From 3f092f697f2380712472e56947d692ea4bd4f718 Mon Sep 17 00:00:00 2001 From: Maximilian Pohle Date: Sat, 1 Jun 2024 13:10:26 +0200 Subject: [PATCH] add integration tests --- plugins/modules/keycloak_authz_resource.py | 2 + .../keycloak_authz_resource/readme.adoc | 27 +++ .../keycloak_authz_resource/tasks/main.yml | 209 ++++++++++++++++++ .../keycloak_authz_resource/vars/main.yml | 17 ++ 4 files changed, 255 insertions(+) create mode 100644 tests/integration/targets/keycloak_authz_resource/readme.adoc create mode 100644 tests/integration/targets/keycloak_authz_resource/tasks/main.yml create mode 100644 tests/integration/targets/keycloak_authz_resource/vars/main.yml diff --git a/plugins/modules/keycloak_authz_resource.py b/plugins/modules/keycloak_authz_resource.py index 268e964dba..028fa536a6 100644 --- a/plugins/modules/keycloak_authz_resource.py +++ b/plugins/modules/keycloak_authz_resource.py @@ -231,6 +231,8 @@ def main(): # filter. This returns False if it is not found. resource = kc.get_authz_resource_by_name( name=name, client_id=cid, realm=realm) + if resource and resource != {}: + resource['uris'].sort() # Generate a JSON payload for Keycloak Admin API. This is needed for # "create" and "update" operations. diff --git a/tests/integration/targets/keycloak_authz_resource/readme.adoc b/tests/integration/targets/keycloak_authz_resource/readme.adoc new file mode 100644 index 0000000000..8e052920c1 --- /dev/null +++ b/tests/integration/targets/keycloak_authz_resource/readme.adoc @@ -0,0 +1,27 @@ +// Copyright (c) Ansible Project +// GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +// SPDX-License-Identifier: GPL-3.0-or-later + +To be able to run these integration tests a keycloak server must be +reachable under a specific url with a specific admin user and password. +The exact values expected for these parameters can be found in +'vars/main.yml' file. A simple way to do this is to use the official +keycloak docker images like this: + +---- +docker run --name mykeycloak -p 8080:8080 -e KC_HTTP_RELATIVE_PATH= -e KEYCLOAK_ADMIN= -e KEYCLOAK_ADMIN_PASSWORD= quay.io/keycloak/keycloak:20.0.2 start-dev +---- + +Example with concrete values inserted: + +---- +docker run --name mykeycloak -p 8080:8080 -e KC_HTTP_RELATIVE_PATH=/auth -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=password quay.io/keycloak/keycloak:20.0.2 start-dev +---- + +This test suite can run against a fresh unconfigured server instance +(no preconfiguration required) and cleans up after itself (undoes all +its config changes) as long as it runs through completely. While its active +it changes the server configuration in the following ways: + + * creating, modifying and deleting some keycloak groups + diff --git a/tests/integration/targets/keycloak_authz_resource/tasks/main.yml b/tests/integration/targets/keycloak_authz_resource/tasks/main.yml new file mode 100644 index 0000000000..e30f3a0bf2 --- /dev/null +++ b/tests/integration/targets/keycloak_authz_resource/tasks/main.yml @@ -0,0 +1,209 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later +- name: Remove keycloak client to avoid failures from previous failed runs + community.general.keycloak_client: + auth_keycloak_url: "{{ url }}" + auth_realm: "{{ admin_realm }}" + auth_username: "{{ admin_user }}" + auth_password: "{{ admin_password }}" + realm: "{{ realm }}" + client_id: "{{ client_id }}" + state: absent + +- name: Create keycloak client with authorization services enabled + community.general.keycloak_client: + auth_keycloak_url: "{{ url }}" + auth_realm: "{{ admin_realm }}" + auth_username: "{{ admin_user }}" + auth_password: "{{ admin_password }}" + realm: "{{ realm }}" + client_id: "{{ client_id }}" + state: present + enabled: true + public_client: false + service_accounts_enabled: true + authorization_services_enabled: true + +- name: Create keycloak resource + community.general.keycloak_authz_resource: + auth_keycloak_url: "{{ url }}" + auth_realm: "{{ admin_realm }}" + auth_username: "{{ admin_user }}" + auth_password: "{{ admin_password }}" + realm: "{{ realm }}" + client_id: "{{ client_id }}" + name: "{{ resource_name }}" + displayName: "{{ displayName }}" + icon_uri: "{{ icon_uri }}" + uris: "{{ uris }}" + state: present + register: result + +- name: Assert that resource was created + assert: + that: + - result is changed + - result.end_state != {} + +- name: Create keycloak resource (test for idempotency) + community.general.keycloak_authz_resource: + auth_keycloak_url: "{{ url }}" + auth_realm: "{{ admin_realm }}" + auth_username: "{{ admin_user }}" + auth_password: "{{ admin_password }}" + realm: "{{ realm }}" + client_id: "{{ client_id }}" + name: "{{ resource_name }}" + displayName: "{{ displayName }}" + icon_uri: "{{ icon_uri }}" + uris: "{{ uris }}" + state: present + check_mode: true + diff: true + register: result + +- name: Assert that nothing has changed + assert: + that: + - result is not changed + - result.end_state != {} + +- name: Update keycloak resource + community.general.keycloak_authz_resource: + auth_keycloak_url: "{{ url }}" + auth_realm: "{{ admin_realm }}" + auth_username: "{{ admin_user }}" + auth_password: "{{ admin_password }}" + realm: "{{ realm }}" + client_id: "{{ client_id }}" + name: "{{ resource_name }}" + displayName: "{{ displayName }} changed" + icon_uri: "{{ icon_uri }}" + uris: "{{ uris }}" + state: present + diff: true + register: result + +- name: Assert that nothing has changed + assert: + that: + - result is changed + - result.end_state != {} + +- name: Update keycloak resource (test for idempotency) + community.general.keycloak_authz_resource: + auth_keycloak_url: "{{ url }}" + auth_realm: "{{ admin_realm }}" + auth_username: "{{ admin_user }}" + auth_password: "{{ admin_password }}" + realm: "{{ realm }}" + client_id: "{{ client_id }}" + name: "{{ resource_name }}" + displayName: "{{ displayName }} changed" + icon_uri: "{{ icon_uri }}" + uris: "{{ uris }}" + state: present + check_mode: true + diff: true + register: result + +- name: Assert that nothing has changed + assert: + that: + - result is not changed + - result.end_state != {} + +- name: Remove keycloak resource + community.general.keycloak_authz_resource: + auth_keycloak_url: "{{ url }}" + auth_realm: "{{ admin_realm }}" + auth_username: "{{ admin_user }}" + auth_password: "{{ admin_password }}" + realm: "{{ realm }}" + client_id: "{{ client_id }}" + name: "{{ resource_name }}" + displayName: "{{ displayName }} changed" + icon_uri: "{{ icon_uri }}" + uris: "{{ uris }}" + state: absent + diff: true + register: result + +- name: Assert that nothing has changed + assert: + that: + - result is changed + - result.end_state == {} + +- name: Remove keycloak resource (test for idempotency) + community.general.keycloak_authz_resource: + auth_keycloak_url: "{{ url }}" + auth_realm: "{{ admin_realm }}" + auth_username: "{{ admin_user }}" + auth_password: "{{ admin_password }}" + realm: "{{ realm }}" + client_id: "{{ client_id }}" + name: "{{ resource_name }}" + displayName: "{{ displayName }} changed" + icon_uri: "{{ icon_uri }}" + uris: "{{ uris }}" + state: absent + check_mode: true + diff: true + register: result + +- name: Assert that nothing has changed + assert: + that: + - result is not changed + - result.end_state == {} + +- name: Create keycloak resource (minimal) + community.general.keycloak_authz_resource: + auth_keycloak_url: "{{ url }}" + auth_realm: "{{ admin_realm }}" + auth_username: "{{ admin_user }}" + auth_password: "{{ admin_password }}" + realm: "{{ realm }}" + client_id: "{{ client_id }}" + name: "{{ resource_name }}" + state: present + register: result + +- name: Assert that resource was created + assert: + that: + - result is changed + - result.end_state != {} + +- name: Create keycloak resource (minimal) (test for idempotency) + community.general.keycloak_authz_resource: + auth_keycloak_url: "{{ url }}" + auth_realm: "{{ admin_realm }}" + auth_username: "{{ admin_user }}" + auth_password: "{{ admin_password }}" + realm: "{{ realm }}" + client_id: "{{ client_id }}" + name: "{{ resource_name }}" + state: present + check_mode: true + diff: true + register: result + +- name: Assert that nothing has changed + assert: + that: + - result is not changed + - result.end_state != {} + +- name: Remove keycloak client to avoid failures from previous failed runs + community.general.keycloak_client: + auth_keycloak_url: "{{ url }}" + auth_realm: "{{ admin_realm }}" + auth_username: "{{ admin_user }}" + auth_password: "{{ admin_password }}" + realm: "{{ realm }}" + client_id: "{{ client_id }}" + state: absent diff --git a/tests/integration/targets/keycloak_authz_resource/vars/main.yml b/tests/integration/targets/keycloak_authz_resource/vars/main.yml new file mode 100644 index 0000000000..752029bbf6 --- /dev/null +++ b/tests/integration/targets/keycloak_authz_resource/vars/main.yml @@ -0,0 +1,17 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +url: http://localhost:8080/auth +admin_realm: master +admin_user: admin +admin_password: password +realm: master +client_id: authz +resource_name: resource +displayName: Resource +icon_uri: icon.png +uris: + - https://url1.com + - https://url2.com