has a different type. Please read `${showOption to}' documentation and update your configuration accordingly." + ) from); } // setAttrByPath to (mkMerge (optional (any (f: (getAttrFromPath f config) != "_mkMergedOptionModule") from) @@ -1025,10 +907,8 @@ rec { }); config = mkMerge [ { - _module.checks.${"renamed-" + showOption from} = mkIf (warn && fromOpt.isDefined) { - type = "warning"; - message = "The option `${showOption from}' defined in ${showFiles fromOpt.files} has been renamed to `${showOption to}'."; - }; + warnings = optional (warn && fromOpt.isDefined) + "The option `${showOption from}' defined in ${showFiles fromOpt.files} has been renamed to `${showOption to}'."; } (if withPriority then mkAliasAndWrapDefsWithPriority (setAttrByPath to) fromOpt diff --git a/lib/options.nix b/lib/options.nix index 5c042a6c6f2..87cd8b79796 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -192,7 +192,7 @@ rec { let ss = opt.type.getSubOptions opt.loc; in if ss != {} then optionAttrSetToDocList' opt.loc ss else []; in - [ docOption ] ++ optionals (docOption.visible && ! docOption.internal) subOptions) (collect isOption options); + [ docOption ] ++ optionals docOption.visible subOptions) (collect isOption options); /* This function recursively removes all derivation attributes from diff --git a/lib/tests/misc.nix b/lib/tests/misc.nix index 2d53ed81176..35a5801c724 100644 --- a/lib/tests/misc.nix +++ b/lib/tests/misc.nix @@ -655,7 +655,7 @@ runTests { modules = [ module ]; }).options; - locs = filter (o: ! o.internal) (optionAttrSetToDocList (removeAttrs options [ "_module" ])); + locs = filter (o: ! o.internal) (optionAttrSetToDocList options); in map (o: o.loc) locs; expected = [ [ "foo" ] [ "foo" "" "bar" ] [ "foo" "bar" ] ]; }; diff --git a/lib/tests/modules.sh b/lib/tests/modules.sh index 775be9f7209..309c5311361 100755 --- a/lib/tests/modules.sh +++ b/lib/tests/modules.sh @@ -27,50 +27,37 @@ reportFailure() { fail=$((fail + 1)) } -checkConfigCodeOutErr() { - local expectedExit=$1 - shift; - local outputContains=$1 - shift; - local errorContains=$1 - shift; - out=$(mktemp) - err=$(mktemp) - evalConfig "$@" 1>"$out" 2>"$err" - if [[ "$?" -ne "$expectedExit" ]]; then - echo 2>&1 "error: Expected exit code $expectedExit while evaluating" - reportFailure "$@" - return 1 - fi - - if [[ -n "$outputContains" ]] && ! grep -zP --silent "$outputContains" "$out"; then - echo 2>&1 "error: Expected output matching '$outputContains', while evaluating" - reportFailure "$@" - return 1 - fi - - if [[ -n "$errorContains" ]] && ! grep -zP --silent "$errorContains" "$err"; then - echo 2>&1 "error: Expected error matching '$errorContains', while evaluating" - reportFailure "$@" - return 1 - fi - - pass=$((pass + 1)) - - # Clean up temp files - rm "$out" "$err" -} - checkConfigOutput() { local outputContains=$1 shift; - checkConfigCodeOutErr 0 "$outputContains" "" "$@" + if evalConfig "$@" 2>/dev/null | grep --silent "$outputContains" ; then + pass=$((pass + 1)) + return 0; + else + echo 2>&1 "error: Expected result matching '$outputContains', while evaluating" + reportFailure "$@" + return 1 + fi } checkConfigError() { local errorContains=$1 + local err="" shift; - checkConfigCodeOutErr 1 "" "$errorContains" "$@" + if err==$(evalConfig "$@" 2>&1 >/dev/null); then + echo 2>&1 "error: Expected error code, got exit code 0, while evaluating" + reportFailure "$@" + return 1 + else + if echo "$err" | grep -zP --silent "$errorContains" ; then + pass=$((pass + 1)) + return 0; + else + echo 2>&1 "error: Expected error matching '$errorContains', while evaluating" + reportFailure "$@" + return 1 + fi + fi } # Check boolean option. @@ -275,29 +262,6 @@ checkConfigOutput true config.value.mkbefore ./types-anything/mk-mods.nix checkConfigOutput 1 config.value.nested.foo ./types-anything/mk-mods.nix checkConfigOutput baz config.value.nested.bar.baz ./types-anything/mk-mods.nix -## Module assertions -# Check that assertions are triggered by default for just evaluating config -checkConfigError 'Failed checks:\n- \[test\] Assertion failed' config ./assertions/simple.nix - -# Assertion is not triggered when enable is false or condition is true -checkConfigOutput '{ }' config ./assertions/condition-true.nix -checkConfigOutput '{ }' config ./assertions/enable-false.nix - -# Warnings should be displayed on standard error -checkConfigCodeOutErr 0 '{ }' 'warning: \[test\] Warning message' config ./assertions/warning.nix - -# Check that multiple assertions and warnings can be triggered at once -checkConfigError 'Failed checks:\n- \[test1\] Assertion 1 failed\n- \[test2\] Assertion 2 failed' config ./assertions/multi.nix -checkConfigError 'trace: warning: \[test3\] Warning 3 failed\ntrace: warning: \[test4\] Warning 4 failed' config ./assertions/multi.nix - -# Submodules should be able to trigger assertions and display the submodule prefix in their error -checkConfigError 'Failed checks:\n- \[foo/test\] Assertion failed' config.foo ./assertions/submodule.nix -checkConfigError 'Failed checks:\n- \[foo.bar/test\] Assertion failed' config.foo.bar ./assertions/submodule-attrsOf.nix -checkConfigError 'Failed checks:\n- \[foo.bar.baz/test\] Assertion failed' config.foo.bar.baz ./assertions/submodule-attrsOf-attrsOf.nix - -# Assertions with an attribute starting with _ shouldn't have their name displayed -checkConfigError 'Failed checks:\n- Assertion failed' config ./assertions/underscore-attributes.nix - cat < - Evaluation Checks + Warnings and Assertions When configuration problems are detectable in a module, it is a good idea to - write a check for catching it early. Doing so can provide clear feedback to - the user and can prevent errors before the build. + write an assertion or warning. Doing so provides clear feedback to the user + and prevents errors after the build. Although Nix has the abort and builtins.trace functions - to perform such tasks generally, they are not ideally suited for NixOS - modules. Instead of these functions, you can declare your evaluation checks - using the NixOS module system. + to perform such tasks, they are not ideally suited for NixOS modules. Instead + of these functions, you can declare your warnings and assertions using the + NixOS module system. -
- Defining Checks +
+ Warnings - Checks can be defined using the option. - Each check needs an attribute name, under which you can define a trigger - assertion using and a - message using . - For the message, you can add - options to the module arguments and use - ${options.path.to.option} to print a context-aware string - representation of an option path. Here is an example showing how this can be - done. + This is an example of using warnings. -{ config, options, ... }: { - _module.checks.gpgSshAgent = { - check = config.programs.gnupg.agent.enableSSHSupport -> !config.programs.ssh.startAgent; - message = "If you have ${options.programs.gnupg.agent.enableSSHSupport} enabled," - + " you can't enable ${options.programs.ssh.startAgent} as well!"; - }; - - _module.checks.grafanaPassword = { - check = config.services.grafana.database.password == ""; - message = "The grafana password defined with ${options.services.grafana.database.password}" - + " will be stored as plaintext in the Nix store!"; - # This is a non-fatal warning - type = "warning"; - }; + -
-
- Ignoring Checks +
+ Assertions - Sometimes you can get failing checks that don't apply to your specific case - and you wish to ignore them, or at least make errors non-fatal. You can do so - for all checks defined using by - using the attribute name of the definition, which is conveniently printed - using [...] when the check is triggered. For above - example, the evaluation output when the checks are triggered looks as - follows: - - - -trace: warning: [grafanaPassword] The grafana password defined with - services.grafana.database.password will be stored as plaintext in the Nix store! -error: Failed checks: -- [gpgSshAgent] If you have programs.gnupg.agent.enableSSHSupport - enabled, you can't enable programs.ssh.startAgent as well! - - - - The [grafanaPassword] and [gpgSshAgent] - strings tell you that these were defined under the grafanaPassword - and gpgSshAgent attributes of - respectively. With this knowledge - you can adjust them to your liking: + This example, extracted from the + + syslogd module shows how to use + assertions. Since there can only be one active syslog + daemon at a time, an assertion is useful to prevent such a broken system + from being built. + - - -
-
- Checks in Submodules - - - Evaluation checks can be defined within submodules in the same way. Here is an example: - - - -{ lib, ... }: { - - options.myServices = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({ config, options, ... }: { - options.port = lib.mkOption {}; - - config._module.checks.portConflict = { - check = config.port != 80; - message = "Port ${toString config.port} defined using" - + " ${options.port} is usually used for HTTP"; - type = "warning"; - }; - })); - }; - -} - - - - When this check is triggered, it shows both the submodule path along with - the check attribute within that submodule, joined by a - /. Note also how ${options.port} - correctly shows the context of the option. - - - -trace: warning: [myServices.foo/portConflict] Port 80 defined using - myServices.foo.port is usually used for HTTP - - - - Therefore to disable such a check, you can do so by changing the - option within the - myServices.foo submodule: - - - -{ - myServices.foo._module.checks.portConflict.enable = false; -} - - - - - Checks defined in submodules under types.listOf can't be - ignored, since there's no way to change previously defined list items. - - -
diff --git a/nixos/modules/misc/assertions.nix b/nixos/modules/misc/assertions.nix index d7cdb32491d..550b3ac97f6 100644 --- a/nixos/modules/misc/assertions.nix +++ b/nixos/modules/misc/assertions.nix @@ -1,4 +1,4 @@ -{ lib, config, ... }: +{ lib, ... }: with lib; @@ -30,18 +30,5 @@ with lib; }; }; - - config._module.checks = lib.listToAttrs (lib.imap1 (n: value: - let - name = "_${toString n}"; - isWarning = lib.isString value; - result = { - check = if isWarning then false else value.assertion; - type = if isWarning then "warning" else "error"; - message = if isWarning then value else value.message; - }; - in nameValuePair name result - ) (config.assertions ++ config.warnings)); - # impl of assertions is in } diff --git a/nixos/modules/system/activation/top-level.nix b/nixos/modules/system/activation/top-level.nix index 17b62ad9569..03d7e749323 100644 --- a/nixos/modules/system/activation/top-level.nix +++ b/nixos/modules/system/activation/top-level.nix @@ -117,10 +117,18 @@ let perl = "${pkgs.perl}/bin/perl " + (concatMapStringsSep " " (lib: "-I${lib}/${pkgs.perl.libPrefix}") (with pkgs.perlPackages; [ FileSlurp NetDBus XMLParser XMLTwig ])); }; + # Handle assertions and warnings + + failedAssertions = map (x: x.message) (filter (x: !x.assertion) config.assertions); + + baseSystemAssertWarn = if failedAssertions != [] + then throw "\nFailed assertions:\n${concatStringsSep "\n" (map (x: "- ${x}") failedAssertions)}" + else showWarnings config.warnings baseSystem; + # Replace runtime dependencies system = fold ({ oldDependency, newDependency }: drv: pkgs.replaceDependency { inherit oldDependency newDependency drv; } - ) baseSystem config.system.replaceRuntimeDependencies; + ) baseSystemAssertWarn config.system.replaceRuntimeDependencies; in