nixos/kanidm: update provisioning to allow multiple origin urls

This commit is contained in:
oddlama 2024-08-23 20:46:53 +02:00
parent a9d176d029
commit 391d05ce95
No known key found for this signature in database
GPG Key ID: 14EFE510775FE39A
2 changed files with 11 additions and 2 deletions

View File

@ -423,7 +423,10 @@ in
originUrl = lib.mkOption {
description = "The origin URL of the service. OAuth2 redirects will only be allowed to sites under this origin. Must end with a slash.";
type = lib.types.strMatching ".*://.*/$";
type = let
originStrType = lib.types.strMatching ".*://.*/$";
in
lib.types.either originStrType (lib.types.nonEmptyListOf originStrType);
example = "https://someservice.example.com/";
};

View File

@ -158,7 +158,11 @@ import ./make-test-python.nix (
groups.service1-admin = { };
systems.oauth2.service1 = {
displayName = "Service One (changed)";
originUrl = "https://changed-one.example.com/";
# multiple origin urls
originUrl = [
"https://changed-one.example.com/"
"https://changed-one.example.org/"
];
originLanding = "https://changed-one.example.com/landing-changed";
basicSecretFile = pkgs.writeText "bs-service1" "changed-very-strong-secret-for-service1";
scopeMaps.service1-access = [
@ -405,6 +409,7 @@ import ./make-test-python.nix (
assert_contains(out, "name: service1")
assert_contains(out, "displayname: Service One (changed)")
assert_contains(out, "oauth2_rs_origin: https://changed-one.example.com/")
assert_contains(out, "oauth2_rs_origin: https://changed-one.example.org/")
assert_contains(out, "oauth2_rs_origin_landing: https://changed-one.example.com/landing")
assert_matches(out, 'oauth2_rs_scope_map: service1-access.*{"email", "openid"}')
assert_matches(out, 'oauth2_rs_sup_scope_map: service1-admin.*{"adminchanged"}')
@ -460,6 +465,7 @@ import ./make-test-python.nix (
assert_contains(out, "name: service1")
assert_contains(out, "displayname: Service One (changed)")
assert_contains(out, "oauth2_rs_origin: https://changed-one.example.com/")
assert_lacks(out, "oauth2_rs_origin: https://changed-one.example.org/")
assert_contains(out, "oauth2_rs_origin_landing: https://changed-one.example.com/landing")
assert_lacks(out, "oauth2_rs_scope_map")
assert_lacks(out, "oauth2_rs_sup_scope_map")