Merge pull request #164660 from ncfavier/tests-restrict-arguments

nixos/testing: restrict arguments to makeTest

lib/default.nix

@@ -68,7 +68,8 @@ let
       bitNot boolToString mergeAttrs flip mapNullable inNixShell isFloat min max
       importJSON importTOML warn warnIf throwIfNot checkListOfEnum
       info showWarnings nixpkgsVersion version isInOldestRelease
-      mod compare splitByAndCompare functionArgs setFunctionArgs isFunction
+      mod compare splitByAndCompare
+      functionArgs setFunctionArgs isFunction toFunction
       toHexString toBaseDigits;
     inherit (self.fixedPoints) fix fix' converge extends composeExtensions
       composeManyExtensions makeExtensible makeExtensibleWithCustomName;
@@ -113,7 +114,7 @@ let
       commitIdFromGitRepo cleanSourceWith pathHasContext
       canCleanSource pathIsRegularFile pathIsGitRepo;
     inherit (self.modules) evalModules setDefaultModuleLocation
-      unifyModuleSyntax applyIfFunction mergeModules
+      unifyModuleSyntax applyModuleArgsIfFunction mergeModules
       mergeModules' mergeOptionDecls evalOptionValue mergeDefinitions
       pushDownProperties dischargeProperties filterOverrides
       sortProperties fixupOptionType mkIf mkAssert mkMerge mkOverride

lib/modules.nix

@@ -282,11 +282,11 @@ rec {
       # Like unifyModuleSyntax, but also imports paths and calls functions if necessary
       loadModule = args: fallbackFile: fallbackKey: m:
         if isFunction m || isAttrs m then
-          unifyModuleSyntax fallbackFile fallbackKey (applyIfFunction fallbackKey m args)
+          unifyModuleSyntax fallbackFile fallbackKey (applyModuleArgsIfFunction fallbackKey m args)
         else if isList m then
           let defs = [{ file = fallbackFile; value = m; }]; in
           throw "Module imports can't be nested lists. Perhaps you meant to remove one level of lists? Definitions: ${showDefs defs}"
-        else unifyModuleSyntax (toString m) (toString m) (applyIfFunction (toString m) (import m) args);
+        else unifyModuleSyntax (toString m) (toString m) (applyModuleArgsIfFunction (toString m) (import m) args);
 
       /*
       Collects all modules recursively into the form
@@ -383,7 +383,7 @@ rec {
         config = addFreeformType (addMeta (removeAttrs m ["_file" "key" "disabledModules" "require" "imports" "freeformType"]));
       };
 
-  applyIfFunction = key: f: args@{ config, options, lib, ... }: if isFunction f then
+  applyModuleArgsIfFunction = key: f: args@{ config, options, lib, ... }: if isFunction f then
     let
       # Module arguments are resolved in a strict manner when attribute set
       # deconstruction is used.  As the arguments are now defined with the

lib/trivial.nix

@@ -441,6 +441,25 @@ rec {
   isFunction = f: builtins.isFunction f ||
     (f ? __functor && isFunction (f.__functor f));
 
+  /*
+    Turns any non-callable values into constant functions.
+    Returns callable values as is.
+
+    Example:
+
+      nix-repl> lib.toFunction 1 2
+      1
+
+      nix-repl> lib.toFunction (x: x + 1) 2
+      3
+  */
+  toFunction =
+    # Any value
+    v:
+    if isFunction v
+    then v
+    else k: v;
+
   /* Convert the given positive integer to a string of its hexadecimal
      representation. For example:
 

nixos/lib/testing-python.nix

@@ -146,26 +146,28 @@ rec {
 
   # Make a full-blown test
   makeTest =
-    { testScript
+    { machine ? null
+    , nodes ? {}
+    , testScript
     , enableOCR ? false
     , name ? "unnamed"
       # Skip linting (mainly intended for faster dev cycles)
     , skipLint ? false
     , passthru ? {}
+    , meta ? {}
     , # For meta.position
       pos ? # position used in error messages and for meta.position
-        (if t.meta.description or null != null
-          then builtins.unsafeGetAttrPos "description" t.meta
+        (if meta.description or null != null
+          then builtins.unsafeGetAttrPos "description" meta
           else builtins.unsafeGetAttrPos "testScript" t)
-    , ...
     } @ t:
     let
-      nodes = qemu_pkg:
+      mkNodes = qemu_pkg:
         let
           testScript' =
             # Call the test script with the computed nodes.
             if lib.isFunction testScript
-            then testScript { nodes = nodes qemu_pkg; }
+            then testScript { nodes = mkNodes qemu_pkg; }
             else testScript;
 
           build-vms = import ./build-vms.nix {
@@ -205,33 +207,29 @@ rec {
           };
         in
           build-vms.buildVirtualNetwork (
-              t.nodes or (if t ? machine then { machine = t.machine; } else { })
+              nodes // lib.optionalAttrs (machine != null) { inherit machine; }
           );
 
       driver = setupDriverForTest {
         inherit testScript enableOCR skipLint passthru;
         testName = name;
         qemu_pkg = pkgs.qemu_test;
-        nodes = nodes pkgs.qemu_test;
+        nodes = mkNodes pkgs.qemu_test;
       };
       driverInteractive = setupDriverForTest {
         inherit testScript enableOCR skipLint passthru;
         testName = name;
         qemu_pkg = pkgs.qemu;
-        nodes = nodes pkgs.qemu;
+        nodes = mkNodes pkgs.qemu;
         interactive = true;
       };
 
-      test =
-        let
-          passMeta = drv: drv // lib.optionalAttrs (t ? meta) {
-            meta = (drv.meta or { }) // t.meta;
-          };
-        in passMeta (runTests { inherit driver pos driverInteractive; });
+      test = lib.addMetaAttrs meta (runTests { inherit driver pos driverInteractive; });
 
     in
       test // {
-        inherit test driver driverInteractive nodes;
+        inherit test driver driverInteractive;
+        inherit (driver) nodes;
       };
 
   abortForFunction = functionName: abort ''The ${functionName} function was

nixos/modules/installer/tools/tools.nix

@@ -117,7 +117,7 @@ in
     '';
   };
 
-  config = lib.mkIf (!config.system.disableInstallerTools) {
+  config = lib.mkIf (config.nix.enable && !config.system.disableInstallerTools) {
 
     system.nixos-generate-config.configuration = mkDefault ''
       # Edit this configuration file to define what should be installed on

nixos/modules/services/misc/nix-gc.nix

@@ -81,8 +81,14 @@ in
   ###### implementation
 
   config = {
-
-    systemd.services.nix-gc = {
+    assertions = [
+      {
+        assertion = cfg.automatic -> config.nix.enable;
+        message = ''nix.gc.automatic requires nix.enable'';
+      }
+    ];
+
+    systemd.services.nix-gc = lib.mkIf config.nix.enable {
       description = "Nix Garbage Collector";
       script = "exec ${config.nix.package.out}/bin/nix-collect-garbage ${cfg.options}";
       startAt = optional cfg.automatic cfg.dates;

nixos/modules/services/misc/nix-optimise.nix

@@ -37,8 +37,14 @@ in
   ###### implementation
 
   config = {
-
-    systemd.services.nix-optimise =
+    assertions = [
+      {
+        assertion = cfg.automatic -> config.nix.enable;
+        message = ''nix.optimise.automatic requires nix.enable'';
+      }
+    ];
+
+    systemd.services.nix-optimise = lib.mkIf config.nix.enable
       { description = "Nix Store Optimiser";
         # No point this if the nix daemon (and thus the nix store) is outside
         unitConfig.ConditionPathIsReadWrite = "/nix/var/nix/daemon-socket";

nixos/modules/virtualisation/qemu-vm.nix

@@ -796,7 +796,7 @@ in
     # allow `system.build.toplevel' to be included.  (If we had a direct
     # reference to ${regInfo} here, then we would get a cyclic
     # dependency.)
-    boot.postBootCommands =
+    boot.postBootCommands = lib.mkIf config.nix.enable
       ''
         if [[ "$(cat /proc/cmdline)" =~ regInfo=([^ ]*) ]]; then
           ${config.nix.package.out}/bin/nix-store --load-db < ''${BASH_REMATCH[1]}

nixos/tests/boot.nix

@@ -38,7 +38,6 @@ let
       } // extraConfig);
     in
       makeTest {
-        inherit iso;
         name = "boot-" + name;
         nodes = { };
         testScript =

nixos/tests/caddy.nix

@@ -7,7 +7,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
   nodes = {
     webserver = { pkgs, lib, ... }: {
       services.caddy.enable = true;
-      services.caddy.config = ''
+      services.caddy.extraConfig = ''
         http://localhost {
           encode gzip
 
@@ -22,7 +22,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
       '';
 
       specialisation.etag.configuration = {
-        services.caddy.config = lib.mkForce ''
+        services.caddy.extraConfig = lib.mkForce ''
           http://localhost {
             encode gzip
 
@@ -38,7 +38,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
       };
 
       specialisation.config-reload.configuration = {
-        services.caddy.config = ''
+        services.caddy.extraConfig = ''
           http://localhost:8080 {
           }
         '';

nixos/tests/ceph-multi-node.nix

@@ -48,7 +48,7 @@ let
       sudo
       ceph
       xfsprogs
-      netcat-openbsd
+      libressl.nc
     ];
 
     boot.kernelModules = [ "xfs" ];

nixos/tests/chromium.nix

@@ -15,26 +15,9 @@
 with import ../lib/testing-python.nix { inherit system pkgs; };
 with pkgs.lib;
 
-mapAttrs (channel: chromiumPkg: makeTest rec {
-  name = "chromium-${channel}";
-  meta = {
-    maintainers = with maintainers; [ aszlig primeos ];
-    # https://github.com/NixOS/hydra/issues/591#issuecomment-435125621
-    inherit (chromiumPkg.meta) timeout;
-  };
-
-  enableOCR = true;
-
+let
   user = "alice";
 
-  machine.imports = [ ./common/user-account.nix ./common/x11.nix ];
-  machine.virtualisation.memorySize = 2047;
-  machine.test-support.displayManager.auto.user = user;
-  machine.environment = {
-    systemPackages = [ chromiumPkg ];
-    variables."XAUTHORITY" = "/home/alice/.Xauthority";
-  };
-
   startupHTML = pkgs.writeText "chromium-startup.html" ''
     <!DOCTYPE html>
     <html>
@@ -50,6 +33,25 @@ mapAttrs (channel: chromiumPkg: makeTest rec {
     </body>
     </html>
   '';
+in
+
+mapAttrs (channel: chromiumPkg: makeTest {
+  name = "chromium-${channel}";
+  meta = {
+    maintainers = with maintainers; [ aszlig primeos ];
+    # https://github.com/NixOS/hydra/issues/591#issuecomment-435125621
+    inherit (chromiumPkg.meta) timeout;
+  };
+
+  enableOCR = true;
+
+  machine.imports = [ ./common/user-account.nix ./common/x11.nix ];
+  machine.virtualisation.memorySize = 2047;
+  machine.test-support.displayManager.auto.user = user;
+  machine.environment = {
+    systemPackages = [ chromiumPkg ];
+    variables."XAUTHORITY" = "/home/alice/.Xauthority";
+  };
 
   testScript = let
     xdo = name: text: let

nixos/tests/cri-o.nix

@@ -1,7 +1,7 @@
 # This test runs CRI-O and verifies via critest
 import ./make-test-python.nix ({ pkgs, ... }: {
   name = "cri-o";
-  maintainers = with pkgs.lib.maintainers; teams.podman.members;
+  meta.maintainers = with pkgs.lib.maintainers; teams.podman.members;
 
   nodes = {
     crio = {

nixos/tests/gitolite-fcgiwrap.nix

@@ -20,7 +20,7 @@ import ./make-test-python.nix (
         nodes = {
 
           server =
-            { ... }:
+            { config, ... }:
               {
                 networking.firewall.allowedTCPPorts = [ 80 ];
 

nixos/tests/jitsi-meet.nix

@@ -21,9 +21,9 @@ import ./make-test-python.nix ({ pkgs, ... }: {
         forceSSL = true;
       };
 
-      security.acme.email = "me@example.org";
       security.acme.acceptTerms = true;
-      security.acme.server = "https://example.com"; # self-signed only
+      security.acme.defaults.email = "me@example.org";
+      security.acme.defaults.server = "https://example.com"; # self-signed only
     };
   };
 

nixos/tests/misc.nix

@@ -1,13 +1,13 @@
 # Miscellaneous small tests that don't warrant their own VM run.
 
-import ./make-test-python.nix ({ pkgs, ...} : rec {
+import ./make-test-python.nix ({ pkgs, ...} : let
+  foo = pkgs.writeText "foo" "Hello World";
+in {
   name = "misc";
   meta = with pkgs.lib.maintainers; {
     maintainers = [ eelco ];
   };
 
-  foo = pkgs.writeText "foo" "Hello World";
-
   machine =
     { lib, ... }:
     with lib;

nixos/tests/rstudio-server.nix

@@ -14,12 +14,6 @@ import ./make-test-python.nix ({ pkgs, ... }:
       };
     };
 
-    users.testuser = {
-      uid = 1000;
-      group = "testgroup";
-    };
-    groups.testgroup.gid = 1000;
-
     testScript = ''
       machine.wait_for_unit("rstudio-server.service")
       machine.succeed("curl -f -vvv -s http://127.0.0.1:8787")

nixos/tests/step-ca.nix

@@ -42,8 +42,8 @@ import ./make-test-python.nix ({ pkgs, ... }:
 
         caclient =
           { config, pkgs, ... }: {
-            security.acme.server = "https://caserver:8443/acme/acme/directory";
-            security.acme.email = "root@example.org";
+            security.acme.defaults.server = "https://caserver:8443/acme/acme/directory";
+            security.acme.defaults.email = "root@example.org";
             security.acme.acceptTerms = true;
 
             security.pki.certificateFiles = [ "${test-certificates}/root_ca.crt" ];

nixos/tests/tor.nix

@@ -1,24 +1,19 @@
 import ./make-test-python.nix ({ lib, ... }: with lib;
 
-rec {
+{
   name = "tor";
   meta.maintainers = with maintainers; [ joachifm ];
 
-  common =
-    { ... }:
-    { boot.kernelParams = [ "audit=0" "apparmor=0" "quiet" ];
-      networking.firewall.enable = false;
-      networking.useDHCP = false;
-    };
+  nodes.client = { pkgs, ... }: {
+    boot.kernelParams = [ "audit=0" "apparmor=0" "quiet" ];
+    networking.firewall.enable = false;
+    networking.useDHCP = false;
 
-  nodes.client =
-    { pkgs, ... }:
-    { imports = [ common ];
-      environment.systemPackages = with pkgs; [ netcat ];
-      services.tor.enable = true;
-      services.tor.client.enable = true;
-      services.tor.settings.ControlPort = 9051;
-    };
+    environment.systemPackages = with pkgs; [ netcat ];
+    services.tor.enable = true;
+    services.tor.client.enable = true;
+    services.tor.settings.ControlPort = 9051;
+  };
 
   testScript = ''
     client.wait_for_unit("tor.service")

nixos/tests/without-nix.nix

@@ -4,14 +4,23 @@ import ./make-test-python.nix ({ lib, ... }: {
     maintainers = [ ericson2314 ];
   };
 
-  nixpkgs.overlays = [
-    (self: super: {
-      nix = throw "don't want to use this";
-    })
-  ];
-
   nodes.machine = { ... }: {
     nix.enable = false;
+    nixpkgs.overlays = [
+      (self: super: {
+        nix = throw "don't want to use pkgs.nix";
+        nixVersions = lib.mapAttrs (k: throw "don't want to use pkgs.nixVersions.${k}") super.nixVersions;
+        # aliases, some deprecated
+        nix_2_3 = throw "don't want to use pkgs.nix_2_3";
+        nix_2_4 = throw "don't want to use pkgs.nix_2_4";
+        nix_2_5 = throw "don't want to use pkgs.nix_2_5";
+        nix_2_6 = throw "don't want to use pkgs.nix_2_6";
+        nixFlakes = throw "don't want to use pkgs.nixFlakes";
+        nixStable = throw "don't want to use pkgs.nixStable";
+        nixUnstable = throw "don't want to use pkgs.nixUnstable";
+        nixStatic = throw "don't want to use pkgs.nixStatic";
+      })
+    ];
   };
 
   testScript = ''

pkgs/test/nixos-functions/default.nix

@@ -26,14 +26,14 @@ in lib.optionalAttrs stdenv.hostPlatform.isLinux (
       fileSystems."/".device = "/dev/null";
     }).toplevel;
 
-    nixosTest-test = pkgs.nixosTest ({ lib, pkgs, ... }: {
+    nixosTest-test = pkgs.nixosTest ({ lib, pkgs, figlet, ... }: {
       name = "nixosTest-test";
       machine = { pkgs, ... }: {
         system.nixos = dummyVersioning;
-        environment.systemPackages = [ pkgs.hello ];
+        environment.systemPackages = [ pkgs.hello figlet ];
       };
       testScript = ''
-        machine.succeed("hello")
+        machine.succeed("hello | figlet >/dev/console")
       '';
     });
 

pkgs/top-level/all-packages.nix

@@ -33715,9 +33715,7 @@ with pkgs;
           loadedTest = if builtins.typeOf test == "path"
             then import test
             else test;
-          calledTest = if lib.isFunction loadedTest
-            then callPackage loadedTest {}
-            else loadedTest;
+          calledTest = lib.toFunction loadedTest pkgs;
         in
           nixosTesting.makeTest calledTest;