tamipes/authentik-nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
authentik-nix/tests/minimal-vmtest.nix
Maximilian Bosch 4a67075708
flake.lock: Update 
Flake lock file updates:

• Updated input 'flake-compat':
    'github:edolstra/flake-compat/9100a0f413b0c601e0533d1d94ffd501ce2e7885' (2025-05-12)
  → 'github:edolstra/flake-compat/f387cd2afec9419c8ee37694406ca490c3f34ee5' (2025-10-27)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/864599284fc7c0ba6357ed89ed5e2cd5040f0c04' (2025-10-20)
  → 'github:hercules-ci/flake-parts/52a2caecc898d0b46b2b905f058ccc5081f842da' (2025-11-12)
• Updated input 'flake-parts/nixpkgs-lib':
    'github:nix-community/nixpkgs.lib/a73b9c743612e4244d865a2fdee11865283c04e6' (2025-08-10)
  → 'github:nix-community/nixpkgs.lib/719359f4562934ae99f5443f20aa06c2ffff91fc' (2025-10-29)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/01f116e4df6a15f4ccdffb1bcd41096869fb385c' (2025-10-22)
  → 'github:NixOS/nixpkgs/89c2b2330e733d6cdb5eae7b899326930c2c0648' (2025-11-17)
• Updated input 'pyproject-build-systems':
    'github:pyproject-nix/build-system-pkgs/dbfc0483b5952c6b86e36f8b3afeb9dde30ea4b5' (2025-09-29)
  → 'github:pyproject-nix/build-system-pkgs/795a980d25301e5133eca37adae37283ec3c8e66' (2025-10-29)
• Updated input 'pyproject-nix':
    'github:pyproject-nix/pyproject.nix/84c4ea102127c77058ea1ed7be7300261fafc7d2' (2025-10-14)
  → 'github:pyproject-nix/pyproject.nix/7d3d8848358ccbd415afe2139f12b9e1508d3ace' (2025-11-18)
• Updated input 'uv2nix':
    'github:pyproject-nix/uv2nix/e6e728d9719e989c93e65145fe3f9e0c65a021a2' (2025-10-22)
  → 'github:pyproject-nix/uv2nix/c9752c6c5915eece99505612d8f7805185cff990' (2025-11-17)
2025-11-20 13:51:20 +01:00

101 lines
3.6 KiB
Nix
Raw Blame History

{
pkgs,
authentik-version,
nixosModules,
}:
pkgs.testers.runNixOSTest {
name = "authentik";
nodes = {
authentik = {
virtualisation = {
cores = 3;
memorySize = 2048;
};
imports = [
nixosModules.default
"${pkgs.path}/nixos/tests/common/user-account.nix"
"${pkgs.path}/nixos/tests/common/x11.nix"
];
# Keep in mind that the secret still ends up in the store and is world-readable because the
# systemd-tmpfiles config lands in the store.
# This is just a trick to not pass a store-path (which is prohibited) to `environmentFile`
# without having to integrate secret managers like agenix or sops-nix into the test.
# Don't do this in production.
systemd.tmpfiles.rules = [
"f /etc/authentik.env 0700 root root - AUTHENTIK_SECRET_KEY=notastorepath"
];
services.authentik = {
enable = true;
environmentFile = "/etc/authentik.env";
nginx = {
enable = true;
host = "localhost";
};
};
services.xserver.enable = true;
test-support.displayManager.auto.user = "alice";
environment.systemPackages = with pkgs; [
firefox
xdotool
];
};
};
enableOCR = true;
# TODO maybe use bootstrap env vars instead of testing manual workflow?
testScript = ''
start_all()
authentik.wait_for_unit("postgresql.service")
authentik.wait_for_unit("authentik-migrate.service")
authentik.wait_for_unit("authentik-worker.service")
authentik.wait_for_unit("authentik.service")
authentik.wait_for_open_port(9000)
authentik.wait_until_succeeds("curl -fL http://localhost:9000/if/flow/initial-setup/ >&2")
with subtest("Frontend renders"):
machine.succeed("su - alice -c 'firefox http://localhost:9000/if/flow/initial-setup/' >&2 &")
machine.wait_for_text("Welcome to authentik")
machine.screenshot("1_rendered_frontend")
with subtest("admin account setup works"):
machine.send_key("tab")
machine.send_key("tab")
machine.send_chars("akadmin@localhost")
machine.send_key("tab")
machine.send_chars("foobar")
machine.send_key("tab")
machine.send_chars("foobar")
machine.send_key("ret")
machine.wait_for_text("My applications")
machine.send_key("esc")
machine.screenshot("2_initial_setup_successful")
with subtest("admin settings render and version as expected"):
machine.succeed("su - alice -c 'firefox http://localhost:9000/if/admin/' >&2 &")
machine.wait_for_text("General system status")
machine.screenshot("3_rendered_admin_interface")
machine.succeed("su - alice -c 'xdotool click 1' >&2")
machine.succeed("su - alice -c 'xdotool key --delay 100 Page_Down' >&2")
# sometimes the cursor covers the version string
machine.succeed("su - alice -c 'xdotool mousemove_relative 50 50' >&2")
machine.wait_for_text("${builtins.replaceStrings [ "." ] [ ".?" ] authentik-version}")
machine.screenshot("4_correct_version_in_admin_interface")
with subtest("nginx proxies to authentik"):
machine.succeed("su - alice -c 'firefox http://localhost/' >&2 &")
machine.wait_for_text("authentik")
machine.screenshot("5_nginx_proxies_requests")
with subtest("metrics & worker"):
machine.wait_for_open_port(9300)
machine.wait_for_open_port(9301)
print(machine.succeed("curl -L localhost:9300/metrics | grep authentik_outpost_connection | grep 'Embedded'"))
print(machine.succeed("curl -L localhost:9301/metrics | grep authentik_tasks_total"))
'';
}
Reference in a new issue View git blame Copy permalink