keycloak-admin 0.6.5 → 0.7.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 1514ae886ef6e9a3b7a0716ea6be8f472222fdd9
-  data.tar.gz: 1ba37cacfd7668d8c3d5b8f934f31de62c21b10d
+SHA256:
+  metadata.gz: 8e59d2429daf60f186a44419025f9ecf6468e948306b10dd07acc6f71ff36bdb
+  data.tar.gz: a82dd0cdce80a82e19372ed04cf4b84f84a0138faac9d7fcc4d3eca1f128507f
 SHA512:
-  metadata.gz: 9bf9575e8155e8803d6675aa764ddd01bbc761c9a672f8ea0cab5974503b5d24cf1ea955fa25aa5b1a1619fd8063002f5d6802b9541bd93747378c46609f332a
-  data.tar.gz: f4ce9faf771762e2b319bb02bfbef51015f1971617f08c2673d2d235abace7427d8eebb1f8267f54a09b1475a60e9bdb9f0df4441b3bb5a923ba3f46b9e7760f
+  metadata.gz: 4b940501a2a046248b9773d6075e72e6c0717a291646a5dbd583b67b59ab54b9a02b6f7407e2fa75330ad829bd50100155f42245358380163868b48968488caa
+  data.tar.gz: 9ae5a43cfcde48897618294f845c2494ba45e1ecb80d980aa15b99397e9cfc4014a2ef03f36fbdbee1cf8b96f6d5099bae087217901b09f0505cac702967dfa2

data/.gitignore

@@ -5,4 +5,5 @@ test/dummy/db/*.sqlite3
 test/dummy/db/*.sqlite3-journal
 test/dummy/log/*.log
 test/dummy/tmp/
-*.gem
+*.gem
+.idea/

data/CHANGELOG.md

@@ -0,0 +1,65 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [0.7.4] - 2019-10-17
+
+* Support for Rails 6
+
+## [0.7.3] - 2019-07-11
+
+Thanks to @cederigo=
+* For a given user, get her list of groups
+
+## [0.7.2] - 2019-06-17
+
+Thanks to @vlad-ro:
+
+* Get list of client role mappings for a group
+* Save client role mappings for a user/group
+* Save realm-level role mappings for a user/group
+
+## [0.7.1] - 2019-06-11
+
+Thanks to @vlad-ro:
+
+* List users
+* List clients
+* List groups, create/save a group
+* List roles, save a role
+* List realms, save/update/delete a realm
+* Get list of client role mappings for a user
+* Support passing rest client options for user save and search
+* Support using gem without ActiveSupport
+
+## [0.7.0] - 2019-06-06
+
+Thanks to @vlad-ro:
+
+* Support passing rest client options
+* More documentation
+* More tests
+* Better handling of timeouts
+
+## [0.6.5] - 2019-05-14
+
+* Get user
+
+## [0.6.2] - 2019-05-14
+
+* Update users
+
+## [0.6] - 2019-03-06
+
+* Save a locale when creating a new user
+
+## [0.5] - 2018-01-26
+
+* Client to access Custom REST API configurable-token
+
+## [0.3] - 2018-01-19
+
+* Support of impersonation

data/Dockerfile

@@ -1,4 +1,4 @@
-FROM ruby:2.3
+FROM ruby:2.6.5
 RUN mkdir -p /usr/src/app/lib/keycloak-admin
 WORKDIR /usr/src/app
 

data/Gemfile.lock

@@ -1,18 +1,27 @@
 PATH
   remote: .
   specs:
-    keycloak-admin (0.6.5)
+    keycloak-admin (0.7.4)
       http-cookie (~> 1.0, >= 1.0.3)
+      rest-client (~> 2.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
     byebug (9.1.0)
     diff-lcs (1.3)
-    domain_name (0.5.20180417)
+    domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
     http-cookie (1.0.3)
       domain_name (~> 0.5)
+    mime-types (3.2.2)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2019.0331)
+    netrc (0.11.0)
+    rest-client (2.0.2)
+      http-cookie (>= 1.0.2, < 2.0)
+      mime-types (>= 1.16, < 4.0)
+      netrc (~> 0.8)
     rspec (3.7.0)
       rspec-core (~> 3.7.0)
       rspec-expectations (~> 3.7.0)
@@ -28,7 +37,7 @@ GEM
     rspec-support (3.7.0)
     unf (0.1.4)
       unf_ext
-    unf_ext (0.0.7.5)
+    unf_ext (0.0.7.6)
 
 PLATFORMS
   ruby
@@ -39,4 +48,4 @@ DEPENDENCIES
   rspec (= 3.7.0)
 
 BUNDLED WITH
-   1.16.3
+   1.17.3

data/README.md

@@ -4,7 +4,7 @@
 Ruby client that acts as a client for the Keycloak REST API.
 This gem basically acts as an url builder using `http-client` to get responses and serialize them into _representation_ objects.
 
-_Warning: This beta gem is currently used for personal used. Most Keycloak Admin features are not implemented yet._
+_Warning: This beta gem is currently used for personal use. Most Keycloak Admin features are not implemented yet._
 
 ## Install
 
@@ -12,7 +12,7 @@ This gem *does not* require Rails.
 For example, using `bundle`, add this line to your Gemfile.
 
 ```ruby
-gem "keycloak-admin", "0.6.5"
+gem "keycloak-admin", "0.7.4"
 ```
 
 ## Login
@@ -58,6 +58,7 @@ KeycloakAdmin.configure do |config|
   config.username            = ENV["KEYCLOAK_ADMIN_USER"]
   config.password            = ENV["KEYCLOAK_ADMIN_PASSWORD"]
   config.logger              = Rails.logger
+  config.rest_client_options = { verify_ssl: OpenSSL::SSL::VERIFY_NONE }
 end
 ```
 This example is autoloaded in a Rails environment.
@@ -69,13 +70,14 @@ All options have a default value. However, all of them can be changed in your in
 | Option | Default Value | Type | Required? | Description  | Example |
 | ---- | ----- | ------ | ----- | ------ | ----- |
 | `server_url` | `nil`| String | Required | The base url where your Keycloak server is located. This value can be retrieved in your Keycloak client configuration. | `server_domain` | `nil`| String | Required | Public domain that identify your authentication cookies. | `auth.service.io` |
-| `client_realm_name` | `""`| String | Required | Name of the realm that contain the admin client. | `master` |
+| `client_realm_name` | `""`| String | Required | Name of the realm that contains the admin client. | `master` |
 | `client_id` | `admin-cli`| String | Required | Client that should be used to access admin capabilities. | `api-cli` |
 | `client_secret` | `nil`| String | Optional | If your client is `confidential`, this parameter must be specified. | `4e3c481c-f823-4a6a-b8a7-bf8c86e3eac3` |
-| `use_service_account` | `true` | Boolean | Required | `true` if the connection to the client uses a Service Account. `false` if the connetio nto the client uses a username/password credential | `false` | 
-| `username` | `nil`| String | Optional | Username that access to the Admin REST API. Recommended if `user_service_account` is set to `false`. | `mummy` |
-| `password` | `nil`| String | Optional | Clear password that access to the Admin REST API. Recommended if `user_service_account` is set to `false`. | `bobby` |
+| `use_service_account` | `true` | Boolean | Required | `true` if the connection to the client uses a Service Account. `false` if the connection to the client uses a username/password credential. | `false` | 
+| `username` | `nil`| String | Optional | Username to access the Admin REST API. Recommended if `user_service_account` is set to `false`. | `mummy` |
+| `password` | `nil`| String | Optional | Clear password to access the Admin REST API. Recommended if `user_service_account` is set to `false`. | `bobby` |
 | `logger` | `Logger.new(STDOUT)`| Logger | Optional | The logger used by `keycloak-admin` | `Rails.logger` | 
+| `rest_client_options` | `{}`| Hash | Optional | Options to pass to `RestClient` | `{ verify_ssl: OpenSSL::SSL::VERIFY_NONE }` | 
 
 
 ## Use Case
@@ -83,11 +85,18 @@ All options have a default value. However, all of them can be changed in your in
 ### Supported features
 
 * Get an access token
-* Create/update/get a user
+* Create/update/get/delete a user
+* Get list of users, search for user(s)
 * Reset credentials
-* Delete a user
 * Impersonate a user
 * Exchange a configurable token
+* Get list of clients
+* Get list of groups, create/save a group
+* Get list of roles, save a role
+* Get list of realms, save/update/delete a realm
+* Get list of client role mappings for a user/group
+* Save client role mappings for a user/group
+* Save realm-level role mappings for a user/group
 
 ### Get an access token
 
@@ -97,7 +106,7 @@ Returns an instance of `KeycloakAdmin::TokenRepresentation`.
 KeycloakAdmin.realm("a_realm").token.get
 ```
 
-### Get a user from its idenfier
+### Get a user from its identifier
 
 Returns an instance of `KeycloakAdmin::UserRepresentation` or `nil` when this user does not exist.
 
@@ -114,6 +123,14 @@ Returns an array of `KeycloakAdmin::UserRepresentation`.
 KeycloakAdmin.realm("a_realm").users.search("a_username_or_an_email")
 ```
 
+### List all users in a realm
+
+Returns an array of `KeycloakAdmin::UserRepresentation`.
+
+```ruby
+KeycloakAdmin.realm("a_realm").users.list
+```
+
 ### Save a user
 
 Returns the provided `user`, which must be of type `KeycloakAdmin::UserRepresentation`.
@@ -132,6 +149,12 @@ KeycloakAdmin.realm("a_realm").users.update("05c135c6-5ad8-4e17-b1fa-635fc089fd7
 })
 ```
 
+### Delete a user
+
+```ruby
+KeycloakAdmin.realm("a_realm").users.delete(user_id)
+```
+
 ### Create and save a user with password and a locale
 
 Returns the created user of type `KeycloakAdmin::UserRepresentation`.
@@ -182,6 +205,134 @@ token_lifespan_in_seconds = 20
 KeycloakAdmin.realm("a_realm").configurable_token.exchange_with(user_access_token, token_lifespan_in_seconds)
 ```
 
+### Get list of realms
+
+Returns an array of `KeycloakAdmin::RealmRepresentation`.
+
+```ruby
+KeycloakAdmin.realm("master").list
+```
+
+### Save a realm
+
+Takes `realm` of type `KeycloakAdmin::RealmRepresentation`, or an object implementing `to_json`, such as a `Hash`.
+
+```ruby
+KeycloakAdmin.realm(nil).save(realm)
+```
+
+### Update a realm
+
+If you want to update its entire entity. To update some specific attributes, provide an object implementing `to_json`, such as a `Hash`.
+
+```ruby
+KeycloakAdmin.realm("a_realm").update({
+  smtpServer: { host: 'test_host' }
+})
+```
+
+### Delete a realm
+
+```ruby
+KeycloakAdmin.realm("a_realm").delete
+```
+
+### Get list of clients in a realm
+
+Returns an array of `KeycloakAdmin::ClientRepresentation`.
+
+```ruby
+KeycloakAdmin.realm("a_realm").clients.list
+```
+
+### Get list of groups in a realm
+
+Returns an array of `KeycloakAdmin::GroupRepresentation`.
+
+```ruby
+KeycloakAdmin.realm("a_realm").groups.list
+```
+
+### Save a group
+
+Returns the id of saved `group` provided, which must be of type `KeycloakAdmin::GroupRepresentation`.
+
+```ruby
+KeycloakAdmin.realm("a_realm").groups.save(group)
+```
+
+### Create and save a group with a name and path
+
+Returns the id of created group.
+
+```ruby
+group_name = "test"
+group_path = "/top"
+group_id = KeycloakAdmin.realm("a_realm").groups.create!(group_name, group_path)
+```
+
+### Get list of roles in a realm
+
+Returns an array of `KeycloakAdmin::RoleRepresentation`.
+
+```ruby
+KeycloakAdmin.realm("a_realm").roles.list
+```
+
+### Save a role
+
+Takes `role`, which must be of type `KeycloakAdmin::RoleRepresentation`.
+
+```ruby
+KeycloakAdmin.realm("a_realm").roles.save(role)
+```
+
+### Get list of client role mappings for a user/group
+
+Returns an array of `KeycloakAdmin::RoleRepresentation`.
+
+```ruby
+user_id   = "95985b21-d884-4bbd-b852-cb8cd365afc2"
+client_id = "1869e876-71b4-4de2-849e-66540db3a098"
+KeycloakAdmin.realm("a_realm").user(user_id).client_role_mappings(client_id).list_available
+```
+or
+```ruby
+group_id  = "3a63b5c0-ef8a-47fd-86ed-b5fead18d9b8"
+client_id = "1869e876-71b4-4de2-849e-66540db3a098"
+KeycloakAdmin.realm("a_realm").group(group_id).client_role_mappings(client_id).list_available
+```
+
+### Save list of client role mappings for a user/group
+
+Takes `role_list`, which must be an array of type `KeycloakAdmin::RoleRepresentation`.
+
+```ruby
+user_id   = "95985b21-d884-4bbd-b852-cb8cd365afc2"
+client_id = "1869e876-71b4-4de2-849e-66540db3a098"
+KeycloakAdmin.realm("a_realm").user(user_id).client_role_mappings(client_id).save(role_list)
+```
+or
+```ruby
+group_id  = "3a63b5c0-ef8a-47fd-86ed-b5fead18d9b8"
+client_id = "1869e876-71b4-4de2-849e-66540db3a098"
+KeycloakAdmin.realm("a_realm").group(group_id).client_role_mappings(client_id).save(role_list)
+```
+
+### Save list of realm-level role mappings for a user/group
+
+Takes `role_list`, which must be an array of type `KeycloakAdmin::RoleRepresentation`.
+
+```ruby
+user_id   = "95985b21-d884-4bbd-b852-cb8cd365afc2"
+KeycloakAdmin.realm("a_realm").user(user_id).role_mapper.save_realm_level(role_list)
+```
+or
+```ruby
+group_id  = "3a63b5c0-ef8a-47fd-86ed-b5fead18d9b8"
+KeycloakAdmin.realm("a_realm").group(group_id).role_mapper.save_realm_level(role_list)
+```
+
 ## How to execute library tests
 
 From the `keycloak-admin-api` directory:

data/keycloak-admin.gemspec

@@ -15,7 +15,10 @@ Gem::Specification.new do |spec|
   spec.files = `git ls-files -z`.split("\x0")
   spec.require_paths = ["lib"]
   
+  spec.required_ruby_version = '>= 2.3'
+
   spec.add_dependency "http-cookie", "~> 1.0", ">= 1.0.3"
+  spec.add_dependency "rest-client", "~> 2.0"
   spec.add_development_dependency "rspec",  "3.7.0"
   spec.add_development_dependency "byebug", "9.1.0"
 end

data/lib/keycloak-admin.rb

@@ -2,17 +2,29 @@ require "logger"
 
 require_relative "keycloak-admin/configuration"
 require_relative "keycloak-admin/client/client"
+require_relative "keycloak-admin/client/client_client"
+require_relative "keycloak-admin/client/client_role_mappings_client"
+require_relative "keycloak-admin/client/group_client"
 require_relative "keycloak-admin/client/realm_client"
+require_relative "keycloak-admin/client/role_client"
+require_relative "keycloak-admin/client/role_mapper_client"
 require_relative "keycloak-admin/client/token_client"
 require_relative "keycloak-admin/client/user_client"
 require_relative "keycloak-admin/client/configurable_token_client"
 require_relative "keycloak-admin/representation/camel_json"
 require_relative "keycloak-admin/representation/representation"
+require_relative "keycloak-admin/representation/client_representation"
+require_relative "keycloak-admin/representation/group_representation"
 require_relative "keycloak-admin/representation/token_representation"
 require_relative "keycloak-admin/representation/impersonation_redirection_representation"
 require_relative "keycloak-admin/representation/impersonation_representation"
 require_relative "keycloak-admin/representation/credential_representation"
+require_relative "keycloak-admin/representation/realm_representation"
+require_relative "keycloak-admin/representation/role_representation"
 require_relative "keycloak-admin/representation/user_representation"
+require_relative "keycloak-admin/resource/base_role_containing_resource"
+require_relative "keycloak-admin/resource/group_resource"
+require_relative "keycloak-admin/resource/user_resource"
 
 module KeycloakAdmin
 
@@ -42,6 +54,7 @@ module KeycloakAdmin
       config.use_service_account = true
       config.username            = nil
       config.password            = nil
+      config.rest_client_options = nil
     end
   end
 

data/lib/keycloak-admin/client/client.rb

@@ -9,13 +9,13 @@ module KeycloakAdmin
       @configuration.server_url
     end
 
-    def token
-      @token ||= KeycloakAdmin.realm(@configuration.client_realm_name).token.get
+    def current_token
+      @current_token ||= KeycloakAdmin.realm(@configuration.client_realm_name).token.get
     end
 
     def headers
       {
-        Authorization: "Bearer #{token.access_token}",
+        Authorization: "Bearer #{current_token.access_token}",
         content_type: :json,
         accept:       :json
       }
@@ -23,10 +23,20 @@ module KeycloakAdmin
 
     def execute_http
       yield
+    rescue RestClient::Exceptions::Timeout => e
+      raise
     rescue RestClient::ExceptionWithResponse => e
       http_error(e.response)
     end
 
+    def created_id(response)
+      unless response.net_http_res.is_a? Net::HTTPCreated
+        raise "Create method returned status #{response.net_http_res.message} (Code: #{response.net_http_res.code}); expected status: Created (201)"
+      end
+      (_head, _separator, id) = response.headers[:location].rpartition('/')
+      id
+    end
+
     private
 
     def http_error(response)