Commit 396828f8 authored by p.jbowden's avatar p.jbowden
Browse files

update to cpabe_server 2.0.6

* create a new confidential client in the keycloak realm export
* configure cpabe-server to use this client
* reconfigure all other services to use the public client
parent 6cc02920
Pipeline #237188 passed with stage
in 39 seconds
......@@ -172,10 +172,12 @@ KEYCLOAK_PROXY_ADDRESS_FORWARDING=true
# keycloak data to provision manually (see README.md)
KEYCLOAK_REALM=snet
KEYCLOAK_RESOURCE=calls-gateway
KEYCLOAK_RESOURCE_SECRET=supersecret
KEYCLOAK_PUBLIC_CLIENT=calls-gateway
KEYCLOAK_PUBLIC_CLIENT_SECRET=supersecret # this value is just here so the client has pre-defined secret incase we ever want to switch it to confidential mode for any reason
KEYCLOAK_REALM_ADMIN_USER=dev
KEYCLOAK_REALM_ADMIN_PASSWORD=password
KEYCLOAK_CPABE_CLIENT=cpabe-server
KEYCLOAK_CPABE_CLIENT_SECRET=supersecret
# --- REGISTRATION_AUTHORITY --- #
......@@ -316,3 +318,10 @@ XNAT_CATALINA_OPTS="-Xms128m -Xmx2048m -Dxnat.home=${XNAT_HOME} -agentlib:jdwp=t
TEST_PROJECT=asclepiostestproject
TEST_KEYCLOAK_USER=testrunner
TEST_KEYCLOAK_PASSWORD=password
#CPABE_PUBLIC_KEY=AAABZ3R5cGUgYQpxIDg3ODA3MTA3OTk2NjMzMTI1MjI0Mzc3ODE5ODQ3NTQwNDk4MTU4MDY4ODMxOTk0MTQyMDgyMTEwMjg2NTMzOTkyNjY0NzU2MzA4ODAyMjI5NTcwNzg2MjUxNzk0MjI2NjIyMjE0MjMxNTU4NTg3Njk1ODIzMTc0NTkyNzc3MTMzNjczMTc0ODEzMjQ5MjUxMjk5OTgyMjQ3OTEKaCAxMjAxNjAxMjI2NDg5MTE0NjA3OTM4ODgyMTM2Njc0MDUzNDIwNDgwMjk1NDQwMTI1MTMxMTgyMjkxOTYxNTEzMTA0NzIwNzI4OTM1OTcwNDUzMTEwMjg0NDgwMjE4MzkwNjUzNzc4Njc3NgpyIDczMDc1MDgxODY2NTQ1MTYyMTM2MTExOTI0NTU3MTUwNDkwMTQwNTk3NjU1OTYxNwpleHAyIDE1OQpleHAxIDEwNwpzaWduMSAxCnNpZ24wIDEKAAAAgFT6/ewlA9ebVp9rH3FrMl8jjcZeIaLqIOUWH0kbC5Cp0duwpkJnBkV2TpbNOK/AzLMtdwlg4PtDH57CtBy+mF0zm0MsWbDDIgriRNWx/1/MP6+VCwg8Tk5K5O113Vcohu00HtF6nEuv+KQ5IN41bKxVBGbfAoSoEA+aajT8SAXAAAAAgCCXNvTwGbcXNCaro0YE3N95dd4OliqTJf5BT9iCD9xm8t94BOnTrDmHb0gao4F6dPF0y254CxeomEGR5k5PlqaYLrm5Ncett7baMSuXjCuPQvC7W/x9wn4PhnC+F7B52vnbgpLbILGKcZJMu3cz+qbEWiQFVI9ty5oPHtC97YV7AAAAgCoaGJCdP4WMmEP3/MvHTkzNH+YuOpwOwKnoN+y+6IZEVjT1Nm2MnRB6gyhz4QWVexk0UTXzWAb5M4lp/6lM0hUaSOxv49rufJeeHsGUBMO7rXpkhjn4sHFAKYP/tvfJPLDSH7rFmNf3z6Pmc3SA2O00w0MWcoprOuO8fjQSaZG+AAAAgJ1bhn48TUZEH+Puv313gB2ujD/WPNmr8GMR991JtGiG8L/WgUqPNHpX4PLmzkDhO6a8Wt5h3unMuI9jMsUjX7oTng6I7DQTnE15Ws9jo8caTNAq/iCxfzNGlbaB6VGFI04K+TSGuCfdCmYTQ2biiIrjgM03yMUTxsUB8F9W57ty
#CPABE_MASTER_KEY=AAAAFD3/m1YKeHfeHxgRjpmWDmo1SAkwAAAAgJH6Z/MSMNr4yU7VCDw3RlqsiyImXlX2bF9Mzr7EH7iRKFQLPUmZnAcReGThOl8GrFZ5w8WMwdZ+aHnRw52is0pX9WuRZo+fKyyI7jlkNN/wUw2PyD2xUxQQM8vu0bXajNp0Z4PWt4KNGomoqxjgx0erAYlK1i0so1us1y7hE6OA
{{ .Env.CPABE_MASTER_KEY }}
{{ .Env.CPABE_PUBLIC_KEY }}
......@@ -9,7 +9,7 @@ disableUsernamePasswordLogin=false
enabled=keycloak
siteUrl={{ .Env.XNAT_ADMIN_URL }}
preEstablishedRedirUri=/openid-login
openid.keycloak.clientId=calls-gateway
openid.keycloak.clientId={{ .Env.KEYCLOAK_PUBLIC_CLIENT }}
openid.keycloak.clientSecret=
openid.keycloak.accessTokenUri={{ .Env.KEYCLOAK_AUTH_ENDPOINT }}/realms/snet/protocol/openid-connect/token
openid.keycloak.userAuthUri={{ .Env.KEYCLOAK_AUTH_ENDPOINT }}/realms/snet/protocol/openid-connect/auth
......
......@@ -80,6 +80,16 @@
}
],
"client": {
"{{ .Env.KEYCLOAK_CPABE_CLIENT }}": [
{
"id": "ce47bd97-cde5-4068-9550-ecb0cd97de2c",
"name": "uma_protection",
"composite": false,
"clientRole": true,
"containerId": "2d2774d5-288b-43ef-ac96-268b200a0849",
"attributes": {}
}
],
"realm-management": [
{
"id": "8988ac61-bc47-4e6c-8e7d-12f5f3c9ed13",
......@@ -292,7 +302,7 @@
"attributes": {}
}
],
"{{ .Env.KEYCLOAK_RESOURCE }}": [],
"{{ .Env.KEYCLOAK_PUBLIC_CLIENT }}": [],
"security-admin-console": [],
"admin-cli": [],
"account-console": [],
......@@ -475,9 +485,54 @@
},
"notBefore": 0,
"groups": []
},
{
"id": "0a04fff7-52fd-4427-b3ee-0e46cd794cec",
"createdTimestamp": 1630344138940,
"username": "service-account-{{ .Env.KEYCLOAK_CPABE_CLIENT }}",
"enabled": true,
"totp": false,
"emailVerified": false,
"serviceAccountClientId": "{{ .Env.KEYCLOAK_CPABE_CLIENT }}",
"credentials": [],
"disableableCredentialTypes": [],
"requiredActions": [],
"realmRoles": [
"member"
],
"clientRoles": {
"{{ .Env.KEYCLOAK_CPABE_CLIENT }}": [
"uma_protection"
],
"realm-management": [
"view-users"
],
"account": [
"view-profile",
"manage-account"
]
},
"notBefore": 0,
"groups": []
}
],
"scopeMappings": [
{
"client": "{{ .Env.KEYCLOAK_CPABE_CLIENT }}",
"roles": [
"member"
]
}
],
"clientScopeMappings": {
"realm-management": [
{
"client": "{{ .Env.KEYCLOAK_CPABE_CLIENT }}",
"roles": [
"view-users"
]
}
],
"account": [
{
"client": "account-console",
......@@ -670,14 +725,14 @@
},
{
"id": "dd93430b-5fc4-4269-899d-672cb476154e",
"clientId": "{{ .Env.KEYCLOAK_RESOURCE }}",
"clientId": "{{ .Env.KEYCLOAK_PUBLIC_CLIENT }}",
"rootUrl": "{{ .Env.APP_BASE_URL }}",
"adminUrl": "{{ .Env.APP_BASE_URL }}",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "{{ .Env.KEYCLOAK_RESOURCE_SECRET }}",
"secret": "{{ .Env.KEYCLOAK_PUBLIC_CLIENT_SECRET }}",
"redirectUris": [
"{{ .Env.SSE_SERVER_BASE_URL }}/*",
"{{ .Env.SSE_TA_BASE_URL }}/*",
......@@ -785,6 +840,151 @@
"microprofile-jwt"
]
},
{
"id": "2d2774d5-288b-43ef-ac96-268b200a0849",
"clientId": "{{ .Env.KEYCLOAK_CPABE_CLIENT }}",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "{{ .Env.KEYCLOAK_CPABE_CLIENT_SECRET }}",
"redirectUris": [
"*"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": true,
"authorizationServicesEnabled": true,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.assertion.signature": "false",
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"saml.encrypt": "false",
"backchannel.logout.revoke.offline.tokens": "false",
"saml.server.signature": "false",
"saml.server.signature.keyinfo.ext": "false",
"exclude.session.state.from.auth.response": "false",
"backchannel.logout.session.required": "true",
"client_credentials.use_refresh_token": "false",
"saml_force_name_id_format": "false",
"saml.client.signature": "false",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": -1,
"protocolMappers": [
{
"id": "71cc5256-a588-4639-81a1-eff37e9bd86a",
"name": "Client Host",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientHost",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientHost",
"jsonType.label": "String"
}
},
{
"id": "19c589d2-f84c-4771-aab9-cb3c6d3e415e",
"name": "Client ID",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientId",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientId",
"jsonType.label": "String"
}
},
{
"id": "390359e4-94d3-4119-9da7-fae335414e44",
"name": "Client IP Address",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientAddress",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientAddress",
"jsonType.label": "String"
}
}
],
"defaultClientScopes": [
"web-origins",
"role_list",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"authorizationSettings": {
"allowRemoteResourceManagement": true,
"policyEnforcementMode": "ENFORCING",
"resources": [
{
"name": "Default Resource",
"type": "urn:{{ .Env.KEYCLOAK_CPABE_CLIENT }}:resources:default",
"ownerManagedAccess": false,
"attributes": {},
"_id": "823c08e0-58d0-422f-8943-41e36d5b8ec9",
"uris": [
"/*"
]
}
],
"policies": [
{
"id": "979d1384-da51-4514-a01e-0ca36e83b2ef",
"name": "Default Policy",
"description": "A policy that grants access only for users within this realm",
"type": "js",
"logic": "POSITIVE",
"decisionStrategy": "AFFIRMATIVE",
"config": {
"code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n"
}
},
{
"id": "c1665825-2aab-4bd8-bae9-fcdc5b19091a",
"name": "Default Permission",
"description": "A permission that applies to the default resource type",
"type": "resource",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"defaultResourceType": "urn:{{ .Env.KEYCLOAK_CPABE_CLIENT }}:resources:default",
"applyPolicies": "[\"Default Policy\"]"
}
}
],
"scopes": [],
"decisionStrategy": "UNANIMOUS"
}
},
{
"id": "f6e73c61-a638-41b0-ad5c-97938399edc0",
"clientId": "realm-management",
......
......@@ -138,7 +138,8 @@ generate_secret "ABAC_SERVER_KEYSTORE_PASSWORD"
generate_secret "KEYCLOAK_ADMIN_PASSWORD"
generate_secret "KEYCLOAK_DB_PASSWORD"
generate_secret "KEYCLOAK_DB_ROOT_PASSWORD"
generate_secret "KEYCLOAK_RESOURCE_SECRET"
generate_secret "KEYCLOAK_PUBLIC_SECRET"
generate_secret "KEYCLOAK_CPABE_CLIENT_SECRET"
generate_secret "KEYCLOAK_REALM_ADMIN_PASSWORD"
generate_secret "ABAC_ZUUL_PROXY_PDP_JWT_SECRET"
generate_secret "SSE_DB_PASSWORD"
......@@ -252,6 +253,13 @@ render_tpl "$DIRECTORY/conf-tpl/zuul.application.yml.tpl" "$DIRECTORY/conf/zuul.
render_tpl "$DIRECTORY/conf-tpl/zuul.authorization-client.properties.tpl" "$DIRECTORY/conf/zuul.authorization-client.properties"
# render_tpl "$DIRECTORY/conf-tpl/cpabe_master_key.b64.tpl" "$DIRECTORY/conf/cpabe_master_key.b64"
# render_tpl "$DIRECTORY/conf-tpl/cpabe_public_key.b64.tpl" "$DIRECTORY/conf/cpabe_public_key.b64"
#
# echo "base64 decoding cpabe_master_key..."
# base64 -d $DIRECTORY/conf/cpabe_master_key.b64 > $DIRECTORY/conf/cpabe_master_key
# echo "base64 decoding cpabe_public_key..."
# base64 -d $DIRECTORY/conf/cpabe_public_key.b64 > $DIRECTORY/conf/cpabe_public_key
# ----- done -----
......
......@@ -40,7 +40,7 @@ services:
KEYCLOAK_ENABLED: ${ABAC_ZUUL_PROXY_KEYCLOAK_ENABLED}
KEYCLOAK_URL: ${INTERNAL_KEYCLOAK_PROTOCOL}://${INTERNAL_KEYCLOAK_HOST}:${INTERNAL_KEYCLOAK_PORT}/auth
KEYCLOAK_REALM: ${KEYCLOAK_REALM}
KEYCLOAK_RESOURCE: ${KEYCLOAK_RESOURCE}
KEYCLOAK_RESOURCE: ${KEYCLOAK_PUBLIC_CLIENT}
VIRTUAL_HOST: ${ZUUL_HOST}
VIRTUAL_PORT: ${INTERNAL_ZUUL_PORT}
expose:
......
......@@ -23,7 +23,7 @@ services:
- keycloak-db
entrypoint: >
sh -c "/opt/jboss/keycloak/bin/add-user-keycloak.sh -r master -u $$KEYCLOAK_ADMIN_USER -p $$KEYCLOAK_ADMIN_PASSWORD
&& /opt/jboss/tools/docker-entrypoint.sh -b 0.0.0.0 -Djboss.http.port=8181"
&& /opt/jboss/tools/docker-entrypoint.sh -b 0.0.0.0 -Djboss.http.port=8181 -Dkeycloak.profile.feature.upload_scripts=enabled"
environment:
KEYCLOAK_ADMIN_USER: ${KEYCLOAK_ADMIN_USER}
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
......@@ -54,7 +54,7 @@ services:
AZ_CALL_DISABLED: ${KEYTRAY_AZ_CALL_DISABLED}
KEYCLOAK_URL: ${INTERNAL_KEYCLOAK_PROTOCOL}://${INTERNAL_KEYCLOAK_HOST}:${INTERNAL_KEYCLOAK_PORT}/auth
KEYCLOAK_REALM: ${KEYCLOAK_REALM}
KEYCLOAK_CLIENT: ${KEYCLOAK_RESOURCE}
KEYCLOAK_CLIENT: ${KEYCLOAK_PUBLIC_CLIENT}
KEYCLOAK_ADMIN_USERNAME: ${KEYCLOAK_ADMIN_USER}
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
VIRTUAL_HOST: ${REGISTRATION_AUTHORITY_HOST}
......@@ -96,7 +96,7 @@ services:
DATABASE_PSW: ${KEYTRAY_DATABASE_ROOT_PASSWORD}
KEYCLOAK_URL: ${INTERNAL_KEYCLOAK_PROTOCOL}://${INTERNAL_KEYCLOAK_HOST}:${INTERNAL_KEYCLOAK_PORT}/auth
KEYCLOAK_REALM: ${KEYCLOAK_REALM}
KEYCLOAK_CLIENT: ${KEYCLOAK_RESOURCE}
KEYCLOAK_CLIENT: ${KEYCLOAK_PUBLIC_CLIENT}
AZ_CALL_DISABLED: ${KEYTRAY_AZ_CALL_DISABLED}
networks:
- snet-asclepios
......
......@@ -2,19 +2,15 @@ version: '3'
services:
cpabe-server:
image: registry.gitlab.com/asclepios-project/cpabe_server:abac-removal
image: registry.gitlab.com/asclepios-project/cpabe_server:2.0.6_http
container_name: cpabe-server
environment:
PORT: ${CPABE_SERVER_PORT}
MODE: ${CPABE_SERVER_MODE}
AZ_CLIENT_TRUST_STORE_FILE: ${COMMON_TRUSTSTORE_FILE}
AZ_CLIENT_TRUST_STORE_PASSWORD: ${COMMON_TRUSTSTORE_PASSWORD}
KEYCLOAK_URL: ${INTERNAL_KEYCLOAK_PROTOCOL}://${INTERNAL_KEYCLOAK_HOST}:${INTERNAL_KEYCLOAK_PORT}/auth
KEYCLOAK_REALM: ${KEYCLOAK_REALM}
KEYCLOAK_CLIENT: ${KEYCLOAK_RESOURCE}
KEYCLOAK_SECRET: ${KEYCLOAK_RESOURCE_SECRET}
KEYCLOAK_ADMIN_USERNAME: ${KEYCLOAK_ADMIN_USER}
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
KEYCLOAK_CLIENT: ${KEYCLOAK_CPABE_CLIENT}
KEYCLOAK_SECRET: ${KEYCLOAK_CPABE_CLIENT_SECRET}
KEYTRAY_URL: ${INTERNAL_KEYTRAY_PROTOCOL}://${INTERNAL_KEYTRAY_HOST}:${INTERNAL_KEYTRAY_PORT}/api/v1
KEYCLOAK_CORS: ${CPABE_SERVER_KEYCLOAK_CORS}
expose:
......@@ -25,7 +21,6 @@ services:
- snet-asclepios
volumes:
- ../policies/ABEPolicy.txt:/policy/ABEPolicy.txt
- ../certs/common/common-truststore.p12:/etc/certs/common-truststore.p12
- ../conf/cpabe_public_key:/cpabe/demo/cpabe/public_key
networks:
......
......@@ -133,7 +133,8 @@ services:
PGPASSWORD: ${XNAT_DATASOURCE_PASSWORD}
# browser client settings
XNAT_API_URL: ${XNAT_API_URL}
KEYCLOAK_HOST: ${KEYCLOAK_PROTOCOL}://${KEYCLOAK_HOST}:${KEYCLOAK_PORT} # fix me, use KEYCLOAK_BASE_URL in snet-asclepios-search
KEYCLOAK_HOST: ${KEYCLOAK_BASE_URL}
KEYCLOAK_PUBLIC_CLIENT: ${KEYCLOAK_PUBLIC_CLIENT}
TA_URL: ${SSE_TA_BASE_URL}
SSE_URL: ${SSE_SERVER_BASE_URL}
CP_ABE_URL: ${CPABE_SERVER_BASE_URL}
......
......@@ -65,7 +65,7 @@ if __name__ == '__main__':
access_token = get_keycloak_access_token(
env.KEYCLOAK_AUTH_ENDPOINT,
env.KEYCLOAK_REALM,
env.KEYCLOAK_RESOURCE,
env.KEYCLOAK_PUBLIC_CLIENT,
env.KEYCLOAK_REALM_ADMIN_USER,
env.KEYCLOAK_REALM_ADMIN_PASSWORD,
)
......
......@@ -5,7 +5,7 @@ from . import env
from .lib.keycloak import get_keycloak_access_token
from .lib.registration_authority import add_user_with_cpabe_key, edit_user_and_regen_cpabe_key
keycloak_env = [env.KEYCLOAK_AUTH_ENDPOINT, env.KEYCLOAK_REALM, env.KEYCLOAK_RESOURCE, env.KEYCLOAK_REALM_ADMIN_USER, env.KEYCLOAK_REALM_ADMIN_PASSWORD]
keycloak_env = [env.KEYCLOAK_AUTH_ENDPOINT, env.KEYCLOAK_REALM, env.KEYCLOAK_PUBLIC_CLIENT, env.KEYCLOAK_REALM_ADMIN_USER, env.KEYCLOAK_REALM_ADMIN_PASSWORD]
if __name__ == '__main__':
......
......@@ -19,7 +19,7 @@ class TestKeyCloak(unittest.TestCase):
res = do_keycloak_api_authentication(
env.KEYCLOAK_AUTH_ENDPOINT,
env.KEYCLOAK_REALM,
env.KEYCLOAK_RESOURCE,
env.KEYCLOAK_PUBLIC_CLIENT,
env.TEST_KEYCLOAK_USER,
env.TEST_KEYCLOAK_PASSWORD
)
......
......@@ -7,7 +7,7 @@ from .. import env
from ..lib.keycloak import get_keycloak_access_token
from ..lib.registration_authority import add_user_with_cpabe_key, get_users, edit_user_and_regen_cpabe_key
keycloak_env = [env.KEYCLOAK_AUTH_ENDPOINT, env.KEYCLOAK_REALM, env.KEYCLOAK_RESOURCE, env.TEST_KEYCLOAK_USER, env.TEST_KEYCLOAK_PASSWORD]
keycloak_env = [env.KEYCLOAK_AUTH_ENDPOINT, env.KEYCLOAK_REALM, env.KEYCLOAK_PUBLIC_CLIENT, env.TEST_KEYCLOAK_USER, env.TEST_KEYCLOAK_PASSWORD]
class TestRegistrationAuthority(unittest.TestCase):
......
......@@ -11,7 +11,7 @@ from ..lib.keycloak import get_keycloak_access_token
from ..lib.registration_authority import edit_user_and_regen_cpabe_key
from ..lib.cpabe_server import set_cpabe_policy, get_current_cpabe_policy, encrypt_and_upload_sse_keys, download_and_decrypt_sse_keys
keycloak_env = [env.KEYCLOAK_AUTH_ENDPOINT, env.KEYCLOAK_REALM, env.KEYCLOAK_RESOURCE, env.TEST_KEYCLOAK_USER, env.TEST_KEYCLOAK_PASSWORD]
keycloak_env = [env.KEYCLOAK_AUTH_ENDPOINT, env.KEYCLOAK_REALM, env.KEYCLOAK_PUBLIC_CLIENT, env.TEST_KEYCLOAK_USER, env.TEST_KEYCLOAK_PASSWORD]
# for storing keyid returned by encrypt_and_upload_sse_keys
state = {}
......
......@@ -5,7 +5,7 @@ from .. import env
from ..lib.http import request
from ..lib.keycloak import get_keycloak_access_token
keycloak_env = [env.KEYCLOAK_AUTH_ENDPOINT, env.KEYCLOAK_REALM, env.KEYCLOAK_RESOURCE, env.TEST_KEYCLOAK_USER, env.TEST_KEYCLOAK_PASSWORD]
keycloak_env = [env.KEYCLOAK_AUTH_ENDPOINT, env.KEYCLOAK_REALM, env.KEYCLOAK_PUBLIC_CLIENT, env.TEST_KEYCLOAK_USER, env.TEST_KEYCLOAK_PASSWORD]
class TestKeyTray(unittest.TestCase):
......
......@@ -5,7 +5,7 @@ from .. import env
from ..lib.http import request
from ..lib.keycloak import get_keycloak_access_token
keycloak_env = [env.KEYCLOAK_AUTH_ENDPOINT, env.KEYCLOAK_REALM, env.KEYCLOAK_RESOURCE, env.TEST_KEYCLOAK_USER, env.TEST_KEYCLOAK_PASSWORD]
keycloak_env = [env.KEYCLOAK_AUTH_ENDPOINT, env.KEYCLOAK_REALM, env.KEYCLOAK_PUBLIC_CLIENT, env.TEST_KEYCLOAK_USER, env.TEST_KEYCLOAK_PASSWORD]
class TestSSE(unittest.TestCase):
......
......@@ -5,7 +5,7 @@ from . import env
from .lib.keycloak import get_keycloak_access_token
from .lib.registration_authority import add_user_with_cpabe_key, edit_user_and_regen_cpabe_key
keycloak_env = [env.KEYCLOAK_AUTH_ENDPOINT, env.KEYCLOAK_REALM, env.KEYCLOAK_RESOURCE, env.KEYCLOAK_REALM_ADMIN_USER, env.KEYCLOAK_REALM_ADMIN_PASSWORD]
keycloak_env = [env.KEYCLOAK_AUTH_ENDPOINT, env.KEYCLOAK_REALM, env.KEYCLOAK_PUBLIC_CLIENT, env.KEYCLOAK_REALM_ADMIN_USER, env.KEYCLOAK_REALM_ADMIN_PASSWORD]
if __name__ == '__main__':
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment