Conversation
test/import/pgrealm.json
Outdated
| "realm" : [ "offline_access", "uma_authorization" ], | ||
| "client" : { | ||
| "account" : [ "manage-account", "view-profile" ] | ||
| "account" : [ "view-profile", "manage-account" ] |
There was a problem hiding this comment.
Interesting that they do not sort it.
There was a problem hiding this comment.
yes, this will be fun with each update.
There was a problem hiding this comment.
Maybe we should write a patch. :D
| echo "==> Creating realm '$realm'..." | ||
| kcadm create realms -s "realm=$realm" -s enabled=true | ||
|
|
||
| # kcadm doesn't handle empty-body PUTs well, so we use curl for scope assignments. |
There was a problem hiding this comment.
They refer to it as PUT everywhere in their docs: https://www.keycloak.org/docs-api/latest/rest-api/index.html
| # Configure a realm with the standard test resources: | ||
| # - client scope 'pgscope' | ||
| # - client 'pgtest' (public, device flow enabled) | ||
| # - user 'testuser' (testuser@example.com / asdfasdf) |
There was a problem hiding this comment.
Is this actually true? It sets up two users, two scopes, two clients?
There was a problem hiding this comment.
ops, that's a stale comment
test/generate-realm.sh
Outdated
| $RT cp "$EXPORT_CONTAINER:/tmp/export/pgrealm-realm.json" "$IMPORT_DIR/pgrealm.json" | ||
| $RT cp "$EXPORT_CONTAINER:/tmp/export/wrongrealm-realm.json" "$IMPORT_DIR/wrongrealm.json" | ||
|
|
||
| # Validate the exported JSON |
There was a problem hiding this comment.
I guess not, I'll remove it. If we accidentally commit an error response or something like that the CI will notice, even if we do not immediately test it locally.
| PASSWORD="asdfasdf" | ||
| CLIENT="pgtest" | ||
| SCOPES="email pgscope" | ||
| HOST="https://localhost:8443" |
There was a problem hiding this comment.
I am not a that big fan of all these defaults, especially since we have multiple of each. Why do we just pick one? Do these default actually add enough value?
There was a problem hiding this comment.
The value is that you can specify only one parameter that you change, and get a different token. For example if you want to test the situation "logging in with a token from the wrong realm", you only have to specify the realm.
There was a problem hiding this comment.
I think it is cleaner if e.g. CLIENT always need to be specified.
There was a problem hiding this comment.
How would you decide which fields we have to always specify?
Previous it was just a JSON export of a realm created manually This commit adds a script that creates this realm, and improves it by containing: * Two realms (pgrealm and wrongrealm) * Two clients (pgtest, pgtest2) * Two scopes (pgscope, pgscope2) on both realms * Two users (testuser, testuser2) on both realms Added script that recreates the current keycloak example config It also enables the direct access grant, and adds a help CLI script that gets a token directly for testing.
dutow
force-pushed
the
scriptedexport
branch
from
9bc459a to
bacc909
Compare
2 participants
Previous it was just a JSON export of a realm created manually
This commit adds a script that creates this realm, and improves it by containing:
It also enables the direct access grant, and adds a help CLI script that gets a token directly for testing.