From ea50c8f5ac2e2cfa30512acd4ab1e72c2a36b278 Mon Sep 17 00:00:00 2001 From: Ravi Pendurty Date: Tue, 3 Aug 2021 15:13:28 +0530 Subject: Support for external identity providers oauth-provider now supports keycloak and gitlab as identity providers Issue-ID: CCSDK-3411 Signed-off-by: Ravi Pendurty Change-Id: I78d678136e26f402b25723f4e10d76b646d76589 Signed-off-by: Ravi Pendurty --- .../oauthprovider/test/TestGitlabAuthService.java | 24 +- .../test/TestKeycloakAuthService.java | 18 +- .../src/test/resources/aaa-app-config.test.xml | 258 ++++++++++++++++++++- .../src/test/resources/test.config.json | 3 +- 4 files changed, 280 insertions(+), 23 deletions(-) (limited to 'sdnr/wt/oauth-provider/provider-jar/src/test') diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java b/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java index fb938000e..6c46ed25f 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java +++ b/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java @@ -60,8 +60,8 @@ public class TestGitlabAuthService { public static void init() { TokenCreator tokenCreator = TokenCreator.getInstance(TOKENCREATOR_SECRET, "issuer"); - OAuthProviderConfig config = - new OAuthProviderConfig("git", GITURL, "odlux.app", OAUTH_SECRET, "openid", "gitlab test"); + OAuthProviderConfig config = new OAuthProviderConfig("git", GITURL, null, "odlux.app", OAUTH_SECRET, "openid", + "gitlab test", "", false); oauthService = new GitlabProviderServiceToTest(config, REDIRECT_URI, tokenCreator); try { initGitlabTestWebserver(PORT, "/"); @@ -142,13 +142,17 @@ public class TestGitlabAuthService { } return null; } + public static class MyHandler implements HttpHandler { private static final String GITLAB_TOKEN_ENDPOINT = "/oauth/token"; private static final String GITLAB_USER_ENDPOINT = "/api/v4/user"; private static final String GITLAB_GROUP_ENDPOINT = "/api/v4/groups?min_access_level=10"; - private static final String GITLAB_TOKEN_RESPONSE = loadResourceFileContent("src/test/resources/oauth/gitlab-token-response.json"); - private static final String GITLAB_USER_RESPONSE =loadResourceFileContent("src/test/resources/oauth/gitlab-user-response.json"); - private static final String GITLAB_GROUP_RESPONSE =loadResourceFileContent("src/test/resources/oauth/gitlab-groups-response.json"); + private static final String GITLAB_TOKEN_RESPONSE = + loadResourceFileContent("src/test/resources/oauth/gitlab-token-response.json"); + private static final String GITLAB_USER_RESPONSE = + loadResourceFileContent("src/test/resources/oauth/gitlab-user-response.json"); + private static final String GITLAB_GROUP_RESPONSE = + loadResourceFileContent("src/test/resources/oauth/gitlab-groups-response.json"); @Override public void handle(HttpExchange t) throws IOException { @@ -159,23 +163,21 @@ public class TestGitlabAuthService { String response = ""; try { if (method.equals("GET")) { - if(uri.equals(GITLAB_USER_ENDPOINT)) { + if (uri.equals(GITLAB_USER_ENDPOINT)) { t.sendResponseHeaders(200, GITLAB_USER_RESPONSE.length()); os = t.getResponseBody(); os.write(GITLAB_USER_RESPONSE.getBytes()); - } - else if(uri.equals(GITLAB_GROUP_ENDPOINT)) { + } else if (uri.equals(GITLAB_GROUP_ENDPOINT)) { t.sendResponseHeaders(200, GITLAB_GROUP_RESPONSE.length()); os = t.getResponseBody(); os.write(GITLAB_GROUP_RESPONSE.getBytes()); } } else if (method.equals("POST")) { - if(uri.equals(GITLAB_TOKEN_ENDPOINT)){ + if (uri.equals(GITLAB_TOKEN_ENDPOINT)) { t.sendResponseHeaders(200, GITLAB_TOKEN_RESPONSE.length()); os = t.getResponseBody(); os.write(GITLAB_TOKEN_RESPONSE.getBytes()); - } - else { + } else { t.sendResponseHeaders(404, 0); } } else { diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java b/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java index 945ad7ff5..30b24af03 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java +++ b/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java @@ -60,8 +60,8 @@ public class TestKeycloakAuthService { public static void init() { TokenCreator tokenCreator = TokenCreator.getInstance(TOKENCREATOR_SECRET, "issuer"); - OAuthProviderConfig config = - new OAuthProviderConfig("kc", KEYCLOAKURL, "odlux.app", OAUTH_SECRET, "openid", "keycloak test"); + OAuthProviderConfig config = new OAuthProviderConfig("kc", KEYCLOAKURL, null, "odlux.app", OAUTH_SECRET, + "openid", "keycloak test", "onap", false); oauthService = new KeycloakProviderServiceToTest(config, REDIRECT_URI, tokenCreator); try { initKeycloakTestWebserver(PORT, "/"); @@ -100,7 +100,8 @@ public class TestKeycloakAuthService { public static class KeycloakProviderServiceToTest extends KeycloakProviderService { - public KeycloakProviderServiceToTest(OAuthProviderConfig config, String redirectUri, TokenCreator tokenCreator) { + public KeycloakProviderServiceToTest(OAuthProviderConfig config, String redirectUri, + TokenCreator tokenCreator) { super(config, redirectUri, tokenCreator); } } @@ -137,9 +138,11 @@ public class TestKeycloakAuthService { } return null; } + public static class MyHandler implements HttpHandler { private static final String KEYCLOAK_TOKEN_ENDPOINT = "/auth/realms/onap/protocol/openid-connect/token"; - private static final String KEYCLOAK_TOKEN_RESPONSE = loadResourceFileContent("src/test/resources/oauth/keycloak-token-response.json"); + private static final String KEYCLOAK_TOKEN_RESPONSE = + loadResourceFileContent("src/test/resources/oauth/keycloak-token-response.json"); @Override public void handle(HttpExchange t) throws IOException { @@ -148,13 +151,12 @@ public class TestKeycloakAuthService { System.out.println(String.format("req received: %s %s", method, t.getRequestURI())); OutputStream os = null; try { - if (method.equals("POST")) { - if(uri.equals(KEYCLOAK_TOKEN_ENDPOINT)){ + if (method.equals("POST")) { + if (uri.equals(KEYCLOAK_TOKEN_ENDPOINT)) { t.sendResponseHeaders(200, KEYCLOAK_TOKEN_RESPONSE.length()); os = t.getResponseBody(); os.write(KEYCLOAK_TOKEN_RESPONSE.getBytes()); - } - else { + } else { t.sendResponseHeaders(404, 0); } } else { diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml b/sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml index 682fa3728..1929fde8e 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml +++ b/sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml @@ -6,7 +6,6 @@ terms of the Eclipse Public License v1.0 which accompanies this distribution, and is available at http://www.eclipse.org/legal/epl-v10.html , or the Apache License, Version 2.0 which is available at https://www.apache.org/licenses/LICENSE-2.0 - SPDX-License-Identifier: EPL-1.0 OR Apache-2.0 --> @@ -17,15 +16,243 @@ /////////////////////////////////////////////////////////////////////////////////////// --> - + + + + + + + + + + + + + + + + +
tokenAuthRealm org.onap.ccsdk.features.sdnr.wt.oauthprovider.OAuth2Realm
+ + + + + + + + + +
securityManager.realms $tokenAuthRealm @@ -43,6 +270,13 @@ authcBearer org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter2
+ +
@@ -59,8 +293,26 @@ dynamicAuthorization org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter
+ + + + - + + /**/operations/cluster-admin** dynamicAuthorization diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.config.json b/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.config.json index 157ddb71a..260b77da7 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.config.json +++ b/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.config.json @@ -12,7 +12,8 @@ "clientId": "odlux.app", "secret": "5da4ea3d-8cc9-4669-bd7e-3ecb91d120cd", "scope": "openid", - "title": "OSNL Keycloak Provider" + "title": "OSNL Keycloak Provider", + "realmName":"onap" } ] } \ No newline at end of file -- cgit 1.2.3-korg