feat: simplify test (#6)

kingluo · web-flow · commit e350975c6991 · 2022-08-31T10:11:27.000+08:00
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -35,7 +35,9 @@ jobs:
       - name: script
         run: |
           sudo docker run --rm --name keycloak -d -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:18.0.2 start-dev
-          sleep 30
+
+          # wait for keycloak ready
+          bash -c 'while true; do curl -s localhost:8080 &>/dev/null; ret=$?; [[ $ret -eq 0 ]] && break; sleep 3; done'
 
           # configure keycloak for test
           wget https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 -O jq
diff --git a/t/kcadm_configure.sh b/t/kcadm_configure.sh
@@ -12,7 +12,7 @@ kcadm.sh set-password -r test --username test --new-password test
 sp_cert="MIIDgjCCAmqgAwIBAgIUOnf+MXKVU2zfIVaPz5dl0NTwPM4wDQYJKoZIhvcNAQENBQAwUTELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRleGFzMRcwFQYDVQQKDA5sdWEtcmVzdHktc2FtbDEZMBcGA1UEAwwQc2VydmljZS1wcm92aWRlcjAgFw0xOTA1MDgwMTIyMDZaGA8yMTE4MDQxNDAxMjIwNlowUTELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRleGFzMRcwFQYDVQQKDA5sdWEtcmVzdHktc2FtbDEZMBcGA1UEAwwQc2VydmljZS1wcm92aWRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLOj3YA5OGWqwV/GojID2AeuPfj3dTFOWFajXk4mc0vUBE10ovgkUfqdj2wye2Qu1ox1joFgMjaUcK/prXFBLFq+RLiR6lMUyi2PvCZ8tdYRjeYVtshNsZSZNDTJCgnguuKL+dDoSy/bTNX+ZJMnMctN1wf+Ui6Sxlcos+cTO57fOoaim+Thl26/DJHNTQXM+hJiUIuoAQlzHpuS6VBxlypIRH/RuR7+b14IO33V68MkzXI4fNi6INkfy2uEXDMT72az8j/xK+361CQAHkQDN8jbpWlRYHeirh4mygQ8QLhQkGwppmHhrUYD7BubyqXwSBSvQSyAVkfUeAaDab3ucsCAwEAAaNQME4wHQYDVR0OBBYEFPbRiK9OxGCZeNUViinNQ4P5ZOf0MB8GA1UdIwQYMBaAFPbRiK9OxGCZeNUViinNQ4P5ZOf0MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQENBQADggEBAD0MvA3mk+u3CBDFwPtT9tI8HPSaYXS0HZ3EVXe4WcU3PYFpZzK0x6qr+a7mB3tbpHYXl49V7uxcIOD2aHLvKonKRRslyTiw4UvLOhSSByrArUGleI0wyr1BXAJArippiIhqrTDybvPpFC45x45/KtrckeM92NOlttlQyd2yW0qSd9gAnqkDu2kvjLlGh9ZYnT+yHPjUuWcxDL66P3za6gc+GhVOtsOemdYNAErhuxiGVNHrtq2dfSedqcxtCpavMYzyGhqzxr9Lt43fpQeXeS/7JVFoC2y9buyOz9HIbQ6/02HIoenDoP3xfqvAY1emixgbV4iwm3SWzG8pSTxvwuM="
 
 clients=("sp" "sp2")
-rootUrls=("http://127.0.0.1:8088" "http://127.0.0.2:8099")
+rootUrls=("http://127.0.0.1:1984" "http://127.0.0.2:1984")
 
 for i in ${!clients[@]}; do
 	kcadm.sh create clients -r test -s clientId=${clients[$i]} -s enabled=true
diff --git a/t/lib/keycloak.lua b/t/lib/keycloak.lua
@@ -18,6 +18,57 @@ local http = require "resty.http"
 
 local _M = {}
 
+local function split(text, chunk_size)
+    local s = {}
+    for i=1, #text, chunk_size do
+        s[#s+1] = text:sub(i, i + chunk_size - 1)
+    end
+    return s
+end
+
+local function read_cert(str)
+    local t = split(str, 64)
+    table.insert(t, 1, "-----BEGIN CERTIFICATE-----")
+    table.insert(t, "-----END CERTIFICATE-----")
+    return string.format(table.concat(t, "\n"))
+end
+
+local sp_private_key = "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDCzo92AOThlqsF\nfxqIyA9gHrj3493UxTlhWo15OJnNL1ARNdKL4JFH6nY9sMntkLtaMdY6BYDI2lHC\nv6a1xQSxavkS4kepTFMotj7wmfLXWEY3mFbbITbGUmTQ0yQoJ4Lrii/nQ6Esv20z\nV/mSTJzHLTdcH/lIuksZXKLPnEzue3zqGopvk4ZduvwyRzU0FzPoSYlCLqAEJcx6\nbkulQcZcqSER/0bke/m9eCDt91evDJM1yOHzYuiDZH8trhFwzE+9ms/I/8Svt+tQ\nkAB5EAzfI26VpUWB3oq4eJsoEPEC4UJBsKaZh4a1GA+wbm8ql8EgUr0EsgFZH1Hg\nGg2m97nLAgMBAAECggEBAJXT0sjadS7/97c5g8nxvMmbt32ItyOfMLusrqSuILSM\nEBO8hpvoczSRorFd2GCr8Ty0meR0ORHBwCJ9zpV821gtQzX/7UfLmSX1zUC11u1D\nSnYV56+PwxYTZtCpo+RyRyIrXR6MiFjnPfDAWAXqgKY8I5jqSotiJMJz2hC9UPoV\ni56tHYXGCjtUAJrvG8FZM46TNL67nQ3ASWb5IH4cOqkgkKAJ/rZLrrMoL/HYpePr\nn2MxlvT+TgdXebxo3rngu3pLRmLsfyV9eCLoOiP/oNAxTEA35EQQlnVfZOIEit8L\nuvBYJYfYuXlxb96nQnOLqO/PrydwpXK9h1NtDvq3K2ECgYEA/i5ebOejoXORkFGx\nDyYwkTczkh7QE328LSUVIiVGh4K1zFeYtj4mYYTeQMbzhlLAf9tGAZyZmvN52/ja\niFLnI5lObNBooIfAYe3RAzUHGYraY7R1XutdOMjlP9tqjQ55y/xij/tu9qHT4fEz\naQQPJ8D5sFbB5NgjxC8rlQ/WiLECgYEAxDNss4aMNhvL2+RTda72RMt99BS8PWEZ\n/sdzzvu2zIJYFjBlCZ3Yd3vLhA/0MQXogMIcJofu4u2edZQVFSw4aHfnHFQCr45B\n1QdDhZ8zoludEevgnLdSBzNakEJ63C8AQSkjIck4IaEmW+8G7fswpWGuVDBuHQZm\nPBBcgz84CTsCgYBi8VvSWs0IYPtNyW757azEKk/J1nK605v3mtLCKu5se4YXGBYb\nAtBf75+waYGMTRQf8RQsNnBYr+REq3ctz8+nvNqZYvsHWjCaLj/JVs//slxWqX1y\nyH3OR+1tURUF+ZeRvxoC4CYOnWnkLscLXwgjOmw3p13snfI2QQJfEP460QKBgCzD\nLsGmqMaPgOsiJIhs6nK3mnzdXjUCulOOXbWTaBkwg7hMQkD3ajOYYs42dZfZqTn3\nD0UbLj1HySc6KbUy6YusD2Y/JH25DvvzNEyADd+01xkHn68hg+1wofDXugASGRTE\ntec3aT8C7SV8WzBgZrDUoFlE01p740dA1Fp9SeORAoGBAIEa6LBIXuxb13xdOPDQ\nFLaOQvmDCZeEwy2RAIOhG/1KGv+HYoCv0mMb4UXE1d65TOOE9QZLGUXksFfPc/ya\nOP1vdjF/HN3DznxQ421GdPDYVIfp7edxZstNtGMYcR/SBwoIcvwaA5c2woMHbeju\n+rbxDQL4gIT1lqn71w/8uoIJ\n-----END PRIVATE KEY-----"
+
+local sp_cert = "-----BEGIN CERTIFICATE-----\nMIIDgjCCAmqgAwIBAgIUOnf+MXKVU2zfIVaPz5dl0NTwPM4wDQYJKoZIhvcNAQEN\nBQAwUTELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRleGFzMRcwFQYDVQQKDA5sdWEt\ncmVzdHktc2FtbDEZMBcGA1UEAwwQc2VydmljZS1wcm92aWRlcjAgFw0xOTA1MDgw\nMTIyMDZaGA8yMTE4MDQxNDAxMjIwNlowUTELMAkGA1UEBhMCVVMxDjAMBgNVBAgM\nBVRleGFzMRcwFQYDVQQKDA5sdWEtcmVzdHktc2FtbDEZMBcGA1UEAwwQc2Vydmlj\nZS1wcm92aWRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLOj3YA\n5OGWqwV/GojID2AeuPfj3dTFOWFajXk4mc0vUBE10ovgkUfqdj2wye2Qu1ox1joF\ngMjaUcK/prXFBLFq+RLiR6lMUyi2PvCZ8tdYRjeYVtshNsZSZNDTJCgnguuKL+dD\noSy/bTNX+ZJMnMctN1wf+Ui6Sxlcos+cTO57fOoaim+Thl26/DJHNTQXM+hJiUIu\noAQlzHpuS6VBxlypIRH/RuR7+b14IO33V68MkzXI4fNi6INkfy2uEXDMT72az8j/\nxK+361CQAHkQDN8jbpWlRYHeirh4mygQ8QLhQkGwppmHhrUYD7BubyqXwSBSvQSy\nAVkfUeAaDab3ucsCAwEAAaNQME4wHQYDVR0OBBYEFPbRiK9OxGCZeNUViinNQ4P5\nZOf0MB8GA1UdIwQYMBaAFPbRiK9OxGCZeNUViinNQ4P5ZOf0MAwGA1UdEwQFMAMB\nAf8wDQYJKoZIhvcNAQENBQADggEBAD0MvA3mk+u3CBDFwPtT9tI8HPSaYXS0HZ3E\nVXe4WcU3PYFpZzK0x6qr+a7mB3tbpHYXl49V7uxcIOD2aHLvKonKRRslyTiw4UvL\nOhSSByrArUGleI0wyr1BXAJArippiIhqrTDybvPpFC45x45/KtrckeM92NOlttlQ\nyd2yW0qSd9gAnqkDu2kvjLlGh9ZYnT+yHPjUuWcxDL66P3za6gc+GhVOtsOemdYN\nAErhuxiGVNHrtq2dfSedqcxtCpavMYzyGhqzxr9Lt43fpQeXeS/7JVFoC2y9buyO\nz9HIbQ6/02HIoenDoP3xfqvAY1emixgbV4iwm3SWzG8pSTxvwuM=\n-----END CERTIFICATE-----"
+
+local idp_uri = "http://127.0.0.1:8080/realms/test/protocol/saml"
+
+local default_opts = {
+    idp_uri = idp_uri,
+    login_callback_uri = "/acs",
+    logout_uri = "/logout",
+    logout_callback_uri = "/sls",
+    logout_redirect_uri = "/logout_ok",
+    sp_cert = sp_cert,
+    sp_private_key = sp_private_key,
+}
+
+local function get_realm_cert()
+    local http = require "resty.http"
+    local httpc = http.new()
+    local uri = "http://127.0.0.1:8080/realms/test/protocol/saml/descriptor"
+    local res, err = httpc:request_uri(uri, { method = "GET" })
+    if err then
+        ngx.log(ngx.ERR, err)
+        ngx.exit(500)
+    end
+
+    local cert = res.body:match("<ds:X509Certificate>(.-)</ds:X509Certificate>")
+    return read_cert(cert)
+end
+
+function _M.get_default_opts()
+    if default_opts.idp_cert == nil then
+        default_opts.idp_cert = get_realm_cert()
+    end
+    return default_opts
+end
 
 -- Login keycloak and return the login original uri
 function _M.login_keycloak(uri, username, password)
diff --git a/t/lib/read_cert.lua b/t/lib/read_cert.lua
diff --git a/t/saml.t b/t/saml.t
@@ -27,7 +27,7 @@ _EOC_
     $block->set_value("main_config", $main_config);
 
     my $http_config = $block->http_config // <<_EOC_;
-    lua_package_path '$pwd/deps/share/lua/5.1/?.lua;$pwd/lua/?.lua;$pwd/t/lib/?.lua;;';
+    lua_package_path '$pwd/deps/share/lua/5.1/?.lua;$pwd/lua/?.lua;$pwd/t/?.lua;;';
     lua_package_cpath '$pwd/?.so;;';
 
     lua_shared_dict saml_sessions 10m;
@@ -41,24 +41,11 @@ _EOC_
         if err then
             assert(nil, err)
         end
-        local sp_private_key = "-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDCzo92AOThlqsF\\nfxqIyA9gHrj3493UxTlhWo15OJnNL1ARNdKL4JFH6nY9sMntkLtaMdY6BYDI2lHC\\nv6a1xQSxavkS4kepTFMotj7wmfLXWEY3mFbbITbGUmTQ0yQoJ4Lrii/nQ6Esv20z\\nV/mSTJzHLTdcH/lIuksZXKLPnEzue3zqGopvk4ZduvwyRzU0FzPoSYlCLqAEJcx6\\nbkulQcZcqSER/0bke/m9eCDt91evDJM1yOHzYuiDZH8trhFwzE+9ms/I/8Svt+tQ\\nkAB5EAzfI26VpUWB3oq4eJsoEPEC4UJBsKaZh4a1GA+wbm8ql8EgUr0EsgFZH1Hg\\nGg2m97nLAgMBAAECggEBAJXT0sjadS7/97c5g8nxvMmbt32ItyOfMLusrqSuILSM\\nEBO8hpvoczSRorFd2GCr8Ty0meR0ORHBwCJ9zpV821gtQzX/7UfLmSX1zUC11u1D\\nSnYV56+PwxYTZtCpo+RyRyIrXR6MiFjnPfDAWAXqgKY8I5jqSotiJMJz2hC9UPoV\\ni56tHYXGCjtUAJrvG8FZM46TNL67nQ3ASWb5IH4cOqkgkKAJ/rZLrrMoL/HYpePr\\nn2MxlvT+TgdXebxo3rngu3pLRmLsfyV9eCLoOiP/oNAxTEA35EQQlnVfZOIEit8L\\nuvBYJYfYuXlxb96nQnOLqO/PrydwpXK9h1NtDvq3K2ECgYEA/i5ebOejoXORkFGx\\nDyYwkTczkh7QE328LSUVIiVGh4K1zFeYtj4mYYTeQMbzhlLAf9tGAZyZmvN52/ja\\niFLnI5lObNBooIfAYe3RAzUHGYraY7R1XutdOMjlP9tqjQ55y/xij/tu9qHT4fEz\\naQQPJ8D5sFbB5NgjxC8rlQ/WiLECgYEAxDNss4aMNhvL2+RTda72RMt99BS8PWEZ\\n/sdzzvu2zIJYFjBlCZ3Yd3vLhA/0MQXogMIcJofu4u2edZQVFSw4aHfnHFQCr45B\\n1QdDhZ8zoludEevgnLdSBzNakEJ63C8AQSkjIck4IaEmW+8G7fswpWGuVDBuHQZm\\nPBBcgz84CTsCgYBi8VvSWs0IYPtNyW757azEKk/J1nK605v3mtLCKu5se4YXGBYb\\nAtBf75+waYGMTRQf8RQsNnBYr+REq3ctz8+nvNqZYvsHWjCaLj/JVs//slxWqX1y\\nyH3OR+1tURUF+ZeRvxoC4CYOnWnkLscLXwgjOmw3p13snfI2QQJfEP460QKBgCzD\\nLsGmqMaPgOsiJIhs6nK3mnzdXjUCulOOXbWTaBkwg7hMQkD3ajOYYs42dZfZqTn3\\nD0UbLj1HySc6KbUy6YusD2Y/JH25DvvzNEyADd+01xkHn68hg+1wofDXugASGRTE\\ntec3aT8C7SV8WzBgZrDUoFlE01p740dA1Fp9SeORAoGBAIEa6LBIXuxb13xdOPDQ\\nFLaOQvmDCZeEwy2RAIOhG/1KGv+HYoCv0mMb4UXE1d65TOOE9QZLGUXksFfPc/ya\\nOP1vdjF/HN3DznxQ421GdPDYVIfp7edxZstNtGMYcR/SBwoIcvwaA5c2woMHbeju\\n+rbxDQL4gIT1lqn71w/8uoIJ\\n-----END PRIVATE KEY-----"
-        local sp_cert = "-----BEGIN CERTIFICATE-----\\nMIIDgjCCAmqgAwIBAgIUOnf+MXKVU2zfIVaPz5dl0NTwPM4wDQYJKoZIhvcNAQEN\\nBQAwUTELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRleGFzMRcwFQYDVQQKDA5sdWEt\\ncmVzdHktc2FtbDEZMBcGA1UEAwwQc2VydmljZS1wcm92aWRlcjAgFw0xOTA1MDgw\\nMTIyMDZaGA8yMTE4MDQxNDAxMjIwNlowUTELMAkGA1UEBhMCVVMxDjAMBgNVBAgM\\nBVRleGFzMRcwFQYDVQQKDA5sdWEtcmVzdHktc2FtbDEZMBcGA1UEAwwQc2Vydmlj\\nZS1wcm92aWRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLOj3YA\\n5OGWqwV/GojID2AeuPfj3dTFOWFajXk4mc0vUBE10ovgkUfqdj2wye2Qu1ox1joF\\ngMjaUcK/prXFBLFq+RLiR6lMUyi2PvCZ8tdYRjeYVtshNsZSZNDTJCgnguuKL+dD\\noSy/bTNX+ZJMnMctN1wf+Ui6Sxlcos+cTO57fOoaim+Thl26/DJHNTQXM+hJiUIu\\noAQlzHpuS6VBxlypIRH/RuR7+b14IO33V68MkzXI4fNi6INkfy2uEXDMT72az8j/\\nxK+361CQAHkQDN8jbpWlRYHeirh4mygQ8QLhQkGwppmHhrUYD7BubyqXwSBSvQSy\\nAVkfUeAaDab3ucsCAwEAAaNQME4wHQYDVR0OBBYEFPbRiK9OxGCZeNUViinNQ4P5\\nZOf0MB8GA1UdIwQYMBaAFPbRiK9OxGCZeNUViinNQ4P5ZOf0MAwGA1UdEwQFMAMB\\nAf8wDQYJKoZIhvcNAQENBQADggEBAD0MvA3mk+u3CBDFwPtT9tI8HPSaYXS0HZ3E\\nVXe4WcU3PYFpZzK0x6qr+a7mB3tbpHYXl49V7uxcIOD2aHLvKonKRRslyTiw4UvL\\nOhSSByrArUGleI0wyr1BXAJArippiIhqrTDybvPpFC45x45/KtrckeM92NOlttlQ\\nyd2yW0qSd9gAnqkDu2kvjLlGh9ZYnT+yHPjUuWcxDL66P3za6gc+GhVOtsOemdYN\\nAErhuxiGVNHrtq2dfSedqcxtCpavMYzyGhqzxr9Lt43fpQeXeS/7JVFoC2y9buyO\\nz9HIbQ6/02HIoenDoP3xfqvAY1emixgbV4iwm3SWzG8pSTxvwuM=\\n-----END CERTIFICATE-----"
-        local idp_uri = "http://127.0.0.1:8080/realms/test/protocol/saml"
-        default_opts = {
-            idp_uri = idp_uri,
-            login_callback_uri = "/acs",
-            logout_uri = "/logout",
-            logout_callback_uri = "/sls",
-            logout_redirect_uri = "/logout_ok",
-            sp_cert = sp_cert,
-            sp_private_key = sp_private_key,
-        }
         samls = {}
     }
 
     server {
-        listen 127.0.0.1:8088;
-        listen 127.0.0.2:8099;
+        listen 1984;
 
         location / {
             access_by_lua_block {
@@ -67,31 +54,20 @@ _EOC_
                 if host == "127.0.0.2" then
                     sp_issuer = "sp2"
                 end
+
                 if samls[sp_issuer] == nil then
-                    if idp_cert == nil then
-                        local http = require "resty.http"
-                        local httpc = http.new()
-                        local uri = "http://127.0.0.1:8080/realms/test/protocol/saml/descriptor"
-                        local res, err = httpc:request_uri(uri, { method = "GET" })
-                        if err then
-                            ngx.log(ngx.ERR, err)
-                            ngx.exit(500)
-                        end
-
-                        local read_cert = require "read_cert"
-                        local cert = res.body:match("<ds:X509Certificate>(.-)</ds:X509Certificate>")
-                        idp_cert = read_cert.read_cert(cert)
-                    end
-
-                    local opts = setmetatable({sp_issuer = sp_issuer, idp_cert = idp_cert}, {__index = default_opts})
+                    local kc = require("lib.keycloak")
+                    local opts = setmetatable({sp_issuer = sp_issuer}, {__index = kc.get_default_opts()})
                     ngx.log(ngx.INFO, "create sp_issuer=", sp_issuer)
                     local saml = require("resty.saml").new(opts)
                     samls[sp_issuer] = saml
                 end
+
                 local saml = samls[sp_issuer]
                 local data = saml:authenticate()
                 ngx.ctx.data = data
             }
+
             content_by_lua_block {
                 local data = ngx.ctx.data
                 if data and data.name_id then
@@ -124,9 +100,9 @@ __DATA__
         content_by_lua_block {
             local http = require "resty.http"
             local httpc = http.new()
-            local kc = require "keycloak"
+            local kc = require "lib.keycloak"
 
-            local uri = "http://127.0.0.1:8088"
+            local uri = "http://127.0.0.1:" .. ngx.var.server_port
             local username = "test"
             local password = "test"
 
@@ -166,10 +142,10 @@ __DATA__
         content_by_lua_block {
             local http = require "resty.http"
             local httpc = http.new()
-            local kc = require "keycloak"
+            local kc = require "lib.keycloak"
 
             -- login to sp1
-            local uri = "http://127.0.0.1:8088"
+            local uri = "http://127.0.0.1:" .. ngx.var.server_port
             local username = "test"
             local password = "test"
 
@@ -188,7 +164,7 @@ __DATA__
             assert(res.body == username)
 
             -- login to sp2
-            local uri2 = "http://127.0.0.2:8099"
+            local uri2 = "http://127.0.0.2:" .. ngx.var.server_port
 
             local res, err, saml_cookie2 = kc.login_keycloak_for_second_sp(uri2, keycloak_cookie)
             if err or res.headers['Location'] ~= "/" then
