✅ [#125] Add/update tests for changed setup config format

maykinmedia · Dec 9, 2024 · 67c83fd · 67c83fd
1 parent 89c38ab
commit 67c83fd
Show file tree

Hide file tree

Showing 9 changed files with 150 additions and 73 deletions.
diff --git a/tests/setupconfig/conftest.py b/tests/setupconfig/conftest.py
@@ -43,6 +43,16 @@ def sync_groups_config_yml():
     return "tests/setupconfig/files/sync_groups.yml"
 
 
+@pytest.fixture()
+def multiple_configs_yml():
+    return "tests/setupconfig/files/multiple_configs.yml"
+
+
+@pytest.fixture()
+def missing_identifier_yml():
+    return "tests/setupconfig/files/missing_identifier.yml"
+
+
 @pytest.fixture
 def set_config_to_non_default_values():
     """

diff --git a/tests/setupconfig/files/defaults.yml b/tests/setupconfig/files/defaults.yml
@@ -1,8 +1,10 @@
 oidc_db_config_enable: True
 oidc_db_config_admin_auth:
-  oidc_rp_client_id: client-id
-  oidc_rp_client_secret: secret
-  endpoint_config:
-    oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth
-    oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token
-    oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo
+  items:
+  - identifier: admin-oidc
+    oidc_rp_client_id: client-id
+    oidc_rp_client_secret: secret
+    endpoint_config:
+      oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth
+      oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token
+      oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo
diff --git a/tests/setupconfig/files/discovery.yml b/tests/setupconfig/files/discovery.yml
@@ -1,6 +1,8 @@
 oidc_db_config_enable: True
 oidc_db_config_admin_auth:
-  oidc_rp_client_id: testid
-  oidc_rp_client_secret: 7DB3KUAAizYCcmZufpHRVOcD0TOkNO3I
-  endpoint_config:
-    oidc_op_discovery_endpoint: http://localhost:8080/realms/test/
+  items:
+  - identifier: admin-oidc
+    oidc_rp_client_id: testid
+    oidc_rp_client_secret: 7DB3KUAAizYCcmZufpHRVOcD0TOkNO3I
+    endpoint_config:
+      oidc_op_discovery_endpoint: http://localhost:8080/realms/test/
diff --git a/tests/setupconfig/files/full_setup.yml b/tests/setupconfig/files/full_setup.yml
@@ -1,37 +1,39 @@
 oidc_db_config_enable: True
 oidc_db_config_admin_auth:
-  enabled: False
-  oidc_rp_client_id: client-id
-  oidc_rp_client_secret: secret
-  oidc_rp_scopes_list:
-  - open_id
-  - email
-  - profile
-  - extra_scope
-  oidc_rp_sign_algo: RS256
-  oidc_rp_idp_sign_key: key
-  oidc_op_jwks_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/certs
-  endpoint_config:
-      oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth
-      oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token
-      oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo
-  username_claim:
-  - claim_name
-  groups_claim:
-  - groups_claim_name
-  claim_mapping:
-    first_name:
-    - given_name
-  sync_groups: false
-  sync_groups_glob_pattern: local.groups.*
-  default_groups:
-  - local.groups.Admins
-  - local.groups.Read-only
-  make_users_staff: true
-  superuser_group_names:
-  - superuser
-  oidc_use_nonce: false
-  oidc_nonce_size: 48
-  oidc_state_size: 48
-  userinfo_claims_source: id_token
+  items:
+  - identifier: admin-oidc
+    enabled: False
+    oidc_rp_client_id: client-id
+    oidc_rp_client_secret: secret
+    oidc_rp_scopes_list:
+    - open_id
+    - email
+    - profile
+    - extra_scope
+    oidc_rp_sign_algo: RS256
+    oidc_rp_idp_sign_key: key
+    oidc_op_jwks_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/certs
+    endpoint_config:
+        oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth
+        oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token
+        oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo
+    username_claim:
+    - claim_name
+    groups_claim:
+    - groups_claim_name
+    claim_mapping:
+      first_name:
+      - given_name
+    sync_groups: false
+    sync_groups_glob_pattern: local.groups.*
+    default_groups:
+    - local.groups.Admins
+    - local.groups.Read-only
+    make_users_staff: true
+    superuser_group_names:
+    - superuser
+    oidc_use_nonce: false
+    oidc_nonce_size: 48
+    oidc_state_size: 48
+    userinfo_claims_source: id_token
 
diff --git a/tests/setupconfig/files/missing_identifier.yml b/tests/setupconfig/files/missing_identifier.yml
@@ -0,0 +1,9 @@
+oidc_db_config_enable: True
+oidc_db_config_admin_auth:
+  items:
+  - oidc_rp_client_id: client-id
+    oidc_rp_client_secret: secret
+    endpoint_config:
+      oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth
+      oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token
+      oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo
diff --git a/tests/setupconfig/files/multiple_configs.yml b/tests/setupconfig/files/multiple_configs.yml
@@ -0,0 +1,17 @@
+oidc_db_config_enable: True
+oidc_db_config_admin_auth:
+  items:
+  - identifier: admin-oidc
+    oidc_rp_client_id: client-id
+    oidc_rp_client_secret: secret
+    endpoint_config:
+      oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth
+      oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token
+      oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo
+  - identifier: admin-oidc
+    oidc_rp_client_id: client-id2
+    oidc_rp_client_secret: secret2
+    endpoint_config:
+      oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth
+      oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token
+      oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo
diff --git a/tests/setupconfig/files/no_sync_groups.yml b/tests/setupconfig/files/no_sync_groups.yml
@@ -1,12 +1,14 @@
 oidc_db_config_enable: True
 oidc_db_config_admin_auth:
-  oidc_rp_client_id: client-id
-  oidc_rp_client_secret: secret
-  endpoint_config:
-    oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth
-    oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token
-    oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo
-  sync_groups: false
-  default_groups:
-    - SuperAdmins
-    - NormalUsers
+  items:
+  - identifier: admin-oidc
+    oidc_rp_client_id: client-id
+    oidc_rp_client_secret: secret
+    endpoint_config:
+      oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth
+      oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token
+      oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo
+    sync_groups: false
+    default_groups:
+      - SuperAdmins
+      - NormalUsers
diff --git a/tests/setupconfig/files/sync_groups.yml b/tests/setupconfig/files/sync_groups.yml
@@ -1,15 +1,17 @@
 oidc_db_config_enable: True
 oidc_db_config_admin_auth:
-  oidc_rp_client_id: client-id
-  oidc_rp_client_secret: secret
-  endpoint_config:
-    oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth
-    oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token
-    oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo
-  sync_groups: true
-  sync_groups_glob_pattern: local.groups.*
-  default_groups:
-    - local.groups.SuperAdmins
-    - local.WeirdAdmins
-    - local.groups.NormalUsers
-    - local.WeirdUsers
+  items:
+  - identifier: admin-oidc
+    oidc_rp_client_id: client-id
+    oidc_rp_client_secret: secret
+    endpoint_config:
+      oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth
+      oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token
+      oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo
+    sync_groups: true
+    sync_groups_glob_pattern: local.groups.*
+    default_groups:
+      - local.groups.SuperAdmins
+      - local.WeirdAdmins
+      - local.groups.NormalUsers
+      - local.WeirdUsers
diff --git a/tests/setupconfig/test_steps.py b/tests/setupconfig/test_steps.py
@@ -2,7 +2,10 @@
 
 import pytest
 import requests
-from django_setup_configuration.exceptions import ConfigurationRunFailed
+from django_setup_configuration.exceptions import (
+    ConfigurationRunFailed,
+    PrerequisiteFailed,
+)
 from django_setup_configuration.test_utils import execute_single_step
 
 from mozilla_django_oidc_db.models import (
@@ -244,6 +247,30 @@ def test_configure_discovery_failure(
     assert config.oidc_op_discovery_endpoint == ""
 
 
+@pytest.mark.django_db
+def test_configure_fails_with_multiple_configs(multiple_configs_yml):
+    with pytest.raises(ConfigurationRunFailed) as excinfo:
+        execute_single_step(
+            AdminOIDCConfigurationStep, yaml_source=multiple_configs_yml
+        )
+    assert str(excinfo.value) == "You must specify exactly one OIDC configuration"
+
+    config = OpenIDConnectConfig.get_solo()
+    assert not config.enabled
+
+
+@pytest.mark.django_db
+def test_configure_fails_without_identifier(missing_identifier_yml):
+    with pytest.raises(PrerequisiteFailed) as excinfo:
+        execute_single_step(
+            AdminOIDCConfigurationStep, yaml_source=missing_identifier_yml
+        )
+    assert "oidc_db_config_admin_auth.items.0.identifier" in str(excinfo.value)
+
+    config = OpenIDConnectConfig.get_solo()
+    assert not config.enabled
+
+
 @pytest.mark.django_db
 def test_sync_groups_is_false(no_sync_groups_config_yml):
     # create groups so they can be found
@@ -253,8 +280,10 @@ def test_sync_groups_is_false(no_sync_groups_config_yml):
         AdminOIDCConfigurationStep, yaml_source=no_sync_groups_config_yml
     )
 
-    assert not result.config_model.sync_groups
-    assert result.config_model.default_groups == ["SuperAdmins", "NormalUsers"]
+    config_model = result.config_model.items[0]
+
+    assert not config_model.sync_groups
+    assert config_model.default_groups == ["SuperAdmins", "NormalUsers"]
 
     config = OpenIDConnectConfig.get_solo()
     assert config.default_groups.all().count() == 1
@@ -271,14 +300,16 @@ def test_sync_groups_is_true(sync_groups_config_yml):
         AdminOIDCConfigurationStep, yaml_source=sync_groups_config_yml
     )
 
-    assert result.config_model.sync_groups
-    assert result.config_model.default_groups == [
+    config_model = result.config_model.items[0]
+
+    assert config_model.sync_groups
+    assert config_model.default_groups == [
         "local.groups.SuperAdmins",
         "local.WeirdAdmins",
         "local.groups.NormalUsers",
         "local.WeirdUsers",
     ]
-    assert result.config_model.sync_groups_glob_pattern == "local.groups.*"
+    assert config_model.sync_groups_glob_pattern == "local.groups.*"
 
     config = OpenIDConnectConfig.get_solo()
     assert config.default_groups.all().count() == 3