keycloak-admin 1.1.0 → 1.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 140b6a3bb680503f4bac8336250974b930535ef270f66b56b488ad78e182cd6b
-  data.tar.gz: 45c9d2ed7af63d6eaf027eebb4a6a9309d115d1fea88df9d8b4bb5c0d14ec7cc
+  metadata.gz: 75a9e29c443612983e789a4d2d38d050908a0239fd4b74bca5f5d722234ef940
+  data.tar.gz: e0bf740884bb1da5bf3c63032f6349e46f98ce56f1b06f0ae62dcb96eb324bb7
 SHA512:
-  metadata.gz: da197ebef3a7bc8fc82a95258eb684d007fbb69d48b62f6f19afd510fbbce11b30ac0c98f3b0731ebc56556311330707360a72f0505c9021d7f34d799a045534
-  data.tar.gz: e77461558697bbe7c372973673a3e58d9530720da6db2eaa76b79b1616e06ad05148cf843bd3c23a9d15a6fa55e27ac8988fccea776d593fd96e5f1130b6c0e1
+  metadata.gz: 1cc1adf071a240af23ace33f0f48d3b4c9cee0868dc4e50acab30d900bc0575fd4784bd725869dff58e79c053e4b6505376569855fbdb647bf929b8d82190277
+  data.tar.gz: e34ae74e3096db9fa6ac6c92370eed71e23e25a4d896a98eed1afb68cfeb422d66ad99eb5d4a02460bd7fa3a6b57b2c6b351bfb42d4adb7fcdab70fc838f4825

data/CHANGELOG.md

@@ -5,6 +5,16 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.1.2] - 2024-05-22
+
+* Add group endpoints (get, children, delete), support for group attributes (thanks to @mkrawc)
+* GroupClient#save method now can update an existing group (thanks to @mkrawc)
+* RoleClient#save method now can update an existing role (thanks to @mkrawc)
+
+## [1.1.1] - 2024-01-21
+
+* Add/List realm-role/s to a group, Allow role-names with spaces, List groups assigned to role (thanks to @LiquidMagical)
+
 ## [1.1.0] - 2023-10-03
 
 * Search for groups with parameters (thanks to @@tlloydthwaites)

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    keycloak-admin (1.1.0)
+    keycloak-admin (1.1.2)
       http-cookie (~> 1.0, >= 1.0.3)
       rest-client (~> 2.0)
 
@@ -9,15 +9,14 @@ GEM
   remote: https://rubygems.org/
   specs:
     byebug (11.1.3)
-    diff-lcs (1.5.0)
-    domain_name (0.5.20190701)
-      unf (>= 0.0.5, < 1.0.0)
+    diff-lcs (1.5.1)
+    domain_name (0.6.20240107)
     http-accept (1.7.0)
     http-cookie (1.0.5)
       domain_name (~> 0.5)
-    mime-types (3.5.1)
+    mime-types (3.5.2)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2023.0808)
+    mime-types-data (3.2024.0507)
     netrc (0.11.0)
     rest-client (2.1.0)
       http-accept (>= 1.7.0, < 2.0)
@@ -28,18 +27,15 @@ GEM
       rspec-core (~> 3.12.0)
       rspec-expectations (~> 3.12.0)
       rspec-mocks (~> 3.12.0)
-    rspec-core (3.12.2)
+    rspec-core (3.12.3)
       rspec-support (~> 3.12.0)
-    rspec-expectations (3.12.3)
+    rspec-expectations (3.12.4)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.12.0)
-    rspec-mocks (3.12.6)
+    rspec-mocks (3.12.7)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.12.0)
-    rspec-support (3.12.1)
-    unf (0.1.4)
-      unf_ext
-    unf_ext (0.0.8.2)
+    rspec-support (3.12.2)
 
 PLATFORMS
   ruby

data/README.md

@@ -12,7 +12,7 @@ This gem *does not* require Rails.
 For example, using `bundle`, add this line to your Gemfile.
 
 ```ruby
-gem "keycloak-admin", "1.0.24"
+gem "keycloak-admin", "1.1.2"
 ```
 
 ## Login
@@ -80,7 +80,9 @@ KeycloakAdmin.configure do |config|
   config.username            = ENV["KEYCLOAK_ADMIN_USER"]
   config.password            = ENV["KEYCLOAK_ADMIN_PASSWORD"]
   config.logger              = Rails.logger
-  config.rest_client_options = { verify_ssl: OpenSSL::SSL::VERIFY_NONE }
+
+  # You configure RestClient to your liking – see https://github.com/rest-client/rest-client/blob/master/lib/restclient/request.rb for available options.
+  config.rest_client_options = { timeout: 5 }
 end
 ```
 This example is autoloaded in a Rails environment.
@@ -100,7 +102,7 @@ All options have a default value. However, all of them can be changed in your in
 | `username` | `nil`| String | Optional | Username to access the Admin REST API. Recommended if `user_service_account` is set to `false`. | `mummy` |
 | `password` | `nil`| String | Optional | Clear password to access the Admin REST API. Recommended if `user_service_account` is set to `false`. | `bobby` |
 | `logger` | `Logger.new(STDOUT)`| Logger | Optional | The logger used by `keycloak-admin` | `Rails.logger` | 
-| `rest_client_options` | `{}`| Hash | Optional | Options to pass to `RestClient` | `{ verify_ssl: OpenSSL::SSL::VERIFY_NONE }` | 
+| `rest_client_options` | `{}`| Hash | Optional | Options to pass to `RestClient` | `{ timeout: 5 }` | 
 
 
 ## Use Cases
@@ -120,6 +122,8 @@ All options have a default value. However, all of them can be changed in your in
 * Get list of realms, save/update/delete a realm
 * Get list of client role mappings for a user/group
 * Get list of members of a group
+* Get list of groups that have a specific role assigned
+* Get list of realm-roles assigned to a group, add a realm-role to a group
 * Save client role mappings for a user/group
 * Save realm-level role mappings for a user/group
 * Add a Group on a User
@@ -185,10 +189,15 @@ If you want to update its entire entity. To update some specific attributes, pro
 
 ```ruby
 KeycloakAdmin.realm("a_realm").users.update("05c135c6-5ad8-4e17-b1fa-635fc089fd71", {
-  email: "hello@gmail.com"
+  email: "hello@gmail.com",
+  username: "hello",
+  first_name: "Jean",
+  last_name: "Dupond"
 })
 ```
 
+Attention point: Since Keycloak 24.0.4, when updating a user, all the writable profile attributes must be passed, otherwise they will be removed. (https://www.keycloak.org/docs/24.0.4/upgrading/)
+
 ### Delete a user
 
 ```ruby
@@ -367,6 +376,30 @@ You can specify paging with `first` and `max`:
 KeycloakAdmin.realm("a_realm").group("group_id").members(first:0, max:100)
 ```
 
+### Get list of groups that have a specific role assigned
+
+Returns an array of `KeycloakAdmin::GroupRepresentation`
+
+```ruby
+KeycloakAdmin.realm("a_realm").roles.list_groups("role_name")
+```
+
+### Get list of realm-roles assigned to a group
+
+Returns an array of `KeycloakAdmin::RoleRepresentation`
+
+```ruby
+KeycloakAdmin.realm("a_realm").groups.get_realm_level_roles("group_id")
+```
+
+### Add a realm-role to a group
+
+Returns added `KeycloakAdmin::RoleRepresentation`
+
+```ruby
+KeycloakAdmin.realm("a_realm").groups.add_realm_level_role_name!("group_id", "role_name")
+```
+
 ### Get list of roles in a realm
 
 Returns an array of `KeycloakAdmin::RoleRepresentation`.

data/lib/keycloak-admin/client/group_client.rb

@@ -6,6 +6,21 @@ module KeycloakAdmin
       @realm_client = realm_client
     end
 
+    def get(group_id)
+      response = execute_http do
+        RestClient::Resource.new(groups_url(group_id), @configuration.rest_client_options).get(headers)
+      end
+      GroupRepresentation.from_hash(JSON.parse(response))
+    end
+
+    def children(parent_id)
+      response = execute_http do
+        url = "#{groups_url(parent_id)}/children"
+        RestClient::Resource.new(url, @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |group_as_hash| GroupRepresentation.from_hash(group_as_hash) }
+    end
+
     def list
       search(nil)
     end
@@ -25,29 +40,39 @@ module KeycloakAdmin
       JSON.parse(response).map { |group_as_hash| GroupRepresentation.from_hash(group_as_hash) }
     end
 
-    def create!(name, path = nil)
-      response = save(build(name, path))
+    def create!(name, path = nil, attributes = {})
+      response = save(build(name, path, attributes))
       created_id(response)
     end
 
     def save(group_representation)
       execute_http do
-        RestClient::Resource.new(groups_url, @configuration.rest_client_options).post(
-          create_payload(group_representation), headers
-        )
+        payload = create_payload(group_representation)
+        if group_representation.id
+          RestClient::Resource.new(groups_url(group_representation.id), @configuration.rest_client_options).put(payload, headers)
+        else
+          RestClient::Resource.new(groups_url, @configuration.rest_client_options).post(payload, headers)
+        end
       end
     end
 
-    def create_subgroup!(parent_id, name)
+    def create_subgroup!(parent_id, name, attributes = {})
       url = "#{groups_url(parent_id)}/children"
       response = execute_http do
         RestClient::Resource.new(url, @configuration.rest_client_options).post(
-          create_payload(build(name, nil)), headers
+          create_payload(build(name, nil, attributes)), headers
         )
       end
       created_id(response)
     end
-    
+
+    def delete(group_id)
+      execute_http do
+        RestClient::Resource.new(groups_url(group_id), @configuration.rest_client_options).delete(headers)
+      end
+      true
+    end
+
     def members(group_id, first=0, max=100)
       url = "#{groups_url(group_id)}/members"
       query = {first: first.try(:to_i), max: max.try(:to_i)}.compact
@@ -61,6 +86,28 @@ module KeycloakAdmin
       JSON.parse(response).map { |user_as_hash| UserRepresentation.from_hash(user_as_hash) }
     end
 
+    # Gets all realm-level roles for a group
+    def get_realm_level_roles(group_id)
+      url = "#{groups_url(group_id)}/role-mappings/realm"
+      response = execute_http do
+        RestClient::Resource.new(url, @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |role_as_hash| RoleRepresentation.from_hash(role_as_hash) }
+    end
+
+    # Adds a realm-level role to a group via the role name
+    def add_realm_level_role_name!(group_id, role_name)
+      # creates a full role-representation object needed by the keycloak api to work
+      role_representation = RoleClient.new(@configuration, @realm_client).get(role_name)
+      url = "#{groups_url(group_id)}/role-mappings/realm"
+      response = execute_http do
+        RestClient::Resource.new(url, @configuration.rest_client_options).post(
+          create_payload([role_representation]), headers
+        )
+      end
+      role_representation
+    end
+
     def groups_url(id=nil)
       if id
         "#{@realm_client.realm_admin_url}/groups/#{id}"
@@ -71,11 +118,14 @@ module KeycloakAdmin
 
     private
 
-    def build(name, path)
-      group      = GroupRepresentation.new
-      group.name = name
-      group.path = path
-      group
+    def build(name, path, attributes)
+      GroupRepresentation.from_hash(
+        {
+          "name" => name,
+          "path" => path,
+          "attributes" => attributes
+        }
+      )
     end
   end
 end

data/lib/keycloak-admin/client/role_client.rb

@@ -13,32 +13,47 @@ module KeycloakAdmin
       JSON.parse(response).map { |role_as_hash| RoleRepresentation.from_hash(role_as_hash) }
     end
     
+    # Returns the role representation for the specified role name
     def get(name)
+      # allows special characters in the name like space
+      name = URI.encode_uri_component(name)
       response = execute_http do
         RestClient::Resource.new(role_name_url(name), @configuration.rest_client_options).get(headers)
       end
       RoleRepresentation.from_hash JSON.parse(response)
     end
 
+    # Lists all groups that have the specified role name assigned
+    def list_groups(name)
+      # allows special characters in the name like space
+      name = URI.encode_uri_component(name)
+      response = execute_http do
+        RestClient::Resource.new("#{role_name_url(name)}/groups", @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |role_as_hash| GroupRepresentation.from_hash(role_as_hash) }
+    end
+
     def save(role_representation)
       execute_http do
-        RestClient::Resource.new(roles_url, @configuration.rest_client_options).post(
-          create_payload(role_representation), headers
-        )
+        payload = create_payload(role_representation)
+        if role_representation.id
+          RestClient::Resource.new(role_id_url(role_representation.id), @configuration.rest_client_options).put(payload, headers)
+        else
+          RestClient::Resource.new(roles_url, @configuration.rest_client_options).post(payload, headers)
+        end
       end
     end
 
-    def roles_url(id=nil)
-      if id
-        "#{@realm_client.realm_admin_url}/roles/#{id}"
-      else
-        "#{@realm_client.realm_admin_url}/roles"
-      end
+    def roles_url
+      "#{@realm_client.realm_admin_url}/roles"
+    end
+
+    def role_id_url(id)
+      "#{@realm_client.realm_admin_url}/roles-by-id/#{id}"
     end
     
     def role_name_url(name)
       "#{@realm_client.realm_admin_url}/roles/#{name}"
     end
-    
   end
 end

data/lib/keycloak-admin/client/user_client.rb

@@ -20,6 +20,7 @@ module KeycloakAdmin
       user_representation
     end
 
+    # pay attention that, since Keycloak 24.0.4, partial updates of attributes are not authorized anymore
     def update(user_id, user_representation_body)
       raise ArgumentError.new("user_id must be defined") if user_id.nil?
       RestClient::Request.execute(

data/lib/keycloak-admin/representation/group_representation.rb

@@ -3,14 +3,18 @@ module KeycloakAdmin
     attr_accessor :id,
       :name,
       :path,
+      :attributes,
+      :sub_group_count,
       :sub_groups
 
     def self.from_hash(hash)
-      group            = new
-      group.id         = hash["id"]
-      group.name       = hash["name"]
-      group.path       = hash["path"]
-      group.sub_groups = hash.fetch("subGroups", []).map { |sub_group_hash| self.from_hash(sub_group_hash) }
+      group                 = new
+      group.id              = hash["id"]
+      group.name            = hash["name"]
+      group.path            = hash["path"]
+      group.attributes      = hash.fetch("attributes", {}).map { |k, v| [k.to_sym, Array(v)] }.to_h
+      group.sub_group_count = hash["subGroupCount"]
+      group.sub_groups      = hash.fetch("subGroups", []).map { |sub_group_hash| self.from_hash(sub_group_hash) }
       group
     end
   end

data/lib/keycloak-admin/representation/role_representation.rb

@@ -3,7 +3,8 @@ module KeycloakAdmin
     attr_accessor :id,
       :name,
       :composite,
-      :client_role
+      :client_role,
+      :container_id,
 
     def self.from_hash(hash)
       role             = new
@@ -11,6 +12,7 @@ module KeycloakAdmin
       role.name        = hash["name"]
       role.composite   = hash["composite"]
       role.client_role = hash["clientRole"]
+      role.container_id = hash["containerId"]
       role
     end
   end

data/lib/keycloak-admin/version.rb

@@ -1,3 +1,3 @@
 module KeycloakAdmin
-  VERSION = "1.1.0"
+  VERSION = "1.1.2"
 end

data/spec/client/client_client_spec.rb

@@ -82,7 +82,7 @@ RSpec.describe KeycloakAdmin::ClientClient do
     end
 
     it "passes rest client options" do
-      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      rest_client_options = {timeout: 10}
       allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
 
       expect(RestClient::Resource).to receive(:new).with(
@@ -123,7 +123,7 @@ RSpec.describe KeycloakAdmin::ClientClient do
     end
 
     it "passes rest client options" do
-      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      rest_client_options = {timeout: 10}
       allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
       expect(RestClient::Resource).to receive(:new).with(
         "http://auth.service.io/auth/admin/realms/valid-realm/clients/95b45037-3980-404c-ba12-784fa1baf2c2", rest_client_options).and_call_original

data/spec/client/client_role_mappings_client_spec.rb

@@ -32,7 +32,7 @@ RSpec.describe KeycloakAdmin::ClientRoleMappingsClient do
     end
 
     it "passes rest client options" do
-      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      rest_client_options = {timeout: 10}
       allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
 
       expect(RestClient::Resource).to receive(:new).with(
@@ -70,7 +70,7 @@ RSpec.describe KeycloakAdmin::ClientRoleMappingsClient do
     end
 
     it "passes rest client options" do
-      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      rest_client_options = {timeout: 10}
       allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
 
       expect(RestClient::Resource).to receive(:new).with(

data/spec/client/group_client_spec.rb

@@ -22,6 +22,35 @@ RSpec.describe KeycloakAdmin::GroupClient do
     end
   end
 
+  describe "#get" do
+    let(:realm_name) { "valid-realm" }
+
+    before(:each) do
+      @group_client = KeycloakAdmin.realm(realm_name).groups
+
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '{"id":"test_group_id","name":"test_group_name"}'
+    end
+
+    it "get a group" do
+      group = @group_client.get("test_group_id")
+      expect(group.id).to eq "test_group_id"
+      expect(group.name).to eq "test_group_name"
+    end
+
+    it "passes rest client options" do
+      rest_client_options = {timeout: 10}
+      allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
+
+      expect(RestClient::Resource).to receive(:new).with(
+        "http://auth.service.io/auth/admin/realms/valid-realm/groups/test_group_id", rest_client_options).and_call_original
+
+      group = @group_client.get("test_group_id")
+      expect(group.id).to eq "test_group_id"
+      expect(group.name).to eq "test_group_name"
+    end
+  end
+
   describe "#list" do
     let(:realm_name) { "valid-realm" }
 
@@ -39,7 +68,7 @@ RSpec.describe KeycloakAdmin::GroupClient do
     end
 
     it "passes rest client options" do
-      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      rest_client_options = {timeout: 10}
       allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
 
       expect(RestClient::Resource).to receive(:new).with(
@@ -51,35 +80,102 @@ RSpec.describe KeycloakAdmin::GroupClient do
     end
   end
 
-  describe "#save" do
+
+  describe "#children" do
     let(:realm_name) { "valid-realm" }
-    let(:group) { KeycloakAdmin::GroupRepresentation.from_hash(
-      "name" => "test_group_name"
-    )}
 
     before(:each) do
       @group_client = KeycloakAdmin.realm(realm_name).groups
 
       stub_token_client
-      response = double
-      allow(response).to receive(:headers).and_return(
-        { location: 'http://auth.service.io/auth/admin/realms/valid-realm/groups/be061c48-6edd-4783-a726-1a57d4bfa22b' }
-      )
-      expect_any_instance_of(RestClient::Resource).to receive(:post).with(group.to_json, anything).and_return response
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '[{"id":"test_group_id","name":"test_group_name"}]'
     end
 
-    it "saves a group" do
-      @group_client.save(group)
+    it "lists children groups" do
+      groups = @group_client.children("parent_group_id")
+      expect(groups.length).to eq 1
+      expect(groups[0].name).to eq "test_group_name"
     end
 
     it "passes rest client options" do
-      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      rest_client_options = {timeout: 10}
       allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
 
       expect(RestClient::Resource).to receive(:new).with(
-        "http://auth.service.io/auth/admin/realms/valid-realm/groups", rest_client_options).and_call_original
+        "http://auth.service.io/auth/admin/realms/valid-realm/groups/parent_group_id/children", rest_client_options).and_call_original
 
-      @group_client.save(group)
+      groups = @group_client.children("parent_group_id")
+      expect(groups.length).to eq 1
+      expect(groups[0].name).to eq "test_group_name"
+    end
+  end
+
+  describe "#save" do
+    let(:realm_name) { "valid-realm" }
+
+    before(:each) do
+      @group_client = KeycloakAdmin.realm(realm_name).groups
+
+      stub_token_client
+    end
+
+    context "when the group does not exist" do
+      let(:group) { KeycloakAdmin::GroupRepresentation.from_hash(
+        "name" => "test_group_name"
+      )}
+
+      before do
+        response = double
+        allow(response).to receive(:headers).and_return(
+          { location: 'http://auth.service.io/auth/admin/realms/valid-realm/groups/be061c48-6edd-4783-a726-1a57d4bfa22b' }
+        )
+
+        expect_any_instance_of(RestClient::Resource).to receive(:post).with(group.to_json, anything).and_return response
+      end
+
+      it "saves a group" do
+        @group_client.save(group)
+      end
+
+      it "passes rest client options" do
+        rest_client_options = {timeout: 10}
+        allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
+
+        expect(RestClient::Resource).to receive(:new).with(
+          "http://auth.service.io/auth/admin/realms/valid-realm/groups", rest_client_options).and_call_original
+
+        @group_client.save(group)
+      end
+    end
+
+    context "when the group already exists" do
+      let(:group) { KeycloakAdmin::GroupRepresentation.from_hash(
+        "id" => "test_group_id",
+        "name" => "test_group_name"
+      )}
+
+      before do
+        response = double
+        allow(response).to receive(:headers).and_return(
+          { location: 'http://auth.service.io/auth/admin/realms/valid-realm/groups/be061c48-6edd-4783-a726-1a57d4bfa22b' }
+        )
+
+        expect_any_instance_of(RestClient::Resource).to receive(:put).with(group.to_json, anything).and_return response
+      end
+
+      it "saves a group" do
+        @group_client.save(group)
+      end
+
+      it "passes rest client options" do
+        rest_client_options = {timeout: 10}
+        allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
+
+        expect(RestClient::Resource).to receive(:new).with(
+          "http://auth.service.io/auth/admin/realms/valid-realm/groups/test_group_id", rest_client_options).and_call_original
+
+        @group_client.save(group)
+      end
     end
   end
 
@@ -133,4 +229,30 @@ RSpec.describe KeycloakAdmin::GroupClient do
       expect(group_id).to eq '7686af34-204c-4515-8122-78d19febbf6e'
     end
   end
+
+  describe "#delete" do
+    let(:realm_name) { "valid-realm" }
+
+    before(:each) do
+      @group_client = KeycloakAdmin.realm(realm_name).groups
+
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:delete).and_return ''
+    end
+
+    it "deletes a group" do
+      result = @group_client.delete("test_group_id")
+      expect(result).to be(true)
+    end
+
+    it "raises a delete error" do
+      rest_client_options = {timeout: 10}
+      allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
+
+      expect(RestClient::Resource).to receive(:new).with(
+        "http://auth.service.io/auth/admin/realms/valid-realm/groups/test_group_id", rest_client_options).and_raise("error")
+
+      expect { @group_client.delete("test_group_id") }.to raise_error("error")
+    end
+  end
 end

data/spec/client/identity_provider_client_spec.rb

@@ -78,7 +78,7 @@ RSpec.describe KeycloakAdmin::IdentityProviderClient do
     end
 
     it "passes rest client options" do
-      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      rest_client_options = {timeout: 10}
       allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
 
       expect(RestClient::Resource).to receive(:new).with(

data/spec/client/realm_client_spec.rb

@@ -60,7 +60,7 @@ RSpec.describe KeycloakAdmin::RealmClient do
     end
 
     it "passes rest client options" do
-      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      rest_client_options = {timeout: 10}
       allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
 
       expect(RestClient::Resource).to receive(:new).with(
@@ -87,7 +87,7 @@ RSpec.describe KeycloakAdmin::RealmClient do
     end
 
     it "passes rest client options" do
-      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      rest_client_options = {timeout: 10}
       allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
 
       expect(RestClient::Resource).to receive(:new).with(
@@ -117,7 +117,7 @@ RSpec.describe KeycloakAdmin::RealmClient do
     end
 
     it "passes rest client options" do
-      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      rest_client_options = {timeout: 10}
       allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
 
       expect(RestClient::Resource).to receive(:new).with(
@@ -143,7 +143,7 @@ RSpec.describe KeycloakAdmin::RealmClient do
     end
 
     it "passes rest client options" do
-      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      rest_client_options = {timeout: 10}
       allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
 
       expect(RestClient::Resource).to receive(:new).with(

data/spec/client/role_client_spec.rb

@@ -1,24 +1,20 @@
 RSpec.describe KeycloakAdmin::RoleClient do
   describe "#roles_url" do
     let(:realm_name) { "valid-realm" }
-    let(:role_id)    { nil }
 
-    before(:each) do
-      @built_url = KeycloakAdmin.realm(realm_name).roles.roles_url(role_id)
+    it "return a proper url without role id" do
+      @built_url = KeycloakAdmin.realm(realm_name).roles.roles_url
+      expect(@built_url).to eq "http://auth.service.io/auth/admin/realms/valid-realm/roles"
     end
+  end
 
-    context "when role_id is not defined" do
-      let(:role_id) { nil }
-      it "return a proper url without role id" do
-        expect(@built_url).to eq "http://auth.service.io/auth/admin/realms/valid-realm/roles"
-      end
-    end
+  describe "#role_id_url" do
+    let(:realm_name) { "valid-realm" }
+    let(:role_id) { "95985b21-d884-4bbd-b852-cb8cd365afc2" }
 
-    context "when role_id is defined" do
-      let(:role_id) { "95985b21-d884-4bbd-b852-cb8cd365afc2" }
-      it "return a proper url with the role id" do
-        expect(@built_url).to eq "http://auth.service.io/auth/admin/realms/valid-realm/roles/95985b21-d884-4bbd-b852-cb8cd365afc2"
-      end
+    it "return a proper url with the role id" do
+      @built_url = KeycloakAdmin.realm(realm_name).roles.role_id_url(role_id)
+      expect(@built_url).to eq "http://auth.service.io/auth/admin/realms/valid-realm/roles-by-id/95985b21-d884-4bbd-b852-cb8cd365afc2"
     end
   end
 
@@ -39,7 +35,7 @@ RSpec.describe KeycloakAdmin::RoleClient do
     end
 
     it "passes rest client options" do
-      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      rest_client_options = {timeout: 10}
       allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
 
       expect(RestClient::Resource).to receive(:new).with(
@@ -71,7 +67,7 @@ RSpec.describe KeycloakAdmin::RoleClient do
     end
 
     it "passes rest client options" do
-      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      rest_client_options = {timeout: 10}
       allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
 
       expect(RestClient::Resource).to receive(:new).with(

data/spec/client/role_mapper_client_spec.rb

@@ -56,7 +56,7 @@ RSpec.describe KeycloakAdmin::RoleMapperClient do
     end
 
     it "passes rest client options" do
-      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      rest_client_options = {timeout: 10}
       allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
 
       expect(RestClient::Resource).to receive(:new).with(

data/spec/client/token_client_spec.rb

@@ -49,7 +49,7 @@ RSpec.describe KeycloakAdmin::TokenClient do
     end
 
     it "passes rest client options" do
-      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      rest_client_options = {timeout: 10}
       allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
       stub_post
 

data/spec/client/user_client_spec.rb

@@ -141,7 +141,7 @@ RSpec.describe KeycloakAdmin::TokenClient do
     end
 
     it "passes rest client options" do
-      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      rest_client_options = {timeout: 10}
       allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
 
       expect(RestClient::Resource).to receive(:new).with(
@@ -167,7 +167,7 @@ RSpec.describe KeycloakAdmin::TokenClient do
     end
 
     it "passes rest client options" do
-      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      rest_client_options = {timeout: 10}
       allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
 
       expect(RestClient::Resource).to receive(:new).with(
@@ -213,7 +213,7 @@ RSpec.describe KeycloakAdmin::TokenClient do
     end
 
     it "passes rest client options" do
-      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      rest_client_options = {timeout: 10}
       allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
 
       expect(RestClient::Resource).to receive(:new).with(
@@ -246,7 +246,7 @@ RSpec.describe KeycloakAdmin::TokenClient do
     end
 
     it "passes rest client options" do
-      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      rest_client_options = {timeout: 10}
       allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
 
       expect(RestClient::Resource).to receive(:new).with(
@@ -273,7 +273,7 @@ RSpec.describe KeycloakAdmin::TokenClient do
     end
 
     it "passes rest client options" do
-      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      rest_client_options = {timeout: 10}
       allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
 
       expect(RestClient::Resource).to receive(:new).with(

data/spec/configuration_spec.rb

@@ -6,7 +6,7 @@ RSpec.describe KeycloakAdmin::RealmClient do
   let(:use_service_account) { true }
   let(:username)            { "a" }
   let(:password)            { "b" }
-  let(:rest_client_options) { {verify_ssl: OpenSSL::SSL::VERIFY_NONE} }
+  let(:rest_client_options) { {timeout: 10 } }
 
   before(:each) do
     @configuration                     = KeycloakAdmin::Configuration.new

data/spec/representation/group_representation_spec.rb

@@ -4,10 +4,17 @@ RSpec.describe KeycloakAdmin::GroupRepresentation do
     it "parses the sub groups into group representations" do
       group = described_class.from_hash({
         "name" => "group a",
+        "attributes" => {
+          "key" => ["value"]
+        },
+        "subGroupCount" => 1,
         "subGroups" => [{
           "name" => "subgroup b"
         }]
       })
+
+      expect(group.attributes).to eq(key: ["value"])
+      expect(group.sub_group_count).to eq 1
       expect(group.sub_groups.length).to eq 1
       expect(group.sub_groups.first).to be_a described_class
     end

data/spec/representation/role_representation_spec.rb

@@ -12,7 +12,7 @@ RSpec.describe KeycloakAdmin::RoleRepresentation do
     end
 
     it "can convert to json" do
-      expect(@mapper.to_json).to eq "{\"id\":\"bb79fb10-a7b4-4728-a662-82a4de7844a3\",\"name\":\"abcd\",\"composite\":true,\"clientRole\":false}"
+      expect(@mapper.to_json).to eq "{\"id\":\"bb79fb10-a7b4-4728-a662-82a4de7844a3\",\"name\":\"abcd\",\"composite\":true,\"clientRole\":false,\"containerId\":null}"
     end
   end
 
@@ -31,7 +31,7 @@ RSpec.describe KeycloakAdmin::RoleRepresentation do
     end
 
     it "can convert to json" do
-      expect(@mappers.to_json).to eq "[{\"id\":\"bb79fb10-a7b4-4728-a662-82a4de7844a3\",\"name\":\"abcd\",\"composite\":true,\"clientRole\":false}]"
+      expect(@mappers.to_json).to eq "[{\"id\":\"bb79fb10-a7b4-4728-a662-82a4de7844a3\",\"name\":\"abcd\",\"composite\":true,\"clientRole\":false,\"containerId\":null}]"
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: keycloak-admin
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.1.2
 platform: ruby
 authors:
 - Lorent Lempereur
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-10-03 00:00:00.000000000 Z
+date: 2024-05-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: http-cookie