diff --git a/testing/README.md b/testing/README.md index 86ff971..2c5600e 100644 --- a/testing/README.md +++ b/testing/README.md @@ -23,12 +23,26 @@ The copying of the database is necessary to avoid locking errors. docker compose exec -it keycloak sh -c "cp -rp /opt/keycloak/data/h2 /tmp && env -i -- /opt/keycloak/bin/kc.sh export --db dev-file --db-url 'jdbc:h2:file:/tmp/h2/keycloakdb;NON_KEYWORDS=VALUE' --file /opt/keycloak/data/import/testing.json --realm testing" ``` -## Testing Realm Configuration +## Running Integration Tests + +This directory also contains shell scripts that exercise the attribute endpoint. + +Bring up Keycloak with `docker compose up -d`, then run one of the `client-test-export-`*`.sh` scripts. + +```shell +$ ./client-test-export-dooris.sh +[ + "hacker-ssh-key-1", + "hacker-ssh-key-2" +] +``` + +## Realm `testing` Configuration The realm contains these objects: * Clients: - * `export-dooris-ssh-keys` with secret `export-dooris-ssh-keys-secret` and role `export-dooris-ssh-keys` + * `export-dooris-ssh-keys` with secret `export-dooris-ssh-keys-secret` and user `service-account-export-dooris-ssh-keys` * `export-mailing-list-addresses` with secret `export-mailing-list-addresses-secret` and role `export-mailing-list-addresses` * Realm Roles: * `dooris-authorized` @@ -54,3 +68,34 @@ The realm contains these objects: * Dooris SSH Keys: * SSH Key 1: `hacker-ssh-key-1` * SSH Key 2: `hacker-ssh-key-2` + * `service-account-export-dooris-ssh-keys` + * Role `export-dooris-ssh-keys` + * `service-account-export-mailing-list-addresses` + * Role `export-mailing-list-addresses` +* Realm Settings: + * User Profile: + * Attribute Groups: + * `dooris-ssh-keys` + * `mailing-list-addresses` + * Attributes: + * `mailing-list-address-chaos` + * Attribute Group `mailing-list-addresses` + * `mailing-list-address-intern` + * Attribute Group `mailing-list-intern` + * `ssh-key-1` + * Attribute Group `dooris-ssh-keys` + * `ssh-key-2` + * Attribute Group `dooris-ssh-keys` +* Custom Attributes: + * Slug `dooris-ssh-keys` + * Attribute Group `dooris-ssh-keys` + * Match Role `dooris-authorized` + * Auth Role `export-dooris-ssh-keys` + * Slug `mailing-list-addresses-chaos` + * Attribute Group `mailing-list-addresses` + * Match Role `mailing-list-chaos-member` + * Auth Role `export-mailing-list-addresses` + * Slug `mailing-list-addresses-intern` + * Attribute Group `mailing-list-addresses` + * Match Role `mailing-list-intern-member` + * Auth Role `export-mailing-list-addresses` diff --git a/testing/client-test-export-dooris.sh b/testing/client-test-export-dooris.sh new file mode 100755 index 0000000..b6d4696 --- /dev/null +++ b/testing/client-test-export-dooris.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +# +# Use curl to run a test export of Dooris ssh keys +# + +set -e + +ACCESS_TOKEN="$(curl -s --request POST \ + --url http://localhost:8080/realms/testing/protocol/openid-connect/token \ + --header 'content-type: application/x-www-form-urlencoded' \ + --data scope=openid \ + --data client_id=export-dooris-ssh-keys \ + --data client_secret=export-dooris-ssh-keys-secret \ + --data grant_type=client_credentials | jq --raw-output .access_token -)" + +curl -s --request GET \ + --url http://localhost:8080/realms/testing/attribute-endpoints-provider/export/dooris-ssh-keys \ + --header "authorization: Bearer ${ACCESS_TOKEN}" \ + --header "content-type: application/json" | jq . - \ No newline at end of file