def setUp(self): super(KeycloakAuthenticationTestCase, self).setUp() self.module = keycloak_authentication for flow in self.authenticationTestFlows: set_module_args(flow) with self.assertRaises(AnsibleExitJson) as results: self.module.main()
def test_group_not_changed(self): self.module = keycloak_group set_module_args(self.groupNotChanged) with self.assertRaises(AnsibleExitJson) as results: self.module.main() self.assertFalse(results.exception.args[0]['changed']) self.assertEqual( results.exception.args[0]["group"]["name"], self.groupNotChanged["name"], "name: " + results.exception.args[0]["group"]["name"] + " : " + self.groupNotChanged["name"]) self.assertTrue( isDictEquals( self.groupNotChanged["attributes"], results.exception.args[0]["group"]["attributes"]), "attributes: " + str( results.exception.args[0]["group"]["attributes"]) + " : " + str( self.groupNotChanged["attributes"])) self.assertTrue( isDictEquals( self.groupNotChanged["clientRoles"], results.exception.args[0]["group"]["clientRoles"]), "clientRoles: " + str( results.exception.args[0]["group"]["clientRoles"]) + " : " + str( self.groupNotChanged["clientRoles"])) self.assertTrue( isDictEquals( self.groupNotChanged["realmRoles"], results.exception.args[0]["group"]["realmRoles"]), "realmRoles: " + str( results.exception.args[0]["group"]["realmRoles"]) + " : " + str( self.groupNotChanged["realmRoles"]))
def tearDown(self): self.userStorageComponent["state"] = "absent" self.module = keycloak_component set_module_args(self.userStorageComponent) with self.assertRaises(AnsibleExitJson) as results: self.module.main() super(KeycloakGroupTestCase, self).tearDown()
def setUp(self): super(KeycloakComponentTestCase, self).setUp() self.module = keycloak_component for component in self.testComponents: set_module_args(component) with self.assertRaises(AnsibleExitJson) as results: self.module.main()
def test_create_group_with_attributes_dict_and_attributes_list(self): toCreate = {"auth_username": "******", "auth_password": "******", "realm": "master", "auth_keycloak_url": "http://localhost:18081/auth", "name": "test_create_group_with_attributes_dict_and_attributes_list", "attributes": {"attr1": ["value1"], "attr2": ["value2"]}, "attributes_list": [{"name": "attr3", "value": ["value3"]}, {"name": "attr4", "value": ["value4"]}], "realmRoles": ["uma_authorization"], "clientRoles": [{"clientid": "master-realm", "roles": ["manage-users", "view-identity-providers"]}], "state": "present", "force": False} attributes_dict = { "attr1": ["value1"], "attr2": ["value2"], "attr3": ["value3"], "attr4": ["value4"] } self.module = keycloak_group set_module_args(toCreate) with self.assertRaises(AnsibleExitJson) as results: self.module.main() self.assertTrue(results.exception.args[0]['changed']) self.assertEqual( results.exception.args[0]["group"]["name"], toCreate["name"], "name: " + results.exception.args[0]["group"]["name"] + " : " + toCreate["name"]) self.assertTrue( isDictEquals( attributes_dict, results.exception.args[0]["group"]["attributes"]), "attributes: " + str( results.exception.args[0]["group"]["attributes"]) + " : " + str(attributes_dict)) self.assertTrue( isDictEquals( toCreate["clientRoles"], results.exception.args[0]["group"]["clientRoles"]), "clientRoles: " + str( results.exception.args[0]["group"]["clientRoles"]) + " : " + str( toCreate["clientRoles"])) self.assertTrue( isDictEquals( toCreate["realmRoles"], results.exception.args[0]["group"]["realmRoles"]), "realmRoles: " + str( results.exception.args[0]["group"]["realmRoles"]) + " : " + str( toCreate["realmRoles"]))
def test_create_realm(self): toCreate = self.toCreateRealm.copy() toCreate["state"] = "present" set_module_args(toCreate) with self.assertRaises(AnsibleExitJson) as results: self.module.main() self.assertTrue(results.exception.args[0]['changed']) del toCreate["smtpServer"]["fromDisplayName"] self.assertTrue( isDictEquals(toCreate, results.exception.args[0]['realm'], self.realmExcudes), 'Realm created does not comply to specifications.') self.assertTrue( results.exception.args[0]["eventsConfig"]["eventsEnabled"], "eventsEnabled: " + str(results.exception.args[0]["eventsConfig"]["eventsEnabled"])) self.assertTrue( results.exception.args[0]["eventsConfig"]["adminEventsEnabled"], "adminEventsEnabled: " + str(results.exception.args[0]["eventsConfig"] ["adminEventsEnabled"])) self.assertTrue( results.exception.args[0]["eventsConfig"] ["adminEventsDetailsEnabled"], "adminEventsDetailsEnabled: " + str(results.exception.args[0]["eventsConfig"] ["adminEventsDetailsEnabled"])) self.assertTrue( isDictEquals(toCreate['eventsConfig'], results.exception.args[0]['eventsConfig']), "Events configuration has not been modified")
def test_create_authentication_flow_with_two_executions_without_copy(self): toCreate = self.authenticationTestFlows[3].copy() toCreate["state"] = "present" set_module_args(toCreate) with self.assertRaises(AnsibleExitJson) as results: self.module.main() self.assertTrue(results.exception.args[0]['changed']) self.assertEqual( results.exception.args[0]["flow"]["alias"], toCreate["alias"], results.exception.args[0]["flow"]["alias"] + "is not" + toCreate["alias"]) for expectedExecutions in toCreate["authenticationExecutions"]: executionFound = False for execution in results.exception.args[0]["flow"][ "authenticationExecutions"]: if "providerId" in execution and execution[ "providerId"] == expectedExecutions["providerId"]: executionFound = True break self.assertTrue( executionFound, "Execution " + expectedExecutions["providerId"] + " not found") self.assertEqual( execution["requirement"], expectedExecutions["requirement"], execution["requirement"] + " is not equals to " + expectedExecutions["requirement"]) for key in expectedExecutions["authenticationConfig"]["config"]: self.assertEqual( expectedExecutions["authenticationConfig"]["config"][key], execution["authenticationConfig"]["config"][key], execution["authenticationConfig"]["config"][key] + " is not equals to " + expectedExecutions["authenticationConfig"]["config"][key])
def test_modify_authentication_flow(self): toModify = self.authenticationTestFlows[6].copy() toModify["authenticationExecutions"][0]["authenticationConfig"][ "config"]["defaultProvider"] = "modified value" set_module_args(toModify) with self.assertRaises(AnsibleExitJson) as results: self.module.main() self.assertTrue(results.exception.args[0]['changed']) self.assertEqual( results.exception.args[0]["flow"]["alias"], toModify["alias"], results.exception.args[0]["flow"]["alias"] + "is not" + toModify["alias"]) for expectedExecutions in toModify["authenticationExecutions"]: executionFound = False for execution in results.exception.args[0]["flow"][ "authenticationExecutions"]: if "providerId" in execution and execution[ "providerId"] == expectedExecutions["providerId"]: executionFound = True break self.assertTrue( executionFound, "Execution " + expectedExecutions["providerId"] + " not found") self.assertEqual( execution["requirement"], expectedExecutions["requirement"], execution["requirement"] + " is not equals to " + expectedExecutions["requirement"]) for key in expectedExecutions["authenticationConfig"]["config"]: self.assertEqual( expectedExecutions["authenticationConfig"]["config"][key], execution["authenticationConfig"]["config"][key], execution["authenticationConfig"]["config"][key] + " is not equals to " + expectedExecutions["authenticationConfig"]["config"][key])
def test_add_client_scope_mappings_roles(self): toAddnewClientScopeMappings = self.testClients[8].copy() newClientScopeMappings = { "realm": [{ "name": "admin", "state": "present" }, { "name": "offline_access", "state": "present" }], "clients": [{ "id": "master-realm", "roles": [{ "name": "view-events" }, { "name": "manage-clients" }] }, { "id": "master-realm", "roles": [{ "name": "view-clients", "state": "present" }, { "name": "view-realm" }] }] } toAddnewClientScopeMappings["scope_mappings"] = newClientScopeMappings set_module_args(toAddnewClientScopeMappings) with self.assertRaises(AnsibleExitJson) as results: self.module.main() self.assertTrue(results.exception.args[0]['changed'])
def test_idp_not_changed(self): toDoNotChange = self.testIDPs[1].copy() set_module_args(toDoNotChange) with self.assertRaises(AnsibleExitJson) as results: self.module.main() self.assertFalse(results.exception.args[0]['changed']) self.assertEqual( results.exception.args[0]['idp']['alias'], toDoNotChange['alias'], 'Alias = ' + results.exception.args[0]['idp']['alias']) for mapperToDoNotChange in toDoNotChange["mappers"]: mapperFound = False for mapper in results.exception.args[0]['mappers']: if mapper["name"] == mapperToDoNotChange["name"]: mapperFound = True self.assertEqual( mapper["identityProviderMapper"], mapperToDoNotChange["identityProviderMapper"], "identityProviderMapper: " + mapper["identityProviderMapper"] + "not equal " + mapperToDoNotChange["identityProviderMapper"]) self.assertDictEqual(mapper["config"], mapperToDoNotChange["config"], "config: " + str( mapper["config"]) + "not equal " + str(mapperToDoNotChange["config"])) self.assertTrue( mapperFound, "mapper " + mapperToDoNotChange["name"] + " not found")
def test_delete_role(self): toDelete = self.testRoles[4].copy() toDelete["state"] = "absent" set_module_args(toDelete) with self.assertRaises(AnsibleExitJson) as results: self.module.main() self.assertTrue(results.exception.args[0]['changed']) self.assertRegexpMatches( results.exception.args[0]['msg'], 'deleted', 'Realm role not deleted') try: getResponse = requests.get( self.roleSvcBaseUrl, headers=self.headers) keycloakRoles = getResponse.json() roleFound = False for keycloakRole in keycloakRoles: if keycloakRole["name"] == toDelete["name"]: roleFound = True break self.assertFalse( roleFound, 'role ' + toDelete["name"] + ' not deleted') except requests.exceptions.RequestException as e: print(str(e))
def test_modify_role_two_client_role_with_same_name(self): newToChangeTwoRoles = self.testRoles[5].copy() newToChangeTwoRoles["description"] = newToChangeTwoRoles["description"] + " modified" newToChangeTwoRoles["composites"] = [ { "clientId": "test2", "name": "admin" }, { "clientId": "test2", "name": "manager" } ] set_module_args(newToChangeTwoRoles) with self.assertRaises(AnsibleExitJson) as results: self.module.main() self.assertTrue(results.exception.args[0]['changed']) self.assertTrue( isDictEquals( newToChangeTwoRoles, results.exception.args[0]['role'], self.roleExcudes), 'Realm role modified two client roles does not comply to specifications.') newComposites = [] for composite in self.testRoles[5]["composites"]: newComposites.append(composite) for composite in newToChangeTwoRoles["composites"]: newComposites.append(composite) self.assertTrue( isDictEquals( newComposites, results.exception.args[0]['composites'], self.roleExcudes), 'Realm role composites modified two client roles does not comply to specifications.')
def test_change_client_secret_without_alias(self): toChangeSecret = dict( auth_username="******", auth_password="******", realm="master", auth_keycloak_url="http://localhost:18081/auth", config=dict( clientId="test4", clientSecret="CeciEstMonSecret" ), state="present", force=False ) set_module_args(toChangeSecret) with self.assertRaises(AnsibleFailJson) as results: self.module.main() self.assertTrue( results.exception.args[0]['failed'], 'Test has not failed has it is supposed to.') self.assertRegexpMatches( results.exception.args[0]['msg'], 'missing required arguments', 'Wrong error message: ' + results.exception.args[0]['msg'])
def test_modify_idp_force(self): newToChange = self.testIDPs[3].copy() newToChange["force"] = True set_module_args(newToChange) with self.assertRaises(AnsibleExitJson) as results: self.module.main() self.assertTrue(results.exception.args[0]['changed']) self.assertEqual( results.exception.args[0]['idp']['alias'], newToChange["alias"], 'Alias = ' + results.exception.args[0]['idp']['alias']) self.assertFalse( results.exception.args[0]['idp']['storeToken'], 'storeToken should be false : ' + str( results.exception.args[0]['idp']['storeToken'])) self.assertEqual( results.exception.args[0]['idp']['firstBrokerLoginFlowAlias'], newToChange["firstBrokerLoginFlowAlias"], "firstBrokerLoginFlowAlias: " + results.exception.args[0]['idp']['firstBrokerLoginFlowAlias']) self.assertEqual( results.exception.args[0]['idp']['config']['guiOrder'], newToChange["config"]["guiOrder"], "GuiOrder: " + results.exception.args[0]['idp']['config']['guiOrder'])
def setUp(self): super(KeycloakIdentityProviderTestCase, self).setUp() self.module = keycloak_identity_provider for idp in self.testIDPs: set_module_args(idp) with self.assertRaises(AnsibleExitJson) as results: self.module.main()
def tearDown(self): for client in self.testClients: toDelete = client.copy() toDelete["state"] = "absent" set_module_args(toDelete) with self.assertRaises(AnsibleExitJson) as results: self.module.main() super(KeycloakClientTestCase, self).tearDown()
def test_delete_inexisting_authentication_flow(self): toDelete = self.authenticationTestFlows[8].copy() set_module_args(toDelete) with self.assertRaises(AnsibleExitJson) as results: self.module.main() self.assertFalse(results.exception.args[0]['changed']) self.assertRegex(results.exception.args[0]['msg'], 'absent', 'authentication flow is not absent')
def test_change_client_secret(self): toChangeSecret = self.testIDPs[7].copy() toChangeSecret["config"]["clientId"] = "test4" toChangeSecret["config"]["clientSecret"] = "CeciEstMonSecret" set_module_args(toChangeSecret) with self.assertRaises(AnsibleExitJson) as results: self.module.main() self.assertTrue(results.exception.args[0]['changed'])
def test_modify_idp_mappers(self): newToChange = { "auth_username": "******", "auth_password": "******", "realm": "master", "auth_keycloak_url": "http://localhost:18081/auth", "alias": "test_modify_idp_mappers", "providerId": "oidc", "mappers": [ { "name": "test24", "identityProviderMapper": "oidc-user-attribute-idp-mapper", "config": { "claim": "newTest", "user.attribute": "lastname" } }, { "name": "test25", "identityProviderMapper": "oidc-role-idp-mapper", "config": { "claim": "claimName", "claim.value": "valueThatGiveRole", "role": "roleName" } } ], "state": "present", "force": False } set_module_args(newToChange) with self.assertRaises(AnsibleExitJson) as results: self.module.main() self.assertTrue(results.exception.args[0]['changed']) self.assertEqual( results.exception.args[0]['idp']['alias'], newToChange["alias"], 'Alias = ' + results.exception.args[0]['idp']['alias']) for mapperToChange in newToChange["mappers"]: mapperFound = False for mapper in results.exception.args[0]['mappers']: if mapper["name"] == mapperToChange["name"]: mapperFound = True self.assertEqual( mapper["identityProviderMapper"], mapperToChange["identityProviderMapper"], "identityProviderMapper: " + mapper["identityProviderMapper"] + "not equal " + mapperToChange["identityProviderMapper"]) self.assertDictEqual(mapper["config"], mapperToChange["config"], "config: " + str( mapper["config"]) + "not equal " + str(mapperToChange["config"])) self.assertTrue( mapperFound, "mapper " + mapperToChange["name"] + " not found")
def test_delete_authentication_flow(self): toDelete = self.authenticationTestFlows[7].copy() toDelete['state'] = 'absent' set_module_args(toDelete) with self.assertRaises(AnsibleExitJson) as results: self.module.main() self.assertTrue(results.exception.args[0]['changed']) self.assertRegex(results.exception.args[0]['msg'], 'deleted', 'authentication flow not deleted')
def setUp(self): super(KeycloakRoleTestCase, self).setUp() username = "******" password = "******" self.roleSvcBaseUrl = self.url + "/auth/admin/realms/master/roles/" # Create Clients try: self.headers = get_token( base_url=self.url + '/auth', auth_realm="master", client_id="admin-cli", auth_username=username, auth_password=password, validate_certs=False, client_secret=None) clientSvcBaseUrl = self.url + "/auth/admin/realms/master/clients/" for testClient in self.testClients: getResponse = requests.get( clientSvcBaseUrl, headers=self.headers, params={ 'clientId': testClient["clientId"]}) if len(getResponse.json()) == 0: clientData = json.dumps(testClient) requests.post( clientSvcBaseUrl, headers=self.headers, data=clientData) getResponse = requests.get( clientSvcBaseUrl, headers=self.headers, params={ 'clientId': testClient["clientId"]}) clientRepresentation = getResponse.json()[0] else: clientRepresentation = getResponse.json()[0] getResponse = requests.get( clientSvcBaseUrl, headers=self.headers, params={ 'clientId': testClient["clientId"]}) clientRepresentation = getResponse.json()[0] for clientRole in self.clientRoles: roleData = json.dumps(clientRole) requests.post( clientSvcBaseUrl + clientRepresentation['id'] + '/roles', headers=self.headers, data=roleData) except requests.exceptions.RequestException as e: print(str(e)) self.module = keycloak_role for role in self.testRoles: set_module_args(role) with self.assertRaises(AnsibleExitJson) as results: self.module.main()
def test_create_client(self): toCreate = self.testClients[6].copy() toCreate["state"] = "present" set_module_args(toCreate) with self.assertRaises(AnsibleExitJson) as results: self.module.main() self.assertTrue(results.exception.args[0]['end_state']['enabled']) self.assertTrue(results.exception.args[0]['changed']) self.assertTrue('clientSecret' in results.exception.args[0]) OrderdRoles = sorted( results.exception.args[0]['end_state']['clientRoles'], key=lambda k: k['name']) self.assertEqual(OrderdRoles[0]['name'], toCreate["roles"][0]['name'], "roles : " + OrderdRoles[0]['name']) self.assertEqual(OrderdRoles[1]['name'], toCreate["roles"][1]['name'], "roles : " + OrderdRoles[1]['name']) for newComposite in toCreate["roles"][1]['composites']: compositeFound = False for createdComposite in OrderdRoles[1]['composites']: if "id" in newComposite and newComposite[ "id"] == createdComposite['id'] and newComposite[ "name"] == createdComposite['name']: compositeFound = True elif newComposite["name"] == createdComposite['name']: compositeFound = True if "id" in newComposite: message = "Composite: id:" + \ newComposite["id"] + " name:" + newComposite["name"] + " not found" else: message = "Composite: name:" + \ newComposite["name"] + " not found" self.assertTrue(compositeFound, message) self.assertEqual( results.exception.args[0]['end_state']['redirectUris'].sort(), toCreate["redirectUris"].sort(), "redirectUris: " + str(results.exception.args[0]['end_state']['redirectUris'].sort())) for toCreateMapper in toCreate["protocolMappers"]: mapperFound = False for mapper in results.exception.args[0]['end_state'][ 'protocolMappers']: if mapper["name"] == toCreateMapper["name"]: mapperFound = True break self.assertTrue(mapperFound, "no mapper found: " + toCreateMapper["name"]) if mapperFound: self.assertEqual( mapper["config"]["claim.name"], toCreateMapper["config"]["claim.name"], "claim.name: " + toCreateMapper["config"]["claim.name"] + ": " + mapper["config"]["claim.name"]) self.assertEqual( mapper["config"]["user.attribute"], toCreateMapper["config"]["user.attribute"], "user.attribute: " + mapper["config"]["user.attribute"] + ": " + mapper["config"]["user.attribute"])
def test_delete_client(self): toDeleteClient = self.testClients[5].copy() toDeleteClient["state"] = "absent" set_module_args(toDeleteClient) with self.assertRaises(AnsibleExitJson) as results: self.module.main() self.assertTrue(results.exception.args[0]['changed']) self.assertRegexpMatches(results.exception.args[0]['msg'], 'deleted', 'client not deleted')
def test_delete_realm(self): toDelete = self.toDeleteRealm.copy() toDelete["state"] = "absent" set_module_args(toDelete) with self.assertRaises(AnsibleExitJson) as results: self.module.main() self.assertTrue(results.exception.args[0]['changed']) self.assertRegexpMatches(results.exception.args[0]['msg'], 'deleted', 'Realm not deleted')
def test_delete_component_ldap_user_storage_provider(self): toDelete = self.testComponents[4].copy() toDelete["state"] = "absent" set_module_args(toDelete) with self.assertRaises(AnsibleExitJson) as results: self.module.main() self.assertTrue(results.exception.args[0]['changed']) self.assertRegexpMatches(results.exception.args[0]['msg'], 'deleted', 'component not deleted')
def tearDown(self): self.module = keycloak_identity_provider for idp in self.testIDPs: toDelete = idp.copy() toDelete["state"] = "absent" set_module_args(toDelete) with self.assertRaises(AnsibleExitJson) as results: self.module.main() super(KeycloakIdentityProviderTestCase, self).tearDown()
def tearDown(self): self.module = keycloak_component for component in self.testComponents: toDeleteComponent = component.copy() toDeleteComponent["state"] = "absent" set_module_args(toDeleteComponent) with self.assertRaises(AnsibleExitJson) as results: self.module.main() super(KeycloakComponentTestCase, self).tearDown()
def test_sync_ldap_user_storage_provider(self): toModify = self.testComponents[5].copy() toModify["syncLdapMappers"] = "fedToKeycloak" toModify["syncUserStorage"] = "triggerFullSync" toModify["state"] = "present" set_module_args(toModify) with self.assertRaises(AnsibleExitJson) as results: self.module.main() self.assertTrue(results.exception.args[0]['changed'])
def tearDown(self): self.module = keycloak_authentication for flow in self.authenticationTestFlows: flowToDelete = flow.copy() flowToDelete["state"] = "absent" set_module_args(flowToDelete) with self.assertRaises(AnsibleExitJson) as results: self.module.main() super(KeycloakAuthenticationTestCase, self).tearDown()
def test_modify_component_ldap_user_storage_provider_force(self): toModify = self.testComponents[3].copy() toModify['force'] = True set_module_args(toModify) with self.assertRaises(AnsibleExitJson) as results: self.module.main() self.assertTrue(results.exception.args[0]['changed']) self.assertEqual( results.exception.args[0]['component']['name'], toModify['name'], "name: " + results.exception.args[0]['component']['name']) self.assertEqual( results.exception.args[0]['component']['config']['vendor'][0], toModify['config']['vendor'][0], "vendor: " + results.exception.args[0]['component']['config']['vendor'][0]) self.assertEqual( results.exception.args[0]['component']['config']['connectionUrl'] [0], toModify['config']['connectionUrl'][0], "connectionUrl: " + results.exception.args[0]['component'] ['config']['connectionUrl'][0]) subComponentFound = False subComponent = {} for subComponent in results.exception.args[0]['subComponents']: if subComponent["name"] == toModify["subComponents"][ "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"][0][ "name"]: subComponentFound = True break self.assertTrue(subComponentFound, "Sub component not found in the sub components") self.assertEqual( subComponent["config"]["groups.dn"][0], toModify["subComponents"] ["org.keycloak.storage.ldap.mappers.LDAPStorageMapper"][0] ["config"]["groups.dn"][0], "groups.dn: " + subComponent["config"]["groups.dn"][0] + ": " + toModify["subComponents"] ["org.keycloak.storage.ldap.mappers.LDAPStorageMapper"][0] ["config"]["groups.dn"][0]) subComponentFound = False for subComponent in results.exception.args[0]['subComponents']: if subComponent["name"] == toModify["subComponents"][ "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"][1][ "name"]: subComponentFound = True break self.assertTrue(subComponentFound, "Sub component not found in the sub components") self.assertEqual( subComponent["config"]["groups.dn"][0], toModify["subComponents"] ["org.keycloak.storage.ldap.mappers.LDAPStorageMapper"][1] ["config"]["groups.dn"][0], "groups.dn: " + subComponent["config"]["groups.dn"][0] + ": " + toModify["subComponents"] ["org.keycloak.storage.ldap.mappers.LDAPStorageMapper"][1] ["config"]["groups.dn"][0])