|
13 | 13 | expect(@user_api_key).to be |
14 | 14 | end |
15 | 15 |
|
| 16 | +Given(/^a user "([^"]+)"$/) do |user_id| |
| 17 | + response = $conjur.load_policy 'root', <<-POLICY |
| 18 | + - !user #{user_id} |
| 19 | + POLICY |
| 20 | + @user = $conjur.resource("cucumber:user:#{user_id}") |
| 21 | + @user_api_key = response.created_roles["cucumber:user:#{user_id}"]['api_key'] |
| 22 | + expect(@user_api_key).to be |
| 23 | +end |
| 24 | + |
16 | 25 | Given(/^a new delegated user$/) do |
17 | 26 | # Create a new host that is owned by that user |
18 | 27 | step 'a new user' |
|
88 | 97 | |
89 | 98 | - !variable claim-mapping |
90 | 99 | |
91 | | - - !variable scope |
92 | | - |
93 | 100 | - !variable nonce |
94 | 101 | - !variable state |
| 102 | +
|
| 103 | + - !variable redirect-uri |
| 104 | +
|
| 105 | + - !group users |
| 106 | +
|
| 107 | + - !permit |
| 108 | + role: !group users |
| 109 | + privilege: [ read, authenticate ] |
| 110 | + resource: !webservice |
| 111 | +
|
| 112 | + - !user alice |
| 113 | + - !grant |
| 114 | + role: !group conjur/authn-oidc/keycloak/users |
| 115 | + member: !user alice |
95 | 116 | POLICY |
96 | 117 | @provider_uri = $conjur.resource("cucumber:variable:conjur/authn-oidc/keycloak/provider-uri") |
97 | 118 | @client_id = $conjur.resource("cucumber:variable:conjur/authn-oidc/keycloak/client-id") |
98 | 119 | @client_secret = $conjur.resource("cucumber:variable:conjur/authn-oidc/keycloak/client-secret") |
99 | 120 | @name = $conjur.resource("cucumber:variable:conjur/authn-oidc/keycloak/name") |
100 | 121 | @claim_mapping = $conjur.resource("cucumber:variable:conjur/authn-oidc/keycloak/claim-mapping") |
101 | | - @scope = $conjur.resource("cucumber:variable:conjur/authn-oidc/keycloak/scope") |
102 | 122 | @nonce = $conjur.resource("cucumber:variable:conjur/authn-oidc/keycloak/nonce") |
103 | 123 | @state = $conjur.resource("cucumber:variable:conjur/authn-oidc/keycloak/state") |
| 124 | + @redirect_uri = $conjur.resource("cucumber:variable:conjur/authn-oidc/keycloak/redirect-uri") |
104 | 125 |
|
105 | 126 | @provider_uri.add_value "https://keycloak:8443/auth/realms/master" |
106 | 127 | @client_id.add_value "conjurClient" |
107 | 128 | @client_secret.add_value "1234" |
108 | | - @claim_mapping.add_value "map" |
109 | | - @scope.add_value "openid" |
110 | | - @nonce.add_value "dont-use-this-again" |
111 | | - @state.add_value "test-state" |
| 129 | + @claim_mapping.add_value "preferred_username" |
| 130 | + @nonce.add_value SecureRandom.uuid |
| 131 | + @state.add_value SecureRandom.uuid |
112 | 132 | @name.add_value "keycloak" |
| 133 | + @redirect_uri.add_value "http://conjur_5/authn-oidc/keycloak/cucumber/authenticate" |
113 | 134 | end |
0 commit comments