blob: 924bac84e26c5e542b35b0eaa4ee36a743d5e033 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
import ./make-test-python.nix ({ pkgs, ...} : {
name = "mysql";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ eelco shlevy ];
};
nodes = {
mysql =
{ pkgs, ... }:
{
services.mysql.enable = true;
services.mysql.initialDatabases = [
{ name = "testdb"; schema = ./testdb.sql; }
{ name = "empty_testdb"; }
];
# note that using pkgs.writeText here is generally not a good idea,
# as it will store the password in world-readable /nix/store ;)
services.mysql.initialScript = pkgs.writeText "mysql-init.sql" ''
CREATE USER 'passworduser'@'localhost' IDENTIFIED BY 'password123';
'';
services.mysql.package = pkgs.mysql57;
};
mariadb =
{ pkgs, ... }:
{
users.users.testuser = { };
users.users.testuser2 = { };
services.mysql.enable = true;
services.mysql.initialScript = pkgs.writeText "mariadb-init.sql" ''
ALTER USER root@localhost IDENTIFIED WITH unix_socket;
DELETE FROM mysql.user WHERE password = ''' AND plugin = ''';
DELETE FROM mysql.user WHERE user = ''';
FLUSH PRIVILEGES;
'';
services.mysql.ensureDatabases = [ "testdb" "testdb2" ];
services.mysql.ensureUsers = [{
name = "testuser";
ensurePermissions = {
"testdb.*" = "ALL PRIVILEGES";
};
} {
name = "testuser2";
ensurePermissions = {
"testdb2.*" = "ALL PRIVILEGES";
};
}];
services.mysql.package = pkgs.mariadb;
};
};
testScript = ''
start_all()
mysql.wait_for_unit("mysql")
mysql.succeed("echo 'use empty_testdb;' | mysql -u root")
mysql.succeed("echo 'use testdb; select * from tests;' | mysql -u root -N | grep 4")
# ';' acts as no-op, just check whether login succeeds with the user created from the initialScript
mysql.succeed("echo ';' | mysql -u passworduser --password=password123")
mariadb.wait_for_unit("mysql")
mariadb.succeed(
"echo 'use testdb; create table tests (test_id INT, PRIMARY KEY (test_id));' | sudo -u testuser mysql -u testuser"
)
mariadb.succeed(
"echo 'use testdb; insert into tests values (42);' | sudo -u testuser mysql -u testuser"
)
# Ensure testuser2 is not able to insert into testdb as mysql testuser2
mariadb.fail(
"echo 'use testdb; insert into tests values (23);' | sudo -u testuser2 mysql -u testuser2"
)
# Ensure testuser2 is not able to authenticate as mysql testuser
mariadb.fail(
"echo 'use testdb; insert into tests values (23);' | sudo -u testuser2 mysql -u testuser"
)
mariadb.succeed(
"echo 'use testdb; select test_id from tests;' | sudo -u testuser mysql -u testuser -N | grep 42"
)
'';
})
|