Skip to content

nixos/openldap: fix assertion#64387

Merged
abbradar merged 1 commit intoNixOS:masterfrom
jameysharp:fix-ldap-tests
Jul 17, 2019
Merged

nixos/openldap: fix assertion#64387
abbradar merged 1 commit intoNixOS:masterfrom
jameysharp:fix-ldap-tests

Conversation

@jameysharp
Copy link
Copy Markdown
Contributor

@jameysharp jameysharp commented Jul 6, 2019

Motivation for this change

In commit d43dc68, @Mic92 split the rootpw option to allow specifying it in a file kept outside the Nix store, as an alternative to specifying the password directly in the config.

Prior to that, rootpw's type was str, but in order to allow both alternatives, it had to become nullOr str with a default of null. So I can see why this assertion, that either rootpw or rootpwFile are specified, makes sense to add here.

However, these options aren't used if the configDir option is set, so as written this assertion breaks valid configurations, including the configuration used by nixos/tests/ldap.nix.

So this patch fixes the assertion so that it doesn't fire if configDir is set.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@jameysharp
nixos/openldap: fix assertion
c5c02b9 
In commit d43dc68, @Mic92 split the
rootpw option to allow specifying it in a file kept outside the Nix
store, as an alternative to specifying the password directly in the
config.

Prior to that, rootpw's type was `str`, but in order to allow both
alternatives, it had to become `nullOr str` with a default of `null`. So
I can see why this assertion, that either rootpw or rootpwFile are
specified, makes sense to add here.

However, these options aren't used if the configDir option is set, so as
written this assertion breaks valid configurations, including the
configuration used by nixos/tests/ldap.nix.

So this patch fixes the assertion so that it doesn't fire if configDir
is set.
@ofborg ofborg bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux. labels Jul 6, 2019
@jameysharp jameysharp mentioned this pull request Jul 6, 2019
Merged
10 tasks
@jameysharp jameysharp mentioned this pull request Jul 15, 2019
Merged
10 tasks
abbradar
abbradar approved these changes Jul 15, 2019
View reviewed changes
Copy link
Copy Markdown
Member

@abbradar abbradar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems a simple fix; I'll merge this in several days provided noone else who actually uses OpenLDAP jumps in.

nixos/modules/services/databases/openldap.nix
{
assertion = cfg.rootpwFile != null || cfg.rootpw != null;
message = "Either services.openldap.rootpw or services.openldap.rootpwFile must be set";
assertion = cfg.configDir != null || cfg.rootpwFile != null || cfg.rootpw != null;
Copy link
Copy Markdown
Member

@abbradar abbradar Jul 15, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can be written as cfg.configDir == null -> cfg.rootpwFile != null || cfg.rootpw != null for more clarity, but that's completely not important.

Copy link
Copy Markdown
Contributor Author

@jameysharp jameysharp Jul 15, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for reviewing! I think that was how I wrote it originally and I found it more confusing that way. Maybe it's just confusing no matter how it's written. 😓

@abbradar
Copy link
Copy Markdown
Member

abbradar commented Jul 15, 2019

BTW what was the test that you mentioned failed before this PR?

@jameysharp
Copy link
Copy Markdown
Contributor Author

jameysharp commented Jul 15, 2019

The LDAP tests failed during nix-instantiate when I ran:

nix-build nixos/release.nix -A tests.ldap.x86_64-linux

The configuration there trips the assertion as it's currently written.

@abbradar
Copy link
Copy Markdown
Member

abbradar commented Jul 15, 2019

@GrahamcOfBorg test ldap

@jameysharp jameysharp mentioned this pull request Jul 16, 2019
Draft
10 tasks
@abbradar abbradar merged commit d4e5748 into NixOS:master Jul 17, 2019
@jameysharp jameysharp deleted the fix-ldap-tests branch July 17, 2019 17:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@abbradar abbradar abbradar approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jameysharp @abbradar