Adding JWT Mock and Keycloak docker mock

Author: sumesh-aot

.github/workflows/forms-flow-api-ci.yml

@@ -58,25 +58,24 @@ jobs:
       FLASK_ENV: "testing"
       DATABASE_URL_TEST: "postgresql://postgres:postgres@localhost:5432/postgres"
       FORMSFLOW_API_URL: "http://localhost:5000"
-      KEYCLOAK_URL: ${{ secrets.KEYCLOAK_URL }}
-      KEYCLOAK_URL_REALM: ${{ secrets.KEYCLOAK_URL_REALM }}
-      KEYCLOAK_BPM_CLIENT_SECRET: ${{ secrets.KEYCLOAK_BPM_CLIENT_SECRET }}
-      CAMUNDA_API_URL: ${{ secrets.CAMUNDA_API_URL }}
-      JWT_OIDC_WELL_KNOWN_CONFIG: ${{ secrets.JWT_OIDC_WELL_KNOWN_CONFIG }}
+      KEYCLOAK_URL: "http://localhost:8081"
+      KEYCLOAK_URL_REALM: "forms-flow-ai"
+      KEYCLOAK_BPM_CLIENT_SECRET: "demo"
+      JWT_OIDC_WELL_KNOWN_CONFIG: "http://localhost:8081/auth/realms/forms-flow-ai/.well-known/openid-configuration"
       JWT_OIDC_ALGORITHMS: "RS256"
-      JWT_OIDC_JWKS_URI: ${{ secrets.JWT_OIDC_JWKS_URI }}
-      JWT_OIDC_ISSUER: ${{ secrets.JWT_OIDC_ISSUER }}
-      JWT_OIDC_AUDIENCE: ${{ secrets.JWT_OIDC_AUDIENCE }}
+      JWT_OIDC_JWKS_URI: "http://localhost:8081/auth/realms/forms-flow-ai/protocol/openid-connect/certs"
+      JWT_OIDC_ISSUER: "http://localhost:8081/auth/realms/forms-flow-ai"
+      JWT_OIDC_AUDIENCE: "forms-flow-web"
       JWT_OIDC_CACHING_ENABLED: "True"
       BPM_API_BASE: ${{ secrets.BPM_API_BASE }}
-      BPM_CLIENT_SECRET: ${{ secrets.BPM_CLIENT_SECRET }}
-      BPM_CLIENT_ID: ${{ secrets.BPM_CLIENT_ID }}
-      BPM_TOKEN_API: ${{ secrets.BPM_TOKEN_API }}
-      TEST_REVIEWER_USERID: ${{ secrets.TEST_REVIEWER_USERID }}
-      TEST_REVIEWER_PASSWORD: ${{ secrets.TEST_REVIEWER_PASSWORD }}
+      BPM_CLIENT_SECRET: "demo"
+      BPM_CLIENT_ID: "forms-flow-bpm"
+      BPM_TOKEN_API: "http://localhost:8081/auth/realms/forms-flow-ai/protocol/openid-connect/token"
+      CAMUNDA_API_URL: ${{ secrets.CAMUNDA_API_URL }}
       INSIGHT_API_URL: ${{ secrets.INSIGHT_API_URL }}
       INSIGHT_API_KEY: ${{ secrets.INSIGHT_API_KEY }}
       SKIP_IN_CI: "True"
+      USE_DOCKER_MOCK: "True"
 
     runs-on: ubuntu-20.04
 

forms-flow-api/Makefile

@@ -52,7 +52,7 @@ build: ## Build the project with basic python dependencies
 	. venv/bin/activate ;\
 	pip install --upgrade pip ;\
 	pip install -Ur requirements.txt ;\
-	pip install -Ur requirements_dev.txt ;\
+	pip install -Ur requirements/dev.txt ;\
 	pip install -e .
 
 #################################################################################

forms-flow-api/requirements/dev.txt

@@ -14,3 +14,4 @@ pytest-cov
 pytest-it
 pyflakes
 pylint
+lovely-pytest-docker

forms-flow-api/requirements_dev.txt

@@ -1,6 +1,6 @@
 [metadata]
 name = formsflow_api
-version = 4.0.5
+version = 4.0.6
 author = aot-technologies
 classifiers =
     Development Status :: Beta
@@ -36,7 +36,7 @@ exclude = .git,*migrations*,*venv*, .eggs*
 docstring-min-length=10
 per-file-ignores =
     */__init__.py:F401,I001
-max-line-length = 88
+max-line-length = 120
 ignore = E203,E501, Q000, D401, B902, I001, I003, I004, E126, W503, W504
 
 [pycodestyle]

forms-flow-api/setup.cfg

@@ -104,17 +104,76 @@ class TestConfig(_Config):  # pylint: disable=too-few-public-methods
     # POSTGRESQL
     SQLALCHEMY_DATABASE_URI = os.getenv("DATABASE_URL_TEST")
 
-    # JWT_OIDC_TEST_MODE = True
+    JWT_OIDC_TEST_MODE = True
     # USE_TEST_KEYCLOAK_DOCKER = os.getenv("USE_TEST_KEYCLOAK_DOCKER")
 
     # JWT_OIDC Settings
     JWT_OIDC_TEST_AUDIENCE = os.getenv("JWT_OIDC_AUDIENCE")
     JWT_OIDC_TEST_ISSUER = os.getenv("JWT_OIDC_ISSUER")
     JWT_OIDC_TEST_WELL_KNOWN_CONFIG = os.getenv("JWT_OIDC_WELL_KNOWN_CONFIG")
-    JWT_OIDC_TEST_ALGORITHMS = os.getenv("JWT_OIDC_ALGORITHMS")
+    JWT_OIDC_TEST_ALGORITHMS = "RS256"
     JWT_OIDC_TEST_JWKS_URI = os.getenv("JWT_OIDC_JWKS_URI")
     JWT_OIDC_TEST_JWKS_CACHE_TIMEOUT = 6000
 
+    # Keycloak Service for BPM Camunda
+    KEYCLOAK_URL_REALM = os.getenv("KEYCLOAK_URL_REALM", default="forms-flow-ai")
+    KEYCLOAK_URL = os.getenv("KEYCLOAK_URL", default="http://localhost:8081")
+
+    # Use docker to spin up mocks
+    USE_DOCKER_MOCK = os.getenv('USE_DOCKER_MOCK', 'False').lower() == 'true'
+
+    JWT_OIDC_TEST_KEYS = {
+        "keys": [
+            {
+                "kid": JWT_OIDC_TEST_AUDIENCE,
+                "kty": "RSA",
+                "alg": "RS256",
+                "use": "sig",
+                "n": "AN-fWcpCyE5KPzHDjigLaSUVZI0uYrcGcc40InVtl-rQRDmAh-C2W8H4_Hxhr5VLc6crsJ2LiJTV_E72S03pzpOOaaYV6-"
+                "TzAjCou2GYJIXev7f6Hh512PuG5wyxda_TlBSsI-gvphRTPsKCnPutrbiukCYrnPuWxX5_cES9eStR",
+                "e": "AQAB",
+            }
+        ]
+    }
+
+    JWT_OIDC_TEST_PRIVATE_KEY_JWKS = {
+        "keys": [
+            {
+                "kid": JWT_OIDC_TEST_AUDIENCE,
+                "kty": "RSA",
+                "alg": "RS256",
+                "use": "sig",
+                "n": "AN-fWcpCyE5KPzHDjigLaSUVZI0uYrcGcc40InVtl-rQRDmAh-C2W8H4_Hxhr5VLc6crsJ2LiJTV_E72S03pzpOOaaYV6-"
+                "TzAjCou2GYJIXev7f6Hh512PuG5wyxda_TlBSsI-gvphRTPsKCnPutrbiukCYrnPuWxX5_cES9eStR",
+                "e": "AQAB",
+                "d": "C0G3QGI6OQ6tvbCNYGCqq043YI_8MiBl7C5dqbGZmx1ewdJBhMNJPStuckhskURaDwk4-"
+                "8VBW9SlvcfSJJrnZhgFMjOYSSsBtPGBIMIdM5eSKbenCCjO8Tg0BUh_"
+                "xa3CHST1W4RQ5rFXadZ9AeNtaGcWj2acmXNO3DVETXAX3x0",
+                "p": "APXcusFMQNHjh6KVD_hOUIw87lvK13WkDEeeuqAydai9Ig9JKEAAfV94W6Aftka7tGgE7ulg1vo3eJoLWJ1zvKM",
+                "q": "AOjX3OnPJnk0ZFUQBwhduCweRi37I6DAdLTnhDvcPTrrNWuKPg9uGwHjzFCJgKd8KBaDQ0X1rZTZLTqi3peT43s",
+                "dp": "AN9kBoA5o6_Rl9zeqdsIdWFmv4DB5lEqlEnC7HlAP-3oo3jWFO9KQqArQL1V8w2D4aCd0uJULiC9pCP7aTHvBhc",
+                "dq": "ANtbSY6njfpPploQsF9sU26U0s7MsuLljM1E8uml8bVJE1mNsiu9MgpUvg39jEu9BtM2tDD7Y51AAIEmIQex1nM",
+                "qi": "XLE5O360x-MhsdFXx8Vwz4304-MJg-oGSJXCK_ZWYOB_FGXFRTfebxCsSYi0YwJo-oNu96bvZCuMplzRI1liZw",
+            }
+        ]
+    }
+
+    JWT_OIDC_TEST_PRIVATE_KEY_PEM = """-----BEGIN RSA PRIVATE KEY-----
+    MIICXQIBAAKBgQDfn1nKQshOSj8xw44oC2klFWSNLmK3BnHONCJ1bZfq0EQ5gIfg
+    tlvB+Px8Ya+VS3OnK7Cdi4iU1fxO9ktN6c6TjmmmFevk8wIwqLthmCSF3r+3+h4e
+    ddj7hucMsXWv05QUrCPoL6YUUz7Cgpz7ra24rpAmK5z7lsV+f3BEvXkrUQIDAQAB
+    AoGAC0G3QGI6OQ6tvbCNYGCqq043YI/8MiBl7C5dqbGZmx1ewdJBhMNJPStuckhs
+    kURaDwk4+8VBW9SlvcfSJJrnZhgFMjOYSSsBtPGBIMIdM5eSKbenCCjO8Tg0BUh/
+    xa3CHST1W4RQ5rFXadZ9AeNtaGcWj2acmXNO3DVETXAX3x0CQQD13LrBTEDR44ei
+    lQ/4TlCMPO5bytd1pAxHnrqgMnWovSIPSShAAH1feFugH7ZGu7RoBO7pYNb6N3ia
+    C1idc7yjAkEA6Nfc6c8meTRkVRAHCF24LB5GLfsjoMB0tOeEO9w9Ous1a4o+D24b
+    AePMUImAp3woFoNDRfWtlNktOqLel5PjewJBAN9kBoA5o6/Rl9zeqdsIdWFmv4DB
+    5lEqlEnC7HlAP+3oo3jWFO9KQqArQL1V8w2D4aCd0uJULiC9pCP7aTHvBhcCQQDb
+    W0mOp436T6ZaELBfbFNulNLOzLLi5YzNRPLppfG1SRNZjbIrvTIKVL4N/YxLvQbT
+    NrQw+2OdQACBJiEHsdZzAkBcsTk7frTH4yGx0VfHxXDPjfTj4wmD6gZIlcIr9lZg
+    4H8UZcVFN95vEKxJiLRjAmj6g273pu9kK4ymXNEjWWJn
+    -----END RSA PRIVATE KEY-----"""
+
 
 class ProdConfig(_Config):  # pylint: disable=too-few-public-methods
     """Production environment configuration."""

forms-flow-api/src/formsflow_api/config.py

@@ -5,7 +5,7 @@
 from sqlalchemy import event, text
 from sqlalchemy.schema import DropConstraint, MetaData
 
-from formsflow_api import create_app
+from formsflow_api import create_app, setup_jwt_manager
 from formsflow_api.models import db as _db
 from formsflow_api.utils import jwt as _jwt
 
@@ -126,3 +126,22 @@ def restart_savepoint(sess2, trans):  # pylint: disable=unused-variable
         # This instruction rollsback any commit that were executed in the tests.
         txn.rollback()
         conn.close()
+
+
+@pytest.fixture(scope="session", autouse=True)
+def auto(docker_services, app):
+    """Spin up a keycloak instance and initialize jwt."""
+    if app.config.get('USE_DOCKER_MOCK'):
+        docker_services.start('keycloak')
+        docker_services.wait_for_service('keycloak', 8081)
+        setup_jwt_manager(app, _jwt)
+
+
+@pytest.fixture(scope="session")
+def docker_compose_files(pytestconfig):
+    """Get the docker-compose.yml absolute path."""
+    import os
+
+    return [
+        os.path.join(str(pytestconfig.rootdir), "tests/docker", "docker-compose.yml")
+    ]

forms-flow-api/tests/conftest.py

@@ -0,0 +1,30 @@
+version: "3"
+
+services:
+  keycloak:
+    image: quay.io/keycloak/keycloak:14.0.0
+    ports:
+      - "8081:8081"
+    environment:
+      - KEYCLOAK_USER=admin
+      - KEYCLOAK_PASSWORD=admin
+    command: -b 0.0.0.0 -Djboss.http.port=8081 -Dkeycloak.migration.action=import -Dkeycloak.migration.provider=dir -Dkeycloak.migration.dir=/tmp/keycloak/test -Dkeycloak.migration.strategy=OVERWRITE_EXISTING
+    healthcheck:
+      test:
+        [
+          "CMD",
+          "curl",
+          "--fail",
+          "http://localhost:8081/auth/realms/forms-flow-ai || exit 1",
+        ]
+      interval: 30s
+      timeout: 10s
+      retries: 10
+    volumes:
+      - ./realms:/tmp/keycloak/test/
+    networks:
+      - test-network
+
+networks:
+  test-network:
+    driver: 'bridge'