Merge pkce test into oidc test file

Author: javorszky

tests/suite/test_oidc.py

@@ -14,6 +14,7 @@
     create_secret_from_yaml,
     delete_common_app,
     delete_secret,
+    delete_service,
     replace_configmap_from_yaml,
     wait_before_test,
     wait_until_all_pods_are_ready,
@@ -30,6 +31,7 @@
 keycloak_vs_src = f"{TEST_DATA}/oidc/virtual-server-idp.yaml"
 oidc_secret_src = f"{TEST_DATA}/oidc/client-secret.yaml"
 oidc_pol_src = f"{TEST_DATA}/oidc/oidc.yaml"
+pkce_pol_src = f"{TEST_DATA}/oidc/pkce.yaml"
 oidc_vs_src = f"{TEST_DATA}/oidc/virtual-server.yaml"
 orig_vs_src = f"{TEST_DATA}/virtual-server-tls/standard/virtual-server.yaml"
 cm_src = f"{TEST_DATA}/oidc/nginx-config.yaml"
@@ -81,6 +83,23 @@ def keycloak_setup(request, kube_apis, test_namespace, ingress_controller_endpoi
     }
     response = requests.post(create_user_url, headers=headers, json=user_payload, verify=False)
 
+    # Create client "nginx-plus-pkce" for the pkce test
+    create_pkce_client_url = f"https://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.port_ssl}/admin/realms/master/clients"
+    pkce_client_payload = {
+        "clientId": "nginx-plus-pkce",
+        "redirectUris": ["https://virtual-server-tls.example.com:443/_codexch"],
+        "standardFlowEnabled": True,
+        "directAccessGrantsEnabled": False,
+        "publicClient": True,
+        "attributes": {
+            "post.logout.redirect.uris": "https://virtual-server-tls.example.com:443/*",
+            "pkce.code.challenge.method": "S256",
+        },
+        "protocol": "openid-connect",
+    }
+    pkce_client_resp = requests.post(create_pkce_client_url, headers=headers, json=pkce_client_payload, verify=False)
+    pkce_client_resp.raise_for_status()
+
     # Create client "nginx-plus" and get secret
     create_client_url = f"https://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.port_ssl}/realms/master/clients-registrations/default"
     client_payload = {
@@ -128,6 +147,7 @@ def fin():
 )
 class TestOIDC:
     @pytest.mark.parametrize("configmap", [cm_src, cm_zs_src])
+    @pytest.mark.parametrize("oidcYaml", [oidc_pol_src, pkce_pol_src])
     def test_oidc(
         self,
         request,
@@ -139,6 +159,7 @@ def test_oidc(
         virtual_server_setup,
         keycloak_setup,
         configmap,
+        oidcYaml,
     ):
         print(f"Create oidc secret")
         with open(oidc_secret_src) as f:
@@ -147,7 +168,7 @@ def test_oidc(
         secret_name = create_secret(kube_apis.v1, test_namespace, secret_data)
 
         print(f"Create oidc policy")
-        with open(oidc_pol_src) as f:
+        with open(oidcYaml) as f:
             doc = yaml.safe_load(f)
         pol = doc["metadata"]["name"]
         doc["spec"]["oidc"]["tokenEndpoint"] = doc["spec"]["oidc"]["tokenEndpoint"].replace("default", test_namespace)
@@ -188,6 +209,11 @@ def test_oidc(
         patch_virtual_server_from_yaml(
             kube_apis.custom_objects, virtual_server_setup.vs_name, orig_vs_src, test_namespace
         )
+        if configmap == cm_src:
+            with open(svc_src) as f:
+                headless_svc = yaml.safe_load(f)
+            headless_name = headless_svc["metadata"]["name"]
+            delete_service(kube_apis.v1, headless_name, ingress_controller_prerequisites.namespace)
 
 
 def run_oidc(browser_type, ip_address, port):
@@ -199,11 +225,6 @@ def run_oidc(browser_type, ip_address, port):
         page = context.new_page()
 
         page.goto("https://virtual-server-tls.example.com")
-
-        print("\n\n\n")
-        print(page.content())
-        print("\n\n\n")
-
         page.wait_for_selector('input[name="username"]')
         page.fill('input[name="username"]', username)
         page.wait_for_selector('input[name="password"]', timeout=5000)