# arg: <image-tag-suffix> (selects staging, snapshot, release etc)
# <image-tag-suffix> is present only for images with staging, snapshot,release tags
__KEYCLOAK_imagesetup() {
- __check_and_create_image_var KEYCLOAK "KEYCLOAK_IMAGE" "KEYCLOAK_IMAGE_BASE" "KEYCLOAK_IMAGE_TAG" REMOTE_OTHER "$KEYCLOAK_DISPLAY_NAME"
+ __check_and_create_image_var KEYCLOAK "KEYCLOAK_IMAGE" "KEYCLOAK_IMAGE_BASE" "KEYCLOAK_IMAGE_TAG" REMOTE_OTHER "$KEYCLOAK_DISPLAY_NAME" ""
}
# Pull image from remote repo or use locally built image
}
# Scale kubernetes resources to zero and wait until this has been accomplished, if relevant. If not relevant to scale, then do no action.
-# This function is called for prestarted apps not managed by the test script.
+# This function is called for pre-started apps not managed by the test script.
__KEYCLOAK_kube_scale_zero_and_wait() {
echo -e $RED" KEYCLOAK app is not scaled in this state"$ERED
}
-# Delete all kube resouces for the app
+# Delete all kube resources for the app
# This function is called for apps managed by the test script.
__KEYCLOAK_kube_delete_all() {
__kube_delete_all_resources $KUBE_KEYCLOAK_NAMESPACE autotest KEYCLOAK
# Store docker logs
# This function is called for apps managed by the test script.
-# args: <log-dir> <file-prexix>
+# args: <log-dir> <file-prefix>
__KEYCLOAK_store_docker_logs() {
if [ $RUNMODE == "KUBE" ]; then
kubectl $KUBECONF logs -l "autotest=KEYCLOAK" -n $KUBE_KEYCLOAK_NAMESPACE --tail=-1 > $1$2_keycloak.log 2>&1
use_keycloak_http
}
-# Set app short-name, app name and namespace for logging runtime statistics of kubernets pods or docker containers
+# Set app short-name, app name and namespace for logging runtime statistics of kubernetes pods or docker containers
# For docker, the namespace shall be excluded
-# This function is called for apps managed by the test script as well as for prestarted apps.
+# This function is called for apps managed by the test script as well as for pre-started apps.
# args: -
-__KEYCLOAK_statisics_setup() {
+__KEYCLOAK_statistics_setup() {
if [ $RUNMODE == "KUBE" ]; then
echo "KEYCLOAK $KEYCLOAK_APP_NAME $KUBE_KEYCLOAK_NAMESPACE"
else
__check_included_image "KEYCLOAK"
retcode_i=$?
- # Check if app shall only be used by the testscipt
+ # Check if app shall only be used by the test script
__check_prestarted_image "KEYCLOAK"
retcode_p=$?
return 0
}
-# Excute a curl cmd towards the keycloak and check the response code is 2XX.
+# Execute a curl cmd towards the keycloak and check the response code is 2XX.
# args: <curl-cmd-string>
# resp: <returned-payload> if return code is 0 otherwise <error-info>
__execute_curl_to_keycloak() {
return 0
}
-# # Excute a curl cmd towards the keycloak and check the response code is 2XX.
-# # args: <command-file>
-# # resp: <returned-payload> if return code is 0 otherwise <error-info>
-# __execute_curl_to_keycloak2() {
-
-# # TIMESTAMP=$(date "+%Y-%m-%d %H:%M:%S")
-# # echo "(${BASH_LINENO[0]}) - ${TIMESTAMP}: ${FUNCNAME[0]}" $@ >> $HTTPLOG
-# proxyflag=""
-# if [ ! -z "$KUBE_PROXY_PATH" ]; then
-# if [ $KUBE_PROXY_HTTPX == "http" ]; then
-# proxyflag=" --proxy $KUBE_PROXY_PATH"
-# else
-# proxyflag=" --proxy-insecure --proxy $KUBE_PROXY_PATH"
-# fi
-# fi
-# __cmd="curl -skw %{http_code} $proxyflag "$(< $1)
-# echo " CMD: $__cmd" >> $HTTPLOG
-# res=$(curl -skw %{http_code} $proxyflag $(< $1))
-# echo " RESP: $res" >> $HTTPLOG
-# retcode=$?
-# if [ $retcode -ne 0 ]; then
-# __log_conf_fail_general " Fatal error when executing curl, response: "$retcode
-# echo "$res"
-# return 1
-# fi
-# status=${res:${#res}-3}
-# if [ $status -lt 200 ] && [ $status -gt 299 ]; then
-# __log_conf_fail_status_code "2XX" $status
-# echo "$res"
-# return 1
-# fi
-# echo ${res:0:${#res}-3}
-# return 0
-# }
-
-# Excute a curl cmd towards the keycloak and check the response code is 2XX.
+# Execute a curl cmd towards the keycloak and check the response code is 2XX.
# args: <operation> <url> <token> <json>
# resp: <returned-payload> if return code is 0 otherwise <error-info>
__execute_curl_to_keycloak2() {
TIMESTAMP=$(date "+%Y-%m-%d %H:%M:%S")
echo "(${BASH_LINENO[0]}) - ${TIMESTAMP}: ${FUNCNAME[0]}" $@ >> $HTTPLOG
- res=$(__execute_curl_to_keycloak2 GET "$KEYCLOAK_SERVICE_PATH$KEYCLOAK_REALM_URL_PREFIX/$1/clients$2/service-account-user" "$__KEYCLOAK_ADMIN_TOKEN")
+ res=$(__execute_curl_to_keycloak2 GET "$KEYCLOAK_SERVICE_PATH$KEYCLOAK_REALM_URL_PREFIX/$1/clients/$2/service-account-user" "$__KEYCLOAK_ADMIN_TOKEN")
if [ $? -ne 0 ]; then
return 1
fi
- echo $res | jq -r '.[0].id'
+ echo $res | jq -r '.id'
return 0
}
return 0
}
+# Get client role id
+# args: <realm-name> <service-account-name> <client-name> <role-name>
+__get_client_available_role_id() {
+ res=$(__execute_curl_to_keycloak2 GET "$KEYCLOAK_SERVICE_PATH$KEYCLOAK_REALM_URL_PREFIX/$1/users/$2/role-mappings/clients/$3/available" "$__KEYCLOAK_ADMIN_TOKEN")
+ if [ $? -ne 0 ]; then
+ __log_conf_fail_general " Fatal error when getting availiable client role id, response: "$?
+ return 1
+ fi
+ __client_role_id=$(echo $res | jq -r '.[] | select(.name=="'$4'") | .id ')
+ echo $__client_role_id
+ return 0
+}
+
+# Map roles to a client
+# args: <realm-name> <client-name> <role>+
+keycloak_api_map_client_roles() {
+ __log_conf_start $@
+ __c_id=$(__keycloak_api_get_client_id $1 $2)
+ if [ $? -ne 0 ]; then
+ __log_conf_fail_general " Fatal error when getting client id, response: "$?
+ return 1
+ fi
+ __sa_id=$(__keycloak_api_get_service_account_id $1 $__c_id)
+ if [ $? -ne 0 ]; then
+ __log_conf_fail_general " Fatal error when getting service account id, response: "$?
+ return 1
+ fi
+ __realm=$1
+ shift; shift;
+ __json="["
+ __cntr=0
+ while [ $# -gt 0 ]; do
+ __client_role_id=$(__get_client_available_role_id $__realm $__sa_id $__c_id $1)
+ if [ $? -ne 0 ]; then
+ __log_conf_fail_general " Fatal error when getting client role id, response: "$?
+ return 1
+ fi
+ __role='{"name":"'$1'","id":"'$__client_role_id'","composite": false,"clientRole": true}'
+ if [ $__cntr -gt 0 ]; then
+ __json=$__json","
+ fi
+ __json=$__json$__role
+ let __cntr=__cntr+1
+ shift
+ done
+ __json=$__json"]"
+
+ res=$(__execute_curl_to_keycloak2 POST "$KEYCLOAK_SERVICE_PATH$KEYCLOAK_REALM_URL_PREFIX/$__realm/users/$__sa_id/role-mappings/clients/$__c_id" "$__KEYCLOAK_ADMIN_TOKEN" "$__json")
+ if [ $? -ne 0 ]; then
+ __log_conf_fail_general " Fatal error when mapping client roles, response: "$?
+ return 1
+ fi
+
+ __log_conf_ok
+ return 0
+}
+
# Get a client token
# args: <realm-name> <client-name>
keycloak_api_get_client_token() {