Implement authentication timeout. (#12)

* Support auth expiry.

* Support multiple keycloak versions in integration tests.

* Implement possible auth types.

Author: Azuka

Makefile

@@ -15,7 +15,6 @@ GO_INTEGRATION_PACKAGES = $(shell go list ./... | grep integration)
 GO_FILES = $(shell find . -name "*.go" | grep -v vendor | uniq)
 CI_TEST_REPORTS ?= /tmp/test-results
 
-
 .PHONY: init-ci
 init-ci:
 	@echo "$(OK_COLOR)==> Installing minimal build requirements$(NO_COLOR)"
@@ -55,16 +54,25 @@ test: format lint
 	go test -race -cover $(GO_PACKAGES)
 
 # Test integration
-.PHONY: integration
-integration:
-	@echo "$(OK_COLOR)==> Integration testing $(NO_COLOR)"
+.PHONY: integration-start
+integration-start:
 	docker-compose -f $(PWD)/integration/docker-compose.yml up -d
-	go test -race $(GO_INTEGRATION_PACKAGES)
-	make integration-clean
+
+.PHONY: integration
+integration: integration-start integration-test integration-stop
+
+.PHONY: integration-stop
+integration-stop:
+	docker-compose -f $(PWD)/integration/docker-compose.yml down
 
 .PHONY: integration-clean
 integration-clean:
-	docker-compose -f $(PWD)/integration/docker-compose.yml down
+	rm -rf $(PWD)/build/database
+
+.PHONY: integration-test
+integration-test:
+	@echo "$(OK_COLOR)==> Integration testing $(NO_COLOR)"
+	go test -race -v $(GO_INTEGRATION_PACKAGES)
 
 # Generate coverage
 .PHONY: coverage

Readme.md

@@ -20,6 +20,8 @@ go get -u github.com/Azuka/keycloak-admin-go/...
 make init
 make test
 make integration
+#optionally
+make integration-clean
 ```
 ### Local CI
 - Install CircleCI locally: https://circleci.com/docs/2.0/local-cli

build/create-multiple-postgresql-databases.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# See https://github.com/mrts/docker-postgresql-multiple-databases
+
+set -e
+set -u
+
+function create_user_and_database() {
+	local database=$1
+	echo "  Creating user and database '$database'"
+	psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
+	    CREATE USER $database;
+	    CREATE DATABASE $database;
+	    GRANT ALL PRIVILEGES ON DATABASE $database TO $database;
+EOSQL
+}
+
+if [ -n "$POSTGRES_MULTIPLE_DATABASES" ]; then
+	echo "Multiple database creation requested: $POSTGRES_MULTIPLE_DATABASES"
+	for db in $(echo $POSTGRES_MULTIPLE_DATABASES | tr ',' ' '); do
+		create_user_and_database $db
+	done
+	echo "Multiple databases created"
+fi

integration/docker-compose.yml

@@ -5,21 +5,39 @@ services:
     image: postgres:9.6
     volumes:
       - ../build/database:/var/lib/postgresql/data
+      - ../build/create-multiple-postgresql-databases.sh:/docker-entrypoint-initdb.d/databases.sh
     environment:
       POSTGRES_USER: keycloak
       POSTGRES_PASSWORD: changeme
-      POSTGRES_DB: keycloak
+      POSTGRES_MULTIPLE_DATABASES: '"keycloak-4.0.0","keycloak-4.1.0","keycloak-4.8.0"'
 
-  keycloak:
+  keycloak-4.0.0:
     image: jboss/keycloak:4.0.0.Final
+    restart: always
     ports:
       - 9090:8080
     depends_on:
       - keycloak-db
     environment:
       KEYCLOAK_USER: keycloak-admin
       KEYCLOAK_PASSWORD: changeme
-      DB_DATABASE: keycloak
+      DB_DATABASE: keycloak-4.0.0
+      DB_USER: keycloak
+      DB_PASSWORD: changeme
+      DB_ADDR: keycloak-db
+      DB_VENDOR: postgres
+
+  keycloak-4.8.0:
+    image: jboss/keycloak:4.8.0.Final
+    restart: always
+    ports:
+      - 9098:8080
+    depends_on:
+      - keycloak-db
+    environment:
+      KEYCLOAK_USER: keycloak-admin
+      KEYCLOAK_PASSWORD: changeme
+      DB_DATABASE: keycloak-4.8.0
       DB_USER: keycloak
       DB_PASSWORD: changeme
       DB_ADDR: keycloak-db

integration/realm_test.go

@@ -6,9 +6,9 @@ import (
 
 func (suite *integrationTester) TestRealmFetch() {
 	realm, err := suite.client.Realm.Get(suite.ctx, keycloakAdminRealm)
-	suite.NotNil(realm)
-	suite.NoError(err)
-	suite.Equal(keycloakAdminRealm, realm.ID)
+	suite.NotNil(realm, suite.version)
+	suite.NoError(err, suite.version)
+	suite.Equal(keycloakAdminRealm, realm.ID, suite.version)
 }
 
 func (suite *integrationTester) TestRealmDelete() {
@@ -21,10 +21,10 @@ func (suite *integrationTester) TestRealmDelete() {
 	}
 
 	err := suite.client.Realm.Create(suite.ctx, newRealm)
-	suite.NoError(err)
+	suite.NoError(err, suite.version)
 
 	err = suite.client.Realm.Delete(suite.ctx, realmName)
-	suite.NoError(err)
+	suite.NoError(err, suite.version)
 }
 
 func (suite *integrationTester) TestRealmCreate() {
@@ -50,25 +50,25 @@ func (suite *integrationTester) TestRealmCreate() {
 	}
 
 	err := suite.client.Realm.Create(suite.ctx, newRealm)
-	suite.NoError(err)
+	suite.NoError(err, suite.version)
 
 	actualRealm, err := suite.client.Realm.Get(suite.ctx, realmName)
-	suite.NoError(err)
-	suite.NotNil(actualRealm)
-	suite.Equal(actualRealm.ID, newRealm.ID)
-	suite.Equal(actualRealm.Realm, newRealm.Realm)
+	suite.NoError(err, suite.version)
+	suite.NotNil(actualRealm, suite.version)
+	suite.Equal(actualRealm.ID, newRealm.ID, suite.version)
+	suite.Equal(actualRealm.Realm, newRealm.Realm, suite.version)
 
-	suite.Equal(actualRealm.AccessCodeLifespan, newRealm.AccessCodeLifespan)
-	suite.Equal(actualRealm.AccessCodeLifespanLogin, newRealm.AccessCodeLifespanLogin)
-	suite.Equal(actualRealm.AccessCodeLifespanUserAction, newRealm.AccessCodeLifespanUserAction)
-	suite.Equal(actualRealm.AccessTokenLifespan, newRealm.AccessTokenLifespan)
-	suite.Equal(actualRealm.AccessTokenLifespanForImplicitFlow, newRealm.AccessTokenLifespanForImplicitFlow)
-	suite.Equal(actualRealm.AccountTheme, newRealm.AccountTheme)
-	suite.Equal(actualRealm.ActionTokenGeneratedByAdminLifespan, newRealm.ActionTokenGeneratedByAdminLifespan)
-	suite.Equal(actualRealm.ActionTokenGeneratedByUserLifespan, newRealm.ActionTokenGeneratedByUserLifespan)
-	suite.Equal(actualRealm.AdminEventsDetailsEnabled, newRealm.AdminEventsDetailsEnabled)
-	suite.Equal(actualRealm.AdminEventsEnabled, newRealm.AdminEventsEnabled)
-	suite.Equal(actualRealm.AdminTheme, newRealm.AdminTheme)
-	suite.Equal(actualRealm.DisplayName, newRealm.DisplayName)
-	suite.Equal(actualRealm.DisplayNameHTML, newRealm.DisplayNameHTML)
+	suite.Equal(actualRealm.AccessCodeLifespan, newRealm.AccessCodeLifespan, suite.version)
+	suite.Equal(actualRealm.AccessCodeLifespanLogin, newRealm.AccessCodeLifespanLogin, suite.version)
+	suite.Equal(actualRealm.AccessCodeLifespanUserAction, newRealm.AccessCodeLifespanUserAction, suite.version)
+	suite.Equal(actualRealm.AccessTokenLifespan, newRealm.AccessTokenLifespan, suite.version)
+	suite.Equal(actualRealm.AccessTokenLifespanForImplicitFlow, newRealm.AccessTokenLifespanForImplicitFlow, suite.version)
+	suite.Equal(actualRealm.AccountTheme, newRealm.AccountTheme, suite.version)
+	suite.Equal(actualRealm.ActionTokenGeneratedByAdminLifespan, newRealm.ActionTokenGeneratedByAdminLifespan, suite.version)
+	suite.Equal(actualRealm.ActionTokenGeneratedByUserLifespan, newRealm.ActionTokenGeneratedByUserLifespan, suite.version)
+	suite.Equal(actualRealm.AdminEventsDetailsEnabled, newRealm.AdminEventsDetailsEnabled, suite.version)
+	suite.Equal(actualRealm.AdminEventsEnabled, newRealm.AdminEventsEnabled, suite.version)
+	suite.Equal(actualRealm.AdminTheme, newRealm.AdminTheme, suite.version)
+	suite.Equal(actualRealm.DisplayName, newRealm.DisplayName, suite.version)
+	suite.Equal(actualRealm.DisplayNameHTML, newRealm.DisplayNameHTML, suite.version)
 }

integration/suite_test.go

@@ -14,43 +14,44 @@ import (
 	"github.com/stretchr/testify/suite"
 )
 
-const keycloakEndpoint = "http://127.0.0.1:9090/auth/"
 const keycloakAdmin = "keycloak-admin"
 const keycloakPassword = "changeme"
 const keycloakAdminRealm = "master"
 const keycloakAdminClientID = "admin-cli"
 
+var keyCloakEndpoints = map[string]string{
+	"4.0.0": "http://127.0.0.1:9090/auth/",
+	"4.8.0": "http://127.0.0.1:9098/auth/",
+}
+
 type integrationTester struct {
 	ready chan struct{}
 	suite.Suite
-	client *keycloak.Client
-	ctx    context.Context
+	client   *keycloak.Client
+	ctx      context.Context
+	version  string
+	endpoint string
 }
 
-func getHTTPClient(ctx context.Context) *http.Client {
-
+func (suite *integrationTester) httpClient() *http.Client {
 	config := auth.Config{
-		ClientID: keycloakAdminClientID,
-		TokenURL: keycloakEndpoint + "realms/" + keycloakAdminRealm + "/protocol/openid-connect/token",
-		EndpointParams: url.Values{
-			"username":   {keycloakAdmin},
-			"password":   {keycloakPassword},
-			"grant_type": {"password"},
-			"client_id":  {keycloakAdminClientID},
-		},
+		ClientID:  keycloakAdminClientID,
+		Username:  keycloakAdmin,
+		Password:  keycloakPassword,
+		GrantType: auth.PasswordGrant,
+		TokenURL:  suite.endpoint + "realms/" + keycloakAdminRealm + "/protocol/openid-connect/token",
 	}
 
 	http.DefaultClient.Timeout = time.Second * 5
-
-	return config.Client(ctx)
+	return config.Client(suite.ctx)
 }
 
 func (suite *integrationTester) SetupSuite() {
 	suite.ready = make(chan struct{})
 	suite.ctx = context.Background()
 
 	connect := func() error {
-		_, err := http.Get(keycloakEndpoint)
+		_, err := http.Get(suite.endpoint)
 
 		if err == nil {
 			close(suite.ready)
@@ -63,23 +64,28 @@ func (suite *integrationTester) SetupSuite() {
 	}
 
 	// Setup test client
-	u, _ := url.Parse(keycloakEndpoint + "admin")
-	suite.client = keycloak.NewClient(*u, getHTTPClient(suite.ctx))
+	u, _ := url.Parse(suite.endpoint + "admin")
+	suite.client = keycloak.NewClient(*u, suite.httpClient())
 	suite.client.Debug()
 
-	ctx, cancel := context.WithTimeout(context.Background(), time.Minute*2)
+	ctx, cancel := context.WithTimeout(context.Background(), time.Minute*10)
 	defer cancel()
 
 	go func() {
 		err := backoff.Retry(connect, backoff.WithContext(backoff.NewExponentialBackOff(), ctx))
 		if err != nil {
-			fmt.Println("error connecting: ", err)
+			panic(fmt.Errorf("error connecting: %+v", err))
 		}
 	}()
 
 	<-suite.ready
 }
 
 func TestKeycloakAdminIntegration(t *testing.T) {
-	suite.Run(t, &integrationTester{})
+	for version, endpoint := range keyCloakEndpoints {
+		suite.Run(t, &integrationTester{
+			version:  version,
+			endpoint: endpoint,
+		})
+	}
 }

integration/user_test.go

@@ -8,18 +8,18 @@ func (suite *integrationTester) TestUserFetch() {
 	users, err := suite.client.Users.Find(suite.ctx, keycloakAdminRealm, map[string]string{
 		"username": keycloakAdmin,
 	})
-	suite.NotNil(users)
-	suite.NoError(err)
-	suite.Len(users, 1)
-	suite.Equal(keycloakAdmin, users[0].Username)
-	suite.True(*users[0].Enabled)
+	suite.NotNil(users, suite.version)
+	suite.NoError(err, suite.version)
+	suite.Len(users, 1, suite.version)
+	suite.Equal(keycloakAdmin, users[0].Username, suite.version)
+	suite.True(*users[0].Enabled, suite.version)
 
 	user := users[0]
 	t := true
 	user.EmailVerified = &t
 
 	err = suite.client.Users.Update(suite.ctx, keycloakAdminRealm, &user)
-	suite.NoError(err)
+	suite.NoError(err, suite.version)
 }
 
 func (suite *integrationTester) TestUserCreate() {
@@ -31,6 +31,6 @@ func (suite *integrationTester) TestUserCreate() {
 
 	id, err := suite.client.Users.Create(suite.ctx, keycloakAdminRealm, user)
 
-	suite.NotEmpty(id)
-	suite.NoError(err)
+	suite.NotEmpty(id, suite.version)
+	suite.NoError(err, suite.version)
 }