[tests-only][full-ci]Run more e2e tests on keycloak (#10961)

* Run user and space related test on keycloak ci * run keycloak test only * try work around * unassgin role before reassgin
owncloud · May 31, 2024 · a8a905e · a8a905e
1 parent caf0fcf
commit a8a905e
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 4 deletions.
diff --git a/.drone.star b/.drone.star
@@ -1856,6 +1856,11 @@ def keycloakService():
     ]
 
 def e2eTestsOnKeycloak(ctx):
+    e2e_Keycloak_tests = [
+        "journeys",
+        "admin-settings/users.feature:20",
+    ]
+
     e2e_volumes = [
         {
             "name": "uploads",
@@ -1907,7 +1912,8 @@ def e2eTestsOnKeycloak(ctx):
                          "KEYCLOAK_HOST": "keycloak:8443",
                      },
                      "commands": [
-                         "pnpm test:e2e:cucumber tests/e2e/cucumber/features/journeys",
+                         "cd tests/e2e",
+                         "bash run-e2e.sh %s" % " ".join(["cucumber/features/" + tests for tests in e2e_Keycloak_tests]),
                      ],
                  },
              ] + \

diff --git a/tests/e2e/cucumber/steps/api.ts b/tests/e2e/cucumber/steps/api.ts
@@ -22,6 +22,15 @@ Given(
     const admin = this.usersEnvironment.getUser({ key: stepUser })
     for await (const info of stepTable.hashes()) {
       const user = this.usersEnvironment.getUser({ key: info.id })
+      /**
+         The oCIS API request for assigning roles allows only one role per user,
+         whereas the Keycloak API request can assign multiple roles to a user.
+         If multiple roles are assigned to a user in Keycloak,
+         oCIS map the highest priority role among Keycloak assigned roles.
+         Therefore, we need to unassign the previous role before
+         assigning a new one when using the Keycloak API.
+      */
+      await api.provision.unAssignRole({ admin, user })
       await api.provision.assignRole({ admin, user, role: info.role })
     }
   }

diff --git a/tests/e2e/support/api/keycloak/user.ts b/tests/e2e/support/api/keycloak/user.ts
@@ -46,11 +46,12 @@ export const createUser = async ({ user, admin }: { user: User; admin: User }):
   const uuid = getUserIdFromResponse(creationRes)
 
   // assign realmRoles to user
-  const roleRes = await assignRole({ admin, uuid, role: 'User' })
+  const defaultNewUserRole = 'User'
+  const roleRes = await assignRole({ admin, uuid, role: defaultNewUserRole })
   checkResponseStatus(roleRes, 'Failed while assigning roles to user')
 
   const usersEnvironment = new UsersEnvironment()
-  usersEnvironment.storeCreatedUser({ user: { ...user, uuid } })
+  usersEnvironment.storeCreatedUser({ user: { ...user, uuid, role: defaultNewUserRole } })
 
   // initialize user
   await initializeUser(user.id)
@@ -67,6 +68,7 @@ export const assignRole = async ({
   uuid: string
   role: string
 }) => {
+  // can assign multiple realm role at once
   return request({
     method: 'POST',
     path: join(realmBasePath, 'users', uuid, 'role-mappings', 'realm'),
@@ -79,6 +81,27 @@ export const assignRole = async ({
   })
 }
 
+export const unAssignRole = async ({
+  admin,
+  uuid,
+  role
+}: {
+  admin: User
+  uuid: string
+  role: string
+}) => {
+  // can't unassign multiple realm roles at once
+  const response = await request({
+    method: 'DELETE',
+    path: join(realmBasePath, 'users', uuid, 'role-mappings', 'realm'),
+    body: JSON.stringify([await getRealmRole(ocisKeycloakUserRoles[role], admin)]),
+    user: admin,
+    header: { 'Content-Type': 'application/json' }
+  })
+  checkResponseStatus(response, 'Can not delete existing role ')
+  return response
+}
+
 const initializeUser = async (username: string): Promise<void> => {
   return await getTokenFromLogin({
     browser: state.browser,

diff --git a/tests/e2e/support/api/provision/user.ts b/tests/e2e/support/api/provision/user.ts
@@ -8,7 +8,8 @@ import {
 import {
   createUser as keycloakCreateUser,
   deleteUser as keycloakDeleteUser,
-  assignRole as keycloakAssignRole
+  assignRole as keycloakAssignRole,
+  unAssignRole as keycloakUnAssignRole
 } from '../keycloak'
 import { config } from '../../../config'
 import { UsersEnvironment } from '../../environment'
@@ -45,3 +46,11 @@ export const assignRole = async ({
     await graphAssignRole(admin, id, role)
   }
 }
+
+export const unAssignRole = async ({ admin, user }: { admin: User; user: User }): Promise<void> => {
+  if (config.keycloak) {
+    const usersEnvironment = new UsersEnvironment()
+    const createdUser = usersEnvironment.getCreatedUser({ key: user.id })
+    await keycloakUnAssignRole({ admin, uuid: createdUser.uuid, role: createdUser.role })
+  }
+}
diff --git a/tests/e2e/support/types.ts b/tests/e2e/support/types.ts
@@ -27,6 +27,7 @@ export interface User {
   displayName: string
   password: string
   email: string
+  role?: string
 }
 
 export interface File {