2021-06-24 19:14:46 +02:00
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
|
|
|
# Copyright: (c) 2021, Ansible Project
|
|
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
|
|
|
|
|
|
from __future__ import absolute_import, division, print_function
|
|
|
|
__metaclass__ = type
|
|
|
|
|
|
|
|
from contextlib import contextmanager
|
|
|
|
|
|
|
|
from ansible_collections.community.general.tests.unit.compat import unittest
|
|
|
|
from ansible_collections.community.general.tests.unit.compat.mock import call, patch
|
|
|
|
from ansible_collections.community.general.tests.unit.plugins.modules.utils import AnsibleExitJson, AnsibleFailJson, ModuleTestCase, set_module_args
|
|
|
|
|
|
|
|
from ansible_collections.community.general.plugins.modules.identity.keycloak import keycloak_authentication
|
|
|
|
|
|
|
|
from itertools import count
|
|
|
|
|
|
|
|
from ansible.module_utils.six import StringIO
|
|
|
|
|
|
|
|
|
|
|
|
@contextmanager
|
|
|
|
def patch_keycloak_api(get_authentication_flow_by_alias=None, copy_auth_flow=None, create_empty_auth_flow=None,
|
|
|
|
get_executions_representation=None, delete_authentication_flow_by_id=None):
|
|
|
|
"""Mock context manager for patching the methods in PwPolicyIPAClient that contact the IPA server
|
|
|
|
|
|
|
|
Patches the `login` and `_post_json` methods
|
|
|
|
|
|
|
|
Keyword arguments are passed to the mock object that patches `_post_json`
|
|
|
|
|
|
|
|
No arguments are passed to the mock object that patches `login` because no tests require it
|
|
|
|
|
|
|
|
Example::
|
|
|
|
|
|
|
|
with patch_ipa(return_value={}) as (mock_login, mock_post):
|
|
|
|
...
|
|
|
|
"""
|
|
|
|
|
|
|
|
obj = keycloak_authentication.KeycloakAPI
|
|
|
|
with patch.object(obj, 'get_authentication_flow_by_alias', side_effect=get_authentication_flow_by_alias) \
|
|
|
|
as mock_get_authentication_flow_by_alias:
|
|
|
|
with patch.object(obj, 'copy_auth_flow', side_effect=copy_auth_flow) \
|
|
|
|
as mock_copy_auth_flow:
|
|
|
|
with patch.object(obj, 'create_empty_auth_flow', side_effect=create_empty_auth_flow) \
|
|
|
|
as mock_create_empty_auth_flow:
|
|
|
|
with patch.object(obj, 'get_executions_representation', return_value=get_executions_representation) \
|
|
|
|
as mock_get_executions_representation:
|
|
|
|
with patch.object(obj, 'delete_authentication_flow_by_id', side_effect=delete_authentication_flow_by_id) \
|
|
|
|
as mock_delete_authentication_flow_by_id:
|
|
|
|
yield mock_get_authentication_flow_by_alias, mock_copy_auth_flow, mock_create_empty_auth_flow, \
|
|
|
|
mock_get_executions_representation, mock_delete_authentication_flow_by_id
|
|
|
|
|
|
|
|
|
|
|
|
def get_response(object_with_future_response, method, get_id_call_count):
|
|
|
|
if callable(object_with_future_response):
|
|
|
|
return object_with_future_response()
|
|
|
|
if isinstance(object_with_future_response, dict):
|
|
|
|
return get_response(
|
|
|
|
object_with_future_response[method], method, get_id_call_count)
|
|
|
|
if isinstance(object_with_future_response, list):
|
|
|
|
call_number = next(get_id_call_count)
|
|
|
|
return get_response(
|
|
|
|
object_with_future_response[call_number], method, get_id_call_count)
|
|
|
|
return object_with_future_response
|
|
|
|
|
|
|
|
|
|
|
|
def build_mocked_request(get_id_user_count, response_dict):
|
|
|
|
def _mocked_requests(*args, **kwargs):
|
|
|
|
url = args[0]
|
|
|
|
method = kwargs['method']
|
|
|
|
future_response = response_dict.get(url, None)
|
|
|
|
return get_response(future_response, method, get_id_user_count)
|
|
|
|
return _mocked_requests
|
|
|
|
|
|
|
|
|
|
|
|
def create_wrapper(text_as_string):
|
|
|
|
"""Allow to mock many times a call to one address.
|
|
|
|
Without this function, the StringIO is empty for the second call.
|
|
|
|
"""
|
|
|
|
def _create_wrapper():
|
|
|
|
return StringIO(text_as_string)
|
|
|
|
return _create_wrapper
|
|
|
|
|
|
|
|
|
|
|
|
def mock_good_connection():
|
|
|
|
token_response = {
|
|
|
|
'http://keycloak.url/auth/realms/master/protocol/openid-connect/token': create_wrapper('{"access_token": "alongtoken"}'), }
|
|
|
|
return patch(
|
|
|
|
'ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak.open_url',
|
|
|
|
side_effect=build_mocked_request(count(), token_response),
|
|
|
|
autospec=True
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
class TestKeycloakAuthentication(ModuleTestCase):
|
|
|
|
def setUp(self):
|
|
|
|
super(TestKeycloakAuthentication, self).setUp()
|
|
|
|
self.module = keycloak_authentication
|
|
|
|
|
|
|
|
def test_create_auth_flow_from_copy(self):
|
|
|
|
"""Add a new authentication flow from copy of an other flow"""
|
|
|
|
|
|
|
|
module_args = {
|
|
|
|
'auth_keycloak_url': 'http://keycloak.url/auth',
|
|
|
|
'auth_username': 'admin',
|
|
|
|
'auth_password': 'admin',
|
|
|
|
'auth_realm': 'master',
|
|
|
|
'realm': 'realm-name',
|
|
|
|
'alias': 'Test create authentication flow copy',
|
|
|
|
'copyFrom': 'first broker login',
|
|
|
|
'authenticationExecutions': [
|
|
|
|
{
|
|
|
|
'providerId': 'identity-provider-redirector',
|
|
|
|
'requirement': 'ALTERNATIVE',
|
|
|
|
},
|
|
|
|
],
|
|
|
|
'state': 'present',
|
|
|
|
}
|
|
|
|
return_value_auth_flow_before = [{}]
|
|
|
|
return_value_copied = [{
|
|
|
|
'id': '2ac059fc-c548-414f-9c9e-84d42bd4944e',
|
|
|
|
'alias': 'first broker login',
|
|
|
|
'description': 'browser based authentication',
|
|
|
|
'providerId': 'basic-flow',
|
|
|
|
'topLevel': True,
|
|
|
|
'builtIn': False,
|
|
|
|
'authenticationExecutions': [
|
|
|
|
{
|
|
|
|
'authenticator': 'auth-cookie',
|
|
|
|
'requirement': 'ALTERNATIVE',
|
|
|
|
'priority': 10,
|
|
|
|
'userSetupAllowed': False,
|
|
|
|
'autheticatorFlow': False
|
|
|
|
},
|
|
|
|
],
|
|
|
|
}]
|
|
|
|
return_value_executions_after = [
|
|
|
|
{
|
|
|
|
'id': 'b678e30c-8469-40a7-8c21-8d0cda76a591',
|
|
|
|
'requirement': 'ALTERNATIVE',
|
|
|
|
'displayName': 'Identity Provider Redirector',
|
|
|
|
'requirementChoices': ['REQUIRED', 'DISABLED'],
|
|
|
|
'configurable': True,
|
|
|
|
'providerId': 'identity-provider-redirector',
|
|
|
|
'level': 0,
|
|
|
|
'index': 0
|
|
|
|
},
|
|
|
|
{
|
|
|
|
'id': 'fdc208e9-c292-48b7-b7d1-1d98315ee893',
|
|
|
|
'requirement': 'ALTERNATIVE',
|
|
|
|
'displayName': 'Cookie',
|
|
|
|
'requirementChoices': [
|
|
|
|
'REQUIRED',
|
|
|
|
'ALTERNATIVE',
|
|
|
|
'DISABLED'
|
|
|
|
],
|
|
|
|
'configurable': False,
|
|
|
|
'providerId': 'auth-cookie',
|
|
|
|
'level': 0,
|
|
|
|
'index': 1
|
|
|
|
},
|
|
|
|
]
|
|
|
|
changed = True
|
|
|
|
|
|
|
|
set_module_args(module_args)
|
|
|
|
|
|
|
|
# Run the module
|
|
|
|
|
|
|
|
with mock_good_connection():
|
|
|
|
with patch_keycloak_api(get_authentication_flow_by_alias=return_value_auth_flow_before, copy_auth_flow=return_value_copied,
|
|
|
|
get_executions_representation=return_value_executions_after) \
|
|
|
|
as (mock_get_authentication_flow_by_alias, mock_copy_auth_flow, mock_create_empty_auth_flow,
|
|
|
|
mock_get_executions_representation, mock_delete_authentication_flow_by_id):
|
|
|
|
with self.assertRaises(AnsibleExitJson) as exec_info:
|
|
|
|
self.module.main()
|
|
|
|
|
|
|
|
# Verify number of call on each mock
|
|
|
|
self.assertEqual(len(mock_get_authentication_flow_by_alias.mock_calls), 1)
|
|
|
|
self.assertEqual(len(mock_copy_auth_flow.mock_calls), 1)
|
|
|
|
self.assertEqual(len(mock_create_empty_auth_flow.mock_calls), 0)
|
|
|
|
self.assertEqual(len(mock_get_executions_representation.mock_calls), 2)
|
|
|
|
self.assertEqual(len(mock_delete_authentication_flow_by_id.mock_calls), 0)
|
|
|
|
|
|
|
|
# Verify that the module's changed status matches what is expected
|
|
|
|
self.assertIs(exec_info.exception.args[0]['changed'], changed)
|
|
|
|
|
|
|
|
def test_create_auth_flow_from_copy_idempotency(self):
|
|
|
|
"""Add an already existing authentication flow from copy of an other flow to test idempotency"""
|
|
|
|
|
|
|
|
module_args = {
|
|
|
|
'auth_keycloak_url': 'http://keycloak.url/auth',
|
|
|
|
'auth_username': 'admin',
|
|
|
|
'auth_password': 'admin',
|
|
|
|
'auth_realm': 'master',
|
|
|
|
'realm': 'realm-name',
|
|
|
|
'alias': 'Test create authentication flow copy',
|
|
|
|
'copyFrom': 'first broker login',
|
|
|
|
'authenticationExecutions': [
|
|
|
|
{
|
|
|
|
'providerId': 'identity-provider-redirector',
|
|
|
|
'requirement': 'ALTERNATIVE',
|
|
|
|
},
|
|
|
|
],
|
|
|
|
'state': 'present',
|
|
|
|
}
|
|
|
|
return_value_auth_flow_before = [{
|
|
|
|
'id': '71275d5e-e11f-4be4-b119-0abfa87987a4',
|
|
|
|
'alias': 'Test create authentication flow copy',
|
|
|
|
'description': '',
|
|
|
|
'providerId': 'basic-flow',
|
|
|
|
'topLevel': True,
|
|
|
|
'builtIn': False,
|
|
|
|
'authenticationExecutions': [
|
|
|
|
{
|
|
|
|
'authenticator': 'identity-provider-redirector',
|
|
|
|
'requirement': 'ALTERNATIVE',
|
|
|
|
'priority': 0,
|
|
|
|
'userSetupAllowed': False,
|
|
|
|
'autheticatorFlow': False
|
|
|
|
},
|
|
|
|
{
|
|
|
|
'authenticator': 'auth-cookie',
|
|
|
|
'requirement': 'ALTERNATIVE',
|
|
|
|
'priority': 0,
|
|
|
|
'userSetupAllowed': False,
|
|
|
|
'autheticatorFlow': False
|
|
|
|
},
|
|
|
|
],
|
|
|
|
}]
|
|
|
|
return_value_executions_after = [
|
|
|
|
{
|
|
|
|
'id': 'b678e30c-8469-40a7-8c21-8d0cda76a591',
|
|
|
|
'requirement': 'ALTERNATIVE',
|
|
|
|
'displayName': 'Identity Provider Redirector',
|
|
|
|
'requirementChoices': ['REQUIRED', 'DISABLED'],
|
|
|
|
'configurable': True,
|
|
|
|
'providerId': 'identity-provider-redirector',
|
|
|
|
'level': 0,
|
|
|
|
'index': 0
|
|
|
|
},
|
|
|
|
{
|
|
|
|
'id': 'fdc208e9-c292-48b7-b7d1-1d98315ee893',
|
|
|
|
'requirement': 'ALTERNATIVE',
|
|
|
|
'displayName': 'Cookie',
|
|
|
|
'requirementChoices': [
|
|
|
|
'REQUIRED',
|
|
|
|
'ALTERNATIVE',
|
|
|
|
'DISABLED'
|
|
|
|
],
|
|
|
|
'configurable': False,
|
|
|
|
'providerId': 'auth-cookie',
|
|
|
|
'level': 0,
|
|
|
|
'index': 1
|
|
|
|
},
|
|
|
|
]
|
|
|
|
changed = False
|
|
|
|
|
|
|
|
set_module_args(module_args)
|
|
|
|
|
|
|
|
# Run the module
|
|
|
|
|
|
|
|
with mock_good_connection():
|
|
|
|
with patch_keycloak_api(get_authentication_flow_by_alias=return_value_auth_flow_before,
|
|
|
|
get_executions_representation=return_value_executions_after) \
|
|
|
|
as (mock_get_authentication_flow_by_alias, mock_copy_auth_flow, mock_create_empty_auth_flow,
|
|
|
|
mock_get_executions_representation, mock_delete_authentication_flow_by_id):
|
|
|
|
with self.assertRaises(AnsibleExitJson) as exec_info:
|
|
|
|
self.module.main()
|
|
|
|
|
|
|
|
# Verify number of call on each mock
|
|
|
|
self.assertEqual(len(mock_get_authentication_flow_by_alias.mock_calls), 1)
|
|
|
|
self.assertEqual(len(mock_copy_auth_flow.mock_calls), 0)
|
|
|
|
self.assertEqual(len(mock_create_empty_auth_flow.mock_calls), 0)
|
|
|
|
self.assertEqual(len(mock_get_executions_representation.mock_calls), 2)
|
|
|
|
self.assertEqual(len(mock_delete_authentication_flow_by_id.mock_calls), 0)
|
|
|
|
|
|
|
|
# Verify that the module's changed status matches what is expected
|
|
|
|
self.assertIs(exec_info.exception.args[0]['changed'], changed)
|
|
|
|
|
|
|
|
def test_create_auth_flow_without_copy(self):
|
|
|
|
"""Add authentication without copy"""
|
|
|
|
|
|
|
|
module_args = {
|
|
|
|
'auth_keycloak_url': 'http://keycloak.url/auth',
|
|
|
|
'auth_username': 'admin',
|
|
|
|
'auth_password': 'admin',
|
|
|
|
'auth_realm': 'master',
|
|
|
|
'realm': 'realm-name',
|
|
|
|
'alias': 'Test create authentication flow copy',
|
|
|
|
'authenticationExecutions': [
|
|
|
|
{
|
|
|
|
'providerId': 'identity-provider-redirector',
|
|
|
|
'requirement': 'ALTERNATIVE',
|
|
|
|
'authenticationConfig': {
|
|
|
|
'alias': 'name',
|
|
|
|
'config': {
|
|
|
|
'defaultProvider': 'value'
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
],
|
|
|
|
'state': 'present',
|
|
|
|
}
|
|
|
|
return_value_auth_flow_before = [{}]
|
|
|
|
return_value_created_empty_flow = [
|
|
|
|
{
|
|
|
|
"alias": "Test of the keycloak_auth module",
|
|
|
|
"authenticationExecutions": [],
|
|
|
|
"builtIn": False,
|
|
|
|
"description": "",
|
|
|
|
"id": "513f5baa-cc42-47bf-b4b6-1d23ccc0a67f",
|
|
|
|
"providerId": "basic-flow",
|
|
|
|
"topLevel": True
|
|
|
|
},
|
|
|
|
]
|
|
|
|
return_value_executions_after = [
|
|
|
|
{
|
|
|
|
'id': 'b678e30c-8469-40a7-8c21-8d0cda76a591',
|
|
|
|
'requirement': 'ALTERNATIVE',
|
|
|
|
'displayName': 'Identity Provider Redirector',
|
|
|
|
'requirementChoices': ['REQUIRED', 'DISABLED'],
|
|
|
|
'configurable': True,
|
|
|
|
'providerId': 'identity-provider-redirector',
|
|
|
|
'level': 0,
|
|
|
|
'index': 0
|
|
|
|
},
|
|
|
|
]
|
|
|
|
changed = True
|
|
|
|
|
|
|
|
set_module_args(module_args)
|
|
|
|
|
|
|
|
# Run the module
|
|
|
|
|
|
|
|
with mock_good_connection():
|
|
|
|
with patch_keycloak_api(get_authentication_flow_by_alias=return_value_auth_flow_before,
|
|
|
|
get_executions_representation=return_value_executions_after, create_empty_auth_flow=return_value_created_empty_flow) \
|
|
|
|
as (mock_get_authentication_flow_by_alias, mock_copy_auth_flow, mock_create_empty_auth_flow,
|
|
|
|
mock_get_executions_representation, mock_delete_authentication_flow_by_id):
|
|
|
|
with self.assertRaises(AnsibleExitJson) as exec_info:
|
|
|
|
self.module.main()
|
|
|
|
|
|
|
|
# Verify number of call on each mock
|
|
|
|
self.assertEqual(len(mock_get_authentication_flow_by_alias.mock_calls), 1)
|
|
|
|
self.assertEqual(len(mock_copy_auth_flow.mock_calls), 0)
|
|
|
|
self.assertEqual(len(mock_create_empty_auth_flow.mock_calls), 1)
|
2021-07-13 12:13:25 +02:00
|
|
|
self.assertEqual(len(mock_get_executions_representation.mock_calls), 3)
|
2021-06-24 19:14:46 +02:00
|
|
|
self.assertEqual(len(mock_delete_authentication_flow_by_id.mock_calls), 0)
|
|
|
|
|
|
|
|
# Verify that the module's changed status matches what is expected
|
|
|
|
self.assertIs(exec_info.exception.args[0]['changed'], changed)
|
|
|
|
|
|
|
|
def test_update_auth_flow_adding_exec(self):
|
|
|
|
"""Update authentication flow by adding execution"""
|
|
|
|
|
|
|
|
module_args = {
|
|
|
|
'auth_keycloak_url': 'http://keycloak.url/auth',
|
|
|
|
'auth_username': 'admin',
|
|
|
|
'auth_password': 'admin',
|
|
|
|
'auth_realm': 'master',
|
|
|
|
'realm': 'realm-name',
|
|
|
|
'alias': 'Test create authentication flow copy',
|
|
|
|
'authenticationExecutions': [
|
|
|
|
{
|
|
|
|
'providerId': 'identity-provider-redirector',
|
|
|
|
'requirement': 'ALTERNATIVE',
|
|
|
|
'authenticationConfig': {
|
|
|
|
'alias': 'name',
|
|
|
|
'config': {
|
|
|
|
'defaultProvider': 'value'
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
],
|
|
|
|
'state': 'present',
|
|
|
|
}
|
|
|
|
return_value_auth_flow_before = [{
|
|
|
|
'id': '71275d5e-e11f-4be4-b119-0abfa87987a4',
|
|
|
|
'alias': 'Test create authentication flow copy',
|
|
|
|
'description': '',
|
|
|
|
'providerId': 'basic-flow',
|
|
|
|
'topLevel': True,
|
|
|
|
'builtIn': False,
|
|
|
|
'authenticationExecutions': [
|
|
|
|
{
|
|
|
|
'authenticator': 'auth-cookie',
|
|
|
|
'requirement': 'ALTERNATIVE',
|
|
|
|
'priority': 0,
|
|
|
|
'userSetupAllowed': False,
|
|
|
|
'autheticatorFlow': False
|
|
|
|
},
|
|
|
|
],
|
|
|
|
}]
|
|
|
|
return_value_executions_after = [
|
|
|
|
{
|
|
|
|
'id': 'b678e30c-8469-40a7-8c21-8d0cda76a591',
|
|
|
|
'requirement': 'DISABLED',
|
|
|
|
'displayName': 'Identity Provider Redirector',
|
|
|
|
'requirementChoices': ['REQUIRED', 'DISABLED'],
|
|
|
|
'configurable': True,
|
|
|
|
'providerId': 'identity-provider-redirector',
|
|
|
|
'level': 0,
|
|
|
|
'index': 0
|
|
|
|
},
|
|
|
|
{
|
|
|
|
'id': 'fdc208e9-c292-48b7-b7d1-1d98315ee893',
|
|
|
|
'requirement': 'ALTERNATIVE',
|
|
|
|
'displayName': 'Cookie',
|
|
|
|
'requirementChoices': [
|
|
|
|
'REQUIRED',
|
|
|
|
'ALTERNATIVE',
|
|
|
|
'DISABLED'
|
|
|
|
],
|
|
|
|
'configurable': False,
|
|
|
|
'providerId': 'auth-cookie',
|
|
|
|
'level': 0,
|
|
|
|
'index': 1
|
|
|
|
},
|
|
|
|
]
|
|
|
|
changed = True
|
|
|
|
|
|
|
|
set_module_args(module_args)
|
|
|
|
|
|
|
|
# Run the module
|
|
|
|
|
|
|
|
with mock_good_connection():
|
|
|
|
with patch_keycloak_api(get_authentication_flow_by_alias=return_value_auth_flow_before,
|
|
|
|
get_executions_representation=return_value_executions_after) \
|
|
|
|
as (mock_get_authentication_flow_by_alias, mock_copy_auth_flow, mock_create_empty_auth_flow,
|
|
|
|
mock_get_executions_representation, mock_delete_authentication_flow_by_id):
|
|
|
|
with self.assertRaises(AnsibleExitJson) as exec_info:
|
|
|
|
self.module.main()
|
|
|
|
|
|
|
|
# Verify number of call on each mock
|
|
|
|
self.assertEqual(len(mock_get_authentication_flow_by_alias.mock_calls), 1)
|
|
|
|
self.assertEqual(len(mock_copy_auth_flow.mock_calls), 0)
|
|
|
|
self.assertEqual(len(mock_create_empty_auth_flow.mock_calls), 0)
|
2021-07-13 12:13:25 +02:00
|
|
|
self.assertEqual(len(mock_get_executions_representation.mock_calls), 3)
|
2021-06-24 19:14:46 +02:00
|
|
|
self.assertEqual(len(mock_delete_authentication_flow_by_id.mock_calls), 0)
|
|
|
|
|
|
|
|
# Verify that the module's changed status matches what is expected
|
|
|
|
self.assertIs(exec_info.exception.args[0]['changed'], changed)
|
|
|
|
|
|
|
|
def test_delete_auth_flow(self):
|
|
|
|
"""Delete authentication flow"""
|
|
|
|
|
|
|
|
module_args = {
|
|
|
|
'auth_keycloak_url': 'http://keycloak.url/auth',
|
|
|
|
'auth_username': 'admin',
|
|
|
|
'auth_password': 'admin',
|
|
|
|
'auth_realm': 'master',
|
|
|
|
'realm': 'realm-name',
|
|
|
|
'alias': 'Test create authentication flow copy',
|
|
|
|
'state': 'absent',
|
|
|
|
}
|
|
|
|
return_value_auth_flow_before = [{
|
|
|
|
'id': '71275d5e-e11f-4be4-b119-0abfa87987a4',
|
|
|
|
'alias': 'Test create authentication flow copy',
|
|
|
|
'description': '',
|
|
|
|
'providerId': 'basic-flow',
|
|
|
|
'topLevel': True,
|
|
|
|
'builtIn': False,
|
|
|
|
'authenticationExecutions': [
|
|
|
|
{
|
|
|
|
'authenticator': 'auth-cookie',
|
|
|
|
'requirement': 'ALTERNATIVE',
|
|
|
|
'priority': 0,
|
|
|
|
'userSetupAllowed': False,
|
|
|
|
'autheticatorFlow': False
|
|
|
|
},
|
|
|
|
],
|
|
|
|
}]
|
|
|
|
changed = True
|
|
|
|
|
|
|
|
set_module_args(module_args)
|
|
|
|
|
|
|
|
# Run the module
|
|
|
|
|
|
|
|
with mock_good_connection():
|
|
|
|
with patch_keycloak_api(get_authentication_flow_by_alias=return_value_auth_flow_before) \
|
|
|
|
as (mock_get_authentication_flow_by_alias, mock_copy_auth_flow, mock_create_empty_auth_flow,
|
|
|
|
mock_get_executions_representation, mock_delete_authentication_flow_by_id):
|
|
|
|
with self.assertRaises(AnsibleExitJson) as exec_info:
|
|
|
|
self.module.main()
|
|
|
|
|
|
|
|
# Verify number of call on each mock
|
|
|
|
self.assertEqual(len(mock_get_authentication_flow_by_alias.mock_calls), 1)
|
|
|
|
self.assertEqual(len(mock_copy_auth_flow.mock_calls), 0)
|
|
|
|
self.assertEqual(len(mock_create_empty_auth_flow.mock_calls), 0)
|
|
|
|
self.assertEqual(len(mock_get_executions_representation.mock_calls), 0)
|
|
|
|
self.assertEqual(len(mock_delete_authentication_flow_by_id.mock_calls), 1)
|
|
|
|
|
|
|
|
# Verify that the module's changed status matches what is expected
|
|
|
|
self.assertIs(exec_info.exception.args[0]['changed'], changed)
|
|
|
|
|
|
|
|
def test_delete_auth_flow_idempotency(self):
|
|
|
|
"""Delete second time authentication flow to test idempotency"""
|
|
|
|
|
|
|
|
module_args = {
|
|
|
|
'auth_keycloak_url': 'http://keycloak.url/auth',
|
|
|
|
'auth_username': 'admin',
|
|
|
|
'auth_password': 'admin',
|
|
|
|
'auth_realm': 'master',
|
|
|
|
'realm': 'realm-name',
|
|
|
|
'alias': 'Test create authentication flow copy',
|
|
|
|
'state': 'absent',
|
|
|
|
}
|
|
|
|
return_value_auth_flow_before = [{}]
|
|
|
|
changed = False
|
|
|
|
|
|
|
|
set_module_args(module_args)
|
|
|
|
|
|
|
|
# Run the module
|
|
|
|
|
|
|
|
with mock_good_connection():
|
|
|
|
with patch_keycloak_api(get_authentication_flow_by_alias=return_value_auth_flow_before) \
|
|
|
|
as (mock_get_authentication_flow_by_alias, mock_copy_auth_flow, mock_create_empty_auth_flow,
|
|
|
|
mock_get_executions_representation, mock_delete_authentication_flow_by_id):
|
|
|
|
with self.assertRaises(AnsibleExitJson) as exec_info:
|
|
|
|
self.module.main()
|
|
|
|
|
|
|
|
# Verify number of call on each mock
|
|
|
|
self.assertEqual(len(mock_get_authentication_flow_by_alias.mock_calls), 1)
|
|
|
|
self.assertEqual(len(mock_copy_auth_flow.mock_calls), 0)
|
|
|
|
self.assertEqual(len(mock_create_empty_auth_flow.mock_calls), 0)
|
|
|
|
self.assertEqual(len(mock_get_executions_representation.mock_calls), 0)
|
|
|
|
self.assertEqual(len(mock_delete_authentication_flow_by_id.mock_calls), 0)
|
|
|
|
|
|
|
|
# Verify that the module's changed status matches what is expected
|
|
|
|
self.assertIs(exec_info.exception.args[0]['changed'], changed)
|
|
|
|
|
|
|
|
def test_force_update_auth_flow(self):
|
|
|
|
"""Delete authentication flow and create new one"""
|
|
|
|
|
|
|
|
module_args = {
|
|
|
|
'auth_keycloak_url': 'http://keycloak.url/auth',
|
|
|
|
'auth_username': 'admin',
|
|
|
|
'auth_password': 'admin',
|
|
|
|
'auth_realm': 'master',
|
|
|
|
'realm': 'realm-name',
|
|
|
|
'alias': 'Test create authentication flow copy',
|
|
|
|
'authenticationExecutions': [
|
|
|
|
{
|
|
|
|
'providerId': 'identity-provider-redirector',
|
|
|
|
'requirement': 'ALTERNATIVE',
|
|
|
|
'authenticationConfig': {
|
|
|
|
'alias': 'name',
|
|
|
|
'config': {
|
|
|
|
'defaultProvider': 'value'
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
],
|
|
|
|
'state': 'present',
|
|
|
|
'force': 'yes',
|
|
|
|
}
|
|
|
|
return_value_auth_flow_before = [{
|
|
|
|
'id': '71275d5e-e11f-4be4-b119-0abfa87987a4',
|
|
|
|
'alias': 'Test create authentication flow copy',
|
|
|
|
'description': '',
|
|
|
|
'providerId': 'basic-flow',
|
|
|
|
'topLevel': True,
|
|
|
|
'builtIn': False,
|
|
|
|
'authenticationExecutions': [
|
|
|
|
{
|
|
|
|
'authenticator': 'auth-cookie',
|
|
|
|
'requirement': 'ALTERNATIVE',
|
|
|
|
'priority': 0,
|
|
|
|
'userSetupAllowed': False,
|
|
|
|
'autheticatorFlow': False
|
|
|
|
},
|
|
|
|
],
|
|
|
|
}]
|
|
|
|
return_value_created_empty_flow = [
|
|
|
|
{
|
|
|
|
"alias": "Test of the keycloak_auth module",
|
|
|
|
"authenticationExecutions": [],
|
|
|
|
"builtIn": False,
|
|
|
|
"description": "",
|
|
|
|
"id": "513f5baa-cc42-47bf-b4b6-1d23ccc0a67f",
|
|
|
|
"providerId": "basic-flow",
|
|
|
|
"topLevel": True
|
|
|
|
},
|
|
|
|
]
|
|
|
|
return_value_executions_after = [
|
|
|
|
{
|
|
|
|
'id': 'b678e30c-8469-40a7-8c21-8d0cda76a591',
|
|
|
|
'requirement': 'DISABLED',
|
|
|
|
'displayName': 'Identity Provider Redirector',
|
|
|
|
'requirementChoices': ['REQUIRED', 'DISABLED'],
|
|
|
|
'configurable': True,
|
|
|
|
'providerId': 'identity-provider-redirector',
|
|
|
|
'level': 0,
|
|
|
|
'index': 0
|
|
|
|
},
|
|
|
|
]
|
|
|
|
changed = True
|
|
|
|
|
|
|
|
set_module_args(module_args)
|
|
|
|
|
|
|
|
# Run the module
|
|
|
|
|
|
|
|
with mock_good_connection():
|
|
|
|
with patch_keycloak_api(get_authentication_flow_by_alias=return_value_auth_flow_before,
|
|
|
|
get_executions_representation=return_value_executions_after, create_empty_auth_flow=return_value_created_empty_flow) \
|
|
|
|
as (mock_get_authentication_flow_by_alias, mock_copy_auth_flow, mock_create_empty_auth_flow,
|
|
|
|
mock_get_executions_representation, mock_delete_authentication_flow_by_id):
|
|
|
|
with self.assertRaises(AnsibleExitJson) as exec_info:
|
|
|
|
self.module.main()
|
|
|
|
|
|
|
|
# Verify number of call on each mock
|
|
|
|
self.assertEqual(len(mock_get_authentication_flow_by_alias.mock_calls), 1)
|
|
|
|
self.assertEqual(len(mock_copy_auth_flow.mock_calls), 0)
|
|
|
|
self.assertEqual(len(mock_create_empty_auth_flow.mock_calls), 1)
|
2021-07-13 12:13:25 +02:00
|
|
|
self.assertEqual(len(mock_get_executions_representation.mock_calls), 3)
|
2021-06-24 19:14:46 +02:00
|
|
|
self.assertEqual(len(mock_delete_authentication_flow_by_id.mock_calls), 1)
|
|
|
|
|
|
|
|
# Verify that the module's changed status matches what is expected
|
|
|
|
self.assertIs(exec_info.exception.args[0]['changed'], changed)
|
|
|
|
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
unittest.main()
|