New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/krb5: allow lists in configuration #89748
Conversation
mkVal is no longer aware of the indentation depth. Indentation is added to each line of the result when it is included in nested entries.
@GrahamcOfBorg test krb5 |
@heinic I'm sorry for sleeping on this for so long. Your work looks good to me. I'm not sure why the @GrahamcOfBorg command didn't work but I ran the tests locally, and it seems fine.
Ideally I think a reasonable compromise would be to change the snapshot test so that it covers list serialisation. Would you mind making a change like this? diff --git a/nixos/tests/krb5/example-config.nix b/nixos/tests/krb5/example-config.nix
index be195b51393..e2e10a9fda8 100644
--- a/nixos/tests/krb5/example-config.nix
+++ b/nixos/tests/krb5/example-config.nix
@@ -18,7 +18,10 @@ import ../make-test-python.nix ({ pkgs, ...} : {
realms = {
"ATHENA.MIT.EDU" = {
admin_server = "athena.mit.edu";
- kdc = "athena.mit.edu";
+ kdc = [
+ "athena01.mit.edu"
+ "athena02.mit.edu"
+ ];
};
};
domain_realm = {
@@ -65,7 +68,8 @@ import ../make-test-python.nix ({ pkgs, ...} : {
[realms]
ATHENA.MIT.EDU = {
admin_server = athena.mit.edu
- kdc = athena.mit.edu
+ kdc = athena01.mit.edu
+ kdc = athena02.mit.edu
}
[domain_realm] |
Updated the relevant nixos test to match the example configuration.
Updated the test like you suggested. I also changed the example for the nixos option, so it matches the updated test. |
@ofborg test krb5 |
@heinic I don't have write access so someone else would have to merge this, but it looks good to me. |
Motivation for this change
Fix #89626
Kerberos allows multiple values for
kdc
to be specified, this should be possible by passing a list toconfig.krb5.realms.<realm>.kdc
. In general, when specifying a list, it should end up as multiple lines of<attrName> = <list item>
inkrb5.conf
.Although there has been code to accept lists, evaluating would lead to attrs to be passed to
concatMapStringsSep
instead of a list as the last parameter, causing the evaluation to fail. Because of this, removing it is not a breaking change.nixpkgs/nixos/modules/config/krb5/default.nix
Lines 52 to 53 in adc908a
Things done
Simplified indentation generation, allowing
mkRelation
to be more easily reused bymkVal
(and vice versa). Added list handling tomkRelation
and removed list handling frommkVal
.sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)There is no documentation beside the examples, changing the relevant example would be an option.