def test_create_group_with_attributes_dict_and_attributes_list(self):
toCreate = {"auth_username": "******",
"auth_password": "******",
"realm": "master",
"auth_keycloak_url": "http://localhost:18081/auth",
"name": "test_create_group_with_attributes_dict_and_attributes_list",
"attributes": {"attr1": ["value1"],
"attr2": ["value2"]},
"attributes_list": [{"name": "attr3",
"value": ["value3"]},
{"name": "attr4",
"value": ["value4"]}],
"realmRoles": ["uma_authorization"],
"clientRoles": [{"clientid": "master-realm",
"roles": ["manage-users",
"view-identity-providers"]}],
"state": "present",
"force": False}
attributes_dict = {
"attr1": ["value1"],
"attr2": ["value2"],
"attr3": ["value3"],
"attr4": ["value4"]
}
self.module = keycloak_group
set_module_args(toCreate)
with self.assertRaises(AnsibleExitJson) as results:
self.module.main()
self.assertTrue(results.exception.args[0]['changed'])
self.assertEqual(
results.exception.args[0]["group"]["name"],
toCreate["name"],
"name: " +
results.exception.args[0]["group"]["name"] +
" : " +
toCreate["name"])
self.assertTrue(
isDictEquals(
attributes_dict,
results.exception.args[0]["group"]["attributes"]),
"attributes: " +
str(
results.exception.args[0]["group"]["attributes"]) +
" : " +
str(attributes_dict))
self.assertTrue(
isDictEquals(
toCreate["clientRoles"],
results.exception.args[0]["group"]["clientRoles"]),
"clientRoles: " + str(
results.exception.args[0]["group"]["clientRoles"]) + " : " + str(
toCreate["clientRoles"]))
self.assertTrue(
isDictEquals(
toCreate["realmRoles"],
results.exception.args[0]["group"]["realmRoles"]),
"realmRoles: " + str(
results.exception.args[0]["group"]["realmRoles"]) + " : " + str(
toCreate["realmRoles"]))
def test_create_realm(self):
toCreate = self.toCreateRealm.copy()
toCreate["state"] = "present"
set_module_args(toCreate)
with self.assertRaises(AnsibleExitJson) as results:
self.module.main()
self.assertTrue(results.exception.args[0]['changed'])
del toCreate["smtpServer"]["fromDisplayName"]
self.assertTrue(
isDictEquals(toCreate, results.exception.args[0]['realm'],
self.realmExcudes),
'Realm created does not comply to specifications.')
self.assertTrue(
results.exception.args[0]["eventsConfig"]["eventsEnabled"],
"eventsEnabled: " +
str(results.exception.args[0]["eventsConfig"]["eventsEnabled"]))
self.assertTrue(
results.exception.args[0]["eventsConfig"]["adminEventsEnabled"],
"adminEventsEnabled: " +
str(results.exception.args[0]["eventsConfig"]
["adminEventsEnabled"]))
self.assertTrue(
results.exception.args[0]["eventsConfig"]
["adminEventsDetailsEnabled"], "adminEventsDetailsEnabled: " +
str(results.exception.args[0]["eventsConfig"]
["adminEventsDetailsEnabled"]))
self.assertTrue(
isDictEquals(toCreate['eventsConfig'],
results.exception.args[0]['eventsConfig']),
"Events configuration has not been modified")
def test_modify_role_two_client_role_with_same_name(self):
newToChangeTwoRoles = self.testRoles[5].copy()
newToChangeTwoRoles["description"] = newToChangeTwoRoles["description"] + " modified"
newToChangeTwoRoles["composites"] = [
{
"clientId": "test2",
"name": "admin"
},
{
"clientId": "test2",
"name": "manager"
}
]
set_module_args(newToChangeTwoRoles)
with self.assertRaises(AnsibleExitJson) as results:
self.module.main()
self.assertTrue(results.exception.args[0]['changed'])
self.assertTrue(
isDictEquals(
newToChangeTwoRoles,
results.exception.args[0]['role'],
self.roleExcudes),
'Realm role modified two client roles does not comply to specifications.')
newComposites = []
for composite in self.testRoles[5]["composites"]:
newComposites.append(composite)
for composite in newToChangeTwoRoles["composites"]:
newComposites.append(composite)
self.assertTrue(
isDictEquals(
newComposites,
results.exception.args[0]['composites'],
self.roleExcudes),
'Realm role composites modified two client roles does not comply to specifications.')
def test_group_not_changed(self):
self.module = keycloak_group
set_module_args(self.groupNotChanged)
with self.assertRaises(AnsibleExitJson) as results:
self.module.main()
self.assertFalse(results.exception.args[0]['changed'])
self.assertEqual(
results.exception.args[0]["group"]["name"],
self.groupNotChanged["name"],
"name: " +
results.exception.args[0]["group"]["name"] +
" : " +
self.groupNotChanged["name"])
self.assertTrue(
isDictEquals(
self.groupNotChanged["attributes"],
results.exception.args[0]["group"]["attributes"]),
"attributes: " + str(
results.exception.args[0]["group"]["attributes"]) + " : " + str(
self.groupNotChanged["attributes"]))
self.assertTrue(
isDictEquals(
self.groupNotChanged["clientRoles"],
results.exception.args[0]["group"]["clientRoles"]),
"clientRoles: " + str(
results.exception.args[0]["group"]["clientRoles"]) + " : " + str(
self.groupNotChanged["clientRoles"]))
self.assertTrue(
isDictEquals(
self.groupNotChanged["realmRoles"],
results.exception.args[0]["group"]["realmRoles"]),
"realmRoles: " + str(
results.exception.args[0]["group"]["realmRoles"]) + " : " + str(
self.groupNotChanged["realmRoles"]))
def test_modify_realm(self):
toModify = self.toModifyRealm.copy()
toModify["displayNameHtml"] = "New name"
toModify["actionTokenGeneratedByAdminLifespan"] = 360
toModify["actionTokenGeneratedByUserLifespan"] = 240
toModify['eventsConfig'] = {
"eventsEnabled":
True,
"eventsListeners": ["jboss-logging"],
"enabledEventTypes": [
"SEND_RESET_PASSWORD", "UPDATE_TOTP", "REMOVE_TOTP",
"REVOKE_GRANT", "LOGIN_ERROR", "CLIENT_LOGIN",
"RESET_PASSWORD_ERROR", "IMPERSONATE_ERROR",
"CODE_TO_TOKEN_ERROR", "CUSTOM_REQUIRED_ACTION",
"UPDATE_PROFILE_ERROR", "IMPERSONATE", "LOGIN",
"UPDATE_PASSWORD_ERROR", "REGISTER", "LOGOUT",
"CLIENT_REGISTER", "UPDATE_PASSWORD",
"FEDERATED_IDENTITY_LINK_ERROR", "CLIENT_DELETE",
"IDENTITY_PROVIDER_FIRST_LOGIN", "VERIFY_EMAIL",
"CLIENT_DELETE_ERROR", "CLIENT_LOGIN_ERROR",
"REMOVE_FEDERATED_IDENTITY_ERROR", "EXECUTE_ACTIONS",
"SEND_IDENTITY_PROVIDER_LINK_ERROR", "SEND_VERIFY_EMAIL",
"EXECUTE_ACTIONS_ERROR", "REMOVE_FEDERATED_IDENTITY",
"IDENTITY_PROVIDER_POST_LOGIN", "UPDATE_EMAIL",
"REGISTER_ERROR", "REVOKE_GRANT_ERROR", "LOGOUT_ERROR",
"UPDATE_EMAIL_ERROR", "CLIENT_UPDATE_ERROR", "UPDATE_PROFILE",
"FEDERATED_IDENTITY_LINK", "CLIENT_REGISTER_ERROR",
"SEND_VERIFY_EMAIL_ERROR", "SEND_IDENTITY_PROVIDER_LINK",
"RESET_PASSWORD", "REMOVE_TOTP_ERROR", "VERIFY_EMAIL_ERROR",
"SEND_RESET_PASSWORD_ERROR", "CLIENT_UPDATE",
"IDENTITY_PROVIDER_POST_LOGIN_ERROR",
"CUSTOM_REQUIRED_ACTION_ERROR", "UPDATE_TOTP_ERROR",
"CODE_TO_TOKEN", "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR"
],
"adminEventsEnabled":
True,
"adminEventsDetailsEnabled":
True,
}
set_module_args(toModify)
with self.assertRaises(AnsibleExitJson) as results:
self.module.main()
self.assertTrue(results.exception.args[0]['changed'])
self.assertTrue(
isDictEquals(toModify, results.exception.args[0]['realm'],
self.realmExcudes),
'Realm modified does not comply to specifications.')
self.assertTrue(
isDictEquals(toModify['eventsConfig'],
results.exception.args[0]['eventsConfig']),
"Events configuration has not been modified")
def test_role_not_changed(self):
toDoNotChange = self.testRoles[1].copy()
set_module_args(toDoNotChange)
with self.assertRaises(AnsibleExitJson) as results:
self.module.main()
self.assertFalse(results.exception.args[0]['changed'])
self.assertTrue(
isDictEquals(
toDoNotChange,
results.exception.args[0]['role'],
self.roleExcudes),
'Realm role not modified does not comply to specifications.')
self.assertTrue(
isDictEquals(
toDoNotChange["composites"],
results.exception.args[0]['composites'],
self.roleExcudes),
'Realm role composites not modified does not comply to specifications.')
def test_modify_role(self):
newToChange = self.testRoles[3].copy()
newToChange["description"] = newToChange["description"] + " modified"
set_module_args(newToChange)
with self.assertRaises(AnsibleExitJson) as results:
self.module.main()
self.assertTrue(results.exception.args[0]['changed'])
self.assertTrue(
isDictEquals(
newToChange,
results.exception.args[0]['role'],
self.roleExcudes),
'Realm role modified does not comply to specifications.')
self.assertTrue(
isDictEquals(
newToChange["composites"],
results.exception.args[0]['composites'],
self.roleExcudes),
'Realm role composites modified does not comply to specifications.')
def test_create_role(self):
toCreate = self.testRoles[0].copy()
toCreate["state"] = "present"
set_module_args(toCreate)
with self.assertRaises(AnsibleExitJson) as results:
self.module.main()
self.assertTrue(results.exception.args[0]['changed'])
self.assertTrue(
isDictEquals(
toCreate,
results.exception.args[0]['role'],
self.roleExcudes),
'Realm role created does not comply to specifications.')
self.assertTrue(
isDictEquals(
toCreate["composites"],
results.exception.args[0]['composites'],
self.roleExcudes),
'Realm role composites created does not comply to specifications.')
def test_do_not_change_realm(self):
set_module_args(self.toDoNotChangeRealm)
with self.assertRaises(AnsibleExitJson) as results:
self.module.main()
self.assertFalse(results.exception.args[0]['changed'],
"Realm is not supposed to be changed")
self.assertTrue(
isDictEquals(self.toDoNotChangeRealm,
results.exception.args[0]['realm'],
self.realmExcudes),
'Realm not changed does not comply to specifications.')
def test_do_not_change_realm_force(self):
toDoNotChange = self.toDoNotChangeRealmForce.copy()
toDoNotChange["force"] = True
set_module_args(toDoNotChange)
with self.assertRaises(AnsibleExitJson) as results:
self.module.main()
self.assertTrue(results.exception.args[0]['changed'],
"Realm is supposed to be changed")
self.assertTrue(
isDictEquals(toDoNotChange, results.exception.args[0]['realm'],
self.realmExcudes),
'Realm not changed force does not comply to specifications.')
def test_group_modify_force(self):
set_module_args(self.groupModifyForce)
with self.assertRaises(AnsibleExitJson) as results:
self.module.main()
toDoNotChange = self.groupModifyForce.copy()
toDoNotChange["force"] = True
set_module_args(toDoNotChange)
with self.assertRaises(AnsibleExitJson) as results:
self.module.main()
self.assertTrue(results.exception.args[0]['changed'])
self.assertEqual(
results.exception.args[0]["group"]["name"],
toDoNotChange["name"],
"name: " +
results.exception.args[0]["group"]["name"] +
" : " +
toDoNotChange["name"])
self.assertTrue(
isDictEquals(
toDoNotChange["attributes"],
results.exception.args[0]["group"]["attributes"]),
"attributes: " + str(
results.exception.args[0]["group"]["attributes"]) + " : " + str(
toDoNotChange["attributes"]))
self.assertTrue(
isDictEquals(
toDoNotChange["clientRoles"],
results.exception.args[0]["group"]["clientRoles"]),
"clientRoles: " + str(
results.exception.args[0]["group"]["clientRoles"]) + " : " + str(
toDoNotChange["clientRoles"]))
self.assertTrue(
isDictEquals(
toDoNotChange["realmRoles"],
results.exception.args[0]["group"]["realmRoles"]),
"realmRoles: " + str(
results.exception.args[0]["group"]["realmRoles"]) + " : " + str(
toDoNotChange["realmRoles"]))
def test_create_user_without_realm_role(self):
toCreate = self.testUsers[6].copy()
toCreate["state"] = "present"
set_module_args(toCreate)
with self.assertRaises(AnsibleExitJson) as results:
self.module.main()
self.assertTrue(results.exception.args[0]['changed'])
self.assertTrue(
isDictEquals(
toCreate,
results.exception.args[0]["user"],
self.compareExcludes),
"user: "******" : " + str(
results.exception.args[0]["user"]))
def test_user_not_changed(self):
toDoNotChange = self.testUsers[1].copy()
set_module_args(toDoNotChange)
with self.assertRaises(AnsibleExitJson) as results:
self.module.main()
self.assertFalse(results.exception.args[0]['changed'])
self.assertTrue(
isDictEquals(
toDoNotChange,
results.exception.args[0]["user"],
self.compareExcludes),
"user: "******" : " +
str(
results.exception.args[0]["user"]))
def test_modify_user(self):
toChange = self.testUsers[3].copy()
toChange["lastName"] = "Modified"
toChange["clientRoles"] = [
{"clientId": "master-realm", "roles": ["manage-clients", "query-groups"]}]
toChange["realmRoles"] = ["testUserRole1", "testUserRole2"]
set_module_args(toChange)
with self.assertRaises(AnsibleExitJson) as results:
self.module.main()
self.assertTrue(results.exception.args[0]['changed'])
self.assertTrue(
isDictEquals(
toChange,
results.exception.args[0]["user"],
self.compareExcludes),
"user: "******" : " + str(
results.exception.args[0]["user"]))
def test_bearer_only_client_to_confidential_with_service_accounts_enabled(
self):
toModifyClient = self.testClients[9].copy()
toModifyClient["baseUrl"] = "http://test7.com:8080"
toModifyClient["clientAuthenticatorType"] = "client-secret"
toModifyClient["redirectUris"] = ["http://test7.com:8080/secure"]
toModifyClient["webOrigins"] = ["http://test6.com:8080/secure"]
toModifyClient["fullScopeAllowed"] = False
toModifyClient["serviceAccountsEnabled"] = True
toModifyClient["bearerOnly"] = False
toModifyClient["publicClient"] = False
toModifyClient["directAccessGrantsEnabled"] = True
set_module_args(toModifyClient)
with self.assertRaises(AnsibleExitJson) as results:
self.module.main()
self.assertTrue(results.exception.args[0]['end_state']['enabled'])
self.assertTrue(results.exception.args[0]['changed'])
self.assertTrue(
isDictEquals(toModifyClient,
results.exception.args[0]['end_state'],
exclude=self.compareExcludes))
def test_not_equals_with_dict2_bigger_than_dict1(self):
self.assertFalse(isDictEquals(self.dict2, self.dict1))
def test_NewClientScopeFromModule(self):
module_params = {
'auth_keycloak_url': 'http://localhost:8080/auth',
'auth_sername': 'admin',
'auth_password': '******',
'auth_realm': 'master',
'realm': 'master',
'name': 'testclientscope',
'description': 'Client scope',
'protocol': 'openid-connect',
'attributes': {
'include.in.token.scope': 'true',
'display.on.consent.screen': 'true'
},
'protocolMappers': [
{
'name': 'test-audience',
'protocol': 'openid-connect',
'protocolMapper': 'oidc-audience-mapper',
'consentRequired': 'false',
'config': {
'included.client.audience': 'admin-cli',
'id.token.claim': 'true'
},
'access.token.claim': 'true'
}
],
'state': 'present'
}
scope = ClientScope(module_params=module_params)
self.assertEqual(
scope.name,
module_params['name'],
"Incorrect client scope name. {0} != {1}".format(
scope.name,
module_params['name']))
self.assertEqual(
scope.description,
module_params['description'],
"Incorrect client scope description. {0} != {1}".format(
scope.description,
module_params['description']))
self.assertEqual(
scope.protocol,
module_params['protocol'],
"Incorrect client scope protocol. {0} != {1}".format(
scope.protocol,
module_params['protocol']))
self.assertEqual(scope.attributes,
module_params['attributes'],
"Incorrect client scope attributes. {0} != {1}".format(str(scope.attributes),
str(module_params['attributes'])))
self.assertTrue(
isDictEquals(
scope.protocolMappers[0].getRepresentation(),
module_params['protocolMappers'][0]),
"Incorrect client scope protocolMappers. {0} != {1}".format(
str(
scope.protocolMappers[0].getRepresentation()),
str(
module_params['protocolMappers'][0])))
def test_not_equals_dict7_dict8_compare_dict7_with_list_bigger_than_dict8_but_reverse_equals(
self):
self.assertFalse(isDictEquals(self.dict7, self.dict8))
self.assertTrue(isDictEquals(self.dict8, self.dict7))
def test_equals_with_dict5_contain_bool_and_dict6_contain_true_string(
self):
self.assertFalse(isDictEquals(self.dict5, self.dict6))
self.assertFalse(isDictEquals(self.dict6, self.dict5))
def test_equals_with_dict2_bigger_than_dict1(self):
self.assertTrue(isDictEquals(self.dict1, self.dict2))
def test_trivial(self):
self.assertTrue(isDictEquals(self.dict1, self.dict1))
def test_modify_group(self):
newToChange = self.modifyGroup.copy()
newToChange["attributes"] = {
"added": ["thisAttributeBeenAdded"]
}
newToChange["realmRoles"] = [
"uma_authorization",
"offline_access"
]
newToChange["clientRoles"] = [{
"clientid": "master-realm",
"roles": [
"view-clients",
"query-realms",
"view-users"
]
}, {
"clientid": "account",
"roles": [
"manage-account-links",
"view-profile",
"manage-account"
]
}
]
set_module_args(newToChange)
with self.assertRaises(AnsibleExitJson) as results:
self.module.main()
self.assertTrue(results.exception.args[0]['changed'])
self.assertEqual(
results.exception.args[0]["group"]["name"],
self.modifyGroup["name"],
"name: " +
results.exception.args[0]["group"]["name"] +
" : " +
self.modifyGroup["name"])
self.assertFalse(
isDictEquals(
self.modifyGroup["attributes"],
results.exception.args[0]["group"]["attributes"]),
"attributes: " + str(
results.exception.args[0]["group"]["attributes"]) + " : " + str(
self.modifyGroup["attributes"]))
self.assertTrue(
isDictEquals(
newToChange["attributes"],
results.exception.args[0]["group"]["attributes"]),
"attributes: " + str(
results.exception.args[0]["group"]["attributes"]) + " : " + str(
newToChange["attributes"]))
self.assertTrue(
isDictEquals(
newToChange["clientRoles"],
results.exception.args[0]["group"]["clientRoles"]),
"clientRoles: " + str(
results.exception.args[0]["group"]["clientRoles"]) + " : " + str(
newToChange["clientRoles"]))
self.assertTrue(
isDictEquals(
newToChange["realmRoles"],
results.exception.args[0]["group"]["realmRoles"]),
"realmRoles: " + str(
results.exception.args[0]["group"]["realmRoles"]) + " : " + str(
newToChange["realmRoles"]))
def test_not_equals_with_dict1_different_than_dict3(self):
self.assertFalse(isDictEquals(self.dict1, self.dict3))
