RubyGems - keycloak-admin - Versions diffs - 1.1.1 → 1.1.3 - Mend

keycloak-admin 1.1.1 → 1.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

checksums.yaml +4 -4
data/.github/workflows/Dockerfile +24 -0
data/.github/workflows/ci.yml +83 -0
data/CHANGELOG.md +12 -2
data/Gemfile.lock +8 -8
data/README.md +277 -4
data/lib/keycloak-admin/client/client_authz_permission_client.rb +81 -0
data/lib/keycloak-admin/client/client_authz_policy_client.rb +76 -0
data/lib/keycloak-admin/client/client_authz_resource_client.rb +93 -0
data/lib/keycloak-admin/client/client_authz_scope_client.rb +71 -0
data/lib/keycloak-admin/client/group_client.rb +41 -13
data/lib/keycloak-admin/client/realm_client.rb +16 -0
data/lib/keycloak-admin/client/role_client.rb +12 -10
data/lib/keycloak-admin/client/user_client.rb +1 -0
data/lib/keycloak-admin/representation/client_authz_permission_representation.rb +34 -0
data/lib/keycloak-admin/representation/client_authz_policy_config_representation.rb +15 -0
data/lib/keycloak-admin/representation/client_authz_policy_representation.rb +27 -0
data/lib/keycloak-admin/representation/client_authz_resource_representation.rb +26 -0
data/lib/keycloak-admin/representation/client_authz_scope_representation.rb +17 -0
data/lib/keycloak-admin/representation/group_representation.rb +9 -5
data/lib/keycloak-admin/version.rb +1 -1
data/lib/keycloak-admin.rb +9 -0
data/spec/client/client_authz_permission_client_spec.rb +170 -0
data/spec/client/client_authz_policy_client_spec.rb +170 -0
data/spec/client/client_authz_resource_client_spec.rb +150 -0
data/spec/client/client_authz_scope_client_spec.rb +134 -0
data/spec/client/client_client_spec.rb +2 -2
data/spec/client/client_role_mappings_client_spec.rb +2 -2
data/spec/client/group_client_spec.rb +137 -15
data/spec/client/identity_provider_client_spec.rb +1 -1
data/spec/client/realm_client_spec.rb +4 -4
data/spec/client/role_client_spec.rb +12 -16
data/spec/client/role_mapper_client_spec.rb +1 -1
data/spec/client/token_client_spec.rb +1 -1
data/spec/client/user_client_spec.rb +5 -5
data/spec/configuration_spec.rb +1 -1
data/spec/integration/client_authorization_spec.rb +95 -0
data/spec/representation/client_authz_permission_representation_spec.rb +52 -0
data/spec/representation/client_authz_policy_representation_spec.rb +47 -0
data/spec/representation/client_authz_resource_representation_spec.rb +33 -0
data/spec/representation/client_authz_scope_representation_spec.rb +19 -0
data/spec/representation/group_representation_spec.rb +7 -0
metadata +23 -3

data/spec/client/client_authz_permission_client_spec.rb ADDED Viewed

@@ -0,0 +1,170 @@
+RSpec.describe KeycloakAdmin::ClientAuthzPermissionClient do
+  describe "#initialize" do
+    let(:realm_name) { nil }
+    let(:type) { :scope }
+    before(:each) do
+      @realm = KeycloakAdmin.realm(realm_name)
+    end
+    context "when realm_name is defined" do
+      let(:realm_name) { "master" }
+      it "does not raise any error" do
+        expect {
+          @realm.authz_permissions("", type)
+        }.to_not raise_error
+      end
+    end
+    context "when realm_name is not defined" do
+      let(:realm_name) { nil }
+      it "raises any error" do
+        expect {
+          @realm.authz_permissions("", type)
+        }.to raise_error(ArgumentError)
+      end
+    end
+    context "when type is bad value" do
+      let(:realm_name) { "master" }
+      let(:type) { "bad-type" }
+      it "does not raise any error" do
+        expect {
+          @realm.authz_permissions("", type)
+        }.to raise_error
+      end
+    end
+  end
+  describe '#delete' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:client_authz_permission) {  KeycloakAdmin.realm(realm_name).authz_permissions(client_id, "resource") }
+    before(:each) do
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:delete).and_return 'true'
+    end
+    it "deletes a permission" do
+      expect(client_authz_permission.delete("valid-permission-id")).to be_truthy
+    end
+  end
+  describe '#find_by' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:client_authz_permission) {  KeycloakAdmin.realm(realm_name).authz_permissions(client_id, "resource") }
+    before(:each) do
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '[{"id":"245ce612-ccdc-4426-8ea7-e0e29a718033","name":"Default Permission","description":"A permission that applies to the default resource type","type":"resource","logic":"POSITIVE","decisionStrategy":"UNANIMOUS","resourceType":"urn:dummy-client:resources:default"},{"id":"06a21e38-4e92-466d-8647-ffcd9c7b51c3","name":"delme policy","description":"delme polidy ","type":"resource","logic":"POSITIVE","decisionStrategy":"UNANIMOUS","resourceType":"asdfasdf"}]'
+    end
+    it "finds permissions" do
+      response = client_authz_permission.find_by("name", "resource", "scope")
+      expect(response[0].id).to eql "245ce612-ccdc-4426-8ea7-e0e29a718033"
+      expect(response[1].id).to eql "06a21e38-4e92-466d-8647-ffcd9c7b51c3"
+    end
+  end
+  describe '#create!' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:client_authz_permission) {  KeycloakAdmin.realm(realm_name).authz_permissions(client_id, "resource") }
+    before(:each) do
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:post).and_return '{"id":"245ce612-ccdc-4426-8ea7-e0e29a718033","name":"Default Permission","description":"A permission that applies to the default resource type","type":"resource","logic":"POSITIVE","decisionStrategy":"UNANIMOUS","resourceType":"urn:dummy-client:resources:default"}'
+    end
+    it "creates a permission" do
+      response = client_authz_permission.create!("name", "description", "UNANIMOUS", "POSITIVE", [], [], [], "resource")
+      expect(response.id).to eql "245ce612-ccdc-4426-8ea7-e0e29a718033"
+      expect(response.name).to eql "Default Permission"
+      expect(response.description).to eql "A permission that applies to the default resource type"
+      expect(response.logic).to eql "POSITIVE"
+      expect(response.decision_strategy).to eql "UNANIMOUS"
+      expect(response.resource_type).to eql "urn:dummy-client:resources:default"
+    end
+  end
+  describe '#list' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    before(:each) do
+      @client_authz_permission = KeycloakAdmin.realm(realm_name).authz_permissions(client_id, "resource")
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '[{"id":"245ce612-ccdc-4426-8ea7-e0e29a718033","name":"Default Permission","description":"A permission that applies to the default resource type","type":"resource","logic":"POSITIVE","decisionStrategy":"UNANIMOUS","resourceType":"urn:dummy-client:resources:default"},{"id":"06a21e38-4e92-466d-8647-ffcd9c7b51c3","name":"delme policy","description":"delme polidy ","type":"resource","logic":"POSITIVE","decisionStrategy":"UNANIMOUS","resourceType":"asdfasdf"}]'
+    end
+    it "returns list of authz permissions" do
+      response = @client_authz_permission.list
+      expect(response.size).to eq 2
+      expect(response[0].id).to eq "245ce612-ccdc-4426-8ea7-e0e29a718033"
+      expect(response[0].name).to eq "Default Permission"
+      expect(response[0].description).to eq "A permission that applies to the default resource type"
+      expect(response[0].logic).to eq "POSITIVE"
+      expect(response[0].decision_strategy).to eq "UNANIMOUS"
+      expect(response[0].resource_type).to eq "urn:dummy-client:resources:default"
+    end
+  end
+  describe '#get' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:client_authz_permission) {  KeycloakAdmin.realm(realm_name).authz_permissions(client_id, "resource") }
+    before(:each) do
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '{"id":"245ce612-ccdc-4426-8ea7-e0e29a718033","name":"Default Permission","description":"A permission that applies to the default resource type","type":"resource","logic":"POSITIVE","decisionStrategy":"UNANIMOUS","resourceType":"urn:dummy-client:resources:default"}'
+    end
+    it "gets a permission" do
+      response = client_authz_permission.get("245ce612-ccdc-4426-8ea7-e0e29a718033")
+      expect(response.id).to eql "245ce612-ccdc-4426-8ea7-e0e29a718033"
+      expect(response.name).to eql "Default Permission"
+      expect(response.description).to eql "A permission that applies to the default resource type"
+      expect(response.logic).to eql "POSITIVE"
+      expect(response.decision_strategy).to eql "UNANIMOUS"
+      expect(response.resource_type).to eql "urn:dummy-client:resources:default"
+    end
+  end
+  describe '#authz_permission_url' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:resource_id){ "valid-resource-id" }
+    let(:type){ "resource" }
+    let(:client_authz_permission) { KeycloakAdmin.realm(realm_name).authz_permissions(client_id, type, resource_id) }
+    context 'when resource_id is nil' do
+      it "return a proper url" do
+        expect(client_authz_permission.authz_permission_url(client_id)).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/permission/"
+      end
+    end
+    context 'when resource_id is not nil' do
+      it "return a proper url" do
+        expect(client_authz_permission.authz_permission_url(client_id, resource_id)).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/resource/valid-resource-id/permissions"
+      end
+    end
+    context 'when id is not nil' do
+      it "return a proper url" do
+        expect(client_authz_permission.authz_permission_url(client_id, nil, :resource, "valid-permission-id")).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/permission/resource/valid-permission-id"
+      end
+    end
+    context 'when resource_id and id are nil' do
+      it "return a proper url" do
+        expect(client_authz_permission.authz_permission_url(client_id, nil, :resource)).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/permission/resource"
+      end
+    end
+  end
+  describe '#authz_permission_url' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    before(:each) do
+      @client_authz_permission = KeycloakAdmin.realm(realm_name).authz_permissions(client_id, "resource")
+    end
+    it "return a proper url" do
+      expect(@client_authz_permission.authz_permission_url(client_id)).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/permission/"
+    end
+  end
+end

data/spec/client/client_authz_policy_client_spec.rb ADDED Viewed

@@ -0,0 +1,170 @@
+RSpec.describe KeycloakAdmin::ClientAuthzPolicyClient do
+  describe '#initialize' do
+    let(:realm_name) { nil }
+    let(:type) { :role }
+    before(:each) do
+      @realm = KeycloakAdmin.realm(realm_name)
+    end
+    context "when realm_name is defined" do
+      let(:realm_name) { "master" }
+      it "does not raise any error" do
+        expect {
+          @realm.authz_policies("", type)
+        }.to_not raise_error
+      end
+    end
+    context "when realm_name is not defined" do
+      let(:realm_name) { nil }
+      it "raises any error" do
+        expect {
+          @realm.authz_policies("", type)
+        }.to raise_error(ArgumentError)
+      end
+    end
+    context "when type is bad value" do
+      let(:realm_name) { "master" }
+      let(:type) { "bad-type" }
+      it "does not raise any error" do
+        expect {
+          @realm.authz_policies("", type)
+        }.to raise_error
+      end
+    end
+  end
+  describe '#create!' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:type) { :role }
+    let(:name) { "policy name" }
+    let(:description) { "policy description" }
+    let(:logic) { "POSITIVE" }
+    let(:decision_strategy) { "UNANIMOUS" }
+    let(:fetch_roles) { true }
+    let(:config) { { roles: [{ id: "1d305dbe-6379-4900-8e63-96541006160a", required: false }] } }
+    let(:client_authz_policy){ KeycloakAdmin.realm(realm_name).authz_policies(client_id, type) }
+    before(:each) do
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:post).and_return '{"id":"234f6f33-ef03-4f3f-a8c0-ad7bca27b720","name":"policy name","description":"policy description","type":"role","logic":"POSITIVE","decisionStrategy":"UNANIMOUS","config":{"roles":"[{\"id\":\"1d305dbe-6379-4900-8e63-96541006160a\",\"required\":false}]"}}'
+    end
+    it "creates a new authz policy" do
+      response = client_authz_policy.create!(name, description, type, logic, decision_strategy, fetch_roles, config[:roles])
+      expect(response.id).to eq "234f6f33-ef03-4f3f-a8c0-ad7bca27b720"
+      expect(response.name).to eq "policy name"
+      expect(response.type).to eq "role"
+      expect(response.logic).to eq "POSITIVE"
+      expect(response.decision_strategy).to eq "UNANIMOUS"
+      expect(response.config.roles[0].id).to eq "1d305dbe-6379-4900-8e63-96541006160a"
+    end
+  end
+  describe '#get' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:type) { :role }
+    let(:policy_id) { "234f6f33-ef03-4f3f-a8c0-ad7bca27b720" }
+    let(:client_authz_policy){ KeycloakAdmin.realm(realm_name).authz_policies(client_id, type) }
+    before(:each) do
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '{"id":"234f6f33-ef03-4f3f-a8c0-ad7bca27b720","name":"policy name","description":"policy description","type":"role","logic":"POSITIVE","decisionStrategy":"UNANIMOUS","config":{"roles":"[{\"id\":\"1d305dbe-6379-4900-8e63-96541006160a\",\"required\":false}]"}}'
+    end
+    it "returns an authz policy" do
+      response = client_authz_policy.get(policy_id)
+      expect(response.id).to eq "234f6f33-ef03-4f3f-a8c0-ad7bca27b720"
+      expect(response.name).to eq "policy name"
+      expect(response.type).to eq "role"
+      expect(response.logic).to eq "POSITIVE"
+      expect(response.decision_strategy).to eq "UNANIMOUS"
+      expect(response.config.roles[0].id).to eq "1d305dbe-6379-4900-8e63-96541006160a"
+    end
+  end
+  describe '#find_by' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:type) { :role }
+    let(:name) { "policy name" }
+    let(:client_authz_policy){ KeycloakAdmin.realm(realm_name).authz_policies(client_id, type) }
+    before(:each) do
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '[{"id":"234f6f33-ef03-4f3f-a8c0-ad7bca27b720","name":"policy name","description":"policy description","type":"role","logic":"POSITIVE","decisionStrategy":"UNANIMOUS","config":{"roles":"[{\"id\":\"1d305dbe-6379-4900-8e63-96541006160a\",\"required\":false}]"}}]'
+    end
+    it "returns list of authz policies" do
+      response = client_authz_policy.find_by(name, type)
+      expect(response.size).to eq 1
+      expect(response[0].id).to eq "234f6f33-ef03-4f3f-a8c0-ad7bca27b720"
+      expect(response[0].name).to eq "policy name"
+      expect(response[0].type).to eq "role"
+      expect(response[0].logic).to eq "POSITIVE"
+      expect(response[0].decision_strategy).to eq "UNANIMOUS"
+      expect(response[0].config.roles[0].id).to eq "1d305dbe-6379-4900-8e63-96541006160a"
+    end
+  end
+  describe '#delete' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:type) { :role }
+    let(:policy_id) { "234f6f33-ef03-4f3f-a8c0-ad7bca27b720" }
+    before(:each) do
+      @client_authz_policy = KeycloakAdmin.realm(realm_name).authz_policies(client_id, type)
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:delete).and_return 'true'
+    end
+    it "deletes an authz policy" do
+      response = @client_authz_policy.delete(policy_id)
+      expect(response).to eq true
+    end
+  end
+  describe '#list' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:type) { :role }
+    before(:each) do
+      @client_authz_policy = KeycloakAdmin.realm(realm_name).authz_policies(client_id, type)
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '[{"id":"234f6f33-ef03-4f3f-a8c0-ad7bca27b720","name":"policy name","description":"policy description","type":"role","logic":"POSITIVE","decisionStrategy":"UNANIMOUS","config":{"roles":"[{\"id\":\"1d305dbe-6379-4900-8e63-96541006160a\",\"required\":false}]"}}]'
+    end
+    it "returns list of authz policies" do
+      response = @client_authz_policy.list
+      expect(response.size).to eq 1
+      expect(response[0].id).to eq "234f6f33-ef03-4f3f-a8c0-ad7bca27b720"
+      expect(response[0].name).to eq "policy name"
+      expect(response[0].type).to eq "role"
+      expect(response[0].logic).to eq "POSITIVE"
+      expect(response[0].decision_strategy).to eq "UNANIMOUS"
+      expect(response[0].config.roles[0].id).to eq "1d305dbe-6379-4900-8e63-96541006160a"
+    end
+  end
+  describe '#authz_policy_url' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:type) { :role }
+    let(:client_authz_policy){ KeycloakAdmin.realm(realm_name).authz_policies(client_id, type) }
+    context 'when policy_id is nil' do
+      let(:policy_id) { nil }
+      it "return a proper url" do
+        expect(client_authz_policy.authz_policy_url(client_id, type, policy_id)).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/policy/role?permission=false"
+      end
+    end
+    context 'when policy_id is not nil' do
+      let(:policy_id) { "234f6f33-ef03-4f3f-a8c0-ad7bca27b720" }
+      it "return a proper url" do
+        expect(client_authz_policy.authz_policy_url(client_id, type, policy_id)).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/policy/role/234f6f33-ef03-4f3f-a8c0-ad7bca27b720"
+      end
+    end
+  end
+end

data/spec/client/client_authz_resource_client_spec.rb ADDED Viewed

@@ -0,0 +1,150 @@
+RSpec.describe KeycloakAdmin::ClientAuthzResourceClient do
+  describe "#initialize" do
+    let(:realm_name) { nil }
+    before(:each) do
+      @realm = KeycloakAdmin.realm(realm_name)
+    end
+    context "when realm_name is defined" do
+      let(:realm_name) { "master" }
+      it "does not raise any error" do
+        expect { @realm.attack_detections }.to_not raise_error
+      end
+    end
+    context "when realm_name is not defined" do
+      it "raise argument error" do
+        expect { @realm.attack_detections }.to raise_error(ArgumentError)
+      end
+    end
+  end
+  describe "#list" do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    before(:each) do
+      @client_authz_resource = KeycloakAdmin.realm(realm_name).authz_resources(client_id)
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '[{"name":"Default Resource","type":"urn:delme-client-id:resources:default","owner":{"id":"d259b451-371b-432a-a526-3508f3a36f3b","name":"delme-client-id"},"ownerManagedAccess":false,"_id":"94643fe2-1973-4a36-8e1f-830ade186398","uris":["/*"]},{"name":"asdfasdf","type":"urn:delme-client-id:resources:default","owner":{"id":"d259b451-371b-432a-a526-3508f3a36f3b","name":"delme-client-id"},"ownerManagedAccess":true,"displayName":"asdfasdfasdfa","_id":"385966a2-14b9-4cc4-9539-5f2fe1008222","uris":["/*"],"icon_uri":"http://icon"}]'
+    end
+    it "returns list of authz scopes" do
+      response = @client_authz_resource.list
+      expect(response.size).to eq 2
+      expect(response[1].id).to eq "385966a2-14b9-4cc4-9539-5f2fe1008222"
+      expect(response[1].name).to eq "asdfasdf"
+      expect(response[1].type).to eq  "urn:delme-client-id:resources:default"
+      expect(response[1].owner_managed_access).to be_truthy
+    end
+  end
+  describe '#get' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:resource_id) { "valid-resource-id" }
+    let(:client_authz_resource) { KeycloakAdmin.realm(realm_name).authz_resources(client_id) }
+    before(:each) do
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '{"name":"Default Resource","type":"urn:delme-client-id:resources:default","owner":{"id":"d259b451-371b-432a-a526-3508f3a36f3b","name":"delme-client-id"},"ownerManagedAccess":false,"_id":"94643fe2-1973-4a36-8e1f-830ade186398","uris":["/*"]}'
+    end
+    it "returns authz scope" do
+      response = client_authz_resource.get(resource_id)
+      expect(response.id).to eq "94643fe2-1973-4a36-8e1f-830ade186398"
+      expect(response.name).to eq "Default Resource"
+      expect(response.type).to eq  "urn:delme-client-id:resources:default"
+      expect(response.owner_managed_access).to be_falsey
+    end
+  end
+  describe '#update' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:resource_id) { "valid-resource-id" }
+    let(:client_authz_resource) { KeycloakAdmin.realm(realm_name).authz_resources(client_id) }
+    before(:each) do
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '{"name":"Default Resource","type":"urn:delme-client-id:resources:default","owner":{"id":"d259b451-371b-432a-a526-3508f3a36f3b","name":"delme-client-id"},"ownerManagedAccess":false,"_id":"94643fe2-1973-4a36-8e1f-830ade186398","uris":["/*"]}'
+      allow_any_instance_of(RestClient::Resource).to receive(:put).and_return '{"name":"Default Resource","type":"urn:delme-client-id:resources:default","owner":{"id":"d259b451-371b-432a-a526-3508f3a36f3b","name":"delme-client-id"},"ownerManagedAccess":false,"_id":"94643fe2-1973-4a36-8e1f-830ade186398","uris":["/*"]}'
+    end
+    it "returns updated authz scope" do
+      response = client_authz_resource.update(resource_id, {name: "Default Resource", type: "urn:delme-client-id:resources:default", uris: ["/tmp/*"], owner_managed_access: false, display_name: "Default Resource", scopes: []})
+      expect(response.id).to eq "94643fe2-1973-4a36-8e1f-830ade186398"
+      expect(response.name).to eq "Default Resource"
+      expect(response.type).to eq  "urn:delme-client-id:resources:default"
+      expect(response.owner_managed_access).to be_falsey
+    end
+  end
+  describe '#create!' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    before(:each) do
+      @client_authz_resource = KeycloakAdmin.realm(realm_name).authz_resources(client_id)
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:post).and_return '{"name":"Default Resource","type":"urn:delme-client-id:resources:default","owner":{"id":"d259b451-371b-432a-a526-3508f3a36f3b","name":"delme-client-id"},"ownerManagedAccess":false,"_id":"94643fe2-1973-4a36-8e1f-830ade186398","uris":["/*"]}'
+    end
+    it "returns created authz scope" do
+      response = @client_authz_resource.create!("Default Resource", "urn:delme-client-id:resources:default", ["/tmp/*"], false, "Default Resource", [])
+      expect(response.id).to eq "94643fe2-1973-4a36-8e1f-830ade186398"
+      expect(response.name).to eq "Default Resource"
+      expect(response.type).to eq  "urn:delme-client-id:resources:default"
+      expect(response.owner_managed_access).to be_falsey
+    end
+  end
+  describe "#find_by" do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:resource_id) { "valid-resource-id" }
+    let(:client_authz_resource) { KeycloakAdmin.realm(realm_name).authz_resources(client_id) }
+    before(:each) do
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '[{"name":"Default Resource","type":"urn:delme-client-id:resources:default","owner":{"id":"d259b451-371b-432a-a526-3508f3a36f3b","name":"delme-client-id"},"ownerManagedAccess":false,"_id":"94643fe2-1973-4a36-8e1f-830ade186398","uris":["/*"]}]'
+    end
+    it "returns list of authz scopes" do
+      response = client_authz_resource.find_by("Default Resource", "urn:delme-client-id:resources:default", ["/tmp/*"], false, "")
+      expect(response.size).to eq 1
+      expect(response[0].id).to eq "94643fe2-1973-4a36-8e1f-830ade186398"
+      expect(response[0].name).to eq "Default Resource"
+      expect(response[0].type).to eq  "urn:delme-client-id:resources:default"
+      expect(response[0].owner_managed_access).to be_falsey
+    end
+  end
+  describe "#authz_scopes_url" do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:client_authz_resource){ KeycloakAdmin.realm(realm_name).authz_resources(client_id) }
+    context 'when resource_id is nil' do
+      it "return a proper url" do
+        expect(client_authz_resource.authz_resources_url(client_id)).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/resource"
+      end
+    end
+    context 'when resource_id is not nil' do
+      it "return a proper url" do
+        expect(client_authz_resource.authz_resources_url(client_id, "resource-id")).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/resource/resource-id"
+      end
+    end
+  end
+  describe "#delete" do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:resource_id) { "valid-resource-id" }
+    let(:client_authz_resource) { KeycloakAdmin.realm(realm_name).authz_resources(client_id) }
+    before(:each) do
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:delete).and_return '{}'
+    end
+    it "returns true" do
+      response = client_authz_resource.delete(resource_id)
+      expect(response).to be_truthy
+    end
+  end
+end

data/spec/client/client_authz_scope_client_spec.rb ADDED Viewed

@@ -0,0 +1,134 @@
+RSpec.describe KeycloakAdmin::ClientAuthzScopeClient do
+  describe "#initialize" do
+    let(:realm_name) { nil }
+    before(:each) do
+      @realm = KeycloakAdmin.realm(realm_name)
+    end
+    context "when realm_name is defined" do
+      let(:realm_name) { "master" }
+      it "does not raise any error" do
+        expect { @realm.attack_detections }.to_not raise_error
+      end
+    end
+    context "when realm_name is not defined" do
+      it "raise argument error" do
+        expect { @realm.attack_detections }.to raise_error(ArgumentError)
+      end
+    end
+  end
+  describe "#create" do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    before(:each) do
+      @client_authz_scope = KeycloakAdmin.realm(realm_name).authz_scopes(client_id)
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:post).and_return '{"id":"c0779ce3-0900-4ea3-b1d6-b23e1f19c662","name":"GET","iconUri":"http://asdfasd1","displayName":"GET authz scope"}'
+    end
+    it "returns created authz scope" do
+      response = @client_authz_scope.create!("GET", "GET authz scope", "http://asdfasd1")
+      expect(response.id).to eq "c0779ce3-0900-4ea3-b1d6-b23e1f19c662"
+      expect(response.name).to eq "GET"
+      expect(response.display_name).to eq "GET authz scope"
+      expect(response.icon_uri).to eq "http://asdfasd1"
+    end
+  end
+  describe "#list" do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    before(:each) do
+      @client_authz_scope = KeycloakAdmin.realm(realm_name).authz_scopes(client_id)
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '[{"id":"c0779ce3-0900-4ea3-b1d6-b23e1f19c662","name":"GET","iconUri":"http://asdfasd1","displayName":"GET authz scope"},{"id":"d0779ce3-0900-4ea3-b1d6-b23e1f19c662","name":"POST","iconUri":"http://asdfasd2","displayName":"POST authz scope"}]'
+    end
+    it "returns list of authz scopes" do
+      response = @client_authz_scope.list
+      expect(response.size).to eq 2
+      expect(response.first.id).to eq "c0779ce3-0900-4ea3-b1d6-b23e1f19c662"
+      expect(response.first.name).to eq "GET"
+      expect(response.first.display_name).to eq "GET authz scope"
+      expect(response.first.icon_uri).to eq "http://asdfasd1"
+    end
+  end
+  describe "#delete" do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:scope_id) { "valid-scope-id" }
+    before(:each) do
+      @client_authz_scope = KeycloakAdmin.realm(realm_name).authz_scopes(client_id)
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:delete).and_return ""
+    end
+    it "returns true" do
+      response = @client_authz_scope.delete(scope_id)
+      expect(response).to eq true
+    end
+  end
+  describe '#get' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:scope_id) { "valid-scope-id" }
+    before(:each) do
+      @client_authz_scope = KeycloakAdmin.realm(realm_name).authz_scopes(client_id)
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '{"id":"c0779ce3-0900-4ea3-b1d6-b23e1f19c662","name":"GET","iconUri":"http://asdfasd1","displayName":"GET authz scope"}'
+    end
+    it "returns authz scope" do
+      response = @client_authz_scope.get(scope_id)
+      expect(response.id).to eq "c0779ce3-0900-4ea3-b1d6-b23e1f19c662"
+      expect(response.name).to eq "GET"
+      expect(response.display_name).to eq "GET authz scope"
+      expect(response.icon_uri).to eq "http://asdfasd1"
+    end
+  end
+  describe '#search' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:name) { "GET" }
+    before(:each) do
+      @client_authz_scope = KeycloakAdmin.realm(realm_name).authz_scopes(client_id)
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '[{"id":"c0779ce3-0900-4ea3-b1d6-b23e1f19c662","name":"GET","iconUri":"http://asdfasd1","displayName":"GET authz scope"}]'
+    end
+    it "returns list of authz scopes" do
+      response = @client_authz_scope.search(name)
+      expect(response.size).to eq 1
+      expect(response.first.id).to eq "c0779ce3-0900-4ea3-b1d6-b23e1f19c662"
+      expect(response.first.name).to eq "GET"
+      expect(response.first.display_name).to eq "GET authz scope"
+      expect(response.first.icon_uri).to eq "http://asdfasd1"
+    end
+  end
+  describe "#authz_scopes_url" do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:client_authz_scope) { KeycloakAdmin.realm(realm_name).authz_scopes(client_id) }
+    context 'resource_id is nil and id is nil' do
+      it "return a proper url" do
+        expect(client_authz_scope.authz_scopes_url(client_id)).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/scope"
+      end
+    end
+    context 'resource_id is not nil' do
+      it "return a proper url" do
+        expect(client_authz_scope.authz_scopes_url(client_id, "valid-resource-id")).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/resource/valid-resource-id/scopes"
+      end
+    end
+    context 'resource_id is nil and id is not nil' do
+      it "return a proper url" do
+        expect(client_authz_scope.authz_scopes_url(client_id, nil, "valid-id")).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/scope/valid-id"
+      end
+    end
+  end
+end

data/spec/client/client_client_spec.rb CHANGED Viewed

@@ -82,7 +82,7 @@ RSpec.describe KeycloakAdmin::ClientClient do
     end
     it "passes rest client options" do
-      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      rest_client_options = {timeout: 10}
       allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
       expect(RestClient::Resource).to receive(:new).with(
@@ -123,7 +123,7 @@ RSpec.describe KeycloakAdmin::ClientClient do
     end
     it "passes rest client options" do
-      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      rest_client_options = {timeout: 10}
       allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
       expect(RestClient::Resource).to receive(:new).with(
         "http://auth.service.io/auth/admin/realms/valid-realm/clients/95b45037-3980-404c-ba12-784fa1baf2c2", rest_client_options).and_call_original

data/spec/client/client_role_mappings_client_spec.rb CHANGED Viewed

@@ -32,7 +32,7 @@ RSpec.describe KeycloakAdmin::ClientRoleMappingsClient do
     end
     it "passes rest client options" do
-      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      rest_client_options = {timeout: 10}
       allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
       expect(RestClient::Resource).to receive(:new).with(
@@ -70,7 +70,7 @@ RSpec.describe KeycloakAdmin::ClientRoleMappingsClient do
     end
     it "passes rest client options" do
-      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      rest_client_options = {timeout: 10}
       allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
       expect(RestClient::Resource).to receive(:new).with(