keycloak-admin 1.1.2 → 1.1.4

data/lib/keycloak-admin.rb

@@ -1,75 +1,84 @@
-require "logger"
-
-require_relative "keycloak-admin/configuration"
-require_relative "keycloak-admin/client/client"
-require_relative "keycloak-admin/client/client_client"
-require_relative "keycloak-admin/client/client_role_client"
-require_relative "keycloak-admin/client/client_role_mappings_client"
-require_relative "keycloak-admin/client/group_client"
-require_relative "keycloak-admin/client/realm_client"
-require_relative "keycloak-admin/client/role_client"
-require_relative "keycloak-admin/client/role_mapper_client"
-require_relative "keycloak-admin/client/token_client"
-require_relative "keycloak-admin/client/user_client"
-require_relative "keycloak-admin/client/identity_provider_client"
-require_relative "keycloak-admin/client/configurable_token_client"
-require_relative "keycloak-admin/client/attack_detection_client"
-require_relative "keycloak-admin/representation/camel_json"
-require_relative "keycloak-admin/representation/representation"
-require_relative "keycloak-admin/representation/protocol_mapper_representation"
-require_relative "keycloak-admin/representation/client_representation"
-require_relative "keycloak-admin/representation/group_representation"
-require_relative "keycloak-admin/representation/token_representation"
-require_relative "keycloak-admin/representation/impersonation_redirection_representation"
-require_relative "keycloak-admin/representation/impersonation_representation"
-require_relative "keycloak-admin/representation/credential_representation"
-require_relative "keycloak-admin/representation/realm_representation"
-require_relative "keycloak-admin/representation/role_representation"
-require_relative "keycloak-admin/representation/federated_identity_representation"
-require_relative "keycloak-admin/representation/user_representation"
-require_relative "keycloak-admin/representation/identity_provider_mapper_representation"
-require_relative "keycloak-admin/representation/identity_provider_representation"
-require_relative "keycloak-admin/representation/attack_detection_representation"
-require_relative "keycloak-admin/representation/session_representation"
-require_relative "keycloak-admin/resource/base_role_containing_resource"
-require_relative "keycloak-admin/resource/group_resource"
-require_relative "keycloak-admin/resource/user_resource"
-
-module KeycloakAdmin
-
-  def self.configure
-    yield @configuration ||= KeycloakAdmin::Configuration.new
-  end
-
-  def self.config
-    @configuration
-  end
-
-  def self.realm(realm_name)
-    create_client(@configuration, realm_name)
-  end
-
-  def self.create_client(configuration, realm_name)
-    RealmClient.new(configuration, realm_name)
-  end
-
-  def self.logger
-    config.logger
-  end
-
-  def self.load_configuration
-    configure do |config|
-      config.server_url          = nil
-      config.server_domain       = nil
-      config.client_realm_name   = ""
-      config.client_id           = "admin-cli"
-      config.logger              = ::Logger.new(STDOUT)
-      config.use_service_account = true
-      config.username            = nil
-      config.password            = nil
-      config.rest_client_options = {}
-    end
-  end
-
-  load_configuration
-end
+require "logger"
+
+require_relative "keycloak-admin/configuration"
+require_relative "keycloak-admin/client/client"
+require_relative "keycloak-admin/client/client_client"
+require_relative "keycloak-admin/client/client_role_client"
+require_relative "keycloak-admin/client/client_role_mappings_client"
+require_relative "keycloak-admin/client/group_client"
+require_relative "keycloak-admin/client/realm_client"
+require_relative "keycloak-admin/client/role_client"
+require_relative "keycloak-admin/client/role_mapper_client"
+require_relative "keycloak-admin/client/token_client"
+require_relative "keycloak-admin/client/user_client"
+require_relative "keycloak-admin/client/identity_provider_client"
+require_relative "keycloak-admin/client/configurable_token_client"
+require_relative "keycloak-admin/client/attack_detection_client"
+require_relative "keycloak-admin/client/client_authz_scope_client"
+require_relative "keycloak-admin/client/client_authz_resource_client"
+require_relative "keycloak-admin/client/client_authz_policy_client"
+require_relative "keycloak-admin/client/client_authz_permission_client"
+require_relative "keycloak-admin/representation/camel_json"
+require_relative "keycloak-admin/representation/representation"
+require_relative "keycloak-admin/representation/protocol_mapper_representation"
+require_relative "keycloak-admin/representation/client_representation"
+require_relative "keycloak-admin/representation/group_representation"
+require_relative "keycloak-admin/representation/token_representation"
+require_relative "keycloak-admin/representation/impersonation_redirection_representation"
+require_relative "keycloak-admin/representation/impersonation_representation"
+require_relative "keycloak-admin/representation/credential_representation"
+require_relative "keycloak-admin/representation/realm_representation"
+require_relative "keycloak-admin/representation/role_representation"
+require_relative "keycloak-admin/representation/federated_identity_representation"
+require_relative "keycloak-admin/representation/user_representation"
+require_relative "keycloak-admin/representation/identity_provider_mapper_representation"
+require_relative "keycloak-admin/representation/identity_provider_representation"
+require_relative "keycloak-admin/representation/attack_detection_representation"
+require_relative "keycloak-admin/representation/session_representation"
+require_relative "keycloak-admin/representation/client_authz_scope_representation"
+require_relative "keycloak-admin/representation/client_authz_resource_representation"
+require_relative "keycloak-admin/representation/client_authz_policy_representation"
+require_relative "keycloak-admin/representation/client_authz_policy_config_representation"
+require_relative "keycloak-admin/representation/client_authz_permission_representation"
+require_relative "keycloak-admin/resource/base_role_containing_resource"
+require_relative "keycloak-admin/resource/group_resource"
+require_relative "keycloak-admin/resource/user_resource"
+
+module KeycloakAdmin
+
+  def self.configure
+    yield @configuration ||= KeycloakAdmin::Configuration.new
+  end
+
+  def self.config
+    @configuration
+  end
+
+  def self.realm(realm_name)
+    create_client(@configuration, realm_name)
+  end
+
+  def self.create_client(configuration, realm_name)
+    RealmClient.new(configuration, realm_name)
+  end
+
+  def self.logger
+    config.logger
+  end
+
+  def self.load_configuration
+    configure do |config|
+      config.server_url          = nil
+      config.server_domain       = nil
+      config.client_realm_name   = ""
+      config.client_id           = "admin-cli"
+      config.logger              = ::Logger.new(STDOUT)
+      config.use_service_account = true
+      config.username            = nil
+      config.password            = nil
+      config.rest_client_options = {}
+    end
+  end
+
+  load_configuration
+end

data/spec/client/attack_detection_client_spec.rb

@@ -1,102 +1,102 @@
-# frozen_string_literal: true
-
-RSpec.describe KeycloakAdmin::AttackDetectionClient do
-  describe "#initialize" do
-    let(:realm_name) { nil }
-    before(:each) do
-      @realm = KeycloakAdmin.realm(realm_name)
-    end
-    context "when realm_name is defined" do
-      let(:realm_name) { "master" }
-      it "does not raise any error" do
-        expect { @realm.attack_detections }.to_not raise_error
-      end
-    end
-
-    context "when realm_name is not defined" do
-      it "raise argument error" do
-        expect { @realm.attack_detections }.to raise_error(ArgumentError)
-      end
-    end
-  end
-
-  describe "#lock_status" do
-    let(:realm_name) { "valid-realm" }
-    before(:each) do
-      @attack_detections = KeycloakAdmin.realm(realm_name).attack_detections
-      stub_token_client
-      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '{"numFailures":1,"disabled":true, "lastFailure":123456}'
-    end
-
-    context "when user_id is defined" do
-      let(:user_id) { "test_user_id" }
-      it "returns lock details" do
-        response = @attack_detections.lock_status(user_id)
-        expect(response.num_failures).to eq 1
-      end
-    end
-
-    context "when user_id is not defined" do
-      let(:user_id) { nil }
-      it "raise argument error" do
-        expect { @attack_detections.lock_status(user_id) }.to raise_error(ArgumentError)
-      end
-    end
-  end
-
-  describe "#unlock_user" do
-    let(:realm_name) { "valid-realm" }
-    before(:each) do
-      @attack_detections = KeycloakAdmin.realm(realm_name).attack_detections
-      stub_token_client
-      allow_any_instance_of(RestClient::Resource).to receive(:delete)
-    end
-
-    context "when user_id is defined" do
-      let(:user_id) { "test_user_id" }
-      it "returns true" do
-        expect(@attack_detections.unlock_user(user_id)).to be_truthy
-      end
-    end
-
-    context "when user_id is not defined" do
-      let(:user_id) { nil }
-      it "raise argument error" do
-        expect { @attack_detections.unlock_user(user_id) }.to raise_error(ArgumentError)
-      end
-    end
-  end
-
-  describe "#unlock_users" do
-    let(:realm_name) { "valid-realm" }
-    before(:each) do
-      @attack_detections = KeycloakAdmin.realm(realm_name).attack_detections
-      stub_token_client
-      allow_any_instance_of(RestClient::Resource).to receive(:delete)
-    end
-    it "returns true" do
-      expect(@attack_detections.unlock_users).to be_truthy
-    end
-  end
-
-  describe "#brute_force_url" do
-    let(:realm_name) { "valid-realm" }
-    let(:user_id)    { nil }
-    before(:each) do
-      @attack_detections_url = KeycloakAdmin.realm(realm_name).attack_detections.brute_force_url(user_id)
-    end
-
-    context "when user_id is defined" do
-      let(:user_id)    { "95985b21-d884-4bbd-b852-cb8cd365afc2" }
-      it "returns user specific url" do
-        expect(@attack_detections_url).to eq "http://auth.service.io/auth/admin/realms/valid-realm/attack-detection/brute-force/users/#{user_id}"
-      end
-    end
-
-    context "when user_id is not defined" do
-      it "returns url without user" do
-        expect(@attack_detections_url).to eq "http://auth.service.io/auth/admin/realms/valid-realm/attack-detection/brute-force/users"
-      end
-    end
-  end
-end
+# frozen_string_literal: true
+
+RSpec.describe KeycloakAdmin::AttackDetectionClient do
+  describe "#initialize" do
+    let(:realm_name) { nil }
+    before(:each) do
+      @realm = KeycloakAdmin.realm(realm_name)
+    end
+    context "when realm_name is defined" do
+      let(:realm_name) { "master" }
+      it "does not raise any error" do
+        expect { @realm.attack_detections }.to_not raise_error
+      end
+    end
+
+    context "when realm_name is not defined" do
+      it "raise argument error" do
+        expect { @realm.attack_detections }.to raise_error(ArgumentError)
+      end
+    end
+  end
+
+  describe "#lock_status" do
+    let(:realm_name) { "valid-realm" }
+    before(:each) do
+      @attack_detections = KeycloakAdmin.realm(realm_name).attack_detections
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '{"numFailures":1,"disabled":true, "lastFailure":123456}'
+    end
+
+    context "when user_id is defined" do
+      let(:user_id) { "test_user_id" }
+      it "returns lock details" do
+        response = @attack_detections.lock_status(user_id)
+        expect(response.num_failures).to eq 1
+      end
+    end
+
+    context "when user_id is not defined" do
+      let(:user_id) { nil }
+      it "raise argument error" do
+        expect { @attack_detections.lock_status(user_id) }.to raise_error(ArgumentError)
+      end
+    end
+  end
+
+  describe "#unlock_user" do
+    let(:realm_name) { "valid-realm" }
+    before(:each) do
+      @attack_detections = KeycloakAdmin.realm(realm_name).attack_detections
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:delete)
+    end
+
+    context "when user_id is defined" do
+      let(:user_id) { "test_user_id" }
+      it "returns true" do
+        expect(@attack_detections.unlock_user(user_id)).to be_truthy
+      end
+    end
+
+    context "when user_id is not defined" do
+      let(:user_id) { nil }
+      it "raise argument error" do
+        expect { @attack_detections.unlock_user(user_id) }.to raise_error(ArgumentError)
+      end
+    end
+  end
+
+  describe "#unlock_users" do
+    let(:realm_name) { "valid-realm" }
+    before(:each) do
+      @attack_detections = KeycloakAdmin.realm(realm_name).attack_detections
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:delete)
+    end
+    it "returns true" do
+      expect(@attack_detections.unlock_users).to be_truthy
+    end
+  end
+
+  describe "#brute_force_url" do
+    let(:realm_name) { "valid-realm" }
+    let(:user_id)    { nil }
+    before(:each) do
+      @attack_detections_url = KeycloakAdmin.realm(realm_name).attack_detections.brute_force_url(user_id)
+    end
+
+    context "when user_id is defined" do
+      let(:user_id)    { "95985b21-d884-4bbd-b852-cb8cd365afc2" }
+      it "returns user specific url" do
+        expect(@attack_detections_url).to eq "http://auth.service.io/auth/admin/realms/valid-realm/attack-detection/brute-force/users/#{user_id}"
+      end
+    end
+
+    context "when user_id is not defined" do
+      it "returns url without user" do
+        expect(@attack_detections_url).to eq "http://auth.service.io/auth/admin/realms/valid-realm/attack-detection/brute-force/users"
+      end
+    end
+  end
+end

data/spec/client/client_authz_permission_client_spec.rb

@@ -0,0 +1,170 @@
+RSpec.describe KeycloakAdmin::ClientAuthzPermissionClient do
+
+  describe "#initialize" do
+    let(:realm_name) { nil }
+    let(:type) { :scope }
+    before(:each) do
+      @realm = KeycloakAdmin.realm(realm_name)
+    end
+
+    context "when realm_name is defined" do
+      let(:realm_name) { "master" }
+      it "does not raise any error" do
+        expect {
+          @realm.authz_permissions("", type)
+        }.to_not raise_error
+      end
+    end
+
+    context "when realm_name is not defined" do
+      let(:realm_name) { nil }
+      it "raises any error" do
+        expect {
+          @realm.authz_permissions("", type)
+        }.to raise_error(ArgumentError)
+      end
+    end
+
+    context "when type is bad value" do
+      let(:realm_name) { "master" }
+      let(:type) { "bad-type" }
+      it "does not raise any error" do
+        expect {
+          @realm.authz_permissions("", type)
+        }.to raise_error(ArgumentError)
+      end
+    end
+  end
+
+  describe '#delete' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:client_authz_permission) {  KeycloakAdmin.realm(realm_name).authz_permissions(client_id, "resource") }
+    before(:each) do
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:delete).and_return 'true'
+    end
+
+    it "deletes a permission" do
+      expect(client_authz_permission.delete("valid-permission-id")).to be_truthy
+    end
+  end
+
+  describe '#find_by' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:client_authz_permission) {  KeycloakAdmin.realm(realm_name).authz_permissions(client_id, "resource") }
+    before(:each) do
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '[{"id":"245ce612-ccdc-4426-8ea7-e0e29a718033","name":"Default Permission","description":"A permission that applies to the default resource type","type":"resource","logic":"POSITIVE","decisionStrategy":"UNANIMOUS","resourceType":"urn:dummy-client:resources:default"},{"id":"06a21e38-4e92-466d-8647-ffcd9c7b51c3","name":"delme policy","description":"delme polidy ","type":"resource","logic":"POSITIVE","decisionStrategy":"UNANIMOUS","resourceType":"asdfasdf"}]'
+    end
+
+    it "finds permissions" do
+      response = client_authz_permission.find_by("name", "resource", "scope")
+      expect(response[0].id).to eql "245ce612-ccdc-4426-8ea7-e0e29a718033"
+      expect(response[1].id).to eql "06a21e38-4e92-466d-8647-ffcd9c7b51c3"
+    end
+  end
+
+  describe '#create!' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:client_authz_permission) {  KeycloakAdmin.realm(realm_name).authz_permissions(client_id, "resource") }
+    before(:each) do
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:post).and_return '{"id":"245ce612-ccdc-4426-8ea7-e0e29a718033","name":"Default Permission","description":"A permission that applies to the default resource type","type":"resource","logic":"POSITIVE","decisionStrategy":"UNANIMOUS","resourceType":"urn:dummy-client:resources:default"}'
+    end
+
+    it "creates a permission" do
+      response = client_authz_permission.create!("name", "description", "UNANIMOUS", "POSITIVE", [], [], [], "resource")
+      expect(response.id).to eql "245ce612-ccdc-4426-8ea7-e0e29a718033"
+      expect(response.name).to eql "Default Permission"
+      expect(response.description).to eql "A permission that applies to the default resource type"
+      expect(response.logic).to eql "POSITIVE"
+      expect(response.decision_strategy).to eql "UNANIMOUS"
+      expect(response.resource_type).to eql "urn:dummy-client:resources:default"
+    end
+  end
+
+  describe '#list' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    before(:each) do
+      @client_authz_permission = KeycloakAdmin.realm(realm_name).authz_permissions(client_id, "resource")
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '[{"id":"245ce612-ccdc-4426-8ea7-e0e29a718033","name":"Default Permission","description":"A permission that applies to the default resource type","type":"resource","logic":"POSITIVE","decisionStrategy":"UNANIMOUS","resourceType":"urn:dummy-client:resources:default"},{"id":"06a21e38-4e92-466d-8647-ffcd9c7b51c3","name":"delme policy","description":"delme polidy ","type":"resource","logic":"POSITIVE","decisionStrategy":"UNANIMOUS","resourceType":"asdfasdf"}]'
+
+    end
+
+    it "returns list of authz permissions" do
+      response = @client_authz_permission.list
+      expect(response.size).to eq 2
+      expect(response[0].id).to eq "245ce612-ccdc-4426-8ea7-e0e29a718033"
+      expect(response[0].name).to eq "Default Permission"
+      expect(response[0].description).to eq "A permission that applies to the default resource type"
+      expect(response[0].logic).to eq "POSITIVE"
+      expect(response[0].decision_strategy).to eq "UNANIMOUS"
+      expect(response[0].resource_type).to eq "urn:dummy-client:resources:default"
+    end
+  end
+
+  describe '#get' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:client_authz_permission) {  KeycloakAdmin.realm(realm_name).authz_permissions(client_id, "resource") }
+    before(:each) do
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '{"id":"245ce612-ccdc-4426-8ea7-e0e29a718033","name":"Default Permission","description":"A permission that applies to the default resource type","type":"resource","logic":"POSITIVE","decisionStrategy":"UNANIMOUS","resourceType":"urn:dummy-client:resources:default"}'
+    end
+
+    it "gets a permission" do
+      response = client_authz_permission.get("245ce612-ccdc-4426-8ea7-e0e29a718033")
+      expect(response.id).to eql "245ce612-ccdc-4426-8ea7-e0e29a718033"
+      expect(response.name).to eql "Default Permission"
+      expect(response.description).to eql "A permission that applies to the default resource type"
+      expect(response.logic).to eql "POSITIVE"
+      expect(response.decision_strategy).to eql "UNANIMOUS"
+      expect(response.resource_type).to eql "urn:dummy-client:resources:default"
+    end
+  end
+
+  describe '#authz_permission_url' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    let(:resource_id){ "valid-resource-id" }
+    let(:type){ "resource" }
+    let(:client_authz_permission) { KeycloakAdmin.realm(realm_name).authz_permissions(client_id, type, resource_id) }
+    context 'when resource_id is nil' do
+      it "return a proper url" do
+        expect(client_authz_permission.authz_permission_url(client_id)).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/permission/"
+      end
+    end
+    context 'when resource_id is not nil' do
+      it "return a proper url" do
+        expect(client_authz_permission.authz_permission_url(client_id, resource_id)).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/resource/valid-resource-id/permissions"
+      end
+    end
+    context 'when id is not nil' do
+      it "return a proper url" do
+        expect(client_authz_permission.authz_permission_url(client_id, nil, :resource, "valid-permission-id")).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/permission/resource/valid-permission-id"
+      end
+    end
+    context 'when resource_id and id are nil' do
+      it "return a proper url" do
+        expect(client_authz_permission.authz_permission_url(client_id, nil, :resource)).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/permission/resource"
+      end
+    end
+  end
+
+  describe '#authz_permission_url' do
+    let(:realm_name) { "valid-realm" }
+    let(:client_id) { "valid-client-id" }
+    before(:each) do
+      @client_authz_permission = KeycloakAdmin.realm(realm_name).authz_permissions(client_id, "resource")
+    end
+
+    it "return a proper url" do
+      expect(@client_authz_permission.authz_permission_url(client_id)).to eq "http://auth.service.io/auth/admin/realms/valid-realm/clients/valid-client-id/authz/resource-server/permission/"
+    end
+  end
+end