nixos/tests/nginx-sso.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / nginx-sso.nix
at 25.11-pre 1.4 kB view raw
 1{ pkgs, ... }:
 2{
 3  name = "nginx-sso";
 4  meta = {
 5    maintainers = with pkgs.lib.maintainers; [ ambroisie ];
 6  };
 7
 8  nodes.machine = {
 9    services.nginx.sso = {
10      enable = true;
11      configuration = {
12        listen = {
13          addr = "127.0.0.1";
14          port = 8080;
15        };
16
17        providers.token.tokens = {
18          myuser = {
19            _secret = pkgs.writeText "secret-token" "MyToken";
20          };
21        };
22
23        acl = {
24          rule_sets = [
25            {
26              rules = [
27                {
28                  field = "x-application";
29                  equals = "MyApp";
30                }
31              ];
32              allow = [ "myuser" ];
33            }
34          ];
35        };
36      };
37    };
38  };
39
40  testScript = ''
41    start_all()
42
43    machine.wait_for_unit("nginx-sso.service")
44    machine.wait_for_open_port(8080)
45
46    with subtest("No valid user -> 401"):
47        machine.fail("curl -sSf http://localhost:8080/auth")
48
49    with subtest("Valid user but no matching ACL -> 403"):
50        machine.fail(
51            "curl -sSf -H 'Authorization: Token MyToken' http://localhost:8080/auth"
52        )
53
54    with subtest("Valid user and matching ACL -> 200"):
55        machine.succeed(
56            "curl -sSf -H 'Authorization: Token MyToken' -H 'X-Application: MyApp' http://localhost:8080/auth"
57        )
58  '';
59}