diff options
Diffstat (limited to 'nixpkgs/nixos/tests/keycloak.nix')
| -rw-r--r-- | nixpkgs/nixos/tests/keycloak.nix | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/nixpkgs/nixos/tests/keycloak.nix b/nixpkgs/nixos/tests/keycloak.nix index fce8df2b7e3a..6ce136330d43 100644 --- a/nixpkgs/nixos/tests/keycloak.nix +++ b/nixpkgs/nixos/tests/keycloak.nix @@ -4,7 +4,7 @@ let certs = import ./common/acme/server/snakeoil-certs.nix; - frontendUrl = "https://${certs.domain}/auth"; + frontendUrl = "https://${certs.domain}"; initialAdminPassword = "h4IhoJFnt2iQIR9"; keycloakTest = import ./make-test-python.nix ( @@ -27,20 +27,23 @@ let services.keycloak = { enable = true; - inherit frontendUrl initialAdminPassword; - sslCertificate = certs.${certs.domain}.cert; - sslCertificateKey = certs.${certs.domain}.key; + settings = { + hostname = certs.domain; + }; + inherit initialAdminPassword; + sslCertificate = "${certs.${certs.domain}.cert}"; + sslCertificateKey = "${certs.${certs.domain}.key}"; database = { type = databaseType; username = "bogus"; - passwordFile = pkgs.writeText "dbPassword" "wzf6vOCbPp6cqTH"; + name = "also bogus"; + passwordFile = "${pkgs.writeText "dbPassword" "wzf6vOCbPp6cqTH"}"; }; plugins = with config.services.keycloak.package.plugins; [ keycloak-discord keycloak-metrics-spi ]; }; - environment.systemPackages = with pkgs; [ xmlstarlet html-tidy @@ -99,9 +102,9 @@ let in '' keycloak.start() keycloak.wait_for_unit("keycloak.service") + keycloak.wait_for_open_port(443) keycloak.wait_until_succeeds("curl -sSf ${frontendUrl}") - ### Realm Setup ### # Get an admin interface access token @@ -117,8 +120,8 @@ let # Register the metrics SPI keycloak.succeed( "${pkgs.jre}/bin/keytool -import -alias snakeoil -file ${certs.ca.cert} -storepass aaaaaa -keystore cacert.jks -noprompt", - "KC_OPTS='-Djavax.net.ssl.trustStore=cacert.jks -Djavax.net.ssl.trustStorePassword=aaaaaa' ${pkgs.keycloak}/bin/kcadm.sh config credentials --server '${frontendUrl}' --realm master --user admin --password '${initialAdminPassword}'", - "KC_OPTS='-Djavax.net.ssl.trustStore=cacert.jks -Djavax.net.ssl.trustStorePassword=aaaaaa' ${pkgs.keycloak}/bin/kcadm.sh update events/config -s 'eventsEnabled=true' -s 'adminEventsEnabled=true' -s 'eventsListeners+=metrics-listener'", + "KC_OPTS='-Djavax.net.ssl.trustStore=cacert.jks -Djavax.net.ssl.trustStorePassword=aaaaaa' kcadm.sh config credentials --server '${frontendUrl}' --realm master --user admin --password '${initialAdminPassword}'", + "KC_OPTS='-Djavax.net.ssl.trustStore=cacert.jks -Djavax.net.ssl.trustStorePassword=aaaaaa' kcadm.sh update events/config -s 'eventsEnabled=true' -s 'adminEventsEnabled=true' -s 'eventsListeners+=metrics-listener'", "curl -sSf '${frontendUrl}/realms/master/metrics' | grep '^keycloak_admin_event_UPDATE'" ) @@ -143,7 +146,7 @@ let # post url. keycloak.succeed( "curl -sSf -c cookie '${frontendUrl}/realms/${realm.realm}/protocol/openid-connect/auth?client_id=${client.name}&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=openid+email&response_type=code&response_mode=query&nonce=qw4o89g3qqm' >login_form", - "tidy -q -m login_form || true", + "tidy -asxml -q -m login_form || true", "xml sel -T -t -m \"_:html/_:body/_:div/_:div/_:div/_:div/_:div/_:div/_:form[@id='kc-form-login']\" -v @action login_form >form_post_url", ) @@ -151,7 +154,7 @@ let # the HTML, then extract the authorization code. keycloak.succeed( "curl -sSf -L -b cookie -d 'username=${user.username}' -d 'password=${password}' -d 'credentialId=' \"$(<form_post_url)\" >auth_code_html", - "tidy -q -m auth_code_html || true", + "tidy -asxml -q -m auth_code_html || true", "xml sel -T -t -m \"_:html/_:body/_:div/_:div/_:div/_:div/_:div/_:input[@id='code']\" -v @value auth_code_html >auth_code", ) @@ -172,5 +175,6 @@ let in { postgres = keycloakTest { databaseType = "postgresql"; }; + mariadb = keycloakTest { databaseType = "mariadb"; }; mysql = keycloakTest { databaseType = "mysql"; }; } |