LDAP: add VM test to flake.nix
[?]
Sep 9, 2020, 4:26 PM
A4NSGFS3QLTLU4Q2TS7M727CWQ5FUNHCYZE3CIQEV3NI3NT7LOEQCDependencies
- [2]
RWNXH3H2lastModified -> lastModifiedDate
Change contents
- edit in flake.nix at line 353
tests.ldap.x86_64-linux =with import (nixpkgs + "/nixos/lib/testing-python.nix") { system = "x86_64-linux"; };makeTest {machine = { pkgs, ... }: {imports = [ hydraServer ];services.openldap = {enable = true;suffix = "dc=example";rootdn = "cn=root,dc=example";rootpw = "notapassword";database = "bdb";dataDir = "/var/lib/openldap";extraDatabaseConfig = '''';declarativeContents = ''dn: dc=exampledc: exampleo: RootobjectClass: topobjectClass: dcObjectobjectClass: organizationdn: ou=users,dc=exampleou: usersdescription: All usersobjectClass: topobjectClass: organizationalUnitdn: cn=user,ou=users,dc=exampleobjectClass: organizationalPersonobjectClass: inetOrgPersonsn: usercn: usermail: user@exampleuserPassword: foobar'';};systemd.services.hdyra-server.environment.CATALYST_DEBUG = "1";systemd.services.hydra-server.environment.HYDRA_LDAP_CONFIG = pkgs.writeText "config.yaml"# example config based on https://metacpan.org/source/ILMARI/Catalyst-Authentication-Store-LDAP-1.016/README#L103''credential:class: Passwordpassword_field: passwordpassword_type: self_checkstore:class: LDAPldap_server: localhostldap_server_options.timeout: 30binddn: "cn=root,dc=example"bindpw: notapasswordstart_tls: 0start_tls_optionsverify: noneuser_basedn: "ou=users,dc=example"user_filter: "(&(objectClass=inetOrgPerson)(cn=%s))"user_scope: oneuser_field: cnuser_search_options:deref: alwaysuse_roles: 0role_basedn: "ou=groups,ou=OxObjects,dc=yourcompany,dc=com"role_filter: "(&(objectClass=posixGroup)(memberUid=%s))"role_scope: onerole_field: uidrole_value: dnrole_search_options:deref: always'';networking.firewall.enable = false;};testScript = ''machine.wait_for_unit("openldap.service")machine.wait_for_job("hydra-init")machine.wait_for_open_port("3000")machine.succeed("curl --fail http://localhost:3000/login -H 'Accept: application/json' -H 'Referer: http://localhost:3000' --data 'username=user&password=foobar'")machine.fail("curl --fail http://localhost:3000/login -H 'Accept: application/json' -H 'Referer: http://localhost:3000' --data 'username=user&password=wrongpassword'")'';};