diff options
| author | Florian Klink <flokli@flokli.de> | 2019-12-28 15:30:11 +0100 |
|---|---|---|
| committer | Florian Klink <flokli@flokli.de> | 2019-12-28 15:31:12 +0100 |
| commit | bf7841aae18eb113c2439d439a28747bbec26ee0 (patch) | |
| tree | cdbccfa1156094534592ad4b1a41b5272e973058 | |
| parent | 7d64f7a53431bd42ef97a63698a48d7179dce9c7 (diff) | |
| download | nixpkgs-bf7841aae18eb113c2439d439a28747bbec26ee0.tar nixpkgs-bf7841aae18eb113c2439d439a28747bbec26ee0.tar.gz nixpkgs-bf7841aae18eb113c2439d439a28747bbec26ee0.tar.bz2 nixpkgs-bf7841aae18eb113c2439d439a28747bbec26ee0.tar.lz nixpkgs-bf7841aae18eb113c2439d439a28747bbec26ee0.tar.xz nixpkgs-bf7841aae18eb113c2439d439a28747bbec26ee0.tar.zst nixpkgs-bf7841aae18eb113c2439d439a28747bbec26ee0.zip | |
nixosTests.mysql: add additional test{db,user}2
Test that other users are not able to access the mysql database, and unix socket auth actually works.
| -rw-r--r-- | nixos/tests/mysql.nix | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/nixos/tests/mysql.nix b/nixos/tests/mysql.nix index b6b3625cc43..924bac84e26 100644 --- a/nixos/tests/mysql.nix +++ b/nixos/tests/mysql.nix @@ -27,6 +27,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { { users.users.testuser = { }; + users.users.testuser2 = { }; services.mysql.enable = true; services.mysql.initialScript = pkgs.writeText "mariadb-init.sql" '' ALTER USER root@localhost IDENTIFIED WITH unix_socket; @@ -34,12 +35,17 @@ import ./make-test-python.nix ({ pkgs, ...} : { DELETE FROM mysql.user WHERE user = '''; FLUSH PRIVILEGES; ''; - services.mysql.ensureDatabases = [ "testdb" ]; + services.mysql.ensureDatabases = [ "testdb" "testdb2" ]; services.mysql.ensureUsers = [{ name = "testuser"; ensurePermissions = { "testdb.*" = "ALL PRIVILEGES"; }; + } { + name = "testuser2"; + ensurePermissions = { + "testdb2.*" = "ALL PRIVILEGES"; + }; }]; services.mysql.package = pkgs.mariadb; }; @@ -62,6 +68,14 @@ import ./make-test-python.nix ({ pkgs, ...} : { mariadb.succeed( "echo 'use testdb; insert into tests values (42);' | sudo -u testuser mysql -u testuser" ) + # Ensure testuser2 is not able to insert into testdb as mysql testuser2 + mariadb.fail( + "echo 'use testdb; insert into tests values (23);' | sudo -u testuser2 mysql -u testuser2" + ) + # Ensure testuser2 is not able to authenticate as mysql testuser + mariadb.fail( + "echo 'use testdb; insert into tests values (23);' | sudo -u testuser2 mysql -u testuser" + ) mariadb.succeed( "echo 'use testdb; select test_id from tests;' | sudo -u testuser mysql -u testuser -N | grep 42" ) |