Skip to content

Commit

Permalink
Add oic auth e2e (#1701)
Browse files Browse the repository at this point in the history
* Add test for oic-auth plugin

* Retrieve and check the roles from the OICD provider

* Update src/main/java/org/jenkinsci/test/acceptance/po/OicAuthSecurityRealm.java

Co-authored-by: James Nord <jtnord@users.noreply.github.com>

* Apply suggestions

* Add the WhoAmI page

* Fix permissions on the docker socket

TestContainers does not use docker, but talks directly to the docker
socket.  The permissions on this socket come from the host where it is
mapped and the docker groupid may not match what we have in the
container.
So allow th arg to be passed through at build time and add the ath-user
to the docker group so it has the permissions.

We retain the legacy suid on the docker binary as we publish the
container and there is only a single test so far using this
test-containers.  (this can be revistied if required).

* Incremental build

* Remove unused libraries

* Add missing dependencies

* New incremental

* New incremental

* update to 2.476

* document testcontainers requirement

* update keycloak container vie renovate

* s/TestContainers/Testcontainers

Testcontainers is with a lower case c

---------

Co-authored-by: James Nord <jtnord@users.noreply.github.com>
Co-authored-by: Basil Crow <me@basilcrow.com>
  • Loading branch information
3 people authored Sep 11, 2024
1 parent 0d0b9d0 commit 39030e8
Show file tree
Hide file tree
Showing 9 changed files with 507 additions and 0 deletions.
7 changes: 7 additions & 0 deletions .github/renovate.json
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,14 @@
"matchStrings": ["ARG DOCKER_VERSION=(?<currentValue>.*?)\n"],
"depNameTemplate": "docker",
"datasourceTemplate": "docker"
},
{
"fileMatch": ["src/test/java/plugins/OicAuthPluginTest.java"],
"matchStrings": [".* KEYCLOAK_IMAGE =\n\\s*\"(?<repo>.*?):(?<currentValue>.*?)@(?<currentDigest>sha256:.*?)\";\n"],
"depNameTemplate": "{{{repo}}}",
"datasourceTemplate": "docker"
}

],
"customDatasources": {
"firefox": {
Expand Down
2 changes: 2 additions & 0 deletions docs/BROWSER.md
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,8 @@ If the host running maven is different to the host running Selenium (e.g. `remot
If this is the case you can specify the address to use using:
`SELENIUM_PROXY_HOSTNAME=ip.address.of.host mvn install`
**Important**: this could exposed the proxy wider beyond your machine and expose other internal services, so this should only be used on private or internal networks to prevent any information leak.
The same issue will also impact any other containers started that the tests that the Browser (rather than Jenkins) needs to access.
For [Testcontainers](https://testcontainers.com/) you can additionally set `TESTCONTAINERS_HOST_OVERRIDE=ip.address.of.host`

## Avoid focus steal with Xvnc on Linux
If you select a real GUI browser, such as Firefox,
Expand Down
7 changes: 7 additions & 0 deletions docs/DOCKER.md
Original file line number Diff line number Diff line change
Expand Up @@ -71,3 +71,10 @@ It's best explained with an example:
# Using a custom docker network

If you are using a custom network for the container that executes the testing you may instruct the docker-fixtures to use the same one by setting the env variable `DOCKER_FIXTURES_NETWORK`to specify the network you want your fixtures to connect to.

# Using Testcontainers with a remote webdriver

If you are using a containerized webdriver (or any other remote webdriver) then any containers launched will not be reachable from the remote web browser.
This will be an issue for some tests that require the browser interact with the container (e.g. for authentication).
If this is the case then the `TESTCONTAINERS_HOST_OVERRIDE` should be set to `host.docker.internal` or if the remote browser is non local the IP adddress of your machine.

32 changes: 32 additions & 0 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,16 @@
<artifactId>commons-io</artifactId>
<version>2.16.1</version>
</dependency>
<!--
Version needed for keycloak testcontainer.
As that dependency is test scope, the version used is the one coming from org.gitlab4j:gitlab4j-api, which is
older
-->
<dependency>
<groupId>jakarta.ws.rs</groupId>
<artifactId>jakarta.ws.rs-api</artifactId>
<version>3.1.0</version>
</dependency>
<!-- RequireUpperBoundDeps between Mockito and Selenium -->
<dependency>
<groupId>net.bytebuddy</groupId>
Expand Down Expand Up @@ -212,6 +222,11 @@ and
<artifactId>commons-net</artifactId>
<version>3.11.1</version>
</dependency>
<dependency>
<groupId>jakarta.xml.bind</groupId>
<artifactId>jakarta.xml.bind-api</artifactId>
<version>3.0.1</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
Expand Down Expand Up @@ -364,6 +379,23 @@ and
<artifactId>zt-zip</artifactId>
<version>1.17</version>
</dependency>
<!--
testcontainers
keycloak testcontainer
libraries needed for keycloak client
-->
<dependency>
<groupId>com.github.dasniko</groupId>
<artifactId>testcontainers-keycloak</artifactId>
<version>3.4.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>jakarta.annotation</groupId>
<artifactId>jakarta.annotation-api</artifactId>
<version>2.1.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>jakarta.mail</groupId>
<artifactId>jakarta.mail-api</artifactId>
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
package org.jenkinsci.test.acceptance.po;

/**
* Security Realm provided by oic-auth plugin
*/
@Describable("Login with Openid Connect")
public class OicAuthSecurityRealm extends SecurityRealm {

public OicAuthSecurityRealm(GlobalSecurityConfig context, String path) {
super(context, path);
}

public void configureClient(String clientId, String clientSecret) {
control("clientId").set(clientId);
control("clientSecret").set(clientSecret);
}

public void setAutomaticConfiguration(String wellKnownEndpoint) {
control(by.radioButton("Automatic configuration")).click();
control("wellKnownOpenIDConfigurationUrl").set(wellKnownEndpoint);
}

public void setLogoutFromOpenidProvider(boolean logout) {
Control check = control(by.checkbox("Logout from OpenID Provider"));
if (logout) {
check.check();
} else {
check.uncheck();
}
}

public void setPostLogoutUrl(String postLogoutUrl) {
control("postLogoutRedirectUrl").set(postLogoutUrl);
}

public void setUserFields(
String userNameFieldName, String emailFieldName, String fullNameFieldName, String groupsFieldName) {
clickButton("User fields");
waitFor(by.path("/securityRealm/groupsFieldName"));
control("userNameField").set(userNameFieldName);
control("emailFieldName").set(emailFieldName);
control("fullNameFieldName").set(fullNameFieldName);
control("groupsFieldName").set(groupsFieldName);
}
}
11 changes: 11 additions & 0 deletions src/main/java/org/jenkinsci/test/acceptance/po/WhoAmI.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
package org.jenkinsci.test.acceptance.po;

/**
* Who Am I page in Jenkins
*/
public class WhoAmI extends ContainerPageObject {

public WhoAmI(ContainerPageObject parent) {
super(parent, parent.url("whoAmI/"));
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
package org.jenkinsci.test.acceptance.utils.keycloack;

import jakarta.inject.Inject;
import java.net.URL;
import org.jenkinsci.test.acceptance.po.CapybaraPortingLayerImpl;
import org.jenkinsci.test.acceptance.utils.ElasticTime;
import org.openqa.selenium.WebDriver;

public class KeycloakUtils extends CapybaraPortingLayerImpl {

@Inject
public WebDriver driver;

@Inject
public ElasticTime time;

public KeycloakUtils() {
super(null);
}

public void open(URL url) {
visit(url);
}

public void login(String user) {
login(user, user);
}

public void login(String user, String passwd) {
waitFor(by.id("username"), 5);
find(by.id("username")).sendKeys(user);
find(by.id("password")).sendKeys(passwd);
find(by.id("kc-login")).click();
}

public User getCurrentUser(String keycloakUrl, String realm) {
driver.get(String.format("%s/realms/%s/account", keycloakUrl, realm));

waitFor(by.id("username"), 5);
String username = find(by.id("username")).getDomProperty("value");
String email = find(by.id("email")).getDomProperty("value");
String firstName = find(by.id("firstName")).getDomProperty("value");
String lastName = find(by.id("lastName")).getDomProperty("value");

return new User(null /* id not available in this page*/, username, email, firstName, lastName);
}

public void logout(User user) {
final String caption = user.getFirstName() + " " + user.getLastName();
waitFor(by.button(caption), 5);
clickButton(caption);
waitFor(by.button("Sign out"));
clickButton("Sign out");
}

public static class User {

private final String id;
private final String userName;
private final String email;
private final String firstName;
private final String lastName;

public User(String id, String userName, String email, String firstName, String lastName) {
this.id = id;
this.userName = userName;
this.email = email;
this.firstName = firstName;
this.lastName = lastName;
}

public String getId() {
return id;
}

public String getUserName() {
return userName;
}

public String getEmail() {
return email;
}

public String getFirstName() {
return firstName;
}

public String getLastName() {
return lastName;
}
}
}
Loading

0 comments on commit 39030e8

Please sign in to comment.