diff --git a/tests/setupconfig/conftest.py b/tests/setupconfig/conftest.py index bf80e86..62b5492 100644 --- a/tests/setupconfig/conftest.py +++ b/tests/setupconfig/conftest.py @@ -43,6 +43,11 @@ def sync_groups_config_yml(): return "tests/setupconfig/files/sync_groups.yml" +@pytest.fixture() +def multiple_configs_yml(): + return "tests/setupconfig/files/multiple_configs.yml" + + @pytest.fixture def set_config_to_non_default_values(): """ diff --git a/tests/setupconfig/files/defaults.yml b/tests/setupconfig/files/defaults.yml index 889c392..44d3115 100644 --- a/tests/setupconfig/files/defaults.yml +++ b/tests/setupconfig/files/defaults.yml @@ -1,8 +1,9 @@ oidc_db_config_enable: True oidc_db_config_admin_auth: - oidc_rp_client_id: client-id - oidc_rp_client_secret: secret - endpoint_config: - oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth - oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token - oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo + configurations: + - oidc_rp_client_id: client-id + oidc_rp_client_secret: secret + endpoint_config: + oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth + oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token + oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo diff --git a/tests/setupconfig/files/discovery.yml b/tests/setupconfig/files/discovery.yml index be8b924..94675b9 100644 --- a/tests/setupconfig/files/discovery.yml +++ b/tests/setupconfig/files/discovery.yml @@ -1,6 +1,7 @@ oidc_db_config_enable: True oidc_db_config_admin_auth: - oidc_rp_client_id: testid - oidc_rp_client_secret: 7DB3KUAAizYCcmZufpHRVOcD0TOkNO3I - endpoint_config: - oidc_op_discovery_endpoint: http://localhost:8080/realms/test/ + configurations: + - oidc_rp_client_id: testid + oidc_rp_client_secret: 7DB3KUAAizYCcmZufpHRVOcD0TOkNO3I + endpoint_config: + oidc_op_discovery_endpoint: http://localhost:8080/realms/test/ diff --git a/tests/setupconfig/files/full_setup.yml b/tests/setupconfig/files/full_setup.yml index 0a4a63f..249cb45 100644 --- a/tests/setupconfig/files/full_setup.yml +++ b/tests/setupconfig/files/full_setup.yml @@ -1,37 +1,38 @@ oidc_db_config_enable: True oidc_db_config_admin_auth: - enabled: False - oidc_rp_client_id: client-id - oidc_rp_client_secret: secret - oidc_rp_scopes_list: - - open_id - - email - - profile - - extra_scope - oidc_rp_sign_algo: RS256 - oidc_rp_idp_sign_key: key - oidc_op_jwks_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/certs - endpoint_config: - oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth - oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token - oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo - username_claim: - - claim_name - groups_claim: - - groups_claim_name - claim_mapping: - first_name: - - given_name - sync_groups: false - sync_groups_glob_pattern: local.groups.* - default_groups: - - local.groups.Admins - - local.groups.Read-only - make_users_staff: true - superuser_group_names: - - superuser - oidc_use_nonce: false - oidc_nonce_size: 48 - oidc_state_size: 48 - userinfo_claims_source: id_token + configurations: + - enabled: False + oidc_rp_client_id: client-id + oidc_rp_client_secret: secret + oidc_rp_scopes_list: + - open_id + - email + - profile + - extra_scope + oidc_rp_sign_algo: RS256 + oidc_rp_idp_sign_key: key + oidc_op_jwks_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/certs + endpoint_config: + oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth + oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token + oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo + username_claim: + - claim_name + groups_claim: + - groups_claim_name + claim_mapping: + first_name: + - given_name + sync_groups: false + sync_groups_glob_pattern: local.groups.* + default_groups: + - local.groups.Admins + - local.groups.Read-only + make_users_staff: true + superuser_group_names: + - superuser + oidc_use_nonce: false + oidc_nonce_size: 48 + oidc_state_size: 48 + userinfo_claims_source: id_token diff --git a/tests/setupconfig/files/multiple_configs.yml b/tests/setupconfig/files/multiple_configs.yml new file mode 100644 index 0000000..9dba9dd --- /dev/null +++ b/tests/setupconfig/files/multiple_configs.yml @@ -0,0 +1,15 @@ +oidc_db_config_enable: True +oidc_db_config_admin_auth: + configurations: + - oidc_rp_client_id: client-id + oidc_rp_client_secret: secret + endpoint_config: + oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth + oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token + oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo + - oidc_rp_client_id: client-id2 + oidc_rp_client_secret: secret2 + endpoint_config: + oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth + oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token + oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo diff --git a/tests/setupconfig/files/no_sync_groups.yml b/tests/setupconfig/files/no_sync_groups.yml index 590e699..29165a0 100644 --- a/tests/setupconfig/files/no_sync_groups.yml +++ b/tests/setupconfig/files/no_sync_groups.yml @@ -1,12 +1,13 @@ oidc_db_config_enable: True oidc_db_config_admin_auth: - oidc_rp_client_id: client-id - oidc_rp_client_secret: secret - endpoint_config: - oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth - oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token - oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo - sync_groups: false - default_groups: - - SuperAdmins - - NormalUsers + configurations: + - oidc_rp_client_id: client-id + oidc_rp_client_secret: secret + endpoint_config: + oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth + oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token + oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo + sync_groups: false + default_groups: + - SuperAdmins + - NormalUsers diff --git a/tests/setupconfig/files/sync_groups.yml b/tests/setupconfig/files/sync_groups.yml index 291eb6a..a1af70b 100644 --- a/tests/setupconfig/files/sync_groups.yml +++ b/tests/setupconfig/files/sync_groups.yml @@ -1,15 +1,16 @@ oidc_db_config_enable: True oidc_db_config_admin_auth: - oidc_rp_client_id: client-id - oidc_rp_client_secret: secret - endpoint_config: - oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth - oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token - oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo - sync_groups: true - sync_groups_glob_pattern: local.groups.* - default_groups: - - local.groups.SuperAdmins - - local.WeirdAdmins - - local.groups.NormalUsers - - local.WeirdUsers + configurations: + - oidc_rp_client_id: client-id + oidc_rp_client_secret: secret + endpoint_config: + oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth + oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token + oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo + sync_groups: true + sync_groups_glob_pattern: local.groups.* + default_groups: + - local.groups.SuperAdmins + - local.WeirdAdmins + - local.groups.NormalUsers + - local.WeirdUsers diff --git a/tests/setupconfig/test_steps.py b/tests/setupconfig/test_steps.py index 9943c1f..16a40e6 100644 --- a/tests/setupconfig/test_steps.py +++ b/tests/setupconfig/test_steps.py @@ -244,6 +244,21 @@ def test_configure_discovery_failure( assert config.oidc_op_discovery_endpoint == "" +@pytest.mark.django_db +def test_configure_fails_with_multiple_configs(multiple_configs_yml): + with pytest.raises(ConfigurationRunFailed) as excinfo: + execute_single_step( + AdminOIDCConfigurationStep, yaml_source=multiple_configs_yml + ) + assert ( + str(excinfo.value) + == "Currently it is only possible to specify a single OIDC configuration" + ) + + config = OpenIDConnectConfig.get_solo() + assert not config.enabled + + @pytest.mark.django_db def test_sync_groups_is_false(no_sync_groups_config_yml): # create groups so they can be found @@ -253,8 +268,10 @@ def test_sync_groups_is_false(no_sync_groups_config_yml): AdminOIDCConfigurationStep, yaml_source=no_sync_groups_config_yml ) - assert not result.config_model.sync_groups - assert result.config_model.default_groups == ["SuperAdmins", "NormalUsers"] + config_model = result.config_model.configurations[0] + + assert not config_model.sync_groups + assert config_model.default_groups == ["SuperAdmins", "NormalUsers"] config = OpenIDConnectConfig.get_solo() assert config.default_groups.all().count() == 1 @@ -271,14 +288,16 @@ def test_sync_groups_is_true(sync_groups_config_yml): AdminOIDCConfigurationStep, yaml_source=sync_groups_config_yml ) - assert result.config_model.sync_groups - assert result.config_model.default_groups == [ + config_model = result.config_model.configurations[0] + + assert config_model.sync_groups + assert config_model.default_groups == [ "local.groups.SuperAdmins", "local.WeirdAdmins", "local.groups.NormalUsers", "local.WeirdUsers", ] - assert result.config_model.sync_groups_glob_pattern == "local.groups.*" + assert config_model.sync_groups_glob_pattern == "local.groups.*" config = OpenIDConnectConfig.get_solo() assert config.default_groups.all().count() == 3