-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Move tests in package authz.admin tests to keycloak-client
Closes #75 Signed-off-by: rmartinc <rmartinc@redhat.com>
- Loading branch information
Showing
23 changed files
with
4,845 additions
and
0 deletions.
There are no files selected for viewing
144 changes: 144 additions & 0 deletions
144
...ts/src/test/java/org/keycloak/client/testsuite/authz/admin/AbstractAuthorizationTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,144 @@ | ||
| /* | ||
| Copyright 2016 Red Hat, Inc. and/or its affiliates | ||
| and other contributors as indicated by the @author tags. | ||
| Licensed under the Apache License, Version 2.0 (the "License"); | ||
| you may not use this file except in compliance with the License. | ||
| You may obtain a copy of the License at | ||
| http://www.apache.org/licenses/LICENSE-2.0 | ||
| Unless required by applicable law or agreed to in writing, software | ||
| distributed under the License is distributed on an "AS IS" BASIS, | ||
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| See the License for the specific language governing permissions and | ||
| limitations under the License. | ||
| */ | ||
| package org.keycloak.client.testsuite.authz.admin; | ||
|
|
||
| import jakarta.ws.rs.core.Response; | ||
| import java.util.ArrayList; | ||
| import java.util.List; | ||
| import org.junit.jupiter.api.AfterEach; | ||
| import org.junit.jupiter.api.Assertions; | ||
| import org.keycloak.admin.client.resource.AuthorizationResource; | ||
| import org.keycloak.admin.client.resource.ClientResource; | ||
| import org.keycloak.admin.client.resource.RealmResource; | ||
| import org.keycloak.admin.client.resource.ResourceScopeResource; | ||
| import org.keycloak.admin.client.resource.ResourceScopesResource; | ||
| import org.keycloak.client.testsuite.authz.AbstractAuthzTest; | ||
| import org.keycloak.representations.idm.ClientRepresentation; | ||
| import org.keycloak.representations.idm.RealmRepresentation; | ||
| import org.keycloak.representations.idm.authorization.ResourceServerRepresentation; | ||
| import org.keycloak.representations.idm.authorization.ScopeRepresentation; | ||
| import org.keycloak.testsuite.util.ApiUtil; | ||
| import org.keycloak.testsuite.util.ClientBuilder; | ||
| import org.keycloak.testsuite.util.RealmBuilder; | ||
| import org.keycloak.testsuite.util.RoleBuilder; | ||
| import org.keycloak.testsuite.util.RolesBuilder; | ||
| import org.keycloak.testsuite.util.UserBuilder; | ||
|
|
||
| /** | ||
| * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a> | ||
| */ | ||
| public abstract class AbstractAuthorizationTest extends AbstractAuthzTest { | ||
|
|
||
| protected static final String RESOURCE_SERVER_CLIENT_ID = "resource-server-test"; | ||
|
|
||
| @Override | ||
| public List<RealmRepresentation> getRealmsForImport() { | ||
| List<RealmRepresentation> testRealms = new ArrayList<>(); | ||
| testRealms.add(createTestRealm().build()); | ||
| return testRealms; | ||
| } | ||
|
|
||
| @AfterEach | ||
| public void onAfterReenableAuthorization() { | ||
| enableAuthorizationServices(false); | ||
| enableAuthorizationServices(true); | ||
| } | ||
|
|
||
| protected RealmResource testRealmResource() { | ||
| return adminClient.realm("authz-test"); | ||
| } | ||
|
|
||
| protected String getRealmId() { | ||
| return "authz-test"; | ||
| } | ||
|
|
||
| protected ClientResource getClientResource() { | ||
| return ApiUtil.findClientResourceByName(testRealmResource(), RESOURCE_SERVER_CLIENT_ID); | ||
| } | ||
|
|
||
| protected ClientRepresentation getResourceServer() { | ||
| return findClientRepresentation(RESOURCE_SERVER_CLIENT_ID); | ||
| } | ||
|
|
||
| protected ClientRepresentation findClientRepresentation(String name) { | ||
| ClientResource clientRsc = findClientResource(name); | ||
| if (clientRsc == null) return null; | ||
| return findClientResource(name).toRepresentation(); | ||
| } | ||
|
|
||
| protected ClientResource findClientResource(String name) { | ||
| return ApiUtil.findClientResourceByName(testRealmResource(), name); | ||
| } | ||
|
|
||
| protected ClientResource findClientResourceById(String id) { | ||
| return ApiUtil.findClientResourceByClientId(testRealmResource(), id); | ||
| } | ||
|
|
||
| protected void enableAuthorizationServices(boolean enable) { | ||
| ClientRepresentation resourceServer = getResourceServer(); | ||
|
|
||
| resourceServer.setAuthorizationServicesEnabled(enable); | ||
| resourceServer.setServiceAccountsEnabled(true); | ||
| resourceServer.setPublicClient(false); | ||
| resourceServer.setSecret("secret"); | ||
|
|
||
| getClientResource().update(resourceServer); | ||
|
|
||
| if (enable) { | ||
| AuthorizationResource authorization = getClientResource().authorization(); | ||
| ResourceServerRepresentation settings = authorization.exportSettings(); | ||
| settings.setAllowRemoteResourceManagement(true); | ||
| authorization.update(settings); | ||
| } | ||
| } | ||
|
|
||
| protected ResourceScopeResource createDefaultScope() { | ||
| return createScope("Test Scope", "Scope Icon"); | ||
| } | ||
|
|
||
| protected ResourceScopeResource createScope(String name, String iconUri) { | ||
| ScopeRepresentation newScope = new ScopeRepresentation(); | ||
|
|
||
| newScope.setName(name); | ||
| newScope.setIconUri(iconUri); | ||
|
|
||
| ResourceScopesResource resources = getClientResource().authorization().scopes(); | ||
|
|
||
| try (Response response = resources.create(newScope)) { | ||
| Assertions.assertEquals(Response.Status.CREATED.getStatusCode(), response.getStatus()); | ||
|
|
||
| ScopeRepresentation stored = response.readEntity(ScopeRepresentation.class); | ||
|
|
||
| return resources.scope(stored.getId()); | ||
| } | ||
| } | ||
|
|
||
| protected RealmBuilder createTestRealm() { | ||
| return RealmBuilder.create().name("authz-test") | ||
| .user(UserBuilder.create().username("marta").password("password")) | ||
| .user(UserBuilder.create().username("kolo").password("password")) | ||
| .roles(RolesBuilder.create().realmRole(RoleBuilder.create().name("realm-role").build())) | ||
| .client(ClientBuilder.create().clientId(RESOURCE_SERVER_CLIENT_ID) | ||
| .name(RESOURCE_SERVER_CLIENT_ID) | ||
| .secret("secret") | ||
| .authorizationServicesEnabled(true) | ||
| .redirectUris("http://localhost/" + RESOURCE_SERVER_CLIENT_ID) | ||
| .defaultRoles("uma_protection") | ||
| .directAccessGrants()); | ||
| } | ||
| } |
179 changes: 179 additions & 0 deletions
179
...src/test/java/org/keycloak/client/testsuite/authz/admin/AbstractPolicyManagementTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,179 @@ | ||
| /* | ||
| * Copyright 2016 Red Hat, Inc. and/or its affiliates | ||
| * and other contributors as indicated by the @author tags. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
| package org.keycloak.client.testsuite.authz.admin; | ||
|
|
||
| import jakarta.ws.rs.core.Response; | ||
| import java.io.IOException; | ||
| import java.util.ArrayList; | ||
| import java.util.HashSet; | ||
| import java.util.List; | ||
| import java.util.Set; | ||
| import java.util.function.Supplier; | ||
| import org.junit.jupiter.api.Assertions; | ||
| import org.junit.jupiter.api.BeforeEach; | ||
| import org.keycloak.admin.client.resource.ClientResource; | ||
| import org.keycloak.admin.client.resource.ClientsResource; | ||
| import org.keycloak.admin.client.resource.RealmResource; | ||
| import org.keycloak.client.testsuite.authz.AbstractAuthzTest; | ||
| import org.keycloak.representations.idm.RealmRepresentation; | ||
| import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation; | ||
| import org.keycloak.representations.idm.authorization.PolicyRepresentation; | ||
| import org.keycloak.representations.idm.authorization.ResourceRepresentation; | ||
| import org.keycloak.representations.idm.authorization.ScopeRepresentation; | ||
| import org.keycloak.representations.idm.authorization.UserPolicyRepresentation; | ||
| import org.keycloak.testsuite.util.ClientBuilder; | ||
| import org.keycloak.testsuite.util.RealmBuilder; | ||
| import org.keycloak.testsuite.util.UserBuilder; | ||
|
|
||
| /** | ||
| * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a> | ||
| */ | ||
| public abstract class AbstractPolicyManagementTest extends AbstractAuthzTest { | ||
|
|
||
| @Override | ||
| public List<RealmRepresentation> getRealmsForImport() { | ||
| List<RealmRepresentation> testRealms = new ArrayList<>(); | ||
| testRealms.add(createTestRealm().build()); | ||
| return testRealms; | ||
| } | ||
|
|
||
| protected RealmBuilder createTestRealm() { | ||
| return RealmBuilder.create().name("authz-test") | ||
| .user(UserBuilder.create().username("marta").password("password")) | ||
| .user(UserBuilder.create().username("kolo").password("password")) | ||
| .client(ClientBuilder.create().clientId("resource-server-test") | ||
| .secret("secret") | ||
| .authorizationServicesEnabled(true) | ||
| .redirectUris("http://localhost/resource-server-test") | ||
| .defaultRoles("uma_protection") | ||
| .directAccessGrants()); | ||
| } | ||
|
|
||
| @BeforeEach | ||
| public void configureAuthorization() throws Exception { | ||
| createResourcesAndScopes(); | ||
| RealmResource realm = getRealm(); | ||
| createPolicies(realm, getClient(realm)); | ||
| } | ||
|
|
||
| protected void assertRepresentation(AbstractPolicyRepresentation expected, AbstractPolicyRepresentation actual, | ||
| Supplier<List<ResourceRepresentation>> resources, | ||
| Supplier<List<ScopeRepresentation>> scopes, | ||
| Supplier<List<PolicyRepresentation>> policies) { | ||
| Assertions.assertNotNull(actual); | ||
| Assertions.assertNotNull(actual.getId()); | ||
|
|
||
| Assertions.assertEquals(expected.getName(), actual.getName()); | ||
| Assertions.assertEquals(expected.getDescription(), actual.getDescription()); | ||
| Assertions.assertEquals(expected.getDecisionStrategy(), actual.getDecisionStrategy()); | ||
| Assertions.assertEquals(expected.getLogic(), actual.getLogic()); | ||
| Assertions.assertNull(actual.getResources()); | ||
| Assertions.assertNull(actual.getPolicies()); | ||
| Assertions.assertNull(actual.getScopes()); | ||
|
|
||
| List<PolicyRepresentation> associatedPolicies = policies.get(); | ||
|
|
||
| if (expected.getPolicies() != null) { | ||
| Assertions.assertEquals(expected.getPolicies().size(), associatedPolicies.size()); | ||
| Assertions.assertEquals(0, associatedPolicies.stream() | ||
| .map(representation1 -> representation1.getName()) | ||
| .filter(policyName -> !expected.getPolicies().contains(policyName)) | ||
| .count()); | ||
| } else { | ||
| Assertions.assertTrue(associatedPolicies.isEmpty()); | ||
| } | ||
|
|
||
| List<ResourceRepresentation> associatedResources = resources.get(); | ||
|
|
||
| if (expected.getResources() != null) { | ||
| Assertions.assertEquals(expected.getResources().size(), associatedResources.size()); | ||
| Assertions.assertEquals(0, associatedResources.stream() | ||
| .map(representation1 -> representation1.getName()) | ||
| .filter(resourceName -> !expected.getResources().contains(resourceName)) | ||
| .count()); | ||
| } else { | ||
| Assertions.assertTrue(associatedResources.isEmpty()); | ||
| } | ||
|
|
||
| List<ScopeRepresentation> associatedScopes = scopes.get(); | ||
|
|
||
| if (expected.getScopes() != null) { | ||
| Assertions.assertEquals(expected.getScopes().size(), associatedScopes.size()); | ||
| Assertions.assertEquals(0, associatedScopes.stream() | ||
| .map(representation1 -> representation1.getName()) | ||
| .filter(scopeName -> !expected.getScopes().contains(scopeName)) | ||
| .count()); | ||
| } else { | ||
| Assertions.assertTrue(associatedScopes.isEmpty()); | ||
| } | ||
|
|
||
| expected.setId(actual.getId()); | ||
| } | ||
|
|
||
| private void createResourcesAndScopes() throws IOException { | ||
| Set<ScopeRepresentation> scopes = new HashSet<>(); | ||
|
|
||
| scopes.add(new ScopeRepresentation("read")); | ||
| scopes.add(new ScopeRepresentation("write")); | ||
| scopes.add(new ScopeRepresentation("execute")); | ||
|
|
||
| List<ResourceRepresentation> resources = new ArrayList<>(); | ||
|
|
||
| resources.add(new ResourceRepresentation("Resource A", scopes)); | ||
| resources.add(new ResourceRepresentation("Resource B", scopes)); | ||
| resources.add(new ResourceRepresentation("Resource C", scopes)); | ||
|
|
||
| resources.forEach(resource -> { | ||
| Response response = getClient().authorization().resources().create(resource); | ||
| response.close(); | ||
| }); | ||
| } | ||
|
|
||
| private void createPolicies(RealmResource realm, ClientResource client) throws IOException { | ||
| createUserPolicy("Only Marta Policy", realm, client, "marta"); | ||
| createUserPolicy("Only Kolo Policy", realm, client, "kolo"); | ||
| } | ||
|
|
||
| private void createUserPolicy(String name, RealmResource realm, ClientResource client, String username) throws IOException { | ||
| String userId = realm.users().search(username).stream().map(representation -> representation.getId()).findFirst().orElseThrow(() -> new RuntimeException("Expected user [userId]")); | ||
|
|
||
| UserPolicyRepresentation representation = new UserPolicyRepresentation(); | ||
|
|
||
| representation.setName(name); | ||
| representation.addUser(userId); | ||
|
|
||
| Response response = client.authorization().policies().user().create(representation); | ||
| response.close(); | ||
| } | ||
|
|
||
| protected ClientResource getClient() { | ||
| return getClient(getRealm()); | ||
| } | ||
|
|
||
| protected ClientResource getClient(RealmResource realm) { | ||
| ClientsResource clients = realm.clients(); | ||
| return clients.findByClientId("resource-server-test").stream().map(representation -> clients.get(representation.getId())).findFirst().orElseThrow(() -> new RuntimeException("Expected client [resource-server-test]")); | ||
| } | ||
|
|
||
| protected RealmResource getRealm() { | ||
| try { | ||
| return adminClient.realm("authz-test"); | ||
| } catch (Exception cause) { | ||
| throw new RuntimeException("Failed to create admin client", cause); | ||
| } | ||
| } | ||
| } |
Oops, something went wrong.