Fix DerivationOptions JSON implementation and test

2025-11-08 11:36:03 +01:00 · 2025-11-04 01:22:20 -05:00 · 2025-11-04 01:22:20 -05:00 · d05e85e5be
commit d05e85e5be
parent 9daef9cca2
11 changed files with 326 additions and 18 deletions
--- a/src/libstore-tests/data/derivation/ca/all_set.json
+++ b/src/libstore-tests/data/derivation/ca/all_set.json
@ -0,0 +1,46 @@
+{
+  "additionalSandboxProfile": "sandcastle",
+  "allowLocalNetworking": true,
+  "allowSubstitutes": false,
+  "exportReferencesGraph": {
+    "refs1": [
+      "/164j69y6zir9z0339n8pjigg3rckinlr77bxsavzizdaaljb7nh9"
+    ],
+    "refs2": [
+      "/nix/store/qnml92yh97a6fbrs2m5qg5cqlc8vni58-bar.drv"
+    ]
+  },
+  "impureEnvVars": [
+    "UNICORN"
+  ],
+  "impureHostDeps": [
+    "/usr/bin/ditto"
+  ],
+  "noChroot": true,
+  "outputChecks": {
+    "forAllOutputs": {
+      "allowedReferences": [
+        "/164j69y6zir9z0339n8pjigg3rckinlr77bxsavzizdaaljb7nh9"
+      ],
+      "allowedRequisites": [
+        "/0nr45p69vn6izw9446wsh9bng9nndhvn19kpsm4n96a5mycw0s4z"
+      ],
+      "disallowedReferences": [
+        "/0nyw57wm2iicnm9rglvjmbci3ikmcp823czdqdzdcgsnnwqps71g"
+      ],
+      "disallowedRequisites": [
+        "/07f301yqyz8c6wf6bbbavb2q39j4n8kmcly1s09xadyhgy6x2wr8"
+      ],
+      "ignoreSelfRefs": true,
+      "maxClosureSize": null,
+      "maxSize": null
+    }
+  },
+  "passAsFile": [],
+  "preferLocalBuild": true,
+  "requiredSystemFeatures": [
+    "rainbow",
+    "uid-range"
+  ],
+  "unsafeDiscardReferences": {}
+}
--- a/src/libstore-tests/data/derivation/ca/structuredAttrs_all_set.json
+++ b/src/libstore-tests/data/derivation/ca/structuredAttrs_all_set.json
@ -0,0 +1,66 @@
+{
+  "additionalSandboxProfile": "sandcastle",
+  "allowLocalNetworking": true,
+  "allowSubstitutes": false,
+  "exportReferencesGraph": {
+    "refs1": [
+      "/164j69y6zir9z0339n8pjigg3rckinlr77bxsavzizdaaljb7nh9"
+    ],
+    "refs2": [
+      "/nix/store/qnml92yh97a6fbrs2m5qg5cqlc8vni58-bar.drv"
+    ]
+  },
+  "impureEnvVars": [
+    "UNICORN"
+  ],
+  "impureHostDeps": [
+    "/usr/bin/ditto"
+  ],
+  "noChroot": true,
+  "outputChecks": {
+    "perOutput": {
+      "bin": {
+        "allowedReferences": null,
+        "allowedRequisites": null,
+        "disallowedReferences": [
+          "/0nyw57wm2iicnm9rglvjmbci3ikmcp823czdqdzdcgsnnwqps71g"
+        ],
+        "disallowedRequisites": [
+          "/07f301yqyz8c6wf6bbbavb2q39j4n8kmcly1s09xadyhgy6x2wr8"
+        ],
+        "ignoreSelfRefs": false,
+        "maxClosureSize": null,
+        "maxSize": null
+      },
+      "dev": {
+        "allowedReferences": null,
+        "allowedRequisites": null,
+        "disallowedReferences": [],
+        "disallowedRequisites": [],
+        "ignoreSelfRefs": false,
+        "maxClosureSize": 5909,
+        "maxSize": 789
+      },
+      "out": {
+        "allowedReferences": [
+          "/164j69y6zir9z0339n8pjigg3rckinlr77bxsavzizdaaljb7nh9"
+        ],
+        "allowedRequisites": [
+          "/0nr45p69vn6izw9446wsh9bng9nndhvn19kpsm4n96a5mycw0s4z"
+        ],
+        "disallowedReferences": [],
+        "disallowedRequisites": [],
+        "ignoreSelfRefs": false,
+        "maxClosureSize": null,
+        "maxSize": null
+      }
+    }
+  },
+  "passAsFile": [],
+  "preferLocalBuild": true,
+  "requiredSystemFeatures": [
+    "rainbow",
+    "uid-range"
+  ],
+  "unsafeDiscardReferences": {}
+}
--- a/src/libstore-tests/data/derivation/ia/all_set.json
+++ b/src/libstore-tests/data/derivation/ia/all_set.json
@ -0,0 +1,46 @@
+{
+  "additionalSandboxProfile": "sandcastle",
+  "allowLocalNetworking": true,
+  "allowSubstitutes": false,
+  "exportReferencesGraph": {
+    "refs1": [
+      "/nix/store/p0hax2lzvjpfc2gwkk62xdglz0fcqfzn-foo"
+    ],
+    "refs2": [
+      "/nix/store/vj2i49jm2868j2fmqvxm70vlzmzvgv14-bar.drv"
+    ]
+  },
+  "impureEnvVars": [
+    "UNICORN"
+  ],
+  "impureHostDeps": [
+    "/usr/bin/ditto"
+  ],
+  "noChroot": true,
+  "outputChecks": {
+    "forAllOutputs": {
+      "allowedReferences": [
+        "/nix/store/p0hax2lzvjpfc2gwkk62xdglz0fcqfzn-foo"
+      ],
+      "allowedRequisites": [
+        "/nix/store/z0rjzy29v9k5qa4nqpykrbzirj7sd43v-foo-dev"
+      ],
+      "disallowedReferences": [
+        "/nix/store/r5cff30838majxk5mp3ip2diffi8vpaj-bar"
+      ],
+      "disallowedRequisites": [
+        "/nix/store/9b61w26b4avv870dw0ymb6rw4r1hzpws-bar-dev"
+      ],
+      "ignoreSelfRefs": true,
+      "maxClosureSize": null,
+      "maxSize": null
+    }
+  },
+  "passAsFile": [],
+  "preferLocalBuild": true,
+  "requiredSystemFeatures": [
+    "rainbow",
+    "uid-range"
+  ],
+  "unsafeDiscardReferences": {}
+}
--- a/src/libstore-tests/data/derivation/ia/defaults.json
+++ b/src/libstore-tests/data/derivation/ia/defaults.json
@ -0,0 +1,24 @@
+{
+  "additionalSandboxProfile": "",
+  "allowLocalNetworking": false,
+  "allowSubstitutes": true,
+  "exportReferencesGraph": {},
+  "impureEnvVars": [],
+  "impureHostDeps": [],
+  "noChroot": false,
+  "outputChecks": {
+    "forAllOutputs": {
+      "allowedReferences": null,
+      "allowedRequisites": null,
+      "disallowedReferences": [],
+      "disallowedRequisites": [],
+      "ignoreSelfRefs": true,
+      "maxClosureSize": null,
+      "maxSize": null
+    }
+  },
+  "passAsFile": [],
+  "preferLocalBuild": false,
+  "requiredSystemFeatures": [],
+  "unsafeDiscardReferences": {}
+}
--- a/src/libstore-tests/data/derivation/ia/structuredAttrs_all_set.json
+++ b/src/libstore-tests/data/derivation/ia/structuredAttrs_all_set.json
@ -0,0 +1,66 @@
+{
+  "additionalSandboxProfile": "sandcastle",
+  "allowLocalNetworking": true,
+  "allowSubstitutes": false,
+  "exportReferencesGraph": {
+    "refs1": [
+      "/nix/store/p0hax2lzvjpfc2gwkk62xdglz0fcqfzn-foo"
+    ],
+    "refs2": [
+      "/nix/store/vj2i49jm2868j2fmqvxm70vlzmzvgv14-bar.drv"
+    ]
+  },
+  "impureEnvVars": [
+    "UNICORN"
+  ],
+  "impureHostDeps": [
+    "/usr/bin/ditto"
+  ],
+  "noChroot": true,
+  "outputChecks": {
+    "perOutput": {
+      "bin": {
+        "allowedReferences": null,
+        "allowedRequisites": null,
+        "disallowedReferences": [
+          "/nix/store/r5cff30838majxk5mp3ip2diffi8vpaj-bar"
+        ],
+        "disallowedRequisites": [
+          "/nix/store/9b61w26b4avv870dw0ymb6rw4r1hzpws-bar-dev"
+        ],
+        "ignoreSelfRefs": false,
+        "maxClosureSize": null,
+        "maxSize": null
+      },
+      "dev": {
+        "allowedReferences": null,
+        "allowedRequisites": null,
+        "disallowedReferences": [],
+        "disallowedRequisites": [],
+        "ignoreSelfRefs": false,
+        "maxClosureSize": 5909,
+        "maxSize": 789
+      },
+      "out": {
+        "allowedReferences": [
+          "/nix/store/p0hax2lzvjpfc2gwkk62xdglz0fcqfzn-foo"
+        ],
+        "allowedRequisites": [
+          "/nix/store/z0rjzy29v9k5qa4nqpykrbzirj7sd43v-foo-dev"
+        ],
+        "disallowedReferences": [],
+        "disallowedRequisites": [],
+        "ignoreSelfRefs": false,
+        "maxClosureSize": null,
+        "maxSize": null
+      }
+    }
+  },
+  "passAsFile": [],
+  "preferLocalBuild": true,
+  "requiredSystemFeatures": [
+    "rainbow",
+    "uid-range"
+  ],
+  "unsafeDiscardReferences": {}
+}
--- a/src/libstore-tests/data/derivation/ia/structuredAttrs_defaults.json
+++ b/src/libstore-tests/data/derivation/ia/structuredAttrs_defaults.json
@ -0,0 +1,16 @@
+{
+  "additionalSandboxProfile": "",
+  "allowLocalNetworking": false,
+  "allowSubstitutes": true,
+  "exportReferencesGraph": {},
+  "impureEnvVars": [],
+  "impureHostDeps": [],
+  "noChroot": false,
+  "outputChecks": {
+    "perOutput": {}
+  },
+  "passAsFile": [],
+  "preferLocalBuild": false,
+  "requiredSystemFeatures": [],
+  "unsafeDiscardReferences": {}
+}
--- a/src/libstore-tests/derivation-advanced-attrs.cc
+++ b/src/libstore-tests/derivation-advanced-attrs.cc
@ -10,13 +10,15 @@
 #include "nix/util/json-utils.hh"

 #include "nix/store/tests/libstore.hh"
-#include "nix/util/tests/characterization.hh"
+#include "nix/util/tests/json-characterization.hh"

 namespace nix {

 using namespace nlohmann;

-class DerivationAdvancedAttrsTest : public CharacterizationTest, public LibStoreTest
+class DerivationAdvancedAttrsTest : public JsonCharacterizationTest<Derivation>,
+                                    public JsonCharacterizationTest<DerivationOptions>,
+                                    public LibStoreTest
 {
 protected:
    std::filesystem::path unitTestData = getUnitTestData() / "derivation" / "ia";
@ -454,4 +456,23 @@ TEST_F(CaDerivationAdvancedAttrsTest, advancedAttributes_structuredAttrs)
        {"rainbow", "uid-range", "ca-derivations"});
 };

+#define TEST_JSON_OPTIONS(FIXUTURE, VAR, VAR2)                                                             \
+    TEST_F(FIXUTURE, DerivationOptions_##VAR##_from_json)                                                  \
+    {                                                                                                      \
+        this->JsonCharacterizationTest<DerivationOptions>::readJsonTest(#VAR, advancedAttributes_##VAR2);  \
+    }                                                                                                      \
+    TEST_F(FIXUTURE, DerivationOptions_##VAR##_to_json)                                                    \
+    {                                                                                                      \
+        this->JsonCharacterizationTest<DerivationOptions>::writeJsonTest(#VAR, advancedAttributes_##VAR2); \
+    }
+
+TEST_JSON_OPTIONS(DerivationAdvancedAttrsTest, defaults, defaults)
+TEST_JSON_OPTIONS(DerivationAdvancedAttrsTest, all_set, ia)
+TEST_JSON_OPTIONS(CaDerivationAdvancedAttrsTest, all_set, ca)
+TEST_JSON_OPTIONS(DerivationAdvancedAttrsTest, structuredAttrs_defaults, structuredAttrs_defaults)
+TEST_JSON_OPTIONS(DerivationAdvancedAttrsTest, structuredAttrs_all_set, structuredAttrs_ia)
+TEST_JSON_OPTIONS(CaDerivationAdvancedAttrsTest, structuredAttrs_all_set, structuredAttrs_ca)
+
+#undef TEST_JSON_OPTIONS
+
 } // namespace nix
--- a/src/libstore/derivation-options.cc
+++ b/src/libstore/derivation-options.cc
@ -176,13 +176,26 @@ DerivationOptions::fromStructuredAttrs(const StringMap & env, const StructuredAt
                            return {};
                        };

-                        checks.allowedReferences = get_("allowedReferences");
-                        checks.allowedRequisites = get_("allowedRequisites");
-                        checks.disallowedReferences = get_("disallowedReferences").value_or(StringSet{});
-                        checks.disallowedRequisites = get_("disallowedRequisites").value_or(StringSet{});
-                        ;
-
-                        res.insert_or_assign(outputName, std::move(checks));
+                        res.insert_or_assign(
+                            outputName,
+                            OutputChecks{
+                                .maxSize = [&]() -> std::optional<uint64_t> {
+                                    if (auto maxSize = get(output, "maxSize"))
+                                        return maxSize->get<uint64_t>();
+                                    else
+                                        return std::nullopt;
+                                }(),
+                                .maxClosureSize = [&]() -> std::optional<uint64_t> {
+                                    if (auto maxClosureSize = get(output, "maxClosureSize"))
+                                        return maxClosureSize->get<uint64_t>();
+                                    else
+                                        return std::nullopt;
+                                }(),
+                                .allowedReferences = get_("allowedReferences"),
+                                .disallowedReferences = get_("disallowedReferences").value_or(StringSet{}),
+                                .allowedRequisites = get_("allowedRequisites"),
+                                .disallowedRequisites = get_("disallowedRequisites").value_or(StringSet{}),
+                            });
                    }
                }
                return res;
@ -364,6 +377,7 @@ DerivationOptions adl_serializer<DerivationOptions>::from_json(const json & json

        .unsafeDiscardReferences = valueAt(json, "unsafeDiscardReferences"),
        .passAsFile = getStringSet(valueAt(json, "passAsFile")),
+        .exportReferencesGraph = getMap<StringSet>(getObject(valueAt(json, "exportReferencesGraph")), getStringSet),

        .additionalSandboxProfile = getString(valueAt(json, "additionalSandboxProfile")),
        .noChroot = getBoolean(valueAt(json, "noChroot")),
@ -396,6 +410,7 @@ void adl_serializer<DerivationOptions>::to_json(json & json, const DerivationOpt

    json["unsafeDiscardReferences"] = o.unsafeDiscardReferences;
    json["passAsFile"] = o.passAsFile;
+    json["exportReferencesGraph"] = o.exportReferencesGraph;

    json["additionalSandboxProfile"] = o.additionalSandboxProfile;
    json["noChroot"] = o.noChroot;
@ -423,6 +438,8 @@ DerivationOptions::OutputChecks adl_serializer<DerivationOptions::OutputChecks>:

    return {
        .ignoreSelfRefs = getBoolean(valueAt(json, "ignoreSelfRefs")),
+        .maxSize = ptrToOwned<uint64_t>(getNullable(valueAt(json, "maxSize"))),
+        .maxClosureSize = ptrToOwned<uint64_t>(getNullable(valueAt(json, "maxClosureSize"))),
        .allowedReferences = ptrToOwned<StringSet>(getNullable(valueAt(json, "allowedReferences"))),
        .disallowedReferences = getStringSet(valueAt(json, "disallowedReferences")),
        .allowedRequisites = ptrToOwned<StringSet>(getNullable(valueAt(json, "allowedRequisites"))),
@ -433,6 +450,8 @@ DerivationOptions::OutputChecks adl_serializer<DerivationOptions::OutputChecks>:
 void adl_serializer<DerivationOptions::OutputChecks>::to_json(json & json, const DerivationOptions::OutputChecks & c)
 {
    json["ignoreSelfRefs"] = c.ignoreSelfRefs;
+    json["maxSize"] = c.maxSize;
+    json["maxClosureSize"] = c.maxClosureSize;
    json["allowedReferences"] = c.allowedReferences;
    json["disallowedReferences"] = c.disallowedReferences;
    json["allowedRequisites"] = c.allowedRequisites;
--- a/src/libutil/include/nix/util/json-utils.hh
+++ b/src/libutil/include/nix/util/json-utils.hh
@ -59,6 +59,17 @@ auto getInteger(const nlohmann::json & value) -> std::enable_if_t<std::is_signed
    throw Error("Out of range: JSON value '%s' cannot be casted to %d-bit integer", value.dump(), 8 * sizeof(T));
 }

+template<typename... Args>
+std::map<std::string, Args...> getMap(const nlohmann::json::object_t & jsonObject, auto && f)
+{
+    std::map<std::string, Args...> map;
+
+    for (const auto & [key, value] : jsonObject)
+        map.insert_or_assign(key, f(value));
+
+    return map;
+}
+
 const nlohmann::json::boolean_t & getBoolean(const nlohmann::json & value);
 Strings getStringList(const nlohmann::json & value);
 StringMap getStringMap(const nlohmann::json & value);
--- a/src/libutil/json-utils.cc
+++ b/src/libutil/json-utils.cc
@ -91,14 +91,7 @@ Strings getStringList(const nlohmann::json & value)

 StringMap getStringMap(const nlohmann::json & value)
 {
-    auto & jsonObject = getObject(value);
-
-    StringMap stringMap;
-
-    for (const auto & [key, value] : jsonObject)
-        stringMap[getString(key)] = getString(value);
-
-    return stringMap;
+    return getMap<std::string, std::less<>>(getObject(value), getString);
 }

 StringSet getStringSet(const nlohmann::json & value)