keycloak-admin 1.1.1 → 1.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (43) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/Dockerfile +24 -0
  3. data/.github/workflows/ci.yml +83 -0
  4. data/CHANGELOG.md +12 -2
  5. data/Gemfile.lock +8 -8
  6. data/README.md +277 -4
  7. data/lib/keycloak-admin/client/client_authz_permission_client.rb +81 -0
  8. data/lib/keycloak-admin/client/client_authz_policy_client.rb +76 -0
  9. data/lib/keycloak-admin/client/client_authz_resource_client.rb +93 -0
  10. data/lib/keycloak-admin/client/client_authz_scope_client.rb +71 -0
  11. data/lib/keycloak-admin/client/group_client.rb +41 -13
  12. data/lib/keycloak-admin/client/realm_client.rb +16 -0
  13. data/lib/keycloak-admin/client/role_client.rb +12 -10
  14. data/lib/keycloak-admin/client/user_client.rb +1 -0
  15. data/lib/keycloak-admin/representation/client_authz_permission_representation.rb +34 -0
  16. data/lib/keycloak-admin/representation/client_authz_policy_config_representation.rb +15 -0
  17. data/lib/keycloak-admin/representation/client_authz_policy_representation.rb +27 -0
  18. data/lib/keycloak-admin/representation/client_authz_resource_representation.rb +26 -0
  19. data/lib/keycloak-admin/representation/client_authz_scope_representation.rb +17 -0
  20. data/lib/keycloak-admin/representation/group_representation.rb +9 -5
  21. data/lib/keycloak-admin/version.rb +1 -1
  22. data/lib/keycloak-admin.rb +9 -0
  23. data/spec/client/client_authz_permission_client_spec.rb +170 -0
  24. data/spec/client/client_authz_policy_client_spec.rb +170 -0
  25. data/spec/client/client_authz_resource_client_spec.rb +150 -0
  26. data/spec/client/client_authz_scope_client_spec.rb +134 -0
  27. data/spec/client/client_client_spec.rb +2 -2
  28. data/spec/client/client_role_mappings_client_spec.rb +2 -2
  29. data/spec/client/group_client_spec.rb +137 -15
  30. data/spec/client/identity_provider_client_spec.rb +1 -1
  31. data/spec/client/realm_client_spec.rb +4 -4
  32. data/spec/client/role_client_spec.rb +12 -16
  33. data/spec/client/role_mapper_client_spec.rb +1 -1
  34. data/spec/client/token_client_spec.rb +1 -1
  35. data/spec/client/user_client_spec.rb +5 -5
  36. data/spec/configuration_spec.rb +1 -1
  37. data/spec/integration/client_authorization_spec.rb +95 -0
  38. data/spec/representation/client_authz_permission_representation_spec.rb +52 -0
  39. data/spec/representation/client_authz_policy_representation_spec.rb +47 -0
  40. data/spec/representation/client_authz_resource_representation_spec.rb +33 -0
  41. data/spec/representation/client_authz_scope_representation_spec.rb +19 -0
  42. data/spec/representation/group_representation_spec.rb +7 -0
  43. metadata +23 -3
@@ -22,6 +22,35 @@ RSpec.describe KeycloakAdmin::GroupClient do
22
22
  end
23
23
  end
24
24
 
25
+ describe "#get" do
26
+ let(:realm_name) { "valid-realm" }
27
+
28
+ before(:each) do
29
+ @group_client = KeycloakAdmin.realm(realm_name).groups
30
+
31
+ stub_token_client
32
+ allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '{"id":"test_group_id","name":"test_group_name"}'
33
+ end
34
+
35
+ it "get a group" do
36
+ group = @group_client.get("test_group_id")
37
+ expect(group.id).to eq "test_group_id"
38
+ expect(group.name).to eq "test_group_name"
39
+ end
40
+
41
+ it "passes rest client options" do
42
+ rest_client_options = {timeout: 10}
43
+ allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
44
+
45
+ expect(RestClient::Resource).to receive(:new).with(
46
+ "http://auth.service.io/auth/admin/realms/valid-realm/groups/test_group_id", rest_client_options).and_call_original
47
+
48
+ group = @group_client.get("test_group_id")
49
+ expect(group.id).to eq "test_group_id"
50
+ expect(group.name).to eq "test_group_name"
51
+ end
52
+ end
53
+
25
54
  describe "#list" do
26
55
  let(:realm_name) { "valid-realm" }
27
56
 
@@ -39,7 +68,7 @@ RSpec.describe KeycloakAdmin::GroupClient do
39
68
  end
40
69
 
41
70
  it "passes rest client options" do
42
- rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
71
+ rest_client_options = {timeout: 10}
43
72
  allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
44
73
 
45
74
  expect(RestClient::Resource).to receive(:new).with(
@@ -51,35 +80,102 @@ RSpec.describe KeycloakAdmin::GroupClient do
51
80
  end
52
81
  end
53
82
 
54
- describe "#save" do
83
+
84
+ describe "#children" do
55
85
  let(:realm_name) { "valid-realm" }
56
- let(:group) { KeycloakAdmin::GroupRepresentation.from_hash(
57
- "name" => "test_group_name"
58
- )}
59
86
 
60
87
  before(:each) do
61
88
  @group_client = KeycloakAdmin.realm(realm_name).groups
62
89
 
63
90
  stub_token_client
64
- response = double
65
- allow(response).to receive(:headers).and_return(
66
- { location: 'http://auth.service.io/auth/admin/realms/valid-realm/groups/be061c48-6edd-4783-a726-1a57d4bfa22b' }
67
- )
68
- expect_any_instance_of(RestClient::Resource).to receive(:post).with(group.to_json, anything).and_return response
91
+ allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '[{"id":"test_group_id","name":"test_group_name"}]'
69
92
  end
70
93
 
71
- it "saves a group" do
72
- @group_client.save(group)
94
+ it "lists children groups" do
95
+ groups = @group_client.children("parent_group_id")
96
+ expect(groups.length).to eq 1
97
+ expect(groups[0].name).to eq "test_group_name"
73
98
  end
74
99
 
75
100
  it "passes rest client options" do
76
- rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
101
+ rest_client_options = {timeout: 10}
77
102
  allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
78
103
 
79
104
  expect(RestClient::Resource).to receive(:new).with(
80
- "http://auth.service.io/auth/admin/realms/valid-realm/groups", rest_client_options).and_call_original
105
+ "http://auth.service.io/auth/admin/realms/valid-realm/groups/parent_group_id/children", rest_client_options).and_call_original
81
106
 
82
- @group_client.save(group)
107
+ groups = @group_client.children("parent_group_id")
108
+ expect(groups.length).to eq 1
109
+ expect(groups[0].name).to eq "test_group_name"
110
+ end
111
+ end
112
+
113
+ describe "#save" do
114
+ let(:realm_name) { "valid-realm" }
115
+
116
+ before(:each) do
117
+ @group_client = KeycloakAdmin.realm(realm_name).groups
118
+
119
+ stub_token_client
120
+ end
121
+
122
+ context "when the group does not exist" do
123
+ let(:group) { KeycloakAdmin::GroupRepresentation.from_hash(
124
+ "name" => "test_group_name"
125
+ )}
126
+
127
+ before do
128
+ response = double
129
+ allow(response).to receive(:headers).and_return(
130
+ { location: 'http://auth.service.io/auth/admin/realms/valid-realm/groups/be061c48-6edd-4783-a726-1a57d4bfa22b' }
131
+ )
132
+
133
+ expect_any_instance_of(RestClient::Resource).to receive(:post).with(group.to_json, anything).and_return response
134
+ end
135
+
136
+ it "saves a group" do
137
+ @group_client.save(group)
138
+ end
139
+
140
+ it "passes rest client options" do
141
+ rest_client_options = {timeout: 10}
142
+ allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
143
+
144
+ expect(RestClient::Resource).to receive(:new).with(
145
+ "http://auth.service.io/auth/admin/realms/valid-realm/groups", rest_client_options).and_call_original
146
+
147
+ @group_client.save(group)
148
+ end
149
+ end
150
+
151
+ context "when the group already exists" do
152
+ let(:group) { KeycloakAdmin::GroupRepresentation.from_hash(
153
+ "id" => "test_group_id",
154
+ "name" => "test_group_name"
155
+ )}
156
+
157
+ before do
158
+ response = double
159
+ allow(response).to receive(:headers).and_return(
160
+ { location: 'http://auth.service.io/auth/admin/realms/valid-realm/groups/be061c48-6edd-4783-a726-1a57d4bfa22b' }
161
+ )
162
+
163
+ expect_any_instance_of(RestClient::Resource).to receive(:put).with(group.to_json, anything).and_return response
164
+ end
165
+
166
+ it "saves a group" do
167
+ @group_client.save(group)
168
+ end
169
+
170
+ it "passes rest client options" do
171
+ rest_client_options = {timeout: 10}
172
+ allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
173
+
174
+ expect(RestClient::Resource).to receive(:new).with(
175
+ "http://auth.service.io/auth/admin/realms/valid-realm/groups/test_group_id", rest_client_options).and_call_original
176
+
177
+ @group_client.save(group)
178
+ end
83
179
  end
84
180
  end
85
181
 
@@ -133,4 +229,30 @@ RSpec.describe KeycloakAdmin::GroupClient do
133
229
  expect(group_id).to eq '7686af34-204c-4515-8122-78d19febbf6e'
134
230
  end
135
231
  end
232
+
233
+ describe "#delete" do
234
+ let(:realm_name) { "valid-realm" }
235
+
236
+ before(:each) do
237
+ @group_client = KeycloakAdmin.realm(realm_name).groups
238
+
239
+ stub_token_client
240
+ allow_any_instance_of(RestClient::Resource).to receive(:delete).and_return ''
241
+ end
242
+
243
+ it "deletes a group" do
244
+ result = @group_client.delete("test_group_id")
245
+ expect(result).to be(true)
246
+ end
247
+
248
+ it "raises a delete error" do
249
+ rest_client_options = {timeout: 10}
250
+ allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
251
+
252
+ expect(RestClient::Resource).to receive(:new).with(
253
+ "http://auth.service.io/auth/admin/realms/valid-realm/groups/test_group_id", rest_client_options).and_raise("error")
254
+
255
+ expect { @group_client.delete("test_group_id") }.to raise_error("error")
256
+ end
257
+ end
136
258
  end
@@ -78,7 +78,7 @@ RSpec.describe KeycloakAdmin::IdentityProviderClient do
78
78
  end
79
79
 
80
80
  it "passes rest client options" do
81
- rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
81
+ rest_client_options = {timeout: 10}
82
82
  allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
83
83
 
84
84
  expect(RestClient::Resource).to receive(:new).with(
@@ -60,7 +60,7 @@ RSpec.describe KeycloakAdmin::RealmClient do
60
60
  end
61
61
 
62
62
  it "passes rest client options" do
63
- rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
63
+ rest_client_options = {timeout: 10}
64
64
  allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
65
65
 
66
66
  expect(RestClient::Resource).to receive(:new).with(
@@ -87,7 +87,7 @@ RSpec.describe KeycloakAdmin::RealmClient do
87
87
  end
88
88
 
89
89
  it "passes rest client options" do
90
- rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
90
+ rest_client_options = {timeout: 10}
91
91
  allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
92
92
 
93
93
  expect(RestClient::Resource).to receive(:new).with(
@@ -117,7 +117,7 @@ RSpec.describe KeycloakAdmin::RealmClient do
117
117
  end
118
118
 
119
119
  it "passes rest client options" do
120
- rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
120
+ rest_client_options = {timeout: 10}
121
121
  allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
122
122
 
123
123
  expect(RestClient::Resource).to receive(:new).with(
@@ -143,7 +143,7 @@ RSpec.describe KeycloakAdmin::RealmClient do
143
143
  end
144
144
 
145
145
  it "passes rest client options" do
146
- rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
146
+ rest_client_options = {timeout: 10}
147
147
  allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
148
148
 
149
149
  expect(RestClient::Resource).to receive(:new).with(
@@ -1,24 +1,20 @@
1
1
  RSpec.describe KeycloakAdmin::RoleClient do
2
2
  describe "#roles_url" do
3
3
  let(:realm_name) { "valid-realm" }
4
- let(:role_id) { nil }
5
4
 
6
- before(:each) do
7
- @built_url = KeycloakAdmin.realm(realm_name).roles.roles_url(role_id)
5
+ it "return a proper url without role id" do
6
+ @built_url = KeycloakAdmin.realm(realm_name).roles.roles_url
7
+ expect(@built_url).to eq "http://auth.service.io/auth/admin/realms/valid-realm/roles"
8
8
  end
9
+ end
9
10
 
10
- context "when role_id is not defined" do
11
- let(:role_id) { nil }
12
- it "return a proper url without role id" do
13
- expect(@built_url).to eq "http://auth.service.io/auth/admin/realms/valid-realm/roles"
14
- end
15
- end
11
+ describe "#role_id_url" do
12
+ let(:realm_name) { "valid-realm" }
13
+ let(:role_id) { "95985b21-d884-4bbd-b852-cb8cd365afc2" }
16
14
 
17
- context "when role_id is defined" do
18
- let(:role_id) { "95985b21-d884-4bbd-b852-cb8cd365afc2" }
19
- it "return a proper url with the role id" do
20
- expect(@built_url).to eq "http://auth.service.io/auth/admin/realms/valid-realm/roles/95985b21-d884-4bbd-b852-cb8cd365afc2"
21
- end
15
+ it "return a proper url with the role id" do
16
+ @built_url = KeycloakAdmin.realm(realm_name).roles.role_id_url(role_id)
17
+ expect(@built_url).to eq "http://auth.service.io/auth/admin/realms/valid-realm/roles-by-id/95985b21-d884-4bbd-b852-cb8cd365afc2"
22
18
  end
23
19
  end
24
20
 
@@ -39,7 +35,7 @@ RSpec.describe KeycloakAdmin::RoleClient do
39
35
  end
40
36
 
41
37
  it "passes rest client options" do
42
- rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
38
+ rest_client_options = {timeout: 10}
43
39
  allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
44
40
 
45
41
  expect(RestClient::Resource).to receive(:new).with(
@@ -71,7 +67,7 @@ RSpec.describe KeycloakAdmin::RoleClient do
71
67
  end
72
68
 
73
69
  it "passes rest client options" do
74
- rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
70
+ rest_client_options = {timeout: 10}
75
71
  allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
76
72
 
77
73
  expect(RestClient::Resource).to receive(:new).with(
@@ -56,7 +56,7 @@ RSpec.describe KeycloakAdmin::RoleMapperClient do
56
56
  end
57
57
 
58
58
  it "passes rest client options" do
59
- rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
59
+ rest_client_options = {timeout: 10}
60
60
  allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
61
61
 
62
62
  expect(RestClient::Resource).to receive(:new).with(
@@ -49,7 +49,7 @@ RSpec.describe KeycloakAdmin::TokenClient do
49
49
  end
50
50
 
51
51
  it "passes rest client options" do
52
- rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
52
+ rest_client_options = {timeout: 10}
53
53
  allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
54
54
  stub_post
55
55
 
@@ -141,7 +141,7 @@ RSpec.describe KeycloakAdmin::TokenClient do
141
141
  end
142
142
 
143
143
  it "passes rest client options" do
144
- rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
144
+ rest_client_options = {timeout: 10}
145
145
  allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
146
146
 
147
147
  expect(RestClient::Resource).to receive(:new).with(
@@ -167,7 +167,7 @@ RSpec.describe KeycloakAdmin::TokenClient do
167
167
  end
168
168
 
169
169
  it "passes rest client options" do
170
- rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
170
+ rest_client_options = {timeout: 10}
171
171
  allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
172
172
 
173
173
  expect(RestClient::Resource).to receive(:new).with(
@@ -213,7 +213,7 @@ RSpec.describe KeycloakAdmin::TokenClient do
213
213
  end
214
214
 
215
215
  it "passes rest client options" do
216
- rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
216
+ rest_client_options = {timeout: 10}
217
217
  allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
218
218
 
219
219
  expect(RestClient::Resource).to receive(:new).with(
@@ -246,7 +246,7 @@ RSpec.describe KeycloakAdmin::TokenClient do
246
246
  end
247
247
 
248
248
  it "passes rest client options" do
249
- rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
249
+ rest_client_options = {timeout: 10}
250
250
  allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
251
251
 
252
252
  expect(RestClient::Resource).to receive(:new).with(
@@ -273,7 +273,7 @@ RSpec.describe KeycloakAdmin::TokenClient do
273
273
  end
274
274
 
275
275
  it "passes rest client options" do
276
- rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
276
+ rest_client_options = {timeout: 10}
277
277
  allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
278
278
 
279
279
  expect(RestClient::Resource).to receive(:new).with(
@@ -6,7 +6,7 @@ RSpec.describe KeycloakAdmin::RealmClient do
6
6
  let(:use_service_account) { true }
7
7
  let(:username) { "a" }
8
8
  let(:password) { "b" }
9
- let(:rest_client_options) { {verify_ssl: OpenSSL::SSL::VERIFY_NONE} }
9
+ let(:rest_client_options) { {timeout: 10 } }
10
10
 
11
11
  before(:each) do
12
12
  @configuration = KeycloakAdmin::Configuration.new
@@ -0,0 +1,95 @@
1
+ RSpec.describe 'ClientAuthorization' do
2
+
3
+ before do
4
+ skip unless ENV["GITHUB_ACTIONS"]
5
+
6
+ KeycloakAdmin.configure do |config|
7
+ config.use_service_account = false
8
+ config.server_url = "http://localhost:8080/"
9
+ config.client_id = "admin-cli"
10
+ config.client_realm_name = "master"
11
+ config.username = "admin"
12
+ config.password = "admin"
13
+ config.rest_client_options = { timeout: 5, verify_ssl: false }
14
+ end
15
+ end
16
+
17
+ after do
18
+ configure
19
+ end
20
+
21
+ describe "ClientAuthorization Suite" do
22
+ it do
23
+ skip unless ENV["GITHUB_ACTIONS"]
24
+
25
+ realm_name = "dummy"
26
+
27
+ client = KeycloakAdmin.realm(realm_name).clients.find_by_client_id("dummy-client")
28
+ client.authorization_services_enabled = true
29
+ KeycloakAdmin.realm(realm_name).clients.update(client)
30
+
31
+ expect(KeycloakAdmin.realm(realm_name).authz_scopes(client.id).list.size).to eql(0)
32
+ expect(KeycloakAdmin.realm(realm_name).authz_resources(client.id).list.size).to eql(1)
33
+ expect(KeycloakAdmin.realm(realm_name).authz_policies(client.id, 'role').list.size).to eql(0)
34
+
35
+ realm_role = KeycloakAdmin.realm(realm_name).roles.get("default-roles-dummy")
36
+
37
+ scope_1 = KeycloakAdmin.realm(realm_name).authz_scopes(client.id).create!("POST_1", "POST 1 scope", "http://asdas")
38
+ scope_2 = KeycloakAdmin.realm(realm_name).authz_scopes(client.id).create!("POST_2", "POST 2 scope", "http://asdas")
39
+ expect(KeycloakAdmin.realm(realm_name).authz_scopes(client.id).search("POST").first.name).to eql("POST_1")
40
+ expect(KeycloakAdmin.realm(realm_name).authz_scopes(client.id).get(scope_1.id).name).to eql("POST_1")
41
+
42
+ resource = KeycloakAdmin.realm(realm_name).authz_resources(client.id).create!("Dummy Resource", "type", ["/asdf/*", "/tmp/"], true, "display_name", [], {"a": ["b", "c"]})
43
+
44
+ expect(KeycloakAdmin.realm(realm_name).authz_resources(client.id).find_by("Dummy Resource", "", "", "", "").first.name).to eql("Dummy Resource")
45
+ expect(KeycloakAdmin.realm(realm_name).authz_resources(client.id).find_by("", "type", "", "", "").first.name).to eql("Dummy Resource")
46
+
47
+ expect(KeycloakAdmin.realm(realm_name).authz_resources(client.id).get(resource.id).scopes.count).to eql(0)
48
+ expect(KeycloakAdmin.realm(realm_name).authz_resources(client.id).get(resource.id).uris.count).to eql(2)
49
+ KeycloakAdmin.realm(realm_name).authz_resources(client.id).update(resource.id,
50
+ {
51
+ "name": "Dummy Resource",
52
+ "type": "type",
53
+ "owner_managed_access": true,
54
+ "display_name": "display_name",
55
+ "attributes": {"a":["b","c"]},
56
+ "uris": [ "/asdf/*" , "/tmp/45" ],
57
+ "scopes":[
58
+ {name: scope_1.name},{name: scope_2.name}
59
+ ],
60
+ "icon_uri": "https://icon.ico"
61
+ }
62
+ )
63
+
64
+ expect(KeycloakAdmin.realm(realm_name).authz_resources(client.id).get(resource.id).scopes.count).to eql(2)
65
+
66
+ policy = KeycloakAdmin.realm(realm_name).authz_policies(client.id, 'role').create!("Policy 1", "description", "role", "POSITIVE", "UNANIMOUS", true, [{id: realm_role.id, required: true}])
67
+ expect(KeycloakAdmin.realm(realm_name).authz_policies(client.id, 'role').find_by("Policy 1", "role").first.name).to eql("Policy 1")
68
+ expect(KeycloakAdmin.realm(realm_name).authz_policies(client.id, 'role').get(policy.id).name).to eql("Policy 1")
69
+ scope_permission = KeycloakAdmin.realm(realm_name).authz_permissions(client.id, :scope).create!("Dummy Scope Permission", "scope description", "UNANIMOUS", "POSITIVE", [resource.id], [policy.id], [scope_1.id, scope_2.id], "")
70
+ resource_permission = KeycloakAdmin.realm(realm_name).authz_permissions(client.id, :resource).create!("Dummy Resource Permission", "resource description", "UNANIMOUS", "POSITIVE", [resource.id], [policy.id], nil, "")
71
+ expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "", resource.id).list.size).to eql(2)
72
+ expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "resource").get(resource_permission.id).name).to eql("Dummy Resource Permission")
73
+ expect(KeycloakAdmin.realm(realm_name).authz_scopes(client.id, resource.id).list.size).to eql(2)
74
+
75
+ expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, 'scope').list.size).to eql(3)
76
+ expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, 'resource').list.size).to eql(3)
77
+ expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "resource").find_by(resource_permission.name, nil).first.name).to eql("Dummy Resource Permission")
78
+ expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "resource").find_by(resource_permission.name, resource.id).first.name).to eql("Dummy Resource Permission")
79
+ expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "scope").find_by(scope_permission.name, resource.id).first.name).to eql("Dummy Scope Permission")
80
+ expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "scope").find_by(scope_permission.name, resource.id, "POST_1").first.name).to eql("Dummy Scope Permission")
81
+ expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "resource").find_by(nil, resource.id).first.name).to eql("Dummy Resource Permission")
82
+ expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "scope").find_by(nil, resource.id).first.name).to eql("Dummy Scope Permission")
83
+ expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "scope").find_by(nil, resource.id, "POST_1").first.name).to eql("Dummy Scope Permission")
84
+ expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "scope").find_by(scope_permission.name, nil).first.name).to eql("Dummy Scope Permission")
85
+
86
+ KeycloakAdmin.realm(realm_name).authz_permissions(client.id, 'scope').delete(scope_permission.id)
87
+ KeycloakAdmin.realm(realm_name).authz_permissions(client.id, 'resource').delete(resource_permission.id)
88
+ KeycloakAdmin.realm(realm_name).authz_policies(client.id, 'role').delete(policy.id)
89
+ KeycloakAdmin.realm(realm_name).authz_resources(client.id).delete(resource.id)
90
+ KeycloakAdmin.realm(realm_name).authz_scopes(client.id).delete(scope_1.id)
91
+ KeycloakAdmin.realm(realm_name).authz_scopes(client.id).delete(scope_2.id)
92
+
93
+ end
94
+ end
95
+ end
@@ -0,0 +1,52 @@
1
+ RSpec.describe KeycloakAdmin::ClientAuthzPermissionRepresentation do
2
+ describe '.from_hash, #resource based permission' do
3
+ it 'converts json response to class structure' do
4
+ rep = described_class.from_hash({
5
+ "id" => "e9e3bc49-fe11-4287-b6fc-fa8be4930ffa",
6
+ "resources" => ["4f55e984-d1ec-405c-a25c-1387f88acd5c"],
7
+ "policies" => ["e9e3bc49-fe11-4287-b6fc-fa8be4930ffa"],
8
+ "name" => "delme policy",
9
+ "description" => "Delme policy description",
10
+ "decisionStrategy" => "UNANIMOUS",
11
+ "resourceType" => ""
12
+ })
13
+ expect(rep.id).to eq "e9e3bc49-fe11-4287-b6fc-fa8be4930ffa"
14
+ expect(rep.resources).to eq ["4f55e984-d1ec-405c-a25c-1387f88acd5c"]
15
+ expect(rep.policies).to eq ["e9e3bc49-fe11-4287-b6fc-fa8be4930ffa"]
16
+ expect(rep.name).to eq "delme policy"
17
+ expect(rep.description).to eq "Delme policy description"
18
+ expect(rep.decision_strategy).to eq "UNANIMOUS"
19
+ expect(rep.resource_type).to eq ""
20
+ expect(rep).to be_a described_class
21
+ end
22
+ end
23
+
24
+ describe '.from_hash, #scope based permission' do
25
+ it 'converts json response to class structure' do
26
+ rep = described_class.from_hash(
27
+
28
+ { "id" => "4d762e5d-bf3d-4641-8f94-97e8a1869d1d",
29
+ "name" => "permission name",
30
+ "description" => "permission description",
31
+ "type" => "scope",
32
+ "policies" => ["e9e3bc49-fe11-4287-b6fc-fa8be4930ffa"],
33
+ "resources" => ["4f55e984-d1ec-405c-a25c-1387f88acd5c"],
34
+ "scopes" => ["7c4809c5-33b6-4668-a318-19b302214d20"],
35
+ "logic" => "POSITIVE",
36
+ "decisionStrategy" => "UNANIMOUS"
37
+ })
38
+ expect(rep.id).to eq "4d762e5d-bf3d-4641-8f94-97e8a1869d1d"
39
+ expect(rep.resources).to eq ["4f55e984-d1ec-405c-a25c-1387f88acd5c"]
40
+ expect(rep.policies).to eq ["e9e3bc49-fe11-4287-b6fc-fa8be4930ffa"]
41
+ expect(rep.scopes).to eq ["7c4809c5-33b6-4668-a318-19b302214d20"]
42
+ expect(rep.name).to eq "permission name"
43
+ expect(rep.description).to eq "permission description"
44
+ expect(rep.decision_strategy).to eq "UNANIMOUS"
45
+ expect(rep.logic).to eq "POSITIVE"
46
+ expect(rep.type).to eq "scope"
47
+ expect(rep.resource_type).to eq nil
48
+ expect(rep).to be_a described_class
49
+ end
50
+ end
51
+
52
+ end
@@ -0,0 +1,47 @@
1
+ # frozen_string_literal: true
2
+
3
+ RSpec.describe KeycloakAdmin::ClientAuthzPolicyRepresentation do
4
+ let(:realm_name) { "valid-realm" }
5
+ let(:client_id) { "valid-client-id" }
6
+ let(:policy_id) { "valid-policy-id" }
7
+ let(:role_id) { "valid-role-id" }
8
+ let(:role_name) { "valid-role-name" }
9
+ let(:policy_name) { "valid-policy-name" }
10
+ let(:policy_description) { "valid-policy-description" }
11
+ let(:policy_type) { "role" }
12
+ let(:policy_logic) { "POSITIVE" }
13
+ let(:policy_decision_strategy) { "UNANIMOUS" }
14
+ let(:policy) do
15
+ {
16
+ "id": policy_id,
17
+ "name": policy_name,
18
+ "description": policy_description,
19
+ "type": policy_type,
20
+ "logic": policy_logic,
21
+ "decisionStrategy": policy_decision_strategy,
22
+ "roles": [{ "id": role_id, "required": true }]
23
+ }
24
+ end
25
+ let(:client_authz_policy) { KeycloakAdmin.realm(realm_name).authz_policies(client_id, 'role') }
26
+
27
+ before(:each) do
28
+ stub_token_client
29
+ end
30
+
31
+ describe "#create!" do
32
+ before(:each) do
33
+ allow_any_instance_of(RestClient::Resource).to receive(:post).and_return policy.to_json
34
+ end
35
+
36
+ it "returns created authz policy" do
37
+ response = client_authz_policy.create!(policy_name, policy_description, policy_type, policy_logic, policy_decision_strategy, true, [{ id: role_id, required: true }])
38
+ expect(response.id).to eq policy_id
39
+ expect(response.name).to eq policy_name
40
+ expect(response.description).to eq policy_description
41
+ expect(response.type).to eq policy_type
42
+ expect(response.logic).to eq policy_logic
43
+ expect(response.decision_strategy).to eq policy_decision_strategy
44
+ expect(response.roles).to eq [{ "id" => role_id, "required" => true }]
45
+ end
46
+ end
47
+ end
@@ -0,0 +1,33 @@
1
+ RSpec.describe KeycloakAdmin::ClientAuthzResourceRepresentation do
2
+ describe '.from_hash' do
3
+ it 'converts json response to class structure' do
4
+ rep = described_class.from_hash({
5
+ "name" => "Default Resource",
6
+ "type" => "urn:delme-client-id:resources:default",
7
+ "owner" => {
8
+ "id" => "d259b451-371b-432a-a526-3508f3a36f3b",
9
+ "name" => "delme-client-id"
10
+ },
11
+ "ownerManagedAccess" => true,
12
+ "displayName" => "Display Name",
13
+ "attributes" => { "a" => ["b"]},
14
+ "_id" => "385966a2-14b9-4cc4-9539-5f2fe1008222",
15
+ "uris" => ["/*"],
16
+ "scopes" => [{"id"=>"c0779ce3-0900-4ea3-b1d6-b23e1f19c662",
17
+ "name" => "GET",
18
+ "iconUri" => "http=>//asdfasdf"}],
19
+ "icon_uri" => "http://icon"
20
+ })
21
+ expect(rep.id).to eq "385966a2-14b9-4cc4-9539-5f2fe1008222"
22
+ expect(rep.name).to eq "Default Resource"
23
+ expect(rep.type).to eq "urn:delme-client-id:resources:default"
24
+ expect(rep.uris).to eq ["/*"]
25
+ expect(rep.owner_managed_access).to eq true
26
+ expect(rep.attributes).to eq({ :"a" => ["b"]})
27
+ expect(rep.display_name).to eq "Display Name"
28
+ expect(rep.scopes[0].id).to eq "c0779ce3-0900-4ea3-b1d6-b23e1f19c662"
29
+ expect(rep.scopes[0].name).to eq "GET"
30
+ expect(rep).to be_a described_class
31
+ end
32
+ end
33
+ end
@@ -0,0 +1,19 @@
1
+ # frozen_string_literal: true
2
+
3
+ RSpec.describe KeycloakAdmin::ClientAuthzScopeRepresentation do
4
+ describe '.from_hash' do
5
+ it 'converts json response to class structure' do
6
+ rep = described_class.from_hash({
7
+ "id" =>"c0779ce3-0900-4ea3-b1d6-b23e1f19c662",
8
+ "name" => "GET",
9
+ "iconUri" => "http://asdfasdf/image.png",
10
+ "displayName" => "GET authz scope"
11
+ })
12
+ expect(rep.id).to eq "c0779ce3-0900-4ea3-b1d6-b23e1f19c662"
13
+ expect(rep.name).to eq "GET"
14
+ expect(rep.icon_uri).to eq "http://asdfasdf/image.png"
15
+ expect(rep.display_name).to eq "GET authz scope"
16
+ expect(rep).to be_a described_class
17
+ end
18
+ end
19
+ end
@@ -4,10 +4,17 @@ RSpec.describe KeycloakAdmin::GroupRepresentation do
4
4
  it "parses the sub groups into group representations" do
5
5
  group = described_class.from_hash({
6
6
  "name" => "group a",
7
+ "attributes" => {
8
+ "key" => ["value"]
9
+ },
10
+ "subGroupCount" => 1,
7
11
  "subGroups" => [{
8
12
  "name" => "subgroup b"
9
13
  }]
10
14
  })
15
+
16
+ expect(group.attributes).to eq(key: ["value"])
17
+ expect(group.sub_group_count).to eq 1
11
18
  expect(group.sub_groups.length).to eq 1
12
19
  expect(group.sub_groups.first).to be_a described_class
13
20
  end