Mirror
/
python-keycloak
mirror of https://github.com/marcospereirampj/python-keycloak.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
746 Commits
14 Branches
95 Tags
15 MiB
Tree: 7bbf4e15b7
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7bbf4e15b7'
${ noResults }
python-keycloak/tests/conftest.py

530 lines
15 KiB
Raw Normal View History

test: added auth_url and token tests, more structure to fixtures
2 years ago
fix: linting
2 years ago
feat: initial setup of CICD and linting
2 years ago
fix: moved imports at the top of the file
2 years ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
fix: moved imports at the top of the file
2 years ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
fix: linting
2 years ago
fix: moved imports at the top of the file
2 years ago
feat: initial setup of CICD and linting
2 years ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: initial setup of CICD and linting
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: initial setup of CICD and linting
2 years ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
test: updated docstrings to pass checks
2 years ago
test: added more openid tests
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added load authorization config test
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: initial setup of CICD and linting
2 years ago
feat: add unit tests
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: add unit tests
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: add unit tests
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: add unit tests
2 years ago
fix: applied tox linting check
2 years ago
feat: add unit tests
2 years ago
fix: applied tox linting check
2 years ago
feat: add unit tests
2 years ago
fix: applied tox linting check
2 years ago
feat: add unit tests
2 years ago
feat: add Keycloak UMA client (#403)
1 year ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
feat: add Keycloak UMA client (#403)
1 year ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
feat: add Keycloak UMA client (#403)
1 year ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
feat: add Keycloak UMA client (#403)
1 year ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
  1. """Fixtures for tests."""
  3. import ipaddress
  4. import os
  5. import uuid
  6. from datetime import datetime, timedelta
  7. from typing import Tuple
  9. import freezegun
  10. import pytest
  11. from cryptography import x509
  12. from cryptography.hazmat.backends import default_backend
  13. from cryptography.hazmat.primitives import hashes, serialization
  14. from cryptography.hazmat.primitives.asymmetric import rsa
  15. from cryptography.x509.oid import NameOID
  17. from keycloak import KeycloakAdmin, KeycloakOpenID, KeycloakOpenIDConnection, KeycloakUMA
  20. class KeycloakTestEnv(object):
  21. """Wrapper for test Keycloak connection configuration.
  23. :param host: Hostname
  24. :type host: str
  25. :param port: Port
  26. :type port: str
  27. :param username: Admin username
  28. :type username: str
  29. :param password: Admin password
  30. :type password: str
  31. """
  33. def __init__(
  34. self,
  35. host: str = os.environ["KEYCLOAK_HOST"],
  36. port: str = os.environ["KEYCLOAK_PORT"],
  37. username: str = os.environ["KEYCLOAK_ADMIN"],
  38. password: str = os.environ["KEYCLOAK_ADMIN_PASSWORD"],
  39. ):
  40. """Init method.
  42. :param host: Hostname
  43. :type host: str
  44. :param port: Port
  45. :type port: str
  46. :param username: Admin username
  47. :type username: str
  48. :param password: Admin password
  49. :type password: str
  50. """
  51. self.KEYCLOAK_HOST = host
  52. self.KEYCLOAK_PORT = port
  53. self.KEYCLOAK_ADMIN = username
  54. self.KEYCLOAK_ADMIN_PASSWORD = password
  56. @property
  57. def KEYCLOAK_HOST(self):
  58. """Hostname getter.
  60. :returns: Keycloak host
  61. :rtype: str
  62. """
  63. return self._KEYCLOAK_HOST
  65. @KEYCLOAK_HOST.setter
  66. def KEYCLOAK_HOST(self, value: str):
  67. """Hostname setter.
  69. :param value: Keycloak host
  70. :type value: str
  71. """
  72. self._KEYCLOAK_HOST = value
  74. @property
  75. def KEYCLOAK_PORT(self):
  76. """Port getter.
  78. :returns: Keycloak port
  79. :rtype: str
  80. """
  81. return self._KEYCLOAK_PORT
  83. @KEYCLOAK_PORT.setter
  84. def KEYCLOAK_PORT(self, value: str):
  85. """Port setter.
  87. :param value: Keycloak port
  88. :type value: str
  89. """
  90. self._KEYCLOAK_PORT = value
  92. @property
  93. def KEYCLOAK_ADMIN(self):
  94. """Admin username getter.
  96. :returns: Admin username
  97. :rtype: str
  98. """
  99. return self._KEYCLOAK_ADMIN
  101. @KEYCLOAK_ADMIN.setter
  102. def KEYCLOAK_ADMIN(self, value: str):
  103. """Admin username setter.
  105. :param value: Admin username
  106. :type value: str
  107. """
  108. self._KEYCLOAK_ADMIN = value
  110. @property
  111. def KEYCLOAK_ADMIN_PASSWORD(self):
  112. """Admin password getter.
  114. :returns: Admin password
  115. :rtype: str
  116. """
  117. return self._KEYCLOAK_ADMIN_PASSWORD
  119. @KEYCLOAK_ADMIN_PASSWORD.setter
  120. def KEYCLOAK_ADMIN_PASSWORD(self, value: str):
  121. """Admin password setter.
  123. :param value: Admin password
  124. :type value: str
  125. """
  126. self._KEYCLOAK_ADMIN_PASSWORD = value
  129. @pytest.fixture
  130. def env():
  131. """Fixture for getting the test environment configuration object.
  133. :returns: Keycloak test environment object
  134. :rtype: KeycloakTestEnv
  135. """
  136. return KeycloakTestEnv()
  139. @pytest.fixture
  140. def admin(env: KeycloakTestEnv):
  141. """Fixture for initialized KeycloakAdmin class.
  143. :param env: Keycloak test environment
  144. :type env: KeycloakTestEnv
  145. :returns: Keycloak admin
  146. :rtype: KeycloakAdmin
  147. """
  148. return KeycloakAdmin(
  149. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  150. username=env.KEYCLOAK_ADMIN,
  151. password=env.KEYCLOAK_ADMIN_PASSWORD,
  152. )
  155. @pytest.fixture
  156. @freezegun.freeze_time("2023-02-25 10:00:00")
  157. def admin_frozen(env: KeycloakTestEnv):
  158. """Fixture for initialized KeycloakAdmin class, with time frozen.
  160. :param env: Keycloak test environment
  161. :type env: KeycloakTestEnv
  162. :returns: Keycloak admin
  163. :rtype: KeycloakAdmin
  164. """
  165. return KeycloakAdmin(
  166. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  167. username=env.KEYCLOAK_ADMIN,
  168. password=env.KEYCLOAK_ADMIN_PASSWORD,
  169. )
  172. @pytest.fixture
  173. def oid(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin):
  174. """Fixture for initialized KeycloakOpenID class.
  176. :param env: Keycloak test environment
  177. :type env: KeycloakTestEnv
  178. :param realm: Keycloak realm
  179. :type realm: str
  180. :param admin: Keycloak admin
  181. :type admin: KeycloakAdmin
  182. :yields: Keycloak OpenID client
  183. :rtype: KeycloakOpenID
  184. """
  185. # Set the realm
  186. admin.realm_name = realm
  187. # Create client
  188. client = str(uuid.uuid4())
  189. client_id = admin.create_client(
  190. payload={
  191. "name": client,
  192. "clientId": client,
  193. "enabled": True,
  194. "publicClient": True,
  195. "protocol": "openid-connect",
  196. }
  197. )
  198. # Return OID
  199. yield KeycloakOpenID(
  200. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  201. realm_name=realm,
  202. client_id=client,
  203. )
  204. # Cleanup
  205. admin.delete_client(client_id=client_id)
  208. @pytest.fixture
  209. def oid_with_credentials(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin):
  210. """Fixture for an initialized KeycloakOpenID class and a random user credentials.
  212. :param env: Keycloak test environment
  213. :type env: KeycloakTestEnv
  214. :param realm: Keycloak realm
  215. :type realm: str
  216. :param admin: Keycloak admin
  217. :type admin: KeycloakAdmin
  218. :yields: Keycloak OpenID client with user credentials
  219. :rtype: Tuple[KeycloakOpenID, str, str]
  220. """
  221. # Set the realm
  222. admin.realm_name = realm
  223. # Create client
  224. client = str(uuid.uuid4())
  225. secret = str(uuid.uuid4())
  226. client_id = admin.create_client(
  227. payload={
  228. "name": client,
  229. "clientId": client,
  230. "enabled": True,
  231. "publicClient": False,
  232. "protocol": "openid-connect",
  233. "secret": secret,
  234. "clientAuthenticatorType": "client-secret",
  235. }
  236. )
  237. # Create user
  238. username = str(uuid.uuid4())
  239. password = str(uuid.uuid4())
  240. user_id = admin.create_user(
  241. payload={
  242. "username": username,
  243. "email": f"{username}@test.test",
  244. "enabled": True,
  245. "credentials": [{"type": "password", "value": password}],
  246. }
  247. )
  249. yield (
  250. KeycloakOpenID(
  251. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  252. realm_name=realm,
  253. client_id=client,
  254. client_secret_key=secret,
  255. ),
  256. username,
  257. password,
  258. )
  260. # Cleanup
  261. admin.delete_client(client_id=client_id)
  262. admin.delete_user(user_id=user_id)
  265. @pytest.fixture
  266. def oid_with_credentials_authz(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin):
  267. """Fixture for an initialized KeycloakOpenID class and a random user credentials.
  269. :param env: Keycloak test environment
  270. :type env: KeycloakTestEnv
  271. :param realm: Keycloak realm
  272. :type realm: str
  273. :param admin: Keycloak admin
  274. :type admin: KeycloakAdmin
  275. :yields: Keycloak OpenID client configured as an authorization server with client credentials
  276. :rtype: Tuple[KeycloakOpenID, str, str]
  277. """
  278. # Set the realm
  279. admin.realm_name = realm
  280. # Create client
  281. client = str(uuid.uuid4())
  282. secret = str(uuid.uuid4())
  283. client_id = admin.create_client(
  284. payload={
  285. "name": client,
  286. "clientId": client,
  287. "enabled": True,
  288. "publicClient": False,
  289. "protocol": "openid-connect",
  290. "secret": secret,
  291. "clientAuthenticatorType": "client-secret",
  292. "authorizationServicesEnabled": True,
  293. "serviceAccountsEnabled": True,
  294. }
  295. )
  296. admin.create_client_authz_role_based_policy(
  297. client_id=client_id,
  298. payload={
  299. "name": "test-authz-rb-policy",
  300. "roles": [{"id": admin.get_realm_role(role_name="offline_access")["id"]}],
  301. },
  302. )
  303. # Create user
  304. username = str(uuid.uuid4())
  305. password = str(uuid.uuid4())
  306. user_id = admin.create_user(
  307. payload={
  308. "username": username,
  309. "email": f"{username}@test.test",
  310. "enabled": True,
  311. "credentials": [{"type": "password", "value": password}],
  312. }
  313. )
  315. yield (
  316. KeycloakOpenID(
  317. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  318. realm_name=realm,
  319. client_id=client,
  320. client_secret_key=secret,
  321. ),
  322. username,
  323. password,
  324. )
  326. # Cleanup
  327. admin.delete_client(client_id=client_id)
  328. admin.delete_user(user_id=user_id)
  331. @pytest.fixture
  332. def realm(admin: KeycloakAdmin) -> str:
  333. """Fixture for a new random realm.
  335. :param admin: Keycloak admin
  336. :type admin: KeycloakAdmin
  337. :yields: Keycloak realm
  338. :rtype: str
  339. """
  340. realm_name = str(uuid.uuid4())
  341. admin.create_realm(payload={"realm": realm_name, "enabled": True})
  342. yield realm_name
  343. admin.delete_realm(realm_name=realm_name)
  346. @pytest.fixture
  347. def user(admin: KeycloakAdmin, realm: str) -> str:
  348. """Fixture for a new random user.
  350. :param admin: Keycloak admin
  351. :type admin: KeycloakAdmin
  352. :param realm: Keycloak realm
  353. :type realm: str
  354. :yields: Keycloak user
  355. :rtype: str
  356. """
  357. admin.realm_name = realm
  358. username = str(uuid.uuid4())
  359. user_id = admin.create_user(payload={"username": username, "email": f"{username}@test.test"})
  360. yield user_id
  361. admin.delete_user(user_id=user_id)
  364. @pytest.fixture
  365. def group(admin: KeycloakAdmin, realm: str) -> str:
  366. """Fixture for a new random group.
  368. :param admin: Keycloak admin
  369. :type admin: KeycloakAdmin
  370. :param realm: Keycloak realm
  371. :type realm: str
  372. :yields: Keycloak group
  373. :rtype: str
  374. """
  375. admin.realm_name = realm
  376. group_name = str(uuid.uuid4())
  377. group_id = admin.create_group(payload={"name": group_name})
  378. yield group_id
  379. admin.delete_group(group_id=group_id)
  382. @pytest.fixture
  383. def client(admin: KeycloakAdmin, realm: str) -> str:
  384. """Fixture for a new random client.
  386. :param admin: Keycloak admin
  387. :type admin: KeycloakAdmin
  388. :param realm: Keycloak realm
  389. :type realm: str
  390. :yields: Keycloak client id
  391. :rtype: str
  392. """
  393. admin.realm_name = realm
  394. client = str(uuid.uuid4())
  395. client_id = admin.create_client(payload={"name": client, "clientId": client})
  396. yield client_id
  397. admin.delete_client(client_id=client_id)
  400. @pytest.fixture
  401. def client_role(admin: KeycloakAdmin, realm: str, client: str) -> str:
  402. """Fixture for a new random client role.
  404. :param admin: Keycloak admin
  405. :type admin: KeycloakAdmin
  406. :param realm: Keycloak realm
  407. :type realm: str
  408. :param client: Keycloak client
  409. :type client: str
  410. :yields: Keycloak client role
  411. :rtype: str
  412. """
  413. admin.realm_name = realm
  414. role = str(uuid.uuid4())
  415. admin.create_client_role(client, {"name": role, "composite": False})
  416. yield role
  417. admin.delete_client_role(client, role)
  420. @pytest.fixture
  421. def composite_client_role(admin: KeycloakAdmin, realm: str, client: str, client_role: str) -> str:
  422. """Fixture for a new random composite client role.
  424. :param admin: Keycloak admin
  425. :type admin: KeycloakAdmin
  426. :param realm: Keycloak realm
  427. :type realm: str
  428. :param client: Keycloak client
  429. :type client: str
  430. :param client_role: Keycloak client role
  431. :type client_role: str
  432. :yields: Composite client role
  433. :rtype: str
  434. """
  435. admin.realm_name = realm
  436. role = str(uuid.uuid4())
  437. admin.create_client_role(client, {"name": role, "composite": True})
  438. role_repr = admin.get_client_role(client, client_role)
  439. admin.add_composite_client_roles_to_role(client, role, roles=[role_repr])
  440. yield role
  441. admin.delete_client_role(client, role)
  444. @pytest.fixture
  445. def selfsigned_cert():
  446. """Generate self signed certificate for a hostname, and optional IP addresses.
  448. :returns: Selfsigned certificate
  449. :rtype: Tuple[str, str]
  450. """
  451. hostname = "testcert"
  452. ip_addresses = None
  453. key = None
  454. # Generate our key
  455. if key is None:
  456. key = rsa.generate_private_key(
  457. public_exponent=65537, key_size=2048, backend=default_backend()
  458. )
  460. name = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, hostname)])
  461. alt_names = [x509.DNSName(hostname)]
  463. # allow addressing by IP, for when you don't have real DNS (common in most testing scenarios
  464. if ip_addresses:
  465. for addr in ip_addresses:
  466. # openssl wants DNSnames for ips...
  467. alt_names.append(x509.DNSName(addr))
  468. # ... whereas golang's crypto/tls is stricter, and needs IPAddresses
  469. # note: older versions of cryptography do not understand ip_address objects
  470. alt_names.append(x509.IPAddress(ipaddress.ip_address(addr)))
  472. san = x509.SubjectAlternativeName(alt_names)
  474. # path_len=0 means this cert can only sign itself, not other certs.
  475. basic_contraints = x509.BasicConstraints(ca=True, path_length=0)
  476. now = datetime.utcnow()
  477. cert = (
  478. x509.CertificateBuilder()
  479. .subject_name(name)
  480. .issuer_name(name)
  481. .public_key(key.public_key())
  482. .serial_number(1000)
  483. .not_valid_before(now)
  484. .not_valid_after(now + timedelta(days=10 * 365))
  485. .add_extension(basic_contraints, False)
  486. .add_extension(san, False)
  487. .sign(key, hashes.SHA256(), default_backend())
  488. )
  489. cert_pem = cert.public_bytes(encoding=serialization.Encoding.PEM)
  490. key_pem = key.private_bytes(
  491. encoding=serialization.Encoding.PEM,
  492. format=serialization.PrivateFormat.TraditionalOpenSSL,
  493. encryption_algorithm=serialization.NoEncryption(),
  494. )
  496. return cert_pem, key_pem
  499. @pytest.fixture
  500. def oid_connection_with_authz(oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]):
  501. """Fixture for initialized KeycloakUMA class.
  503. :param oid_with_credentials_authz: Keycloak OpenID client with pre-configured user credentials
  504. :type oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]
  505. :yields: Keycloak OpenID connection manager
  506. :rtype: KeycloakOpenIDConnection
  507. """
  508. oid, _, _ = oid_with_credentials_authz
  509. connection = KeycloakOpenIDConnection(
  510. server_url=oid.connection.base_url,
  511. realm_name=oid.realm_name,
  512. client_id=oid.client_id,
  513. client_secret_key=oid.client_secret_key,
  514. timeout=60,
  515. )
  516. yield connection
  519. @pytest.fixture
  520. def uma(oid_connection_with_authz: KeycloakOpenIDConnection):
  521. """Fixture for initialized KeycloakUMA class.
  523. :param oid_connection_with_authz: Keycloak open id connection with pre-configured authz client
  524. :type oid_connection_with_authz: KeycloakOpenIDConnection
  525. :yields: Keycloak OpenID client
  526. :rtype: KeycloakOpenID
  527. """
  528. connection = oid_connection_with_authz
  529. # Return UMA
  530. yield KeycloakUMA(connection=connection)