-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtest.rs
More file actions
123 lines (117 loc) · 3.76 KB
/
test.rs
File metadata and controls
123 lines (117 loc) · 3.76 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
#[allow(unused_imports)]
use crate::auth::keycloak::client::{
client_configs_match, compare_clients, generate_client, get_client, post_client,
};
use crate::auth::keycloak::KeyCloakConfig;
use crate::{auth::keycloak::create_groups, CLIENT};
use beam_lib::reqwest::{self, StatusCode, Url};
use serde_json::{json, Value};
use shared::{OIDCConfig, SecretResult};
#[cfg(test)]
async fn get_access_token_via_admin_login() -> reqwest::Result<String> {
#[derive(serde::Deserialize)]
struct Token {
access_token: String,
}
CLIENT
.post(&format!(
"{}/realms/master/protocol/openid-connect/token",
if cfg!(test) {
"http://localhost:1337"
} else {
"http://keycloak:8080"
}
))
.form(&json!({
"client_id": "admin-cli",
"username": "admin",
"password": "admin",
"grant_type": "password"
}))
.send()
.await?
.json::<Token>()
.await
.map(|t| t.access_token)
}
#[cfg(test)]
async fn setup_keycloak() -> reqwest::Result<(String, KeyCloakConfig)> {
let token = get_access_token_via_admin_login().await?;
let res = CLIENT
.post("http://localhost:1337/admin/realms/master/client-scopes")
.bearer_auth(&token)
.json(&json!({
"name": "groups",
"protocol": "openid-connect"
}))
.send()
.await?;
dbg!(&res.status());
Ok((
token,
KeyCloakConfig {
keycloak_url: "http://localhost:1337".parse().unwrap(),
keycloak_id: "unused in tests".into(),
keycloak_secret: "unused in tests".into(),
keycloak_realm: "master".into(),
keycloak_service_account_roles: vec!["query-users".into(), "view-users".into()],
keycloak_groups_per_bh: vec!["DKTK_CCP_#".into(), "DKTK_CCP_#_Verwalter".into()],
},
))
}
#[ignore = "Requires setting up a keycloak"]
#[tokio::test]
async fn service_account_test() -> anyhow::Result<()> {
let (token, conf) = setup_keycloak().await?;
create_groups("test", &token, &conf).await?;
// dbg!(get_realm_permission_roles(&token, &conf).await?);
// add_service_account_roles(&token, "test-private", &conf).await?;
Ok(())
}
#[ignore = "Requires setting up a keycloak"]
#[tokio::test]
async fn test_create_client() -> anyhow::Result<()> {
let (token, conf) = setup_keycloak().await?;
let name = "test";
// public client
let client_config = OIDCConfig {
is_public: true,
redirect_urls: vec!["http://foo/bar".into()],
};
let (SecretResult::Created(pw) | SecretResult::AlreadyExisted(pw)) =
dbg!(post_client(&token, name, &client_config, &conf).await?)
else {
panic!("Not created or existed")
};
let c = dbg!(get_client(name, &token, &client_config, &conf)
.await
.unwrap());
assert!(client_configs_match(
&c,
&generate_client(name, &client_config, &pw)
));
assert!(dbg!(
compare_clients(&token, name, &client_config, &conf, &pw).await?
));
// private client
let client_config = OIDCConfig {
is_public: false,
redirect_urls: vec!["http://foo/bar".into()],
};
let (SecretResult::Created(pw) | SecretResult::AlreadyExisted(pw)) =
dbg!(post_client(&token, name, &client_config, &conf).await?)
else {
panic!("Not created or existed")
};
let c = dbg!(get_client(name, &token, &client_config, &conf)
.await
.unwrap());
assert!(client_configs_match(
&c,
&generate_client(name, &client_config, &pw)
));
assert!(dbg!(
compare_clients(&token, name, &client_config, &conf, &pw).await?
));
Ok(())
}