tests: test for the expected maildir and index dir locations

These are not ideal yet, but we should make them a fixture, so that we are always aware what they are for the different supported setups.
2025-06-20 04:56:09 +02:00 · 2025-06-20 04:56:09 +02:00 · 3c1cff431c
commit 3c1cff431c
parent f25495cabf
2 changed files with 214 additions and 193 deletions
--- a/tests/ldap.nix
+++ b/tests/ldap.nix
@ -90,6 +90,7 @@ in
          fqdn = "mail.example.com";
          domains = [ "example.com" ];
          localDnsResolver = false;
+          indexDir = "/var/lib/dovecot/indices";

          ldap = {
            enable = true;
@ -115,107 +116,116 @@ in
        };
      };
  };
-  testScript = ''
-    import sys
-    import re
+  testScript =
+    {
+      nodes,
+      ...
+    }:
+    ''
+      import sys
+      import re

-    machine.start()
-    machine.wait_for_unit("multi-user.target")
+      machine.start()
+      machine.wait_for_unit("multi-user.target")

-    # This function retrieves the ldap table file from a postconf
-    # command.
-    # A key lookup is achived and the returned value is compared
-    # to the expected value.
-    def test_lookup(postconf_cmdline, key, expected):
-      conf = machine.succeed(postconf_cmdline).rstrip()
-      ldap_table_path = re.match('.* =.*ldap:(.*)', conf).group(1)
-      value = machine.succeed(f"postmap -q {key} ldap:{ldap_table_path}").rstrip()
-      try:
-        assert value == expected
-      except AssertionError:
-        print(f"Expected {conf} lookup for key '{key}' to return '{expected}, but got '{value}'", file=sys.stderr)
-        raise
+      # This function retrieves the ldap table file from a postconf
+      # command.
+      # A key lookup is achived and the returned value is compared
+      # to the expected value.
+      def test_lookup(postconf_cmdline, key, expected):
+        conf = machine.succeed(postconf_cmdline).rstrip()
+        ldap_table_path = re.match('.* =.*ldap:(.*)', conf).group(1)
+        value = machine.succeed(f"postmap -q {key} ldap:{ldap_table_path}").rstrip()
+        try:
+          assert value == expected
+        except AssertionError:
+          print(f"Expected {conf} lookup for key '{key}' to return '{expected}, but got '{value}'", file=sys.stderr)
+          raise

-    with subtest("Test postmap lookups"):
-      test_lookup("postconf virtual_mailbox_maps", "alice@example.com", "alice@example.com")
-      test_lookup("postconf -P submission/inet/smtpd_sender_login_maps", "alice@example.com", "alice@example.com")
+      with subtest("Test postmap lookups"):
+        test_lookup("postconf virtual_mailbox_maps", "alice@example.com", "alice@example.com")
+        test_lookup("postconf -P submission/inet/smtpd_sender_login_maps", "alice@example.com", "alice@example.com")

-      test_lookup("postconf virtual_mailbox_maps", "bob@example.com", "bob@example.com")
-      test_lookup("postconf -P submission/inet/smtpd_sender_login_maps", "bob@example.com", "bob@example.com")
+        test_lookup("postconf virtual_mailbox_maps", "bob@example.com", "bob@example.com")
+        test_lookup("postconf -P submission/inet/smtpd_sender_login_maps", "bob@example.com", "bob@example.com")

-    with subtest("Test doveadm lookups"):
-      machine.succeed("doveadm user -u alice@example.com")
-      machine.succeed("doveadm user -u bob@example.com")
+      with subtest("Test doveadm lookups"):
+        machine.succeed("doveadm user -u alice@example.com")
+        machine.succeed("doveadm user -u bob@example.com")

-    with subtest("Files containing secrets are only readable by root"):
-      machine.succeed("ls -l /run/postfix/*.cf | grep -e '-rw------- 1 root root'")
-      machine.succeed("ls -l /run/dovecot2/dovecot-ldap.conf.ext | grep -e '-rw------- 1 root root'")
+      with subtest("Files containing secrets are only readable by root"):
+        machine.succeed("ls -l /run/postfix/*.cf | grep -e '-rw------- 1 root root'")
+        machine.succeed("ls -l /run/dovecot2/dovecot-ldap.conf.ext | grep -e '-rw------- 1 root root'")

-    with subtest("Test account/mail address binding"):
-      machine.fail(" ".join([
-        "mail-check send-and-read",
-        "--smtp-port 587",
-        "--smtp-starttls",
-        "--smtp-host localhost",
-        "--smtp-username alice@example.com",
-        "--imap-host localhost",
-        "--imap-username bob@example.com",
-        "--from-addr bob@example.com",
-        "--to-addr aliceb@example.com",
-        "--src-password-file <(echo '${alicePassword}')",
-        "--dst-password-file <(echo '${bobPassword}')",
-        "--ignore-dkim-spf"
-      ]))
-      machine.succeed("journalctl -u postfix | grep -q 'Sender address rejected: not owned by user alice@example.com'")
+      with subtest("Test account/mail address binding"):
+        machine.fail(" ".join([
+          "mail-check send-and-read",
+          "--smtp-port 587",
+          "--smtp-starttls",
+          "--smtp-host localhost",
+          "--smtp-username alice@example.com",
+          "--imap-host localhost",
+          "--imap-username bob@example.com",
+          "--from-addr bob@example.com",
+          "--to-addr aliceb@example.com",
+          "--src-password-file <(echo '${alicePassword}')",
+          "--dst-password-file <(echo '${bobPassword}')",
+          "--ignore-dkim-spf"
+        ]))
+        machine.succeed("journalctl -u postfix | grep -q 'Sender address rejected: not owned by user alice@example.com'")

-    with subtest("Test mail delivery"):
-      machine.succeed(" ".join([
-        "mail-check send-and-read",
-        "--smtp-port 587",
-        "--smtp-starttls",
-        "--smtp-host localhost",
-        "--smtp-username alice@example.com",
-        "--imap-host localhost",
-        "--imap-username bob@example.com",
-        "--from-addr alice@example.com",
-        "--to-addr bob@example.com",
-        "--src-password-file <(echo '${alicePassword}')",
-        "--dst-password-file <(echo '${bobPassword}')",
-        "--ignore-dkim-spf"
-      ]))
+      with subtest("Test mail delivery"):
+        machine.succeed(" ".join([
+          "mail-check send-and-read",
+          "--smtp-port 587",
+          "--smtp-starttls",
+          "--smtp-host localhost",
+          "--smtp-username alice@example.com",
+          "--imap-host localhost",
+          "--imap-username bob@example.com",
+          "--from-addr alice@example.com",
+          "--to-addr bob@example.com",
+          "--src-password-file <(echo '${alicePassword}')",
+          "--dst-password-file <(echo '${bobPassword}')",
+          "--ignore-dkim-spf"
+        ]))

-    with subtest("Test mail forwarding works"):
-      machine.succeed(" ".join([
-        "mail-check send-and-read",
-        "--smtp-port 587",
-        "--smtp-starttls",
-        "--smtp-host localhost",
-        "--smtp-username alice@example.com",
-        "--imap-host localhost",
-        "--imap-username bob@example.com",
-        "--from-addr alice@example.com",
-        "--to-addr bob_fw@example.com",
-        "--src-password-file <(echo '${alicePassword}')",
-        "--dst-password-file <(echo '${bobPassword}')",
-        "--ignore-dkim-spf"
-      ]))
+      with subtest("Test mail forwarding works"):
+        machine.succeed(" ".join([
+          "mail-check send-and-read",
+          "--smtp-port 587",
+          "--smtp-starttls",
+          "--smtp-host localhost",
+          "--smtp-username alice@example.com",
+          "--imap-host localhost",
+          "--imap-username bob@example.com",
+          "--from-addr alice@example.com",
+          "--to-addr bob_fw@example.com",
+          "--src-password-file <(echo '${alicePassword}')",
+          "--dst-password-file <(echo '${bobPassword}')",
+          "--ignore-dkim-spf"
+        ]))

-    with subtest("Test cannot send mail from forwarded address"):
-      machine.fail(" ".join([
-        "mail-check send-and-read",
-        "--smtp-port 587",
-        "--smtp-starttls",
-        "--smtp-host localhost",
-        "--smtp-username bob@example.com",
-        "--imap-host localhost",
-        "--imap-username alice@example.com",
-        "--from-addr bob_fw@example.com",
-        "--to-addr alice@example.com",
-        "--src-password-file <(echo '${bobPassword}')",
-        "--dst-password-file <(echo '${alicePassword}')",
-        "--ignore-dkim-spf"
-      ]))
-      machine.succeed("journalctl -u postfix | grep -q 'Sender address rejected: not owned by user bob@example.com'")
+      with subtest("Test cannot send mail from forwarded address"):
+        machine.fail(" ".join([
+          "mail-check send-and-read",
+          "--smtp-port 587",
+          "--smtp-starttls",
+          "--smtp-host localhost",
+          "--smtp-username bob@example.com",
+          "--imap-host localhost",
+          "--imap-username alice@example.com",
+          "--from-addr bob_fw@example.com",
+          "--to-addr alice@example.com",
+          "--src-password-file <(echo '${bobPassword}')",
+          "--dst-password-file <(echo '${alicePassword}')",
+          "--ignore-dkim-spf"
+        ]))
+        machine.succeed("journalctl -u postfix | grep -q 'Sender address rejected: not owned by user bob@example.com'")

-  '';
+      with subtest("Check dovecot mail and index locations"):
+        # If these paths change we need a migration
+        machine.succeed("doveadm user -f home bob@example.com | grep ${nodes.machine.config.mailserver.mailDirectory}/ldap/bob@example.com")
+        machine.succeed("doveadm user -f mail bob@example.com | grep 'maildir:~/mail:INDEX=${nodes.machine.config.mailserver.indexDir}/ldap/bob@example.com'")
+    '';
 }