Example 11 with TempFileResource
use of org.keycloak.testsuite.util.TempFileResource in project keycloak by keycloak.
the class KcAdmSessionTest method testCompositeRoleCreationWithHigherVolumeOfRoles.
@Test
public void testCompositeRoleCreationWithHigherVolumeOfRoles() throws Exception {
FileConfigHandler handler = initCustomConfigFile();
try (TempFileResource configFile = new TempFileResource(handler.getConfigFile())) {
// login as admin
loginAsUser(configFile.getFile(), serverUrl, "master", "admin", "admin");
final String realmName = "HigherVolumeRolesRealm";
// create realm
KcAdmExec exe = execute(String.format("create realms --config '%s' -s realm=%s -s enabled=true", configFile.getName(), realmName));
assertExitCodeAndStreamSizes(exe, 0, 0, 1);
for (int i = 0; i < 20; i++) {
exe = execute(String.format("create roles --config '%s' -r %s -s name=ROLE%d", configFile.getName(), realmName, i));
assertExitCodeAndStdErrSize(exe, 0, 1);
}
exe = execute(String.format("add-roles --config '%s' -r %s --rname ROLE11 --cclientid realm-management --rolename impersonation --rolename view-users --rolename view-realm --rolename manage-users", configFile.getName(), realmName));
assertExitCodeAndStreamSizes(exe, 0, 0, 0);
}
}
Also used :
FileConfigHandler(org.keycloak.client.admin.cli.config.FileConfigHandler)
KcAdmExec(org.keycloak.testsuite.cli.KcAdmExec)
TempFileResource(org.keycloak.testsuite.util.TempFileResource)
Test(org.junit.Test)
Example 12 with TempFileResource
use of org.keycloak.testsuite.util.TempFileResource in project keycloak by keycloak.
the class KcAdmTruststoreTest method testTruststore.
@Test
public void testTruststore() throws IOException {
File truststore = new File("src/test/resources/keystore/keycloak.truststore");
KcAdmExec exe = execute("config truststore --no-config '" + truststore.getAbsolutePath() + "'");
assertExitCodeAndStreamSizes(exe, 1, 0, 2);
Assert.assertEquals("stderr first line", "Unsupported option: --no-config", exe.stderrLines().get(0));
Assert.assertEquals("try help", "Try '" + OsUtil.CMD + " help config truststore' for more information", exe.stderrLines().get(1));
// only run this test if ssl protected keycloak server is available
if (!AUTH_SERVER_SSL_REQUIRED) {
System.out.println("TEST SKIPPED - This test requires HTTPS. Run with '-Pauth-server-wildfly -Dauth.server.ssl.required=true'");
return;
}
FileConfigHandler handler = initCustomConfigFile();
try (TempFileResource configFile = new TempFileResource(handler.getConfigFile())) {
if (runIntermittentlyFailingTests()) {
// configure truststore
exe = execute("config truststore --config '" + configFile.getName() + "' '" + truststore.getAbsolutePath() + "'");
assertExitCodeAndStreamSizes(exe, 0, 0, 0);
// perform authentication against server - asks for password, then for truststore password
exe = KcAdmExec.newBuilder().argsLine("config credentials --server " + oauth.AUTH_SERVER_ROOT + " --realm test --user user1" + " --config '" + configFile.getName() + "'").executeAsync();
exe.waitForStdout("Enter password: ");
exe.sendToStdin("userpass" + EOL);
exe.waitForStdout("Enter truststore password: ");
exe.sendToStdin("secret" + EOL);
exe.waitCompletion();
assertExitCodeAndStreamSizes(exe, 0, 2, 1);
// configure truststore with password
exe = execute("config truststore --config '" + configFile.getName() + "' --trustpass secret '" + truststore.getAbsolutePath() + "'");
assertExitCodeAndStreamSizes(exe, 0, 0, 0);
// perform authentication against server - asks for password, then for truststore password
exe = KcAdmExec.newBuilder().argsLine("config credentials --server " + oauth.AUTH_SERVER_ROOT + " --realm test --user user1" + " --config '" + configFile.getName() + "'").executeAsync();
exe.waitForStdout("Enter password: ");
exe.sendToStdin("userpass" + EOL);
exe.waitCompletion();
assertExitCodeAndStreamSizes(exe, 0, 1, 1);
} else {
System.out.println("TEST SKIPPED PARTIALLY - This test currently suffers from intermittent failures. Use -Dtest.intermittent=true to run it in full.");
}
}
// configure truststore with password
exe = execute("config truststore --trustpass secret '" + truststore.getAbsolutePath() + "'");
assertExitCodeAndStreamSizes(exe, 0, 0, 0);
// perform authentication against server - asks for password, then for truststore password
exe = execute("config credentials --server " + serverUrl + " --realm test --user user1 --password userpass");
assertExitCodeAndStreamSizes(exe, 0, 0, 1);
exe = execute("config truststore --delete");
assertExitCodeAndStreamSizes(exe, 0, 0, 0);
exe = execute("config truststore --delete '" + truststore.getAbsolutePath() + "'");
assertExitCodeAndStreamSizes(exe, 1, 0, 2);
Assert.assertEquals("incompatible", "Option --delete is mutually exclusive with specifying a TRUSTSTORE", exe.stderrLines().get(0));
Assert.assertEquals("try help", "Try '" + CMD + " help config truststore' for more information", exe.stderrLines().get(1));
exe = execute("config truststore --delete --trustpass secret");
assertExitCodeAndStreamSizes(exe, 1, 0, 2);
Assert.assertEquals("no truststore error", "Options --trustpass and --delete are mutually exclusive", exe.stderrLines().get(0));
Assert.assertEquals("try help", "Try '" + CMD + " help config truststore' for more information", exe.stderrLines().get(1));
FileConfigHandler cfghandler = new FileConfigHandler();
cfghandler.setConfigFile(DEFAULT_CONFIG_FILE_PATH);
ConfigData config = cfghandler.loadConfig();
Assert.assertNull("truststore null", config.getTruststore());
Assert.assertNull("trustpass null", config.getTrustpass());
// perform no-config CRUD test against ssl protected endpoint
testCRUDWithOnTheFlyAuth(serverUrl, "--user user1 --password userpass", " --truststore '" + truststore.getAbsolutePath() + "' --trustpass secret", "Logging into " + serverUrl + " as user user1 of realm test");
}
Also used :
FileConfigHandler(org.keycloak.client.admin.cli.config.FileConfigHandler)
ConfigData(org.keycloak.client.admin.cli.config.ConfigData)
KcAdmExec(org.keycloak.testsuite.cli.KcAdmExec)
File(java.io.File)
TempFileResource(org.keycloak.testsuite.util.TempFileResource)
Test(org.junit.Test)
Example 13 with TempFileResource
use of org.keycloak.testsuite.util.TempFileResource in project keycloak by keycloak.
the class KcRegUpdateTokenTest method testUpdateToken.
@Test
public void testUpdateToken() throws IOException {
FileConfigHandler handler = initCustomConfigFile();
ConfigUtil.setHandler(handler);
try (TempFileResource configFile = new TempFileResource(handler.getConfigFile())) {
KcRegExec exe = execute("config credentials --config '" + configFile.getName() + "' --server " + serverUrl + " --realm master --user admin --password admin");
assertExitCodeAndStreamSizes(exe, 0, 0, 1);
// read current registration access token
ConfigData data = ConfigUtil.loadConfig();
RealmConfigData rdata = data.getRealmConfigData(serverUrl, "test");
Assert.assertNull("realm info set", rdata);
// update registration access token
exe = execute("update-token --config '" + configFile.getName() + "' reg-cli-secret-direct --server " + serverUrl + " --realm test --user user1 --password userpass");
assertExitCodeAndStreamSizes(exe, 0, 0, 1);
// read current registration token
data = ConfigUtil.loadConfig();
rdata = data.getRealmConfigData(serverUrl, "test");
Assert.assertEquals("current session realm unchanged", "master", data.getRealm());
Assert.assertNotNull("realm info set", rdata);
Assert.assertNull("on the fly login was transient", rdata.getToken());
Assert.assertNotNull("client info has registration access token", rdata.getClients().get("reg-cli-secret-direct"));
// use --no-config and on-the-fly auth
exe = execute("update-token reg-cli-secret-direct --no-config --server " + serverUrl + " --realm test --user user1 --password userpass");
assertExitCodeAndStreamSizes(exe, 0, 1, 1);
// save the token
String token = exe.stdoutLines().get(0);
// test that the token works
exe = execute("get reg-cli-secret-direct --no-config --server " + serverUrl + " --realm test -t " + token);
assertExitCodeAndStdErrSize(exe, 0, 0);
ClientRepresentation client = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
Assert.assertEquals("client representation returned", "reg-cli-secret-direct", client.getClientId());
}
}
Also used :
RealmConfigData(org.keycloak.client.registration.cli.config.RealmConfigData)
FileConfigHandler(org.keycloak.client.registration.cli.config.FileConfigHandler)
RealmConfigData(org.keycloak.client.registration.cli.config.RealmConfigData)
ConfigData(org.keycloak.client.registration.cli.config.ConfigData)
KcRegExec(org.keycloak.testsuite.cli.KcRegExec)
TempFileResource(org.keycloak.testsuite.util.TempFileResource)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
Test(org.junit.Test)
Example 14 with TempFileResource
use of org.keycloak.testsuite.util.TempFileResource in project keycloak by keycloak.
the class KcAdmCreateTest method testCreateThoroughly.
@Test
public void testCreateThoroughly() throws IOException {
FileConfigHandler handler = initCustomConfigFile();
try (TempFileResource configFile = new TempFileResource(handler.getConfigFile())) {
final String realm = "test";
// authenticate as a regular user against one realm
KcAdmExec exe = KcAdmExec.execute("config credentials -x --config '" + configFile.getName() + "' --server " + serverUrl + " --realm master --user admin --password admin");
assertExitCodeAndStreamSizes(exe, 0, 0, 1);
// create configuration from file using stdin redirect ... output an object
String content = "{\n" + " \"clientId\": \"my_client\",\n" + " \"enabled\": true,\n" + " \"redirectUris\": [\"http://localhost:8980/myapp/*\"],\n" + " \"serviceAccountsEnabled\": true,\n" + " \"name\": \"My Client App\",\n" + " \"implicitFlowEnabled\": false,\n" + " \"publicClient\": true,\n" + " \"webOrigins\": [\"http://localhost:8980/myapp\"],\n" + " \"consentRequired\": false,\n" + " \"baseUrl\": \"http://localhost:8980/myapp\",\n" + " \"bearerOnly\": true,\n" + " \"standardFlowEnabled\": true\n" + "}";
try (TempFileResource tmpFile = new TempFileResource(initTempFile(".json", content))) {
exe = execute("create clients --config '" + configFile.getName() + "' -o -f - < '" + tmpFile.getName() + "'");
assertExitCodeAndStdErrSize(exe, 0, 0);
ClientRepresentation client = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
Assert.assertNotNull("id", client.getId());
Assert.assertEquals("clientId", "my_client", client.getClientId());
Assert.assertEquals("enabled", true, client.isEnabled());
Assert.assertEquals("redirectUris", Arrays.asList("http://localhost:8980/myapp/*"), client.getRedirectUris());
Assert.assertEquals("serviceAccountsEnabled", true, client.isServiceAccountsEnabled());
Assert.assertEquals("name", "My Client App", client.getName());
Assert.assertEquals("implicitFlowEnabled", false, client.isImplicitFlowEnabled());
Assert.assertEquals("publicClient", true, client.isPublicClient());
// note there is no server-side check if protocol is supported
Assert.assertEquals("webOrigins", Arrays.asList("http://localhost:8980/myapp"), client.getWebOrigins());
Assert.assertEquals("consentRequired", false, client.isConsentRequired());
Assert.assertEquals("baseUrl", "http://localhost:8980/myapp", client.getBaseUrl());
Assert.assertEquals("bearerOnly", true, client.isStandardFlowEnabled());
Assert.assertFalse("mappers not empty", client.getProtocolMappers().isEmpty());
// create configuration from file as a template and override clientId and other attributes ... output an object
exe = execute("create clients --config '" + configFile.getName() + "' -o -f '" + tmpFile.getName() + "' -s clientId=my_client2 -s enabled=false -s 'redirectUris=[\"http://localhost:8980/myapp2/*\"]'" + " -s 'name=My Client App II' -s 'webOrigins=[\"http://localhost:8980/myapp2\"]'" + " -s baseUrl=http://localhost:8980/myapp2 -s rootUrl=http://localhost:8980/myapp2");
assertExitCodeAndStdErrSize(exe, 0, 0);
ClientRepresentation client2 = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
Assert.assertNotNull("id", client2.getId());
Assert.assertEquals("clientId", "my_client2", client2.getClientId());
Assert.assertEquals("enabled", false, client2.isEnabled());
Assert.assertEquals("redirectUris", Arrays.asList("http://localhost:8980/myapp2/*"), client2.getRedirectUris());
Assert.assertEquals("serviceAccountsEnabled", true, client2.isServiceAccountsEnabled());
Assert.assertEquals("name", "My Client App II", client2.getName());
Assert.assertEquals("implicitFlowEnabled", false, client2.isImplicitFlowEnabled());
Assert.assertEquals("publicClient", true, client2.isPublicClient());
Assert.assertEquals("webOrigins", Arrays.asList("http://localhost:8980/myapp2"), client2.getWebOrigins());
Assert.assertEquals("consentRequired", false, client2.isConsentRequired());
Assert.assertEquals("baseUrl", "http://localhost:8980/myapp2", client2.getBaseUrl());
Assert.assertEquals("rootUrl", "http://localhost:8980/myapp2", client2.getRootUrl());
Assert.assertEquals("bearerOnly", true, client2.isStandardFlowEnabled());
Assert.assertFalse("mappers not empty", client2.getProtocolMappers().isEmpty());
}
// simple create, output an id
exe = execute("create clients --config '" + configFile.getName() + "' -i -s clientId=my_client3");
assertExitCodeAndStreamSizes(exe, 0, 1, 0);
// simple create, default output
exe = execute("create clients --config '" + configFile.getName() + "' -s clientId=my_client4");
assertExitCodeAndStreamSizes(exe, 0, 0, 1);
Assert.assertTrue("only id returned", exe.stderrLines().get(0).startsWith("Created new client with id '"));
}
}
Also used :
FileConfigHandler(org.keycloak.client.admin.cli.config.FileConfigHandler)
KcAdmExec(org.keycloak.testsuite.cli.KcAdmExec)
TempFileResource(org.keycloak.testsuite.util.TempFileResource)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
Test(org.junit.Test)
Example 15 with TempFileResource
use of org.keycloak.testsuite.util.TempFileResource in project keycloak by keycloak.
the class KcAdmCreateTest method testCreateWithRealmOverride.
@Test
public void testCreateWithRealmOverride() throws IOException {
FileConfigHandler handler = initCustomConfigFile();
try (TempFileResource configFile = new TempFileResource(handler.getConfigFile())) {
// authenticate as a regular user against one realm
KcAdmExec exe = execute("config credentials -x --config '" + configFile.getName() + "' --server " + serverUrl + " --realm master --user admin --password admin");
assertExitCodeAndStreamSizes(exe, 0, 0, 1);
exe = execute("create clients --config '" + configFile.getName() + "' --server " + serverUrl + " -r test -s clientId=my_first_client");
assertExitCodeAndStreamSizes(exe, 0, 0, 1);
}
}
Also used :
FileConfigHandler(org.keycloak.client.admin.cli.config.FileConfigHandler)
KcAdmExec(org.keycloak.testsuite.cli.KcAdmExec)
TempFileResource(org.keycloak.testsuite.util.TempFileResource)
Test(org.junit.Test)
Aggregations
TempFileResource (org.keycloak.testsuite.util.TempFileResource)19
Test (org.junit.Test)17
FileConfigHandler (org.keycloak.client.registration.cli.config.FileConfigHandler)10
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)10
KcRegExec (org.keycloak.testsuite.cli.KcRegExec)10
FileConfigHandler (org.keycloak.client.admin.cli.config.FileConfigHandler)9
KcAdmExec (org.keycloak.testsuite.cli.KcAdmExec)9
File (java.io.File)6
ConfigData (org.keycloak.client.registration.cli.config.ConfigData)6
RealmResource (org.keycloak.admin.client.resource.RealmResource)3
RealmConfigData (org.keycloak.client.registration.cli.config.RealmConfigData)3
ByteArrayInputStream (java.io.ByteArrayInputStream)2
IOException (java.io.IOException)2
Arrays (java.util.Arrays)2
List (java.util.List)2
Assert (org.junit.Assert)2
ConfigData (org.keycloak.client.admin.cli.config.ConfigData)2
OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)2
AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)2
TypeReference (com.fasterxml.jackson.core.type.TypeReference)1
