From 77978c1518f3f2808947696f1b80e0eb8bd8ff9c Mon Sep 17 00:00:00 2001 From: Florian Jacob Date: Mon, 1 Apr 2019 20:01:29 +0200 Subject: [PATCH 1/2] nixos/mysql: fix support for non-specified database schema and increase test coverage to catch this --- nixos/modules/services/databases/mysql.nix | 2 +- nixos/tests/mysql.nix | 10 +++++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/nixos/modules/services/databases/mysql.nix b/nixos/modules/services/databases/mysql.nix index 89291d4438f..12dbc07dcf0 100644 --- a/nixos/modules/services/databases/mysql.nix +++ b/nixos/modules/services/databases/mysql.nix @@ -360,7 +360,7 @@ in echo "Creating initial database: ${database.name}" ( echo 'create database `${database.name}`;' - ${optionalString (database ? "schema") '' + ${optionalString (database.schema != null) '' echo 'use `${database.name}`;' if [ -f "${database.schema}" ] diff --git a/nixos/tests/mysql.nix b/nixos/tests/mysql.nix index fedc7f0ab1f..97a4dee7f99 100644 --- a/nixos/tests/mysql.nix +++ b/nixos/tests/mysql.nix @@ -10,7 +10,10 @@ import ./make-test.nix ({ pkgs, ...} : { { services.mysql.enable = true; - services.mysql.initialDatabases = [ { name = "testdb"; schema = ./testdb.sql; } ]; + services.mysql.initialDatabases = [ + { name = "testdb"; schema = ./testdb.sql; } + { name = "empty_testdb"; } + ]; services.mysql.package = pkgs.mysql; }; @@ -36,11 +39,12 @@ import ./make-test.nix ({ pkgs, ...} : { startAll; $mysql->waitForUnit("mysql"); - $mysql->succeed("echo 'use testdb; select * from tests' | mysql -u root -N | grep 4"); + $mysql->succeed("echo 'use empty_testdb;' | mysql -u root"); + $mysql->succeed("echo 'use testdb; select * from tests;' | mysql -u root -N | grep 4"); $mariadb->waitForUnit("mysql"); $mariadb->succeed("echo 'use testdb; create table tests (test_id INT, PRIMARY KEY (test_id));' | sudo -u testuser mysql -u testuser"); $mariadb->succeed("echo 'use testdb; insert into tests values (42);' | sudo -u testuser mysql -u testuser"); - $mariadb->succeed("echo 'use testdb; select test_id from tests' | sudo -u testuser mysql -u testuser -N | grep 42"); + $mariadb->succeed("echo 'use testdb; select test_id from tests;' | sudo -u testuser mysql -u testuser -N | grep 42"); ''; }) From 14571f5ed02fea504d131b130327f845715a7714 Mon Sep 17 00:00:00 2001 From: Florian Jacob Date: Mon, 1 Apr 2019 21:08:47 +0200 Subject: [PATCH 2/2] nixos/mysql: fix initialScript option which was wrongly specified as types.lines Prevent it from getting copied to nix store as people might use it for credentials, and make the tests cover it. --- nixos/modules/services/databases/mysql.nix | 8 ++++++-- nixos/tests/mysql.nix | 7 +++++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/nixos/modules/services/databases/mysql.nix b/nixos/modules/services/databases/mysql.nix index 12dbc07dcf0..7e3c230fff7 100644 --- a/nixos/modules/services/databases/mysql.nix +++ b/nixos/modules/services/databases/mysql.nix @@ -133,7 +133,7 @@ in }; initialScript = mkOption { - type = types.nullOr types.lines; + type = types.nullOr types.path; default = null; description = "A file containing SQL statements to be executed on the first startup. Can be used for granting certain permissions on the database"; }; @@ -363,6 +363,8 @@ in ${optionalString (database.schema != null) '' echo 'use `${database.name}`;' + # TODO: this silently falls through if database.schema does not exist, + # we should catch this somehow and exit, but can't do it here because we're in a subshell. if [ -f "${database.schema}" ] then cat ${database.schema} @@ -399,7 +401,9 @@ in ${optionalString (cfg.initialScript != null) '' # Execute initial script - cat ${cfg.initialScript} | ${mysql}/bin/mysql -u root -N + # using toString to avoid copying the file to nix store if given as path instead of string, + # as it might contain credentials + cat ${toString cfg.initialScript} | ${mysql}/bin/mysql -u root -N ''} ${optionalString (cfg.rootPassword != null) diff --git a/nixos/tests/mysql.nix b/nixos/tests/mysql.nix index 97a4dee7f99..cfe10bc41b0 100644 --- a/nixos/tests/mysql.nix +++ b/nixos/tests/mysql.nix @@ -14,6 +14,11 @@ import ./make-test.nix ({ pkgs, ...} : { { name = "testdb"; schema = ./testdb.sql; } { name = "empty_testdb"; } ]; + # note that using pkgs.writeText here is generally not a good idea, + # as it will store the password in world-readable /nix/store ;) + services.mysql.initialScript = pkgs.writeText "mysql-init.sql" '' + CREATE USER 'passworduser'@'localhost' IDENTIFIED BY 'password123'; + ''; services.mysql.package = pkgs.mysql; }; @@ -41,6 +46,8 @@ import ./make-test.nix ({ pkgs, ...} : { $mysql->waitForUnit("mysql"); $mysql->succeed("echo 'use empty_testdb;' | mysql -u root"); $mysql->succeed("echo 'use testdb; select * from tests;' | mysql -u root -N | grep 4"); + # ';' acts as no-op, just check whether login succeeds with the user created from the initialScript + $mysql->succeed("echo ';' | mysql -u passworduser --password=password123"); $mariadb->waitForUnit("mysql"); $mariadb->succeed("echo 'use testdb; create table tests (test_id INT, PRIMARY KEY (test_id));' | sudo -u testuser mysql -u testuser");