Updating role claims for test scenarios

bcgov · Jan 18, 2024 · ec2bd5f · ec2bd5f
1 parent 8767671
commit ec2bd5f
Show file tree

Hide file tree

Showing 3 changed files with 53 additions and 68 deletions.
diff --git a/met-api/sample.env b/met-api/sample.env
@@ -127,8 +127,6 @@ DATABASE_TEST_PORT=
 # This is generated dynamically during test execution; there's no requirement to instantiate the image separately.
 KEYCLOAK_TEST_BASE_URL="http://localhost:8081"
 
-JWT_OIDC_TEST_ROLE_CLAIM=realm_access.roles # SSO schema
-
 # Docker database settings
 # If unset, uses the same settings as the main database
 DATABASE_DOCKER_USERNAME=

diff --git a/met-api/src/met_api/config.py b/met-api/src/met_api/config.py
@@ -348,7 +348,6 @@ def __init__(self) -> None:
         )
         self.KC['BASE_URL'] = os.getenv('KEYCLOAK_TEST_BASE_URL', self.KC['BASE_URL'])
         self.KC['REALMNAME'] = os.getenv('KEYCLOAK_TEST_REALMNAME', self.KC['REALMNAME'])
-        self.JWT['ROLE_CLAIM'] = os.getenv('JWT_OIDC_TEST_ROLE_CLAIM', 'realm_access.roles')
 
     # Propagate exceptions up to the test runner
     TESTING = env_truthy('TESTING', default=True)

diff --git a/met-api/tests/utilities/factory_scenarios.py b/met-api/tests/utilities/factory_scenarios.py
@@ -271,10 +271,8 @@ class TestJwtClaims(dict, Enum):
         'firstname': fake.first_name(),
         'lastname': fake.last_name(),
         'preferred_username': fake.user_name(),
-        'realm_access': {
-            'roles': [
+        'client_roles': [
             ]
-        }
     }
 
     public_user_role = {
@@ -285,11 +283,9 @@ class TestJwtClaims(dict, Enum):
         'preferred_username': fake.user_name(),
         'email': fake.email(),
         'tenant_id': 1,
-        'realm_access': {
-            'roles': [
-                'public_user'
-            ]
-        }
+        'client_roles': [
+            'public_user'
+        ]
     }
 
     met_admin_role = {
@@ -302,20 +298,18 @@ class TestJwtClaims(dict, Enum):
         'tenant_id': 1,
         'email': '[email protected]',
         'identity_provider': LoginSource.IDIR.value,
-        'realm_access': {
-            'roles': [
-                'staff',
-                'view_engagement',
-                'create_survey',
-                'view_users',
-                'create_admin_user',
-                'edit_members',
-                'toggle_user_status',
-                'export_to_csv',
-                'update_user_group',
-                'create_tenant'
-            ]
-        }
+        'client_roles': [
+            'staff',
+            'view_engagement',
+            'create_survey',
+            'view_users',
+            'create_admin_user',
+            'edit_members',
+            'toggle_user_status',
+            'export_to_csv',
+            'update_user_group',
+            'create_tenant'
+        ]
     }
 
     staff_admin_role = {
@@ -328,34 +322,32 @@ class TestJwtClaims(dict, Enum):
         'tenant_id': 1,
         'email': '[email protected]',
         'identity_provider': LoginSource.IDIR.value,
-        'realm_access': {
-            'roles': [
-                'staff',
-                'view_engagement',
-                'create_engagement',
-                'edit_engagement',
-                'create_survey',
-                'view_users',
-                'view_private_engagements',
-                'create_admin_user',
-                'view_all_surveys',
-                'view_surveys',
-                'edit_all_surveys',
-                'edit_survey',
-                'view_unapproved_comments',
-                'clone_survey',
-                'edit_members',
-                'review_comments',
-                'review_all_comments',
-                'view_all_engagements',
-                'toggle_user_status',
-                'export_all_to_csv',
-                'update_user_group',
-                'export_proponent_comment_sheet',
-                'export_internal_comment_sheet',
-                'export_cac_form_to_sheet'
-            ]
-        }
+        'client_roles': [
+            'staff',
+            'view_engagement',
+            'create_engagement',
+            'edit_engagement',
+            'create_survey',
+            'view_users',
+            'view_private_engagements',
+            'create_admin_user',
+            'view_all_surveys',
+            'view_surveys',
+            'edit_all_surveys',
+            'edit_survey',
+            'view_unapproved_comments',
+            'clone_survey',
+            'edit_members',
+            'review_comments',
+            'review_all_comments',
+            'view_all_engagements',
+            'toggle_user_status',
+            'export_all_to_csv',
+            'update_user_group',
+            'export_proponent_comment_sheet',
+            'export_internal_comment_sheet',
+            'export_cac_form_to_sheet'
+        ]
     }
     team_member_role = {
         'iss': CONFIG.JWT_OIDC_TEST_ISSUER,
@@ -367,15 +359,13 @@ class TestJwtClaims(dict, Enum):
         'email': '[email protected]',
         'identity_provider': LoginSource.IDIR.value,
         'tenant_id': 1,
-        'realm_access': {
-            'roles': [
-                'staff',
-                'view_engagement',
-                'view_users',
-                'clone_survey',
-                'export_proponent_comment_sheet'
-            ]
-        }
+        'client_roles': [
+            'staff',
+            'view_engagement',
+            'view_users',
+            'clone_survey',
+            'export_proponent_comment_sheet'
+        ]
     }
 
     reviewer_role = {
@@ -388,12 +378,10 @@ class TestJwtClaims(dict, Enum):
         'email': '[email protected]',
         'identity_provider': LoginSource.IDIR.value,
         'tenant_id': 1,
-        'realm_access': {
-            'roles': [
-                'staff',
-                'view_users',
-            ]
-        }
+        'client_roles': [
+            'staff',
+            'view_users',
+        ]
     }