keycloak-admin 1.1.1 → 1.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/Dockerfile +24 -0
- data/.github/workflows/ci.yml +83 -0
- data/CHANGELOG.md +12 -2
- data/Gemfile.lock +8 -8
- data/README.md +277 -4
- data/lib/keycloak-admin/client/client_authz_permission_client.rb +81 -0
- data/lib/keycloak-admin/client/client_authz_policy_client.rb +76 -0
- data/lib/keycloak-admin/client/client_authz_resource_client.rb +93 -0
- data/lib/keycloak-admin/client/client_authz_scope_client.rb +71 -0
- data/lib/keycloak-admin/client/group_client.rb +41 -13
- data/lib/keycloak-admin/client/realm_client.rb +16 -0
- data/lib/keycloak-admin/client/role_client.rb +12 -10
- data/lib/keycloak-admin/client/user_client.rb +1 -0
- data/lib/keycloak-admin/representation/client_authz_permission_representation.rb +34 -0
- data/lib/keycloak-admin/representation/client_authz_policy_config_representation.rb +15 -0
- data/lib/keycloak-admin/representation/client_authz_policy_representation.rb +27 -0
- data/lib/keycloak-admin/representation/client_authz_resource_representation.rb +26 -0
- data/lib/keycloak-admin/representation/client_authz_scope_representation.rb +17 -0
- data/lib/keycloak-admin/representation/group_representation.rb +9 -5
- data/lib/keycloak-admin/version.rb +1 -1
- data/lib/keycloak-admin.rb +9 -0
- data/spec/client/client_authz_permission_client_spec.rb +170 -0
- data/spec/client/client_authz_policy_client_spec.rb +170 -0
- data/spec/client/client_authz_resource_client_spec.rb +150 -0
- data/spec/client/client_authz_scope_client_spec.rb +134 -0
- data/spec/client/client_client_spec.rb +2 -2
- data/spec/client/client_role_mappings_client_spec.rb +2 -2
- data/spec/client/group_client_spec.rb +137 -15
- data/spec/client/identity_provider_client_spec.rb +1 -1
- data/spec/client/realm_client_spec.rb +4 -4
- data/spec/client/role_client_spec.rb +12 -16
- data/spec/client/role_mapper_client_spec.rb +1 -1
- data/spec/client/token_client_spec.rb +1 -1
- data/spec/client/user_client_spec.rb +5 -5
- data/spec/configuration_spec.rb +1 -1
- data/spec/integration/client_authorization_spec.rb +95 -0
- data/spec/representation/client_authz_permission_representation_spec.rb +52 -0
- data/spec/representation/client_authz_policy_representation_spec.rb +47 -0
- data/spec/representation/client_authz_resource_representation_spec.rb +33 -0
- data/spec/representation/client_authz_scope_representation_spec.rb +19 -0
- data/spec/representation/group_representation_spec.rb +7 -0
- metadata +23 -3
@@ -22,6 +22,35 @@ RSpec.describe KeycloakAdmin::GroupClient do
|
|
22
22
|
end
|
23
23
|
end
|
24
24
|
|
25
|
+
describe "#get" do
|
26
|
+
let(:realm_name) { "valid-realm" }
|
27
|
+
|
28
|
+
before(:each) do
|
29
|
+
@group_client = KeycloakAdmin.realm(realm_name).groups
|
30
|
+
|
31
|
+
stub_token_client
|
32
|
+
allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '{"id":"test_group_id","name":"test_group_name"}'
|
33
|
+
end
|
34
|
+
|
35
|
+
it "get a group" do
|
36
|
+
group = @group_client.get("test_group_id")
|
37
|
+
expect(group.id).to eq "test_group_id"
|
38
|
+
expect(group.name).to eq "test_group_name"
|
39
|
+
end
|
40
|
+
|
41
|
+
it "passes rest client options" do
|
42
|
+
rest_client_options = {timeout: 10}
|
43
|
+
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
44
|
+
|
45
|
+
expect(RestClient::Resource).to receive(:new).with(
|
46
|
+
"http://auth.service.io/auth/admin/realms/valid-realm/groups/test_group_id", rest_client_options).and_call_original
|
47
|
+
|
48
|
+
group = @group_client.get("test_group_id")
|
49
|
+
expect(group.id).to eq "test_group_id"
|
50
|
+
expect(group.name).to eq "test_group_name"
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
25
54
|
describe "#list" do
|
26
55
|
let(:realm_name) { "valid-realm" }
|
27
56
|
|
@@ -39,7 +68,7 @@ RSpec.describe KeycloakAdmin::GroupClient do
|
|
39
68
|
end
|
40
69
|
|
41
70
|
it "passes rest client options" do
|
42
|
-
rest_client_options = {
|
71
|
+
rest_client_options = {timeout: 10}
|
43
72
|
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
44
73
|
|
45
74
|
expect(RestClient::Resource).to receive(:new).with(
|
@@ -51,35 +80,102 @@ RSpec.describe KeycloakAdmin::GroupClient do
|
|
51
80
|
end
|
52
81
|
end
|
53
82
|
|
54
|
-
|
83
|
+
|
84
|
+
describe "#children" do
|
55
85
|
let(:realm_name) { "valid-realm" }
|
56
|
-
let(:group) { KeycloakAdmin::GroupRepresentation.from_hash(
|
57
|
-
"name" => "test_group_name"
|
58
|
-
)}
|
59
86
|
|
60
87
|
before(:each) do
|
61
88
|
@group_client = KeycloakAdmin.realm(realm_name).groups
|
62
89
|
|
63
90
|
stub_token_client
|
64
|
-
|
65
|
-
allow(response).to receive(:headers).and_return(
|
66
|
-
{ location: 'http://auth.service.io/auth/admin/realms/valid-realm/groups/be061c48-6edd-4783-a726-1a57d4bfa22b' }
|
67
|
-
)
|
68
|
-
expect_any_instance_of(RestClient::Resource).to receive(:post).with(group.to_json, anything).and_return response
|
91
|
+
allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '[{"id":"test_group_id","name":"test_group_name"}]'
|
69
92
|
end
|
70
93
|
|
71
|
-
it "
|
72
|
-
@group_client.
|
94
|
+
it "lists children groups" do
|
95
|
+
groups = @group_client.children("parent_group_id")
|
96
|
+
expect(groups.length).to eq 1
|
97
|
+
expect(groups[0].name).to eq "test_group_name"
|
73
98
|
end
|
74
99
|
|
75
100
|
it "passes rest client options" do
|
76
|
-
rest_client_options = {
|
101
|
+
rest_client_options = {timeout: 10}
|
77
102
|
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
78
103
|
|
79
104
|
expect(RestClient::Resource).to receive(:new).with(
|
80
|
-
"http://auth.service.io/auth/admin/realms/valid-realm/groups", rest_client_options).and_call_original
|
105
|
+
"http://auth.service.io/auth/admin/realms/valid-realm/groups/parent_group_id/children", rest_client_options).and_call_original
|
81
106
|
|
82
|
-
@group_client.
|
107
|
+
groups = @group_client.children("parent_group_id")
|
108
|
+
expect(groups.length).to eq 1
|
109
|
+
expect(groups[0].name).to eq "test_group_name"
|
110
|
+
end
|
111
|
+
end
|
112
|
+
|
113
|
+
describe "#save" do
|
114
|
+
let(:realm_name) { "valid-realm" }
|
115
|
+
|
116
|
+
before(:each) do
|
117
|
+
@group_client = KeycloakAdmin.realm(realm_name).groups
|
118
|
+
|
119
|
+
stub_token_client
|
120
|
+
end
|
121
|
+
|
122
|
+
context "when the group does not exist" do
|
123
|
+
let(:group) { KeycloakAdmin::GroupRepresentation.from_hash(
|
124
|
+
"name" => "test_group_name"
|
125
|
+
)}
|
126
|
+
|
127
|
+
before do
|
128
|
+
response = double
|
129
|
+
allow(response).to receive(:headers).and_return(
|
130
|
+
{ location: 'http://auth.service.io/auth/admin/realms/valid-realm/groups/be061c48-6edd-4783-a726-1a57d4bfa22b' }
|
131
|
+
)
|
132
|
+
|
133
|
+
expect_any_instance_of(RestClient::Resource).to receive(:post).with(group.to_json, anything).and_return response
|
134
|
+
end
|
135
|
+
|
136
|
+
it "saves a group" do
|
137
|
+
@group_client.save(group)
|
138
|
+
end
|
139
|
+
|
140
|
+
it "passes rest client options" do
|
141
|
+
rest_client_options = {timeout: 10}
|
142
|
+
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
143
|
+
|
144
|
+
expect(RestClient::Resource).to receive(:new).with(
|
145
|
+
"http://auth.service.io/auth/admin/realms/valid-realm/groups", rest_client_options).and_call_original
|
146
|
+
|
147
|
+
@group_client.save(group)
|
148
|
+
end
|
149
|
+
end
|
150
|
+
|
151
|
+
context "when the group already exists" do
|
152
|
+
let(:group) { KeycloakAdmin::GroupRepresentation.from_hash(
|
153
|
+
"id" => "test_group_id",
|
154
|
+
"name" => "test_group_name"
|
155
|
+
)}
|
156
|
+
|
157
|
+
before do
|
158
|
+
response = double
|
159
|
+
allow(response).to receive(:headers).and_return(
|
160
|
+
{ location: 'http://auth.service.io/auth/admin/realms/valid-realm/groups/be061c48-6edd-4783-a726-1a57d4bfa22b' }
|
161
|
+
)
|
162
|
+
|
163
|
+
expect_any_instance_of(RestClient::Resource).to receive(:put).with(group.to_json, anything).and_return response
|
164
|
+
end
|
165
|
+
|
166
|
+
it "saves a group" do
|
167
|
+
@group_client.save(group)
|
168
|
+
end
|
169
|
+
|
170
|
+
it "passes rest client options" do
|
171
|
+
rest_client_options = {timeout: 10}
|
172
|
+
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
173
|
+
|
174
|
+
expect(RestClient::Resource).to receive(:new).with(
|
175
|
+
"http://auth.service.io/auth/admin/realms/valid-realm/groups/test_group_id", rest_client_options).and_call_original
|
176
|
+
|
177
|
+
@group_client.save(group)
|
178
|
+
end
|
83
179
|
end
|
84
180
|
end
|
85
181
|
|
@@ -133,4 +229,30 @@ RSpec.describe KeycloakAdmin::GroupClient do
|
|
133
229
|
expect(group_id).to eq '7686af34-204c-4515-8122-78d19febbf6e'
|
134
230
|
end
|
135
231
|
end
|
232
|
+
|
233
|
+
describe "#delete" do
|
234
|
+
let(:realm_name) { "valid-realm" }
|
235
|
+
|
236
|
+
before(:each) do
|
237
|
+
@group_client = KeycloakAdmin.realm(realm_name).groups
|
238
|
+
|
239
|
+
stub_token_client
|
240
|
+
allow_any_instance_of(RestClient::Resource).to receive(:delete).and_return ''
|
241
|
+
end
|
242
|
+
|
243
|
+
it "deletes a group" do
|
244
|
+
result = @group_client.delete("test_group_id")
|
245
|
+
expect(result).to be(true)
|
246
|
+
end
|
247
|
+
|
248
|
+
it "raises a delete error" do
|
249
|
+
rest_client_options = {timeout: 10}
|
250
|
+
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
251
|
+
|
252
|
+
expect(RestClient::Resource).to receive(:new).with(
|
253
|
+
"http://auth.service.io/auth/admin/realms/valid-realm/groups/test_group_id", rest_client_options).and_raise("error")
|
254
|
+
|
255
|
+
expect { @group_client.delete("test_group_id") }.to raise_error("error")
|
256
|
+
end
|
257
|
+
end
|
136
258
|
end
|
@@ -78,7 +78,7 @@ RSpec.describe KeycloakAdmin::IdentityProviderClient do
|
|
78
78
|
end
|
79
79
|
|
80
80
|
it "passes rest client options" do
|
81
|
-
rest_client_options = {
|
81
|
+
rest_client_options = {timeout: 10}
|
82
82
|
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
83
83
|
|
84
84
|
expect(RestClient::Resource).to receive(:new).with(
|
@@ -60,7 +60,7 @@ RSpec.describe KeycloakAdmin::RealmClient do
|
|
60
60
|
end
|
61
61
|
|
62
62
|
it "passes rest client options" do
|
63
|
-
rest_client_options = {
|
63
|
+
rest_client_options = {timeout: 10}
|
64
64
|
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
65
65
|
|
66
66
|
expect(RestClient::Resource).to receive(:new).with(
|
@@ -87,7 +87,7 @@ RSpec.describe KeycloakAdmin::RealmClient do
|
|
87
87
|
end
|
88
88
|
|
89
89
|
it "passes rest client options" do
|
90
|
-
rest_client_options = {
|
90
|
+
rest_client_options = {timeout: 10}
|
91
91
|
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
92
92
|
|
93
93
|
expect(RestClient::Resource).to receive(:new).with(
|
@@ -117,7 +117,7 @@ RSpec.describe KeycloakAdmin::RealmClient do
|
|
117
117
|
end
|
118
118
|
|
119
119
|
it "passes rest client options" do
|
120
|
-
rest_client_options = {
|
120
|
+
rest_client_options = {timeout: 10}
|
121
121
|
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
122
122
|
|
123
123
|
expect(RestClient::Resource).to receive(:new).with(
|
@@ -143,7 +143,7 @@ RSpec.describe KeycloakAdmin::RealmClient do
|
|
143
143
|
end
|
144
144
|
|
145
145
|
it "passes rest client options" do
|
146
|
-
rest_client_options = {
|
146
|
+
rest_client_options = {timeout: 10}
|
147
147
|
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
148
148
|
|
149
149
|
expect(RestClient::Resource).to receive(:new).with(
|
@@ -1,24 +1,20 @@
|
|
1
1
|
RSpec.describe KeycloakAdmin::RoleClient do
|
2
2
|
describe "#roles_url" do
|
3
3
|
let(:realm_name) { "valid-realm" }
|
4
|
-
let(:role_id) { nil }
|
5
4
|
|
6
|
-
|
7
|
-
@built_url = KeycloakAdmin.realm(realm_name).roles.roles_url
|
5
|
+
it "return a proper url without role id" do
|
6
|
+
@built_url = KeycloakAdmin.realm(realm_name).roles.roles_url
|
7
|
+
expect(@built_url).to eq "http://auth.service.io/auth/admin/realms/valid-realm/roles"
|
8
8
|
end
|
9
|
+
end
|
9
10
|
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
expect(@built_url).to eq "http://auth.service.io/auth/admin/realms/valid-realm/roles"
|
14
|
-
end
|
15
|
-
end
|
11
|
+
describe "#role_id_url" do
|
12
|
+
let(:realm_name) { "valid-realm" }
|
13
|
+
let(:role_id) { "95985b21-d884-4bbd-b852-cb8cd365afc2" }
|
16
14
|
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
expect(@built_url).to eq "http://auth.service.io/auth/admin/realms/valid-realm/roles/95985b21-d884-4bbd-b852-cb8cd365afc2"
|
21
|
-
end
|
15
|
+
it "return a proper url with the role id" do
|
16
|
+
@built_url = KeycloakAdmin.realm(realm_name).roles.role_id_url(role_id)
|
17
|
+
expect(@built_url).to eq "http://auth.service.io/auth/admin/realms/valid-realm/roles-by-id/95985b21-d884-4bbd-b852-cb8cd365afc2"
|
22
18
|
end
|
23
19
|
end
|
24
20
|
|
@@ -39,7 +35,7 @@ RSpec.describe KeycloakAdmin::RoleClient do
|
|
39
35
|
end
|
40
36
|
|
41
37
|
it "passes rest client options" do
|
42
|
-
rest_client_options = {
|
38
|
+
rest_client_options = {timeout: 10}
|
43
39
|
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
44
40
|
|
45
41
|
expect(RestClient::Resource).to receive(:new).with(
|
@@ -71,7 +67,7 @@ RSpec.describe KeycloakAdmin::RoleClient do
|
|
71
67
|
end
|
72
68
|
|
73
69
|
it "passes rest client options" do
|
74
|
-
rest_client_options = {
|
70
|
+
rest_client_options = {timeout: 10}
|
75
71
|
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
76
72
|
|
77
73
|
expect(RestClient::Resource).to receive(:new).with(
|
@@ -56,7 +56,7 @@ RSpec.describe KeycloakAdmin::RoleMapperClient do
|
|
56
56
|
end
|
57
57
|
|
58
58
|
it "passes rest client options" do
|
59
|
-
rest_client_options = {
|
59
|
+
rest_client_options = {timeout: 10}
|
60
60
|
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
61
61
|
|
62
62
|
expect(RestClient::Resource).to receive(:new).with(
|
@@ -49,7 +49,7 @@ RSpec.describe KeycloakAdmin::TokenClient do
|
|
49
49
|
end
|
50
50
|
|
51
51
|
it "passes rest client options" do
|
52
|
-
rest_client_options = {
|
52
|
+
rest_client_options = {timeout: 10}
|
53
53
|
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
54
54
|
stub_post
|
55
55
|
|
@@ -141,7 +141,7 @@ RSpec.describe KeycloakAdmin::TokenClient do
|
|
141
141
|
end
|
142
142
|
|
143
143
|
it "passes rest client options" do
|
144
|
-
rest_client_options = {
|
144
|
+
rest_client_options = {timeout: 10}
|
145
145
|
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
146
146
|
|
147
147
|
expect(RestClient::Resource).to receive(:new).with(
|
@@ -167,7 +167,7 @@ RSpec.describe KeycloakAdmin::TokenClient do
|
|
167
167
|
end
|
168
168
|
|
169
169
|
it "passes rest client options" do
|
170
|
-
rest_client_options = {
|
170
|
+
rest_client_options = {timeout: 10}
|
171
171
|
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
172
172
|
|
173
173
|
expect(RestClient::Resource).to receive(:new).with(
|
@@ -213,7 +213,7 @@ RSpec.describe KeycloakAdmin::TokenClient do
|
|
213
213
|
end
|
214
214
|
|
215
215
|
it "passes rest client options" do
|
216
|
-
rest_client_options = {
|
216
|
+
rest_client_options = {timeout: 10}
|
217
217
|
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
218
218
|
|
219
219
|
expect(RestClient::Resource).to receive(:new).with(
|
@@ -246,7 +246,7 @@ RSpec.describe KeycloakAdmin::TokenClient do
|
|
246
246
|
end
|
247
247
|
|
248
248
|
it "passes rest client options" do
|
249
|
-
rest_client_options = {
|
249
|
+
rest_client_options = {timeout: 10}
|
250
250
|
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
251
251
|
|
252
252
|
expect(RestClient::Resource).to receive(:new).with(
|
@@ -273,7 +273,7 @@ RSpec.describe KeycloakAdmin::TokenClient do
|
|
273
273
|
end
|
274
274
|
|
275
275
|
it "passes rest client options" do
|
276
|
-
rest_client_options = {
|
276
|
+
rest_client_options = {timeout: 10}
|
277
277
|
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
278
278
|
|
279
279
|
expect(RestClient::Resource).to receive(:new).with(
|
data/spec/configuration_spec.rb
CHANGED
@@ -6,7 +6,7 @@ RSpec.describe KeycloakAdmin::RealmClient do
|
|
6
6
|
let(:use_service_account) { true }
|
7
7
|
let(:username) { "a" }
|
8
8
|
let(:password) { "b" }
|
9
|
-
let(:rest_client_options) { {
|
9
|
+
let(:rest_client_options) { {timeout: 10 } }
|
10
10
|
|
11
11
|
before(:each) do
|
12
12
|
@configuration = KeycloakAdmin::Configuration.new
|
@@ -0,0 +1,95 @@
|
|
1
|
+
RSpec.describe 'ClientAuthorization' do
|
2
|
+
|
3
|
+
before do
|
4
|
+
skip unless ENV["GITHUB_ACTIONS"]
|
5
|
+
|
6
|
+
KeycloakAdmin.configure do |config|
|
7
|
+
config.use_service_account = false
|
8
|
+
config.server_url = "http://localhost:8080/"
|
9
|
+
config.client_id = "admin-cli"
|
10
|
+
config.client_realm_name = "master"
|
11
|
+
config.username = "admin"
|
12
|
+
config.password = "admin"
|
13
|
+
config.rest_client_options = { timeout: 5, verify_ssl: false }
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
after do
|
18
|
+
configure
|
19
|
+
end
|
20
|
+
|
21
|
+
describe "ClientAuthorization Suite" do
|
22
|
+
it do
|
23
|
+
skip unless ENV["GITHUB_ACTIONS"]
|
24
|
+
|
25
|
+
realm_name = "dummy"
|
26
|
+
|
27
|
+
client = KeycloakAdmin.realm(realm_name).clients.find_by_client_id("dummy-client")
|
28
|
+
client.authorization_services_enabled = true
|
29
|
+
KeycloakAdmin.realm(realm_name).clients.update(client)
|
30
|
+
|
31
|
+
expect(KeycloakAdmin.realm(realm_name).authz_scopes(client.id).list.size).to eql(0)
|
32
|
+
expect(KeycloakAdmin.realm(realm_name).authz_resources(client.id).list.size).to eql(1)
|
33
|
+
expect(KeycloakAdmin.realm(realm_name).authz_policies(client.id, 'role').list.size).to eql(0)
|
34
|
+
|
35
|
+
realm_role = KeycloakAdmin.realm(realm_name).roles.get("default-roles-dummy")
|
36
|
+
|
37
|
+
scope_1 = KeycloakAdmin.realm(realm_name).authz_scopes(client.id).create!("POST_1", "POST 1 scope", "http://asdas")
|
38
|
+
scope_2 = KeycloakAdmin.realm(realm_name).authz_scopes(client.id).create!("POST_2", "POST 2 scope", "http://asdas")
|
39
|
+
expect(KeycloakAdmin.realm(realm_name).authz_scopes(client.id).search("POST").first.name).to eql("POST_1")
|
40
|
+
expect(KeycloakAdmin.realm(realm_name).authz_scopes(client.id).get(scope_1.id).name).to eql("POST_1")
|
41
|
+
|
42
|
+
resource = KeycloakAdmin.realm(realm_name).authz_resources(client.id).create!("Dummy Resource", "type", ["/asdf/*", "/tmp/"], true, "display_name", [], {"a": ["b", "c"]})
|
43
|
+
|
44
|
+
expect(KeycloakAdmin.realm(realm_name).authz_resources(client.id).find_by("Dummy Resource", "", "", "", "").first.name).to eql("Dummy Resource")
|
45
|
+
expect(KeycloakAdmin.realm(realm_name).authz_resources(client.id).find_by("", "type", "", "", "").first.name).to eql("Dummy Resource")
|
46
|
+
|
47
|
+
expect(KeycloakAdmin.realm(realm_name).authz_resources(client.id).get(resource.id).scopes.count).to eql(0)
|
48
|
+
expect(KeycloakAdmin.realm(realm_name).authz_resources(client.id).get(resource.id).uris.count).to eql(2)
|
49
|
+
KeycloakAdmin.realm(realm_name).authz_resources(client.id).update(resource.id,
|
50
|
+
{
|
51
|
+
"name": "Dummy Resource",
|
52
|
+
"type": "type",
|
53
|
+
"owner_managed_access": true,
|
54
|
+
"display_name": "display_name",
|
55
|
+
"attributes": {"a":["b","c"]},
|
56
|
+
"uris": [ "/asdf/*" , "/tmp/45" ],
|
57
|
+
"scopes":[
|
58
|
+
{name: scope_1.name},{name: scope_2.name}
|
59
|
+
],
|
60
|
+
"icon_uri": "https://icon.ico"
|
61
|
+
}
|
62
|
+
)
|
63
|
+
|
64
|
+
expect(KeycloakAdmin.realm(realm_name).authz_resources(client.id).get(resource.id).scopes.count).to eql(2)
|
65
|
+
|
66
|
+
policy = KeycloakAdmin.realm(realm_name).authz_policies(client.id, 'role').create!("Policy 1", "description", "role", "POSITIVE", "UNANIMOUS", true, [{id: realm_role.id, required: true}])
|
67
|
+
expect(KeycloakAdmin.realm(realm_name).authz_policies(client.id, 'role').find_by("Policy 1", "role").first.name).to eql("Policy 1")
|
68
|
+
expect(KeycloakAdmin.realm(realm_name).authz_policies(client.id, 'role').get(policy.id).name).to eql("Policy 1")
|
69
|
+
scope_permission = KeycloakAdmin.realm(realm_name).authz_permissions(client.id, :scope).create!("Dummy Scope Permission", "scope description", "UNANIMOUS", "POSITIVE", [resource.id], [policy.id], [scope_1.id, scope_2.id], "")
|
70
|
+
resource_permission = KeycloakAdmin.realm(realm_name).authz_permissions(client.id, :resource).create!("Dummy Resource Permission", "resource description", "UNANIMOUS", "POSITIVE", [resource.id], [policy.id], nil, "")
|
71
|
+
expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "", resource.id).list.size).to eql(2)
|
72
|
+
expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "resource").get(resource_permission.id).name).to eql("Dummy Resource Permission")
|
73
|
+
expect(KeycloakAdmin.realm(realm_name).authz_scopes(client.id, resource.id).list.size).to eql(2)
|
74
|
+
|
75
|
+
expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, 'scope').list.size).to eql(3)
|
76
|
+
expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, 'resource').list.size).to eql(3)
|
77
|
+
expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "resource").find_by(resource_permission.name, nil).first.name).to eql("Dummy Resource Permission")
|
78
|
+
expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "resource").find_by(resource_permission.name, resource.id).first.name).to eql("Dummy Resource Permission")
|
79
|
+
expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "scope").find_by(scope_permission.name, resource.id).first.name).to eql("Dummy Scope Permission")
|
80
|
+
expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "scope").find_by(scope_permission.name, resource.id, "POST_1").first.name).to eql("Dummy Scope Permission")
|
81
|
+
expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "resource").find_by(nil, resource.id).first.name).to eql("Dummy Resource Permission")
|
82
|
+
expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "scope").find_by(nil, resource.id).first.name).to eql("Dummy Scope Permission")
|
83
|
+
expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "scope").find_by(nil, resource.id, "POST_1").first.name).to eql("Dummy Scope Permission")
|
84
|
+
expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "scope").find_by(scope_permission.name, nil).first.name).to eql("Dummy Scope Permission")
|
85
|
+
|
86
|
+
KeycloakAdmin.realm(realm_name).authz_permissions(client.id, 'scope').delete(scope_permission.id)
|
87
|
+
KeycloakAdmin.realm(realm_name).authz_permissions(client.id, 'resource').delete(resource_permission.id)
|
88
|
+
KeycloakAdmin.realm(realm_name).authz_policies(client.id, 'role').delete(policy.id)
|
89
|
+
KeycloakAdmin.realm(realm_name).authz_resources(client.id).delete(resource.id)
|
90
|
+
KeycloakAdmin.realm(realm_name).authz_scopes(client.id).delete(scope_1.id)
|
91
|
+
KeycloakAdmin.realm(realm_name).authz_scopes(client.id).delete(scope_2.id)
|
92
|
+
|
93
|
+
end
|
94
|
+
end
|
95
|
+
end
|
@@ -0,0 +1,52 @@
|
|
1
|
+
RSpec.describe KeycloakAdmin::ClientAuthzPermissionRepresentation do
|
2
|
+
describe '.from_hash, #resource based permission' do
|
3
|
+
it 'converts json response to class structure' do
|
4
|
+
rep = described_class.from_hash({
|
5
|
+
"id" => "e9e3bc49-fe11-4287-b6fc-fa8be4930ffa",
|
6
|
+
"resources" => ["4f55e984-d1ec-405c-a25c-1387f88acd5c"],
|
7
|
+
"policies" => ["e9e3bc49-fe11-4287-b6fc-fa8be4930ffa"],
|
8
|
+
"name" => "delme policy",
|
9
|
+
"description" => "Delme policy description",
|
10
|
+
"decisionStrategy" => "UNANIMOUS",
|
11
|
+
"resourceType" => ""
|
12
|
+
})
|
13
|
+
expect(rep.id).to eq "e9e3bc49-fe11-4287-b6fc-fa8be4930ffa"
|
14
|
+
expect(rep.resources).to eq ["4f55e984-d1ec-405c-a25c-1387f88acd5c"]
|
15
|
+
expect(rep.policies).to eq ["e9e3bc49-fe11-4287-b6fc-fa8be4930ffa"]
|
16
|
+
expect(rep.name).to eq "delme policy"
|
17
|
+
expect(rep.description).to eq "Delme policy description"
|
18
|
+
expect(rep.decision_strategy).to eq "UNANIMOUS"
|
19
|
+
expect(rep.resource_type).to eq ""
|
20
|
+
expect(rep).to be_a described_class
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
describe '.from_hash, #scope based permission' do
|
25
|
+
it 'converts json response to class structure' do
|
26
|
+
rep = described_class.from_hash(
|
27
|
+
|
28
|
+
{ "id" => "4d762e5d-bf3d-4641-8f94-97e8a1869d1d",
|
29
|
+
"name" => "permission name",
|
30
|
+
"description" => "permission description",
|
31
|
+
"type" => "scope",
|
32
|
+
"policies" => ["e9e3bc49-fe11-4287-b6fc-fa8be4930ffa"],
|
33
|
+
"resources" => ["4f55e984-d1ec-405c-a25c-1387f88acd5c"],
|
34
|
+
"scopes" => ["7c4809c5-33b6-4668-a318-19b302214d20"],
|
35
|
+
"logic" => "POSITIVE",
|
36
|
+
"decisionStrategy" => "UNANIMOUS"
|
37
|
+
})
|
38
|
+
expect(rep.id).to eq "4d762e5d-bf3d-4641-8f94-97e8a1869d1d"
|
39
|
+
expect(rep.resources).to eq ["4f55e984-d1ec-405c-a25c-1387f88acd5c"]
|
40
|
+
expect(rep.policies).to eq ["e9e3bc49-fe11-4287-b6fc-fa8be4930ffa"]
|
41
|
+
expect(rep.scopes).to eq ["7c4809c5-33b6-4668-a318-19b302214d20"]
|
42
|
+
expect(rep.name).to eq "permission name"
|
43
|
+
expect(rep.description).to eq "permission description"
|
44
|
+
expect(rep.decision_strategy).to eq "UNANIMOUS"
|
45
|
+
expect(rep.logic).to eq "POSITIVE"
|
46
|
+
expect(rep.type).to eq "scope"
|
47
|
+
expect(rep.resource_type).to eq nil
|
48
|
+
expect(rep).to be_a described_class
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
end
|
@@ -0,0 +1,47 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
RSpec.describe KeycloakAdmin::ClientAuthzPolicyRepresentation do
|
4
|
+
let(:realm_name) { "valid-realm" }
|
5
|
+
let(:client_id) { "valid-client-id" }
|
6
|
+
let(:policy_id) { "valid-policy-id" }
|
7
|
+
let(:role_id) { "valid-role-id" }
|
8
|
+
let(:role_name) { "valid-role-name" }
|
9
|
+
let(:policy_name) { "valid-policy-name" }
|
10
|
+
let(:policy_description) { "valid-policy-description" }
|
11
|
+
let(:policy_type) { "role" }
|
12
|
+
let(:policy_logic) { "POSITIVE" }
|
13
|
+
let(:policy_decision_strategy) { "UNANIMOUS" }
|
14
|
+
let(:policy) do
|
15
|
+
{
|
16
|
+
"id": policy_id,
|
17
|
+
"name": policy_name,
|
18
|
+
"description": policy_description,
|
19
|
+
"type": policy_type,
|
20
|
+
"logic": policy_logic,
|
21
|
+
"decisionStrategy": policy_decision_strategy,
|
22
|
+
"roles": [{ "id": role_id, "required": true }]
|
23
|
+
}
|
24
|
+
end
|
25
|
+
let(:client_authz_policy) { KeycloakAdmin.realm(realm_name).authz_policies(client_id, 'role') }
|
26
|
+
|
27
|
+
before(:each) do
|
28
|
+
stub_token_client
|
29
|
+
end
|
30
|
+
|
31
|
+
describe "#create!" do
|
32
|
+
before(:each) do
|
33
|
+
allow_any_instance_of(RestClient::Resource).to receive(:post).and_return policy.to_json
|
34
|
+
end
|
35
|
+
|
36
|
+
it "returns created authz policy" do
|
37
|
+
response = client_authz_policy.create!(policy_name, policy_description, policy_type, policy_logic, policy_decision_strategy, true, [{ id: role_id, required: true }])
|
38
|
+
expect(response.id).to eq policy_id
|
39
|
+
expect(response.name).to eq policy_name
|
40
|
+
expect(response.description).to eq policy_description
|
41
|
+
expect(response.type).to eq policy_type
|
42
|
+
expect(response.logic).to eq policy_logic
|
43
|
+
expect(response.decision_strategy).to eq policy_decision_strategy
|
44
|
+
expect(response.roles).to eq [{ "id" => role_id, "required" => true }]
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
@@ -0,0 +1,33 @@
|
|
1
|
+
RSpec.describe KeycloakAdmin::ClientAuthzResourceRepresentation do
|
2
|
+
describe '.from_hash' do
|
3
|
+
it 'converts json response to class structure' do
|
4
|
+
rep = described_class.from_hash({
|
5
|
+
"name" => "Default Resource",
|
6
|
+
"type" => "urn:delme-client-id:resources:default",
|
7
|
+
"owner" => {
|
8
|
+
"id" => "d259b451-371b-432a-a526-3508f3a36f3b",
|
9
|
+
"name" => "delme-client-id"
|
10
|
+
},
|
11
|
+
"ownerManagedAccess" => true,
|
12
|
+
"displayName" => "Display Name",
|
13
|
+
"attributes" => { "a" => ["b"]},
|
14
|
+
"_id" => "385966a2-14b9-4cc4-9539-5f2fe1008222",
|
15
|
+
"uris" => ["/*"],
|
16
|
+
"scopes" => [{"id"=>"c0779ce3-0900-4ea3-b1d6-b23e1f19c662",
|
17
|
+
"name" => "GET",
|
18
|
+
"iconUri" => "http=>//asdfasdf"}],
|
19
|
+
"icon_uri" => "http://icon"
|
20
|
+
})
|
21
|
+
expect(rep.id).to eq "385966a2-14b9-4cc4-9539-5f2fe1008222"
|
22
|
+
expect(rep.name).to eq "Default Resource"
|
23
|
+
expect(rep.type).to eq "urn:delme-client-id:resources:default"
|
24
|
+
expect(rep.uris).to eq ["/*"]
|
25
|
+
expect(rep.owner_managed_access).to eq true
|
26
|
+
expect(rep.attributes).to eq({ :"a" => ["b"]})
|
27
|
+
expect(rep.display_name).to eq "Display Name"
|
28
|
+
expect(rep.scopes[0].id).to eq "c0779ce3-0900-4ea3-b1d6-b23e1f19c662"
|
29
|
+
expect(rep.scopes[0].name).to eq "GET"
|
30
|
+
expect(rep).to be_a described_class
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
RSpec.describe KeycloakAdmin::ClientAuthzScopeRepresentation do
|
4
|
+
describe '.from_hash' do
|
5
|
+
it 'converts json response to class structure' do
|
6
|
+
rep = described_class.from_hash({
|
7
|
+
"id" =>"c0779ce3-0900-4ea3-b1d6-b23e1f19c662",
|
8
|
+
"name" => "GET",
|
9
|
+
"iconUri" => "http://asdfasdf/image.png",
|
10
|
+
"displayName" => "GET authz scope"
|
11
|
+
})
|
12
|
+
expect(rep.id).to eq "c0779ce3-0900-4ea3-b1d6-b23e1f19c662"
|
13
|
+
expect(rep.name).to eq "GET"
|
14
|
+
expect(rep.icon_uri).to eq "http://asdfasdf/image.png"
|
15
|
+
expect(rep.display_name).to eq "GET authz scope"
|
16
|
+
expect(rep).to be_a described_class
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -4,10 +4,17 @@ RSpec.describe KeycloakAdmin::GroupRepresentation do
|
|
4
4
|
it "parses the sub groups into group representations" do
|
5
5
|
group = described_class.from_hash({
|
6
6
|
"name" => "group a",
|
7
|
+
"attributes" => {
|
8
|
+
"key" => ["value"]
|
9
|
+
},
|
10
|
+
"subGroupCount" => 1,
|
7
11
|
"subGroups" => [{
|
8
12
|
"name" => "subgroup b"
|
9
13
|
}]
|
10
14
|
})
|
15
|
+
|
16
|
+
expect(group.attributes).to eq(key: ["value"])
|
17
|
+
expect(group.sub_group_count).to eq 1
|
11
18
|
expect(group.sub_groups.length).to eq 1
|
12
19
|
expect(group.sub_groups.first).to be_a described_class
|
13
20
|
end
|