From a1959fa7604d3fa8b19149413154b631322b1e14 Mon Sep 17 00:00:00 2001 From: Amrita <54478846+amrita-shrestha@users.noreply.github.com> Date: Tue, 19 Nov 2024 15:57:31 +0545 Subject: [PATCH] [tests-only][full-ci]Setup keycloak group e2e tests (#11887) * setup group condig in keycloak * run keycloak and needed pipeline only * setup tests for keycloak group * run all pipeline * fix index uses and some logic --- .drone.star | 8 +- .../ocis_keycloak/ocis-ci-realm.dist.json | 305 +++++++++++++++--- tests/e2e/cucumber/environment/index.ts | 27 +- .../cucumber/features/keycloak/groups.feature | 67 ++++ tests/e2e/support/api/graph/index.ts | 3 +- tests/e2e/support/api/graph/userManagement.ts | 14 + tests/e2e/support/api/index.ts | 1 + tests/e2e/support/api/token/index.ts | 2 +- .../e2e/support/environment/userManagement.ts | 13 +- tests/e2e/support/store/index.ts | 2 +- tests/e2e/support/store/keycloak.ts | 19 +- tests/e2e/support/types.ts | 1 + 12 files changed, 395 insertions(+), 67 deletions(-) create mode 100644 tests/e2e/cucumber/features/keycloak/groups.feature diff --git a/.drone.star b/.drone.star index 88496b98f79..0a0911c0d46 100644 --- a/.drone.star +++ b/.drone.star @@ -2,7 +2,7 @@ ALPINE_GIT = "alpine/git:latest" APACHE_TIKA = "apache/tika:2.8.0.0" COLLABORA_CODE = "collabora/code:24.04.5.1.1" CS3ORG_WOPI_SERVER = "cs3org/wopiserver:v10.3.0" -KEYCLOAK = "quay.io/keycloak/keycloak:24.0.1" +KEYCLOAK = "quay.io/keycloak/keycloak:25.0.0" MINIO_MC = "minio/mc:RELEASE.2021-10-07T04-19-58Z" OC_CI_ALPINE = "owncloudci/alpine:latest" OC_CI_BAZEL_BUILDIFIER = "owncloudci/bazel-buildifier" @@ -1772,7 +1772,8 @@ def keycloakService(): "detach": True, "environment": { "OCIS_DOMAIN": "ocis:9200", - "KC_HOSTNAME": "keycloak:8443", + "KC_HOSTNAME": "keycloak", + "KC_PORT": 8443, "KC_DB": "postgres", "KC_DB_URL": "jdbc:postgresql://postgres:5432/keycloak", "KC_DB_USERNAME": "keycloak", @@ -1786,7 +1787,7 @@ def keycloakService(): "commands": [ "mkdir -p /opt/keycloak/data/import", "cp tests/drone/ocis_keycloak/ocis-ci-realm.dist.json /opt/keycloak/data/import/ocis-realm.json", - "/opt/keycloak/bin/kc.sh start-dev --proxy=edge --spi-connections-http-client-default-disable-trust-manager=true --import-realm --health-enabled=true", + "/opt/keycloak/bin/kc.sh start-dev --proxy-headers xforwarded --spi-connections-http-client-default-disable-trust-manager=true --import-realm --health-enabled=true", ], "volumes": [ { @@ -1807,6 +1808,7 @@ def e2eTestsOnKeycloak(ctx): "admin-settings/spaces.feature", "admin-settings/groups.feature", "admin-settings/general.feature", + "keycloak", ] e2e_volumes = [ diff --git a/tests/drone/ocis_keycloak/ocis-ci-realm.dist.json b/tests/drone/ocis_keycloak/ocis-ci-realm.dist.json index 03dacdaa04b..846802691ff 100644 --- a/tests/drone/ocis_keycloak/ocis-ci-realm.dist.json +++ b/tests/drone/ocis_keycloak/ocis-ci-realm.dist.json @@ -38,6 +38,7 @@ "editUsernameAllowed": false, "bruteForceProtected": true, "permanentLockout": false, + "maxTemporaryLockouts": 0, "maxFailureWaitSeconds": 900, "minimumQuickLoginWaitSeconds": 60, "waitIncrementSeconds": 60, @@ -97,9 +98,15 @@ "description": "${role_default-roles}", "composite": true, "composites": { - "realm": ["offline_access", "uma_authorization"], + "realm": [ + "offline_access", + "uma_authorization" + ], "client": { - "account": ["manage-account", "view-profile"] + "account": [ + "manage-account", + "view-profile" + ] } }, "clientRole": false, @@ -125,7 +132,9 @@ "composite": true, "composites": { "client": { - "realm-management": ["query-clients"] + "realm-management": [ + "query-clients" + ] } }, "clientRole": true, @@ -289,7 +298,10 @@ "composite": true, "composites": { "client": { - "realm-management": ["query-groups", "query-users"] + "realm-management": [ + "query-groups", + "query-users" + ] } }, "clientRole": true, @@ -347,7 +359,9 @@ "composite": true, "composites": { "client": { - "account": ["manage-account-links"] + "account": [ + "manage-account-links" + ] } }, "clientRole": true, @@ -415,7 +429,9 @@ "composite": true, "composites": { "client": { - "account": ["view-consent"] + "account": [ + "view-consent" + ] } }, "clientRole": true, @@ -425,7 +441,26 @@ ] } }, - "groups": [], + "groups": [ + { + "id": "8520544b-eb76-8375-8498-fbe0e1e62a97", + "name": "keycloak sales department", + "path": "/keycloak sales department", + "subGroups": [], + "attributes": {}, + "realmRoles": [], + "clientRoles": {} + }, + { + "id": "d0a10993-e532-8498-b2b4-009f9b31d43a", + "name": "keycloak finance department", + "path": "/keycloak finance department", + "subGroups": [], + "attributes": {}, + "realmRoles": [], + "clientRoles": {} + } + ], "defaultRole": { "id": "82e13ea7-aac4-4d2c-9fc7-cff8333dbe19", "name": "default-roles-ocis", @@ -434,7 +469,9 @@ "clientRole": false, "containerId": "ownCloud Infinite Scale Test" }, - "requiredCredentials": ["password"], + "requiredCredentials": [ + "password" + ], "otpPolicyType": "totp", "otpPolicyAlgorithm": "HmacSHA1", "otpPolicyInitialCounter": 0, @@ -443,12 +480,15 @@ "otpPolicyPeriod": 30, "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName", "totpAppGoogleName", - "totpAppFreeOTPName" + "totpAppMicrosoftAuthenticatorName" ], + "localizationTexts": {}, "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": ["ES256"], + "webAuthnPolicySignatureAlgorithms": [ + "ES256" + ], "webAuthnPolicyRpId": "", "webAuthnPolicyAttestationConveyancePreference": "not specified", "webAuthnPolicyAuthenticatorAttachment": "not specified", @@ -457,8 +497,11 @@ "webAuthnPolicyCreateTimeout": 0, "webAuthnPolicyAvoidSameAuthenticatorRegister": false, "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyExtraOrigins": [], "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"], + "webAuthnPolicyPasswordlessSignatureAlgorithms": [ + "ES256" + ], "webAuthnPolicyPasswordlessRpId": "", "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", @@ -467,17 +510,18 @@ "webAuthnPolicyPasswordlessCreateTimeout": 0, "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "webAuthnPolicyPasswordlessExtraOrigins": [], "users": [ { "id": "389845cd-65b9-47fc-b723-ba75940bcbd7", - "createdTimestamp": 1611912383386, "username": "admin", - "enabled": true, - "totp": false, - "emailVerified": true, "firstName": "Admin", "lastName": "Admin", "email": "admin@example.org", + "emailVerified": true, + "createdTimestamp": 1611912383386, + "enabled": true, + "totp": false, "credentials": [ { "id": "499e0fbe-1c10-4588-9db4-e8a1012b9246", @@ -489,29 +533,49 @@ ], "disableableCredentialTypes": [], "requiredActions": [], - "realmRoles": ["uma_authorization", "ocisAdmin", "offline_access"], + "realmRoles": [ + "uma_authorization", + "ocisAdmin", + "offline_access" + ], "clientRoles": { - "account": ["manage-account", "view-profile"] + "account": [ + "manage-account", + "view-profile" + ] }, "notBefore": 0, - "groups": [] + "groups": [ + "/keycloak finance department", + "/keycloak sales department" + ] } ], "scopeMappings": [ { "clientScope": "offline_access", - "roles": ["offline_access"] + "roles": [ + "offline_access" + ] }, { "clientScope": "roles", - "roles": ["ocisSpaceAdmin", "ocisGuest", "ocisUser", "ocisAdmin"] + "roles": [ + "ocisSpaceAdmin", + "ocisGuest", + "ocisUser", + "ocisAdmin" + ] } ], "clientScopeMappings": { "account": [ { "client": "account-console", - "roles": ["manage-account", "view-groups"] + "roles": [ + "manage-account", + "view-groups" + ] } ] }, @@ -526,7 +590,9 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": ["/realms/oCIS/account/*"], + "redirectUris": [ + "/realms/oCIS/account/*" + ], "webOrigins": [], "notBefore": 0, "bearerOnly": false, @@ -544,7 +610,9 @@ "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [], + "defaultClientScopes": [ + "basic" + ], "optionalClientScopes": [] }, { @@ -557,7 +625,9 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": ["/realms/oCIS/account/*"], + "redirectUris": [ + "/realms/oCIS/account/*" + ], "webOrigins": [], "notBefore": 0, "bearerOnly": false, @@ -586,8 +656,20 @@ "config": {} } ], - "defaultClientScopes": ["web-origins", "acr", "profile", "roles", "email"], - "optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"] + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "basic", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] }, { "id": "2969b8ff-2ab3-4907-aaa7-091a7a627ccb", @@ -615,7 +697,9 @@ "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [], + "defaultClientScopes": [ + "basic" + ], "optionalClientScopes": [] }, { @@ -626,6 +710,7 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", + "secret": "3mksmxreyii6xcc6N2JRGLT4fehwE1HT", "redirectUris": [], "webOrigins": [], "notBefore": 0, @@ -639,12 +724,15 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "client.secret.creation.time": "1718778122", "post.logout.redirect.uris": "+" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [], + "defaultClientScopes": [ + "basic" + ], "optionalClientScopes": [] }, { @@ -686,8 +774,12 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": ["/admin/oCIS/console/*"], - "webOrigins": ["+"], + "redirectUris": [ + "/admin/oCIS/console/*" + ], + "webOrigins": [ + "+" + ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -722,7 +814,9 @@ } } ], - "defaultClientScopes": [], + "defaultClientScopes": [ + "basic" + ], "optionalClientScopes": [] }, { @@ -737,8 +831,12 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": ["https://ocis:9200/*"], - "webOrigins": ["https://ocis:9200"], + "redirectUris": [ + "https://ocis:9200/*" + ], + "webOrigins": [ + "https://ocis:9200" + ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -774,8 +872,20 @@ "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": true, "nodeReRegistrationTimeout": -1, - "defaultClientScopes": ["web-origins", "profile", "roles", "email"], - "optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"] + "defaultClientScopes": [ + "web-origins", + "profile", + "roles", + "groups", + "basic", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] } ], "clientScopes": [ @@ -1150,6 +1260,45 @@ } ] }, + { + "id": "c3a6224b-49aa-4a25-953d-7e326d66893d", + "name": "basic", + "description": "OpenID Connect scope for add all basic claims to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "2d4f3f17-1ab7-429e-88e1-cdf08d3533c6", + "name": "auth_time", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "AUTH_TIME", + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "auth_time", + "jsonType.label": "long" + } + }, + { + "id": "3e7da934-3de3-4bd1-a565-8ac62419c138", + "name": "sub", + "protocol": "openid-connect", + "protocolMapper": "oidc-sub-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "0c72b80b-28d5-48d8-b593-c99030aab58d", "name": "roles", @@ -1200,6 +1349,36 @@ } ] }, + { + "id": "7438d93e-b07a-4913-9419-3273be364c4b", + "name": "groups", + "description": "OpenID Connect scope for add user groups to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "true", + "gui.order": "", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "5349faf2-64a6-481f-b207-39ffef2cd597", + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-group-membership-mapper", + "consentRequired": false, + "config": { + "full.path": "false", + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "lightweight.claim": "false", + "access.token.claim": "true", + "claim.name": "groups" + } + } + ] + }, { "id": "5ce87358-3bca-4874-a6f0-6dccae6209a8", "name": "web-origins", @@ -1289,11 +1468,26 @@ ] } ], - "defaultDefaultClientScopes": ["role_list", "profile", "email", "roles", "web-origins", "acr"], - "defaultOptionalClientScopes": ["offline_access", "address", "phone", "microprofile-jwt"], + "defaultDefaultClientScopes": [ + "role_list", + "profile", + "email", + "roles", + "web-origins", + "acr", + "basic", + "groups" + ], + "defaultOptionalClientScopes": [ + "offline_access", + "address", + "phone", + "microprofile-jwt" + ], "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1302,7 +1496,9 @@ }, "smtpServer": {}, "eventsEnabled": false, - "eventsListeners": ["jboss-logging"], + "eventsListeners": [ + "jboss-logging" + ], "enabledEventTypes": [], "adminEventsEnabled": false, "adminEventsDetailsEnabled": false, @@ -1317,7 +1513,9 @@ "subType": "anonymous", "subComponents": {}, "config": { - "allow-default-scopes": ["true"] + "allow-default-scopes": [ + "true" + ] } }, { @@ -1354,7 +1552,9 @@ "subType": "authenticated", "subComponents": {}, "config": { - "allow-default-scopes": ["true"] + "allow-default-scopes": [ + "true" + ] } }, { @@ -1364,7 +1564,9 @@ "subType": "anonymous", "subComponents": {}, "config": { - "max-clients": ["200"] + "max-clients": [ + "200" + ] } }, { @@ -1402,7 +1604,9 @@ "providerId": "rsa-generated", "subComponents": {}, "config": { - "priority": ["100"] + "priority": [ + "100" + ] } }, { @@ -1411,8 +1615,12 @@ "providerId": "hmac-generated", "subComponents": {}, "config": { - "priority": ["100"], - "algorithm": ["HS256"] + "priority": [ + "100" + ], + "algorithm": [ + "HS256" + ] } }, { @@ -1421,7 +1629,9 @@ "providerId": "aes-generated", "subComponents": {}, "config": { - "priority": ["100"] + "priority": [ + "100" + ] } } ] @@ -2110,8 +2320,9 @@ "cibaInterval": "5", "realmReusableOtpCode": "false" }, - "keycloakVersion": "21.1.0", + "keycloakVersion": "25.0.0", "userManagedAccessAllowed": false, + "organizationsEnabled": false, "clientProfiles": { "profiles": [] }, diff --git a/tests/e2e/cucumber/environment/index.ts b/tests/e2e/cucumber/environment/index.ts index 1c977acc2e2..fa067c4ba77 100644 --- a/tests/e2e/cucumber/environment/index.ts +++ b/tests/e2e/cucumber/environment/index.ts @@ -23,7 +23,8 @@ import { createdGroupStore, createdUserStore, keycloakCreatedUser, - federatedUserStore + federatedUserStore, + dummyKeycloakGroupStore } from '../../support/store' import { Group, User } from '../../support/types' import { @@ -40,7 +41,6 @@ import { setAccessTokenForKeycloakOcisUser } from '../../support/api/keycloak' import { closeSSEConnections } from '../../support/environment/sse' -import { setAccessAndRefreshToken } from '../../support/api/token' export { World } @@ -89,12 +89,13 @@ Before(async function (this: World, { pickle }: ITestCaseHookParameter) { if (config.keycloak) { await setAccessTokenForKeycloakOcisUser(user) await setAccessTokenForKeycloakUser(user) + await storeKeycloakGroups(user, this.usersEnvironment) } else { - await setAccessAndRefreshToken(user) + await api.token.setAccessAndRefreshToken(user) if (isOcm(pickle)) { config.federatedServer = true // need to set tokens for federated oCIS admin - await setAccessAndRefreshToken(user) + await api.token.setAccessAndRefreshToken(user) config.federatedServer = false } } @@ -244,7 +245,9 @@ const cleanUpSpaces = async (adminUser: User) => { const cleanUpGroup = async (adminUser: User) => { const requests: Promise[] = [] createdGroupStore.forEach((group) => { - requests.push(api.graph.deleteGroup({ group, admin: adminUser })) + if (!group.id.startsWith('keycloak')) { + requests.push(api.graph.deleteGroup({ group, admin: adminUser })) + } }) await Promise.all(requests) @@ -258,3 +261,17 @@ const isOcm = (pickle): boolean => { } return false } + +/* + store group created from keycloak on store + */ +const storeKeycloakGroups = async (adminUser: User, usersEnvironment) => { + const groups = await api.graph.getGroups(adminUser) + + dummyKeycloakGroupStore.forEach((dummyGroup) => { + const matchingGroup = groups.find((group) => group.displayName === dummyGroup.displayName) + if (matchingGroup) { + usersEnvironment.storeCreatedGroup({ group: { ...dummyGroup, uuid: matchingGroup.id } }) + } + }) +} diff --git a/tests/e2e/cucumber/features/keycloak/groups.feature b/tests/e2e/cucumber/features/keycloak/groups.feature new file mode 100644 index 00000000000..2cc62af8899 --- /dev/null +++ b/tests/e2e/cucumber/features/keycloak/groups.feature @@ -0,0 +1,67 @@ +Feature: groups management + As a user + I want to manage all group-related operations using ownCloud Web + So that I can ensure all group-related operations work correctly with Keycloak integration + # For synchronization-related details, see https://owncloud.dev/services/proxy/#claim-updates + + + Scenario: keycloak group sync with oCIS + Given "Admin" creates following user using API + | id | + | Alice | + | Brian | + And "Alice" creates the following files into personal space using API + | pathToFile | content | + | shareToSales.txt | Keycloak group share | + | shareToSecurity.txt | Keycloak group share | + + When "Admin" logs in + And "Admin" opens the "admin-settings" app + And "Admin" navigates to the groups management page + When "Admin" creates the following groups + | id | + | security | + | sales | + Then "Admin" should see the following group + | group | + | security | + | keycloak sales | + | keycloak finance | + + When "Admin" navigates to the users management page + And "Admin" adds the user "Brian" to the groups "security,keycloak sales" using the sidebar panel + And "Admin" logs out + + And "Alice" logs in + And "Alice" shares the following resource using the sidebar panel + | resource | recipient | type | role | resourceType | + | shareToSales.txt | keycloak sales | group | Can edit | file | + | shareToSecurity.txt | security | group | Can edit | file | + And "Alice" logs out + + And "Brian" logs in + And "Brian" navigates to the shared with me page + # user should have access to unsynced shares + When "Brian" opens the following file in texteditor + | resource | + | shareToSales.txt | + And "Brian" closes the file viewer + And "Brian" edits the following resources + | resource | content | + | shareToSecurity.txt | new content | + And "Brian" logs out + + When "Admin" logs in + And "Admin" opens the "admin-settings" app + And "Admin" navigates to the groups management page + # Renaming a Keycloak group results in the creation of a new group on the oCIS server (see https://github.com/owncloud/ocis/issues/10445). + # After renaming a group, it may take up to 5 minutes for the changes to sync, so avoid using the renamed group in the subsequent steps. + And "Admin" changes displayName to "a renamed group" for group "keycloak finance" using the sidebar panel + + When "Admin" deletes the following group using the context menu + | group | + | sales | + Then "Admin" should not see the following group + | group | + | sales | + And "Admin" logs out diff --git a/tests/e2e/support/api/graph/index.ts b/tests/e2e/support/api/graph/index.ts index 89858043e1d..9729c209405 100644 --- a/tests/e2e/support/api/graph/index.ts +++ b/tests/e2e/support/api/graph/index.ts @@ -6,6 +6,7 @@ export { deleteGroup, addUserToGroup, assignRole, - getUserId + getUserId, + getGroups } from './userManagement' export { createSpace, disableSpace, deleteSpace, getSpaceIdBySpaceName } from './spaces' diff --git a/tests/e2e/support/api/graph/userManagement.ts b/tests/e2e/support/api/graph/userManagement.ts index a9552db2a52..eef078aff68 100644 --- a/tests/e2e/support/api/graph/userManagement.ts +++ b/tests/e2e/support/api/graph/userManagement.ts @@ -7,6 +7,10 @@ import { userRoleStore } from '../../store' import { UsersEnvironment } from '../../environment' import { setAccessAndRefreshToken } from '../token' +interface GroupResponse { + value: Group[] +} + export const me = async ({ user }: { user: User }): Promise => { const response = await request({ method: 'GET', @@ -160,3 +164,13 @@ export const assignRole = async (admin: User, id: string, role: string): Promise }) checkResponseStatus(response, 'Failed while assigning role to the user') } + +export const getGroups = async (adminUser: User): Promise => { + const response = await request({ + method: 'GET', + path: join('graph', 'v1.0', 'groups'), + user: adminUser + }) + const data = (await response.json()) as GroupResponse + return data.value +} diff --git a/tests/e2e/support/api/index.ts b/tests/e2e/support/api/index.ts index f3c0c5a7336..621b32c38a3 100644 --- a/tests/e2e/support/api/index.ts +++ b/tests/e2e/support/api/index.ts @@ -5,3 +5,4 @@ export * as share from './share' export * as keycloak from './keycloak' export * as provision from './provision' export * as settings from './userSettings' +export * as token from './token' diff --git a/tests/e2e/support/api/token/index.ts b/tests/e2e/support/api/token/index.ts index 9c56149efa5..02cfc6356db 100644 --- a/tests/e2e/support/api/token/index.ts +++ b/tests/e2e/support/api/token/index.ts @@ -1 +1 @@ -export * from './utils' +export { setAccessAndRefreshToken } from './utils' diff --git a/tests/e2e/support/environment/userManagement.ts b/tests/e2e/support/environment/userManagement.ts index b55a04b457b..deb540c2e2e 100644 --- a/tests/e2e/support/environment/userManagement.ts +++ b/tests/e2e/support/environment/userManagement.ts @@ -5,7 +5,8 @@ import { createdUserStore, createdGroupStore, keycloakCreatedUser, - federatedUserStore + federatedUserStore, + dummyKeycloakGroupStore } from '../store' import { config } from '../../config' @@ -75,21 +76,17 @@ export class UsersEnvironment { getGroup({ key }: { key: string }): Group { const groupKey = key.toLowerCase() + const store = groupKey.startsWith('keycloak') ? dummyKeycloakGroupStore : dummyGroupStore - if (!dummyGroupStore.has(groupKey)) { + if (!store.has(groupKey)) { throw new Error(`group with key '${groupKey}' not found`) } - return dummyGroupStore.get(groupKey) + return store.get(groupKey) } getCreatedGroup({ key }: { key: string }): Group { const groupKey = key.toLowerCase() - - if (!createdGroupStore.has(groupKey)) { - throw new Error(`group with key '${groupKey}' not found`) - } - return createdGroupStore.get(groupKey) } diff --git a/tests/e2e/support/store/index.ts b/tests/e2e/support/store/index.ts index 6497a2a3c5e..bc74e817d90 100644 --- a/tests/e2e/support/store/index.ts +++ b/tests/e2e/support/store/index.ts @@ -4,5 +4,5 @@ export { createdSpaceStore } from './space' export { dummyUserStore, createdUserStore, federatedUserStore } from './user' export { dummyGroupStore, createdGroupStore } from './group' export { userRoleStore } from './role' -export { keycloakRealmRoles, keycloakCreatedUser } from './keycloak' +export { keycloakRealmRoles, keycloakCreatedUser, dummyKeycloakGroupStore } from './keycloak' export { federatedInvitationCode } from './invitation' diff --git a/tests/e2e/support/store/keycloak.ts b/tests/e2e/support/store/keycloak.ts index 54004808630..ba35b8c5cf1 100644 --- a/tests/e2e/support/store/keycloak.ts +++ b/tests/e2e/support/store/keycloak.ts @@ -1,4 +1,21 @@ -import { KeycloakRealmRole, User } from '../types' +import { KeycloakRealmRole, User, Group } from '../types' export const keycloakRealmRoles = new Map() export const keycloakCreatedUser = new Map() + +export const dummyKeycloakGroupStore = new Map([ + [ + 'keycloak sales', + { + id: 'keycloak sales', + displayName: 'keycloak sales department' + } + ], + [ + 'keycloak finance', + { + id: 'keycloak finance', + displayName: 'keycloak finance department' + } + ] +]) diff --git a/tests/e2e/support/types.ts b/tests/e2e/support/types.ts index 590f5b62d50..a754104fa8f 100644 --- a/tests/e2e/support/types.ts +++ b/tests/e2e/support/types.ts @@ -46,6 +46,7 @@ export interface Group { uuid?: string id: string displayName: string + groupTypes?: string[] } export interface Token {