IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
9cc703fd0ed1afc24dc865ed967264c7f7340ac7
freeipa/ipatests/pytest_ipa/integration/create_quarkus.py
Anuja More 9cc703fd0e ipatests: Add integration tests for External IdP support 
Tests for [RFE]: Added integration tests for external IdP
authentication with keycloak-17 as identity provider.

Related : https://pagure.io/freeipa/issue/8805
Related: https://pagure.io/freeipa/issue/8803
Related: https://pagure.io/freeipa/issue/8804

Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
2022-05-23 08:38:40 +03:00

160 lines
6.1 KiB
Python
Raw Blame History

import os
import textwrap
import time
from ipaplatform.paths import paths
from ipatests.pytest_ipa.integration import tasks
def setup_keycloakserver(host, version='17.0.0'):
dir = "/opt/keycloak"
password = host.config.admin_password
tasks.install_packages(host, ["unzip", "java-11-openjdk-headless",
"openssl", "maven", "wget",
"firefox", "xorg-x11-server-Xvfb"])
# add keycloak system user/group and folder
url = "https://github.com/keycloak/keycloak/releases/download/{0}/keycloak-{0}.zip".format(version) # noqa: E501
host.run_command(["wget", url, "-O", "{0}-{1}.zip".format(dir, version)])
host.run_command(
["unzip", "{0}-{1}.zip".format(dir, version), "-d", "/opt/"]
)
host.run_command(["mv", "{0}-{1}".format(dir, version), dir])
host.run_command(["groupadd", "keycloak"])
host.run_command(
["useradd", "-r", "-g", "keycloak", "-d", dir, "keycloak"]
)
host.run_command(["chown", "-R", "keycloak:", dir])
host.run_command(["chmod", "o+x", "{0}/bin/".format(dir)])
host.run_command(["restorecon", "-R", dir])
# setup TLS certificate using IPA CA
host.run_command(["kinit", "-k"])
host.run_command(["ipa", "service-add", "HTTP/{0}".format(host.hostname)])
key = os.path.join(paths.OPENSSL_PRIVATE_DIR, "keycloak.key")
crt = os.path.join(paths.OPENSSL_PRIVATE_DIR, "keycloak.crt")
keystore = os.path.join(paths.OPENSSL_PRIVATE_DIR, "keycloak.store")
host.run_command(["ipa-getcert", "request", "-K",
"HTTP/{0}".format(host.hostname),
"-D", host.hostname, "-o", "keycloak",
"-O", "keycloak", "-m", "0600",
"-M", "0644",
"-k", key, "-f", crt, "-w"])
host.run_command(["keytool", "-import", "-keystore", keystore,
"-file", "/etc/ipa/ca.crt",
"-alias", "ipa_ca",
"-trustcacerts", "-storepass", password, "-noprompt"])
host.run_command(["chown", "keycloak:keycloak", keystore])
# Setup keycloak service and config files
contents = textwrap.dedent("""
KEYCLOAK_ADMIN=admin
KEYCLOAK_ADMIN_PASSWORD={admin_pswd}
KC_HOSTNAME={host}:8443
KC_HTTPS_CERTIFICATE_FILE={crt}
KC_HTTPS_CERTIFICATE_KEY_FILE={key}
KC_HTTPS_TRUST_STORE_FILE={store}
KC_HTTPS_TRUST_STORE_PASSWORD={store_pswd}
KC_HTTP_RELATIVE_PATH=/auth
""").format(admin_pswd=password, host=host.hostname, crt=crt, key=key,
store=keystore, store_pswd=password)
host.put_file_contents("/etc/sysconfig/keycloak", contents)
contents = textwrap.dedent("""
[Unit]
Description=Keycloak Server
After=network.target
[Service]
Type=idle
EnvironmentFile=/etc/sysconfig/keycloak
User=keycloak
Group=keycloak
ExecStart=/opt/keycloak/bin/kc.sh start
TimeoutStartSec=600
TimeoutStopSec=600
[Install]
WantedBy=multi-user.target
""")
host.put_file_contents("/etc/systemd/system/keycloak.service", contents)
host.run_command(["systemctl", "daemon-reload"])
# Run build stage first
env_vars = textwrap.dedent("""
export KEYCLOAK_ADMIN=admin
export KC_HOSTNAME={hostname}:8443
export KC_HTTPS_CERTIFICATE_FILE=/etc/pki/tls/certs/keycloak.crt
export KC_HTTPS_CERTIFICATE_KEY_FILE=/etc/pki/tls/private/keycloak.key
export KC_HTTPS_TRUST_STORE_FILE=/etc/pki/tls/private/keycloak.store
export KC_HTTPS_TRUST_STORE_PASSWORD={STORE_PASS}
export KEYCLOAK_ADMIN_PASSWORD={ADMIN_PASS}
export KC_HTTP_RELATIVE_PATH=/auth
""").format(hostname=host.hostname, STORE_PASS=password,
ADMIN_PASS=password)
content = host.get_file_contents('/etc/bashrc',
encoding='utf-8')
new_content = content + "\n{}".format(env_vars)
host.put_file_contents('/etc/bashrc', new_content)
host.run_command(['bash'])
host.run_command(
['su', '-', 'keycloak', '-c', '/opt/keycloak/bin/kc.sh build'])
host.run_command(["systemctl", "start", "keycloak"])
host.run_command(["/opt/keycloak/bin/kc.sh", "show-config"])
# Setup keycloak for use:
kcadmin_sh = "/opt/keycloak/bin/kcadm.sh"
host.run_command([kcadmin_sh, "config", "truststore",
"--trustpass", password, keystore])
kcadmin = [kcadmin_sh, "config", "credentials", "--server",
"https://{0}:8443/auth/".format(host.hostname),
"--realm", "master", "--user", "admin",
"--password", password
]
tasks.run_repeatedly(
host, kcadmin, timeout=60)
host.run_command(
[kcadmin_sh, "create", "users", "-r", "master",
"-s", "username=testuser1", "-s", "enabled=true",
"-s", "email=testuser1@ipa.test"]
)
host.run_command(
[kcadmin_sh, "set-password", "-r", "master",
"--username", "testuser1", "--new-password", password]
)
def setup_keycloak_client(host):
password = host.config.admin_password
host.run_command(["/opt/keycloak/bin/kcreg.sh",
"config", "credentials", "--server",
"https://{0}:8443/auth/".format(host.hostname),
"--realm", "master", "--user", "admin",
"--password", password]
)
client_json = textwrap.dedent("""
{{
"enabled" : true,
"clientAuthenticatorType" : "client-secret",
"redirectUris" : [ "https://ipa-ca.{redirect}/ipa/idp/*" ],
"webOrigins" : [ "https://ipa-ca.{web}" ],
"protocol" : "openid-connect",
"attributes" : {{
"oauth2.device.authorization.grant.enabled" : "true",
"oauth2.device.polling.interval": "5"
}}
}}
""").format(redirect=host.domain.name, web=host.domain.name)
host.put_file_contents("/tmp/ipa_client.json", client_json)
host.run_command(["/opt/keycloak/bin/kcreg.sh", "create",
"-f", "/tmp/ipa_client.json",
"-s", "clientId=ipa_oidc_client",
"-s", "secret={0}".format(password)]
)
time.sleep(60)
Reference in New Issue View Git Blame Copy Permalink