openldap: test starting with empty DB

This addresses the original concern behind #92544
2022-06-05 20:03:46 +01:00 · 2022-06-05 20:03:46 +01:00 · 334d622ec7
commit 334d622ec7
parent 8a7193fc0a
2 changed files with 18 additions and 5 deletions
--- a/nixos/modules/services/databases/openldap.nix
+++ b/nixos/modules/services/databases/openldap.nix
@ -236,7 +236,10 @@ in {
    writeConfig = pkgs.writeShellScript "openldap-config" ''
      set -euo pipefail

-      ${lib.optionalString (!cfg.mutableConfig) "rm -rf ${configDir}/*"}
+      ${lib.optionalString (!cfg.mutableConfig) ''
+        chmod -R u+w ${configDir}
+        rm -rf ${configDir}/*
+      ''}
      if [ ! -e "${configDir}/cn=config.ldif" ]; then
        ${openldap}/bin/slapadd -F ${configDir} -bcn=config -l ${settingsFile}
      fi
--- a/nixos/tests/openldap.nix
+++ b/nixos/tests/openldap.nix
@ -81,12 +81,17 @@ in {
          };
        };
      };
-      declarativeContents."dc=example" = dbContents;
    };

    specialisation = {
+      declarativeContents.configuration = { ... }: {
+        services.openldap.declarativeContents."dc=example" = dbContents;
+      };
      mutableConfig.configuration = { ... }: {
-        services.openldap.mutableConfig = true;
+        services.openldap = {
+          declarativeContents."dc=example" = dbContents;
+          mutableConfig = true;
+        };
      };
      manualConfigDir = {
        inheritParentConfig = false;
@ -108,9 +113,14 @@ in {
      olcRootPW: foobar
    '';
  in ''
+    # Test startup with empty DB
    machine.wait_for_unit("openldap.service")
-    machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"')
-    machine.fail('ldapmodify -D cn=root,cn=config -w configpassword -f ${pkgs.writeText "rootpw.ldif" changeRootPw}')
+
+    with subtest("declarative contents"):
+      machine.succeed('${specializations}/declarativeContents/bin/switch-to-configuration test')
+      machine.wait_for_unit("openldap.service")
+      machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"')
+      machine.fail('ldapmodify -D cn=root,cn=config -w configpassword -f ${pkgs.writeText "rootpw.ldif" changeRootPw}')

    with subtest("mutable config"):
      machine.succeed('${specializations}/mutableConfig/bin/switch-to-configuration test')