Mirror
/
python-keycloak
mirror of https://github.com/marcospereirampj/python-keycloak.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
643 Commits
15 Branches
98 Tags
17 MiB
Tree: 39f4afe9b6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '39f4afe9b6'
${ noResults }
python-keycloak/tests/conftest.py

339 lines
10 KiB
Raw Normal View History

test: added auth_url and token tests, more structure to fixtures
2 years ago
fix: linting
2 years ago
feat: initial setup of CICD and linting
2 years ago
fix: moved imports at the top of the file
2 years ago
fix: linting
2 years ago
fix: moved imports at the top of the file
2 years ago
feat: initial setup of CICD and linting
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added load authorization config test
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
feat: add unit tests
2 years ago
fix: applied flake linting checks
2 years ago
feat: add unit tests
2 years ago
fix: applied tox linting check
2 years ago
feat: add unit tests
2 years ago
fix: applied tox linting check
2 years ago
feat: add unit tests
2 years ago
fix: applied tox linting check
2 years ago
feat: add unit tests
2 years ago
  1. """Fixtures for tests."""
  3. import ipaddress
  4. import os
  5. import uuid
  6. from datetime import datetime, timedelta
  8. import pytest
  9. from cryptography import x509
  10. from cryptography.hazmat.backends import default_backend
  11. from cryptography.hazmat.primitives import hashes, serialization
  12. from cryptography.hazmat.primitives.asymmetric import rsa
  13. from cryptography.x509.oid import NameOID
  15. from keycloak import KeycloakAdmin, KeycloakOpenID
  18. class KeycloakTestEnv(object):
  19. """Wrapper for test Keycloak connection configuration.
  21. :param host: Hostname
  22. :type host: str
  23. :param port: Port
  24. :type port: str
  25. :param username: Admin username
  26. :type username: str
  27. :param password: Admin password
  28. :type password: str
  29. """
  31. def __init__(
  32. self,
  33. host: str = os.environ["KEYCLOAK_HOST"],
  34. port: str = os.environ["KEYCLOAK_PORT"],
  35. username: str = os.environ["KEYCLOAK_ADMIN"],
  36. password: str = os.environ["KEYCLOAK_ADMIN_PASSWORD"],
  37. ):
  38. """Init method."""
  39. self.KEYCLOAK_HOST = host
  40. self.KEYCLOAK_PORT = port
  41. self.KEYCLOAK_ADMIN = username
  42. self.KEYCLOAK_ADMIN_PASSWORD = password
  44. @property
  45. def KEYCLOAK_HOST(self):
  46. """Hostname getter."""
  47. return self._KEYCLOAK_HOST
  49. @KEYCLOAK_HOST.setter
  50. def KEYCLOAK_HOST(self, value: str):
  51. """Hostname setter."""
  52. self._KEYCLOAK_HOST = value
  54. @property
  55. def KEYCLOAK_PORT(self):
  56. """Port getter."""
  57. return self._KEYCLOAK_PORT
  59. @KEYCLOAK_PORT.setter
  60. def KEYCLOAK_PORT(self, value: str):
  61. """Port setter."""
  62. self._KEYCLOAK_PORT = value
  64. @property
  65. def KEYCLOAK_ADMIN(self):
  66. """Admin username getter."""
  67. return self._KEYCLOAK_ADMIN
  69. @KEYCLOAK_ADMIN.setter
  70. def KEYCLOAK_ADMIN(self, value: str):
  71. """Admin username setter."""
  72. self._KEYCLOAK_ADMIN = value
  74. @property
  75. def KEYCLOAK_ADMIN_PASSWORD(self):
  76. """Admin password getter."""
  77. return self._KEYCLOAK_ADMIN_PASSWORD
  79. @KEYCLOAK_ADMIN_PASSWORD.setter
  80. def KEYCLOAK_ADMIN_PASSWORD(self, value: str):
  81. """Admin password setter."""
  82. self._KEYCLOAK_ADMIN_PASSWORD = value
  85. @pytest.fixture
  86. def env():
  87. """Fixture for getting the test environment configuration object."""
  88. return KeycloakTestEnv()
  91. @pytest.fixture
  92. def admin(env: KeycloakTestEnv):
  93. """Fixture for initialized KeycloakAdmin class."""
  94. return KeycloakAdmin(
  95. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  96. username=env.KEYCLOAK_ADMIN,
  97. password=env.KEYCLOAK_ADMIN_PASSWORD,
  98. )
  101. @pytest.fixture
  102. def oid(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin):
  103. """Fixture for initialized KeycloakOpenID class."""
  104. # Set the realm
  105. admin.realm_name = realm
  106. # Create client
  107. client = str(uuid.uuid4())
  108. client_id = admin.create_client(
  109. payload={
  110. "name": client,
  111. "clientId": client,
  112. "enabled": True,
  113. "publicClient": True,
  114. "protocol": "openid-connect",
  115. }
  116. )
  117. # Return OID
  118. yield KeycloakOpenID(
  119. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  120. realm_name=realm,
  121. client_id=client,
  122. )
  123. # Cleanup
  124. admin.delete_client(client_id=client_id)
  127. @pytest.fixture
  128. def oid_with_credentials(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin):
  129. """Fixture for an initialized KeycloakOpenID class and a random user credentials."""
  130. # Set the realm
  131. admin.realm_name = realm
  132. # Create client
  133. client = str(uuid.uuid4())
  134. secret = str(uuid.uuid4())
  135. client_id = admin.create_client(
  136. payload={
  137. "name": client,
  138. "clientId": client,
  139. "enabled": True,
  140. "publicClient": False,
  141. "protocol": "openid-connect",
  142. "secret": secret,
  143. "clientAuthenticatorType": "client-secret",
  144. }
  145. )
  146. # Create user
  147. username = str(uuid.uuid4())
  148. password = str(uuid.uuid4())
  149. user_id = admin.create_user(
  150. payload={
  151. "username": username,
  152. "email": f"{username}@test.test",
  153. "enabled": True,
  154. "credentials": [{"type": "password", "value": password}],
  155. }
  156. )
  158. yield (
  159. KeycloakOpenID(
  160. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  161. realm_name=realm,
  162. client_id=client,
  163. client_secret_key=secret,
  164. ),
  165. username,
  166. password,
  167. )
  169. # Cleanup
  170. admin.delete_client(client_id=client_id)
  171. admin.delete_user(user_id=user_id)
  174. @pytest.fixture
  175. def oid_with_credentials_authz(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin):
  176. """Fixture for an initialized KeycloakOpenID class and a random user credentials."""
  177. # Set the realm
  178. admin.realm_name = realm
  179. # Create client
  180. client = str(uuid.uuid4())
  181. secret = str(uuid.uuid4())
  182. client_id = admin.create_client(
  183. payload={
  184. "name": client,
  185. "clientId": client,
  186. "enabled": True,
  187. "publicClient": False,
  188. "protocol": "openid-connect",
  189. "secret": secret,
  190. "clientAuthenticatorType": "client-secret",
  191. "authorizationServicesEnabled": True,
  192. "serviceAccountsEnabled": True,
  193. }
  194. )
  195. admin.create_client_authz_role_based_policy(
  196. client_id=client_id,
  197. payload={
  198. "name": "test-authz-rb-policy",
  199. "roles": [{"id": admin.get_realm_role(role_name="offline_access")["id"]}],
  200. },
  201. )
  202. # Create user
  203. username = str(uuid.uuid4())
  204. password = str(uuid.uuid4())
  205. user_id = admin.create_user(
  206. payload={
  207. "username": username,
  208. "email": f"{username}@test.test",
  209. "enabled": True,
  210. "credentials": [{"type": "password", "value": password}],
  211. }
  212. )
  214. yield (
  215. KeycloakOpenID(
  216. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  217. realm_name=realm,
  218. client_id=client,
  219. client_secret_key=secret,
  220. ),
  221. username,
  222. password,
  223. )
  225. # Cleanup
  226. admin.delete_client(client_id=client_id)
  227. admin.delete_user(user_id=user_id)
  230. @pytest.fixture
  231. def realm(admin: KeycloakAdmin) -> str:
  232. """Fixture for a new random realm."""
  233. realm_name = str(uuid.uuid4())
  234. admin.create_realm(payload={"realm": realm_name, "enabled": True})
  235. yield realm_name
  236. admin.delete_realm(realm_name=realm_name)
  239. @pytest.fixture
  240. def user(admin: KeycloakAdmin, realm: str) -> str:
  241. """Fixture for a new random user."""
  242. admin.realm_name = realm
  243. username = str(uuid.uuid4())
  244. user_id = admin.create_user(payload={"username": username, "email": f"{username}@test.test"})
  245. yield user_id
  246. admin.delete_user(user_id=user_id)
  249. @pytest.fixture
  250. def group(admin: KeycloakAdmin, realm: str) -> str:
  251. """Fixture for a new random group."""
  252. admin.realm_name = realm
  253. group_name = str(uuid.uuid4())
  254. group_id = admin.create_group(payload={"name": group_name})
  255. yield group_id
  256. admin.delete_group(group_id=group_id)
  259. @pytest.fixture
  260. def client(admin: KeycloakAdmin, realm: str) -> str:
  261. """Fixture for a new random client."""
  262. admin.realm_name = realm
  263. client = str(uuid.uuid4())
  264. client_id = admin.create_client(payload={"name": client, "clientId": client})
  265. yield client_id
  266. admin.delete_client(client_id=client_id)
  269. @pytest.fixture
  270. def client_role(admin: KeycloakAdmin, realm: str, client: str) -> str:
  271. """Fixture for a new random client role."""
  272. admin.realm_name = realm
  273. role = str(uuid.uuid4())
  274. admin.create_client_role(client, {"name": role, "composite": False})
  275. yield role
  276. admin.delete_client_role(client, role)
  279. @pytest.fixture
  280. def composite_client_role(admin: KeycloakAdmin, realm: str, client: str, client_role: str) -> str:
  281. """Fixture for a new random composite client role."""
  282. admin.realm_name = realm
  283. role = str(uuid.uuid4())
  284. admin.create_client_role(client, {"name": role, "composite": True})
  285. role_repr = admin.get_client_role(client, client_role)
  286. admin.add_composite_client_roles_to_role(client, role, roles=[role_repr])
  287. yield role
  288. admin.delete_client_role(client, role)
  291. @pytest.fixture
  292. def selfsigned_cert():
  293. """Generate self signed certificate for a hostname, and optional IP addresses."""
  294. hostname = "testcert"
  295. ip_addresses = None
  296. key = None
  297. # Generate our key
  298. if key is None:
  299. key = rsa.generate_private_key(
  300. public_exponent=65537, key_size=2048, backend=default_backend()
  301. )
  303. name = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, hostname)])
  304. alt_names = [x509.DNSName(hostname)]
  306. # allow addressing by IP, for when you don't have real DNS (common in most testing scenarios
  307. if ip_addresses:
  308. for addr in ip_addresses:
  309. # openssl wants DNSnames for ips...
  310. alt_names.append(x509.DNSName(addr))
  311. # ... whereas golang's crypto/tls is stricter, and needs IPAddresses
  312. # note: older versions of cryptography do not understand ip_address objects
  313. alt_names.append(x509.IPAddress(ipaddress.ip_address(addr)))
  315. san = x509.SubjectAlternativeName(alt_names)
  317. # path_len=0 means this cert can only sign itself, not other certs.
  318. basic_contraints = x509.BasicConstraints(ca=True, path_length=0)
  319. now = datetime.utcnow()
  320. cert = (
  321. x509.CertificateBuilder()
  322. .subject_name(name)
  323. .issuer_name(name)
  324. .public_key(key.public_key())
  325. .serial_number(1000)
  326. .not_valid_before(now)
  327. .not_valid_after(now + timedelta(days=10 * 365))
  328. .add_extension(basic_contraints, False)
  329. .add_extension(san, False)
  330. .sign(key, hashes.SHA256(), default_backend())
  331. )
  332. cert_pem = cert.public_bytes(encoding=serialization.Encoding.PEM)
  333. key_pem = key.private_bytes(
  334. encoding=serialization.Encoding.PEM,
  335. format=serialization.PrivateFormat.TraditionalOpenSSL,
  336. encryption_algorithm=serialization.NoEncryption(),
  337. )
  339. return cert_pem, key_pem