generated from coulomb/repo-seed
feat: implement T19, T20 — Scenario B/C replacement tests; complete workplan
Some checks failed
CI / Build and Test (push) Has been cancelled
Some checks failed
CI / Build and Test (push) Has been cancelled
- T19: Scenario B tests — IAM swap correctness (7 tests: profile safety, client mapping, user/group preservation) - T20: Scenario C tests — full expansion correctness (6 tests: LDIF round-trip, target differences, MFA orthogonality) - CI scripts: test-scenario-b.sh, test-scenario-c.sh - README: complete documentation with quick start, endpoints, migration guide - Workplan: all acceptance criteria checked off All 23 tasks done. 15 test packages, all green. go vet clean. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
44
scripts/test-scenario-b.sh
Executable file
44
scripts/test-scenario-b.sh
Executable file
@@ -0,0 +1,44 @@
|
||||
#!/usr/bin/env bash
|
||||
# test-scenario-b.sh — Scenario B: IAM swap (KeyCape → Keycloak, same LLDAP directory)
|
||||
#
|
||||
# This script verifies that after migrating to Keycloak (with the same LLDAP directory),
|
||||
# all profile tests pass without modification.
|
||||
#
|
||||
# Prerequisites: docker, docker compose
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
|
||||
cd "$REPO_ROOT"
|
||||
|
||||
echo "=== Scenario B: IAM Replacement Test ==="
|
||||
|
||||
# Step 1: Export canonical data from LLDAP
|
||||
echo "--- Step 1: Export canonical data ---"
|
||||
./src/bin/lldap-export \
|
||||
--url "${LLDAP_URL:-ldap://localhost:3890}" \
|
||||
--bind-dn "${LLDAP_BIND_DN:-cn=admin,ou=people,dc=netkingdom,dc=local}" \
|
||||
--bind-pw "${LLDAP_BIND_PW:-adminpassword}" \
|
||||
--base-dn "dc=netkingdom,dc=local" \
|
||||
--output /tmp/canonical-export.yaml
|
||||
|
||||
# Step 2: Transform to Keycloak realm
|
||||
echo "--- Step 2: Transform to Keycloak realm ---"
|
||||
./src/bin/keycape-to-keycloak \
|
||||
--input /tmp/canonical-export.yaml \
|
||||
--realm netkingdom \
|
||||
--issuer "${ISSUER:-https://auth.netkingdom.local}" \
|
||||
--output /tmp/keycloak-realm-import.json
|
||||
|
||||
# Step 3: Start Keycloak with the imported realm
|
||||
echo "--- Step 3: Start Keycloak with imported realm ---"
|
||||
docker compose -f docker-compose.scenario-b.yml up -d keycloak
|
||||
echo "Waiting for Keycloak to be ready..."
|
||||
timeout 120 bash -c 'until curl -sf http://localhost:8080/realms/netkingdom/.well-known/openid-configuration > /dev/null; do sleep 3; done'
|
||||
|
||||
# Step 4: Run profile tests against Keycloak
|
||||
echo "--- Step 4: Run profile tests against Keycloak ---"
|
||||
KEYCAPE_TEST_ISSUER="http://localhost:8080/realms/netkingdom" \
|
||||
/home/worsch/go/bin/go test ./src/tests/profile/... -v -count=1
|
||||
|
||||
echo "=== Scenario B PASSED ==="
|
||||
60
scripts/test-scenario-c.sh
Executable file
60
scripts/test-scenario-c.sh
Executable file
@@ -0,0 +1,60 @@
|
||||
#!/usr/bin/env bash
|
||||
# test-scenario-c.sh — Scenario C: Full expansion (LLDAP→OpenLDAP + KeyCape→Keycloak)
|
||||
#
|
||||
# This script verifies the full migration path:
|
||||
# LLDAP → canonical → OpenLDAP (directory migration)
|
||||
# KeyCape → canonical → Keycloak (IAM migration)
|
||||
# privacyIDEA MFA remains stable (no re-enrollment)
|
||||
#
|
||||
# Prerequisites: docker, docker compose
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
|
||||
cd "$REPO_ROOT"
|
||||
|
||||
echo "=== Scenario C: Full Expansion Test ==="
|
||||
|
||||
# Step 1: Export canonical data from LLDAP
|
||||
echo "--- Step 1: Export canonical data ---"
|
||||
./src/bin/lldap-export \
|
||||
--url "${LLDAP_URL:-ldap://localhost:3890}" \
|
||||
--bind-dn "${LLDAP_BIND_DN:-cn=admin,ou=people,dc=netkingdom,dc=local}" \
|
||||
--bind-pw "${LLDAP_BIND_PW:-adminpassword}" \
|
||||
--base-dn "dc=netkingdom,dc=local" \
|
||||
--output /tmp/canonical-export.yaml
|
||||
|
||||
# Step 2a: Generate LDIF for OpenLDAP
|
||||
echo "--- Step 2a: Generate OpenLDAP LDIF ---"
|
||||
./src/bin/lldap-to-ldap \
|
||||
--input /tmp/canonical-export.yaml \
|
||||
--target openldap \
|
||||
--base-dn "dc=netkingdom,dc=local" \
|
||||
--output /tmp/migration.ldif
|
||||
|
||||
# Step 2b: Transform to Keycloak realm
|
||||
echo "--- Step 2b: Transform to Keycloak realm ---"
|
||||
./src/bin/keycape-to-keycloak \
|
||||
--input /tmp/canonical-export.yaml \
|
||||
--realm netkingdom \
|
||||
--issuer "${ISSUER:-https://auth.netkingdom.local}" \
|
||||
--output /tmp/keycloak-realm-import.json
|
||||
|
||||
# Step 3: Start OpenLDAP + Keycloak
|
||||
echo "--- Step 3: Start expanded stack ---"
|
||||
docker compose -f docker-compose.scenario-c.yml up -d openldap keycloak
|
||||
echo "Waiting for OpenLDAP..."
|
||||
timeout 60 bash -c 'until ldapsearch -x -H ldap://localhost:389 -b dc=netkingdom,dc=local > /dev/null 2>&1; do sleep 3; done'
|
||||
echo "Waiting for Keycloak..."
|
||||
timeout 120 bash -c 'until curl -sf http://localhost:8080/realms/netkingdom/.well-known/openid-configuration > /dev/null; do sleep 3; done'
|
||||
|
||||
# Step 4: Import LDIF into OpenLDAP
|
||||
echo "--- Step 4: Import LDIF ---"
|
||||
ldapadd -x -H ldap://localhost:389 -D "cn=admin,dc=netkingdom,dc=local" -w adminpassword -f /tmp/migration.ldif
|
||||
|
||||
# Step 5: Run profile tests against Keycloak + OpenLDAP
|
||||
echo "--- Step 5: Run profile tests ---"
|
||||
KEYCAPE_TEST_ISSUER="http://localhost:8080/realms/netkingdom" \
|
||||
/home/worsch/go/bin/go test ./src/tests/profile/... -v -count=1
|
||||
|
||||
echo "=== Scenario C PASSED ==="
|
||||
Reference in New Issue
Block a user