Mock AAI for manual testing

neicnordic · Jan 7, 2025 · 335e4fd · 335e4fd
1 parent 2747e97
commit 335e4fd
Show file tree

Hide file tree

Showing 6 changed files with 332 additions and 0 deletions.
diff --git a/.github/integration/sda-s3-integration.yml b/.github/integration/sda-s3-integration.yml
@@ -347,6 +347,61 @@ services:
       - ./sda/config.yaml:/config.yaml
       - shared:/shared
 
+  auth-aai:
+    command: [ sda-auth ]
+    container_name: auth-aai
+    depends_on:
+      credentials:
+        condition: service_completed_successfully
+      mock-aai:
+        condition: service_started
+    environment:
+      - AUTH_RESIGNJWT=false
+      - OIDC_ID=XC56EL11xx
+      - OIDC_JWKPATH=jwk
+      - OIDC_PROVIDER=http://localhost:8800/oidc/
+      - OIDC_REDIRECTURL=http://localhost:8801/oidc/login
+      - OIDC_SECRET=wHPVQaYXmdDHg
+    extra_hosts:
+      - "localhost:host-gateway"
+    image: ghcr.io/neicnordic/sensitive-data-archive:PR${PR_NUMBER}
+    ports:
+      - "8801:8080"
+    restart: always
+    volumes:
+      - ./sda/config.yaml:/config.yaml
+      - shared:/shared
+  mock-aai:
+    container_name: ls-aai-mock
+    depends_on:
+      aai-db:
+        condition: service_healthy
+    environment:
+      - DOCKERHOST=localhost
+    extra_hosts:
+      - "localhost:host-gateway"
+    image: registry.gitlab.ics.muni.cz:443/perun/deployment/proxyidp/proxyidp-public-docker-images/ls_aai_mock:2.5.2-broker2.1.10-tomcat9.0-jdk11
+    ports:
+      - "8800:8080"
+    volumes:
+      - "./sda/aai-mock:/etc/lsaai-mock"
+  aai-db:
+    container_name: ls-aai-db
+    environment:
+      MYSQL_ROOT_PASSWORD: 'aaiPass'
+      MYSQL_ROOT_HOST: '%'
+      MYSQL_DATABASE: 'aai'
+      MYSQL_USER: 'aai'
+      MYSQL_PASSWORD: 'aaiPass'
+    healthcheck:
+      test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost"]
+      interval: 10s
+      timeout: 2s
+      retries: 6
+    image: mysql/mysql-server:latest
+    volumes:
+      - ./sda/aai-mock/aai-mock.sql:/docker-entrypoint-initdb.d/1.sql
+
   integration_test:
     container_name: tester
     command:

diff --git a/.github/integration/sda/aai-mock/aai-mock.sql b/.github/integration/sda/aai-mock/aai-mock.sql
@@ -0,0 +1,206 @@
+CREATE TABLE IF NOT EXISTS access_token (
+    id BIGINT AUTO_INCREMENT PRIMARY KEY,
+    token_value VARCHAR(4096),
+    expiration TIMESTAMP NULL,
+    token_type VARCHAR(256),
+    refresh_token_id BIGINT,
+    client_id VARCHAR(256) NOT NULL,
+    auth_holder_id BIGINT,
+    approved_site_id BIGINT
+);
+
+CREATE TABLE IF NOT EXISTS authorization_code (
+    id BIGINT AUTO_INCREMENT PRIMARY KEY,
+    code VARCHAR(256),
+    auth_holder_id BIGINT,
+    expiration TIMESTAMP NULL
+);
+
+CREATE TABLE IF NOT EXISTS approved_site (
+    id BIGINT AUTO_INCREMENT PRIMARY KEY,
+    user_id VARCHAR(256),
+    client_id VARCHAR(256),
+    creation_date TIMESTAMP NULL,
+    access_date TIMESTAMP NULL,
+    timeout_date TIMESTAMP NULL,
+    whitelisted_site_id BIGINT
+);
+
+CREATE TABLE IF NOT EXISTS approved_site_scope (
+    owner_id BIGINT,
+    scope VARCHAR(256)
+);
+
+CREATE TABLE IF NOT EXISTS authentication_holder (
+    id BIGINT AUTO_INCREMENT PRIMARY KEY,
+    user_auth_id BIGINT,
+    approved BOOLEAN,
+    redirect_uri VARCHAR(2048),
+    client_id VARCHAR(256)
+);
+
+CREATE TABLE IF NOT EXISTS authentication_holder_authority (
+    owner_id BIGINT,
+    authority VARCHAR(256)
+);
+
+CREATE TABLE IF NOT EXISTS authentication_holder_resource_id (
+    owner_id BIGINT,
+    resource_id VARCHAR(2048)
+);
+
+CREATE TABLE IF NOT EXISTS authentication_holder_response_type (
+    owner_id BIGINT,
+    response_type VARCHAR(2048)
+);
+
+CREATE TABLE IF NOT EXISTS authentication_holder_extension (
+    owner_id BIGINT,
+    extension VARCHAR(2048),
+    val VARCHAR(2048)
+);
+
+CREATE TABLE IF NOT EXISTS authentication_holder_scope (
+    owner_id BIGINT,
+    scope VARCHAR(2048)
+);
+
+CREATE TABLE IF NOT EXISTS authentication_holder_request_parameter (
+    owner_id BIGINT,
+    param VARCHAR(2048),
+    val TEXT
+);
+
+CREATE TABLE IF NOT EXISTS saved_user_auth (
+    id BIGINT AUTO_INCREMENT PRIMARY KEY,
+    acr VARCHAR(1024),
+    auth_time BIGINT DEFAULT NULL,
+    name VARCHAR(1024),
+    authenticated BOOLEAN,
+    authentication_attributes TEXT
+);
+
+CREATE TABLE IF NOT EXISTS saved_user_auth_authority (
+    owner_id BIGINT,
+    authority VARCHAR(256)
+);
+
+CREATE TABLE IF NOT EXISTS refresh_token (
+    id BIGINT AUTO_INCREMENT PRIMARY KEY,
+    token_value VARCHAR(4096),
+    expiration TIMESTAMP NULL,
+    auth_holder_id BIGINT,
+    client_id VARCHAR(256) NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS token_scope (
+    owner_id BIGINT,
+    scope VARCHAR(2048)
+);
+
+CREATE TABLE IF NOT EXISTS device_code (
+    id BIGINT AUTO_INCREMENT PRIMARY KEY,
+    device_code VARCHAR(1024),
+    user_code VARCHAR(1024),
+    expiration TIMESTAMP NULL,
+    client_id VARCHAR(256),
+    approved BOOLEAN,
+    auth_holder_id BIGINT,
+    recorded_error TEXT DEFAULT NULL
+);
+
+CREATE TABLE IF NOT EXISTS device_code_scope (
+    owner_id BIGINT NOT NULL,
+    scope VARCHAR(256) NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS device_code_request_parameter (
+    owner_id BIGINT,
+    param VARCHAR(2048),
+    val VARCHAR(2048)
+);
+
+alter table access_token
+    add constraint access_token_authentication_holder_id_fk
+        foreign key (auth_holder_id) references authentication_holder (id)
+            on update cascade on delete set null;
+
+alter table access_token
+    add constraint access_token_refresh_token_id_fk
+        foreign key (refresh_token_id) references refresh_token (id)
+            on update cascade on delete set null;
+
+alter table approved_site_scope
+    add constraint approved_site_scope_approved_site_id_fk
+        foreign key (owner_id) references approved_site (id)
+            on update cascade on delete cascade;
+
+alter table authentication_holder_authority
+    add constraint authentication_holder_authority_authentication_holder_id_fk
+        foreign key (owner_id) references authentication_holder (id)
+            on update cascade on delete cascade;
+
+alter table authentication_holder_extension
+    add constraint authentication_holder_extension_authentication_holder_id_fk
+        foreign key (owner_id) references authentication_holder (id)
+            on update cascade on delete cascade;
+
+alter table authentication_holder_request_parameter
+    add constraint auth_holder_request_parameter_authentication_holder_id_fk
+        foreign key (owner_id) references authentication_holder (id)
+            on update cascade on delete cascade;
+
+alter table authentication_holder_resource_id
+    add constraint authentication_holder_resource_id_authentication_holder_id_fk
+        foreign key (owner_id) references authentication_holder (id)
+            on update cascade on delete cascade;
+
+alter table authentication_holder_response_type
+    add constraint authentication_holder_response_type_authentication_holder_id_fk
+        foreign key (owner_id) references authentication_holder (id)
+            on update cascade on delete cascade;
+
+alter table authentication_holder
+    add constraint authentication_holder_saved_user_auth_id_fk
+        foreign key (user_auth_id) references saved_user_auth (id)
+            on update cascade on delete cascade;
+
+alter table authentication_holder_scope
+    add constraint authentication_holder_scope_authentication_holder_id_fk
+        foreign key (owner_id) references authentication_holder (id)
+            on update cascade on delete cascade;
+
+alter table authorization_code
+    add constraint authorization_code_authentication_holder_id_fk
+        foreign key (auth_holder_id) references authentication_holder (id)
+            on update cascade on delete cascade;
+
+alter table device_code
+    add constraint device_code_authentication_holder_id_fk
+        foreign key (auth_holder_id) references authentication_holder (id)
+            on update cascade on delete set null;
+
+alter table device_code_request_parameter
+    add constraint device_code_request_parameter_device_code_id_fk
+        foreign key (owner_id) references device_code (id)
+            on update cascade on delete cascade;
+
+alter table device_code_scope
+    add constraint device_code_scope_device_code_id_fk
+        foreign key (owner_id) references device_code (id)
+            on update cascade on delete cascade;
+
+alter table refresh_token
+    add constraint refresh_token_authentication_holder_id_fk
+        foreign key (auth_holder_id) references authentication_holder (id)
+            on update cascade on delete set null;
+
+alter table saved_user_auth_authority
+    add constraint saved_user_auth_authority_saved_user_auth_id_fk
+        foreign key (owner_id) references saved_user_auth (id)
+            on update cascade on delete cascade;
+
+alter table token_scope
+    add constraint token_scope_refresh_token_id_fk
+        foreign key (owner_id) references access_token (id)
+            on update cascade on delete cascade;
diff --git a/.github/integration/sda/aai-mock/application.properties b/.github/integration/sda/aai-mock/application.properties
@@ -0,0 +1,12 @@
+main.oidc.issuer.url=http://${DOCKERHOST}:8800/oidc/
+web.baseURL=https://${DOCKERHOST}:8800/oidc
+
+# GA4GH broker
+# ga4gh.broker.url=http://aai-mock:8800/ga4gh-broker/
+# ga4gh.broker.username=broker-aai-user
+# ga4gh.broker.password=broker-aai-pass
+
+# DATABASE
+jdbc.url=jdbc:mysql://ls-aai-db:3306/aai
+jdbc.user=aai
+jdbc.password=aaiPass
diff --git a/.github/integration/sda/aai-mock/clients/aai-auth.yaml b/.github/integration/sda/aai-mock/clients/aai-auth.yaml
@@ -0,0 +1,8 @@
+client-name: "auth"
+client-id: "XC56EL11xx"
+client-secret: "wHPVQaYXmdDHg"
+redirect-uris: ["http://localhost:8801/oidc/login"]
+token-endpoint-auth-method: "client_secret_basic"
+scope: ["openid", "profile", "email", "ga4gh_passport_v1", "eduperson_entitlement"]
+grant-types: ["authorization_code"]
+post-logout-redirect-uris: ["http://localhost:8801/oidc/login"]
diff --git a/.github/integration/sda/aai-mock/keys.jwks b/.github/integration/sda/aai-mock/keys.jwks
@@ -0,0 +1,18 @@
+{
+    "keys": [
+        {
+            "p": "4WZg5xMs4tfCWpPqaJt3D-tP2BxD9uMuNZ77nxw9MJuX-Q6Uso4ZCSuvDDQPNfhnko-sYGzkYqm_G-2ojBWqx6X3rr1L687yLfyzxxJwsrRIg2ewLpq8cBu-JIczB7ZkZrew09Hr7INPVLkka49Vu1YLiNEQLnwkMycQB9gt4zc",
+            "kty": "RSA",
+            "q": "nDJnwaFV31TB1jFYML-U4kZOm-ZcATxr-1wUrRF5J6ZgzSPzDvohLGwSxary9IVFzI9zMQGJR7zKAhiZtFmQY04NM2cYCJWHFpf7dcAKim-dphzp8MVElX1HLNAUfNOx-sTpZKeGYeu9toZ53dXOEhVczvij5B_IqU1tnSrrxg8",
+            "d": "hWg8IPUAd_Bs4gVjOgXEhStw5BopgZPAS7XgbhEhHaWcv5VifqhDXjfrfUogIxLiyKfdmK3lLpWpY0SfNRDAesQ77dXot2r2sMxjAPZLWSgqUzURTkKECM12Vn2GpVaYQyvRHV88_n8pm0fmvVo-iGSSJlnloE9-3krYKjvAvMl8UUq4pFjLQTZZvxOEBfaEYZYIb8ZMCpVO1-_7OfELAUeM4MRLTZH8QAV5iZ1HrsWiMUol2uBVMJh78mIE-PDbGxQLeLHESMKHFCNLXpjV0whBDwWbEM3It3WD9xfJtEkhtXlVFMoHSH22GpHTiKt5MTo7z6OJ5w9TRnwj92PR-Q",
+            "e": "AQAB",
+            "use": "sig",
+            "kid": "rsa1",
+            "qi": "KQqgI-zCiSMv4dUUXTYMXGxLorJk-0levxP6zoQA41sK1xKxlJibraZzi2Lc0OGd5UhJvzcbGdNJM6MH5U18lXo_Gq4qy3bbGJLMEXtp0JVI46P1o5IPD0_JN_1YGcFFcHNkGLwS9lNlapiUesNnTO8Z3CeBpnVcOwuddpTMSf4",
+            "dp": "Zhkvz7vZ2y8MdGcICTZSqj1Wv3eeOZkSd2t6Ysox1XDFWCWIqZDAOm01L3vtX-8TS0oVNOBeW2q0jHwMmte9sg21sctBNqFZBgevj38E2Y3cQtmW7qVcshN-_6DWNqohtH2EdY5jJZEdQC1VF_unQ-Jn-yNoBwZoh1ssYcFEl-U",
+            "alg": "RS256",
+            "dq": "XpP61XkeaRuGP28jimkG-rg9sxKaVTlD3TDVaDIzXTnWVYDWFRSJ778E4uHvOPZV3FZkFqFqgaCj5P8GWvj8f9TsE1ryZ4g7AwhF__enqkmJeOL7GIoqTCZOaakZLrh0hXakKAl0SmiXOCVXN2bV34dF6iEOA_zm4PT8UXWCzCs",
+            "n": "iYbEZmoKHn6bI2_cj88oNRbXHCje153A5-eAYd-rZmWATowgAVT3NRg1PTzyh_khNANHYZ2f6AL-7r_MbnaOKQtHITZhUzuUvbkgoW6FWXMPTrB5AsL8r-3T3bUKpn05UxsBQMrtnt_HJsCBZPCXzhSDxM5hsvrVlr8KnGaVK81fQxLO7H03TCpbPCLvyvxlXF6B80UE5FdcNZ3gabZ2GP08jfGGN37Cy_Wge5T469LbYFfBMYDsDJmEQJtnDB9sXUSrjsqof1XzwepCr03Xo9z3H6ca9poQCDvlC-mn-b75mP7eZ0IEakmHZ29f9pmgSjuDPqGQS8v6yL7KwenaOQ"
+        }
+    ]
+}
diff --git a/.github/integration/sda/aai-mock/userinfos/sample.yaml b/.github/integration/sda/aai-mock/userinfos/sample.yaml
@@ -0,0 +1,33 @@
+web-display-name: "John Franklin Doe"
+
+sub: "[email protected]"
+
+name: "John Franklin Doe"
+preferred-username: "jofrdo"
+given-name: "John"
+family-name: "Doe"
+middle-name: "Franklin"
+nickname: "jofrdo"
+locale: "EN"
+
+email: "[email protected]"
+email-verified: True
+
+country: "uk"
+
+eduperson-entitlement: ["urn:geant:lifescience-ri.eu:group:researchers#lifescience-ri.eu"]
+
+voperson-external-affiliation: ["[email protected]", "[email protected]", "[email protected]"]
+
+eduperson-orcid: "https://orcid.org/0000-0000-XXXX-XXXX"
+
+schac-home-organization: ["faberuni.edu", "orcid.org"]
+
+eduperson-scoped-affiliation: ["[email protected]", "[email protected]"]
+
+voperson-current-external-affiliation: ["[email protected]", "[email protected]"]
+
+authenticating-entity: "https://idp.faberuni.edu/shibboleth"
+
+acr: "https://refeds.org/profile/mfa"
+authn-instant: "2023-05-01T10:15:30Z"