keycloak-admin 0.7.0 → 0.7.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 970da832a135573c026406dd6e24bebad0faadde
-  data.tar.gz: 0116019f2c32443bbd8c9567b8243cb84e75da7a
+SHA256:
+  metadata.gz: 4c3087f9b9079163b0648bd1a3ae30d3526fef7f8f5d7afc59f251b9f23e7507
+  data.tar.gz: 99eeb84049b48e7410e271f4633d0a79b765d9dd5bb4d185469eebe247c98b19
 SHA512:
-  metadata.gz: 65fab8de261bdb5bbef86e05961e4c49858143d6b0eb3e1282ed13b67aa3d4b2e2a7bf6a54788cf02ebaee78eea9c2658644d54e70b45777e6348ac4867c199e
-  data.tar.gz: b8ab004c2772051d424f277572b42c57ef523d04fc1f43274c97964bd4dc1291b54d24bb70b8785b0fe404c30a23f2bba2636efb244ac6a4eb663bc40e58708f
+  metadata.gz: 28d689fe25884746e02f3f1dba166a2c78472f7e897680b39efe2c10e782fe52a1f661265e59ee676f65a4ee8cd3cc3b99e77dcb9fc3e8a44b2a92ca976db038
+  data.tar.gz: d065e64a554f1991e1ec4be2c77cfb81d5e811a6db64d452bdafb7e1cf1e0ce4449444446374e9f09472fa07fee6f8a7468311ff44a86bfd7c5e1ff2cd573656

data/.gitignore

@@ -5,4 +5,5 @@ test/dummy/db/*.sqlite3
 test/dummy/db/*.sqlite3-journal
 test/dummy/log/*.log
 test/dummy/tmp/
-*.gem
+*.gem
+.idea/

data/CHANGELOG.md

@@ -0,0 +1,70 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [0.7.5] - 2020-03-28
+
+Thanks to @RomanHargrave
+* Support for working with federated identity provider (broker) links
+
+## [0.7.4] - 2019-10-17
+
+* Support for Rails 6
+
+## [0.7.3] - 2019-07-11
+
+Thanks to @cederigo=
+* For a given user, get her list of groups
+
+## [0.7.2] - 2019-06-17
+
+Thanks to @vlad-ro:
+
+* Get list of client role mappings for a group
+* Save client role mappings for a user/group
+* Save realm-level role mappings for a user/group
+
+## [0.7.1] - 2019-06-11
+
+Thanks to @vlad-ro:
+
+* List users
+* List clients
+* List groups, create/save a group
+* List roles, save a role
+* List realms, save/update/delete a realm
+* Get list of client role mappings for a user
+* Support passing rest client options for user save and search
+* Support using gem without ActiveSupport
+
+## [0.7.0] - 2019-06-06
+
+Thanks to @vlad-ro:
+
+* Support passing rest client options
+* More documentation
+* More tests
+* Better handling of timeouts
+
+## [0.6.5] - 2019-05-14
+
+* Get user
+
+## [0.6.2] - 2019-05-14
+
+* Update users
+
+## [0.6] - 2019-03-06
+
+* Save a locale when creating a new user
+
+## [0.5] - 2018-01-26
+
+* Client to access Custom REST API configurable-token
+
+## [0.3] - 2018-01-19
+
+* Support of impersonation

data/Dockerfile

@@ -1,4 +1,4 @@
-FROM ruby:2.3
+FROM ruby:2.6.5
 RUN mkdir -p /usr/src/app/lib/keycloak-admin
 WORKDIR /usr/src/app
 

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    keycloak-admin (0.7.0)
+    keycloak-admin (0.7.5)
       http-cookie (~> 1.0, >= 1.0.3)
       rest-client (~> 2.0)
 
@@ -10,15 +10,17 @@ GEM
   specs:
     byebug (9.1.0)
     diff-lcs (1.3)
-    domain_name (0.5.20180417)
+    domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
+    http-accept (1.7.0)
     http-cookie (1.0.3)
       domain_name (~> 0.5)
-    mime-types (3.2.2)
+    mime-types (3.3.1)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2019.0331)
+    mime-types-data (3.2019.1009)
     netrc (0.11.0)
-    rest-client (2.0.2)
+    rest-client (2.1.0)
+      http-accept (>= 1.7.0, < 2.0)
       http-cookie (>= 1.0.2, < 2.0)
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)

data/README.md

@@ -12,7 +12,7 @@ This gem *does not* require Rails.
 For example, using `bundle`, add this line to your Gemfile.
 
 ```ruby
-gem "keycloak-admin", "0.7.0"
+gem "keycloak-admin", "0.7.5"
 ```
 
 ## Login
@@ -58,6 +58,7 @@ KeycloakAdmin.configure do |config|
   config.username            = ENV["KEYCLOAK_ADMIN_USER"]
   config.password            = ENV["KEYCLOAK_ADMIN_PASSWORD"]
   config.logger              = Rails.logger
+  config.rest_client_options = { verify_ssl: OpenSSL::SSL::VERIFY_NONE }
 end
 ```
 This example is autoloaded in a Rails environment.
@@ -76,6 +77,7 @@ All options have a default value. However, all of them can be changed in your in
 | `username` | `nil`| String | Optional | Username to access the Admin REST API. Recommended if `user_service_account` is set to `false`. | `mummy` |
 | `password` | `nil`| String | Optional | Clear password to access the Admin REST API. Recommended if `user_service_account` is set to `false`. | `bobby` |
 | `logger` | `Logger.new(STDOUT)`| Logger | Optional | The logger used by `keycloak-admin` | `Rails.logger` | 
+| `rest_client_options` | `{}`| Hash | Optional | Options to pass to `RestClient` | `{ verify_ssl: OpenSSL::SSL::VERIFY_NONE }` | 
 
 
 ## Use Case
@@ -83,11 +85,19 @@ All options have a default value. However, all of them can be changed in your in
 ### Supported features
 
 * Get an access token
-* Create/update/get a user
+* Create/update/get/delete a user
+* Get list of users, search for user(s)
 * Reset credentials
-* Delete a user
 * Impersonate a user
 * Exchange a configurable token
+* Get list of clients
+* Get list of groups, create/save a group
+* Get list of roles, save a role
+* Get list of realms, save/update/delete a realm
+* Get list of client role mappings for a user/group
+* Save client role mappings for a user/group
+* Save realm-level role mappings for a user/group
+* Link/Unlink users to federated identity provider brokers
 
 ### Get an access token
 
@@ -114,6 +124,14 @@ Returns an array of `KeycloakAdmin::UserRepresentation`.
 KeycloakAdmin.realm("a_realm").users.search("a_username_or_an_email")
 ```
 
+### List all users in a realm
+
+Returns an array of `KeycloakAdmin::UserRepresentation`.
+
+```ruby
+KeycloakAdmin.realm("a_realm").users.list
+```
+
 ### Save a user
 
 Returns the provided `user`, which must be of type `KeycloakAdmin::UserRepresentation`.
@@ -188,6 +206,134 @@ token_lifespan_in_seconds = 20
 KeycloakAdmin.realm("a_realm").configurable_token.exchange_with(user_access_token, token_lifespan_in_seconds)
 ```
 
+### Get list of realms
+
+Returns an array of `KeycloakAdmin::RealmRepresentation`.
+
+```ruby
+KeycloakAdmin.realm("master").list
+```
+
+### Save a realm
+
+Takes `realm` of type `KeycloakAdmin::RealmRepresentation`, or an object implementing `to_json`, such as a `Hash`.
+
+```ruby
+KeycloakAdmin.realm(nil).save(realm)
+```
+
+### Update a realm
+
+If you want to update its entire entity. To update some specific attributes, provide an object implementing `to_json`, such as a `Hash`.
+
+```ruby
+KeycloakAdmin.realm("a_realm").update({
+  smtpServer: { host: 'test_host' }
+})
+```
+
+### Delete a realm
+
+```ruby
+KeycloakAdmin.realm("a_realm").delete
+```
+
+### Get list of clients in a realm
+
+Returns an array of `KeycloakAdmin::ClientRepresentation`.
+
+```ruby
+KeycloakAdmin.realm("a_realm").clients.list
+```
+
+### Get list of groups in a realm
+
+Returns an array of `KeycloakAdmin::GroupRepresentation`.
+
+```ruby
+KeycloakAdmin.realm("a_realm").groups.list
+```
+
+### Save a group
+
+Returns the id of saved `group` provided, which must be of type `KeycloakAdmin::GroupRepresentation`.
+
+```ruby
+KeycloakAdmin.realm("a_realm").groups.save(group)
+```
+
+### Create and save a group with a name and path
+
+Returns the id of created group.
+
+```ruby
+group_name = "test"
+group_path = "/top"
+group_id = KeycloakAdmin.realm("a_realm").groups.create!(group_name, group_path)
+```
+
+### Get list of roles in a realm
+
+Returns an array of `KeycloakAdmin::RoleRepresentation`.
+
+```ruby
+KeycloakAdmin.realm("a_realm").roles.list
+```
+
+### Save a role
+
+Takes `role`, which must be of type `KeycloakAdmin::RoleRepresentation`.
+
+```ruby
+KeycloakAdmin.realm("a_realm").roles.save(role)
+```
+
+### Get list of client role mappings for a user/group
+
+Returns an array of `KeycloakAdmin::RoleRepresentation`.
+
+```ruby
+user_id   = "95985b21-d884-4bbd-b852-cb8cd365afc2"
+client_id = "1869e876-71b4-4de2-849e-66540db3a098"
+KeycloakAdmin.realm("a_realm").user(user_id).client_role_mappings(client_id).list_available
+```
+or
+```ruby
+group_id  = "3a63b5c0-ef8a-47fd-86ed-b5fead18d9b8"
+client_id = "1869e876-71b4-4de2-849e-66540db3a098"
+KeycloakAdmin.realm("a_realm").group(group_id).client_role_mappings(client_id).list_available
+```
+
+### Save list of client role mappings for a user/group
+
+Takes `role_list`, which must be an array of type `KeycloakAdmin::RoleRepresentation`.
+
+```ruby
+user_id   = "95985b21-d884-4bbd-b852-cb8cd365afc2"
+client_id = "1869e876-71b4-4de2-849e-66540db3a098"
+KeycloakAdmin.realm("a_realm").user(user_id).client_role_mappings(client_id).save(role_list)
+```
+or
+```ruby
+group_id  = "3a63b5c0-ef8a-47fd-86ed-b5fead18d9b8"
+client_id = "1869e876-71b4-4de2-849e-66540db3a098"
+KeycloakAdmin.realm("a_realm").group(group_id).client_role_mappings(client_id).save(role_list)
+```
+
+### Save list of realm-level role mappings for a user/group
+
+Takes `role_list`, which must be an array of type `KeycloakAdmin::RoleRepresentation`.
+
+```ruby
+user_id   = "95985b21-d884-4bbd-b852-cb8cd365afc2"
+KeycloakAdmin.realm("a_realm").user(user_id).role_mapper.save_realm_level(role_list)
+```
+or
+```ruby
+group_id  = "3a63b5c0-ef8a-47fd-86ed-b5fead18d9b8"
+KeycloakAdmin.realm("a_realm").group(group_id).role_mapper.save_realm_level(role_list)
+```
+
 ## How to execute library tests
 
 From the `keycloak-admin-api` directory:

data/lib/keycloak-admin.rb

@@ -2,17 +2,30 @@ require "logger"
 
 require_relative "keycloak-admin/configuration"
 require_relative "keycloak-admin/client/client"
+require_relative "keycloak-admin/client/client_client"
+require_relative "keycloak-admin/client/client_role_mappings_client"
+require_relative "keycloak-admin/client/group_client"
 require_relative "keycloak-admin/client/realm_client"
+require_relative "keycloak-admin/client/role_client"
+require_relative "keycloak-admin/client/role_mapper_client"
 require_relative "keycloak-admin/client/token_client"
 require_relative "keycloak-admin/client/user_client"
 require_relative "keycloak-admin/client/configurable_token_client"
 require_relative "keycloak-admin/representation/camel_json"
 require_relative "keycloak-admin/representation/representation"
+require_relative "keycloak-admin/representation/client_representation"
+require_relative "keycloak-admin/representation/group_representation"
 require_relative "keycloak-admin/representation/token_representation"
 require_relative "keycloak-admin/representation/impersonation_redirection_representation"
 require_relative "keycloak-admin/representation/impersonation_representation"
 require_relative "keycloak-admin/representation/credential_representation"
+require_relative "keycloak-admin/representation/realm_representation"
+require_relative "keycloak-admin/representation/role_representation"
+require_relative "keycloak-admin/representation/federated_identity_representation"
 require_relative "keycloak-admin/representation/user_representation"
+require_relative "keycloak-admin/resource/base_role_containing_resource"
+require_relative "keycloak-admin/resource/group_resource"
+require_relative "keycloak-admin/resource/user_resource"
 
 module KeycloakAdmin
 

data/lib/keycloak-admin/client/client.rb

@@ -9,13 +9,13 @@ module KeycloakAdmin
       @configuration.server_url
     end
 
-    def token
-      @token ||= KeycloakAdmin.realm(@configuration.client_realm_name).token.get
+    def current_token
+      @current_token ||= KeycloakAdmin.realm(@configuration.client_realm_name).token.get
     end
 
     def headers
       {
-        Authorization: "Bearer #{token.access_token}",
+        Authorization: "Bearer #{current_token.access_token}",
         content_type: :json,
         accept:       :json
       }
@@ -29,6 +29,14 @@ module KeycloakAdmin
       http_error(e.response)
     end
 
+    def created_id(response)
+      unless response.net_http_res.is_a? Net::HTTPCreated
+        raise "Create method returned status #{response.net_http_res.message} (Code: #{response.net_http_res.code}); expected status: Created (201)"
+      end
+      (_head, _separator, id) = response.headers[:location].rpartition('/')
+      id
+    end
+
     private
 
     def http_error(response)

data/lib/keycloak-admin/client/client_client.rb

@@ -0,0 +1,24 @@
+module KeycloakAdmin
+  class ClientClient < Client
+    def initialize(configuration, realm_client)
+      super(configuration)
+      raise ArgumentError.new("realm must be defined") unless realm_client.name_defined?
+      @realm_client = realm_client
+    end
+
+    def list
+      response = execute_http do
+        RestClient::Resource.new(clients_url, @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |client_as_hash| ClientRepresentation.from_hash(client_as_hash) }
+    end
+
+    def clients_url(id=nil)
+      if id
+        "#{@realm_client.realm_admin_url}/clients/#{id}"
+      else
+        "#{@realm_client.realm_admin_url}/clients"
+      end
+    end
+  end
+end

data/lib/keycloak-admin/client/client_role_mappings_client.rb

@@ -0,0 +1,32 @@
+module KeycloakAdmin
+  class ClientRoleMappingsClient < Client
+    def initialize(configuration, user_resource, client_id)
+      super(configuration)
+      @user_resource = user_resource
+      @client_id = client_id
+    end
+
+    def list_available
+      response = execute_http do
+        RestClient::Resource.new(list_available_url, @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |role_as_hash| RoleRepresentation.from_hash(role_as_hash) }
+    end
+
+    def save(role_representation_list)
+      execute_http do
+        RestClient::Resource.new(base_url, @configuration.rest_client_options).post(
+          role_representation_list.to_json, headers
+        )
+      end
+    end
+
+    def list_available_url
+      "#{@user_resource.resource_url}/role-mappings/clients/#{@client_id}/available"
+    end
+
+    def base_url
+      "#{@user_resource.resource_url}/role-mappings/clients/#{@client_id}"
+    end
+  end
+end

data/lib/keycloak-admin/client/group_client.rb

@@ -0,0 +1,46 @@
+module KeycloakAdmin
+  class GroupClient < Client
+    def initialize(configuration, realm_client)
+      super(configuration)
+      raise ArgumentError.new("realm must be defined") unless realm_client.name_defined?
+      @realm_client = realm_client
+    end
+
+    def list
+      response = execute_http do
+        RestClient::Resource.new(groups_url, @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |group_as_hash| GroupRepresentation.from_hash(group_as_hash) }
+    end
+
+    def create!(name, path = nil)
+      response = save(build(name, path))
+      created_id(response)
+    end
+
+    def save(group_representation)
+      execute_http do
+        RestClient::Resource.new(groups_url, @configuration.rest_client_options).post(
+          group_representation.to_json, headers
+        )
+      end
+    end
+
+    def groups_url(id=nil)
+      if id
+        "#{@realm_client.realm_admin_url}/groups/#{id}"
+      else
+        "#{@realm_client.realm_admin_url}/groups"
+      end
+    end
+
+    private
+
+    def build(name, path)
+      group      = GroupRepresentation.new
+      group.name = name
+      group.path = path
+      group
+    end
+  end
+end