From 4edff1e86efb9a95d2fdf5a8ef240a80c773d31d Mon Sep 17 00:00:00 2001 From: Richard Nemeth Date: Sat, 15 Jun 2024 13:57:53 +0200 Subject: [PATCH] test: updated test for keycloak 25 --- tests/test_keycloak_admin.py | 139 +++++++++++++++++++++-------------- 1 file changed, 83 insertions(+), 56 deletions(-) diff --git a/tests/test_keycloak_admin.py b/tests/test_keycloak_admin.py index 600bab6..c658846 100644 --- a/tests/test_keycloak_admin.py +++ b/tests/test_keycloak_admin.py @@ -1220,7 +1220,10 @@ def test_clients(admin: KeycloakAdmin, realm: str): with pytest.raises(KeycloakGetError) as err: admin.get_client_service_account_user(client_id=client_id) - assert err.match(UNKOWN_ERROR_REGEX) + + assert ('b\'{"error":"Service account not enabled for the client' in str(err)) or err.match( + UNKOWN_ERROR_REGEX + ) # Test delete client res = admin.delete_client(client_id=auth_client_id) @@ -1665,7 +1668,7 @@ def test_client_default_client_scopes(admin: KeycloakAdmin, realm: str, client: # Test get client default scopes # keycloak default roles: web-origins, acr, profile, roles, email default_client_scopes = admin.get_client_default_client_scopes(client_id) - assert len(default_client_scopes) == 5, default_client_scopes + assert len(default_client_scopes) in [6, 5], default_client_scopes # Test add a client scope to client default scopes default_client_scope = "test-client-default-scope" @@ -1685,12 +1688,12 @@ def test_client_default_client_scopes(admin: KeycloakAdmin, realm: str, client: client_id, new_client_scope_id, new_default_client_scope_data ) default_client_scopes = admin.get_client_default_client_scopes(client_id) - assert len(default_client_scopes) == 6, default_client_scopes + assert len(default_client_scopes) in [6, 7], default_client_scopes # Test remove a client default scope admin.delete_client_default_client_scope(client_id, new_client_scope_id) default_client_scopes = admin.get_client_default_client_scopes(client_id) - assert len(default_client_scopes) == 5, default_client_scopes + assert len(default_client_scopes) in [5, 6], default_client_scopes def test_client_optional_client_scopes(admin: KeycloakAdmin, realm: str, client: str): @@ -2170,7 +2173,7 @@ def test_auth_flows(admin: KeycloakAdmin, realm: str): # Test copying with pytest.raises(KeycloakPostError) as err: admin.copy_authentication_flow(payload=dict(), flow_alias="bad") - assert err.match("404: b''") + assert ('b\'{"error":"Flow not found"' in str(err)) or err.match("404: b''") res = admin.copy_authentication_flow(payload={"newName": "test-browser"}, flow_alias="browser") assert res == b"", res @@ -2193,23 +2196,26 @@ def test_auth_flows(admin: KeycloakAdmin, realm: str): assert len(res) == 8, res with pytest.raises(KeycloakGetError) as err: admin.get_authentication_flow_executions(flow_alias="bad") - assert err.match("404: b''") + assert ('b\'{"error":"Flow not found"' in str(err)) or err.match("404: b''") exec_id = res[0]["id"] res = admin.get_authentication_flow_execution(execution_id=exec_id) - assert set(res.keys()) == { - "alternative", - "authenticator", - "authenticatorFlow", - "conditional", - "disabled", - "enabled", - "id", - "parentFlow", - "priority", - "required", - "requirement", - }, res + assert set(res.keys()).issubset( + { + "alternative", + "authenticator", + "authenticatorFlow", + "autheticatorFlow", + "conditional", + "disabled", + "enabled", + "id", + "parentFlow", + "priority", + "required", + "requirement", + } + ), res.keys() with pytest.raises(KeycloakGetError) as err: admin.get_authentication_flow_execution(execution_id="bad") assert err.match(ILLEGAL_EXECUTION_REGEX) @@ -2232,7 +2238,7 @@ def test_auth_flows(admin: KeycloakAdmin, realm: str): payload = admin.get_authentication_flow_executions(flow_alias="test-create")[0] payload["displayName"] = "test" res = admin.update_authentication_flow_executions(payload=payload, flow_alias="test-create") - assert res + assert res or (res == {}) exec_id = admin.get_authentication_flow_executions(flow_alias="test-create")[0]["id"] res = admin.delete_authentication_flow_execution(execution_id=exec_id) @@ -2278,7 +2284,9 @@ def test_auth_flows(admin: KeycloakAdmin, realm: str): assert res == dict() with pytest.raises(KeycloakDeleteError) as err: admin.delete_authentication_flow(flow_id=flow_id) - assert err.match('404: b\'{"error":"Could not find flow with id".*}\'') + assert ('b\'{"error":"Could not find flow with id"' in str(err)) or ( + 'b\'{"error":"Flow not found"' in str(err) + ) def test_authentication_configs(admin: KeycloakAdmin, realm: str): @@ -2348,7 +2356,7 @@ def test_client_scopes(admin: KeycloakAdmin, realm: str): # Test get client scopes res = admin.get_client_scopes() scope_names = {x["name"] for x in res} - assert len(res) == 10 + assert len(res) in [10, 11] assert "email" in scope_names assert "profile" in scope_names assert "offline_access" in scope_names @@ -2364,12 +2372,18 @@ def test_client_scopes(admin: KeycloakAdmin, realm: str): assert res[0] == scope # Test create client scope - res = admin.create_client_scope(payload={"name": "test-scope"}, skip_exists=True) + res = admin.create_client_scope( + payload={"name": "test-scope", "protocol": "openid-connect"}, skip_exists=True + ) assert res - res2 = admin.create_client_scope(payload={"name": "test-scope"}, skip_exists=True) + res2 = admin.create_client_scope( + payload={"name": "test-scope", "protocol": "openid-connect"}, skip_exists=True + ) assert res == res2 with pytest.raises(KeycloakPostError) as err: - admin.create_client_scope(payload={"name": "test-scope"}, skip_exists=False) + admin.create_client_scope( + payload={"name": "test-scope", "protocol": "openid-connect"}, skip_exists=False + ) assert err.match('409: b\'{"errorMessage":"Client Scope test-scope already exists"}\'') # Test update client scope @@ -2433,7 +2447,7 @@ def test_client_scopes(admin: KeycloakAdmin, realm: str): # Test default default scopes res_defaults = admin.get_default_default_client_scopes() - assert len(res_defaults) == 6 + assert len(res_defaults) in [6, 7] with pytest.raises(KeycloakPutError) as err: admin.add_default_default_client_scope(scope_id="does-not-exist") @@ -2441,7 +2455,7 @@ def test_client_scopes(admin: KeycloakAdmin, realm: str): res_add = admin.add_default_default_client_scope(scope_id=res) assert res_add == dict() - assert len(admin.get_default_default_client_scopes()) == 7 + assert len(admin.get_default_default_client_scopes()) in [7, 8] with pytest.raises(KeycloakDeleteError) as err: admin.delete_default_default_client_scope(scope_id="does-not-exist") @@ -2449,7 +2463,7 @@ def test_client_scopes(admin: KeycloakAdmin, realm: str): res_del = admin.delete_default_default_client_scope(scope_id=res) assert res_del == dict() - assert len(admin.get_default_default_client_scopes()) == 6 + assert len(admin.get_default_default_client_scopes()) in [6, 7] # Test default optional scopes res_defaults = admin.get_default_optional_client_scopes() @@ -4193,7 +4207,9 @@ async def test_a_clients(admin: KeycloakAdmin, realm: str): with pytest.raises(KeycloakGetError) as err: await admin.a_get_client_service_account_user(client_id=client_id) - assert err.match(UNKOWN_ERROR_REGEX) + assert ('b\'{"error":"Service account not enabled for the client' in str(err)) or err.match( + UNKOWN_ERROR_REGEX + ) # Test delete client res = await admin.a_delete_client(client_id=auth_client_id) @@ -4654,7 +4670,7 @@ async def test_a_client_default_client_scopes(admin: KeycloakAdmin, realm: str, # Test get client default scopes # keycloak default roles: web-origins, acr, profile, roles, email default_client_scopes = await admin.a_get_client_default_client_scopes(client_id) - assert len(default_client_scopes) == 5, default_client_scopes + assert len(default_client_scopes) in [6, 5], default_client_scopes # Test add a client scope to client default scopes default_client_scope = "test-client-default-scope" @@ -4674,12 +4690,12 @@ async def test_a_client_default_client_scopes(admin: KeycloakAdmin, realm: str, client_id, new_client_scope_id, new_default_client_scope_data ) default_client_scopes = await admin.a_get_client_default_client_scopes(client_id) - assert len(default_client_scopes) == 6, default_client_scopes + assert len(default_client_scopes) in [6, 7], default_client_scopes # Test remove a client default scope await admin.a_delete_client_default_client_scope(client_id, new_client_scope_id) default_client_scopes = await admin.a_get_client_default_client_scopes(client_id) - assert len(default_client_scopes) == 5, default_client_scopes + assert len(default_client_scopes) in [5, 6], default_client_scopes @pytest.mark.asyncio @@ -5200,7 +5216,7 @@ async def test_a_auth_flows(admin: KeycloakAdmin, realm: str): # Test copying with pytest.raises(KeycloakPostError) as err: await admin.a_copy_authentication_flow(payload=dict(), flow_alias="bad") - assert err.match("404: b''") + assert ('b\'{"error":"Flow not found"' in str(err)) or err.match("404: b''") res = await admin.a_copy_authentication_flow( payload={"newName": "test-browser"}, flow_alias="browser" @@ -5227,23 +5243,26 @@ async def test_a_auth_flows(admin: KeycloakAdmin, realm: str): assert len(res) == 8, res with pytest.raises(KeycloakGetError) as err: await admin.a_get_authentication_flow_executions(flow_alias="bad") - assert err.match("404: b''") + assert ('b\'{"error":"Flow not found"' in str(err)) or err.match("404: b''") exec_id = res[0]["id"] res = await admin.a_get_authentication_flow_execution(execution_id=exec_id) - assert set(res.keys()) == { - "alternative", - "authenticator", - "authenticatorFlow", - "conditional", - "disabled", - "enabled", - "id", - "parentFlow", - "priority", - "required", - "requirement", - }, res + assert set(res.keys()).issubset( + { + "alternative", + "authenticator", + "authenticatorFlow", + "autheticatorFlow", + "conditional", + "disabled", + "enabled", + "id", + "parentFlow", + "priority", + "required", + "requirement", + } + ), res.keys() with pytest.raises(KeycloakGetError) as err: await admin.a_get_authentication_flow_execution(execution_id="bad") assert err.match(ILLEGAL_EXECUTION_REGEX) @@ -5268,7 +5287,7 @@ async def test_a_auth_flows(admin: KeycloakAdmin, realm: str): res = await admin.a_update_authentication_flow_executions( payload=payload, flow_alias="test-create" ) - assert res + assert res or (res == {}) exec_id = (await admin.a_get_authentication_flow_executions(flow_alias="test-create"))[0]["id"] res = await admin.a_delete_authentication_flow_execution(execution_id=exec_id) @@ -5314,7 +5333,9 @@ async def test_a_auth_flows(admin: KeycloakAdmin, realm: str): assert res == dict() with pytest.raises(KeycloakDeleteError) as err: await admin.a_delete_authentication_flow(flow_id=flow_id) - assert err.match('404: b\'{"error":"Could not find flow with id".*}\'') + assert ('b\'{"error":"Could not find flow with id"' in str(err)) or ( + 'b\'{"error":"Flow not found"' in str(err) + ) @pytest.mark.asyncio @@ -5387,7 +5408,7 @@ async def test_a_client_scopes(admin: KeycloakAdmin, realm: str): # Test get client scopes res = await admin.a_get_client_scopes() scope_names = {x["name"] for x in res} - assert len(res) == 10 + assert len(res) in [10, 11] assert "email" in scope_names assert "profile" in scope_names assert "offline_access" in scope_names @@ -5403,12 +5424,18 @@ async def test_a_client_scopes(admin: KeycloakAdmin, realm: str): assert res[0] == scope # Test create client scope - res = await admin.a_create_client_scope(payload={"name": "test-scope"}, skip_exists=True) + res = await admin.a_create_client_scope( + payload={"name": "test-scope", "protocol": "openid-connect"}, skip_exists=True + ) assert res - res2 = await admin.a_create_client_scope(payload={"name": "test-scope"}, skip_exists=True) + res2 = await admin.a_create_client_scope( + payload={"name": "test-scope", "protocol": "openid-connect"}, skip_exists=True + ) assert res == res2 with pytest.raises(KeycloakPostError) as err: - await admin.a_create_client_scope(payload={"name": "test-scope"}, skip_exists=False) + await admin.a_create_client_scope( + payload={"name": "test-scope", "protocol": "openid-connect"}, skip_exists=False + ) assert err.match('409: b\'{"errorMessage":"Client Scope test-scope already exists"}\'') # Test update client scope @@ -5471,7 +5498,7 @@ async def test_a_client_scopes(admin: KeycloakAdmin, realm: str): # Test default default scopes res_defaults = await admin.a_get_default_default_client_scopes() - assert len(res_defaults) == 6 + assert len(res_defaults) in [6, 7] with pytest.raises(KeycloakPutError) as err: await admin.a_add_default_default_client_scope(scope_id="does-not-exist") @@ -5479,7 +5506,7 @@ async def test_a_client_scopes(admin: KeycloakAdmin, realm: str): res_add = await admin.a_add_default_default_client_scope(scope_id=res) assert res_add == dict() - assert len(await admin.a_get_default_default_client_scopes()) == 7 + assert len(admin.get_default_default_client_scopes()) in [7, 8] with pytest.raises(KeycloakDeleteError) as err: await admin.a_delete_default_default_client_scope(scope_id="does-not-exist") @@ -5487,7 +5514,7 @@ async def test_a_client_scopes(admin: KeycloakAdmin, realm: str): res_del = await admin.a_delete_default_default_client_scope(scope_id=res) assert res_del == dict() - assert len(await admin.a_get_default_default_client_scopes()) == 6 + assert len(admin.get_default_default_client_scopes()) in [6, 7] # Test default optional scopes res_defaults = await admin.a_get_default_optional_client_scopes()