diff options
author | Graham Christensen <graham@grahamc.com> | 2020-10-20 16:05:41 +0000 |
---|---|---|
committer | Graham Christensen <graham@grahamc.com> | 2020-11-02 08:16:01 -0500 |
commit | a4b86b2bf5bd85f1695a8b47bd07657758de1722 (patch) | |
tree | 42c495b0e8070ade938ad32f1c67cd3b38747bae /nixos/tests/nginx-auth.nix | |
parent | c7bf3828f04e512a6ef2691f7e48d527961f3692 (diff) | |
download | nixpkgs-a4b86b2bf5bd85f1695a8b47bd07657758de1722.tar nixpkgs-a4b86b2bf5bd85f1695a8b47bd07657758de1722.tar.gz nixpkgs-a4b86b2bf5bd85f1695a8b47bd07657758de1722.tar.bz2 nixpkgs-a4b86b2bf5bd85f1695a8b47bd07657758de1722.tar.lz nixpkgs-a4b86b2bf5bd85f1695a8b47bd07657758de1722.tar.xz nixpkgs-a4b86b2bf5bd85f1695a8b47bd07657758de1722.tar.zst nixpkgs-a4b86b2bf5bd85f1695a8b47bd07657758de1722.zip |
nginx: test basic auth
Diffstat (limited to 'nixos/tests/nginx-auth.nix')
-rw-r--r-- | nixos/tests/nginx-auth.nix | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/nixos/tests/nginx-auth.nix b/nixos/tests/nginx-auth.nix new file mode 100644 index 00000000000..c0d24a20ddb --- /dev/null +++ b/nixos/tests/nginx-auth.nix @@ -0,0 +1,47 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "nginx-auth"; + + nodes = { + webserver = { pkgs, lib, ... }: { + services.nginx = let + root = pkgs.runCommand "testdir" {} '' + mkdir "$out" + echo hello world > "$out/index.html" + ''; + in { + enable = true; + + virtualHosts.lockedroot = { + inherit root; + basicAuth.alice = "jane"; + }; + + virtualHosts.lockedsubdir = { + inherit root; + locations."/sublocation/" = { + alias = "${root}/"; + basicAuth.bob = "john"; + }; + }; + }; + }; + }; + + testScript = '' + webserver.wait_for_unit("nginx") + webserver.wait_for_open_port(80) + + webserver.fail("curl --fail --resolve lockedroot:80:127.0.0.1 http://lockedroot") + webserver.succeed( + "curl --fail --resolve lockedroot:80:127.0.0.1 http://alice:jane@lockedroot" + ) + + webserver.succeed("curl --fail --resolve lockedsubdir:80:127.0.0.1 http://lockedsubdir") + webserver.fail( + "curl --fail --resolve lockedsubdir:80:127.0.0.1 http://lockedsubdir/sublocation/index.html" + ) + webserver.succeed( + "curl --fail --resolve lockedsubdir:80:127.0.0.1 http://bob:john@lockedsubdir/sublocation/index.html" + ) + ''; +}) |