UNIX.dog
/
keycloak
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Resolving dns names used from tests from local host file 

Closes #15904
This commit is contained in:
Pedro Igor 2022-12-09 11:21:08 -03:00
parent e4804de9e3
commit a861d633e2
5 changed files with 54 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
quarkus/CONTRIBUTING.md
View File

@ -189,6 +189,10 @@ and then execute the following command from the project root directory:
mvn -f testsuite/integration-arquillian/pom.xml clean install -Pauth-server-quarkus -Dtest=OIDCProtocolMappersTest
```
### Resolving DNS names when running tests
In order to avoid using external services for DNS resolution, the tests are executed using a local host file by setting the `-Djdk.net.hosts.file=${project.build.testOutputDirectory}/hosts_file` system property.
## Documentation
The documentation is a set of guides available from the [docs](../docs/guides/src/main/server) module. Please,

1
quarkus/tests/integration/pom.xml
View File

@ -104,6 +104,7 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<argLine>-Djdk.net.hosts.file=${project.build.testOutputDirectory}/hosts_file</argLine>
<systemPropertyVariables>
<kc.quarkus.tests.dist>${kc.quarkus.tests.dist}</kc.quarkus.tests.dist>
</systemPropertyVariables>

76
quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/HostnameDistTest.java vendored
View File

@ -42,104 +42,104 @@ public class HostnameDistTest {
}
@Test
@Launch({ "start", "--hostname=mykeycloak.127.0.0.1.nip.io", "--http-enabled=true", "--hostname-strict-https=false" })
@Launch({ "start", "--hostname=mykeycloak.org", "--http-enabled=true", "--hostname-strict-https=false" })
public void testSchemeAndPortFromRequestWhenNoProxySet() {
assertFrontEndUrl("http://mykeycloak.127.0.0.1.nip.io:8080", "http://mykeycloak.127.0.0.1.nip.io:8080/");
assertFrontEndUrl("http://localhost:8080", "http://mykeycloak.127.0.0.1.nip.io:8080/");
assertFrontEndUrl("https://localhost:8443", "https://mykeycloak.127.0.0.1.nip.io:8443/");
assertFrontEndUrl("http://mykeycloak.org:8080", "http://mykeycloak.org:8080/");
assertFrontEndUrl("http://localhost:8080", "http://mykeycloak.org:8080/");
assertFrontEndUrl("https://localhost:8443", "https://mykeycloak.org:8443/");
}
@Test
@Launch({ "start", "--hostname=mykeycloak.127.0.0.1.nip.io", "--http-enabled=true" })
@Launch({ "start", "--hostname=mykeycloak.org", "--http-enabled=true" })
public void testForceHttpsSchemeAndPortWhenStrictHttpsEnabled() {
assertFrontEndUrl("http://mykeycloak.127.0.0.1.nip.io:8080", "https://mykeycloak.127.0.0.1.nip.io:8443/");
assertFrontEndUrl("http://localhost:8080", "https://mykeycloak.127.0.0.1.nip.io:8443/");
assertFrontEndUrl("http://mykeycloak.org:8080", "https://mykeycloak.org:8443/");
assertFrontEndUrl("http://localhost:8080", "https://mykeycloak.org:8443/");
}
@Test
@Launch({ "start", "--hostname=mykeycloak.127.0.0.1.nip.io", "--hostname-port=8443", "--http-enabled=true", "--hostname-strict-https=false" })
@Launch({ "start", "--hostname=mykeycloak.org", "--hostname-port=8443", "--http-enabled=true", "--hostname-strict-https=false" })
public void testForceHostnamePortWhenNoProxyIsSet() {
assertFrontEndUrl("http://mykeycloak.127.0.0.1.nip.io:8080", "http://mykeycloak.127.0.0.1.nip.io:8443/");
assertFrontEndUrl("https://mykeycloak.127.0.0.1.nip.io:8443", "https://mykeycloak.127.0.0.1.nip.io:8443/");
assertFrontEndUrl("http://mykeycloak.org:8080", "http://mykeycloak.org:8443/");
assertFrontEndUrl("https://mykeycloak.org:8443", "https://mykeycloak.org:8443/");
}
@Test
@Launch({ "start", "--hostname=mykeycloak.127.0.0.1.nip.io", "--proxy=edge" })
@Launch({ "start", "--hostname=mykeycloak.org", "--proxy=edge" })
public void testUseDefaultPortsWhenProxyIsSet() {
assertFrontEndUrl("http://mykeycloak.127.0.0.1.nip.io:8080", "https://mykeycloak.127.0.0.1.nip.io/");
assertFrontEndUrl("https://mykeycloak.127.0.0.1.nip.io:8443", "https://mykeycloak.127.0.0.1.nip.io/");
assertFrontEndUrl("http://mykeycloak.org:8080", "https://mykeycloak.org/");
assertFrontEndUrl("https://mykeycloak.org:8443", "https://mykeycloak.org/");
}
@Test
@Launch({ "start", "--hostname=mykeycloak.127.0.0.1.nip.io", "--proxy=edge", "--hostname-strict-https=false" })
@Launch({ "start", "--hostname=mykeycloak.org", "--proxy=edge", "--hostname-strict-https=false" })
public void testUseDefaultPortsWhenProxyIsSetNoStrictHttps() {
assertFrontEndUrl("http://mykeycloak.127.0.0.1.nip.io:8080", "http://mykeycloak.127.0.0.1.nip.io/");
assertFrontEndUrl("https://mykeycloak.127.0.0.1.nip.io:8443", "https://mykeycloak.127.0.0.1.nip.io/");
assertFrontEndUrl("http://mykeycloak.org:8080", "http://mykeycloak.org/");
assertFrontEndUrl("https://mykeycloak.org:8443", "https://mykeycloak.org/");
}
@Test
@Launch({ "start", "--hostname=mykeycloak.127.0.0.1.nip.io", "--proxy=edge", "--hostname-strict-https=true" })
@Launch({ "start", "--hostname=mykeycloak.org", "--proxy=edge", "--hostname-strict-https=true" })
public void testUseDefaultPortsAndHttpsSchemeWhenProxyIsSetAndStrictHttpsEnabled() {
assertFrontEndUrl("http://mykeycloak.127.0.0.1.nip.io:8080", "https://mykeycloak.127.0.0.1.nip.io/");
assertFrontEndUrl("http://mykeycloak.org:8080", "https://mykeycloak.org/");
}
@Test
@Launch({ "start", "--hostname=mykeycloak.127.0.0.1.nip.io", "--http-enabled=true", "--hostname-strict-https=false" })
@Launch({ "start", "--hostname=mykeycloak.org", "--http-enabled=true", "--hostname-strict-https=false" })
public void testBackEndUrlFromRequest() {
assertBackEndUrl("http://localhost:8080", "http://localhost:8080/");
}
@Test
@Launch({ "start", "--hostname=mykeycloak.127.0.0.1.nip.io", "--hostname-strict-backchannel=true", "--http-enabled=true", "--hostname-strict-https=false" })
@Launch({ "start", "--hostname=mykeycloak.org", "--hostname-strict-backchannel=true", "--http-enabled=true", "--hostname-strict-https=false" })
public void testBackEndUrlSameAsFrontEndUrl() {
assertBackEndUrl("http://localhost:8080", "http://mykeycloak.127.0.0.1.nip.io:8080/");
assertBackEndUrl("http://localhost:8080", "http://mykeycloak.org:8080/");
}
@Test
@Launch({ "start", "--hostname=mykeycloak.127.0.0.1.nip.io", "--hostname-path=/auth", "--hostname-strict=true", "--hostname-strict-backchannel=true", "--http-enabled=true", "--hostname-strict-https=false" })
@Launch({ "start", "--hostname=mykeycloak.org", "--hostname-path=/auth", "--hostname-strict=true", "--hostname-strict-backchannel=true", "--http-enabled=true", "--hostname-strict-https=false" })
public void testSetHostnamePath() {
assertFrontEndUrl("http://localhost:8080", "http://mykeycloak.127.0.0.1.nip.io:8080/auth/");
assertBackEndUrl("http://localhost:8080", "http://mykeycloak.127.0.0.1.nip.io:8080/auth/");
assertFrontEndUrl("http://localhost:8080", "http://mykeycloak.org:8080/auth/");
assertBackEndUrl("http://localhost:8080", "http://mykeycloak.org:8080/auth/");
}
@Test
@Launch({ "start", "--hostname=mykeycloak.127.0.0.1.nip.io", "--https-port=8543", "--hostname-strict-https=true", "--http-enabled=true" })
@Launch({ "start", "--hostname=mykeycloak.org", "--https-port=8543", "--hostname-strict-https=true", "--http-enabled=true" })
public void testDefaultTlsPortChangeWhenHttpPortSet() {
assertFrontEndUrl("http://mykeycloak.127.0.0.1.nip.io:8080", "https://mykeycloak.127.0.0.1.nip.io:8543/");
assertFrontEndUrl("http://mykeycloak.org:8080", "https://mykeycloak.org:8543/");
}
@Test
@Launch({ "start", "--hostname=mykeycloak.127.0.0.1.nip.io", "--hostname-strict-https=true", "--hostname-port=8543", "--http-enabled=true" })
@Launch({ "start", "--hostname=mykeycloak.org", "--hostname-strict-https=true", "--hostname-port=8543", "--http-enabled=true" })
public void testWelcomePageAdminUrl() {
Assert.assertTrue(when().get("http://mykeycloak.127.0.0.1.nip.io:8080").asString().contains("http://mykeycloak.127.0.0.1.nip.io:8080/admin/"));
Assert.assertTrue(when().get("https://mykeycloak.127.0.0.1.nip.io:8443").asString().contains("https://mykeycloak.127.0.0.1.nip.io:8443/admin/"));
Assert.assertTrue(when().get("http://mykeycloak.org:8080").asString().contains("http://mykeycloak.org:8080/admin/"));
Assert.assertTrue(when().get("https://mykeycloak.org:8443").asString().contains("https://mykeycloak.org:8443/admin/"));
Assert.assertTrue(when().get("http://localhost:8080").asString().contains("http://localhost:8080/admin/"));
Assert.assertTrue(when().get("https://localhost:8443").asString().contains("https://localhost:8443/admin/"));
}
@Test
@Launch({ "start", "--hostname=mykeycloak.127.0.0.1.nip.io", "--hostname-admin=mykeycloakadmin.127.0.0.1.nip.io", "--http-enabled=true" })
@Launch({ "start", "--hostname=mykeycloak.org", "--hostname-admin=mykeycloakadmin.127.0.0.1.nip.io", "--http-enabled=true" })
public void testHostnameAdminSet() {
Assert.assertTrue(when().get("https://mykeycloak.127.0.0.1.nip.io:8443/admin/master/console").asString().contains("\"authUrl\": \"https://mykeycloakadmin.127.0.0.1.nip.io:8443\""));
Assert.assertTrue(when().get("https://mykeycloak.127.0.0.1.nip.io:8443/realms/master/protocol/openid-connect/auth?client_id=security-admin-console&redirect_uri=https://mykeycloakadmin.127.0.0.1.nip.io:8443/admin/master/console&state=02234324-d91e-4bf2-8396-57498e96b12a&response_mode=fragment&response_type=code&scope=openid&nonce=f8f3812e-e349-4bbf-8d15-cbba4927f5e5&code_challenge=7qjD_v11WGkt1ig-ZFHxJdrEvuTlzjFRgRGQ_5ADcko&code_challenge_method=S256").asString().contains("Sign in to your account"));
Assert.assertTrue(when().get("https://mykeycloak.org:8443/admin/master/console").asString().contains("\"authUrl\": \"https://mykeycloakadmin.127.0.0.1.nip.io:8443\""));
Assert.assertTrue(when().get("https://mykeycloak.org:8443/realms/master/protocol/openid-connect/auth?client_id=security-admin-console&redirect_uri=https://mykeycloakadmin.127.0.0.1.nip.io:8443/admin/master/console&state=02234324-d91e-4bf2-8396-57498e96b12a&response_mode=fragment&response_type=code&scope=openid&nonce=f8f3812e-e349-4bbf-8d15-cbba4927f5e5&code_challenge=7qjD_v11WGkt1ig-ZFHxJdrEvuTlzjFRgRGQ_5ADcko&code_challenge_method=S256").asString().contains("Sign in to your account"));
}
@Test
@Launch({ "start", "--hostname=mykeycloak.127.0.0.1.nip.io", "--http-enabled=true" })
@Launch({ "start", "--hostname=mykeycloak.org", "--http-enabled=true" })
public void testInvalidRedirectUriWhenAdminNotSet() {
Assert.assertTrue(when().get("https://mykeycloak.127.0.0.1.nip.io:8443/realms/master/protocol/openid-connect/auth?client_id=security-admin-console&redirect_uri=https://mykeycloakadmin.127.0.0.1.nip.io:8443/admin/master/console&state=02234324-d91e-4bf2-8396-57498e96b12a&response_mode=fragment&response_type=code&scope=openid&nonce=f8f3812e-e349-4bbf-8d15-cbba4927f5e5&code_challenge=7qjD_v11WGkt1ig-ZFHxJdrEvuTlzjFRgRGQ_5ADcko&code_challenge_method=S256").asString().contains("Invalid parameter: redirect_uri"));
Assert.assertTrue(when().get("https://mykeycloak.org:8443/realms/master/protocol/openid-connect/auth?client_id=security-admin-console&redirect_uri=https://mykeycloakadmin.127.0.0.1.nip.io:8443/admin/master/console&state=02234324-d91e-4bf2-8396-57498e96b12a&response_mode=fragment&response_type=code&scope=openid&nonce=f8f3812e-e349-4bbf-8d15-cbba4927f5e5&code_challenge=7qjD_v11WGkt1ig-ZFHxJdrEvuTlzjFRgRGQ_5ADcko&code_challenge_method=S256").asString().contains("Invalid parameter: redirect_uri"));
}
@Test
@Launch({ "start", "--proxy=edge", "--hostname-url=http://mykeycloak.127.0.0.1.nip.io:1234" })
@Launch({ "start", "--proxy=edge", "--hostname-url=http://mykeycloak.org:1234" })
public void testFrontendUrl() {
assertFrontEndUrl("https://mykeycloak.127.0.0.1.nip.io:8443", "http://mykeycloak.127.0.0.1.nip.io:1234/");
assertFrontEndUrl("https://mykeycloak.org:8443", "http://mykeycloak.org:1234/");
}
@Test
@Launch({ "start", "--proxy=edge", "--hostname=mykeycloak.127.0.0.1.nip.io", "--hostname-admin-url=http://mykeycloakadmin.127.0.0.1.nip.io:1234" })
@Launch({ "start", "--proxy=edge", "--hostname=mykeycloak.org", "--hostname-admin-url=http://mykeycloakadmin.127.0.0.1.nip.io:1234" })
public void testAdminUrl() {
Assert.assertTrue(when().get("https://mykeycloak.127.0.0.1.nip.io:8443").asString().contains("http://mykeycloakadmin.127.0.0.1.nip.io:1234/admin/"));
Assert.assertTrue(when().get("https://mykeycloak.org:8443").asString().contains("http://mykeycloakadmin.127.0.0.1.nip.io:1234/admin/"));
}
private OIDCConfigurationRepresentation getServerMetadata(String baseUrl) {

20
quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/ProxyDistTest.java vendored
View File

@ -44,38 +44,38 @@ public class ProxyDistTest {
}
@Test
@Launch({ "start-dev", "--hostname=mykeycloak.127.0.0.1.nip.io" })
@Launch({ "start-dev", "--hostname=mykeycloak.org" })
public void testSchemeAndPortFromRequestWhenNoProxySet() {
assertFrontEndUrl("http://mykeycloak.127.0.0.1.nip.io:8080", "http://mykeycloak.127.0.0.1.nip.io:8080/");
assertFrontEndUrl("http://localhost:8080", "http://mykeycloak.127.0.0.1.nip.io:8080/");
assertFrontEndUrl("https://localhost:8443", "https://mykeycloak.127.0.0.1.nip.io:8443/");
assertFrontEndUrl("http://mykeycloak.org:8080", "http://mykeycloak.org:8080/");
assertFrontEndUrl("http://localhost:8080", "http://mykeycloak.org:8080/");
assertFrontEndUrl("https://localhost:8443", "https://mykeycloak.org:8443/");
given().header("X-Forwarded-Host", "test").when().get("http://localhost:8080").then().body(containsString("http://localhost:8080/admin"));
}
@Test
@Launch({ "start-dev", "--hostname=mykeycloak.127.0.0.1.nip.io", "--proxy=edge" })
@Launch({ "start-dev", "--hostname=mykeycloak.org", "--proxy=edge" })
public void testXForwardedHeadersWithEdge() {
assertXForwardedHeaders();
}
@Test
@Launch({ "start-dev", "--hostname=mykeycloak.127.0.0.1.nip.io", "--proxy=reencrypt" })
@Launch({ "start-dev", "--hostname=mykeycloak.org", "--proxy=reencrypt" })
public void testXForwardedHeadersWithReencrypt() {
assertXForwardedHeaders();
}
@Test
@Launch({ "start-dev", "--hostname-url=http://mykeycloak.127.0.0.1.nip.io:1234", "--hostname-admin-url=http://mykeycloakadmin.127.0.0.1.nip.io:1234", "--proxy=edge" })
@Launch({ "start-dev", "--hostname-url=http://mykeycloak.org:1234", "--hostname-admin-url=http://mykeycloakadmin.127.0.0.1.nip.io:1234", "--proxy=edge" })
public void testIgnoreForwardedHeadersWhenFrontendUrlSet() {
given().header("X-Forwarded-Host", "test").when().get("http://mykeycloak.127.0.0.1.nip.io:8080").then().body(containsString("http://mykeycloakadmin.127.0.0.1.nip.io:1234/admin"));
given().header("X-Forwarded-Host", "test").when().get("http://mykeycloak.org:8080").then().body(containsString("http://mykeycloakadmin.127.0.0.1.nip.io:1234/admin"));
given().header("X-Forwarded-Proto", "https").when().get("http://localhost:8080").then().body(containsString("http://mykeycloakadmin.127.0.0.1.nip.io:1234/admin"));
}
private void assertXForwardedHeaders() {
given().header("X-Forwarded-Host", "test").when().get("http://mykeycloak.127.0.0.1.nip.io:8080").then().body(containsString("http://test:8080/admin"));
given().header("X-Forwarded-Host", "test").when().get("http://mykeycloak.org:8080").then().body(containsString("http://test:8080/admin"));
given().header("X-Forwarded-Host", "test").when().get("http://localhost:8080").then().body(containsString("http://test:8080/admin"));
given().header("X-Forwarded-Host", "test").when().get("https://localhost:8443").then().body(containsString("https://test:8443/admin"));
//given().header("X-Forwarded-Host", "mykeycloak.127.0.0.1.nip.io").when().get("https://localhost:8443/admin/master/console").then().body(containsString("<script src=\"/js/keycloak.js?version="));
//given().header("X-Forwarded-Host", "mykeycloak.org").when().get("https://localhost:8443/admin/master/console").then().body(containsString("<script src=\"/js/keycloak.js?version="));
given().header("X-Forwarded-Proto", "https").when().get("http://localhost:8080").then().body(containsString("https://localhost/admin"));
given().header("X-Forwarded-Proto", "https").header("X-Forwarded-Port", "8443").when().get("http://localhost:8080").then().body(containsString("https://localhost:8443/admin"));
}

1
quarkus/tests/integration/src/test/resources/hosts_file Normal file
View File

@ -0,0 +1 @@
127.0.0.1 mykeycloak.org