nixpkgs/nixos/tests/nginx-sso.nix

import ./make-test-python.nix ({ pkgs, ... }: {
  name = "nginx-sso";
  meta = {
    maintainers = with pkgs.lib.maintainers; [ delroth ];
  };

  machine = {
    services.nginx.sso = {
      enable = true;
      configuration = {
        listen = { addr = "127.0.0.1"; port = 8080; };

        providers.token.tokens = {
          myuser = "MyToken";
        };

        acl = {
          rule_sets = [
            {
              rules = [ { field = "x-application"; equals = "MyApp"; } ];
              allow = [ "myuser" ];
            }
          ];
        };
      };
    };
  };

  testScript = ''
    start_all()

    machine.wait_for_unit("nginx-sso.service")
    machine.wait_for_open_port(8080)

    with subtest("No valid user -> 401"):
        machine.fail("curl -sSf http://localhost:8080/auth")

    with subtest("Valid user but no matching ACL -> 403"):
        machine.fail(
            "curl -sSf -H 'Authorization: Token MyToken' http://localhost:8080/auth"
        )

    with subtest("Valid user and matching ACL -> 200"):
        machine.succeed(
            "curl -sSf -H 'Authorization: Token MyToken' -H 'X-Application: MyApp' http://localhost:8080/auth"
        )
  '';
})
nixosTests.nginx*: port to python 2019-11-24 20:42:54 +01:00			`import ./make-test-python.nix ({ pkgs, ... }: {`
nixos/tests: add nginx-sso basic functionality test 2018-12-28 11:41:52 +01:00			`name = "nginx-sso";`
			`meta = {`
treewide: simplify pkgs.stdenv.lib -> pkgs.lib The library does not depend on stdenv, that `stdenv` exposes `lib` is an artifact of the ancient origins of nixpkgs. 2021-01-10 20:08:30 +01:00			`maintainers = with pkgs.lib.maintainers; [ delroth ];`
nixos/tests: add nginx-sso basic functionality test 2018-12-28 11:41:52 +01:00			`};`

			`machine = {`
			`services.nginx.sso = {`
			`enable = true;`
			`configuration = {`
			`listen = { addr = "127.0.0.1"; port = 8080; };`

			`providers.token.tokens = {`
			`myuser = "MyToken";`
			`};`

			`acl = {`
			`rule_sets = [`
			`{`
			`rules = [ { field = "x-application"; equals = "MyApp"; } ];`
			`allow = [ "myuser" ];`
			`}`
			`];`
			`};`
			`};`
			`};`
			`};`

			`testScript = ''`
nixosTests.nginx*: port to python 2019-11-24 20:42:54 +01:00			`start_all()`
nixos/tests: add nginx-sso basic functionality test 2018-12-28 11:41:52 +01:00
nixosTests.nginx*: port to python 2019-11-24 20:42:54 +01:00			`machine.wait_for_unit("nginx-sso.service")`
			`machine.wait_for_open_port(8080)`
nixos/tests: add nginx-sso basic functionality test 2018-12-28 11:41:52 +01:00
nixos/tests/nginx-sso: add subtests for each assertion 2019-12-26 17:50:35 +01:00			`with subtest("No valid user -> 401"):`
			`machine.fail("curl -sSf http://localhost:8080/auth")`

			`with subtest("Valid user but no matching ACL -> 403"):`
			`machine.fail(`
			`"curl -sSf -H 'Authorization: Token MyToken' http://localhost:8080/auth"`
			`)`

			`with subtest("Valid user and matching ACL -> 200"):`
			`machine.succeed(`
			`"curl -sSf -H 'Authorization: Token MyToken' -H 'X-Application: MyApp' http://localhost:8080/auth"`
			`)`
nixos/tests: add nginx-sso basic functionality test 2018-12-28 11:41:52 +01:00			`'';`
			`})`