openldap: use specialisations for tests
This speeds up tests a bit. Also, ensure that mutable config works for manual config dir.
This commit is contained in:
parent
fd7d901133
commit
ad5acb9b0e
|
@ -1,9 +1,4 @@
|
|||
{ pkgs ? (import ../.. { inherit system; config = { }; })
|
||||
, system ? builtins.currentSystem
|
||||
, ...
|
||||
}:
|
||||
|
||||
let
|
||||
import ./make-test-python.nix ({ pkgs, ... }: let
|
||||
dbContents = ''
|
||||
dn: dc=example
|
||||
objectClass: domain
|
||||
|
@ -13,16 +8,38 @@ let
|
|||
objectClass: organizationalUnit
|
||||
ou: users
|
||||
'';
|
||||
testScript = ''
|
||||
machine.wait_for_unit("openldap.service")
|
||||
machine.succeed(
|
||||
'ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"',
|
||||
)
|
||||
|
||||
ldifConfig = ''
|
||||
dn: cn=config
|
||||
cn: config
|
||||
objectClass: olcGlobal
|
||||
olcLogLevel: stats
|
||||
|
||||
dn: cn=schema,cn=config
|
||||
cn: schema
|
||||
objectClass: olcSchemaConfig
|
||||
|
||||
include: file://${pkgs.openldap}/etc/schema/core.ldif
|
||||
include: file://${pkgs.openldap}/etc/schema/cosine.ldif
|
||||
include: file://${pkgs.openldap}/etc/schema/inetorgperson.ldif
|
||||
|
||||
dn: olcDatabase={0}config,cn=config
|
||||
olcDatabase: {0}config
|
||||
objectClass: olcDatabaseConfig
|
||||
olcRootDN: cn=root,cn=config
|
||||
olcRootPW: configpassword
|
||||
|
||||
dn: olcDatabase={1}mdb,cn=config
|
||||
objectClass: olcDatabaseConfig
|
||||
objectClass: olcMdbConfig
|
||||
olcDatabase: {1}mdb
|
||||
olcDbDirectory: /var/db/openldap
|
||||
olcDbIndex: objectClass eq
|
||||
olcSuffix: dc=example
|
||||
olcRootDN: cn=root,dc=example
|
||||
olcRootPW: notapassword
|
||||
'';
|
||||
in {
|
||||
# New-style configuration
|
||||
current = import ./make-test-python.nix ({ pkgs, ... }: {
|
||||
inherit testScript;
|
||||
name = "openldap";
|
||||
|
||||
nodes.machine = { pkgs, ... }: {
|
||||
|
@ -58,55 +75,41 @@ in {
|
|||
};
|
||||
declarativeContents."dc=example" = dbContents;
|
||||
};
|
||||
};
|
||||
}) { inherit pkgs system; };
|
||||
|
||||
# Manually managed configDir, for example if dynamic config is essential
|
||||
manualConfigDir = import ./make-test-python.nix ({ pkgs, ... }: {
|
||||
name = "openldap";
|
||||
|
||||
nodes.machine = { pkgs, ... }: {
|
||||
specialisation = {
|
||||
manualConfigDir = {
|
||||
inheritParentConfig = false;
|
||||
configuration = { ... }: {
|
||||
services.openldap = {
|
||||
enable = true;
|
||||
configDir = "/var/db/slapd.d";
|
||||
};
|
||||
};
|
||||
|
||||
testScript = let
|
||||
contents = pkgs.writeText "data.ldif" dbContents;
|
||||
config = pkgs.writeText "config.ldif" ''
|
||||
dn: cn=config
|
||||
cn: config
|
||||
objectClass: olcGlobal
|
||||
olcLogLevel: stats
|
||||
olcPidFile: /run/slapd/slapd.pid
|
||||
|
||||
dn: cn=schema,cn=config
|
||||
cn: schema
|
||||
objectClass: olcSchemaConfig
|
||||
|
||||
include: file://${pkgs.openldap}/etc/schema/core.ldif
|
||||
include: file://${pkgs.openldap}/etc/schema/cosine.ldif
|
||||
include: file://${pkgs.openldap}/etc/schema/inetorgperson.ldif
|
||||
|
||||
};
|
||||
};
|
||||
};
|
||||
testScript = { nodes, ... }: let
|
||||
specializations = "${nodes.machine.config.system.build.toplevel}/specialisation";
|
||||
changeRootPw = ''
|
||||
dn: olcDatabase={1}mdb,cn=config
|
||||
objectClass: olcDatabaseConfig
|
||||
objectClass: olcMdbConfig
|
||||
olcDatabase: {1}mdb
|
||||
olcDbDirectory: /var/db/openldap
|
||||
olcDbIndex: objectClass eq
|
||||
olcSuffix: dc=example
|
||||
olcRootDN: cn=root,dc=example
|
||||
olcRootPW: notapassword
|
||||
changetype: modify
|
||||
replace: olcRootPW
|
||||
olcRootPW: foobar
|
||||
'';
|
||||
in ''
|
||||
machine.wait_for_unit("openldap.service")
|
||||
machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"')
|
||||
|
||||
with subtest("manual config dir"):
|
||||
machine.succeed(
|
||||
"mkdir -p /var/db/slapd.d /var/db/openldap",
|
||||
"slapadd -F /var/db/slapd.d -n0 -l ${config}",
|
||||
"slapadd -F /var/db/slapd.d -n1 -l ${contents}",
|
||||
"chown -R openldap:openldap /var/db/slapd.d /var/db/openldap",
|
||||
"systemctl restart openldap",
|
||||
'mkdir -p /var/db/slapd.d /var/db/openldap',
|
||||
'slapadd -F /var/db/slapd.d -n0 -l ${pkgs.writeText "config.ldif" ldifConfig}',
|
||||
'slapadd -F /var/db/slapd.d -n1 -l ${pkgs.writeText "contents.ldif" dbContents}',
|
||||
'chown -R openldap:openldap /var/db/slapd.d /var/db/openldap',
|
||||
'${specializations}/manualConfigDir/bin/switch-to-configuration test',
|
||||
)
|
||||
'' + testScript;
|
||||
}) { inherit system pkgs; };
|
||||
}
|
||||
machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"')
|
||||
machine.succeed('ldapmodify -D cn=root,cn=config -w configpassword -f ${pkgs.writeText "rootpw.ldif" changeRootPw}')
|
||||
machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w foobar -b "dc=example"')
|
||||
'';
|
||||
})
|
||||
|
|
Loading…
Reference in a new issue