Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEAT] Add integration tests to detect breaking changes with new keycloak versions #49

Open
mboisnard opened this issue Feb 15, 2021 · 7 comments
Open

[FEAT] Add integration tests to detect breaking changes with new keycloak versions #49

mboisnard opened this issue Feb 15, 2021 · 7 comments
Labels
enhancement New feature or request

Comments

@mboisnard
Copy link
Contributor

Is your feature request related to a problem? Please describe.
We don't check if the plugin is compatible with new keycloak versions

Describe the solution you'd like

  • Add some integration tests (plugin is deployed, FC theme works, plugin configuration is ok, ...) using Keycloak TestContainers dependency (it starts a Keycloak container only for testing)

  • Retrieve Keycloak existing versions (using Docker Hub Api: https://hub.docker.com/v2/repositories/jboss/keycloak/tags/?page_size=100)

  • Execute tests foreach Keycloak Docker Image (from 9.0.2 to latest)

  • Trigger Github actions workflow every week
@mboisnard mboisnard added the enhancement New feature or request label Feb 15, 2021
@micedre
Copy link
Collaborator

micedre commented Nov 9, 2021

We could use https://github.com/dasniko/testcontainers-keycloak for this. The real stopper now is a way to test FranceConnect. We could use the test env but this requires to use fixed url for the integration test (and a way to override dns resolution).

@micedre
Copy link
Collaborator

micedre commented Nov 23, 2021

FranceConnect and AgentConnect source here https://github.com/france-connect/sources. Maybe we can use it for integration test.

@mboisnard
Copy link
Contributor Author

We could use https://github.com/dasniko/testcontainers-keycloak for this. The real stopper now is a way to test FranceConnect. We could use the test env but this requires to use fixed url for the integration test (and a way to override dns resolution).

@micedre Is it possible to configure a static localhost authorized redirect / logout uri for FC+ / AC integration accounts ?
I think I can create acceptance tests with codeceptjs and selenium to configure Keycloak and start a session using FC inside an headless Chrome.
I still have a pain point with Github Action to run a Keycloak container with latest FC plugin but I will find a solution :)

@micedre
Copy link
Collaborator

micedre commented Dec 13, 2021

FC+ or AC disallow the use of localhost as authorized redirect_uri. For local tests, they recommend to use a complete domain (localhost.test or other) by modifying the hosts file.

@mboisnard
Copy link
Contributor Author

mboisnard commented Dec 13, 2021
edited
Loading

Ok, is http scheme authorized?
I think this Github Action can work for our usecase: https://github.com/mboisnard/Keycloak-FranceConnect/blob/master/.github/workflows/acceptance-tests.yml
(redirect uri: http://localhost.test:8080/auth/realms/test/broker/franceconnect-particulier/endpoint)

@micedre
Copy link
Collaborator

micedre commented Dec 14, 2021

I'll ask, but I don't think it will be accepted. That said, generating a certificate would be hard?

@mboisnard
Copy link
Contributor Author

It can be painful but it's possible ^^
I have a question about the JWE workflow: How does FC know the rsa public key used for encryption?
Is it manually added on FC platform?
Is Keycloak Jwks endpoint called by FC?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@micedre @mboisnard