[Test framework MVP] ImpersonationDisabledTest (#35057)

* [Test framework MVP] ImpersonationDisabledTest Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com> * Apply suggestions from code review Co-authored-by: Stian Thorgersen <stian@redhat.com> Signed-off-by: Lukas Hanusovsky <61745358+lhanusov@users.noreply.github.com> --------- Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com> Signed-off-by: Lukas Hanusovsky <61745358+lhanusov@users.noreply.github.com> Co-authored-by: Stian Thorgersen <stian@redhat.com>
2026-05-05 14:41:54 -05:00 · 2024-11-19 11:20:29 +01:00
parent ce684e553f
commit 7502b9cdf6
6 changed files with 84 additions and 59 deletions
@@ -47,6 +47,10 @@ public abstract class AbstractKeycloakTestServerSupplier implements Supplier<Key
            command.features(serverConfig.features());
        }

+        if (!serverConfig.featuresDisabled().isEmpty()) {
+            command.featuresDisabled(serverConfig.featuresDisabled());
+        }
+
        command.options(serverConfig.options());

        Set<Dependency> dependencies = new HashSet<>(serverConfig.dependencies());
@@ -15,6 +15,7 @@ public class CommandBuilder {
    private final String command;
    private final Map<String, String> options = new HashMap<>();
    private final Set<String> features = new HashSet<>();
+    private final Set<String> featuresDisabled = new HashSet<>();
    private final LogBuilder log = new LogBuilder();

    private CommandBuilder(String command) {
@@ -43,6 +44,11 @@ public class CommandBuilder {
        return this;
    }

+    public CommandBuilder featuresDisabled(Set<String> featuresDisabled) {
+        this.featuresDisabled.addAll(featuresDisabled);
+        return this;
+    }
+
    public CommandBuilder databaseConfig(Map<String, String> databaseConfig) {
        for (String k : databaseConfig.keySet()) {
            if (!k.startsWith("db")) {
@@ -153,6 +159,9 @@ public class CommandBuilder {
        if (!features.isEmpty()) {
            args.add("--features=" + String.join(",", features));
        }
+        if (!featuresDisabled.isEmpty()) {
+            args.add("--features-disabled=" + String.join(",", featuresDisabled));
+        }

        return args;
    }
@@ -16,6 +16,10 @@ public interface KeycloakTestServerConfig {
        return Collections.emptySet();
    }

+    default Set<String> featuresDisabled() {
+        return Collections.emptySet();
+    }
+
    default boolean enableSysLog() { return false; }

    default Set<Dependency> dependencies() {
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.test.admin;
+
+import jakarta.ws.rs.ServerErrorException;
+import jakarta.ws.rs.core.Response;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+import org.keycloak.admin.client.Keycloak;
+import org.keycloak.test.framework.annotations.InjectAdminClient;
+import org.keycloak.test.framework.annotations.InjectRealm;
+import org.keycloak.test.framework.annotations.InjectUser;
+import org.keycloak.test.framework.annotations.KeycloakIntegrationTest;
+import org.keycloak.test.framework.realm.ManagedRealm;
+import org.keycloak.test.framework.realm.ManagedUser;
+import org.keycloak.test.framework.server.KeycloakTestServerConfig;
+
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:vramik@redhat.com">Vlastislav Ramik</a>
+ */
+@KeycloakIntegrationTest(config = ImpersonationDisabledTest.ServerConfig.class)
+public class ImpersonationDisabledTest {
+
+    @InjectRealm
+    private ManagedRealm realm;
+
+    @InjectUser
+    private ManagedUser user;
+
+    public static class ServerConfig implements KeycloakTestServerConfig {
+
+        @Override
+        public Set<String> featuresDisabled() {
+            return Set.of("impersonation");
+        }
+    }
+
+    @Test
+    public void testImpersonationDisabled() {
+        
+        try {
+            user.admin().impersonate();
+            Assertions.fail("Feature impersonation should be disabled.");
+        } catch (ServerErrorException e) {
+            Assertions.assertEquals(Response.Status.NOT_IMPLEMENTED.getStatusCode(), e.getResponse().getStatus());
+        }
+    }
+}
@@ -74,7 +74,6 @@ import static org.hamcrest.MatcherAssert.assertThat;

 import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.oneOf;
-import static org.keycloak.testsuite.admin.ImpersonationDisabledTest.IMPERSONATION_DISABLED;
 import static org.keycloak.testsuite.auth.page.AuthRealm.TEST;
 import static org.keycloak.testsuite.util.ServerURLs.getAuthServerContextRoot;

@@ -86,6 +85,8 @@ import static org.keycloak.testsuite.util.ServerURLs.getAuthServerContextRoot;
 public class FineGrainAdminUnitTest extends AbstractKeycloakTest {

    public static final String CLIENT_NAME = "application";
+    public static boolean IMPERSONATION_DISABLED = "impersonation".equals(System.getProperty("feature.name"))
+            && "disabled".equals(System.getProperty("feature.value"));

    @Override
    public void addTestRealms(List<RealmRepresentation> testRealms) {
@@ -1,58 +0,0 @@
-/*
- * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.keycloak.testsuite.admin;
-
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-import jakarta.ws.rs.ServerErrorException;
-import jakarta.ws.rs.core.Response;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.fail;
-import org.junit.Assume;
-import static org.keycloak.testsuite.auth.page.AuthRealm.TEST;
-
-/**
- * @author <a href="mailto:vramik@redhat.com">Vlastislav Ramik</a>
- */
-public class ImpersonationDisabledTest extends AbstractAdminTest {
-    
-    public static boolean IMPERSONATION_DISABLED = "impersonation".equals(System.getProperty("feature.name")) 
-                && "disabled".equals(System.getProperty("feature.value"));
-
-    @BeforeClass
-    public static void enabled() {
-        Assume.assumeTrue(IMPERSONATION_DISABLED);
-    }
-
-    @Test
-    public void testImpersonationDisabled() {
-        String impersonatedUserId = adminClient.realm(TEST).users().search("test-user@localhost", 0, 1).get(0).getId();
-        
-        try {
-            log.debug("--Expected javax.ws.rs.WebApplicationException--");
-            adminClient.realms().realm("test").users().get(impersonatedUserId).impersonate();
-        } catch (ServerErrorException e) {
-            assertEquals(Response.Status.NOT_IMPLEMENTED.getStatusCode(), e.getResponse().getStatus());
-            return;
-        }
-        fail("Feature impersonation should be disabled.");
-    }
-
-}