Integration test to demonstrate ssh key export
All checks were successful
/ Verify (push) Successful in 45s
/ Verify (pull_request) Successful in 45s

This commit is contained in:
Stefan Bethke 2026-07-18 15:02:12 +02:00
commit f586e5feee
2 changed files with 67 additions and 2 deletions

View file

@ -23,12 +23,26 @@ The copying of the database is necessary to avoid locking errors.
docker compose exec -it keycloak sh -c "cp -rp /opt/keycloak/data/h2 /tmp && env -i -- /opt/keycloak/bin/kc.sh export --db dev-file --db-url 'jdbc:h2:file:/tmp/h2/keycloakdb;NON_KEYWORDS=VALUE' --file /opt/keycloak/data/import/testing.json --realm testing" docker compose exec -it keycloak sh -c "cp -rp /opt/keycloak/data/h2 /tmp && env -i -- /opt/keycloak/bin/kc.sh export --db dev-file --db-url 'jdbc:h2:file:/tmp/h2/keycloakdb;NON_KEYWORDS=VALUE' --file /opt/keycloak/data/import/testing.json --realm testing"
``` ```
## Testing Realm Configuration ## Running Integration Tests
This directory also contains shell scripts that exercise the attribute endpoint.
Bring up Keycloak with `docker compose up -d`, then run one of the `client-test-export-`*`.sh` scripts.
```shell
$ ./client-test-export-dooris.sh
[
"hacker-ssh-key-1",
"hacker-ssh-key-2"
]
```
## Realm `testing` Configuration
The realm contains these objects: The realm contains these objects:
* Clients: * Clients:
* `export-dooris-ssh-keys` with secret `export-dooris-ssh-keys-secret` and role `export-dooris-ssh-keys` * `export-dooris-ssh-keys` with secret `export-dooris-ssh-keys-secret` and user `service-account-export-dooris-ssh-keys`
* `export-mailing-list-addresses` with secret `export-mailing-list-addresses-secret` and role `export-mailing-list-addresses` * `export-mailing-list-addresses` with secret `export-mailing-list-addresses-secret` and role `export-mailing-list-addresses`
* Realm Roles: * Realm Roles:
* `dooris-authorized` * `dooris-authorized`
@ -54,3 +68,34 @@ The realm contains these objects:
* Dooris SSH Keys: * Dooris SSH Keys:
* SSH Key 1: `hacker-ssh-key-1` * SSH Key 1: `hacker-ssh-key-1`
* SSH Key 2: `hacker-ssh-key-2` * SSH Key 2: `hacker-ssh-key-2`
* `service-account-export-dooris-ssh-keys`
* Role `export-dooris-ssh-keys`
* `service-account-export-mailing-list-addresses`
* Role `export-mailing-list-addresses`
* Realm Settings:
* User Profile:
* Attribute Groups:
* `dooris-ssh-keys`
* `mailing-list-addresses`
* Attributes:
* `mailing-list-address-chaos`
* Attribute Group `mailing-list-addresses`
* `mailing-list-address-intern`
* Attribute Group `mailing-list-intern`
* `ssh-key-1`
* Attribute Group `dooris-ssh-keys`
* `ssh-key-2`
* Attribute Group `dooris-ssh-keys`
* Custom Attributes:
* Slug `dooris-ssh-keys`
* Attribute Group `dooris-ssh-keys`
* Match Role `dooris-authorized`
* Auth Role `export-dooris-ssh-keys`
* Slug `mailing-list-addresses-chaos`
* Attribute Group `mailing-list-addresses`
* Match Role `mailing-list-chaos-member`
* Auth Role `export-mailing-list-addresses`
* Slug `mailing-list-addresses-intern`
* Attribute Group `mailing-list-addresses`
* Match Role `mailing-list-intern-member`
* Auth Role `export-mailing-list-addresses`

View file

@ -0,0 +1,20 @@
#!/bin/sh
#
# Use curl to run a test export of Dooris ssh keys
#
set -e
ACCESS_TOKEN="$(curl -s --request POST \
--url http://localhost:8080/realms/testing/protocol/openid-connect/token \
--header 'content-type: application/x-www-form-urlencoded' \
--data scope=openid \
--data client_id=export-dooris-ssh-keys \
--data client_secret=export-dooris-ssh-keys-secret \
--data grant_type=client_credentials | jq --raw-output .access_token -)"
curl -s --request GET \
--url http://localhost:8080/realms/testing/attribute-endpoints-provider/export/dooris-ssh-keys \
--header "authorization: Bearer ${ACCESS_TOKEN}" \
--header "content-type: application/json" | jq . -