keycloak-admin 0.7.0 → 0.7.5

data/lib/keycloak-admin/client/realm_client.rb

@@ -5,6 +5,36 @@ module KeycloakAdmin
       @realm_name = realm_name
     end
 
+    def list
+      response = execute_http do
+        RestClient::Resource.new(realm_list_url, @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |realm_as_hash| RealmRepresentation.from_hash(realm_as_hash) }
+    end
+
+    def delete
+      execute_http do
+        RestClient::Resource.new(realm_admin_url, @configuration.rest_client_options).delete(headers)
+      end
+      true
+    end
+
+    def save(realm_representation)
+      execute_http do
+        RestClient::Resource.new(realm_list_url, @configuration.rest_client_options).post(
+          realm_representation.to_json, headers
+        )
+      end
+    end
+
+    def update(realm_representation_body)
+      execute_http do
+        RestClient::Resource.new(realm_admin_url, @configuration.rest_client_options).put(
+          realm_representation_body.to_json, headers
+        )
+      end
+    end
+
     def realm_url
       if @realm_name
         "#{server_url}/realms/#{@realm_name}"
@@ -21,6 +51,10 @@ module KeycloakAdmin
       end
     end
 
+    def realm_list_url
+      "#{server_url}/admin/realms"
+    end
+
     def token
       TokenClient.new(@configuration, self)
     end
@@ -29,10 +63,30 @@ module KeycloakAdmin
       ConfigurableTokenClient.new(@configuration, self)
     end
 
+    def clients
+      ClientClient.new(@configuration, self)
+    end
+
+    def groups
+      GroupClient.new(@configuration, self)
+    end
+
+    def group(group_id)
+      GroupResource.new(@configuration, self, group_id)
+    end
+
+    def roles
+      RoleClient.new(@configuration, self)
+    end
+
     def users
       UserClient.new(@configuration, self)
     end
 
+    def user(user_id)
+      UserResource.new(@configuration, self, user_id)
+    end
+
     def name_defined?
       !@realm_name.nil?
     end

data/lib/keycloak-admin/client/role_client.rb

@@ -0,0 +1,32 @@
+module KeycloakAdmin
+  class RoleClient < Client
+    def initialize(configuration, realm_client)
+      super(configuration)
+      raise ArgumentError.new("realm must be defined") unless realm_client.name_defined?
+      @realm_client = realm_client
+    end
+
+    def list
+      response = execute_http do
+        RestClient::Resource.new(roles_url, @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |role_as_hash| RoleRepresentation.from_hash(role_as_hash) }
+    end
+
+    def save(role_representation)
+      execute_http do
+        RestClient::Resource.new(roles_url, @configuration.rest_client_options).post(
+          role_representation.to_json, headers
+        )
+      end
+    end
+
+    def roles_url(id=nil)
+      if id
+        "#{@realm_client.realm_admin_url}/roles/#{id}"
+      else
+        "#{@realm_client.realm_admin_url}/roles"
+      end
+    end
+  end
+end

data/lib/keycloak-admin/client/role_mapper_client.rb

@@ -0,0 +1,20 @@
+module KeycloakAdmin
+  class RoleMapperClient < Client
+    def initialize(configuration, user_resource)
+      super(configuration)
+      @user_resource = user_resource
+    end
+
+    def save_realm_level(role_representation_list)
+      execute_http do
+        RestClient::Resource.new(realm_level_url, @configuration.rest_client_options).post(
+          role_representation_list.to_json, headers
+        )
+      end
+    end
+
+    def realm_level_url
+      "#{@user_resource.resource_url}/role-mappings/realm"
+    end
+  end
+end

data/lib/keycloak-admin/client/user_client.rb

@@ -13,7 +13,9 @@ module KeycloakAdmin
 
     def save(user_representation)
       execute_http do
-        RestClient.post(users_url, user_representation.to_json, headers)
+        RestClient::Resource.new(users_url, @configuration.rest_client_options).post(
+          user_representation.to_json, headers
+        )
       end
       user_representation
     end
@@ -30,12 +32,17 @@ module KeycloakAdmin
     end
 
     def search(query)
+      derived_headers = query ? headers.merge({params: { search: query }}) : headers
       response = execute_http do
-        RestClient.get(users_url, headers.merge({params: { search: query }}))
+        RestClient::Resource.new(users_url, @configuration.rest_client_options).get(derived_headers)
       end
       JSON.parse(response).map { |user_as_hash| UserRepresentation.from_hash(user_as_hash) }
     end
 
+    def list
+      search(nil)
+    end
+
     def delete(user_id)
       execute_http do
         RestClient::Resource.new(users_url(user_id), @configuration.rest_client_options).delete(headers)
@@ -43,6 +50,13 @@ module KeycloakAdmin
       true
     end
 
+    def groups(user_id)
+      response = execute_http do
+        RestClient::Resource.new(groups_url(user_id), @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |group_as_hash| GroupRepresentation.from_hash(group_as_hash) }
+    end
+
     def update_password(user_id, new_password)
       execute_http do
         RestClient.put(reset_password_url(user_id), {
@@ -66,6 +80,23 @@ module KeycloakAdmin
       ImpersonationRedirectionRepresentation.from_url(impersonation_url(user_id), headers)
     end
 
+    def link_idp(user_id, idp_id, idp_user_id, idp_username)
+      fed_id_rep                   = FederatedIdentityRepresentation.new
+      fed_id_rep.user_id           = idp_user_id
+      fed_id_rep.user_name         = idp_username
+      fed_id_rep.identity_provider = idp_id
+
+      execute_http do
+        RestClient.post(federated_identity_url(user_id, idp_id), fed_id_rep.to_json, headers)
+      end
+    end
+
+    def unlink_idp(user_id, idp_id)
+      execute_http do
+        RestClient::Resource.new(federated_identity_url(user_id, idp_id), @configuration.rest_client_options).delete(headers)
+      end
+    end
+
     def users_url(id=nil)
       if id
         "#{@realm_client.realm_admin_url}/users/#{id}"
@@ -79,11 +110,22 @@ module KeycloakAdmin
       "#{users_url(user_id)}/reset-password"
     end
 
+    def groups_url(user_id)
+      raise ArgumentError.new("user_id must be defined") if user_id.nil?
+      "#{users_url(user_id)}/groups"
+    end
+
     def impersonation_url(user_id)
       raise ArgumentError.new("user_id must be defined") if user_id.nil?
       "#{users_url(user_id)}/impersonation"
     end
 
+    def federated_identity_url(user_id, identity_provider)
+      raise ArgumentError.new("user_id must be defined") if user_id.nil?
+      raise ArgumentError.new("identity_provider must be defined") if identity_provider.nil?
+      "#{users_url(user_id)}/federated-identity/#{identity_provider}"
+    end
+
     private
 
     def build(username, email, password, email_verified, locale)

data/lib/keycloak-admin/representation/camel_json.rb

@@ -5,7 +5,7 @@ module KeycloakAdmin
       if first_letter_in_uppercase
         lower_case_and_underscored_word.to_s.gsub(/\/(.?)/) { "::" + $1.upcase }.gsub(/(^|_)(.)/) { $2.upcase }
       else
-        lower_case_and_underscored_word.first + camelize(lower_case_and_underscored_word)[1..-1]
+        lower_case_and_underscored_word[0] + camelize(lower_case_and_underscored_word)[1..-1]
       end
     end
   end

data/lib/keycloak-admin/representation/client_representation.rb

@@ -0,0 +1,16 @@
+module KeycloakAdmin
+  class ClientRepresentation < Representation
+    attr_accessor :id,
+      :name,
+      :client_id
+    # TODO: Add more attributes
+
+    def self.from_hash(hash)
+      client           = new
+      client.id        = hash["id"]
+      client.name      = hash["name"]
+      client.client_id = hash["clientId"]
+      client
+    end
+  end
+end

data/lib/keycloak-admin/representation/federated_identity_representation.rb

@@ -0,0 +1,15 @@
+module KeycloakAdmin
+  class FederatedIdentityRepresentation < Representation
+    attr_accessor :identity_provider,
+      :user_id,
+      :user_name
+
+    def self.from_hash(hash)
+      rep                   = new
+      rep.identity_provider = hash['identityProvider']
+      rep.user_id           = hash['userId']
+      rep.user_name         = hash['userName']
+      rep
+    end
+  end
+end

data/lib/keycloak-admin/representation/group_representation.rb

@@ -0,0 +1,15 @@
+module KeycloakAdmin
+  class GroupRepresentation < Representation
+    attr_accessor :id,
+      :name,
+      :path
+
+    def self.from_hash(hash)
+      group      = new
+      group.id   = hash["id"]
+      group.name = hash["name"]
+      group.path = hash["path"]
+      group
+    end
+  end
+end

data/lib/keycloak-admin/representation/realm_representation.rb

@@ -0,0 +1,14 @@
+module KeycloakAdmin
+  class RealmRepresentation < Representation
+    attr_accessor :id,
+      :realm
+    # TODO: Add more attributes
+
+    def self.from_hash(hash)
+      realm       = new
+      realm.id    = hash["id"]
+      realm.realm = hash["realm"]
+      realm
+    end
+  end
+end

data/lib/keycloak-admin/representation/representation.rb

@@ -4,8 +4,12 @@ require_relative "camel_json"
 class Representation
   include ::KeycloakAdmin::CamelJson
 
+  def as_json(options=nil)
+    Hash[instance_variables.map { |ivar| [ivar.to_s[1..-1], instance_variable_get(ivar)] }]
+  end
+
   def to_json(options=nil)
-    snaked_hash = as_json
+    snaked_hash = as_json(options)
     snaked_hash.keys.reduce({}) do |camelized_hash, key|
       camelized_hash[camelize(key, false)] = snaked_hash[key]
       camelized_hash

data/lib/keycloak-admin/representation/role_representation.rb

@@ -0,0 +1,17 @@
+module KeycloakAdmin
+  class RoleRepresentation < Representation
+    attr_accessor :id,
+      :name,
+      :composite,
+      :client_role
+
+    def self.from_hash(hash)
+      role             = new
+      role.id          = hash["id"]
+      role.name        = hash["name"]
+      role.composite   = hash["composite"]
+      role.client_role = hash["clientRole"]
+      role
+    end
+  end
+end

data/lib/keycloak-admin/representation/user_representation.rb

@@ -1,7 +1,7 @@
 module KeycloakAdmin
   class UserRepresentation < Representation
     attr_accessor :id,
-      :created_at,
+      :created_timestamp,
       :attributes,
       :origin,
       :username,
@@ -10,21 +10,23 @@ module KeycloakAdmin
       :email_verified,
       :first_name,
       :last_name,
-      :credentials
+      :credentials,
+      :federated_identities
 
     def self.from_hash(hash)
-      user                = new
-      user.id             = hash["id"]
-      user.created_at     = Time.at(hash["createdTimestamp"] / 1000).to_datetime
-      user.origin         = hash["origin"]
-      user.username       = hash["username"]
-      user.email          = hash["email"]
-      user.enabled        = hash["enabled"]
-      user.email_verified = hash["emailVerified"]
-      user.first_name     = hash["firstName"]
-      user.last_name      = hash["lastName"]
-      user.attributes     = hash["attributes"]
-      user.credentials    = hash["credentials"]&.map{ |hash| CredentialRepresentation.from_hash(hash) } || []
+      user                      = new
+      user.id                   = hash["id"]
+      user.created_timestamp    = hash["createdTimestamp"]
+      user.origin               = hash["origin"]
+      user.username             = hash["username"]
+      user.email                = hash["email"]
+      user.enabled              = hash["enabled"]
+      user.email_verified       = hash["emailVerified"]
+      user.first_name           = hash["firstName"]
+      user.last_name            = hash["lastName"]
+      user.attributes           = hash["attributes"]
+      user.credentials          = hash["credentials"]&.map{ |hash| CredentialRepresentation.from_hash(hash) } || []
+      user.federated_identities = hash["federatedIdentities"]&.map { |hash| FederatedIdentityRepresentation.from_hash(hash) } || []
       user
     end
 
@@ -32,5 +34,10 @@ module KeycloakAdmin
       @credentials ||= []
       @credentials.push(credential_representation)
     end
+
+    def add_federated_identity(federated_identity_representation)
+      @federated_identities ||= []
+      @federated_identities.push(federated_identity_representation)
+    end
   end
 end

data/lib/keycloak-admin/resource/base_role_containing_resource.rb

@@ -0,0 +1,26 @@
+module KeycloakAdmin
+  class BaseRoleContainingResource
+    def initialize(configuration, realm_client, resource_id)
+      @configuration = configuration
+      raise ArgumentError.new("realm must be defined") unless realm_client.name_defined?
+      @realm_client = realm_client
+      @resource_id = resource_id
+    end
+
+    def resources_name
+      raise NotImplementedError.new('must override in subclass')
+    end
+
+    def resource_url
+      "#{@realm_client.realm_admin_url}/#{resources_name}/#{@resource_id}"
+    end
+
+    def client_role_mappings(client_id)
+      ClientRoleMappingsClient.new(@configuration, self, client_id)
+    end
+
+    def role_mapper
+      RoleMapperClient.new(@configuration, self)
+    end
+  end
+end

data/lib/keycloak-admin/resource/group_resource.rb

@@ -0,0 +1,7 @@
+module KeycloakAdmin
+  class GroupResource < BaseRoleContainingResource
+    def resources_name
+      "groups"
+    end
+  end
+end

data/lib/keycloak-admin/resource/user_resource.rb

@@ -0,0 +1,7 @@
+module KeycloakAdmin
+  class UserResource < BaseRoleContainingResource
+    def resources_name
+      "users"
+    end
+  end
+end

data/lib/keycloak-admin/version.rb

@@ -1,3 +1,3 @@
 module KeycloakAdmin
-  VERSION = "0.7.0"
+  VERSION = "0.7.5"
 end

data/spec/client/client_client_spec.rb

@@ -0,0 +1,53 @@
+RSpec.describe KeycloakAdmin::ClientClient do
+  describe "#clients_url" do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id)    { nil }
+
+    before(:each) do
+      @built_url = KeycloakAdmin.realm(realm_name).clients.clients_url(client_id)
+    end
+
+    context "when client_id is not defined" do
+      let(:client_id) { nil }
+      it "return a proper url without client id" do
+        expect(@built_url).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients"
+      end
+    end
+
+    context "when client_id is defined" do
+      let(:client_id) { "95985b21-d884-4bbd-b852-cb8cd365afc2" }
+      it "return a proper url with the client id" do
+        expect(@built_url).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/95985b21-d884-4bbd-b852-cb8cd365afc2"
+      end
+    end
+  end
+
+  describe "#list" do
+    let(:realm_name) { "valid-realm" }
+
+    before(:each) do
+      @client_client = KeycloakAdmin.realm(realm_name).clients
+
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '[{"id":"test_client_id","name":"test_client_name"}]'
+    end
+
+    it "lists clients" do
+      clients = @client_client.list
+      expect(clients.length).to eq 1
+      expect(clients[0].name).to eq "test_client_name"
+    end
+
+    it "passes rest client options" do
+      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
+
+      expect(RestClient::Resource).to receive(:new).with(
+        "http://auth.service.io/auth/admin/realms/valid-realm/clients", rest_client_options).and_call_original
+
+      clients = @client_client.list
+      expect(clients.length).to eq 1
+      expect(clients[0].name).to eq "test_client_name"
+    end
+  end
+end