WIP browsertest2

Author: dmihalcik-virtru

.github/workflows/roundtrip/browsertest.json

@@ -0,0 +1,56 @@
+{
+  "clientId": "browsertest",
+  "name": "browsertest",
+  "description": "",
+  "rootUrl": "http://localhost:65432/",
+  "adminUrl": "http://localhost:65432/",
+  "baseUrl": "http://localhost:65432/",
+  "surrogateAuthRequired": false,
+  "enabled": true,
+  "alwaysDisplayInConsole": false,
+  "clientAuthenticatorType": "client-secret",
+  "redirectUris": [
+    "http://localhost:65432/"
+  ],
+  "webOrigins": [
+    "http://localhost:65432/"
+  ],
+  "notBefore": 0,
+  "bearerOnly": false,
+  "consentRequired": false,
+  "standardFlowEnabled": true,
+  "implicitFlowEnabled": false,
+  "directAccessGrantsEnabled": true,
+  "serviceAccountsEnabled": false,
+  "publicClient": true,
+  "frontchannelLogout": true,
+  "protocol": "openid-connect",
+  "attributes": {
+    "oidc.ciba.grant.enabled": "false",
+    "post.logout.redirect.uris": "http://localhost:65432/",
+    "oauth2.device.authorization.grant.enabled": "false",
+    "backchannel.logout.session.required": "true",
+    "backchannel.logout.revoke.offline.tokens": "false"
+  },
+  "authenticationFlowBindingOverrides": {},
+  "fullScopeAllowed": true,
+  "nodeReRegistrationTimeout": -1,
+  "defaultClientScopes": [
+    "web-origins",
+    "acr",
+    "profile",
+    "roles",
+    "email"
+  ],
+  "optionalClientScopes": [
+    "address",
+    "phone",
+    "offline_access",
+    "microprofile-jwt"
+  ],
+  "access": {
+    "view": true,
+    "configure": true,
+    "manage": true
+  }
+}

.github/workflows/roundtrip/demo-idp.sh

@@ -0,0 +1,21 @@
+
+: "${KC_VERSION:=24.0.3}"
+: "${KC_BROWSERTEST_CLIENT_SECRET:=$(uuidgen)}"
+
+curl -o kc.zip "https://github.com/keycloak/keycloak/releases/download/${KC_VERSION}/keycloak-${KC_VERSION}.zip"
+
+unzip kc.zip -d keycloak-${KC_VERSION}
+
+export PATH=$PATH:$(pwd)/keycloak-${KC_VERSION}/bin
+
+kcadm.sh config credentials --server http://localhost:65432/auth --realm master --user admin << EOF
+changeme
+EOF
+
+# &response_type=code&scope=openid+profile+email+offline_access&state=XTM-A9nrcpX1p6rT88jsqg4iw30EmYdUq4Cqd1qEYOA
+
+kcadm.sh create clients -r opentdf -s clientId=browsertest -s enabled=true -s 'redirectUris=["http://localhost:65432/"]' -s consentRequired=false -s standardFlowEnabled=true -s directAccessGrantsEnabled=true -s serviceAccountsEnabled=false -s publicClient=true -s protocol=openid-connect
+kcadm.sh create users -r opentdf -s username=user1 -s enabled=true
+kcadm.sh set-password -r opentdf --username user1 --new-password testuser123
+
+go run ./platform/service start

.github/workflows/roundtrip/docker-compose.yaml

@@ -0,0 +1,63 @@
+services:
+  keycloak:
+    # This is kc 24.0.1 with opentdf protocol mapper on board
+    image: ghcr.io/opentdf/keycloak:sha-8a6d35a
+    restart: always
+    command: ["start-dev", "--log-level=DEBUG"]
+    environment:
+      KC_DB_VENDOR: postgres
+      KC_DB_URL_HOST: keycloakdb
+      KC_DB_URL_PORT: 5432
+      KC_DB_URL_DATABASE: keycloak
+      KC_DB_USERNAME: keycloak
+      KC_DB_PASSWORD: changeme
+      KC_FEATURES: "preview,token-exchange"
+      KC_HEALTH_ENABLED: "true"
+      KC_HOSTNAME_ADMIN_URL: "http://localhost:65432/auth"
+      KC_HOSTNAME_PORT: "65432"
+      KC_HOSTNAME_STRICT: "false"
+      KC_HOSTNAME_STRICT_BACKCHANNEL: "false"
+      KC_HOSTNAME_STRICT_HTTPS: "false"
+      KC_HOSTNAME_URL: "http://localhost:65432/auth"
+      KC_HTTP_ENABLED: "true"
+      KC_HTTP_PORT: "8888"
+      KC_HTTP_RELATIVE_PATH: "/auth"
+      KC_PROXY: "edge"
+      KEYCLOAK_ADMIN: admin
+      KEYCLOAK_ADMIN_PASSWORD: changeme
+    ports:
+      - "8888:8888"
+    healthcheck:
+      test: ['CMD-SHELL', '[ -f /tmp/HealthCheck.java ] || echo "public class HealthCheck { public static void main(String[] args) throws java.lang.Throwable { System.exit(java.net.HttpURLConnection.HTTP_OK == ((java.net.HttpURLConnection)new java.net.URL(args[0]).openConnection()).getResponseCode() ? 0 : 1); } }" > /tmp/HealthCheck.java && java /tmp/HealthCheck.java http://localhost:8888/auth/health/live']
+      interval: 5s
+      timeout: 10s
+      retries: 3
+      start_period: 2m
+  keycloakdb:
+    image: postgres
+    restart: always
+    user: postgres
+    environment:
+      POSTGRES_PASSWORD: changeme
+      POSTGRES_USER: postgres
+      POSTGRES_DB: keycloak
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready"]
+      interval: 5s
+      timeout: 5s
+      retries: 10
+  opentdfdb:
+    image: public.ecr.aws/docker/library/postgres:15-alpine
+    restart: always
+    user: postgres
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: changeme
+      POSTGRES_DB: opentdf
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready"]
+      interval: 5s
+      timeout: 5s
+      retries: 10
+    ports:
+      - "5432:5432"

.gitignore

@@ -109,3 +109,6 @@ dist
 
 # temporary folders
 **/temp/
+
+# For integration testing
+/platform

remote-store/package-lock.json

@@ -7,16 +7,14 @@ ROOT_DIR="$(cd "${APP_DIR}/.." >/dev/null && pwd)"
 
 _run_platform() {
   git clone https://github.com/opentdf/platform.git
+  docker compose -f .github/workflows/roundtrip/docker-compose.yaml up -d --wait --wait-timeout 240
+  
   cd platform
-  # TODO Modify docker-compose.yaml as follows:
-  #    KC_HOSTNAME_PORT: "65432"
-  docker compose up -d --wait --wait-timeout 240
   .github/scripts/init-temp-keys.sh
-
-  # TODO Modify opentdf-example.yaml as follows:
-  #    KC_HOSTNAME_PORT: "65432"
   cp opentdf-example.yaml opentdf.yaml
   go run ./service provision keycloak
+  cd ..
+  
 }
 
 _wait-for() {

scripts/demo-evironment.sh

@@ -31,7 +31,7 @@ function decryptedFileExtension(encryptedFileName: string): string {
 
 const oidcClient = new OidcClient(
   'http://localhost:65432/auth/realms/opentdf',
-  'opentdf',
+  'browsertest',
   'otdf-sample-web-app'
 );