keycloak-admin 0.6.5 → 0.7.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.gitignore +2 -1
- data/CHANGELOG.md +65 -0
- data/Dockerfile +1 -1
- data/Gemfile.lock +13 -4
- data/README.md +160 -9
- data/keycloak-admin.gemspec +3 -0
- data/lib/keycloak-admin.rb +13 -0
- data/lib/keycloak-admin/client/client.rb +13 -3
- data/lib/keycloak-admin/client/client_client.rb +24 -0
- data/lib/keycloak-admin/client/client_role_mappings_client.rb +32 -0
- data/lib/keycloak-admin/client/group_client.rb +46 -0
- data/lib/keycloak-admin/client/realm_client.rb +54 -0
- data/lib/keycloak-admin/client/role_client.rb +32 -0
- data/lib/keycloak-admin/client/role_mapper_client.rb +20 -0
- data/lib/keycloak-admin/client/token_client.rb +6 -1
- data/lib/keycloak-admin/client/user_client.rb +23 -6
- data/lib/keycloak-admin/configuration.rb +1 -1
- data/lib/keycloak-admin/representation/camel_json.rb +1 -1
- data/lib/keycloak-admin/representation/client_representation.rb +16 -0
- data/lib/keycloak-admin/representation/group_representation.rb +15 -0
- data/lib/keycloak-admin/representation/realm_representation.rb +14 -0
- data/lib/keycloak-admin/representation/representation.rb +6 -1
- data/lib/keycloak-admin/representation/role_representation.rb +17 -0
- data/lib/keycloak-admin/representation/user_representation.rb +13 -13
- data/lib/keycloak-admin/resource/base_role_containing_resource.rb +26 -0
- data/lib/keycloak-admin/resource/group_resource.rb +7 -0
- data/lib/keycloak-admin/resource/user_resource.rb +7 -0
- data/lib/keycloak-admin/version.rb +1 -1
- data/spec/client/client_client_spec.rb +53 -0
- data/spec/client/client_role_mappings_client_spec.rb +82 -0
- data/spec/client/client_spec.rb +28 -0
- data/spec/client/group_client_spec.rb +125 -0
- data/spec/client/realm_client_spec.rb +108 -0
- data/spec/client/role_client_spec.rb +83 -0
- data/spec/client/role_mapper_client_spec.rb +47 -0
- data/spec/client/token_client_spec.rb +32 -1
- data/spec/client/user_client_spec.rb +147 -0
- data/spec/configuration_spec.rb +2 -0
- data/spec/representation/user_representation_spec.rb +15 -0
- data/spec/resource/group_resource_spec.rb +14 -0
- data/spec/resource/user_resource_spec.rb +14 -0
- data/spec/spec_helper.rb +7 -0
- metadata +40 -5
@@ -0,0 +1,26 @@
|
|
1
|
+
module KeycloakAdmin
|
2
|
+
class BaseRoleContainingResource
|
3
|
+
def initialize(configuration, realm_client, resource_id)
|
4
|
+
@configuration = configuration
|
5
|
+
raise ArgumentError.new("realm must be defined") unless realm_client.name_defined?
|
6
|
+
@realm_client = realm_client
|
7
|
+
@resource_id = resource_id
|
8
|
+
end
|
9
|
+
|
10
|
+
def resources_name
|
11
|
+
raise NotImplementedError.new('must override in subclass')
|
12
|
+
end
|
13
|
+
|
14
|
+
def resource_url
|
15
|
+
"#{@realm_client.realm_admin_url}/#{resources_name}/#{@resource_id}"
|
16
|
+
end
|
17
|
+
|
18
|
+
def client_role_mappings(client_id)
|
19
|
+
ClientRoleMappingsClient.new(@configuration, self, client_id)
|
20
|
+
end
|
21
|
+
|
22
|
+
def role_mapper
|
23
|
+
RoleMapperClient.new(@configuration, self)
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
@@ -0,0 +1,53 @@
|
|
1
|
+
RSpec.describe KeycloakAdmin::ClientClient do
|
2
|
+
describe "#clients_url" do
|
3
|
+
let(:realm_name) { "valid-realm" }
|
4
|
+
let(:client_id) { nil }
|
5
|
+
|
6
|
+
before(:each) do
|
7
|
+
@built_url = KeycloakAdmin.realm(realm_name).clients.clients_url(client_id)
|
8
|
+
end
|
9
|
+
|
10
|
+
context "when client_id is not defined" do
|
11
|
+
let(:client_id) { nil }
|
12
|
+
it "return a proper url without client id" do
|
13
|
+
expect(@built_url).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients"
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
context "when client_id is defined" do
|
18
|
+
let(:client_id) { "95985b21-d884-4bbd-b852-cb8cd365afc2" }
|
19
|
+
it "return a proper url with the client id" do
|
20
|
+
expect(@built_url).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/95985b21-d884-4bbd-b852-cb8cd365afc2"
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
describe "#list" do
|
26
|
+
let(:realm_name) { "valid-realm" }
|
27
|
+
|
28
|
+
before(:each) do
|
29
|
+
@client_client = KeycloakAdmin.realm(realm_name).clients
|
30
|
+
|
31
|
+
stub_token_client
|
32
|
+
allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '[{"id":"test_client_id","name":"test_client_name"}]'
|
33
|
+
end
|
34
|
+
|
35
|
+
it "lists clients" do
|
36
|
+
clients = @client_client.list
|
37
|
+
expect(clients.length).to eq 1
|
38
|
+
expect(clients[0].name).to eq "test_client_name"
|
39
|
+
end
|
40
|
+
|
41
|
+
it "passes rest client options" do
|
42
|
+
rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
|
43
|
+
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
44
|
+
|
45
|
+
expect(RestClient::Resource).to receive(:new).with(
|
46
|
+
"http://auth.service.io/auth/admin/realms/valid-realm/clients", rest_client_options).and_call_original
|
47
|
+
|
48
|
+
clients = @client_client.list
|
49
|
+
expect(clients.length).to eq 1
|
50
|
+
expect(clients[0].name).to eq "test_client_name"
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
@@ -0,0 +1,82 @@
|
|
1
|
+
RSpec.describe KeycloakAdmin::ClientRoleMappingsClient do
|
2
|
+
describe "#available_url" do
|
3
|
+
let(:realm_name) { "valid-realm" }
|
4
|
+
let(:user_id) { "test_user" }
|
5
|
+
let(:client_id) { "test_client" }
|
6
|
+
|
7
|
+
before(:each) do
|
8
|
+
@built_url = KeycloakAdmin.realm(realm_name).user(user_id).client_role_mappings(client_id).list_available_url
|
9
|
+
end
|
10
|
+
|
11
|
+
it "return a proper url" do
|
12
|
+
expect(@built_url).to eq "http://auth.service.io/auth/admin/realms/valid-realm/users/test_user/role-mappings/clients/test_client/available"
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
describe "#list_available" do
|
17
|
+
let(:realm_name) { "valid-realm" }
|
18
|
+
let(:user_id) { "test_user" }
|
19
|
+
let(:client_id) { "test_client" }
|
20
|
+
|
21
|
+
before(:each) do
|
22
|
+
@client_role_mappings_client = KeycloakAdmin.realm(realm_name).user(user_id).client_role_mappings(client_id)
|
23
|
+
|
24
|
+
stub_token_client
|
25
|
+
allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '[{"id":"test_role_id","name":"test_role_name"}]'
|
26
|
+
end
|
27
|
+
|
28
|
+
it "lists roles" do
|
29
|
+
roles = @client_role_mappings_client.list_available
|
30
|
+
expect(roles.length).to eq 1
|
31
|
+
expect(roles[0].name).to eq "test_role_name"
|
32
|
+
end
|
33
|
+
|
34
|
+
it "passes rest client options" do
|
35
|
+
rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
|
36
|
+
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
37
|
+
|
38
|
+
expect(RestClient::Resource).to receive(:new).with(
|
39
|
+
"http://auth.service.io/auth/admin/realms/valid-realm/users/test_user/role-mappings/clients/test_client/available",
|
40
|
+
rest_client_options
|
41
|
+
).and_call_original
|
42
|
+
|
43
|
+
roles = @client_role_mappings_client.list_available
|
44
|
+
expect(roles.length).to eq 1
|
45
|
+
expect(roles[0].name).to eq "test_role_name"
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
describe "#save" do
|
50
|
+
let(:realm_name) { "valid-realm" }
|
51
|
+
let(:user_id) { "test_user" }
|
52
|
+
let(:client_id) { "test_client" }
|
53
|
+
let(:role_list) { [
|
54
|
+
KeycloakAdmin::RoleRepresentation.from_hash(
|
55
|
+
"name" => "test_role_name",
|
56
|
+
"composite" => false,
|
57
|
+
"clientRole" => false
|
58
|
+
)
|
59
|
+
] }
|
60
|
+
|
61
|
+
before(:each) do
|
62
|
+
@client_role_mappings_client = KeycloakAdmin.realm(realm_name).user(user_id).client_role_mappings(client_id)
|
63
|
+
|
64
|
+
stub_token_client
|
65
|
+
expect_any_instance_of(RestClient::Resource).to receive(:post).with(role_list.to_json, anything)
|
66
|
+
end
|
67
|
+
|
68
|
+
it "saves client role mappings" do
|
69
|
+
@client_role_mappings_client.save(role_list)
|
70
|
+
end
|
71
|
+
|
72
|
+
it "passes rest client options" do
|
73
|
+
rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
|
74
|
+
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
75
|
+
|
76
|
+
expect(RestClient::Resource).to receive(:new).with(
|
77
|
+
"http://auth.service.io/auth/admin/realms/valid-realm/users/test_user/role-mappings/clients/test_client", rest_client_options).and_call_original
|
78
|
+
|
79
|
+
@client_role_mappings_client.save(role_list)
|
80
|
+
end
|
81
|
+
end
|
82
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
RSpec.describe KeycloakAdmin::Client do
|
2
|
+
describe "#execute_http" do
|
3
|
+
let(:realm_name) { "valid-realm" }
|
4
|
+
before(:each) do
|
5
|
+
@client = KeycloakAdmin::Client.new(KeycloakAdmin.config)
|
6
|
+
end
|
7
|
+
|
8
|
+
it "handles timeout" do
|
9
|
+
expect do
|
10
|
+
@client.execute_http do
|
11
|
+
raise RestClient::Exceptions::OpenTimeout.new
|
12
|
+
end
|
13
|
+
end.to raise_error(RestClient::Exceptions::OpenTimeout)
|
14
|
+
end
|
15
|
+
|
16
|
+
it "handles response exception" do
|
17
|
+
response = double
|
18
|
+
allow(response).to receive(:code).and_return 500
|
19
|
+
allow(response).to receive(:body).and_return "Server error"
|
20
|
+
|
21
|
+
expect do
|
22
|
+
@client.execute_http do
|
23
|
+
raise RestClient::ExceptionWithResponse.new(response)
|
24
|
+
end
|
25
|
+
end.to raise_error("Keycloak: The request failed with response code 500 and message: Server error")
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,125 @@
|
|
1
|
+
RSpec.describe KeycloakAdmin::GroupClient do
|
2
|
+
describe "#groups_url" do
|
3
|
+
let(:realm_name) { "valid-realm" }
|
4
|
+
let(:group_id) { nil }
|
5
|
+
|
6
|
+
before(:each) do
|
7
|
+
@built_url = KeycloakAdmin.realm(realm_name).groups.groups_url(group_id)
|
8
|
+
end
|
9
|
+
|
10
|
+
context "when group_id is not defined" do
|
11
|
+
let(:group_id) { nil }
|
12
|
+
it "return a proper url without group id" do
|
13
|
+
expect(@built_url).to eq "http://auth.service.io/auth/admin/realms/valid-realm/groups"
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
context "when group_id is defined" do
|
18
|
+
let(:group_id) { "95985b21-d884-4bbd-b852-cb8cd365afc2" }
|
19
|
+
it "return a proper url with the group id" do
|
20
|
+
expect(@built_url).to eq "http://auth.service.io/auth/admin/realms/valid-realm/groups/95985b21-d884-4bbd-b852-cb8cd365afc2"
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
describe "#list" do
|
26
|
+
let(:realm_name) { "valid-realm" }
|
27
|
+
|
28
|
+
before(:each) do
|
29
|
+
@group_client = KeycloakAdmin.realm(realm_name).groups
|
30
|
+
|
31
|
+
stub_token_client
|
32
|
+
allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '[{"id":"test_group_id","name":"test_group_name"}]'
|
33
|
+
end
|
34
|
+
|
35
|
+
it "lists groups" do
|
36
|
+
groups = @group_client.list
|
37
|
+
expect(groups.length).to eq 1
|
38
|
+
expect(groups[0].name).to eq "test_group_name"
|
39
|
+
end
|
40
|
+
|
41
|
+
it "passes rest client options" do
|
42
|
+
rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
|
43
|
+
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
44
|
+
|
45
|
+
expect(RestClient::Resource).to receive(:new).with(
|
46
|
+
"http://auth.service.io/auth/admin/realms/valid-realm/groups", rest_client_options).and_call_original
|
47
|
+
|
48
|
+
groups = @group_client.list
|
49
|
+
expect(groups.length).to eq 1
|
50
|
+
expect(groups[0].name).to eq "test_group_name"
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
54
|
+
describe "#save" do
|
55
|
+
let(:realm_name) { "valid-realm" }
|
56
|
+
let(:group) { KeycloakAdmin::GroupRepresentation.from_hash(
|
57
|
+
"name" => "test_group_name"
|
58
|
+
)}
|
59
|
+
|
60
|
+
before(:each) do
|
61
|
+
@group_client = KeycloakAdmin.realm(realm_name).groups
|
62
|
+
|
63
|
+
stub_token_client
|
64
|
+
response = double
|
65
|
+
allow(response).to receive(:headers).and_return(
|
66
|
+
{ location: 'http://auth.service.io/auth/admin/realms/valid-realm/groups/be061c48-6edd-4783-a726-1a57d4bfa22b' }
|
67
|
+
)
|
68
|
+
expect_any_instance_of(RestClient::Resource).to receive(:post).with(group.to_json, anything).and_return response
|
69
|
+
end
|
70
|
+
|
71
|
+
it "saves a group" do
|
72
|
+
@group_client.save(group)
|
73
|
+
end
|
74
|
+
|
75
|
+
it "passes rest client options" do
|
76
|
+
rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
|
77
|
+
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
78
|
+
|
79
|
+
expect(RestClient::Resource).to receive(:new).with(
|
80
|
+
"http://auth.service.io/auth/admin/realms/valid-realm/groups", rest_client_options).and_call_original
|
81
|
+
|
82
|
+
@group_client.save(group)
|
83
|
+
end
|
84
|
+
end
|
85
|
+
|
86
|
+
describe "#create" do
|
87
|
+
let(:realm_name) { "valid-realm" }
|
88
|
+
|
89
|
+
before(:each) do
|
90
|
+
@group_client = KeycloakAdmin.realm(realm_name).groups
|
91
|
+
|
92
|
+
stub_token_client
|
93
|
+
@response = double
|
94
|
+
allow(@response).to receive(:headers).and_return(
|
95
|
+
{ location: 'http://auth.service.io/auth/admin/realms/valid-realm/groups/be061c48-6edd-4783-a726-1a57d4bfa22b' }
|
96
|
+
)
|
97
|
+
allow_any_instance_of(RestClient::Resource).to receive(:post).and_return @response
|
98
|
+
end
|
99
|
+
|
100
|
+
it "creates a group" do
|
101
|
+
stub_net_http_res(Net::HTTPCreated, 201, 'Created')
|
102
|
+
|
103
|
+
group_id = @group_client.create!("test_group_name")
|
104
|
+
expect(group_id).to eq 'be061c48-6edd-4783-a726-1a57d4bfa22b'
|
105
|
+
end
|
106
|
+
|
107
|
+
it "detects unexpected response to create a group" do
|
108
|
+
stub_net_http_res(Net::HTTPOK, 200, 'OK')
|
109
|
+
|
110
|
+
expect{ @group_client.create!("test_group_name") }.to raise_error(
|
111
|
+
'Create method returned status OK (Code: 200); expected status: Created (201)'
|
112
|
+
)
|
113
|
+
end
|
114
|
+
|
115
|
+
def stub_net_http_res(res_class, code, message)
|
116
|
+
net_http_res = double
|
117
|
+
allow(net_http_res).to receive(:message).and_return message
|
118
|
+
allow(net_http_res).to receive(:code).and_return code
|
119
|
+
allow(net_http_res).to receive(:is_a?) do |target_class|
|
120
|
+
target_class == res_class
|
121
|
+
end
|
122
|
+
allow(@response).to receive(:net_http_res).and_return net_http_res
|
123
|
+
end
|
124
|
+
end
|
125
|
+
end
|
@@ -44,4 +44,112 @@ RSpec.describe KeycloakAdmin::RealmClient do
|
|
44
44
|
end
|
45
45
|
end
|
46
46
|
end
|
47
|
+
|
48
|
+
describe "#list" do
|
49
|
+
before(:each) do
|
50
|
+
@realm_client = KeycloakAdmin.realm('master')
|
51
|
+
|
52
|
+
stub_token_client
|
53
|
+
allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '[{"id":"test_realm","realm":"test_realm"}]'
|
54
|
+
end
|
55
|
+
|
56
|
+
it "lists realms" do
|
57
|
+
realms = @realm_client.list
|
58
|
+
expect(realms.length).to eq 1
|
59
|
+
expect(realms[0].realm).to eq "test_realm"
|
60
|
+
end
|
61
|
+
|
62
|
+
it "passes rest client options" do
|
63
|
+
rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
|
64
|
+
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
65
|
+
|
66
|
+
expect(RestClient::Resource).to receive(:new).with(
|
67
|
+
"http://auth.service.io/auth/admin/realms", rest_client_options).and_call_original
|
68
|
+
|
69
|
+
realms = @realm_client.list
|
70
|
+
expect(realms.length).to eq 1
|
71
|
+
expect(realms[0].realm).to eq "test_realm"
|
72
|
+
end
|
73
|
+
end
|
74
|
+
|
75
|
+
describe "#delete" do
|
76
|
+
let(:realm_name) { "valid-realm" }
|
77
|
+
|
78
|
+
before(:each) do
|
79
|
+
@realm_client = KeycloakAdmin.realm(realm_name)
|
80
|
+
|
81
|
+
stub_token_client
|
82
|
+
allow_any_instance_of(RestClient::Resource).to receive(:delete)
|
83
|
+
end
|
84
|
+
|
85
|
+
it "delete realm" do
|
86
|
+
expect(@realm_client.delete).to be_truthy
|
87
|
+
end
|
88
|
+
|
89
|
+
it "passes rest client options" do
|
90
|
+
rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
|
91
|
+
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
92
|
+
|
93
|
+
expect(RestClient::Resource).to receive(:new).with(
|
94
|
+
"http://auth.service.io/auth/admin/realms/valid-realm", rest_client_options).and_call_original
|
95
|
+
|
96
|
+
expect(@realm_client.delete).to be_truthy
|
97
|
+
end
|
98
|
+
end
|
99
|
+
|
100
|
+
describe "#save" do
|
101
|
+
let(:realm_name) { "valid-realm" }
|
102
|
+
let(:realm) { KeycloakAdmin::RealmRepresentation.from_hash(
|
103
|
+
"id" => realm_name,
|
104
|
+
"realm" => realm_name
|
105
|
+
)}
|
106
|
+
|
107
|
+
before(:each) do
|
108
|
+
@realm_client = KeycloakAdmin.realm(nil)
|
109
|
+
|
110
|
+
stub_token_client
|
111
|
+
|
112
|
+
expect_any_instance_of(RestClient::Resource).to receive(:post).with(realm.to_json, anything)
|
113
|
+
end
|
114
|
+
|
115
|
+
it "saves a realm" do
|
116
|
+
@realm_client.save(realm)
|
117
|
+
end
|
118
|
+
|
119
|
+
it "passes rest client options" do
|
120
|
+
rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
|
121
|
+
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
122
|
+
|
123
|
+
expect(RestClient::Resource).to receive(:new).with(
|
124
|
+
"http://auth.service.io/auth/admin/realms", rest_client_options).and_call_original
|
125
|
+
|
126
|
+
@realm_client.save(realm)
|
127
|
+
end
|
128
|
+
end
|
129
|
+
|
130
|
+
describe "#update" do
|
131
|
+
let(:realm_name) { "valid-realm" }
|
132
|
+
let(:realm_json) { { smtpServer: { host: 'test_host' } } }
|
133
|
+
|
134
|
+
before(:each) do
|
135
|
+
@realm_client = KeycloakAdmin.realm(realm_name)
|
136
|
+
|
137
|
+
stub_token_client
|
138
|
+
expect_any_instance_of(RestClient::Resource).to receive(:put).with(realm_json.to_json, anything)
|
139
|
+
end
|
140
|
+
|
141
|
+
it "updates a realm" do
|
142
|
+
@realm_client.update(realm_json)
|
143
|
+
end
|
144
|
+
|
145
|
+
it "passes rest client options" do
|
146
|
+
rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
|
147
|
+
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
148
|
+
|
149
|
+
expect(RestClient::Resource).to receive(:new).with(
|
150
|
+
"http://auth.service.io/auth/admin/realms/valid-realm", rest_client_options).and_call_original
|
151
|
+
|
152
|
+
@realm_client.update(realm_json)
|
153
|
+
end
|
154
|
+
end
|
47
155
|
end
|