-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathMakefile
More file actions
245 lines (204 loc) · 11.2 KB
/
Makefile
File metadata and controls
245 lines (204 loc) · 11.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
# AAuth .NET samples — common workflows.
#
# Targets are thin wrappers around `dotnet` invocations so contributors
# can run the suite without memorising paths. Run `make help` for a list.
DOTNET ?= dotnet
SOLUTION := AAuth.slnx
WHOAMI_PROJECT := samples/WhoAmI/WhoAmI.csproj
PS_PROJECT := samples/MockPersonServer/MockPersonServer.csproj
AP_PROJECT := samples/MockAgentProvider/MockAgentProvider.csproj
TOUR_PROJECT := samples/GuidedTour/GuidedTour.csproj
AGENT_PROJECT := samples/AgentConsole/AgentConsole.csproj
SAMPLE_PROJECT := samples/SampleApp/SampleApp.csproj
ORCH_PROJECT := samples/Orchestrator/Orchestrator.csproj
LIVE_PROJECT := samples/LiveWhoAmITest/LiveWhoAmITest.csproj
AS_PROJECT := samples/MockAccessServer/MockAccessServer.csproj
WHOAMI_URL := http://localhost:5000
PS_URL := http://localhost:5100
AP_URL := http://localhost:5301
ORCH_URL := http://localhost:5200
TOUR_URL := http://localhost:5400
SAMPLE_URL := http://localhost:5240
AS_URL := http://localhost:5500
KEYCLOAK_URL := http://localhost:8080
KEYCLOAK_IMAGE := quay.io/keycloak/keycloak:26.0
KEYCLOAK_REALM := samples/MockAccessServer/keycloak
# AgentConsole persists its enrollment under $LocalApplicationData; the MockAgentProvider
# keeps its agent registry in memory, so the cache goes stale whenever the AP restarts.
AGENT_CACHE_DIR := $(or $(XDG_DATA_HOME),$(HOME)/.local/share)/aauth-agent-console
E2E_DIR := tests/e2e
# Environment that points the MockAccessServer at the live Keycloak policy engine.
KEYCLOAK_AS_ENV := AccessServer__PolicyProvider=keycloak \
AccessServer__Keycloak__Authority=$(KEYCLOAK_URL)/realms/aauth \
AccessServer__Keycloak__ClientId=aauth-access-server \
AccessServer__Keycloak__ClientSecret=aauth-access-server-secret \
AccessServer__Keycloak__ResourceServerAudience=aauth-access-server \
AccessServer__Keycloak__ResourceName=whoami
# (Re)start the Keycloak container, wait for the realm to be ready, then build once.
define KEYCLOAK_BOOT
docker rm -f aauth-keycloak >/dev/null 2>&1 || true
docker run -d --name aauth-keycloak -p 8080:8080 \
-e KC_BOOTSTRAP_ADMIN_USERNAME=admin -e KC_BOOTSTRAP_ADMIN_PASSWORD=admin \
-v "$(PWD)/$(KEYCLOAK_REALM):/opt/keycloak/data/import:ro" \
$(KEYCLOAK_IMAGE) start-dev --import-realm >/dev/null
@echo "Waiting for Keycloak to become ready..."
@until curl -sf $(KEYCLOAK_URL)/realms/aauth/.well-known/openid-configuration >/dev/null 2>&1; do sleep 2; done
@echo "Keycloak ready."
@echo "Building services (once) before launch..."
$(DOTNET) build $(SOLUTION) -v q
endef
.DEFAULT_GOAL := help
.PHONY: help build restore test test-unit test-conformance format clean \
whoami ps ps-consent ap orchestrator tour sampleapp agent live \
demo \
keycloak access-server demo-keycloak \
agent-federated agent-reset \
e2e-install e2e e2e-tour e2e-sample e2e-report
help: ## List available targets
@awk 'BEGIN { FS = ":.*##"; printf "Targets:\n" } \
/^[a-zA-Z0-9_-]+:.*##/ { printf " \033[36m%-18s\033[0m %s\n", $$1, $$2 }' \
$(MAKEFILE_LIST)
# ----------------------------------------------------------------------------
# Build, test & housekeeping
# ----------------------------------------------------------------------------
restore: ## Restore NuGet packages
$(DOTNET) restore $(SOLUTION)
build: ## Build the full solution
$(DOTNET) build $(SOLUTION)
test: ## Run all tests (SDK + conformance)
$(DOTNET) test $(SOLUTION)
test-unit: ## Run SDK unit + integration tests only
$(DOTNET) test tests/AAuth.Tests/AAuth.Tests.csproj
test-conformance: ## Run spec conformance tests only
$(DOTNET) test tests/AAuth.Conformance/AAuth.Conformance.csproj
format: ## Apply dotnet format to the solution
$(DOTNET) format $(SOLUTION)
clean: ## dotnet clean + remove bin/ obj/ trees
$(DOTNET) clean $(SOLUTION)
find . -type d \( -name bin -o -name obj \) -prune -exec rm -rf {} +
# ----------------------------------------------------------------------------
# Individual services & apps
# ----------------------------------------------------------------------------
whoami: ## Run the WhoAmI resource server (port 5000)
$(DOTNET) run --project $(WHOAMI_PROJECT)
ps: ## Run the MockPersonServer (port 5100)
$(DOTNET) run --project $(PS_PROJECT)
ps-consent: ## Run MockPersonServer with RequireConsent=true (deferred-flow demo)
MockPersonServer__RequireConsent=true $(DOTNET) run --project $(PS_PROJECT)
ap: ## Run the MockAgentProvider (port 5301)
$(DOTNET) run --project $(AP_PROJECT)
orchestrator: ## Run the Orchestrator service (port 5200)
$(DOTNET) run --project $(ORCH_PROJECT)
tour: ## Run the GuidedTour Blazor app (port 5400)
$(DOTNET) run --project $(TOUR_PROJECT)
sampleapp: ## Run the SampleApp Blazor app (port 5240)
$(DOTNET) run --project $(SAMPLE_PROJECT)
agent: ## Run AgentConsole against WhoAmI (override URL=… for a different target)
$(DOTNET) run --project $(AGENT_PROJECT) -- $(or $(URL),$(WHOAMI_URL))
live: ## Run LiveWhoAmITest against whoami.aauth.dev (needs cloudflared + network)
$(DOTNET) run --project $(LIVE_PROJECT)
# ----------------------------------------------------------------------------
# Demos — stub Access Server (all flows incl. four-party federated, no Docker)
# ----------------------------------------------------------------------------
demo: ## Start the full stack + stub Access Server + both UIs (all flows incl. four-party federated, stub AS — no Docker)
@echo "Starting demo (all flows including call-chain + four-party federated, stub AS)..."
@echo ""
@echo "------------------------------------------------------------------"
@echo " Backend services:"
@echo " WhoAmI: $(WHOAMI_URL) (resource server)"
@echo " Orchestrator: $(ORCH_URL) (mission orchestrator)"
@echo " MockPersonServer: $(PS_URL) (RequireConsent=true)"
@echo " MockAgentProvider: $(AP_URL) (agent registry)"
@echo " MockAccessServer: $(AS_URL) (stub, RequireConsent=true)"
@echo ""
@echo " Open in your browser:"
@echo " GuidedTour: $(TOUR_URL) (step-by-step walkthrough of every flow)"
@echo " SampleApp: $(SAMPLE_URL) (minimal app: /federated, /deferred, /callchain)"
@echo "------------------------------------------------------------------"
@echo ""
@trap 'echo; echo "Stopping..."; kill 0' INT TERM; \
MockPersonServer__RequireConsent=true $(DOTNET) run --project $(PS_PROJECT) & \
$(DOTNET) run --project $(WHOAMI_PROJECT) & \
$(DOTNET) run --project $(ORCH_PROJECT) & \
$(DOTNET) run --project $(AP_PROJECT) & \
AccessServer__PolicyProvider=stub AccessServer__RequireConsent=true $(DOTNET) run --project $(AS_PROJECT) & \
$(DOTNET) run --project $(TOUR_PROJECT) & \
$(DOTNET) run --project $(SAMPLE_PROJECT) & \
wait
# ----------------------------------------------------------------------------
# Federated demos & helpers — live Keycloak policy engine (Docker)
# ----------------------------------------------------------------------------
keycloak: ## Start Keycloak (port 8080) with the demo 'aauth' realm imported
docker rm -f aauth-keycloak >/dev/null 2>&1 || true
docker run --rm --name aauth-keycloak -p 8080:8080 \
-e KC_BOOTSTRAP_ADMIN_USERNAME=admin -e KC_BOOTSTRAP_ADMIN_PASSWORD=admin \
-v "$(PWD)/$(KEYCLOAK_REALM):/opt/keycloak/data/import:ro" \
$(KEYCLOAK_IMAGE) start-dev --import-realm
access-server: ## Run the MockAccessServer with the Keycloak policy engine (port 5500)
$(KEYCLOAK_AS_ENV) \
$(DOTNET) run --project $(AS_PROJECT)
demo-keycloak: ## Four-party federated demo (both UIs) with the live Keycloak policy engine (Docker)
@echo "Starting four-party federated demo (Keycloak as the policy engine)..."
$(KEYCLOAK_BOOT)
@echo ""
@echo "------------------------------------------------------------------"
@echo " Backend services:"
@echo " Keycloak: $(KEYCLOAK_URL) (admin/admin, realm 'aauth')"
@echo " WhoAmI: $(WHOAMI_URL) (resource server, /federated)"
@echo " Orchestrator: $(ORCH_URL) (mission orchestrator)"
@echo " MockPersonServer: $(PS_URL) (RequireConsent=true)"
@echo " MockAgentProvider: $(AP_URL) (agent registry)"
@echo " MockAccessServer: $(AS_URL) (PolicyProvider=keycloak)"
@echo ""
@echo " Open in your browser:"
@echo " GuidedTour: $(TOUR_URL) (Federated mode → live Keycloak consent)"
@echo " SampleApp: $(SAMPLE_URL) (minimal app: /federated, /deferred, /callchain)"
@echo ""
@echo " Keycloak login users (use these when the browser prompts you):"
@echo " demo / demo (has the whoami-admin role -> full access)"
@echo " guest / guest (no admin role -> limited access)"
@echo ""
@echo " Keycloak admin console: $(KEYCLOAK_URL) (admin / admin)"
@echo "------------------------------------------------------------------"
@echo " Or drive it from the CLI in another terminal with: make agent-federated"
@echo "------------------------------------------------------------------"
@echo ""
@trap 'trap - INT TERM EXIT; echo; echo "Stopping..."; docker rm -f aauth-keycloak >/dev/null 2>&1; kill 0' INT TERM EXIT; \
$(DOTNET) run --no-build --project $(WHOAMI_PROJECT) & \
$(DOTNET) run --no-build --project $(ORCH_PROJECT) & \
MockPersonServer__RequireConsent=true $(DOTNET) run --no-build --project $(PS_PROJECT) & \
$(DOTNET) run --no-build --project $(AP_PROJECT) & \
$(KEYCLOAK_AS_ENV) \
$(DOTNET) run --no-build --project $(AS_PROJECT) & \
$(DOTNET) run --no-build --project $(TOUR_PROJECT) & \
$(DOTNET) run --no-build --project $(SAMPLE_PROJECT) & \
wait
agent-federated: ## Drive AgentConsole through the four-party /federated flow (Keycloak login)
@$(MAKE) --no-print-directory agent-reset
@echo ""
@echo "=================================================================="
@echo " When the agent prints an interaction URL, open it in your browser"
@echo " and sign in to Keycloak with one of these demo users:"
@echo ""
@echo " demo / demo (has the whoami-admin role -> full access)"
@echo " guest / guest (no admin role -> limited access)"
@echo "=================================================================="
@echo ""
$(DOTNET) run --project $(AGENT_PROJECT) -- $(WHOAMI_URL)/federated \
--ap $(AP_URL) --ps $(PS_URL) --signing-mode jwt --sub aauth:demo@ap.example
agent-reset: ## Clear the AgentConsole enrollment cache (stale after an AP restart)
@rm -rf "$(AGENT_CACHE_DIR)" && echo "Cleared AgentConsole enrollment cache ($(AGENT_CACHE_DIR))."
# ----------------------------------------------------------------------------
# End-to-end (Playwright)
# ----------------------------------------------------------------------------
e2e-install: ## Install the Playwright toolchain + Chromium (run once)
cd $(E2E_DIR) && npm ci && npm run install-browsers
e2e: ## Run all Playwright E2E specs (boots backends + apps via webServer)
cd $(E2E_DIR) && npm test
e2e-tour: ## Run the GuidedTour Playwright specs only
cd $(E2E_DIR) && npm run test:tour
e2e-sample: ## Run the SampleApp Playwright specs only
cd $(E2E_DIR) && npm run test:sample
e2e-report: ## Serve the last Playwright HTML report (Ctrl-C to stop)
@echo "Serving report at http://localhost:9323 — open it in your browser, Ctrl-C to stop."
cd $(E2E_DIR) && npm run report