diff --git a/tests/setupconfig/conftest.py b/tests/setupconfig/conftest.py index bf80e86..9a16f26 100644 --- a/tests/setupconfig/conftest.py +++ b/tests/setupconfig/conftest.py @@ -43,6 +43,16 @@ def sync_groups_config_yml(): return "tests/setupconfig/files/sync_groups.yml" +@pytest.fixture() +def multiple_configs_yml(): + return "tests/setupconfig/files/multiple_configs.yml" + + +@pytest.fixture() +def missing_identifier_yml(): + return "tests/setupconfig/files/missing_identifier.yml" + + @pytest.fixture def set_config_to_non_default_values(): """ diff --git a/tests/setupconfig/files/defaults.yml b/tests/setupconfig/files/defaults.yml index 889c392..18fb301 100644 --- a/tests/setupconfig/files/defaults.yml +++ b/tests/setupconfig/files/defaults.yml @@ -1,8 +1,10 @@ oidc_db_config_enable: True oidc_db_config_admin_auth: - oidc_rp_client_id: client-id - oidc_rp_client_secret: secret - endpoint_config: - oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth - oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token - oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo + items: + - identifier: admin-oidc + oidc_rp_client_id: client-id + oidc_rp_client_secret: secret + endpoint_config: + oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth + oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token + oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo diff --git a/tests/setupconfig/files/discovery.yml b/tests/setupconfig/files/discovery.yml index be8b924..0f62ce9 100644 --- a/tests/setupconfig/files/discovery.yml +++ b/tests/setupconfig/files/discovery.yml @@ -1,6 +1,8 @@ oidc_db_config_enable: True oidc_db_config_admin_auth: - oidc_rp_client_id: testid - oidc_rp_client_secret: 7DB3KUAAizYCcmZufpHRVOcD0TOkNO3I - endpoint_config: - oidc_op_discovery_endpoint: http://localhost:8080/realms/test/ + items: + - identifier: admin-oidc + oidc_rp_client_id: testid + oidc_rp_client_secret: 7DB3KUAAizYCcmZufpHRVOcD0TOkNO3I + endpoint_config: + oidc_op_discovery_endpoint: http://localhost:8080/realms/test/ diff --git a/tests/setupconfig/files/full_setup.yml b/tests/setupconfig/files/full_setup.yml index 0a4a63f..dbdd1e6 100644 --- a/tests/setupconfig/files/full_setup.yml +++ b/tests/setupconfig/files/full_setup.yml @@ -1,37 +1,39 @@ oidc_db_config_enable: True oidc_db_config_admin_auth: - enabled: False - oidc_rp_client_id: client-id - oidc_rp_client_secret: secret - oidc_rp_scopes_list: - - open_id - - email - - profile - - extra_scope - oidc_rp_sign_algo: RS256 - oidc_rp_idp_sign_key: key - oidc_op_jwks_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/certs - endpoint_config: - oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth - oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token - oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo - username_claim: - - claim_name - groups_claim: - - groups_claim_name - claim_mapping: - first_name: - - given_name - sync_groups: false - sync_groups_glob_pattern: local.groups.* - default_groups: - - local.groups.Admins - - local.groups.Read-only - make_users_staff: true - superuser_group_names: - - superuser - oidc_use_nonce: false - oidc_nonce_size: 48 - oidc_state_size: 48 - userinfo_claims_source: id_token + items: + - identifier: admin-oidc + enabled: False + oidc_rp_client_id: client-id + oidc_rp_client_secret: secret + oidc_rp_scopes_list: + - open_id + - email + - profile + - extra_scope + oidc_rp_sign_algo: RS256 + oidc_rp_idp_sign_key: key + oidc_op_jwks_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/certs + endpoint_config: + oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth + oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token + oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo + username_claim: + - claim_name + groups_claim: + - groups_claim_name + claim_mapping: + first_name: + - given_name + sync_groups: false + sync_groups_glob_pattern: local.groups.* + default_groups: + - local.groups.Admins + - local.groups.Read-only + make_users_staff: true + superuser_group_names: + - superuser + oidc_use_nonce: false + oidc_nonce_size: 48 + oidc_state_size: 48 + userinfo_claims_source: id_token diff --git a/tests/setupconfig/files/missing_identifier.yml b/tests/setupconfig/files/missing_identifier.yml new file mode 100644 index 0000000..c3c51f3 --- /dev/null +++ b/tests/setupconfig/files/missing_identifier.yml @@ -0,0 +1,9 @@ +oidc_db_config_enable: True +oidc_db_config_admin_auth: + items: + - oidc_rp_client_id: client-id + oidc_rp_client_secret: secret + endpoint_config: + oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth + oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token + oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo diff --git a/tests/setupconfig/files/multiple_configs.yml b/tests/setupconfig/files/multiple_configs.yml new file mode 100644 index 0000000..a3b0a09 --- /dev/null +++ b/tests/setupconfig/files/multiple_configs.yml @@ -0,0 +1,17 @@ +oidc_db_config_enable: True +oidc_db_config_admin_auth: + items: + - identifier: admin-oidc + oidc_rp_client_id: client-id + oidc_rp_client_secret: secret + endpoint_config: + oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth + oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token + oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo + - identifier: admin-oidc + oidc_rp_client_id: client-id2 + oidc_rp_client_secret: secret2 + endpoint_config: + oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth + oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token + oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo diff --git a/tests/setupconfig/files/no_sync_groups.yml b/tests/setupconfig/files/no_sync_groups.yml index 590e699..e67f658 100644 --- a/tests/setupconfig/files/no_sync_groups.yml +++ b/tests/setupconfig/files/no_sync_groups.yml @@ -1,12 +1,14 @@ oidc_db_config_enable: True oidc_db_config_admin_auth: - oidc_rp_client_id: client-id - oidc_rp_client_secret: secret - endpoint_config: - oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth - oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token - oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo - sync_groups: false - default_groups: - - SuperAdmins - - NormalUsers + items: + - identifier: admin-oidc + oidc_rp_client_id: client-id + oidc_rp_client_secret: secret + endpoint_config: + oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth + oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token + oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo + sync_groups: false + default_groups: + - SuperAdmins + - NormalUsers diff --git a/tests/setupconfig/files/sync_groups.yml b/tests/setupconfig/files/sync_groups.yml index 291eb6a..66f9f1a 100644 --- a/tests/setupconfig/files/sync_groups.yml +++ b/tests/setupconfig/files/sync_groups.yml @@ -1,15 +1,17 @@ oidc_db_config_enable: True oidc_db_config_admin_auth: - oidc_rp_client_id: client-id - oidc_rp_client_secret: secret - endpoint_config: - oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth - oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token - oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo - sync_groups: true - sync_groups_glob_pattern: local.groups.* - default_groups: - - local.groups.SuperAdmins - - local.WeirdAdmins - - local.groups.NormalUsers - - local.WeirdUsers + items: + - identifier: admin-oidc + oidc_rp_client_id: client-id + oidc_rp_client_secret: secret + endpoint_config: + oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth + oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token + oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo + sync_groups: true + sync_groups_glob_pattern: local.groups.* + default_groups: + - local.groups.SuperAdmins + - local.WeirdAdmins + - local.groups.NormalUsers + - local.WeirdUsers diff --git a/tests/setupconfig/test_steps.py b/tests/setupconfig/test_steps.py index 9943c1f..538a78e 100644 --- a/tests/setupconfig/test_steps.py +++ b/tests/setupconfig/test_steps.py @@ -2,7 +2,10 @@ import pytest import requests -from django_setup_configuration.exceptions import ConfigurationRunFailed +from django_setup_configuration.exceptions import ( + ConfigurationRunFailed, + PrerequisiteFailed, +) from django_setup_configuration.test_utils import execute_single_step from mozilla_django_oidc_db.models import ( @@ -244,6 +247,30 @@ def test_configure_discovery_failure( assert config.oidc_op_discovery_endpoint == "" +@pytest.mark.django_db +def test_configure_fails_with_multiple_configs(multiple_configs_yml): + with pytest.raises(ConfigurationRunFailed) as excinfo: + execute_single_step( + AdminOIDCConfigurationStep, yaml_source=multiple_configs_yml + ) + assert str(excinfo.value) == "You must specify exactly one OIDC configuration" + + config = OpenIDConnectConfig.get_solo() + assert not config.enabled + + +@pytest.mark.django_db +def test_configure_fails_without_identifier(missing_identifier_yml): + with pytest.raises(PrerequisiteFailed) as excinfo: + execute_single_step( + AdminOIDCConfigurationStep, yaml_source=missing_identifier_yml + ) + assert "oidc_db_config_admin_auth.items.0.identifier" in str(excinfo.value) + + config = OpenIDConnectConfig.get_solo() + assert not config.enabled + + @pytest.mark.django_db def test_sync_groups_is_false(no_sync_groups_config_yml): # create groups so they can be found @@ -253,8 +280,10 @@ def test_sync_groups_is_false(no_sync_groups_config_yml): AdminOIDCConfigurationStep, yaml_source=no_sync_groups_config_yml ) - assert not result.config_model.sync_groups - assert result.config_model.default_groups == ["SuperAdmins", "NormalUsers"] + config_model = result.config_model.items[0] + + assert not config_model.sync_groups + assert config_model.default_groups == ["SuperAdmins", "NormalUsers"] config = OpenIDConnectConfig.get_solo() assert config.default_groups.all().count() == 1 @@ -271,14 +300,16 @@ def test_sync_groups_is_true(sync_groups_config_yml): AdminOIDCConfigurationStep, yaml_source=sync_groups_config_yml ) - assert result.config_model.sync_groups - assert result.config_model.default_groups == [ + config_model = result.config_model.items[0] + + assert config_model.sync_groups + assert config_model.default_groups == [ "local.groups.SuperAdmins", "local.WeirdAdmins", "local.groups.NormalUsers", "local.WeirdUsers", ] - assert result.config_model.sync_groups_glob_pattern == "local.groups.*" + assert config_model.sync_groups_glob_pattern == "local.groups.*" config = OpenIDConnectConfig.get_solo() assert config.default_groups.all().count() == 3