X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=test%2Fcommon%2Fkeycloak_api_functions.sh;h=858c3ec17afac5c56b0f5f6cb40862a04ef01bfb;hb=refs%2Fchanges%2F44%2F11344%2F1;hp=828dcb39c9dd850587649180d825a27d2419f691;hpb=844931b62f35ce6ee2d9dc7274573fc54e14407a;p=nonrtric.git

diff --git a/test/common/keycloak_api_functions.sh b/test/common/keycloak_api_functions.sh
index 828dcb39..858c3ec1 100644
--- a/test/common/keycloak_api_functions.sh
+++ b/test/common/keycloak_api_functions.sh
@@ -26,7 +26,7 @@
 # arg: <image-tag-suffix> (selects staging, snapshot, release etc)
 # <image-tag-suffix> is present only for images with staging, snapshot,release tags
 __KEYCLOAK_imagesetup() {
-	__check_and_create_image_var KEYCLOAK "KEYCLOAK_IMAGE" "KEYCLOAK_IMAGE_BASE" "KEYCLOAK_IMAGE_TAG" REMOTE_OTHER "$KEYCLOAK_DISPLAY_NAME"
+	__check_and_create_image_var KEYCLOAK "KEYCLOAK_IMAGE" "KEYCLOAK_IMAGE_BASE" "KEYCLOAK_IMAGE_TAG" REMOTE_OTHER "$KEYCLOAK_DISPLAY_NAME" ""
 }
 
 # Pull image from remote repo or use locally built image
@@ -63,12 +63,12 @@ __KEYCLOAK_kube_scale_zero() {
 }
 
 # Scale kubernetes resources to zero and wait until this has been accomplished, if relevant. If not relevant to scale, then do no action.
-# This function is called for prestarted apps not managed by the test script.
+# This function is called for pre-started apps not managed by the test script.
 __KEYCLOAK_kube_scale_zero_and_wait() {
 	echo -e $RED" KEYCLOAK app is not scaled in this state"$ERED
 }
 
-# Delete all kube resouces for the app
+# Delete all kube resources for the app
 # This function is called for apps managed by the test script.
 __KEYCLOAK_kube_delete_all() {
 	__kube_delete_all_resources $KUBE_KEYCLOAK_NAMESPACE autotest KEYCLOAK
@@ -76,7 +76,7 @@ __KEYCLOAK_kube_delete_all() {
 
 # Store docker logs
 # This function is called for apps managed by the test script.
-# args: <log-dir> <file-prexix>
+# args: <log-dir> <file-prefix>
 __KEYCLOAK_store_docker_logs() {
 	if [ $RUNMODE == "KUBE" ]; then
 		kubectl $KUBECONF  logs -l "autotest=KEYCLOAK" -n $KUBE_KEYCLOAK_NAMESPACE --tail=-1 > $1$2_keycloak.log 2>&1
@@ -92,11 +92,11 @@ __KEYCLOAK_initial_setup() {
 	use_keycloak_http
 }
 
-# Set app short-name, app name and namespace for logging runtime statistics of kubernets pods or docker containers
+# Set app short-name, app name and namespace for logging runtime statistics of kubernetes pods or docker containers
 # For docker, the namespace shall be excluded
-# This function is called for apps managed by the test script as well as for prestarted apps.
+# This function is called for apps managed by the test script as well as for pre-started apps.
 # args: -
-__KEYCLOAK_statisics_setup() {
+__KEYCLOAK_statistics_setup() {
 	if [ $RUNMODE == "KUBE" ]; then
 		echo "KEYCLOAK $KEYCLOAK_APP_NAME $KUBE_KEYCLOAK_NAMESPACE"
 	else
@@ -191,7 +191,7 @@ start_keycloak() {
 		__check_included_image "KEYCLOAK"
 		retcode_i=$?
 
-		# Check if app shall only be used by the testscipt
+		# Check if app shall only be used by the test script
 		__check_prestarted_image "KEYCLOAK"
 		retcode_p=$?
 
@@ -247,7 +247,7 @@ start_keycloak() {
     return 0
 }
 
-# Excute a curl cmd towards the keycloak and check the response code is 2XX.
+# Execute a curl cmd towards the keycloak and check the response code is 2XX.
 # args: <curl-cmd-string>
 # resp: <returned-payload> if return code is 0 otherwise <error-info>
 __execute_curl_to_keycloak() {
@@ -280,42 +280,7 @@ __execute_curl_to_keycloak() {
 	return 0
 }
 
-# # Excute a curl cmd towards the keycloak and check the response code is 2XX.
-# # args: <command-file>
-# # resp: <returned-payload> if return code is 0 otherwise <error-info>
-# __execute_curl_to_keycloak2() {
-
-#     # TIMESTAMP=$(date "+%Y-%m-%d %H:%M:%S")
-#     # echo "(${BASH_LINENO[0]}) - ${TIMESTAMP}: ${FUNCNAME[0]}" $@ >> $HTTPLOG
-# 	proxyflag=""
-# 	if [ ! -z "$KUBE_PROXY_PATH" ]; then
-# 		if [ $KUBE_PROXY_HTTPX == "http" ]; then
-# 			proxyflag=" --proxy $KUBE_PROXY_PATH"
-# 		else
-# 			proxyflag=" --proxy-insecure --proxy $KUBE_PROXY_PATH"
-# 		fi
-# 	fi
-# 	__cmd="curl -skw %{http_code} $proxyflag "$(< $1)
-# 	echo " CMD: $__cmd" >> $HTTPLOG
-# 	res=$(curl -skw %{http_code} $proxyflag $(< $1))
-# 	echo " RESP: $res" >> $HTTPLOG
-# 	retcode=$?
-#     if [ $retcode -ne 0 ]; then
-#         __log_conf_fail_general " Fatal error when executing curl, response: "$retcode
-#         echo "$res"
-# 		return 1
-#     fi
-#     status=${res:${#res}-3}
-# 	if [ $status -lt 200 ] && [ $status -gt 299 ]; then
-# 		__log_conf_fail_status_code "2XX" $status
-# 		echo "$res"
-# 		return 1
-# 	fi
-# 	echo ${res:0:${#res}-3}
-# 	return 0
-# }
-
-# Excute a curl cmd towards the keycloak and check the response code is 2XX.
+# Execute a curl cmd towards the keycloak and check the response code is 2XX.
 # args: <operation> <url> <token> <json>
 # resp: <returned-payload> if return code is 0 otherwise <error-info>
 __execute_curl_to_keycloak2() {
@@ -464,11 +429,11 @@ __keycloak_api_get_service_account_id() {
 	TIMESTAMP=$(date "+%Y-%m-%d %H:%M:%S")
 	echo "(${BASH_LINENO[0]}) - ${TIMESTAMP}: ${FUNCNAME[0]}" $@ >> $HTTPLOG
 
-	res=$(__execute_curl_to_keycloak2 GET "$KEYCLOAK_SERVICE_PATH$KEYCLOAK_REALM_URL_PREFIX/$1/clients$2/service-account-user" "$__KEYCLOAK_ADMIN_TOKEN")
+	res=$(__execute_curl_to_keycloak2 GET "$KEYCLOAK_SERVICE_PATH$KEYCLOAK_REALM_URL_PREFIX/$1/clients/$2/service-account-user" "$__KEYCLOAK_ADMIN_TOKEN")
 	if [ $? -ne 0 ]; then
 		return 1
 	fi
-	echo $res | jq -r '.[0].id'
+	echo $res | jq -r '.id'
 	return 0
 }
 
@@ -543,6 +508,63 @@ keycloak_api_create_client_roles() {
 	return 0
 }
 
+# Get client role id
+# args: <realm-name> <service-account-name> <client-name> <role-name>
+__get_client_available_role_id() {
+	res=$(__execute_curl_to_keycloak2 GET "$KEYCLOAK_SERVICE_PATH$KEYCLOAK_REALM_URL_PREFIX/$1/users/$2/role-mappings/clients/$3/available" "$__KEYCLOAK_ADMIN_TOKEN")
+	if [ $? -ne 0 ]; then
+		__log_conf_fail_general " Fatal error when getting availiable client role id, response: "$?
+		return 1
+	fi
+    __client_role_id=$(echo $res | jq  -r '.[] | select(.name=="'$4'") | .id ')
+    echo $__client_role_id
+    return 0
+}
+
+# Map roles to a client
+# args: <realm-name> <client-name> <role>+
+keycloak_api_map_client_roles() {
+	__log_conf_start $@
+	__c_id=$(__keycloak_api_get_client_id $1 $2)
+	if [ $? -ne 0 ]; then
+		__log_conf_fail_general " Fatal error when getting client id, response: "$?
+		return 1
+	fi
+	__sa_id=$(__keycloak_api_get_service_account_id $1 $__c_id)
+	if [ $? -ne 0 ]; then
+		__log_conf_fail_general " Fatal error when getting service account id, response: "$?
+		return 1
+	fi
+	__realm=$1
+	shift; shift;
+	__json="["
+	__cntr=0
+    while [ $# -gt 0 ]; do
+        __client_role_id=$(__get_client_available_role_id $__realm $__sa_id $__c_id $1)
+        if [ $? -ne 0 ]; then
+			__log_conf_fail_general " Fatal error when getting client role id, response: "$?
+			return 1
+        fi
+        __role='{"name":"'$1'","id":"'$__client_role_id'","composite": false,"clientRole": true}'
+        if [ $__cntr -gt 0 ]; then
+            __json=$__json","
+        fi
+        __json=$__json$__role
+        let __cntr=__cntr+1
+        shift
+    done
+    __json=$__json"]"
+
+	res=$(__execute_curl_to_keycloak2 POST "$KEYCLOAK_SERVICE_PATH$KEYCLOAK_REALM_URL_PREFIX/$__realm/users/$__sa_id/role-mappings/clients/$__c_id" "$__KEYCLOAK_ADMIN_TOKEN" "$__json")
+	if [ $? -ne 0 ]; then
+		__log_conf_fail_general " Fatal error when mapping client roles, response: "$?
+		return 1
+	fi
+
+	__log_conf_ok
+	return 0
+}
+
 # Get a client token
 # args: <realm-name> <client-name>
 keycloak_api_get_client_token() {