From ce9069f304d57e12462ee4e838f7e02383f44d60 Mon Sep 17 00:00:00 2001 From: Stephan Eicher Date: Fri, 14 Jun 2024 19:09:20 +0200 Subject: [PATCH] Add unit tests for webauthn properties --- spec/unit/puppet/type/keycloak_realm_spec.rb | 67 ++++++++++++++++++-- 1 file changed, 62 insertions(+), 5 deletions(-) diff --git a/spec/unit/puppet/type/keycloak_realm_spec.rb b/spec/unit/puppet/type/keycloak_realm_spec.rb index e6919d46..a25b0435 100644 --- a/spec/unit/puppet/type/keycloak_realm_spec.rb +++ b/spec/unit/puppet/type/keycloak_realm_spec.rb @@ -62,11 +62,63 @@ max_failure_wait_seconds: 900, minimum_quick_login_wait_seconds: 60, wait_increment_seconds: 60, - quick_login_check_milli_seconds: 1000, - max_delta_time_seconds: 43200, + quick_login_check_milli_seconds: 1_000, + max_delta_time_seconds: 43_200, failure_factor: 30, + web_authn_policy_rp_entity_name: 'keycloak', + web_authn_policy_signature_algorithms: ['ES256'], + web_authn_policy_rp_id: '', + web_authn_policy_attestation_conveyance_preference: 'not specified', + web_authn_policy_authenticator_attachment: 'not specified', + web_authn_policy_require_resident_key: 'not specified', + web_authn_policy_user_verification_requirement: 'not specified', + web_authn_policy_create_timeout: 0, + web_authn_policy_avoid_same_authenticator_register: :false, + web_authn_policy_acceptable_aaguids: [], } + # Test enumerable properties + describe 'enumerable properties' do + { + web_authn_policy_attestation_conveyance_preference: %w[none indirect direct], + web_authn_policy_authenticator_attachment: %w[platform cross-platform], + web_authn_policy_require_resident_key: %w[Yes No], + web_authn_policy_user_verification_requirement: %w[required preferred discouraged] + }.each do |p, values| + values.each do |v| + it "accepts #{v} for #{p}" do + config[p] = v + expect(resource[p]).to eq(v) + end + end + + it "does not accept foo for #{p}" do + config[p] = 'foo' + expect { + resource + }.to raise_error(%r{foo}) + end + + it "does not accept empty for #{p}" do + config[p] = '' + expect { + resource + }.to raise_error(%r{''}) + end + + it "does not accept nil for #{p}" do + config[p] = nil + expect { + resource + }.to raise_error(%r{nil}) + end + + it "has default for #{p}" do + expect(resource[p]).to eq(defaults[p]) + end + end + end + describe 'basic properties' do # Test basic properties [ @@ -92,7 +144,9 @@ :smtp_server_from_display_name, :smtp_server_reply_to, :smtp_server_reply_to_display_name, - :default_locale + :default_locale, + :web_authn_policy_rp_entity_name, + :web_authn_policy_rp_id ].each do |p| it "accepts a #{p}" do config[p] = 'foo' @@ -130,6 +184,7 @@ :quick_login_check_milli_seconds, :max_delta_time_seconds, :failure_factor, + :web_authn_policy_create_timeout ].each do |p| it "accepts a #{p}" do config[p] = 100 @@ -165,7 +220,7 @@ :smtp_server_ssl, :brute_force_protected, :offline_session_max_lifespan_enabled, - :permanent_lockout, + :permanent_lockout ].each do |p| it "accepts true for #{p}" do config[p] = true @@ -209,7 +264,9 @@ :optional_client_scopes, :events_listeners, :supported_locales, - :roles + :roles, + :web_authn_policy_create_timeout, + :web_authn_policy_acceptable_aaguids ].each do |p| it "accepts array for #{p}" do config[p] = ['foo', 'bar']