Mirror
/
python-keycloak
mirror of https://github.com/marcospereirampj/python-keycloak.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
629 Commits
16 Branches
109 Tags
19 MiB
Tree: fb942c11d8
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'fb942c11d8'
${ noResults }
python-keycloak/tests/conftest.py

346 lines
10 KiB
Raw Normal View History

test: added auth_url and token tests, more structure to fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
refactor: slight restructure of the base fixtures
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added load authorization config test
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
feat: initial setup of CICD and linting
2 years ago
feat: add unit tests
2 years ago
  1. """Fixtures for tests."""
  3. import os
  4. import uuid
  6. import pytest
  8. from keycloak import KeycloakAdmin, KeycloakOpenID
  11. class KeycloakTestEnv(object):
  12. """Wrapper for test Keycloak connection configuration.
  14. :param host: Hostname
  15. :type host: str
  16. :param port: Port
  17. :type port: str
  18. :param username: Admin username
  19. :type username: str
  20. :param password: Admin password
  21. :type password: str
  22. """
  24. def __init__(
  25. self,
  26. host: str = os.environ["KEYCLOAK_HOST"],
  27. port: str = os.environ["KEYCLOAK_PORT"],
  28. username: str = os.environ["KEYCLOAK_ADMIN"],
  29. password: str = os.environ["KEYCLOAK_ADMIN_PASSWORD"],
  30. ):
  31. """Init method."""
  32. self.KEYCLOAK_HOST = host
  33. self.KEYCLOAK_PORT = port
  34. self.KEYCLOAK_ADMIN = username
  35. self.KEYCLOAK_ADMIN_PASSWORD = password
  37. @property
  38. def KEYCLOAK_HOST(self):
  39. """Hostname getter."""
  40. return self._KEYCLOAK_HOST
  42. @KEYCLOAK_HOST.setter
  43. def KEYCLOAK_HOST(self, value: str):
  44. """Hostname setter."""
  45. self._KEYCLOAK_HOST = value
  47. @property
  48. def KEYCLOAK_PORT(self):
  49. """Port getter."""
  50. return self._KEYCLOAK_PORT
  52. @KEYCLOAK_PORT.setter
  53. def KEYCLOAK_PORT(self, value: str):
  54. """Port setter."""
  55. self._KEYCLOAK_PORT = value
  57. @property
  58. def KEYCLOAK_ADMIN(self):
  59. """Admin username getter."""
  60. return self._KEYCLOAK_ADMIN
  62. @KEYCLOAK_ADMIN.setter
  63. def KEYCLOAK_ADMIN(self, value: str):
  64. """Admin username setter."""
  65. self._KEYCLOAK_ADMIN = value
  67. @property
  68. def KEYCLOAK_ADMIN_PASSWORD(self):
  69. """Admin password getter."""
  70. return self._KEYCLOAK_ADMIN_PASSWORD
  72. @KEYCLOAK_ADMIN_PASSWORD.setter
  73. def KEYCLOAK_ADMIN_PASSWORD(self, value: str):
  74. """Admin password setter."""
  75. self._KEYCLOAK_ADMIN_PASSWORD = value
  78. @pytest.fixture
  79. def env():
  80. """Fixture for getting the test environment configuration object."""
  81. return KeycloakTestEnv()
  84. @pytest.fixture
  85. def admin(env: KeycloakTestEnv):
  86. """Fixture for initialized KeycloakAdmin class."""
  87. return KeycloakAdmin(
  88. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  89. username=env.KEYCLOAK_ADMIN,
  90. password=env.KEYCLOAK_ADMIN_PASSWORD,
  91. )
  94. @pytest.fixture
  95. def oid(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin):
  96. """Fixture for initialized KeycloakOpenID class."""
  97. # Set the realm
  98. admin.realm_name = realm
  99. # Create client
  100. client = str(uuid.uuid4())
  101. client_id = admin.create_client(
  102. payload={
  103. "name": client,
  104. "clientId": client,
  105. "enabled": True,
  106. "publicClient": True,
  107. "protocol": "openid-connect",
  108. }
  109. )
  110. # Return OID
  111. yield KeycloakOpenID(
  112. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  113. realm_name=realm,
  114. client_id=client,
  115. )
  116. # Cleanup
  117. admin.delete_client(client_id=client_id)
  120. @pytest.fixture
  121. def oid_with_credentials(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin):
  122. """Fixture for an initialized KeycloakOpenID class and a random user credentials."""
  123. # Set the realm
  124. admin.realm_name = realm
  125. # Create client
  126. client = str(uuid.uuid4())
  127. secret = str(uuid.uuid4())
  128. client_id = admin.create_client(
  129. payload={
  130. "name": client,
  131. "clientId": client,
  132. "enabled": True,
  133. "publicClient": False,
  134. "protocol": "openid-connect",
  135. "secret": secret,
  136. "clientAuthenticatorType": "client-secret",
  137. }
  138. )
  139. # Create user
  140. username = str(uuid.uuid4())
  141. password = str(uuid.uuid4())
  142. user_id = admin.create_user(
  143. payload={
  144. "username": username,
  145. "email": f"{username}@test.test",
  146. "enabled": True,
  147. "credentials": [{"type": "password", "value": password}],
  148. }
  149. )
  151. yield (
  152. KeycloakOpenID(
  153. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  154. realm_name=realm,
  155. client_id=client,
  156. client_secret_key=secret,
  157. ),
  158. username,
  159. password,
  160. )
  162. # Cleanup
  163. admin.delete_client(client_id=client_id)
  164. admin.delete_user(user_id=user_id)
  167. @pytest.fixture
  168. def oid_with_credentials_authz(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin):
  169. """Fixture for an initialized KeycloakOpenID class and a random user credentials."""
  170. # Set the realm
  171. admin.realm_name = realm
  172. # Create client
  173. client = str(uuid.uuid4())
  174. secret = str(uuid.uuid4())
  175. client_id = admin.create_client(
  176. payload={
  177. "name": client,
  178. "clientId": client,
  179. "enabled": True,
  180. "publicClient": False,
  181. "protocol": "openid-connect",
  182. "secret": secret,
  183. "clientAuthenticatorType": "client-secret",
  184. "authorizationServicesEnabled": True,
  185. "serviceAccountsEnabled": True,
  186. }
  187. )
  188. admin.create_client_authz_role_based_policy(
  189. client_id=client_id,
  190. payload={
  191. "name": "test-authz-rb-policy",
  192. "roles": [{"id": admin.get_realm_role(role_name="offline_access")["id"]}],
  193. },
  194. )
  195. # Create user
  196. username = str(uuid.uuid4())
  197. password = str(uuid.uuid4())
  198. user_id = admin.create_user(
  199. payload={
  200. "username": username,
  201. "email": f"{username}@test.test",
  202. "enabled": True,
  203. "credentials": [{"type": "password", "value": password}],
  204. }
  205. )
  207. yield (
  208. KeycloakOpenID(
  209. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  210. realm_name=realm,
  211. client_id=client,
  212. client_secret_key=secret,
  213. ),
  214. username,
  215. password,
  216. )
  218. # Cleanup
  219. admin.delete_client(client_id=client_id)
  220. admin.delete_user(user_id=user_id)
  223. @pytest.fixture
  224. def realm(admin: KeycloakAdmin) -> str:
  225. """Fixture for a new random realm."""
  226. realm_name = str(uuid.uuid4())
  227. admin.create_realm(payload={"realm": realm_name, "enabled": True})
  228. yield realm_name
  229. admin.delete_realm(realm_name=realm_name)
  232. @pytest.fixture
  233. def user(admin: KeycloakAdmin, realm: str) -> str:
  234. """Fixture for a new random user."""
  235. admin.realm_name = realm
  236. username = str(uuid.uuid4())
  237. user_id = admin.create_user(payload={"username": username, "email": f"{username}@test.test"})
  238. yield user_id
  239. admin.delete_user(user_id=user_id)
  242. @pytest.fixture
  243. def group(admin: KeycloakAdmin, realm: str) -> str:
  244. """Fixture for a new random group."""
  245. admin.realm_name = realm
  246. group_name = str(uuid.uuid4())
  247. group_id = admin.create_group(payload={"name": group_name})
  248. yield group_id
  249. admin.delete_group(group_id=group_id)
  252. @pytest.fixture
  253. def client(admin: KeycloakAdmin, realm: str) -> str:
  254. """Fixture for a new random client."""
  255. admin.realm_name = realm
  256. client = str(uuid.uuid4())
  257. client_id = admin.create_client(payload={"name": client, "clientId": client})
  258. yield client_id
  259. admin.delete_client(client_id=client_id)
  262. @pytest.fixture
  263. def client_role(admin: KeycloakAdmin, realm: str, client: str) -> str:
  264. """Fixture for a new random client role."""
  265. admin.realm_name = realm
  266. role = str(uuid.uuid4())
  267. admin.create_client_role(client, {"name": role, "composite": False})
  268. yield role
  269. admin.delete_client_role(client, role)
  272. @pytest.fixture
  273. def composite_client_role(admin: KeycloakAdmin, realm: str, client: str, client_role: str) -> str:
  274. """Fixture for a new random composite client role."""
  275. admin.realm_name = realm
  276. role = str(uuid.uuid4())
  277. admin.create_client_role(client, {"name": role, "composite": True})
  278. role_repr = admin.get_client_role(client, client_role)
  279. admin.add_composite_client_roles_to_role(client, role, roles=[role_repr])
  280. yield role
  281. admin.delete_client_role(client, role)
  284. @pytest.fixture
  285. def selfsigned_cert():
  286. """Generates self signed certificate for a hostname, and optional IP addresses."""
  287. from cryptography import x509
  288. from cryptography.x509.oid import NameOID
  289. from cryptography.hazmat.primitives import hashes
  290. from cryptography.hazmat.backends import default_backend
  291. from cryptography.hazmat.primitives import serialization
  292. from cryptography.hazmat.primitives.asymmetric import rsa
  293. from datetime import datetime, timedelta
  294. import ipaddress
  295. hostname = "testcert"
  296. ip_addresses = None
  297. key = None
  298. # Generate our key
  299. if key is None:
  300. key = rsa.generate_private_key(
  301. public_exponent=65537,
  302. key_size=2048,
  303. backend=default_backend(),
  304. )
  306. name = x509.Name([
  307. x509.NameAttribute(NameOID.COMMON_NAME, hostname)
  308. ])
  310. # best practice seem to be to include the hostname in the SAN, which *SHOULD* mean COMMON_NAME is ignored.
  311. alt_names = [x509.DNSName(hostname)]
  313. # allow addressing by IP, for when you don't have real DNS (common in most testing scenarios
  314. if ip_addresses:
  315. for addr in ip_addresses:
  316. # openssl wants DNSnames for ips...
  317. alt_names.append(x509.DNSName(addr))
  318. # ... whereas golang's crypto/tls is stricter, and needs IPAddresses
  319. # note: older versions of cryptography do not understand ip_address objects
  320. alt_names.append(x509.IPAddress(ipaddress.ip_address(addr)))
  322. san = x509.SubjectAlternativeName(alt_names)
  324. # path_len=0 means this cert can only sign itself, not other certs.
  325. basic_contraints = x509.BasicConstraints(ca=True, path_length=0)
  326. now = datetime.utcnow()
  327. cert = (
  328. x509.CertificateBuilder()
  329. .subject_name(name)
  330. .issuer_name(name)
  331. .public_key(key.public_key())
  332. .serial_number(1000)
  333. .not_valid_before(now)
  334. .not_valid_after(now + timedelta(days=10*365))
  335. .add_extension(basic_contraints, False)
  336. .add_extension(san, False)
  337. .sign(key, hashes.SHA256(), default_backend())
  338. )
  339. cert_pem = cert.public_bytes(encoding=serialization.Encoding.PEM)
  340. key_pem = key.private_bytes(
  341. encoding=serialization.Encoding.PEM,
  342. format=serialization.PrivateFormat.TraditionalOpenSSL,
  343. encryption_algorithm=serialization.NoEncryption(),
  344. )
  346. return cert_pem, key_pem