diff --git a/docs/modules/onecx-iam-kc-client-operator/pages/onecx-iam-kc-client-operator-docs.adoc b/docs/modules/onecx-iam-kc-client-operator/pages/onecx-iam-kc-client-operator-docs.adoc index 18c0b87..133753a 100644 --- a/docs/modules/onecx-iam-kc-client-operator/pages/onecx-iam-kc-client-operator-docs.adoc +++ b/docs/modules/onecx-iam-kc-client-operator/pages/onecx-iam-kc-client-operator-docs.adoc @@ -13,6 +13,7 @@ quarkus.keycloak.admin-client.server-url=http://keycloak:8080 quarkus.keycloak.admin-client.realm=master quarkus.keycloak.admin-client.username=admin quarkus.keycloak.admin-client.password=admin +quarkus.operator-sdk.crd.validate=false quarkus.operator-sdk.helm.enabled=true onecx.iam.kc.client.realm=onecx onecx.iam.kc.client.config.ui.enabled=true diff --git a/docs/modules/onecx-iam-kc-client-operator/pages/onecx-iam-kc-client-operator-extensions.adoc b/docs/modules/onecx-iam-kc-client-operator/pages/onecx-iam-kc-client-operator-extensions.adoc index 6b6b705..b15463b 100644 --- a/docs/modules/onecx-iam-kc-client-operator/pages/onecx-iam-kc-client-operator-extensions.adoc +++ b/docs/modules/onecx-iam-kc-client-operator/pages/onecx-iam-kc-client-operator-extensions.adoc @@ -11,81 +11,93 @@ h| Version | tkit-quarkus-log-cdi | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-cdi.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.22.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link] -| 2.22.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.28.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link] +| 2.28.0 | tkit-quarkus-log-rs | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-rs.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.22.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link] -| 2.22.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.28.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link] +| 2.28.0 | tkit-quarkus-log-json | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-json.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.22.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link] -| 2.22.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.28.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link] +| 2.28.0 | quarkus-arc | https://quarkus.io/guides/cdi-reference[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-arc.adoc[Link] -| 3.9.3 +| 3.12.2 | quarkus-micrometer-registry-prometheus | https://quarkus.io/guides/telemetry-micrometer[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-micrometer-registry-prometheus.adoc[Link] -| 3.9.3 +| 3.12.2 | quarkus-opentelemetry | https://quarkus.io/guides/opentelemetry[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-opentelemetry.adoc[Link] -| 3.9.3 +| 3.12.2 | quarkus-rest-client | https://quarkus.io/guides/rest-client[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-rest-client.adoc[Link] -| 3.9.3 +| 3.12.2 | quarkus-rest-client-jackson | https://quarkus.io/guides/rest-client[Link] | -| 3.9.3 +| 3.12.2 + +| tkit-quarkus-security + +| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-security.html[Link] +| https://github.com/1000kit/tkit-quarkus/blob/2.28.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-security.adoc[Link] +| 2.28.0 | onecx-core | https://onecx.github.io/docs/onecx-quarkus/current/onecx-quarkus/onecx-core.html[Link] | -| 0.17.0 +| 0.24.0 + +| quarkus-smallrye-health + +| https://quarkus.io/guides/smallrye-health[Link] +| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-smallrye-health.adoc[Link] +| 3.12.2 | quarkus-container-image-docker | https://quarkus.io/guides/container-image[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-container-image-docker.adoc[Link] -| 3.9.3 +| 3.12.2 | quarkus-operator-sdk-bundle-generator | | -| 6.6.7 +| 6.7.1 | quarkus-operator-sdk | | -| 6.6.7 +| 6.7.1 | quarkus-keycloak-admin-rest-client | | -| 3.9.3 +| 3.12.2 -|===|=== \ No newline at end of file +|=== \ No newline at end of file diff --git a/docs/modules/onecx-iam-kc-client-operator/pages/onecx-iam-kc-client-operator.adoc b/docs/modules/onecx-iam-kc-client-operator/pages/onecx-iam-kc-client-operator.adoc index 4fc1388..23b7f46 100644 --- a/docs/modules/onecx-iam-kc-client-operator/pages/onecx-iam-kc-client-operator.adoc +++ b/docs/modules/onecx-iam-kc-client-operator/pages/onecx-iam-kc-client-operator.adoc @@ -231,7 +231,7 @@ endif::add-copy-button-to-env-var[] |`openid-connect` -a| [[onecx-iam-kc-client-operator_onecx-iam-kc-client-config-config-attributes-attributes]]`link:#onecx-iam-kc-client-operator_onecx-iam-kc-client-config-config-attributes-attributes[onecx.iam.kc.client.config."config".attributes]` +a| [[onecx-iam-kc-client-operator_onecx-iam-kc-client-config-config-attributes-attributes]]`link:#onecx-iam-kc-client-operator_onecx-iam-kc-client-config-config-attributes-attributes[onecx.iam.kc.client.config."config".attributes."attributes"]` [.description] @@ -239,12 +239,13 @@ a| [[onecx-iam-kc-client-operator_onecx-iam-kc-client-config-config-attributes-a Attributes map for the client. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__ATTRIBUTES+++[] +Environment variable: env_var_with_copy_button:+++ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__ATTRIBUTES__ATTRIBUTES_+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__ATTRIBUTES+++` +Environment variable: `+++ONECX_IAM_KC_CLIENT_CONFIG__CONFIG__ATTRIBUTES__ATTRIBUTES_+++` endif::add-copy-button-to-env-var[] ---|`Map` +--|link:https://docs.oracle.com/javase/8/docs/api/java/lang/String.html[String] + | diff --git a/src/test/java/org/tkit/onecx/iam/kc/client/operator/KeycloakClientControllerMockTest.java b/src/test/java/org/tkit/onecx/iam/kc/client/operator/KeycloakClientControllerMockTest.java index 31296c9..ed5665f 100644 --- a/src/test/java/org/tkit/onecx/iam/kc/client/operator/KeycloakClientControllerMockTest.java +++ b/src/test/java/org/tkit/onecx/iam/kc/client/operator/KeycloakClientControllerMockTest.java @@ -49,7 +49,7 @@ void testThrowException() throws NoSuchMethodException { } - public class MockClientResource implements ClientResource { + public static class MockClientResource implements ClientResource { @Override public ManagementPermissionReference setPermissions( @@ -74,12 +74,12 @@ public ClientRepresentation toRepresentation() { @Override public void update(ClientRepresentation clientRepresentation) { - + throw new UnsupportedOperationException(); } @Override public void remove() { - + throw new UnsupportedOperationException(); } @Override @@ -129,7 +129,7 @@ public List getOfflineUserSessions(Integer integer, I @Override public void pushRevocation() { - + throw new UnsupportedOperationException(); } @Override @@ -179,12 +179,12 @@ public UserRepresentation getServiceAccountUser() { @Override public void registerNode(Map map) { - + throw new UnsupportedOperationException(); } @Override public void unregisterNode(String s) { - + throw new UnsupportedOperationException(); } @Override @@ -204,7 +204,7 @@ public CredentialRepresentation getClientRotatedSecret() { @Override public void invalidateRotatedSecret() { - + throw new UnsupportedOperationException(); } } diff --git a/src/test/java/org/tkit/onecx/iam/kc/client/operator/KeycloakClientControllerTest.java b/src/test/java/org/tkit/onecx/iam/kc/client/operator/KeycloakClientControllerTest.java index 9412f7e..218048c 100644 --- a/src/test/java/org/tkit/onecx/iam/kc/client/operator/KeycloakClientControllerTest.java +++ b/src/test/java/org/tkit/onecx/iam/kc/client/operator/KeycloakClientControllerTest.java @@ -173,18 +173,18 @@ void createUIClientAllOptionsFilled() { void updateUIClient() { // create Organization_ID as default scope createOrgIdScope(); - var CLIENT_ID = "test-ui-client"; + var clientId = "test-ui-client"; operator.start(); KeycloakClient data = new KeycloakClient(); - data.setMetadata(new ObjectMetaBuilder().withName(CLIENT_ID).withNamespace(client.getNamespace()).build()); + data.setMetadata(new ObjectMetaBuilder().withName(clientId).withNamespace(client.getNamespace()).build()); var kcClientSpec = new KeycloakClientSpec(); kcClientSpec.setRealm(REALM_QUARKUS); kcClientSpec.setType(KeycloakAdminService.UI_TYPE); var kcConfig = new KCConfig(); kcClientSpec.setKcConfig(kcConfig); - kcConfig.setClientId(CLIENT_ID); - kcConfig.setDescription("UPDATED-" + CLIENT_ID); + kcConfig.setClientId(clientId); + kcConfig.setDescription("UPDATED-" + clientId); kcConfig.setDefaultClientScopes(List.of("test-scope-1", "test-scope-2")); kcConfig.setOptionalClientScopes(List.of("opt-scope-1", "opt-scope-2-updated")); kcConfig.setAttributes(Maps.of("create.attr.1", "udpate.values.1", "update.attr.2", "update.values.2")); @@ -193,15 +193,13 @@ void updateUIClient() { log.info("Update test keycloak client object: {}", data); client.resource(data).serverSideApply(); - log.info("Waiting 4 seconds and status is UPDATED"); - await().pollDelay(4, SECONDS).untilAsserted(() -> { KeycloakClientStatus mfeStatus = client.resource(data).get().getStatus(); assertThat(mfeStatus).isNotNull(); assertThat(mfeStatus.getStatus()).isNotNull().isEqualTo(KeycloakClientStatus.Status.UPDATED); }); - var clients = keycloak.realm(REALM_QUARKUS).clients().findByClientId(CLIENT_ID); + var clients = keycloak.realm(REALM_QUARKUS).clients().findByClientId(clientId); assertThat(clients).isNotEmpty(); var clientRep = clients.get(0); assertThat(clientRep.getDescription()).isEqualTo(kcConfig.getDescription()); @@ -211,11 +209,11 @@ void updateUIClient() { assertThat(clientRep.getDefaultClientScopes()).contains("Organization_ID"); assertThat(clientRep.getOptionalClientScopes()).containsAll(kcConfig.getOptionalClientScopes()); - var token = keycloakClient.getAccessToken(USER_ALICE, CLIENT_ID); + var token = keycloakClient.getAccessToken(USER_ALICE, clientId); assertThat(token).isNotNull(); var jws = resolveToken(token); - assertThat((String) jws.getClaim(UI_TOKEN_CLIENT_CLAIM_NAME)).isEqualTo(CLIENT_ID); + assertThat((String) jws.getClaim(UI_TOKEN_CLIENT_CLAIM_NAME)).isEqualTo(clientId); var scopeString = (String) jws.getClaim(SCOPE_CLAIM_NAME); var scopes = scopeString.split(" "); // validate all scopes are in @@ -225,42 +223,36 @@ void updateUIClient() { @Test @Order(4) void createUIClientMinimumOption() { - var CLIENT_ID = "test-ui-client-min-ops"; + var clientId = "test-ui-client-min-ops"; operator.start(); KeycloakClient data = new KeycloakClient(); - data.setMetadata(new ObjectMetaBuilder().withName(CLIENT_ID).withNamespace(client.getNamespace()).build()); + data.setMetadata(new ObjectMetaBuilder().withName(clientId).withNamespace(client.getNamespace()).build()); var kcClientSpec = new KeycloakClientSpec(); kcClientSpec.setType(KeycloakAdminService.UI_TYPE); var kcConfig = new KCConfig(); kcClientSpec.setKcConfig(kcConfig); - kcConfig.setClientId(CLIENT_ID); + kcConfig.setClientId(clientId); data.setSpec(kcClientSpec); - log.info("Creating test keycloak client object: {}", data); client.resource(data).serverSideApply(); - log.info("Waiting 4 seconds and status is CREATED"); - await().pollDelay(4, SECONDS).untilAsserted(() -> { KeycloakClientStatus mfeStatus = client.resource(data).get().getStatus(); assertThat(mfeStatus).isNotNull(); assertThat(mfeStatus.getStatus()).isNotNull().isEqualTo(KeycloakClientStatus.Status.CREATED); }); - var clients = keycloak.realm(REALM_QUARKUS).clients().findByClientId(CLIENT_ID); + var clients = keycloak.realm(REALM_QUARKUS).clients().findByClientId(clientId); assertThat(clients).isNotEmpty(); - var token = keycloakClient.getRealmAccessToken(REALM_QUARKUS, USER_ALICE, CLIENT_ID); + var token = keycloakClient.getRealmAccessToken(REALM_QUARKUS, USER_ALICE, clientId); assertThat(token).isNotNull(); var jws = resolveToken(token); - assertThat((String) jws.getClaim(UI_TOKEN_CLIENT_CLAIM_NAME)).isEqualTo(CLIENT_ID); + assertThat((String) jws.getClaim(UI_TOKEN_CLIENT_CLAIM_NAME)).isEqualTo(clientId); - log.info("Deleting test keycloak client object: {}", data); - var statusDetails = client.resource(data).delete(); - - log.info("Waiting 4 seconds and status is CREATED"); + client.resource(data).delete(); await().pollDelay(4, SECONDS).untilAsserted(() -> { var mfeStatus = client.resource(data).get(); @@ -271,74 +263,65 @@ void createUIClientMinimumOption() { @Test @Order(5) void deleteUIClientMinimumOption() { - var CLIENT_ID = "test-ui-client-min-ops-for-del"; + var clientId = "test-ui-client-min-ops-for-del"; operator.start(); KeycloakClient data = new KeycloakClient(); - data.setMetadata(new ObjectMetaBuilder().withName(CLIENT_ID).withNamespace(client.getNamespace()).build()); + data.setMetadata(new ObjectMetaBuilder().withName(clientId).withNamespace(client.getNamespace()).build()); var kcClientSpec = new KeycloakClientSpec(); kcClientSpec.setType(KeycloakAdminService.UI_TYPE); var kcConfig = new KCConfig(); kcClientSpec.setKcConfig(kcConfig); - kcConfig.setClientId(CLIENT_ID); + kcConfig.setClientId(clientId); data.setSpec(kcClientSpec); - log.info("Creating test keycloak client object: {}", data); client.resource(data).serverSideApply(); - log.info("Waiting 4 seconds and status is CREATED"); - await().pollDelay(4, SECONDS).untilAsserted(() -> { KeycloakClientStatus mfeStatus = client.resource(data).get().getStatus(); assertThat(mfeStatus).isNotNull(); assertThat(mfeStatus.getStatus()).isNotNull().isEqualTo(KeycloakClientStatus.Status.CREATED); }); - var foundClients = keycloak.realm(REALM_QUARKUS).clients().findByClientId(CLIENT_ID); + var foundClients = keycloak.realm(REALM_QUARKUS).clients().findByClientId(clientId); assertThat(foundClients).isNotEmpty(); - log.info("Deleting test keycloak client object: {}", data); client.resource(data).delete(); - log.info("Waiting 4 seconds and status is CREATED"); - await().pollDelay(4, SECONDS).untilAsserted(() -> { var clientResource = client.resource(data).get(); assertThat(clientResource).isNull(); }); - foundClients = keycloak.realm(REALM_QUARKUS).clients().findByClientId(CLIENT_ID); + foundClients = keycloak.realm(REALM_QUARKUS).clients().findByClientId(clientId); assertThat(foundClients).isEmpty(); } @Test @Order(6) void deleteAlreadyDeletedUIClient() { - var CLIENT_ID = "test-ui-client-min-ops-for-del"; + var clientId = "test-ui-client-min-ops-for-del"; operator.start(); KeycloakClient data = new KeycloakClient(); - data.setMetadata(new ObjectMetaBuilder().withName(CLIENT_ID).withNamespace(client.getNamespace()).build()); + data.setMetadata(new ObjectMetaBuilder().withName(clientId).withNamespace(client.getNamespace()).build()); var kcClientSpec = new KeycloakClientSpec(); kcClientSpec.setType(KeycloakAdminService.UI_TYPE); kcClientSpec.setRealm("quarkus"); var kcConfig = new KCConfig(); kcClientSpec.setKcConfig(kcConfig); - kcConfig.setClientId(CLIENT_ID); + kcConfig.setClientId(clientId); data.setSpec(kcClientSpec); - log.info("Creating test keycloak client object: {}", data); client.resource(data).serverSideApply(); - log.info("Waiting 4 seconds and status is CREATED"); - await().pollDelay(4, SECONDS).untilAsserted(() -> { KeycloakClientStatus mfeStatus = client.resource(data).get().getStatus(); assertThat(mfeStatus).isNotNull(); assertThat(mfeStatus.getStatus()).isNotNull().isEqualTo(KeycloakClientStatus.Status.CREATED); }); - var foundClients = keycloak.realm(REALM_QUARKUS).clients().findByClientId(CLIENT_ID); + var foundClients = keycloak.realm(REALM_QUARKUS).clients().findByClientId(clientId); assertThat(foundClients).isNotEmpty(); keycloak.realm(REALM_QUARKUS).clients().get(foundClients.get(0).getId()).remove(); @@ -346,14 +329,12 @@ void deleteAlreadyDeletedUIClient() { log.info("Deleting test keycloak client object: {}", data); client.resource(data).delete(); - log.info("Waiting 4 seconds and status is CREATED"); - await().pollDelay(4, SECONDS).untilAsserted(() -> { var clientResource = client.resource(data).get(); assertThat(clientResource).isNull(); }); - foundClients = keycloak.realm(REALM_QUARKUS).clients().findByClientId(CLIENT_ID); + foundClients = keycloak.realm(REALM_QUARKUS).clients().findByClientId(clientId); assertThat(foundClients).isEmpty(); } @@ -378,11 +359,8 @@ void createMachineClient() { kcConfig.setAttributes(Maps.of("create.attr.1", "create.values.1", "create.attr.2", "create.values.2")); data.setSpec(kcClientSpec); - log.info("Creating test keycloak client object: {}", data); client.resource(data).serverSideApply(); - log.info("Waiting 4 seconds and status is CREATED"); - await().pollDelay(4, SECONDS).untilAsserted(() -> { KeycloakClientStatus mfeStatus = client.resource(data).get().getStatus(); assertThat(mfeStatus).isNotNull(); @@ -436,19 +414,19 @@ void createOrgIdScope() { @Test @Order(11) void updateMachineClient() { - var CLIENT_ID = "test-client"; - var CLIENT_SECRET = "test-client-secret"; + var clientId = "test-client"; + var clientSecret = "test-client-secret"; operator.start(); KeycloakClient data = new KeycloakClient(); - data.setMetadata(new ObjectMetaBuilder().withName(CLIENT_ID).withNamespace(client.getNamespace()).build()); + data.setMetadata(new ObjectMetaBuilder().withName(clientId).withNamespace(client.getNamespace()).build()); var kcClientSpec = new KeycloakClientSpec(); kcClientSpec.setRealm(REALM_QUARKUS); kcClientSpec.setType(KeycloakAdminService.MACHINE_TYPE); var kcConfig = new KCConfig(); kcClientSpec.setKcConfig(kcConfig); - kcConfig.setClientId(CLIENT_ID); - kcConfig.setPassword(CLIENT_SECRET); + kcConfig.setClientId(clientId); + kcConfig.setPassword(clientSecret); kcConfig.setDefaultClientScopes(List.of("create-scope-1", "update-scope-2")); kcConfig.setAttributes(Maps.of("create.attr.1", "create.values.1.update", "update.attr.2", "update.values.2")); data.setSpec(kcClientSpec); @@ -456,26 +434,24 @@ void updateMachineClient() { log.info("Updating test keycloak client object: {}", data); client.resource(data).serverSideApply(); - log.info("Waiting 4 seconds and status is UPDATED"); - await().pollDelay(4, SECONDS).untilAsserted(() -> { KeycloakClientStatus mfeStatus = client.resource(data).get().getStatus(); assertThat(mfeStatus).isNotNull(); assertThat(mfeStatus.getStatus()).isNotNull().isEqualTo(KeycloakClientStatus.Status.UPDATED); }); - var clients = keycloak.realm(REALM_QUARKUS).clients().findByClientId(CLIENT_ID); + var clients = keycloak.realm(REALM_QUARKUS).clients().findByClientId(clientId); assertThat(clients).isNotEmpty(); var clientRep = clients.get(0); assertThat(clientRep.getDescription()).isEqualTo(kcConfig.getDescription()); // validate that attributes are all in assertThat(clientRep.getAttributes()).containsAllEntriesOf(kcConfig.getAttributes()); - var token = keycloakClient.getClientAccessToken(CLIENT_ID, CLIENT_SECRET); + var token = keycloakClient.getClientAccessToken(clientId, clientSecret); assertThat(token).isNotNull(); var jws = resolveToken(token); - assertThat((String) jws.getClaim(UI_TOKEN_CLIENT_CLAIM_NAME)).isEqualTo(CLIENT_ID); + assertThat((String) jws.getClaim(UI_TOKEN_CLIENT_CLAIM_NAME)).isEqualTo(clientId); var scopeString = (String) jws.getClaim(SCOPE_CLAIM_NAME); var scopes = scopeString.split(" "); // validate all scopes are in @@ -495,24 +471,23 @@ void updateMachineClient() { @Test void updateMachinePwdClient() { - var CLIENT_ID = "test-client-pwd-chg"; - var CLIENT_SECRET = "test-client-secret"; + var clientId = "test-client-pwd-chg"; + var clientSecret = "test-client-secret"; operator.start(); KeycloakClient data = new KeycloakClient(); - data.setMetadata(new ObjectMetaBuilder().withName(CLIENT_ID).withNamespace(client.getNamespace()).build()); + data.setMetadata(new ObjectMetaBuilder().withName(clientId).withNamespace(client.getNamespace()).build()); var kcClientSpec = new KeycloakClientSpec(); kcClientSpec.setRealm(REALM_QUARKUS); kcClientSpec.setType(KeycloakAdminService.MACHINE_TYPE); var kcConfig = new KCConfig(); kcClientSpec.setKcConfig(kcConfig); - kcConfig.setClientId(CLIENT_ID); - kcConfig.setPassword(CLIENT_SECRET); + kcConfig.setClientId(clientId); + kcConfig.setPassword(clientSecret); kcConfig.setDefaultClientScopes(List.of("create-scope-1", "update-scope-2")); kcConfig.setAttributes(Maps.of("create.attr.1", "create.values.1.update", "update.attr.2", "update.values.2")); data.setSpec(kcClientSpec); - log.info("Creating test keycloak client object: {}", data); client.resource(data).serverSideApply(); log.info("Waiting 4 seconds and status is UPDATED"); @@ -523,7 +498,7 @@ void updateMachinePwdClient() { assertThat(mfeStatus.getStatus()).isNotNull().isEqualTo(KeycloakClientStatus.Status.CREATED); }); - var secret = keycloak.realm(REALM_QUARKUS).clients().findByClientId(CLIENT_ID).get(0).getSecret(); + var secret = keycloak.realm(REALM_QUARKUS).clients().findByClientId(clientId).get(0).getSecret(); log.info("Old secret {}", secret); // update the password @@ -541,11 +516,11 @@ void updateMachinePwdClient() { assertThat(mfeStatus.getStatus()).isNotNull().isEqualTo(KeycloakClientStatus.Status.UPDATED); }); - secret = keycloak.realm(REALM_QUARKUS).clients().findByClientId(CLIENT_ID).get(0).getSecret(); + secret = keycloak.realm(REALM_QUARKUS).clients().findByClientId(clientId).get(0).getSecret(); log.info("New secret {}", secret); - var tokenWithOldPwd = keycloakClient.getClientAccessToken(CLIENT_ID, CLIENT_SECRET); - var tokenWithNewPwd = keycloakClient.getClientAccessToken(CLIENT_ID, NEW_CLIENT_PASSWORD); + var tokenWithOldPwd = keycloakClient.getClientAccessToken(clientId, clientSecret); + var tokenWithNewPwd = keycloakClient.getClientAccessToken(clientId, NEW_CLIENT_PASSWORD); assertThat(tokenWithOldPwd).isNull(); assertThat(tokenWithNewPwd).isNotNull(); @@ -555,22 +530,22 @@ void updateMachinePwdClient() { void createUpdatePasswordFromSecretTest() { Base64.Encoder encoder = Base64.getEncoder(); - var CLIENT_ID = "test-machine-secret-client"; - var CLIENT_SECRET = "test-client-secret"; - var CLIENT_PWD_SECRET = "test-machine-secret-client-secret"; - var CLIENT_PWD_KEY = "pwd"; + var clientId = "test-machine-secret-client"; + var clientSecret = "test-client-secret"; + var clientPwdSecret = "test-machine-secret-client-secret"; + var clientPwdKey = "pwd"; operator.start(); KeycloakClient data = new KeycloakClient(); - data.setMetadata(new ObjectMetaBuilder().withName(CLIENT_ID).withNamespace(client.getNamespace()).build()); + data.setMetadata(new ObjectMetaBuilder().withName(clientId).withNamespace(client.getNamespace()).build()); var kcClientSpec = new KeycloakClientSpec(); kcClientSpec.setRealm(REALM_QUARKUS); - kcClientSpec.setPasswordKey(CLIENT_PWD_KEY); - kcClientSpec.setPasswordSecrets(CLIENT_PWD_SECRET); + kcClientSpec.setPasswordKey(clientPwdKey); + kcClientSpec.setPasswordSecrets(clientPwdSecret); kcClientSpec.setType(KeycloakAdminService.MACHINE_TYPE); var kcConfig = new KCConfig(); kcClientSpec.setKcConfig(kcConfig); - kcConfig.setClientId(CLIENT_ID); + kcConfig.setClientId(clientId); kcConfig.setPassword("someRandomPwdShouldBeIgnored"); kcConfig.setDefaultClientScopes(List.of("create-scope-1", "create-scope-2")); kcConfig.setAttributes(Maps.of("create.attr.1", "create.values.1", "create.attr.2", "create.values.2")); @@ -579,7 +554,7 @@ void createUpdatePasswordFromSecretTest() { Secret secret = new Secret(); secret.setMetadata(new ObjectMetaBuilder().withName(kcClientSpec.getPasswordSecrets()) .withNamespace(client.getNamespace()).build()); - secret.setData(Map.of(kcClientSpec.getPasswordKey(), encoder.encodeToString(CLIENT_SECRET.getBytes()))); + secret.setData(Map.of(kcClientSpec.getPasswordKey(), encoder.encodeToString(clientSecret.getBytes()))); log.info("Creating secret object: {}", secret); client.resource(secret).serverSideApply(); @@ -595,7 +570,7 @@ void createUpdatePasswordFromSecretTest() { assertThat(mfeStatus.getStatus()).isNotNull().isEqualTo(KeycloakClientStatus.Status.CREATED); }); - var token = keycloakClient.getClientAccessToken(CLIENT_ID, CLIENT_SECRET); + var token = keycloakClient.getClientAccessToken(clientId, clientSecret); assertThat(token).isNotNull(); // update the password @@ -612,11 +587,11 @@ void createUpdatePasswordFromSecretTest() { assertThat(mfeStatus.getStatus()).isNotNull().isEqualTo(KeycloakClientStatus.Status.UPDATED); }); // old password token empty - var oldSecretToken = keycloakClient.getClientAccessToken(CLIENT_ID, CLIENT_SECRET); + var oldSecretToken = keycloakClient.getClientAccessToken(clientId, clientSecret); assertThat(oldSecretToken).isNull(); // new password generates token - var newSecretToken = keycloakClient.getClientAccessToken(CLIENT_ID, CLIENT_SECRET_NEW); + var newSecretToken = keycloakClient.getClientAccessToken(clientId, CLIENT_SECRET_NEW); assertThat(newSecretToken).isNotNull(); } @@ -645,11 +620,8 @@ void clientErrorTest() { data.setMetadata(new ObjectMetaBuilder().withName("empty-spec").withNamespace(client.getNamespace()).build()); data.setSpec(new KeycloakClientSpec()); - log.info("Creating test keycloak client object: {}", data); client.resource(data).serverSideApply(); - log.info("Waiting 4 seconds and status has an ERROR"); - KeycloakClient finalData2 = data; await().pollDelay(4, SECONDS).untilAsserted(() -> { KeycloakClientStatus mfeStatus = client.resource(finalData2).get().getStatus(); @@ -663,11 +635,8 @@ void clientErrorTest() { data.setSpec(new KeycloakClientSpec()); data.getSpec().setKcConfig(new KCConfig()); - log.info("Creating test keycloak client object: {}", data); client.resource(data).serverSideApply(); - log.info("Waiting 4 seconds and status has an ERROR"); - KeycloakClient finalData3 = data; await().pollDelay(4, SECONDS).untilAsserted(() -> { KeycloakClientStatus mfeStatus = client.resource(finalData3).get().getStatus(); @@ -689,11 +658,8 @@ void clientNotExistingRealmTest() { data.getSpec().setKcConfig(new KCConfig()); data.getSpec().getKcConfig().setClientId(CLIENT_ID); - log.info("Creating test keycloak client object: {}", data); client.resource(data).serverSideApply(); - log.info("Waiting 4 seconds and status has an ERROR"); - await().pollDelay(4, SECONDS).untilAsserted(() -> { KeycloakClientStatus mfeStatus = client.resource(data).get().getStatus(); assertThat(mfeStatus).isNotNull(); @@ -703,17 +669,16 @@ void clientNotExistingRealmTest() { @Test void clientWrongTypeTest() { - var CLIENT_ID = "wrong-type"; + var clientId = "wrong-type"; operator.start(); KeycloakClient data = new KeycloakClient(); - data.setMetadata(new ObjectMetaBuilder().withName(CLIENT_ID).withNamespace(client.getNamespace()).build()); + data.setMetadata(new ObjectMetaBuilder().withName(clientId).withNamespace(client.getNamespace()).build()); data.setSpec(new KeycloakClientSpec()); data.getSpec().setType("CUSTOM_TYPE"); data.getSpec().setKcConfig(new KCConfig()); - data.getSpec().getKcConfig().setClientId(CLIENT_ID); + data.getSpec().getKcConfig().setClientId(clientId); - log.info("Creating test keycloak client object: {}", data); client.resource(data).serverSideApply(); log.info("Waiting 4 seconds and status has an ERROR"); @@ -729,21 +694,21 @@ void clientWrongTypeTest() { void createUpdatePasswordFromSecretErrorTest() { Base64.Encoder encoder = Base64.getEncoder(); - var CLIENT_ID = "test-machine-secret-client-err1"; - var CLIENT_SECRET = "test-client-secret"; - var CLIENT_PWD_SECRET = "err-machine-secret-client-secret"; - var CLIENT_PWD_KEY = "pwd"; + var clientId = "test-machine-secret-client-err1"; + var clientSecret = "test-client-secret"; + var clientPwdSecret = "err-machine-secret-client-secret"; + var clientPwdKey = "pwd"; operator.start(); KeycloakClient data = new KeycloakClient(); - data.setMetadata(new ObjectMetaBuilder().withName(CLIENT_ID).withNamespace(client.getNamespace()).build()); + data.setMetadata(new ObjectMetaBuilder().withName(clientId).withNamespace(client.getNamespace()).build()); var kcClientSpec = new KeycloakClientSpec(); kcClientSpec.setRealm(REALM_QUARKUS); - kcClientSpec.setPasswordSecrets(CLIENT_PWD_SECRET); + kcClientSpec.setPasswordSecrets(clientPwdSecret); kcClientSpec.setType(KeycloakAdminService.MACHINE_TYPE); var kcConfig = new KCConfig(); kcClientSpec.setKcConfig(kcConfig); - kcConfig.setClientId(CLIENT_ID); + kcConfig.setClientId(clientId); kcConfig.setPassword("someRandomPwdShouldBeIgnored"); kcConfig.setDefaultClientScopes(List.of("create-scope-1", "create-scope-2")); kcConfig.setAttributes(Maps.of("create.attr.1", "create.values.1", "create.attr.2", "create.values.2")); @@ -752,13 +717,11 @@ void createUpdatePasswordFromSecretErrorTest() { Secret secret = new Secret(); secret.setMetadata(new ObjectMetaBuilder().withName(kcClientSpec.getPasswordSecrets()) .withNamespace(client.getNamespace()).build()); - secret.setData(Map.of("other-key", encoder.encodeToString(CLIENT_SECRET.getBytes()))); + secret.setData(Map.of("other-key", encoder.encodeToString(clientSecret.getBytes()))); - log.info("Creating secret object: {}", secret); client.resource(secret).serverSideApply(); // test when the client does container pwd secret name but not the pwd key - log.info("Creating keycloak client object {}", data); client.resource(data).serverSideApply(); log.info("Waiting 4 seconds and status is ERROR"); @@ -776,9 +739,8 @@ void createUpdatePasswordFromSecretErrorTest() { data1.setMetadata(new ObjectMetaBuilder().withName("test-machine-secret-client-err2") .withNamespace(client.getNamespace()).build()); data1.setSpec(kcClientSpec); - kcClientSpec.setPasswordKey(CLIENT_PWD_KEY); + kcClientSpec.setPasswordKey(clientPwdKey); - log.info("Creating keycloak client object {}", data1); client.resource(data1).serverSideApply(); log.info("Waiting 4 seconds and status is ERROR"); @@ -791,7 +753,7 @@ void createUpdatePasswordFromSecretErrorTest() { }); // test error when secret has the right key but the value is empty - secret.setData(Map.of(CLIENT_PWD_KEY, "")); + secret.setData(Map.of(clientPwdKey, "")); log.info("Update secret object {}", secret); client.resource(secret).update(); @@ -801,7 +763,7 @@ void createUpdatePasswordFromSecretErrorTest() { await().pollDelay(4, SECONDS).untilAsserted(() -> { KeycloakClientStatus mfeStatus = client.resource(data1).get().getStatus(); assertThat(mfeStatus).isNotNull(); - assertThat(mfeStatus.getMessage()).isEqualTo("Secret key '" + CLIENT_PWD_KEY + "' is mandatory. No value found!"); + assertThat(mfeStatus.getMessage()).isEqualTo("Secret key '" + clientPwdKey + "' is mandatory. No value found!"); assertThat(mfeStatus.getStatus()).isNotNull().isEqualTo(KeycloakClientStatus.Status.ERROR); }); } diff --git a/src/test/java/org/tkit/onecx/iam/kc/client/test/AbstractTest.java b/src/test/java/org/tkit/onecx/iam/kc/client/test/AbstractTest.java index 88932ee..7d615b7 100644 --- a/src/test/java/org/tkit/onecx/iam/kc/client/test/AbstractTest.java +++ b/src/test/java/org/tkit/onecx/iam/kc/client/test/AbstractTest.java @@ -11,16 +11,14 @@ public abstract class AbstractTest { - final static Logger log = LoggerFactory.getLogger(AbstractTest.class); + static final Logger log = LoggerFactory.getLogger(AbstractTest.class); - public static String REALM_QUARKUS = "quarkus"; - public static String USER_ALICE = "alice"; - public static String USER_BOB = "bob"; + public static final String REALM_QUARKUS = "quarkus"; + public static final String USER_ALICE = "alice"; - public static String UI_TOKEN_CLIENT_CLAIM_NAME = Claims.azp.name(); + public static final String UI_TOKEN_CLIENT_CLAIM_NAME = Claims.azp.name(); - public static String MACHINE_TOKEN_CLIENT_CLAIM_NAME = "client_id"; - public static String SCOPE_CLAIM_NAME = "scope"; + public static final String SCOPE_CLAIM_NAME = "scope"; public DefaultJWTCallerPrincipal resolveToken(String token) { try {