nixosTests.google-oslogin: fix tests, provide group mock endpoint

If our (fake) metadata server provides a 404 instead of a JSON document,
the NSS module segfaults, and as we do NSS lookups through ns(n)cd,
not only crashes the application doing the NSS lookup, but our ns(n)cd.

This has been causing segfaults of nscd all along, but since our switch
from glibc-nscd to nsncd, caused the test to fail entirely.

In any case, by handling /computeMetadata/v1/oslogin/groups we get the
NSS lookup to not cause any segfaults, and to succeed the test again.

1 files changed, 10 insertions, 0 deletions

diff --git a/nixos/tests/google-oslogin/server.py b/nixos/tests/google-oslogin/server.py
index 5ea9bbd2c96ba..622cd86b26195 100755
--- a/nixos/tests/google-oslogin/server.py
+++ b/nixos/tests/google-oslogin/server.py
@@ -103,6 +103,16 @@ class ReqHandler(BaseHTTPRequestHandler):
             self._send_json_ok(gen_mockuser(username=username, uid=uid, gid=uid, home_directory=f"/home/{username}", snakeoil_pubkey=SNAKEOIL_PUBLIC_KEY))
             return
 
+        # we need to provide something at the groups endpoint.
+        # the nss module does segfault if we don't.
+        elif pu.path == "/computeMetadata/v1/oslogin/groups":
+            self._send_json_ok({
+                "posixGroups": [
+                    {"name" : "demo", "gid" : 4294967295}
+                ],
+            })
+            return
+
         # authorize endpoint
         elif pu.path == "/computeMetadata/v1/oslogin/authorize":
             # is user allowed to login?