Create dedicate multi-oauth setup
This commit is contained in:
Marcial Rosales
parent
982e8a237b
commit
2a3c8ec1e9
|
|
@ -0,0 +1,42 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
KEYCLOAK_DOCKER_IMAGE=quay.io/keycloak/keycloak:20.0
|
||||
|
||||
init_devkeycloak() {
|
||||
DEVKEYCLOAK_CONFIG_PATH=${DEVKEYCLOAK_CONFIG_PATH:-multi-oauth/devkeycloak}
|
||||
DEVKEYCLOAK_CONFIG_DIR=$(realpath ${TEST_DIR}/${DEVKEYCLOAK_CONFIG_PATH})
|
||||
|
||||
print "> DEVKEYCLOAK_CONFIG_DIR: ${DEVKEYCLOAK_CONFIG_DIR}"
|
||||
print "> DEVKEYCLOAK_URL: ${DEVKEYCLOAK_URL}"
|
||||
print "> DEVKEYCLOAK_DOCKER_IMAGE: ${KEYCLOAK_DOCKER_IMAGE}"
|
||||
}
|
||||
start_devkeycloak() {
|
||||
begin "Starting devkeycloak ..."
|
||||
|
||||
init_devkeycloak
|
||||
kill_container_if_exist devkeycloak
|
||||
|
||||
MOUNT_DEVKEYCLOAK_CONF_DIR=$CONF_DIR/devkeycloak
|
||||
|
||||
mkdir -p $MOUNT_DEVKEYCLOAK_CONF_DIR
|
||||
${BIN_DIR}/gen-keycloak-json ${DEVKEYCLOAK_CONFIG_DIR} "dev-realm" $ENV_FILE $MOUNT_DEVKEYCLOAK_CONF_DIR/dev-realm.json
|
||||
print "> EFFECTIVE DEVKEYCLOAK_CONFIG_FILE: $MOUNT_DEVKEYCLOAK_CONF_DIR/dev-realm.json"
|
||||
cp ${DEVKEYCLOAK_CONFIG_DIR}/*.pem $MOUNT_DEVKEYCLOAK_CONF_DIR
|
||||
|
||||
docker run \
|
||||
--detach \
|
||||
--name devkeycloak \
|
||||
--net ${DOCKER_NETWORK} \
|
||||
--publish 8082:8080 \
|
||||
--publish 8442:8442 \
|
||||
--env KEYCLOAK_ADMIN=admin \
|
||||
--env KEYCLOAK_ADMIN_PASSWORD=admin \
|
||||
--mount type=bind,source=${MOUNT_DEVKEYCLOAK_CONF_DIR},target=/opt/keycloak/data/import/ \
|
||||
${KEYCLOAK_DOCKER_IMAGE} start-dev --import-realm \
|
||||
--https-certificate-file=/opt/keycloak/data/import/server_devkeycloak_certificate.pem \
|
||||
--https-certificate-key-file=/opt/keycloak/data/import/server_devkeycloak_key.pem \
|
||||
--hostname=devkeycloak --hostname-admin=devkeycloak --https-port=8442
|
||||
|
||||
wait_for_oidc_endpoint devkeycloak $DEVKEYCLOAK_URL $MOUNT_DEVKEYCLOAK_CONF_DIR/ca_certificate.pem
|
||||
end "devkeycloak is ready"
|
||||
}
|
||||
|
|
@ -20,7 +20,7 @@ start_keycloak() {
|
|||
MOUNT_KEYCLOAK_CONF_DIR=$CONF_DIR/keycloak
|
||||
|
||||
mkdir -p $MOUNT_KEYCLOAK_CONF_DIR
|
||||
${BIN_DIR}/gen-keycloak-json ${KEYCLOAK_CONFIG_DIR} $ENV_FILE $MOUNT_KEYCLOAK_CONF_DIR/test-realm.json
|
||||
${BIN_DIR}/gen-keycloak-json ${KEYCLOAK_CONFIG_DIR} "test-realm" $ENV_FILE $MOUNT_KEYCLOAK_CONF_DIR/test-realm.json
|
||||
print "> EFFECTIVE KEYCLOAK_CONFIG_FILE: $MOUNT_KEYCLOAK_CONF_DIR/test-realm.json"
|
||||
cp ${KEYCLOAK_CONFIG_DIR}/*.pem $MOUNT_KEYCLOAK_CONF_DIR
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,42 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
KEYCLOAK_DOCKER_IMAGE=quay.io/keycloak/keycloak:20.0
|
||||
|
||||
init_prodkeycloak() {
|
||||
PRODKEYCLOAK_CONFIG_PATH=${PRODKEYCLOAK_CONFIG_PATH:-multi-oauth/prodkeycloak}
|
||||
PRODKEYCLOAK_CONFIG_DIR=$(realpath ${TEST_DIR}/${PRODKEYCLOAK_CONFIG_PATH})
|
||||
|
||||
print "> PRODKEYCLOAK_CONFIG_DIR: ${PRODKEYCLOAK_CONFIG_DIR}"
|
||||
print "> PRODKEYCLOAK_URL: ${PRODKEYCLOAK_URL}"
|
||||
print "> KEYCLOAK_DOCKER_IMAGE: ${KEYCLOAK_DOCKER_IMAGE}"
|
||||
}
|
||||
start_prodkeycloak() {
|
||||
begin "Starting prodkeycloak ..."
|
||||
|
||||
init_prodkeycloak
|
||||
kill_container_if_exist prodkeycloak
|
||||
|
||||
MOUNT_PRODKEYCLOAK_CONF_DIR=$CONF_DIR/prodkeycloak
|
||||
|
||||
mkdir -p $MOUNT_PRODKEYCLOAK_CONF_DIR
|
||||
${BIN_DIR}/gen-keycloak-json ${PRODKEYCLOAK_CONFIG_DIR} "prod-realm" $ENV_FILE $MOUNT_PRODKEYCLOAK_CONF_DIR/prod-realm.json
|
||||
print "> EFFECTIVE PRODKEYCLOAK_CONFIG_FILE: $MOUNT_PRODKEYCLOAK_CONF_DIR/prod-realm.json"
|
||||
cp ${PRODKEYCLOAK_CONFIG_DIR}/*.pem $MOUNT_PRODKEYCLOAK_CONF_DIR
|
||||
|
||||
docker run \
|
||||
--detach \
|
||||
--name prodkeycloak \
|
||||
--net ${DOCKER_NETWORK} \
|
||||
--publish 8081:8080 \
|
||||
--publish 8443:8443 \
|
||||
--env KEYCLOAK_ADMIN=admin \
|
||||
--env KEYCLOAK_ADMIN_PASSWORD=admin \
|
||||
--mount type=bind,source=${MOUNT_PRODKEYCLOAK_CONF_DIR},target=/opt/keycloak/data/import/ \
|
||||
${KEYCLOAK_DOCKER_IMAGE} start-dev --import-realm \
|
||||
--https-certificate-file=/opt/keycloak/data/import/server_prodkeycloak_certificate.pem \
|
||||
--https-certificate-key-file=/opt/keycloak/data/import/server_prodkeycloak_key.pem \
|
||||
--hostname=prodkeycloak --hostname-admin=prodkeycloak --https-port=8443
|
||||
|
||||
wait_for_oidc_endpoint prodkeycloak $PRODKEYCLOAK_URL $MOUNT_PRODKEYCLOAK_CONF_DIR/ca_certificate.pem
|
||||
end "prodkeycloak is ready"
|
||||
}
|
||||
|
|
@ -5,8 +5,9 @@ SCRIPT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
|||
#set -x
|
||||
|
||||
KEYCLOAK_PATH=${1:?First parameter is the directory env and config files are relative to}
|
||||
ENV_FILE=${2:?Second parameter is a comma-separated list of .env file which has exported template variables}
|
||||
FINAL_CONFIG_FILE=${3:?Forth parameter is the name of the final config file. It is relative to where this script is run from}
|
||||
KEYCLOAK_FILENAME=${2:?Second parameter is the keycloak filename of the realm without extension}
|
||||
ENV_FILE=${3:?Second parameter is a comma-separated list of .env file which has exported template variables}
|
||||
FINAL_CONFIG_FILE=${4:?Forth parameter is the name of the final config file. It is relative to where this script is run from}
|
||||
|
||||
source $ENV_FILE
|
||||
|
||||
|
|
@ -15,7 +16,7 @@ mkdir -p $parentdir
|
|||
|
||||
echo "" > $FINAL_CONFIG_FILE
|
||||
|
||||
for f in $($SCRIPT/find-template-files $KEYCLOAK_PATH "test-realm" "json")
|
||||
for f in $($SCRIPT/find-template-files $KEYCLOAK_PATH $KEYCLOAK_FILENAME "json")
|
||||
do
|
||||
envsubst < $f >> $FINAL_CONFIG_FILE
|
||||
done
|
||||
|
|
|
|||
9
deps/rabbitmq_management/selenium/suites/authnz-mgt/oauth-with-multi-oauth.sh
vendored
Executable file
9
deps/rabbitmq_management/selenium/suites/authnz-mgt/oauth-with-multi-oauth.sh
vendored
Executable file
|
|
@ -0,0 +1,9 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
SCRIPT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||||
|
||||
TEST_CASES_PATH=/multi-oauth
|
||||
PROFILES="devkeycloak prodkeycloak "
|
||||
|
||||
source $SCRIPT/../../bin/suite_template $@
|
||||
runWith devkeycloak prodkeycloak
|
||||
21
deps/rabbitmq_management/selenium/test/multi-oauth/devkeycloak/ca_certificate.pem
vendored
Normal file
21
deps/rabbitmq_management/selenium/test/multi-oauth/devkeycloak/ca_certificate.pem
vendored
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDezCCAmOgAwIBAgIJAOA06nrAwraBMA0GCSqGSIb3DQEBCwUAMEwxOzA5BgNV
|
||||
BAMMMlRMU0dlblNlbGZTaWduZWR0Um9vdENBIDIwMjMtMTEtMTZUMTI6MjQ6NDcu
|
||||
Mjg5MDkzMQ0wCwYDVQQHDAQkJCQkMB4XDTIzMTExNjExMjQ0N1oXDTMzMTExMzEx
|
||||
MjQ0N1owTDE7MDkGA1UEAwwyVExTR2VuU2VsZlNpZ25lZHRSb290Q0EgMjAyMy0x
|
||||
MS0xNlQxMjoyNDo0Ny4yODkwOTMxDTALBgNVBAcMBCQkJCQwggEiMA0GCSqGSIb3
|
||||
DQEBAQUAA4IBDwAwggEKAoIBAQDWJrvvUvpkiAhvIiciuTbFHRMC7VdOXdIM3y3I
|
||||
Vt56Voj3dkCVitFcvTc+pkuqoQUaWRTc5M+875CaQSRIDfVyFTIGTyVXv6cZRcoz
|
||||
0gcmYvopIJ4Wi5/xG9Qp8uJMtr+UBJ57ez6Urau/L3zETAVZA+y1bTylAlh4tjMH
|
||||
I24bvyy4yNQbPtG4y5F9x484fn3H4x7lf6O/Xulcvy8vL1kyc/EgrF4fpjogwj58
|
||||
eQ5HLwbAlMRRxXxXX2U5tXlrv475WItp/1mhZ+j2yCMKB4tJ8tXbtpgou0JDtlN0
|
||||
8Jwm3+d5a6PxqynmgRAXStZ4Fda93Pa3FJfw1u63JrmOprG9AgMBAAGjYDBeMA8G
|
||||
A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBS2Icxjr1ucGCIx
|
||||
ikeSG9igJf558jAfBgNVHSMEGDAWgBS2Icxjr1ucGCIxikeSG9igJf558jANBgkq
|
||||
hkiG9w0BAQsFAAOCAQEAR0iG00uE2GnoWtaXEHYJTdvBBcStBB8qnRk19Qu/b8qd
|
||||
HAhRGb31IiuYzNJxLxhOtXWQMKvsKPAKpPXP3c5XVAf2O156GoXEPkKQktF738Pp
|
||||
rRlrQPqU9Qpm84rMC54EB7coxEs7HMx4do/kNaVPdqq++JIEAcWOEVKfudN+8TMR
|
||||
XyUJT54jBacsTpAZNfY6boJmuQ+G6tkpQvlHOU6388IFuLPkYRO7h7CHVbDsMEXD
|
||||
Ptg3PCK97nCVgs4xfQGR7nT2pawfEUQVMon/XShtXY0RIKpynwrgICHDdvMXRXlG
|
||||
a4haA7sz8Wyroy6Ub5+X3s4YRumSQrhiwRzqU+f75A==
|
||||
-----END CERTIFICATE-----
|
||||
2790
deps/rabbitmq_management/selenium/test/multi-oauth/devkeycloak/dev-realm.json
vendored
Normal file
2790
deps/rabbitmq_management/selenium/test/multi-oauth/devkeycloak/dev-realm.json
vendored
Normal file
File diff suppressed because it is too large
Load Diff
BIN
deps/rabbitmq_management/selenium/test/multi-oauth/devkeycloak/server_devkeycloak.p12
vendored
Normal file
BIN
deps/rabbitmq_management/selenium/test/multi-oauth/devkeycloak/server_devkeycloak.p12
vendored
Normal file
Binary file not shown.
|
|
@ -0,0 +1,23 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDzDCCArSgAwIBAgIBCzANBgkqhkiG9w0BAQsFADBMMTswOQYDVQQDDDJUTFNH
|
||||
ZW5TZWxmU2lnbmVkdFJvb3RDQSAyMDIzLTExLTE2VDEyOjI0OjQ3LjI4OTA5MzEN
|
||||
MAsGA1UEBwwEJCQkJDAeFw0yNDAxMTMxMTU4MzRaFw0zNDAxMTAxMTU4MzRaMCcx
|
||||
FDASBgNVBAMMC2RldmtleWNsb2FrMQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqG
|
||||
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt5/wvIdHr5FJvIWNiwoaict0G/pkHnUYs
|
||||
VIHjLjeR59q5qAojrKRqs32D9eeKqikHv/xTp9dpOa8qwpho11bSs/HgnXZKie1F
|
||||
fQG/8arfipHkODn10VoNtZ0Revu5on9h67kkgyjCk4WKG34o7ye4qacJhOAGV8LU
|
||||
HJXyA1kPFCtZzvcobYwbpPENpV7MWfxqa9gIV6IZln7EttzcraDfsYIr44uLbfeC
|
||||
2BcvJZP+JFXmTBZz0fbMfLsv6z5KF0pH4XKInINan9ajGLnE5SbvqMLHQ4KANwMP
|
||||
Q8OLtU4is6wNAgAQmCYphmdd5k3m2fwXN+YeMohBGjdKz/cxnx7LAgMBAAGjgd0w
|
||||
gdowCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
|
||||
CCsGAQUFBwMCMC4GA1UdEQQnMCWCC2RldmtleWNsb2FrggtkZXZrZXljbG9ha4IJ
|
||||
bG9jYWxob3N0MB0GA1UdDgQWBBTaLvUjHU7ggs6aF7YUycglgDeQCjAfBgNVHSME
|
||||
GDAWgBS2Icxjr1ucGCIxikeSG9igJf558jAxBgNVHR8EKjAoMCagJKAihiBodHRw
|
||||
Oi8vY3JsLXNlcnZlcjo4MDAwL2Jhc2ljLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
|
||||
i1wni0pi4RY1Txu3Lef5vd9FzUqKYBi2bcrMVliAmmCjKriwSP0/zd9LgoyC57/3
|
||||
WUZ3cLMSdmMc8go1QPEBmkwjtkw0HACN+XXOmocRimewmBhCQ5Lh90xuFJlk7snN
|
||||
FbwQmohE6w+DvQAy8vseHS6WKeVsMCSPtQk2ID9/DEhSndQDJeYDpjrwUOn2B+Kf
|
||||
WbHLryT//sk6xMq4++ljQEld1NU1z8bo1a5D2juH9724KlzZcE70nJOaCGLPdamt
|
||||
e+p0kw7xlQH67+R1IaYgDNand62P7b+KZZML0B88QUC166ZeablncyFca5SMCYlS
|
||||
z6HFKTiVN19ZgqC084RQOw==
|
||||
-----END CERTIFICATE-----
|
||||
28
deps/rabbitmq_management/selenium/test/multi-oauth/devkeycloak/server_devkeycloak_key.pem
vendored
Normal file
28
deps/rabbitmq_management/selenium/test/multi-oauth/devkeycloak/server_devkeycloak_key.pem
vendored
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCt5/wvIdHr5FJv
|
||||
IWNiwoaict0G/pkHnUYsVIHjLjeR59q5qAojrKRqs32D9eeKqikHv/xTp9dpOa8q
|
||||
wpho11bSs/HgnXZKie1FfQG/8arfipHkODn10VoNtZ0Revu5on9h67kkgyjCk4WK
|
||||
G34o7ye4qacJhOAGV8LUHJXyA1kPFCtZzvcobYwbpPENpV7MWfxqa9gIV6IZln7E
|
||||
ttzcraDfsYIr44uLbfeC2BcvJZP+JFXmTBZz0fbMfLsv6z5KF0pH4XKInINan9aj
|
||||
GLnE5SbvqMLHQ4KANwMPQ8OLtU4is6wNAgAQmCYphmdd5k3m2fwXN+YeMohBGjdK
|
||||
z/cxnx7LAgMBAAECggEAUJtrx8jsTWOqVfpq37b8wsVs77YI5n+erCOLhOrCNS37
|
||||
svxRntGB8Dc8IXNUnHBczkvNwFTWwt5K9A34qPfPNaDUp2E1GD2wLfpQWlDA/BZ1
|
||||
owvwyaD9FcetgxG3JgdM9e1WBreIqA/K4QX3Ry/7AFwaoY3mbOo20yxg0Cl/GT5j
|
||||
DtI+RpNvA480yQWTjJBE3bk9S/9k38bAtRT9C6ArQqhkasXxBbuZiyb5GOvBZ3iN
|
||||
hhMvgXrj2g038jbElWlo/uSLcsRadPnLAvXXROKrqLMnKTkv3BnqmPXQXdP0eNet
|
||||
XoXAxbb8FbYtTxHceiyfwTOqtvUv+07wh8tiZDiUKQKBgQDg0QPFm2hqpMWPhsal
|
||||
fwtVa7QMsF6MVaLB2eb3onZoQxZpWOXyeA7hfJz4iGiObM12EF98k+9G3Mg88gEI
|
||||
RV+ENE7XI/YZcfQQsT4JNtR9CS0xDihSrmr80ndFburMT3oucpw/76AOs38Oof1q
|
||||
cs3VLCYAIMHm6SHm1ylTN3bQvQKBgQDGBzPerVMnwntLPie1gAIYDIvlSim81nhm
|
||||
Aa2jCIAgtogTXJ/WCtznvAxhDUsBG5Mn4oaS38oaBXSlnp0Vuz9ibZCMPxc2hADU
|
||||
1GSpXl/xv9yC2HHjMeWWWPoF9Qtpo9x1XipkxYIeJYTulqaPXTd6YGSdQ7NENTuX
|
||||
f0o5Sgy6JwKBgQCYKT+5To8kpvNESn9G4i8EmMobUIAd0ZRASkCGWQJ1XPrdQJsa
|
||||
OmIwAcyodoL16vRBNaG7StFHkAVDIrTKKVIVw+Wcva1C2ZrMdXo8eEznd/+LVT67
|
||||
f2vQRI8PgpwOvrg+mbnhmEknyht0BvXjR2LDJodtzL4QkLguanCA72hOrQKBgBQw
|
||||
w88eaO4S3DNNwQq2ZIBDNzhHmX3ReDEeVq/avAWZ1sHynbFbJi7Sc4iprE4Om7Bj
|
||||
Xkk3XAnPKJeCVo3Sq6HDfgtum1VJnDQW+7RxFOM3JqqImwQJIFl19PgKhgFdXarx
|
||||
0Oy5XozoUmdpIM5ZOMDXdyq5rltz+gF2TwEMVcPdAoGAVAr+aCEmFmvo1B+VoUYg
|
||||
wMef7vU8CmSVXWFN9G+7vsJ5xbk6D1VLQf8+hTO2VvOjWfjMqxPuOT5Bz6lsKNh6
|
||||
wgzXljUx0ZB/9c6rXCf06IT+CvFWWr2j1hgaCSmDQ6x/FV0H6tV4oSIAztEuJfGk
|
||||
Hl/FLnRCHMe1OqG/Gh/WjTQ=
|
||||
-----END PRIVATE KEY-----
|
||||
|
|
@ -0,0 +1 @@
|
|||
export OAUTH_SERVER_CONFIG_BASEDIR=/config
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
export DEVKEYCLOAK_URL=https://devkeycloak:8443/realms/dev
|
||||
export DEVKEYCLOAK_CA_CERT=/config/oauth/keycloak/ca_certificate.pem
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
export PRODKEYCLOAK_URL=https://devkeycloak:8442/realms/prod
|
||||
export PRODKEYCLOAK_CA_CERT=/config/oauth/keycloak/ca_certificate.pem
|
||||
|
|
@ -0,0 +1 @@
|
|||
export OAUTH_SERVER_CONFIG_BASEDIR=deps/rabbitmq_management/selenium/test
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
export DEVKEYCLOAK_URL=https://localhost:8442/realms/dev
|
||||
export DEVKEYCLOAK_CA_CERT=deps/rabbitmq_management/selenium/test/multi-oauth/devkeycloak/ca_certificate.pem
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
export PRODKEYCLOAK_URL=https://localhost:8443/realms/prod
|
||||
export PRODKEYCLOAK_CA_CERT=deps/rabbitmq_management/selenium/test/multi-oauth/prodkeycloak/ca_certificate.pem
|
||||
21
deps/rabbitmq_management/selenium/test/multi-oauth/prodkeycloak/ca_certificate.pem
vendored
Normal file
21
deps/rabbitmq_management/selenium/test/multi-oauth/prodkeycloak/ca_certificate.pem
vendored
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDezCCAmOgAwIBAgIJAOA06nrAwraBMA0GCSqGSIb3DQEBCwUAMEwxOzA5BgNV
|
||||
BAMMMlRMU0dlblNlbGZTaWduZWR0Um9vdENBIDIwMjMtMTEtMTZUMTI6MjQ6NDcu
|
||||
Mjg5MDkzMQ0wCwYDVQQHDAQkJCQkMB4XDTIzMTExNjExMjQ0N1oXDTMzMTExMzEx
|
||||
MjQ0N1owTDE7MDkGA1UEAwwyVExTR2VuU2VsZlNpZ25lZHRSb290Q0EgMjAyMy0x
|
||||
MS0xNlQxMjoyNDo0Ny4yODkwOTMxDTALBgNVBAcMBCQkJCQwggEiMA0GCSqGSIb3
|
||||
DQEBAQUAA4IBDwAwggEKAoIBAQDWJrvvUvpkiAhvIiciuTbFHRMC7VdOXdIM3y3I
|
||||
Vt56Voj3dkCVitFcvTc+pkuqoQUaWRTc5M+875CaQSRIDfVyFTIGTyVXv6cZRcoz
|
||||
0gcmYvopIJ4Wi5/xG9Qp8uJMtr+UBJ57ez6Urau/L3zETAVZA+y1bTylAlh4tjMH
|
||||
I24bvyy4yNQbPtG4y5F9x484fn3H4x7lf6O/Xulcvy8vL1kyc/EgrF4fpjogwj58
|
||||
eQ5HLwbAlMRRxXxXX2U5tXlrv475WItp/1mhZ+j2yCMKB4tJ8tXbtpgou0JDtlN0
|
||||
8Jwm3+d5a6PxqynmgRAXStZ4Fda93Pa3FJfw1u63JrmOprG9AgMBAAGjYDBeMA8G
|
||||
A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBS2Icxjr1ucGCIx
|
||||
ikeSG9igJf558jAfBgNVHSMEGDAWgBS2Icxjr1ucGCIxikeSG9igJf558jANBgkq
|
||||
hkiG9w0BAQsFAAOCAQEAR0iG00uE2GnoWtaXEHYJTdvBBcStBB8qnRk19Qu/b8qd
|
||||
HAhRGb31IiuYzNJxLxhOtXWQMKvsKPAKpPXP3c5XVAf2O156GoXEPkKQktF738Pp
|
||||
rRlrQPqU9Qpm84rMC54EB7coxEs7HMx4do/kNaVPdqq++JIEAcWOEVKfudN+8TMR
|
||||
XyUJT54jBacsTpAZNfY6boJmuQ+G6tkpQvlHOU6388IFuLPkYRO7h7CHVbDsMEXD
|
||||
Ptg3PCK97nCVgs4xfQGR7nT2pawfEUQVMon/XShtXY0RIKpynwrgICHDdvMXRXlG
|
||||
a4haA7sz8Wyroy6Ub5+X3s4YRumSQrhiwRzqU+f75A==
|
||||
-----END CERTIFICATE-----
|
||||
2690
deps/rabbitmq_management/selenium/test/multi-oauth/prodkeycloak/prod-realm.json
vendored
Normal file
2690
deps/rabbitmq_management/selenium/test/multi-oauth/prodkeycloak/prod-realm.json
vendored
Normal file
File diff suppressed because it is too large
Load Diff
BIN
deps/rabbitmq_management/selenium/test/multi-oauth/prodkeycloak/server_prodkeycloak.p12
vendored
Normal file
BIN
deps/rabbitmq_management/selenium/test/multi-oauth/prodkeycloak/server_prodkeycloak.p12
vendored
Normal file
Binary file not shown.
|
|
@ -0,0 +1,23 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDzzCCAregAwIBAgIBDDANBgkqhkiG9w0BAQsFADBMMTswOQYDVQQDDDJUTFNH
|
||||
ZW5TZWxmU2lnbmVkdFJvb3RDQSAyMDIzLTExLTE2VDEyOjI0OjQ3LjI4OTA5MzEN
|
||||
MAsGA1UEBwwEJCQkJDAeFw0yNDAxMTMxMTU4NDNaFw0zNDAxMTAxMTU4NDNaMCgx
|
||||
FTATBgNVBAMMDHByb2RrZXljbG9hazEPMA0GA1UECgwGc2VydmVyMIIBIjANBgkq
|
||||
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyRzkMDxZj7DP52nc4voOCz07tfpam9Qp
|
||||
JbqJFwCb9SQkL/feGA86+IuzRJW9N3RozM5jeIa+yV7Obf+km4FYxPP6SffEEeM9
|
||||
SEqMAz1BNfUxGvo4XI6TmJ2u7YK0haVPDRSIGNmJO1tZgceOU0WeUkpNaNh4yF+f
|
||||
3AQEEtd78ywdR/NHnx6wFCEtlPkSIoBLUX0/lF78YLkDZRBCRasUWP3m3/StUYzx
|
||||
6V7LtBfiUhSd2W6AvxUo8NLRu70wNUyVuwwUthEj8AxeyX1SH3UybA/OT68c64NH
|
||||
gZauVdDbz7cBVJCJU2fGUO8+Rq/dS7lwRymee/nZ5iqg2cfCEIsehwIDAQABo4Hf
|
||||
MIHcMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB
|
||||
BggrBgEFBQcDAjAwBgNVHREEKTAnggxwcm9ka2V5Y2xvYWuCDHByb2RrZXljbG9h
|
||||
a4IJbG9jYWxob3N0MB0GA1UdDgQWBBRHLuo22l4IoKXLxGFVjbG7bi6oJzAfBgNV
|
||||
HSMEGDAWgBS2Icxjr1ucGCIxikeSG9igJf558jAxBgNVHR8EKjAoMCagJKAihiBo
|
||||
dHRwOi8vY3JsLXNlcnZlcjo4MDAwL2Jhc2ljLmNybDANBgkqhkiG9w0BAQsFAAOC
|
||||
AQEAnawpUvXok9AVLD2JSnFT3hzc5sRkMMuLLR9nskGpmp594mgMKebVOMh7x/OT
|
||||
2/pO8RnqTyA5AB3DJPb+1bDBtFmcWaktOLOuYOw7GXvNRzTIRmW0i65l7cgnHOdU
|
||||
U3JW/D/FozY02w5nVh14NDhgHs0BsDOJXUmogsmlvKFfeKiaB8vIz6wdLlA2eg6L
|
||||
AQZNjiACNbzzd2C3duSDD6BhoImN0j7QsksPtwDwujAIFZcjlz7J11KRniDbecjq
|
||||
cCc/gU/Ms8q8aahK84fG9UcPZJe6MtFY0B9AmiEmq2ImFlWWHUh33eSwIr37jywN
|
||||
+8bxzT1vgTTqskv+wMbM+mQa2w==
|
||||
-----END CERTIFICATE-----
|
||||
28
deps/rabbitmq_management/selenium/test/multi-oauth/prodkeycloak/server_prodkeycloak_key.pem
vendored
Normal file
28
deps/rabbitmq_management/selenium/test/multi-oauth/prodkeycloak/server_prodkeycloak_key.pem
vendored
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDJHOQwPFmPsM/n
|
||||
adzi+g4LPTu1+lqb1CkluokXAJv1JCQv994YDzr4i7NElb03dGjMzmN4hr7JXs5t
|
||||
/6SbgVjE8/pJ98QR4z1ISowDPUE19TEa+jhcjpOYna7tgrSFpU8NFIgY2Yk7W1mB
|
||||
x45TRZ5SSk1o2HjIX5/cBAQS13vzLB1H80efHrAUIS2U+RIigEtRfT+UXvxguQNl
|
||||
EEJFqxRY/ebf9K1RjPHpXsu0F+JSFJ3ZboC/FSjw0tG7vTA1TJW7DBS2ESPwDF7J
|
||||
fVIfdTJsD85Prxzrg0eBlq5V0NvPtwFUkIlTZ8ZQ7z5Gr91LuXBHKZ57+dnmKqDZ
|
||||
x8IQix6HAgMBAAECggEBAJ0IvzDe3rvxPtWedsiQogiqnoZA3yFQL3TzS3o3ko9+
|
||||
0fbWn4e/1LcgNjF2jpHPhsls2oTRCgYozh1cAUcfX5YiP6wkF+gzvLVG6D7bRKEC
|
||||
PH6pJPs4pQ0FCwMQDS9R3gEDqCVnLt23PZO1o29oK/BrbjhQ1zb2W9erFxczROih
|
||||
hHMpLucuY/X55/6QrbyosNqjXCTpoR98Bk6xnvMyuXuIwCgQCT6HD8yvKH3+gG06
|
||||
LOQ3t9jy+JIiiwX7l/JNJPYZr+ElXlZa4DGO15/91qcDZbBIsmGJsZHlaglojjUn
|
||||
utyrqnai1jInZPMGvlZfuLkAuOPtJKMZdXoS8LzlcXkCgYEA+ukTVtlxYHtGb84I
|
||||
xR2YQ7Zn1pYJj6Sc01wQuo+oHpFuOpi/VUGrsnKN9W1bxL7T8TJC0Rjffz7mfuGs
|
||||
5YoWFOplVju0sG1KtpQ2qBKAaMiGsPoa4L2VbZnlyzQj1rDa0RYwW+zNnbGfipdg
|
||||
jqfsjknvGA/aaLgbkMv0ZH5GJyMCgYEAzTE6P3EcZheU+swDUwpoOYkVRCH39xy5
|
||||
roX0VLwpU7ARUqgmBj22Z1dnh9WM1+9Rc+LYFOtY1C1IWfPy/x/edJel5hHW+8EF
|
||||
80kYp3Hv6CfYWlVDDxbmzpN8lHnYKigR/eKVq32jSMoQ4NTduwBb3NkMHHQG3cft
|
||||
885zPFrLU00CgYEAx7sLmwICn4PiIRQIpSiW0af85rOOrtqhwBo0ct3yPUsVTO3U
|
||||
uQBKtgU8fdbsyyQAwKp6x8od90PR5cSthhcy1rlzq35hqmOFqus2yvnXYBHoLi8Z
|
||||
gDdKIPH2G5jIwpkLxo78NeC+GL6ROpif009XHjk6a5QLD3sm7k98nxZpr7MCgYBD
|
||||
Oj27S3PifxdwlCcCrgY305IEIJz9eYvcgkbq/DsOEEGcszrCELYSZbCl8HGUzfQB
|
||||
4/Cn6fPQkIWD80lKDUb1LDpOhsnI8hThALHzKoFPrr5T2lt+NiKoy+mlO8Z3CWnb
|
||||
pMEkzqUQ1CNzhkqfWh6+3N369IjLYRW1K47V12mGgQKBgCXyTridJ0HZRuspKOo0
|
||||
SGQONUEELIs9jOyqZqt3/0vhhkD9rpyEL+J1dr+pKTAFTw3G0bC8A2FlykCnD2Ph
|
||||
rMUucItj6svLLPIN8GzLxI2c1h5lwbPpVDyVIkcZCqbJ9V0vLzP+JmIsDscQG3xw
|
||||
SyfaSuozFOSzgIg/ZZNEGT9P
|
||||
-----END PRIVATE KEY-----
|
||||
|
|
@ -0,0 +1,47 @@
|
|||
## RabbitMQ configuration with 2 oauth2 resources, rabbit_prod and rabbit_dev,
|
||||
## rather than a single resource_server_id
|
||||
## Also, each resource is owned by its own oauth provider, i.e. RabbitMQ is
|
||||
## accessed by users and clients from two different providers using their dedicated
|
||||
## resource_server_id.
|
||||
|
||||
log.console.level = debug
|
||||
|
||||
auth_backends.1 = rabbit_auth_backend_oauth2
|
||||
|
||||
# Common auth_oauth2 settings for all resources
|
||||
auth_oauth2.preferred_username_claims.1 = preferred_username
|
||||
auth_oauth2.preferred_username_claims.2 = user_name
|
||||
auth_oauth2.preferred_username_claims.3 = email
|
||||
auth_oauth2.scope_prefix = rabbitmq.
|
||||
|
||||
## Resource servers hosted by this rabbitmq instance
|
||||
auth_oauth2.resource_servers.1.id = rabbit_prod
|
||||
auth_oauth2.resource_servers.1.oauth_provider_id = prodkeycloak
|
||||
auth_oauth2.resource_servers.2.id = rabbit_dev
|
||||
auth_oauth2.resource_servers.2.oauth_provider_id = devkeycloak
|
||||
|
||||
## Oauth providers
|
||||
auth_oauth2.oauth_providers.devkeycloak.issuer = ${DEVKEYCLOAK_URL}
|
||||
auth_oauth2.oauth_providers.devkeycloak.https.cacertfile = ${DEVKEYCLOAK_CA_CERT}
|
||||
auth_oauth2.oauth_providers.devkeycloak.https.verify = verify_peer
|
||||
auth_oauth2.oauth_providers.devkeycloak.https.hostname_verification = wildcard
|
||||
|
||||
auth_oauth2.oauth_providers.prodkeycloak.issuer = ${PRODKEYCLOAK_URL}
|
||||
auth_oauth2.oauth_providers.prodkeycloak.https.cacertfile = ${PRODKEYCLOAK_CA_CERT}
|
||||
auth_oauth2.oauth_providers.prodkeycloak.https.verify = verify_peer
|
||||
auth_oauth2.oauth_providers.prodkeycloak.https.hostname_verification = wildcard
|
||||
|
||||
|
||||
# Common management setting for all resources
|
||||
management.oauth_enabled = true
|
||||
|
||||
## Management ui settings for each declared resource server
|
||||
management.oauth_resource_servers.1.id = rabbit_prod
|
||||
management.oauth_resource_servers.1.client_id = rabbit_prod_mgt_ui
|
||||
management.oauth_resource_servers.1.label = RabbitMQ Production
|
||||
management.oauth_resource_servers.1.scopes = openid profile rabbitmq.tag:administrator
|
||||
|
||||
management.oauth_resource_servers.2.id = rabbit_dev
|
||||
management.oauth_resource_servers.2.client_id = rabbit_dev_mgt_ui
|
||||
management.oauth_resource_servers.2.label = RabbitMQ Development
|
||||
management.oauth_resource_servers.2.scopes = openid profile rabbitmq.tag:management
|
||||
45
deps/rabbitmq_management/selenium/test/multi-oauth/with-basic-auth/happy-login.js
vendored
Normal file
45
deps/rabbitmq_management/selenium/test/multi-oauth/with-basic-auth/happy-login.js
vendored
Normal file
|
|
@ -0,0 +1,45 @@
|
|||
const { By, Key, until, Builder } = require('selenium-webdriver')
|
||||
require('chromedriver')
|
||||
const assert = require('assert')
|
||||
const { buildDriver, goToHome, captureScreensFor, teardown, idpLoginPage } = require('../../utils')
|
||||
|
||||
const SSOHomePage = require('../../pageobjects/SSOHomePage')
|
||||
const OverviewPage = require('../../pageobjects/OverviewPage')
|
||||
|
||||
describe('An user with administrator tag', function () {
|
||||
let homePage
|
||||
let idpLogin
|
||||
let overview
|
||||
let captureScreen
|
||||
|
||||
before(async function () {
|
||||
driver = buildDriver()
|
||||
await goToHome(driver)
|
||||
homePage = new SSOHomePage(driver)
|
||||
idpLogin = idpLoginPage(driver)
|
||||
overview = new OverviewPage(driver)
|
||||
captureScreen = captureScreensFor(driver, __filename)
|
||||
})
|
||||
|
||||
it('can log in with OAuth 2.0', async function () {
|
||||
await homePage.clickToLogin()
|
||||
await idpLogin.login('rabbit_admin', 'rabbit_admin')
|
||||
if (!await overview.isLoaded()) {
|
||||
throw new Error('Failed to login')
|
||||
}
|
||||
await overview.logout()
|
||||
})
|
||||
|
||||
it('can log in with Basic Auth', async function () {
|
||||
await homePage.toggleBasicAuthSection()
|
||||
await homePage.basicAuthLogin('guest', 'guest')
|
||||
if (!await overview.isLoaded()) {
|
||||
throw new Error('Failed to login')
|
||||
}
|
||||
await overview.logout()
|
||||
})
|
||||
|
||||
after(async function () {
|
||||
await teardown(driver, this, captureScreen)
|
||||
})
|
||||
})
|
||||
41
deps/rabbitmq_management/selenium/test/multi-oauth/with-basic-auth/landing.js
vendored
Normal file
41
deps/rabbitmq_management/selenium/test/multi-oauth/with-basic-auth/landing.js
vendored
Normal file
|
|
@ -0,0 +1,41 @@
|
|||
const { By, Key, until, Builder } = require('selenium-webdriver')
|
||||
require('chromedriver')
|
||||
const assert = require('assert')
|
||||
const { buildDriver, goToHome, captureScreensFor, teardown } = require('../../utils')
|
||||
|
||||
const SSOHomePage = require('../../pageobjects/SSOHomePage')
|
||||
|
||||
describe('A user which accesses any protected URL without a session where basic auth is enabled', function () {
|
||||
let homePage
|
||||
let captureScreen
|
||||
|
||||
before(async function () {
|
||||
driver = buildDriver()
|
||||
await goToHome(driver)
|
||||
homePage = new SSOHomePage(driver)
|
||||
captureScreen = captureScreensFor(driver, __filename)
|
||||
await homePage.isLoaded()
|
||||
})
|
||||
|
||||
it('should be presented with a login button to log in using OAuth 2.0', async function () {
|
||||
assert.ok(await homePage.isOAuth2SectionVisible())
|
||||
assert.equal(await homePage.getLoginButton(), 'Click here to log in')
|
||||
})
|
||||
|
||||
|
||||
it('should be presented with a login button to log in using Basic Auth', async function () {
|
||||
await homePage.toggleBasicAuthSection()
|
||||
assert.ok(await homePage.isBasicAuthSectionVisible())
|
||||
assert.equal(await homePage.getBasicAuthLoginButton(), 'Login')
|
||||
})
|
||||
|
||||
it('should not have a warning message', async function () {
|
||||
const visible = await homePage.isWarningVisible()
|
||||
assert.ok(!visible)
|
||||
})
|
||||
|
||||
|
||||
after(async function () {
|
||||
await teardown(driver, this, captureScreen)
|
||||
})
|
||||
})
|
||||
|
|
@ -1,26 +0,0 @@
|
|||
|
||||
# Common auth_oauth2 settings for all resources
|
||||
auth_oauth2.jwks_url = ${OAUTH_JKWS_URL}
|
||||
auth_oauth2.scope_prefix = rabbitmq.
|
||||
|
||||
auth_oauth2.resource_servers.1.id = rabbit_prod
|
||||
auth_oauth2.resource_servers.2.id = rabbit_dev
|
||||
|
||||
# Common management setting for all resources
|
||||
management.oauth_provider_url = ${KEYCLOAK_URL}
|
||||
management.oauth_initiated_logon_type = sp_initiated
|
||||
|
||||
management.oauth_resource_servers.1.id = rabbit_prod
|
||||
management.oauth_resource_servers.1.client_id = rabbit_prod_mgt_ui
|
||||
management.oauth_resource_servers.1.label = RabbitMQ Production
|
||||
management.oauth_resource_servers.1.scopes = openid profile rabbitmq.tag:administrator
|
||||
|
||||
management.oauth_resource_servers.2.id = rabbit_dev
|
||||
management.oauth_resource_servers.2.client_id = rabbit_dev_mgt_ui
|
||||
management.oauth_resource_servers.2.label = RabbitMQ Development
|
||||
management.oauth_resource_servers.2.scopes = openid profile rabbitmq.tag:management
|
||||
|
||||
management.oauth_resource_servers.3.id = rabbit_x
|
||||
management.oauth_resource_servers.3.label = RabbitMQ X_Idp
|
||||
management.oauth_resource_servers.3.initiated_logon_type = idp_initiated
|
||||
management.oauth_resource_servers.3.provider_url = ${FAKEPORTAL_URL}
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
|
||||
# Common auth_oauth2 settings for all resources
|
||||
auth_oauth2.scope_prefix = rabbitmq.
|
||||
|
||||
auth_oauth2.resource_servers.1.id = rabbit_prod
|
||||
auth_oauth2.resource_servers.2.id = rabbit_dev
|
||||
|
||||
# Common oauth provider keycloak for all resources
|
||||
# Minimum required settings: issuer, https options (jwks_url is discovered via issuer url)
|
||||
auth_oauth2.default_oauth_provider = keycloak
|
||||
auth_oauth2.oauth_providers.keycloak.issuer = ${OAUTH_PROVIDER_URL}
|
||||
auth_oauth2.oauth_providers.keycloak.https.hostname_verification = wildcard
|
||||
auth_oauth2.oauth_providers.keycloak.https.peer_verification = verify_peer
|
||||
auth_oauth2.oauth_providers.keycloak.https.cacertfile = ${OAUTH_SERVER_CONFIG_DIR}/ca_certificate.pem
|
||||
|
||||
# Common management setting for all resources
|
||||
management.oauth_initiated_logon_type = sp_initiated
|
||||
|
||||
management.oauth_resource_servers.1.id = rabbit_prod
|
||||
management.oauth_resource_servers.1.client_id = rabbit_prod_mgt_ui
|
||||
management.oauth_resource_servers.1.label = RabbitMQ Production
|
||||
management.oauth_resource_servers.1.scopes = openid profile rabbitmq.tag:administrator
|
||||
|
||||
management.oauth_resource_servers.2.id = rabbit_dev
|
||||
management.oauth_resource_servers.2.client_id = rabbit_dev_mgt_ui
|
||||
management.oauth_resource_servers.2.label = RabbitMQ Development
|
||||
management.oauth_resource_servers.2.scopes = openid profile rabbitmq.tag:management
|
||||
|
||||
management.oauth_resource_servers.3.id = rabbit_x
|
||||
management.oauth_resource_servers.3.label = RabbitMQ X_Idp
|
||||
management.oauth_resource_servers.3.initiated_logon_type = idp_initiated
|
||||
management.oauth_resource_servers.3.provider_url = ${FAKEPORTAL_URL}
|
||||
Loading…
Reference in New Issue