Mirror
/
python-keycloak
mirror of https://github.com/marcospereirampj/python-keycloak.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
942 Commits
13 Branches
120 Tags
21 MiB
Tree: 17d7d9cf37
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '17d7d9cf37'
${ noResults }
python-keycloak/tests/conftest.py

608 lines
17 KiB
Raw Normal View History

test: added auth_url and token tests, more structure to fixtures
3 years ago
fix: linting
3 years ago
feat: initial setup of CICD and linting
3 years ago
fix: ruffing up
1 month ago
fix: moved imports at the top of the file
3 years ago
fix: ruffing up
1 month ago
fix: moved imports at the top of the file
3 years ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
2 years ago
fix: linting
3 years ago
fix: moved imports at the top of the file
3 years ago
feat: initial setup of CICD and linting
3 years ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
2 years ago
refactor: slight restructure of the base fixtures
3 years ago
fix: ruffing up
1 month ago
test: added auth_url and token tests, more structure to fixtures
3 years ago
refactor: slight restructure of the base fixtures
3 years ago
test: updated docstrings to pass checks
3 years ago
refactor: slight restructure of the base fixtures
3 years ago
test: updated docstrings to pass checks
3 years ago
refactor: slight restructure of the base fixtures
3 years ago
test: updated docstrings to pass checks
3 years ago
refactor: slight restructure of the base fixtures
3 years ago
test: updated docstrings to pass checks
3 years ago
refactor: slight restructure of the base fixtures
3 years ago
test: updated docstrings to pass checks
3 years ago
refactor: slight restructure of the base fixtures
3 years ago
test: updated docstrings to pass checks
3 years ago
refactor: slight restructure of the base fixtures
3 years ago
test: updated docstrings to pass checks
3 years ago
refactor: slight restructure of the base fixtures
3 years ago
test: updated docstrings to pass checks
3 years ago
refactor: slight restructure of the base fixtures
3 years ago
test: updated docstrings to pass checks
3 years ago
refactor: slight restructure of the base fixtures
3 years ago
feat: initial setup of CICD and linting
3 years ago
test: updated docstrings to pass checks
3 years ago
feat: initial setup of CICD and linting
3 years ago
refactor: slight restructure of the base fixtures
3 years ago
test: updated docstrings to pass checks
3 years ago
feat: initial setup of CICD and linting
3 years ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
2 years ago
refactor: slight restructure of the base fixtures
3 years ago
test: updated docstrings to pass checks
3 years ago
refactor: slight restructure of the base fixtures
3 years ago
feat: realm changing helpers
1 year ago
refactor: slight restructure of the base fixtures
3 years ago
test: added auth_url and token tests, more structure to fixtures
3 years ago
fix: ruffing up
1 month ago
test: added auth_url and token tests, more structure to fixtures
3 years ago
refactor: slight restructure of the base fixtures
3 years ago
test: added auth_url and token tests, more structure to fixtures
3 years ago
test: updated docstrings to pass checks
3 years ago
test: added auth_url and token tests, more structure to fixtures
3 years ago
feat: realm changing helpers
1 year ago
test: added auth_url and token tests, more structure to fixtures
3 years ago
test: added more openid tests
3 years ago
test: added auth_url and token tests, more structure to fixtures
3 years ago
test: added more openid tests
3 years ago
fix: ruffing up
1 month ago
test: added more openid tests
3 years ago
test: Tests with Keycloak 24 (#535)
11 months ago
fix: ruffing up
1 month ago
test: added more openid tests
3 years ago
test: updated docstrings to pass checks
3 years ago
test: added more openid tests
3 years ago
feat: realm changing helpers
1 year ago
test: added more openid tests
3 years ago
test: added auth_url and token tests, more structure to fixtures
3 years ago
test: added more openid tests
3 years ago
fix: ruffing up
1 month ago
test: added auth_url and token tests, more structure to fixtures
3 years ago
test: added load authorization config test
3 years ago
test: added auth_url and token tests, more structure to fixtures
3 years ago
test: Tests with Keycloak 24 (#535)
11 months ago
fix: ruffing up
1 month ago
test: added auth_url and token tests, more structure to fixtures
3 years ago
test: added more openid tests
3 years ago
test: added auth_url and token tests, more structure to fixtures
3 years ago
feat: initial setup of CICD and linting
3 years ago
test: added missing tests
10 months ago
fix: ruffing up
1 month ago
test: added missing tests
10 months ago
fix: ruffing up
1 month ago
test: added missing tests
10 months ago
test: updated docstrings to pass checks
3 years ago
feat: initial setup of CICD and linting
3 years ago
test: added auth_url and token tests, more structure to fixtures
3 years ago
feat: initial setup of CICD and linting
3 years ago
test: added missing tests
10 months ago
test: updated docstrings to pass checks
3 years ago
feat: realm changing helpers
1 year ago
feat: initial setup of CICD and linting
3 years ago
test: added missing tests
10 months ago
test: updated docstrings to pass checks
3 years ago
feat: realm changing helpers
1 year ago
feat: initial setup of CICD and linting
3 years ago
test: added missing tests
10 months ago
test: updated docstrings to pass checks
3 years ago
feat: realm changing helpers
1 year ago
feat: initial setup of CICD and linting
3 years ago
feat: add unit tests
3 years ago
test: added missing tests
10 months ago
test: updated docstrings to pass checks
3 years ago
feat: realm changing helpers
1 year ago
feat: add unit tests
3 years ago
test: added missing tests
10 months ago
fix: ruffing up
1 month ago
test: added missing tests
10 months ago
test: updated docstrings to pass checks
3 years ago
feat: realm changing helpers
1 year ago
feat: add unit tests
3 years ago
test: updated docstrings to pass checks
3 years ago
feat: add unit tests
3 years ago
fix: ruffing up
1 month ago
feat: add unit tests
3 years ago
fix: applied tox linting check
3 years ago
feat: add unit tests
3 years ago
fix: applied tox linting check
3 years ago
feat: add unit tests
3 years ago
feat: add Keycloak UMA client (#403)
2 years ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
2 years ago
feat: add Keycloak UMA client (#403)
2 years ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
2 years ago
fix: ruffing up
1 month ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
2 years ago
feat: add Keycloak UMA client (#403)
2 years ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
2 years ago
feat: add Keycloak UMA client (#403)
2 years ago
fix: ruffing up
1 month ago
  1. """Fixtures for tests."""
  3. import ipaddress
  4. import os
  5. import uuid
  6. from collections.abc import Generator
  7. from datetime import datetime, timedelta
  8. from typing import Tuple
  10. import freezegun
  11. import pytest
  12. from cryptography import x509
  13. from cryptography.hazmat.backends import default_backend
  14. from cryptography.hazmat.primitives import hashes, serialization
  15. from cryptography.hazmat.primitives.asymmetric import rsa
  16. from cryptography.x509.oid import NameOID
  18. from keycloak import KeycloakAdmin, KeycloakOpenID, KeycloakOpenIDConnection, KeycloakUMA
  21. class KeycloakTestEnv:
  22. """Wrapper for test Keycloak connection configuration.
  24. :param host: Hostname
  25. :type host: str
  26. :param port: Port
  27. :type port: str
  28. :param username: Admin username
  29. :type username: str
  30. :param password: Admin password
  31. :type password: str
  32. """
  34. def __init__(
  35. self,
  36. host: str = os.environ["KEYCLOAK_HOST"],
  37. port: str = os.environ["KEYCLOAK_PORT"],
  38. username: str = os.environ["KEYCLOAK_ADMIN"],
  39. password: str = os.environ["KEYCLOAK_ADMIN_PASSWORD"],
  40. ):
  41. """Init method.
  43. :param host: Hostname
  44. :type host: str
  45. :param port: Port
  46. :type port: str
  47. :param username: Admin username
  48. :type username: str
  49. :param password: Admin password
  50. :type password: str
  51. """
  52. self.KEYCLOAK_HOST = host
  53. self.KEYCLOAK_PORT = port
  54. self.KEYCLOAK_ADMIN = username
  55. self.KEYCLOAK_ADMIN_PASSWORD = password
  57. @property
  58. def KEYCLOAK_HOST(self):
  59. """Hostname getter.
  61. :returns: Keycloak host
  62. :rtype: str
  63. """
  64. return self._KEYCLOAK_HOST
  66. @KEYCLOAK_HOST.setter
  67. def KEYCLOAK_HOST(self, value: str):
  68. """Hostname setter.
  70. :param value: Keycloak host
  71. :type value: str
  72. """
  73. self._KEYCLOAK_HOST = value
  75. @property
  76. def KEYCLOAK_PORT(self):
  77. """Port getter.
  79. :returns: Keycloak port
  80. :rtype: str
  81. """
  82. return self._KEYCLOAK_PORT
  84. @KEYCLOAK_PORT.setter
  85. def KEYCLOAK_PORT(self, value: str):
  86. """Port setter.
  88. :param value: Keycloak port
  89. :type value: str
  90. """
  91. self._KEYCLOAK_PORT = value
  93. @property
  94. def KEYCLOAK_ADMIN(self):
  95. """Admin username getter.
  97. :returns: Admin username
  98. :rtype: str
  99. """
  100. return self._KEYCLOAK_ADMIN
  102. @KEYCLOAK_ADMIN.setter
  103. def KEYCLOAK_ADMIN(self, value: str):
  104. """Admin username setter.
  106. :param value: Admin username
  107. :type value: str
  108. """
  109. self._KEYCLOAK_ADMIN = value
  111. @property
  112. def KEYCLOAK_ADMIN_PASSWORD(self):
  113. """Admin password getter.
  115. :returns: Admin password
  116. :rtype: str
  117. """
  118. return self._KEYCLOAK_ADMIN_PASSWORD
  120. @KEYCLOAK_ADMIN_PASSWORD.setter
  121. def KEYCLOAK_ADMIN_PASSWORD(self, value: str):
  122. """Admin password setter.
  124. :param value: Admin password
  125. :type value: str
  126. """
  127. self._KEYCLOAK_ADMIN_PASSWORD = value
  130. @pytest.fixture
  131. def env():
  132. """Fixture for getting the test environment configuration object.
  134. :returns: Keycloak test environment object
  135. :rtype: KeycloakTestEnv
  136. """
  137. return KeycloakTestEnv()
  140. @pytest.fixture
  141. def admin(env: KeycloakTestEnv):
  142. """Fixture for initialized KeycloakAdmin class.
  144. :param env: Keycloak test environment
  145. :type env: KeycloakTestEnv
  146. :returns: Keycloak admin
  147. :rtype: KeycloakAdmin
  148. """
  149. return KeycloakAdmin(
  150. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  151. username=env.KEYCLOAK_ADMIN,
  152. password=env.KEYCLOAK_ADMIN_PASSWORD,
  153. )
  156. @pytest.fixture
  157. @freezegun.freeze_time("2023-02-25 10:00:00")
  158. def admin_frozen(env: KeycloakTestEnv):
  159. """Fixture for initialized KeycloakAdmin class, with time frozen.
  161. :param env: Keycloak test environment
  162. :type env: KeycloakTestEnv
  163. :returns: Keycloak admin
  164. :rtype: KeycloakAdmin
  165. """
  166. return KeycloakAdmin(
  167. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  168. username=env.KEYCLOAK_ADMIN,
  169. password=env.KEYCLOAK_ADMIN_PASSWORD,
  170. )
  173. @pytest.fixture
  174. def oid(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin):
  175. """Fixture for initialized KeycloakOpenID class.
  177. :param env: Keycloak test environment
  178. :type env: KeycloakTestEnv
  179. :param realm: Keycloak realm
  180. :type realm: str
  181. :param admin: Keycloak admin
  182. :type admin: KeycloakAdmin
  183. :yields: Keycloak OpenID client
  184. :rtype: KeycloakOpenID
  185. """
  186. # Set the realm
  187. admin.change_current_realm(realm)
  188. # Create client
  189. client = str(uuid.uuid4())
  190. client_id = admin.create_client(
  191. payload={
  192. "name": client,
  193. "clientId": client,
  194. "enabled": True,
  195. "publicClient": True,
  196. "protocol": "openid-connect",
  197. },
  198. )
  199. # Return OID
  200. yield KeycloakOpenID(
  201. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  202. realm_name=realm,
  203. client_id=client,
  204. )
  205. # Cleanup
  206. admin.delete_client(client_id=client_id)
  209. @pytest.fixture
  210. def oid_with_credentials(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin):
  211. """Fixture for an initialized KeycloakOpenID class and a random user credentials.
  213. :param env: Keycloak test environment
  214. :type env: KeycloakTestEnv
  215. :param realm: Keycloak realm
  216. :type realm: str
  217. :param admin: Keycloak admin
  218. :type admin: KeycloakAdmin
  219. :yields: Keycloak OpenID client with user credentials
  220. :rtype: Tuple[KeycloakOpenID, str, str]
  221. """
  222. # Set the realm
  223. admin.change_current_realm(realm)
  224. # Create client
  225. client = str(uuid.uuid4())
  226. secret = str(uuid.uuid4())
  227. client_id = admin.create_client(
  228. payload={
  229. "name": client,
  230. "clientId": client,
  231. "enabled": True,
  232. "publicClient": False,
  233. "protocol": "openid-connect",
  234. "secret": secret,
  235. "clientAuthenticatorType": "client-secret",
  236. },
  237. )
  238. # Create user
  239. username = str(uuid.uuid4())
  240. password = str(uuid.uuid4())
  241. user_id = admin.create_user(
  242. payload={
  243. "username": username,
  244. "email": f"{username}@test.test",
  245. "enabled": True,
  246. "firstName": "first",
  247. "lastName": "last",
  248. "emailVerified": True,
  249. "requiredActions": [],
  250. "credentials": [{"type": "password", "value": password, "temporary": False}],
  251. },
  252. )
  254. yield (
  255. KeycloakOpenID(
  256. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  257. realm_name=realm,
  258. client_id=client,
  259. client_secret_key=secret,
  260. ),
  261. username,
  262. password,
  263. )
  265. # Cleanup
  266. admin.delete_client(client_id=client_id)
  267. admin.delete_user(user_id=user_id)
  270. @pytest.fixture
  271. def oid_with_credentials_authz(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin):
  272. """Fixture for an initialized KeycloakOpenID class and a random user credentials.
  274. :param env: Keycloak test environment
  275. :type env: KeycloakTestEnv
  276. :param realm: Keycloak realm
  277. :type realm: str
  278. :param admin: Keycloak admin
  279. :type admin: KeycloakAdmin
  280. :yields: Keycloak OpenID client configured as an authorization server with client credentials
  281. :rtype: Tuple[KeycloakOpenID, str, str]
  282. """
  283. # Set the realm
  284. admin.change_current_realm(realm)
  285. # Create client
  286. client = str(uuid.uuid4())
  287. secret = str(uuid.uuid4())
  288. client_id = admin.create_client(
  289. payload={
  290. "name": client,
  291. "clientId": client,
  292. "enabled": True,
  293. "publicClient": False,
  294. "protocol": "openid-connect",
  295. "secret": secret,
  296. "clientAuthenticatorType": "client-secret",
  297. "authorizationServicesEnabled": True,
  298. "serviceAccountsEnabled": True,
  299. },
  300. )
  301. admin.create_client_authz_role_based_policy(
  302. client_id=client_id,
  303. payload={
  304. "name": "test-authz-rb-policy",
  305. "roles": [{"id": admin.get_realm_role(role_name="offline_access")["id"]}],
  306. },
  307. )
  308. # Create user
  309. username = str(uuid.uuid4())
  310. password = str(uuid.uuid4())
  311. user_id = admin.create_user(
  312. payload={
  313. "username": username,
  314. "email": f"{username}@test.test",
  315. "enabled": True,
  316. "emailVerified": True,
  317. "firstName": "first",
  318. "lastName": "last",
  319. "requiredActions": [],
  320. "credentials": [{"type": "password", "value": password, "temporary": False}],
  321. },
  322. )
  324. yield (
  325. KeycloakOpenID(
  326. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  327. realm_name=realm,
  328. client_id=client,
  329. client_secret_key=secret,
  330. ),
  331. username,
  332. password,
  333. )
  335. # Cleanup
  336. admin.delete_client(client_id=client_id)
  337. admin.delete_user(user_id=user_id)
  340. @pytest.fixture
  341. def oid_with_credentials_device(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin):
  342. """Fixture for an initialized KeycloakOpenID class and a random user credentials.
  344. :param env: Keycloak test environment
  345. :type env: KeycloakTestEnv
  346. :param realm: Keycloak realm
  347. :type realm: str
  348. :param admin: Keycloak admin
  349. :type admin: KeycloakAdmin
  350. :yields: Keycloak OpenID client with user credentials
  351. :rtype: Tuple[KeycloakOpenID, str, str]
  352. """
  353. # Set the realm
  354. admin.change_current_realm(realm)
  355. # Create client
  356. client = str(uuid.uuid4())
  357. secret = str(uuid.uuid4())
  358. client_id = admin.create_client(
  359. payload={
  360. "name": client,
  361. "clientId": client,
  362. "enabled": True,
  363. "publicClient": False,
  364. "protocol": "openid-connect",
  365. "secret": secret,
  366. "clientAuthenticatorType": "client-secret",
  367. "attributes": {"oauth2.device.authorization.grant.enabled": True},
  368. },
  369. )
  370. # Create user
  371. username = str(uuid.uuid4())
  372. password = str(uuid.uuid4())
  373. user_id = admin.create_user(
  374. payload={
  375. "username": username,
  376. "email": f"{username}@test.test",
  377. "enabled": True,
  378. "firstName": "first",
  379. "lastName": "last",
  380. "emailVerified": True,
  381. "requiredActions": [],
  382. "credentials": [{"type": "password", "value": password, "temporary": False}],
  383. },
  384. )
  386. yield (
  387. KeycloakOpenID(
  388. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  389. realm_name=realm,
  390. client_id=client,
  391. client_secret_key=secret,
  392. ),
  393. username,
  394. password,
  395. )
  397. # Cleanup
  398. admin.delete_client(client_id=client_id)
  399. admin.delete_user(user_id=user_id)
  402. @pytest.fixture
  403. def realm(admin: KeycloakAdmin) -> Generator[str, None, None]:
  404. """Fixture for a new random realm.
  406. :param admin: Keycloak admin
  407. :type admin: KeycloakAdmin
  408. :yields: Keycloak realm
  409. :rtype: str
  410. """
  411. realm_name = str(uuid.uuid4())
  412. admin.create_realm(payload={"realm": realm_name, "enabled": True})
  413. yield realm_name
  414. admin.delete_realm(realm_name=realm_name)
  417. @pytest.fixture
  418. def user(admin: KeycloakAdmin, realm: str) -> Generator[str, None, None]:
  419. """Fixture for a new random user.
  421. :param admin: Keycloak admin
  422. :type admin: KeycloakAdmin
  423. :param realm: Keycloak realm
  424. :type realm: str
  425. :yields: Keycloak user
  426. :rtype: str
  427. """
  428. admin.change_current_realm(realm)
  429. username = str(uuid.uuid4())
  430. user_id = admin.create_user(payload={"username": username, "email": f"{username}@test.test"})
  431. yield user_id
  432. admin.delete_user(user_id=user_id)
  435. @pytest.fixture
  436. def group(admin: KeycloakAdmin, realm: str) -> Generator[str, None, None]:
  437. """Fixture for a new random group.
  439. :param admin: Keycloak admin
  440. :type admin: KeycloakAdmin
  441. :param realm: Keycloak realm
  442. :type realm: str
  443. :yields: Keycloak group
  444. :rtype: str
  445. """
  446. admin.change_current_realm(realm)
  447. group_name = str(uuid.uuid4())
  448. group_id = admin.create_group(payload={"name": group_name})
  449. yield group_id
  450. admin.delete_group(group_id=group_id)
  453. @pytest.fixture
  454. def client(admin: KeycloakAdmin, realm: str) -> Generator[str, None, None]:
  455. """Fixture for a new random client.
  457. :param admin: Keycloak admin
  458. :type admin: KeycloakAdmin
  459. :param realm: Keycloak realm
  460. :type realm: str
  461. :yields: Keycloak client id
  462. :rtype: str
  463. """
  464. admin.change_current_realm(realm)
  465. client = str(uuid.uuid4())
  466. client_id = admin.create_client(payload={"name": client, "clientId": client})
  467. yield client_id
  468. admin.delete_client(client_id=client_id)
  471. @pytest.fixture
  472. def client_role(admin: KeycloakAdmin, realm: str, client: str) -> Generator[str, None, None]:
  473. """Fixture for a new random client role.
  475. :param admin: Keycloak admin
  476. :type admin: KeycloakAdmin
  477. :param realm: Keycloak realm
  478. :type realm: str
  479. :param client: Keycloak client
  480. :type client: str
  481. :yields: Keycloak client role
  482. :rtype: str
  483. """
  484. admin.change_current_realm(realm)
  485. role = str(uuid.uuid4())
  486. admin.create_client_role(client, {"name": role, "composite": False})
  487. yield role
  488. admin.delete_client_role(client, role)
  491. @pytest.fixture
  492. def composite_client_role(
  493. admin: KeycloakAdmin,
  494. realm: str,
  495. client: str,
  496. client_role: str,
  497. ) -> Generator[str, None, None]:
  498. """Fixture for a new random composite client role.
  500. :param admin: Keycloak admin
  501. :type admin: KeycloakAdmin
  502. :param realm: Keycloak realm
  503. :type realm: str
  504. :param client: Keycloak client
  505. :type client: str
  506. :param client_role: Keycloak client role
  507. :type client_role: str
  508. :yields: Composite client role
  509. :rtype: str
  510. """
  511. admin.change_current_realm(realm)
  512. role = str(uuid.uuid4())
  513. admin.create_client_role(client, {"name": role, "composite": True})
  514. role_repr = admin.get_client_role(client, client_role)
  515. admin.add_composite_client_roles_to_role(client, role, roles=[role_repr])
  516. yield role
  517. admin.delete_client_role(client, role)
  520. @pytest.fixture
  521. def selfsigned_cert():
  522. """Generate self signed certificate for a hostname, and optional IP addresses.
  524. :returns: Selfsigned certificate
  525. :rtype: Tuple[str, str]
  526. """
  527. hostname = "testcert"
  528. ip_addresses = None
  529. key = None
  530. # Generate our key
  531. if key is None:
  532. key = rsa.generate_private_key(
  533. public_exponent=65537,
  534. key_size=2048,
  535. backend=default_backend(),
  536. )
  538. name = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, hostname)])
  539. alt_names = [x509.DNSName(hostname)]
  541. # allow addressing by IP, for when you don't have real DNS (common in most testing scenarios
  542. if ip_addresses:
  543. for addr in ip_addresses:
  544. # openssl wants DNSnames for ips...
  545. alt_names.append(x509.DNSName(addr))
  546. # ... whereas golang's crypto/tls is stricter, and needs IPAddresses
  547. # note: older versions of cryptography do not understand ip_address objects
  548. alt_names.append(x509.IPAddress(ipaddress.ip_address(addr)))
  550. san = x509.SubjectAlternativeName(alt_names)
  552. # path_len=0 means this cert can only sign itself, not other certs.
  553. basic_contraints = x509.BasicConstraints(ca=True, path_length=0)
  554. now = datetime.utcnow()
  555. cert = (
  556. x509.CertificateBuilder()
  557. .subject_name(name)
  558. .issuer_name(name)
  559. .public_key(key.public_key())
  560. .serial_number(1000)
  561. .not_valid_before(now)
  562. .not_valid_after(now + timedelta(days=10 * 365))
  563. .add_extension(basic_contraints, False)
  564. .add_extension(san, False)
  565. .sign(key, hashes.SHA256(), default_backend())
  566. )
  567. cert_pem = cert.public_bytes(encoding=serialization.Encoding.PEM)
  568. key_pem = key.private_bytes(
  569. encoding=serialization.Encoding.PEM,
  570. format=serialization.PrivateFormat.TraditionalOpenSSL,
  571. encryption_algorithm=serialization.NoEncryption(),
  572. )
  574. return cert_pem, key_pem
  577. @pytest.fixture
  578. def oid_connection_with_authz(oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]):
  579. """Fixture for initialized KeycloakUMA class.
  581. :param oid_with_credentials_authz: Keycloak OpenID client with pre-configured user credentials
  582. :type oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]
  583. :yields: Keycloak OpenID connection manager
  584. :rtype: KeycloakOpenIDConnection
  585. """
  586. oid, _, _ = oid_with_credentials_authz
  587. connection = KeycloakOpenIDConnection(
  588. server_url=oid.connection.base_url,
  589. realm_name=oid.realm_name,
  590. client_id=oid.client_id,
  591. client_secret_key=oid.client_secret_key,
  592. timeout=60,
  593. )
  594. return connection
  597. @pytest.fixture
  598. def uma(oid_connection_with_authz: KeycloakOpenIDConnection):
  599. """Fixture for initialized KeycloakUMA class.
  601. :param oid_connection_with_authz: Keycloak open id connection with pre-configured authz client
  602. :type oid_connection_with_authz: KeycloakOpenIDConnection
  603. :yields: Keycloak OpenID client
  604. :rtype: KeycloakOpenID
  605. """
  606. connection = oid_connection_with_authz
  607. # Return UMA
  608. return KeycloakUMA(connection=connection)