KEYCLOAK-11779 Make feature controller which takes care of enabling/disabling features including restarting container if needed

This commit is contained in:
mhajas 2019-10-23 17:35:35 +02:00 committed by Hynek Mlnařík
parent 0e172d1632
commit b74f69c5ac
39 changed files with 426 additions and 343 deletions

View file

@ -92,6 +92,10 @@ import javax.ws.rs.core.Context;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.Response;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.text.ParseException;
@ -101,6 +105,7 @@ import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@ -831,6 +836,25 @@ public class TestingResourceProvider implements RealmResourceProvider {
return new TestJavascriptResource();
}
private void setFeatureInProfileFile(File file, Profile.Feature featureProfile, String newState) {
Properties properties = new Properties();
if (file.isFile() && file.exists()) {
try (FileInputStream fis = new FileInputStream(file)) {
properties.load(fis);
} catch (IOException e) {
throw new RuntimeException("Unable to read profile.properties file");
}
}
properties.setProperty("feature." + featureProfile.toString().toLowerCase(), newState);
try (FileOutputStream fos = new FileOutputStream(file)) {
properties.store(fos, null);
} catch (IOException e) {
throw new RuntimeException("Unable to write to profile.properties file");
}
}
@POST
@Path("/enable-feature/{feature}")
@Consumes(MediaType.APPLICATION_JSON)
@ -848,6 +872,13 @@ public class TestingResourceProvider implements RealmResourceProvider {
return Response.ok().build();
System.setProperty("keycloak.profile.feature." + featureProfile.toString().toLowerCase(), "enabled");
String jbossServerConfigDir = System.getProperty("jboss.server.config.dir");
// If we are in jboss-based container, we need to write profile.properties file, otherwise the change in system property will disappear after restart
if (jbossServerConfigDir != null) {
setFeatureInProfileFile(new File(jbossServerConfigDir, "profile.properties"), featureProfile, "enabled");
}
Profile.init();
if (Profile.isFeatureEnabled(featureProfile))
@ -873,6 +904,13 @@ public class TestingResourceProvider implements RealmResourceProvider {
return Response.ok().build();
System.getProperties().remove("keycloak.profile.feature." + featureProfile.toString().toLowerCase());
String jbossServerConfigDir = System.getProperty("jboss.server.config.dir");
// If we are in jboss-based container, we need to write profile.properties file, otherwise the change in system property will disappear after restart
if (jbossServerConfigDir != null) {
setFeatureInProfileFile(new File(jbossServerConfigDir, "profile.properties"), featureProfile, "disabled");
}
Profile.init();
if (!Profile.isFeatureEnabled(featureProfile))

View file

@ -76,7 +76,7 @@ public class ProfileAssume {
Assume.assumeTrue("Ignoring test as community profile is not enabled", profile.equals("community"));
}
private static boolean isFeatureEnabled(Profile.Feature feature) {
public static boolean isFeatureEnabled(Profile.Feature feature) {
updateProfile();
return !disabledFeatures.contains(feature.name());
}

View file

@ -149,6 +149,10 @@ public final class TestContext {
}
public KeycloakTestingClient getTestingClient() {
if (testingClient == null) {
String authServerContextRoot = suiteContext.getAuthServerInfo().getContextRoot().toString();
testingClient = KeycloakTestingClient.getInstance(authServerContextRoot + "/auth");
}
return testingClient;
}

View file

@ -0,0 +1,23 @@
package org.keycloak.testsuite.arquillian.annotation;
import org.keycloak.common.Profile;
import java.lang.annotation.ElementType;
import java.lang.annotation.Inherited;
import java.lang.annotation.Repeatable;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
/**
* @author mhajas
*/
@Retention(RUNTIME)
@Target({ElementType.TYPE, ElementType.METHOD})
@Repeatable(DisableFeatures.class)
@Inherited
public @interface DisableFeature {
Profile.Feature value();
boolean skipRestart() default false;
}

View file

@ -0,0 +1,18 @@
package org.keycloak.testsuite.arquillian.annotation;
import java.lang.annotation.ElementType;
import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
/**
* @author mhajas
*/
@Retention(RUNTIME)
@Inherited
@Target({ElementType.TYPE, ElementType.METHOD})
public @interface DisableFeatures {
DisableFeature[] value() default {};
}

View file

@ -0,0 +1,23 @@
package org.keycloak.testsuite.arquillian.annotation;
import org.keycloak.common.Profile;
import java.lang.annotation.ElementType;
import java.lang.annotation.Inherited;
import java.lang.annotation.Repeatable;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
/**
* @author mhajas
*/
@Retention(RUNTIME)
@Target({ElementType.TYPE, ElementType.METHOD})
@Repeatable(EnableFeatures.class)
@Inherited
public @interface EnableFeature {
Profile.Feature value();
boolean skipRestart() default false;
}

View file

@ -0,0 +1,19 @@
package org.keycloak.testsuite.arquillian.annotation;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
/**
* @author mhajas
*/
@Retention(RUNTIME)
@Inherited
@Target({ElementType.TYPE, ElementType.METHOD})
public @interface EnableFeatures {
EnableFeature[] value() default {};
}

View file

@ -52,9 +52,4 @@ public @interface RestartContainer {
* @return Wait time in milliseconds after database initialization.
*/
long intializeDatabaseWait() default 0;
/**
* @return Array of features, which should be enabled.
*/
Profile.Feature[] enableFeatures() default {};
}

View file

@ -140,14 +140,6 @@ public class KeycloakContainerEventsController extends ContainerEventController
if (restartContainer.withoutKeycloakAddUserFile()) {
copyKeycloakAddUserFile();
}
if (restartContainer.enableFeatures().length != 0) {
changeStateOfFeatures(restartContainer, false);
// Auth-server has to be restarted again. If not, the features will not to be disabled.
container.fire(new StopManualContainers());
container.fire(new StopSuiteContainers());
container.fire(new StartSuiteContainers());
}
}
/**
@ -158,10 +150,6 @@ public class KeycloakContainerEventsController extends ContainerEventController
if (restartContainer.withoutKeycloakAddUserFile()) {
removeKeycloakAddUserFile();
}
if (restartContainer.enableFeatures().length != 0) {
changeStateOfFeatures(restartContainer, true);
}
}
/**
@ -263,81 +251,4 @@ public class KeycloakContainerEventsController extends ContainerEventController
}
}
}
/**
* Change state of features, which are contained in {@code enableFeatures} param.
* This method either enable or disable features.
* If auth-server is JBossBased, then the features are either enabled or disabled via {@code profile.properties}.
*
* @param restartContainer to pass more information from test annotation.
* @param enableFeatures if the features will be enabled or disabled.
*/
private void changeStateOfFeatures(RestartContainer restartContainer, boolean enableFeatures) {
Optional<Container> authServerOptional = containerRegistry.get().getContainers().stream()
.filter(f -> f.getName().startsWith("auth-server-")).findFirst();
if (authServerOptional.isPresent()) {
Container authServer = authServerOptional.get();
boolean isJbossBased = new ContainerInfo(authServer).isJBossBased();
if (isJbossBased) {
ContainerDef conf = authServer.getContainerConfiguration();
String jbossHome = conf.getContainerProperty("jbossHome");
Path fileProps = null;
if (jbossHome != null) {
try {
Path dir = Paths.get(jbossHome + "/standalone/configuration");
fileProps = dir.resolve("profile.properties");
if (enableFeatures) {
Path file = Files.createFile(fileProps);
Properties props = new Properties();
Arrays.stream(restartContainer.enableFeatures()).forEach(f -> props.setProperty("feature." + f.toString().toLowerCase(), "enabled"));
PrintWriter pw = new PrintWriter(file.toFile());
props.list(pw);
pw.close();
} else {
Files.deleteIfExists(fileProps);
}
} catch (FileAlreadyExistsException ex) {
changeFeaturesInExistingProps(restartContainer, fileProps, true);
} catch (IOException e) {
e.printStackTrace();
}
}
} else {
if (enableFeatures) {
Arrays.stream(restartContainer.enableFeatures())
.forEach(f -> System.setProperty("keycloak.profile.feature." + f.toString().toLowerCase(), "enabled"));
} else {
Arrays.stream(restartContainer.enableFeatures())
.forEach(f -> System.getProperties().remove("keycloak.profile.feature." + f.toString().toLowerCase()));
}
}
Profile.init();
}
}
/**
* If exists {@code profile.properties} file, then another properties are only appended to the file.
*
* @param restartContainer to pass more information from test annotation
* @param file path to profile.properties
* @param enableFeatures if features will be enabled or disabled
*/
private void changeFeaturesInExistingProps(RestartContainer restartContainer, Path file, boolean enableFeatures) {
Profile.Feature[] features = restartContainer.enableFeatures();
String state = enableFeatures ? "enabled" : "disabled";
if (features.length != 0) {
Properties props = new Properties();
try {
props.load(Files.newBufferedReader(file));
Arrays.stream(features).forEach(f -> props.setProperty("feature." + f.toString().toLowerCase(), state));
props.store(Files.newBufferedWriter(file), "");
} catch (IOException e) {
e.printStackTrace();
}
}
}
}

View file

@ -0,0 +1,175 @@
package org.keycloak.testsuite.arquillian.containers;
import org.jboss.arquillian.container.spi.event.ContainerMultiControlEvent;
import org.jboss.arquillian.container.spi.event.StartClassContainers;
import org.jboss.arquillian.container.spi.event.StartContainer;
import org.jboss.arquillian.container.spi.event.StartSuiteContainers;
import org.jboss.arquillian.container.spi.event.StopContainer;
import org.jboss.arquillian.container.spi.event.StopManualContainers;
import org.jboss.arquillian.container.spi.event.StopSuiteContainers;
import org.jboss.arquillian.core.api.Event;
import org.jboss.arquillian.core.api.Instance;
import org.jboss.arquillian.core.api.annotation.Inject;
import org.jboss.arquillian.core.api.annotation.Observes;
import org.jboss.arquillian.test.spi.event.suite.After;
import org.jboss.arquillian.test.spi.event.suite.AfterClass;
import org.jboss.arquillian.test.spi.event.suite.Before;
import org.jboss.arquillian.test.spi.event.suite.BeforeClass;
import org.keycloak.common.Profile;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
import org.keycloak.testsuite.arquillian.SuiteContext;
import org.keycloak.testsuite.arquillian.TestContext;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.arquillian.annotation.DisableFeatures;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.arquillian.annotation.EnableFeatures;
import org.keycloak.testsuite.client.KeycloakTestingClient;
import org.wildfly.extras.creaper.core.online.OnlineManagementClient;
import org.wildfly.extras.creaper.core.online.operations.admin.Administration;
import java.lang.reflect.AnnotatedElement;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.function.BiConsumer;
import java.util.stream.Collectors;
import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.assertThat;
import static org.keycloak.testsuite.arquillian.AuthServerTestEnricher.getManagementClient;
/**
* @author mhajas
*/
public class KeycloakContainerFeaturesController {
@Inject
private Instance<TestContext> testContextInstance;
@Inject
private Instance<SuiteContext> suiteContextInstance;
@Inject
private Event<StartContainer> startContainerEvent;
@Inject
private Event<StopContainer> stopContainerEvent;
public enum FeatureAction {
ENABLE(KeycloakTestingClient::enableFeature),
DISABLE(KeycloakTestingClient::disableFeature);
private BiConsumer<KeycloakTestingClient, Profile.Feature> featureConsumer;
FeatureAction(BiConsumer<KeycloakTestingClient, Profile.Feature> featureConsumer) {
this.featureConsumer = featureConsumer;
}
public void accept(KeycloakTestingClient testingClient, Profile.Feature feature) {
featureConsumer.accept(testingClient, feature);
}
}
public enum State {
BEFORE,
AFTER
}
private class UpdateFeature {
private Profile.Feature feature;
private boolean skipRestart;
private FeatureAction action;
public UpdateFeature(Profile.Feature feature, boolean skipRestart, FeatureAction action) {
this.feature = feature;
this.skipRestart = skipRestart;
this.action = action;
}
/**
* All features we want to enable/disable must be disabled/enabled
* otherwise at the end of a test the environment will be in an inconsistent state because we would disable/enable
* some feature which was enabled/disabled before test
*
*/
private void assertValid() {
assertThat("An annotation requested to " + action.name()
+ " feature " + feature.name() + " however it was already in that state" ,
ProfileAssume.isFeatureEnabled(feature),
is(!(action == FeatureAction.ENABLE)));
}
private void assertPerformed() {
assertThat("An annotation requested to " + action.name() +
" feature " + feature.name() + ", however after performing this operation " +
"the feature is not in desired state" ,
ProfileAssume.isFeatureEnabled(feature),
is(action == FeatureAction.ENABLE));
}
public void performAction() {
assertValid();
action.accept(testContextInstance.get().getTestingClient(), feature);
}
}
public void restartAuthServer() throws Exception {
if (AuthServerTestEnricher.AUTH_SERVER_CONTAINER.equals("auth-server-remote")) {
OnlineManagementClient client = getManagementClient();
Administration administration = new Administration(client);
administration.reload();
client.close();
} else {
stopContainerEvent.fire(new StopContainer(suiteContextInstance.get().getAuthServerInfo().getArquillianContainer()));
startContainerEvent.fire(new StartContainer(suiteContextInstance.get().getAuthServerInfo().getArquillianContainer()));
}
}
private void updateFeatures(List<UpdateFeature> updateFeatures) throws Exception {
updateFeatures.forEach(UpdateFeature::performAction);
if (updateFeatures.stream().anyMatch(updateFeature -> !updateFeature.skipRestart)) {
restartAuthServer();
testContextInstance.get().reconnectAdminClient();
}
updateFeatures.forEach(UpdateFeature::assertPerformed);
}
private void checkAnnotatedElementForFeatureAnnotations(AnnotatedElement annotatedElement, State state) throws Exception {
List<UpdateFeature> updateFeatureList = new ArrayList<>(0);
if (annotatedElement.isAnnotationPresent(EnableFeatures.class) || annotatedElement.isAnnotationPresent(EnableFeature.class)) {
updateFeatureList.addAll(Arrays.stream(annotatedElement.getAnnotationsByType(EnableFeature.class))
.map(annotation -> new UpdateFeature(annotation.value(), annotation.skipRestart(),
state == State.BEFORE ? FeatureAction.ENABLE : FeatureAction.DISABLE))
.collect(Collectors.toList()));
}
if (annotatedElement.isAnnotationPresent(DisableFeatures.class) || annotatedElement.isAnnotationPresent(DisableFeature.class)) {
updateFeatureList.addAll(Arrays.stream(annotatedElement.getAnnotationsByType(DisableFeature.class))
.map(annotation -> new UpdateFeature(annotation.value(), annotation.skipRestart(),
state == State.BEFORE ? FeatureAction.DISABLE : FeatureAction.ENABLE))
.collect(Collectors.toList()));
}
if (!updateFeatureList.isEmpty()) {
updateFeatures(updateFeatureList);
}
}
public void handleEnableFeaturesAnnotationBeforeClass(@Observes(precedence = 1) BeforeClass event) throws Exception {
checkAnnotatedElementForFeatureAnnotations(event.getTestClass().getJavaClass(), State.BEFORE);
}
public void handleEnableFeaturesAnnotationBeforeTest(@Observes(precedence = 1) Before event) throws Exception {
checkAnnotatedElementForFeatureAnnotations(event.getTestMethod(), State.BEFORE);
}
public void handleEnableFeaturesAnnotationAfterTest(@Observes(precedence = 2) After event) throws Exception {
checkAnnotatedElementForFeatureAnnotations(event.getTestMethod(), State.AFTER);
}
public void handleEnableFeaturesAnnotationAfterClass(@Observes(precedence = 2) AfterClass event) throws Exception {
checkAnnotatedElementForFeatureAnnotations(event.getTestClass().getJavaClass(), State.AFTER);
}
}

View file

@ -112,6 +112,7 @@ public class KeycloakContainerTestExtension implements LoadableExtension {
.observer(RemoteTestExecuter.class)
.observer(DeploymentCommandObserver.class)
.observer(ContainerCommandObserver.class)
.observer(RemoteResourceCommandObserver.class);
.observer(RemoteResourceCommandObserver.class)
.observer(KeycloakContainerFeaturesController.class);
}
}

View file

@ -19,10 +19,12 @@ package org.keycloak.testsuite.client;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
import javax.ws.rs.core.Response;
import org.jboss.resteasy.client.jaxrs.ResteasyClient;
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
import org.jboss.resteasy.client.jaxrs.ResteasyWebTarget;
import org.keycloak.common.Profile;
import org.keycloak.testsuite.client.resources.TestApplicationResource;
import org.keycloak.testsuite.client.resources.TestExampleCompanyResource;
import org.keycloak.testsuite.client.resources.TestSamlApplicationResource;
@ -31,6 +33,8 @@ import org.keycloak.testsuite.runonserver.*;
import org.keycloak.testsuite.util.AdminClientUtil;
import org.keycloak.util.JsonSerialization;
import static org.junit.Assert.assertEquals;
/**
* @author <a href="mailto:mstrukel@redhat.com">Marko Strukelj</a>
*/
@ -71,6 +75,18 @@ public class KeycloakTestingClient implements AutoCloseable {
return target.path("/realms/" + realm).proxy(TestingResource.class);
}
public void enableFeature(Profile.Feature feature) {
try (Response response = testing().enableFeature(feature.toString())) {
assertEquals(200, response.getStatus());
}
}
public void disableFeature(Profile.Feature feature) {
try (Response response = testing().disableFeature(feature.toString())) {
assertEquals(200, response.getStatus());
}
}
public TestApplicationResource testApp() { return target.proxy(TestApplicationResource.class); }
public TestSamlApplicationResource testSamlApp() { return target.proxy(TestSamlApplicationResource.class); }

View file

@ -152,7 +152,6 @@ public abstract class AbstractKeycloakTest {
private PropertiesConfiguration constantsProperties;
private boolean resetTimeOffset;
private List<Profile.Feature> enabledFeatures = new ArrayList<>();
@Before
public void beforeAbstractKeycloakTest() throws Exception {
@ -230,10 +229,6 @@ public abstract class AbstractKeycloakTest {
testContext.getCleanups().clear();
}
for (Profile.Feature feature : enabledFeatures) {
disableFeature(feature);
}
postAfterAbstractKeycloak();
// Remove all browsers from queue
@ -329,11 +324,6 @@ public abstract class AbstractKeycloakTest {
public KeycloakTestingClient getTestingClient() {
if (testingClient == null) {
testingClient = testContext.getTestingClient();
if (testingClient == null) {
String authServerContextRoot = suiteContext.getAuthServerInfo().getContextRoot().toString();
testingClient = KeycloakTestingClient.getInstance(authServerContextRoot + "/auth");
testContext.setTestingClient(testingClient);
}
}
return testingClient;
}
@ -639,17 +629,4 @@ public abstract class AbstractKeycloakTest {
}
return in;
}
protected void enableFeature(Profile.Feature feature) {
enabledFeatures.add(feature);
try (Response response = getTestingClient().testing().enableFeature(feature.toString())) {
assertEquals(200, response.getStatus());
}
}
protected void disableFeature(Profile.Feature feature) {
try (Response response = getTestingClient().testing().disableFeature(feature.toString())) {
assertEquals(200, response.getStatus());
}
}
}

View file

@ -19,7 +19,6 @@ package org.keycloak.testsuite.account;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.fail;
import static org.keycloak.common.Profile.Feature.ACCOUNT_API;
import static org.keycloak.testsuite.ProfileAssume.assumeFeatureEnabled;
import javax.ws.rs.core.Response;
import java.io.IOException;
@ -31,17 +30,21 @@ import org.apache.http.impl.client.HttpClientBuilder;
import org.junit.After;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.representations.account.SessionRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.util.TokenUtil;
import org.keycloak.testsuite.util.UserBuilder;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
@EnableFeature(value = ACCOUNT_API, skipRestart = true)
public abstract class AbstractRestServiceTest extends AbstractTestRealmKeycloakTest {
@Rule
@ -55,34 +58,17 @@ public abstract class AbstractRestServiceTest extends AbstractTestRealmKeycloakT
@Before
public void before() {
httpClient = HttpClientBuilder.create().build();
try {
checkIfFeatureWorks(false);
Response response = testingClient.testing().enableFeature(ACCOUNT_API.toString());
assertEquals(200, response.getStatus());
assumeFeatureEnabled(ACCOUNT_API);
checkIfFeatureWorks(true);
} catch (Exception e) {
disableFeature();
throw e;
}
}
@After
public void after() {
try {
disableFeature();
httpClient.close();
} catch (IOException e) {
throw new RuntimeException(e);
}
}
private void disableFeature() {
Response response = testingClient.testing().disableFeature(ACCOUNT_API.toString());
assertEquals(200, response.getStatus());
checkIfFeatureWorks(false);
}
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
testRealm.getUsers().add(UserBuilder.create().username("no-account-access").password("password").build());
@ -96,6 +82,12 @@ public abstract class AbstractRestServiceTest extends AbstractTestRealmKeycloakT
return suiteContext.getAuthServerInfo().getContextRoot().toString() + "/auth/realms/test/account" + (resource != null ? "/" + resource : "");
}
@Test
@DisableFeature(value = ACCOUNT_API, skipRestart = true)
public void testFeatureDoesntWorkWhenDisabled() {
checkIfFeatureWorks(false);
}
// Check if the feature really works
private void checkIfFeatureWorks(boolean shouldWorks) {
try {

View file

@ -30,6 +30,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.resources.account.AccountCredentialResource;
import org.keycloak.services.resources.account.AccountCredentialResource.PasswordUpdate;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.util.TokenUtil;
import java.io.IOException;
@ -41,7 +42,6 @@ import java.util.Map;
import static org.hamcrest.Matchers.containsInAnyOrder;
import static org.junit.Assert.*;
import static org.keycloak.common.Profile.Feature.ACCOUNT_API;
import static org.keycloak.testsuite.ProfileAssume.assumeFeatureEnabled;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@ -191,8 +191,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test
public void testProfilePreviewPermissions() throws IOException {
assumeFeatureEnabled(ACCOUNT_API);
TokenUtil noaccessToken = new TokenUtil("no-account-access", "password");
TokenUtil viewToken = new TokenUtil("view-account-access", "password");
@ -219,15 +217,11 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test
public void testGetPasswordDetails() throws IOException {
assumeFeatureEnabled(ACCOUNT_API);
getPasswordDetails();
}
@Test
public void testPostPasswordUpdate() throws IOException {
assumeFeatureEnabled(ACCOUNT_API);
//Get the time of lastUpdate
AccountCredentialResource.PasswordDetails initialDetails = getPasswordDetails();
@ -251,8 +245,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test
public void testPasswordConfirmation() throws IOException {
assumeFeatureEnabled(ACCOUNT_API);
updatePassword("password", "Str0ng3rP4ssw0rd", "confirmationDoesNotMatch", 400);
updatePassword("password", "Str0ng3rP4ssw0rd", "Str0ng3rP4ssw0rd", 200);
@ -294,8 +286,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test
public void listApplications() throws IOException {
assumeFeatureEnabled(ACCOUNT_API);
TokenUtil token = new TokenUtil("view-applications-access", "password");
List<ClientRepresentation> applications = SimpleHttp
.doGet(getAccountUrl("applications"), httpClient)
@ -308,8 +298,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test
public void listApplicationsWithoutPermission() throws IOException {
assumeFeatureEnabled(ACCOUNT_API);
TokenUtil token = new TokenUtil("view-account-access", "password");
SimpleHttp.Response response = SimpleHttp
.doGet(getAccountUrl("applications"), httpClient)
@ -321,8 +309,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test
public void getWebConsoleApplication() throws IOException {
assumeFeatureEnabled(ACCOUNT_API);
TokenUtil token = new TokenUtil("view-applications-access", "password");
String appId = "security-admin-console";
ClientRepresentation webConsole = SimpleHttp
@ -335,8 +321,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test
public void getWebConsoleApplicationWithoutPermission() throws IOException {
assumeFeatureEnabled(ACCOUNT_API);
TokenUtil token = new TokenUtil("view-account-access", "password");
String appId = "security-admin-console";
SimpleHttp.Response response = SimpleHttp
@ -349,8 +333,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test
public void getNotExistingApplication() throws IOException {
assumeFeatureEnabled(ACCOUNT_API);
TokenUtil token = new TokenUtil("view-applications-access", "password");
String appId = "not-existing";
SimpleHttp.Response response = SimpleHttp
@ -363,8 +345,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test
public void createConsentForClient() throws IOException {
assumeFeatureEnabled(ACCOUNT_API);
TokenUtil token = new TokenUtil("manage-consent-access", "password");
String appId = "security-admin-console";
@ -389,8 +369,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test
public void updateConsentForClient() throws IOException {
assumeFeatureEnabled(ACCOUNT_API);
TokenUtil token = new TokenUtil("manage-consent-access", "password");
String appId = "security-admin-console";
@ -435,8 +413,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test
public void createConsentForNotExistingClient() throws IOException {
assumeFeatureEnabled(ACCOUNT_API);
TokenUtil token = new TokenUtil("manage-consent-access", "password");
String appId = "not-existing";
@ -459,8 +435,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test
public void createConsentForClientWithoutPermission() throws IOException {
assumeFeatureEnabled(ACCOUNT_API);
TokenUtil token = new TokenUtil("view-consent-access", "password");
String appId = "security-admin-console";
@ -483,8 +457,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test
public void createConsentForClientWithPut() throws IOException {
assumeFeatureEnabled(ACCOUNT_API);
TokenUtil token = new TokenUtil("manage-consent-access", "password");
String appId = "security-admin-console";
@ -509,8 +481,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test
public void updateConsentForClientWithPut() throws IOException {
assumeFeatureEnabled(ACCOUNT_API);
TokenUtil token = new TokenUtil("manage-consent-access", "password");
String appId = "security-admin-console";
@ -555,8 +525,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test
public void createConsentForNotExistingClientWithPut() throws IOException {
assumeFeatureEnabled(ACCOUNT_API);
TokenUtil token = new TokenUtil("manage-consent-access", "password");
String appId = "not-existing";
@ -579,8 +547,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test
public void createConsentForClientWithoutPermissionWithPut() throws IOException {
assumeFeatureEnabled(ACCOUNT_API);
TokenUtil token = new TokenUtil("view-consent-access", "password");
String appId = "security-admin-console";
@ -603,8 +569,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test
public void getConsentForClient() throws IOException {
assumeFeatureEnabled(ACCOUNT_API);
TokenUtil token = new TokenUtil("manage-consent-access", "password");
String appId = "security-admin-console";
@ -638,8 +602,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test
public void getConsentForNotExistingClient() throws IOException {
assumeFeatureEnabled(ACCOUNT_API);
TokenUtil token = new TokenUtil("view-consent-access", "password");
String appId = "not-existing";
SimpleHttp.Response response = SimpleHttp
@ -652,8 +614,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test
public void getNotExistingConsentForClient() throws IOException {
assumeFeatureEnabled(ACCOUNT_API);
TokenUtil token = new TokenUtil("view-consent-access", "password");
String appId = "security-admin-console";
SimpleHttp.Response response = SimpleHttp
@ -666,8 +626,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test
public void getConsentWithoutPermission() throws IOException {
assumeFeatureEnabled(ACCOUNT_API);
TokenUtil token = new TokenUtil("view-applications-access", "password");
String appId = "security-admin-console";
SimpleHttp.Response response = SimpleHttp
@ -680,8 +638,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test
public void deleteConsentForClient() throws IOException {
assumeFeatureEnabled(ACCOUNT_API);
TokenUtil token = new TokenUtil("manage-consent-access", "password");
String appId = "security-admin-console";
@ -720,8 +676,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test
public void deleteConsentForNotExistingClient() throws IOException {
assumeFeatureEnabled(ACCOUNT_API);
TokenUtil token = new TokenUtil("manage-consent-access", "password");
String appId = "not-existing";
SimpleHttp.Response response = SimpleHttp
@ -735,8 +689,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test
public void deleteConsentWithoutPermission() throws IOException {
assumeFeatureEnabled(ACCOUNT_API);
TokenUtil token = new TokenUtil("view-consent-access", "password");
String appId = "security-admin-console";
SimpleHttp.Response response = SimpleHttp

View file

@ -21,7 +21,6 @@ import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;
import static org.keycloak.common.Profile.Feature.ACCOUNT_API;
import static org.keycloak.testsuite.ProfileAssume.assumeFeatureEnabled;
import java.io.IOException;
import java.util.List;
@ -96,8 +95,6 @@ public class SessionRestServiceTest extends AbstractRestServiceTest {
@Test
public void testProfilePreviewPermissions() throws IOException {
assumeFeatureEnabled(ACCOUNT_API);
TokenUtil noaccessToken = new TokenUtil("no-account-access", "password");
TokenUtil viewToken = new TokenUtil("view-account-access", "password");
@ -124,13 +121,6 @@ public class SessionRestServiceTest extends AbstractRestServiceTest {
.auth(viewToken.getToken()).asStatus());
}
@Before
@Override
public void before() {
super.before();
assumeFeatureEnabled(ACCOUNT_API);
}
@Test
public void testGetSessions() throws Exception {
oauth.setDriver(secondBrowser);
@ -364,8 +354,8 @@ public class SessionRestServiceTest extends AbstractRestServiceTest {
assertEquals("Other", device.getDevice());
List<SessionRepresentation> sessions = device.getSessions();
assertEquals(2, sessions.size());
SessionRepresentation session = sessions.stream().filter(rep -> rep.getCurrent() != null && rep.getCurrent()).findFirst().get();
assertEquals(1, sessions.size());
SessionRepresentation session = sessions.get(0);
assertEquals("127.0.0.1", session.getIpAddress());
assertEquals(device.getLastAccess(), session.getLastAccess());

View file

@ -74,6 +74,7 @@ import org.keycloak.representations.idm.authorization.ResourceServerRepresentati
import org.keycloak.testsuite.adapter.page.PhotozClientAuthzTestApp;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.AppServerTestEnricher;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected;
import org.keycloak.testsuite.auth.page.login.OAuthGrant;
import org.keycloak.testsuite.util.DroneUtils;
@ -93,6 +94,7 @@ import org.wildfly.extras.creaper.core.online.operations.admin.Administration;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
@EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
public abstract class AbstractBasePhotozExampleAdapterTest extends AbstractPhotozJavascriptExecutorTest {
protected static final String RESOURCE_SERVER_ID = "photoz-restful-api";
@ -165,7 +167,6 @@ public abstract class AbstractBasePhotozExampleAdapterTest extends AbstractPhoto
@Override
public void addAdapterTestRealms(List<RealmRepresentation> testRealms) {
enableFeature(UPLOAD_SCRIPTS);
RealmRepresentation realm = loadRealm(new File(TEST_APPS_HOME_DIR + "/photoz/photoz-realm.json"));
realm.setAccessTokenLifespan(30 + TOKEN_LIFESPAN_LEEWAY); // seconds

View file

@ -28,6 +28,7 @@ import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
import org.keycloak.representations.idm.authorization.UserPolicyRepresentation;
import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.util.UIUtils;
import org.openqa.selenium.By;
import org.openqa.selenium.WebElement;
@ -50,6 +51,7 @@ import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
@EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
public abstract class AbstractBaseServletAuthzAdapterTest extends AbstractExampleAdapterTest {
protected static final String REALM_NAME = "servlet-authz";
@ -58,11 +60,6 @@ public abstract class AbstractBaseServletAuthzAdapterTest extends AbstractExampl
@ArquillianResource
private Deployer deployer;
@Before
public void onBefore() {
enableFeature(UPLOAD_SCRIPTS);
}
@Override
public void addAdapterTestRealms(List<RealmRepresentation> testRealms) {
testRealms.add(

View file

@ -46,6 +46,7 @@ import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
import org.keycloak.testsuite.util.UIUtils;
import org.openqa.selenium.By;
@ -62,6 +63,7 @@ import org.openqa.selenium.By;
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT7)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT8)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT9)
@EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
public class ServletPolicyEnforcerTest extends AbstractExampleAdapterTest {
protected static final String REALM_NAME = "servlet-policy-enforcer-authz";
@ -72,7 +74,6 @@ public class ServletPolicyEnforcerTest extends AbstractExampleAdapterTest {
@Override
public void addAdapterTestRealms(List<RealmRepresentation> testRealms) {
enableFeature(UPLOAD_SCRIPTS);
testRealms.add(
loadRealm(new File(TEST_APPS_HOME_DIR + "/servlet-policy-enforcer/servlet-policy-enforcer-authz-realm.json")));
}

View file

@ -34,6 +34,7 @@ import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest;
import org.keycloak.testsuite.adapter.page.AngularCorsProductTestApp;
import org.keycloak.testsuite.adapter.page.CorsDatabaseServiceTestApp;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
import org.keycloak.testsuite.auth.page.account.Account;
import org.keycloak.testsuite.auth.page.login.OIDCLogin;
@ -51,6 +52,8 @@ import java.util.regex.Pattern;
import static junit.framework.TestCase.assertNotNull;
import org.junit.Assume;
import org.keycloak.testsuite.util.DroneUtils;
import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS;
import static org.keycloak.testsuite.utils.io.IOUtil.loadRealm;
import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith;
import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
@ -71,6 +74,7 @@ import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement;
@AppServerContainer(ContainerConstants.APP_SERVER_EAP)
@AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
@AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
@EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
public class CorsExampleAdapterTest extends AbstractExampleAdapterTest {
public static final String CORS = "cors";
@ -109,7 +113,6 @@ public class CorsExampleAdapterTest extends AbstractExampleAdapterTest {
@Override
public void addAdapterTestRealms(List<RealmRepresentation> testRealms) {
enableFeature(Profile.Feature.UPLOAD_SCRIPTS);
testRealms.add(
loadRealm(new File(TEST_APPS_HOME_DIR + "/cors/cors-realm.json")));
}

View file

@ -59,6 +59,8 @@ import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.adapter.AbstractAdapterTest;
import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected;
import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
import org.keycloak.testsuite.broker.BrokerTestTools;
@ -100,6 +102,7 @@ import static org.keycloak.testsuite.arquillian.DeploymentTargetModifier.AUTH_SE
@AppServerContainer(ContainerConstants.APP_SERVER_EAP)
@AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
@AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
@EnableFeature(value = Profile.Feature.TOKEN_EXCHANGE, skipRestart = true)
public class BrokerLinkAndTokenExchangeTest extends AbstractServletsAdapterTest {
public static final String CHILD_IDP = "child";
public static final String PARENT_IDP = "parent-idp";
@ -206,30 +209,23 @@ public class BrokerLinkAndTokenExchangeTest extends AbstractServletsAdapterTest
}
@Before
public void enableFeature() throws Exception {
try {
addIdpUser();
addChildUser();
createBroker();
checkFeature(Response.Status.NOT_IMPLEMENTED.getStatusCode());
Response response = testingClient.testing().enableFeature(Profile.Feature.TOKEN_EXCHANGE.toString());
assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
checkFeature(Response.Status.OK.getStatusCode());
ProfileAssume.assumeFeatureEnabled(Profile.Feature.TOKEN_EXCHANGE);
} catch (Exception e) {
disableFeature();
throw e;
}
@Test
@DisableFeature(value = Profile.Feature.TOKEN_EXCHANGE, skipRestart = true)
@UncaughtServerErrorExpected
public void testFeatureDisabled() throws Exception {
checkFeature(Response.Status.NOT_IMPLEMENTED.getStatusCode());
}
@After
public void disableFeature() throws Exception {
Response response = testingClient.testing().disableFeature(Profile.Feature.TOKEN_EXCHANGE.toString());
assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
checkFeature(Response.Status.NOT_IMPLEMENTED.getStatusCode());
@Test
public void testFeatureEnabled() throws Exception {
checkFeature(Response.Status.OK.getStatusCode());
}
@Before
public void beforeTest() throws Exception {
addIdpUser();
addChildUser();
createBroker();
}
public void addIdpUser() {

View file

@ -49,6 +49,7 @@ import org.keycloak.services.resources.admin.permissions.GroupPermissionManageme
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected;
import org.keycloak.testsuite.auth.page.AuthRealm;
import org.keycloak.testsuite.runonserver.RunOnServerDeployment;
@ -86,19 +87,6 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
testRealms.add(testRealmRep);
}
@After
public void checkTokenExchangeFeature() throws Exception {
if (Profile.isFeatureEnabled(Profile.Feature.TOKEN_EXCHANGE)) {
disableTokenExchange();
}
}
private void disableTokenExchange() throws Exception {
Response featureResponse = testingClient.testing().disableFeature(Profile.Feature.TOKEN_EXCHANGE.toString());
Assert.assertEquals(200, featureResponse.getStatus());
checkTokenExchange(false);
}
public static void setupDemo(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName(TEST);
realm.addRole("realm-role");
@ -867,6 +855,12 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
}
}
@Test
@UncaughtServerErrorExpected
public void testTokenExchangeDisabled() throws Exception {
checkTokenExchange(false);
}
/**
* KEYCLOAK-7406
*
@ -874,22 +868,13 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
*/
@Test
@UncaughtServerErrorExpected
@EnableFeature(value = Profile.Feature.TOKEN_EXCHANGE, skipRestart = true)
public void testWithTokenExchange() throws Exception {
try {
checkTokenExchange(false);
Response featureResponse = testingClient.testing().enableFeature(Profile.Feature.TOKEN_EXCHANGE.toString());
Assert.assertEquals(200, featureResponse.getStatus());
ProfileAssume.assumeFeatureEnabled(Profile.Feature.TOKEN_EXCHANGE);
String exchanged = checkTokenExchange(true);
Assert.assertNotNull(exchanged);
try (Keycloak client = Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth",
AuthRealm.MASTER, Constants.ADMIN_CLI_CLIENT_ID, exchanged, TLSUtils.initializeTLS())) {
Assert.assertNotNull(client.realm("master").roles().get("offline_access"));
}
} finally {
disableTokenExchange();
String exchanged = checkTokenExchange(true);
Assert.assertNotNull(exchanged);
try (Keycloak client = Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth",
AuthRealm.MASTER, Constants.ADMIN_CLI_CLIENT_ID, exchanged, TLSUtils.initializeTLS())) {
Assert.assertNotNull(client.realm("master").roles().get("offline_access"));
}
}

View file

@ -30,6 +30,7 @@ import org.keycloak.representations.idm.authorization.ResourceServerRepresentati
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.admin.client.AbstractClientTest;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.UserBuilder;
@ -44,15 +45,11 @@ import java.util.List;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
@EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
public abstract class AbstractAuthorizationTest extends AbstractClientTest {
protected static final String RESOURCE_SERVER_CLIENT_ID = "resource-server-test";
@Before
public void onBefore() {
enableFeature(UPLOAD_SCRIPTS);
}
@Override
public void setDefaultPageUriParameters() {
super.setDefaultPageUriParameters();

View file

@ -18,6 +18,7 @@ package org.keycloak.testsuite.admin.client.authorization;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.fail;
import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS;
import java.util.Collections;
@ -33,16 +34,13 @@ import org.keycloak.common.Profile;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.JSPolicyRepresentation;
import org.keycloak.representations.idm.authorization.Logic;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
@EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
public class JSPolicyManagementTest extends AbstractPolicyManagementTest {
@Before
public void onBefore() {
enableFeature(Profile.Feature.UPLOAD_SCRIPTS);
}
@Test
public void testCreate() {

View file

@ -20,6 +20,7 @@ import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
@ -66,6 +67,7 @@ import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.RealmBuilder;
@ -76,6 +78,7 @@ import org.keycloak.testsuite.util.UserBuilder;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
@EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
public class PolicyEnforcerClaimsTest extends AbstractKeycloakTest {
protected static final String REALM_NAME = "authz-test";
@ -109,11 +112,6 @@ public class PolicyEnforcerClaimsTest extends AbstractKeycloakTest {
.directAccessGrants())
.build());
}
@Before
public void onBefore() {
enableFeature(Profile.Feature.UPLOAD_SCRIPTS);
}
@Test
public void testEnforceUMAAccessWithClaimsUsingBearerToken() {

View file

@ -78,6 +78,7 @@ import org.keycloak.representations.idm.authorization.RolePolicyRepresentation;
import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.RealmBuilder;
@ -89,6 +90,7 @@ import org.keycloak.util.JsonSerialization;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
@EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
public class PolicyEnforcerTest extends AbstractKeycloakTest {
private static final String RESOURCE_SERVER_CLIENT_ID = "resource-server-test";
@ -127,7 +129,6 @@ public class PolicyEnforcerTest extends AbstractKeycloakTest {
@Before
public void onBefore() {
enableFeature(UPLOAD_SCRIPTS);
initAuthorizationSettings(getClientResource(RESOURCE_SERVER_CLIENT_ID));
}

View file

@ -26,6 +26,7 @@ import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic;
import org.keycloak.representations.idm.authorization.RulePolicyRepresentation;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.arquillian.annotation.RestartContainer;
import org.keycloak.testsuite.util.ContainerAssume;
@ -39,13 +40,12 @@ import static org.junit.Assert.fail;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
@RestartContainer(enableFeatures = Profile.Feature.AUTHZ_DROOLS_POLICY)
@EnableFeature(Profile.Feature.AUTHZ_DROOLS_POLICY)
public class RulesPolicyManagementTest extends AbstractPolicyManagementTest {
@BeforeClass
public static void verifyEnvironment() {
ContainerAssume.assumeNotAuthServerUndertow();
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHZ_DROOLS_POLICY);
ContainerAssume.assumeNotAuthServerRemote();
}

View file

@ -1,23 +1,18 @@
package org.keycloak.testsuite.authz;
import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS;
import org.junit.Before;
import org.keycloak.common.Profile;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.JWSInputException;
import org.keycloak.representations.AccessToken;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
/**
* @author mhajas
*/
@EnableFeature(value = Profile.Feature.UPLOAD_SCRIPTS, skipRestart = true)
public abstract class AbstractAuthzTest extends AbstractKeycloakTest {
@Before
public void onBefore() {
enableFeature(UPLOAD_SCRIPTS);
}
protected AccessToken toAccessToken(String rpt) {
AccessToken accessToken;

View file

@ -46,7 +46,8 @@ import org.keycloak.representations.idm.authorization.PermissionTicketRepresenta
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.UmaPermissionRepresentation;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.arquillian.annotation.RestartContainer;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.GroupBuilder;
import org.keycloak.testsuite.util.RealmBuilder;
@ -142,13 +143,12 @@ public class UserManagedPermissionServiceTest extends AbstractResourceServerTest
@Test
public void testCreateDeprecatedFeaturesEnabled() {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.UPLOAD_SCRIPTS);
testCreate();
}
@Test
@DisableFeature(value = Profile.Feature.UPLOAD_SCRIPTS, skipRestart = true)
public void testCreateDeprecatedFeaturesDisabled() {
ProfileAssume.assumeFeatureDisabled(Profile.Feature.UPLOAD_SCRIPTS);
testCreate();
}
@ -337,19 +337,18 @@ public class UserManagedPermissionServiceTest extends AbstractResourceServerTest
@Test
public void testUpdateDeprecatedFeaturesEnabled() {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.UPLOAD_SCRIPTS);
testUpdate();
}
@Test
@DisableFeature(value = Profile.Feature.UPLOAD_SCRIPTS, skipRestart = true)
public void testUpdateDeprecatedFeaturesDisabled() {
ProfileAssume.assumeFeatureDisabled(Profile.Feature.UPLOAD_SCRIPTS);
testUpdate();
}
@Test
@DisableFeature(value = Profile.Feature.UPLOAD_SCRIPTS, skipRestart = true)
public void testUploadScriptDisabled() {
disableFeature(Profile.Feature.UPLOAD_SCRIPTS);
ResourceRepresentation resource = new ResourceRepresentation();
resource.setName("Resource A");

View file

@ -38,6 +38,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.util.ExecutionBuilder;
import org.keycloak.testsuite.util.FlowBuilder;
@ -53,6 +54,7 @@ import java.util.Map;
*
* @author <a href="mailto:thomas.darimont@gmail.com">Thomas Darimont</a>
*/
@EnableFeature(Profile.Feature.UPLOAD_SCRIPTS)
public class ScriptAuthenticatorTest extends AbstractFlowTest {
@Page
@ -65,13 +67,6 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
public static final String EXECUTION_ID = "scriptAuth";
@BeforeClass
public static void verifyEnvironment() {
// TODO: we should probably enable SCRIPTS automatically when UPLOAD_SCRIPTS is enabled
ProfileAssume.assumeFeatureEnabled(Profile.Feature.SCRIPTS);
ProfileAssume.assumeFeatureEnabled(Profile.Feature.UPLOAD_SCRIPTS);
}
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
@ -236,3 +231,4 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
return configRep;
}
}

View file

@ -42,6 +42,8 @@ import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected;
import org.keycloak.testsuite.runonserver.RunOnServerDeployment;
import org.keycloak.testsuite.util.OAuthClient;
@ -66,10 +68,9 @@ import static org.keycloak.testsuite.auth.page.AuthRealm.TEST;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
@EnableFeature(value = Profile.Feature.TOKEN_EXCHANGE, skipRestart = true)
public class ClientTokenExchangeTest extends AbstractKeycloakTest {
private final Profile.Feature FEATURE = Profile.Feature.TOKEN_EXCHANGE;
@Rule
public AssertEvents events = new AssertEvents(this);
@ -78,30 +79,24 @@ public class ClientTokenExchangeTest extends AbstractKeycloakTest {
return RunOnServerDeployment.create(ClientTokenExchangeTest.class);
}
@Before
public void enableFeature() {
@Test
@UncaughtServerErrorExpected
@DisableFeature(value = Profile.Feature.TOKEN_EXCHANGE, skipRestart = true)
public void checkFeatureDisabled() {
// Required feature should return Status code 501 - Feature doesn't work
testingClient.server().run(ClientTokenExchangeTest::addDirectExchanger);
Assert.assertEquals(501, checkTokenExchange().getStatus());
testingClient.server().run(ClientTokenExchangeTest::removeDirectExchanger);
}
// Test if required feature is enabled in Profiles.
Response response = testingClient.testing().enableFeature(FEATURE.toString());
Assert.assertEquals(200, response.getStatus());
@Test
public void checkFeatureEnabled() {
// Test if the required feature really works.
testingClient.server().run(ClientTokenExchangeTest::addDirectExchanger);
Assert.assertEquals(200, checkTokenExchange().getStatus());
testingClient.server().run(ClientTokenExchangeTest::removeDirectExchanger);
}
@After
public void disableFeature() {
// Test if required feature is disabled.
Response response = testingClient.testing().disableFeature(FEATURE.toString());
Assert.assertEquals(200, response.getStatus());
}
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
RealmRepresentation testRealmRep = new RealmRepresentation();
@ -221,8 +216,6 @@ public class ClientTokenExchangeTest extends AbstractKeycloakTest {
@Test
@UncaughtServerErrorExpected
public void testExchange() throws Exception {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.TOKEN_EXCHANGE);
testingClient.server().run(ClientTokenExchangeTest::setupRealm);
oauth.realm(TEST);
@ -265,8 +258,6 @@ public class ClientTokenExchangeTest extends AbstractKeycloakTest {
@Test
@UncaughtServerErrorExpected
public void testImpersonation() throws Exception {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.TOKEN_EXCHANGE);
testingClient.server().run(ClientTokenExchangeTest::setupRealm);
oauth.realm(TEST);
@ -349,8 +340,6 @@ public class ClientTokenExchangeTest extends AbstractKeycloakTest {
@Test
@UncaughtServerErrorExpected
public void testBadImpersonator() throws Exception {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.TOKEN_EXCHANGE);
testingClient.server().run(ClientTokenExchangeTest::setupRealm);
oauth.realm(TEST);
@ -393,8 +382,6 @@ public class ClientTokenExchangeTest extends AbstractKeycloakTest {
@Test
@UncaughtServerErrorExpected
public void testDirectImpersonation() throws Exception {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.TOKEN_EXCHANGE);
testingClient.server().run(ClientTokenExchangeTest::setupRealm);
Client httpClient = ClientBuilder.newClient();

View file

@ -48,6 +48,7 @@ import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.util.ClientManager;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.ProtocolMapperUtil;
@ -129,8 +130,8 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
}
@Test
@EnableFeature(value = Profile.Feature.UPLOAD_SCRIPTS) // This requires also SCRIPTS feature, therefore we need to restart container
public void testTokenScriptMapping() {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.UPLOAD_SCRIPTS);
{
ClientResource app = findClientResourceByClientId(adminClient.realm("test"), "test-app");

View file

@ -33,6 +33,7 @@ import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.arquillian.annotation.RestartContainer;
import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
import org.keycloak.testsuite.util.ContainerAssume;
@ -52,9 +53,8 @@ import java.util.Map;
import static org.hamcrest.collection.IsIterableContainingInAnyOrder.containsInAnyOrder;
import static org.junit.Assert.*;
import static org.keycloak.common.Profile.Feature.OPENSHIFT_INTEGRATION;
import static org.keycloak.testsuite.ProfileAssume.assumeFeatureEnabled;
@RestartContainer(enableFeatures = OPENSHIFT_INTEGRATION)
@EnableFeature(OPENSHIFT_INTEGRATION)
public class OpenShiftTokenReviewEndpointTest extends AbstractTestRealmKeycloakTest {
private static boolean flowConfigured;
@ -93,8 +93,6 @@ public class OpenShiftTokenReviewEndpointTest extends AbstractTestRealmKeycloakT
@Before
public void enablePassthroughAuthenticator() {
assumeFeatureEnabled(OPENSHIFT_INTEGRATION);
if (!flowConfigured) {
HashMap<String, String> data = new HashMap<>();
data.put("newName", "testsuite-client-dummy");

View file

@ -20,7 +20,6 @@ package org.keycloak.testsuite.openshift;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.fail;
import static org.keycloak.common.Profile.Feature.OPENSHIFT_INTEGRATION;
import static org.keycloak.testsuite.ProfileAssume.assumeFeatureEnabled;
import static org.keycloak.testsuite.admin.ApiUtil.findUserByUsername;
import javax.ws.rs.core.Response;
@ -56,6 +55,7 @@ import org.keycloak.storage.openshift.OpenshiftClientStorageProviderFactory;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.arquillian.annotation.RestartContainer;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.ConsentPage;
@ -70,7 +70,7 @@ import org.keycloak.testsuite.util.OAuthClient;
*
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
@RestartContainer(enableFeatures = OPENSHIFT_INTEGRATION)
@EnableFeature(OPENSHIFT_INTEGRATION)
public final class OpenshiftClientStorageTest extends AbstractTestRealmKeycloakTest {
private static Undertow OPENSHIFT_API_SERVER;
@ -154,7 +154,6 @@ public final class OpenshiftClientStorageTest extends AbstractTestRealmKeycloakT
public void onBefore() {
ContainerAssume.assumeNotAuthServerRemote();
assumeFeatureEnabled(OPENSHIFT_INTEGRATION);
ComponentRepresentation provider = new ComponentRepresentation();
provider.setName("openshift-client-storage");

View file

@ -52,6 +52,8 @@ import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.provider.ScriptProviderDescriptor;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.forms.AbstractFlowTest;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.util.ContainerAssume;
@ -64,6 +66,7 @@ import org.keycloak.util.JsonSerialization;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
@EnableFeature(SCRIPTS)
public class DeployedScriptAuthenticatorTest extends AbstractFlowTest {
public static final String EXECUTION_ID = "scriptAuth";
@ -183,7 +186,6 @@ public class DeployedScriptAuthenticatorTest extends AbstractFlowTest {
*/
@Test
public void loginShouldWorkWithScriptAuthenticator() {
ProfileAssume.assumeFeatureEnabled(SCRIPTS);
configureFlows();
loginPage.open();
@ -198,7 +200,6 @@ public class DeployedScriptAuthenticatorTest extends AbstractFlowTest {
*/
@Test
public void loginShouldFailWithScriptAuthenticator() {
ProfileAssume.assumeFeatureEnabled(SCRIPTS);
configureFlows();
loginPage.open();
@ -209,8 +210,8 @@ public class DeployedScriptAuthenticatorTest extends AbstractFlowTest {
}
@Test
@DisableFeature(SCRIPTS)
public void testScriptAuthenticatorNotAvailable() {
ProfileAssume.assumeFeatureDisabled(UPLOAD_SCRIPTS);
assertFalse(testRealm().flows().getAuthenticatorProviders().stream().anyMatch(
provider -> ScriptBasedAuthenticatorFactory.PROVIDER_ID.equals(provider.get("id"))));
}

View file

@ -18,6 +18,7 @@ package org.keycloak.testsuite.script;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.keycloak.common.Profile.Feature.SCRIPTS;
import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS;
import static org.keycloak.testsuite.admin.ApiUtil.findClientResourceByClientId;
import static org.keycloak.testsuite.arquillian.DeploymentTargetModifier.AUTH_SERVER_CURRENT;
@ -46,6 +47,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.provider.ScriptProviderDescriptor;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.util.ContainerAssume;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.util.JsonSerialization;
@ -95,15 +97,14 @@ public class DeployedScriptMapperTest extends AbstractTestRealmKeycloakTest {
@Test
public void testScriptMapperNotAvailable() {
ProfileAssume.assumeFeatureDisabled(UPLOAD_SCRIPTS);
assertFalse(adminClient.serverInfo().getInfo().getProtocolMapperTypes().get(OIDCLoginProtocol.LOGIN_PROTOCOL).stream()
.anyMatch(
mapper -> ScriptBasedOIDCProtocolMapper.PROVIDER_ID.equals(mapper.getId())));
}
@Test
@EnableFeature(SCRIPTS)
public void testTokenScriptMapping() {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.SCRIPTS);
{
ClientResource app = findClientResourceByClientId(adminClient.realm("test"), "test-app");

View file

@ -52,6 +52,7 @@ import org.keycloak.representations.idm.authorization.ResourcePermissionRepresen
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.provider.ScriptProviderDescriptor;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected;
import org.keycloak.testsuite.authz.AbstractAuthzTest;
import org.keycloak.testsuite.util.ClientBuilder;
@ -119,15 +120,15 @@ public class DeployedScriptPolicyTest extends AbstractAuthzTest {
}
@Test
@DisableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
public void testJSPolicyProviderNotAvailable() {
ProfileAssume.assumeFeatureDisabled(UPLOAD_SCRIPTS);
assertFalse(getAuthorizationResource().policies().policyProviders().stream().anyMatch(rep -> "js".equals(rep.getType())));
}
@Test
@UncaughtServerErrorExpected
@DisableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
public void failCreateJSPolicy() {
ProfileAssume.assumeFeatureDisabled(UPLOAD_SCRIPTS);
JSPolicyRepresentation grantPolicy = new JSPolicyRepresentation();
grantPolicy.setName("JS Policy");

View file

@ -43,6 +43,7 @@ import org.keycloak.representations.idm.authorization.RolePolicyRepresentation;
import org.keycloak.representations.idm.authorization.RulePolicyRepresentation;
import org.keycloak.representations.idm.authorization.TimePolicyRepresentation;
import org.keycloak.representations.idm.authorization.UserPolicyRepresentation;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.console.page.clients.authorization.policy.AggregatePolicy;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.GroupBuilder;
@ -51,13 +52,9 @@ import org.keycloak.testsuite.util.UserBuilder;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
@EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
public class AggregatePolicyManagementTest extends AbstractAuthorizationSettingsTest {
@Before
public void onBefore() {
enableFeature(UPLOAD_SCRIPTS);
}
@Before
public void configureTest() {
super.configureTest();

View file

@ -26,18 +26,15 @@ import org.junit.Before;
import org.junit.Test;
import org.keycloak.representations.idm.authorization.JSPolicyRepresentation;
import org.keycloak.representations.idm.authorization.Logic;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.console.page.clients.authorization.policy.JSPolicy;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
@EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
public class JSPolicyManagementTest extends AbstractAuthorizationSettingsTest {
@Before
public void onBefore() {
enableFeature(UPLOAD_SCRIPTS);
}
@Test
public void testUpdate() throws InterruptedException {
authorizationPage.navigateTo();