diff --git a/templates/keycloak_users.yaml b/templates/keycloak_users.yaml
index 7b7efa65544df1fae5daa29c90d995e081a29cab..ef3e234c519d467fce3701128f85bec8c400449f 100644
--- a/templates/keycloak_users.yaml
+++ b/templates/keycloak_users.yaml
@@ -26,67 +26,6 @@ spec:
clientRoles:
realm-management:
- "view-users"
-{{- if eq ( include "app.ssoLevel" . ) "dev" }}
----
-apiVersion: keycloak.org/v1alpha1
-kind: KeycloakUser
-metadata:
- name: {{ include "app.ssoRealm" . }}-beate
- namespace: keycloak
- labels:
- {{- include "app.defaultLabels" . | indent 4 }}
- realm: {{ include "app.ssoRealm" . }}
-spec:
- realmSelector:
- matchLabels:
- realm: {{ include "app.ssoRealm" . }}
- user:
- username: "beate"
- firstName: "Beate"
- lastName: "Burger"
- enabled: True
- emailVerified: True
- credentials:
- - type: "password"
- value: "Beatebeast"
- realmRoles:
- - "offline_access"
- - "uma_authorization"
- clientRoles:
- {{ include "app.keycloakClientId" . }}:
- - "VERWALTUNG_USER"
-{{- end -}}
-{{- if and ( eq (include "app.ssoLevel" . ) "dev" ) (.Values.sso).role_einheitlicher_ansprechpartner }}
----
-apiVersion: keycloak.org/v1alpha1
-kind: KeycloakUser
-metadata:
- name: {{ include "app.ssoRealm" . }}-emil
- namespace: keycloak
- labels:
- {{- include "app.defaultLabels" . | indent 4 }}
- realm: {{ include "app.ssoRealm" . }}
-spec:
- realmSelector:
- matchLabels:
- realm: {{ include "app.ssoRealm" . }}
- user:
- username: "emil"
- firstName: "Emil"
- lastName: "Ansprechpartner"
- enabled: True
- emailVerified: True
- credentials:
- - type: "password"
- value: "Ansprechpartner"
- realmRoles:
- - "offline_access"
- - "uma_authorization"
- - "EINHEITLICHER_ANSPRECHPARTNER"
- clientRoles:
- {{ include "app.keycloakClientId" . }}:
- - "EINHEITLICHER_ANSPRECHPARTNER"
-{{- end -}}
{{- if eq (include "app.ssoLevel" . ) "stage" }}
---
apiVersion: keycloak.org/v1alpha1
diff --git a/unit-tests/keycloak_users_dev_test.yaml b/unit-tests/keycloak_users_dev_test.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..1267cbc174318224fd5aec6e55b681943d3298ba
--- /dev/null
+++ b/unit-tests/keycloak_users_dev_test.yaml
@@ -0,0 +1,58 @@
+suite: test deployment
+release:
+ name: goofy
+ namespace: sh-kiel-dev
+templates:
+ - templates/keycloak_users.yaml
+tests:
+ - it: goofyapiuser must exist in dev stage
+ asserts:
+ - containsDocument:
+ kind: KeycloakUser
+ apiVersion: keycloak.org/v1alpha1
+ name: sh-kiel-dev-api-user
+ namespace: keycloak
+ - it: Adelheit dev user shall not exist
+ documentIndex: -1
+ asserts:
+ - notEqual:
+ path: metadata.name
+ value: sh-kiel-dev-adelheit
+ - it: Dorothea dev user shall not exist
+ documentIndex: -1
+ asserts:
+ - notEqual:
+ path: metadata.name
+ value: sh-kiel-dev-dorothea
+ - it: Emil dev user shall not exist
+ documentIndex: -1
+ asserts:
+ - notEqual:
+ path: metadata.name
+ value: sh-kiel-dev-emil
+ - it: Richard dev user shall not exist
+ documentIndex: -1
+ asserts:
+ - notEqual:
+ path: metadata.name
+ value: sh-kiel-dev-richard
+ - it: Sabine dev user shall not exist
+ documentIndex: -1
+ asserts:
+ - notEqual:
+ path: metadata.name
+ value: sh-kiel-dev-sabine
+ - it: Zonk dev user shall not exist
+ documentIndex: -1
+ asserts:
+ - notEqual:
+ path: metadata.name
+ value: sh-kiel-dev-zonk
+ namespace: keycloak
+ - it: Beate dev user shall not exist
+ documentIndex: -1
+ asserts:
+ - notEqual:
+ path: metadata.name
+ value: sh-kiel-dev-beate
+ namespace: keycloak
diff --git a/unit-tests/keycloak_users_goofyapiuser_test.yaml b/unit-tests/keycloak_users_goofyapiuser_test.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..2948e0dfa62c5fd2ce5eace9526faef6bba81583
--- /dev/null
+++ b/unit-tests/keycloak_users_goofyapiuser_test.yaml
@@ -0,0 +1,27 @@
+suite: test deployment
+release:
+ name: goofy
+ namespace: sh-kiel-prod
+templates:
+ - templates/keycloak_users.yaml
+tests:
+ - it: goofyapiuser must exist in prod stage
+ set:
+ namespace: sh-kiel-prod
+ asserts:
+ - containsDocument:
+ kind: KeycloakUser
+ apiVersion: keycloak.org/v1alpha1
+ name: sh-kiel-prod-api-user
+ namespace: keycloak
+ - it: goofyApiUser must have view-users client role
+ set:
+ namespace: sh-kiel-stage
+ documentIndex: 0
+ asserts:
+ - equal:
+ path: spec.user.username
+ value: goofyApiUser
+ - contains:
+ path: spec.user.clientRoles.realm-management
+ content: view-users
diff --git a/unit-tests/keycloak_stage_users_test.yaml b/unit-tests/keycloak_users_stage_test.yaml
similarity index 85%
rename from unit-tests/keycloak_stage_users_test.yaml
rename to unit-tests/keycloak_users_stage_test.yaml
index 15fe4dc327d8d433a9114daf94a2f2725902f8b3..d4667e1c6344183530f583d203c973c0041bb3a4 100644
--- a/unit-tests/keycloak_stage_users_test.yaml
+++ b/unit-tests/keycloak_users_stage_test.yaml
@@ -5,6 +5,13 @@ release:
templates:
- templates/keycloak_users.yaml
tests:
+ - it: goofyapiuser must exist in staging stage
+ asserts:
+ - containsDocument:
+ kind: KeycloakUser
+ apiVersion: keycloak.org/v1alpha1
+ name: sh-kiel-stage-api-user
+ namespace: keycloak
- it: renaming of users means recreation by operator and is permitted
asserts:
- containsDocument:
diff --git a/unit-tests/keycloak_users_test.yaml b/unit-tests/keycloak_users_test.yaml
deleted file mode 100644
index cff7e546c1490b12bf0ef0b59e1615afa9e67b15..0000000000000000000000000000000000000000
--- a/unit-tests/keycloak_users_test.yaml
+++ /dev/null
@@ -1,65 +0,0 @@
-suite: test deployment
-release:
- name: goofy
- namespace: sh-kiel-dev
-templates:
- - templates/keycloak_users.yaml
-tests:
- - it: renaming of users means recreation by operator and is permitted
- asserts:
- - containsDocument:
- kind: KeycloakUser
- apiVersion: keycloak.org/v1alpha1
- name: sh-kiel-dev-api-user
- namespace: keycloak
- - containsDocument:
- kind: KeycloakUser
- apiVersion: keycloak.org/v1alpha1
- name: sh-kiel-dev-beate
- namespace: keycloak
- - it: goofyApiUser must have view-users client role
- set:
- namesapce: sh-kiel-stage
- documentIndex: 0
- asserts:
- - equal:
- path: spec.user.username
- value: goofyApiUser
- - contains:
- path: spec.user.clientRoles.realm-management
- content:
- view-users
- - it: test user attributes for beate
- documentIndex: 1
- asserts:
- - equal:
- path: spec.user.username
- value: beate
- - equal:
- path: spec.user.firstName
- value: Beate
- - equal:
- path: spec.user.lastName
- value: Burger
- - contains:
- path: spec.user.clientRoles.sh-kiel-dev-goofy
- content:
- VERWALTUNG_USER
- - it: test user attributes for emil
- set:
- sso.role_einheitlicher_ansprechpartner: true
- documentIndex: 2
- asserts:
- - equal:
- path: spec.user.username
- value: emil
- - equal:
- path: spec.user.firstName
- value: Emil
- - equal:
- path: spec.user.lastName
- value: Ansprechpartner
- - contains:
- path: spec.user.clientRoles.sh-kiel-dev-goofy
- content:
- EINHEITLICHER_ANSPRECHPARTNER
diff --git a/unit-tests/keycloak_users_test_test.yaml b/unit-tests/keycloak_users_test_test.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..55199d51e64e78826e82e7d1983d68c31e68a530
--- /dev/null
+++ b/unit-tests/keycloak_users_test_test.yaml
@@ -0,0 +1,58 @@
+suite: test deployment
+release:
+ name: goofy
+ namespace: sh-kiel-test
+templates:
+ - templates/keycloak_users.yaml
+tests:
+ - it: goofyapiuser must exist in test stage
+ asserts:
+ - containsDocument:
+ kind: KeycloakUser
+ apiVersion: keycloak.org/v1alpha1
+ name: sh-kiel-test-api-user
+ namespace: keycloak
+ - it: Adelheit test user shall not exist
+ documentIndex: -1
+ asserts:
+ - notEqual:
+ path: metadata.name
+ value: sh-kiel-test-adelheit
+ - it: Dorothea test user shall not exist
+ documentIndex: -1
+ asserts:
+ - notEqual:
+ path: metadata.name
+ value: sh-kiel-test-dorothea
+ - it: Emil test user shall not exist
+ documentIndex: -1
+ asserts:
+ - notEqual:
+ path: metadata.name
+ value: sh-kiel-test-emil
+ - it: Richard test user shall not exist
+ documentIndex: -1
+ asserts:
+ - notEqual:
+ path: metadata.name
+ value: sh-kiel-test-richard
+ - it: Sabine test user shall not exist
+ documentIndex: -1
+ asserts:
+ - notEqual:
+ path: metadata.name
+ value: sh-kiel-test-sabine
+ - it: Zonk test user shall not exist
+ documentIndex: -1
+ asserts:
+ - notEqual:
+ path: metadata.name
+ value: sh-kiel-test-zonk
+ namespace: keycloak
+ - it: Beate test user shall not exist
+ documentIndex: -1
+ asserts:
+ - notEqual:
+ path: metadata.name
+ value: sh-kiel-test-beate
+ namespace: keycloak