Mirror
/
python-keycloak
mirror of https://github.com/marcospereirampj/python-keycloak.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
858 Commits
15 Branches
98 Tags
17 MiB
Tree: 44123e21e8
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '44123e21e8'
${ noResults }
python-keycloak/tests/conftest.py

538 lines
15 KiB
Raw Normal View History

test: added auth_url and token tests, more structure to fixtures
2 years ago
fix: linting
2 years ago
feat: initial setup of CICD and linting
2 years ago
fix: moved imports at the top of the file
2 years ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
fix: moved imports at the top of the file
2 years ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
fix: linting
2 years ago
fix: moved imports at the top of the file
2 years ago
feat: initial setup of CICD and linting
2 years ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: initial setup of CICD and linting
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: initial setup of CICD and linting
2 years ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
feat: realm changing helpers
8 months ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
feat: realm changing helpers
8 months ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
test: Tests with Keycloak 24 (#535)
3 months ago
test: added more openid tests
2 years ago
test: updated docstrings to pass checks
2 years ago
test: added more openid tests
2 years ago
feat: realm changing helpers
8 months ago
test: added more openid tests
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added load authorization config test
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: Tests with Keycloak 24 (#535)
3 months ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: realm changing helpers
8 months ago
feat: initial setup of CICD and linting
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: realm changing helpers
8 months ago
feat: initial setup of CICD and linting
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: realm changing helpers
8 months ago
feat: initial setup of CICD and linting
2 years ago
feat: add unit tests
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: realm changing helpers
8 months ago
feat: add unit tests
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: realm changing helpers
8 months ago
feat: add unit tests
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: add unit tests
2 years ago
fix: applied tox linting check
2 years ago
feat: add unit tests
2 years ago
fix: applied tox linting check
2 years ago
feat: add unit tests
2 years ago
fix: applied tox linting check
2 years ago
feat: add unit tests
2 years ago
feat: add Keycloak UMA client (#403)
1 year ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
feat: add Keycloak UMA client (#403)
1 year ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
feat: add Keycloak UMA client (#403)
1 year ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
feat: add Keycloak UMA client (#403)
1 year ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
  1. """Fixtures for tests."""
  3. import ipaddress
  4. import os
  5. import uuid
  6. from datetime import datetime, timedelta
  7. from typing import Tuple
  9. import freezegun
  10. import pytest
  11. from cryptography import x509
  12. from cryptography.hazmat.backends import default_backend
  13. from cryptography.hazmat.primitives import hashes, serialization
  14. from cryptography.hazmat.primitives.asymmetric import rsa
  15. from cryptography.x509.oid import NameOID
  17. from keycloak import KeycloakAdmin, KeycloakOpenID, KeycloakOpenIDConnection, KeycloakUMA
  20. class KeycloakTestEnv(object):
  21. """Wrapper for test Keycloak connection configuration.
  23. :param host: Hostname
  24. :type host: str
  25. :param port: Port
  26. :type port: str
  27. :param username: Admin username
  28. :type username: str
  29. :param password: Admin password
  30. :type password: str
  31. """
  33. def __init__(
  34. self,
  35. host: str = os.environ["KEYCLOAK_HOST"],
  36. port: str = os.environ["KEYCLOAK_PORT"],
  37. username: str = os.environ["KEYCLOAK_ADMIN"],
  38. password: str = os.environ["KEYCLOAK_ADMIN_PASSWORD"],
  39. ):
  40. """Init method.
  42. :param host: Hostname
  43. :type host: str
  44. :param port: Port
  45. :type port: str
  46. :param username: Admin username
  47. :type username: str
  48. :param password: Admin password
  49. :type password: str
  50. """
  51. self.KEYCLOAK_HOST = host
  52. self.KEYCLOAK_PORT = port
  53. self.KEYCLOAK_ADMIN = username
  54. self.KEYCLOAK_ADMIN_PASSWORD = password
  56. @property
  57. def KEYCLOAK_HOST(self):
  58. """Hostname getter.
  60. :returns: Keycloak host
  61. :rtype: str
  62. """
  63. return self._KEYCLOAK_HOST
  65. @KEYCLOAK_HOST.setter
  66. def KEYCLOAK_HOST(self, value: str):
  67. """Hostname setter.
  69. :param value: Keycloak host
  70. :type value: str
  71. """
  72. self._KEYCLOAK_HOST = value
  74. @property
  75. def KEYCLOAK_PORT(self):
  76. """Port getter.
  78. :returns: Keycloak port
  79. :rtype: str
  80. """
  81. return self._KEYCLOAK_PORT
  83. @KEYCLOAK_PORT.setter
  84. def KEYCLOAK_PORT(self, value: str):
  85. """Port setter.
  87. :param value: Keycloak port
  88. :type value: str
  89. """
  90. self._KEYCLOAK_PORT = value
  92. @property
  93. def KEYCLOAK_ADMIN(self):
  94. """Admin username getter.
  96. :returns: Admin username
  97. :rtype: str
  98. """
  99. return self._KEYCLOAK_ADMIN
  101. @KEYCLOAK_ADMIN.setter
  102. def KEYCLOAK_ADMIN(self, value: str):
  103. """Admin username setter.
  105. :param value: Admin username
  106. :type value: str
  107. """
  108. self._KEYCLOAK_ADMIN = value
  110. @property
  111. def KEYCLOAK_ADMIN_PASSWORD(self):
  112. """Admin password getter.
  114. :returns: Admin password
  115. :rtype: str
  116. """
  117. return self._KEYCLOAK_ADMIN_PASSWORD
  119. @KEYCLOAK_ADMIN_PASSWORD.setter
  120. def KEYCLOAK_ADMIN_PASSWORD(self, value: str):
  121. """Admin password setter.
  123. :param value: Admin password
  124. :type value: str
  125. """
  126. self._KEYCLOAK_ADMIN_PASSWORD = value
  129. @pytest.fixture
  130. def env():
  131. """Fixture for getting the test environment configuration object.
  133. :returns: Keycloak test environment object
  134. :rtype: KeycloakTestEnv
  135. """
  136. return KeycloakTestEnv()
  139. @pytest.fixture
  140. def admin(env: KeycloakTestEnv):
  141. """Fixture for initialized KeycloakAdmin class.
  143. :param env: Keycloak test environment
  144. :type env: KeycloakTestEnv
  145. :returns: Keycloak admin
  146. :rtype: KeycloakAdmin
  147. """
  148. return KeycloakAdmin(
  149. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  150. username=env.KEYCLOAK_ADMIN,
  151. password=env.KEYCLOAK_ADMIN_PASSWORD,
  152. )
  155. @pytest.fixture
  156. @freezegun.freeze_time("2023-02-25 10:00:00")
  157. def admin_frozen(env: KeycloakTestEnv):
  158. """Fixture for initialized KeycloakAdmin class, with time frozen.
  160. :param env: Keycloak test environment
  161. :type env: KeycloakTestEnv
  162. :returns: Keycloak admin
  163. :rtype: KeycloakAdmin
  164. """
  165. return KeycloakAdmin(
  166. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  167. username=env.KEYCLOAK_ADMIN,
  168. password=env.KEYCLOAK_ADMIN_PASSWORD,
  169. )
  172. @pytest.fixture
  173. def oid(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin):
  174. """Fixture for initialized KeycloakOpenID class.
  176. :param env: Keycloak test environment
  177. :type env: KeycloakTestEnv
  178. :param realm: Keycloak realm
  179. :type realm: str
  180. :param admin: Keycloak admin
  181. :type admin: KeycloakAdmin
  182. :yields: Keycloak OpenID client
  183. :rtype: KeycloakOpenID
  184. """
  185. # Set the realm
  186. admin.change_current_realm(realm)
  187. # Create client
  188. client = str(uuid.uuid4())
  189. client_id = admin.create_client(
  190. payload={
  191. "name": client,
  192. "clientId": client,
  193. "enabled": True,
  194. "publicClient": True,
  195. "protocol": "openid-connect",
  196. }
  197. )
  198. # Return OID
  199. yield KeycloakOpenID(
  200. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  201. realm_name=realm,
  202. client_id=client,
  203. )
  204. # Cleanup
  205. admin.delete_client(client_id=client_id)
  208. @pytest.fixture
  209. def oid_with_credentials(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin):
  210. """Fixture for an initialized KeycloakOpenID class and a random user credentials.
  212. :param env: Keycloak test environment
  213. :type env: KeycloakTestEnv
  214. :param realm: Keycloak realm
  215. :type realm: str
  216. :param admin: Keycloak admin
  217. :type admin: KeycloakAdmin
  218. :yields: Keycloak OpenID client with user credentials
  219. :rtype: Tuple[KeycloakOpenID, str, str]
  220. """
  221. # Set the realm
  222. admin.change_current_realm(realm)
  223. # Create client
  224. client = str(uuid.uuid4())
  225. secret = str(uuid.uuid4())
  226. client_id = admin.create_client(
  227. payload={
  228. "name": client,
  229. "clientId": client,
  230. "enabled": True,
  231. "publicClient": False,
  232. "protocol": "openid-connect",
  233. "secret": secret,
  234. "clientAuthenticatorType": "client-secret",
  235. }
  236. )
  237. # Create user
  238. username = str(uuid.uuid4())
  239. password = str(uuid.uuid4())
  240. user_id = admin.create_user(
  241. payload={
  242. "username": username,
  243. "email": f"{username}@test.test",
  244. "enabled": True,
  245. "firstName": "first",
  246. "lastName": "last",
  247. "emailVerified": True,
  248. "requiredActions": [],
  249. "credentials": [{"type": "password", "value": password, "temporary": False}],
  250. }
  251. )
  253. yield (
  254. KeycloakOpenID(
  255. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  256. realm_name=realm,
  257. client_id=client,
  258. client_secret_key=secret,
  259. ),
  260. username,
  261. password,
  262. )
  264. # Cleanup
  265. admin.delete_client(client_id=client_id)
  266. admin.delete_user(user_id=user_id)
  269. @pytest.fixture
  270. def oid_with_credentials_authz(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin):
  271. """Fixture for an initialized KeycloakOpenID class and a random user credentials.
  273. :param env: Keycloak test environment
  274. :type env: KeycloakTestEnv
  275. :param realm: Keycloak realm
  276. :type realm: str
  277. :param admin: Keycloak admin
  278. :type admin: KeycloakAdmin
  279. :yields: Keycloak OpenID client configured as an authorization server with client credentials
  280. :rtype: Tuple[KeycloakOpenID, str, str]
  281. """
  282. # Set the realm
  283. admin.change_current_realm(realm)
  284. # Create client
  285. client = str(uuid.uuid4())
  286. secret = str(uuid.uuid4())
  287. client_id = admin.create_client(
  288. payload={
  289. "name": client,
  290. "clientId": client,
  291. "enabled": True,
  292. "publicClient": False,
  293. "protocol": "openid-connect",
  294. "secret": secret,
  295. "clientAuthenticatorType": "client-secret",
  296. "authorizationServicesEnabled": True,
  297. "serviceAccountsEnabled": True,
  298. }
  299. )
  300. admin.create_client_authz_role_based_policy(
  301. client_id=client_id,
  302. payload={
  303. "name": "test-authz-rb-policy",
  304. "roles": [{"id": admin.get_realm_role(role_name="offline_access")["id"]}],
  305. },
  306. )
  307. # Create user
  308. username = str(uuid.uuid4())
  309. password = str(uuid.uuid4())
  310. user_id = admin.create_user(
  311. payload={
  312. "username": username,
  313. "email": f"{username}@test.test",
  314. "enabled": True,
  315. "emailVerified": True,
  316. "firstName": "first",
  317. "lastName": "last",
  318. "requiredActions": [],
  319. "credentials": [{"type": "password", "value": password, "temporary": False}],
  320. }
  321. )
  323. yield (
  324. KeycloakOpenID(
  325. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  326. realm_name=realm,
  327. client_id=client,
  328. client_secret_key=secret,
  329. ),
  330. username,
  331. password,
  332. )
  334. # Cleanup
  335. admin.delete_client(client_id=client_id)
  336. admin.delete_user(user_id=user_id)
  339. @pytest.fixture
  340. def realm(admin: KeycloakAdmin) -> str:
  341. """Fixture for a new random realm.
  343. :param admin: Keycloak admin
  344. :type admin: KeycloakAdmin
  345. :yields: Keycloak realm
  346. :rtype: str
  347. """
  348. realm_name = str(uuid.uuid4())
  349. admin.create_realm(payload={"realm": realm_name, "enabled": True})
  350. yield realm_name
  351. admin.delete_realm(realm_name=realm_name)
  354. @pytest.fixture
  355. def user(admin: KeycloakAdmin, realm: str) -> str:
  356. """Fixture for a new random user.
  358. :param admin: Keycloak admin
  359. :type admin: KeycloakAdmin
  360. :param realm: Keycloak realm
  361. :type realm: str
  362. :yields: Keycloak user
  363. :rtype: str
  364. """
  365. admin.change_current_realm(realm)
  366. username = str(uuid.uuid4())
  367. user_id = admin.create_user(payload={"username": username, "email": f"{username}@test.test"})
  368. yield user_id
  369. admin.delete_user(user_id=user_id)
  372. @pytest.fixture
  373. def group(admin: KeycloakAdmin, realm: str) -> str:
  374. """Fixture for a new random group.
  376. :param admin: Keycloak admin
  377. :type admin: KeycloakAdmin
  378. :param realm: Keycloak realm
  379. :type realm: str
  380. :yields: Keycloak group
  381. :rtype: str
  382. """
  383. admin.change_current_realm(realm)
  384. group_name = str(uuid.uuid4())
  385. group_id = admin.create_group(payload={"name": group_name})
  386. yield group_id
  387. admin.delete_group(group_id=group_id)
  390. @pytest.fixture
  391. def client(admin: KeycloakAdmin, realm: str) -> str:
  392. """Fixture for a new random client.
  394. :param admin: Keycloak admin
  395. :type admin: KeycloakAdmin
  396. :param realm: Keycloak realm
  397. :type realm: str
  398. :yields: Keycloak client id
  399. :rtype: str
  400. """
  401. admin.change_current_realm(realm)
  402. client = str(uuid.uuid4())
  403. client_id = admin.create_client(payload={"name": client, "clientId": client})
  404. yield client_id
  405. admin.delete_client(client_id=client_id)
  408. @pytest.fixture
  409. def client_role(admin: KeycloakAdmin, realm: str, client: str) -> str:
  410. """Fixture for a new random client role.
  412. :param admin: Keycloak admin
  413. :type admin: KeycloakAdmin
  414. :param realm: Keycloak realm
  415. :type realm: str
  416. :param client: Keycloak client
  417. :type client: str
  418. :yields: Keycloak client role
  419. :rtype: str
  420. """
  421. admin.change_current_realm(realm)
  422. role = str(uuid.uuid4())
  423. admin.create_client_role(client, {"name": role, "composite": False})
  424. yield role
  425. admin.delete_client_role(client, role)
  428. @pytest.fixture
  429. def composite_client_role(admin: KeycloakAdmin, realm: str, client: str, client_role: str) -> str:
  430. """Fixture for a new random composite client role.
  432. :param admin: Keycloak admin
  433. :type admin: KeycloakAdmin
  434. :param realm: Keycloak realm
  435. :type realm: str
  436. :param client: Keycloak client
  437. :type client: str
  438. :param client_role: Keycloak client role
  439. :type client_role: str
  440. :yields: Composite client role
  441. :rtype: str
  442. """
  443. admin.change_current_realm(realm)
  444. role = str(uuid.uuid4())
  445. admin.create_client_role(client, {"name": role, "composite": True})
  446. role_repr = admin.get_client_role(client, client_role)
  447. admin.add_composite_client_roles_to_role(client, role, roles=[role_repr])
  448. yield role
  449. admin.delete_client_role(client, role)
  452. @pytest.fixture
  453. def selfsigned_cert():
  454. """Generate self signed certificate for a hostname, and optional IP addresses.
  456. :returns: Selfsigned certificate
  457. :rtype: Tuple[str, str]
  458. """
  459. hostname = "testcert"
  460. ip_addresses = None
  461. key = None
  462. # Generate our key
  463. if key is None:
  464. key = rsa.generate_private_key(
  465. public_exponent=65537, key_size=2048, backend=default_backend()
  466. )
  468. name = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, hostname)])
  469. alt_names = [x509.DNSName(hostname)]
  471. # allow addressing by IP, for when you don't have real DNS (common in most testing scenarios
  472. if ip_addresses:
  473. for addr in ip_addresses:
  474. # openssl wants DNSnames for ips...
  475. alt_names.append(x509.DNSName(addr))
  476. # ... whereas golang's crypto/tls is stricter, and needs IPAddresses
  477. # note: older versions of cryptography do not understand ip_address objects
  478. alt_names.append(x509.IPAddress(ipaddress.ip_address(addr)))
  480. san = x509.SubjectAlternativeName(alt_names)
  482. # path_len=0 means this cert can only sign itself, not other certs.
  483. basic_contraints = x509.BasicConstraints(ca=True, path_length=0)
  484. now = datetime.utcnow()
  485. cert = (
  486. x509.CertificateBuilder()
  487. .subject_name(name)
  488. .issuer_name(name)
  489. .public_key(key.public_key())
  490. .serial_number(1000)
  491. .not_valid_before(now)
  492. .not_valid_after(now + timedelta(days=10 * 365))
  493. .add_extension(basic_contraints, False)
  494. .add_extension(san, False)
  495. .sign(key, hashes.SHA256(), default_backend())
  496. )
  497. cert_pem = cert.public_bytes(encoding=serialization.Encoding.PEM)
  498. key_pem = key.private_bytes(
  499. encoding=serialization.Encoding.PEM,
  500. format=serialization.PrivateFormat.TraditionalOpenSSL,
  501. encryption_algorithm=serialization.NoEncryption(),
  502. )
  504. return cert_pem, key_pem
  507. @pytest.fixture
  508. def oid_connection_with_authz(oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]):
  509. """Fixture for initialized KeycloakUMA class.
  511. :param oid_with_credentials_authz: Keycloak OpenID client with pre-configured user credentials
  512. :type oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]
  513. :yields: Keycloak OpenID connection manager
  514. :rtype: KeycloakOpenIDConnection
  515. """
  516. oid, _, _ = oid_with_credentials_authz
  517. connection = KeycloakOpenIDConnection(
  518. server_url=oid.connection.base_url,
  519. realm_name=oid.realm_name,
  520. client_id=oid.client_id,
  521. client_secret_key=oid.client_secret_key,
  522. timeout=60,
  523. )
  524. yield connection
  527. @pytest.fixture
  528. def uma(oid_connection_with_authz: KeycloakOpenIDConnection):
  529. """Fixture for initialized KeycloakUMA class.
  531. :param oid_connection_with_authz: Keycloak open id connection with pre-configured authz client
  532. :type oid_connection_with_authz: KeycloakOpenIDConnection
  533. :yields: Keycloak OpenID client
  534. :rtype: KeycloakOpenID
  535. """
  536. connection = oid_connection_with_authz
  537. # Return UMA
  538. yield KeycloakUMA(connection=connection)