mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-22 06:53:01 +00:00
nixos/kanidm: update provisioning to allow multiple origin urls
This commit is contained in:
parent
a9d176d029
commit
391d05ce95
@ -423,7 +423,10 @@ in
|
||||
|
||||
originUrl = lib.mkOption {
|
||||
description = "The origin URL of the service. OAuth2 redirects will only be allowed to sites under this origin. Must end with a slash.";
|
||||
type = lib.types.strMatching ".*://.*/$";
|
||||
type = let
|
||||
originStrType = lib.types.strMatching ".*://.*/$";
|
||||
in
|
||||
lib.types.either originStrType (lib.types.nonEmptyListOf originStrType);
|
||||
example = "https://someservice.example.com/";
|
||||
};
|
||||
|
||||
|
@ -158,7 +158,11 @@ import ./make-test-python.nix (
|
||||
groups.service1-admin = { };
|
||||
systems.oauth2.service1 = {
|
||||
displayName = "Service One (changed)";
|
||||
originUrl = "https://changed-one.example.com/";
|
||||
# multiple origin urls
|
||||
originUrl = [
|
||||
"https://changed-one.example.com/"
|
||||
"https://changed-one.example.org/"
|
||||
];
|
||||
originLanding = "https://changed-one.example.com/landing-changed";
|
||||
basicSecretFile = pkgs.writeText "bs-service1" "changed-very-strong-secret-for-service1";
|
||||
scopeMaps.service1-access = [
|
||||
@ -405,6 +409,7 @@ import ./make-test-python.nix (
|
||||
assert_contains(out, "name: service1")
|
||||
assert_contains(out, "displayname: Service One (changed)")
|
||||
assert_contains(out, "oauth2_rs_origin: https://changed-one.example.com/")
|
||||
assert_contains(out, "oauth2_rs_origin: https://changed-one.example.org/")
|
||||
assert_contains(out, "oauth2_rs_origin_landing: https://changed-one.example.com/landing")
|
||||
assert_matches(out, 'oauth2_rs_scope_map: service1-access.*{"email", "openid"}')
|
||||
assert_matches(out, 'oauth2_rs_sup_scope_map: service1-admin.*{"adminchanged"}')
|
||||
@ -460,6 +465,7 @@ import ./make-test-python.nix (
|
||||
assert_contains(out, "name: service1")
|
||||
assert_contains(out, "displayname: Service One (changed)")
|
||||
assert_contains(out, "oauth2_rs_origin: https://changed-one.example.com/")
|
||||
assert_lacks(out, "oauth2_rs_origin: https://changed-one.example.org/")
|
||||
assert_contains(out, "oauth2_rs_origin_landing: https://changed-one.example.com/landing")
|
||||
assert_lacks(out, "oauth2_rs_scope_map")
|
||||
assert_lacks(out, "oauth2_rs_sup_scope_map")
|
||||
|
Loading…
Reference in New Issue
Block a user