adapting tests to use keycloak

Author: klinux

INSTALL.md

@@ -31,8 +31,8 @@ on Windows.
 1. Sign in to Okta [API credentials](https://developer.okta.com/signup/)
 2. Click on **_Applications_** and from there **_Add Application_**.
 3. Select type `Web`.
-4. Fill in the `Login redirect URI` as follows: `https://{your_base_url}/go/plugin/cd.go.authorization.okta/authenticate`
-5. Click **_Save_** and afterwards change the `Initiate login URI` to: `https://{your_base_url}/go/plugin/cd.go.authorization.okta/login`
+4. Fill in the `Login redirect URI` as follows: `https://{your_base_url}/go/plugin/cd.go.authorization.keycloak/authenticate`
+5. Click **_Save_** and afterwards change the `Initiate login URI` to: `https://{your_base_url}/go/plugin/cd.go.authorization.keycloak/login`
 
 ### Create Authorization Configuration
 

src/main/java/cd/go/authorization/keycloak/CallbackURL.java

@@ -16,7 +16,7 @@
 
 package cd.go.authorization.keycloak;
 
-import cd.go.authorization.okta.utils.Util;
+import cd.go.authorization.keycloak.utils.Util;
 
 public class CallbackURL {
     private static final CallbackURL CALLBACK_URL = new CallbackURL();

src/main/java/cd/go/authorization/keycloak/KeycloakApiClient.java

@@ -16,27 +16,27 @@
 
 package cd.go.authorization.keycloak;
 
-import cd.go.authorization.okta.models.OktaConfiguration;
-import cd.go.authorization.okta.models.TokenInfo;
+import cd.go.authorization.keycloak.models.KeycloakConfiguration;
+import cd.go.authorization.keycloak.models.TokenInfo;
 import okhttp3.*;
 
 import java.io.IOException;
 import java.util.Map;
 import java.util.UUID;
 import java.util.concurrent.TimeUnit;
 
-import static cd.go.authorization.okta.OktaPlugin.LOG;
-import static cd.go.authorization.okta.utils.Util.isBlank;
-import static cd.go.authorization.okta.utils.Util.isNotBlank;
+import static cd.go.authorization.keycloak.KeycloakPlugin.LOG;
+import static cd.go.authorization.keycloak.utils.Util.isBlank;
+import static cd.go.authorization.keycloak.utils.Util.isNotBlank;
 import static java.text.MessageFormat.format;
 
 public class KeycloakApiClient {
     private static final String API_ERROR_MSG = "Api call to `{0}` failed with error: `{1}`";
-    private final OktaConfiguration oktaConfiguration;
+    private final KeycloakConfiguration keycloakConfiguration;
     private final OkHttpClient httpClient;
 
-    public KeycloakApiClient(OktaConfiguration oktaConfiguration) {
-        this(oktaConfiguration,
+    public KeycloakApiClient(KeycloakConfiguration keycloakConfiguration) {
+        this(keycloakConfiguration,
                 new OkHttpClient.Builder()
                         .connectTimeout(10, TimeUnit.SECONDS)
                         .writeTimeout(10, TimeUnit.SECONDS)
@@ -45,8 +45,8 @@ public KeycloakApiClient(OktaConfiguration oktaConfiguration) {
         );
     }
 
-    public KeycloakApiClient(OktaConfiguration oktaConfiguration, OkHttpClient httpClient) {
-        this.oktaConfiguration = oktaConfiguration;
+    public KeycloakApiClient(KeycloakConfiguration keycloakConfiguration, OkHttpClient httpClient) {
+        this.keycloakConfiguration = keycloakConfiguration;
         this.httpClient = httpClient;
     }
 
@@ -55,13 +55,17 @@ public void verifyConnection() throws Exception {
     }
 
     public String authorizationServerUrl(String callbackUrl) throws Exception {
-        LOG.debug("[OktaApiClient] Generating Okta oauth url.");
+        LOG.debug("[KeycloakApiClient] Generating Keycloak oauth url.");
 
-        return HttpUrl.parse(oktaConfiguration.oktaEndpoint())
+        return HttpUrl.parse(keycloakConfiguration.keycloakEndpoint())
                 .newBuilder()
-                .addPathSegments("v1")
-                .addPathSegments("authorize")
-                .addQueryParameter("client_id", oktaConfiguration.clientId())
+                .addPathSegments("auth")
+                .addPathSegments("realms")
+                .addPathSegments("master")
+                .addPathSegments("protocol")
+                .addPathSegments("openid-connect")
+                .addPathSegments("auth")
+                .addQueryParameter("client_id", keycloakConfiguration.clientId())
                 .addQueryParameter("redirect_uri", callbackUrl)
                 .addQueryParameter("response_type", "code")
                 .addQueryParameter("scope", "openid profile email groups")
@@ -73,20 +77,24 @@ public String authorizationServerUrl(String callbackUrl) throws Exception {
     public TokenInfo fetchAccessToken(Map<String, String> params) throws Exception {
         final String code = params.get("code");
         if (isBlank(code)) {
-            throw new RuntimeException("[OktaApiClient] Authorization code must not be null.");
+            throw new RuntimeException("[KeycloakApiClient] Authorization code must not be null.");
         }
 
-        LOG.debug("[OktaApiClient] Fetching access token using authorization code.");
+        LOG.debug("[KeycloakApiClient] Fetching access token using authorization code.");
 
-        final String accessTokenUrl = HttpUrl.parse(oktaConfiguration.oktaEndpoint())
+        final String accessTokenUrl = HttpUrl.parse(keycloakConfiguration.keycloakEndpoint())
                 .newBuilder()
-                .addPathSegments("v1")
+                .addPathSegments("auth")
+                .addPathSegments("realms")
+                .addPathSegments("master")
+                .addPathSegments("protocol")
+                .addPathSegments("openid-connect")
                 .addPathSegments("token")
                 .build().toString();
 
         final FormBody formBody = new FormBody.Builder()
-                .add("client_id", oktaConfiguration.clientId())
-                .add("client_secret", oktaConfiguration.clientSecret())
+                .add("client_id", keycloakConfiguration.clientId())
+                .add("client_secret", keycloakConfiguration.clientSecret())
                 .add("code", code)
                 .add("grant_type", "authorization_code")
                 .add("redirect_uri", CallbackURL.instance().getCallbackURL()).build();
@@ -100,14 +108,18 @@ public TokenInfo fetchAccessToken(Map<String, String> params) throws Exception {
         return executeRequest(request, response -> TokenInfo.fromJSON(response.body().string()));
     }
 
-    public OktaUser userProfile(TokenInfo tokenInfo) throws Exception {
+    public KeycloakUser userProfile(TokenInfo tokenInfo) throws Exception {
         validateTokenInfo(tokenInfo);
 
-        LOG.debug("[OktaApiClient] Fetching user profile using access token.");
+        LOG.debug("[KeycloakApiClient] Fetching user profile using access token.");
 
-        final String userProfileUrl = HttpUrl.parse(oktaConfiguration.oktaEndpoint())
+        final String userProfileUrl = HttpUrl.parse(keycloakConfiguration.keycloakEndpoint())
                 .newBuilder()
-                .addPathSegments("v1")
+                .addPathSegments("auth")
+                .addPathSegments("realms")
+                .addPathSegments("master")
+                .addPathSegments("protocol")
+                .addPathSegments("openid-connect")
                 .addPathSegments("userinfo")
                 .toString();
 
@@ -119,7 +131,7 @@ public OktaUser userProfile(TokenInfo tokenInfo) throws Exception {
                 .post(formBody)
                 .build();
 
-        return executeRequest(request, response -> OktaUser.fromJSON(response.body().string()));
+        return executeRequest(request, response -> KeycloakUser.fromJSON(response.body().string()));
     }
 
     private interface Callback<T> {
@@ -140,7 +152,7 @@ private <T> T executeRequest(Request request, Callback<T> callback) throws IOExc
 
     private void validateTokenInfo(TokenInfo tokenInfo) {
         if (tokenInfo == null) {
-            throw new RuntimeException("[OktaApiClient] TokenInfo must not be null.");
+            throw new RuntimeException("[KeycloakApiClient] TokenInfo must not be null.");
         }
     }
 }

src/main/java/cd/go/authorization/keycloak/KeycloakAuthorizer.java

@@ -16,14 +16,14 @@
 
 package cd.go.authorization.keycloak;
 
-import cd.go.authorization.okta.models.AuthConfig;
-import cd.go.authorization.okta.models.Role;
+import cd.go.authorization.keycloak.models.AuthConfig;
+import cd.go.authorization.keycloak.models.Role;
 
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
 
-import static cd.go.authorization.okta.OktaPlugin.LOG;
+import static cd.go.authorization.keycloak.KeycloakPlugin.LOG;
 import static java.text.MessageFormat.format;
 
 public class KeycloakAuthorizer {
@@ -37,8 +37,8 @@ public KeycloakAuthorizer(MembershipChecker membershipChecker) {
         this.membershipChecker = membershipChecker;
     }
 
-    public List<String> authorize(OktaUser loggedInUser, AuthConfig authConfig, List<Role> roles) throws IOException {
-        final OktaUser user = loggedInUser;
+    public List<String> authorize(KeycloakUser loggedInUser, AuthConfig authConfig, List<Role> roles) throws IOException {
+        final KeycloakUser user = loggedInUser;
         final List<String> assignedRoles = new ArrayList<>();
 
         if (roles.isEmpty()) {
@@ -58,7 +58,6 @@ public List<String> authorize(OktaUser loggedInUser, AuthConfig authConfig, List
             if (membershipChecker.isAMemberOfAtLeastOneGroup(loggedInUser, authConfig, role.roleConfiguration().groups())) {
                 LOG.debug(format("[Authorize] Assigning role `{0}` to user `{1}`. As user is a member of at least one group.", role.name(), user.getEmail()));
                 assignedRoles.add(role.name());
-                continue;
             }
         }
 

src/main/java/cd/go/authorization/keycloak/KeycloakPlugin.java

@@ -16,9 +16,9 @@
 
 package cd.go.authorization.keycloak;
 
-import cd.go.authorization.okta.exceptions.NoSuchRequestHandlerException;
-import cd.go.authorization.okta.executors.*;
-import cd.go.authorization.okta.requests.*;
+import cd.go.authorization.keycloak.exceptions.NoSuchRequestHandlerException;
+import cd.go.authorization.keycloak.executors.*;
+import cd.go.authorization.keycloak.requests.*;
 import com.thoughtworks.go.plugin.api.GoApplicationAccessor;
 import com.thoughtworks.go.plugin.api.GoPlugin;
 import com.thoughtworks.go.plugin.api.GoPluginIdentifier;
@@ -28,11 +28,11 @@
 import com.thoughtworks.go.plugin.api.request.GoPluginApiRequest;
 import com.thoughtworks.go.plugin.api.response.GoPluginApiResponse;
 
-import static cd.go.authorization.okta.Constants.PLUGIN_IDENTIFIER;
+import static cd.go.authorization.keycloak.Constants.PLUGIN_IDENTIFIER;
 
 @Extension
 public class KeycloakPlugin implements GoPlugin {
-    public static final Logger LOG = Logger.getLoggerFor(OktaPlugin.class);
+    public static final Logger LOG = Logger.getLoggerFor(KeycloakPlugin.class);
 
     private GoApplicationAccessor accessor;
 

src/main/java/cd/go/authorization/keycloak/KeycloakUser.java

@@ -16,14 +16,13 @@
 
 package cd.go.authorization.keycloak;
 
-import cd.go.authorization.okta.utils.Util;
 import com.google.gson.annotations.Expose;
 import com.google.gson.annotations.SerializedName;
 
 import java.util.List;
 
-import static cd.go.authorization.okta.OktaPlugin.LOG;
-import static cd.go.authorization.okta.utils.Util.GSON;
+import static cd.go.authorization.keycloak.KeycloakPlugin.LOG;
+import static cd.go.authorization.keycloak.utils.Util.GSON;
 
 public class KeycloakUser {
     @Expose
@@ -126,7 +125,7 @@ public String toJSON() {
         return GSON.toJson(this);
     }
 
-    public static OktaUser fromJSON(String json) {
-        return GSON.fromJson(json, OktaUser.class);
+    public static KeycloakUser fromJSON(String json) {
+        return GSON.fromJson(json, KeycloakUser.class);
     }
 }

src/main/java/cd/go/authorization/keycloak/MembershipChecker.java

@@ -16,17 +16,17 @@
 
 package cd.go.authorization.keycloak;
 
-import cd.go.authorization.okta.models.AuthConfig;
+import cd.go.authorization.keycloak.models.AuthConfig;
 
 import java.io.IOException;
 import java.util.List;
 
-import static cd.go.authorization.okta.OktaPlugin.LOG;
+import static cd.go.authorization.keycloak.KeycloakPlugin.LOG;
 import static java.text.MessageFormat.format;
 
 public class MembershipChecker {
 
-    public boolean isAMemberOfAtLeastOneGroup(OktaUser loggedInUser, AuthConfig authConfig, List<String> groupsAllowed) throws IOException {
+    public boolean isAMemberOfAtLeastOneGroup(KeycloakUser loggedInUser, AuthConfig authConfig, List<String> groupsAllowed) throws IOException {
         if (groupsAllowed.isEmpty()) {
             LOG.info("[MembershipChecker] No groups provided.");
             return false;
@@ -35,7 +35,7 @@ public boolean isAMemberOfAtLeastOneGroup(OktaUser loggedInUser, AuthConfig auth
         return checkMembershipUsingUsersAccessToken(loggedInUser, groupsAllowed);
     }
 
-    private boolean checkMembershipUsingUsersAccessToken(OktaUser loggedInUser, List<String> groupsAllowed) throws IOException {
+    private boolean checkMembershipUsingUsersAccessToken(KeycloakUser loggedInUser, List<String> groupsAllowed) throws IOException {
         final List<String> myGroups = loggedInUser.groups();
 
         for (String groupName : myGroups) {

src/main/java/cd/go/authorization/keycloak/annotation/FieldMetadata.java

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package cd.go.authorization.okta.annotation;
+package cd.go.authorization.keycloak.annotation;
 
 import com.google.gson.annotations.Expose;
 import com.google.gson.annotations.SerializedName;

src/main/java/cd/go/authorization/keycloak/annotation/FieldType.java

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package cd.go.authorization.okta.annotation;
+package cd.go.authorization.keycloak.annotation;
 
 public enum FieldType {
     STRING {

src/main/java/cd/go/authorization/keycloak/annotation/Metadata.java

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package cd.go.authorization.okta.annotation;
+package cd.go.authorization.keycloak.annotation;
 
 public interface Metadata {
     boolean isRequired();