45 lines
1.1 KiB
Nix
45 lines
1.1 KiB
Nix
|
import ./make-test.nix ({ pkgs, ... }: {
|
||
|
name = "nginx-sso";
|
||
|
meta = {
|
||
|
maintainers = with pkgs.stdenv.lib.maintainers; [ delroth ];
|
||
|
};
|
||
|
|
||
|
machine = {
|
||
|
services.nginx.sso = {
|
||
|
enable = true;
|
||
|
configuration = {
|
||
|
listen = { addr = "127.0.0.1"; port = 8080; };
|
||
|
|
||
|
providers.token.tokens = {
|
||
|
myuser = "MyToken";
|
||
|
};
|
||
|
|
||
|
acl = {
|
||
|
rule_sets = [
|
||
|
{
|
||
|
rules = [ { field = "x-application"; equals = "MyApp"; } ];
|
||
|
allow = [ "myuser" ];
|
||
|
}
|
||
|
];
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
|
||
|
testScript = ''
|
||
|
startAll;
|
||
|
|
||
|
$machine->waitForUnit("nginx-sso.service");
|
||
|
$machine->waitForOpenPort(8080);
|
||
|
|
||
|
# No valid user -> 401.
|
||
|
$machine->fail("curl -sSf http://localhost:8080/auth");
|
||
|
|
||
|
# Valid user but no matching ACL -> 403.
|
||
|
$machine->fail("curl -sSf -H 'Authorization: Token MyToken' http://localhost:8080/auth");
|
||
|
|
||
|
# Valid user and matching ACL -> 200.
|
||
|
$machine->succeed("curl -sSf -H 'Authorization: Token MyToken' -H 'X-Application: MyApp' http://localhost:8080/auth");
|
||
|
'';
|
||
|
})
|