pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / web-apps / lasuite-docs.nix
at master 5.9 kB view raw
1{ lib, ... }: 2let 3 domain = "docs.local"; 4 oidcDomain = "127.0.0.1:8080"; 5 s3Domain = "127.0.0.1:9000"; 6 7 minioAccessKey = "a8dff633d164068418a5"; 8 minioSecretKey = "d546ea5f9c9bfdcf83755a7c09f2f7fb"; 9in 10 11{ 12 name = "lasuite-docs"; 13 meta.maintainers = with lib.maintainers; [ 14 soyouzpanda 15 ]; 16 17 nodes.machine = 18 { pkgs, ... }: 19 { 20 virtualisation.diskSize = 4 * 1024; 21 virtualisation.memorySize = 4 * 1024; 22 23 networking.hosts."127.0.0.1" = [ domain ]; 24 25 environment.systemPackages = with pkgs; [ 26 jq 27 minio-client 28 ]; 29 30 services.lasuite-docs = { 31 enable = true; 32 enableNginx = true; 33 redis.createLocally = true; 34 postgresql.createLocally = true; 35 36 inherit domain; 37 s3Url = "http://${s3Domain}/lasuite-docs"; 38 39 settings = { 40 DJANGO_SECRET_KEY_FILE = pkgs.writeText "django-secret-file" '' 41 8540db59c03943d48c3ed1a0f96ce3b560e0f45274f120f7ee4dace3cc366a6b 42 ''; 43 44 OIDC_OP_JWKS_ENDPOINT = "http://${oidcDomain}/dex/keys"; 45 OIDC_OP_AUTHORIZATION_ENDPOINT = "http://${oidcDomain}/dex/auth/mock"; 46 OIDC_OP_TOKEN_ENDPOINT = "http://${oidcDomain}/dex/token"; 47 OIDC_OP_USER_ENDPOINT = "http://${oidcDomain}/dex/userinfo"; 48 OIDC_RP_CLIENT_ID = "lasuite-docs"; 49 OIDC_RP_SIGN_ALGO = "RS256"; 50 OIDC_RP_SCOPES = "openid email"; 51 OIDC_RP_CLIENT_SECRET = "lasuitedocsclientsecret"; 52 53 LOGIN_REDIRECT_URL = "http://${domain}"; 54 LOGIN_REDIRECT_URL_FAILURE = "http://${domain}"; 55 LOGOUT_REDIRECT_URL = "http://${domain}"; 56 57 AWS_S3_ENDPOINT_URL = "http://${s3Domain}"; 58 AWS_S3_ACCESS_KEY_ID = minioAccessKey; 59 AWS_S3_SECRET_ACCESS_KEY = minioSecretKey; 60 AWS_STORAGE_BUCKET_NAME = "lasuite-docs"; 61 MEDIA_BASE_URL = "http://${domain}"; 62 63 # Disable HTTPS feature in tests because we're running on a HTTP connection 64 DJANGO_SECURE_PROXY_SSL_HEADER = ""; 65 DJANGO_SECURE_SSL_REDIRECT = false; 66 DJANGO_CSRF_COOKIE_SECURE = false; 67 DJANGO_SESSION_COOKIE_SECURE = false; 68 DJANGO_CSRF_TRUSTED_ORIGINS = "http://*"; 69 }; 70 }; 71 72 services.dex = { 73 enable = true; 74 settings = { 75 issuer = "http://${oidcDomain}/dex"; 76 storage = { 77 type = "postgres"; 78 config.host = "/var/run/postgresql"; 79 }; 80 web.http = "127.0.0.1:8080"; 81 oauth2.skipApprovalScreen = true; 82 staticClients = [ 83 { 84 id = "lasuite-docs"; 85 name = "Docs"; 86 redirectURIs = [ "http://${domain}/api/v1.0/callback/" ]; 87 secretFile = "/etc/dex/lasuite-docs"; 88 } 89 ]; 90 connectors = [ 91 { 92 type = "mockPassword"; 93 id = "mock"; 94 name = "Example"; 95 config = { 96 username = "admin"; 97 password = "password"; 98 }; 99 } 100 ]; 101 }; 102 }; 103 104 services.minio = { 105 enable = true; 106 rootCredentialsFile = "/etc/minio/minio-root-credentials"; 107 }; 108 109 environment.etc."dex/lasuite-docs" = { 110 mode = "0400"; 111 user = "dex"; 112 text = "lasuitedocsclientsecret"; 113 }; 114 115 environment.etc."minio/minio-root-credentials" = { 116 mode = "0400"; 117 text = '' 118 MINIO_ROOT_USER=${minioAccessKey} 119 MINIO_ROOT_PASSWORD=${minioSecretKey} 120 ''; 121 }; 122 123 services.postgresql = { 124 enable = true; 125 ensureDatabases = [ "dex" ]; 126 ensureUsers = [ 127 { 128 name = "dex"; 129 ensureDBOwnership = true; 130 } 131 ]; 132 }; 133 }; 134 135 testScript = '' 136 with subtest("Wait for units to start"): 137 machine.wait_for_unit("dex.service") 138 machine.wait_for_unit("minio.service") 139 machine.wait_for_unit("lasuite-docs.service") 140 machine.wait_for_unit("lasuite-docs-celery.service") 141 machine.wait_for_unit("lasuite-docs-collaboration-server.service") 142 143 with subtest("Create S3 bucket"): 144 machine.succeed("mc alias set minio http://${s3Domain} ${minioAccessKey} ${minioSecretKey} --api s3v4") 145 machine.succeed("mc mb lasuite-docs") 146 147 with subtest("Wait for web servers to start"): 148 machine.wait_until_succeeds("curl -fs 'http://${domain}/api/v1.0/authenticate/'", timeout=120) 149 machine.wait_until_succeeds("curl -fs '${oidcDomain}/dex/auth/mock?client_id=lasuite-docs&response_type=code&redirect_uri=http://${domain}/api/v1.0/callback/&scope=openid'", timeout=120) 150 151 with subtest("Login"): 152 state, nonce = machine.succeed("curl -fs -c cjar 'http://${domain}/api/v1.0/authenticate/' -w '%{redirect_url}' | sed -n 's/.*state=\\(.*\\)&nonce=\\(.*\\)/\\1 \\2/p'").strip().split(' ') 153 154 oidc_state = machine.succeed(f"curl -fs '${oidcDomain}/dex/auth/mock?client_id=lasuite-docs&response_type=code&redirect_uri=http://${domain}/api/v1.0/callback/&scope=openid+email&state={state}&nonce={nonce}' | sed -n 's/.*state=\\(.*\\)\">.*/\\1/p'").strip() 155 156 code = machine.succeed(f"curl -fs '${oidcDomain}/dex/auth/mock/login?back=&state={oidc_state}' -d 'login=admin&password=password' -w '%{{redirect_url}}' | sed -n 's/.*code=\\(.*\\)&.*/\\1/p'").strip() 157 print(f"Got approval code {code}") 158 159 machine.succeed(f"curl -fs -c cjar -b cjar 'http://${domain}/api/v1.0/callback/?code={code}&state={state}'") 160 161 with subtest("Create a document"): 162 csrf_token = machine.succeed("grep csrftoken cjar | cut -f 7 | tr -d '\n'") 163 164 document_id = machine.succeed(f"curl -fs -c cjar -b cjar 'http://${domain}/api/v1.0/documents/' -X POST -H 'X-CSRFToken: {csrf_token}' -H 'Referer: http://${domain}' | jq .id -r").strip() 165 166 print(f"Created document with id {document_id}") 167 ''; 168}