Changeset View
Changeset View
Standalone View
Standalone View
spec/acceptance/2_realm_spec.rb
require 'spec_helper_acceptance' | require 'spec_helper_acceptance' | ||||
describe 'keycloak_realm:', if: RSpec.configuration.keycloak_full do | describe 'keycloak_realm:', if: RSpec.configuration.keycloak_full do | ||||
context 'creates realm' do | context 'creates realm' do | ||||
it 'runs successfully' do | it 'runs successfully' do | ||||
pp = <<-EOS | pp = <<-EOS | ||||
include mysql::server | include mysql::server | ||||
class { 'keycloak': | class { 'keycloak': | ||||
datasource_driver => 'mysql', | datasource_driver => 'mysql', | ||||
} | } | ||||
keycloak_realm { 'test': | keycloak_realm { 'test': | ||||
ensure => 'present', | ensure => 'present', | ||||
smtp_server_host => 'smtp.example.org', | |||||
smtp_server_port => 587, | |||||
smtp_server_starttls => false, | |||||
smtp_server_auth => false, | |||||
smtp_server_user => 'john', | |||||
smtp_server_password => 'secret', | |||||
smtp_server_envelope_from => 'keycloak@id.example.org', | |||||
smtp_server_from => 'keycloak@id.example.org', | |||||
smtp_server_from_display_name => 'Keycloak', | |||||
smtp_server_reply_to => 'webmaster@example.org', | |||||
smtp_server_reply_to_display_name => 'Webmaster', | |||||
} | } | ||||
EOS | EOS | ||||
apply_manifest(pp, catch_failures: true) | apply_manifest(pp, catch_failures: true) | ||||
apply_manifest(pp, catch_changes: true) | apply_manifest(pp, catch_changes: true) | ||||
end | end | ||||
it 'has created a realm' do | it 'has created a realm' do | ||||
Show All 28 Lines | it 'has default events config' do | ||||
data = JSON.parse(stdout) | data = JSON.parse(stdout) | ||||
expect(data['eventsEnabled']).to eq(false) | expect(data['eventsEnabled']).to eq(false) | ||||
expect(data['eventsExpiration']).to be_nil | expect(data['eventsExpiration']).to be_nil | ||||
expect(data['eventsListeners']).to eq(['jboss-logging']) | expect(data['eventsListeners']).to eq(['jboss-logging']) | ||||
expect(data['adminEventsEnabled']).to eq(false) | expect(data['adminEventsEnabled']).to eq(false) | ||||
expect(data['adminEventsDetailsEnabled']).to eq(false) | expect(data['adminEventsDetailsEnabled']).to eq(false) | ||||
end | end | ||||
end | end | ||||
it 'has correct smtp settings' do | |||||
on hosts, '/opt/keycloak/bin/kcadm-wrapper.sh get realms/test' do | |||||
data = JSON.parse(stdout) | |||||
expect(data['smtpServer']['host']).to eq('smtp.example.org') | |||||
expect(data['smtpServer']['port']).to eq('587') | |||||
expect(data['smtpServer']['starttls']).to eq('false') | |||||
expect(data['smtpServer']['auth']).to eq('false') | |||||
expect(data['smtpServer']['user']).to eq('john') | |||||
expect(data['smtpServer']['envelopeFrom']).to eq('keycloak@id.example.org') | |||||
expect(data['smtpServer']['from']).to eq('keycloak@id.example.org') | |||||
expect(data['smtpServer']['fromDisplayName']).to eq('Keycloak') | |||||
expect(data['smtpServer']['replyTo']).to eq('webmaster@example.org') | |||||
expect(data['smtpServer']['replyToDisplayName']).to eq('Webmaster') | |||||
end | |||||
end | |||||
end | end | ||||
context 'updates realm' do | context 'updates realm' do | ||||
it 'runs successfully' do | it 'runs successfully' do | ||||
pp = <<-EOS | pp = <<-EOS | ||||
include mysql::server | include mysql::server | ||||
class { 'keycloak': | class { 'keycloak': | ||||
datasource_driver => 'mysql', | datasource_driver => 'mysql', | ||||
} | } | ||||
keycloak_realm { 'test': | keycloak_realm { 'test': | ||||
ensure => 'present', | ensure => 'present', | ||||
remember_me => true, | remember_me => true, | ||||
access_code_lifespan => 3600, | access_code_lifespan => 3600, | ||||
access_token_lifespan => 3600, | access_token_lifespan => 3600, | ||||
sso_session_idle_timeout => 3600, | sso_session_idle_timeout => 3600, | ||||
sso_session_max_lifespan => 72000, | sso_session_max_lifespan => 72000, | ||||
default_client_scopes => ['profile'], | default_client_scopes => ['profile'], | ||||
content_security_policy => "frame-src https://*.duosecurity.com/ 'self'; frame-src 'self'; frame-ancestors 'self'; object-src 'none';", | content_security_policy => "frame-src https://*.duosecurity.com/ 'self'; frame-src 'self'; frame-ancestors 'self'; object-src 'none';", | ||||
events_enabled => true, | events_enabled => true, | ||||
events_expiration => 2678400, | events_expiration => 2678400, | ||||
admin_events_enabled => true, | admin_events_enabled => true, | ||||
admin_events_details_enabled => true, | admin_events_details_enabled => true, | ||||
smtp_server_host => 'smtp.example.org', | |||||
smtp_server_port => 587, | |||||
smtp_server_starttls => false, | |||||
smtp_server_auth => true, | |||||
smtp_server_user => 'jane', | |||||
smtp_server_password => 'secret', | |||||
smtp_server_envelope_from => 'keycloak@id.example.org', | |||||
smtp_server_from => 'keycloak@id.example.org', | |||||
smtp_server_from_display_name => 'Keycloak', | |||||
smtp_server_reply_to => 'webmaster@example.org', | |||||
smtp_server_reply_to_display_name => 'Hostmaster', | |||||
} | } | ||||
EOS | EOS | ||||
apply_manifest(pp, catch_failures: true) | apply_manifest(pp, catch_failures: true) | ||||
apply_manifest(pp, catch_changes: true) | apply_manifest(pp, catch_changes: true) | ||||
end | end | ||||
it 'has updated the realm' do | it 'has updated the realm' do | ||||
on hosts, '/opt/keycloak/bin/kcadm-wrapper.sh get realms/test' do | on hosts, '/opt/keycloak/bin/kcadm-wrapper.sh get realms/test' do | ||||
data = JSON.parse(stdout) | data = JSON.parse(stdout) | ||||
expect(data['rememberMe']).to eq(true) | expect(data['rememberMe']).to eq(true) | ||||
expect(data['accessCodeLifespan']).to eq(3600) | expect(data['accessCodeLifespan']).to eq(3600) | ||||
expect(data['accessTokenLifespan']).to eq(3600) | expect(data['accessTokenLifespan']).to eq(3600) | ||||
expect(data['ssoSessionIdleTimeout']).to eq(3600) | expect(data['ssoSessionIdleTimeout']).to eq(3600) | ||||
expect(data['ssoSessionMaxLifespan']).to eq(72_000) | expect(data['ssoSessionMaxLifespan']).to eq(72_000) | ||||
expect(data['browserSecurityHeaders']['contentSecurityPolicy']).to eq("frame-src https://*.duosecurity.com/ 'self'; frame-src 'self'; frame-ancestors 'self'; object-src 'none';") | expect(data['browserSecurityHeaders']['contentSecurityPolicy']).to eq("frame-src https://*.duosecurity.com/ 'self'; frame-src 'self'; frame-ancestors 'self'; object-src 'none';") | ||||
expect(data['smtpServer']['host']).to eq('smtp.example.org') | |||||
expect(data['smtpServer']['port']).to eq('587') | |||||
expect(data['smtpServer']['starttls']).to eq('false') | |||||
expect(data['smtpServer']['auth']).to eq('true') | |||||
expect(data['smtpServer']['user']).to eq('jane') | |||||
expect(data['smtpServer']['envelopeFrom']).to eq('keycloak@id.example.org') | |||||
expect(data['smtpServer']['from']).to eq('keycloak@id.example.org') | |||||
expect(data['smtpServer']['fromDisplayName']).to eq('Keycloak') | |||||
expect(data['smtpServer']['replyTo']).to eq('webmaster@example.org') | |||||
expect(data['smtpServer']['replyToDisplayName']).to eq('Hostmaster') | |||||
end | end | ||||
end | end | ||||
it 'has updated the realm default-client-scopes' do | it 'has updated the realm default-client-scopes' do | ||||
on hosts, '/opt/keycloak/bin/kcadm-wrapper.sh get realms/test/default-default-client-scopes' do | on hosts, '/opt/keycloak/bin/kcadm-wrapper.sh get realms/test/default-default-client-scopes' do | ||||
data = JSON.parse(stdout) | data = JSON.parse(stdout) | ||||
names = data.map { |d| d['name'] } | names = data.map { |d| d['name'] } | ||||
expect(names).to eq(['profile']) | expect(names).to eq(['profile']) | ||||
Show All 40 Lines |