Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/openldap: fix assertion #64387

Merged
merged 1 commit into from
Jul 17, 2019
Merged

nixos/openldap: fix assertion #64387

merged 1 commit into from
Jul 17, 2019

Conversation

jameysharp
Copy link
Contributor

Motivation for this change

In commit d43dc68, @Mic92 split the rootpw option to allow specifying it in a file kept outside the Nix store, as an alternative to specifying the password directly in the config.

Prior to that, rootpw's type was str, but in order to allow both alternatives, it had to become nullOr str with a default of null. So I can see why this assertion, that either rootpw or rootpwFile are specified, makes sense to add here.

However, these options aren't used if the configDir option is set, so as written this assertion breaks valid configurations, including the configuration used by nixos/tests/ldap.nix.

So this patch fixes the assertion so that it doesn't fire if configDir is set.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@jameysharp
nixos/openldap: fix assertion
c5c02b9 
In commit d43dc68, @Mic92 split the
rootpw option to allow specifying it in a file kept outside the Nix
store, as an alternative to specifying the password directly in the
config.

Prior to that, rootpw's type was `str`, but in order to allow both
alternatives, it had to become `nullOr str` with a default of `null`. So
I can see why this assertion, that either rootpw or rootpwFile are
specified, makes sense to add here.

However, these options aren't used if the configDir option is set, so as
written this assertion breaks valid configurations, including the
configuration used by nixos/tests/ldap.nix.

So this patch fixes the assertion so that it doesn't fire if configDir
is set.
@ofborg ofborg bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux labels Jul 6, 2019
@jameysharp jameysharp mentioned this pull request Jul 6, 2019
Merged
10 tasks
@jameysharp jameysharp mentioned this pull request Jul 15, 2019
Merged
10 tasks
abbradar
abbradar approved these changes Jul 15, 2019
View reviewed changes
Copy link
Member

@abbradar abbradar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems a simple fix; I'll merge this in several days provided noone else who actually uses OpenLDAP jumps in.

nixos/modules/services/databases/openldap.nix
@@ -237,8 +237,8 @@ in
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.rootpwFile != null || cfg.rootpw != null;
message = "Either services.openldap.rootpw or services.openldap.rootpwFile must be set";
assertion = cfg.configDir != null || cfg.rootpwFile != null || cfg.rootpw != null;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can be written as cfg.configDir == null -> cfg.rootpwFile != null || cfg.rootpw != null for more clarity, but that's completely not important.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for reviewing! I think that was how I wrote it originally and I found it more confusing that way. Maybe it's just confusing no matter how it's written. 😓

@abbradar
Copy link
Member

BTW what was the test that you mentioned failed before this PR?

@jameysharp
Copy link
Contributor Author

The LDAP tests failed during nix-instantiate when I ran:

nix-build nixos/release.nix -A tests.ldap.x86_64-linux

The configuration there trips the assertion as it's currently written.

@abbradar
Copy link
Member

@GrahamcOfBorg test ldap

@jameysharp jameysharp mentioned this pull request Jul 16, 2019
Draft
10 tasks
@abbradar abbradar merged commit d4e5748 into NixOS:master Jul 17, 2019
@jameysharp jameysharp deleted the fix-ldap-tests branch July 17, 2019 17:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abbradar abbradar abbradar approved these changes

Assignees
No one assigned
Labels
6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jameysharp @abbradar