[keycloak-user] bootstrapping of keycloak for integration testing

Nils Preusker n.preusker at gmail.com
Wed Apr 23 07:12:53 EDT 2014 

Great, thanks for the link Stian!

--
Blog: www.nilspreusker.de

> On Apr 23, 2014, at 12:58, Stian Thorgersen <stian at redhat.com> wrote:
> 
> In the future we may move our testsuite to Arquillian, as this makes it possible for us to test the actual distribution of Keycloak (on WildFly) rather than a "custom" server. 
> 
> For testing bearer-only services, you're right the simplest solution would be to just create tokens manually. Have a look at https://github.com/liveoak-io/liveoak/blob/master/modules/keycloak/src/test/java/io/liveoak/keycloak/TokenUtil.java, which does exactly that.
> 
> ----- Original Message -----
>> From: "Nils Preusker" <n.preusker at gmail.com>
>> To: keycloak-user at lists.jboss.org
>> Sent: Wednesday, 23 April, 2014 11:43:56 AM
>> Subject: Re: [keycloak-user] bootstrapping of keycloak for integration    testing
>> 
>> Another question regarding keycloak artifacts in maven, shouldn't
>> "keycloak-wildfly-adapter-dist" also be available? At least this would make
>> it much easier to create a maven configuration that bootstraps a Wildfly
>> instance with the keycloak adapter.
>> 
>> I've looked at the integration test suite and find the approach quite nice.
>> However, in order to re-use it I would currently have to duplicate most of
>> the code (KeycloakServer, AbstractKeycloakRule etc.) since it is in the test
>> directory of the keycloak-testsuite-integration module.
>> 
>> So I thought I'd do the following:
>> 
>> * create an integration-test module
>> * bootstrap Wildfly with the wildfly adapter installed with the
>> maven-dependency-plugin and maven-resources-plugin (currently struggling
>> with the missing artifacts in the repo here so I installed it locally for
>> now...)
>> * deploy the auth-server.war/ keycloak-server.war and the archives I want to
>> test in an arquillian test case (@Deploy...)
>> 
>> That's where I'm at right now. I guess the next step would be to get the
>> KeycloakSessionFactory in order to add a test realm programmatically.
>> 
>> However, I just realized that it might be better (and easier) to just
>> bootstrap an embedded Keycloak instance (no server, just the core services)
>> and use it to create a test realm and create tokens that can be used in the
>> test cases. After all, I just need a way to generate bearer tokens to make
>> HTTP requests to the wars I would like to test. Any thoughts on how I could
>> best accomplish that?
>> 
>> Cheers,
>> Nils
>> 
>> 
>> 
>> 
>> On Wed, Apr 23, 2014 at 11:25 AM, Nils Preusker < n.preusker at gmail.com >
>> wrote:
>> 
>> 
>> 
>> Thanks Marek, I've created a JIRA issue about the missing war in the maven
>> repo: https://issues.jboss.org/browse/KEYCLOAK-424
>> 
>> I'll have a look at the integration test suite and let you know what I came
>> up with.
>> 
>> Cheers,
>> Nils
>> 
>> 
>> On Wed, Apr 23, 2014 at 9:25 AM, Marek Posolda < mposolda at redhat.com > wrote:
>> 
>> 
>> 
>> Hi Nils,
>> 
>> 
>> On 22.4.2014 12:55, Nils Preusker wrote:
>> 
>> 
>> 
>> Hi guys,
>> 
>> I'm just setting up an integration test project for our application and I'm
>> wondering what's the best way to bootstrap keycloak within it.
>> 
>> I'm using arquillian for testing and I'm using the maven-dependency-plugin
>> and maven-resources-plugin to put together a wildfly instance with the
>> keycloak-wildfly-adapter.
>> 
>> So far, that approach works nicely. However, I'm not quite sure yet how to go
>> about
>> 
>> * importing a realm and
>> * creating a bearer/ access token to use in the test cases
>> 
>> One approach would be to deploy the auth-server.war (is there a mvn
>> repository to pull it from?), POST the realm to the respective URL of the
>> admin console and do the authentication the same way (POST
>> http://localhost:8080/auth/rest/realms/TestRealm/tokens/grants/access ).
>> Looks like it's not. The WAR is here just for Alpha1
>> https://repository.jboss.org/nexus/content/groups/public/org/keycloak/keycloak-server/1.0-alpha-1-12062013/
>> but not for later releases, which looks like a bug IMO. Can you create JIRA
>> for it? I think it won't be bad if release will include all the artifacts
>> including docs and distribution stuff (like WAR and full Wildfly appliance)
>> 
>> 
>> 
>> 
>> 
>> Alternatively, I suppose I could deploy a small helper war or jar that
>> accesses the core services of keycloak to import the realm and create test
>> access tokens (some convenience method like "createLogin()" in a test
>> utility that is deployed with shrink wrap maybe).
>> 
>> Which option do you recommend or is there a third one that I'm missing?
>> Maybe it will be interesting for you that we have integration testsuite
>> https://github.com/keycloak/keycloak/tree/master/testsuite/integration .
>> This testsuite is using embedded Undertow server and it programmatically
>> deploys Keycloak server on it. You can take a look at KeycloakServer class
>> and also at individual tests to see how it works. The point is that it's
>> embedded, so test classes have access to KeycloakSessionFactory inside
>> KeycloakSetup actions and so they can directly use the model API to setup
>> needed things.
>> 
>> For example in LoginTest, you can see that there is some setup action, which
>> creates new user with usage of Keycloak model API:
>> https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java#L54
>> and then there is selenium test, which verifies that this user is able to
>> login:
>> https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java#L114
>> 
>> Maybe you can reuse some parts of our testsuite and programmaticaly deploy
>> Keycloak server in similar way like it's done here (not sure if it's
>> possible with Arquillian+Shrinkwrap+Wildfly, but I assume that yes). If you
>> still don't have access to Keycloak model API, you can maybe write some
>> selenium utils, which will do needed setup in KC admin console UI...
>> 
>> Another alternative might be that you will use 2 servers in your testsuite.
>> Your wildfly server with adapter installed will be on localhost:8080 (you
>> have it already running) and KC server will be on localhost:8081 (You can
>> directly reuse our testsuite for setup this).
>> 
>> Good luck and let me know if still having issues. Btw. we don't have any
>> integration tests for admin console and real AS7 and Wildfly adapters AFAIK.
>> So it would be nice if you can share your work once you have your testsuite
>> up and running :-)
>> 
>> Marek
>> 
>> 
>> 
>> 
>> Cheers,
>> Nils
>> 
>> 
>> _______________________________________________
>> keycloak-user mailing list keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> 
>> 
>> 
>> 
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list