Example 6 with TempFileResource
use of org.keycloak.testsuite.util.TempFileResource in project keycloak by keycloak.
the class KcRegUpdateTest method testUpdateThoroughly.
@Test
public void testUpdateThoroughly() throws IOException {
FileConfigHandler handler = initCustomConfigFile();
try (TempFileResource configFile = new TempFileResource(handler.getConfigFile())) {
final String realm = "test";
loginAsUser(configFile.getFile(), serverUrl, realm, "user1", "userpass");
// create an object so we can update it
KcRegExec exe = execute("create --config '" + configFile.getName() + "' -o -s clientId=my_client");
assertExitCodeAndStdErrSize(exe, 0, 0);
ClientRepresentation client = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
Assert.assertEquals("enabled", true, client.isEnabled());
Assert.assertEquals("publicClient", false, client.isPublicClient());
Assert.assertEquals("bearerOnly", false, client.isBearerOnly());
Assert.assertTrue("redirectUris is empty", client.getRedirectUris().isEmpty());
// Merge update
exe = execute("update my_client --config '" + configFile.getName() + "' -o " + " -s enabled=false -s 'redirectUris=[\"http://localhost:8980/myapp/*\"]'");
assertExitCodeAndStdErrSize(exe, 0, 0);
client = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
Assert.assertEquals("enabled", false, client.isEnabled());
Assert.assertEquals("redirectUris", Arrays.asList("http://localhost:8980/myapp/*"), client.getRedirectUris());
// Another merge update - test deleting an attribute, deleting a list item and adding a list item
exe = execute("update my_client --config '" + configFile.getName() + "' -o -d redirectUris -s webOrigins+=http://localhost:8980/myapp -s webOrigins+=http://localhost:8981/myapp -d webOrigins[0]");
assertExitCodeAndStdErrSize(exe, 0, 0);
client = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
Assert.assertTrue("redirectUris is empty", client.getRedirectUris().isEmpty());
Assert.assertEquals("webOrigins", Arrays.asList("http://localhost:8981/myapp"), client.getWebOrigins());
// Another merge update - test nested attributes and setting an attribute using json format
// TODO KEYCLOAK-3705 Updating protocolMapper config via client registration endpoint has no effect
/*
exe = execute("update my_client --config '" + configFile.getName() + "' -o -s 'protocolMappers[0].config.\"id.token.claim\"=false' " +
"-s 'protocolMappers[4].config={\"single\": \"true\", \"attribute.nameformat\": \"Basic\", \"attribute.name\": \"Role\"}'");
assertExitCodeAndStdErrSize(exe, 0, 0);
client = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
Assert.assertEquals("protocolMapper[0].config.\"id.token.claim\"", "false", client.getProtocolMappers().get(0).getConfig().get("id.token.claim"));
Assert.assertEquals("protocolMappers[4].config.single", "true", client.getProtocolMappers().get(4).getConfig().get("single"));
Assert.assertEquals("protocolMappers[4].config.\"attribute.nameformat\"", "Basic", client.getProtocolMappers().get(4).getConfig().get("attribute.nameformat"));
Assert.assertEquals("protocolMappers[4].config.\"attribute.name\"", "Role", client.getProtocolMappers().get(4).getConfig().get("attribute.name"));
*/
// update using oidc format
// check that using an invalid attribute key is not ignored
exe = execute("update my_client --nonexisting --config '" + configFile.getName() + "'");
assertExitCodeAndStreamSizes(exe, 1, 0, 2);
Assert.assertEquals("error message", "Unsupported option: --nonexisting", exe.stderrLines().get(0));
Assert.assertEquals("try help", "Try '" + CMD + " help update' for more information", exe.stderrLines().get(1));
// try use incompatible endpoint
exe = execute("update my_client --config '" + configFile.getName() + "' -o -s enabled=true -e oidc");
assertExitCodeAndStreamSizes(exe, 1, 0, 1);
Assert.assertEquals("error message", "Failed to set attribute 'enabled' on document type 'oidc'", exe.stderrLines().get(0));
// test overwrite from file
exe = KcRegExec.newBuilder().argsLine("update my_client --config '" + configFile.getName() + "' -o -s clientId=my_client -s 'redirectUris=[\"http://localhost:8980/myapp/*\"]' -f -").stdin(new ByteArrayInputStream("{ \"enabled\": false }".getBytes())).execute();
assertExitCodeAndStdErrSize(exe, 0, 0);
client = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
// web origin is not sent to the server, thus it retains the current value
Assert.assertEquals("webOrigins", Arrays.asList("http://localhost:8981/myapp"), client.getWebOrigins());
Assert.assertFalse("enabled is false", client.isEnabled());
Assert.assertEquals("redirectUris", Arrays.asList("http://localhost:8980/myapp/*"), client.getRedirectUris());
// test using merge with file
exe = KcRegExec.newBuilder().argsLine("update my_client --config '" + configFile.getName() + "' -o -s enabled=true -m -f -").stdin(new ByteArrayInputStream("{ \"webOrigins\": [\"http://localhost:8980/myapp\"] }".getBytes())).execute();
assertExitCodeAndStdErrSize(exe, 0, 0);
client = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
Assert.assertEquals("webOrigins", Arrays.asList("http://localhost:8980/myapp"), client.getWebOrigins());
Assert.assertTrue("enabled is true", client.isEnabled());
Assert.assertEquals("redirectUris", Arrays.asList("http://localhost:8980/myapp/*"), client.getRedirectUris());
// remove registration access token
exe = execute("config registration-token --config '" + configFile.getName() + "' --server " + serverUrl + " --realm " + realm + " --client my_client -d");
assertExitCodeAndStdErrSize(exe, 0, 0);
Assert.assertNull("my_client registration token", handler.loadConfig().ensureRealmConfigData(serverUrl, realm).getClients().get("my_client"));
}
}
Also used :
FileConfigHandler(org.keycloak.client.registration.cli.config.FileConfigHandler)
ByteArrayInputStream(java.io.ByteArrayInputStream)
KcRegExec(org.keycloak.testsuite.cli.KcRegExec)
TempFileResource(org.keycloak.testsuite.util.TempFileResource)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
Test(org.junit.Test)
Example 7 with TempFileResource
use of org.keycloak.testsuite.util.TempFileResource in project keycloak by keycloak.
the class KcRegConfigTest method testRegistrationToken.
@Test
public void testRegistrationToken() throws IOException {
FileConfigHandler handler = initCustomConfigFile();
try (TempFileResource configFile = new TempFileResource(handler.getConfigFile())) {
// without --server
KcRegExec exe = execute("config registration-token --config '" + configFile.getName() + "' ");
assertExitCodeAndStreamSizes(exe, 1, 0, 2);
Assert.assertEquals("error message", "Required option not specified: --server", exe.stderrLines().get(0));
Assert.assertEquals("try help", "Try '" + CMD + " help config registration-token' for more information", exe.stderrLines().get(1));
// without --realm
exe = execute("config registration-token --config '" + configFile.getName() + "' --server http://localhost:8080/auth");
assertExitCodeAndStreamSizes(exe, 1, 0, 2);
Assert.assertEquals("error message", "Required option not specified: --realm", exe.stderrLines().get(0));
Assert.assertEquals("try help", "Try '" + CMD + " help config registration-token' for more information", exe.stderrLines().get(1));
// without --client
exe = execute("config registration-token --config '" + configFile.getName() + "' --server http://localhost:8080/auth --realm test");
assertExitCodeAndStreamSizes(exe, 1, 0, 2);
Assert.assertEquals("error message", "Required option not specified: --client", exe.stderrLines().get(0));
Assert.assertEquals("try help", "Try '" + CMD + " help config registration-token' for more information", exe.stderrLines().get(1));
// specify token on cmdline
exe = execute("config registration-token --config '" + configFile.getName() + "' --server http://localhost:8080/auth --realm test --client my_client NEWTOKEN");
assertExitCodeAndStreamSizes(exe, 0, 0, 0);
if (runIntermittentlyFailingTests()) {
// don't specify token - must be prompted for it
exe = KcRegExec.newBuilder().argsLine("config registration-token --config '" + configFile.getName() + "' --server http://localhost:8080/auth --realm test --client my_client").executeAsync();
exe.waitForStdout("Enter Registration Access Token:");
exe.sendToStdin("NEWTOKEN" + EOL);
exe.waitCompletion();
assertExitCodeAndStreamSizes(exe, 0, 1, 0);
} else {
System.out.println("TEST SKIPPED PARTIALLY - This test currently suffers from intermittent failures. Use -Dtest.intermittent=true to run it in full.");
}
// delete non-existent token
exe = execute("config registration-token --config '" + configFile.getName() + "' --server http://localhost:8080/auth --realm test --client nonexistent --delete");
assertExitCodeAndStreamSizes(exe, 0, 0, 0);
// delete token
exe = execute("config registration-token --config '" + configFile.getName() + "' --server http://localhost:8080/auth --realm test --client my_client --delete");
assertExitCodeAndStreamSizes(exe, 0, 0, 0);
}
}
Also used :
FileConfigHandler(org.keycloak.client.registration.cli.config.FileConfigHandler)
KcRegExec(org.keycloak.testsuite.cli.KcRegExec)
TempFileResource(org.keycloak.testsuite.util.TempFileResource)
Test(org.junit.Test)
Example 8 with TempFileResource
use of org.keycloak.testsuite.util.TempFileResource in project keycloak by keycloak.
the class KcAdmCreateTest method testCreateIDPWithoutSyncMode.
@Test
public void testCreateIDPWithoutSyncMode() throws IOException {
final String realm = "test";
final RealmResource realmResource = adminClient.realm(realm);
FileConfigHandler handler = initCustomConfigFile();
try (TempFileResource configFile = new TempFileResource(handler.getConfigFile())) {
loginAsUser(configFile.getFile(), serverUrl, realm, "user1", "userpass");
final File idpJson = new File("target/test-classes/cli/idp-keycloak-without-sync-mode.json");
KcAdmExec exe = execute("create identity-provider/instances/ -r " + realm + " -f " + idpJson.getAbsolutePath() + " --config " + configFile.getFile());
assertExitCodeAndStdErrSize(exe, 0, 1);
}
// If the sync mode is not present on creating the idp, it will never be added automatically. However, the model will always assume "LEGACY", so no errors should occur.
Assert.assertNull(realmResource.identityProviders().get("idpAlias").toRepresentation().getConfig().get(IdentityProviderModel.SYNC_MODE));
}
Also used :
FileConfigHandler(org.keycloak.client.admin.cli.config.FileConfigHandler)
RealmResource(org.keycloak.admin.client.resource.RealmResource)
KcAdmExec(org.keycloak.testsuite.cli.KcAdmExec)
File(java.io.File)
TempFileResource(org.keycloak.testsuite.util.TempFileResource)
Test(org.junit.Test)
Example 9 with TempFileResource
use of org.keycloak.testsuite.util.TempFileResource in project keycloak by keycloak.
the class KcAdmUpdateTest method testUpdateIDPWithoutInternalId.
@Test
public void testUpdateIDPWithoutInternalId() throws IOException {
final String realm = "test";
final RealmResource realmResource = adminClient.realm(realm);
IdentityProviderRepresentation identityProvider = IdentityProviderBuilder.create().providerId(SAMLIdentityProviderFactory.PROVIDER_ID).alias("idpAlias").displayName("SAML").setAttribute(SAMLIdentityProviderConfig.SINGLE_SIGN_ON_SERVICE_URL, "https://saml.idp/saml").setAttribute(SAMLIdentityProviderConfig.SINGLE_LOGOUT_SERVICE_URL, "https://saml.idp/saml").setAttribute(SAMLIdentityProviderConfig.NAME_ID_POLICY_FORMAT, "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress").setAttribute(SAMLIdentityProviderConfig.POST_BINDING_RESPONSE, "false").setAttribute(SAMLIdentityProviderConfig.POST_BINDING_AUTHN_REQUEST, "false").setAttribute(SAMLIdentityProviderConfig.BACKCHANNEL_SUPPORTED, "false").build();
try (Closeable ipc = new IdentityProviderCreator(realmResource, identityProvider)) {
FileConfigHandler handler = initCustomConfigFile();
try (TempFileResource configFile = new TempFileResource(handler.getConfigFile())) {
loginAsUser(configFile.getFile(), serverUrl, realm, "user1", "userpass");
KcAdmExec exe = execute("get identity-provider/instances/idpAlias -r " + realm + " --config " + configFile.getFile());
assertExitCodeAndStdErrSize(exe, 0, 0);
final File idpJson = new File("target/test-classes/cli/idp-keycloak-9167.json");
exe = execute("update identity-provider/instances/idpAlias -r " + realm + " -f " + idpJson.getAbsolutePath() + " --config " + configFile.getFile());
assertExitCodeAndStdErrSize(exe, 0, 0);
}
Assert.assertThat(realmResource.identityProviders().get("idpAlias").toRepresentation().getDisplayName(), is(equalTo("SAML_UPDATED")));
}
}
Also used :
FileConfigHandler(org.keycloak.client.admin.cli.config.FileConfigHandler)
RealmResource(org.keycloak.admin.client.resource.RealmResource)
Closeable(java.io.Closeable)
IdentityProviderCreator(org.keycloak.testsuite.updaters.IdentityProviderCreator)
IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation)
KcAdmExec(org.keycloak.testsuite.cli.KcAdmExec)
File(java.io.File)
TempFileResource(org.keycloak.testsuite.util.TempFileResource)
Test(org.junit.Test)
Example 10 with TempFileResource
use of org.keycloak.testsuite.util.TempFileResource in project keycloak by keycloak.
the class KcAdmUpdateTest method testUpdateThoroughly.
@Test
public void testUpdateThoroughly() throws IOException {
FileConfigHandler handler = initCustomConfigFile();
try (TempFileResource configFile = new TempFileResource(handler.getConfigFile())) {
final String realm = "test";
loginAsUser(configFile.getFile(), serverUrl, realm, "user1", "userpass");
// create an object so we can update it
KcAdmExec exe = execute("create clients --config '" + configFile.getName() + "' -o -s clientId=my_client");
assertExitCodeAndStdErrSize(exe, 0, 0);
ClientRepresentation client = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
Assert.assertTrue("enabled", client.isEnabled());
Assert.assertFalse("publicClient", client.isPublicClient());
Assert.assertFalse("bearerOnly", client.isBearerOnly());
Assert.assertTrue("redirectUris is empty", client.getRedirectUris().isEmpty());
// Merge update
exe = execute("update clients/" + client.getId() + " --config '" + configFile.getName() + "' -o " + " -s enabled=false -s 'redirectUris=[\"http://localhost:8980/myapp/*\"]'");
assertExitCodeAndStdErrSize(exe, 0, 0);
client = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
Assert.assertFalse("enabled", client.isEnabled());
Assert.assertEquals("redirectUris", Arrays.asList("http://localhost:8980/myapp/*"), client.getRedirectUris());
// Another merge update - test deleting an attribute, deleting a list item and adding a list item
exe = execute("update clients/" + client.getId() + " --config '" + configFile.getName() + "' -o -d redirectUris[0] -s webOrigins+=http://localhost:8980/myapp -s webOrigins+=http://localhost:8981/myapp -d webOrigins[0]");
assertExitCodeAndStdErrSize(exe, 0, 0);
client = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
Assert.assertTrue("redirectUris is empty", client.getRedirectUris().isEmpty());
Assert.assertEquals("webOrigins", Arrays.asList("http://localhost:8981/myapp"), client.getWebOrigins());
// Another merge update - test nested attributes and setting an attribute using json format
// TODO KEYCLOAK-3705 Updating protocolMapper config via client registration endpoint has no effect
/*
exe = execute("update my_client --config '" + configFile.getName() + "' -o -s 'protocolMappers[0].config.\"id.token.claim\"=false' " +
"-s 'protocolMappers[4].config={\"single\": \"true\", \"attribute.nameformat\": \"Basic\", \"attribute.name\": \"Role\"}'");
assertExitCodeAndStdErrSize(exe, 0, 0);
client = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
Assert.assertEquals("protocolMapper[0].config.\"id.token.claim\"", "false", client.getProtocolMappers().get(0).getConfig().get("id.token.claim"));
Assert.assertEquals("protocolMappers[4].config.single", "true", client.getProtocolMappers().get(4).getConfig().get("single"));
Assert.assertEquals("protocolMappers[4].config.\"attribute.nameformat\"", "Basic", client.getProtocolMappers().get(4).getConfig().get("attribute.nameformat"));
Assert.assertEquals("protocolMappers[4].config.\"attribute.name\"", "Role", client.getProtocolMappers().get(4).getConfig().get("attribute.name"));
*/
// update using oidc format
// check that using an invalid attribute key is not ignored
exe = execute("update clients/" + client.getId() + " --nonexisting --config '" + configFile.getName() + "'");
assertExitCodeAndStreamSizes(exe, 1, 0, 2);
Assert.assertEquals("error message", "Invalid option: --nonexisting", exe.stderrLines().get(0));
Assert.assertEquals("try help", "Try '" + CMD + " help update' for more information", exe.stderrLines().get(1));
// test overwrite from file
exe = KcAdmExec.newBuilder().argsLine("update clients/" + client.getId() + " --config '" + configFile.getName() + "' -o -s clientId=my_client -s 'redirectUris=[\"http://localhost:8980/myapp/*\"]' -f -").stdin(new ByteArrayInputStream("{ \"enabled\": false }".getBytes())).execute();
assertExitCodeAndStdErrSize(exe, 0, 0);
client = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
// web origin is not sent to the server, thus it retains the current value
Assert.assertEquals("webOrigins", Arrays.asList("http://localhost:8981/myapp"), client.getWebOrigins());
Assert.assertFalse("enabled is false", client.isEnabled());
Assert.assertEquals("redirectUris", Arrays.asList("http://localhost:8980/myapp/*"), client.getRedirectUris());
// test using merge with file
exe = KcAdmExec.newBuilder().argsLine("update clients/" + client.getId() + " --config '" + configFile.getName() + "' -o -s enabled=true -m -f -").stdin(new ByteArrayInputStream("{ \"webOrigins\": [\"http://localhost:8980/myapp\"] }".getBytes())).execute();
assertExitCodeAndStdErrSize(exe, 0, 0);
client = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
Assert.assertEquals("webOrigins", Arrays.asList("http://localhost:8980/myapp"), client.getWebOrigins());
Assert.assertTrue("enabled is true", client.isEnabled());
Assert.assertEquals("redirectUris", Arrays.asList("http://localhost:8980/myapp/*"), client.getRedirectUris());
}
}
Also used :
FileConfigHandler(org.keycloak.client.admin.cli.config.FileConfigHandler)
ByteArrayInputStream(java.io.ByteArrayInputStream)
KcAdmExec(org.keycloak.testsuite.cli.KcAdmExec)
TempFileResource(org.keycloak.testsuite.util.TempFileResource)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
Test(org.junit.Test)
Aggregations
TempFileResource (org.keycloak.testsuite.util.TempFileResource)19
Test (org.junit.Test)17
FileConfigHandler (org.keycloak.client.registration.cli.config.FileConfigHandler)10
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)10
KcRegExec (org.keycloak.testsuite.cli.KcRegExec)10
FileConfigHandler (org.keycloak.client.admin.cli.config.FileConfigHandler)9
KcAdmExec (org.keycloak.testsuite.cli.KcAdmExec)9
File (java.io.File)6
ConfigData (org.keycloak.client.registration.cli.config.ConfigData)6
RealmResource (org.keycloak.admin.client.resource.RealmResource)3
RealmConfigData (org.keycloak.client.registration.cli.config.RealmConfigData)3
ByteArrayInputStream (java.io.ByteArrayInputStream)2
IOException (java.io.IOException)2
Arrays (java.util.Arrays)2
List (java.util.List)2
Assert (org.junit.Assert)2
ConfigData (org.keycloak.client.admin.cli.config.ConfigData)2
OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)2
AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)2
TypeReference (com.fasterxml.jackson.core.type.TypeReference)1
