Integration test to demonstrate ssh key export
This commit is contained in:
parent
5e279f8c71
commit
f586e5feee
2 changed files with 67 additions and 2 deletions
|
|
@ -23,12 +23,26 @@ The copying of the database is necessary to avoid locking errors.
|
||||||
docker compose exec -it keycloak sh -c "cp -rp /opt/keycloak/data/h2 /tmp && env -i -- /opt/keycloak/bin/kc.sh export --db dev-file --db-url 'jdbc:h2:file:/tmp/h2/keycloakdb;NON_KEYWORDS=VALUE' --file /opt/keycloak/data/import/testing.json --realm testing"
|
docker compose exec -it keycloak sh -c "cp -rp /opt/keycloak/data/h2 /tmp && env -i -- /opt/keycloak/bin/kc.sh export --db dev-file --db-url 'jdbc:h2:file:/tmp/h2/keycloakdb;NON_KEYWORDS=VALUE' --file /opt/keycloak/data/import/testing.json --realm testing"
|
||||||
```
|
```
|
||||||
|
|
||||||
## Testing Realm Configuration
|
## Running Integration Tests
|
||||||
|
|
||||||
|
This directory also contains shell scripts that exercise the attribute endpoint.
|
||||||
|
|
||||||
|
Bring up Keycloak with `docker compose up -d`, then run one of the `client-test-export-`*`.sh` scripts.
|
||||||
|
|
||||||
|
```shell
|
||||||
|
$ ./client-test-export-dooris.sh
|
||||||
|
[
|
||||||
|
"hacker-ssh-key-1",
|
||||||
|
"hacker-ssh-key-2"
|
||||||
|
]
|
||||||
|
```
|
||||||
|
|
||||||
|
## Realm `testing` Configuration
|
||||||
|
|
||||||
The realm contains these objects:
|
The realm contains these objects:
|
||||||
|
|
||||||
* Clients:
|
* Clients:
|
||||||
* `export-dooris-ssh-keys` with secret `export-dooris-ssh-keys-secret` and role `export-dooris-ssh-keys`
|
* `export-dooris-ssh-keys` with secret `export-dooris-ssh-keys-secret` and user `service-account-export-dooris-ssh-keys`
|
||||||
* `export-mailing-list-addresses` with secret `export-mailing-list-addresses-secret` and role `export-mailing-list-addresses`
|
* `export-mailing-list-addresses` with secret `export-mailing-list-addresses-secret` and role `export-mailing-list-addresses`
|
||||||
* Realm Roles:
|
* Realm Roles:
|
||||||
* `dooris-authorized`
|
* `dooris-authorized`
|
||||||
|
|
@ -54,3 +68,34 @@ The realm contains these objects:
|
||||||
* Dooris SSH Keys:
|
* Dooris SSH Keys:
|
||||||
* SSH Key 1: `hacker-ssh-key-1`
|
* SSH Key 1: `hacker-ssh-key-1`
|
||||||
* SSH Key 2: `hacker-ssh-key-2`
|
* SSH Key 2: `hacker-ssh-key-2`
|
||||||
|
* `service-account-export-dooris-ssh-keys`
|
||||||
|
* Role `export-dooris-ssh-keys`
|
||||||
|
* `service-account-export-mailing-list-addresses`
|
||||||
|
* Role `export-mailing-list-addresses`
|
||||||
|
* Realm Settings:
|
||||||
|
* User Profile:
|
||||||
|
* Attribute Groups:
|
||||||
|
* `dooris-ssh-keys`
|
||||||
|
* `mailing-list-addresses`
|
||||||
|
* Attributes:
|
||||||
|
* `mailing-list-address-chaos`
|
||||||
|
* Attribute Group `mailing-list-addresses`
|
||||||
|
* `mailing-list-address-intern`
|
||||||
|
* Attribute Group `mailing-list-intern`
|
||||||
|
* `ssh-key-1`
|
||||||
|
* Attribute Group `dooris-ssh-keys`
|
||||||
|
* `ssh-key-2`
|
||||||
|
* Attribute Group `dooris-ssh-keys`
|
||||||
|
* Custom Attributes:
|
||||||
|
* Slug `dooris-ssh-keys`
|
||||||
|
* Attribute Group `dooris-ssh-keys`
|
||||||
|
* Match Role `dooris-authorized`
|
||||||
|
* Auth Role `export-dooris-ssh-keys`
|
||||||
|
* Slug `mailing-list-addresses-chaos`
|
||||||
|
* Attribute Group `mailing-list-addresses`
|
||||||
|
* Match Role `mailing-list-chaos-member`
|
||||||
|
* Auth Role `export-mailing-list-addresses`
|
||||||
|
* Slug `mailing-list-addresses-intern`
|
||||||
|
* Attribute Group `mailing-list-addresses`
|
||||||
|
* Match Role `mailing-list-intern-member`
|
||||||
|
* Auth Role `export-mailing-list-addresses`
|
||||||
|
|
|
||||||
20
testing/client-test-export-dooris.sh
Executable file
20
testing/client-test-export-dooris.sh
Executable file
|
|
@ -0,0 +1,20 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#
|
||||||
|
# Use curl to run a test export of Dooris ssh keys
|
||||||
|
#
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
ACCESS_TOKEN="$(curl -s --request POST \
|
||||||
|
--url http://localhost:8080/realms/testing/protocol/openid-connect/token \
|
||||||
|
--header 'content-type: application/x-www-form-urlencoded' \
|
||||||
|
--data scope=openid \
|
||||||
|
--data client_id=export-dooris-ssh-keys \
|
||||||
|
--data client_secret=export-dooris-ssh-keys-secret \
|
||||||
|
--data grant_type=client_credentials | jq --raw-output .access_token -)"
|
||||||
|
|
||||||
|
curl -s --request GET \
|
||||||
|
--url http://localhost:8080/realms/testing/attribute-endpoints-provider/export/dooris-ssh-keys \
|
||||||
|
--header "authorization: Bearer ${ACCESS_TOKEN}" \
|
||||||
|
--header "content-type: application/json" | jq . -
|
||||||
Loading…
Add table
Add a link
Reference in a new issue