keycloak-admin 1.1.1 → 1.1.3

data/spec/client/client_authz_permission_client_spec.rb

@@ -0,0 +1,170 @@
+RSpec.describe KeycloakAdmin::ClientAuthzPermissionClient do
+
+  describe "#initialize" do
+    let(:realm_name) { nil }
+    let(:type) { :scope }
+    before(:each) do
+      @realm = KeycloakAdmin.realm(realm_name)
+    end
+
+    context "when realm_name is defined" do
+      let(:realm_name) { "master" }
+      it "does not raise any error" do
+        expect {
+          @realm.authz_permissions("", type)
+        }.to_not raise_error
+      end
+    end
+
+    context "when realm_name is not defined" do
+      let(:realm_name) { nil }
+      it "raises any error" do
+        expect {
+          @realm.authz_permissions("", type)
+        }.to raise_error(ArgumentError)
+      end
+    end
+
+    context "when type is bad value" do
+      let(:realm_name) { "master" }
+      let(:type) { "bad-type" }
+      it "does not raise any error" do
+        expect {
+          @realm.authz_permissions("", type)
+        }.to raise_error
+      end
+    end
+  end
+
+  describe '#delete' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:client_authz_permission) {  KeycloakAdmin.realm(realm_name).authz_permissions(client_id, "resource") }
+    before(:each) do
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:delete).and_return 'true'
+    end
+
+    it "deletes a permission" do
+      expect(client_authz_permission.delete("valid-permission-id")).to be_truthy
+    end
+  end
+
+  describe '#find_by' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:client_authz_permission) {  KeycloakAdmin.realm(realm_name).authz_permissions(client_id, "resource") }
+    before(:each) do
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '[{"id":"245ce612-ccdc-4426-8ea7-e0e29a718033","name":"Default Permission","description":"A permission that applies to the default resource type","type":"resource","logic":"POSITIVE","decisionStrategy":"UNANIMOUS","resourceType":"urn:dummy-client:resources:default"},{"id":"06a21e38-4e92-466d-8647-ffcd9c7b51c3","name":"delme policy","description":"delme polidy ","type":"resource","logic":"POSITIVE","decisionStrategy":"UNANIMOUS","resourceType":"asdfasdf"}]'
+    end
+
+    it "finds permissions" do
+      response = client_authz_permission.find_by("name", "resource", "scope")
+      expect(response[0].id).to eql "245ce612-ccdc-4426-8ea7-e0e29a718033"
+      expect(response[1].id).to eql "06a21e38-4e92-466d-8647-ffcd9c7b51c3"
+    end
+  end
+
+  describe '#create!' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:client_authz_permission) {  KeycloakAdmin.realm(realm_name).authz_permissions(client_id, "resource") }
+    before(:each) do
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:post).and_return '{"id":"245ce612-ccdc-4426-8ea7-e0e29a718033","name":"Default Permission","description":"A permission that applies to the default resource type","type":"resource","logic":"POSITIVE","decisionStrategy":"UNANIMOUS","resourceType":"urn:dummy-client:resources:default"}'
+    end
+
+    it "creates a permission" do
+      response = client_authz_permission.create!("name", "description", "UNANIMOUS", "POSITIVE", [], [], [], "resource")
+      expect(response.id).to eql "245ce612-ccdc-4426-8ea7-e0e29a718033"
+      expect(response.name).to eql "Default Permission"
+      expect(response.description).to eql "A permission that applies to the default resource type"
+      expect(response.logic).to eql "POSITIVE"
+      expect(response.decision_strategy).to eql "UNANIMOUS"
+      expect(response.resource_type).to eql "urn:dummy-client:resources:default"
+    end
+  end
+
+  describe '#list' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    before(:each) do
+      @client_authz_permission = KeycloakAdmin.realm(realm_name).authz_permissions(client_id, "resource")
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '[{"id":"245ce612-ccdc-4426-8ea7-e0e29a718033","name":"Default Permission","description":"A permission that applies to the default resource type","type":"resource","logic":"POSITIVE","decisionStrategy":"UNANIMOUS","resourceType":"urn:dummy-client:resources:default"},{"id":"06a21e38-4e92-466d-8647-ffcd9c7b51c3","name":"delme policy","description":"delme polidy ","type":"resource","logic":"POSITIVE","decisionStrategy":"UNANIMOUS","resourceType":"asdfasdf"}]'
+
+    end
+
+    it "returns list of authz permissions" do
+      response = @client_authz_permission.list
+      expect(response.size).to eq 2
+      expect(response[0].id).to eq "245ce612-ccdc-4426-8ea7-e0e29a718033"
+      expect(response[0].name).to eq "Default Permission"
+      expect(response[0].description).to eq "A permission that applies to the default resource type"
+      expect(response[0].logic).to eq "POSITIVE"
+      expect(response[0].decision_strategy).to eq "UNANIMOUS"
+      expect(response[0].resource_type).to eq "urn:dummy-client:resources:default"
+    end
+  end
+
+  describe '#get' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:client_authz_permission) {  KeycloakAdmin.realm(realm_name).authz_permissions(client_id, "resource") }
+    before(:each) do
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '{"id":"245ce612-ccdc-4426-8ea7-e0e29a718033","name":"Default Permission","description":"A permission that applies to the default resource type","type":"resource","logic":"POSITIVE","decisionStrategy":"UNANIMOUS","resourceType":"urn:dummy-client:resources:default"}'
+    end
+
+    it "gets a permission" do
+      response = client_authz_permission.get("245ce612-ccdc-4426-8ea7-e0e29a718033")
+      expect(response.id).to eql "245ce612-ccdc-4426-8ea7-e0e29a718033"
+      expect(response.name).to eql "Default Permission"
+      expect(response.description).to eql "A permission that applies to the default resource type"
+      expect(response.logic).to eql "POSITIVE"
+      expect(response.decision_strategy).to eql "UNANIMOUS"
+      expect(response.resource_type).to eql "urn:dummy-client:resources:default"
+    end
+  end
+
+  describe '#authz_permission_url' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:resource_id){ "valid-resource-id" }
+    let(:type){ "resource" }
+    let(:client_authz_permission) { KeycloakAdmin.realm(realm_name).authz_permissions(client_id, type, resource_id) }
+    context 'when resource_id is nil' do
+      it "return a proper url" do
+        expect(client_authz_permission.authz_permission_url(client_id)).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/permission/"
+      end
+    end
+    context 'when resource_id is not nil' do
+      it "return a proper url" do
+        expect(client_authz_permission.authz_permission_url(client_id, resource_id)).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/resource/valid-resource-id/permissions"
+      end
+    end
+    context 'when id is not nil' do
+      it "return a proper url" do
+        expect(client_authz_permission.authz_permission_url(client_id, nil, :resource, "valid-permission-id")).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/permission/resource/valid-permission-id"
+      end
+    end
+    context 'when resource_id and id are nil' do
+      it "return a proper url" do
+        expect(client_authz_permission.authz_permission_url(client_id, nil, :resource)).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/permission/resource"
+      end
+    end
+  end
+
+  describe '#authz_permission_url' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    before(:each) do
+      @client_authz_permission = KeycloakAdmin.realm(realm_name).authz_permissions(client_id, "resource")
+    end
+
+    it "return a proper url" do
+      expect(@client_authz_permission.authz_permission_url(client_id)).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/permission/"
+    end
+  end
+end

data/spec/client/client_authz_policy_client_spec.rb

@@ -0,0 +1,170 @@
+RSpec.describe KeycloakAdmin::ClientAuthzPolicyClient do
+
+  describe '#initialize' do
+    let(:realm_name) { nil }
+    let(:type) { :role }
+    before(:each) do
+      @realm = KeycloakAdmin.realm(realm_name)
+    end
+
+    context "when realm_name is defined" do
+      let(:realm_name) { "master" }
+      it "does not raise any error" do
+        expect {
+          @realm.authz_policies("", type)
+        }.to_not raise_error
+      end
+    end
+
+    context "when realm_name is not defined" do
+      let(:realm_name) { nil }
+      it "raises any error" do
+        expect {
+          @realm.authz_policies("", type)
+        }.to raise_error(ArgumentError)
+      end
+    end
+
+    context "when type is bad value" do
+      let(:realm_name) { "master" }
+      let(:type) { "bad-type" }
+      it "does not raise any error" do
+        expect {
+          @realm.authz_policies("", type)
+        }.to raise_error
+      end
+    end
+  end
+
+  describe '#create!' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:type) { :role }
+    let(:name) { "policy name" }
+    let(:description) { "policy description" }
+    let(:logic) { "POSITIVE" }
+    let(:decision_strategy) { "UNANIMOUS" }
+    let(:fetch_roles) { true }
+    let(:config) { { roles: [{ id: "1d305dbe-6379-4900-8e63-96541006160a", required: false }] } }
+    let(:client_authz_policy){ KeycloakAdmin.realm(realm_name).authz_policies(client_id, type) }
+
+    before(:each) do
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:post).and_return '{"id":"234f6f33-ef03-4f3f-a8c0-ad7bca27b720","name":"policy name","description":"policy description","type":"role","logic":"POSITIVE","decisionStrategy":"UNANIMOUS","config":{"roles":"[{\"id\":\"1d305dbe-6379-4900-8e63-96541006160a\",\"required\":false}]"}}'
+    end
+
+    it "creates a new authz policy" do
+      response = client_authz_policy.create!(name, description, type, logic, decision_strategy, fetch_roles, config[:roles])
+      expect(response.id).to eq "234f6f33-ef03-4f3f-a8c0-ad7bca27b720"
+      expect(response.name).to eq "policy name"
+      expect(response.type).to eq "role"
+      expect(response.logic).to eq "POSITIVE"
+      expect(response.decision_strategy).to eq "UNANIMOUS"
+      expect(response.config.roles[0].id).to eq "1d305dbe-6379-4900-8e63-96541006160a"
+    end
+  end
+
+  describe '#get' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:type) { :role }
+    let(:policy_id) { "234f6f33-ef03-4f3f-a8c0-ad7bca27b720" }
+    let(:client_authz_policy){ KeycloakAdmin.realm(realm_name).authz_policies(client_id, type) }
+    before(:each) do
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '{"id":"234f6f33-ef03-4f3f-a8c0-ad7bca27b720","name":"policy name","description":"policy description","type":"role","logic":"POSITIVE","decisionStrategy":"UNANIMOUS","config":{"roles":"[{\"id\":\"1d305dbe-6379-4900-8e63-96541006160a\",\"required\":false}]"}}'
+    end
+
+    it "returns an authz policy" do
+      response = client_authz_policy.get(policy_id)
+      expect(response.id).to eq "234f6f33-ef03-4f3f-a8c0-ad7bca27b720"
+      expect(response.name).to eq "policy name"
+      expect(response.type).to eq "role"
+      expect(response.logic).to eq "POSITIVE"
+      expect(response.decision_strategy).to eq "UNANIMOUS"
+      expect(response.config.roles[0].id).to eq "1d305dbe-6379-4900-8e63-96541006160a"
+    end
+  end
+
+  describe '#find_by' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:type) { :role }
+    let(:name) { "policy name" }
+    let(:client_authz_policy){ KeycloakAdmin.realm(realm_name).authz_policies(client_id, type) }
+    before(:each) do
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '[{"id":"234f6f33-ef03-4f3f-a8c0-ad7bca27b720","name":"policy name","description":"policy description","type":"role","logic":"POSITIVE","decisionStrategy":"UNANIMOUS","config":{"roles":"[{\"id\":\"1d305dbe-6379-4900-8e63-96541006160a\",\"required\":false}]"}}]'
+    end
+
+    it "returns list of authz policies" do
+      response = client_authz_policy.find_by(name, type)
+      expect(response.size).to eq 1
+      expect(response[0].id).to eq "234f6f33-ef03-4f3f-a8c0-ad7bca27b720"
+      expect(response[0].name).to eq "policy name"
+      expect(response[0].type).to eq "role"
+      expect(response[0].logic).to eq "POSITIVE"
+      expect(response[0].decision_strategy).to eq "UNANIMOUS"
+      expect(response[0].config.roles[0].id).to eq "1d305dbe-6379-4900-8e63-96541006160a"
+    end
+  end
+
+  describe '#delete' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:type) { :role }
+    let(:policy_id) { "234f6f33-ef03-4f3f-a8c0-ad7bca27b720" }
+    before(:each) do
+      @client_authz_policy = KeycloakAdmin.realm(realm_name).authz_policies(client_id, type)
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:delete).and_return 'true'
+    end
+
+    it "deletes an authz policy" do
+      response = @client_authz_policy.delete(policy_id)
+      expect(response).to eq true
+    end
+  end
+
+  describe '#list' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:type) { :role }
+    before(:each) do
+      @client_authz_policy = KeycloakAdmin.realm(realm_name).authz_policies(client_id, type)
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '[{"id":"234f6f33-ef03-4f3f-a8c0-ad7bca27b720","name":"policy name","description":"policy description","type":"role","logic":"POSITIVE","decisionStrategy":"UNANIMOUS","config":{"roles":"[{\"id\":\"1d305dbe-6379-4900-8e63-96541006160a\",\"required\":false}]"}}]'
+    end
+
+    it "returns list of authz policies" do
+      response = @client_authz_policy.list
+      expect(response.size).to eq 1
+      expect(response[0].id).to eq "234f6f33-ef03-4f3f-a8c0-ad7bca27b720"
+      expect(response[0].name).to eq "policy name"
+      expect(response[0].type).to eq "role"
+      expect(response[0].logic).to eq "POSITIVE"
+      expect(response[0].decision_strategy).to eq "UNANIMOUS"
+      expect(response[0].config.roles[0].id).to eq "1d305dbe-6379-4900-8e63-96541006160a"
+    end
+  end
+
+  describe '#authz_policy_url' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:type) { :role }
+    let(:client_authz_policy){ KeycloakAdmin.realm(realm_name).authz_policies(client_id, type) }
+
+    context 'when policy_id is nil' do
+      let(:policy_id) { nil }
+      it "return a proper url" do
+        expect(client_authz_policy.authz_policy_url(client_id, type, policy_id)).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/policy/role?permission=false"
+      end
+    end
+    context 'when policy_id is not nil' do
+      let(:policy_id) { "234f6f33-ef03-4f3f-a8c0-ad7bca27b720" }
+      it "return a proper url" do
+        expect(client_authz_policy.authz_policy_url(client_id, type, policy_id)).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/policy/role/234f6f33-ef03-4f3f-a8c0-ad7bca27b720"
+      end
+    end
+  end
+end

data/spec/client/client_authz_resource_client_spec.rb

@@ -0,0 +1,150 @@
+RSpec.describe KeycloakAdmin::ClientAuthzResourceClient do
+  describe "#initialize" do
+    let(:realm_name) { nil }
+    before(:each) do
+      @realm = KeycloakAdmin.realm(realm_name)
+    end
+
+    context "when realm_name is defined" do
+      let(:realm_name) { "master" }
+      it "does not raise any error" do
+        expect { @realm.attack_detections }.to_not raise_error
+      end
+    end
+    context "when realm_name is not defined" do
+      it "raise argument error" do
+        expect { @realm.attack_detections }.to raise_error(ArgumentError)
+      end
+    end
+  end
+
+  describe "#list" do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    before(:each) do
+      @client_authz_resource = KeycloakAdmin.realm(realm_name).authz_resources(client_id)
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '[{"name":"Default Resource","type":"urn:delme-client-id:resources:default","owner":{"id":"d259b451-371b-432a-a526-3508f3a36f3b","name":"delme-client-id"},"ownerManagedAccess":false,"_id":"94643fe2-1973-4a36-8e1f-830ade186398","uris":["/*"]},{"name":"asdfasdf","type":"urn:delme-client-id:resources:default","owner":{"id":"d259b451-371b-432a-a526-3508f3a36f3b","name":"delme-client-id"},"ownerManagedAccess":true,"displayName":"asdfasdfasdfa","_id":"385966a2-14b9-4cc4-9539-5f2fe1008222","uris":["/*"],"icon_uri":"http://icon"}]'
+    end
+
+    it "returns list of authz scopes" do
+      response = @client_authz_resource.list
+      expect(response.size).to eq 2
+      expect(response[1].id).to eq "385966a2-14b9-4cc4-9539-5f2fe1008222"
+      expect(response[1].name).to eq "asdfasdf"
+      expect(response[1].type).to eq  "urn:delme-client-id:resources:default"
+      expect(response[1].owner_managed_access).to be_truthy
+    end
+  end
+
+  describe '#get' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:resource_id) { "valid-resource-id" }
+    let(:client_authz_resource) { KeycloakAdmin.realm(realm_name).authz_resources(client_id) }
+    before(:each) do
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '{"name":"Default Resource","type":"urn:delme-client-id:resources:default","owner":{"id":"d259b451-371b-432a-a526-3508f3a36f3b","name":"delme-client-id"},"ownerManagedAccess":false,"_id":"94643fe2-1973-4a36-8e1f-830ade186398","uris":["/*"]}'
+    end
+
+    it "returns authz scope" do
+      response = client_authz_resource.get(resource_id)
+      expect(response.id).to eq "94643fe2-1973-4a36-8e1f-830ade186398"
+      expect(response.name).to eq "Default Resource"
+      expect(response.type).to eq  "urn:delme-client-id:resources:default"
+      expect(response.owner_managed_access).to be_falsey
+    end
+  end
+
+  describe '#update' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:resource_id) { "valid-resource-id" }
+    let(:client_authz_resource) { KeycloakAdmin.realm(realm_name).authz_resources(client_id) }
+    before(:each) do
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '{"name":"Default Resource","type":"urn:delme-client-id:resources:default","owner":{"id":"d259b451-371b-432a-a526-3508f3a36f3b","name":"delme-client-id"},"ownerManagedAccess":false,"_id":"94643fe2-1973-4a36-8e1f-830ade186398","uris":["/*"]}'
+      allow_any_instance_of(RestClient::Resource).to receive(:put).and_return '{"name":"Default Resource","type":"urn:delme-client-id:resources:default","owner":{"id":"d259b451-371b-432a-a526-3508f3a36f3b","name":"delme-client-id"},"ownerManagedAccess":false,"_id":"94643fe2-1973-4a36-8e1f-830ade186398","uris":["/*"]}'
+    end
+
+    it "returns updated authz scope" do
+      response = client_authz_resource.update(resource_id, {name: "Default Resource", type: "urn:delme-client-id:resources:default", uris: ["/tmp/*"], owner_managed_access: false, display_name: "Default Resource", scopes: []})
+      expect(response.id).to eq "94643fe2-1973-4a36-8e1f-830ade186398"
+      expect(response.name).to eq "Default Resource"
+      expect(response.type).to eq  "urn:delme-client-id:resources:default"
+      expect(response.owner_managed_access).to be_falsey
+    end
+  end
+
+  describe '#create!' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    before(:each) do
+      @client_authz_resource = KeycloakAdmin.realm(realm_name).authz_resources(client_id)
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:post).and_return '{"name":"Default Resource","type":"urn:delme-client-id:resources:default","owner":{"id":"d259b451-371b-432a-a526-3508f3a36f3b","name":"delme-client-id"},"ownerManagedAccess":false,"_id":"94643fe2-1973-4a36-8e1f-830ade186398","uris":["/*"]}'
+    end
+
+    it "returns created authz scope" do
+      response = @client_authz_resource.create!("Default Resource", "urn:delme-client-id:resources:default", ["/tmp/*"], false, "Default Resource", [])
+      expect(response.id).to eq "94643fe2-1973-4a36-8e1f-830ade186398"
+      expect(response.name).to eq "Default Resource"
+      expect(response.type).to eq  "urn:delme-client-id:resources:default"
+      expect(response.owner_managed_access).to be_falsey
+    end
+  end
+
+  describe "#find_by" do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:resource_id) { "valid-resource-id" }
+    let(:client_authz_resource) { KeycloakAdmin.realm(realm_name).authz_resources(client_id) }
+    before(:each) do
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '[{"name":"Default Resource","type":"urn:delme-client-id:resources:default","owner":{"id":"d259b451-371b-432a-a526-3508f3a36f3b","name":"delme-client-id"},"ownerManagedAccess":false,"_id":"94643fe2-1973-4a36-8e1f-830ade186398","uris":["/*"]}]'
+    end
+
+    it "returns list of authz scopes" do
+      response = client_authz_resource.find_by("Default Resource", "urn:delme-client-id:resources:default", ["/tmp/*"], false, "")
+      expect(response.size).to eq 1
+      expect(response[0].id).to eq "94643fe2-1973-4a36-8e1f-830ade186398"
+      expect(response[0].name).to eq "Default Resource"
+      expect(response[0].type).to eq  "urn:delme-client-id:resources:default"
+      expect(response[0].owner_managed_access).to be_falsey
+    end
+  end
+
+  describe "#authz_scopes_url" do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:client_authz_resource){ KeycloakAdmin.realm(realm_name).authz_resources(client_id) }
+
+    context 'when resource_id is nil' do
+      it "return a proper url" do
+        expect(client_authz_resource.authz_resources_url(client_id)).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/resource"
+      end
+    end
+
+    context 'when resource_id is not nil' do
+      it "return a proper url" do
+        expect(client_authz_resource.authz_resources_url(client_id, "resource-id")).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/resource/resource-id"
+      end
+    end
+  end
+
+  describe "#delete" do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:resource_id) { "valid-resource-id" }
+    let(:client_authz_resource) { KeycloakAdmin.realm(realm_name).authz_resources(client_id) }
+    before(:each) do
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:delete).and_return '{}'
+    end
+
+    it "returns true" do
+      response = client_authz_resource.delete(resource_id)
+      expect(response).to be_truthy
+    end
+  end
+end

data/spec/client/client_authz_scope_client_spec.rb

@@ -0,0 +1,134 @@
+RSpec.describe KeycloakAdmin::ClientAuthzScopeClient do
+  describe "#initialize" do
+    let(:realm_name) { nil }
+    before(:each) do
+      @realm = KeycloakAdmin.realm(realm_name)
+    end
+
+    context "when realm_name is defined" do
+      let(:realm_name) { "master" }
+      it "does not raise any error" do
+        expect { @realm.attack_detections }.to_not raise_error
+      end
+    end
+    context "when realm_name is not defined" do
+      it "raise argument error" do
+        expect { @realm.attack_detections }.to raise_error(ArgumentError)
+      end
+    end
+  end
+
+  describe "#create" do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    before(:each) do
+      @client_authz_scope = KeycloakAdmin.realm(realm_name).authz_scopes(client_id)
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:post).and_return '{"id":"c0779ce3-0900-4ea3-b1d6-b23e1f19c662","name":"GET","iconUri":"http://asdfasd1","displayName":"GET authz scope"}'
+    end
+
+    it "returns created authz scope" do
+      response = @client_authz_scope.create!("GET", "GET authz scope", "http://asdfasd1")
+      expect(response.id).to eq "c0779ce3-0900-4ea3-b1d6-b23e1f19c662"
+      expect(response.name).to eq "GET"
+      expect(response.display_name).to eq "GET authz scope"
+      expect(response.icon_uri).to eq "http://asdfasd1"
+    end
+  end
+
+  describe "#list" do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    before(:each) do
+      @client_authz_scope = KeycloakAdmin.realm(realm_name).authz_scopes(client_id)
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '[{"id":"c0779ce3-0900-4ea3-b1d6-b23e1f19c662","name":"GET","iconUri":"http://asdfasd1","displayName":"GET authz scope"},{"id":"d0779ce3-0900-4ea3-b1d6-b23e1f19c662","name":"POST","iconUri":"http://asdfasd2","displayName":"POST authz scope"}]'
+    end
+
+    it "returns list of authz scopes" do
+      response = @client_authz_scope.list
+      expect(response.size).to eq 2
+      expect(response.first.id).to eq "c0779ce3-0900-4ea3-b1d6-b23e1f19c662"
+      expect(response.first.name).to eq "GET"
+      expect(response.first.display_name).to eq "GET authz scope"
+      expect(response.first.icon_uri).to eq "http://asdfasd1"
+    end
+  end
+
+
+  describe "#delete" do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:scope_id) { "valid-scope-id" }
+    before(:each) do
+      @client_authz_scope = KeycloakAdmin.realm(realm_name).authz_scopes(client_id)
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:delete).and_return ""
+    end
+
+    it "returns true" do
+      response = @client_authz_scope.delete(scope_id)
+      expect(response).to eq true
+    end
+  end
+
+  describe '#get' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:scope_id) { "valid-scope-id" }
+    before(:each) do
+      @client_authz_scope = KeycloakAdmin.realm(realm_name).authz_scopes(client_id)
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '{"id":"c0779ce3-0900-4ea3-b1d6-b23e1f19c662","name":"GET","iconUri":"http://asdfasd1","displayName":"GET authz scope"}'
+    end
+
+    it "returns authz scope" do
+      response = @client_authz_scope.get(scope_id)
+      expect(response.id).to eq "c0779ce3-0900-4ea3-b1d6-b23e1f19c662"
+      expect(response.name).to eq "GET"
+      expect(response.display_name).to eq "GET authz scope"
+      expect(response.icon_uri).to eq "http://asdfasd1"
+    end
+  end
+
+  describe '#search' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:name) { "GET" }
+    before(:each) do
+      @client_authz_scope = KeycloakAdmin.realm(realm_name).authz_scopes(client_id)
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '[{"id":"c0779ce3-0900-4ea3-b1d6-b23e1f19c662","name":"GET","iconUri":"http://asdfasd1","displayName":"GET authz scope"}]'
+    end
+
+    it "returns list of authz scopes" do
+      response = @client_authz_scope.search(name)
+      expect(response.size).to eq 1
+      expect(response.first.id).to eq "c0779ce3-0900-4ea3-b1d6-b23e1f19c662"
+      expect(response.first.name).to eq "GET"
+      expect(response.first.display_name).to eq "GET authz scope"
+      expect(response.first.icon_uri).to eq "http://asdfasd1"
+    end
+  end
+
+  describe "#authz_scopes_url" do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:client_authz_scope) { KeycloakAdmin.realm(realm_name).authz_scopes(client_id) }
+    context 'resource_id is nil and id is nil' do
+      it "return a proper url" do
+        expect(client_authz_scope.authz_scopes_url(client_id)).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/scope"
+      end
+    end
+    context 'resource_id is not nil' do
+      it "return a proper url" do
+        expect(client_authz_scope.authz_scopes_url(client_id, "valid-resource-id")).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/resource/valid-resource-id/scopes"
+      end
+    end
+    context 'resource_id is nil and id is not nil' do
+      it "return a proper url" do
+        expect(client_authz_scope.authz_scopes_url(client_id, nil, "valid-id")).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/scope/valid-id"
+      end
+    end
+  end
+end

data/spec/client/client_client_spec.rb

@@ -82,7 +82,7 @@ RSpec.describe KeycloakAdmin::ClientClient do
     end
 
     it "passes rest client options" do
-      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      rest_client_options = {timeout: 10}
       allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
 
       expect(RestClient::Resource).to receive(:new).with(
@@ -123,7 +123,7 @@ RSpec.describe KeycloakAdmin::ClientClient do
     end
 
     it "passes rest client options" do
-      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      rest_client_options = {timeout: 10}
       allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
       expect(RestClient::Resource).to receive(:new).with(
         "http://auth.service.io/auth/admin/realms/valid-realm/clients/95b45037-3980-404c-ba12-784fa1baf2c2", rest_client_options).and_call_original

data/spec/client/client_role_mappings_client_spec.rb

@@ -32,7 +32,7 @@ RSpec.describe KeycloakAdmin::ClientRoleMappingsClient do
     end
 
     it "passes rest client options" do
-      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      rest_client_options = {timeout: 10}
       allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
 
       expect(RestClient::Resource).to receive(:new).with(
@@ -70,7 +70,7 @@ RSpec.describe KeycloakAdmin::ClientRoleMappingsClient do
     end
 
     it "passes rest client options" do
-      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      rest_client_options = {timeout: 10}
       allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
 
       expect(RestClient::Resource).to receive(:new).with(