blob: 221c5f4ed9058a84c2497211ab2638a9713d04a2 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
import ./make-test-python.nix ({ pkgs, ... }: {
name = "nginx-sso";
meta = {
maintainers = with pkgs.lib.maintainers; [ delroth ];
};
nodes.machine = {
services.nginx.sso = {
enable = true;
configuration = {
listen = { addr = "127.0.0.1"; port = 8080; };
providers.token.tokens = {
myuser = "MyToken";
};
acl = {
rule_sets = [
{
rules = [ { field = "x-application"; equals = "MyApp"; } ];
allow = [ "myuser" ];
}
];
};
};
};
};
testScript = ''
start_all()
machine.wait_for_unit("nginx-sso.service")
machine.wait_for_open_port(8080)
with subtest("No valid user -> 401"):
machine.fail("curl -sSf http://localhost:8080/auth")
with subtest("Valid user but no matching ACL -> 403"):
machine.fail(
"curl -sSf -H 'Authorization: Token MyToken' http://localhost:8080/auth"
)
with subtest("Valid user and matching ACL -> 200"):
machine.succeed(
"curl -sSf -H 'Authorization: Token MyToken' -H 'X-Application: MyApp' http://localhost:8080/auth"
)
'';
})
|