Mirror
/
python-keycloak
mirror of https://github.com/marcospereirampj/python-keycloak.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
877 Commits
14 Branches
95 Tags
15 MiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
python-keycloak/tests/conftest.py

602 lines
17 KiB
Raw Permalink Normal View History

test: added auth_url and token tests, more structure to fixtures
2 years ago
fix: linting
2 years ago
feat: initial setup of CICD and linting
2 years ago
fix: moved imports at the top of the file
2 years ago
test: added missing tests
3 weeks ago
fix: moved imports at the top of the file
2 years ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
fix: linting
2 years ago
fix: moved imports at the top of the file
2 years ago
feat: initial setup of CICD and linting
2 years ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: initial setup of CICD and linting
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: initial setup of CICD and linting
2 years ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
feat: realm changing helpers
6 months ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
feat: realm changing helpers
6 months ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
test: Tests with Keycloak 24 (#535)
1 month ago
test: added more openid tests
2 years ago
test: updated docstrings to pass checks
2 years ago
test: added more openid tests
2 years ago
feat: realm changing helpers
6 months ago
test: added more openid tests
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added load authorization config test
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: Tests with Keycloak 24 (#535)
1 month ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: added missing tests
3 weeks ago
test: updated docstrings to pass checks
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: added missing tests
3 weeks ago
test: updated docstrings to pass checks
2 years ago
feat: realm changing helpers
6 months ago
feat: initial setup of CICD and linting
2 years ago
test: added missing tests
3 weeks ago
test: updated docstrings to pass checks
2 years ago
feat: realm changing helpers
6 months ago
feat: initial setup of CICD and linting
2 years ago
test: added missing tests
3 weeks ago
test: updated docstrings to pass checks
2 years ago
feat: realm changing helpers
6 months ago
feat: initial setup of CICD and linting
2 years ago
feat: add unit tests
2 years ago
test: added missing tests
3 weeks ago
test: updated docstrings to pass checks
2 years ago
feat: realm changing helpers
6 months ago
feat: add unit tests
2 years ago
test: added missing tests
3 weeks ago
test: updated docstrings to pass checks
2 years ago
feat: realm changing helpers
6 months ago
feat: add unit tests
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: add unit tests
2 years ago
fix: applied tox linting check
2 years ago
feat: add unit tests
2 years ago
fix: applied tox linting check
2 years ago
feat: add unit tests
2 years ago
fix: applied tox linting check
2 years ago
feat: add unit tests
2 years ago
feat: add Keycloak UMA client (#403)
1 year ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
feat: add Keycloak UMA client (#403)
1 year ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
feat: add Keycloak UMA client (#403)
1 year ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
feat: add Keycloak UMA client (#403)
1 year ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
  1. """Fixtures for tests."""
  3. import ipaddress
  4. import os
  5. import uuid
  6. from datetime import datetime, timedelta
  7. from typing import Generator, Tuple
  9. import freezegun
  10. import pytest
  11. from cryptography import x509
  12. from cryptography.hazmat.backends import default_backend
  13. from cryptography.hazmat.primitives import hashes, serialization
  14. from cryptography.hazmat.primitives.asymmetric import rsa
  15. from cryptography.x509.oid import NameOID
  17. from keycloak import KeycloakAdmin, KeycloakOpenID, KeycloakOpenIDConnection, KeycloakUMA
  20. class KeycloakTestEnv(object):
  21. """Wrapper for test Keycloak connection configuration.
  23. :param host: Hostname
  24. :type host: str
  25. :param port: Port
  26. :type port: str
  27. :param username: Admin username
  28. :type username: str
  29. :param password: Admin password
  30. :type password: str
  31. """
  33. def __init__(
  34. self,
  35. host: str = os.environ["KEYCLOAK_HOST"],
  36. port: str = os.environ["KEYCLOAK_PORT"],
  37. username: str = os.environ["KEYCLOAK_ADMIN"],
  38. password: str = os.environ["KEYCLOAK_ADMIN_PASSWORD"],
  39. ):
  40. """Init method.
  42. :param host: Hostname
  43. :type host: str
  44. :param port: Port
  45. :type port: str
  46. :param username: Admin username
  47. :type username: str
  48. :param password: Admin password
  49. :type password: str
  50. """
  51. self.KEYCLOAK_HOST = host
  52. self.KEYCLOAK_PORT = port
  53. self.KEYCLOAK_ADMIN = username
  54. self.KEYCLOAK_ADMIN_PASSWORD = password
  56. @property
  57. def KEYCLOAK_HOST(self):
  58. """Hostname getter.
  60. :returns: Keycloak host
  61. :rtype: str
  62. """
  63. return self._KEYCLOAK_HOST
  65. @KEYCLOAK_HOST.setter
  66. def KEYCLOAK_HOST(self, value: str):
  67. """Hostname setter.
  69. :param value: Keycloak host
  70. :type value: str
  71. """
  72. self._KEYCLOAK_HOST = value
  74. @property
  75. def KEYCLOAK_PORT(self):
  76. """Port getter.
  78. :returns: Keycloak port
  79. :rtype: str
  80. """
  81. return self._KEYCLOAK_PORT
  83. @KEYCLOAK_PORT.setter
  84. def KEYCLOAK_PORT(self, value: str):
  85. """Port setter.
  87. :param value: Keycloak port
  88. :type value: str
  89. """
  90. self._KEYCLOAK_PORT = value
  92. @property
  93. def KEYCLOAK_ADMIN(self):
  94. """Admin username getter.
  96. :returns: Admin username
  97. :rtype: str
  98. """
  99. return self._KEYCLOAK_ADMIN
  101. @KEYCLOAK_ADMIN.setter
  102. def KEYCLOAK_ADMIN(self, value: str):
  103. """Admin username setter.
  105. :param value: Admin username
  106. :type value: str
  107. """
  108. self._KEYCLOAK_ADMIN = value
  110. @property
  111. def KEYCLOAK_ADMIN_PASSWORD(self):
  112. """Admin password getter.
  114. :returns: Admin password
  115. :rtype: str
  116. """
  117. return self._KEYCLOAK_ADMIN_PASSWORD
  119. @KEYCLOAK_ADMIN_PASSWORD.setter
  120. def KEYCLOAK_ADMIN_PASSWORD(self, value: str):
  121. """Admin password setter.
  123. :param value: Admin password
  124. :type value: str
  125. """
  126. self._KEYCLOAK_ADMIN_PASSWORD = value
  129. @pytest.fixture
  130. def env():
  131. """Fixture for getting the test environment configuration object.
  133. :returns: Keycloak test environment object
  134. :rtype: KeycloakTestEnv
  135. """
  136. return KeycloakTestEnv()
  139. @pytest.fixture
  140. def admin(env: KeycloakTestEnv):
  141. """Fixture for initialized KeycloakAdmin class.
  143. :param env: Keycloak test environment
  144. :type env: KeycloakTestEnv
  145. :returns: Keycloak admin
  146. :rtype: KeycloakAdmin
  147. """
  148. return KeycloakAdmin(
  149. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  150. username=env.KEYCLOAK_ADMIN,
  151. password=env.KEYCLOAK_ADMIN_PASSWORD,
  152. )
  155. @pytest.fixture
  156. @freezegun.freeze_time("2023-02-25 10:00:00")
  157. def admin_frozen(env: KeycloakTestEnv):
  158. """Fixture for initialized KeycloakAdmin class, with time frozen.
  160. :param env: Keycloak test environment
  161. :type env: KeycloakTestEnv
  162. :returns: Keycloak admin
  163. :rtype: KeycloakAdmin
  164. """
  165. return KeycloakAdmin(
  166. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  167. username=env.KEYCLOAK_ADMIN,
  168. password=env.KEYCLOAK_ADMIN_PASSWORD,
  169. )
  172. @pytest.fixture
  173. def oid(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin):
  174. """Fixture for initialized KeycloakOpenID class.
  176. :param env: Keycloak test environment
  177. :type env: KeycloakTestEnv
  178. :param realm: Keycloak realm
  179. :type realm: str
  180. :param admin: Keycloak admin
  181. :type admin: KeycloakAdmin
  182. :yields: Keycloak OpenID client
  183. :rtype: KeycloakOpenID
  184. """
  185. # Set the realm
  186. admin.change_current_realm(realm)
  187. # Create client
  188. client = str(uuid.uuid4())
  189. client_id = admin.create_client(
  190. payload={
  191. "name": client,
  192. "clientId": client,
  193. "enabled": True,
  194. "publicClient": True,
  195. "protocol": "openid-connect",
  196. }
  197. )
  198. # Return OID
  199. yield KeycloakOpenID(
  200. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  201. realm_name=realm,
  202. client_id=client,
  203. )
  204. # Cleanup
  205. admin.delete_client(client_id=client_id)
  208. @pytest.fixture
  209. def oid_with_credentials(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin):
  210. """Fixture for an initialized KeycloakOpenID class and a random user credentials.
  212. :param env: Keycloak test environment
  213. :type env: KeycloakTestEnv
  214. :param realm: Keycloak realm
  215. :type realm: str
  216. :param admin: Keycloak admin
  217. :type admin: KeycloakAdmin
  218. :yields: Keycloak OpenID client with user credentials
  219. :rtype: Tuple[KeycloakOpenID, str, str]
  220. """
  221. # Set the realm
  222. admin.change_current_realm(realm)
  223. # Create client
  224. client = str(uuid.uuid4())
  225. secret = str(uuid.uuid4())
  226. client_id = admin.create_client(
  227. payload={
  228. "name": client,
  229. "clientId": client,
  230. "enabled": True,
  231. "publicClient": False,
  232. "protocol": "openid-connect",
  233. "secret": secret,
  234. "clientAuthenticatorType": "client-secret",
  235. }
  236. )
  237. # Create user
  238. username = str(uuid.uuid4())
  239. password = str(uuid.uuid4())
  240. user_id = admin.create_user(
  241. payload={
  242. "username": username,
  243. "email": f"{username}@test.test",
  244. "enabled": True,
  245. "firstName": "first",
  246. "lastName": "last",
  247. "emailVerified": True,
  248. "requiredActions": [],
  249. "credentials": [{"type": "password", "value": password, "temporary": False}],
  250. }
  251. )
  253. yield (
  254. KeycloakOpenID(
  255. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  256. realm_name=realm,
  257. client_id=client,
  258. client_secret_key=secret,
  259. ),
  260. username,
  261. password,
  262. )
  264. # Cleanup
  265. admin.delete_client(client_id=client_id)
  266. admin.delete_user(user_id=user_id)
  269. @pytest.fixture
  270. def oid_with_credentials_authz(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin):
  271. """Fixture for an initialized KeycloakOpenID class and a random user credentials.
  273. :param env: Keycloak test environment
  274. :type env: KeycloakTestEnv
  275. :param realm: Keycloak realm
  276. :type realm: str
  277. :param admin: Keycloak admin
  278. :type admin: KeycloakAdmin
  279. :yields: Keycloak OpenID client configured as an authorization server with client credentials
  280. :rtype: Tuple[KeycloakOpenID, str, str]
  281. """
  282. # Set the realm
  283. admin.change_current_realm(realm)
  284. # Create client
  285. client = str(uuid.uuid4())
  286. secret = str(uuid.uuid4())
  287. client_id = admin.create_client(
  288. payload={
  289. "name": client,
  290. "clientId": client,
  291. "enabled": True,
  292. "publicClient": False,
  293. "protocol": "openid-connect",
  294. "secret": secret,
  295. "clientAuthenticatorType": "client-secret",
  296. "authorizationServicesEnabled": True,
  297. "serviceAccountsEnabled": True,
  298. }
  299. )
  300. admin.create_client_authz_role_based_policy(
  301. client_id=client_id,
  302. payload={
  303. "name": "test-authz-rb-policy",
  304. "roles": [{"id": admin.get_realm_role(role_name="offline_access")["id"]}],
  305. },
  306. )
  307. # Create user
  308. username = str(uuid.uuid4())
  309. password = str(uuid.uuid4())
  310. user_id = admin.create_user(
  311. payload={
  312. "username": username,
  313. "email": f"{username}@test.test",
  314. "enabled": True,
  315. "emailVerified": True,
  316. "firstName": "first",
  317. "lastName": "last",
  318. "requiredActions": [],
  319. "credentials": [{"type": "password", "value": password, "temporary": False}],
  320. }
  321. )
  323. yield (
  324. KeycloakOpenID(
  325. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  326. realm_name=realm,
  327. client_id=client,
  328. client_secret_key=secret,
  329. ),
  330. username,
  331. password,
  332. )
  334. # Cleanup
  335. admin.delete_client(client_id=client_id)
  336. admin.delete_user(user_id=user_id)
  339. @pytest.fixture
  340. def oid_with_credentials_device(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin):
  341. """Fixture for an initialized KeycloakOpenID class and a random user credentials.
  343. :param env: Keycloak test environment
  344. :type env: KeycloakTestEnv
  345. :param realm: Keycloak realm
  346. :type realm: str
  347. :param admin: Keycloak admin
  348. :type admin: KeycloakAdmin
  349. :yields: Keycloak OpenID client with user credentials
  350. :rtype: Tuple[KeycloakOpenID, str, str]
  351. """
  352. # Set the realm
  353. admin.change_current_realm(realm)
  354. # Create client
  355. client = str(uuid.uuid4())
  356. secret = str(uuid.uuid4())
  357. client_id = admin.create_client(
  358. payload={
  359. "name": client,
  360. "clientId": client,
  361. "enabled": True,
  362. "publicClient": False,
  363. "protocol": "openid-connect",
  364. "secret": secret,
  365. "clientAuthenticatorType": "client-secret",
  366. "attributes": {"oauth2.device.authorization.grant.enabled": True},
  367. }
  368. )
  369. # Create user
  370. username = str(uuid.uuid4())
  371. password = str(uuid.uuid4())
  372. user_id = admin.create_user(
  373. payload={
  374. "username": username,
  375. "email": f"{username}@test.test",
  376. "enabled": True,
  377. "firstName": "first",
  378. "lastName": "last",
  379. "emailVerified": True,
  380. "requiredActions": [],
  381. "credentials": [{"type": "password", "value": password, "temporary": False}],
  382. }
  383. )
  385. yield (
  386. KeycloakOpenID(
  387. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  388. realm_name=realm,
  389. client_id=client,
  390. client_secret_key=secret,
  391. ),
  392. username,
  393. password,
  394. )
  396. # Cleanup
  397. admin.delete_client(client_id=client_id)
  398. admin.delete_user(user_id=user_id)
  401. @pytest.fixture
  402. def realm(admin: KeycloakAdmin) -> Generator[str, None, None]:
  403. """Fixture for a new random realm.
  405. :param admin: Keycloak admin
  406. :type admin: KeycloakAdmin
  407. :yields: Keycloak realm
  408. :rtype: str
  409. """
  410. realm_name = str(uuid.uuid4())
  411. admin.create_realm(payload={"realm": realm_name, "enabled": True})
  412. yield realm_name
  413. admin.delete_realm(realm_name=realm_name)
  416. @pytest.fixture
  417. def user(admin: KeycloakAdmin, realm: str) -> Generator[str, None, None]:
  418. """Fixture for a new random user.
  420. :param admin: Keycloak admin
  421. :type admin: KeycloakAdmin
  422. :param realm: Keycloak realm
  423. :type realm: str
  424. :yields: Keycloak user
  425. :rtype: str
  426. """
  427. admin.change_current_realm(realm)
  428. username = str(uuid.uuid4())
  429. user_id = admin.create_user(payload={"username": username, "email": f"{username}@test.test"})
  430. yield user_id
  431. admin.delete_user(user_id=user_id)
  434. @pytest.fixture
  435. def group(admin: KeycloakAdmin, realm: str) -> Generator[str, None, None]:
  436. """Fixture for a new random group.
  438. :param admin: Keycloak admin
  439. :type admin: KeycloakAdmin
  440. :param realm: Keycloak realm
  441. :type realm: str
  442. :yields: Keycloak group
  443. :rtype: str
  444. """
  445. admin.change_current_realm(realm)
  446. group_name = str(uuid.uuid4())
  447. group_id = admin.create_group(payload={"name": group_name})
  448. yield group_id
  449. admin.delete_group(group_id=group_id)
  452. @pytest.fixture
  453. def client(admin: KeycloakAdmin, realm: str) -> Generator[str, None, None]:
  454. """Fixture for a new random client.
  456. :param admin: Keycloak admin
  457. :type admin: KeycloakAdmin
  458. :param realm: Keycloak realm
  459. :type realm: str
  460. :yields: Keycloak client id
  461. :rtype: str
  462. """
  463. admin.change_current_realm(realm)
  464. client = str(uuid.uuid4())
  465. client_id = admin.create_client(payload={"name": client, "clientId": client})
  466. yield client_id
  467. admin.delete_client(client_id=client_id)
  470. @pytest.fixture
  471. def client_role(admin: KeycloakAdmin, realm: str, client: str) -> Generator[str, None, None]:
  472. """Fixture for a new random client role.
  474. :param admin: Keycloak admin
  475. :type admin: KeycloakAdmin
  476. :param realm: Keycloak realm
  477. :type realm: str
  478. :param client: Keycloak client
  479. :type client: str
  480. :yields: Keycloak client role
  481. :rtype: str
  482. """
  483. admin.change_current_realm(realm)
  484. role = str(uuid.uuid4())
  485. admin.create_client_role(client, {"name": role, "composite": False})
  486. yield role
  487. admin.delete_client_role(client, role)
  490. @pytest.fixture
  491. def composite_client_role(
  492. admin: KeycloakAdmin, realm: str, client: str, client_role: str
  493. ) -> Generator[str, None, None]:
  494. """Fixture for a new random composite client role.
  496. :param admin: Keycloak admin
  497. :type admin: KeycloakAdmin
  498. :param realm: Keycloak realm
  499. :type realm: str
  500. :param client: Keycloak client
  501. :type client: str
  502. :param client_role: Keycloak client role
  503. :type client_role: str
  504. :yields: Composite client role
  505. :rtype: str
  506. """
  507. admin.change_current_realm(realm)
  508. role = str(uuid.uuid4())
  509. admin.create_client_role(client, {"name": role, "composite": True})
  510. role_repr = admin.get_client_role(client, client_role)
  511. admin.add_composite_client_roles_to_role(client, role, roles=[role_repr])
  512. yield role
  513. admin.delete_client_role(client, role)
  516. @pytest.fixture
  517. def selfsigned_cert():
  518. """Generate self signed certificate for a hostname, and optional IP addresses.
  520. :returns: Selfsigned certificate
  521. :rtype: Tuple[str, str]
  522. """
  523. hostname = "testcert"
  524. ip_addresses = None
  525. key = None
  526. # Generate our key
  527. if key is None:
  528. key = rsa.generate_private_key(
  529. public_exponent=65537, key_size=2048, backend=default_backend()
  530. )
  532. name = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, hostname)])
  533. alt_names = [x509.DNSName(hostname)]
  535. # allow addressing by IP, for when you don't have real DNS (common in most testing scenarios
  536. if ip_addresses:
  537. for addr in ip_addresses:
  538. # openssl wants DNSnames for ips...
  539. alt_names.append(x509.DNSName(addr))
  540. # ... whereas golang's crypto/tls is stricter, and needs IPAddresses
  541. # note: older versions of cryptography do not understand ip_address objects
  542. alt_names.append(x509.IPAddress(ipaddress.ip_address(addr)))
  544. san = x509.SubjectAlternativeName(alt_names)
  546. # path_len=0 means this cert can only sign itself, not other certs.
  547. basic_contraints = x509.BasicConstraints(ca=True, path_length=0)
  548. now = datetime.utcnow()
  549. cert = (
  550. x509.CertificateBuilder()
  551. .subject_name(name)
  552. .issuer_name(name)
  553. .public_key(key.public_key())
  554. .serial_number(1000)
  555. .not_valid_before(now)
  556. .not_valid_after(now + timedelta(days=10 * 365))
  557. .add_extension(basic_contraints, False)
  558. .add_extension(san, False)
  559. .sign(key, hashes.SHA256(), default_backend())
  560. )
  561. cert_pem = cert.public_bytes(encoding=serialization.Encoding.PEM)
  562. key_pem = key.private_bytes(
  563. encoding=serialization.Encoding.PEM,
  564. format=serialization.PrivateFormat.TraditionalOpenSSL,
  565. encryption_algorithm=serialization.NoEncryption(),
  566. )
  568. return cert_pem, key_pem
  571. @pytest.fixture
  572. def oid_connection_with_authz(oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]):
  573. """Fixture for initialized KeycloakUMA class.
  575. :param oid_with_credentials_authz: Keycloak OpenID client with pre-configured user credentials
  576. :type oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]
  577. :yields: Keycloak OpenID connection manager
  578. :rtype: KeycloakOpenIDConnection
  579. """
  580. oid, _, _ = oid_with_credentials_authz
  581. connection = KeycloakOpenIDConnection(
  582. server_url=oid.connection.base_url,
  583. realm_name=oid.realm_name,
  584. client_id=oid.client_id,
  585. client_secret_key=oid.client_secret_key,
  586. timeout=60,
  587. )
  588. yield connection
  591. @pytest.fixture
  592. def uma(oid_connection_with_authz: KeycloakOpenIDConnection):
  593. """Fixture for initialized KeycloakUMA class.
  595. :param oid_connection_with_authz: Keycloak open id connection with pre-configured authz client
  596. :type oid_connection_with_authz: KeycloakOpenIDConnection
  597. :yields: Keycloak OpenID client
  598. :rtype: KeycloakOpenID
  599. """
  600. connection = oid_connection_with_authz
  601. # Return UMA
  602. yield KeycloakUMA(connection=connection)