Using test security with dynamic users

[eijckron]

Quarkus test security allows to run a test with a specified user and roles.
For example these annotations define a test that is executed as user testUser with a JWT that has sub set to test-user-id.

@Test
@TestSecurity(user = "testUser")
@OidcSecurity(claims = @Claim(key = "sub", value = "test-user-id"))
testMethod()

However I have a couple of use cases where I would like to define the security for the call dynamically like:

@Test
testMethod() {
    given().auth().oAuth2(mockATestUser("testUser", "test-user-id", "ROLE-A")
}

Besides setting up keycloak dev services with all the possible dynamic users I have not found any references to a setup that would allow to have these test mock users behave in the same way as the test mock users defined through the annotations.

Scenario's that would benefit from this dynamic behavior:

• Parameterized tests run for different role configurations
• Nested tests where each invocation needs its own user context to avoid clashes between test cases.

[quarkus-bot[bot]]

/cc @sberyozkin (security)

[sberyozkin]

@eijckron Hi, do each of these new user/role combinations touch on different endpoint code paths ?

[eijckron]

@sberyozkin
The test is usually for a specific endpoint but could potentially also be a variable.
A typical use case is endpoint access validation. A parameterized test provides a set of roles that should / should not have access.
But it could go as far as a single parameterized test that receives endpoint, role and expected access true/false