diff --git a/README.md b/README.md index bd736f3..93cadc2 100644 --- a/README.md +++ b/README.md @@ -110,7 +110,7 @@ containerSecurityContext: > The configuration used for the Node.js mapper enables the required scripts preview feature in order to be supported. ### Configure user group attributes -Ensure that the user group attributes match the `topics-filter-regexp`, `connects-filter-regexp`, `consumer-groups-filter-regexp` keys. If they don't, then they will either need to be updated or the script adjusted to match. +Ensure that the user group attributes match the `topics-filter-regexp`, `connects-filter-regexp`, `consumer-groups-filter-regexp` keys. If they don't, then they will either need to be updated or the code/script adjusted to match. ### Add custom protocol mapper In Keycloak, perform the following steps: diff --git a/java/src/test/java/io/github/stevenjdh/akhq/acl/mapper/AkhqAclMapperTest.java b/java/src/test/java/io/github/stevenjdh/akhq/acl/mapper/AkhqAclMapperTest.java index fdd6033..8e2e09b 100644 --- a/java/src/test/java/io/github/stevenjdh/akhq/acl/mapper/AkhqAclMapperTest.java +++ b/java/src/test/java/io/github/stevenjdh/akhq/acl/mapper/AkhqAclMapperTest.java @@ -39,29 +39,31 @@ import org.keycloak.provider.ProviderConfigProperty; import org.keycloak.representations.IDToken; import org.mockito.Mock; -import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; import org.mockito.junit.jupiter.MockitoExtension; @ExtendWith(MockitoExtension.class) class AkhqAclMapperTest { - private static final String CLAIM_NAME = "groups-test"; - private final AkhqAclMapper mapper = new AkhqAclMapper(); - private static final ProtocolMapperModel PROTOCOL_MAPPER_MODEL = new ProtocolMapperModel(); + private final AkhqAclMapper akhqAclMapper = new AkhqAclMapper(); + private static final String CLAIM_NAME_KEY = "groups-test"; + private static final ProtocolMapperModel PROTOCOL_MAPPER = new ProtocolMapperModel(); @Mock private UserSessionModel mockUserSession; @Mock private UserModel mockUser; + + @Mock + private GroupModel mockGroup; @BeforeAll static void setUp() { Map testConfig = new HashMap<>(); - testConfig.put(TOKEN_CLAIM_NAME, CLAIM_NAME); + testConfig.put(TOKEN_CLAIM_NAME, CLAIM_NAME_KEY); testConfig.put(INCLUDE_IN_ID_TOKEN, Boolean.toString(true)); - PROTOCOL_MAPPER_MODEL.setConfig(testConfig); + PROTOCOL_MAPPER.setConfig(testConfig); } @Test @@ -69,7 +71,7 @@ static void setUp() { void Should_ReturnCorrectCategory_ForMapper() { var expectedDisplayCategory = new FullNameMapper().getDisplayCategory(); - var displayCategory = mapper.getDisplayCategory(); + var displayCategory = akhqAclMapper.getDisplayCategory(); assertThat(displayCategory).isNotBlank() .isEqualTo(expectedDisplayCategory); @@ -78,29 +80,37 @@ void Should_ReturnCorrectCategory_ForMapper() { @Test @DisplayName("Should return correct type for mapper.") void Should_ReturnCorrectType_ForMapper() { - assertThat(mapper.getDisplayType()).isNotBlank() - .isEqualTo("AKHQ ACL Mapper"); + String expectedDisplayType = "AKHQ ACL Mapper"; + + assertThat(akhqAclMapper.getDisplayType()).isNotBlank() + .isEqualTo(expectedDisplayType); } @Test @DisplayName("Should return correct help text for mapper.") void Should_ReturnCorrectHelpText_ForMapper() { - assertThat(mapper.getHelpText()).isNotBlank() - .isEqualTo("An AKHQ ACL mapper for Keycloak to transition from AKHQ version 0.24.x to 0.25.x and above."); + String expectedHelpText = "An AKHQ ACL mapper for Keycloak to transition from AKHQ version 0.24.x to 0.25.x and above."; + + assertThat(akhqAclMapper.getHelpText()).isNotBlank() + .isEqualTo(expectedHelpText); } @Test @DisplayName("Should return correct id for mapper.") void Should_ReturnCorrectId_ForMapper() { - assertThat(mapper.getId()).isNotBlank() - .isEqualTo("stevenjdh-akhq-acl-mapper"); + String expectedId = "stevenjdh-akhq-acl-mapper"; + + assertThat(akhqAclMapper.getId()).isNotBlank() + .isEqualTo(expectedId); } @Test @DisplayName("Should return correct priority for mapper.") void Should_ReturnCorrectPriority_ForMapper() { - assertThat(mapper.getPriority()).isNotZero() - .isEqualTo(50); + int expectedPriority = 50; + + assertThat(akhqAclMapper.getPriority()).isNotZero() + .isEqualTo(expectedPriority); } @Test @@ -109,7 +119,7 @@ void Should_HaveStandardPropertiesConfigured_ForMapper() { List expectedConfigProperties = List.of(TOKEN_CLAIM_NAME, INCLUDE_IN_ID_TOKEN, INCLUDE_IN_ACCESS_TOKEN, INCLUDE_IN_LIGHTWEIGHT_ACCESS_TOKEN, INCLUDE_IN_USERINFO); - List configPropertyNames = mapper.getConfigProperties().stream() + List configPropertyNames = akhqAclMapper.getConfigProperties().stream() .map(ProviderConfigProperty::getName) .toList(); @@ -123,19 +133,17 @@ void Should_AddCustomClaimToIdToken_When_TokenTransformationRuns() { when(mockUserSession.getUser()) .thenReturn(mockUser); - var transformedToken = mapper.transformIDToken(new IDToken(), PROTOCOL_MAPPER_MODEL, + var transformedToken = akhqAclMapper.transformIDToken(new IDToken(), PROTOCOL_MAPPER, null, mockUserSession, null); assertThat(transformedToken.getOtherClaims()).isNotEmpty() - .containsKey(CLAIM_NAME); + .containsKey(CLAIM_NAME_KEY); } @Test @DisplayName("Should set custom claim with ACLs when user group has attributes configured.") void Should_SetCustomClaimWithAcls_When_UserGroupHasAttributesConfigured() { var token = new IDToken(); - var mockGroup = mock(GroupModel.class); - List> claimEntries = List.of( Map.of("role", "topic-reader", "patterns", List.of("moe.*")), Map.of("role", "group-reader", "patterns", List.of("larry.*")), @@ -143,7 +151,6 @@ void Should_SetCustomClaimWithAcls_When_UserGroupHasAttributesConfigured() { Map.of("role", "registry-reader", "patterns", List.of(".*")), Map.of("role", "acl-reader", "patterns", List.of(".*")) ); - Map expectedClaimValue = Map.of("foobar-group", claimEntries); when(mockGroup.getName()) @@ -159,18 +166,16 @@ void Should_SetCustomClaimWithAcls_When_UserGroupHasAttributesConfigured() { when(mockUserSession.getUser()) .thenReturn(mockUser); - mapper.setClaim(token, PROTOCOL_MAPPER_MODEL, mockUserSession, null, null); + akhqAclMapper.setClaim(token, PROTOCOL_MAPPER, mockUserSession, null, null); assertThat(token.getOtherClaims()).isNotEmpty() - .containsEntry(CLAIM_NAME, expectedClaimValue); + .containsEntry(CLAIM_NAME_KEY, expectedClaimValue); } @Test @DisplayName("Should set custom claim without ACLs when user group attributes are not configured.") void Should_SetCustomClaimWithoutAcls_When_UserGroupAttributesAreNotConfigured() { var token = new IDToken(); - var mockGroup = mock(GroupModel.class); - Map expectedClaimValue = Map.of(); when(mockGroup.getName()) @@ -180,18 +185,16 @@ void Should_SetCustomClaimWithoutAcls_When_UserGroupAttributesAreNotConfigured() when(mockUserSession.getUser()) .thenReturn(mockUser); - mapper.setClaim(token, PROTOCOL_MAPPER_MODEL, mockUserSession, null, null); + akhqAclMapper.setClaim(token, PROTOCOL_MAPPER, mockUserSession, null, null); assertThat(token.getOtherClaims()).isNotEmpty() - .containsEntry(CLAIM_NAME, expectedClaimValue); + .containsEntry(CLAIM_NAME_KEY, expectedClaimValue); } @Test @DisplayName("Should skip adding an ACL for each user group attribute that is null or blank.") void Should_SkipAddingAnAcl_ForEachUserGroupAttributeThatIsNullOrBlank() { var token = new IDToken(); - var mockGroup = mock(GroupModel.class); - Map expectedClaimValue = Map.of(); when(mockGroup.getName()) @@ -207,27 +210,27 @@ void Should_SkipAddingAnAcl_ForEachUserGroupAttributeThatIsNullOrBlank() { when(mockUserSession.getUser()) .thenReturn(mockUser); - mapper.setClaim(token, PROTOCOL_MAPPER_MODEL, mockUserSession, null, null); + akhqAclMapper.setClaim(token, PROTOCOL_MAPPER, mockUserSession, null, null); assertThat(token.getOtherClaims()).isNotEmpty() - .containsEntry(CLAIM_NAME, expectedClaimValue); + .containsEntry(CLAIM_NAME_KEY, expectedClaimValue); } @Test @DisplayName("Should not set custom claim when claim name is not configured.") void Should_NotSetCustomClaim_When_ClaimNameIsNotConfigured() { var token = new IDToken(); - var protocolMapperModel = new ProtocolMapperModel(); - protocolMapperModel.setConfig(Map.of(INCLUDE_IN_ID_TOKEN, Boolean.toString(true))); + var protocolMapper = new ProtocolMapperModel(); + protocolMapper.setConfig(Map.of(INCLUDE_IN_ID_TOKEN, Boolean.toString(true))); when(mockUser.getGroupsStream()) - .thenReturn(Stream.of()); + .thenReturn(Stream.empty()); when(mockUserSession.getUser()) .thenReturn(mockUser); - mapper.setClaim(token, protocolMapperModel, mockUserSession, null, null); + akhqAclMapper.setClaim(token, protocolMapper, mockUserSession, null, null); assertThat(token.getOtherClaims()) - .doesNotContainKey(CLAIM_NAME); + .doesNotContainKey(CLAIM_NAME_KEY); } }