Mirror
/
python-keycloak
mirror of https://github.com/marcospereirampj/python-keycloak.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
697 Commits
15 Branches
98 Tags
17 MiB
Tree: 8496356103
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8496356103'
${ noResults }
python-keycloak/tests/conftest.py

477 lines
13 KiB
Raw Normal View History

test: added auth_url and token tests, more structure to fixtures
2 years ago
fix: linting
2 years ago
feat: initial setup of CICD and linting
2 years ago
fix: moved imports at the top of the file
2 years ago
fix: linting
2 years ago
fix: moved imports at the top of the file
2 years ago
feat: initial setup of CICD and linting
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: initial setup of CICD and linting
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: initial setup of CICD and linting
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
test: updated docstrings to pass checks
2 years ago
test: added more openid tests
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added load authorization config test
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: initial setup of CICD and linting
2 years ago
feat: add unit tests
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: add unit tests
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: add unit tests
2 years ago
test: updated docstrings to pass checks
2 years ago
feat: add unit tests
2 years ago
fix: applied tox linting check
2 years ago
feat: add unit tests
2 years ago
fix: applied tox linting check
2 years ago
feat: add unit tests
2 years ago
fix: applied tox linting check
2 years ago
feat: add unit tests
2 years ago
  1. """Fixtures for tests."""
  3. import ipaddress
  4. import os
  5. import uuid
  6. from datetime import datetime, timedelta
  8. import pytest
  9. from cryptography import x509
  10. from cryptography.hazmat.backends import default_backend
  11. from cryptography.hazmat.primitives import hashes, serialization
  12. from cryptography.hazmat.primitives.asymmetric import rsa
  13. from cryptography.x509.oid import NameOID
  15. from keycloak import KeycloakAdmin, KeycloakOpenID
  18. class KeycloakTestEnv(object):
  19. """Wrapper for test Keycloak connection configuration.
  21. :param host: Hostname
  22. :type host: str
  23. :param port: Port
  24. :type port: str
  25. :param username: Admin username
  26. :type username: str
  27. :param password: Admin password
  28. :type password: str
  29. """
  31. def __init__(
  32. self,
  33. host: str = os.environ["KEYCLOAK_HOST"],
  34. port: str = os.environ["KEYCLOAK_PORT"],
  35. username: str = os.environ["KEYCLOAK_ADMIN"],
  36. password: str = os.environ["KEYCLOAK_ADMIN_PASSWORD"],
  37. ):
  38. """Init method.
  40. :param host: Hostname
  41. :type host: str
  42. :param port: Port
  43. :type port: str
  44. :param username: Admin username
  45. :type username: str
  46. :param password: Admin password
  47. :type password: str
  48. """
  49. self.KEYCLOAK_HOST = host
  50. self.KEYCLOAK_PORT = port
  51. self.KEYCLOAK_ADMIN = username
  52. self.KEYCLOAK_ADMIN_PASSWORD = password
  54. @property
  55. def KEYCLOAK_HOST(self):
  56. """Hostname getter.
  58. :returns: Keycloak host
  59. :rtype: str
  60. """
  61. return self._KEYCLOAK_HOST
  63. @KEYCLOAK_HOST.setter
  64. def KEYCLOAK_HOST(self, value: str):
  65. """Hostname setter.
  67. :param value: Keycloak host
  68. :type value: str
  69. """
  70. self._KEYCLOAK_HOST = value
  72. @property
  73. def KEYCLOAK_PORT(self):
  74. """Port getter.
  76. :returns: Keycloak port
  77. :rtype: str
  78. """
  79. return self._KEYCLOAK_PORT
  81. @KEYCLOAK_PORT.setter
  82. def KEYCLOAK_PORT(self, value: str):
  83. """Port setter.
  85. :param value: Keycloak port
  86. :type value: str
  87. """
  88. self._KEYCLOAK_PORT = value
  90. @property
  91. def KEYCLOAK_ADMIN(self):
  92. """Admin username getter.
  94. :returns: Admin username
  95. :rtype: str
  96. """
  97. return self._KEYCLOAK_ADMIN
  99. @KEYCLOAK_ADMIN.setter
  100. def KEYCLOAK_ADMIN(self, value: str):
  101. """Admin username setter.
  103. :param value: Admin username
  104. :type value: str
  105. """
  106. self._KEYCLOAK_ADMIN = value
  108. @property
  109. def KEYCLOAK_ADMIN_PASSWORD(self):
  110. """Admin password getter.
  112. :returns: Admin password
  113. :rtype: str
  114. """
  115. return self._KEYCLOAK_ADMIN_PASSWORD
  117. @KEYCLOAK_ADMIN_PASSWORD.setter
  118. def KEYCLOAK_ADMIN_PASSWORD(self, value: str):
  119. """Admin password setter.
  121. :param value: Admin password
  122. :type value: str
  123. """
  124. self._KEYCLOAK_ADMIN_PASSWORD = value
  127. @pytest.fixture
  128. def env():
  129. """Fixture for getting the test environment configuration object.
  131. :returns: Keycloak test environment object
  132. :rtype: KeycloakTestEnv
  133. """
  134. return KeycloakTestEnv()
  137. @pytest.fixture
  138. def admin(env: KeycloakTestEnv):
  139. """Fixture for initialized KeycloakAdmin class.
  141. :param env: Keycloak test environment
  142. :type env: KeycloakTestEnv
  143. :returns: Keycloak admin
  144. :rtype: KeycloakAdmin
  145. """
  146. return KeycloakAdmin(
  147. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  148. username=env.KEYCLOAK_ADMIN,
  149. password=env.KEYCLOAK_ADMIN_PASSWORD,
  150. )
  153. @pytest.fixture
  154. def oid(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin):
  155. """Fixture for initialized KeycloakOpenID class.
  157. :param env: Keycloak test environment
  158. :type env: KeycloakTestEnv
  159. :param realm: Keycloak realm
  160. :type realm: str
  161. :param admin: Keycloak admin
  162. :type admin: KeycloakAdmin
  163. :yields: Keycloak OpenID client
  164. :rtype: KeycloakOpenID
  165. """
  166. # Set the realm
  167. admin.realm_name = realm
  168. # Create client
  169. client = str(uuid.uuid4())
  170. client_id = admin.create_client(
  171. payload={
  172. "name": client,
  173. "clientId": client,
  174. "enabled": True,
  175. "publicClient": True,
  176. "protocol": "openid-connect",
  177. }
  178. )
  179. # Return OID
  180. yield KeycloakOpenID(
  181. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  182. realm_name=realm,
  183. client_id=client,
  184. )
  185. # Cleanup
  186. admin.delete_client(client_id=client_id)
  189. @pytest.fixture
  190. def oid_with_credentials(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin):
  191. """Fixture for an initialized KeycloakOpenID class and a random user credentials.
  193. :param env: Keycloak test environment
  194. :type env: KeycloakTestEnv
  195. :param realm: Keycloak realm
  196. :type realm: str
  197. :param admin: Keycloak admin
  198. :type admin: KeycloakAdmin
  199. :yields: Keycloak OpenID client with user credentials
  200. :rtype: Tuple[KeycloakOpenID, str, str]
  201. """
  202. # Set the realm
  203. admin.realm_name = realm
  204. # Create client
  205. client = str(uuid.uuid4())
  206. secret = str(uuid.uuid4())
  207. client_id = admin.create_client(
  208. payload={
  209. "name": client,
  210. "clientId": client,
  211. "enabled": True,
  212. "publicClient": False,
  213. "protocol": "openid-connect",
  214. "secret": secret,
  215. "clientAuthenticatorType": "client-secret",
  216. }
  217. )
  218. # Create user
  219. username = str(uuid.uuid4())
  220. password = str(uuid.uuid4())
  221. user_id = admin.create_user(
  222. payload={
  223. "username": username,
  224. "email": f"{username}@test.test",
  225. "enabled": True,
  226. "credentials": [{"type": "password", "value": password}],
  227. }
  228. )
  230. yield (
  231. KeycloakOpenID(
  232. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  233. realm_name=realm,
  234. client_id=client,
  235. client_secret_key=secret,
  236. ),
  237. username,
  238. password,
  239. )
  241. # Cleanup
  242. admin.delete_client(client_id=client_id)
  243. admin.delete_user(user_id=user_id)
  246. @pytest.fixture
  247. def oid_with_credentials_authz(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin):
  248. """Fixture for an initialized KeycloakOpenID class and a random user credentials.
  250. :param env: Keycloak test environment
  251. :type env: KeycloakTestEnv
  252. :param realm: Keycloak realm
  253. :type realm: str
  254. :param admin: Keycloak admin
  255. :type admin: KeycloakAdmin
  256. :yields: Keycloak OpenID client configured as an authorization server with client credentials
  257. :rtype: Tuple[KeycloakOpenID, str, str]
  258. """
  259. # Set the realm
  260. admin.realm_name = realm
  261. # Create client
  262. client = str(uuid.uuid4())
  263. secret = str(uuid.uuid4())
  264. client_id = admin.create_client(
  265. payload={
  266. "name": client,
  267. "clientId": client,
  268. "enabled": True,
  269. "publicClient": False,
  270. "protocol": "openid-connect",
  271. "secret": secret,
  272. "clientAuthenticatorType": "client-secret",
  273. "authorizationServicesEnabled": True,
  274. "serviceAccountsEnabled": True,
  275. }
  276. )
  277. admin.create_client_authz_role_based_policy(
  278. client_id=client_id,
  279. payload={
  280. "name": "test-authz-rb-policy",
  281. "roles": [{"id": admin.get_realm_role(role_name="offline_access")["id"]}],
  282. },
  283. )
  284. # Create user
  285. username = str(uuid.uuid4())
  286. password = str(uuid.uuid4())
  287. user_id = admin.create_user(
  288. payload={
  289. "username": username,
  290. "email": f"{username}@test.test",
  291. "enabled": True,
  292. "credentials": [{"type": "password", "value": password}],
  293. }
  294. )
  296. yield (
  297. KeycloakOpenID(
  298. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  299. realm_name=realm,
  300. client_id=client,
  301. client_secret_key=secret,
  302. ),
  303. username,
  304. password,
  305. )
  307. # Cleanup
  308. admin.delete_client(client_id=client_id)
  309. admin.delete_user(user_id=user_id)
  312. @pytest.fixture
  313. def realm(admin: KeycloakAdmin) -> str:
  314. """Fixture for a new random realm.
  316. :param admin: Keycloak admin
  317. :type admin: KeycloakAdmin
  318. :yields: Keycloak realm
  319. :rtype: str
  320. """
  321. realm_name = str(uuid.uuid4())
  322. admin.create_realm(payload={"realm": realm_name, "enabled": True})
  323. yield realm_name
  324. admin.delete_realm(realm_name=realm_name)
  327. @pytest.fixture
  328. def user(admin: KeycloakAdmin, realm: str) -> str:
  329. """Fixture for a new random user.
  331. :param admin: Keycloak admin
  332. :type admin: KeycloakAdmin
  333. :param realm: Keycloak realm
  334. :type realm: str
  335. :yields: Keycloak user
  336. :rtype: str
  337. """
  338. admin.realm_name = realm
  339. username = str(uuid.uuid4())
  340. user_id = admin.create_user(payload={"username": username, "email": f"{username}@test.test"})
  341. yield user_id
  342. admin.delete_user(user_id=user_id)
  345. @pytest.fixture
  346. def group(admin: KeycloakAdmin, realm: str) -> str:
  347. """Fixture for a new random group.
  349. :param admin: Keycloak admin
  350. :type admin: KeycloakAdmin
  351. :param realm: Keycloak realm
  352. :type realm: str
  353. :yields: Keycloak group
  354. :rtype: str
  355. """
  356. admin.realm_name = realm
  357. group_name = str(uuid.uuid4())
  358. group_id = admin.create_group(payload={"name": group_name})
  359. yield group_id
  360. admin.delete_group(group_id=group_id)
  363. @pytest.fixture
  364. def client(admin: KeycloakAdmin, realm: str) -> str:
  365. """Fixture for a new random client.
  367. :param admin: Keycloak admin
  368. :type admin: KeycloakAdmin
  369. :param realm: Keycloak realm
  370. :type realm: str
  371. :yields: Keycloak client id
  372. :rtype: str
  373. """
  374. admin.realm_name = realm
  375. client = str(uuid.uuid4())
  376. client_id = admin.create_client(payload={"name": client, "clientId": client})
  377. yield client_id
  378. admin.delete_client(client_id=client_id)
  381. @pytest.fixture
  382. def client_role(admin: KeycloakAdmin, realm: str, client: str) -> str:
  383. """Fixture for a new random client role.
  385. :param admin: Keycloak admin
  386. :type admin: KeycloakAdmin
  387. :param realm: Keycloak realm
  388. :type realm: str
  389. :param client: Keycloak client
  390. :type client: str
  391. :yields: Keycloak client role
  392. :rtype: str
  393. """
  394. admin.realm_name = realm
  395. role = str(uuid.uuid4())
  396. admin.create_client_role(client, {"name": role, "composite": False})
  397. yield role
  398. admin.delete_client_role(client, role)
  401. @pytest.fixture
  402. def composite_client_role(admin: KeycloakAdmin, realm: str, client: str, client_role: str) -> str:
  403. """Fixture for a new random composite client role.
  405. :param admin: Keycloak admin
  406. :type admin: KeycloakAdmin
  407. :param realm: Keycloak realm
  408. :type realm: str
  409. :param client: Keycloak client
  410. :type client: str
  411. :param client_role: Keycloak client role
  412. :type client_role: str
  413. :yields: Composite client role
  414. :rtype: str
  415. """
  416. admin.realm_name = realm
  417. role = str(uuid.uuid4())
  418. admin.create_client_role(client, {"name": role, "composite": True})
  419. role_repr = admin.get_client_role(client, client_role)
  420. admin.add_composite_client_roles_to_role(client, role, roles=[role_repr])
  421. yield role
  422. admin.delete_client_role(client, role)
  425. @pytest.fixture
  426. def selfsigned_cert():
  427. """Generate self signed certificate for a hostname, and optional IP addresses.
  429. :returns: Selfsigned certificate
  430. :rtype: Tuple[str, str]
  431. """
  432. hostname = "testcert"
  433. ip_addresses = None
  434. key = None
  435. # Generate our key
  436. if key is None:
  437. key = rsa.generate_private_key(
  438. public_exponent=65537, key_size=2048, backend=default_backend()
  439. )
  441. name = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, hostname)])
  442. alt_names = [x509.DNSName(hostname)]
  444. # allow addressing by IP, for when you don't have real DNS (common in most testing scenarios
  445. if ip_addresses:
  446. for addr in ip_addresses:
  447. # openssl wants DNSnames for ips...
  448. alt_names.append(x509.DNSName(addr))
  449. # ... whereas golang's crypto/tls is stricter, and needs IPAddresses
  450. # note: older versions of cryptography do not understand ip_address objects
  451. alt_names.append(x509.IPAddress(ipaddress.ip_address(addr)))
  453. san = x509.SubjectAlternativeName(alt_names)
  455. # path_len=0 means this cert can only sign itself, not other certs.
  456. basic_contraints = x509.BasicConstraints(ca=True, path_length=0)
  457. now = datetime.utcnow()
  458. cert = (
  459. x509.CertificateBuilder()
  460. .subject_name(name)
  461. .issuer_name(name)
  462. .public_key(key.public_key())
  463. .serial_number(1000)
  464. .not_valid_before(now)
  465. .not_valid_after(now + timedelta(days=10 * 365))
  466. .add_extension(basic_contraints, False)
  467. .add_extension(san, False)
  468. .sign(key, hashes.SHA256(), default_backend())
  469. )
  470. cert_pem = cert.public_bytes(encoding=serialization.Encoding.PEM)
  471. key_pem = key.private_bytes(
  472. encoding=serialization.Encoding.PEM,
  473. format=serialization.PrivateFormat.TraditionalOpenSSL,
  474. encryption_algorithm=serialization.NoEncryption(),
  475. )
  477. return cert_pem, key_pem