nixos/tests/nginx-sso.nix at 23.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / tests / nginx-sso.nix

at 23.05-pre 1.2 kB view raw

 1import ./make-test-python.nix ({ pkgs, ... }: {
 2  name = "nginx-sso";
 3  meta = {
 4    maintainers = with pkgs.lib.maintainers; [ delroth ];
 5  };
 6
 7  nodes.machine = {
 8    services.nginx.sso = {
 9      enable = true;
10      configuration = {
11        listen = { addr = "127.0.0.1"; port = 8080; };
12
13        providers.token.tokens = {
14          myuser = "MyToken";
15        };
16
17        acl = {
18          rule_sets = [
19            {
20              rules = [ { field = "x-application"; equals = "MyApp"; } ];
21              allow = [ "myuser" ];
22            }
23          ];
24        };
25      };
26    };
27  };
28
29  testScript = ''
30    start_all()
31
32    machine.wait_for_unit("nginx-sso.service")
33    machine.wait_for_open_port(8080)
34
35    with subtest("No valid user -> 401"):
36        machine.fail("curl -sSf http://localhost:8080/auth")
37
38    with subtest("Valid user but no matching ACL -> 403"):
39        machine.fail(
40            "curl -sSf -H 'Authorization: Token MyToken' http://localhost:8080/auth"
41        )
42
43    with subtest("Valid user and matching ACL -> 200"):
44        machine.succeed(
45            "curl -sSf -H 'Authorization: Token MyToken' -H 'X-Application: MyApp' http://localhost:8080/auth"
46        )
47  '';
48})